Refactor SQL queries: enforce parameterized bindings and consistent style by solverat · Pull Request #49 · open-dxp/admin-bundle

solverat · 2026-02-23T09:46:02Z

Audit and cleanup of all raw SQL queries across the codebase (~114 query sites).

Replace executeQuery() with executeStatement() for all DML (INSERT/UPDATE/DELETE)
Eliminate $db->quote() value embedding in favor of ? / :name parameter bindings
Refactor buildConditionPartsFromDescriptor() to return [$conditions, $params] instead of inlining quoted values
Replace string concatenation for dynamic table names with sprintf()
Apply consistent style: single-quoted PHP strings, SQL keywords uppercase, multi-line formatting for long queries, no trailing semicolons

OpenDxp\Db\Helper::fetchPairs => No replacement
OpenDxp\Db\Helper::selectAndDeleteWhere => No replacement
OpenDxp\Db\Helper::quoteInto => Use parameterized queries with ? or :name placeholders instead.

…tyle

Refactor SQL queries: enforce parameterized bindings and consistent s…

193956a

…tyle

solverat requested review from benwalch and scrummer February 23, 2026 09:46

solverat self-assigned this Feb 23, 2026

solverat added the enhancement New feature or request label Feb 23, 2026

Provide feedback