Support for PDO engines have been added to Keruald Database.
Technically, from there, we can already do PDO:
Obsidian app - Waystone\Apps\OrbeonForms\Forms\Entry class
public function countAttachments () : int { $this->validate(); /** @var PDO $pdo */ $db = $this->db->getUnderlyingDriver(); $sql = "SELECT count(*) FROM orbeon_form_data_attach WHERE document_id = ?"; $stmt = $db->prepare($sql); $stmt->execute([$this->document_id]); $row = $stmt->fetch(PDO::FETCH_NUM); return $row[0]; }
But then what's the point of the library, excepted to build the class from the configuration?
Native PDO prepared statements would allow:
- benefit from future plans like DatabaseResult::fetchRowAsMap(), see T2168
- easier to write code requiring SQL injection attacks to be more difficult and sophisticated