rawQuery()
The rawQuery() method allows you to execute any custom SQL statement with optional parameter bindings. It is ideal for advanced queries or special SQL statements not covered by standard methods like get() or insert().
Signature:
public function rawQuery(string $query, ?array $bindParams = null): mixed
Basic SELECT Example
$sql = "SELECT * FROM test_users WHERE email = ?";
$data = $db->rawQuery($sql, ['example@example.com']);
Important:
Do not inject raw values from
Always use placeholders (
Do not inject raw values from
$_POST, $_GET or user input directly into the SQL string.Always use placeholders (
?) and bind them securely using the second parameter.
DDL Example: CREATE TABLE
$sql = "CREATE TABLE IF NOT EXISTS temp_demo (
id INT UNSIGNED NOT NULL AUTO_INCREMENT,
title VARCHAR(100) NOT NULL,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id)
) ENGINE=InnoDB";
$result = $db->rawQuery($sql);Insert Example with Binding
$sql = "INSERT INTO logs (message, created_at) VALUES (?, ?)";
$db->rawQuery($sql, ['something went wrong', $db->now()]);Return Value
- Returns an array of results for SELECT queries
- Returns
falseon failure - For DDL or DML queries, you can use
getRowCount()afterwards
Notes
- Always bind all placeholders manually – there is no auto-binding
- This method bypasses internal query builders – ensure your SQL is valid
- Use
rawQuery()for full control – but also full responsibility - You can use
rawQuery()inside a transaction