2.2.1

v2.2.1 Release 🎉

New Feature
DB::truncate(<tableName>) — Clear all data from a table in a single call.

Bug Fixes

• wpdb DELETE without WHERE — Fixed wpdb driver failing when deleting all records without a WHERE clause
• CLI exception output — Exception handler no longer prints HTML markup in terminal environments

Contributors

2.2.0

2.2.0 Release 🎉

New Features

Aggregate Functions: AVG, MIN, MAX

• Calculate averages, minimums, and maximums directly through the fluent query interface
• Full support for column aliasing, GROUP BY, WHERE filtering, and combining multiple aggregates
• Works with INSERT...SELECT for inserting computed summaries
• Powered by a shared addAggregate() helper for easy future expansion (SUM, COUNT DISTINCT, etc.)

DB::select()
    ->columns('country')
    ->avg('age', 'avg_age')
    ->min('age', 'youngest')
    ->max('age', 'oldest')
    ->from('users')
    ->groupBy('country')
    ->get();

Operator Validation

• New IdentifierValidator::validateOperator() method with a strict whitelist of valid MySQL operators
• Rejects invalid or potentially malicious operators with InvalidArgumentException
• Applied across all WHERE clause methods (where, andWhere, orWhere, whereNot, andNot)

Architecture Improvements

Clause Modularization

• Extracted WHERE logic into a dedicated WhereClause trait
• Extracted JOIN logic into a dedicated JoinClause trait
• Introduced WhereClauseInterface for a consistent API across SELECT, UPDATE, and DELETE statements
• Removed legacy src/Expression/ directory — functionality now lives in src/Clause/

Security

• Strict operator whitelisting prevents SQL injection through operator parameters
• All WHERE clause methods now validate both column names and operators before building SQL.

2.1.2

2.1.2 release

Security

SQL Identifier Validation & Escaping — Introduced a new IdentifierValidator class that validates and escapes all SQL identifiers (table names, column names, aliases) with backtick wrapping. Enforces strict pattern matching, max length (64 chars), SQL keyword detection, and injection pattern rejection across all query builder methods.
Identifier validation applied across all statements — SELECT, INSERT, ALTER, WHERE, JOIN, ORDER BY, GROUP BY, COUNT, and sub-query methods now validate identifiers through IdentifierValidator.

New Features

Multi-column orderBy with associative array — orderBy now accepts an associative array for sorting by multiple columns with individual sort directions:

->orderBy(['name' => 'ASC', 'created_at' => 'DESC'])
Table alias support in from — The from method now parses table alias syntax (e.g., ->from('users u')).
validateTableNameWithAlias — New validation method for table names with aliases used in JOIN operations.
Wildcard * support — Column validation now correctly passes through * for SELECT * queries.
Bug Fixes
PDO connection singleton — Cached the PDO instance in Connect::pdo() to prevent "Too many connections" errors when running multiple queries.
Exception trace OOM fix — Changed print_r($exception->getTrace()) to $exception->getTraceAsString() in Utilities::throughException() to prevent out-of-memory crashes.
Test suite fixes — Fixed missing ->execute() calls in AlterTest, corrected foreign key drop order in CreateTest, and updated exception namespaces.

Code Quality

PSR-12 method naming — Refactored Insert private methods from snake_case to camelCase (get_table_name → getTableName, etc.).
Distribution cleanup — Added .gitattributes to exclude dev files (tests, config files) from Composer archives.
Expanded test coverage — 27 unit tests for IdentifierValidator covering valid/invalid identifiers, SQL injection patterns, aliases, max length, and edge cases. Full suite: 170+ tests passing.

Documentation

Added donation page to documentation site.

2.1.1

2.1.1 release

• Manual database connection configs issue fixed

2.1.0

2.1.0 release 🎉

• Sub Query expression added for SELECT, INSERT
• Conditional insertion expressions added for `INSERT

2.0.0

Minimum PHP version upgrade

• PHP >=7.4

1.7.1

This release includes a security fix and test coverage.

• Security Fix - SQL Injection Prevention in whereIn Clause
• Test coverage added using PestPHP

1.7.0

1.7.0 is out 🎉

This release introduces significant enhancements to the WP Query Builder, focusing on improving both functionality and type safety.

• Chain multiple WHERE clauses of the same type and comprehensive refactoring with nullable type hints for better code clarity and robustness.
• We've introduced dedicated methods for creating DECIMAL and FLOAT column types, providing clearer and more SQL-standard-compliant control over numeric column definitions.
• Refactored double to keep forward and backward compatibility. Removed size and d

1.6.4

What's Changed

• password error while using special character issue fix by @AbmSourav in #35

1.6.3

New data types:

• Timestamp
• Enum