byjg
diff --git a/‎README.md
Lines changed: 1 addition & 0 deletions b/‎README.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/updating-the-database.md
Lines changed: 87 additions & 6 deletions b/‎docs/updating-the-database.md
Lines changed: 87 additions & 6 deletions
diff --git a/‎src/InsertBulkQuery.php
Lines changed: 127 additions & 0 deletions b/‎src/InsertBulkQuery.php
Lines changed: 127 additions & 0 deletions
diff --git a/‎src/InsertMultipleQuery.php
Lines changed: 0 additions & 101 deletions b/‎src/InsertMultipleQuery.php
Lines changed: 0 additions & 101 deletions
@@ -157,6 +157,7 @@ $result = $repository->getByQuery($query);
 ## Advanced Topics
 
 * [Active Record](docs/active-record.md)
+* [Auto Discovering Relationship](docs/auto-discovering-relationship.md)
 * [The Literal Object](docs/the-literal-object.md)
 * [Soft Delete](docs/softdelete.md)
 * [Caching the Results](docs/cache.md)
 
@@ -1,7 +1,9 @@
 # Updating the Database
 
-Once you have defined the model, (see [Getting Started](getting-started-model.md)) you can start to interact with the database
-and doing queries, updates, and deletes.
+Once you have defined the model, (see [Getting Started](getting-started-model.md)) you can start to
+interact with the database and doing queries, updates, and deletes.
+
+## Update
 
 Update a single record is simple as:
 
@@ -14,7 +16,9 @@ $repository->save($users);
 
 This code will update the record with the ID 10 and set the name to "New name".
 
-The idea is to insert a new record. If you don't set the ID, the library will assume that you are inserting a new record.
+## Insert
+
+If you don't set the ID, the library will assume that you are inserting a new record.
 
 ```php
 <?php
@@ -23,9 +27,10 @@ $users->name = "New name";
 $repository->save($users);
 ```
 
-## Advanced Cases
+## Using the UpdateQuery for Multiple Records
 
-In some cases you need to update multiples records at once. See an example:
+UpdateQuery allows you to update multiple records simultaneously with a single query. This is more efficient than
+retrieving and updating individual records one by one when you need to apply the same changes to many records.
 
 ```php
 <?php
@@ -37,4 +42,80 @@ $updateQuery->set('fld3', 'C');
 $updateQuery->where('fld1 > :id', ['id' => 10]);
 ```
 
-This code will update the table `test` and set the fields `fld1`, `fld2`, and `fld3` to `A`, `B`, and `C` respectively where the `fld1` is greater than 10.
+This code will update the table `test` and set the fields `fld1`, `fld2`, and `fld3` to `A`, `B`, and `C`
+respectively for all records where `fld1` is greater than 10.
+
+## Insert records with InsertQuery
+
+You can insert records using the `InsertQuery` object. See an example:
+
+```php
+<?php
+$insertQuery = new \ByJG\MicroOrm\InsertQuery();
+$insertQuery->table('test');
+$insertQuery->set('fld1', 'A');
+$insertQuery->set('fld2', 'B');
+$insertQuery->set('fld3', 'C');
+```
+
+## Insert records from another select
+
+You can insert records from another select using the `InsertSelectQuery` object. See an example:
+
+```php
+<?php
+
+// Define the query to select the records
+$query = new QueryBasic();
+$query->table('table2');
+$query->field('fldA');
+$query->field('fldB');
+$query->field('fldC');
+$query->where('fldA = :valueA', ['valueA' => 1]);
+
+// Define the insert select query
+$insertSelectQuery = new \ByJG\MicroOrm\InsertSelectQuery();
+$insertSelectQuery->table('test');
+$insertSelectQuery->fields(['fld1', 'fld2', 'fld3']);
+$insertSelectQuery->fromQuery($query); // The query to select the records
+```
+
+## Insert records in batch
+
+You can insert records in batch using the `InsertBulkQuery` object. See an example:
+
+```php
+<?php
+$insertBulk = new InsertBulkQuery('test', ['fld1', 'fld2']);
+$insertBulk->values(['fld1' => 'A', 'fld2' => 'B']);
+$insertBulk->values(['fld1' => 'D', 'fld2' => 'E']);
+$insertBulk->values(['fld1' => 'G', 'fld2' => 'H']);
+```
+
+By default, InsertBulkQuery uses a faster but less secure approach. To use parameterized queries for
+better security (especially when handling user input), you can enable safe mode:
+
+```php
+<?php
+$insertBulk = new InsertBulkQuery('test', ['fld1', 'fld2']);
+$insertBulk->withSafeParameters(); // Enable safe parameterized queries
+$insertBulk->values(['fld1' => $userInput1, 'fld2' => $userInput2]);
+$insertBulk->values(['fld1' => $userInput3, 'fld2' => $userInput4]);
+```
+
+> **⚠️ Security Warning:** By default, the `InsertBulkQuery` implementation uses direct value embedding with
+> basic escaping rather than parameterized queries. This makes it faster but potentially vulnerable to
+> SQL injection attacks with untrusted data. Use the `withSafeParameters()` method when dealing with
+> user input for better security, although this may reduce performance for large batch operations.
+> For maximum security with user input, consider using the `InsertQuery` for individual inserts.
+
+## Delete records
+
+You can delete records using the `DeleteQuery` object. See an example:
+
+```php
+<?php
+$deleteQuery = new \ByJG\MicroOrm\DeleteQuery();
+$deleteQuery->table('test');
+$deleteQuery->where('fld1 = :value', ['value' => 'A']);
+```
@@ -0,0 +1,127 @@
+<?php
+
+namespace ByJG\MicroOrm;
+
+use ByJG\AnyDataset\Db\DbFunctionsInterface;
+use ByJG\MicroOrm\Exception\OrmInvalidFieldsException;
+use ByJG\MicroOrm\Interface\QueryBuilderInterface;
+use ByJG\MicroOrm\Literal\Literal;
+use InvalidArgumentException;
+
+class InsertBulkQuery extends Updatable
+{
+    protected array $fields = [];
+
+    protected ?QueryBuilderInterface $query = null;
+
+    protected ?SqlObject $sqlObject = null;
+
+    protected bool $safe = false;
+
+    public function __construct(string $table, array $fieldNames)
+    {
+        $this->table($table);
+
+        foreach ($fieldNames as $fieldname) {
+            $this->fields[$fieldname] = [];
+        }
+    }
+
+
+    public static function getInstance(string $table, array $fieldNames): static
+    {
+        return new InsertBulkQuery($table, $fieldNames);
+    }
+
+    public function withSafeParameters(): static
+    {
+        $this->safe = true;
+        return $this;
+    }
+
+    /**
+     * @throws OrmInvalidFieldsException
+     */
+    public function values(array $values, bool $allowNonMatchFields = true): static
+    {
+        if (array_diff(array_keys($this->fields), array_keys($values))) {
+            throw new OrmInvalidFieldsException('The provided values do not match the expected fields');
+        }
+
+        if (!$allowNonMatchFields && array_diff(array_keys($values), array_keys($this->fields))) {
+            throw new OrmInvalidFieldsException('The provided values contain more fields than expected');
+        }
+
+        foreach (array_keys($this->fields) as $field) {
+            $this->fields[$field][] = $values[$field];
+        }
+
+        return $this;
+    }
+
+    /**
+     * @param DbFunctionsInterface|null $dbHelper
+     * @return SqlObject
+     * @throws OrmInvalidFieldsException
+     */
+    public function build(DbFunctionsInterface $dbHelper = null): SqlObject
+    {
+        if (empty($this->fields)) {
+            throw new OrmInvalidFieldsException('You must specify the fields for insert');
+        }
+
+        $tableStr = $this->table;
+        if (!is_null($dbHelper)) {
+            $tableStr = $dbHelper->delimiterTable($tableStr);
+        }
+
+        // Extract column names
+        $columns = array_keys($this->fields);
+
+        // Get the number of rows
+        $rowCount = count(current($this->fields));
+
+        // Initialize placeholders and parameters
+        $placeholders = [];
+        $params = [];
+
+        // Build placeholders and populate $params
+        for ($i = 0; $i < $rowCount; $i++) {
+            $rowPlaceholders = [];
+            foreach ($columns as $j => $col) {
+                $paramKey = "p{$i}_$j"; // Generate the parameter key
+                $rowPlaceholders[] = ":$paramKey"; // Add to row placeholders
+                if ($this->safe) {
+                    $params[$paramKey] = $this->fields[$col][$i];
+                } else {
+                    $value = str_replace("'", "''", $this->fields[$col][$i]);
+                    if (!is_numeric($value)) {
+                        $value = $dbHelper?->delimiterField($value) ?? "'{$value}'";
+                    }
+                    $params[$paramKey] = new Literal($value); // Map parameter key to value
+                }
+            }
+            $placeholders[] = '(' . implode(', ', $rowPlaceholders) . ')'; // Add row placeholders to query
+        }
+
+        if (!is_null($dbHelper)) {
+            $columns = $dbHelper->delimiterField($columns);
+        }
+
+        // Construct the final SQL query
+        $sql = sprintf(
+            "INSERT INTO %s (%s) VALUES %s",
+            $tableStr,
+            implode(', ', $columns),
+            implode(', ', $placeholders)
+        );
+
+        $sql = ORMHelper::processLiteral($sql, $params);
+        return new SqlObject($sql, $params);
+    }
+
+    public function convert(?DbFunctionsInterface $dbDriver = null): QueryBuilderInterface
+    {
+        throw new InvalidArgumentException('It is not possible to convert an InsertBulkQuery to a Query');
+    }
+}