From 0b1fa8e84eaad0b376ba0ef7d80dc2000e891b9f Mon Sep 17 00:00:00 2001 From: Mark Story Date: Sat, 19 May 2018 11:28:15 -0400 Subject: [PATCH] Improve quoting for string conditions. Correctly quote string conditions that include bound parameters. This helps improve handling of columns wth spaces. --- src/Database/SqlDialectTrait.php | 9 +++++---- tests/TestCase/Database/ConnectionTest.php | 4 ++++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/Database/SqlDialectTrait.php b/src/Database/SqlDialectTrait.php index cce336dd69b..51bac658be9 100644 --- a/src/Database/SqlDialectTrait.php +++ b/src/Database/SqlDialectTrait.php @@ -54,8 +54,8 @@ public function quoteIdentifier($identifier) return $this->_startQuote . str_replace('.*', $this->_endQuote . '.*', $identifier); } + // Functions if (preg_match('/^([\w-]+)\((.*)\)$/', $identifier, $matches)) { - // Functions return $matches[1] . '(' . $this->quoteIdentifier($matches[2]) . ')'; } @@ -65,10 +65,11 @@ public function quoteIdentifier($identifier) } // string.string with spaces - if (preg_match('/^[\w-_]+\.[\w-_\s]+[\w_]*/', $identifier)) { - $items = explode('.', $identifier); + if (preg_match('/^([\w-]+\.[\w][\w\s\-]*[\w])(.*)/', $identifier, $matches)) { + $items = explode('.', $matches[1]); + $field = implode($this->_endQuote . '.' . $this->_startQuote, $items); - return $this->_startQuote . implode($this->_endQuote . '.' . $this->_startQuote, $items) . $this->_endQuote; + return $this->_startQuote . $field . $this->_endQuote . $matches[2]; } if (preg_match('/^[\w-_\s]*[\w-_]+/', $identifier)) { diff --git a/tests/TestCase/Database/ConnectionTest.php b/tests/TestCase/Database/ConnectionTest.php index c3f97cbd0b9..07559f22a0e 100644 --- a/tests/TestCase/Database/ConnectionTest.php +++ b/tests/TestCase/Database/ConnectionTest.php @@ -777,6 +777,10 @@ public function testQuoteIdentifier() $expected = '"Items"."No_ 2 thing" AS "thing"'; $this->assertEquals($expected, $result); + $result = $connection->quoteIdentifier('Items.Item Category Code = :c1'); + $expected = '"Items"."Item Category Code" = :c1'; + $this->assertEquals($expected, $result); + $result = $connection->quoteIdentifier('MTD()'); $expected = 'MTD()'; $this->assertEquals($expected, $result);