public
Description: The ultra-lightweight ultra-flexible blogging engine with a fetish for birds and misspellings.
Homepage: http://chyrp.net/
Clone URL: git://github.com/vito/chyrp.git
Click here to lend your support to: chyrp and make a donation at www.pledgie.com !
* Vastly improved SQL interfacing. [#200 state:resolved]
* Moved `escape` function from Query class to SQL class. Also, it now 
auto-quotes the value like PDO does.
vito (author)
Mon Sep 01 08:38:00 -0700 2008
commit  a7f35ec512c10340723dacfb6f141c0f42a42749
tree    6d188879ca0b09c16c21c986427bc96ed1e4acd1
parent  836e49726831a263f49b0cab82ad1a9ba2ca42e9
...
64
65
66
67
68
69
70
 
 
71
72
73
...
64
65
66
 
 
 
 
67
68
69
70
71
0
@@ -64,10 +64,8 @@
0
       $options["from"] = (array) $options["from"];
0
       $options["select"] = (array) $options["select"];
0
 
0
-      if (is_numeric($id)) {
0
-        $options["where"][] = "id = :id";
0
-        $options["params"][":id"] = $id;
0
-      }
0
+      if (is_numeric($id))
0
+        $options["where"]["id"] = $id;
0
 
0
       $trigger = Trigger::current();
0
       $trigger->filter($options, $model_name."_grab");
...
56
57
58
59
 
60
61
62
...
67
68
69
70
 
71
72
73
...
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
...
56
57
58
 
59
60
61
62
...
67
68
69
 
70
71
72
73
...
156
157
158
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
159
160
161
0
@@ -56,7 +56,7 @@
0
           break;
0
         case "mysqli":
0
           foreach ($params as $name => $val)
0
-            $query = preg_replace("/{$name}([^a-zA-Z0-9_]|$)/", "'".$this->escape($val)."'\\1", $query);
0
+            $query = preg_replace("/{$name}([^a-zA-Z0-9_]|$)/", SQL::current()->escape($val)."\\1", $query);
0
 
0
           try {
0
             if (!$this->query = $this->db->query($query))
0
@@ -67,7 +67,7 @@
0
           break;
0
         case "mysql":
0
           foreach ($params as $name => $val)
0
-            $query = preg_replace("/{$name}([^a-zA-Z0-9_]|$)/", "'".$this->escape($val)."'\\1", $query);
0
+            $query = preg_replace("/{$name}([^a-zA-Z0-9_]|$)/", SQL::current()->escape($val)."\\1", $query);
0
 
0
           try {
0
             if (!$this->query = @mysql_query($query))
0
@@ -156,30 +156,6 @@
0
     }
0
 
0
     /**
0
-     * Function: escape
0
-     * Escapes a string, escaping things like $1 and C:\foo\bar so that they don't get borked by the preg_replace.
0
-     * This also handles calling the SQL connection method's "escape_string" functions.
0
-     */
0
-    public function escape($string) {
0
-      switch(SQL::current()->method()) {
0
-        case "pdo":
0
-          $string = $this->db->quote($string);
0
-          break;
0
-        case "mysqli":
0
-          $string = $this->db->escape_string($string);
0
-          break;
0
-        case "mysql":
0
-          $string = mysql_real_escape_string($string);
0
-          break;
0
-      }
0
-
0
-      $string = str_replace('\\', '\\\\', $string);
0
-      $string = str_replace('$', '\$', $string);
0
-
0
-      return $string;
0
-    }
0
-
0
-    /**
0
      * Function: handle
0
      * Handles exceptions thrown by failed queries.
0
      */
...
68
69
70
71
 
72
73
74
75
 
76
77
78
...
80
81
82
83
 
84
85
86
 
87
88
89
...
118
119
120
121
 
122
123
124
125
 
126
127
128
...
146
147
148
149
150
 
 
151
152
153
154
 
155
156
157
...
186
187
188
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
189
190
191
192
193
 
194
195
196
197
198
199
 
200
201
 
202
203
204
...
68
69
70
 
71
72
73
74
 
75
76
77
78
...
80
81
82
 
83
84
85
 
86
87
88
89
...
118
119
120
 
121
122
123
124
 
125
126
127
128
...
146
147
148
 
 
149
150
151
152
 
 
153
154
155
156
...
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
 
241
242
243
244
245
246
 
247
248
 
249
250
251
252
0
@@ -68,11 +68,11 @@
0
      * Function: build_update
0
      * Creates a full update query.
0
      */
0
-    public static function build_update($table, $conds, $data) {
0
+    public static function build_update($table, $conds, $data, &$params = array()) {
0
       return "
0
         UPDATE __$table
0
         SET ".self::build_update_values($data)."
0
-        ".($conds ? "WHERE ".self::build_where($conds, $table) : "")."
0
+        ".($conds ? "WHERE ".self::build_where($conds, $table, $params) : "")."
0
       ";
0
     }
0
 
0
@@ -80,10 +80,10 @@
0
      * Function: build_delete
0
      * Creates a full delete query.
0
      */
0
-    public static function build_delete($table, $conds) {
0
+    public static function build_delete($table, $conds, &$params = array()) {
0
       return "
0
         DELETE FROM __$table
0
-        ".($conds ? "WHERE ".self::build_where($conds, $table) : "")."
0
+        ".($conds ? "WHERE ".self::build_where($conds, $table, $params) : "")."
0
       ";
0
     }
0
 
0
@@ -118,11 +118,11 @@
0
      * Function: build_count
0
      * Creates a SELECT COUNT(1) query.
0
      */
0
-    public static function build_count($tables, $conds) {
0
+    public static function build_count($tables, $conds, &$params = array()) {
0
       $query = "
0
         SELECT COUNT(1) AS count
0
         FROM ".self::build_from($tables);
0
-      $query.= "\n\t\t\t\t".($conds ? "WHERE ".self::build_where($conds, $tables) : "");
0
+      $query.= "\n\t\t\t\t".($conds ? "WHERE ".self::build_where($conds, $tables, $params) : "");
0
       return $query;
0
     }
0
 
0
@@ -146,12 +146,11 @@
0
      * Function: build_where
0
      * Creates a WHERE query.
0
      */
0
-    public static function build_where($conds, $tables = null) {
0
-      $conditions = (array) $conds;
0
+    public static function build_where($conds, $tables = null, &$params = array()) {
0
+      $conds = (array) $conds;
0
       $tables = (array) $tables;
0
 
0
-      foreach ($conditions as &$condition)
0
-        self::tablefy($condition, $tables);
0
+      $conditions = self::build_conditions($conds, $params, $tables);
0
 
0
       return implode(" AND ", array_filter($conditions));
0
     }
0
@@ -186,19 +185,68 @@
0
       return implode(", ", $order);
0
     }
0
 
0
+    public static function build_conditions($conds, &$params, $tables) {
0
+      foreach ($conds as $key => $val) {
0
+        if (is_numeric($key)) # Full expression
0
+          $cond = $val;
0
+        else { # Key => Val expression
0
+          if (substr($key, -4) == " not") { # Negation
0
+            $key = substr($key, 0, -4);
0
+            if (is_array($val))
0
+              $cond = $key." NOT IN ".self::build_in($val);
0
+            elseif ($val === null)
0
+              $cond = $key." IS NOT NULL";
0
+            else {
0
+              $cond = $key." != :".$key;
0
+              $params[":".$key] = $val;
0
+            }
0
+          } elseif (substr($key, -5) == " like") { # LIKE
0
+            $key = substr($key, 0, -5);
0
+            $cond = $key." LIKE :".$key;
0
+            $params[":".$key] = $val;
0
+          } elseif (substr($key, -9) == " not like") { # NOT LIKE
0
+            $key = substr($key, 0, -9);
0
+            $cond = $key." NOT LIKE :".$key;
0
+            $params[":".$key] = $val;
0
+          } else { # Equation
0
+            if (is_array($val))
0
+              $cond = $key." IN ".self::build_in($val);
0
+            elseif ($val === null)
0
+              $cond = $key." IS NULL";
0
+            else {
0
+              $cond = $key." = :".$key;
0
+              $params[":".$key] = $val;
0
+            }
0
+          }
0
+        }
0
+
0
+        self::tablefy($cond, $tables);
0
+        $conditions[] = $cond;
0
+      }
0
+
0
+      return $conditions;
0
+    }
0
+
0
+    public static function build_in($vals) {
0
+      $return = array();
0
+      foreach ($vals as $val)
0
+        $return[] = SQL::current()->escape($val);
0
+      return "(".join(",", $return).")";
0
+    }
0
+
0
     /**
0
      * Function: build_select
0
      * Creates a full SELECT query.
0
      */
0
-    public static function build_select($tables, $fields, $conds, $order = null, $limit = null, $offset = null, $group = null, $left_join = null) {
0
+    public static function build_select($tables, $fields, $conds, $order = null, $limit = null, $offset = null, $group = null, $left_join = null, &$params = array()) {
0
       $query = "
0
         SELECT ".self::build_select_header($fields, $tables)."
0
         FROM ".self::build_from($tables);
0
       if (isset($left_join))
0
         foreach ($left_join as $join)
0
-          $query.= "\n\t\t\t\tLEFT JOIN __".$join["table"]." ON ".self::build_where($join["where"], $join["table"]);
0
+          $query.= "\n\t\t\t\tLEFT JOIN __".$join["table"]." ON ".self::build_where($join["where"], $join["table"], $params);
0
       $query.= "
0
-        ".($conds ? "WHERE ".self::build_where($conds, $tables) : "")."
0
+        ".($conds ? "WHERE ".self::build_where($conds, $tables, $params) : "")."
0
         ".($group ? "GROUP BY ".self::build_group($group, $tables) : "")."
0
         ".($order ? "ORDER BY ".self::build_order($order, $tables) : "")."
0
         ".self::build_limits($offset, $limit)."
...
194
195
196
197
 
198
199
200
...
213
214
215
216
 
217
218
219
...
253
254
255
256
 
257
258
259
...
266
267
268
269
 
270
271
272
...
288
289
290
291
292
 
 
 
293
294
295
296
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
297
298
299
...
343
344
345
 
 
 
 
 
 
 
 
 
346
347
348
...
194
195
196
 
197
198
199
200
...
213
214
215
 
216
217
218
219
...
253
254
255
 
256
257
258
259
...
266
267
268
 
269
270
271
272
...
288
289
290
 
 
291
292
293
294
 
 
 
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
...
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
0
@@ -194,7 +194,7 @@
0
      *     $params - An associative array of parameters used in the query.
0
      */
0
     public function count($tables, $conds = null, $params = array(), $throw_exceptions = false) {
0
-      return $this->query(QueryBuilder::build_count($tables, $conds), $params, $throw_exceptions)->fetchColumn();
0
+      return $this->query(QueryBuilder::build_count($tables, $conds, $params), $params, $throw_exceptions)->fetchColumn();
0
     }
0
 
0
     /**
0
@@ -213,7 +213,7 @@
0
      *     $left_join - An array of additional LEFT JOINs.
0
      */
0
     public function select($tables, $fields = "*", $conds = null, $order = null, $params = array(), $limit = null, $offset = null, $group = null, $left_join = null, $throw_exceptions = false) {
0
-      return $this->query(QueryBuilder::build_select($tables, $fields, $conds, $order, $limit, $offset, $group, $left_join), $params, $throw_exceptions);
0
+      return $this->query(QueryBuilder::build_select($tables, $fields, $conds, $order, $limit, $offset, $group, $left_join, $params), $params, $throw_exceptions);
0
     }
0
 
0
     /**
0
@@ -253,7 +253,7 @@
0
      *     $params - An associative array of parameters used in the query.
0
      */
0
     public function update($table, $conds, $data, $params = array(), $throw_exceptions = false) {
0
-      return $this->query(QueryBuilder::build_update($table, $conds, $data), $params, $throw_exceptions);
0
+      return $this->query(QueryBuilder::build_update($table, $conds, $data, $params), $params, $throw_exceptions);
0
     }
0
 
0
     /**
0
@@ -266,7 +266,7 @@
0
      *     $params - An associative array of parameters used in the query.
0
      */
0
     public function delete($table, $conds, $params = array(), $throw_exceptions = false) {
0
-      return $this->query(QueryBuilder::build_delete($table, $conds), $params, $throw_exceptions);
0
+      return $this->query(QueryBuilder::build_delete($table, $conds, $params), $params, $throw_exceptions);
0
     }
0
 
0
     /**
0
@@ -288,12 +288,27 @@
0
     }
0
 
0
     /**
0
-     * Function: current
0
-     * Returns a singleton reference to the current connection.
0
+     * Function: escape
0
+     * Escapes a string, escaping things like $1 and C:\foo\bar so that they don't get borked by the preg_replace.
0
+     * This also handles calling the SQL connection method's "escape_string" functions.
0
      */
0
-    public static function & current() {
0
-      static $instance = null;
0
-      return $instance = (empty($instance)) ? new self() : $instance ;
0
+    public function escape($string) {
0
+      switch(SQL::current()->method()) {
0
+        case "pdo":
0
+          $string = $this->db->quote($string);
0
+          break;
0
+        case "mysqli":
0
+          $string = "'".$this->db->escape_string($string)."'";
0
+          break;
0
+        case "mysql":
0
+          $string = "'".mysql_real_escape_string($string)."'";
0
+          break;
0
+      }
0
+
0
+      $string = str_replace('\\', '\\\\', $string);
0
+      $string = str_replace('$', '\$', $string);
0
+
0
+      return $string;
0
     }
0
 
0
     /**
0
@@ -343,6 +358,15 @@
0
     public function second_from_datetime($datetime) {
0
       return when("s", $datetime);
0
     }
0
+
0
+    /**
0
+     * Function: current
0
+     * Returns a singleton reference to the current connection.
0
+     */
0
+    public static function & current() {
0
+      static $instance = null;
0
+      return $instance = (empty($instance)) ? new self() : $instance ;
0
+    }
0
   }
0
 
0
   $sql = SQL::current();
...
183
184
185
186
187
188
189
 
 
190
191
192
193
194
195
 
 
196
197
198
...
243
244
245
246
 
247
248
249
...
335
336
337
338
 
 
 
339
340
341
...
349
350
351
352
353
 
 
354
355
356
...
368
369
370
371
372
 
373
374
375
...
400
401
402
403
404
 
405
406
407
...
446
447
448
449
450
 
451
452
453
...
585
586
587
588
589
590
 
 
591
592
593
...
632
633
634
635
 
636
637
638
...
183
184
185
 
 
 
 
186
187
188
189
 
 
 
 
190
191
192
193
194
...
239
240
241
 
242
243
244
245
...
331
332
333
 
334
335
336
337
338
339
...
347
348
349
 
 
350
351
352
353
354
...
366
367
368
 
 
369
370
371
372
...
397
398
399
 
 
400
401
402
403
...
442
443
444
 
 
445
446
447
448
...
580
581
582
 
 
 
583
584
585
586
587
...
626
627
628
 
629
630
631
632
0
@@ -183,16 +183,12 @@
0
       fallback($_GET['query'], "");
0
       list($where, $params) = keywords(urldecode($_GET['query']), "xml LIKE :query");
0
 
0
-      if (!empty($_GET['month'])) {
0
-        $where[] = "created_at LIKE :when";
0
-        $params[":when"] = $_GET['month']."-%";
0
-      }
0
+      if (!empty($_GET['month']))
0
+        $where["created_at like"] = $_GET['month']."-%";
0
 
0
       $visitor = Visitor::current();
0
-      if (!$visitor->group()->can("view_draft", "edit_draft", "edit_post", "delete_draft", "delete_post")) {
0
-        $where[] = "user_id = :visitor_id";
0
-        $params[':visitor_id'] = $visitor->id;
0
-      }
0
+      if (!$visitor->group()->can("view_draft", "edit_draft", "edit_post", "delete_draft", "delete_post"))
0
+        $where["user_id"] = $visitor->id;
0
 
0
       $this->context["posts"] = new Paginator(Post::find(array("placeholders" => true,
0
                                                                "drafts" => true,
0
@@ -243,7 +239,7 @@
0
         error(__("No ID Specified"), __("An ID is required to edit a page."));
0
 
0
       $this->context["page"] = new Page($_GET['id'], array("filter" => false));
0
-      $this->context["pages"] = Page::find(array("where" => "id != :id", "params" => array(":id" => $_GET['id'])));
0
+      $this->context["pages"] = Page::find(array("where" => array("id not" => $_GET['id'])));
0
     }
0
 
0
     /**
0
@@ -335,7 +331,9 @@
0
       fallback($_GET['query'], "");
0
       list($where, $params) = keywords(urldecode($_GET['query']), "(title LIKE :query OR body LIKE :query)");
0
 
0
-      $this->context["pages"] = new Paginator(Page::find(array("placeholders" => true, "where" => $where, "params" => $params)), 25);
0
+      $this->context["pages"] = new Paginator(Page::find(array("placeholders" => true,
0
+                                                               "where" => $where,
0
+                                                               "params" => $params)), 25);
0
     }
0
 
0
     /**
0
@@ -349,8 +347,8 @@
0
       $config = Config::current();
0
 
0
       $this->context["default_group"] = new Group($config->default_group);
0
-      $this->context["groups"] = Group::find(array("where" => array("id != :guest_id", "id != :default_id"),
0
-                                                   "params" => array(":guest_id" => $config->guest_group, ":default_id" => $config->default_group),
0
+      $this->context["groups"] = Group::find(array("where" => array("id not" => array($config->guest_group,
0
+                                                                                      $config->default_group)),
0
                                                    "order" => "id DESC"));
0
     }
0
 
0
@@ -368,8 +366,7 @@
0
       if (empty($_POST['login']))
0
         error(__("Error"), __("Please enter a username for your account."));
0
 
0
-      $check = new User(null, array("where" => "login = :login",
0
-                                    "params" => array(":login" => $_POST['login'])));
0
+      $check = new User(null, array("where" => array("login" => $_POST['login'])));
0
       if (!$check->no_results)
0
         error(__("Error"), __("That username is already in use."));
0
 
0
@@ -400,8 +397,7 @@
0
 
0
       $this->context["user"] = new User($_GET['id']);
0
       $this->context["groups"] = Group::find(array("order" => "id ASC",
0
-                                                   "where" => "id != :guest_id",
0
-                                                   "params" => array(":guest_id" => Config::current()->guest_group)));
0
+                                                   "where" => array("id not" => Config::current()->guest_group)));
0
     }
0
 
0
     /**
0
@@ -446,8 +442,7 @@
0
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete users."));
0
 
0
       $this->context["user"] = new User($_GET['id']);
0
-      $this->context["users"] = User::find(array("where" => "id != :deleting_id",
0
-                                                 "params" => array(":deleting_id" => $_GET['id'])));
0
+      $this->context["users"] = User::find(array("where" => array("id not" => $_GET['id'])));
0
     }
0
 
0
     /**
0
@@ -585,9 +580,8 @@
0
         show_403(__("Access Denied"), __("You do not have sufficient privileges to delete groups."));
0
 
0
       $this->context["group"] = new Group($_GET['id']);
0
-      $this->context["groups"] = Group::find(array("where" => "id != :group_id",
0
-                                                   "order" => "id ASC",
0
-                                                   "params" => array(":group_id" => $_GET['id'])));
0
+      $this->context["groups"] = Group::find(array("where" => array("id not" => $_GET['id']),
0
+                                                   "order" => "id ASC"));
0
     }
0
 
0
     /**
0
@@ -632,7 +626,7 @@
0
         show_403(__("Access Denied"), __("You do not have sufficient privileges to manage groups."));
0
 
0
       if (!empty($_GET['search'])) {
0
-        $user = new User(null, array("where" => "login = :search", "params" => array(":search" => $_GET['search'])));
0
+        $user = new User(null, array("where" => array("login" => $_GET['search'])));
0
         $this->context["groups"] = array($user->group());
0
       } else
0
         $this->context["groups"] = new Paginator(Group::find(array("placeholders" => true, "order" => "id ASC")), 10);
...
25
26
27
28
29
 
30
31
32
33
34
 
35
36
37
...
70
71
72
73
74
75
 
 
76
77
78
...
84
85
86
87
 
88
89
90
...
118
119
120
121
122
 
123
124
125
...
187
188
189
190
191
 
192
193
194
...
227
228
229
230
231
 
232
233
234
...
294
295
296
297
 
298
299
300
...
25
26
27
 
 
28
29
30
31
 
 
32
33
34
35
...
68
69
70
 
 
 
71
72
73
74
75
...
81
82
83
 
84
85
86
87
...
115
116
117
 
 
118
119
120
121
...
183
184
185
 
 
186
187
188
189
...
222
223
224
 
 
225
226
227
228
...
288
289
290
 
291
292
293
294
0
@@ -25,13 +25,11 @@
0
 
0
       if (isset($_GET['day']))
0
         $posts = new Paginator(Post::find(array("placeholders" => true,
0
-                                                "where" => "created_at LIKE :date",
0
-                                                "params" => array(":date" => $_GET['year']."-".$_GET['month']."-".$_GET['day']."%"))),
0
+                                                "where" => array("created_at like" => $_GET['year']."-".$_GET['month']."-".$_GET['day']."%"))),
0
                                Config::current()->posts_per_page);
0
       else
0
         $posts = new Paginator(Post::find(array("placeholders" => true,
0
-                                                "where" => "created_at LIKE :date",
0
-                                                "params" => array(":date" => $_GET['year']."-".$_GET['month']."%"))),
0
+                                                "where" => array("created_at like" => $_GET['year']."-".$_GET['month']."%"))),
0
                                Config::current()->posts_per_page);
0
     }
0
 
0
@@ -70,9 +68,8 @@
0
 
0
       global $posts;
0
       $posts = new Paginator(Post::find(array("placeholders" => true,
0
-                                              "where" => array("status = 'draft'",
0
-                                                               "user_id = :current_user"),
0
-                                              "params" => array(":current_user" => $visitor->id))),
0
+                                              "where" => array("status" => "draft",
0
+                                                               "user_id" => $visitor->id))),
0
                            Config::current()->posts_per_page);
0
     }
0
 
0
@@ -84,7 +81,7 @@
0
       global $page;
0
 
0
       if (!isset($page))
0
-        $page = new Page(null, array("where" => "url = :url", "params" => array(":url" => $_GET['url'])));
0
+        $page = new Page(null, array("where" => array("url" => $_GET['url'])));
0
     }
0
 
0
     /**
0
@@ -118,8 +115,7 @@
0
       $get = array_map("urldecode", $_GET);
0
 
0
       if (!$config->clean_urls)
0
-        $post = new Post(null, array("where" => "url = :url",
0
-                                     "params" => array(":url" => fallback($get['url']))));
0
+        $post = new Post(null, array("where" => array("url" => fallback($get['url']))));
0
       else
0
         $post = Post::from_url($route->post_url_attrs, array("drafts" => true));
0
 
0
@@ -187,8 +183,7 @@
0
       if (empty($_POST['login']))
0
         return Flash::warning(__("Please enter a username for your account."));
0
 
0
-      if (count(User::find(array("where" => "login = :login",
0
-                                 "params" => array(":login" => $_POST['login'])))))
0
+      if (count(User::find(array("where" => array("login" => $_POST['login'])))))
0
         Flash::warning(__("That username is already in use."));
0
 
0
       if (empty($_POST['password1']) and empty($_POST['password2']))
0
@@ -227,8 +222,7 @@
0
       fallback($_POST['password']);
0
 
0
       if (!User::authenticate($_POST['login'], md5($_POST['password'])))
0
-        if (!count(User::find(array("where" => "login = :login",
0
-                                   "params" => array(":login" => $_POST['login'])))))
0
+        if (!count(User::find(array("where" => array("login" => $_POST['login'])))))
0
           Flash::warning(__("There is no user with that login name."));
0
         else
0
           Flash::warning(__("Password incorrect."));
0
@@ -294,7 +288,7 @@
0
       if (empty($_POST))
0
         return;
0
 
0
-      $user = new User(null, array("where" => "login = :login", "params" => array(":login" => $_POST['login'])));
0
+      $user = new User(null, array("where" => array("login" => $_POST['login'])));
0
       if ($user->no_results)
0
         return Flash::warning(__("Invalid user specified."));
0
 
...
1551
1552
1553
1554
1555
1556
 
 
1557
1558
 
1559
1560
1561
1562
1563
1564
 
 
1565
1566
1567
...
1551
1552
1553
 
 
 
1554
1555
1556
 
1557
1558
1559
 
 
 
 
1560
1561
1562
1563
1564
0
@@ -1551,17 +1551,14 @@
0
         $where[] = strtoupper($test)."(created_at) = :created_".$test;
0
         $params[":created_".$test] = $equals;
0
       } elseif ($test == "author") {
0
-        $user = new User(null, array("where" => "login = :login", "params" => array(":login" => $equals)));
0
-        $where[] = "user_id = :user_id";
0
-        $params[":user_id"] = $user->id;
0
+        $user = new User(null, array("where" => array("login" => $equals)));
0
+        $where["user_id"] = $user->id;
0
       } elseif ($test == "group") {
0
-        $group = new Group(null, array("where" => "name = :name", "params" => array(":name" => $equals)));
0
+        $group = new Group(null, array("where" => array("name" => $equals)));
0
         $test = "group_id";
0
         $equals = ($group->no_results) ? 0 : $group->id ;
0
-      } else {
0
-        $where[] = $test." = :".$test;
0
-        $params[":".$test] = $equals;
0
-      }
0
+      } else
0
+        $where[$test] = $equals;
0
     }
0
 
0
     if (!empty($search)) {
...
175
176
177
178
179
 
180
181
182
...
175
176
177
 
 
178
179
180
181
0
@@ -175,8 +175,7 @@
0
       if ($this->no_results)
0
         return false;
0
 
0
-      return User::find(array("where" => "group_id = :group_id",
0
-                              "params" => array(":group_id" => $this->id)));
0
+      return User::find(array("where" => array("group_id" => $this->id)));
0
     }
0
 
0
     /**
...
231
232
233
234
 
235
236
237
...
231
232
233
 
234
235
236
237
0
@@ -231,7 +231,7 @@
0
       if ($this->no_results)
0
         return false;
0
 
0
-      return self::find(array("where" => "parent_id = :id", "params" => array(":id" => $this->id)));
0
+      return self::find(array("where" => array("parent_id" => $this->id)));
0
     }
0
 
0
     /**
...
68
69
70
71
72
 
 
73
74
75
...
351
352
353
354
 
355
356
357
358
359
 
360
361
362
...
380
381
382
383
 
384
385
386
387
388
 
389
390
391
...
770
771
772
773
774
775
 
 
776
777
778
779
780
781
782
783
784
785
 
 
 
786
787
788
...
68
69
70
 
 
71
72
73
74
75
...
351
352
353
 
354
355
356
357
358
 
359
360
361
362
...
380
381
382
 
383
384
385
386
387
 
388
389
390
391
...
770
771
772
 
 
 
773
774
775
776
777
778
779
780
 
 
 
 
781
782
783
784
785
786
0
@@ -68,8 +68,8 @@
0
         $options["where"] = array();
0
 
0
       $has_status = false;
0
-      foreach ($options["where"] as $where)
0
-        if (substr_count($where, "status"))
0
+      foreach ($options["where"] as $key => $val)
0
+        if (is_int($key) and substr_count($val, "status") or $key == "status")
0
           $has_status = true;
0
 
0
       if (!XML_RPC) {
0
@@ -351,12 +351,12 @@
0
 
0
       # Can they edit their own posts, and do they have any?
0
       if ($visitor->group()->can("edit_own_post") and
0
-          Post::find(array("where" => "user_id = :visitor_id", "params" => array(":visitor_id" => $visitor->id))))
0
+          Post::find(array("where" => array("user_id" => $visitor->id))))
0
         return true;
0
 
0
       # Can they edit their own drafts, and do they have any?
0
       if ($visitor->group()->can("edit_own_draft") and
0
-          Post::find(array("where" => "status = 'draft' and user_id = :visitor_id", "params" => array(":visitor_id" => $visitor->id))))
0
+          Post::find(array("where" => array("status" => "draft", "user_id" => $visitor->id))))
0
         return true;
0
 
0
       return false;
0
@@ -380,12 +380,12 @@
0
 
0
       # Can they delete their own posts, and do they have any?
0
       if ($visitor->group()->can("delete_own_post") and
0
-          Post::find(array("where" => "user_id = :visitor_id", "params" => array(":visitor_id" => $visitor->id))))
0
+          Post::find(array("where" => array("user_id" => $visitor->id))))
0
         return true;
0
 
0
       # Can they delete their own drafts, and do they have any?
0
       if ($visitor->group()->can("delete_own_draft") and
0
-          Post::find(array("where" => "status = 'draft' and user_id = :visitor_id", "params" => array(":visitor_id" => $visitor->id))))
0
+          Post::find(array("where" => array("status" => "draft", "user_id" => $visitor->id))))
0
         return true;
0
 
0
       return false;
0
@@ -770,19 +770,17 @@
0
         if (in_array($attr, $times)) {
0
           $where[] = strtoupper($attr)."(created_at) = :created_".$attr;
0
           $params[':created_'.$attr] = $get[$attr];
0
-        } elseif ($attr == "author") {
0
-          $where[] = "user_id = :attrauthor";
0
-          $params[':attrauthor'] = SQL::current()->select("users",
0
+        } elseif ($attr == "author")
0
+          $where["user_id"] = SQL::current()->select("users",
0
                                                 "id",
0
                                                 "login = :login",
0
                                                 "id",
0
                                                 array(
0
                                                     ":login" => $get['author']
0
                                                 ), 1)->fetchColumn();
0
-        } elseif ($attr == "feathers") {
0
-          $where[] = "feather = :feather";
0
-          $params[':feather'] = depluralize($get['feathers']);
0
-        } else {
0
+        elseif ($attr == "feathers")
0
+          $where["feather"] = depluralize($get['feathers']);
0
+        else {
0
           $tokens = array($where, $params, $attr);
0
           Trigger::current()->filter($tokens, "post_url_token");
0
           list($where, $params, $attr) = $tokens;
...
42
43
44
45
46
 
47
48
49
...
167
168
169
170
171
 
172
173
174
...
179
180
181
182
183
 
184
185
186
...
42
43
44
 
 
45
46
47
48
...
166
167
168
 
 
169
170
171
172
...
177
178
179
 
 
180
181
182
183
0
@@ -42,8 +42,7 @@
0
      *     true - if a match is found.
0
      */
0
     static function authenticate($login, $password) {
0
-      $check = new self(null, array("where" => array("login = :login", "password = :password"),
0
-                                    "params" => array(":login" => $login, ":password" => $password)));
0
+      $check = new self(null, array("where" => array("login" => $login, "password" => $password)));
0
       return !$check->no_results;
0
     }
0
 
0
@@ -167,8 +166,7 @@
0
       if ($this->no_results)
0
         return false;
0
 
0
-      return Post::find(array("where" => "user_id = :user_id",
0
-                              "params" => array(":user_id" => $this->id)));
0
+      return Post::find(array("where" => array("user_id" => $this->id)));
0
     }
0
 
0
     /**
0
@@ -179,8 +177,7 @@
0
       if ($this->no_results)
0
         return false;
0
 
0
-      return Page::find(array("where" => "user_id = :user_id",
0
-                              "params" => array(":user_id" => $this->id)));
0
+      return Page::find(array("where" => array("user_id" => $this->id)));
0
     }
0
 
0
     /**
...
16
17
18
19
20
21
22
 
 
23
24
25
...
16
17
18
 
 
 
 
19
20
21
22
23
0
@@ -16,10 +16,8 @@
0
      */
0
     public function __construct() {
0
       if (isset($_SESSION['login']) and isset($_SESSION['password']))
0
-        parent::__construct(null, array("where"  => array("login = :login",
0
-                                                          "password = :password"),
0
-                                        "params" => array(":login"    => $_SESSION['login'],
0
-                                                          ":password" => $_SESSION['password'])));
0
+        parent::__construct(null, array("where"  => array("login"    => $_SESSION['login'],
0
+                                                          "password" => $_SESSION['password'])));
0
     }
0
 
0
     /**
...
86
87
88
89
90
 
91
92
93
...
86
87
88
 
 
89
90
91
92
0
@@ -86,8 +86,7 @@
0
                                         "timestamp" => $timestamp,
0
                                         "url" => url("archive/".when("Y/m/", $time->created_at)));
0
 
0
-          $archives[$timestamp]["posts"] = Post::find(array("where" => "created_at LIKE :created_at",
0
-                                                            "params" => array(":created_at" => when("Y-m", $time->created_at)."%")));
0
+          $archives[$timestamp]["posts"] = Post::find(array("where" => array("created_at like" => when("Y-m", $time->created_at)."%")));
0
         }
0
 
0
         $theme->load("pages/archive", array("archives" => $archives));
...
697
698
699
700
701
 
702
703
704
...
697
698
699
 
 
700
701
702
703
0
@@ -697,8 +697,7 @@
0
     }
0
 
0
     public function posts_export($atom, $post) {
0
-      $comments = Comment::find(array("where" => "post_id = :post_id",
0
-                                      "params" => array(":post_id" => $post->id)),
0
+      $comments = Comment::find(array("where" => array("post_id" => $post->id)),
0
                                 array("filter" => false));
0
 
0
       foreach ($comments as $comment) {
...
248
249
250
251
 
252
253
254
...
267
268
269
270
 
271
272
273
...
248
249
250
 
251
252
253
254
...
267
268
269
 
270
271
272
273
0
@@ -248,7 +248,7 @@
0
 
0
       # Can they edit their own comments, and do they have any?
0
       if ($visitor->group()->can("edit_own_comment") and
0
-          self::find(array("where" => "user_id = :visitor_id", "params" => array(":visitor_id" => $visitor->id))))
0
+          self::find(array("where" => array("user_id" => $visitor->id))))
0
         return true;
0
 
0
       return false;
0
@@ -267,7 +267,7 @@
0
 
0
       # Can they delete their own comments, and do they have any?
0
       if ($visitor->group()->can("delete_own_comment") and
0
-          self::find(array("where" => "user_id = :visitor_id", "params" => array(":visitor_id" => $visitor->id))))
0
+          self::find(array("where" => array("user_id" => $visitor->id))))
0
         return true;
0
 
0
       return false;
...
179
180
181
182
 
183
184
185
...
208
209
210
211
212
213
214
 
 
215
216
217
218
219
 
 
 
220
221
222
...
239
240
241
242
 
243
244
245
...
348
349
350
351
352
 
353
354
355
...
505
506
507
508
 
509
510
511
...
557
558
559
560
 
561
562
563
...
581
582
583
584
 
585
586
587
...
594
595
596
597
 
598
599
600
...
658
659
660
661
 
662
663
664
665
 
 
666
667
...
179
180
181
 
182
183
184
185
...
208
209
210
 
 
 
 
211
212
213
214
 
 
 
215
216
217
218
219
220
...
237
238
239
 
240
241
242
243
...
346
347
348
 
 
349
350
351
352
...
502
503
504
 
505
506
507
508
...
554
555
556
 
557
558
559
560
...
578
579
580
 
581
582
583
584
...
591
592
593
 
594
595
596
597
...
655
656
657
 
658
659
660
661
 
662
663
664
665
0
@@ -179,7 +179,7 @@
0
         $clean[] = $tag["clean"];
0
       }
0
 
0
-      list($tags, $clean, $tag2clean) = $this->parseTags($tags, $clean);
0
+      list($tags, $clean, $tag2clean,) = self::parseTags($tags, $clean);
0
 
0
       $max_qty = max(array_values($tags));
0
       $min_qty = min(array_values($tags));
0
@@ -208,15 +208,13 @@
0
       list($where, $params) = keywords(urldecode($_GET['query']), "xml LIKE :query");
0
 
0
       $visitor = Visitor::current();
0
-      if (!$visitor->group()->can("view_draft", "edit_draft", "edit_post", "delete_draft", "delete_post")) {
0
-        $where[] = "user_id = :visitor_id";
0
-        $params[':visitor_id'] = $visitor->id;
0
-      }
0
+      if (!$visitor->group()->can("view_draft", "edit_draft", "edit_post", "delete_draft", "delete_post"))
0
+        $where["user_id"] = $visitor->id;
0
 
0
       $admin->context["posts"] = new Paginator(Post::find(array("placeholders" => true,
0
-                                                               "drafts" => true,
0
-                                                               "where" => $where,
0
-                                                               "params" => $params)), 25);
0
+                                                                "drafts" => true,
0
+                                                                "where" => $where,
0
+                                                                "params" => $params)), 25);
0
     }
0
 
0
     public function admin_rename_tag($admin) {
0
@@ -239,7 +237,7 @@
0
         $clean[] = $tag["clean"];
0
       }
0
 
0
-      list($tags, $clean, $tag2clean) = $this->parseTags($tags, $clean);
0
+      list($tags, $clean, $tag2clean,) = self::parseTags($tags, $clean);
0
 
0
       foreach ($tags as $tag => $count)
0
         if ($tag2clean[$tag] == $_GET['name'])
0
@@ -348,8 +346,7 @@
0
       global $posts;
0
 
0
       $posts = new Paginator(Post::find(array("placeholders" => true,
0
-                                              "where" => "tags.clean LIKE :tag",
0
-                                              "params" => array(":tag" => "%{{".$_GET['name']."}}%"))),
0
+                                              "where" => array("tags.clean like" => "%{{".$_GET['name']."}}%"))),
0
                              Config::current()->posts_per_page);
0
 
0
       return !empty($posts->paginated);
0
@@ -505,7 +502,7 @@
0
         return;
0
       }
0
 
0
-      list($tags, $clean, $tag2clean) = $this->parseTags(array($post->unclean_tags), array($post->clean_tags));
0
+      list($tags, $clean, $tag2clean,) = self::parseTags(array($post->unclean_tags), array($post->clean_tags));
0
 
0
       $post->tags = array();
0
 
0
@@ -557,7 +554,7 @@
0
       if (!count($unclean))
0
         return array();
0
 
0
-      list($unclean, $clean, $tag2clean) = $this->parseTags($unclean, $clean);
0
+      list($unclean, $clean, $tag2clean,) = self::parseTags($unclean, $clean);
0
 
0
       foreach ($unclean as $name => $popularity)
0
         $unclean[$name] = array("name" => $name, "popularity" => $popularity, "url" => $tag2clean[$name]);
0
@@ -581,7 +578,7 @@
0
         $clean[] = $tag["clean"];
0
       }
0
 
0
-      list($tags, $clean, $tag2clean) = $this->parseTags($tags, $clean);
0
+      list($tags, $clean, $tag2clean, $clean2tag) = self::parseTags($tags, $clean);
0
 
0
       return $clean2tag[$clean_tag];
0
     }
0
@@ -594,7 +591,7 @@
0
         $clean[] = $tag["clean"];
0
       }
0
 
0
-      list($tags, $clean, $tag2clean) = $this->parseTags($tags, $clean);
0
+      list($tags, $clean, $tag2clean) = self::parseTags($tags, $clean);
0
 
0
       return $tag2clean[$unclean_tag];
0
     }
0
@@ -658,10 +655,11 @@
0
     # array("foo", "bar", "foo")
0
     # to
0
     # array("foo" => 2, "bar" => 1)
0
-    public function parseTags($tags, $clean) {
0
+    static function parseTags($tags, $clean) {
0
       $tags = array_count_values(explode(",", preg_replace("/\{\{([^\}]+)\}\}/", "\\1", implode(",", $tags))));
0
       $clean = array_count_values(explode(",", preg_replace("/\{\{([^\}]+)\}\}/", "\\1", implode(",", $clean))));
0
       $tag2clean = array_combine(array_keys($tags), array_keys($clean));
0
-      return array($tags, $clean, $tag2clean);
0
+      $clean2tag = array_combine(array_keys($clean), array_keys($tags));
0
+      return array($tags, $clean, $tag2clean, $clean2tag);
0
     }
0
   }

Comments