Permalink
Browse files

BackwardsCompatibilityBreak - fORMDatabase::prepareBySchema() was ren…

…amed to fORMDatabase::escapeBySchema() and fORMDatabase::prepareByType() was renamed to fORMDatabase::escapeByType()
  • Loading branch information...
wbond committed Sep 10, 2008
1 parent 1207ef8 commit 0042a0ffba76bb238eb5792d76e8d7c0251d683d
@@ -1400,7 +1400,7 @@ public function store()
$sql_values = array();
foreach ($column_info as $column => $info) {
$value = fORM::scalarize($this, $column, $this->values[$column]);
$sql_values[$column] = fORMDatabase::prepareBySchema($table, $column, $value);
$sql_values[$column] = fORMDatabase::escapeBySchema($table, $column, $value);
}
// Most databases don't like the auto incrementing primary key to be set to NULL
@@ -619,7 +619,7 @@ static public function setRandomStrings($object, &$values, &$old_values, &$relat
$value = fCryptography::generateRandomString($settings['length'], $settings['type']);
// See if this is unique
$sql = "SELECT " . $column . " FROM " . $table . " WHERE " . $column . " = " . fORMDatabase::prepareByType($value);
$sql = "SELECT " . $column . " FROM " . $table . " WHERE " . $column . " = " . fORMDatabase::escapeByType($value);
} while (fORMDatabase::getInstance()->query($sql)->getReturnedRows());
}
@@ -387,7 +387,7 @@ static public function createPrimaryKeyWhereClause($table, $table_alias, &$value
$value = (!empty($old_values[$primary_key])) ? $old_values[$primary_key][0] : $values[$primary_key];
$sql .= $table . '.' . $primary_key . fORMDatabase::prepareBySchema($table, $primary_key, $value, '=');
$sql .= $table . '.' . $primary_key . fORMDatabase::escapeBySchema($table, $primary_key, $value, '=');
}
return $sql;
@@ -488,7 +488,7 @@ static public function createWhereClause($table, $conditions)
$conditions = array();
$iterations = sizeof($columns);
for ($i=0; $i<$iterations; $i++) {
$conditions[] = $columns[$i] . self::prepareByType($values[$i], $types[$i]);
$conditions[] = $columns[$i] . self::escapeByType($values[$i], $types[$i]);
}
$sql[] = ' (' . join(' OR ', $conditions) . ') ';
}
@@ -506,14 +506,14 @@ static public function createWhereClause($table, $conditions)
case '=':
$condition = array();
foreach ($values as $value) {
$condition[] = self::prepareByType($value);
$condition[] = self::escapeByType($value);
}
$sql[] = $column . ' IN (' . join(', ', $condition) . ')';
break;
case '!':
$condition = array();
foreach ($values as $value) {
$condition[] = self::prepareByType($value);
$condition[] = self::escapeByType($value);
}
$sql[] = $column . ' NOT IN (' . join(', ', $condition) . ')';
break;
@@ -543,14 +543,14 @@ static public function createWhereClause($table, $conditions)
case '<=':
case '>':
case '>=':
$sql[] = $column . self::prepareByType($values[0], $type);
$sql[] = $column . self::escapeByType($values[0], $type);
break;
case '!':
if ($values[0] !== NULL) {
$sql[] = '(' . $column . self::prepareByType($values[0], '<>') . ' OR ' . $column . ' IS NULL)';
$sql[] = '(' . $column . self::escapeByType($values[0], '<>') . ' OR ' . $column . ' IS NULL)';
} else {
$sql[] = $column . self::prepareByType($values[0], '<>');
$sql[] = $column . self::escapeByType($values[0], '<>');
}
break;
@@ -576,6 +576,113 @@ static public function createWhereClause($table, $conditions)
}
/**
* Escapes a value for a DB call based on database schema
*
* @throws fValidationException
* @internal
*
* @param string $table The table to store the value
* @param string $column The column to store the value in
* @param mixed $value The value to escape
* @param string $comparison_operator Optional: should be '=', '<>', '<', '<=', '>', '>=', 'IN', 'NOT IN'
* @return string The SQL-ready representation of the value
*/
static public function escapeBySchema($table, $column, $value, $comparison_operator=NULL)
{
// Some of the tables being escaped for are linking tables that might break with classize()
if (is_object($value)) {
$class = fORM::classize($table);
$value = fORM::scalarize($class, $column, $value);
}
$valid_comparison_operators = array('=', '<>', '<=', '<', '>=', '>', 'IN', 'NOT IN');
if ($comparison_operator !== NULL && !in_array(strtoupper($comparison_operator), $valid_comparison_operators)) {
fCore::toss(
'fProgrammerException',
fGrammar::compose(
'The comparison operator specified, %1$s, is invalid. Must be one of: %2$s.',
fCore::dump($comparison_operator),
join(', ', $valid_comparison_operators)
)
);
}
$co = (is_null($comparison_operator)) ? '' : ' ' . strtoupper($comparison_operator) . ' ';
$column_info = fORMSchema::getInstance()->getColumnInfo($table, $column);
if ($column_info['not_null'] && $value === NULL && $column_info['default'] !== NULL) {
$value = $column_info['default'];
}
if (is_null($value)) {
$prepared_value = 'NULL';
} else {
$prepared_value = self::getInstance()->escape($column_info['type'], $value);
}
if ($prepared_value == 'NULL') {
if ($co) {
if (in_array(trim($co), array('=', 'IN'))) {
$co = ' IS ';
} elseif (in_array(trim($co), array('<>', 'NOT IN'))) {
$co = ' IS NOT ';
}
}
}
return $co . $prepared_value;
}
/**
* Escapes a value for a DB call based on variable type
*
* @internal
*
* @param mixed $value The value to escape
* @param string $comparison_operator Optional: should be '=', '<>', '<', '<=', '>', '>=', 'IN', 'NOT IN'
* @return string The SQL-ready representation of the value
*/
static public function escapeByType($value, $comparison_operator=NULL)
{
$valid_comparison_operators = array('=', '<>', '<=', '<', '>=', '>', 'IN', 'NOT IN');
if ($comparison_operator !== NULL && !in_array(strtoupper($comparison_operator), $valid_comparison_operators)) {
fCore::toss(
'fProgrammerException',
fGrammar::compose(
'The comparison operator specified, %1$s, is invalid. Must be one of: %2$s.',
fCore::dump($comparison_operator),
join(', ', $valid_comparison_operators)
)
);
}
$co = (is_null($comparison_operator)) ? '' : ' ' . strtoupper($comparison_operator) . ' ';
if (is_int($value) || preg_match('#^[+\-]?[0-9]+#', $value)) {
$prepared_value = self::getInstance()->escape('integer', $value);
} elseif (is_float($value) || preg_match('#^[+\-]?[0-9]+(\.[0-9]+)?#', $value)) {
$prepared_value = self::getInstance()->escape('float', $value);
} elseif (is_bool($value)) {
$prepared_value = self::getInstance()->escape('boolean', $value);
} elseif (is_null($value)) {
if ($co) {
if (in_array(trim($co), array('=', 'IN'))) {
$co = ' IS ';
} elseif (in_array(trim($co), array('<>', 'NOT IN'))) {
$co = ' IS NOT ';
}
}
$prepared_value = 'NULL';
} else {
$prepared_value = self::getInstance()->escape('string', $value);
}
return $co . $prepared_value;
}
/**
* Finds the first table alias for the table specified in the list of joins provided
*
@@ -791,113 +898,6 @@ static public function insertFromAndGroupByClauses($table, $sql, $joins=array())
}
/**
* Prepares a value for a DB call based on database schema
*
* @throws fValidationException
* @internal
*
* @param string $table The table to store the value
* @param string $column The column to store the value in
* @param mixed $value The value to prepare
* @param string $comparison_operator Optional: should be '=', '<>', '<', '<=', '>', '>=', 'IN', 'NOT IN'
* @return string The SQL-ready representation of the value
*/
static public function prepareBySchema($table, $column, $value, $comparison_operator=NULL)
{
// Some of the tables being escaped for are linking tables that might break with classize()
if (is_object($value)) {
$class = fORM::classize($table);
$value = fORM::scalarize($class, $column, $value);
}
$valid_comparison_operators = array('=', '<>', '<=', '<', '>=', '>', 'IN', 'NOT IN');
if ($comparison_operator !== NULL && !in_array(strtoupper($comparison_operator), $valid_comparison_operators)) {
fCore::toss(
'fProgrammerException',
fGrammar::compose(
'The comparison operator specified, %1$s, is invalid. Must be one of: %2$s.',
fCore::dump($comparison_operator),
join(', ', $valid_comparison_operators)
)
);
}
$co = (is_null($comparison_operator)) ? '' : ' ' . strtoupper($comparison_operator) . ' ';
$column_info = fORMSchema::getInstance()->getColumnInfo($table, $column);
if ($column_info['not_null'] && $value === NULL && $column_info['default'] !== NULL) {
$value = $column_info['default'];
}
if (is_null($value)) {
$prepared_value = 'NULL';
} else {
$prepared_value = self::getInstance()->escape($column_info['type'], $value);
}
if ($prepared_value == 'NULL') {
if ($co) {
if (in_array(trim($co), array('=', 'IN'))) {
$co = ' IS ';
} elseif (in_array(trim($co), array('<>', 'NOT IN'))) {
$co = ' IS NOT ';
}
}
}
return $co . $prepared_value;
}
/**
* Prepares a value for a DB call based on variable type
*
* @internal
*
* @param mixed $value The value to prepare
* @param string $comparison_operator Optional: should be '=', '<>', '<', '<=', '>', '>=', 'IN', 'NOT IN'
* @return string The SQL-ready representation of the value
*/
static public function prepareByType($value, $comparison_operator=NULL)
{
$valid_comparison_operators = array('=', '<>', '<=', '<', '>=', '>', 'IN', 'NOT IN');
if ($comparison_operator !== NULL && !in_array(strtoupper($comparison_operator), $valid_comparison_operators)) {
fCore::toss(
'fProgrammerException',
fGrammar::compose(
'The comparison operator specified, %1$s, is invalid. Must be one of: %2$s.',
fCore::dump($comparison_operator),
join(', ', $valid_comparison_operators)
)
);
}
$co = (is_null($comparison_operator)) ? '' : ' ' . strtoupper($comparison_operator) . ' ';
if (is_int($value) || preg_match('#^[+\-]?[0-9]+#', $value)) {
$prepared_value = self::getInstance()->escape('integer', $value);
} elseif (is_float($value) || preg_match('#^[+\-]?[0-9]+(\.[0-9]+)?#', $value)) {
$prepared_value = self::getInstance()->escape('float', $value);
} elseif (is_bool($value)) {
$prepared_value = self::getInstance()->escape('boolean', $value);
} elseif (is_null($value)) {
if ($co) {
if (in_array(trim($co), array('=', 'IN'))) {
$co = ' IS ';
} elseif (in_array(trim($co), array('<>', 'NOT IN'))) {
$co = ' IS NOT ';
}
}
$prepared_value = 'NULL';
} else {
$prepared_value = self::getInstance()->escape('string', $value);
}
return $co . $prepared_value;
}
/**
* Forces use as a static class
*
@@ -121,7 +121,7 @@ static private function createOldOtherFieldsWhereClause($table, $other_columns,
$conditions = array();
foreach ($other_columns as $other_column) {
$other_value = (isset($old_values[$other_column])) ? $old_values[$other_column][0] : $values[$other_column];
$conditions[] = $other_column . fORMDatabase::prepareBySchema($table, $other_column, $other_value, '=');
$conditions[] = $other_column . fORMDatabase::escapeBySchema($table, $other_column, $other_value, '=');
}
return join(' AND ', $conditions);
@@ -140,7 +140,7 @@ static private function createOtherFieldsWhereClause($table, $other_columns, &$v
{
$conditions = array();
foreach ($other_columns as $other_column) {
$conditions[] = $other_column . fORMDatabase::prepareBySchema($table, $other_column, $values[$other_column], '=');
$conditions[] = $other_column . fORMDatabase::escapeBySchema($table, $other_column, $values[$other_column], '=');
}
return join(' AND ', $conditions);
@@ -138,7 +138,7 @@ static public function countRecords($class, &$values, &$related_records, $relate
$count = 0;
} else {
$column = $table . '.' . $relationship['column'];
$value = fORMDatabase::prepareBySchema($table, $relationship['column'], $values[$relationship['column']], '=');
$value = fORMDatabase::escapeBySchema($table, $relationship['column'], $values[$relationship['column']], '=');
$primary_keys = fORMSchema::getInstance()->getKeys($related_table, 'primary');
$primary_keys = fORMDatabase::addTableToValues($related_table, $primary_keys);
@@ -647,7 +647,7 @@ static public function storeManyToMany(&$values, $relationship, $record_set)
$join_table = $relationship['join_table'];
$join_column = $relationship['join_column'];
$join_column_value = fORMDatabase::prepareBySchema($join_table, $join_column, $column_value);
$join_column_value = fORMDatabase::escapeBySchema($join_table, $join_column, $column_value);
$delete_sql = 'DELETE FROM ' . $join_table;
$delete_sql .= ' WHERE ' . $join_column . ' = ' . $join_column_value;
@@ -659,7 +659,7 @@ static public function storeManyToMany(&$values, $relationship, $record_set)
$get_related_method_name = 'get' . fGrammar::camelize($relationship['related_column'], TRUE);
foreach ($record_set as $record) {
$related_column_value = fORMDatabase::prepareBySchema($join_table, $join_related_column, $record->$get_related_method_name());
$related_column_value = fORMDatabase::escapeBySchema($join_table, $join_related_column, $record->$get_related_method_name());
$insert_sql = 'INSERT INTO ' . $join_table . ' (' . $join_column . ', ' . $join_related_column . ') ';
$insert_sql .= 'VALUES (' . $join_column_value . ', ' . $related_column_value . ')';
@@ -360,7 +360,7 @@ static private function checkForeignKeyConstraints($class, $column, &$values)
$sql = "SELECT " . $foreign_key['foreign_column'];
$sql .= " FROM " . $foreign_key['foreign_table'];
$sql .= " WHERE ";
$sql .= $column . fORMDatabase::prepareBySchema($table, $column, $values[$column], '=');
$sql .= $column . fORMDatabase::escapeBySchema($table, $column, $values[$column], '=');
$sql = str_replace('WHERE ' . $column, 'WHERE ' . $foreign_key['foreign_column'], $sql);
$result = fORMDatabase::getInstance()->translatedQuery($sql);
@@ -539,7 +539,7 @@ static private function checkUniqueConstraints($object, $column, &$values, &$old
$column_num = 0;
foreach ($unique_columns as $unique_column) {
if ($column_num) { $sql .= " AND "; }
$sql .= $unique_column . fORMDatabase::prepareBySchema($table, $unique_column, $values[$unique_column], '=');
$sql .= $unique_column . fORMDatabase::escapeBySchema($table, $unique_column, $values[$unique_column], '=');
$column_num++;
}
@@ -549,7 +549,7 @@ static private function checkUniqueConstraints($object, $column, &$values, &$old
foreach ($primary_keys as $primary_key) {
$sql .= ($first && !$first = FALSE) ? '' : ' AND ';
$value = (!empty($old_values[$primary_key])) ? $old_values[$primary_key][0] : $values[$primary_key];
$sql .= $table . '.' . $primary_key . fORMDatabase::prepareBySchema($table, $primary_key, $value, '<>');
$sql .= $table . '.' . $primary_key . fORMDatabase::escapeBySchema($table, $primary_key, $value, '<>');
}
$sql .= ')';
}
Oops, something went wrong.

0 comments on commit 0042a0f

Please sign in to comment.