Create a class for UPDATE queries and moved methods from person class…

… to new db

Moved person::addPhoto() and person::removePhoto() to new db code

issue #20

php/classes/person.inc.php

@@ -66,11 +66,14 @@ class person extends zophTable implements Organizer {
     public function addPhoto(photo $photo) {
         $pos = $photo->getLastPersonPos();
         $pos++;
-        $sql = "INSERT INTO " . DB_PREFIX . "photo_people " .
-            "(photo_id, person_id, position) " .
-            "values (" . (int) $photo->getId() . ", " .
-            (int) $this->getId() . ", " . (int) $pos . ")";
-        query($sql, "Failed to add person");
+
+        $qry=new insert(array("photo_people"));
+        $qry->addParams(array(
+            new param(":photo_id", (int) $photo->getId(), PDO::PARAM_INT),
+            new param(":person_id", (int) $this->getId() , PDO::PARAM_INT),
+            new param(":position", (int) $pos, PDO::PARAM_INT)
+        ));
+        $qry->execute();
     }
 
     /**
@@ -79,25 +82,41 @@ public function addPhoto(photo $photo) {
      */
     public function removePhoto(photo $photo) {
         // First, get the position for the person who is about to be removed
-        $sql = "SELECT position FROM " . DB_PREFIX . "photo_people " .
-            "WHERE photo_id = '" . (int) $photo->getId() . "' " .
-            "AND person_id = '" . (int) $this->getId() . "'";
-        $result=fetch_array(query($sql));
+        $qry=new select(array("photo_people"));
+        $where=new clause("photo_id=:photo_id");
+        $where->addAnd(new clause("person_id=:person_id"));
+
+        $params=array(
+            new param(":photo_id", (int) $photo->getId(), PDO::PARAM_INT),
+            new param(":person_id", (int) $this->getId(), PDO::PARAM_INT)
+        );
+
+        $qry->where($where);
+        $qry->addParams($params);
+
+        $result=fetch_array(query($qry));
         $pos=$result["position"];
 
-        // Remove the victim
-        $sql = "DELETE FROM " . DB_PREFIX . "photo_people " .
-            "WHERE photo_id = '" . (int) $photo->getId() . "'" .
-            " AND person_id = '" . (int) $this->getId() . "'";
-        query($sql);
-
-        // Finally, lower the position for everyone with a higher position by one
-        $sql=
-            "UPDATE " . DB_PREFIX . "photo_people " .
-            "SET position=position-1 " .
-            "WHERE photo_id = '" . (int) $photo->getId() . "' " .
-            "AND position > " . (int) $pos;
-        query($sql);
+        $qry=new delete("photo_people");
+        $qry->where($where);
+        $qry->addParams($params);
+        $qry->execute();
+
+        $qry=new update(array("photo_people"));
+
+        $where=new clause("photo_id=:photo_id");
+        $where->addAnd(new clause("position>:pos"));
+
+        $qry->addSetFunction("position=position-1");
+
+        $params=array(
+            new param(":photo_id", (int) $photo->getId(), PDO::PARAM_INT),
+            new param(":pos", (int) $pos, PDO::PARAM_INT)
+        );
+
+        $qry->addParams($params);
+        $qry->execute();
+
     }
 
     /**

php/classes/update.inc.php

@@ -0,0 +1,70 @@
+<?php
+/**
+ * Database query class for UPDATE queries
+ *
+ * This file is part of Zoph.
+ *
+ * Zoph is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * Zoph is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * You should have received a copy of the GNU General Public License
+ * along with Zoph; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ * @package Zoph
+ * @author Jeroen Roos
+ */
+
+/**
+ * The insert object is used to create UPDATE queries
+ *
+ * @package Zoph
+ * @author Jeroen Roos
+ */
+class update extends query {
+
+    /** @var bool Set to true to allow UPDATE query without WHERE
+             this will delete all data from the table 
+             There currently is no way of setting this, because it 
+             is a protection against accidently running a query like
+             this during development or due to a bug */
+    private $updateAll=false;
+    private $set=array();
+
+    public function addSet($field, $param) {
+        $this->set[]=$field . "=:" . $param;
+    }
+
+    public function addSetFunction($function) {
+        $this->set[]=$function;
+    }
+
+    /**
+     * Create UPDATE query
+     * @return string SQL query
+     */
+    public function __toString() {
+        $sql = "UPDATE " . $this->table . " SET ";
+
+        if(is_array($this->set)) {
+            $sql.=implode(", ", $this->set);
+        } else {
+         //   throw new DatabaseException("UPDATE with no SET");
+        }
+
+        if($this->clause instanceof clause) {
+            $sql .= " WHERE " . $this->clause;
+        } else if (!$this->updateAll) {
+         //   throw new DatabaseException("UPDATE query without WHERE");
+        }
+        return $sql . ";";
+    }
+
+}
+

php/database.inc.php

@@ -88,6 +88,9 @@ function fetch_row($result) {
 }
 
 function fetch_array($result) {
+    if($result instanceof PDOStatement) {
+        return $result->fetch(PDO::FETCH_ASSOC);
+    }
     return mysql_fetch_array($result);
 }