Changed zophTable::insert() to new db

- Added some code to insert class to be able to retrieve last insert id - Added possibility to use functions (such as now() and password()) in INSERT statements. - Corrected a reversed order of 'expected' and 'actual' in groupPermissions test case. Issue #20
jeroenrnl · Aug 21, 2015 · c0951f9 · c0951f9
1 parent 97c7c53
commit c0951f9
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 37 deletions.
diff --git a/UnitTests/groupPermissionsTest.php b/UnitTests/groupPermissionsTest.php
@@ -21,6 +21,8 @@
  * @author Jeroen Roos
  */
 
+require_once "testSetup.php";
+
 /**
  * Test group_permissions class.
  *
@@ -44,9 +46,9 @@ public function testCreateGroupPermissions($group, $albums, $al, $wml, $wr) {
             $prm->insert();
 
             $perm=$gr->get_group_permissions($alb);
-            $this->assertEquals($perm->get("access_level"), $al);
-            $this->assertEquals($perm->get("watermark_level"), $wml);
-            $this->assertEquals($perm->get("writable"),$wr);
+            $this->assertEquals($al, $perm->get("access_level"));
+            $this->assertEquals($wml, $perm->get("watermark_level"));
+            $this->assertEquals($wr, $perm->get("writable"));
         }
     }
 

diff --git a/php/classes/insert.inc.php b/php/classes/insert.inc.php
@@ -8,7 +8,7 @@
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
- * 
+ *
  * Zoph is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
@@ -28,25 +28,45 @@
  * @author Jeroen Roos
  */
 class insert extends query {
+    private $set=array();
 
     /**
      * Create INSERT query
      * @return string SQL query
      */
     public function __toString() {
         $sql = "INSERT INTO " . $this->table;
-        
+
         $fields=array();
+        $values=array();
 
         foreach($this->getParams() as $param) {
             $fields[]=substr($param->getName(),1);
+            $values[]=$param->getName();
+        }
+
+        foreach($this->set as $name => $value) {
+            $fields[]=$name;
+            $values[]=$value;
         }
 
         $sql.=" (" . implode(", ", $fields) . ")";
-        $sql.=" VALUES(:" . implode(", :", $fields) . ") ";
+        $sql.=" VALUES(" . implode(", ", $values) . ") ";
 
         return $sql . ";";
     }
 
+    public function addSet($name, $value) {
+        $this->set[$name]=$value;
+    }
+
+    public function execute() {
+        parent::execute();
+        $db=db::getHandle();
+
+        $id=$db->lastInsertId();
+        return $id;
+    }
+
 }
 
diff --git a/php/classes/zophTable.inc.php b/php/classes/zophTable.inc.php
@@ -167,16 +167,18 @@ public function isKey($name) {
      * @todo Should return something more sensible
      */
     public function lookup() {
-        $constraint = $this->createConstraints();
+        $qry=new select(array(static::$table_name));
 
-        if (!$constraint) {
+        list($qry, $where) = $this->addWhereForKeys($qry);
+
+        if (!($where instanceof clause)) {
             log::msg("No constraint found", log::NOTIFY, log::GENERAL);
             return;
         }
 
-        $sql = "SELECT * FROM " . DB_PREFIX . static::$table_name . " WHERE $constraint";
+        $qry->where($where);
 
-        return $this->lookupFromSQL($sql);
+        return $this->lookupFromSQL($qry);
     }
 
     /**
@@ -216,44 +218,29 @@ public function lookupFromSQL($sql) {
      * parameter causes these fields to be manually inserted.
      */
     public function insert() {
-        $names=null;
-        $values=null;
+        $qry=new insert(array(static::$table_name));
         reset($this->fields);
-        while (list($name, $value) = each($this->fields)) {
+
+        foreach($this->fields as $name => $value) {
             if (!static::$keepKeys && $this->isKey($name)) {
                 continue;
             }
-
-            if (!empty($names)) {
-                $names .= ", ";
-                $values .= ", ";
-            }
-
-            $names .= $name;
-
-            if ($name == "password") {
-                $values .= "password('" . escape_string($value) . "')";
-            }
-            else if ($value == "now()") {
+            if ($name === "password") {
+                $qry->addSet("password", "password(\"" . $value . "\")");
+            } else if ($value === "now()") {
                 /* Lastnotify is normaly set to "now()" and should not be escaped */
-                $values .=  $value ;
+                $qry->addSet($name, "now()");
             } else if ($value =="" && in_array($name, static::$not_null)) {
                 die("<p class='error'><b>$name</b> may not be empty</p>");
             } else if ($value !== "") {
-                $values .= "'" . escape_string($value) . "'";
+                $qry->addParam(new param(":" . $name, $value, PDO::PARAM_STR));
             } else {
-                $values .= "null";
+                $qry->addParam(new param(":" . $name, null, PDO::PARAM_STR));
             }
 
         }
 
-        $sql = "INSERT INTO " . DB_PREFIX . static::$table_name .
-            "(" . $names . ") VALUES (" . $values . ")";
-
-        query($sql, "Insert failed:");
-
-        $id = insert_id();
-
+        $id=$qry->execute();
         if (count(static::$primary_keys) == 1 && !static::$keepKeys) {
             $this->fields[static::$primary_keys[0]] = $id;
         }
@@ -658,6 +645,7 @@ public static function getRecordsFromQuery($sql) {
 
     /**
      * Creates a constraint clause based on the given keys
+     * @todo This is going to be replaced by addWhereForKeys() (below)
      */
     private function createConstraints() {
         $constraints=null;
@@ -670,6 +658,27 @@ private function createConstraints() {
         return $constraints;
     }
 
+    /**
+     * Creates a constraint clause based on the given keys
+     */
+    private function addWhereForKeys(query $query, clause $where = null) {
+        foreach (static::$primary_keys as $key) {
+            $value = $this->fields[$key];
+            if (!$value) {
+                continue;
+            }
+            $clause = new clause($key . "=:" . $key);
+            $query->addParam(new param(":" . $key, $value, PDO::PARAM_INT));
+
+            if ($where instanceof clause) {
+                $where->addAnd($clause);
+            } else {
+                $where = $clause;
+            }
+        }
+        return array($query, $where);
+    }
+
     /**
      * Get coverphoto.
      * @return photo coverphoto
@@ -783,7 +792,7 @@ protected static function expandQueryForUser(select $qry, clause $where=null) {
      * @param select query
      * @return select modified query
      */
-    protected static function addRelationTableToQuery($qry) {
+    protected static function addRelationTableToQuery(select $qry) {
         if($qry->hasTable("albums") && !$qry->hasTable("photo_albums")) {
             $qry->join(array("pa" => "photo_albums"), "pa.album_id = a.album_id");
         } else if($qry->hasTable("categories") && !$qry->hasTable("photo_categories")) {
@@ -800,7 +809,7 @@ protected static function addRelationTableToQuery($qry) {
      * @param select query
      * @return select modified query
      */
-    protected static function addPhotoTableToQuery($qry) {
+    protected static function addPhotoTableToQuery(select $qry) {
         $qry=static::addRelationTableToQuery($qry);
 
         if($qry->hasTable("photo_albums")) {