Skip to content

Commit

Permalink
Parameterized queries
Browse files Browse the repository at this point in the history
  • Loading branch information
@SharkyKZ
SharkyKZ committed Jun 16, 2020
1 parent 6575b3d commit cefaa7b
Show file tree
Hide file tree
Showing 3 changed files with 69 additions and 72 deletions.
54 changes: 27 additions & 27 deletions administrator/components/com_workflow/src/Model/StagesModel.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@

use Joomla\CMS\Factory;
use Joomla\CMS\MVC\Model\ListModel;
use Joomla\Database\ParameterType;

/**
* Model class for stages
Expand Down Expand Up @@ -124,45 +125,43 @@ public function getTable($type = 'Stage', $prefix = 'Administrator', $config = a
*/
public function getListQuery()
{
$db = $this->getDbo();

$query = parent::getListQuery();

$select = $db->quoteName(
array(
's.id',
's.title',
's.ordering',
's.default',
's.published',
's.checked_out',
's.checked_out_time',
's.description'
)
);
$db = $this->getDbo();
$query = $db->getQuery(true);

$query
->select($select)
->from($db->quoteName('#__workflow_stages', 's'));
->select(
[
$db->quoteName('s.id'),
$db->quoteName('s.title'),
$db->quoteName('s.ordering'),
$db->quoteName('s.default'),
$db->quoteName('s.published'),
$db->quoteName('s.checked_out'),
$db->quoteName('s.checked_out_time'),
$db->quoteName('s.description'),
$db->quoteName('uc.name', 'editor'),
]
)
->from($db->quoteName('#__workflow_stages', 's'))
->join('LEFT', $db->quoteName('#__users', 'uc'), $db->quoteName('uc.id') . ' = ' . $db->quoteName('s.checked_out'));

// Filter by extension
if ($workflowID = (int) $this->getState('filter.workflow_id'))
{
$query->where($db->quoteName('s.workflow_id') . ' = ' . $workflowID);
$query->where($db->quoteName('s.workflow_id') . ' = :id')
->bind(':id', $workflowID, ParameterType::INTEGER);
}

// Join over the users for the checked out user.
$query->select($db->quoteName('uc.name', 'editor'))
->join('LEFT', $db->quoteName('#__users', 'uc'), $db->quoteName('uc.id') . ' = ' . $db->quoteName('s.checked_out'));

$status = (string) $this->getState('filter.published');

// Filter by publish state
if (is_numeric($status))
{
$query->where($db->quoteName('s.published') . ' = ' . (int) $status);
$status = (int) $status;
$query->where($db->quoteName('s.published') . ' = :status')
->bind(':status', $status, ParameterType::INTEGER);
}
elseif ($status == '')
elseif ($status === '')
{
$query->where($db->quoteName('s.published') . ' IN (0, 1)');
}
Expand All @@ -172,8 +171,9 @@ public function getListQuery()

if (!empty($search))
{
$search = $db->quote('%' . str_replace(' ', '%', $db->escape(trim($search), true) . '%'));
$query->where('(' . $db->quoteName('s.title') . ' LIKE ' . $search . ' OR ' . $db->quoteName('s.description') . ' LIKE ' . $search . ')');
$search = '%' . str_replace(' ', '%', trim($search)) . '%';
$query->where('(' . $db->quoteName('s.title') . ' LIKE :search1 OR ' . $db->quoteName('s.description') . ' LIKE :search2)')
->bind([':search1', ':search2'], $search);
}

// Add the list ordering clause.
Expand Down
83 changes: 40 additions & 43 deletions administrator/components/com_workflow/src/Model/TransitionsModel.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@

use Joomla\CMS\Factory;
use Joomla\CMS\MVC\Model\ListModel;
use Joomla\Database\ParameterType;

/**
* Model class for transitions
Expand Down Expand Up @@ -125,85 +126,81 @@ protected function getReorderConditions($table)
*/
public function getListQuery()
{
$db = $this->getDbo();

$query = parent::getListQuery();

$select = $db->quoteName(
array(
't.id',
't.title',
't.from_stage_id',
't.to_stage_id',
't.published',
't.checked_out',
't.checked_out_time',
't.ordering',
't.description',
)
);

$select[] = $db->quoteName('f_stage.title', 'from_stage');
$select[] = $db->quoteName('t_stage.title', 'to_stage');
$joinTo = $db->quoteName('#__workflow_stages', 't_stage') .
' ON ' . $db->quoteName('t_stage.id') . ' = ' . $db->quoteName('t.to_stage_id');
$db = $this->getDbo();
$query = $db->getQuery(true);

$query
->select($select)
->from($db->quoteName('#__workflow_transitions', 't'))
->leftJoin(
$db->quoteName('#__workflow_stages', 'f_stage') . ' ON ' . $db->quoteName('f_stage.id') . ' = ' . $db->quoteName('t.from_stage_id')
->select(
[
$db->quoteName('t.id'),
$db->quoteName('t.title'),
$db->quoteName('t.from_stage_id'),
$db->quoteName('t.to_stage_id'),
$db->quoteName('t.published'),
$db->quoteName('t.checked_out'),
$db->quoteName('t.checked_out_time'),
$db->quoteName('t.ordering'),
$db->quoteName('t.description'),
$db->quoteName('f_stage.title', 'from_stage'),
$db->quoteName('t_stage.title', 'to_stage'),
$db->quoteName('uc.name', 'editor'),
]
)
->leftJoin($joinTo);

// Join over the users for the checked out user.
$query->select($db->quoteName('uc.name', 'editor'))
->from($db->quoteName('#__workflow_transitions', 't'))
->join('LEFT', $db->quoteName('#__workflow_stages', 'f_stage'), $db->quoteName('f_stage.id') . ' = ' . $db->quoteName('t.from_stage_id'))
->join('LEFT', $db->quoteName('#__workflow_stages', 't_stage'), $db->quoteName('t_stage.id') . ' = ' . $db->quoteName('t.to_stage_id'))
->join('LEFT', $db->quoteName('#__users', 'uc'), $db->quoteName('uc.id') . ' = ' . $db->quoteName('t.checked_out'));

// Filter by extension
if ($workflowID = (int) $this->getState('filter.workflow_id'))
{
$query->where($db->quoteName('t.workflow_id') . ' = ' . $workflowID);
$query->where($db->quoteName('t.workflow_id') . ' = :id')
->bind(':id', $workflowID, ParameterType::INTEGER);
}

$status = $this->getState('filter.published');
$status = (string) $this->getState('filter.published');

// Filter by status
if (is_numeric($status))
{
$query->where($db->quoteName('t.published') . ' = ' . (int) $status);
$status = (int) $status;
$query->where($db->quoteName('t.published') . ' = :status')
->bind(':status', $status, ParameterType::INTEGER);
}
elseif ($status == '')
elseif ($status === '')
{
$query->where($db->quoteName('t.published') . ' IN (0, 1)');
}

// Filter by column from_stage_id
if ($fromStage = $this->getState('filter.from_stage'))
if ($fromStage = (int) $this->getState('filter.from_stage'))
{
$query->where($db->quoteName('from_stage_id') . ' = ' . (int) $fromStage);
$query->where($db->quoteName('from_stage_id') . ' = :fromStage')
->bind(':fromStage', $fromStage, ParameterType::INTEGER);
}

// Filter by column from_stage_id
if ($toStage = $this->getState('filter.to_stage'))
// Filter by column to_stage_id
if ($toStage = (int) $this->getState('filter.to_stage'))
{
$query->where($db->quoteName('to_stage_id') . ' = ' . (int) $toStage);
$query->where($db->quoteName('to_stage_id') . ' = :toStage')
->bind(':toStage', $toStage, ParameterType::INTEGER);
}

// Filter by search in title
$search = $this->getState('filter.search');

if (!empty($search))
{
$search = $db->quote('%' . str_replace(' ', '%', $db->escape(trim($search), true) . '%'));
$query->where('(' . $db->quoteName('title') . ' LIKE ' . $search . ' OR ' . $db->quoteName('description') . ' LIKE ' . $search . ')');
$search = '%' . str_replace(' ', '%', trim($search)) . '%';
$query->where('(' . $db->quoteName('title') . ' LIKE :search1 OR ' . $db->quoteName('description') . ' LIKE :search2)')
->bind([':search1', ':search2'], $search);
}

// Add the list ordering clause.
$orderCol = $this->state->get('list.ordering', 't.id');
$orderDirn = strtolower($this->state->get('list.direction', 'asc'));
$orderDirn = strtoupper($this->state->get('list.direction', 'ASC'));

$query->order($db->quoteName($orderCol) . ' ' . $db->escape($orderDirn == 'desc' ? 'DESC' : 'ASC'));
$query->order($db->quoteName($db->escape($orderCol)) . ' ' . $db->escape($orderDirn === 'DESC' ? 'DESC' : 'ASC'));

return $query;
}
Expand Down
4 changes: 2 additions & 2 deletions administrator/components/com_workflow/src/Model/WorkflowsModel.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ protected function countItems($items)
*/
public function getListQuery()
{
$db = $this->getDbo();
$db = $this->getDbo();
$query = $db->getQuery(true);

$query->select(
Expand All @@ -232,7 +232,7 @@ public function getListQuery()
$db->quoteName('w.created_by'),
$db->quoteName('w.description'),
$db->quoteName('u.name'),
$db->quoteName('uc.name', 'editor')
$db->quoteName('uc.name', 'editor'),
]
)
->from($db->quoteName('#__workflows', 'w'))
Expand Down

0 comments on commit cefaa7b

Please sign in to comment.