Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Zend\Db\Metadata - remove quoting of known scalars, use quoteTrustedValue() for provided values #4241

Closed
wants to merge 1 commit into from

2 participants

@ralphschindler
Collaborator

Zend\Db\Metadata - remove quoting of known scalars, use quoteTrustedValue() for provided values

Overrides #4144

@ralphschindler ralphschindler Zend\Db:
Fixed metadata to directly quote values or use quoteTrustedValue()
c86e9e7
@weierophinney weierophinney closed this pull request from a commit
@weierophinney weierophinney Merge branch 'hotfix/4241'
Close #4241
Fixes #4144
e50f404
@ghost Unknown referenced this pull request from a commit
@weierophinney weierophinney Merge branch 'hotfix/4241'
Close #4241
Fixes #4144
1c28c41
@ghost Unknown referenced this pull request from a commit
@weierophinney weierophinney Merge branch 'hotfix/4241' into develop
Forward port #4241
0f1c867
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Apr 16, 2013
  1. @ralphschindler

    Zend\Db:

    ralphschindler authored
    Fixed metadata to directly quote values or use quoteTrustedValue()
This page is out of date. Refresh to see the latest.
View
46 library/Zend/Db/Metadata/Source/MysqlMetadata.php
@@ -25,7 +25,7 @@ protected function loadSchemaData()
$sql = 'SELECT ' . $p->quoteIdentifier('SCHEMA_NAME')
. ' FROM ' . $p->quoteIdentifierChain(array('INFORMATION_SCHEMA', 'SCHEMATA'))
. ' WHERE ' . $p->quoteIdentifier('SCHEMA_NAME')
- . ' != ' . $p->quoteValue('INFORMATION_SCHEMA');
+ . ' != \'INFORMATION_SCHEMA\'';
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
@@ -66,14 +66,14 @@ protected function loadTableNameData($schema)
. ' = ' . $p->quoteIdentifierChain(array('V','TABLE_NAME'))
. ' WHERE ' . $p->quoteIdentifierChain(array('T','TABLE_TYPE'))
- . ' IN (' . $p->quoteValueList(array('BASE TABLE', 'VIEW')) . ')';
+ . ' IN (\'BASE TABLE\', \'VIEW\')';
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' != ' . $p->quoteValue('INFORMATION_SCHEMA');
+ . ' != \'INFORMATION_SCHEMA\'';
}
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
@@ -122,16 +122,16 @@ protected function loadColumnData($table, $schema)
. ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_NAME'))
. ' = ' . $p->quoteIdentifierChain(array('C','TABLE_NAME'))
. ' WHERE ' . $p->quoteIdentifierChain(array('T','TABLE_TYPE'))
- . ' IN (' . $p->quoteValueList(array('BASE TABLE', 'VIEW')) . ')'
+ . ' IN (\'BASE TABLE\', \'VIEW\')'
. ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_NAME'))
- . ' = ' . $p->quoteValue($table);
+ . ' = ' . $p->quoteTrustedValue($table);
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' != ' . $p->quoteValue('INFORMATION_SCHEMA');
+ . ' != \'INFORMATION_SCHEMA\'';
}
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
@@ -216,16 +216,16 @@ protected function loadConstraintData($table, $schema)
. ' = ' . $p->quoteIdentifierChain(array('RC','CONSTRAINT_NAME'))
. ' WHERE ' . $p->quoteIdentifierChain(array('T','TABLE_NAME'))
- . ' = ' . $p->quoteValue($table)
+ . ' = ' . $p->quoteTrustedValue($table)
. ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_TYPE'))
- . ' IN (' . $p->quoteValueList(array('BASE TABLE', 'VIEW')) . ')';
+ . ' IN (\'BASE TABLE\', \'VIEW\')';
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' != ' . $p->quoteValue('INFORMATION_SCHEMA');
+ . ' != \'INFORMATION_SCHEMA\'';
}
$sql .= ' ORDER BY CASE ' . $p->quoteIdentifierChain(array('TC','CONSTRAINT_TYPE'))
@@ -302,14 +302,14 @@ protected function loadConstraintDataNames($schema)
. ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_NAME'))
. ' = ' . $p->quoteIdentifierChain(array('TC','TABLE_NAME'))
. ' WHERE ' . $p->quoteIdentifierChain(array('T','TABLE_TYPE'))
- . ' IN (' . $p->quoteValueList(array('BASE TABLE', 'VIEW')) . ')';
+ . ' IN (\'BASE TABLE\', \'VIEW\')';
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' != ' . $p->quoteValue('INFORMATION_SCHEMA');
+ . ' != \'INFORMATION_SCHEMA\'';
}
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
@@ -353,14 +353,14 @@ protected function loadConstraintDataKeys($schema)
. ' = ' . $p->quoteIdentifierChain(array('KCU','TABLE_NAME'))
. ' WHERE ' . $p->quoteIdentifierChain(array('T','TABLE_TYPE'))
- . ' IN (' . $p->quoteValueList(array('BASE TABLE', 'VIEW')) . ')';
+ . ' IN (\'BASE TABLE\', \'VIEW\')';
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' != ' . $p->quoteValue('INFORMATION_SCHEMA');
+ . ' != \'INFORMATION_SCHEMA\'';
}
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
@@ -415,14 +415,14 @@ protected function loadConstraintReferences($schema)
. ' = ' . $p->quoteIdentifierChain(array('KCU','CONSTRAINT_NAME'))
. 'WHERE ' . $p->quoteIdentifierChain(array('T','TABLE_TYPE'))
- . ' IN (' . $p->quoteValueList(array('BASE TABLE', 'VIEW')) . ')';
+ . ' IN (\'BASE TABLE\', \'VIEW\')';
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' != ' . $p->quoteValue('INFORMATION_SCHEMA');
+ . ' != \'INFORMATION_SCHEMA\'';
}
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
@@ -475,10 +475,10 @@ protected function loadTriggerData($schema)
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= $p->quoteIdentifier('TRIGGER_SCHEMA')
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= $p->quoteIdentifier('TRIGGER_SCHEMA')
- . ' != ' . $p->quoteValue('INFORMATION_SCHEMA');
+ . ' != \'INFORMATION_SCHEMA\'';
}
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
View
26 library/Zend/Db/Metadata/Source/PostgresqlMetadata.php
@@ -26,7 +26,7 @@ protected function loadSchemaData()
$sql = 'SELECT ' . $p->quoteIdentifier('schema_name')
. ' FROM ' . $p->quoteIdentifierChain(array('information_schema', 'schemata'))
. ' WHERE ' . $p->quoteIdentifier('schema_name')
- . ' != ' . $p->quoteValue('information_schema')
+ . ' != \'information_schema\''
. ' AND ' . $p->quoteIdentifier('schema_name') . " NOT LIKE 'pg_%'";
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
@@ -68,14 +68,14 @@ protected function loadTableNameData($schema)
. ' = ' . $p->quoteIdentifierChain(array('v','table_name'))
. ' WHERE ' . $p->quoteIdentifierChain(array('t','table_type'))
- . ' IN (' . $p->quoteValueList(array('BASE TABLE', 'VIEW')) . ')';
+ . ' IN (\'BASE TABLE\', \'VIEW\')';
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('t','table_schema'))
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('t','table_schema'))
- . ' != ' . $p->quoteValue('information_schema');
+ . ' != \'information_schema\'';
}
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
@@ -122,13 +122,13 @@ protected function loadColumnData($table, $schema)
. ' FROM ' . $platform->quoteIdentifier('information_schema')
. $platform->getIdentifierSeparator() . $platform->quoteIdentifier('columns')
. ' WHERE ' . $platform->quoteIdentifier('table_schema')
- . ' != ' . $platform->quoteValue('information')
+ . ' != \'information\''
. ' AND ' . $platform->quoteIdentifier('table_name')
- . ' = ' . $platform->quoteValue($table);
+ . ' = ' . $platform->quoteTrustedValue($table);
if ($schema != '__DEFAULT_SCHEMA__') {
$sql .= ' AND ' . $platform->quoteIdentifier('table_schema')
- . ' = ' . $platform->quoteValue($schema);
+ . ' = ' . $platform->quoteTrustedValue($schema);
}
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
@@ -221,16 +221,16 @@ protected function loadConstraintData($table, $schema)
. ' = ' . $p->quoteIdentifierChain(array('kcu2','ordinal_position'))
. ' WHERE ' . $p->quoteIdentifierChain(array('t','table_name'))
- . ' = ' . $p->quoteValue($table)
+ . ' = ' . $p->quoteTrustedValue($table)
. ' AND ' . $p->quoteIdentifierChain(array('t','table_type'))
- . ' IN (' . $p->quoteValueList(array('BASE TABLE', 'VIEW')) . ')';
+ . ' IN (\'BASE TABLE\', \'VIEW\')';
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('t','table_schema'))
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('t','table_schema'))
- . ' != ' . $p->quoteValue('information_schema');
+ . ' != \'information_schema\'';
}
$sql .= ' ORDER BY CASE ' . $p->quoteIdentifierChain(array('tc','constraint_type'))
@@ -322,10 +322,10 @@ protected function loadTriggerData($schema)
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= $p->quoteIdentifier('trigger_schema')
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= $p->quoteIdentifier('trigger_schema')
- . ' != ' . $p->quoteValue('information_schema');
+ . ' != \'information_schema\'';
}
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
View
28 library/Zend/Db/Metadata/Source/SqlServerMetadata.php
@@ -27,7 +27,7 @@ protected function loadSchemaData()
$sql = 'SELECT ' . $p->quoteIdentifier('SCHEMA_NAME')
. ' FROM ' . $p->quoteIdentifierChain(array('INFORMATION_SCHEMA', 'SCHEMATA'))
. ' WHERE ' . $p->quoteIdentifier('SCHEMA_NAME')
- . ' != ' . $p->quoteValue('INFORMATION_SCHEMA');
+ . ' != \'INFORMATION_SCHEMA\'';
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
@@ -68,14 +68,14 @@ protected function loadTableNameData($schema)
. ' = ' . $p->quoteIdentifierChain(array('V','TABLE_NAME'))
. ' WHERE ' . $p->quoteIdentifierChain(array('T','TABLE_TYPE'))
- . ' IN (' . $p->quoteValueList(array('BASE TABLE', 'VIEW')) . ')';
+ . ' IN (\'BASE TABLE\', \'VIEW\')';
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' != ' . $p->quoteValue('INFORMATION_SCHEMA');
+ . ' != \'INFORMATION_SCHEMA\'';
}
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
@@ -123,16 +123,16 @@ protected function loadColumnData($table, $schema)
. ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_NAME'))
. ' = ' . $p->quoteIdentifierChain(array('C','TABLE_NAME'))
. ' WHERE ' . $p->quoteIdentifierChain(array('T','TABLE_TYPE'))
- . ' IN (' . $p->quoteValueList(array('BASE TABLE', 'VIEW')) . ')'
+ . ' IN (\'BASE TABLE\', \'VIEW\')'
. ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_NAME'))
- . ' = ' . $p->quoteValue($table);
+ . ' = ' . $p->quoteTrustedValue($table);
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' != ' . $p->quoteValue('INFORMATION_SCHEMA');
+ . ' != \'INFORMATION_SCHEMA\'';
}
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
@@ -225,16 +225,16 @@ protected function loadConstraintData($table, $schema)
. ' = ' . $p->quoteIdentifierChain(array('KCU2','ORDINAL_POSITION'))
. ' WHERE ' . $p->quoteIdentifierChain(array('T','TABLE_NAME'))
- . ' = ' . $p->quoteValue($table)
+ . ' = ' . $p->quoteTrustedValue($table)
. ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_TYPE'))
- . ' IN (' . $p->quoteValueList(array('BASE TABLE', 'VIEW')) . ')';
+ . ' IN (\'BASE TABLE\', \'VIEW\')';
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= ' AND ' . $p->quoteIdentifierChain(array('T','TABLE_SCHEMA'))
- . ' != ' . $p->quoteValue('INFORMATION_SCHEMA');
+ . ' != \'INFORMATION_SCHEMA\'';
}
$sql .= ' ORDER BY CASE ' . $p->quoteIdentifierChain(array('TC','CONSTRAINT_TYPE'))
@@ -321,10 +321,10 @@ protected function loadTriggerData($schema)
if ($schema != self::DEFAULT_SCHEMA) {
$sql .= $p->quoteIdentifier('TRIGGER_SCHEMA')
- . ' = ' . $p->quoteValue($schema);
+ . ' = ' . $p->quoteTrustedValue($schema);
} else {
$sql .= $p->quoteIdentifier('TRIGGER_SCHEMA')
- . ' != ' . $p->quoteValue('INFORMATION_SCHEMA');
+ . ' != \'INFORMATION_SCHEMA\'';
}
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
View
2  library/Zend/Db/Metadata/Source/SqliteMetadata.php
@@ -246,7 +246,7 @@ protected function fetchPragma($name, $value = null, $schema = null)
$sql .= $name;
if (null !== $value) {
- $sql .= '(' . $p->quoteValue($value) . ')';
+ $sql .= '(' . $p->quoteTrustedValue($value) . ')';
}
$results = $this->adapter->query($sql, Adapter::QUERY_MODE_EXECUTE);
Something went wrong with that request. Please try again.