summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormikl <>2008-10-16 13:51:11 +0000
committermikl <>2008-10-16 13:51:11 +0000
commit6fea677ad180adce8e0b430cf52632e92ee5d3ab (patch)
tree6c3ad303761a6a3b9acfa7b0c96288b66821e2f1
parentf13aa5583318d2e70723c6f5b05af01b3e0bc8ed (diff)
Fixed #882 (Escaping # and $ in SqlMap)
-rw-r--r--HISTORY1
-rw-r--r--UPGRADE3
-rw-r--r--framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php14
3 files changed, 18 insertions, 0 deletions
diff --git a/HISTORY b/HISTORY
index b19f50ae..f204464b 100644
--- a/HISTORY
+++ b/HISTORY
@@ -30,6 +30,7 @@ ENH: Workaround for slow meta data retrieval in MySQL<5.1.21 (Michael)
ENH: Ticket#756 - TDateFormat & TNumberFormat - allow settings default text when Value isn't set. (Carl)
ENH: Ticket#823 - PromptText/PromptValue only populated if there is data (Knut)
ENH: Ticket#876 - Assign empty string to CssUrl on TTabPanel to avoid loading extra css (GoDZilla, Knut)
+ENH: Ticket#882 - Allow to escape # and $ in sqlmap (Michael)
ENH: Ticket#890 - Minor optimization: Use $var===null over is_null($var) (Knut)
ENH: Ticket#893 - Added page parameter to queryForPagedList() to specify the initial page to load (Michael)
ENH: Ticket#896 - TTheme - enhance for subclassing (Knut)
diff --git a/UPGRADE b/UPGRADE
index 55d8e3d5..ecb5225b 100644
--- a/UPGRADE
+++ b/UPGRADE
@@ -23,6 +23,9 @@ Upgrading from v3.1.2
See http://wiki.moxiecode.com/index.php/TinyMCE:Migration_guide for more information.
- If you use EnableStateEncryption, the PageState of your current user sessions
will no longer be valid, since we optimized the encryption/compression logic.
+- You can now use # and $ characters in your SQL statements with SQLMap by
+ escaping them as ## and $$. That induces that you can't have consecutive
+ parameters like #param1##param2# or $param1$$param2$ in your statements anymore.
Upgrading from v3.1.1
diff --git a/framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php b/framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php
index d0c57d57..470b061b 100644
--- a/framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php
+++ b/framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php
@@ -309,6 +309,16 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder
private $_FlushOnExecuteStatements=array();
+ /**
+ * Regular expressions for escaping simple/inline parameter symbols
+ */
+ const SIMPLE_MARK='$';
+ const INLINE_SYMBOL='#';
+ const ESCAPED_SIMPLE_MARK_REGEXP='/\$\$/';
+ const ESCAPED_INLINE_SYMBOL_REGEXP='/\#\#/';
+ const SIMPLE_PLACEHOLDER='`!!`';
+ const INLINE_PLACEHOLDER='`!!!`';
+
/**
* @param TSqlMapXmlConfiguration parent xml configuration.
*/
@@ -532,6 +542,7 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder
$scope['file'] = $this->_configFile;
$scope['node'] = $node;
+ $sqlStatement=preg_replace(self::ESCAPED_INLINE_SYMBOL_REGEXP,self::INLINE_PLACEHOLDER,$sqlStatement);
if($statement->parameterMap() === null)
{
// Build a Parametermap with the inline parameters.
@@ -548,6 +559,7 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder
}
$sqlStatement = $sqlText['sql'];
}
+ $sqlStatement=preg_replace('/'.self::INLINE_PLACEHOLDER.'/',self::INLINE_SYMBOL,$sqlStatement);
$this->prepareSql($statement, $sqlStatement, $node);
}
@@ -562,6 +574,7 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder
protected function prepareSql($statement,$sqlStatement, $node)
{
$simpleDynamic = new TSimpleDynamicParser;
+ $sqlStatement=preg_replace(self::ESCAPED_SIMPLE_MARK_REGEXP,self::SIMPLE_PLACEHOLDER,$sqlStatement);
$dynamics = $simpleDynamic->parse($sqlStatement);
if(count($dynamics['parameters']) > 0)
{
@@ -570,6 +583,7 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder
}
else
$sql = new TStaticSql();
+ $sqlStatement=preg_replace('/'.self::SIMPLE_PLACEHOLDER.'/',self::SIMPLE_MARK,$sqlStatement);
$sql->buildPreparedStatement($statement, $sqlStatement);
$statement->setSqlText($sql);
}