diff options
author | mikl <> | 2008-10-16 13:51:11 +0000 |
---|---|---|
committer | mikl <> | 2008-10-16 13:51:11 +0000 |
commit | 6fea677ad180adce8e0b430cf52632e92ee5d3ab (patch) | |
tree | 6c3ad303761a6a3b9acfa7b0c96288b66821e2f1 | |
parent | f13aa5583318d2e70723c6f5b05af01b3e0bc8ed (diff) |
Fixed #882 (Escaping # and $ in SqlMap)
-rw-r--r-- | HISTORY | 1 | ||||
-rw-r--r-- | UPGRADE | 3 | ||||
-rw-r--r-- | framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php | 14 |
3 files changed, 18 insertions, 0 deletions
@@ -30,6 +30,7 @@ ENH: Workaround for slow meta data retrieval in MySQL<5.1.21 (Michael) ENH: Ticket#756 - TDateFormat & TNumberFormat - allow settings default text when Value isn't set. (Carl) ENH: Ticket#823 - PromptText/PromptValue only populated if there is data (Knut) ENH: Ticket#876 - Assign empty string to CssUrl on TTabPanel to avoid loading extra css (GoDZilla, Knut) +ENH: Ticket#882 - Allow to escape # and $ in sqlmap (Michael) ENH: Ticket#890 - Minor optimization: Use $var===null over is_null($var) (Knut) ENH: Ticket#893 - Added page parameter to queryForPagedList() to specify the initial page to load (Michael) ENH: Ticket#896 - TTheme - enhance for subclassing (Knut) @@ -23,6 +23,9 @@ Upgrading from v3.1.2 See http://wiki.moxiecode.com/index.php/TinyMCE:Migration_guide for more information.
- If you use EnableStateEncryption, the PageState of your current user sessions
will no longer be valid, since we optimized the encryption/compression logic.
+- You can now use # and $ characters in your SQL statements with SQLMap by
+ escaping them as ## and $$. That induces that you can't have consecutive
+ parameters like #param1##param2# or $param1$$param2$ in your statements anymore.
Upgrading from v3.1.1
diff --git a/framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php b/framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php index d0c57d57..470b061b 100644 --- a/framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php +++ b/framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php @@ -309,6 +309,16 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder private $_FlushOnExecuteStatements=array();
+ /** + * Regular expressions for escaping simple/inline parameter symbols + */ + const SIMPLE_MARK='$'; + const INLINE_SYMBOL='#'; + const ESCAPED_SIMPLE_MARK_REGEXP='/\$\$/'; + const ESCAPED_INLINE_SYMBOL_REGEXP='/\#\#/'; + const SIMPLE_PLACEHOLDER='`!!`'; + const INLINE_PLACEHOLDER='`!!!`'; + /**
* @param TSqlMapXmlConfiguration parent xml configuration.
*/
@@ -532,6 +542,7 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder $scope['file'] = $this->_configFile;
$scope['node'] = $node;
+ $sqlStatement=preg_replace(self::ESCAPED_INLINE_SYMBOL_REGEXP,self::INLINE_PLACEHOLDER,$sqlStatement); if($statement->parameterMap() === null)
{
// Build a Parametermap with the inline parameters.
@@ -548,6 +559,7 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder }
$sqlStatement = $sqlText['sql'];
}
+ $sqlStatement=preg_replace('/'.self::INLINE_PLACEHOLDER.'/',self::INLINE_SYMBOL,$sqlStatement); $this->prepareSql($statement, $sqlStatement, $node);
}
@@ -562,6 +574,7 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder protected function prepareSql($statement,$sqlStatement, $node)
{
$simpleDynamic = new TSimpleDynamicParser;
+ $sqlStatement=preg_replace(self::ESCAPED_SIMPLE_MARK_REGEXP,self::SIMPLE_PLACEHOLDER,$sqlStatement); $dynamics = $simpleDynamic->parse($sqlStatement);
if(count($dynamics['parameters']) > 0)
{
@@ -570,6 +583,7 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder }
else
$sql = new TStaticSql();
+ $sqlStatement=preg_replace('/'.self::SIMPLE_PLACEHOLDER.'/',self::SIMPLE_MARK,$sqlStatement); $sql->buildPreparedStatement($statement, $sqlStatement);
$statement->setSqlText($sql);
}
|