From 7ea61ba9701a04bc593d7c5960c5135ce39805a8 Mon Sep 17 00:00:00 2001
From: wei <>
Date: Wed, 3 Jan 2007 11:31:18 +0000
Subject: quote the criteria string in ActiveRecord.

---
 framework/Data/ActiveRecord/Vendor/TMysqlMetaData.php | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'framework/Data/ActiveRecord/Vendor/TMysqlMetaData.php')

diff --git a/framework/Data/ActiveRecord/Vendor/TMysqlMetaData.php b/framework/Data/ActiveRecord/Vendor/TMysqlMetaData.php
index 1289afa5..0ac3798d 100644
--- a/framework/Data/ActiveRecord/Vendor/TMysqlMetaData.php
+++ b/framework/Data/ActiveRecord/Vendor/TMysqlMetaData.php
@@ -24,27 +24,36 @@ class TMysqlMetaData extends TDbMetaDataCommon
 {
 	/**
 	 * Build the SQL search string from the criteria object for Postgress database.
+	 * @param TDbConnection database connection.
 	 * @param TActiveRecordCriteria search criteria.
 	 * @return string SQL search.
 	 */
-	protected function getSqlFromCriteria(TActiveRecordCriteria $criteria)
+	protected function getSqlFromCriteria($conn, TActiveRecordCriteria $criteria)
 	{
 		$sql = '';
 		if(($condition = $criteria->getCondition())!==null)
 			$sql .= $condition;
 		$orders=array();
 		foreach($criteria->getOrdersBy() as $by=>$ordering)
-			$orders[] = $by.' '.$ordering;
+			$orders[] = $conn->quoteString($by).' '.$this->getOrdering($ordering);
 		if(count($orders) > 0)
 			$sql .= ' ORDER BY '.implode(', ', $orders);
 		if(($limit = $criteria->getLimit())!==null)
 		{
 			$offset = $criteria->getOffset();
-			$offset = $offset===null?0:$offset;
-			$sql .= ' LIMIT '.$offset.', '.$limit;
+			$offset = $offset===null?0:intval($offset); //assumes integer offset
+			$sql .= ' LIMIT '.$offset.', '.intval($limit); //assumes integer limit
 		}
 		return strlen($sql) > 0 ? ' WHERE '.$sql : '';
 	}
+
+	private function getOrdering($direction)
+	{
+		if(strtolower($direction)=='desc')
+			return 'DESC';
+		else
+			return 'ASC';
+	}
 }
 
 ?>
\ No newline at end of file
-- 
cgit v1.2.3