From 6fea677ad180adce8e0b430cf52632e92ee5d3ab Mon Sep 17 00:00:00 2001 From: mikl <> Date: Thu, 16 Oct 2008 13:51:11 +0000 Subject: Fixed #882 (Escaping # and $ in SqlMap) --- .../Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php') diff --git a/framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php b/framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php index d0c57d57..470b061b 100644 --- a/framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php +++ b/framework/Data/SqlMap/Configuration/TSqlMapXmlConfiguration.php @@ -309,6 +309,16 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder private $_FlushOnExecuteStatements=array(); + /** + * Regular expressions for escaping simple/inline parameter symbols + */ + const SIMPLE_MARK='$'; + const INLINE_SYMBOL='#'; + const ESCAPED_SIMPLE_MARK_REGEXP='/\$\$/'; + const ESCAPED_INLINE_SYMBOL_REGEXP='/\#\#/'; + const SIMPLE_PLACEHOLDER='`!!`'; + const INLINE_PLACEHOLDER='`!!!`'; + /** * @param TSqlMapXmlConfiguration parent xml configuration. */ @@ -532,6 +542,7 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder $scope['file'] = $this->_configFile; $scope['node'] = $node; + $sqlStatement=preg_replace(self::ESCAPED_INLINE_SYMBOL_REGEXP,self::INLINE_PLACEHOLDER,$sqlStatement); if($statement->parameterMap() === null) { // Build a Parametermap with the inline parameters. @@ -548,6 +559,7 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder } $sqlStatement = $sqlText['sql']; } + $sqlStatement=preg_replace('/'.self::INLINE_PLACEHOLDER.'/',self::INLINE_SYMBOL,$sqlStatement); $this->prepareSql($statement, $sqlStatement, $node); } @@ -562,6 +574,7 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder protected function prepareSql($statement,$sqlStatement, $node) { $simpleDynamic = new TSimpleDynamicParser; + $sqlStatement=preg_replace(self::ESCAPED_SIMPLE_MARK_REGEXP,self::SIMPLE_PLACEHOLDER,$sqlStatement); $dynamics = $simpleDynamic->parse($sqlStatement); if(count($dynamics['parameters']) > 0) { @@ -570,6 +583,7 @@ class TSqlMapXmlMappingConfiguration extends TSqlMapXmlConfigBuilder } else $sql = new TStaticSql(); + $sqlStatement=preg_replace('/'.self::SIMPLE_PLACEHOLDER.'/',self::SIMPLE_MARK,$sqlStatement); $sql->buildPreparedStatement($statement, $sqlStatement); $statement->setSqlText($sql); } -- cgit v1.2.3