From 7ea61ba9701a04bc593d7c5960c5135ce39805a8 Mon Sep 17 00:00:00 2001 From: wei <> Date: Wed, 3 Jan 2007 11:31:18 +0000 Subject: quote the criteria string in ActiveRecord. --- framework/Data/ActiveRecord/Vendor/TDbMetaData.php | 1 + .../Data/ActiveRecord/Vendor/TDbMetaDataCommon.php | 6 +++--- framework/Data/ActiveRecord/Vendor/TMysqlMetaData.php | 17 +++++++++++++---- framework/Data/ActiveRecord/Vendor/TPgsqlMetaData.php | 17 +++++++++++++---- framework/Data/ActiveRecord/Vendor/TSqliteMetaData.php | 17 +++++++++++++---- 5 files changed, 43 insertions(+), 15 deletions(-) (limited to 'framework/Data') diff --git a/framework/Data/ActiveRecord/Vendor/TDbMetaData.php b/framework/Data/ActiveRecord/Vendor/TDbMetaData.php index 4bbc62ee..efb7c467 100644 --- a/framework/Data/ActiveRecord/Vendor/TDbMetaData.php +++ b/framework/Data/ActiveRecord/Vendor/TDbMetaData.php @@ -21,6 +21,7 @@ * @package System.Data.ActiveRecord.Vendor * @since 3.1 */ + abstract class TDbMetaData extends TComponent { private $_primaryKeys=array(); diff --git a/framework/Data/ActiveRecord/Vendor/TDbMetaDataCommon.php b/framework/Data/ActiveRecord/Vendor/TDbMetaDataCommon.php index 44b33ab1..74c97689 100644 --- a/framework/Data/ActiveRecord/Vendor/TDbMetaDataCommon.php +++ b/framework/Data/ActiveRecord/Vendor/TDbMetaDataCommon.php @@ -49,7 +49,7 @@ abstract class TDbMetaDataCommon extends TDbMetaData public function getFindByCriteriaCommand($conn, $criteria=null) { $columns = $this->getSelectionColumns(); - $conditions = $criteria!==null?$this->getSqlFromCriteria($criteria) : ''; + $conditions = $criteria!==null?$this->getSqlFromCriteria($conn,$criteria) : ''; $table = $this->getTableName(); $sql = "SELECT {$columns} FROM {$table} {$conditions}"; return $this->createCriteriaBindedCommand($conn,$sql, $criteria); @@ -64,13 +64,13 @@ abstract class TDbMetaDataCommon extends TDbMetaData public function getCountRecordsCommand($conn, $criteria) { $columns = $this->getSelectionColumns(); - $conditions = $this->getSqlFromCriteria($criteria); + $conditions = $this->getSqlFromCriteria($conn,$criteria); $table = $this->getTableName(); $sql = "SELECT count(*) FROM {$table} {$conditions}"; return $this->createCriteriaBindedCommand($conn,$sql, $criteria); } - abstract protected function getSqlFromCriteria(TActiveRecordCriteria $criteria); + abstract protected function getSqlFromCriteria($conn,TActiveRecordCriteria $criteria); /** * Sql command with parameters binded. diff --git a/framework/Data/ActiveRecord/Vendor/TMysqlMetaData.php b/framework/Data/ActiveRecord/Vendor/TMysqlMetaData.php index 1289afa5..0ac3798d 100644 --- a/framework/Data/ActiveRecord/Vendor/TMysqlMetaData.php +++ b/framework/Data/ActiveRecord/Vendor/TMysqlMetaData.php @@ -24,27 +24,36 @@ class TMysqlMetaData extends TDbMetaDataCommon { /** * Build the SQL search string from the criteria object for Postgress database. + * @param TDbConnection database connection. * @param TActiveRecordCriteria search criteria. * @return string SQL search. */ - protected function getSqlFromCriteria(TActiveRecordCriteria $criteria) + protected function getSqlFromCriteria($conn, TActiveRecordCriteria $criteria) { $sql = ''; if(($condition = $criteria->getCondition())!==null) $sql .= $condition; $orders=array(); foreach($criteria->getOrdersBy() as $by=>$ordering) - $orders[] = $by.' '.$ordering; + $orders[] = $conn->quoteString($by).' '.$this->getOrdering($ordering); if(count($orders) > 0) $sql .= ' ORDER BY '.implode(', ', $orders); if(($limit = $criteria->getLimit())!==null) { $offset = $criteria->getOffset(); - $offset = $offset===null?0:$offset; - $sql .= ' LIMIT '.$offset.', '.$limit; + $offset = $offset===null?0:intval($offset); //assumes integer offset + $sql .= ' LIMIT '.$offset.', '.intval($limit); //assumes integer limit } return strlen($sql) > 0 ? ' WHERE '.$sql : ''; } + + private function getOrdering($direction) + { + if(strtolower($direction)=='desc') + return 'DESC'; + else + return 'ASC'; + } } ?> \ No newline at end of file diff --git a/framework/Data/ActiveRecord/Vendor/TPgsqlMetaData.php b/framework/Data/ActiveRecord/Vendor/TPgsqlMetaData.php index 5fc0fcaf..35452849 100644 --- a/framework/Data/ActiveRecord/Vendor/TPgsqlMetaData.php +++ b/framework/Data/ActiveRecord/Vendor/TPgsqlMetaData.php @@ -26,24 +26,33 @@ class TPgsqlMetaData extends TDbMetaDataCommon { /** * Build the SQL search string from the criteria object for Postgress database. + * @param TDbConnection database connection. * @param TActiveRecordCriteria search criteria. * @return string SQL search. */ - protected function getSqlFromCriteria(TActiveRecordCriteria $criteria) + protected function getSqlFromCriteria($conn, TActiveRecordCriteria $criteria) { $sql = ''; if(($condition = $criteria->getCondition())!==null) $sql .= $condition; $orders=array(); foreach($criteria->getOrdersBy() as $by=>$ordering) - $orders[] = $by.' '.$ordering; + $orders[] = $conn->quoteString($by).' '.$this->getOrdering($ordering); if(count($orders) > 0) $sql .= ' ORDER BY '.implode(', ', $orders); if(($limit = $criteria->getLimit())!==null) - $sql .= ' LIMIT '.$limit; + $sql .= ' LIMIT '.intval($limit); //assumes integer limit? if(($offset = $criteria->getOffset())!==null) - $sql .= ' OFFSET '.$offset; + $sql .= ' OFFSET '.intval($offset); //assumes integer offset? return strlen($sql) > 0 ? ' WHERE '.$sql : ''; } + + private function getOrdering($direction) + { + if(strtolower($direction) == 'desc') + return 'DESC'; + else + return 'ASC'; + } } ?> \ No newline at end of file diff --git a/framework/Data/ActiveRecord/Vendor/TSqliteMetaData.php b/framework/Data/ActiveRecord/Vendor/TSqliteMetaData.php index 75c30c93..22d1759b 100644 --- a/framework/Data/ActiveRecord/Vendor/TSqliteMetaData.php +++ b/framework/Data/ActiveRecord/Vendor/TSqliteMetaData.php @@ -24,28 +24,37 @@ class TSqliteMetaData extends TDbMetaDataCommon { /** * Build the SQL search string from the criteria object for Postgress database. + * @param TDbConnection database connection. * @param TActiveRecordCriteria search criteria. * @return string SQL search. */ - protected function getSqlFromCriteria(TActiveRecordCriteria $criteria) + protected function getSqlFromCriteria($conn, TActiveRecordCriteria $criteria) { $sql = ''; if(($condition = $criteria->getCondition())!==null) $sql .= $condition; $orders=array(); foreach($criteria->getOrdersBy() as $by=>$ordering) - $orders[] = $by.' '.$ordering; + $orders[] = $conn->quoteString($by).' '.$this->getOrdering($ordering); if(count($orders) > 0) $sql .= ' ORDER BY '.implode(', ', $orders); if(($limit = $criteria->getLimit())!==null) { $offset = $criteria->getOffset(); - $offset = $offset===null?0:$offset; - $sql .= ' LIMIT '.$offset.', '.$limit; + $offset = $offset===null?0:intval($offset); //assume integer offset? + $sql .= ' LIMIT '.$offset.', '.intval($limit); //assume integer limit? } return strlen($sql) > 0 ? ' WHERE '.$sql : ''; } + private function getOrdering($direction) + { + if(strtolower($direction) == 'desc') + return 'DESC'; + else + return 'ASC'; + } + /** * Remove quote from the keys in the data. * @param mixed record row -- cgit v1.2.3