RetailCRM-Mirror/doctrine2
1
0
Fork 0
mirror of synced 2025-01-18 06:21:40 +03:00
Code Issues Projects Releases Wiki Activity

Closes #405.

Browse Source 
Syntax for getting input properly escaped through prepared statements:
$query->set('field', 'field + ?', $value)
or
$query->set('field', 'field + ? - ?', array($value1, $value2))
or simply
$query->set('field', '?', $value)
Ticket: 405
This commit is contained in:
romanb 2007-07-24 11:34:00 +00:00
parent 9eeebfd815
commit fc2f9f29bd
2 changed files with 336 additions and 329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
lib/Doctrine/Node/NestedSet.php
View File

@ -533,10 +533,10 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// Update lft/rgt/root/level for all descendants // Update lft/rgt/root/level for all descendants
$q = new Doctrine_Query($conn); $q = new Doctrine_Query($conn);
$q = $q->update($componentName) $q = $q->update($componentName)
->set($componentName . '.lft', 'lft + ' . $diff) ->set($componentName . '.lft', 'lft + ?', $diff)
->set($componentName . '.rgt', 'rgt + ' . $diff) ->set($componentName . '.rgt', 'rgt + ?', $diff)
->set($componentName . '.level', 'level + ' . $levelDiff) ->set($componentName . '.level', 'level + ?', $levelDiff)
->set($componentName . '.' . $rootColName, $newRoot) ->set($componentName . '.' . $rootColName, '?', $newRoot)
->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?', ->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?',
array($oldLft, $oldRgt)); array($oldLft, $oldRgt));
$q = $this->_tree->returnQueryWithRootId($q, $oldRoot); $q = $this->_tree->returnQueryWithRootId($q, $oldRoot);
@ -656,10 +656,10 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
$rootColName = $this->record->getTable()->getTree()->getAttribute('rootColumnName'); $rootColName = $this->record->getTable()->getTree()->getAttribute('rootColumnName');
$q = new Doctrine_Query($conn); $q = new Doctrine_Query($conn);
$q = $q->update($componentName) $q = $q->update($componentName)
->set($componentName . '.lft', 'lft + ' . $diff) ->set($componentName . '.lft', 'lft + ?', $diff)
->set($componentName . '.rgt', 'rgt + ' . $diff) ->set($componentName . '.rgt', 'rgt + ?', $diff)
->set($componentName . '.level', 'level - ' . $oldLevel) ->set($componentName . '.level', 'level - ?', $oldLevel)
->set($componentName . '.' . $rootColName, $newRoot) ->set($componentName . '.' . $rootColName, '?', $newRoot)
->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?', ->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?',
array($oldLft, $oldRgt)); array($oldLft, $oldRgt));
$q = $this->_tree->returnQueryWithRootId($q, $oldRoot); $q = $this->_tree->returnQueryWithRootId($q, $oldRoot);
@ -820,7 +820,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// update level for descendants // update level for descendants
$q = new Doctrine_Query(); $q = new Doctrine_Query();
$q = $q->update($componentName) $q = $q->update($componentName)
->set($componentName . '.level', 'level + ' . $levelDiff) ->set($componentName . '.level', 'level + ?', $levelDiff)
->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?', ->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?',
array($left, $right)); array($left, $right));
$q = $this->_tree->returnQueryWithRootId($q, $rootId); $q = $this->_tree->returnQueryWithRootId($q, $rootId);
@ -850,7 +850,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// shift left columns // shift left columns
$componentName = $this->record->getTable()->getComponentName(); $componentName = $this->record->getTable()->getComponentName();
$qLeft = $qLeft->update($componentName) $qLeft = $qLeft->update($componentName)
->set($componentName . '.lft', 'lft + ' . $delta) ->set($componentName . '.lft', 'lft + ?', $delta)
->where($componentName . '.lft >= ?', $first); ->where($componentName . '.lft >= ?', $first);
$qLeft = $this->record->getTable()->getTree()->returnQueryWithRootId($qLeft, $rootId); $qLeft = $this->record->getTable()->getTree()->returnQueryWithRootId($qLeft, $rootId);
@ -859,7 +859,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// shift right columns // shift right columns
$resultRight = $qRight->update($componentName) $resultRight = $qRight->update($componentName)
->set($componentName . '.rgt', 'rgt + ' . $delta) ->set($componentName . '.rgt', 'rgt + ?', $delta)
->where($componentName . '.rgt >= ?', $first); ->where($componentName . '.rgt >= ?', $first);
$qRight = $this->record->getTable()->getTree()->returnQueryWithRootId($qRight, $rootId); $qRight = $this->record->getTable()->getTree()->returnQueryWithRootId($qRight, $rootId);
@ -883,7 +883,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// shift left column values // shift left column values
$componentName = $this->record->getTable()->getComponentName(); $componentName = $this->record->getTable()->getComponentName();
$qLeft = $qLeft->update($componentName) $qLeft = $qLeft->update($componentName)
->set($componentName . '.lft', 'lft + ' . $delta) ->set($componentName . '.lft', 'lft + ?', $delta)
->where($componentName . '.lft >= ? AND ' . $componentName . '.lft <= ?', array($first, $last)); ->where($componentName . '.lft >= ? AND ' . $componentName . '.lft <= ?', array($first, $last));
$qLeft = $this->record->getTable()->getTree()->returnQueryWithRootId($qLeft, $rootId); $qLeft = $this->record->getTable()->getTree()->returnQueryWithRootId($qLeft, $rootId);
@ -892,7 +892,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// shift right column values // shift right column values
$qRight = $qRight->update($componentName) $qRight = $qRight->update($componentName)
->set($componentName . '.rgt', 'rgt + ' . $delta) ->set($componentName . '.rgt', 'rgt + ?', $delta)
->where($componentName . '.rgt >= ? AND ' . $componentName . '.rgt <= ?', array($first, $last)); ->where($componentName . '.rgt >= ? AND ' . $componentName . '.rgt <= ?', array($first, $last));
$qRight = $this->record->getTable()->getTree()->returnQueryWithRootId($qRight, $rootId); $qRight = $this->record->getTable()->getTree()->returnQueryWithRootId($qRight, $rootId);

11
lib/Doctrine/Query/Abstract.php
View File

@ -180,8 +180,15 @@ abstract class Doctrine_Query_Abstract extends Doctrine_Hydrate
* @param string $update Query UPDATE part * @param string $update Query UPDATE part
* @return Doctrine_Query * @return Doctrine_Query
*/ */
public function set($key, $value) public function set($key, $value, $params = null)
{ {
if ($params !== null) {
if (is_array($params)) {
$this->_params = array_merge($this->_params, $params);
} else {
$this->_params[] = $params;
}
}
return $this->parseQueryPart('set', $key . ' = ' . $value, true); return $this->parseQueryPart('set', $key . ' = ' . $value, true);
} }
/** /**
@ -238,7 +245,7 @@ abstract class Doctrine_Query_Abstract extends Doctrine_Hydrate
*/ */
public function where($where, $params = array()) public function where($where, $params = array())
{ {
$this->_params = array(); //$this->_params = array();
if (is_array($params)) { if (is_array($params)) {
$this->_params = $params; $this->_params = $params;
} else { } else {