RetailCRM-Mirror/doctrine2
1
0
Fork 0
mirror of synced 2025-01-18 06:21:40 +03:00
Code Issues Projects Releases Wiki Activity

Closes #405.

Browse Source 
Syntax for getting input properly escaped through prepared statements:
$query->set('field', 'field + ?', $value)
or
$query->set('field', 'field + ? - ?', array($value1, $value2))
or simply
$query->set('field', '?', $value)
Ticket: 405
This commit is contained in:
romanb 2007-07-24 11:34:00 +00:00
parent 9eeebfd815
commit fc2f9f29bd
2 changed files with 336 additions and 329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
lib/Doctrine/Node/NestedSet.php
View File

@ -533,10 +533,10 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// Update lft/rgt/root/level for all descendants // Update lft/rgt/root/level for all descendants
$q = new Doctrine_Query($conn); $q = new Doctrine_Query($conn);
$q = $q->update($componentName) $q = $q->update($componentName)
->set($componentName . '.lft', 'lft + ' . $diff) ->set($componentName . '.lft', 'lft + ?', $diff)
->set($componentName . '.rgt', 'rgt + ' . $diff) ->set($componentName . '.rgt', 'rgt + ?', $diff)
->set($componentName . '.level', 'level + ' . $levelDiff) ->set($componentName . '.level', 'level + ?', $levelDiff)
->set($componentName . '.' . $rootColName, $newRoot) ->set($componentName . '.' . $rootColName, '?', $newRoot)
->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?', ->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?',
array($oldLft, $oldRgt)); array($oldLft, $oldRgt));
$q = $this->_tree->returnQueryWithRootId($q, $oldRoot); $q = $this->_tree->returnQueryWithRootId($q, $oldRoot);
@ -656,10 +656,10 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
$rootColName = $this->record->getTable()->getTree()->getAttribute('rootColumnName'); $rootColName = $this->record->getTable()->getTree()->getAttribute('rootColumnName');
$q = new Doctrine_Query($conn); $q = new Doctrine_Query($conn);
$q = $q->update($componentName) $q = $q->update($componentName)
->set($componentName . '.lft', 'lft + ' . $diff) ->set($componentName . '.lft', 'lft + ?', $diff)
->set($componentName . '.rgt', 'rgt + ' . $diff) ->set($componentName . '.rgt', 'rgt + ?', $diff)
->set($componentName . '.level', 'level - ' . $oldLevel) ->set($componentName . '.level', 'level - ?', $oldLevel)
->set($componentName . '.' . $rootColName, $newRoot) ->set($componentName . '.' . $rootColName, '?', $newRoot)
->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?', ->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?',
array($oldLft, $oldRgt)); array($oldLft, $oldRgt));
$q = $this->_tree->returnQueryWithRootId($q, $oldRoot); $q = $this->_tree->returnQueryWithRootId($q, $oldRoot);
@ -820,7 +820,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// update level for descendants // update level for descendants
$q = new Doctrine_Query(); $q = new Doctrine_Query();
$q = $q->update($componentName) $q = $q->update($componentName)
->set($componentName . '.level', 'level + ' . $levelDiff) ->set($componentName . '.level', 'level + ?', $levelDiff)
->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?', ->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?',
array($left, $right)); array($left, $right));
$q = $this->_tree->returnQueryWithRootId($q, $rootId); $q = $this->_tree->returnQueryWithRootId($q, $rootId);
@ -850,16 +850,16 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// shift left columns // shift left columns
$componentName = $this->record->getTable()->getComponentName(); $componentName = $this->record->getTable()->getComponentName();
$qLeft = $qLeft->update($componentName) $qLeft = $qLeft->update($componentName)
->set($componentName . '.lft', 'lft + ' . $delta) ->set($componentName . '.lft', 'lft + ?', $delta)
->where($componentName . '.lft >= ?', $first); ->where($componentName . '.lft >= ?', $first);
$qLeft = $this->record->getTable()->getTree()->returnQueryWithRootId($qLeft, $rootId); $qLeft = $this->record->getTable()->getTree()->returnQueryWithRootId($qLeft, $rootId);
$resultLeft = $qLeft->execute(); $resultLeft = $qLeft->execute();
// shift right columns // shift right columns
$resultRight = $qRight->update($componentName) $resultRight = $qRight->update($componentName)
->set($componentName . '.rgt', 'rgt + ' . $delta) ->set($componentName . '.rgt', 'rgt + ?', $delta)
->where($componentName . '.rgt >= ?', $first); ->where($componentName . '.rgt >= ?', $first);
$qRight = $this->record->getTable()->getTree()->returnQueryWithRootId($qRight, $rootId); $qRight = $this->record->getTable()->getTree()->returnQueryWithRootId($qRight, $rootId);
@ -883,7 +883,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// shift left column values // shift left column values
$componentName = $this->record->getTable()->getComponentName(); $componentName = $this->record->getTable()->getComponentName();
$qLeft = $qLeft->update($componentName) $qLeft = $qLeft->update($componentName)
->set($componentName . '.lft', 'lft + ' . $delta) ->set($componentName . '.lft', 'lft + ?', $delta)
->where($componentName . '.lft >= ? AND ' . $componentName . '.lft <= ?', array($first, $last)); ->where($componentName . '.lft >= ? AND ' . $componentName . '.lft <= ?', array($first, $last));
$qLeft = $this->record->getTable()->getTree()->returnQueryWithRootId($qLeft, $rootId); $qLeft = $this->record->getTable()->getTree()->returnQueryWithRootId($qLeft, $rootId);
@ -892,7 +892,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// shift right column values // shift right column values
$qRight = $qRight->update($componentName) $qRight = $qRight->update($componentName)
->set($componentName . '.rgt', 'rgt + ' . $delta) ->set($componentName . '.rgt', 'rgt + ?', $delta)
->where($componentName . '.rgt >= ? AND ' . $componentName . '.rgt <= ?', array($first, $last)); ->where($componentName . '.rgt >= ? AND ' . $componentName . '.rgt <= ?', array($first, $last));
$qRight = $this->record->getTable()->getTree()->returnQueryWithRootId($qRight, $rootId); $qRight = $this->record->getTable()->getTree()->returnQueryWithRootId($qRight, $rootId);

637
lib/Doctrine/Query/Abstract.php
View File

@ -1,315 +1,322 @@
<?php <?php
/* /*
* $Id: Query.php 1393 2007-05-19 17:49:16Z zYne $ * $Id: Query.php 1393 2007-05-19 17:49:16Z zYne $
* *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* *
* This software consists of voluntary contributions made by many individuals * This software consists of voluntary contributions made by many individuals
* and is licensed under the LGPL. For more information, see * and is licensed under the LGPL. For more information, see
* <http://www.phpdoctrine.com>. * <http://www.phpdoctrine.com>.
*/ */
Doctrine::autoload('Doctrine_Hydrate'); Doctrine::autoload('Doctrine_Hydrate');
/** /**
* Doctrine_Query_Abstract * Doctrine_Query_Abstract
* *
* @package Doctrine * @package Doctrine
* @license http://www.opensource.org/licenses/lgpl-license.php LGPL * @license http://www.opensource.org/licenses/lgpl-license.php LGPL
* @category Object Relational Mapping * @category Object Relational Mapping
* @link www.phpdoctrine.com * @link www.phpdoctrine.com
* @since 1.0 * @since 1.0
* @version $Revision: 1393 $ * @version $Revision: 1393 $
* @author Konsta Vesterinen <kvesteri@cc.hut.fi> * @author Konsta Vesterinen <kvesteri@cc.hut.fi>
*/ */
abstract class Doctrine_Query_Abstract extends Doctrine_Hydrate abstract class Doctrine_Query_Abstract extends Doctrine_Hydrate
{ {
/** /**
* addSelect * addSelect
* adds fields to the SELECT part of the query * adds fields to the SELECT part of the query
* *
* @param string $select Query SELECT part * @param string $select Query SELECT part
* @return Doctrine_Query * @return Doctrine_Query
*/ */
public function addSelect($select) public function addSelect($select)
{ {
return $this->parseQueryPart('select', $select, true); return $this->parseQueryPart('select', $select, true);
} }
/** /**
* addFrom * addFrom
* adds fields to the FROM part of the query * adds fields to the FROM part of the query
* *
* @param string $from Query FROM part * @param string $from Query FROM part
* @return Doctrine_Query * @return Doctrine_Query
*/ */
public function addFrom($from) public function addFrom($from)
{ {
return $this->parseQueryPart('from', $from, true); return $this->parseQueryPart('from', $from, true);
} }
/** /**
* addWhere * addWhere
* adds conditions to the WHERE part of the query * adds conditions to the WHERE part of the query
* *
* @param string $where Query WHERE part * @param string $where Query WHERE part
* @param mixed $params an array of parameters or a simple scalar * @param mixed $params an array of parameters or a simple scalar
* @return Doctrine_Query * @return Doctrine_Query
*/ */
public function addWhere($where, $params = array()) public function addWhere($where, $params = array())
{ {
if (is_array($params)) { if (is_array($params)) {
$this->_params = array_merge($this->_params, $params); $this->_params = array_merge($this->_params, $params);
} else { } else {
$this->_params[] = $params; $this->_params[] = $params;
} }
return $this->parseQueryPart('where', $where, true); return $this->parseQueryPart('where', $where, true);
} }
/** /**
* addGroupBy * addGroupBy
* adds fields to the GROUP BY part of the query * adds fields to the GROUP BY part of the query
* *
* @param string $groupby Query GROUP BY part * @param string $groupby Query GROUP BY part
* @return Doctrine_Query * @return Doctrine_Query
*/ */
public function addGroupBy($groupby) public function addGroupBy($groupby)
{ {
return $this->parseQueryPart('groupby', $groupby, true); return $this->parseQueryPart('groupby', $groupby, true);
} }
/** /**
* addHaving * addHaving
* adds conditions to the HAVING part of the query * adds conditions to the HAVING part of the query
* *
* @param string $having Query HAVING part * @param string $having Query HAVING part
* @param mixed $params an array of parameters or a simple scalar * @param mixed $params an array of parameters or a simple scalar
* @return Doctrine_Query * @return Doctrine_Query
*/ */
public function addHaving($having, $params = array()) public function addHaving($having, $params = array())
{ {
if (is_array($params)) { if (is_array($params)) {
$this->_params = array_merge($this->_params, $params); $this->_params = array_merge($this->_params, $params);
} else { } else {
$this->_params[] = $params; $this->_params[] = $params;
} }
return $this->parseQueryPart('having', $having, true); return $this->parseQueryPart('having', $having, true);
} }
/** /**
* addOrderBy * addOrderBy
* adds fields to the ORDER BY part of the query * adds fields to the ORDER BY part of the query
* *
* @param string $orderby Query ORDER BY part * @param string $orderby Query ORDER BY part
* @return Doctrine_Query * @return Doctrine_Query
*/ */
public function addOrderBy($orderby) public function addOrderBy($orderby)
{ {
return $this->parseQueryPart('orderby', $orderby, true); return $this->parseQueryPart('orderby', $orderby, true);
} }
/** /**
* select * select
* sets the SELECT part of the query * sets the SELECT part of the query
* *
* @param string $select Query SELECT part * @param string $select Query SELECT part
* @return Doctrine_Query * @return Doctrine_Query
*/ */
public function select($select) public function select($select)
{ {
return $this->parseQueryPart('select', $select); return $this->parseQueryPart('select', $select);
} }
/** /**
* distinct * distinct
* Makes the query SELECT DISTINCT. * Makes the query SELECT DISTINCT.
* *
* @param bool $flag Whether or not the SELECT is DISTINCT (default true). * @param bool $flag Whether or not the SELECT is DISTINCT (default true).
* @return Doctrine_Query * @return Doctrine_Query
*/ */
public function distinct($flag = true) public function distinct($flag = true)
{ {
$this->parts['distinct'] = (bool) $flag; $this->parts['distinct'] = (bool) $flag;
return $this; return $this;
} }
/** /**
* forUpdate * forUpdate
* Makes the query SELECT FOR UPDATE. * Makes the query SELECT FOR UPDATE.
* *
* @param bool $flag Whether or not the SELECT is FOR UPDATE (default true). * @param bool $flag Whether or not the SELECT is FOR UPDATE (default true).
* @return Doctrine_Query * @return Doctrine_Query
*/ */
public function forUpdate($flag = true) public function forUpdate($flag = true)
{ {
$this->parts[self::FOR_UPDATE] = (bool) $flag; $this->parts[self::FOR_UPDATE] = (bool) $flag;
return $this; return $this;
} }
/** /**
* delete * delete
* sets the query type to DELETE * sets the query type to DELETE
* *
* @return Doctrine_Query * @return Doctrine_Query
*/ */
public function delete() public function delete()
{ {
$this->type = self::DELETE; $this->type = self::DELETE;
return $this; return $this;
} }
/** /**
* update * update
* sets the UPDATE part of the query * sets the UPDATE part of the query
* *
* @param string $update Query UPDATE part * @param string $update Query UPDATE part
* @return Doctrine_Query * @return Doctrine_Query
*/ */
public function update($update) public function update($update)
{ {
$this->type = self::UPDATE; $this->type = self::UPDATE;
return $this->parseQueryPart('from', $update); return $this->parseQueryPart('from', $update);
} }
/** /**
* set * set
* sets the SET part of the query * sets the SET part of the query
* *
* @param string $update Query UPDATE part * @param string $update Query UPDATE part
* @return Doctrine_Query * @return Doctrine_Query
*/ */
public function set($key, $value) public function set($key, $value, $params = null)
{ {
return $this->parseQueryPart('set', $key . ' = ' . $value, true); if ($params !== null) {
} if (is_array($params)) {
/** $this->_params = array_merge($this->_params, $params);
* from } else {
* sets the FROM part of the query $this->_params[] = $params;
* }
* @param string $from Query FROM part }
* @return Doctrine_Query return $this->parseQueryPart('set', $key . ' = ' . $value, true);
*/ }
public function from($from) /**
{ * from
return $this->parseQueryPart('from', $from); * sets the FROM part of the query
} *
/** * @param string $from Query FROM part
* innerJoin * @return Doctrine_Query
* appends an INNER JOIN to the FROM part of the query */
* public function from($from)
* @param string $join Query INNER JOIN {
* @return Doctrine_Query return $this->parseQueryPart('from', $from);
*/ }
public function innerJoin($join) /**
{ * innerJoin
return $this->parseQueryPart('from', 'INNER JOIN ' . $join, true); * appends an INNER JOIN to the FROM part of the query
} *
/** * @param string $join Query INNER JOIN
* leftJoin * @return Doctrine_Query
* appends a LEFT JOIN to the FROM part of the query */
* public function innerJoin($join)
* @param string $join Query LEFT JOIN {
* @return Doctrine_Query return $this->parseQueryPart('from', 'INNER JOIN ' . $join, true);
*/ }
public function leftJoin($join) /**
{ * leftJoin
return $this->parseQueryPart('from', 'LEFT JOIN ' . $join, true); * appends a LEFT JOIN to the FROM part of the query
} *
/** * @param string $join Query LEFT JOIN
* groupBy * @return Doctrine_Query
* sets the GROUP BY part of the query */
* public function leftJoin($join)
* @param string $groupby Query GROUP BY part {
* @return Doctrine_Query return $this->parseQueryPart('from', 'LEFT JOIN ' . $join, true);
*/ }
public function groupBy($groupby) /**
{ * groupBy
return $this->parseQueryPart('groupby', $groupby); * sets the GROUP BY part of the query
} *
/** * @param string $groupby Query GROUP BY part
* where * @return Doctrine_Query
* sets the WHERE part of the query */
* public function groupBy($groupby)
* @param string $join Query WHERE part {
* @param mixed $params an array of parameters or a simple scalar return $this->parseQueryPart('groupby', $groupby);
* @return Doctrine_Query }
*/ /**
public function where($where, $params = array()) * where
{ * sets the WHERE part of the query
$this->_params = array(); *
if (is_array($params)) { * @param string $join Query WHERE part
$this->_params = $params; * @param mixed $params an array of parameters or a simple scalar
} else { * @return Doctrine_Query
$this->_params[] = $params; */
} public function where($where, $params = array())
{
return $this->parseQueryPart('where', $where); //$this->_params = array();
} if (is_array($params)) {
/** $this->_params = $params;
* having } else {
* sets the HAVING part of the query $this->_params[] = $params;
* }
* @param string $having Query HAVING part
* @param mixed $params an array of parameters or a simple scalar return $this->parseQueryPart('where', $where);
* @return Doctrine_Query }
*/ /**
public function having($having, $params = array()) * having
{ * sets the HAVING part of the query
$this->_params = array(); *
if (is_array($params)) { * @param string $having Query HAVING part
$this->_params = $params; * @param mixed $params an array of parameters or a simple scalar
} else { * @return Doctrine_Query
$this->_params[] = $params; */
} public function having($having, $params = array())
{
return $this->parseQueryPart('having', $having); $this->_params = array();
} if (is_array($params)) {
/** $this->_params = $params;
* orderBy } else {
* sets the ORDER BY part of the query $this->_params[] = $params;
* }
* @param string $orderby Query ORDER BY part
* @return Doctrine_Query return $this->parseQueryPart('having', $having);
*/ }
public function orderBy($orderby) /**
{ * orderBy
return $this->parseQueryPart('orderby', $orderby); * sets the ORDER BY part of the query
} *
/** * @param string $orderby Query ORDER BY part
* limit * @return Doctrine_Query
* sets the Query query limit */
* public function orderBy($orderby)
* @param integer $limit limit to be used for limiting the query results {
* @return Doctrine_Query return $this->parseQueryPart('orderby', $orderby);
*/ }
public function limit($limit) /**
{ * limit
return $this->parseQueryPart('limit', $limit); * sets the Query query limit
} *
/** * @param integer $limit limit to be used for limiting the query results
* offset * @return Doctrine_Query
* sets the Query query offset */
* public function limit($limit)
* @param integer $offset offset to be used for paginating the query {
* @return Doctrine_Query return $this->parseQueryPart('limit', $limit);
*/ }
public function offset($offset) /**
{ * offset
return $this->parseQueryPart('offset', $offset); * sets the Query query offset
} *
* @param integer $offset offset to be used for paginating the query
/** * @return Doctrine_Query
* parseQueryPart */
* parses given DQL query part public function offset($offset)
* {
* @param string $queryPartName the name of the query part return $this->parseQueryPart('offset', $offset);
* @param string $queryPart query part to be parsed }
* @param boolean $append whether or not to append the query part to its stack
* if false is given, this method will overwrite /**
* the given query part stack with $queryPart * parseQueryPart
* @return Doctrine_Query this object * parses given DQL query part
*/ *
abstract public function parseQueryPart($queryPartName, $queryPart, $append = false); * @param string $queryPartName the name of the query part
} * @param string $queryPart query part to be parsed
* @param boolean $append whether or not to append the query part to its stack
* if false is given, this method will overwrite
* the given query part stack with $queryPart
* @return Doctrine_Query this object
*/
abstract public function parseQueryPart($queryPartName, $queryPart, $append = false);
}