Closes #405.

Syntax for getting input properly escaped through prepared statements: $query->set('field', 'field + ?', $value) or $query->set('field', 'field + ? - ?', array($value1, $value2)) or simply $query->set('field', '?', $value) Ticket: 405

Closes #405.
Syntax for getting input properly escaped through prepared statements: $query->set('field', 'field + ?', $value) or $query->set('field', 'field + ? - ?', array($value1, $value2)) or simply $query->set('field', '?', $value) Ticket: 405
fc2f9f29 · romanb · 9eeebfd8 · fc2f9f29 · fc2f9f29
Commit fc2f9f29 authored Jul 24, 2007 by romanb
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 336 additions and 329 deletions

NestedSet.php lib/Doctrine/Node/NestedSet.php +14 -14

Abstract.php lib/Doctrine/Query/Abstract.php +322 -315

No files found.
--- a/lib/Doctrine/Node/NestedSet.php
+++ b/lib/Doctrine/Node/NestedSet.php
@@ -533,10 +533,10 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
                // Update lft/rgt/root/level for all descendants
                $q = new Doctrine_Query($conn);
                $q = $q->update($componentName)
-                        ->set($componentName . '.lft', 'lft + ' . $diff)
-                        ->set($componentName . '.rgt', 'rgt + ' . $diff)
-                        ->set($componentName . '.level', 'level + ' . $levelDiff)
-                        ->set($componentName . '.' . $rootColName, $newRoot)
+                        ->set($componentName . '.lft', 'lft + ?', $diff)
+                        ->set($componentName . '.rgt', 'rgt + ?', $diff)
+                        ->set($componentName . '.level', 'level + ?', $levelDiff)
+                        ->set($componentName . '.' . $rootColName, '?', $newRoot)
                        ->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?',
                        array($oldLft, $oldRgt));
                $q = $this->_tree->returnQueryWithRootId($q, $oldRoot);
@@ -656,10 +656,10 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
            $rootColName = $this->record->getTable()->getTree()->getAttribute('rootColumnName');
            $q = new Doctrine_Query($conn);
            $q = $q->update($componentName)
-                    ->set($componentName . '.lft', 'lft + ' . $diff)
-                    ->set($componentName . '.rgt', 'rgt + ' . $diff)
-                    ->set($componentName . '.level', 'level - ' . $oldLevel)
-                    ->set($componentName . '.' . $rootColName, $newRoot)
+                    ->set($componentName . '.lft', 'lft + ?', $diff)
+                    ->set($componentName . '.rgt', 'rgt + ?', $diff)
+                    ->set($componentName . '.level', 'level - ?', $oldLevel)
+                    ->set($componentName . '.' . $rootColName, '?', $newRoot)
                    ->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?',
                    array($oldLft, $oldRgt));
            $q = $this->_tree->returnQueryWithRootId($q, $oldRoot);
@@ -820,7 +820,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
        // update level for descendants
        $q = new Doctrine_Query();
        $q = $q->update($componentName)
-                ->set($componentName . '.level', 'level + ' . $levelDiff)
+                ->set($componentName . '.level', 'level + ?', $levelDiff)
                ->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?',
                        array($left, $right));
        $q = $this->_tree->returnQueryWithRootId($q, $rootId);
@@ -850,16 +850,16 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
        // shift left columns
        $componentName = $this->record->getTable()->getComponentName();
        $qLeft = $qLeft->update($componentName)
-                                ->set($componentName . '.lft', 'lft + ' . $delta)
+                                ->set($componentName . '.lft', 'lft + ?', $delta)
                                ->where($componentName . '.lft >= ?', $first);
-
+        
        $qLeft = $this->record->getTable()->getTree()->returnQueryWithRootId($qLeft, $rootId);
        
        $resultLeft = $qLeft->execute();
        
        // shift right columns
        $resultRight = $qRight->update($componentName)
-                                ->set($componentName . '.rgt', 'rgt + ' . $delta)
+                                ->set($componentName . '.rgt', 'rgt + ?', $delta)
                                ->where($componentName . '.rgt >= ?', $first);

        $qRight = $this->record->getTable()->getTree()->returnQueryWithRootId($qRight, $rootId);
@@ -883,7 +883,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
        // shift left column values
        $componentName = $this->record->getTable()->getComponentName();
        $qLeft = $qLeft->update($componentName)
-                                ->set($componentName . '.lft', 'lft + ' . $delta)
+                                ->set($componentName . '.lft', 'lft + ?', $delta)
                                ->where($componentName . '.lft >= ? AND ' . $componentName . '.lft <= ?', array($first, $last));
        
        $qLeft = $this->record->getTable()->getTree()->returnQueryWithRootId($qLeft, $rootId);
@@ -892,7 +892,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
        
        // shift right column values
        $qRight = $qRight->update($componentName)
-                                ->set($componentName . '.rgt', 'rgt + ' . $delta)
+                                ->set($componentName . '.rgt', 'rgt + ?', $delta)
                                ->where($componentName . '.rgt >= ? AND ' . $componentName . '.rgt <= ?', array($first, $last));

        $qRight = $this->record->getTable()->getTree()->returnQueryWithRootId($qRight, $rootId);

--- a/lib/Doctrine/Query/Abstract.php
+++ b/lib/Doctrine/Query/Abstract.php