Skip to content

D
doctrine-dbal
Commit fc2f9f29 authored by romanb's avatar romanb
Browse files
Options

Closes #405. 

Syntax for getting input properly escaped through prepared statements:
$query->set('field', 'field + ?', $value)
or
$query->set('field', 'field + ? - ?', array($value1, $value2))
or simply
$query->set('field', '?', $value)
Ticket: 405
parent 9eeebfd8
Hide whitespace changes
Inline Side-by-side
Showing with 336 additions and 329 deletions
lib/Doctrine/Node/NestedSet.php
View file @ fc2f9f29
......@@ -533,10 +533,10 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// Update lft/rgt/root/level for all descendants
$q = new Doctrine_Query($conn);
$q = $q->update($componentName)
->set($componentName . '.lft', 'lft + ' . $diff)
->set($componentName . '.rgt', 'rgt + ' . $diff)
->set($componentName . '.level', 'level + ' . $levelDiff)
->set($componentName . '.' . $rootColName, $newRoot)
->set($componentName . '.lft', 'lft + ?', $diff)
->set($componentName . '.rgt', 'rgt + ?', $diff)
->set($componentName . '.level', 'level + ?', $levelDiff)
->set($componentName . '.' . $rootColName, '?', $newRoot)
->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?',
array($oldLft, $oldRgt));
$q = $this->_tree->returnQueryWithRootId($q, $oldRoot);
......@@ -656,10 +656,10 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
$rootColName = $this->record->getTable()->getTree()->getAttribute('rootColumnName');
$q = new Doctrine_Query($conn);
$q = $q->update($componentName)
->set($componentName . '.lft', 'lft + ' . $diff)
->set($componentName . '.rgt', 'rgt + ' . $diff)
->set($componentName . '.level', 'level - ' . $oldLevel)
->set($componentName . '.' . $rootColName, $newRoot)
->set($componentName . '.lft', 'lft + ?', $diff)
->set($componentName . '.rgt', 'rgt + ?', $diff)
->set($componentName . '.level', 'level - ?', $oldLevel)
->set($componentName . '.' . $rootColName, '?', $newRoot)
->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?',
array($oldLft, $oldRgt));
$q = $this->_tree->returnQueryWithRootId($q, $oldRoot);
......@@ -820,7 +820,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// update level for descendants
$q = new Doctrine_Query();
$q = $q->update($componentName)
->set($componentName . '.level', 'level + ' . $levelDiff)
->set($componentName . '.level', 'level + ?', $levelDiff)
->where($componentName . '.lft > ? AND ' . $componentName . '.rgt < ?',
array($left, $right));
$q = $this->_tree->returnQueryWithRootId($q, $rootId);
......@@ -850,16 +850,16 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// shift left columns
$componentName = $this->record->getTable()->getComponentName();
$qLeft = $qLeft->update($componentName)
->set($componentName . '.lft', 'lft + ' . $delta)
->set($componentName . '.lft', 'lft + ?', $delta)
->where($componentName . '.lft >= ?', $first);
$qLeft = $this->record->getTable()->getTree()->returnQueryWithRootId($qLeft, $rootId);
$resultLeft = $qLeft->execute();
// shift right columns
$resultRight = $qRight->update($componentName)
->set($componentName . '.rgt', 'rgt + ' . $delta)
->set($componentName . '.rgt', 'rgt + ?', $delta)
->where($componentName . '.rgt >= ?', $first);
$qRight = $this->record->getTable()->getTree()->returnQueryWithRootId($qRight, $rootId);
......@@ -883,7 +883,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// shift left column values
$componentName = $this->record->getTable()->getComponentName();
$qLeft = $qLeft->update($componentName)
->set($componentName . '.lft', 'lft + ' . $delta)
->set($componentName . '.lft', 'lft + ?', $delta)
->where($componentName . '.lft >= ? AND ' . $componentName . '.lft <= ?', array($first, $last));
$qLeft = $this->record->getTable()->getTree()->returnQueryWithRootId($qLeft, $rootId);
......@@ -892,7 +892,7 @@ class Doctrine_Node_NestedSet extends Doctrine_Node implements Doctrine_Node_Int
// shift right column values
$qRight = $qRight->update($componentName)
->set($componentName . '.rgt', 'rgt + ' . $delta)
->set($componentName . '.rgt', 'rgt + ?', $delta)
->where($componentName . '.rgt >= ? AND ' . $componentName . '.rgt <= ?', array($first, $last));
$qRight = $this->record->getTable()->getTree()->returnQueryWithRootId($qRight, $rootId);
......
lib/Doctrine/Query/Abstract.php
View file @ fc2f9f29
<?php
/*
* $Id: Query.php 1393 2007-05-19 17:49:16Z zYne $
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* This software consists of voluntary contributions made by many individuals
* and is licensed under the LGPL. For more information, see
* <http://www.phpdoctrine.com>.
*/
Doctrine::autoload('Doctrine_Hydrate');
/**
* Doctrine_Query_Abstract
*
* @package Doctrine
* @license http://www.opensource.org/licenses/lgpl-license.php LGPL
* @category Object Relational Mapping
* @link www.phpdoctrine.com
* @since 1.0
* @version $Revision: 1393 $
* @author Konsta Vesterinen <kvesteri@cc.hut.fi>
*/
abstract class Doctrine_Query_Abstract extends Doctrine_Hydrate
{
/**
* addSelect
* adds fields to the SELECT part of the query
*
* @param string $select Query SELECT part
* @return Doctrine_Query
*/
public function addSelect($select)
{
return $this->parseQueryPart('select', $select, true);
}
/**
* addFrom
* adds fields to the FROM part of the query
*
* @param string $from Query FROM part
* @return Doctrine_Query
*/
public function addFrom($from)
{
return $this->parseQueryPart('from', $from, true);
}
/**
* addWhere
* adds conditions to the WHERE part of the query
*
* @param string $where Query WHERE part
* @param mixed $params an array of parameters or a simple scalar
* @return Doctrine_Query
*/
public function addWhere($where, $params = array())
{
if (is_array($params)) {
$this->_params = array_merge($this->_params, $params);
} else {
$this->_params[] = $params;
}
return $this->parseQueryPart('where', $where, true);
}
/**
* addGroupBy
* adds fields to the GROUP BY part of the query
*
* @param string $groupby Query GROUP BY part
* @return Doctrine_Query
*/
public function addGroupBy($groupby)
{
return $this->parseQueryPart('groupby', $groupby, true);
}
/**
* addHaving
* adds conditions to the HAVING part of the query
*
* @param string $having Query HAVING part
* @param mixed $params an array of parameters or a simple scalar
* @return Doctrine_Query
*/
public function addHaving($having, $params = array())
{
if (is_array($params)) {
$this->_params = array_merge($this->_params, $params);
} else {
$this->_params[] = $params;
}
return $this->parseQueryPart('having', $having, true);
}
/**
* addOrderBy
* adds fields to the ORDER BY part of the query
*
* @param string $orderby Query ORDER BY part
* @return Doctrine_Query
*/
public function addOrderBy($orderby)
{
return $this->parseQueryPart('orderby', $orderby, true);
}
/**
* select
* sets the SELECT part of the query
*
* @param string $select Query SELECT part
* @return Doctrine_Query
*/
public function select($select)
{
return $this->parseQueryPart('select', $select);
}
/**
* distinct
* Makes the query SELECT DISTINCT.
*
* @param bool $flag Whether or not the SELECT is DISTINCT (default true).
* @return Doctrine_Query
*/
public function distinct($flag = true)
{
$this->parts['distinct'] = (bool) $flag;
return $this;
}
/**
* forUpdate
* Makes the query SELECT FOR UPDATE.
*
* @param bool $flag Whether or not the SELECT is FOR UPDATE (default true).
* @return Doctrine_Query
*/
public function forUpdate($flag = true)
{
$this->parts[self::FOR_UPDATE] = (bool) $flag;
return $this;
}
/**
* delete
* sets the query type to DELETE
*
* @return Doctrine_Query
*/
public function delete()
{
$this->type = self::DELETE;
return $this;
}
/**
* update
* sets the UPDATE part of the query
*
* @param string $update Query UPDATE part
* @return Doctrine_Query
*/
public function update($update)
{
$this->type = self::UPDATE;
return $this->parseQueryPart('from', $update);
}
/**
* set
* sets the SET part of the query
*
* @param string $update Query UPDATE part
* @return Doctrine_Query
*/
public function set($key, $value)
{
return $this->parseQueryPart('set', $key . ' = ' . $value, true);
}
/**
* from
* sets the FROM part of the query
*
* @param string $from Query FROM part
* @return Doctrine_Query
*/
public function from($from)
{
return $this->parseQueryPart('from', $from);
}
/**
* innerJoin
* appends an INNER JOIN to the FROM part of the query
*
* @param string $join Query INNER JOIN
* @return Doctrine_Query
*/
public function innerJoin($join)
{
return $this->parseQueryPart('from', 'INNER JOIN ' . $join, true);
}
/**
* leftJoin
* appends a LEFT JOIN to the FROM part of the query
*
* @param string $join Query LEFT JOIN
* @return Doctrine_Query
*/
public function leftJoin($join)
{
return $this->parseQueryPart('from', 'LEFT JOIN ' . $join, true);
}
/**
* groupBy
* sets the GROUP BY part of the query
*
* @param string $groupby Query GROUP BY part
* @return Doctrine_Query
*/
public function groupBy($groupby)
{
return $this->parseQueryPart('groupby', $groupby);
}
/**
* where
* sets the WHERE part of the query
*
* @param string $join Query WHERE part
* @param mixed $params an array of parameters or a simple scalar
* @return Doctrine_Query
*/
public function where($where, $params = array())
{
$this->_params = array();
if (is_array($params)) {
$this->_params = $params;
} else {
$this->_params[] = $params;
}
return $this->parseQueryPart('where', $where);
}
/**
* having
* sets the HAVING part of the query
*
* @param string $having Query HAVING part
* @param mixed $params an array of parameters or a simple scalar
* @return Doctrine_Query
*/
public function having($having, $params = array())
{
$this->_params = array();
if (is_array($params)) {
$this->_params = $params;
} else {
$this->_params[] = $params;
}
return $this->parseQueryPart('having', $having);
}
/**
* orderBy
* sets the ORDER BY part of the query
*
* @param string $orderby Query ORDER BY part
* @return Doctrine_Query
*/
public function orderBy($orderby)
{
return $this->parseQueryPart('orderby', $orderby);
}
/**
* limit
* sets the Query query limit
*
* @param integer $limit limit to be used for limiting the query results
* @return Doctrine_Query
*/
public function limit($limit)
{
return $this->parseQueryPart('limit', $limit);
}
/**
* offset
* sets the Query query offset
*
* @param integer $offset offset to be used for paginating the query
* @return Doctrine_Query
*/
public function offset($offset)
{
return $this->parseQueryPart('offset', $offset);
}
/**
* parseQueryPart
* parses given DQL query part
*
* @param string $queryPartName the name of the query part
* @param string $queryPart query part to be parsed
* @param boolean $append whether or not to append the query part to its stack
* if false is given, this method will overwrite
* the given query part stack with $queryPart
* @return Doctrine_Query this object
*/
abstract public function parseQueryPart($queryPartName, $queryPart, $append = false);
}
<?php
/*
* $Id: Query.php 1393 2007-05-19 17:49:16Z zYne $
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* This software consists of voluntary contributions made by many individuals
* and is licensed under the LGPL. For more information, see
* <http://www.phpdoctrine.com>.
*/
Doctrine::autoload('Doctrine_Hydrate');
/**
* Doctrine_Query_Abstract
*
* @package Doctrine
* @license http://www.opensource.org/licenses/lgpl-license.php LGPL
* @category Object Relational Mapping
* @link www.phpdoctrine.com
* @since 1.0
* @version $Revision: 1393 $
* @author Konsta Vesterinen <kvesteri@cc.hut.fi>
*/
abstract class Doctrine_Query_Abstract extends Doctrine_Hydrate
{
/**
* addSelect
* adds fields to the SELECT part of the query
*
* @param string $select Query SELECT part
* @return Doctrine_Query
*/
public function addSelect($select)
{
return $this->parseQueryPart('select', $select, true);
}
/**
* addFrom
* adds fields to the FROM part of the query
*
* @param string $from Query FROM part
* @return Doctrine_Query
*/
public function addFrom($from)
{
return $this->parseQueryPart('from', $from, true);
}
/**
* addWhere
* adds conditions to the WHERE part of the query
*
* @param string $where Query WHERE part
* @param mixed $params an array of parameters or a simple scalar
* @return Doctrine_Query
*/
public function addWhere($where, $params = array())
{
if (is_array($params)) {
$this->_params = array_merge($this->_params, $params);
} else {
$this->_params[] = $params;
}
return $this->parseQueryPart('where', $where, true);
}
/**
* addGroupBy
* adds fields to the GROUP BY part of the query
*
* @param string $groupby Query GROUP BY part
* @return Doctrine_Query
*/
public function addGroupBy($groupby)
{
return $this->parseQueryPart('groupby', $groupby, true);
}
/**
* addHaving
* adds conditions to the HAVING part of the query
*
* @param string $having Query HAVING part
* @param mixed $params an array of parameters or a simple scalar
* @return Doctrine_Query
*/
public function addHaving($having, $params = array())
{
if (is_array($params)) {
$this->_params = array_merge($this->_params, $params);
} else {
$this->_params[] = $params;
}
return $this->parseQueryPart('having', $having, true);
}
/**
* addOrderBy
* adds fields to the ORDER BY part of the query
*
* @param string $orderby Query ORDER BY part
* @return Doctrine_Query
*/
public function addOrderBy($orderby)
{
return $this->parseQueryPart('orderby', $orderby, true);
}
/**
* select
* sets the SELECT part of the query
*
* @param string $select Query SELECT part
* @return Doctrine_Query
*/
public function select($select)
{
return $this->parseQueryPart('select', $select);
}
/**
* distinct
* Makes the query SELECT DISTINCT.
*
* @param bool $flag Whether or not the SELECT is DISTINCT (default true).
* @return Doctrine_Query
*/
public function distinct($flag = true)
{
$this->parts['distinct'] = (bool) $flag;
return $this;
}
/**
* forUpdate
* Makes the query SELECT FOR UPDATE.
*
* @param bool $flag Whether or not the SELECT is FOR UPDATE (default true).
* @return Doctrine_Query
*/
public function forUpdate($flag = true)
{
$this->parts[self::FOR_UPDATE] = (bool) $flag;
return $this;
}
/**
* delete
* sets the query type to DELETE
*
* @return Doctrine_Query
*/
public function delete()
{
$this->type = self::DELETE;
return $this;
}
/**
* update
* sets the UPDATE part of the query
*
* @param string $update Query UPDATE part
* @return Doctrine_Query
*/
public function update($update)
{
$this->type = self::UPDATE;
return $this->parseQueryPart('from', $update);
}
/**
* set
* sets the SET part of the query
*
* @param string $update Query UPDATE part
* @return Doctrine_Query
*/
public function set($key, $value, $params = null)
{
if ($params !== null) {
if (is_array($params)) {
$this->_params = array_merge($this->_params, $params);
} else {
$this->_params[] = $params;
}
}
return $this->parseQueryPart('set', $key . ' = ' . $value, true);
}
/**
* from
* sets the FROM part of the query
*
* @param string $from Query FROM part
* @return Doctrine_Query
*/
public function from($from)
{
return $this->parseQueryPart('from', $from);
}
/**
* innerJoin
* appends an INNER JOIN to the FROM part of the query
*
* @param string $join Query INNER JOIN
* @return Doctrine_Query
*/
public function innerJoin($join)
{
return $this->parseQueryPart('from', 'INNER JOIN ' . $join, true);
}
/**
* leftJoin
* appends a LEFT JOIN to the FROM part of the query
*
* @param string $join Query LEFT JOIN
* @return Doctrine_Query
*/
public function leftJoin($join)
{
return $this->parseQueryPart('from', 'LEFT JOIN ' . $join, true);
}
/**
* groupBy
* sets the GROUP BY part of the query
*
* @param string $groupby Query GROUP BY part
* @return Doctrine_Query
*/
public function groupBy($groupby)
{
return $this->parseQueryPart('groupby', $groupby);
}
/**
* where
* sets the WHERE part of the query
*
* @param string $join Query WHERE part
* @param mixed $params an array of parameters or a simple scalar
* @return Doctrine_Query
*/
public function where($where, $params = array())
{
//$this->_params = array();
if (is_array($params)) {
$this->_params = $params;
} else {
$this->_params[] = $params;
}
return $this->parseQueryPart('where', $where);
}
/**
* having
* sets the HAVING part of the query
*
* @param string $having Query HAVING part
* @param mixed $params an array of parameters or a simple scalar
* @return Doctrine_Query
*/
public function having($having, $params = array())
{
$this->_params = array();
if (is_array($params)) {
$this->_params = $params;
} else {
$this->_params[] = $params;
}
return $this->parseQueryPart('having', $having);
}
/**
* orderBy
* sets the ORDER BY part of the query
*
* @param string $orderby Query ORDER BY part
* @return Doctrine_Query
*/
public function orderBy($orderby)
{
return $this->parseQueryPart('orderby', $orderby);
}
/**
* limit
* sets the Query query limit
*
* @param integer $limit limit to be used for limiting the query results
* @return Doctrine_Query
*/
public function limit($limit)
{
return $this->parseQueryPart('limit', $limit);
}
/**
* offset
* sets the Query query offset
*
* @param integer $offset offset to be used for paginating the query
* @return Doctrine_Query
*/
public function offset($offset)
{
return $this->parseQueryPart('offset', $offset);
}
/**
* parseQueryPart
* parses given DQL query part
*
* @param string $queryPartName the name of the query part
* @param string $queryPart query part to be parsed
* @param boolean $append whether or not to append the query part to its stack
* if false is given, this method will overwrite
* the given query part stack with $queryPart
* @return Doctrine_Query this object
*/
abstract public function parseQueryPart($queryPartName, $queryPart, $append = false);
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment