From 0c147b365a8bb2e584d4f957d4d0761f02bebe56 Mon Sep 17 00:00:00 2001 From: Kyle Farris Date: Fri, 26 Aug 2011 02:29:31 -0400 Subject: Added get_compiled_select(), get_compiled_insert(), get_compiled_update(), get_compiled_delete(), and reset_query() methods. to the Active Record class. --- system/database/DB_active_rec.php | 257 +++++++++++++++++++++++++++++++++----- 1 file changed, 223 insertions(+), 34 deletions(-) (limited to 'system/database/DB_active_rec.php') diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 37d162bc1..8c801cd62 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -28,6 +28,9 @@ */ class CI_DB_active_record extends CI_DB_driver { + private $return_delete_sql = FALSE; + private $reset_delete_data = FALSE; + var $ar_select = array(); var $ar_distinct = FALSE; var $ar_from = array(); @@ -196,7 +199,7 @@ class CI_DB_active_record extends CI_DB_driver { $alias = $this->_create_alias_from_table(trim($select)); } - $sql = $type.'('.$this->_protect_identifiers(trim($select)).') AS '.$this->_protect_identifiers(trim($alias)); + $sql = $type.'('.$this->_protect_identifiers(trim($select)).') AS '.$alias; $this->ar_select[] = $sql; @@ -660,12 +663,8 @@ class CI_DB_active_record extends CI_DB_driver { $prefix = (count($this->ar_like) == 0) ? '' : $type; $v = $this->escape_like_str($v); - - if ($side == 'none') - { - $like_statement = $prefix." $k $not LIKE '{$v}'"; - } - elseif ($side == 'before') + + if ($side == 'before') { $like_statement = $prefix." $k $not LIKE '%{$v}'"; } @@ -874,11 +873,11 @@ class CI_DB_active_record extends CI_DB_driver { */ public function limit($value, $offset = '') { - $this->ar_limit = (int) $value; + $this->ar_limit = $value; if ($offset != '') { - $this->ar_offset = (int) $offset; + $this->ar_offset = $offset; } return $this; @@ -931,6 +930,38 @@ class CI_DB_active_record extends CI_DB_driver { return $this; } + + + // -------------------------------------------------------------------- + + /** + * Get SELECT query string + * + * Compiles a SELECT query string and returns the sql. + * + * @access public + * @param string the table name to select from (optional) + * @param boolean TRUE: resets AR values; FALSE: leave AR vaules alone + * @return string + */ + public function get_compiled_select($table = '', $reset = TRUE) + { + if ($table != '') + { + $this->_track_aliases($table); + $this->from($table); + } + + $select = $this->_compile_select(); + + if ($reset === TRUE) + { + $this->_reset_select(); + } + + return $select; + } + // -------------------------------------------------------------------- @@ -1148,6 +1179,36 @@ class CI_DB_active_record extends CI_DB_driver { return $this; } + + // -------------------------------------------------------------------- + + /** + * Get INSERT query string + * + * Compiles an insert query and returns the sql + * + * @access public + * @param string the table to insert into + * @param boolean TRUE: reset AR values; FALSE: leave AR values alone + * @return string + */ + public function get_compiled_insert($table = '', $reset = TRUE) + { + if ($this->_validate_insert($table) === FALSE) + { + return FALSE; + } + + $sql = $this->_insert($this->_protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), array_keys($this->ar_set), array_values($this->ar_set)); + + if ($reset === TRUE) + { + $this->_reset_write(); + } + + return $sql; + } + // -------------------------------------------------------------------- @@ -1156,17 +1217,45 @@ class CI_DB_active_record extends CI_DB_driver { * * Compiles an insert string and runs the query * + * @access public * @param string the table to insert data into * @param array an associative array of insert values * @return object */ - function insert($table = '', $set = NULL) + public function insert($table = '', $set = NULL) { if ( ! is_null($set)) { $this->set($set); } + + if ($this->_validate_insert($table) === FALSE) + { + return FALSE; + } + + $sql = $this->_insert($this->_protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), array_keys($this->ar_set), array_values($this->ar_set)); + $this->_reset_write(); + return $this->query($sql); + } + + + // -------------------------------------------------------------------- + + /** + * Validate Insert + * + * This method is used by both insert() and get_compiled_insert() to + * validate that the there data is actually being set and that table + * has been chosen to be inserted into. + * + * @access public + * @param string the table to insert data into + * @return string + */ + protected function _validate_insert($table = '') + { if (count($this->ar_set) == 0) { if ($this->db_debug) @@ -1186,14 +1275,13 @@ class CI_DB_active_record extends CI_DB_driver { } return FALSE; } - - $table = $this->ar_from[0]; } - - $sql = $this->_insert($this->_protect_identifiers($table, TRUE, NULL, FALSE), array_keys($this->ar_set), array_values($this->ar_set)); - - $this->_reset_write(); - return $this->query($sql); + else + { + $this->ar_from[0] = $table; + } + + return TRUE; } // -------------------------------------------------------------------- @@ -1242,7 +1330,41 @@ class CI_DB_active_record extends CI_DB_driver { $this->_reset_write(); return $this->query($sql); } + + + // -------------------------------------------------------------------- + /** + * Get UPDATE query string + * + * Compiles an update query and returns the sql + * + * @access public + * @param string the table to update + * @param boolean TRUE: reset AR values; FALSE: leave AR values alone + * @return string + */ + public function get_compiled_update($table = '', $reset = TRUE) + { + // Combine any cached components with the current statements + $this->_merge_cache(); + + if ($this->_validate_update($table) === FALSE) + { + return FALSE; + } + + $sql = $this->_update($this->_protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), $this->ar_set, $this->ar_where, $this->ar_orderby, $this->ar_limit); + + if ($reset === TRUE) + { + $this->_reset_write(); + } + + return $sql; + } + + // -------------------------------------------------------------------- /** @@ -1265,6 +1387,43 @@ class CI_DB_active_record extends CI_DB_driver { $this->set($set); } + if ($this->_validate_update($table) === FALSE) + { + return FALSE; + } + + if ($where != NULL) + { + $this->where($where); + } + + if ($limit != NULL) + { + $this->limit($limit); + } + + $sql = $this->_update($this->_protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), $this->ar_set, $this->ar_where, $this->ar_orderby, $this->ar_limit); + + $this->_reset_write(); + return $this->query($sql); + } + + + // -------------------------------------------------------------------- + + /** + * Validate Update + * + * This method is used by both update() and get_compiled_update() to + * validate that data is actually being set and that a table has been + * chosen to be update. + * + * @access public + * @param string the table to update data on + * @return string + */ + protected function _validate_update($table = '') + { if (count($this->ar_set) == 0) { if ($this->db_debug) @@ -1284,24 +1443,11 @@ class CI_DB_active_record extends CI_DB_driver { } return FALSE; } - - $table = $this->ar_from[0]; } - - if ($where != NULL) - { - $this->where($where); - } - - if ($limit != NULL) + else { - $this->limit($limit); + $this->ar_from[0] = $table; } - - $sql = $this->_update($this->_protect_identifiers($table, TRUE, NULL, FALSE), $this->ar_set, $this->ar_where, $this->ar_orderby, $this->ar_limit); - - $this->_reset_write(); - return $this->query($sql); } @@ -1326,7 +1472,7 @@ class CI_DB_active_record extends CI_DB_driver { { if ($this->db_debug) { - return $this->display_error('db_must_use_index'); + return $this->display_error('db_myst_use_index'); } return FALSE; @@ -1503,7 +1649,27 @@ class CI_DB_active_record extends CI_DB_driver { return $this->query($sql); } + + // -------------------------------------------------------------------- + /** + * Get DELETE query string + * + * Compiles a delete query string and returns the sql + * + * @access public + * @param string the table to delete from + * @param boolean TRUE: reset AR values; FALSE: leave AR values alone + * @return string + */ + public function get_compiled_delete($table = '', $reset = TRUE) + { + $this->return_delete_sql = TRUE; + $sql = $this->delete($table, '', NULL, $reset); + $this->return_delete_sql = FALSE; + return $sql; + } + // -------------------------------------------------------------------- /** @@ -1576,9 +1742,15 @@ class CI_DB_active_record extends CI_DB_driver { { $this->_reset_write(); } + + if ($this->return_delete_sql === true) + { + return $sql; + } return $this->query($sql); } + // -------------------------------------------------------------------- @@ -1659,6 +1831,7 @@ class CI_DB_active_record extends CI_DB_driver { } } } + // -------------------------------------------------------------------- @@ -1965,6 +2138,22 @@ class CI_DB_active_record extends CI_DB_driver { $this->ar_no_escape = $this->ar_cache_no_escape; } + + // -------------------------------------------------------------------- + + /** + * Reset Active Record values. + * + * Publicly-visible method to reset the AR values. + * + * @access public + * @return void + */ + public function reset_query() + { + $this->_reset_select(); + $this->_reset_write(); + } // -------------------------------------------------------------------- @@ -2042,4 +2231,4 @@ class CI_DB_active_record extends CI_DB_driver { } /* End of file DB_active_rec.php */ -/* Location: ./system/database/DB_active_rec.php */ \ No newline at end of file +/* Location: ./system/database/DB_active_rec.php */ -- cgit v1.2.3-24-g4f1b From 0a3176b56ad069643c400302b1baf9a2c90267ad Mon Sep 17 00:00:00 2001 From: kylefarris Date: Fri, 26 Aug 2011 02:37:52 -0400 Subject: Small formatting fix. --- system/database/DB_active_rec.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/database/DB_active_rec.php') diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 8c801cd62..c36e20348 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -947,7 +947,7 @@ class CI_DB_active_record extends CI_DB_driver { public function get_compiled_select($table = '', $reset = TRUE) { if ($table != '') - { + { $this->_track_aliases($table); $this->from($table); } -- cgit v1.2.3-24-g4f1b From 7611601875b619d8201633cf16a790b356182039 Mon Sep 17 00:00:00 2001 From: Kyle Farris Date: Wed, 31 Aug 2011 11:17:48 -0400 Subject: Fixed some items based on code comments by gaker. --- system/database/DB_active_rec.php | 96 ++++++++++++++++++++------------------- 1 file changed, 49 insertions(+), 47 deletions(-) (limited to 'system/database/DB_active_rec.php') diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index c36e20348..46202224b 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -28,42 +28,42 @@ */ class CI_DB_active_record extends CI_DB_driver { - private $return_delete_sql = FALSE; - private $reset_delete_data = FALSE; + protected $return_delete_sql = FALSE; + protected $reset_delete_data = FALSE; - var $ar_select = array(); - var $ar_distinct = FALSE; - var $ar_from = array(); - var $ar_join = array(); - var $ar_where = array(); - var $ar_like = array(); - var $ar_groupby = array(); - var $ar_having = array(); - var $ar_keys = array(); - var $ar_limit = FALSE; - var $ar_offset = FALSE; - var $ar_order = FALSE; - var $ar_orderby = array(); - var $ar_set = array(); - var $ar_wherein = array(); - var $ar_aliased_tables = array(); - var $ar_store_array = array(); + protected $ar_select = array(); + protected $ar_distinct = FALSE; + protected $ar_from = array(); + protected $ar_join = array(); + protected $ar_where = array(); + protected $ar_like = array(); + protected $ar_groupby = array(); + protected $ar_having = array(); + protected $ar_keys = array(); + protected $ar_limit = FALSE; + protected $ar_offset = FALSE; + protected $ar_order = FALSE; + protected $ar_orderby = array(); + protected $ar_set = array(); + protected $ar_wherein = array(); + protected $ar_aliased_tables = array(); + protected $ar_store_array = array(); // Active Record Caching variables - var $ar_caching = FALSE; - var $ar_cache_exists = array(); - var $ar_cache_select = array(); - var $ar_cache_from = array(); - var $ar_cache_join = array(); - var $ar_cache_where = array(); - var $ar_cache_like = array(); - var $ar_cache_groupby = array(); - var $ar_cache_having = array(); - var $ar_cache_orderby = array(); - var $ar_cache_set = array(); + protected $ar_caching = FALSE; + protected $ar_cache_exists = array(); + protected $ar_cache_select = array(); + protected $ar_cache_from = array(); + protected $ar_cache_join = array(); + protected $ar_cache_where = array(); + protected $ar_cache_like = array(); + protected $ar_cache_groupby = array(); + protected $ar_cache_having = array(); + protected $ar_cache_orderby = array(); + protected $ar_cache_set = array(); - var $ar_no_escape = array(); - var $ar_cache_no_escape = array(); + protected $ar_no_escape = array(); + protected $ar_cache_no_escape = array(); // -------------------------------------------------------------------- @@ -873,11 +873,11 @@ class CI_DB_active_record extends CI_DB_driver { */ public function limit($value, $offset = '') { - $this->ar_limit = $value; + $this->ar_limit = (int) $value; if ($offset != '') { - $this->ar_offset = $offset; + $this->ar_offset = (int) $offset; } return $this; @@ -931,7 +931,6 @@ class CI_DB_active_record extends CI_DB_driver { return $this; } - // -------------------------------------------------------------------- /** @@ -962,7 +961,6 @@ class CI_DB_active_record extends CI_DB_driver { return $select; } - // -------------------------------------------------------------------- /** @@ -1199,7 +1197,13 @@ class CI_DB_active_record extends CI_DB_driver { return FALSE; } - $sql = $this->_insert($this->_protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), array_keys($this->ar_set), array_values($this->ar_set)); + $sql = $this->_insert( + $this->_protect_identifiers( + $this->ar_from[0], TRUE, NULL, FALSE + ), + array_keys($this->ar_set), + array_values($this->ar_set) + ); if ($reset === TRUE) { @@ -1208,7 +1212,6 @@ class CI_DB_active_record extends CI_DB_driver { return $sql; } - // -------------------------------------------------------------------- @@ -1234,13 +1237,18 @@ class CI_DB_active_record extends CI_DB_driver { return FALSE; } - $sql = $this->_insert($this->_protect_identifiers($this->ar_from[0], TRUE, NULL, FALSE), array_keys($this->ar_set), array_values($this->ar_set)); + $sql = $this->_insert( + $this->_protect_identifiers( + $this->ar_from[0], TRUE, NULL, FALSE + ), + array_keys($this->ar_set), + array_values($this->ar_set) + ); $this->_reset_write(); return $this->query($sql); } - // -------------------------------------------------------------------- /** @@ -1331,7 +1339,6 @@ class CI_DB_active_record extends CI_DB_driver { return $this->query($sql); } - // -------------------------------------------------------------------- /** @@ -1364,7 +1371,6 @@ class CI_DB_active_record extends CI_DB_driver { return $sql; } - // -------------------------------------------------------------------- /** @@ -1407,7 +1413,6 @@ class CI_DB_active_record extends CI_DB_driver { $this->_reset_write(); return $this->query($sql); } - // -------------------------------------------------------------------- @@ -1449,8 +1454,7 @@ class CI_DB_active_record extends CI_DB_driver { $this->ar_from[0] = $table; } } - - + // -------------------------------------------------------------------- /** @@ -1751,7 +1755,6 @@ class CI_DB_active_record extends CI_DB_driver { return $this->query($sql); } - // -------------------------------------------------------------------- /** @@ -1832,7 +1835,6 @@ class CI_DB_active_record extends CI_DB_driver { } } - // -------------------------------------------------------------------- /** -- cgit v1.2.3-24-g4f1b From 2de2fa022253597c8f5c807218be3aa05fac340e Mon Sep 17 00:00:00 2001 From: Kyle Farris Date: Wed, 31 Aug 2011 11:52:20 -0400 Subject: Merged changes with development. --- system/database/DB_active_rec.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'system/database/DB_active_rec.php') diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 46202224b..076cc7ce4 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -199,7 +199,7 @@ class CI_DB_active_record extends CI_DB_driver { $alias = $this->_create_alias_from_table(trim($select)); } - $sql = $type.'('.$this->_protect_identifiers(trim($select)).') AS '.$alias; + $sql = $type.'('.$this->_protect_identifiers(trim($select)).') AS '.$this->_protect_identifiers(trim($alias)); $this->ar_select[] = $sql; @@ -664,7 +664,11 @@ class CI_DB_active_record extends CI_DB_driver { $v = $this->escape_like_str($v); - if ($side == 'before') + if ($side == 'none') + { + $like_statement = $prefix." $k $not LIKE '{$v}'"; + } + elseif ($side == 'before') { $like_statement = $prefix." $k $not LIKE '%{$v}'"; } @@ -1476,7 +1480,7 @@ class CI_DB_active_record extends CI_DB_driver { { if ($this->db_debug) { - return $this->display_error('db_myst_use_index'); + return $this->display_error('db_must_use_index'); } return FALSE; @@ -2233,4 +2237,4 @@ class CI_DB_active_record extends CI_DB_driver { } /* End of file DB_active_rec.php */ -/* Location: ./system/database/DB_active_rec.php */ +/* Location: ./system/database/DB_active_rec.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 81ef70f32951de5f7b4196c1db9ce969133362dd Mon Sep 17 00:00:00 2001 From: Kyle Farris Date: Wed, 31 Aug 2011 11:59:12 -0400 Subject: One more formatting fix. --- system/database/DB_active_rec.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'system/database/DB_active_rec.php') diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 076cc7ce4..59cd1972c 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -664,11 +664,11 @@ class CI_DB_active_record extends CI_DB_driver { $v = $this->escape_like_str($v); - if ($side == 'none') - { - $like_statement = $prefix." $k $not LIKE '{$v}'"; - } - elseif ($side == 'before') + if ($side == 'none') + { + $like_statement = $prefix." $k $not LIKE '{$v}'"; + } + elseif ($side == 'before') { $like_statement = $prefix." $k $not LIKE '%{$v}'"; } -- cgit v1.2.3-24-g4f1b From 0e857631f5c6f38c5715450ea3f6ff514ac65b2c Mon Sep 17 00:00:00 2001 From: kenjis Date: Fri, 2 Sep 2011 08:41:17 +0900 Subject: fixes potential SQL injection vector in Active Record offset() --- system/database/DB_active_rec.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/database/DB_active_rec.php') diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 37d162bc1..89766e304 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -894,7 +894,7 @@ class CI_DB_active_record extends CI_DB_driver { */ public function offset($offset) { - $this->ar_offset = $offset; + $this->ar_offset = (int) $offset; return $this; } -- cgit v1.2.3-24-g4f1b From bff3dfda42b58289c41f88342a0ab17846f52f3b Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 7 Sep 2011 18:54:25 +0200 Subject: Use NULL as the default value for offset in limit(x, offset) so that default is not LIMIT 0. --- system/database/DB_active_rec.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/database/DB_active_rec.php') diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 89766e304..7162e2ac5 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -872,11 +872,11 @@ class CI_DB_active_record extends CI_DB_driver { * @param integer the offset value * @return object */ - public function limit($value, $offset = '') + public function limit($value, $offset = NULL) { $this->ar_limit = (int) $value; - if ($offset != '') + if ( ! is_null($offset)) { $this->ar_offset = (int) $offset; } -- cgit v1.2.3-24-g4f1b From 8b4d83b23b3b93e8042b01d9117f496206b309c0 Mon Sep 17 00:00:00 2001 From: Juan José González Date: Tue, 27 Sep 2011 17:21:14 -0500 Subject: Fixing issue 465: select_max is adding prefix to table aliases when is not necessary --- system/database/DB_active_rec.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/database/DB_active_rec.php') diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index 7162e2ac5..83518232e 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -196,7 +196,7 @@ class CI_DB_active_record extends CI_DB_driver { $alias = $this->_create_alias_from_table(trim($select)); } - $sql = $type.'('.$this->_protect_identifiers(trim($select)).') AS '.$this->_protect_identifiers(trim($alias)); + $sql = $this->_protect_identifiers($type.'('.trim($select).')').' AS '.$this->_protect_identifiers(trim($alias)); $this->ar_select[] = $sql; -- cgit v1.2.3-24-g4f1b From f4a4bd8fac188ebc9cda822ffc811c218fd92b45 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Thu, 20 Oct 2011 12:18:42 -0500 Subject: adding new license file (OSL 3.0) and updating readme to ReST added notice of license to all source files. OSL to all except the few files we ship inside of the application folder, those are AFL. Updated license in user guide. incrementing next dev version to 3.0 due to licensing change --- system/database/DB_active_rec.php | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'system/database/DB_active_rec.php') diff --git a/system/database/DB_active_rec.php b/system/database/DB_active_rec.php index f99d13ec8..43920772a 100644 --- a/system/database/DB_active_rec.php +++ b/system/database/DB_active_rec.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -23,7 +35,7 @@ * @package CodeIgniter * @subpackage Drivers * @category Database - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/database/ */ class CI_DB_active_record extends CI_DB_driver { -- cgit v1.2.3-24-g4f1b