From 6e7047576338e896a43a35eb2fa79136adc01d8d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 18 Jul 2012 00:46:33 +0300 Subject: Fix WHERE escaping/prefixing --- system/database/DB_query_builder.php | 121 ++++++++++++++++++++++++----------- 1 file changed, 85 insertions(+), 36 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 479b7f24a..92cb8c1d5 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -467,13 +467,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { ? $this->_group_get_type('') : $this->_group_get_type($type); - if ($escape === TRUE) - { - $k = (($op = $this->_get_operator($k)) !== FALSE) - ? $this->escape_identifiers(trim(substr($k, 0, strpos($k, $op)))).' '.strstr($k, $op) - : $this->escape_identifiers(trim($k)); - } - if (is_null($v) && ! $this->_has_operator($k)) { // value appears not to have been set, assign the test to IS NULL @@ -493,10 +486,11 @@ abstract class CI_DB_query_builder extends CI_DB_driver { } } - $this->qb_where[] = $prefix.$k.$v; + $this->qb_where[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); if ($this->qb_caching === TRUE) { - $this->qb_cache_where[] = $prefix.$k.$v; + // check this shit + $this->qb_cache_where[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); $this->qb_cache_exists[] = 'where'; } @@ -607,14 +601,13 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $this->qb_wherein[] = $this->escape($value); } - if ($escape === TRUE) - { - $key = $this->escape_identifiers(trim($key)); - } - $prefix = (count($this->qb_where) === 0) ? $this->_group_get_type('') : $this->_group_get_type($type); - $this->qb_where[] = $where_in = $prefix.$key.$not.' IN ('.implode(', ', $this->qb_wherein).') '; + $where_in = array( + 'condition' => $prefix.$key.$not.' IN('.implode(', ', $this->qb_wherein).')', + 'escape' => $escape + ); + $this->qb_where[] = $where_in; if ($this->qb_caching === TRUE) { $this->qb_cache_where[] = $where_in; @@ -769,11 +762,15 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $this->qb_where_group_started = TRUE; $prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) ? '' : $type; - $this->qb_where[] = $value = $prefix.$not.str_repeat(' ', ++$this->qb_where_group_count).' ('; + $where = array( + 'condition' => $prefix.$not.str_repeat(' ', ++$this->qb_where_group_count).' (', + 'escape' => FALSE + ); + $this->qb_where[] = $where; if ($this->qb_caching) { - $this->qb_cache_where[] = $value; + $this->qb_cache_where[] = $where; } return $this; @@ -825,11 +822,15 @@ abstract class CI_DB_query_builder extends CI_DB_driver { public function group_end() { $this->qb_where_group_started = FALSE; - $this->qb_where[] = $value = str_repeat(' ', $this->qb_where_group_count--) . ')'; + $where = array( + 'condition' => str_repeat(' ', $this->qb_where_group_count--).')', + 'escape' => FALSE + ); + $this->qb_where[] = $where; if ($this->qb_caching) { - $this->qb_cache_where[] = $value; + $this->qb_cache_where[] = $where; } return $this; @@ -2067,49 +2068,97 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $sql .= "\n".implode("\n", $this->qb_join); } - // Write the "WHERE" portion of the query - if (count($this->qb_where) > 0 OR count($this->qb_like) > 0) + $sql .= $this->_compile_conditions(); + + // Write the "LIMIT" portion of the query + if (is_numeric($this->qb_limit)) { - $sql .= "\nWHERE "; + return $this->_limit($sql."\n", $this->qb_limit, $this->qb_offset); } - $sql .= implode("\n", $this->qb_where); + return $sql; + } - // Write the "LIKE" portion of the query - if (count($this->qb_like) > 0) + // -------------------------------------------------------------------- + + /** + * Compile WHERE statement + * + * Escapes identifiers in WHERE, LIKE, HAVING, GROUP BY, ORDER BY + * statements at execution time. Required so that aliases are tracked + * properly, regardless of wether e.g. where() is called prior to + * join() and dbprefix is added only if needed. + * + * @return string + */ + protected function _compile_conditions() + { + // WHERE + if (count($this->qb_where) > 0) { - if (count($this->qb_where) > 0) + $sql = "\nWHERE "; + + for ($i = 0, $c = count($this->qb_where); $i < $c; $i++) { - $sql .= "\nAND "; + if ($this->qb_where[$i]['escape'] === FALSE) + { + $this->qb_where[$i] = $this->qb_where[$i]['condition']; + continue; + } + + $op = preg_quote($this->_get_operator($this->qb_where[$i]['condition'])); + if ( ! preg_match('/^(\s*(?:AND|OR)\s+)?(\(?)(.*)('.$op.')(.*(?qb_where[$i]['condition'], $matches)) + { + $this->qb_where[$i] = $this->qb_where[$i]['condition']; + continue; + } + + // $matches = array( + // 0 => 'OR (test <= foo)', /* the whole thing */ + // 1 => 'OR ', /* optional */ + // 2 => '(', /* optional */ + // 3 => 'test', /* the field name */ + // 4 => ' <= ', /* $op */ + // 5 => 'foo', /* optional, if $op is e.g. 'IS NULL' */ + // 6 => ')' /* optional */ + // ); + empty($matches[5]) OR $matches[5] = ' '.$this->protect_identifiers(trim($matches[5])); + $this->qb_where[$i] = $matches[1].$matches[2].$this->protect_identifiers(trim($matches[3])) + .' '.trim($matches[4]).$matches[5].$matches[6]; } + $sql .= implode("\n", $this->qb_where); + } + else + { + $sql = ''; + } + + // LIKE + if (count($this->qb_like) > 0) + { + $sql .= ($sql === '') ? "\nWHERE " : "\nAND "; $sql .= implode("\n", $this->qb_like); } - // Write the "GROUP BY" portion of the query + // GROUP BY if (count($this->qb_groupby) > 0) { $sql .= "\nGROUP BY ".implode(', ', $this->qb_groupby); } - // Write the "HAVING" portion of the query + // HAVING if (count($this->qb_having) > 0) { $sql .= "\nHAVING ".implode("\n", $this->qb_having); } - // Write the "ORDER BY" portion of the query + // ORDER BY if (count($this->qb_orderby) > 0) { $sql .= "\nORDER BY ".implode(', ', $this->qb_orderby); } - // Write the "LIMIT" portion of the query - if (is_numeric($this->qb_limit)) - { - return $this->_limit($sql."\n", $this->qb_limit, $this->qb_offset); - } - return $sql; } -- cgit v1.2.3-24-g4f1b From ededc4a32a96315f18b7234153aa9cf7c87ca3ce Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 18 Jul 2012 01:16:15 +0300 Subject: Change _like() to append to the qb_where array --- system/database/DB_query_builder.php | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 92cb8c1d5..75da1c792 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -692,7 +692,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { /** * Like * - * Called by like() or orlike() + * Called by like() or or_like() * * @param mixed * @param mixed @@ -708,8 +708,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver { foreach ($field as $k => $v) { - $k = $this->protect_identifiers($k); - $prefix = (count($this->qb_like) === 0) ? $this->_group_get_type('') : $this->_group_get_type($type); + $prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) + ? $this->_group_get_type('') : $this->_group_get_type($type); $v = $this->escape_like_str($v); if ($side === 'none') @@ -735,13 +735,12 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $like_statement = $like_statement.sprintf($this->_like_escape_str, $this->_like_escape_chr); } - $this->qb_like[] = $like_statement; + $this->qb_where[] = array('condition' => $like_statement, 'escape' => $this->_protect_identifiers); if ($this->qb_caching === TRUE) { - $this->qb_cache_like[] = $like_statement; - $this->qb_cache_exists[] = 'like'; + $this->qb_cache_where[] = $like_statement; + $this->qb_cache_exists[] = 'where'; } - } return $this; @@ -2134,13 +2133,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $sql = ''; } - // LIKE - if (count($this->qb_like) > 0) - { - $sql .= ($sql === '') ? "\nWHERE " : "\nAND "; - $sql .= implode("\n", $this->qb_like); - } - // GROUP BY if (count($this->qb_groupby) > 0) { -- cgit v1.2.3-24-g4f1b From b04786599e1b032078f1d3bdd8941405d47447a0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 18 Jul 2012 15:34:46 +0300 Subject: Remove dependancies on qb_like and remove unneeded parameters from _delete(), _like(), _update(), _update_batch() --- system/database/DB_query_builder.php | 147 +++++++++++++++++------------------ 1 file changed, 72 insertions(+), 75 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 75da1c792..29b75cd1d 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -47,7 +47,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { protected $qb_from = array(); protected $qb_join = array(); protected $qb_where = array(); - protected $qb_like = array(); protected $qb_groupby = array(); protected $qb_having = array(); protected $qb_keys = array(); @@ -443,12 +442,12 @@ abstract class CI_DB_query_builder extends CI_DB_driver { /** * Where * - * Called by where() or or_where() + * Called by where(), or_where() * * @param mixed * @param mixed * @param string - * @param mixed + * @param bool * @return object */ protected function _where($key, $value = NULL, $type = 'AND ', $escape = NULL) @@ -477,7 +476,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { if ($escape === TRUE) { - $v = ' '.$this->escape($v); + $v = ' '.(is_int($v) ? $v : $this->escape($v)); } if ( ! $this->_has_operator($k)) @@ -628,12 +627,14 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * multiple calls with AND * * @param mixed - * @param mixed + * @param string + * @param string + * @param bool * @return object */ - public function like($field, $match = '', $side = 'both') + public function like($field, $match = '', $side = 'both', $escape = NULL) { - return $this->_like($field, $match, 'AND ', $side); + return $this->_like($field, $match, 'AND ', $side, '', $escape); } // -------------------------------------------------------------------- @@ -645,12 +646,14 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * multiple calls with AND * * @param mixed - * @param mixed + * @param string + * @param string + * @param bool * @return object */ - public function not_like($field, $match = '', $side = 'both') + public function not_like($field, $match = '', $side = 'both', $escape = NULL) { - return $this->_like($field, $match, 'AND ', $side, 'NOT'); + return $this->_like($field, $match, 'AND ', $side, 'NOT', $escape); } // -------------------------------------------------------------------- @@ -662,12 +665,14 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * multiple calls with OR * * @param mixed - * @param mixed + * @param string + * @param string + * @param bool * @return object */ - public function or_like($field, $match = '', $side = 'both') + public function or_like($field, $match = '', $side = 'both', $escape = NULL) { - return $this->_like($field, $match, 'OR ', $side); + return $this->_like($field, $match, 'OR ', $side, '', $escape); } // -------------------------------------------------------------------- @@ -679,12 +684,14 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * multiple calls with OR * * @param mixed - * @param mixed + * @param string + * @param string + * @param bool * @return object */ - public function or_not_like($field, $match = '', $side = 'both') + public function or_not_like($field, $match = '', $side = 'both', $escape = NULL) { - return $this->_like($field, $match, 'OR ', $side, 'NOT'); + return $this->_like($field, $match, 'OR ', $side, 'NOT', $escape); } // -------------------------------------------------------------------- @@ -692,50 +699,55 @@ abstract class CI_DB_query_builder extends CI_DB_driver { /** * Like * - * Called by like() or or_like() + * Called by like(), or_like(), not_like, or_not_like() * * @param mixed - * @param mixed * @param string + * @param string + * @param string + * @param string + * @param bool * @return object */ - protected function _like($field, $match = '', $type = 'AND ', $side = 'both', $not = '') + protected function _like($field, $match = '', $type = 'AND ', $side = 'both', $not = '', $escape = NULL) { if ( ! is_array($field)) { $field = array($field => $match); } + is_bool($escape) OR $escape = $this->_protect_identifiers; + $prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) + ? $this->_group_get_type('') : $this->_group_get_type($type); + foreach ($field as $k => $v) { - $prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) - ? $this->_group_get_type('') : $this->_group_get_type($type); $v = $this->escape_like_str($v); if ($side === 'none') { - $like_statement = "{$prefix} $k $not LIKE '{$v}'"; + $like_statement = "{$prefix} {$k} {$not} LIKE '{$v}'"; } elseif ($side === 'before') { - $like_statement = "{$prefix} $k $not LIKE '%{$v}'"; + $like_statement = "{$prefix} {$k} {$not} LIKE '%{$v}'"; } elseif ($side === 'after') { - $like_statement = "{$prefix} $k $not LIKE '{$v}%'"; + $like_statement = "{$prefix} {$k} {$not} LIKE '{$v}%'"; } else { - $like_statement = "{$prefix} $k $not LIKE '%{$v}%'"; + $like_statement = "{$prefix} {$k} {$not} LIKE '%{$v}%'"; } // some platforms require an escape sequence definition for LIKE wildcards if ($this->_like_escape_str !== '') { - $like_statement = $like_statement.sprintf($this->_like_escape_str, $this->_like_escape_chr); + $like_statement .= sprintf($this->_like_escape_str, $this->_like_escape_chr); } - $this->qb_where[] = array('condition' => $like_statement, 'escape' => $this->_protect_identifiers); + $this->qb_where[] = array('condition' => $like_statement, 'escape' => $escape); if ($this->qb_caching === TRUE) { $this->qb_cache_where[] = $like_statement; @@ -1558,7 +1570,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { return FALSE; } - $sql = $this->_update($this->protect_identifiers($this->qb_from[0], TRUE, NULL, FALSE), $this->qb_set, $this->qb_where, $this->qb_orderby, $this->qb_limit); + $sql = $this->_update($this->protect_identifiers($this->qb_from[0], TRUE, NULL, FALSE), $this->qb_set); if ($reset === TRUE) { @@ -1605,7 +1617,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $this->limit($limit); } - $sql = $this->_update($this->protect_identifiers($this->qb_from[0], TRUE, NULL, FALSE), $this->qb_set, $this->qb_where, $this->qb_orderby, $this->qb_limit, $this->qb_like); + $sql = $this->_update($this->protect_identifiers($this->qb_from[0], TRUE, NULL, FALSE), $this->qb_set); $this->_reset_write(); return $this->query($sql); @@ -1687,7 +1699,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // Batch this baby for ($i = 0, $total = count($this->qb_set); $i < $total; $i += 100) { - $this->query($this->_update_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->qb_set, $i, 100), $this->protect_identifiers($index), $this->qb_where)); + $this->query($this->_update_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->qb_set, $i, 100), $this->protect_identifiers($index))); } $this->_reset_write(); @@ -1893,12 +1905,12 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $this->limit($limit); } - if (count($this->qb_where) === 0 && count($this->qb_wherein) === 0 && count($this->qb_like) === 0) + if (count($this->qb_where) === 0 && count($this->qb_wherein) === 0) { return ($this->db_debug) ? $this->display_error('db_del_must_use_where') : FALSE; } - $sql = $this->_delete($table, $this->qb_where, $this->qb_like, $this->qb_limit); + $sql = $this->_delete($table); if ($reset_data) { $this->_reset_write(); @@ -1915,21 +1927,12 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * Generates a platform-specific delete string from the supplied data * * @param string the table name - * @param array the where clause - * @param array the like clause - * @param string the limit clause * @return string */ - protected function _delete($table, $where = array(), $like = array(), $limit = FALSE) + protected function _delete($table) { - $conditions = array(); - - empty($where) OR $conditions[] = implode(' ', $where); - empty($like) OR $conditions[] = implode(' ', $like); - - return 'DELETE FROM '.$table - .(count($conditions) > 0 ? ' WHERE '.implode(' AND ', $conditions) : '') - .($limit ? ' LIMIT '.(int) $limit : ''); + return 'DELETE FROM '.$table.$this->_compile_where() + .($this->qb_limit ? ' LIMIT '.(int) $this->qb_limit : ''); } // -------------------------------------------------------------------- @@ -2069,6 +2072,24 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $sql .= $this->_compile_conditions(); + // GROUP BY + if (count($this->qb_groupby) > 0) + { + $sql .= "\nGROUP BY ".implode(', ', $this->qb_groupby); + } + + // HAVING + if (count($this->qb_having) > 0) + { + $sql .= "\nHAVING ".implode("\n", $this->qb_having); + } + + // ORDER BY + if (count($this->qb_orderby) > 0) + { + $sql .= "\nORDER BY ".implode(', ', $this->qb_orderby); + } + // Write the "LIMIT" portion of the query if (is_numeric($this->qb_limit)) { @@ -2083,14 +2104,14 @@ abstract class CI_DB_query_builder extends CI_DB_driver { /** * Compile WHERE statement * - * Escapes identifiers in WHERE, LIKE, HAVING, GROUP BY, ORDER BY - * statements at execution time. Required so that aliases are tracked - * properly, regardless of wether e.g. where() is called prior to - * join() and dbprefix is added only if needed. + * Escapes identifiers in WHERE statements at execution time. + * Required so that aliases are tracked properly, regardless of wether + * e.g. where() is called prior to join() and dbprefix is added only + * if needed. * * @return string */ - protected function _compile_conditions() + protected function _compile_where() { // WHERE if (count($this->qb_where) > 0) @@ -2126,32 +2147,10 @@ abstract class CI_DB_query_builder extends CI_DB_driver { .' '.trim($matches[4]).$matches[5].$matches[6]; } - $sql .= implode("\n", $this->qb_where); - } - else - { - $sql = ''; + return implode("\n", $this->qb_where); } - // GROUP BY - if (count($this->qb_groupby) > 0) - { - $sql .= "\nGROUP BY ".implode(', ', $this->qb_groupby); - } - - // HAVING - if (count($this->qb_having) > 0) - { - $sql .= "\nHAVING ".implode("\n", $this->qb_having); - } - - // ORDER BY - if (count($this->qb_orderby) > 0) - { - $sql .= "\nORDER BY ".implode(', ', $this->qb_orderby); - } - - return $sql; + return ''; } // -------------------------------------------------------------------- @@ -2363,7 +2362,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { 'qb_from' => array(), 'qb_join' => array(), 'qb_where' => array(), - 'qb_like' => array(), 'qb_groupby' => array(), 'qb_having' => array(), 'qb_orderby' => array(), @@ -2392,7 +2390,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { 'qb_set' => array(), 'qb_from' => array(), 'qb_where' => array(), - 'qb_like' => array(), 'qb_orderby' => array(), 'qb_keys' => array(), 'qb_limit' => FALSE -- cgit v1.2.3-24-g4f1b From d40459d94f91219f080caabebd627fdc319b0f42 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 18 Jul 2012 16:46:39 +0300 Subject: Merge where() and having() logic - it's structurally identical and only the keyword differs --- system/database/DB_query_builder.php | 124 +++++++++++------------------------ 1 file changed, 37 insertions(+), 87 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 29b75cd1d..34a77c551 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -416,7 +416,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { */ public function where($key, $value = NULL, $escape = NULL) { - return $this->_where($key, $value, 'AND ', $escape); + return $this->_wh('qb_where', $key, $value, 'AND ', $escape); } // -------------------------------------------------------------------- @@ -434,24 +434,27 @@ abstract class CI_DB_query_builder extends CI_DB_driver { */ public function or_where($key, $value = NULL, $escape = NULL) { - return $this->_where($key, $value, 'OR ', $escape); + return $this->_wh('qb_where', $key, $value, 'OR ', $escape); } // -------------------------------------------------------------------- /** - * Where + * WHERE, HAVING * - * Called by where(), or_where() + * Called by where(), or_where(), having(), or_having() * + * @param string 'qb_where' or 'qb_having' * @param mixed * @param mixed * @param string * @param bool * @return object */ - protected function _where($key, $value = NULL, $type = 'AND ', $escape = NULL) + protected function _wh($qb_key, $key, $value = NULL, $type = 'AND ', $escape = NULL) { + $qb_cache_key = ($qb_key === 'qb_having') ? 'qb_cache_having' : 'qb_cache_where'; + if ( ! is_array($key)) { $key = array($key => $value); @@ -462,7 +465,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { foreach ($key as $k => $v) { - $prefix = (count($this->qb_where) === 0 && count($this->qb_cache_where) === 0) + $prefix = (count($this->$qb_key) === 0 && count($this->$qb_cache_key) === 0) ? $this->_group_get_type('') : $this->_group_get_type($type); @@ -485,12 +488,11 @@ abstract class CI_DB_query_builder extends CI_DB_driver { } } - $this->qb_where[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); + $this->{$qb_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); if ($this->qb_caching === TRUE) { - // check this shit - $this->qb_cache_where[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); - $this->qb_cache_exists[] = 'where'; + $this->{$qb_cache_key}[] = array('condition' => $prefix.$k.$v, 'escape' => $escape); + $this->qb_cache_exists[] = substr($qb_key, 3); } } @@ -916,7 +918,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { */ public function having($key, $value = '', $escape = NULL) { - return $this->_having($key, $value, 'AND ', $escape); + return $this->_wh('qb_having', $key, $value, 'AND ', $escape); } // -------------------------------------------------------------------- @@ -933,58 +935,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { */ public function or_having($key, $value = '', $escape = NULL) { - return $this->_having($key, $value, 'OR ', $escape); - } - - // -------------------------------------------------------------------- - - /** - * Sets the HAVING values - * - * Called by having() or or_having() - * - * @param string - * @param string - * @param string - * @param bool - * @return object - */ - protected function _having($key, $value = '', $type = 'AND ', $escape = NULL) - { - if ( ! is_array($key)) - { - $key = array($key => $value); - } - - is_bool($escape) OR $escape = $this->_protect_identifiers; - - foreach ($key as $k => $v) - { - $prefix = (count($this->qb_having) === 0) ? '' : $type; - - $k = $this->_has_operator($k) - ? $this->protect_identifiers(substr($k, 0, strpos(rtrim($k), ' ')), FALSE, $escape).strchr(rtrim($k), ' ') - : $this->protect_identifiers($k, FALSE, $escape); - - if ( ! $this->_has_operator($k)) - { - $k .= ' = '; - } - - if ($v !== '') - { - $v = ' '.$this->escape($v); - } - - $this->qb_having[] = $prefix.$k.$v; - if ($this->qb_caching === TRUE) - { - $this->qb_cache_having[] = $prefix.$k.$v; - $this->qb_cache_exists[] = 'having'; - } - } - - return $this; + return $this->_wh('qb_having', $key, $value, 'OR ', $escape); } // -------------------------------------------------------------------- @@ -1931,7 +1882,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { */ protected function _delete($table) { - return 'DELETE FROM '.$table.$this->_compile_where() + return 'DELETE FROM '.$table.$this->_compile_wh('qb_where') .($this->qb_limit ? ' LIMIT '.(int) $this->qb_limit : ''); } @@ -2070,7 +2021,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $sql .= "\n".implode("\n", $this->qb_join); } - $sql .= $this->_compile_conditions(); + // WHERE + $sql .= $this->_compile_wh('qb_where'); // GROUP BY if (count($this->qb_groupby) > 0) @@ -2079,10 +2031,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { } // HAVING - if (count($this->qb_having) > 0) - { - $sql .= "\nHAVING ".implode("\n", $this->qb_having); - } + $sql .= $this->_compile_wh('qb_having'); // ORDER BY if (count($this->qb_orderby) > 0) @@ -2090,7 +2039,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $sql .= "\nORDER BY ".implode(', ', $this->qb_orderby); } - // Write the "LIMIT" portion of the query + // LIMIT if (is_numeric($this->qb_limit)) { return $this->_limit($sql."\n", $this->qb_limit, $this->qb_offset); @@ -2102,34 +2051,35 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // -------------------------------------------------------------------- /** - * Compile WHERE statement + * Compile WHERE, HAVING statements + * + * Escapes identifiers in WHERE and HAVING statements at execution time. * - * Escapes identifiers in WHERE statements at execution time. * Required so that aliases are tracked properly, regardless of wether - * e.g. where() is called prior to join() and dbprefix is added only - * if needed. + * where(), or_where(), having(), or_having are called prior to from(), + * join() and dbprefix is added only if needed. * - * @return string + * @param string 'qb_where' or 'qb_having' + * @return string SQL statement */ - protected function _compile_where() + protected function _compile_wh($qb_key) { - // WHERE - if (count($this->qb_where) > 0) + if (count($this->$qb_key) > 0) { - $sql = "\nWHERE "; + $sql = ($qb_key === 'qb_having') ? "\nHAVING " : "\nWHERE "; - for ($i = 0, $c = count($this->qb_where); $i < $c; $i++) + for ($i = 0, $c = count($this->$qb_key); $i < $c; $i++) { - if ($this->qb_where[$i]['escape'] === FALSE) + if ($this->{$qb_key}[$i]['escape'] === FALSE) { - $this->qb_where[$i] = $this->qb_where[$i]['condition']; + $this->{$qb_key}[$i] = $this->{$qb_key}[$i]['condition']; continue; } - $op = preg_quote($this->_get_operator($this->qb_where[$i]['condition'])); - if ( ! preg_match('/^(\s*(?:AND|OR)\s+)?(\(?)(.*)('.$op.')(.*(?qb_where[$i]['condition'], $matches)) + $op = preg_quote($this->_get_operator($this->{$qb_key}[$i]['condition'])); + if ( ! preg_match('/^(\s*(?:AND|OR)\s+)?(\(?)(.*)('.$op.')(.*(?{$qb_key}[$i]['condition'], $matches)) { - $this->qb_where[$i] = $this->qb_where[$i]['condition']; + $this->{$qb_key}[$i] = $this->{$qb_key}[$i]['condition']; continue; } @@ -2143,11 +2093,11 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // 6 => ')' /* optional */ // ); empty($matches[5]) OR $matches[5] = ' '.$this->protect_identifiers(trim($matches[5])); - $this->qb_where[$i] = $matches[1].$matches[2].$this->protect_identifiers(trim($matches[3])) + $this->{$qb_key}[$i] = $matches[1].$matches[2].$this->protect_identifiers(trim($matches[3])) .' '.trim($matches[4]).$matches[5].$matches[6]; } - return implode("\n", $this->qb_where); + return implode("\n", $this->$qb_key); } return ''; -- cgit v1.2.3-24-g4f1b From 94611df88cf99ae530258a25e2051e901b9ffcc7 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Jul 2012 12:29:54 +0300 Subject: Remove qb_wherein property --- system/database/DB_query_builder.php | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 34a77c551..7b0565df9 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -54,7 +54,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { protected $qb_offset = FALSE; protected $qb_orderby = array(); protected $qb_set = array(); - protected $qb_wherein = array(); protected $qb_aliased_tables = array(); protected $qb_store_array = array(); protected $qb_where_group_started = FALSE; @@ -597,14 +596,15 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $not = ($not) ? ' NOT' : ''; + $where_in = array(); foreach ($values as $value) { - $this->qb_wherein[] = $this->escape($value); + $wherein[] = $this->escape($value); } $prefix = (count($this->qb_where) === 0) ? $this->_group_get_type('') : $this->_group_get_type($type); $where_in = array( - 'condition' => $prefix.$key.$not.' IN('.implode(', ', $this->qb_wherein).')', + 'condition' => $prefix.$key.$not.' IN('.implode(', ', $where_in).')', 'escape' => $escape ); @@ -615,8 +615,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $this->qb_cache_exists[] = 'where'; } - // reset the array for multiple calls - $this->qb_wherein = array(); return $this; } @@ -1856,7 +1854,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $this->limit($limit); } - if (count($this->qb_where) === 0 && count($this->qb_wherein) === 0) + if (count($this->qb_where) === 0) { return ($this->db_debug) ? $this->display_error('db_del_must_use_where') : FALSE; } @@ -2315,7 +2313,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { 'qb_groupby' => array(), 'qb_having' => array(), 'qb_orderby' => array(), - 'qb_wherein' => array(), 'qb_aliased_tables' => array(), 'qb_no_escape' => array(), 'qb_distinct' => FALSE, -- cgit v1.2.3-24-g4f1b From c9b924c1498847d8f324d81c8994fff0b95f26dc Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Jul 2012 13:06:02 +0300 Subject: Remove _limit()'s extra parameters and qb_limit, qb_offset unneeded typecasts + add _compile_group_by() method --- system/database/DB_query_builder.php | 49 ++++++++++++++++++++++++++---------- 1 file changed, 36 insertions(+), 13 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 7b0565df9..55b97bb3f 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -874,15 +874,18 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * GROUP BY * * @param string + * @param bool * @return object */ - public function group_by($by) + public function group_by($by, $escape = NULL) { if (is_string($by)) { $by = explode(',', $by); } + is_bool($escape) OR $escape = $this->_protect_identifiers; + foreach ($by as $val) { $val = trim($val); @@ -1005,7 +1008,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param int the offset value * @return object */ - public function limit($value, $offset = NULL) + public function limit($value, $offset = FALSE) { is_null($value) OR $this->qb_limit = (int) $value; empty($offset) OR $this->qb_offset = (int) $offset; @@ -1035,13 +1038,11 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * Generates a platform-specific LIMIT clause * * @param string the sql query string - * @param int the number of rows to limit the query to - * @param int the offset value * @return string */ - protected function _limit($sql, $limit, $offset) + protected function _limit($sql) { - return $sql.' LIMIT '.($offset ? $offset.', ' : '').$limit; + return $sql.' LIMIT '.($this->qb_offset ? $this->qb_offset.', ' : '').$this->qb_limit; } // -------------------------------------------------------------------- @@ -1881,7 +1882,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { protected function _delete($table) { return 'DELETE FROM '.$table.$this->_compile_wh('qb_where') - .($this->qb_limit ? ' LIMIT '.(int) $this->qb_limit : ''); + .($this->qb_limit ? ' LIMIT '.$this->qb_limit : ''); } // -------------------------------------------------------------------- @@ -2023,10 +2024,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $sql .= $this->_compile_wh('qb_where'); // GROUP BY - if (count($this->qb_groupby) > 0) - { - $sql .= "\nGROUP BY ".implode(', ', $this->qb_groupby); - } + $sql .= $this->_compile_group_by(); // HAVING $sql .= $this->_compile_wh('qb_having'); @@ -2038,9 +2036,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver { } // LIMIT - if (is_numeric($this->qb_limit)) + if ($this->qb_limit) { - return $this->_limit($sql."\n", $this->qb_limit, $this->qb_offset); + return $this->_limit($sql."\n"); } return $sql; @@ -2103,6 +2101,31 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // -------------------------------------------------------------------- + /** + * Compile GROUP BY + * + * Escapes identifiers in GROUP BY statements at execution time. + * + * Required so that aliases are tracked properly, regardless of wether + * group_by() is called prior to from(), join() and dbprefix is added + * only if needed. + * + * @return string SQL statement + */ + protected function _compile_group_by() + { + if (count($this->qb_groupby) > 0) + { + $sql = "\nGROUP BY "; + + $sql .= implode(', ', $this->qb_groupby); + } + + return ''; + } + + // -------------------------------------------------------------------- + /** * Object to Array * -- cgit v1.2.3-24-g4f1b From 96feb586c7fc2c232675590fe4e1032198a39535 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Jul 2012 13:12:34 +0300 Subject: Implement group_by() compiler and no_escape feature --- system/database/DB_query_builder.php | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 55b97bb3f..6c247f957 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -879,21 +879,24 @@ abstract class CI_DB_query_builder extends CI_DB_driver { */ public function group_by($by, $escape = NULL) { + is_bool($escape) OR $escape = $this->_protect_identifiers; + if (is_string($by)) { - $by = explode(',', $by); + $by = ($escape === TRUE) + ? explode(',', $by) + : array($by); } - is_bool($escape) OR $escape = $this->_protect_identifiers; - foreach ($by as $val) { $val = trim($val); if ($val !== '') { - $this->qb_groupby[] = $val = $this->protect_identifiers($val); + $val = array('field' => $val, 'escape' => $escape); + $this->qb_groupby[] = $val; if ($this->qb_caching === TRUE) { $this->qb_cache_groupby[] = $val; @@ -2118,6 +2121,13 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { $sql = "\nGROUP BY "; + for ($i = 0, $c = count($this->qb_groupby); $i < $c; $i++) + { + $this->qb_groupby[$i] = ($this->qb_groupby[$i]['escape'] === FALSE) + ? $this->qb_groupby[$i]['field'] + : $this->protect_identifiers($qb_groupby[$i]['field']); + } + $sql .= implode(', ', $this->qb_groupby); } -- cgit v1.2.3-24-g4f1b From 2d486231c0fbc9a5c9ad5bf6897e7bb1aff275ba Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Jul 2012 14:46:51 +0300 Subject: Implement _compile_order_by() --- system/database/DB_query_builder.php | 107 +++++++++++++++++++++-------------- 1 file changed, 64 insertions(+), 43 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 6c247f957..416132e16 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -948,54 +948,50 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * Sets the ORDER BY value * * @param string - * @param string direction: asc or desc + * @param string direction: ASC or DESC * @param bool enable field name escaping * @return object */ public function order_by($orderby, $direction = '', $escape = NULL) { - if (strtolower($direction) === 'random') + $direction = trim($direction); + + if (strtolower($direction) === 'random' OR $orderby === $this->_random_keyword) + { + // Random ordered results don't need a field name + $orderby = $this->_random_keyword; + $direction = ''; + } + elseif (empty($orderby)) { - $orderby = ''; // Random results want or don't need a field name - $direction = $this->_random_keyword; + return $this; } - elseif (trim($direction) !== '') + elseif ($direction !== '') { - $direction = in_array(strtoupper(trim($direction)), array('ASC', 'DESC'), TRUE) ? ' '.$direction : ' ASC'; + $direction = in_array(strtoupper(trim($direction)), array('ASC', 'DESC'), TRUE) ? ' '.$direction : ''; } is_bool($escape) OR $escape = $this->_protect_identifiers; - if ($escape === TRUE && strpos($orderby, ',') !== FALSE) + if ($escape === FALSE) { - $temp = array(); - foreach (explode(',', $orderby) as $part) - { - $part = trim($part); - if ( ! in_array($part, $this->qb_aliased_tables)) - { - $part = preg_match('/^(.+)\s+(ASC|DESC)$/i', $part, $matches) - ? $this->protect_identifiers(rtrim($matches[1])).' '.$matches[2] - : $this->protect_identifiers($part); - } - - $temp[] = $part; - } - - $orderby = implode(', ', $temp); + $qb_orderby[] = array(array('field' => $orderby, 'direction' => $direction, $escape => FALSE)); } - elseif ($direction !== $this->_random_keyword && $escape === TRUE) + else { - $orderby = preg_match('/^(.+)\s+(ASC|DESC)$/i', $orderby, $matches) - ? $this->protect_identifiers(rtrim($matches[1])).' '.$matches[2] - : $this->protect_identifiers($orderby); + $qb_orderby = array(); + foreach (explode(',', $orderby) as $field) + { + $qb_orderby[] = ($direction === '' && preg_match('/\s+(ASC|DESC)$/i', rtrim($field), $match, PREG_OFFSET_CAPTURE)) + ? array('field' => ltrim(substr($field, 0, $match[0][1])), 'direction' => ' '.$match[1][0], 'escape' => TRUE) + : array('field' => trim($field), 'direction' => $direction, 'escape' => TRUE); + } } - $this->qb_orderby[] = $orderby_statement = $orderby.$direction; - + $this->qb_orderby = array_merge($this->qb_orderby, $qb_orderby); if ($this->qb_caching === TRUE) { - $this->qb_cache_orderby[] = $orderby_statement; + $this->qb_cache_orderby = array_merge($this->qb_cache_orderby, $qb_orderby); $this->qb_cache_exists[] = 'orderby'; } @@ -2023,20 +2019,10 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $sql .= "\n".implode("\n", $this->qb_join); } - // WHERE - $sql .= $this->_compile_wh('qb_where'); - - // GROUP BY - $sql .= $this->_compile_group_by(); - - // HAVING - $sql .= $this->_compile_wh('qb_having'); - - // ORDER BY - if (count($this->qb_orderby) > 0) - { - $sql .= "\nORDER BY ".implode(', ', $this->qb_orderby); - } + $sql .= $this->_compile_wh('qb_where') + .$this->_compile_group_by() + .$this->_compile_wh('qb_having') + .$this->_compile_order_by(); // ORDER BY // LIMIT if ($this->qb_limit) @@ -2136,6 +2122,41 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // -------------------------------------------------------------------- + /** + * Compile ORDER BY + * + * Escapes identifiers in ORDER BY statements at execution time. + * + * Required so that aliases are tracked properly, regardless of wether + * order_by() is called prior to from(), join() and dbprefix is added + * only if needed. + * + * @return string SQL statement + */ + protected function _compile_order_by() + { + if (count($this->qb_orderby) > 0) + { + $sql = "\nORDER BY "; + + for ($i = 0, $c = count($this->qb_orderby); $i < $c; $i++) + { + if ($this->qb_orderby[$i]['escape'] !== FALSE) + { + $this->qb_orderby[$i]['field'] = $this->protect_identifiers($field); + } + + $this->qb_orderby[$i] = $this->qb_orderby[$i]['field'].$this->qb_orderby[$i]['direction']; + } + + $sql .= implode(', ', $this->qb_orderby); + } + + return ''; + } + + // -------------------------------------------------------------------- + /** * Object to Array * -- cgit v1.2.3-24-g4f1b From cd50592b26a26a2e55fc193529a2463d9a465378 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 6 Oct 2012 21:27:01 +0300 Subject: Fix issue #1257 --- system/database/DB_query_builder.php | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 479b7f24a..8bd2ab53c 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1521,24 +1521,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // -------------------------------------------------------------------- - /** - * From Tables - * - * This public function implicitly groups FROM tables so there is no confusion - * about operator precedence in harmony with SQL standards - * - * @param array - * @return string - */ - protected function _from_tables($tables) - { - is_array($tables) OR $tables = array($tables); - - return (count($tables) === 1) ? $tables[0] : '('.implode(', ', $tables).')'; - } - - // -------------------------------------------------------------------- - /** * Get UPDATE query string * @@ -2058,7 +2040,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // Write the "FROM" portion of the query if (count($this->qb_from) > 0) { - $sql .= "\nFROM ".$this->_from_tables($this->qb_from); + $sql .= "\nFROM ".implode(', ', $this->qb_from); } // Write the "JOIN" portion of the query -- cgit v1.2.3-24-g4f1b From 7eaa14f144f9aeab8fc388b6bed3390e5f815508 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 9 Oct 2012 11:34:01 +0300 Subject: Alter fix for issue #1257 --- system/database/DB_query_builder.php | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 8bd2ab53c..c77648b38 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1521,6 +1521,23 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // -------------------------------------------------------------------- + /** + * FROM tables + * + * Groups tables in FROM clauses if needed, so there is no confusion + * about operator precedence. + * + * Note: This is only used (and overriden) by MySQL and CUBRID. + * + * @return string + */ + protected function _from_tables() + { + return implode(', ', $this->qb_from); + } + + // -------------------------------------------------------------------- + /** * Get UPDATE query string * @@ -2040,7 +2057,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // Write the "FROM" portion of the query if (count($this->qb_from) > 0) { - $sql .= "\nFROM ".implode(', ', $this->qb_from); + $sql .= "\nFROM ".$this->from_tables(); } // Write the "JOIN" portion of the query -- cgit v1.2.3-24-g4f1b From e78f81537c0859c6ee5b80a09fe63fa946122f01 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 9 Oct 2012 11:38:38 +0300 Subject: Missed an underscore ... doh --- system/database/DB_query_builder.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index c77648b38..54510ec2e 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -2057,7 +2057,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // Write the "FROM" portion of the query if (count($this->qb_from) > 0) { - $sql .= "\nFROM ".$this->from_tables(); + $sql .= "\nFROM ".$this->_from_tables(); } // Write the "JOIN" portion of the query -- cgit v1.2.3-24-g4f1b From 9d3aa1bc9f09c226ce0a55c285cb7fe808db5fa7 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 12 Oct 2012 12:14:09 +0300 Subject: Fix _get_operator() for 'LIKE expr ESCAPE' --- system/database/DB_query_builder.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 139f467e6..9c6cb7e45 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -2050,8 +2050,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { if (count($this->$qb_key) > 0) { - $sql = ($qb_key === 'qb_having') ? "\nHAVING " : "\nWHERE "; - for ($i = 0, $c = count($this->$qb_key); $i < $c; $i++) { if ($this->{$qb_key}[$i]['escape'] === FALSE) @@ -2081,7 +2079,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver { .' '.trim($matches[4]).$matches[5].$matches[6]; } - return implode("\n", $this->$qb_key); + return ($qb_key === 'qb_having' ? "\nHAVING " : "\nWHERE ") + .implode("\n", $this->$qb_key); } return ''; -- cgit v1.2.3-24-g4f1b From 13f5054a478ee52a9ef262216248337ef40d6677 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 12 Oct 2012 12:31:02 +0300 Subject: Fix delete() with multiple tables and an erroneous variable --- system/database/DB_query_builder.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 9c6cb7e45..ab04e4db2 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1832,10 +1832,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { foreach ($table as $single_table) { - $this->delete($single_table, $where, $limit, FALSE); + $this->delete($single_table, $where, $limit, $reset_data); } - - $this->_reset_write(); return; } else @@ -2109,7 +2107,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { $this->qb_groupby[$i] = ($this->qb_groupby[$i]['escape'] === FALSE) ? $this->qb_groupby[$i]['field'] - : $this->protect_identifiers($qb_groupby[$i]['field']); + : $this->protect_identifiers($this->qb_groupby[$i]['field']); } $sql .= implode(', ', $this->qb_groupby); -- cgit v1.2.3-24-g4f1b From 0bcf590db467e4aeb755e79daaccd38c83fe2439 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 12 Oct 2012 13:03:29 +0300 Subject: Fix having(), group_by() --- system/database/DB_query_builder.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index ab04e4db2..ac8ff48a3 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -920,7 +920,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param bool * @return object */ - public function having($key, $value = '', $escape = NULL) + public function having($key, $value = NULL, $escape = NULL) { return $this->_wh('qb_having', $key, $value, 'AND ', $escape); } @@ -937,7 +937,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param bool * @return object */ - public function or_having($key, $value = '', $escape = NULL) + public function or_having($key, $value = NULL, $escape = NULL) { return $this->_wh('qb_having', $key, $value, 'OR ', $escape); } @@ -1812,7 +1812,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param mixed the where clause * @param mixed the limit clause * @param bool - * @return object + * @return mixed */ public function delete($table = '', $where = '', $limit = NULL, $reset_data = TRUE) { @@ -2101,8 +2101,6 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { if (count($this->qb_groupby) > 0) { - $sql = "\nGROUP BY "; - for ($i = 0, $c = count($this->qb_groupby); $i < $c; $i++) { $this->qb_groupby[$i] = ($this->qb_groupby[$i]['escape'] === FALSE) @@ -2110,7 +2108,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { : $this->protect_identifiers($this->qb_groupby[$i]['field']); } - $sql .= implode(', ', $this->qb_groupby); + return "\nGROUP BY ".implode(', ', $this->qb_groupby); } return ''; -- cgit v1.2.3-24-g4f1b From f2ec8b870e29e0bf346e7adf1968b0f7660669b6 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 12 Oct 2012 14:01:13 +0300 Subject: Fix where() with literal multiple conditions --- system/database/DB_query_builder.php | 43 ++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 16 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index ac8ff48a3..49592840b 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -2056,25 +2056,36 @@ abstract class CI_DB_query_builder extends CI_DB_driver { continue; } - $op = preg_quote($this->_get_operator($this->{$qb_key}[$i]['condition'])); - if ( ! preg_match('/^(\s*(?:AND|OR)\s+)?(\(?)(.*)('.$op.')(.*(?{$qb_key}[$i]['condition'], $matches)) + // Split multiple conditions + $conditions = preg_split( + '/(\s*AND\s+|\s*OR\s+)/i', + $this->{$qb_key}[$i]['condition'], + -1, + PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY + ); + + for ($ci = 0, $cc = count($conditions); $ci < $cc; $ci++) { - $this->{$qb_key}[$i] = $this->{$qb_key}[$i]['condition']; - continue; + if (($op = $this->_get_operator($conditions[$ci])) === FALSE + OR ! preg_match('/^(\(?)(.*)('.preg_quote($op).')(.*(? '(test <= foo)', /* the whole thing */ + // 1 => '(', /* optional */ + // 2 => 'test', /* the field name */ + // 3 => ' <= ', /* $op */ + // 4 => 'foo', /* optional, if $op is e.g. 'IS NULL' */ + // 5 => ')' /* optional */ + // ); + empty($matches[4]) OR $matches[4] = ' '.$this->protect_identifiers(trim($matches[4])); + $conditions[$ci] = $matches[1].$this->protect_identifiers(trim($matches[2])) + .' '.trim($matches[3]).$matches[4].$matches[5]; } - // $matches = array( - // 0 => 'OR (test <= foo)', /* the whole thing */ - // 1 => 'OR ', /* optional */ - // 2 => '(', /* optional */ - // 3 => 'test', /* the field name */ - // 4 => ' <= ', /* $op */ - // 5 => 'foo', /* optional, if $op is e.g. 'IS NULL' */ - // 6 => ')' /* optional */ - // ); - empty($matches[5]) OR $matches[5] = ' '.$this->protect_identifiers(trim($matches[5])); - $this->{$qb_key}[$i] = $matches[1].$matches[2].$this->protect_identifiers(trim($matches[3])) - .' '.trim($matches[4]).$matches[5].$matches[6]; + $this->{$qb_key}[$i] = implode('', $conditions); } return ($qb_key === 'qb_having' ? "\nHAVING " : "\nWHERE ") -- cgit v1.2.3-24-g4f1b From cc02db959db576f256eb62887d326493e44d45af Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 12 Oct 2012 14:30:10 +0300 Subject: Fix where_in() --- system/database/DB_query_builder.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 49592840b..54fb50f6a 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -599,7 +599,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $where_in = array(); foreach ($values as $value) { - $wherein[] = $this->escape($value); + $where_in[] = $this->escape($value); } $prefix = (count($this->qb_where) === 0) ? $this->_group_get_type('') : $this->_group_get_type($type); -- cgit v1.2.3-24-g4f1b From fc043b3d00a94c473a03cd6927e83e3518e391c0 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 12 Oct 2012 14:46:14 +0300 Subject: Fix order_by() --- system/database/DB_query_builder.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 54fb50f6a..936d114bd 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -2148,7 +2148,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { if ($this->qb_orderby[$i]['escape'] !== FALSE) { - $this->qb_orderby[$i]['field'] = $this->protect_identifiers($field); + $this->qb_orderby[$i]['field'] = $this->protect_identifiers($this->qb_orderby[$i]['field']); } $this->qb_orderby[$i] = $this->qb_orderby[$i]['field'].$this->qb_orderby[$i]['direction']; -- cgit v1.2.3-24-g4f1b From a23e10fd2369cc85c4b942c5de6a8cf05a5b2b67 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 12 Oct 2012 14:54:25 +0300 Subject: Really fix order_by() --- system/database/DB_query_builder.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 936d114bd..4f89d78d0 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -2154,7 +2154,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $this->qb_orderby[$i] = $this->qb_orderby[$i]['field'].$this->qb_orderby[$i]['direction']; } - $sql .= implode(', ', $this->qb_orderby); + return "\nORDER BY ".implode(', ', $this->qb_orderby); } return ''; -- cgit v1.2.3-24-g4f1b From 082aa4025ff5764cf10d429903bf48f66a65ce9e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 22 Oct 2012 19:41:55 +0300 Subject: Fix where() & having() escaping/prefixing literal values containing a period --- system/database/DB_query_builder.php | 44 ++++++++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 4 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 4f89d78d0..1ab165835 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -2067,7 +2067,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { for ($ci = 0, $cc = count($conditions); $ci < $cc; $ci++) { if (($op = $this->_get_operator($conditions[$ci])) === FALSE - OR ! preg_match('/^(\(?)(.*)('.preg_quote($op).')(.*(? 'foo', /* optional, if $op is e.g. 'IS NULL' */ // 5 => ')' /* optional */ // ); - empty($matches[4]) OR $matches[4] = ' '.$this->protect_identifiers(trim($matches[4])); + + if ( ! empty($matches[4])) + { + $this->_is_literal($matches[4]) OR $matches[4] = $this->protect_identifiers(trim($matches[4])); + $matches[4] = ' '.$matches[4]; + } + $conditions[$ci] = $matches[1].$this->protect_identifiers(trim($matches[2])) .' '.trim($matches[3]).$matches[4].$matches[5]; } @@ -2114,7 +2120,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { { for ($i = 0, $c = count($this->qb_groupby); $i < $c; $i++) { - $this->qb_groupby[$i] = ($this->qb_groupby[$i]['escape'] === FALSE) + $this->qb_groupby[$i] = ($this->qb_groupby[$i]['escape'] === FALSE OR $this->_is_literal($this->qb_groupby[$i]['field'])) ? $this->qb_groupby[$i]['field'] : $this->protect_identifiers($this->qb_groupby[$i]['field']); } @@ -2146,7 +2152,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { for ($i = 0, $c = count($this->qb_orderby); $i < $c; $i++) { - if ($this->qb_orderby[$i]['escape'] !== FALSE) + if ($this->qb_orderby[$i]['escape'] !== FALSE && ! $this->_is_literal($this->qb_orderby[$i]['field'])) { $this->qb_orderby[$i]['field'] = $this->protect_identifiers($this->qb_orderby[$i]['field']); } @@ -2323,6 +2329,36 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // -------------------------------------------------------------------- + /** + * Is literal + * + * Determines if a string represents a literal value or a field name + * + * @param string + * @return bool + */ + protected function _is_literal($str) + { + $str = trim($str); + + if (empty($str)) + { + return TRUE; + } + + static $_str; + + if (empty($_str)) + { + $_str = ($this->_escape_char !== '"') + ? array('"', "'") : array("'"); + } + + return (ctype_digit($str) OR in_array($str[0], $_str, TRUE)); + } + + // -------------------------------------------------------------------- + /** * Reset Query Builder values. * -- cgit v1.2.3-24-g4f1b From a53ea846b045e57ebd94463e463965124eba7142 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 23 Oct 2012 12:44:09 +0300 Subject: Alter _compile_order_by() to re-fix MSSQL, SQLSRV limit() --- system/database/DB_query_builder.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 1ab165835..0eb5a9e45 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -2146,10 +2146,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver { */ protected function _compile_order_by() { - if (count($this->qb_orderby) > 0) + if (is_array($this->qb_orderby) && count($this->qb_orderby) > 0) { - $sql = "\nORDER BY "; - for ($i = 0, $c = count($this->qb_orderby); $i < $c; $i++) { if ($this->qb_orderby[$i]['escape'] !== FALSE && ! $this->_is_literal($this->qb_orderby[$i]['field'])) @@ -2160,7 +2158,11 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $this->qb_orderby[$i] = $this->qb_orderby[$i]['field'].$this->qb_orderby[$i]['direction']; } - return "\nORDER BY ".implode(', ', $this->qb_orderby); + return $this->qb_orderby = "\nORDER BY ".implode(', ', $this->qb_orderby); + } + elseif (is_string($this->qb_orderby)) + { + return $this->qb_orderby; } return ''; -- cgit v1.2.3-24-g4f1b From 93dd2f2896979258fe52eaf937a3c0855b4bbcf1 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 24 Oct 2012 10:09:18 +0300 Subject: Fix issue #1925 (order_by() with = FALSE) --- system/database/DB_query_builder.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 0eb5a9e45..a6e6e595f 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -975,7 +975,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { if ($escape === FALSE) { - $qb_orderby[] = array(array('field' => $orderby, 'direction' => $direction, $escape => FALSE)); + $qb_orderby[] = array('field' => $orderby, 'direction' => $direction, 'escape' => FALSE); } else { -- cgit v1.2.3-24-g4f1b From 5fd3ae8d33a4f5d3159b86683b9a670e973a63f5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 24 Oct 2012 14:55:35 +0300 Subject: [ci skip] style and phpdoc-related changes (rel #1295) --- system/database/DB_query_builder.php | 68 +++++++++++++++++++++--------------- 1 file changed, 39 insertions(+), 29 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index a6e6e595f..5fc3d1866 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -182,15 +182,17 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // -------------------------------------------------------------------- /** - * Processing Function for the four functions above: + * Processing Function for the following functions: * * select_max() * select_min() * select_avg() * select_sum() * - * @param string the field - * @param string an alias + * + * @param string $select = '' field name + * @param string $alias = '' + * @param string $type = 'MAX' * @return object */ protected function _max_min_avg_sum($select = '', $alias = '', $type = 'MAX') @@ -504,11 +506,12 @@ abstract class CI_DB_query_builder extends CI_DB_driver { /** * Where_in * - * Generates a WHERE field IN ('item', 'item') SQL query joined with + * Generates a WHERE field IN('item', 'item') SQL query joined with * AND if appropriate * - * @param string The field to search - * @param array The values searched on + * @param string $key = NULL The field to search + * @param array $values = NULL The values searched on + * @param bool $escape = NULL * @return object */ public function where_in($key = NULL, $values = NULL, $escape = NULL) @@ -519,13 +522,14 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // -------------------------------------------------------------------- /** - * Where_in_or + * Or_where_in * - * Generates a WHERE field IN ('item', 'item') SQL query joined with + * Generates a WHERE field IN('item', 'item') SQL query joined with * OR if appropriate * - * @param string The field to search - * @param array The values searched on + * @param string $key = NULL The field to search + * @param array $values = NULL The values searched on + * @param bool $escape = NULL * @return object */ public function or_where_in($key = NULL, $values = NULL, $escape = NULL) @@ -538,11 +542,12 @@ abstract class CI_DB_query_builder extends CI_DB_driver { /** * Where_not_in * - * Generates a WHERE field NOT IN ('item', 'item') SQL query joined + * Generates a WHERE field NOT IN('item', 'item') SQL query joined * with AND if appropriate * - * @param string The field to search - * @param array The values searched on + * @param string $key = NULL The field to search + * @param array $values = NULL The values searched on + * @param bool $escape = NULL * @return object */ public function where_not_in($key = NULL, $values = NULL, $escape = NULL) @@ -553,13 +558,14 @@ abstract class CI_DB_query_builder extends CI_DB_driver { // -------------------------------------------------------------------- /** - * Where_not_in_or + * Or_where_not_in * - * Generates a WHERE field NOT IN ('item', 'item') SQL query joined + * Generates a WHERE field NOT IN('item', 'item') SQL query joined * with OR if appropriate * - * @param string The field to search - * @param array The values searched on + * @param string $key = NULL The field to search + * @param array $values = NULL The values searched on + * @param bool $escape = NULL * @return object */ public function or_where_not_in($key = NULL, $values = NULL, $escape = NULL) @@ -572,12 +578,13 @@ abstract class CI_DB_query_builder extends CI_DB_driver { /** * Where_in * - * Called by where_in, where_in_or, where_not_in, where_not_in_or + * Called by where_in(), or_where_in(), where_not_in(), or_where_not_in() * - * @param string The field to search - * @param array The values searched on - * @param bool If the statement would be IN or NOT IN - * @param string + * @param string $key = NULL The field to search + * @param array $values = NULL The values searched on + * @param bool $not = FALSE If the statement would be IN or NOT IN + * @param string $type = 'AND ' + * @param bool $escape = NULL * @return object */ protected function _where_in($key = NULL, $values = NULL, $not = FALSE, $type = 'AND ', $escape = NULL) @@ -1174,9 +1181,10 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * * Allows the where clause, limit and offset to be added directly * - * @param string the where clause - * @param string the limit clause - * @param string the offset clause + * @param string $table = '' + * @param string $where = NULL + * @param int $limit = NULL + * @param int $offset = NULL * @return object */ public function get_where($table = '', $where = NULL, $limit = NULL, $offset = NULL) @@ -1535,9 +1543,10 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * * Compiles an update string and runs the query * - * @param string the table to retrieve the results from - * @param array an associative array of update values - * @param mixed the where clause + * @param string $table = '' + * @param array $set = NULL an associative array of update values + * @param mixed $where = NULL + * @param int $limit = NULL * @return object */ public function update($table = '', $set = NULL, $where = NULL, $limit = NULL) @@ -1967,8 +1976,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * Compile the SELECT statement * * Generates a query string based on which functions were used. - * Should not be called directly. The get() function calls it. + * Should not be called directly. * + * @param bool $select_override = FALSE * @return string */ protected function _compile_select($select_override = FALSE) -- cgit v1.2.3-24-g4f1b From 9f808b0a77eac21bc84f9d729817be54b37905a1 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 24 Oct 2012 17:38:48 +0300 Subject: An alternative to affected_rows() for insert_batch() and update_batch() (ref #126) --- system/database/DB_query_builder.php | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'system/database/DB_query_builder.php') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 5fc3d1866..5ea9643fe 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1216,9 +1216,9 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * * Compiles batch insert strings and runs the queries * - * @param string the table to retrieve the results from - * @param array an associative array of insert values - * @return object + * @param string $table = '' table to insert into + * @param array $set an associative array of insert values + * @return int number of rows inserted or FALSE on failure */ public function insert_batch($table = '', $set = NULL) { @@ -1229,12 +1229,8 @@ abstract class CI_DB_query_builder extends CI_DB_driver { if (count($this->qb_set) === 0) { - if ($this->db_debug) - { - // No valid data array. Folds in cases where keys and values did not match up - return $this->display_error('db_must_use_set'); - } - return FALSE; + // No valid data array. Folds in cases where keys and values did not match up + return ($this->db_debug) ? $this->display_error('db_must_use_set') : FALSE; } if ($table === '') @@ -1248,13 +1244,15 @@ abstract class CI_DB_query_builder extends CI_DB_driver { } // Batch this baby + $affected_rows = 0; for ($i = 0, $total = count($this->qb_set); $i < $total; $i += 100) { $this->query($this->_insert_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), $this->qb_keys, array_slice($this->qb_set, $i, 100))); + $affected_rows += $this->affected_rows(); } $this->_reset_write(); - return TRUE; + return $affected_rows; } // -------------------------------------------------------------------- @@ -1621,7 +1619,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param string the table to retrieve the results from * @param array an associative array of update values * @param string the where key - * @return bool + * @return int number of rows affected or FALSE on failure */ public function update_batch($table = '', $set = NULL, $index = NULL) { @@ -1654,13 +1652,15 @@ abstract class CI_DB_query_builder extends CI_DB_driver { } // Batch this baby + $affected_rows = 0; for ($i = 0, $total = count($this->qb_set); $i < $total; $i += 100) { $this->query($this->_update_batch($this->protect_identifiers($table, TRUE, NULL, FALSE), array_slice($this->qb_set, $i, 100), $this->protect_identifiers($index))); + $affected_rows += $this->affected_rows(); } $this->_reset_write(); - return TRUE; + return $affected_rows; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b