/** Create SQL condition from parsed query string * @param array parsed query string * @param array * @return string */ function where($where, $fields = array()) { global $connection, $jush; $return = array(); foreach ((array) $where["where"] as $key => $val) { $key = bracket_escape($key, 1); // 1 - back $column = escape_key($key); $return[] = $column . ($jush == "sql" && preg_match('~^[0-9]*\\.[0-9]*$~', $val) || $jush == "mssql" ? " LIKE " . q(addcslashes($val, "%_\\")) : " = " . unconvert_field($fields[$key], q($val))); //! enum and set if ($jush == "sql" && preg_match('~char|text~', $fields[$key]["type"]) && preg_match("~[^ -@]~", $val)) { // not just [a-z] to catch non-ASCII characters $return[] = "{$column} = " . q($val) . " COLLATE " . charset($connection) . "_bin"; } } foreach ((array) $where["null"] as $key) { $return[] = escape_key($key) . " IS NULL"; } return implode(" AND ", $return); }
/** Export table data * @param string * @param string * @param string * @return null prints data */ function dumpData($table, $style, $query) { global $connection, $jush; $max_packet = $jush == "sqlite" ? 0 : 1048576; // default, minimum is 1024 if ($style) { if ($_POST["format"] == "sql") { if ($style == "TRUNCATE+INSERT") { echo truncate_sql($table) . ";\n"; } $fields = fields($table); } $result = $connection->query($query, 1); // 1 - MYSQLI_USE_RESULT //! enum and set as numbers if ($result) { $insert = ""; $buffer = ""; $keys = array(); $suffix = ""; $fetch_function = $table != '' ? 'fetch_assoc' : 'fetch_row'; while ($row = $result->{$fetch_function}()) { if (!$keys) { $values = array(); foreach ($row as $val) { $field = $result->fetch_field(); $keys[] = $field->name; $key = idf_escape($field->name); $values[] = "{$key} = VALUES({$key})"; } $suffix = ($style == "INSERT+UPDATE" ? "\nON DUPLICATE KEY UPDATE " . implode(", ", $values) : "") . ";\n"; } if ($_POST["format"] != "sql") { if ($style == "table") { dump_csv($keys); $style = "INSERT"; } dump_csv($row); } else { if (!$insert) { $insert = "INSERT INTO " . table($table) . " (" . implode(", ", array_map('idf_escape', $keys)) . ") VALUES"; } foreach ($row as $key => $val) { $field = $fields[$key]; $row[$key] = $val !== null ? unconvert_field($field, preg_match('~(^|[^o])int|float|double|decimal~', $field["type"]) && $val != '' ? $val : q($val)) : "NULL"; } $s = ($max_packet ? "\n" : " ") . "(" . implode(",\t", $row) . ")"; if (!$buffer) { $buffer = $insert . $s; } elseif (strlen($buffer) + 4 + strlen($s) + strlen($suffix) < $max_packet) { // 4 - length specification $buffer .= ",{$s}"; } else { echo $buffer . $suffix; $buffer = $insert . $s; } } } if ($buffer) { echo $buffer . $suffix; } } elseif ($_POST["format"] == "sql") { echo "-- " . str_replace("\n", " ", $connection->error) . "\n"; } } }
/** Create SQL condition from parsed query string * @param array parsed query string * @param array * @return string */ function where($where, $fields = array()) { global $jush; $return = array(); $function_pattern = '(^[\\w\\(]+(' . str_replace("_", ".*", preg_quote(idf_escape("_"))) . ')?\\)+$)'; //! columns looking like functions foreach ((array) $where["where"] as $key => $val) { $key = bracket_escape($key, 1); // 1 - back $column = preg_match($function_pattern, $key) ? $key : idf_escape($key); //! SQL injection $return[] = $column . ($jush == "sql" && preg_match('~^[0-9]*\\.[0-9]*$~', $val) || $jush == "mssql" ? " LIKE " . q(addcslashes($val, "%_\\")) : " = " . unconvert_field($fields[$key], q($val))); //! enum and set if ($jush == "sql" && preg_match('~char|text~', $fields[$key]["type"]) && preg_match("~[^ -@]~", $val)) { // not just [a-z] to catch non-ASCII characters $return[] = "{$column} = " . q($val) . " COLLATE utf8_bin"; } } foreach ((array) $where["null"] as $key) { $return[] = (preg_match($function_pattern, $key) ? $key : idf_escape($key)) . " IS NULL"; } return implode(" AND ", $return); }