/** * return the SQL string corresponding to the given column. * private method, should be used only by a jDbTable object * @param jDbColumn $col the column * @return string the sql string * @access private */ function _prepareSqlColumn($col) { $this->normalizeColumn($col); $colstr = $this->conn->encloseName($col->name) . ' ' . $col->nativeType; if ($col->length) { $colstr .= '(' . $col->length . ')'; } $colstr .= $col->notNull ? ' NOT NULL' : ' NULL'; if ($col->hasDefault && !$col->autoIncrement) { if (!($col->notNull && $col->default === null)) { if ($col->default === null) { $colstr .= ' DEFAULT NULL'; } else { $colstr .= ' DEFAULT ' . $this->conn->quote($col->default); } } } return $colstr; }
/** * @internal it don't support isExpr property of a condition because of security issue (SQL injection) * because the value could be provided by a form, it is escaped in any case */ protected final function _generateCondition($condition, &$fields, $forSelect, $principal = true) { $r = ' '; $notfirst = false; foreach ($condition->conditions as $cond) { if ($notfirst) { $r .= ' ' . $condition->glueOp . ' '; } else { $notfirst = true; } if (!isset($fields[$cond['field_id']])) { throw new jException('jelix~dao.error.property.unknown', $cond['field_id']); } $prop = $fields[$cond['field_id']]; if ($forSelect) { $prefixNoCondition = $this->_conn->encloseName($this->_tables[$prop['table']]['name']) . '.' . $this->_conn->encloseName($prop['fieldName']); } else { $prefixNoCondition = $this->_conn->encloseName($prop['fieldName']); } $op = strtoupper($cond['operator']); $prefix = $prefixNoCondition . ' ' . $op . ' '; // ' ' for LIKE if ($op == 'IN' || $op == 'NOT IN') { if (is_array($cond['value'])) { $values = array(); foreach ($cond['value'] as $value) { $values[] = $this->_prepareValue($value, $prop['unifiedType']); } $values = join(',', $values); } else { $values = $cond['value']; } $r .= $prefix . '(' . $values . ')'; } else { if ($op == 'LIKE' || $op == 'NOT LIKE') { $type = 'varchar'; } else { $type = $prop['unifiedType']; } if (!is_array($cond['value'])) { $value = $this->_prepareValue($cond['value'], $type); if ($cond['value'] === null) { if (in_array($op, array('=', 'LIKE', 'IS', 'IS NULL'))) { $r .= $prefixNoCondition . ' IS NULL'; } else { $r .= $prefixNoCondition . ' IS NOT NULL'; } } else { $r .= $prefix . $value; } } else { $r .= ' ( '; $firstCV = true; foreach ($cond['value'] as $conditionValue) { if (!$firstCV) { $r .= ' or '; } $value = $this->_prepareValue($conditionValue, $type); if ($conditionValue === null) { if (in_array($op, array('=', 'LIKE', 'IS', 'IS NULL'))) { $r .= $prefixNoCondition . ' IS NULL'; } else { $r .= $prefixNoCondition . ' IS NOT NULL'; } } else { $r .= $prefix . $value; } $firstCV = false; } $r .= ' ) '; } } } //sub conditions foreach ($condition->group as $conditionDetail) { if ($notfirst) { $r .= ' ' . $condition->glueOp . ' '; } else { $notfirst = true; } $r .= $this->_generateCondition($conditionDetail, $fields, $forSelect, false); } //adds parenthesis around the sql if needed (non empty) if (strlen(trim($r)) > 0 && !$principal) { $r = '(' . $r . ')'; } return $r; }