/** Create SQL condition from parsed query string
* @param array parsed query string
* @param array
* @return string
*/
function where($where, $fields = array())
{
global $connection, $jush;
$return = array();
foreach ((array) $where["where"] as $key => $val) {
$key = bracket_escape($key, 1);
// 1 - back
$column = escape_key($key);
$return[] = $column . ($jush == "sql" && preg_match('~^[0-9]*\\.[0-9]*$~', $val) || $jush == "mssql" ? " LIKE " . q(addcslashes($val, "%_\\")) : " = " . unconvert_field($fields[$key], q($val)));
//! enum and set
if ($jush == "sql" && preg_match('~char|text~', $fields[$key]["type"]) && preg_match("~[^ -@]~", $val)) {
// not just [a-z] to catch non-ASCII characters
$return[] = "{$column} = " . q($val) . " COLLATE " . charset($connection) . "_bin";
}
}
foreach ((array) $where["null"] as $key) {
$return[] = escape_key($key) . " IS NULL";
}
return implode(" AND ", $return);
}
/** Export table data
* @param string
* @param string
* @param string
* @return null prints data
*/
function dumpData($table, $style, $query)
{
global $connection, $jush;
$max_packet = $jush == "sqlite" ? 0 : 1048576;
// default, minimum is 1024
if ($style) {
if ($_POST["format"] == "sql") {
if ($style == "TRUNCATE+INSERT") {
echo truncate_sql($table) . ";\n";
}
$fields = fields($table);
}
$result = $connection->query($query, 1);
// 1 - MYSQLI_USE_RESULT //! enum and set as numbers
if ($result) {
$insert = "";
$buffer = "";
$keys = array();
$suffix = "";
$fetch_function = $table != '' ? 'fetch_assoc' : 'fetch_row';
while ($row = $result->{$fetch_function}()) {
if (!$keys) {
$values = array();
foreach ($row as $val) {
$field = $result->fetch_field();
$keys[] = $field->name;
$key = idf_escape($field->name);
$values[] = "{$key} = VALUES({$key})";
}
$suffix = ($style == "INSERT+UPDATE" ? "\nON DUPLICATE KEY UPDATE " . implode(", ", $values) : "") . ";\n";
}
if ($_POST["format"] != "sql") {
if ($style == "table") {
dump_csv($keys);
$style = "INSERT";
}
dump_csv($row);
} else {
if (!$insert) {
$insert = "INSERT INTO " . table($table) . " (" . implode(", ", array_map('idf_escape', $keys)) . ") VALUES";
}
foreach ($row as $key => $val) {
$field = $fields[$key];
$row[$key] = $val !== null ? unconvert_field($field, preg_match('~(^|[^o])int|float|double|decimal~', $field["type"]) && $val != '' ? $val : q($val)) : "NULL";
}
$s = ($max_packet ? "\n" : " ") . "(" . implode(",\t", $row) . ")";
if (!$buffer) {
$buffer = $insert . $s;
} elseif (strlen($buffer) + 4 + strlen($s) + strlen($suffix) < $max_packet) {
// 4 - length specification
$buffer .= ",{$s}";
} else {
echo $buffer . $suffix;
$buffer = $insert . $s;
}
}
}
if ($buffer) {
echo $buffer . $suffix;
}
} elseif ($_POST["format"] == "sql") {
echo "-- " . str_replace("\n", " ", $connection->error) . "\n";
}
}
}
/** Create SQL condition from parsed query string
* @param array parsed query string
* @param array
* @return string
*/
function where($where, $fields = array())
{
global $jush;
$return = array();
$function_pattern = '(^[\\w\\(]+(' . str_replace("_", ".*", preg_quote(idf_escape("_"))) . ')?\\)+$)';
//! columns looking like functions
foreach ((array) $where["where"] as $key => $val) {
$key = bracket_escape($key, 1);
// 1 - back
$column = preg_match($function_pattern, $key) ? $key : idf_escape($key);
//! SQL injection
$return[] = $column . ($jush == "sql" && preg_match('~^[0-9]*\\.[0-9]*$~', $val) || $jush == "mssql" ? " LIKE " . q(addcslashes($val, "%_\\")) : " = " . unconvert_field($fields[$key], q($val)));
//! enum and set
if ($jush == "sql" && preg_match('~char|text~', $fields[$key]["type"]) && preg_match("~[^ -@]~", $val)) {
// not just [a-z] to catch non-ASCII characters
$return[] = "{$column} = " . q($val) . " COLLATE utf8_bin";
}
}
foreach ((array) $where["null"] as $key) {
$return[] = (preg_match($function_pattern, $key) ? $key : idf_escape($key)) . " IS NULL";
}
return implode(" AND ", $return);
}
