/** * Builds custom sql query * * Marks database objects and escapes strings (passed in params array) * * @param Database_Query $oQuery * @return string */ protected function buildSqlCustomQuery(Database_Query $oQuery) { $sStatement = $oQuery->sql(); $aParams = $oQuery->params(); if (empty($aParams)) { return $sStatement; } $iFoundedParams = preg_match_all('!%([osdf])!', $sStatement, $aMatches); // Check if there is enough params for statement if (count($aParams) != $iFoundedParams) { throw new Lithium_Exception_Database('database.incorrect_query_params'); } // Additional protection if matching fails if (empty($aMatches[1])) { throw new Lithium_Exception('database.matching_variables_failed', $sStatement); } foreach ($aMatches[1] as $iIndex => $sPType) { switch ($sPType) { case 'o': $aParams[$iIndex] = $this->markDatabaseObject($aParams[$iIndex]); break; case 'd': $aParams[$iIndex] = (int) $aParams[$iIndex]; break; case 'f': $aParams[$iIndex] = (double) $aParams[$iIndex]; break; case 's': $aParams[$iIndex] = $this->escapeString($aParams[$iIndex]); break; } } // Replace mark tak will not be recognized by sprintf function $sStatement = str_replace('%o', '%s', $sStatement); // Add statement as a first param array_unshift($aParams, $sStatement); // Put params into statement and return it return call_user_func_array('sprintf', $aParams); }