function q_str($value, $addquote = true)
{
if (!$this->conn) {
$this->connect();
}
if (is_bool($value)) {
return $value ? 1 : 0;
}
if (is_null($value)) {
return 'NULL';
}
$value = stripslashes($value);
if ($this->type == "PDO") {
if ($addquote) {
return $this->conn->quote($value);
} else {
return $value;
}
} else {
if ($this->type == "SQLite3") {
$value = $this->conn->escapeString($value);
return $addquote ? "'" . $value . "'" : $value;
} else {
$value = sqlite_escape_string($value);
return $addquote ? "'" . $value . "'" : $value;
}
}
}
/**
* Quote Trusted Value
*
* The ability to quote values without notices
*
* @param $value
* @return mixed
*/
public function quoteTrustedValue($value)
{
if ($this->resource instanceof \PDO) {
return $this->resource->quote($value);
}
return '\'' . str_replace('\'', '\'\'', $value) . '\'';
}
/**
* Add items on the database
*
* @param Integer $feed_id ToDo desc
* @param Array $items ToDo desc
*
* @return void
*/
public function addItems($feed_id, $items)
{
if (empty($items)) {
return;
}
$items = array_slice($items, 0, intval($this->getConfig('FeedTicker.itemsLimit', 5)));
$dli = intval($this->getConfig('FeedTicker.dateLimit', 60 * 60 * 24 * 7));
$dateLimit = time() - $dli;
$q = $this->db->prepare('INSERT INTO ft_items (
feed_id, updated, title, link, author, read
) VALUES (
:feed_id, :updated, :title, :link, :author, :read
)');
foreach ($items as $i) {
if (!empty($i['updated']) and $i['updated'] < $dateLimit) {
continue;
}
// Check if this item already exists
$sql = 'SELECT COUNT(*) FROM ft_items WHERE feed_id = ' . $this->db->quote($feed_id) . ' AND link = ' . $this->db->quote(trim($i['link']));
$opa = $this->db->query($sql)->fetchColumn();
if ((bool) $this->db->query($sql)->fetchColumn()) {
continue;
}
$q->execute(array(':feed_id' => $feed_id, ':updated' => trim($i['updated']), ':title' => trim($i['title']), ':link' => trim($i['link']), ':author' => trim($i['author']), ':read' => 0));
}
}
/**
* {@inheritDoc}
*
* @param string $str string to escape
* @return string a string which is safe to insert into the db
*/
function escapeString($str)
{
return substr($this->pdo->quote($str), 1, -1);
/*
pdo->quote adds quotes around string rather than
just escape. As existing code then adds an additional
pair of quotes we need to strip inner quotes
*/
}
/**
* Quote Trusted Value
*
* The ability to quote values without notices
*
* @param $value
* @return mixed
*/
public function quoteTrustedValue($value)
{
if (is_resource($this->resource)) {
return '\'' . pg_escape_string($this->resource, $value) . '\'';
}
if ($this->resource instanceof \PDO) {
return $this->resource->quote($value);
}
return '\'' . addcslashes($value, "\n\r\\'\"") . '\'';
}
/**
* 转义字符串
*
* @param string $value
* @return mixed
*/
function qstr($value)
{
if (is_bool($value)) {
return $value ? $this->TRUE_VALUE : $this->FALSE_VALUE;
}
if (is_null($value)) {
return $this->NULL_VALUE;
}
return $this->conn->quote($value);
}
/**
* Add escape characters for importing data
*
* @param string $str String to parse
* @return string
*/
public function escapeString($string)
{
try {
$string = $this->connection->quote($string);
return substr($string, 1, -1);
} catch (PDOException $e) {
$this->_loadError($link, $e);
}
return false;
}
/**
* {@inheritDoc}
*/
public function quoteTrustedValue($value)
{
if ($this->resource instanceof DriverInterface) {
$this->resource = $this->resource->getConnection()->getResource();
}
if ($this->resource instanceof \PDO) {
return $this->resource->quote($value);
}
return '\'' . str_replace('\'', '\'\'', $value) . '\'';
}
/**
* {@inheritDoc}
*/
public function quoteTrustedValue($value)
{
if ($this->resource instanceof DriverInterface) {
$this->resource = $this->resource->getConnection()->getResource();
}
if (is_resource($this->resource)) {
return '\'' . pg_escape_string($this->resource, $value) . '\'';
}
if ($this->resource instanceof \PDO) {
return $this->resource->quote($value);
}
return 'E' . parent::quoteTrustedValue($value);
}
public function escape($string)
{
if (get_magic_quotes_runtime()) {
$string = stripslashes($string);
}
if (function_exists($this->db->real_escape_string)) {
return $this->db->real_escape_string($string);
} elseif (function_exists($this->db->quote)) {
return $this->db->quote($string);
} else {
return $string;
}
}
/**
* Quote a string for a quote. Note you should generally use a bind!
* @param string $val Value to quote
* @param string $type Value type
* @return string
*/
public function quote($val, $type = \PDO::PARAM_STR)
{
return $this->_db->quote($val, $type);
}
/**
* Deletes old codes from sqlite database
*/
protected function purgeOldCodesFromDatabase()
{
if ($this->use_database && $this->pdo_conn) {
$now = time();
$limit = !is_numeric($this->expiry_time) || $this->expiry_time < 1 ? 86400 : $this->expiry_time;
$query = sprintf("DELETE FROM %s WHERE %s - created > %s", $this->database_table, $this->pdo_conn->quote($now, PDO::PARAM_INT), $this->pdo_conn->quote($limit, PDO::PARAM_INT));
$result = $this->pdo_conn->query($query);
}
}
/** Save migration status to database
*
* @param resource $db DB link
* @param string $file_name Migration file name
*
* @return boolean true on success, false on failure
*/
function migration_save($db, $file_name)
{
$query = "INSERT INTO migrations (version, apply_time) VALUES(" . $db->quote($file_name, 'text') . "," . $db->quote(time(), 'text') . ")";
return $db->query($query);
}
/**
* escape
* @param string $sql
* @param resource $connResource
* @return string
*/
public function escape($sql, $connResource)
{
// quote返回值带最前面和最后面的单引号, 这里去掉, DbHandler中加
return trim($connResource->quote($sql), "'");
}
/**
* Quotes a string for use in a query.
*
* @param string $string string to quote
*
* @return string
* @deprecated since version 2.6.0 - alpha 3. Switch to doctrine connector.
*/
public function quote($string)
{
$this->deprecated();
return $this->conn->quote($string);
}
/**
* Quotes a string for use in a query.
*
* @param mixed $value
* @return mixed
*/
public function quote($value)
{
return $this->_conn->quote($value);
}
/**
* Escape a string for use in SQL string
*
* @param string $str String to escape
* @return string The escaped string
*/
function escape($str)
{
return $this->conn->quote($str);
}
/**
* Determines if a table exists
*
* @param string $name Table name
*
* @return bool
*/
protected function haveTable($name)
{
$sql = 'SELECT COUNT(*) FROM sqlite_master WHERE name = ' . $this->db->quote($name);
return (bool) $this->db->query($sql)->fetchColumn();
}
/**
* Remove a stored code from the database based on captchaId or IP address.
*/
protected function clearCodeFromDatabase()
{
if ($this->pdo_conn) {
$ip = $_SERVER['REMOTE_ADDR'];
$ns = $this->pdo_conn->quote($this->namespace);
$id = Securimage::$_captchaId;
if (empty($id)) {
$id = $ip;
// if no captchaId set, IP address is captchaId.
}
$id = $this->pdo_conn->quote($id);
$query = sprintf("DELETE FROM %s WHERE id = %s AND namespace = %s", $this->database_table, $id, $ns);
$result = $this->pdo_conn->query($query);
if (!$result) {
trigger_error("Failed to delete code from database.", E_USER_WARNING);
}
}
}
