/**
* Builds custom sql query
*
* Marks database objects and escapes strings (passed in params array)
*
* @param Database_Query $oQuery
* @return string
*/
protected function buildSqlCustomQuery(Database_Query $oQuery)
{
$sStatement = $oQuery->sql();
$aParams = $oQuery->params();
if (empty($aParams)) {
return $sStatement;
}
$iFoundedParams = preg_match_all('!%([osdf])!', $sStatement, $aMatches);
// Check if there is enough params for statement
if (count($aParams) != $iFoundedParams) {
throw new Lithium_Exception_Database('database.incorrect_query_params');
}
// Additional protection if matching fails
if (empty($aMatches[1])) {
throw new Lithium_Exception('database.matching_variables_failed', $sStatement);
}
foreach ($aMatches[1] as $iIndex => $sPType) {
switch ($sPType) {
case 'o':
$aParams[$iIndex] = $this->markDatabaseObject($aParams[$iIndex]);
break;
case 'd':
$aParams[$iIndex] = (int) $aParams[$iIndex];
break;
case 'f':
$aParams[$iIndex] = (double) $aParams[$iIndex];
break;
case 's':
$aParams[$iIndex] = $this->escapeString($aParams[$iIndex]);
break;
}
}
// Replace mark tak will not be recognized by sprintf function
$sStatement = str_replace('%o', '%s', $sStatement);
// Add statement as a first param
array_unshift($aParams, $sStatement);
// Put params into statement and return it
return call_user_func_array('sprintf', $aParams);
}
