/** * Cleans and makes a value SQL safe depending on the type that is enforced. * @access private * * @param mixed $fieldValue * @param string $type * @return string */ function _sqlCleanQuote($fieldValue, $type) { $typeArray = explode(':', $type, 3); if (count($typeArray) < 2) { $typeArray = array('const', $type); } switch ($typeArray[1]) { case 'int': $value = (int) $fieldValue; break; case 'float': $value = (double) $fieldValue; break; case 'formula': $value = $fieldValue; break; case 'field': // this is temporarly handled here $value = $this->_db->NameQuote($fieldValue); break; case 'datetime': if (preg_match('/^[0-9]{4}-[01][0-9]-[0-3][0-9] [0-2][0-9](:[0-5][0-9]){2}$/', $fieldValue)) { $value = $this->_db->Quote($fieldValue); } else { $value = "''"; } break; case 'date': if (preg_match('/^[0-9]{4}-[01][0-9]-[0-3][0-9]$/', $fieldValue)) { $value = $this->_db->Quote($fieldValue); } else { $value = "''"; } break; case 'string': $value = $this->_db->Quote($fieldValue); break; case 'null': if ($fieldValue != 'NULL') { trigger_error(sprintf('CBSQLUpgrader::_sqlCleanQuote: ERROR: field type sql:null has not NULL value')); } $value = 'NULL'; break; default: trigger_error('CBSQLUpgrader::_sqlQuoteValueType: ERROR_UNKNOWN_TYPE: ' . htmlspecialchars($type), E_USER_NOTICE); $value = $this->_db->Quote($fieldValue); // false; break; } return (string) $value; }
function checkin( $oid = null ) { if ( ! array_key_exists( 'checked_out', get_class_vars( strtolower( get_class( $this ) ) ) ) ) { $this->_error = "WARNING: " . strtolower( get_class( $this ) ) . " does not support checkins."; return false; } $k = $this->_tbl_key; if ( $oid !== null ) { $this->$k = $oid; } $query = "UPDATE " . $this->_db->NameQuote( $this->_tbl ) . "\n SET checked_out = 0, checked_out_time = " . $this->_db->Quote( $this->_db->getNullDate() ) . "\n WHERE " . $this->_db->NameQuote( $this->_tbl_key ) . " = " . $this->_db->Quote( $this->$k ) ; $this->_db->setQuery( $query ); return $this->_db->query(); }
/** * gets statistics * * @param int $basketId Basket id for which payments have been done * @param string $txnIdToNotCount (optional) txn_id of payment(s) to ignore in sum * @return boolean true if could load */ public function getBasketPaidTotal( $basketId, $txnIdToNotCount = null ) { $sql = "SELECT COUNT(*) AS count, SUM(mc_gross) AS total " . "\n FROM #__cbsubs_payments " . "\n WHERE payment_basket_id = " . (int) $basketId . "\n AND payment_status = " . $this->_db->Quote( 'Completed' ) ; if ( $txnIdToNotCount ) { $sql .= "\n AND txn_id <> " . $this->_db->Quote( $txnIdToNotCount ); } $this->_db->setQuery( $sql ); return $this->_db->loadObject( $this ); }
/** * Cleans the field value by type in a secure way for SQL * * @param mixed $fieldValue * @param string $type const,sql,param : string,int,float,datetime,formula * @param ParamsInterface $pluginParams * @param CBdatabase|null $db * @param array|null $extDataModels * @return string|boolean STRING: sql-safe value, Quoted or type-casted to int or float, or FALSE in case of type error */ public static function sqlCleanQuote($fieldValue, $type, $pluginParams, &$db = null, $extDataModels = null) { if ($db === null) { global $_CB_database; $db =& $_CB_database; } $typeArray = explode(':', $type, 3); if (count($typeArray) < 2) { $typeArray = array('const', $type); } if ($typeArray[0] == 'param') { $fieldValue = $pluginParams->get($fieldValue); } elseif (in_array($typeArray[0], array('request', 'get', 'post', 'cookie', 'cbcookie', 'session', 'server', 'env'))) { $fieldValue = self::_globalConv($typeArray[0], $fieldValue); } elseif ($typeArray[0] == 'ext') { if (isset($typeArray[2]) && $extDataModels && isset($extDataModels[$typeArray[2]])) { if (is_object($extDataModels[$typeArray[2]])) { if (isset($extDataModels[$typeArray[2]]->{$fieldValue})) { $fieldValue = $extDataModels[$typeArray[2]]->{$fieldValue}; } } elseif (is_array($extDataModels[$typeArray[2]])) { if (isset($extDataModels[$typeArray[2]][$fieldValue])) { $fieldValue = $extDataModels[$typeArray[2]][$fieldValue]; } } else { $fieldValue = $extDataModels[$typeArray[2]]; } } else { trigger_error('SQLXML::sqlCleanQuote: ERROR: ext valuetype "' . htmlspecialchars($type) . '" has not been setExternalDataTypeValues.', E_USER_NOTICE); } // } elseif ( ( $typeArray[0] == 'const' ) || ( $cnt_valtypeArray[0] == 'sql' ) { // $fieldValue = $fieldValue; } switch ($typeArray[1]) { case 'int': $value = (int) $fieldValue; break; case 'float': $value = (double) $fieldValue; break; case 'formula': $value = $fieldValue; break; case 'datetime': if (preg_match('/[0-9]{4}-[01][0-9]-[0-3][0-9] [0-2][0-9](:[0-5][0-9]){2}/', $fieldValue)) { $value = $db->Quote($fieldValue); } else { $value = "''"; } break; case 'date': if (preg_match('/[0-9]{4}-[01][0-9]-[0-3][0-9]/', $fieldValue)) { $value = $db->Quote($fieldValue); } else { $value = "''"; } break; case 'time': if (preg_match('/-?[0-9]{1,3}(:[0-5][0-9]){2}/', $fieldValue)) { $value = $db->Quote($fieldValue); } else { $value = "''"; } break; case 'string': $value = $db->Quote($fieldValue); break; case 'null': $value = 'NULL'; break; default: trigger_error('SQLXML::sqlCleanQuote: ERROR_UNKNOWN_TYPE: ' . htmlspecialchars($type), E_USER_NOTICE); $value = $db->Quote($fieldValue); // false; break; } return $value; }