/** * The recursive function that will return the actual SQL string from a group. * * @param DatasetWhereClause $group * @return string */ private function _parseWhereClause(DatasetWhereClause $group){ $statements = $group->getStatements(); $ws = []; foreach($statements as $w){ if($w instanceof DatasetWhereClause){ // Recursively recurring recursion, RECURSE! $str = $this->_parseWhereClause($w); if($str){ $ws[] = '( ' . $str . ' )'; } } elseif($w instanceof DatasetWhere){ // No field, what can I do? if(!$w->field) continue; $op = $w->op; // Null values should be IS NULL or IS NOT NULL, no sanitizing needed. if($w->value === null){ $v = 'NULL'; // NULL also has a fun trick with mysql.... = and != doesn't work :/ if($op == '=') $op = 'IS'; elseif($op == '!=') $op = 'IS NOT'; } elseif($w->value === 1){ // (int)1 is used sometimes to describe enum(1). $v = "'1'"; } elseif($w->value === 0){ // (int)0 is used sometimes to describe enum(0). $v = "'0'"; } // Numbers are allowed with no sanitizing, they're just numbers. elseif(is_int($w->value)){ $v = $w->value; } // IN statements allow an array to be passed in. Check the values in the array and wrap them with parentheses. elseif(is_array($w->value) && $op == 'IN'){ $vs = []; foreach($w->value as $bit){ $vs[] = "'" . $this->_conn->real_escape_string($bit) . "'"; } $v = '( ' . implode(',', $vs) . ' )'; } else{ $v = "'" . $this->_conn->real_escape_string($w->value) . "'"; } $ws[] = '`' . $w->field . '` ' . $op . ' ' . $v; } } return implode(' ' . $group->getSeparator() . ' ', $ws); }