Пример #1
0
 /**
  * escape data types that need it
  *
  * @param mixed $value value to check for escaping
  *
  * @value mixed value, escaped as necessary
  */
 public static function value_escape($type, $value, $db_doc = NULL)
 {
     if (strlen($value) > 0) {
         // data types that should be quoted
         $enum_regex = dbx::enum_regex($db_doc);
         if (strlen($enum_regex) > 0) {
             $enum_regex = '|' . $enum_regex;
         }
         $PATTERN_QUOTED_TYPES = "/^char.*|^string|^date.*|^time.*|^varchar.*|^interval|^money.*|^inet" . $enum_regex . "/i";
         // strip quoting if it is a quoted type, it will be added after conditional conversion
         if (preg_match($PATTERN_QUOTED_TYPES, $type) > 0) {
             $value = mssql10::strip_single_quoting($value);
         }
         // complain when assholes use colon time notation instead of postgresql verbose for interval expressions
         if (dbsteward::$require_verbose_interval_notation) {
             if (preg_match('/interval/i', $type) > 0) {
                 if (substr($value, 0, 1) != '@') {
                     throw new exception("bad interval value: " . $value . " -- interval types must be postgresql verbose format: '@ 2 hours 30 minutes' etc for cfxn comparisons to work");
                 }
             }
         }
         // mssql doesn't understand epoch
         if (stripos('date', $type) !== FALSE && strcasecmp($value, 'epoch') == 0) {
             $value = '1970-01-01';
         }
         // special case for postgresql type value conversion
         // the boolean type for the column would have been translated to char(1) by xml_parser::mssql10_type_convert()
         if (strcasecmp($type, 'char(1)') == 0) {
             $value = mssql10::boolean_value_convert($value);
         } else {
             if (strcasecmp($type, 'datetimeoffset(7)') == 0) {
                 $value = date('c', strtotime($value));
                 // use date()'s ISO 8601 date format to be conformant
             } else {
                 if (strcasecmp($type, 'datetime2') == 0) {
                     $value = date('Y-m-dTG:i:s', strtotime($value));
                     // use date() to make date format conformant
                 } else {
                     if (strcasecmp($type, 'time') == 0 && strlen($value) > 8) {
                         $value = substr($value, 0, 8);
                     }
                 }
             }
         }
         if (preg_match($PATTERN_QUOTED_TYPES, $type) > 0) {
             //@TODO: is there a better way to do mssql string escaping?
             $value = "'" . str_replace("'", "''", $value) . "'";
         }
     } else {
         // value is zero length, make it NULL
         $value = "NULL";
     }
     return $value;
 }