/**
* Cleans and makes a value SQL safe depending on the type that is enforced.
* @access private
*
* @param mixed $fieldValue
* @param string $type
* @return string
*/
function _sqlCleanQuote($fieldValue, $type)
{
$typeArray = explode(':', $type, 3);
if (count($typeArray) < 2) {
$typeArray = array('const', $type);
}
switch ($typeArray[1]) {
case 'int':
$value = (int) $fieldValue;
break;
case 'float':
$value = (double) $fieldValue;
break;
case 'formula':
$value = $fieldValue;
break;
case 'field':
// this is temporarly handled here
$value = $this->_db->NameQuote($fieldValue);
break;
case 'datetime':
if (preg_match('/^[0-9]{4}-[01][0-9]-[0-3][0-9] [0-2][0-9](:[0-5][0-9]){2}$/', $fieldValue)) {
$value = $this->_db->Quote($fieldValue);
} else {
$value = "''";
}
break;
case 'date':
if (preg_match('/^[0-9]{4}-[01][0-9]-[0-3][0-9]$/', $fieldValue)) {
$value = $this->_db->Quote($fieldValue);
} else {
$value = "''";
}
break;
case 'string':
$value = $this->_db->Quote($fieldValue);
break;
case 'null':
if ($fieldValue != 'NULL') {
trigger_error(sprintf('CBSQLUpgrader::_sqlCleanQuote: ERROR: field type sql:null has not NULL value'));
}
$value = 'NULL';
break;
default:
trigger_error('CBSQLUpgrader::_sqlQuoteValueType: ERROR_UNKNOWN_TYPE: ' . htmlspecialchars($type), E_USER_NOTICE);
$value = $this->_db->Quote($fieldValue);
// false;
break;
}
return (string) $value;
}
function checkin( $oid = null ) {
if ( ! array_key_exists( 'checked_out', get_class_vars( strtolower( get_class( $this ) ) ) ) ) {
$this->_error = "WARNING: " . strtolower( get_class( $this ) ) . " does not support checkins.";
return false;
}
$k = $this->_tbl_key;
if ( $oid !== null ) {
$this->$k = $oid;
}
$query = "UPDATE " . $this->_db->NameQuote( $this->_tbl )
. "\n SET checked_out = 0, checked_out_time = " . $this->_db->Quote( $this->_db->getNullDate() )
. "\n WHERE " . $this->_db->NameQuote( $this->_tbl_key ) . " = " . $this->_db->Quote( $this->$k )
;
$this->_db->setQuery( $query );
return $this->_db->query();
}
/**
* gets statistics
*
* @param int $basketId Basket id for which payments have been done
* @param string $txnIdToNotCount (optional) txn_id of payment(s) to ignore in sum
* @return boolean true if could load
*/
public function getBasketPaidTotal( $basketId, $txnIdToNotCount = null ) {
$sql = "SELECT COUNT(*) AS count, SUM(mc_gross) AS total "
. "\n FROM #__cbsubs_payments "
. "\n WHERE payment_basket_id = " . (int) $basketId
. "\n AND payment_status = " . $this->_db->Quote( 'Completed' )
;
if ( $txnIdToNotCount ) {
$sql .= "\n AND txn_id <> " . $this->_db->Quote( $txnIdToNotCount );
}
$this->_db->setQuery( $sql );
return $this->_db->loadObject( $this );
}
/**
* Cleans the field value by type in a secure way for SQL
*
* @param mixed $fieldValue
* @param string $type const,sql,param : string,int,float,datetime,formula
* @param ParamsInterface $pluginParams
* @param CBdatabase|null $db
* @param array|null $extDataModels
* @return string|boolean STRING: sql-safe value, Quoted or type-casted to int or float, or FALSE in case of type error
*/
public static function sqlCleanQuote($fieldValue, $type, $pluginParams, &$db = null, $extDataModels = null)
{
if ($db === null) {
global $_CB_database;
$db =& $_CB_database;
}
$typeArray = explode(':', $type, 3);
if (count($typeArray) < 2) {
$typeArray = array('const', $type);
}
if ($typeArray[0] == 'param') {
$fieldValue = $pluginParams->get($fieldValue);
} elseif (in_array($typeArray[0], array('request', 'get', 'post', 'cookie', 'cbcookie', 'session', 'server', 'env'))) {
$fieldValue = self::_globalConv($typeArray[0], $fieldValue);
} elseif ($typeArray[0] == 'ext') {
if (isset($typeArray[2]) && $extDataModels && isset($extDataModels[$typeArray[2]])) {
if (is_object($extDataModels[$typeArray[2]])) {
if (isset($extDataModels[$typeArray[2]]->{$fieldValue})) {
$fieldValue = $extDataModels[$typeArray[2]]->{$fieldValue};
}
} elseif (is_array($extDataModels[$typeArray[2]])) {
if (isset($extDataModels[$typeArray[2]][$fieldValue])) {
$fieldValue = $extDataModels[$typeArray[2]][$fieldValue];
}
} else {
$fieldValue = $extDataModels[$typeArray[2]];
}
} else {
trigger_error('SQLXML::sqlCleanQuote: ERROR: ext valuetype "' . htmlspecialchars($type) . '" has not been setExternalDataTypeValues.', E_USER_NOTICE);
}
// } elseif ( ( $typeArray[0] == 'const' ) || ( $cnt_valtypeArray[0] == 'sql' ) {
// $fieldValue = $fieldValue;
}
switch ($typeArray[1]) {
case 'int':
$value = (int) $fieldValue;
break;
case 'float':
$value = (double) $fieldValue;
break;
case 'formula':
$value = $fieldValue;
break;
case 'datetime':
if (preg_match('/[0-9]{4}-[01][0-9]-[0-3][0-9] [0-2][0-9](:[0-5][0-9]){2}/', $fieldValue)) {
$value = $db->Quote($fieldValue);
} else {
$value = "''";
}
break;
case 'date':
if (preg_match('/[0-9]{4}-[01][0-9]-[0-3][0-9]/', $fieldValue)) {
$value = $db->Quote($fieldValue);
} else {
$value = "''";
}
break;
case 'time':
if (preg_match('/-?[0-9]{1,3}(:[0-5][0-9]){2}/', $fieldValue)) {
$value = $db->Quote($fieldValue);
} else {
$value = "''";
}
break;
case 'string':
$value = $db->Quote($fieldValue);
break;
case 'null':
$value = 'NULL';
break;
default:
trigger_error('SQLXML::sqlCleanQuote: ERROR_UNKNOWN_TYPE: ' . htmlspecialchars($type), E_USER_NOTICE);
$value = $db->Quote($fieldValue);
// false;
break;
}
return $value;
}
