/** * @param tablename Optional tablename where record can be inserted. Should have same schema as the main table. */ function _insert(&$record, $tablename = null, $secure = false) { if ($secure && !$record->checkPermission('new')) { // Use security to check to see if we are allowed to delete this // record. return Dataface_Error::permissionDenied(df_translate('scripts.Dataface.IO._insert.PERMISSION_DENIED', 'Could not insert record "' . $record->getTitle() . '" from table "' . $record->_table->tablename . '" because you have insufficient permissions.', array('title' => $record->getTitle(), 'table' => $record->_table->tablename))); } if ($secure) { foreach (array_keys($record->_table->fields()) as $fieldname) { if ($record->valueChanged($fieldname) and !@$record->vetoFields[$fieldname] and !$record->checkPermission('new', array('field' => $fieldname))) { // If this field was changed and the field doesn't have veto power, then // we must subject the change to a security check - the user must havce // edit permission to perform the change. return Dataface_Error::permissionDenied(df_translate('scripts.Dataface.IO._insert.PERMISSION_DENIED_FIELD', 'Could not insert record "' . $record->getTitle() . '" into table "' . $record->_table->tablename . '" because you do not have permission to modify the "' . $fieldname . '" column.', array('title' => $record->getTitle(), 'table' => $record->_table->tablename, 'field' => $fieldname))); } } } if ($tablename === null and $this->_altTablename !== null) { $tablename = $this->_altTablename; } $s =& $this->_table; $delegate =& $s->getDelegate(); if ($this->fireTriggers) { $res = $this->fireBeforeInsert($record); if (PEAR::isError($res)) { return $res; } } $parentIO =& $this->getParentIO(); if (isset($parentIO)) { $parentRecord =& $record->getParentRecord(); $res = $parentIO->write($parentRecord, $parentRecord->snapshotKeys()); if (PEAR::isError($res)) { return $res; } unset($parentRecord); } $qb = new Dataface_QueryBuilder($s->tablename); $sql = $qb->insert($record, $this->tablename($tablename)); if (PEAR::isError($sql)) { //$sql->addUserInfo("Error generating sql for insert in IO::_insert() on line ".__LINE__." of file ".__FILE__); trigger_error(df_translate('scripts.Dataface.IO._insert.ERROR_GENERATING_SQL', "Error generating sql for insert in IO::_insert()") . Dataface_Error::printStackTrace(), E_USER_ERROR); //return $sql; } //$res = mysql_query($sql, $s->db); $res = $this->dbObj->query($sql, $s->db, $this->lang); if (!$res || PEAR::isError($res)) { if (in_array(mysql_errno($this->_table->db), array(MYSQL_ER_DUP_KEY, MYSQL_ER_DUP_ENTRY))) { /* * This is a duplicate entry. We will handle this as an exception rather than an error because * cases may arise in a database application when a duplicate entry will happen and the application * will want to handle it in a graceful way. Eg: If the user is entering a username that is the same * as an existing name. We don't want an ugle FATAL error to be thrown here. Rather we want to * notify the application that it is a duplicate entry. */ return Dataface_Error::duplicateEntry(Dataface_LanguageTool::translate("Failed to insert record because of duplicate entry", "Duplicate entry into table '" . $s->tablename, array('table' => $s->tablename))); } trigger_error(df_translate('scripts.Dataface.IO._insert.ERROR_INSERTING_RECORD', "Error inserting record: ") . (PEAR::isError($res) ? $res->getMessage() : mysql_error(df_db())) . ": SQL: {$sql}" . Dataface_Error::printStackTrace(), E_USER_ERROR); } $id = df_insert_id($s->db); $this->insertIds[$this->_table->tablename] = $id; /* * Now update the record to contain the proper id. */ $autoIncrementField = $s->getAutoIncrementField(); if ($autoIncrementField !== null) { $record->setValue($autoIncrementField, $id); } if ($this->fireTriggers) { $res2 = $this->fireAfterInsert($record); if (PEAR::isError($res2)) { return $res2; } } return true; }