/** * Remove parts of a SQL string that contain quoted strings * of values or identifiers. * * @param string $sql * @return string */ protected function _stripQuoted($sql) { // get the character for value quoting // this should be ' $q = $this->_adapter->quote('a'); $q = $q[0]; // get the value used as an escaped quote, // e.g. \' or '' $qe = $this->_adapter->quote($q); $qe = substr($qe, 1, 2); $qe = preg_quote($qe); $escapeChar = substr($qe, 0, 1); // remove 'foo\'bar' if (!empty($q)) { $escapeChar = preg_quote($escapeChar); // this segfaults only after 65,000 characters instead of 9,000 $sql = preg_replace("/{$q}([^{$q}{$escapeChar}]*|({$qe})*)*{$q}/s", '', $sql); } // get a version of the SQL statement with all quoted // values and delimited identifiers stripped out // remove "foo\"bar" $sql = preg_replace("/\"(\\\\\"|[^\"])*\"/Us", '', $sql); // get the character for delimited id quotes, // this is usually " but in MySQL is ` $d = $this->_adapter->quoteIdentifier('a'); $d = $d[0]; // get the value used as an escaped delimited id quote, // e.g. \" or "" or \` $de = $this->_adapter->quoteIdentifier($d); $de = substr($de, 1, 2); $de = preg_quote($de); // Note: $de and $d where never used..., now they are: $sql = preg_replace("/{$d}({$de}|\\\\{2}|[^{$d}])*{$d}/Us", '', $sql); return $sql; }
/** * Fetches rows by primary key. The argument specifies one or more primary * key value(s). To find multiple rows by primary key, the argument must * be an array. * * This method accepts a variable number of arguments. If the table has a * multi-column primary key, the number of arguments must be the same as * the number of columns in the primary key. To find multiple rows in a * table with a multi-column primary key, each argument must be an array * with the same number of elements. * * The find() method always returns a Rowset object, even if only one row * was found. * * @param mixed $key The value(s) of the primary keys. * @return \Micro\Database\Table\Rowset\RowsetAbstract Row(s) matching the criteria. * @throws \Micro\Database\Table\Exception */ public function find() { $this->_setupPrimaryKey(); $args = func_get_args(); $keyNames = array_values((array) $this->_primary); if (count($args) < count($keyNames)) { throw new Exception("Too few columns for the primary key"); } if (count($args) > count($keyNames)) { throw new Exception("Too many columns for the primary key"); } $whereList = array(); $numberTerms = 0; foreach ($args as $keyPosition => $keyValues) { $keyValuesCount = count($keyValues); // Coerce the values to an array. // Don't simply typecast to array, because the values // might be \Micro\Database\Expr objects. if (!is_array($keyValues)) { $keyValues = array($keyValues); } if ($numberTerms == 0) { $numberTerms = $keyValuesCount; } else { if ($keyValuesCount != $numberTerms) { throw new Exception("Missing value(s) for the primary key"); } } $keyValues = array_values($keyValues); for ($i = 0; $i < $keyValuesCount; ++$i) { if (!isset($whereList[$i])) { $whereList[$i] = array(); } $whereList[$i][$keyPosition] = $keyValues[$i]; } } $whereClause = null; if (count($whereList)) { $whereOrTerms = array(); $tableName = $this->_db->quoteTableAs($this->_name, null, true); foreach ($whereList as $keyValueSets) { $whereAndTerms = array(); foreach ($keyValueSets as $keyPosition => $keyValue) { $type = $this->_metadata[$keyNames[$keyPosition]]['DATA_TYPE']; $columnName = $this->_db->quoteIdentifier($keyNames[$keyPosition], true); $whereAndTerms[] = $this->_db->quoteInto($tableName . '.' . $columnName . ' = ?', $keyValue, $type); } $whereOrTerms[] = '(' . implode(' AND ', $whereAndTerms) . ')'; } $whereClause = '(' . implode(' OR ', $whereOrTerms) . ')'; } if ($whereClause == null) { $rowsetClass = $this->getRowsetClass(); if (!class_exists($rowsetClass)) { throw new Exception("Class '{$rowsetClass}' does not exists"); } return new $rowsetClass(array('table' => $this, 'rowClass' => $this->getRowClass(), 'stored' => true)); } return $this->fetchAll($whereClause); }
/** * Render ORDER clause * * @param string $sql SQL query * @return string */ protected function _renderOrder($sql) { if ($this->_parts[self::ORDER]) { $order = array(); foreach ($this->_parts[self::ORDER] as $term) { if (is_array($term)) { if (is_numeric($term[0]) && strval(intval($term[0])) == $term[0]) { $order[] = (int) trim($term[0]) . ' ' . $term[1]; } else { $order[] = $this->_adapter->quoteIdentifier($term[0], true) . ' ' . $term[1]; } } else { if (is_numeric($term) && strval(intval($term)) == $term) { $order[] = (int) trim($term); } else { $order[] = $this->_adapter->quoteIdentifier($term, true); } } } $sql .= ' ' . self::SQL_ORDER_BY . ' ' . implode(', ', $order); } return $sql; }