From 39c2c004c22b51b5a4c42108280c0266bc22dcac Mon Sep 17 00:00:00 2001 From: ucorina Date: Mon, 25 Jul 2011 16:47:22 +0000 Subject: [PATCH] Prepared statements - if argument is not given as array (eg. for IN clauses) even though it should be, convert it to an array. git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0-DB@8633 201d5d3c-b55e-5fd7-737f-ddc643e51545 --- .../queryparts/condition/Condition.class.php | 1 + .../xml/xmlquery/argument/Argument.class.php | 84 ++++++------- .../argument/ConditionArgument.class.php | 114 +++--------------- .../db/xml_query/cubrid/CubridInsertTest.php | 70 +++++------ .../cubrid/CubridSelectOnlineTest.php | 26 ++-- .../db/xml_query/mssql/MssqlSelectTest.php | 8 ++ 6 files changed, 118 insertions(+), 185 deletions(-) diff --git a/classes/db/queryparts/condition/Condition.class.php b/classes/db/queryparts/condition/Condition.class.php index 287d4fb61..e9501b516 100644 --- a/classes/db/queryparts/condition/Condition.class.php +++ b/classes/db/queryparts/condition/Condition.class.php @@ -64,6 +64,7 @@ function show(){ if($this->hasArgument() && !$this->argument->isValid()) return false; if($this->hasArgument() && ($this->_value === '\'\'')) return false; + if(is_array($this->_value) && count($this->_value) === 1 && $this->_value[0] === '') return false; switch($this->operation) { case 'equal' : case 'more' : diff --git a/classes/xml/xmlquery/argument/Argument.class.php b/classes/xml/xmlquery/argument/Argument.class.php index 3effc5f91..14bc73a74 100644 --- a/classes/xml/xmlquery/argument/Argument.class.php +++ b/classes/xml/xmlquery/argument/Argument.class.php @@ -97,48 +97,48 @@ if(isset($this->value) && $this->value != ''){ $val = $this->value; $key = $this->name; - switch($filter_type) { - case 'email' : - case 'email_address' : - if(!preg_match('/^[_0-9a-z-]+(\.[_0-9a-z-]+)*@[0-9a-z-]+(\.[0-9a-z-]+)*$/is', $val)) { - $this->isValid = false; - $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_email, $lang->{$key} ? $lang->{$key} : $key)); - } - break; - case 'homepage' : - if(!preg_match('/^(http|https)+(:\/\/)+[0-9a-z_-]+\.[^ ]+$/is', $val)) { - $this->isValid = false; - $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_homepage, $lang->{$key} ? $lang->{$key} : $key)); - } - break; - case 'userid' : - case 'user_id' : - if(!preg_match('/^[a-zA-Z]+([_0-9a-zA-Z]+)*$/is', $val)) { - $this->isValid = false; - $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_userid, $lang->{$key} ? $lang->{$key} : $key)); - } - break; - case 'number' : - case 'numbers' : - if(is_array($val)) $val = join(',', $val); - if(!preg_match('/^(-?)[0-9]+(,\-?[0-9]+)*$/is', $val)){ - $this->isValid = false; - $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_number, $lang->{$key} ? $lang->{$key} : $key)); - } - break; - case 'alpha' : - if(!preg_match('/^[a-z]+$/is', $val)) { - $this->isValid = false; - $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_alpha, $lang->{$key} ? $lang->{$key} : $key)); - } - break; - case 'alpha_number' : - if(!preg_match('/^[0-9a-z]+$/is', $val)) { - $this->isValid = false; - $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_alpha_number, $lang->{$key} ? $lang->{$key} : $key)); - } - break; - } + switch($filter_type) { + case 'email' : + case 'email_address' : + if(!preg_match('/^[_0-9a-z-]+(\.[_0-9a-z-]+)*@[0-9a-z-]+(\.[0-9a-z-]+)*$/is', $val)) { + $this->isValid = false; + $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_email, $lang->{$key} ? $lang->{$key} : $key)); + } + break; + case 'homepage' : + if(!preg_match('/^(http|https)+(:\/\/)+[0-9a-z_-]+\.[^ ]+$/is', $val)) { + $this->isValid = false; + $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_homepage, $lang->{$key} ? $lang->{$key} : $key)); + } + break; + case 'userid' : + case 'user_id' : + if(!preg_match('/^[a-zA-Z]+([_0-9a-zA-Z]+)*$/is', $val)) { + $this->isValid = false; + $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_userid, $lang->{$key} ? $lang->{$key} : $key)); + } + break; + case 'number' : + case 'numbers' : + if(is_array($val)) $val = join(',', $val); + if(!preg_match('/^(-?)[0-9]+(,\-?[0-9]+)*$/is', $val)){ + $this->isValid = false; + $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_number, $lang->{$key} ? $lang->{$key} : $key)); + } + break; + case 'alpha' : + if(!preg_match('/^[a-z]+$/is', $val)) { + $this->isValid = false; + $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_alpha, $lang->{$key} ? $lang->{$key} : $key)); + } + break; + case 'alpha_number' : + if(!preg_match('/^[0-9a-z]+$/is', $val)) { + $this->isValid = false; + $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_alpha_number, $lang->{$key} ? $lang->{$key} : $key)); + } + break; + } } } diff --git a/classes/xml/xmlquery/argument/ConditionArgument.class.php b/classes/xml/xmlquery/argument/ConditionArgument.class.php index 2e2267793..da938c7e8 100644 --- a/classes/xml/xmlquery/argument/ConditionArgument.class.php +++ b/classes/xml/xmlquery/argument/ConditionArgument.class.php @@ -1,25 +1,28 @@ -operation = $operation; - + $this->operation = $operation; + if($this->type !== 'date'){ $dbParser = XmlQueryParser::getDBParser(); $this->value = $dbParser->escapeStringValue($this->value); - } + } } - + function createConditionValue(){ if(!isset($this->value)) return; - + $name = $this->column_name; $operation = $this->operation; - $value = $this->value; + $value = $this->value; switch($operation) { case 'like_prefix' : @@ -27,7 +30,7 @@ break; case 'like_tail' : $this->value = '%'.$value; - break; + break; case 'like' : $this->value = '%'.$value.'%'; break; @@ -35,103 +38,24 @@ if(!is_array($value)) $this->value = array($value); break; } - /* - //if(!in_array($operation,array('in','notin','between')) && is_array($value)){ - // $value = join(',', $value); - //} - // Daca operatia nu este in, notin, between si coloana e de tip numeric - // daca valoarea e array -> concatenare - // daca valoarea nu e array si nici nu contine paranteze (nu e functie) -> return (int) - // altfel return valoare - - // if(!in_array($operation,array('in','notin','between')) && $type == 'number') { - // if(is_array($value)){ - // $value = join(',',$value); - // } - // if(strpos($value, ',') === false && strpos($value, '(') === false) return (int)$value; - // return $value; - // } - // - // if(!is_array($value) && strpos($name, '.') !== false && strpos($value, '.') !== false) { - // list($table_name, $column_name) = explode('.', $value); - // if($column_type[$column_name]) return $value; - // } - - switch($operation) { - case 'like_prefix' : - if(!is_array($value)) $value = preg_replace('/(^\'|\'$){1}/', '', $value); - $value = $value.'%'; - break; - case 'like_tail' : - if(!is_array($value)) $value = preg_replace('/(^\'|\'$){1}/', '', $value); - $value = '%'.$value; - break; - case 'like' : - if(!is_array($value)) $value = preg_replace('/(^\'|\'$){1}/', '', $value); - $value = '%'.$value.'%'; - break; - // case 'notin' : - // if(is_array($value)) - // { - // $value = $this->addQuotesArray($value); - // if($type=='number') return join(',',$value); - // else return "'". join("','",$value)."'"; - // } - // else - // { - // return $value; - // } - // break; - // case 'in' : - // if(is_array($value)) - // { - // $value = $this->addQuotesArray($value); - // if($type=='number') return join(',',$value); - // else return "'". join("','",$value)."'"; - // } - // else - // { - // return $value; - // } - // break; - // case 'between' : - // if(!is_array($value)) $value = array($value); - // $value = $this->addQuotesArray($value); - // if($type!='number') - // { - // foreach($value as $k=>$v) - // { - // $value[$k] = "'".$v."'"; - // } - // } - - //return $value; - break; - default: - if(!is_array($value)) $value = preg_replace('/(^\'|\'$){1}/', '', $value); - } - $this->value = $value; - //return "'".$this->addQuotes($value)."'"; - */ - } - + function getType(){ return $this->type; } - + function setColumnType($column_type){ if(!isset($this->value)) return; if($column_type === '') return; - + $this->type = $column_type; - + //if($column_type === '') $column_type = 'varchar'; } - - + + } ?> \ No newline at end of file diff --git a/test-phpUnit/db/xml_query/cubrid/CubridInsertTest.php b/test-phpUnit/db/xml_query/cubrid/CubridInsertTest.php index b52a6f4d4..80a658988 100644 --- a/test-phpUnit/db/xml_query/cubrid/CubridInsertTest.php +++ b/test-phpUnit/db/xml_query/cubrid/CubridInsertTest.php @@ -7,14 +7,14 @@ $this->_testQuery($xml_file, $argsString, $expected, 'getInsertSql'); } - + /** * Note: this test can fail when comaparing regdate from the $args with * regdate from the expected string - a few seconds difference */ - function test_module_insertModule(){ + function test_module_insertModule(){ $xml_file = _XE_PATH_ . "modules/module/queries/insertModule.xml"; - $argsString = ' $args->module_category_srl = 0; + $argsString = ' $args->module_category_srl = 0; $args->browser_title = "test"; $args->layout_srl = 0; $args->mlayout_srl = 0; @@ -22,7 +22,7 @@ $args->mid = "test"; $args->site_srl = 0; $args->module_srl = 47374;'; - $expected = 'insert into "xe_modules" + $expected = 'insert into "xe_modules" ("site_srl" , "module_srl" , "module_category_srl" @@ -34,8 +34,8 @@ , "open_rss" , "regdate" , "mlayout_srl" - , "use_mobile") - values + , "use_mobile") + values (0 , 47374 , 0 @@ -48,42 +48,42 @@ , \''.date("YmdHis").'\' , 0 , \'n\')'; - $this->_test($xml_file, $argsString, $expected); + $this->_test($xml_file, $argsString, $expected); } - + function test_module_insertSiteTodayStatus(){ - //\''.date("YmdHis").'\' + //\''.date("YmdHis").'\' $xml_file = _XE_PATH_ . "modules/counter/queries/insertTodayStatus.xml"; - $argsString = ' $args->regdate = 0; + $argsString = ' $args->regdate = 0; $args->unique_visitor = 0; $args->pageview = 0;'; - $expected = 'insert into "xe_counter_status" + $expected = 'insert into "xe_counter_status" ("regdate" , "unique_visitor" - , "pageview") - values - (0 + , "pageview") + values + ('.date("YmdHis").' , 0 , 0)'; - $this->_test($xml_file, $argsString, $expected); + $this->_test($xml_file, $argsString, $expected); } - - function test_module_insertCounterLog(){ + + function test_module_insertCounterLog(){ $xml_file = _XE_PATH_ . "modules/counter/queries/insertCounterLog.xml"; - $argsString = ' $args->site_srl = 0; + $argsString = ' $args->site_srl = 0; $args->regdate = "20110607120619"; $args->ipaddress = "127.0.0.1"; $args->user_agent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24";'; - $expected = 'insert into "xe_counter_log" - ("site_srl", "regdate", "ipaddress", "user_agent") + $expected = 'insert into "xe_counter_log" + ("site_srl", "regdate", "ipaddress", "user_agent") VALUES (0, \'20110607120619\', \'127.0.0.1\', \'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24\') '; - $this->_test($xml_file, $argsString, $expected); + $this->_test($xml_file, $argsString, $expected); } - function test_module_insertMember(){ + function test_module_insertMember(){ $xml_file = _XE_PATH_ . "modules/member/queries/insertMember.xml"; - $argsString = ' $args->member_srl = 203; + $argsString = ' $args->member_srl = 203; $args->user_id = "cacao"; $args->email_address = "teta@ar.ro"; $args->password = "23e5484cb88f3c07bcce2920a5e6a2a7"; @@ -102,27 +102,27 @@ $args->extra_vars = "O:8:\"stdClass\":2:{s:4:\"body\";s:0:\"\";s:7:\"_filter\";s:6:\"insert\";}"; $args->list_order = -203; '; - $expected = 'INSERT INTO "xe_member" + $expected = 'INSERT INTO "xe_member" ("member_srl", "user_id", "email_address", "password", "email_id", "email_host", "user_name", "nick_name", "homepage", "allow_mailing", "allow_message", "denied", "regdate", "change_password_date", - "last_login", "is_admin", "extra_vars", "list_order") - VALUES (203, \'cacao\', \'teta@ar.ro\', \'23e5484cb88f3c07bcce2920a5e6a2a7\', \'teta\', \'ar.ro\', \'trident\', - \'aloha\', \'http://jkgjfk./ww\', \'Y\', \'Y\', \'N\', \'20110607121952\', \'20110607121952\', + "last_login", "is_admin", "extra_vars", "list_order") + VALUES (203, \'cacao\', \'teta@ar.ro\', \'23e5484cb88f3c07bcce2920a5e6a2a7\', \'teta\', \'ar.ro\', \'trident\', + \'aloha\', \'http://jkgjfk./ww\', \'Y\', \'Y\', \'N\', \'20110607121952\', \'20110607121952\', \'20110607121952\', \'N\', \'O:8:"stdClass":2:{s:4:"body";s:0:"";s:7:"_filter";s:6:"insert";}\', -203)'; - $this->_test($xml_file, $argsString, $expected); + $this->_test($xml_file, $argsString, $expected); } - - function test_module_insertModuleExtraVars(){ + + function test_module_insertModuleExtraVars(){ $xml_file = _XE_PATH_ . "modules/module/queries/insertModuleExtraVars.xml"; - $argsString = ' $args->module_srl = 202; + $argsString = ' $args->module_srl = 202; $args->name = "_filter"; $args->value = "insert_page"; '; - $expected = 'INSERT INTO "xe_module_extra_vars" - ("module_srl", "name", "value") + $expected = 'INSERT INTO "xe_module_extra_vars" + ("module_srl", "name", "value") VALUES (202, \'_filter\', \'insert_page\') '; - $this->_test($xml_file, $argsString, $expected); - } + $this->_test($xml_file, $argsString, $expected); + } } \ No newline at end of file diff --git a/test-phpUnit/db/xml_query/cubrid/CubridSelectOnlineTest.php b/test-phpUnit/db/xml_query/cubrid/CubridSelectOnlineTest.php index fcc7eecb6..e0b787b1c 100644 --- a/test-phpUnit/db/xml_query/cubrid/CubridSelectOnlineTest.php +++ b/test-phpUnit/db/xml_query/cubrid/CubridSelectOnlineTest.php @@ -1,23 +1,23 @@ mid = 'test_4l8ci4vv0n'; $args->site_srl = 0; $output = executeQuery('module.getMidInfo', $args); $this->assertNotNull($output); $this->assertNotNull($output->data, $output->message); - $this->assertEquals($output->data->module_srl, 111); + $this->assertEquals($output->data->module_srl, 111); } - - function test_module_getInfo(){ + + function test_module_getInfo(){ $args->site_srl = 0; $output = executeQuery('module.getSiteInfo', $args); $this->assertTrue(is_a($output, 'Object')); $this->assertEquals(0, $output->error, $output->message); } - + function test_document_getDocumentList_pagination(){ $args->sort_index = 'list_order'; $args->order_type = 'asc'; @@ -25,11 +25,11 @@ $args->list_count = 30; $args->page_count = 10; $args->s_member_srl = 4; - + $output = executeQuery('document.getDocumentList', $args); - $this->assertEquals(0, $output->error, $output->message); + $this->assertEquals(0, $output->error, $output->message . PHP_EOL . $output->variables["_query"]); } - + function test_syndication_getDocumentList(){ $args->module_srl = NULL; $args->exclude_module_srl = NULL; @@ -37,7 +37,7 @@ $args->sort_index = 'list_order'; $args->order_type = 'asc'; $args->page = 5; - $args->list_count = 30; + $args->list_count = 30; $args->page_count = 10; $args->start_date = NULL; $args->end_date = NULL; @@ -45,8 +45,8 @@ $output = executeQuery('document.getDocumentList', $args); $this->assertTrue(is_int($output->page), $output->message); - } - + } + function test_member_getMemberList(){ $args->is_admin = ''; $args->is_denied = ''; @@ -54,9 +54,9 @@ $args->sort_order = 'asc'; $args->list_count = 40; $args->page_count = 10; - + $output = executeQuery('member.getMemberList', $args); - $this->assertEquals(0, $output->error, $output->message); + $this->assertEquals(0, $output->error, $output->message); } } ?> diff --git a/test-phpUnit/db/xml_query/mssql/MssqlSelectTest.php b/test-phpUnit/db/xml_query/mssql/MssqlSelectTest.php index f5c0c5d25..4bf2cba5e 100644 --- a/test-phpUnit/db/xml_query/mssql/MssqlSelectTest.php +++ b/test-phpUnit/db/xml_query/mssql/MssqlSelectTest.php @@ -145,6 +145,14 @@ $this->_test($xml_file, $argsString, $expected, array("25")); } + function test_module_getModuleSites(){ + $xml_file = _XE_PATH_ . "modules/module/queries/getModuleSites.xml"; + //$argsString = '$args->module_srls = array(67, 65);'; + $argsString = '$args->module_srls = "67, 65";'; + $expected = 'SELECT [modules].[module_srl] as [module_srl], [sites].[domain] as [domain] FROM [xe_modules] as [modules] , [xe_sites] as [sites] WHERE [modules].[module_srl] in (?,?) and [sites].[site_srl] = [modules].[site_srl]'; + $this->_test($xml_file, $argsString, $expected, array("67", "65")); + } + // TODO Something fishy about this query - to be investigated