fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-02-01 01:29:58 +09:00
Code Issues Projects Releases Packages Wiki Activity

Prepared statements - if argument is not given as array (eg. for IN clauses) even though it should be, convert it to an array.

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0-DB@8633 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ucorina 2011-07-25 16:47:22 +00:00
parent b3c75ac4db
commit 39c2c004c2
6 changed files with 118 additions and 185 deletions
Download patch file Download diff file Expand all files Collapse all files

1
classes/db/queryparts/condition/Condition.class.php
View file

@ -64,6 +64,7 @@
function show(){ function show(){
if($this->hasArgument() && !$this->argument->isValid()) return false; if($this->hasArgument() && !$this->argument->isValid()) return false;
if($this->hasArgument() && ($this->_value === '\'\'')) return false; if($this->hasArgument() && ($this->_value === '\'\'')) return false;
if(is_array($this->_value) && count($this->_value) === 1 && $this->_value[0] === '') return false;
switch($this->operation) { switch($this->operation) {
case 'equal' : case 'equal' :
case 'more' : case 'more' :

84
classes/xml/xmlquery/argument/Argument.class.php
View file

@ -97,48 +97,48 @@
if(isset($this->value) && $this->value != ''){ if(isset($this->value) && $this->value != ''){
$val = $this->value; $val = $this->value;
$key = $this->name; $key = $this->name;
switch($filter_type) { switch($filter_type) {
case 'email' : case 'email' :
case 'email_address' : case 'email_address' :
if(!preg_match('/^[_0-9a-z-]+(\.[_0-9a-z-]+)*@[0-9a-z-]+(\.[0-9a-z-]+)*$/is', $val)) { if(!preg_match('/^[_0-9a-z-]+(\.[_0-9a-z-]+)*@[0-9a-z-]+(\.[0-9a-z-]+)*$/is', $val)) {
$this->isValid = false; $this->isValid = false;
$this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_email, $lang->{$key} ? $lang->{$key} : $key)); $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_email, $lang->{$key} ? $lang->{$key} : $key));
} }
break; break;
case 'homepage' : case 'homepage' :
if(!preg_match('/^(http|https)+(:\/\/)+[0-9a-z_-]+\.[^ ]+$/is', $val)) { if(!preg_match('/^(http|https)+(:\/\/)+[0-9a-z_-]+\.[^ ]+$/is', $val)) {
$this->isValid = false; $this->isValid = false;
$this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_homepage, $lang->{$key} ? $lang->{$key} : $key)); $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_homepage, $lang->{$key} ? $lang->{$key} : $key));
} }
break; break;
case 'userid' : case 'userid' :
case 'user_id' : case 'user_id' :
if(!preg_match('/^[a-zA-Z]+([_0-9a-zA-Z]+)*$/is', $val)) { if(!preg_match('/^[a-zA-Z]+([_0-9a-zA-Z]+)*$/is', $val)) {
$this->isValid = false; $this->isValid = false;
$this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_userid, $lang->{$key} ? $lang->{$key} : $key)); $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_userid, $lang->{$key} ? $lang->{$key} : $key));
} }
break; break;
case 'number' : case 'number' :
case 'numbers' : case 'numbers' :
if(is_array($val)) $val = join(',', $val); if(is_array($val)) $val = join(',', $val);
if(!preg_match('/^(-?)[0-9]+(,\-?[0-9]+)*$/is', $val)){ if(!preg_match('/^(-?)[0-9]+(,\-?[0-9]+)*$/is', $val)){
$this->isValid = false; $this->isValid = false;
$this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_number, $lang->{$key} ? $lang->{$key} : $key)); $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_number, $lang->{$key} ? $lang->{$key} : $key));
} }
break; break;
case 'alpha' : case 'alpha' :
if(!preg_match('/^[a-z]+$/is', $val)) { if(!preg_match('/^[a-z]+$/is', $val)) {
$this->isValid = false; $this->isValid = false;
$this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_alpha, $lang->{$key} ? $lang->{$key} : $key)); $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_alpha, $lang->{$key} ? $lang->{$key} : $key));
} }
break; break;
case 'alpha_number' : case 'alpha_number' :
if(!preg_match('/^[0-9a-z]+$/is', $val)) { if(!preg_match('/^[0-9a-z]+$/is', $val)) {
$this->isValid = false; $this->isValid = false;
$this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_alpha_number, $lang->{$key} ? $lang->{$key} : $key)); $this->errorMessage = new Object(-1, sprintf($lang->filter->invalid_alpha_number, $lang->{$key} ? $lang->{$key} : $key));
} }
break; break;
} }
} }
} }

114
classes/xml/xmlquery/argument/ConditionArgument.class.php
View file

@ -1,25 +1,28 @@
<?php <?php
class ConditionArgument extends Argument { class ConditionArgument extends Argument {
var $operation; var $operation;
function ConditionArgument($name, $value, $operation){ function ConditionArgument($name, $value, $operation){
if(isset($value) && in_array($operation, array('in', 'not in', 'between')) && !is_array($value)){
$value = explode(',', $value);
}
parent::Argument($name, $value); parent::Argument($name, $value);
$this->operation = $operation; $this->operation = $operation;
if($this->type !== 'date'){ if($this->type !== 'date'){
$dbParser = XmlQueryParser::getDBParser(); $dbParser = XmlQueryParser::getDBParser();
$this->value = $dbParser->escapeStringValue($this->value); $this->value = $dbParser->escapeStringValue($this->value);
} }
} }
function createConditionValue(){ function createConditionValue(){
if(!isset($this->value)) return; if(!isset($this->value)) return;
$name = $this->column_name; $name = $this->column_name;
$operation = $this->operation; $operation = $this->operation;
$value = $this->value; $value = $this->value;
switch($operation) { switch($operation) {
case 'like_prefix' : case 'like_prefix' :
@ -27,7 +30,7 @@
break; break;
case 'like_tail' : case 'like_tail' :
$this->value = '%'.$value; $this->value = '%'.$value;
break; break;
case 'like' : case 'like' :
$this->value = '%'.$value.'%'; $this->value = '%'.$value.'%';
break; break;
@ -35,103 +38,24 @@
if(!is_array($value)) $this->value = array($value); if(!is_array($value)) $this->value = array($value);
break; break;
} }
/*
//if(!in_array($operation,array('in','notin','between')) && is_array($value)){
// $value = join(',', $value);
//}
// Daca operatia nu este in, notin, between si coloana e de tip numeric
// daca valoarea e array -> concatenare
// daca valoarea nu e array si nici nu contine paranteze (nu e functie) -> return (int)
// altfel return valoare
// if(!in_array($operation,array('in','notin','between')) && $type == 'number') {
// if(is_array($value)){
// $value = join(',',$value);
// }
// if(strpos($value, ',') === false && strpos($value, '(') === false) return (int)$value;
// return $value;
// }
//
// if(!is_array($value) && strpos($name, '.') !== false && strpos($value, '.') !== false) {
// list($table_name, $column_name) = explode('.', $value);
// if($column_type[$column_name]) return $value;
// }
switch($operation) {
case 'like_prefix' :
if(!is_array($value)) $value = preg_replace('/(^\'|\'$){1}/', '', $value);
$value = $value.'%';
break;
case 'like_tail' :
if(!is_array($value)) $value = preg_replace('/(^\'|\'$){1}/', '', $value);
$value = '%'.$value;
break;
case 'like' :
if(!is_array($value)) $value = preg_replace('/(^\'|\'$){1}/', '', $value);
$value = '%'.$value.'%';
break;
// case 'notin' :
// if(is_array($value))
// {
// $value = $this->addQuotesArray($value);
// if($type=='number') return join(',',$value);
// else return "'". join("','",$value)."'";
// }
// else
// {
// return $value;
// }
// break;
// case 'in' :
// if(is_array($value))
// {
// $value = $this->addQuotesArray($value);
// if($type=='number') return join(',',$value);
// else return "'". join("','",$value)."'";
// }
// else
// {
// return $value;
// }
// break;
// case 'between' :
// if(!is_array($value)) $value = array($value);
// $value = $this->addQuotesArray($value);
// if($type!='number')
// {
// foreach($value as $k=>$v)
// {
// $value[$k] = "'".$v."'";
// }
// }
//return $value;
break;
default:
if(!is_array($value)) $value = preg_replace('/(^\'|\'$){1}/', '', $value);
}
$this->value = $value;
//return "'".$this->addQuotes($value)."'";
*/
} }
function getType(){ function getType(){
return $this->type; return $this->type;
} }
function setColumnType($column_type){ function setColumnType($column_type){
if(!isset($this->value)) return; if(!isset($this->value)) return;
if($column_type === '') return; if($column_type === '') return;
$this->type = $column_type; $this->type = $column_type;
//if($column_type === '') $column_type = 'varchar'; //if($column_type === '') $column_type = 'varchar';
} }
} }
?> ?>

70
test-phpUnit/db/xml_query/cubrid/CubridInsertTest.php
View file

@ -7,14 +7,14 @@
$this->_testQuery($xml_file, $argsString, $expected, 'getInsertSql'); $this->_testQuery($xml_file, $argsString, $expected, 'getInsertSql');
} }
/** /**
* Note: this test can fail when comaparing regdate from the $args with * Note: this test can fail when comaparing regdate from the $args with
* regdate from the expected string - a few seconds difference * regdate from the expected string - a few seconds difference
*/ */
function test_module_insertModule(){ function test_module_insertModule(){
$xml_file = _XE_PATH_ . "modules/module/queries/insertModule.xml"; $xml_file = _XE_PATH_ . "modules/module/queries/insertModule.xml";
$argsString = ' $args->module_category_srl = 0; $argsString = ' $args->module_category_srl = 0;
$args->browser_title = "test"; $args->browser_title = "test";
$args->layout_srl = 0; $args->layout_srl = 0;
$args->mlayout_srl = 0; $args->mlayout_srl = 0;
@ -22,7 +22,7 @@
$args->mid = "test"; $args->mid = "test";
$args->site_srl = 0; $args->site_srl = 0;
$args->module_srl = 47374;'; $args->module_srl = 47374;';
$expected = 'insert into "xe_modules" $expected = 'insert into "xe_modules"
("site_srl" ("site_srl"
, "module_srl" , "module_srl"
, "module_category_srl" , "module_category_srl"
@ -34,8 +34,8 @@
, "open_rss" , "open_rss"
, "regdate" , "regdate"
, "mlayout_srl" , "mlayout_srl"
, "use_mobile") , "use_mobile")
values values
(0 (0
, 47374 , 47374
, 0 , 0
@ -48,42 +48,42 @@
, \''.date("YmdHis").'\' , \''.date("YmdHis").'\'
, 0 , 0
, \'n\')'; , \'n\')';
$this->_test($xml_file, $argsString, $expected); $this->_test($xml_file, $argsString, $expected);
} }
function test_module_insertSiteTodayStatus(){ function test_module_insertSiteTodayStatus(){
//\''.date("YmdHis").'\' //\''.date("YmdHis").'\'
$xml_file = _XE_PATH_ . "modules/counter/queries/insertTodayStatus.xml"; $xml_file = _XE_PATH_ . "modules/counter/queries/insertTodayStatus.xml";
$argsString = ' $args->regdate = 0; $argsString = ' $args->regdate = 0;
$args->unique_visitor = 0; $args->unique_visitor = 0;
$args->pageview = 0;'; $args->pageview = 0;';
$expected = 'insert into "xe_counter_status" $expected = 'insert into "xe_counter_status"
("regdate" ("regdate"
, "unique_visitor" , "unique_visitor"
, "pageview") , "pageview")
values values
(0 ('.date("YmdHis").'
, 0 , 0
, 0)'; , 0)';
$this->_test($xml_file, $argsString, $expected); $this->_test($xml_file, $argsString, $expected);
} }
function test_module_insertCounterLog(){ function test_module_insertCounterLog(){
$xml_file = _XE_PATH_ . "modules/counter/queries/insertCounterLog.xml"; $xml_file = _XE_PATH_ . "modules/counter/queries/insertCounterLog.xml";
$argsString = ' $args->site_srl = 0; $argsString = ' $args->site_srl = 0;
$args->regdate = "20110607120619"; $args->regdate = "20110607120619";
$args->ipaddress = "127.0.0.1"; $args->ipaddress = "127.0.0.1";
$args->user_agent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24";'; $args->user_agent = "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24";';
$expected = 'insert into "xe_counter_log" $expected = 'insert into "xe_counter_log"
("site_srl", "regdate", "ipaddress", "user_agent") ("site_srl", "regdate", "ipaddress", "user_agent")
VALUES (0, \'20110607120619\', \'127.0.0.1\', \'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24\') VALUES (0, \'20110607120619\', \'127.0.0.1\', \'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24\')
'; ';
$this->_test($xml_file, $argsString, $expected); $this->_test($xml_file, $argsString, $expected);
} }
function test_module_insertMember(){ function test_module_insertMember(){
$xml_file = _XE_PATH_ . "modules/member/queries/insertMember.xml"; $xml_file = _XE_PATH_ . "modules/member/queries/insertMember.xml";
$argsString = ' $args->member_srl = 203; $argsString = ' $args->member_srl = 203;
$args->user_id = "cacao"; $args->user_id = "cacao";
$args->email_address = "teta@ar.ro"; $args->email_address = "teta@ar.ro";
$args->password = "23e5484cb88f3c07bcce2920a5e6a2a7"; $args->password = "23e5484cb88f3c07bcce2920a5e6a2a7";
@ -102,27 +102,27 @@
$args->extra_vars = "O:8:\"stdClass\":2:{s:4:\"body\";s:0:\"\";s:7:\"_filter\";s:6:\"insert\";}"; $args->extra_vars = "O:8:\"stdClass\":2:{s:4:\"body\";s:0:\"\";s:7:\"_filter\";s:6:\"insert\";}";
$args->list_order = -203; $args->list_order = -203;
'; ';
$expected = 'INSERT INTO "xe_member" $expected = 'INSERT INTO "xe_member"
("member_srl", "user_id", "email_address", "password", "email_id", "email_host", "user_name", "nick_name", ("member_srl", "user_id", "email_address", "password", "email_id", "email_host", "user_name", "nick_name",
"homepage", "allow_mailing", "allow_message", "denied", "regdate", "change_password_date", "homepage", "allow_mailing", "allow_message", "denied", "regdate", "change_password_date",
"last_login", "is_admin", "extra_vars", "list_order") "last_login", "is_admin", "extra_vars", "list_order")
VALUES (203, \'cacao\', \'teta@ar.ro\', \'23e5484cb88f3c07bcce2920a5e6a2a7\', \'teta\', \'ar.ro\', \'trident\', VALUES (203, \'cacao\', \'teta@ar.ro\', \'23e5484cb88f3c07bcce2920a5e6a2a7\', \'teta\', \'ar.ro\', \'trident\',
\'aloha\', \'http://jkgjfk./ww\', \'Y\', \'Y\', \'N\', \'20110607121952\', \'20110607121952\', \'aloha\', \'http://jkgjfk./ww\', \'Y\', \'Y\', \'N\', \'20110607121952\', \'20110607121952\',
\'20110607121952\', \'N\', \'O:8:"stdClass":2:{s:4:"body";s:0:"";s:7:"_filter";s:6:"insert";}\', -203)'; \'20110607121952\', \'N\', \'O:8:"stdClass":2:{s:4:"body";s:0:"";s:7:"_filter";s:6:"insert";}\', -203)';
$this->_test($xml_file, $argsString, $expected); $this->_test($xml_file, $argsString, $expected);
} }
function test_module_insertModuleExtraVars(){ function test_module_insertModuleExtraVars(){
$xml_file = _XE_PATH_ . "modules/module/queries/insertModuleExtraVars.xml"; $xml_file = _XE_PATH_ . "modules/module/queries/insertModuleExtraVars.xml";
$argsString = ' $args->module_srl = 202; $argsString = ' $args->module_srl = 202;
$args->name = "_filter"; $args->name = "_filter";
$args->value = "insert_page"; $args->value = "insert_page";
'; ';
$expected = 'INSERT INTO "xe_module_extra_vars" $expected = 'INSERT INTO "xe_module_extra_vars"
("module_srl", "name", "value") ("module_srl", "name", "value")
VALUES (202, \'_filter\', \'insert_page\') VALUES (202, \'_filter\', \'insert_page\')
'; ';
$this->_test($xml_file, $argsString, $expected); $this->_test($xml_file, $argsString, $expected);
} }
} }

26
test-phpUnit/db/xml_query/cubrid/CubridSelectOnlineTest.php
View file

@ -1,23 +1,23 @@
<?php <?php
class CubridSelectOnlineTest extends CubridOnlineTest { class CubridSelectOnlineTest extends CubridOnlineTest {
function test_get_module_by_mid(){ function test_get_module_by_mid(){
$args->mid = 'test_4l8ci4vv0n'; $args->mid = 'test_4l8ci4vv0n';
$args->site_srl = 0; $args->site_srl = 0;
$output = executeQuery('module.getMidInfo', $args); $output = executeQuery('module.getMidInfo', $args);
$this->assertNotNull($output); $this->assertNotNull($output);
$this->assertNotNull($output->data, $output->message); $this->assertNotNull($output->data, $output->message);
$this->assertEquals($output->data->module_srl, 111); $this->assertEquals($output->data->module_srl, 111);
} }
function test_module_getInfo(){ function test_module_getInfo(){
$args->site_srl = 0; $args->site_srl = 0;
$output = executeQuery('module.getSiteInfo', $args); $output = executeQuery('module.getSiteInfo', $args);
$this->assertTrue(is_a($output, 'Object')); $this->assertTrue(is_a($output, 'Object'));
$this->assertEquals(0, $output->error, $output->message); $this->assertEquals(0, $output->error, $output->message);
} }
function test_document_getDocumentList_pagination(){ function test_document_getDocumentList_pagination(){
$args->sort_index = 'list_order'; $args->sort_index = 'list_order';
$args->order_type = 'asc'; $args->order_type = 'asc';
@ -25,11 +25,11 @@
$args->list_count = 30; $args->list_count = 30;
$args->page_count = 10; $args->page_count = 10;
$args->s_member_srl = 4; $args->s_member_srl = 4;
$output = executeQuery('document.getDocumentList', $args); $output = executeQuery('document.getDocumentList', $args);
$this->assertEquals(0, $output->error, $output->message); $this->assertEquals(0, $output->error, $output->message . PHP_EOL . $output->variables["_query"]);
} }
function test_syndication_getDocumentList(){ function test_syndication_getDocumentList(){
$args->module_srl = NULL; $args->module_srl = NULL;
$args->exclude_module_srl = NULL; $args->exclude_module_srl = NULL;
@ -37,7 +37,7 @@
$args->sort_index = 'list_order'; $args->sort_index = 'list_order';
$args->order_type = 'asc'; $args->order_type = 'asc';
$args->page = 5; $args->page = 5;
$args->list_count = 30; $args->list_count = 30;
$args->page_count = 10; $args->page_count = 10;
$args->start_date = NULL; $args->start_date = NULL;
$args->end_date = NULL; $args->end_date = NULL;
@ -45,8 +45,8 @@
$output = executeQuery('document.getDocumentList', $args); $output = executeQuery('document.getDocumentList', $args);
$this->assertTrue(is_int($output->page), $output->message); $this->assertTrue(is_int($output->page), $output->message);
} }
function test_member_getMemberList(){ function test_member_getMemberList(){
$args->is_admin = ''; $args->is_admin = '';
$args->is_denied = ''; $args->is_denied = '';
@ -54,9 +54,9 @@
$args->sort_order = 'asc'; $args->sort_order = 'asc';
$args->list_count = 40; $args->list_count = 40;
$args->page_count = 10; $args->page_count = 10;
$output = executeQuery('member.getMemberList', $args); $output = executeQuery('member.getMemberList', $args);
$this->assertEquals(0, $output->error, $output->message); $this->assertEquals(0, $output->error, $output->message);
} }
} }
?> ?>

8
test-phpUnit/db/xml_query/mssql/MssqlSelectTest.php
View file

@ -145,6 +145,14 @@
$this->_test($xml_file, $argsString, $expected, array("25")); $this->_test($xml_file, $argsString, $expected, array("25"));
} }
function test_module_getModuleSites(){
$xml_file = _XE_PATH_ . "modules/module/queries/getModuleSites.xml";
//$argsString = '$args->module_srls = array(67, 65);';
$argsString = '$args->module_srls = "67, 65";';
$expected = 'SELECT [modules].[module_srl] as [module_srl], [sites].[domain] as [domain] FROM [xe_modules] as [modules] , [xe_sites] as [sites] WHERE [modules].[module_srl] in (?,?) and [sites].[site_srl] = [modules].[site_srl]';
$this->_test($xml_file, $argsString, $expected, array("67", "65"));
}
// TODO Something fishy about this query - to be investigated // TODO Something fishy about this query - to be investigated