CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
escapeField example
/**
* {@inheritdoc}
*/
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
$values = $this->getInsertPlaceholderFragment($this->insertValues, $this->defaultFields);
$query .= implode(', ', $values);
// Updating the unique / primary key is not necessary. unset($insert_fields[$this->key]);
$update = [];
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
$values = $this->getInsertPlaceholderFragment($this->insertValues, $this->defaultFields);
$query .= implode(', ', $values);
// Updating the unique / primary key is not necessary. unset($insert_fields[$this->key]);
$update = [];
// Expressions take priority over literal fields, so we process those first
// and remove any literal fields that conflict.
$fields = $this->fields;
$update_fields = [];
foreach ($this->expressionFields as $field => $data) {
if ($data['expression'] instanceof SelectInterface) {
// Compile and cast expression subquery to a string. $data['expression']->compile($this->connection, $this);
$data['expression'] = ' (' . $data['expression'] . ')';
}
$update_fields[] = $this->connection->escapeField($field) . '=' . $data['expression'];
unset($fields[$field]);
}
$max_placeholder = 0;
foreach ($fields as $field => $value) {
$update_fields[] = $this->connection->escapeField($field) . '=:db_update_placeholder_' . ($max_placeholder++);
}
$query = $comments . 'UPDATE {' . $this->connection->escapeTable($this->table) . '} SET ' . implode(', ', $update_fields);
if (count($this->condition)) {
$update_fields = [];
foreach ($this->expressionFields as $field => $data) {
if ($data['expression'] instanceof SelectInterface) {
// Compile and cast expression subquery to a string. $data['expression']->compile($this->connection, $this);
$data['expression'] = ' (' . $data['expression'] . ')';
}
$update_fields[] = $this->connection->escapeField($field) . '=' . $data['expression'];
unset($fields[$field]);
}
$max_placeholder = 0;
foreach ($fields as $field => $value) {
$update_fields[] = $this->connection->escapeField($field) . '=:db_update_placeholder_' . ($max_placeholder++);
}
$query = $comments . 'UPDATE {' . $this->connection->escapeTable($this->table) . '} SET ' . implode(', ', $update_fields);
if (count($this->condition)) {
/**
* {@inheritdoc}
*/
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
$values = $this->getInsertPlaceholderFragment($this->insertValues, $this->defaultFields);
$query .= implode(', ', $values);
// Updating the unique / primary key is not necessary. unset($insert_fields[$this->key]);
$update = [];
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
$values = $this->getInsertPlaceholderFragment($this->insertValues, $this->defaultFields);
$query .= implode(', ', $values);
// Updating the unique / primary key is not necessary. unset($insert_fields[$this->key]);
$update = [];
// twice: Once through table_alias.* and once directly. If the field
// actually belongs to a different table, it must be added manually.
foreach ($this->tables as $table) {
if (!empty($table['all_fields'])) {
return $this;
}
}
// If $field contains characters which are not allowed in a field name // it is considered an expression, these can't be handled automatically // either. if ($this->connection->escapeField($field) != $field) {
return $this;
}
// This is a case that can be handled automatically, add the field. $this->addField(NULL, $field);
return $this;
}
/** * {@inheritdoc} */
if (!empty($table['all_fields'])) {
return $this;
}
}
// If $field contains characters which are not allowed in a field name // it is considered an expression, these can't be handled automatically // either. if ($this->connection->escapeField($field) != $field) {
return $this;
}
// This is a case that can be handled automatically, add the field. $this->addField(NULL, $field);
return $this;
}
/** * {@inheritdoc} */
return $last_insert_id;
}
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
// If we're selecting from a SelectQuery, finish building the query and // pass it back, as any remaining options are irrelevant. if (!empty($this->fromQuery)) {
$insert_fields_string = $insert_fields ? ' (' . implode(', ', $insert_fields) . ') ' : ' ';
return $comments . 'INSERT INTO {' . $this->table . '}' . $insert_fields_string . $this->fromQuery;
}
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
}
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
// If we're selecting from a SelectQuery, finish building the query and // pass it back, as any remaining options are irrelevant. if (!empty($this->fromQuery)) {
$insert_fields_string = $insert_fields ? ' (' . implode(', ', $insert_fields) . ') ' : ' ';
return $comments . 'INSERT INTO {' . $this->table . '}' . $insert_fields_string . $this->fromQuery;
}
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
}
/** * @covers ::escapeField * @dataProvider providerEscapeFields */
public function testEscapeField($expected, $name, array $identifier_quote = ['"', '"']) {
$mock_pdo = $this->createMock(StubPDO::class);
$connection = new StubConnection($mock_pdo, [], $identifier_quote);
$this->assertEquals($expected, $connection->escapeField($name));
}
/** * Data provider for testEscapeDatabase. * * @return array * An indexed array of where each value is an array of arguments to pass to * testEscapeField. The first value is the expected value, and the second * value is the value to test. */
public function providerEscapeDatabase() {
/**
* {@inheritdoc}
*/
public function escapeLike($string) {
return $this->connection->escapeLike($string);
}
/** * {@inheritdoc} */
public function escapeField($string) {
return $this->connection->escapeField($string);
}
/** * {@inheritdoc} */
public function getArguments(PlaceholderInterface $queryPlaceholder = NULL) {
if (!isset($queryPlaceholder)) {
$queryPlaceholder = $this;
}
$this->compile($this->connection, $queryPlaceholder);
return $this->arguments();
}
public function escapeLike($string) {
return $this->connection->escapeLike($string);
}
/** * {@inheritdoc} */
public function escapeField($string) {
return $this->connection->escapeField($string);
}
/** * {@inheritdoc} */
public function getArguments(PlaceholderInterface $queryPlaceholder = NULL) {
if (!isset($queryPlaceholder)) {
$queryPlaceholder = $this;
}
$this->compile($this->connection, $queryPlaceholder);
return $this->arguments();
}
$or = $this->connection->condition('OR');
$or->condition($condition['field'], $condition['value'], $condition['operator']);
// Sadly, the Database layer doesn't allow us to build a condition // in the form ':placeholder = :placeholder2', because the 'field' // part of a condition is always escaped. // As a (cheap) workaround, we separately build a condition with no // field, and concatenate the field and the condition separately. $value_part = $this->connection->condition('AND');
$value_part->condition('anonymous_name', $condition['value'], $condition['operator']);
$value_part->compile($this->connection, $query);
$or->condition(($this->connection->condition('AND'))
->where(str_replace($query->escapeField('anonymous_name'), ':anonymous_name', (string) $value_part), $value_part->arguments() + [':anonymous_name' => \Drupal::config('user.settings')->get('anonymous')])
->condition('base_table.uid', 0)
);
$query->condition($or);
}
}
}
}
}
$or->condition($condition['field'], $condition['value'], $condition['operator']);
// Sadly, the Database layer doesn't allow us to build a condition // in the form ':placeholder = :placeholder2', because the 'field' // part of a condition is always escaped. // As a (cheap) workaround, we separately build a condition with no // field, and concatenate the field and the condition separately. $value_part = $this->connection->condition('AND');
$value_part->condition('anonymous_name', $condition['value'], $condition['operator']);
$value_part->compile($this->connection, $query);
$or->condition(($this->connection->condition('AND'))
->where(str_replace($query->escapeField('anonymous_name'), ':anonymous_name', (string) $value_part), $value_part->arguments() + [':anonymous_name' => \Drupal::config('user.settings')->get('anonymous')])
->condition('base_table.uid', 0)
);
$query->condition($or);
}
}
}
}
}
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Produce as many generic placeholders as necessary. $placeholders = [];
if (!empty($this->insertFields)) {
$placeholders = array_fill(0, count($this->insertFields), '?');
}
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $this->insertFields);
// If we're selecting from a SelectQuery, finish building the query and // pass it back, as any remaining options are irrelevant. if (!empty($this->fromQuery)) {
$insert_fields_string = $insert_fields ? ' (' . implode(', ', $insert_fields) . ') ' : ' ';
return $comments . 'INSERT INTO {' . $this->table . '}' . $insert_fields_string . $this->fromQuery;
}
return $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES (' . implode(', ', $placeholders) . ')';
}
}
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Produce as many generic placeholders as necessary. $placeholders = [];
if (!empty($this->insertFields)) {
$placeholders = array_fill(0, count($this->insertFields), '?');
}
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $this->insertFields);
// If we're selecting from a SelectQuery, finish building the query and // pass it back, as any remaining options are irrelevant. if (!empty($this->fromQuery)) {
$insert_fields_string = $insert_fields ? ' (' . implode(', ', $insert_fields) . ') ' : ' ';
return $comments . 'INSERT INTO {' . $this->table . '}' . $insert_fields_string . $this->fromQuery;
}
return $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES (' . implode(', ', $placeholders) . ')';
}
}
/**
* Implements entity query conditions for PostgreSQL databases.
*/
class Condition extends BaseCondition {
/** * {@inheritdoc} */
public static function translateCondition(&$condition, SelectInterface $sql_query, $case_sensitive) {
if (is_array($condition['value']) && $case_sensitive === FALSE) {
$condition['where'] = 'LOWER(' . $sql_query->escapeField($condition['real_field']) . ') ' . $condition['operator'] . ' (';
$condition['where_args'] = [];
// Only use the array values in case an associative array is passed as an // argument following similar pattern in // \Drupal\Core\Database\Connection::expandArguments(). $where_prefix = str_replace('.', '_', $condition['real_field']);
foreach ($condition['value'] as $key => $value) {
$where_id = $where_prefix . $key;
$condition['where'] .= 'LOWER(:' . $where_id . '),';
$condition['where_args'][':' . $where_id] = $value;
}
class Condition extends BaseCondition {
/** * {@inheritdoc} */
public static function translateCondition(&$condition, SelectInterface $sql_query, $case_sensitive) {
if (is_array($condition['value']) && $case_sensitive === FALSE) {
$condition['where'] = 'LOWER(' . $sql_query->escapeField($condition['real_field']) . ') ' . $condition['operator'] . ' (';
$condition['where_args'] = [];
// Only use the array values in case an associative array is passed as an // argument following similar pattern in // \Drupal\Core\Database\Connection::expandArguments(). $where_prefix = str_replace('.', '_', $condition['real_field']);
foreach ($condition['value'] as $key => $value) {
$where_id = $where_prefix . $key;
$condition['where'] .= 'LOWER(:' . $where_id . '),';
$condition['where_args'][':' . $where_id] = $value;
}
return $last_insert_id ?? NULL;
}
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$f) {
return $this->connection->escapeField($f);
}, $insert_fields);
// If we're selecting from a SelectQuery, finish building the query and // pass it back, as any remaining options are irrelevant. if (!empty($this->fromQuery)) {
$insert_fields_string = $insert_fields ? ' (' . implode(', ', $insert_fields) . ') ' : ' ';
$query = $comments . 'INSERT INTO {' . $this->table . '}' . $insert_fields_string . $this->fromQuery;
}
else {
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
}
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$f) {
return $this->connection->escapeField($f);
}, $insert_fields);
// If we're selecting from a SelectQuery, finish building the query and // pass it back, as any remaining options are irrelevant. if (!empty($this->fromQuery)) {
$insert_fields_string = $insert_fields ? ' (' . implode(', ', $insert_fields) . ') ' : ' ';
$query = $comments . 'INSERT INTO {' . $this->table . '}' . $insert_fields_string . $this->fromQuery;
}
else {
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
/**
* {@inheritdoc}
*/
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
$values = $this->getInsertPlaceholderFragment($this->insertValues, $this->defaultFields);
$query .= implode(', ', $values);
// Updating the unique / primary key is not necessary. unset($insert_fields[$this->key]);
$update = [];
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
$values = $this->getInsertPlaceholderFragment($this->insertValues, $this->defaultFields);
$query .= implode(', ', $values);
// Updating the unique / primary key is not necessary. unset($insert_fields[$this->key]);
$update = [];
'name = :db_condition_placeholder_0', 'name'],
['name123 = :db_condition_placeholder_0', 'name-123'],
];
}
/** * @covers ::compile * @dataProvider providerSimpleCondition */
public function testSimpleCondition($expected, $field_name) {
$connection = $this->prophesize(Connection::class);
$connection->escapeField($field_name)->will(function D$args) {
return preg_replace('/[^A-Za-z0-9_.]+/', '', $args[0]);
});
$connection->mapConditionOperator('=')->willReturn(['operator' => '=']);
$connection->condition('AND')->willReturn(new Condition('AND'));
$connection = $connection->reveal();
$query_placeholder = $this->prophesize(PlaceholderInterface::class);
$counter = 0;
$query_placeholder->nextPlaceholder()->will(function D) use (&$counter) {
return $counter++;
});
['name123 = :db_condition_placeholder_0', 'name-123'],
];
}
/** * @covers ::compile * @dataProvider providerSimpleCondition */
public function testSimpleCondition($expected, $field_name) {
$connection = $this->prophesize(Connection::class);
$connection->escapeField($field_name)->will(function D$args) {
return preg_replace('/[^A-Za-z0-9_.]+/', '', $args[0]);
});
$connection->mapConditionOperator('=')->willReturn(['operator' => '=']);
$connection->condition('AND')->willReturn(new Condition('AND'));
$connection = $connection->reveal();
$query_placeholder = $this->prophesize(PlaceholderInterface::class);
$counter = 0;
$query_placeholder->nextPlaceholder()->will(function D) use (&$counter) {
return $counter++;
});
elseif (!isset($condition['operator'])) {
// Left hand part is a literal string added with the // @see ConditionInterface::where() method. Put brackets around // the snippet and collect the arguments from the value part. // Also ignore the operator and value parts. $field_fragment = '(' . $condition['field'] . ')';
$arguments += $condition['value'];
$ignore_operator = TRUE;
}
else {
// Left hand part is a normal field. Add it as is. $field_fragment = $connection->escapeField($condition['field']);
$ignore_operator = FALSE;
}
// Process operator. if ($ignore_operator) {
$operator = ['operator' => '', 'use_value' => FALSE];
}
else {
// Remove potentially dangerous characters. // If something passed in an invalid character stop early, so we // don't rely on a broken SQL statement when we would just replace
// Left hand part is a literal string added with the // @see ConditionInterface::where() method. Put brackets around // the snippet and collect the arguments from the value part. // Also ignore the operator and value parts. $field_fragment = '(' . $condition['field'] . ')';
$arguments += $condition['value'];
$ignore_operator = TRUE;
}
else {
// Left hand part is a normal field. Add it as is. $field_fragment = $connection->escapeField($condition['field']);
$ignore_operator = FALSE;
}
// Process operator. if ($ignore_operator) {
$operator = ['operator' => '', 'use_value' => FALSE];
}
else {
// Remove potentially dangerous characters. // If something passed in an invalid character stop early, so we // don't rely on a broken SQL statement when we would just replace
protected function createFieldSql($name, $spec) {
$name = $this->connection->escapeField($name);
if (!empty($spec['auto_increment'])) {
$sql = $name . " INTEGER PRIMARY KEY AUTOINCREMENT";
if (!empty($spec['unsigned'])) {
$sql .= ' CHECK (' . $name . '>= 0)';
}
}
else {
$sql = $name . ' ' . $spec['sqlite_type'];
if (in_array($spec['sqlite_type'], ['VARCHAR', 'TEXT'])) {
if (isset($spec['length'])) {