CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
makeComment example
catch (\Exception $e) {
$this->connection->rollbackSavepoint();
$this->connection->exceptionHandler()->handleExecutionException($e, $stmt, [], $options);
}
}
/** * {@inheritdoc} */
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
$values = $this->getInsertPlaceholderFragment($this->insertValues, $this->defaultFields);
$query .= implode(', ', $values);
$this->connection->rollbackSavepoint();
$this->connection->exceptionHandler()->handleExecutionException($e, $stmt, [], $options);
}
}
/** * {@inheritdoc} */
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
$values = $this->getInsertPlaceholderFragment($this->insertValues, $this->defaultFields);
$query .= implode(', ', $values);
}
/** * Implements PHP magic __toString method to convert the query to a string. * * @return string * The prepared statement. */
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
$query = $comments . 'DELETE FROM {' . $this->connection->escapeTable($this->table) . '} ';
if (count($this->condition)) {
$this->condition->compile($this->connection, $this);
$query .= "\nWHERE " . $this->condition;
}
return $query;
}
}
public function __construct(Connection $connection, string $table, array $options = []) {
// @todo Remove the __construct in Drupal 11. // @see https://www.drupal.org/project/drupal/issues/3256524 parent::__construct($connection, $table, $options);
unset($this->queryOptions['return']);
}
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
return $comments . 'DELETE FROM {' . $this->connection->escapeTable($this->table) . '} ';
}
}
$this->connection->exceptionHandler()->handleExecutionException($e, $stmt, $values, $this->queryOptions);
}
// Re-initialize the values array so that we can re-use this query. $this->insertValues = [];
return $last_insert_id;
}
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
// If we're selecting from a SelectQuery, finish building the query and // pass it back, as any remaining options are irrelevant. if (!empty($this->fromQuery)) {
$insert_fields_string = $insert_fields ? ' (' . implode(', ', $insert_fields) . ') ' : ' ';
}
// Re-initialize the values array so that we can re-use this query. $this->insertValues = [];
return $last_insert_id;
}
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
// If we're selecting from a SelectQuery, finish building the query and // pass it back, as any remaining options are irrelevant. if (!empty($this->fromQuery)) {
$insert_fields_string = $insert_fields ? ' (' . implode(', ', $insert_fields) . ') ' : ' ';
return NULL;
}
/** * Implements PHP magic __toString method to convert the query to a string. * * @return string * The prepared statement. */
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// In most cases, TRUNCATE is not a transaction safe statement as it is a // DDL statement which results in an implicit COMMIT. When we are in a // transaction, fallback to the slower, but transactional, DELETE. // PostgreSQL also locks the entire table for a TRUNCATE strongly reducing // the concurrency with other transactions. if ($this->connection->inTransaction()) {
return $comments . 'DELETE FROM {' . $this->connection->escapeTable($this->table) . '}';
}
else {
return $comments . 'TRUNCATE {' . $this->connection->escapeTable($this->table) . '} ';
}
}
/** * Implements PHP magic __toString method to convert the query to a string. * * @return string * The prepared statement. */
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// In most cases, TRUNCATE is not a transaction safe statement as it is a // DDL statement which results in an implicit COMMIT. When we are in a // transaction, fallback to the slower, but transactional, DELETE. // PostgreSQL also locks the entire table for a TRUNCATE strongly reducing // the concurrency with other transactions. if ($this->connection->inTransaction()) {
return $comments . 'DELETE FROM {' . $this->connection->escapeTable($this->table) . '}';
}
else {
return $comments . 'TRUNCATE {' . $this->connection->escapeTable($this->table) . '} ';
}
public function __toString() {
// For convenience, we compile the query ourselves if the caller forgot // to do it. This allows constructs like "(string) $query" to work. When // the query will be executed, it will be recompiled using the proper // placeholder generator anyway. if (!$this->compiled()) {
$this->compile($this->connection, $this);
}
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// SELECT $query = $comments . 'SELECT ';
if ($this->distinct) {
$query .= 'DISTINCT ';
}
// FIELDS and EXPRESSIONS $fields = [];
foreach ($this->tables as $alias => $table) {
if (!empty($table['all_fields'])) {
}
/** * Implements PHP magic __toString method to convert the query to a string. * * @return string * The prepared statement. */
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Expressions take priority over literal fields, so we process those first // and remove any literal fields that conflict. $fields = $this->fields;
$update_fields = [];
foreach ($this->expressionFields as $field => $data) {
if ($data['expression'] instanceof SelectInterface) {
// Compile and cast expression subquery to a string. $data['expression']->compile($this->connection, $this);
$data['expression'] = ' (' . $data['expression'] . ')';
}
// @todo Remove the __construct in Drupal 11.
// @see https://www.drupal.org/project/drupal/issues/3256524
parent::__construct($connection, $table, $options);
unset($this->queryOptions['return']);
}
/** * {@inheritdoc} */
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
$values = $this->getInsertPlaceholderFragment($this->insertValues, $this->defaultFields);
$query .= implode(', ', $values);
unset($this->queryOptions['return']);
}
/** * {@inheritdoc} */
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
$values = $this->getInsertPlaceholderFragment($this->insertValues, $this->defaultFields);
$query .= implode(', ', $values);
$query = (string) $query;
$expected = "/* Testing query comments * / SELECT nid FROM {node}. -- */";
// Check the returned number of rows. $this->assertCount(4, $records);
// Check that the flattened query contains the sanitized comment string. $this->assertStringContainsString($expected, $query);
$connection = Database::getConnection();
foreach ($this->makeCommentsProvider() as $test_set) {
[$expected, $comments] = $test_set;
$this->assertEquals($expected, $connection->makeComment($comments));
}
}
/** * Provides expected and input values for testVulnerableComment(). */
public function makeCommentsProvider() {
return [
[
'/* */ ',
[''],
],
$expected = "/* Testing query comments * / SELECT nid FROM {node}. -- */";
// Check the returned number of rows. $this->assertCount(4, $records);
// Check that the flattened query contains the sanitized comment string. $this->assertStringContainsString($expected, $query);
$connection = Database::getConnection();
foreach ($this->makeCommentsProvider() as $test_set) {
[$expected, $comments] = $test_set;
$this->assertEquals($expected, $connection->makeComment($comments));
}
}
/** * Provides expected and input values for testVulnerableComment(). */
public function makeCommentsProvider() {
return [
[
'/* */ ',
[''],
],
return $last_insert_id;
}
/** * Implements PHP magic __toString method to convert the query to a string. * * @return string * The prepared statement. */
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
if (!empty($this->fromQuery)) {
return $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') ' . $this->fromQuery;
}
// For simplicity, we will use the $placeholders array to inject // default keywords even though they are not, strictly speaking, // placeholders for prepared statements.
}
/** * Implements PHP magic __toString method to convert the query to a string. * * @return string * The prepared statement. */
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
if (!empty($this->fromQuery)) {
return $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') ' . $this->fromQuery;
}
// For simplicity, we will use the $placeholders array to inject // default keywords even though they are not, strictly speaking, // placeholders for prepared statements.
}
return $this->connection->lastInsertId();
}
/** * {@inheritdoc} */
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Produce as many generic placeholders as necessary. $placeholders = [];
if (!empty($this->insertFields)) {
$placeholders = array_fill(0, count($this->insertFields), '?');
}
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $this->insertFields);
}
/** * Tests Connection::makeComments(). * * @dataProvider providerMakeComments */
public function testMakeComments($expected, $comment_array) {
$mock_pdo = $this->createMock('Drupal\Tests\Core\Database\Stub\StubPDO');
$connection = new StubConnection($mock_pdo, []);
$this->assertEquals($expected, $connection->makeComment($comment_array));
}
/** * Data provider for testFilterComments(). * * @return array * Array of arrays with the following elements: * - Expected filtered comment. * - Comment to filter. */
public function providerFilterComments() {
$this->connection->exceptionHandler()->handleExecutionException($e, $stmt, [], $this->queryOptions);
}
// Re-initialize the values array so that we can re-use this query. $this->insertValues = [];
return $last_insert_id ?? NULL;
}
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$f) {
return $this->connection->escapeField($f);
}, $insert_fields);
// If we're selecting from a SelectQuery, finish building the query and // pass it back, as any remaining options are irrelevant. if (!empty($this->fromQuery)) {
}
// Re-initialize the values array so that we can re-use this query. $this->insertValues = [];
return $last_insert_id ?? NULL;
}
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$f) {
return $this->connection->escapeField($f);
}, $insert_fields);
// If we're selecting from a SelectQuery, finish building the query and // pass it back, as any remaining options are irrelevant. if (!empty($this->fromQuery)) {
// @todo Remove the __construct in Drupal 11.
// @see https://www.drupal.org/project/drupal/issues/3256524
parent::__construct($connection, $table, $options);
unset($this->queryOptions['return']);
}
/** * {@inheritdoc} */
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
$values = $this->getInsertPlaceholderFragment($this->insertValues, $this->defaultFields);
$query .= implode(', ', $values);
unset($this->queryOptions['return']);
}
/** * {@inheritdoc} */
public function __toString() {
// Create a sanitized comment string to prepend to the query. $comments = $this->connection->makeComment($this->comments);
// Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields);
$insert_fields = array_map(function D$field) {
return $this->connection->escapeField($field);
}, $insert_fields);
$query = $comments . 'INSERT INTO {' . $this->table . '} (' . implode(', ', $insert_fields) . ') VALUES ';
$values = $this->getInsertPlaceholderFragment($this->insertValues, $this->defaultFields);
$query .= implode(', ', $values);