CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
quote example
public function sGetOpenOrderData($destinationPage = 1, $perPage = 10)
{
$shop = Shopware()->Shop();
$mainShop = $shop->getMain() !== null ? $shop->getMain() : $shop;
$destinationPage = !empty($destinationPage) ? $destinationPage : 1;
$limitStart = Shopware()->Db()->quote(($destinationPage - 1) * $perPage);
$limitEnd = Shopware()->Db()->quote($perPage);
$sql = " SELECT SQL_CALC_FOUND_ROWS o.*, cu.templatechar as currency_html, cu.symbol_position as currency_position, DATE_FORMAT(ordertime, '%d.%m.%Y %H:%i') AS datum, state.name as stateName FROM s_order o LEFT JOIN s_core_currencies as cu ON o.currency = cu.currency LEFT JOIN s_core_states as state ON state.id = o.status WHERE userID = ? AND status != -1 AND subshopID = ? ORDER BY ordertime DESC LIMIT
$query = $this->getConnection()->query('SELECT id, content, contentHTML FROM `s_core_config_mails` WHERE dirty = 0');
$untouchedMails = $query->fetchAll();
foreach ($untouchedMails as $mail) {
$replacedContent = $this->replaceOldVarSyntax($mail['content']);
$replacedContentHTML = $this->replaceOldVarSyntax($mail['contentHTML']);
if ($replacedContent != $mail['content'] || $replacedContentHTML != $mail['contentHTML']) {
$mailId = $mail['id'];
$replacedContent = !empty($replacedContent) ? trim($this->getConnection()->quote($replacedContent), "'") : '';
$replacedContentHTML = !empty($replacedContentHTML) ? trim($this->getConnection()->quote($replacedContentHTML), "'") : '';
$sql = <<<EOL UPDATE `s_core_config_mails` SET content="$replacedContent", contentHTML="$replacedContentHTML" WHERE id = $mailId; EOL;
else {
$sql .= ' NULL';
}
}
if (!empty($spec['unsigned'])) {
$sql .= ' CHECK (' . $name . '>= 0)';
}
if (isset($spec['default'])) {
if (is_string($spec['default'])) {
$spec['default'] = $this->connection->quote($spec['default']);
}
$sql .= ' DEFAULT ' . $spec['default'];
}
if (empty($spec['not null']) && !isset($spec['default'])) {
$sql .= ' DEFAULT NULL';
}
}
return $sql;
}
$sql .= ' NULL';
}
}
if (!empty($spec['unsigned'])) {
$sql .= ' CHECK (' . $name . '>= 0)';
}
if (isset($spec['default'])) {
if (is_string($spec['default'])) {
$spec['default'] = $this->connection->quote($spec['default']);
}
$sql .= ' DEFAULT ' . $spec['default'];
}
if (empty($spec['not null']) && !isset($spec['default'])) {
$sql .= ' DEFAULT NULL';
}
}
return $sql;
}
$context = $context->getContext();
$taxId = Uuid::randomHex();
$taxRate = 15.0;
$repo = $this->getRepository();
$criteria = new Criteria();
$connection = $this->getContainer()->get(Connection::class);
$insertInjection = sprintf(
'INSERT INTO `tax` (id, tax_rate, name, created_at) VALUES(UNHEX(%s), %s, "foo", %s)',
(string) $connection->quote($taxId),
(string) $taxRate, // use php string conversion, to avoid locale based float to string conversion in sprintf (new \DateTime())->format(Defaults::STORAGE_DATE_TIME_FORMAT)
);
$keyWithQuotes = sprintf(
'data.%s\')) = "%s"); %s; SELECT 1 FROM ((("',
$randomKey,
'bar',
$insertInjection
);
$criteria->addFilter(new EqualsFilter($keyWithQuotes, 'bar'));
$taxId = Uuid::randomHex();
$taxRate = 15.0;
$repo = $this->getRepository();
$criteria = new Criteria();
$connection = $this->getContainer()->get(Connection::class);
$insertInjection = sprintf(
'INSERT INTO `tax` (id, tax_rate, name, created_at) VALUES(UNHEX(%s), %s, "foo", %s)',
(string) $connection->quote($taxId),
(string) $taxRate, // use php string conversion, to avoid locale based float to string conversion in sprintf (new \DateTime())->format(Defaults::STORAGE_DATE_TIME_FORMAT)
);
$keyWithQuotes = sprintf(
'data.%s\')) = "%s"); %s; SELECT 1 FROM ((("',
$randomKey,
'bar',
$insertInjection
);
$criteria->addFilter(new EqualsFilter($keyWithQuotes, 'bar'));
public function getLocalesAction()
{
$current = Shopware()->Container()->get('locale');
$locales = $this->getPlugin()->getLocales();
$locales = Shopware()->Db()->quote($locales);
$sql = 'SELECT id, locale FROM s_core_locales WHERE id IN (' . $locales . ')';
$locales = Shopware()->Db()->fetchPairs($sql);
$data = [];
foreach ($locales as $id => $locale) {
list($l, $t) = explode('_', $locale);
$l = $current::getTranslation($l, 'language', $current);
$t = $current::getTranslation($t, 'territory', $current);
$data[] = [
'id' => $id,
'name' => "$l ($t)",
];
// Clone the query so the prepare and compile doesn't get repeated.
$clone = clone($this);
$clone->prepare()
->compile()
->addSort()
->finish();
// Quote arguments so query is able to be run. $quoted = [];
foreach ($clone->sqlQuery->getArguments() as $key => $value) {
$quoted[$key] = is_null($value) ? 'NULL' : $this->connection->quote($value);
}
// Replace table name brackets. $sql = $clone->connection->prefixTables((string) $clone->sqlQuery);
$sql = $clone->connection->quoteIdentifiers($sql);
return strtr($sql, $quoted);
}
}
$clone->prepare()
->compile()
->addSort()
->finish();
// Quote arguments so query is able to be run. $quoted = [];
foreach ($clone->sqlQuery->getArguments() as $key => $value) {
$quoted[$key] = is_null($value) ? 'NULL' : $this->connection->quote($value);
}
// Replace table name brackets. $sql = $clone->connection->prefixTables((string) $clone->sqlQuery);
$sql = $clone->connection->quoteIdentifiers($sql);
return strtr($sql, $quoted);
}
}
if ($format === 'sql') {
$this->Response()->headers->set('content-type: text/plain', '');
$this->Response()->headers->set('content-disposition', 'attachment; filename="export.sql"');
$sql = 'SELECT * FROM s_core_snippets ORDER BY namespace';
$result = $this->database->query($sql);
$rows = [];
echo "REPLACE INTO `s_core_snippets` (`namespace`, `name`, `value`, `localeID`, `shopID`,`created`, `updated`, `dirty`) VALUES \r\n";
foreach ($result->fetchAll() as $row) {
$value = $this->database->quote($row['value']);
$value = str_replace("\n", '\\n', $value);
$rows[] = sprintf(
"(%s, %s, %s, '%s', '%s', '%s', NOW(), %d)",
$this->database->quote($row['namespace']),
$this->database->quote($row['name']),
$value,
(int) $row['localeID'],
(int) $row['shopID'],
$row['created'],
$row['dirty']
);
$this->Response()->headers->set('content-type: text/plain', '');
$this->Response()->headers->set('content-disposition', 'attachment; filename="export.sql"');
$sql = 'SELECT * FROM s_core_snippets ORDER BY namespace';
$result = $this->database->query($sql);
$rows = [];
echo "REPLACE INTO `s_core_snippets` (`namespace`, `name`, `value`, `localeID`, `shopID`,`created`, `updated`, `dirty`) VALUES \r\n";
foreach ($result->fetchAll() as $row) {
$value = $this->database->quote($row['value']);
$value = str_replace("\n", '\\n', $value);
$rows[] = sprintf(
"(%s, %s, %s, '%s', '%s', '%s', NOW(), %d)",
$this->database->quote($row['namespace']),
$this->database->quote($row['name']),
$value,
(int) $row['localeID'],
(int) $row['shopID'],
$row['created'],
$row['dirty']
);
$expected->condition("entity_test_mulrev__$figures.{$figures}_color", ["blue"], "IN");
$expected->condition("entity_test_mulrev__{$figures}_2.{$figures}_color", ["red"], "IN");
$expected->isNull("entity_test_mulrev__{$figures}_3.{$figures}_color");
$expected->orderBy("base_table.id");
// Apply table prefixes and quote identifiers for the expected SQL. $expected_string = $connection->prefixTables((string) $expected);
$expected_string = $connection->quoteIdentifiers($expected_string);
// Resolve placeholders in the expected SQL to their values. $quoted = [];
foreach ($expected->getArguments() as $key => $value) {
$quoted[$key] = $connection->quote($value);
}
$expected_string = strtr($expected_string, $quoted);
$this->assertSame($expected_string, (string) $query);
}
/** * Test the accessCheck method is called. */
public function testAccessCheckSpecified() {
$this->expectException(QueryException::class);
$expected->condition("entity_test_mulrev__{$figures}_2.{$figures}_color", ["red"], "IN");
$expected->isNull("entity_test_mulrev__{$figures}_3.{$figures}_color");
$expected->orderBy("base_table.id");
// Apply table prefixes and quote identifiers for the expected SQL. $expected_string = $connection->prefixTables((string) $expected);
$expected_string = $connection->quoteIdentifiers($expected_string);
// Resolve placeholders in the expected SQL to their values. $quoted = [];
foreach ($expected->getArguments() as $key => $value) {
$quoted[$key] = $connection->quote($value);
}
$expected_string = strtr($expected_string, $quoted);
$this->assertSame($expected_string, (string) $query);
}
/** * Test the accessCheck method is called. */
public function testAccessCheckSpecified() {
$this->expectException(QueryException::class);
protected function dumpTable($table, $name, $ids, $newBackup)
{
$quotedIds = '(' . $this->getDqlHelper()->getDb()->quote($ids, PDO::PARAM_INT) . ')';
$path = $this->getOutputPath($name);
$hash = uniqid();
$outFileData = $path . $table . '.' . $hash . '.datasql';
$outFileHeader = $path . $table . '.headersql';
$outFileFooter = $path . $table . '.footersql';
$fileHandle = fopen($outFileData, 'w');
if (!\is_resource($fileHandle)) {
throw new RuntimeException(sprintf('Could not open stream at "%s"', $outFileData));
}
$this->connection->query('ALTER TABLE {' . $table . '} DROP [' . $field . ']');
return TRUE;
}
/** * {@inheritdoc} */
public function indexExists($table, $name) {
// Returns one row for each column in the index. Result is string or FALSE. // Details at http://dev.mysql.com/doc/refman/5.0/en/show-index.html $row = $this->connection->query('SHOW INDEX FROM {' . $table . '} WHERE key_name = ' . $this->connection->quote($name))->fetchAssoc();
return isset($row['Key_name']);
}
/** * {@inheritdoc} */
public function addPrimaryKey($table, $fields) {
if (!$this->tableExists($table)) {
throw new SchemaObjectDoesNotExistException("Cannot add primary key to table '$table': table doesn't exist.");
}
if ($this->indexExists($table, 'PRIMARY')) {
return TRUE;
}
/** * {@inheritdoc} */
public function indexExists($table, $name) {
// Returns one row for each column in the index. Result is string or FALSE. // Details at http://dev.mysql.com/doc/refman/5.0/en/show-index.html $row = $this->connection->query('SHOW INDEX FROM {' . $table . '} WHERE key_name = ' . $this->connection->quote($name))->fetchAssoc();
return isset($row['Key_name']);
}
/** * {@inheritdoc} */
public function addPrimaryKey($table, $fields) {
if (!$this->tableExists($table)) {
throw new SchemaObjectDoesNotExistException("Cannot add primary key to table '$table': table doesn't exist.");
}
if ($this->indexExists($table, 'PRIMARY')) {
/** * @return string */
public function getDefaultLocale()
{
$backendLocales = $this->getLocales();
$browserLocales = array_keys(Zend_Locale::getBrowser());
if (!empty($browserLocales)) {
$quotedBackendLocale = Shopware()->Db()->quote($backendLocales);
$orderIndex = 1;
$orderCriteria = '';
foreach ($browserLocales as $browserLocale) {
$orderCriteria .= 'WHEN ' . Shopware()->Db()->quote($browserLocale) . ' THEN ' . $orderIndex . ' ';
++$orderIndex;
}
$orderCriteria .= 'ELSE ' . $orderIndex . ' END ';
// For each browser locale, get exact or similar // filtered by allowed backend locales // ordered by exact match from browser
public function quote($string, $parameter_type = \PDO::PARAM_STR) {
return $this->connection->quote($string, $parameter_type);
}
/** * Extracts the SQLSTATE error from a PDOException. * * @param \Exception $e * The exception * * @return string * The five character error code. */
if (str_contains($jsonPathPart, '-')) {
$jsonPathParts[$index] = sprintf('"%s"', $jsonPathPart);
}
}
$jsonPath = implode('.', $jsonPathParts);
}
$jsonValueExpr = sprintf(
'JSON_EXTRACT(`%s`.`%s`, %s)',
$root,
$field->getStorageName(),
(string) $this->connection->quote('$' . $jsonPath)
);
$embeddedField = $this->getField($jsonPath, $field->getPropertyMapping());
$accessor = $this->getFieldAccessor($jsonValueExpr, $embeddedField);
/* * Values extracted from json have distinct json types, that are different from normal value types. * We need to convert json nulls into sql nulls. * * For example: `JSON_EXTRACT('{"foo":null}', '$.foo') IS NOT NULL` */
$jsonPathParts[$index] = sprintf('"%s"', $jsonPathPart);
}
}
$jsonPath = implode('.', $jsonPathParts);
}
$jsonValueExpr = sprintf(
'JSON_EXTRACT(`%s`.`%s`, %s)',
$root,
$field->getStorageName(),
(string) $this->connection->quote('$' . $jsonPath)
);
$embeddedField = $this->getField($jsonPath, $field->getPropertyMapping());
$accessor = $this->getFieldAccessor($jsonValueExpr, $embeddedField);
/* * Values extracted from json have distinct json types, that are different from normal value types. * We need to convert json nulls into sql nulls. * * For example: `JSON_EXTRACT('{"foo":null}', '$.foo') IS NOT NULL` */
static $currencyCache = [];
if (empty($currency)) {
$currency = $this->shopData['currency_id'];
}
if (isset($currencyCache[$currency])) {
return $currencyCache[$currency];
}
if (is_numeric($currency)) {
$sql = 'id=' . $currency;
} elseif (\is_string($currency)) {
$sql = 'currency=' . $this->db->quote(trim($currency));
} else {
return false;
}
$currencyCache[$currency] = $this->db->fetchRow(" SELECT * FROM s_core_currencies WHERE $sql ");
return $currencyCache[$currency];
}
if (empty($currency)) {
$currency = $this->shopData['currency_id'];
}
if (isset($currencyCache[$currency])) {
return $currencyCache[$currency];
}
if (is_numeric($currency)) {
$sql = 'id=' . $currency;
} elseif (\is_string($currency)) {
$sql = 'currency=' . $this->db->quote(trim($currency));
} else {
return false;
}
$currencyCache[$currency] = $this->db->fetchRow(" SELECT * FROM s_core_currencies WHERE $sql ");
return $currencyCache[$currency];
}
protected function _stripQuoted($sql)
{
// get the character for value quoting // this should be ' $q = $this->_adapter->quote('a');
$q = $q[0];
// get the value used as an escaped quote, // e.g. \' or '' $qe = $this->_adapter->quote($q);
$qe = substr($qe, 1, 2);
$qe = preg_quote($qe);
$escapeChar = substr($qe,0,1);
// remove 'foo\'bar' if (!empty($q)) {
$escapeChar = preg_quote($escapeChar);
// this segfaults only after 65,000 characters instead of 9,000