diff options
| author | Nathan Gass | 2023-02-28 18:57:33 +0100 |
|---|---|---|
| committer | Nathan Gass | 2023-02-28 18:57:57 +0100 |
| commit | 569aaa65f5523069adb748715e36c9e3cba3992d (patch) | |
| tree | 23d75c9f1a9e9c2cbc09a1e3ba48a7402e6c13c1 | |
| parent | 305fa5f80db7691597abc607020622e7c065eaed (diff) | |
| download | itools-569aaa65f5523069adb748715e36c9e3cba3992d.tar.gz itools-569aaa65f5523069adb748715e36c9e3cba3992d.tar.bz2 itools-569aaa65f5523069adb748715e36c9e3cba3992d.zip | |
adapt escaping of ints and floats to better handle booleans and strings as input
| -rw-r--r-- | it_dbi.class | 34 | ||||
| -rwxr-xr-x | test/it_dbi.t | 11 |
2 files changed, 38 insertions, 7 deletions
diff --git a/it_dbi.class b/it_dbi.class index c9cef54..2923bf3 100644 --- a/it_dbi.class +++ b/it_dbi.class @@ -915,6 +915,26 @@ function escape_string($str) } /** + * Escapes an int for use in a DB query + * @param The int to be quoted + * @return The quoted value + */ +static function escape_int($val) +{ + return "'" . intval($val) . "'"; +} + +/** + * Escapes a float for use in a DB query + * @param The float to be quoted + * @return The quoted value + */ +static function escape_float($val) +{ + return "'" . floatval($val) . "'"; +} + +/** * Escapes a name/identifier for use in a DB query * @param The identifier to be quoted * @return The quoted value @@ -941,7 +961,6 @@ static function escape_bool($bool) */ function _get_field_info() { - $result = array(); $dbid = "{$this->_p['user']}@{$this->_p['server']}:{$this->_p['db']}"; $state = static::_state_get($dbid); @@ -956,8 +975,16 @@ function _get_field_info() $this->_convertfunc[$name] = $field['_convertfunc']; $this->_escapefunc[$name] = $field['_escapefunc']; } - else if (preg_match('/^(tiny|small|medium|)int|^float|^double$/', $field['Type'])) - $this->_convertfunc[$name] = it::match('int', $field['Type']) ? "intval" : "floatval"; + else if (preg_match('/^(tiny|small|medium|)int/', $field['Type'])) + { + $this->_convertfunc[$name] = "intval"; + $this->_escapefunc[$name] = static::class . "::escape_int"; + } + else if (preg_match('/^float|^double$/', $field['Type'])) + { + $this->_convertfunc[$name] = "floatval"; + $this->_escapefunc[$name] = static::class . "::escape_float"; + } } $this->_fieldnames = "," . implode(",", array_keys((array)$this->_fields)) . ","; @@ -979,6 +1006,7 @@ function _get_field_info() $this->_localizedfields = $state['localizedfields'][$this->_p['table']]; } + $result = array(); foreach((array)$this->_fields as $field) { if ($field['Key'] == 'PRI') diff --git a/test/it_dbi.t b/test/it_dbi.t index ff0303a..356a093 100755 --- a/test/it_dbi.t +++ b/test/it_dbi.t @@ -174,11 +174,14 @@ is( "update" ); -$record->update(['flag' => 1]); -is($record->flag, true, "use integer 1 to set flag to true"); +$record->update(['flag' => "astring"]); +is($record->flag, 0, "use non-numeric string to set tinyint flag"); -$record->update(['flag' => 0]); -is($record->flag, false, "use integer 0 to set flag to false"); +$record->update(['flag' => true]); +is($record->flag, 1, "use boolean true to set tinyint flag"); + +$record->update(['flag' => false]); +is($record->flag, 0, "use boolean false to set tinyint flag"); is( $record->update(['x' => 18], ['x' => 17]), |