diff options
| author | Nathan Gass | 2023-02-28 18:57:33 +0100 |
|---|---|---|
| committer | Nathan Gass | 2023-02-28 18:57:57 +0100 |
| commit | 569aaa65f5523069adb748715e36c9e3cba3992d (patch) | |
| tree | 23d75c9f1a9e9c2cbc09a1e3ba48a7402e6c13c1 /it_dbi.class | |
| parent | 305fa5f80db7691597abc607020622e7c065eaed (diff) | |
| download | itools-569aaa65f5523069adb748715e36c9e3cba3992d.tar.gz itools-569aaa65f5523069adb748715e36c9e3cba3992d.tar.bz2 itools-569aaa65f5523069adb748715e36c9e3cba3992d.zip | |
adapt escaping of ints and floats to better handle booleans and strings as input
Diffstat (limited to 'it_dbi.class')
| -rw-r--r-- | it_dbi.class | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/it_dbi.class b/it_dbi.class index c9cef54..2923bf3 100644 --- a/it_dbi.class +++ b/it_dbi.class @@ -915,6 +915,26 @@ function escape_string($str) } /** + * Escapes an int for use in a DB query + * @param The int to be quoted + * @return The quoted value + */ +static function escape_int($val) +{ + return "'" . intval($val) . "'"; +} + +/** + * Escapes a float for use in a DB query + * @param The float to be quoted + * @return The quoted value + */ +static function escape_float($val) +{ + return "'" . floatval($val) . "'"; +} + +/** * Escapes a name/identifier for use in a DB query * @param The identifier to be quoted * @return The quoted value @@ -941,7 +961,6 @@ static function escape_bool($bool) */ function _get_field_info() { - $result = array(); $dbid = "{$this->_p['user']}@{$this->_p['server']}:{$this->_p['db']}"; $state = static::_state_get($dbid); @@ -956,8 +975,16 @@ function _get_field_info() $this->_convertfunc[$name] = $field['_convertfunc']; $this->_escapefunc[$name] = $field['_escapefunc']; } - else if (preg_match('/^(tiny|small|medium|)int|^float|^double$/', $field['Type'])) - $this->_convertfunc[$name] = it::match('int', $field['Type']) ? "intval" : "floatval"; + else if (preg_match('/^(tiny|small|medium|)int/', $field['Type'])) + { + $this->_convertfunc[$name] = "intval"; + $this->_escapefunc[$name] = static::class . "::escape_int"; + } + else if (preg_match('/^float|^double$/', $field['Type'])) + { + $this->_convertfunc[$name] = "floatval"; + $this->_escapefunc[$name] = static::class . "::escape_float"; + } } $this->_fieldnames = "," . implode(",", array_keys((array)$this->_fields)) . ","; @@ -979,6 +1006,7 @@ function _get_field_info() $this->_localizedfields = $state['localizedfields'][$this->_p['table']]; } + $result = array(); foreach((array)$this->_fields as $field) { if ($field['Key'] == 'PRI') |