Add MATCH operator for mysql queries + unify string escaping

1 files changed, 22 insertions, 5 deletions

diff --git a/it_dbi.class b/it_dbi.class
index 56fadbb..cd2af98 100644
--- a/it_dbi.class
+++ b/it_dbi.class
@@ -237,7 +237,7 @@ function _set($tags, $allfields = false)
 		if (substr($field, 0, 1) == '-')		# Unquoted value (always added)
 			$r[] = substr($field, 1)."=$value";
 		else if ($allfields || ($value !== $this->_data[$field]))
-			$r[] = "$field=".(isset($value) ? "'".mysql_real_escape_string($value, $this->_link)."'" : 'NULL');
+			$r[] = "$field=".(isset($value) ? "'".$this->escape_string($value)."'" : 'NULL');
 	}
 
 	return $r ? 'SET '.implode(', ', $r) : '';
@@ -255,13 +255,13 @@ function _set($tags, $allfields = false)
  * @param $params optional array of fieldname => value tupels. These are ANDed to form a WHERE clause.
  *   fieldname can contain an operator (separated by space), the default operator is '='.
  *   The special operator 'NI' specifies that the argument must be contained in a comma-separated list.
- * @param $link DB link used to escape values
+ * @param $link DB link used to escape values (not used anymore)
  * @param $omit_where Do not add 'WHERE ' to result
  * @return The generated SQL clause
  * @see select()
  * @see iterate()
  */
-function _where($params = "", $link = null, $omit_where = false)
+function _where($params = "", $dummy_link = null, $omit_where = false)
 {
 	if (is_array($params) && (count($params) > 0))
 	{
@@ -304,7 +304,7 @@ function _where($params = "", $link = null, $omit_where = false)
 						$qval = $value;
 					}
 					else if (!is_array($value))
-						$qval = "'" . ($link ? mysql_real_escape_string((string)$value, $link) : mysql_real_escape_string((string)$value)) . "'";
+						$qval = "'" . $this->escape_string((string)$value) . "'";
 				}
 
 				switch ($op)
@@ -313,6 +313,11 @@ function _where($params = "", $link = null, $omit_where = false)
 						$query .= $sep."CONCAT(',',$field,',') LIKE '%,$value,%'";
 						break;
 
+					case 'MATCH':
+						$qval = is_array($value) ? join(' ', $value) : $value;
+						$query .= $sep . "MATCH ($field) AGAINST ('" . $this->escape_string($qval) . "' IN BOOLEAN MODE)";
+						break;
+
 					case 'IN':
 					case 'NOT IN':
 						if (is_array($value))
@@ -322,7 +327,7 @@ function _where($params = "", $link = null, $omit_where = false)
 								$qvals = array();
 
 								foreach ($value as $val)
-									$qvals[] = $link ? mysql_real_escape_string($val, $link) : mysql_real_escape_string($val);
+									$qvals[] = $this->escape_string($val);
 
 								$query .= "$sep$field $op ('" . join("','", $qvals) . "')";	 # null is mapped to ''
 							}
@@ -682,6 +687,18 @@ function delete($query = null)
 
 
 /**
+ * Escapes a string for use in a DB query
+ * @param The string to be quoted
+ * @return The quoted value
+ */
+function escape_string($str)
+{
+	$this->_connect();
+	return mysql_real_escape_string($str, $this->_link);
+}
+
+
+/**
  * INTERNAL: Store information about a table's fields in $this->_fields, possibly from cache.
  * @return array(keyfield, autoincrement, randomid)
  */