diff options
Diffstat (limited to 'db_table.class')
| -rw-r--r-- | db_table.class | 102 |
1 files changed, 3 insertions, 99 deletions
diff --git a/db_table.class b/db_table.class index f45155f..567bb7f 100644 --- a/db_table.class +++ b/db_table.class @@ -53,108 +53,12 @@ function safe_sql_select($query, $fields="*") /** - * Create an SQL query (the stuff after 'WHERE') according to - * an array of selection criteria.<br> - * Example:<br> - * $sql = $table->construct_sql_clause(array('Type' => 'bar', - * 'Date >=' => '1999-01-01', '-Date <' => 'NOW()', - * 'User NI' => 'chris'), 'ORDER BY Date'); - * - * @param $params optional array of fieldname => value tupels. - * These are ANDed to form a WHERE clause. - * fieldname can contain an operator (separated by space), the - * default operator is '='. The special operator 'NI' specifies - * that the argument must be contained in a comma-separated list. - * @param $sql Optional SQL addendum (added after $params), for ORDER BY etc. - * @param $omit_where (optional) Do not add 'WHERE ' at beginning of result (default: false) - * @return The generated SQL clause - * @see it_db_record::select, it_db_record::fetch_next + * Create an SQL query (the stuff after 'WHERE'). + * @see it_dbi::_where() for more details. */ function construct_sql_clause($params='', $sql='', $omit_where=false) { - if (is_array($params) && (count($params) > 0)) - { - $query = ''; - $sep = ''; - - foreach($params as $field => $value) - { - if (is_int($field)) /* no key specified; just append */ - { - if ($field === $value) /* ignore array(1 => 1) et al */ - continue; - - $query .= " $value"; - } - else - { - $needs_where = true; - - if (!isset($value)) - { - $op = 'IS'; - $qval = 'NULL'; - } - else - { - if (preg_match('/^(\S+)\s+(\S.*)$/', $field, $regs)) - { - $field = $regs[1]; - $op = strtoupper($regs[2]); - } - else - $op = '='; - - /* If the field name starts with '-', the value is taken as raw, - no escaping is done and no quotes are put around it. */ - if (substr($field, 0, 1) == '-') - { - $field = substr($field, 1); /* Strip that '-' sign */ - $qval = $value; - } - else if (!is_array($value)) - $qval = "'".mysql_real_escape_string((string)$value)."'"; - } - - switch ($op) - { - case 'NI': - $query .= $sep."CONCAT(',',$field,',') LIKE '%,$value,%'"; - break; - - case 'IN': - case 'NOT IN': - if (is_array($value)) - { - if ($value) - $query .= "$sep$field $op ('" . join("','", array_map('mysql_real_escape_string', $value)) . "')"; # null is mapped to '' - else - $query .= $sep . "0"; - - break; - } - /* FALLTHROUGH */ - - default: - if (isset($qval)) - $query .= "$sep$field $op $qval"; - else - it::fatal('Undefined $qval when constructing query due to invalid $value (array)'); - break; - } - $sep = ' AND '; - } - } - - if ($needs_where && !$omit_where) - $query = 'WHERE '.$query; - - if ($sql) - $query .= ' '; - } - $query .= $sql; - - return $query; + return it_dbi::_where($params, $sql, $omit_where); } |