diff options
Diffstat (limited to 'it_dbi.class')
-rw-r--r-- | it_dbi.class | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/it_dbi.class b/it_dbi.class index 56fadbb..cd2af98 100644 --- a/it_dbi.class +++ b/it_dbi.class @@ -237,7 +237,7 @@ function _set($tags, $allfields = false) if (substr($field, 0, 1) == '-') # Unquoted value (always added) $r[] = substr($field, 1)."=$value"; else if ($allfields || ($value !== $this->_data[$field])) - $r[] = "$field=".(isset($value) ? "'".mysql_real_escape_string($value, $this->_link)."'" : 'NULL'); + $r[] = "$field=".(isset($value) ? "'".$this->escape_string($value)."'" : 'NULL'); } return $r ? 'SET '.implode(', ', $r) : ''; @@ -255,13 +255,13 @@ function _set($tags, $allfields = false) * @param $params optional array of fieldname => value tupels. These are ANDed to form a WHERE clause. * fieldname can contain an operator (separated by space), the default operator is '='. * The special operator 'NI' specifies that the argument must be contained in a comma-separated list. - * @param $link DB link used to escape values + * @param $link DB link used to escape values (not used anymore) * @param $omit_where Do not add 'WHERE ' to result * @return The generated SQL clause * @see select() * @see iterate() */ -function _where($params = "", $link = null, $omit_where = false) +function _where($params = "", $dummy_link = null, $omit_where = false) { if (is_array($params) && (count($params) > 0)) { @@ -304,7 +304,7 @@ function _where($params = "", $link = null, $omit_where = false) $qval = $value; } else if (!is_array($value)) - $qval = "'" . ($link ? mysql_real_escape_string((string)$value, $link) : mysql_real_escape_string((string)$value)) . "'"; + $qval = "'" . $this->escape_string((string)$value) . "'"; } switch ($op) @@ -313,6 +313,11 @@ function _where($params = "", $link = null, $omit_where = false) $query .= $sep."CONCAT(',',$field,',') LIKE '%,$value,%'"; break; + case 'MATCH': + $qval = is_array($value) ? join(' ', $value) : $value; + $query .= $sep . "MATCH ($field) AGAINST ('" . $this->escape_string($qval) . "' IN BOOLEAN MODE)"; + break; + case 'IN': case 'NOT IN': if (is_array($value)) @@ -322,7 +327,7 @@ function _where($params = "", $link = null, $omit_where = false) $qvals = array(); foreach ($value as $val) - $qvals[] = $link ? mysql_real_escape_string($val, $link) : mysql_real_escape_string($val); + $qvals[] = $this->escape_string($val); $query .= "$sep$field $op ('" . join("','", $qvals) . "')"; # null is mapped to '' } @@ -682,6 +687,18 @@ function delete($query = null) /** + * Escapes a string for use in a DB query + * @param The string to be quoted + * @return The quoted value + */ +function escape_string($str) +{ + $this->_connect(); + return mysql_real_escape_string($str, $this->_link); +} + + +/** * INTERNAL: Store information about a table's fields in $this->_fields, possibly from cache. * @return array(keyfield, autoincrement, randomid) */ |