summaryrefslogtreecommitdiff
path: root/it_dbi.class
diff options
context:
space:
mode:
Diffstat (limited to 'it_dbi.class')
-rw-r--r--it_dbi.class27
1 files changed, 22 insertions, 5 deletions
diff --git a/it_dbi.class b/it_dbi.class
index 56fadbb..cd2af98 100644
--- a/it_dbi.class
+++ b/it_dbi.class
@@ -237,7 +237,7 @@ function _set($tags, $allfields = false)
if (substr($field, 0, 1) == '-') # Unquoted value (always added)
$r[] = substr($field, 1)."=$value";
else if ($allfields || ($value !== $this->_data[$field]))
- $r[] = "$field=".(isset($value) ? "'".mysql_real_escape_string($value, $this->_link)."'" : 'NULL');
+ $r[] = "$field=".(isset($value) ? "'".$this->escape_string($value)."'" : 'NULL');
}
return $r ? 'SET '.implode(', ', $r) : '';
@@ -255,13 +255,13 @@ function _set($tags, $allfields = false)
* @param $params optional array of fieldname => value tupels. These are ANDed to form a WHERE clause.
* fieldname can contain an operator (separated by space), the default operator is '='.
* The special operator 'NI' specifies that the argument must be contained in a comma-separated list.
- * @param $link DB link used to escape values
+ * @param $link DB link used to escape values (not used anymore)
* @param $omit_where Do not add 'WHERE ' to result
* @return The generated SQL clause
* @see select()
* @see iterate()
*/
-function _where($params = "", $link = null, $omit_where = false)
+function _where($params = "", $dummy_link = null, $omit_where = false)
{
if (is_array($params) && (count($params) > 0))
{
@@ -304,7 +304,7 @@ function _where($params = "", $link = null, $omit_where = false)
$qval = $value;
}
else if (!is_array($value))
- $qval = "'" . ($link ? mysql_real_escape_string((string)$value, $link) : mysql_real_escape_string((string)$value)) . "'";
+ $qval = "'" . $this->escape_string((string)$value) . "'";
}
switch ($op)
@@ -313,6 +313,11 @@ function _where($params = "", $link = null, $omit_where = false)
$query .= $sep."CONCAT(',',$field,',') LIKE '%,$value,%'";
break;
+ case 'MATCH':
+ $qval = is_array($value) ? join(' ', $value) : $value;
+ $query .= $sep . "MATCH ($field) AGAINST ('" . $this->escape_string($qval) . "' IN BOOLEAN MODE)";
+ break;
+
case 'IN':
case 'NOT IN':
if (is_array($value))
@@ -322,7 +327,7 @@ function _where($params = "", $link = null, $omit_where = false)
$qvals = array();
foreach ($value as $val)
- $qvals[] = $link ? mysql_real_escape_string($val, $link) : mysql_real_escape_string($val);
+ $qvals[] = $this->escape_string($val);
$query .= "$sep$field $op ('" . join("','", $qvals) . "')"; # null is mapped to ''
}
@@ -682,6 +687,18 @@ function delete($query = null)
/**
+ * Escapes a string for use in a DB query
+ * @param The string to be quoted
+ * @return The quoted value
+ */
+function escape_string($str)
+{
+ $this->_connect();
+ return mysql_real_escape_string($str, $this->_link);
+}
+
+
+/**
* INTERNAL: Store information about a table's fields in $this->_fields, possibly from cache.
* @return array(keyfield, autoincrement, randomid)
*/