summaryrefslogtreecommitdiff
path: root/it_dbi.class
diff options
context:
space:
mode:
Diffstat (limited to 'it_dbi.class')
-rw-r--r--it_dbi.class29
1 files changed, 16 insertions, 13 deletions
diff --git a/it_dbi.class b/it_dbi.class
index 7c3c965..de5d13a 100644
--- a/it_dbi.class
+++ b/it_dbi.class
@@ -208,12 +208,12 @@ function _set(&$tags)
* fieldname can contain an operator (separated by space), the
* default operator is '='. The special operator 'NI' specifies
* that the argument must be contained in a comma-separated list.
- * @param $sql Optional SQL addendum (added after $params), for ORDER BY etc.
- * @param $omit_where (optional) Do not add 'WHERE ' at beginning of result (default: false)
+ * @param $link DB link used to escape values
+ * @param $omit_where Do not add 'WHERE ' to result, used in it_db_table
* @return The generated SQL clause
* @see it_db_record::select, it_db_record::fetch_next
*/
-function _where($params='', $sql='', $omit_where=false)
+function _where($params = "", $link = null, $omit_where = false)
{
if (is_array($params) && (count($params) > 0))
{
@@ -256,7 +256,7 @@ function _where($params='', $sql='', $omit_where=false)
$qval = $value;
}
else if (!is_array($value))
- $qval = "'".mysql_real_escape_string((string)$value)."'";
+ $qval = "'" . ($link ? mysql_real_escape_string((string)$value, $link) : mysql_real_escape_string((string)$value)) . "'";
}
switch ($op)
@@ -270,7 +270,14 @@ function _where($params='', $sql='', $omit_where=false)
if (is_array($value))
{
if ($value)
- $query .= "$sep$field $op ('" . join("','", array_map('mysql_real_escape_string', $value)) . "')"; # null is mapped to ''
+ {
+ $qvals = array();
+
+ foreach ($value as $val)
+ $qvals[] = $link ? mysql_real_escape_string($val, $link) : mysql_real_escape_string($val);
+
+ $query .= "$sep$field $op ('" . join("','", $qvals) . "')"; # null is mapped to ''
+ }
else
$query .= $sep . "0";
@@ -290,12 +297,8 @@ function _where($params='', $sql='', $omit_where=false)
}
if ($needs_where && !$omit_where)
- $query = 'WHERE '.$query;
-
- if ($sql)
- $query .= ' ';
+ $query = "WHERE $query";
}
- $query .= $sql;
return $query;
}
@@ -452,7 +455,7 @@ function select($query = null)
$nofetch = $this->_nofetch = isset($query['NOFETCH']) ? $query['NOFETCH'] : false;
unset($query['NOFETCH']);
- if ($this->_result = $this->query($sql = "SELECT $what FROM $join " . $this->_where($query)))
+ if ($this->_result = $this->query($sql = "SELECT $what FROM $join " . $this->_where($query, $this->_link)))
$result = mysql_num_rows($this->_result);
if ($calc_found_rows)
@@ -560,7 +563,7 @@ function update($tags = array(), $query = null)
$query = array($this->_keyfield => $this->_data[$this->_keyfield]);
if ($set = $this->_set($tags))
- if ($result = $this->query("UPDATE $this->_table $set " . $this->_where($query)))
+ if ($result = $this->query("UPDATE $this->_table $set " . $this->_where($query, $this->_link)))
if (isset($this->_key) && $this->read($this->_key))
$this->_nofetch = false; # So we can do while(iterate()) update();
@@ -585,7 +588,7 @@ function delete($query = null)
if ($query)
{
- if ($this->query(($sql = "DELETE FROM $this->_table " . $this->_where($query))))
+ if ($this->query(($sql = "DELETE FROM $this->_table " . $this->_where($query, $this->_link))))
$result = mysql_affected_rows($this->_link);
}