summaryrefslogtreecommitdiff
path: root/it_dbi.class
diff options
context:
space:
mode:
Diffstat (limited to 'it_dbi.class')
-rw-r--r--it_dbi.class22
1 files changed, 15 insertions, 7 deletions
diff --git a/it_dbi.class b/it_dbi.class
index 9e4ca74..c9f2bbb 100644
--- a/it_dbi.class
+++ b/it_dbi.class
@@ -237,7 +237,7 @@ function _set($tags, $allfields = false)
if (substr($field, 0, 1) == '-') # Unquoted value (always added)
$r[] = substr($field, 1)."=$value";
else if ($allfields || ($value !== $this->_data[$field]))
- $r[] = "$field=".(isset($value) ? "'".$this->escape_string($value)."'" : 'NULL');
+ $r[] = "$field=".(isset($value) ? $this->escape_string($value) : 'NULL');
}
return $r ? 'SET '.implode(', ', $r) : '';
@@ -304,18 +304,26 @@ function _where($params = "", $dummy_link = null, $omit_where = false)
$qval = $value;
}
else if (!is_array($value))
- $qval = "'" . $this->escape_string((string)$value) . "'";
+ $qval = $this->escape_string((string)$value);
}
switch ($op)
{
case 'NI':
- $query .= $sep."CONCAT(',',$field,',') LIKE '%,$value,%'";
+ if ($value)
+ {
+ foreach ((array)$value as $val)
+ $parts[] = "CONCAT(',',$field,',') LIKE " . $this->escape_string("%,$val,%");
+
+ $query .= $sep . "(" . join(" OR ", $parts) . ")";
+ }
+ else
+ $query .= $sep . "1";
break;
case 'MATCH':
- $qval = is_array($value) ? join(' ', $value) : $value;
- $query .= $sep . "MATCH ($field) AGAINST ('" . $this->escape_string($qval) . "' IN BOOLEAN MODE)";
+ $qval = join(' ', (array)$value);
+ $query .= "$sep$op ($field) AGAINST (" . $this->escape_string($qval) . " IN BOOLEAN MODE)";
break;
case 'IN':
@@ -329,7 +337,7 @@ function _where($params = "", $dummy_link = null, $omit_where = false)
foreach ($value as $val)
$qvals[] = $this->escape_string($val);
- $query .= "$sep$field $op ('" . join("','", $qvals) . "')"; # null is mapped to ''
+ $query .= "$sep$field $op (" . join(",", $qvals) . ")"; # null is mapped to ''
}
else
$query .= $sep . (($op == 'IN') ? "0" : "1");
@@ -697,7 +705,7 @@ function delete($query = null)
function escape_string($str)
{
$this->_connect();
- return mysql_real_escape_string($str, $this->_link);
+ return "'" . mysql_real_escape_string($str, $this->_link) . "'";
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-15 02:40:22 +0000