db = &$db;
$this->name = $name;
}
/**
* Perform a safe SQL SELECT query on this table
* @see it_db::safe_sql_query
* @param $query additional query string, appended at the end of the generated query
* @param $fields comma seperated list of the columns to be returned
*/
function safe_sql_select($query, $fields="*")
{
return $this->db->safe_sql_query("SELECT $fields FROM " . $this->name . " $query");
}
/**
* Create an SQL query (the stuff after 'WHERE') according to
* an array of selection criteria.
* Example:
* $sql = $table->construct_sql_clause(array('Type' => 'bar',
* 'Date >=' => '1999-01-01', '-Date <' => 'NOW()',
* 'User NI' => 'chris'), 'ORDER BY Date');
*
* @param $params optional array of fieldname => value tupels.
* These are ANDed to form a WHERE clause.
* fieldname can contain an operator (separated by space), the
* default operator is '='. The special operator 'NI' specifies
* that the argument must be contained in a comma-separated list.
* @param $sql Optional SQL addendum (added after $params), for ORDER BY etc.
* @param $omit_where (optional) Do not add 'WHERE ' at beginning of result (default: false)
* @return The generated SQL clause
* @see it_db_record::select, it_db_record::fetch_next
*/
function construct_sql_clause($params='', $sql='', $omit_where=false)
{
if (is_array($params) && (count($params) > 0))
{
$query = '';
$sep = '';
foreach($params as $field => $value)
{
if (is_int($field)) /* no key specified; just append */
{
if ($field === $value) /* ignore array(1 => 1) et al */
continue;
$query .= " $value";
}
else
{
$needs_where = true;
if (!isset($value))
{
$op = 'IS';
$qval = 'NULL';
}
else
{
if (preg_match('/^(\S+)\s+(\S.*)$/', $field, $regs))
{
$field = $regs[1];
$op = strtoupper($regs[2]);
}
else
$op = '=';
/* If the field name starts with '-', the value is taken as raw,
no escaping is done and no quotes are put around it. */
if (substr($field, 0, 1) == '-')
{
$field = substr($field, 1); /* Strip that '-' sign */
$qval = $value;
}
else if (!is_array($value))
$qval = "'".mysql_real_escape_string((string)$value)."'";
}
switch ($op)
{
case 'NI':
$query .= $sep."CONCAT(',',$field,',') LIKE '%,$value,%'";
break;
case 'IN':
case 'NOT IN':
if (is_array($value))
{
if ($value)
$query .= "$sep$field $op ('" . join("','", array_map('mysql_real_escape_string', $value)) . "')"; # null is mapped to ''
else
$query .= $sep . "0";
break;
}
/* FALLTHROUGH */
default:
if (isset($qval))
$query .= "$sep$field $op $qval";
else
it::fatal('Undefined $qval when constructing query due to invalid $value (array)');
break;
}
$sep = ' AND ';
}
}
if ($needs_where && !$omit_where)
$query = 'WHERE '.$query;
if ($sql)
$query .= ' ';
}
$query .= $sql;
return $query;
}
/**
* Return the count of rows on this table with optional WHERE clause
* @param $where Optional WHERE clause to narrow the set of rows to count
* @return Number of rows matching the WHERE clause
*/
function count($where='')
{
$result = $this->safe_sql_select($where, 'COUNT(*)');
$row = $this->db->fetch_assoc($result);
return $row['COUNT(*)'];
}
/* Internal: get information about fields */
function _get_field_info()
{
if ($this->numfields > 0) /* Already done! */
return;
if(($fields = mysql_list_fields($this->db->name, $this->name, $this->db->link)) >= 0)
{
$this->numfields = mysql_num_fields($fields);
for ($i=0; $i < $this->numfields; ++$i)
{
$name = mysql_field_name($fields, $i);
$this->fieldnames[$i] = $name;
$this->fieldtypes[$i] = $this->fieldtypes[$name] = mysql_field_type($fields, $i);
$this->fieldlengths[$i] = $this->fieldlengths[$name] = mysql_field_len($fields, $i);
$this->fieldflags[$i] = $this->fieldflags[$name] = mysql_field_flags($fields, $i);
/* debug("name='" . $this->fieldnames[$i] . "', len=" . $this->fieldlengths[$i] . ", type='" . $this->fieldtypes[$i] . "', flags='" . $this->fieldflags[$i] . "'\n", 6); */
}
}
else internal_error("mysql_list_fields($this->db->name, $this->name, $this->db->link) failed.");
}
/**
* Return a comma separated list of all field names of this table
*/
function field_names()
{
$result = '';
$this->_get_field_info();
for ($i=0; $i < $this->numfields; ++$i)
{
if ($i > 0) $result .= ",";
$result .= $this->fieldnames[$i];
}
return $result;
}
/**
* Return the length of a field
* @param $fieldname Name of the field
*/
function get_field_length($name)
{
$this->_get_field_info();
return $this->fieldlengths[$name];
}
/**
* Return number of fields of a record of this table
*/
function num_fields()
{
$this->_get_field_info();
return $this->numfields;
}
/**
* Variable name used to propagate sort criteria
*/
function get_sort_variable_name()
{
return "Sort" . md5($this->db->name . $this->name);
}
/**
* Print an SQL table as an HTML table. Supports user-sorting by column,
* limited WHERE clause, lists of fields to display and header texts, and
* a list of links for each field.
* @param $tableargs format string for the table or "" for default
* @param $sqlwhere SQL WHERE clause to restrict elements
* @param $c_fields comma seperated list of the fields to print
* @param $c_descriptions comma seperated list of the header labels to print
* @param $c_links dito with links to the respective elements
* @param $default_order default sort order: "fieldname" or "fieldname DESC"
* @param $rows_limit limit and position: "10" or "20,5"
*/
function dump_html($tableargs="", $sqlwhere="", $c_fields="", $c_descriptions="", $c_links="", $default_order="", $rows_limit="", $thispage="", $strip_tags=0)
{
/* Unique identifier of this table */
$table_sort = $this->get_sort_variable_name();
/* Default HTML table */
if ($tableargs=="")
$tableargs="border=1 cellspacing=0 cellpadding=5";
/* Default field list: show them all */
if ($c_fields == "")
$c_fields = $this->field_names();
/* Default list title: Field names */
if ($c_descriptions == "")
$c_descriptions = $c_fields;
$fields = split(",", $c_fields);
$descriptions = split(",", $c_descriptions);
$links = split(",", $c_links);
$numfields = count($fields);
/* Default sort criterium: Ascending sort by first column */
if ($default_order == "")
$default_order = $fields[0];
if (!in_array(it::replace(array(' DESC$' => ""), $_REQUEST[$table_sort]), $fields))
$_REQUEST[$table_sort] = $default_order;
$sql = "SELECT $c_fields FROM $this->name";
if ($sqlwhere)
$sql .= " WHERE $sqlwhere";
$sql .= " ORDER BY $_REQUEST[$table_sort]";
if ($rows_limit != "")
$sql .= " LIMIT $rows_limit";
$result = $this->db->safe_sql_query($sql);
if ($this->db->num_rows($result) == 0)
{
if (is_object($GLOBALS['it_text']))
echo T("db_NoObjectsFound"). " \n";
return;
}
echo "
\n";
if (empty($thispage)) $thispage = $_SERVER['PHP_SELF'];
if (strstr($thispage, "?")) $thispage .= "&"; else $thispage .= "?";
/* Wenn man keine Titelzeile will, für c_descriptions einfach "," angeben */
if ($descriptions[0])
{
echo '
\n";
}
/**
* Make a 'select form field' ("Select-Form-Feld") from a table and pre-select an entry
* @param $name Name of FORM object to generate
* @param $selected Selected record
* @param $globaloption Option to add as first value, syntax: key,text
* @param $optionfield Table field to use for option keys
* @param $descriptionfield Table field to display
* @param $query SQL Query after "FROM ...", defaults to "ORDER BY $descriptionfield"
*/
function make_select($name, $selected, $globaloption, $optionfield, $descriptionfield, $query="")
{
$globalopt = split(",", $globaloption);
if (empty($query))
$query = "ORDER BY $descriptionfield";
$query = "SELECT * FROM $this->name $query";
echo "\n";
}
/**
* Drops the current table from the database
* @return MySQL result (0 means failure)
*/
function drop()
{
if ($this->name == '')
internal_error("it_db_table::drop(): no table\n");
if ($result = $this->db->sql_query('DROP TABLE IF EXISTS '.$this->name))
{
$this->name = '';
$numfields = 0;
$fieldnames = array();
$fieldtypes = array();
$fieldlengths = array();
$fieldflags = array();
}
return $result;
}
} /* End class it_db_table */
?>