Changeset 6995 for branches/2.4/prototype/services/PostgreSQL.php

Timestamp:

08/10/12 18:39:42 (12 years ago)

Author:

eduardow

Message:

Ticket #3002 - Eventos não são deletados apartir do CalDav?.

File:

• branches/2.4/prototype/services/PostgreSQL.php (modified) (7 diffs)

branches/2.4/prototype/services/PostgreSQL.php

@@ -52 +52 @@
         $map =  Config::get($uri['concept'], 'PostgreSQL.mapping');
         
-        $criteria = ($criteria !== false) ? $this->parseCriteria ( $criteria , $map) : '';
-
-        $justthese = self::parseJustthese($justthese, $map);
-
-        return $this->execSql( 'SELECT '.$justthese['select'].' FROM '. (Config::get($uri['concept'],'PostgreSQL.concept')) .' '.$criteria );
+        $criteria = ($criteria !== false) ? $this->parseCriteria ( $criteria , $map) : ''; 
+ 
+    $justthese = self::parseJustthese($justthese, $map); 
+ 
+    return $this->execSql( 'SELECT '.$justthese['select'].' FROM '. (Config::get($uri['concept'],'PostgreSQL.concept')) .' '.$criteria ); 
     }
 
@@ -63 +63 @@
       $map =  Config::get($uri['concept'], 'PostgreSQL.mapping');   
       $justthese = self::parseJustthese($justthese, $map);
-      $criteria = ($criteria !== false) ? $this->parseCriteria ( $criteria , $map , ' WHERE '.$map['id'].' = \''.addslashes( $uri['id'] ).'\'') : ' WHERE '.$map['id'].' = \''.addslashes( $uri['id'] ).'\'';
+      $criteria = ($criteria !== false) ? $this->parseCriteria ( $criteria , $map , ' WHERE '.$map['id'].' = \''.pg_escape_string( $uri['id'] ).'\'') : ' WHERE '.$map['id'].' = \''.pg_escape_string( $uri['id'] ).'\''; 
    
       return $this->execSql( 'SELECT '.$justthese['select'].' FROM '. (Config::get($uri['concept'],'PostgreSQL.concept')) .$criteria , true );
@@ -70 +70 @@
     public function deleteAll ( $uri,   $justthese = false, $criteria = false ){
             $map = Config::get($uri['concept'], 'PostgreSQL.mapping');
-            if(!self::parseCriteria ( $criteria , $map)) return false; //Validador para não apagar tabela inteira
-            return $this->execSql( 'DELETE FROM '.(Config::get($uri['concept'],'PostgreSQL.concept')).' '.self::parseCriteria ( $criteria ,$map) );
+            if(!self::parseCriteria ( $criteria , $map)) return false; //Validador para não apagar tabela inteira 
+            return $this->execSql( 'DELETE FROM '.(Config::get($uri['concept'],'PostgreSQL.concept')).' '.self::parseCriteria ( $criteria ,$map) );
     }
 
     public function delete ( $uri, $justthese = false, $criteria = false ){
             if(!isset($uri['id']) && !is_int($uri['id'])) return false; //Delete chamado apenas passando id inteiros
-            $map = Config::get($uri['concept'], 'PostgreSQL.mapping');
-            $criteria = ($criteria !== false) ? $this->parseCriteria ( $criteria , $map , ' WHERE '.$map['id'].' = \''.addslashes( $uri['id'] ).'\'') : ' WHERE '.$map['id'].' = \''.addslashes( $uri['id'] ).'\'';
-            return $this->execSql('DELETE FROM '.(Config::get($uri['concept'],'PostgreSQL.concept')).$criteria);
+            $map = Config::get($uri['concept'], 'PostgreSQL.mapping'); 
+            $criteria = ($criteria !== false) ? $this->parseCriteria ( $criteria , $map , ' WHERE '.$map['id'].' = \''.pg_escape_string( $uri['id'] ).'\'') : ' WHERE '.$map['id'].' = \''.pg_escape_string( $uri['id'] ).'\''; 
+            return $this->execSql('DELETE FROM '.(Config::get($uri['concept'],'PostgreSQL.concept')).$criteria);
     }
 
     public function replace ( $uri,  $data, $criteria = false ){
             $map = Config::get($uri['concept'], 'PostgreSQL.mapping');
-            return $this->execSql('UPDATE '.(Config::get($uri['concept'],'PostgreSQL.concept')).' '. self::parseUpdateData( $data ,$map).' '.self::parseCriteria($criteria , $map));
+            return $this->execSql('UPDATE '.(Config::get($uri['concept'],'PostgreSQL.concept')).' '. self::parseUpdateData( $data ,$map).' '.self::parseCriteria($criteria , $map));  
     }
                 
     public function update ( $uri,  $data, $criteria = false ){
             $map = Config::get($uri['concept'], 'PostgreSQL.mapping');
-            $criteria = ($criteria !== false) ? $this->parseCriteria ( $criteria , $map , ' WHERE '.$map['id'].' = \''.addslashes( $uri['id'] ).'\'') : ' WHERE '.$map['id'].' = \''.addslashes( $uri['id'] ).'\'';
-
-            return $this->execSql('UPDATE '.(Config::get($uri['concept'],'PostgreSQL.concept')).' '. self::parseUpdateData( $data ,$map).$criteria);
-    }
-
-    public function create ( $uri,  $data ){    
-            return $this->execSql( 'INSERT INTO '.(Config::get($uri['concept'],'PostgreSQL.concept')).' '.self::parseInsertData( $data , $uri['concept'] ), true );
+                $criteria = ($criteria !== false) ? $this->parseCriteria ( $criteria , $map , ' WHERE '.$map['id'].' = \''.pg_escape_string( $uri['id'] ).'\'') : ' WHERE '.$map['id'].' = \''.pg_escape_string( $uri['id'] ).'\''; 
+ 
+        return $this->execSql('UPDATE '.(Config::get($uri['concept'],'PostgreSQL.concept')).' '. self::parseUpdateData( $data ,$map).$criteria); 
+    } 
+ 
+    public function create ( $uri,  $data ){     
+        return $this->execSql( 'INSERT INTO '.(Config::get($uri['concept'],'PostgreSQL.concept')).' '.self::parseInsertData( $data , $uri['concept'] ), true ); 
     }
 
@@ -197 +197 @@
                     if(!isset($map[$i])) continue;
                 
-                    $ind[] = $map[$i];
-                    $val[] = '\''.addslashes($v).'\'';
-            }
-            return '('.implode(',', $ind).') VALUES ('.implode(',', $val).') RETURNING '.$map['id'].' as id';       
-    }
+                    $ind[] = $map[$i]; 
+            $val[] = '\''.pg_escape_string($v).'\''; 
+        } 
+        return '('.implode(',', $ind).') VALUES ('.implode(',', $val).') RETURNING '.$map['id'].' as id';        
+    } 
         
     private static function parseUpdateData( $data , &$map){
@@ -210 +210 @@
                 if(!isset($map[$i])) continue;
                 
-                $d[] = $map[$i].' = \''.addslashes ($v).'\'';
+                $d[] = $map[$i].' = \''.pg_escape_string ($v).'\'';
             }
             
@@ -218 +218 @@
     private static function parseCriteria( $criteria  , &$map , $query = '' ){               
         
-            if( isset($criteria["filter"]) && $criteria["filter"] !== NULL )
-            {
-                    /*
-                  * ex: array   ( 
-                  *               [0] 'OR',
-                  *               [1] array( 'OR', array( array( '=', 'campo', 'valor' ) ), 
-                  *               [2] array( '=', 'campo' , 'valor' ),
-                  *               [3] array( 'IN', 'campo', array( '1' , '2' , '3' ) )
-                  *             )
-                  * OR
-                  *         array( '=' , 'campo' , 'valor' )
-                */
+            if( isset($criteria["filter"]) && $criteria["filter"] !== NULL ) 
+        { 
+            /* 
+          * ex: array   (  
+          *       [0] 'OR', 
+          *       [1] array( 'OR', array( array( '=', 'campo', 'valor' ) ),  
+          *       [2] array( '=', 'campo' , 'valor' ), 
+          *       [3] array( 'IN', 'campo', array( '1' , '2' , '3' ) ) 
+          *     ) 
+          * OR 
+          *     array( '=' , 'campo' , 'valor' ) 
+        */ 
                 $query .= ($query === '') ?  'WHERE ('.self::parseFilter( $criteria['filter'] , $map).')' : ' AND ('.self::parseFilter( $criteria['filter'] , $map).')';
             }
@@ -301 +301 @@
 
         if( is_array($filter[1]) )
-            return( $filter[0].' '.$op[0]." ($igPrefix'".implode( "'$igSuffix,$igPrefix'", array_map("addslashes" , $filter[1]) )."'$igSuffix)" );
-
-        return( $filter[0].' '.$op[0]." $igPrefix'".$op[1].addslashes( $filter[1] ).$op[2]."'$igSuffix" );
+            return( $filter[0].' '.$op[0]." ($igPrefix'".implode( "'$igSuffix,$igPrefix'", array_map("pg_escape_string" , $filter[1]) )."'$igSuffix)" ); 
+         
+        return( $filter[0].' '.$op[0]." $igPrefix'".$op[1].pg_escape_string( $filter[1] ).$op[2]."'$igSuffix" ); 
     }