Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CC-4345: Prepared statements - part 1 

-fixed for Datatables.php
This commit is contained in:
denise 2012-09-05 14:50:26 -04:00
parent 63bd2f6381
commit 7543a33aa1
1 changed files with 59 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
airtime_mvc/application/models/Datatables.php
View File

@ -4,7 +4,8 @@ class Application_Model_Datatables
{ {
private static function buildWhereClauseForAdvancedSearch($dbname2searchTerm) private static function buildWhereClauseForAdvancedSearch($dbname2searchTerm)
{ {
$where = array(); $where['clause'] = array();
$where['params'] = array();
foreach ($dbname2searchTerm as $dbname=>$term) { foreach ($dbname2searchTerm as $dbname=>$term) {
$isRange = false; $isRange = false;
if (strstr($term, '~')) { if (strstr($term, '~')) {
@ -24,22 +25,27 @@ class Application_Model_Datatables
if ($isRange) { if ($isRange) {
$sub = array(); $sub = array();
if ($input1 != null) { if ($input1 != null) {
$sub[] = $dbname." >= '".$input1."'"; $sub[] = $dbname." >= :" . $dbname . "1";
} }
if ($input2 != null) { if ($input2 != null) {
$sub[] = $dbname." <= '".$input2."'"; $sub[] = $dbname." <= :" . $dbname . "2";
} }
if (!empty($sub)) { if (!empty($sub)) {
$where[] = "(".implode(' AND ', $sub).")"; $where['clause'][$dbname] = "(".implode(' AND ', $sub).")";
$where['params'][$dbname."1"] = $input1;
if ($input2 != null) {
$where['params'][$dbname."2"] = $input2;
}
} }
} else { } else {
if (trim($input1) !== "") { if (trim($input1) !== "") {
$where[] = $dbname." ILIKE "."'%".$input1."%'"; $where['clause'][$dbname] = $dbname." ILIKE :" . $dbname."1";
$where['params'][$dbname."1"] = "%".$input1."%";
} }
} }
} }
return implode(" AND ", $where); return $where;
} }
/* /*
* query used to return data for a paginated/searchable datatable. * query used to return data for a paginated/searchable datatable.
@ -73,10 +79,15 @@ class Application_Model_Datatables
} }
$where = array(); $where = array();
/* Holds the parameters for binding after the
* statement has been prepared
*/
$params = array();
$advancedWhere = self::buildWhereClauseForAdvancedSearch($dbname2searchTerm); $advancedWhere = self::buildWhereClauseForAdvancedSearch($dbname2searchTerm);
if ($advancedWhere != "") { if (!empty($advancedWhere['clause'])) {
$where[] = $advancedWhere; $where[] = join(" AND ", $advancedWhere['clause']);
$params = $advancedWhere['params'];
} }
if ($data["sSearch"] !== "") { if ($data["sSearch"] !== "") {
@ -99,17 +110,19 @@ class Application_Model_Datatables
} }
$outerCond = array(); $outerCond = array();
$simpleWhere = array();
foreach ($searchTerms as $term) { foreach ($searchTerms as $term) {
$innerCond = array(); $innerCond = array();
foreach ($searchCols as $col) { foreach ($searchCols as $col) {
$escapedTerm = pg_escape_string($term); $simpleWhere['clause']["simple_".$col] = "{$col}::text ILIKE :simple_".$col;
$innerCond[] = "{$col}::text ILIKE '%{$escapedTerm}%'"; $simpleWhere['params']["simple_".$col] = "%".$term."%";
} }
$outerCond[] = "(".join(" OR ", $innerCond).")"; $outerCond[] = "(".implode(" OR ", $simpleWhere['clause']).")";
} }
$where[] = "(".join(" AND ", $outerCond).")"; $where[] = "(" .implode(" AND ", $outerCond). ")";
$params = array_merge($params, $simpleWhere['params']);
} }
// End Where clause // End Where clause
@ -124,8 +137,10 @@ class Application_Model_Datatables
// End Order By clause // End Order By clause
$displayLength = intval($data["iDisplayLength"]); $displayLength = intval($data["iDisplayLength"]);
$needToBind = false;
if (count($where) > 0) { if (count($where) > 0) {
$where = join(" AND ", $where); $needToBind = true;
$where = join(" OR ", $where);
$sql = $selectorCount." FROM ".$fromTable." WHERE ".$where; $sql = $selectorCount." FROM ".$fromTable." WHERE ".$where;
$sqlTotalDisplayRows = $sql; $sqlTotalDisplayRows = $sql;
@ -149,15 +164,41 @@ class Application_Model_Datatables
$totalRows = $r->fetchColumn(0); $totalRows = $r->fetchColumn(0);
if (isset($sqlTotalDisplayRows)) { if (isset($sqlTotalDisplayRows)) {
$r = $con->query($sqlTotalDisplayRows); $stmt = $con->prepare($sqlTotalDisplayRows);
$totalDisplayRows = $r->fetchColumn(0); foreach($params as $param=>&$value) {
$stmt->bindParam(":$param", $value);
}
if ($stmt->execute()) {
$totalDisplayRows = $stmt->fetchColumn(0);
} else {
$msg = implode(',', $stmt->errorInfo());
throw new Exception("Error: $msg");
}
} else { } else {
$totalDisplayRows = $totalRows; $totalDisplayRows = $totalRows;
} }
$r = $con->query($sql); //TODO
$r->setFetchMode(PDO::FETCH_ASSOC); if ($needToBind) {
$results = $r->fetchAll(); $stmt = $con->prepare($sql);
foreach($params as $param=>&$value) {
$stmt->bindParam(":$param", $value);
}
if ($stmt->execute()) {
$stmt->setFetchMode(PDO::FETCH_ASSOC);
$results = $stmt->fetchAll();
} else {
$msg = implode(',', $stmt->errorInfo());
throw new Exception("Error: $msg");
}
} else {
$stmt = $con->query($sql);
$stmt->setFetchMode(PDO::FETCH_ASSOC);
$results = $stmt->fetchAll();
}
// we need to go over all items and fix length for playlist // we need to go over all items and fix length for playlist
// in case the playlist contains dynamic block // in case the playlist contains dynamic block
foreach ($results as &$r) { foreach ($results as &$r) {