mirror/php-dibi
1
0
Fork 0
mirror of https://github.com/dg/dibi.git synced 2025-08-05 05:37:39 +02:00
Code Issues Releases Wiki Activity

reflectors: table names are correctly escaped

Browse Source
This commit is contained in:
David Grudl
2012-12-04 14:35:53 +01:00
parent 865e44c30f
commit d09e490f1b
4 changed files with 17 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
dibi/drivers/mssql.reflector.php
View File

@@ -65,18 +65,16 @@ class DibiMsSqlReflector extends DibiObject implements IDibiReflector
if (empty($table)) { if (empty($table)) {
return false; return false;
} }
$table = $this->driver->escape($table, dibi::TEXT);
$result = $this->driver->query(" $result = $this->driver->query("
SELECT MAX(rowcnt) SELECT MAX(rowcnt)
FROM sys.sysindexes FROM sys.sysindexes
WHERE id=OBJECT_ID({$table}) WHERE id=OBJECT_ID({$this->driver->escape($table, dibi::IDENTIFIER)})
"); ");
$row = $result->fetch(FALSE); $row = $result->fetch(FALSE);
if (!is_array($row) || count($row) < 1) { if (!is_array($row) || count($row) < 1) {
if ($fallback) { if ($fallback) {
$row = $this->driver->query("SELECT COUNT(*) FROM {$table}")->fetch(FALSE); $row = $this->driver->query("SELECT COUNT(*) FROM {$this->driver->escape($table, dibi::IDENTIFIER)}")->fetch(FALSE);
$count = intval($row[0]); $count = intval($row[0]);
} else { } else {
$count = false; $count = false;
@@ -100,7 +98,7 @@ class DibiMsSqlReflector extends DibiObject implements IDibiReflector
$res = $this->driver->query(" $res = $this->driver->query("
SELECT * FROM SELECT * FROM
INFORMATION_SCHEMA.COLUMNS INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_NAME = '{$table}' WHERE TABLE_NAME = {$this->driver->escape($table, dibi::TEXT)}
ORDER BY TABLE_NAME, ORDINAL_POSITION ORDER BY TABLE_NAME, ORDINAL_POSITION
"); ");
$columns = array(); $columns = array();
@@ -148,8 +146,6 @@ class DibiMsSqlReflector extends DibiObject implements IDibiReflector
*/ */
public function getIndexes($table) public function getIndexes($table)
{ {
$table = $this->driver->escape($table, dibi::TEXT);
$res = $this->driver->query( $res = $this->driver->query(
"SELECT ind.name index_name, ind.index_id, ic.index_column_id, "SELECT ind.name index_name, ind.index_id, ic.index_column_id,
col.name column_name, ind.is_unique, ind.is_primary_key col.name column_name, ind.is_unique, ind.is_primary_key
@@ -160,7 +156,7 @@ class DibiMsSqlReflector extends DibiObject implements IDibiReflector
(ic.object_id = col.object_id and ic.column_id = col.column_id) (ic.object_id = col.object_id and ic.column_id = col.column_id)
INNER JOIN sys.tables t ON INNER JOIN sys.tables t ON
(ind.object_id = t.object_id) (ind.object_id = t.object_id)
WHERE t.name = {$table} WHERE t.name = {$this->driver->escape($table, dibi::TEXT)}
AND t.is_ms_shipped = 0 AND t.is_ms_shipped = 0
ORDER BY ORDER BY
t.name, ind.name, ind.index_id, ic.index_column_id t.name, ind.name, ind.index_id, ic.index_column_id
@@ -192,8 +188,6 @@ class DibiMsSqlReflector extends DibiObject implements IDibiReflector
*/ */
public function getForeignKeys($table) public function getForeignKeys($table)
{ {
$table = $this->driver->escape($table, dibi::TEXT);
$res = $this->driver->query(" $res = $this->driver->query("
SELECT f.name AS foreign_key, SELECT f.name AS foreign_key,
OBJECT_NAME(f.parent_object_id) AS table_name, OBJECT_NAME(f.parent_object_id) AS table_name,
@@ -206,7 +200,7 @@ class DibiMsSqlReflector extends DibiObject implements IDibiReflector
FROM sys.foreign_keys AS f FROM sys.foreign_keys AS f
INNER JOIN sys.foreign_key_columns AS fc INNER JOIN sys.foreign_key_columns AS fc
ON f.OBJECT_ID = fc.constraint_object_id ON f.OBJECT_ID = fc.constraint_object_id
WHERE OBJECT_NAME(f.parent_object_id)={$table} WHERE OBJECT_NAME(f.parent_object_id) = {$this->driver->escape($table, dibi::TEXT)}
"); ");
$keys = array(); $keys = array();

6
dibi/drivers/mssql2005.reflector.php
View File

@@ -70,7 +70,7 @@ class DibiMssql2005Reflector extends DibiObject implements IDibiReflector
And TC.CONSTRAINT_TYPE = 'PRIMARY KEY' And TC.CONSTRAINT_TYPE = 'PRIMARY KEY'
And CCU.COLUMN_NAME = C.COLUMN_NAME And CCU.COLUMN_NAME = C.COLUMN_NAME
) As Z ) As Z
WHERE C.TABLE_NAME = '$table'" WHERE C.TABLE_NAME = {$this->driver->escape($table, dibi::TEXT)}"
); );
$columns = array(); $columns = array();
while ($row = $res->fetch(TRUE)) { while ($row = $res->fetch(TRUE)) {
@@ -98,13 +98,13 @@ class DibiMssql2005Reflector extends DibiObject implements IDibiReflector
*/ */
public function getIndexes($table) public function getIndexes($table)
{ {
$keyUsagesRes = $this->driver->query("SELECT * FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE WHERE TABLE_NAME = '$table'"); $keyUsagesRes = $this->driver->query("SELECT * FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE WHERE TABLE_NAME = {$this->driver->escape($table, dibi::TEXT)}");
$keyUsages = array(); $keyUsages = array();
while( $row = $keyUsagesRes->fetch(TRUE) ) { while( $row = $keyUsagesRes->fetch(TRUE) ) {
$keyUsages[$row['CONSTRAINT_NAME']][(int) $row['ORDINAL_POSITION'] - 1] = $row['COLUMN_NAME']; $keyUsages[$row['CONSTRAINT_NAME']][(int) $row['ORDINAL_POSITION'] - 1] = $row['COLUMN_NAME'];
} }
$res = $this->driver->query("SELECT * FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE TABLE_NAME = '$table'"); $res = $this->driver->query("SELECT * FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS WHERE TABLE_NAME = {$this->driver->escape($table, dibi::TEXT)}");
$indexes = array(); $indexes = array();
while ($row = $res->fetch(TRUE)) { while ($row = $res->fetch(TRUE)) {
$indexes[$row['CONSTRAINT_NAME']]['name'] = $row['CONSTRAINT_NAME']; $indexes[$row['CONSTRAINT_NAME']]['name'] = $row['CONSTRAINT_NAME'];

4
dibi/drivers/mysql.reflector.php
View File

@@ -68,7 +68,7 @@ class DibiMySqlReflector extends DibiObject implements IDibiReflector
FROM INFORMATION_SCHEMA.COLUMNS FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_NAME = $table AND TABLE_SCHEMA = DATABASE() WHERE TABLE_NAME = $table AND TABLE_SCHEMA = DATABASE()
");*/ ");*/
$res = $this->driver->query("SHOW FULL COLUMNS FROM `$table`"); $res = $this->driver->query("SHOW FULL COLUMNS FROM {$this->driver->escape($table, dibi::IDENTIFIER)}");
$columns = array(); $columns = array();
while ($row = $res->fetch(TRUE)) { while ($row = $res->fetch(TRUE)) {
$type = explode('(', $row['Type']); $type = explode('(', $row['Type']);
@@ -103,7 +103,7 @@ class DibiMySqlReflector extends DibiObject implements IDibiReflector
WHERE TABLE_NAME = $table AND TABLE_SCHEMA = DATABASE() WHERE TABLE_NAME = $table AND TABLE_SCHEMA = DATABASE()
AND REFERENCED_COLUMN_NAME IS NULL AND REFERENCED_COLUMN_NAME IS NULL
");*/ ");*/
$res = $this->driver->query("SHOW INDEX FROM `$table`"); $res = $this->driver->query("SHOW INDEX FROM {$this->driver->escape($table, dibi::IDENTIFIER)}");
$indexes = array(); $indexes = array();
while ($row = $res->fetch(TRUE)) { while ($row = $res->fetch(TRUE)) {
$indexes[$row['Key_name']]['name'] = $row['Key_name']; $indexes[$row['Key_name']]['name'] = $row['Key_name'];

14
dibi/drivers/sqlite.reflector.php
View File

@@ -60,12 +60,12 @@ class DibiSqliteReflector extends DibiObject implements IDibiReflector
public function getColumns($table) public function getColumns($table)
{ {
$meta = $this->driver->query(" $meta = $this->driver->query("
SELECT sql FROM sqlite_master WHERE type = 'table' AND name = '$table' SELECT sql FROM sqlite_master WHERE type = 'table' AND name = {$this->driver->escape($table, dibi::TEXT)}
UNION ALL UNION ALL
SELECT sql FROM sqlite_temp_master WHERE type = 'table' AND name = '$table'" SELECT sql FROM sqlite_temp_master WHERE type = 'table' AND name = {$this->driver->escape($table, dibi::TEXT)}
)->fetch(TRUE); ")->fetch(TRUE);
$res = $this->driver->query("PRAGMA table_info([$table])"); $res = $this->driver->query("PRAGMA table_info({$this->driver->escape($table, dibi::IDENTIFIER)})");
$columns = array(); $columns = array();
while ($row = $res->fetch(TRUE)) { while ($row = $res->fetch(TRUE)) {
$column = $row['name']; $column = $row['name'];
@@ -95,7 +95,7 @@ class DibiSqliteReflector extends DibiObject implements IDibiReflector
*/ */
public function getIndexes($table) public function getIndexes($table)
{ {
$res = $this->driver->query("PRAGMA index_list([$table])"); $res = $this->driver->query("PRAGMA index_list({$this->driver->escape($table, dibi::IDENTIFIER)})");
$indexes = array(); $indexes = array();
while ($row = $res->fetch(TRUE)) { while ($row = $res->fetch(TRUE)) {
$indexes[$row['name']]['name'] = $row['name']; $indexes[$row['name']]['name'] = $row['name'];
@@ -103,7 +103,7 @@ class DibiSqliteReflector extends DibiObject implements IDibiReflector
} }
foreach ($indexes as $index => $values) { foreach ($indexes as $index => $values) {
$res = $this->driver->query("PRAGMA index_info([$index])"); $res = $this->driver->query("PRAGMA index_info({$this->driver->escape($index, dibi::IDENTIFIER)})");
while ($row = $res->fetch(TRUE)) { while ($row = $res->fetch(TRUE)) {
$indexes[$index]['columns'][$row['seqno']] = $row['name']; $indexes[$index]['columns'][$row['seqno']] = $row['name'];
} }
@@ -150,7 +150,7 @@ class DibiSqliteReflector extends DibiObject implements IDibiReflector
if (!($this->driver instanceof DibiSqlite3Driver)) { if (!($this->driver instanceof DibiSqlite3Driver)) {
// throw new DibiNotSupportedException; // @see http://www.sqlite.org/foreignkeys.html // throw new DibiNotSupportedException; // @see http://www.sqlite.org/foreignkeys.html
} }
$res = $this->driver->query("PRAGMA foreign_key_list([$table])"); $res = $this->driver->query("PRAGMA foreign_key_list({$this->driver->escape($table, dibi::IDENTIFIER)})");
$keys = array(); $keys = array();
while ($row = $res->fetch(TRUE)) { while ($row = $res->fetch(TRUE)) {
$keys[$row['id']]['name'] = $row['id']; // foreign key name $keys[$row['id']]['name'] = $row['id']; // foreign key name