mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-03-14 04:30:15 +01:00
Code Issues Projects Releases Wiki Activity

MDL-29515 remove deprecated $DB->sql_ilike() and fix debug messages

Browse Source
This commit is contained in:
Petr Skoda 2012-03-17 19:20:25 +01:00
parent a2b30aa852
commit de640a2d3f
7 changed files with 5 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/dml/moodle_database.php
View File

@ -1851,23 +1851,6 @@ abstract class moodle_database {
return $text;
}
/**
* Returns the proper SQL to do LIKE in a case-insensitive way.
*
* Note the LIKE are case sensitive for Oracle. Oracle 10g is required to use
* the case insensitive search using regexp_like() or NLS_COMP=LINGUISTIC :-(
* See http://docs.moodle.org/en/XMLDB_Problems#Case-insensitive_searches
*
* @deprecated since Moodle 2.0 MDL-23925 - please do not use this function any more.
* @todo MDL-31280 to remove deprecated functions prior to 2.3 release.
* @return string Do not use this function!
* @see sql_like()
*/
public function sql_ilike() {
debugging('sql_ilike() is deprecated, please use sql_like() instead');
return 'LIKE';
}
/**
* Returns the proper SQL to do CONCAT between the elements(fieldnames) passed.
*

2
lib/dml/mssql_native_moodle_database.php
View File

@ -1137,7 +1137,7 @@ class mssql_native_moodle_database extends moodle_database {
*/
public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $notlike = false, $escapechar = '\\') {
if (strpos($param, '%') !== false) {
debugging('Potential SQL injection detected, sql_ilike() expects bound parameters (? or :named)');
debugging('Potential SQL injection detected, sql_like() expects bound parameters (? or :named)');
}
$collation = $this->get_collation();

2
lib/dml/mysqli_native_moodle_database.php
View File

@ -1176,7 +1176,7 @@ class mysqli_native_moodle_database extends moodle_database {
*/
public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $notlike = false, $escapechar = '\\') {
if (strpos($param, '%') !== false) {
debugging('Potential SQL injection detected, sql_ilike() expects bound parameters (? or :named)');
debugging('Potential SQL injection detected, sql_like() expects bound parameters (? or :named)');
}
$escapechar = $this->mysqli->real_escape_string($escapechar); // prevents problems with C-style escapes of enclosing '\'

2
lib/dml/oci_native_moodle_database.php
View File

@ -1541,7 +1541,7 @@ class oci_native_moodle_database extends moodle_database {
*/
public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $notlike = false, $escapechar = '\\') {
if (strpos($param, '%') !== false) {
debugging('Potential SQL injection detected, sql_ilike() expects bound parameters (? or :named)');
debugging('Potential SQL injection detected, sql_like() expects bound parameters (? or :named)');
}
$LIKE = $notlike ? 'NOT LIKE' : 'LIKE';

7
lib/dml/pgsql_native_moodle_database.php
View File

@ -1097,7 +1097,7 @@ class pgsql_native_moodle_database extends moodle_database {
*/
public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $notlike = false, $escapechar = '\\') {
if (strpos($param, '%') !== false) {
debugging('Potential SQL injection detected, sql_ilike() expects bound parameters (? or :named)');
debugging('Potential SQL injection detected, sql_like() expects bound parameters (? or :named)');
}
$escapechar = pg_escape_string($this->pgsql, $escapechar); // prevents problems with C-style escapes of enclosing '\'
@ -1110,11 +1110,6 @@ class pgsql_native_moodle_database extends moodle_database {
return "$fieldname $LIKE $param ESCAPE '$escapechar'";
}
public function sql_ilike() {
debugging('sql_ilike() is deprecated, please use sql_like() instead');
return 'ILIKE';
}
public function sql_bitxor($int1, $int2) {
return '((' . $int1 . ') # (' . $int2 . '))';
}

27
lib/dml/simpletest/testdml.php
View File

@ -3426,33 +3426,6 @@ class dml_test extends UnitTestCase {
//$this->assertEqual(count($records), 3, 'Accent insensitive LIKE searches may not be supported in all databases, this is not a problem.');
}
function test_sql_ilike() {
// note: this is deprecated, just make sure it does not throw error
$DB = $this->tdb;
$dbman = $DB->get_manager();
$table = $this->get_test_table();
$tablename = $table->getName();
$table->add_field('id', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, XMLDB_SEQUENCE, null);
$table->add_field('name', XMLDB_TYPE_CHAR, '255', null, null, null, null);
$table->add_key('primary', XMLDB_KEY_PRIMARY, array('id'));
$dbman->create_table($table);
$DB->insert_record($tablename, array('name'=>'SuperDuperRecord'));
$DB->insert_record($tablename, array('name'=>'NoDupor'));
$DB->insert_record($tablename, array('name'=>'ouch'));
// make sure it prints debug message
$this->enable_debugging();
$sql = "SELECT * FROM {{$tablename}} WHERE name ".$DB->sql_ilike()." ?";
$params = array("%dup_r%");
$this->assertFalse($this->get_debugging() === '');
// following must not throw exception, we ignore result
$DB->get_records_sql($sql, $params);
}
function test_coalesce() {
$DB = $this->tdb;

2
lib/dml/sqlsrv_native_moodle_database.php
View File

@ -1193,7 +1193,7 @@ class sqlsrv_native_moodle_database extends moodle_database {
*/
public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $notlike = false, $escapechar = '\\') {
if (strpos($param, '%') !== false) {
debugging('Potential SQL injection detected, sql_ilike() expects bound parameters (? or :named)');
debugging('Potential SQL injection detected, sql_like() expects bound parameters (? or :named)');
}
$collation = $this->get_collation();