Project

General

Profile

Download (4.63 KB)

Bug #22104 » 13504_core.diff

Administrator Admin, 2010-02-10 21:16

View differences:

t3lib/class.t3lib_sqlparser.php (working copy)
// Finding starting keyword of string:
$_parseString = $parseString; // Protecting original string...
$keyword = $this->nextPart($_parseString, '^(SELECT|UPDATE|INSERT[[:space:]]+INTO|DELETE[[:space:]]+FROM|EXPLAIN|DROP[[:space:]]+TABLE|CREATE[[:space:]]+TABLE|CREATE[[:space:]]+DATABASE|ALTER[[:space:]]+TABLE)[[:space:]]+');
$keyword = $this->nextPart($_parseString, '^(SELECT|UPDATE|INSERT[[:space:]]+INTO|DELETE[[:space:]]+FROM|EXPLAIN|DROP[[:space:]]+TABLE|CREATE[[:space:]]+TABLE|CREATE[[:space:]]+DATABASE|ALTER[[:space:]]+TABLE|TRUNCATE[[:space:]]+TABLE)[[:space:]]+');
$keyword = strtoupper(str_replace(array(' ',"\t","\r","\n"),'',$keyword));
switch($keyword) {
......
// Parsing CREATE DATABASE query:
$result = $this->parseCREATEDATABASE($parseString);
break;
case 'TRUNCATETABLE':
// Parsing TRUNCATE TABLE query:
$result = $this->parseTRUNCATETABLE($parseString);
break;
default:
$result = $this->parseError('"'.$keyword.'" is not a keyword',$parseString);
break;
......
} else return $this->parseError('No database found!',$parseString);
}
/**
* Parsing TRUNCATE TABLE query
*
* @param string SQL string starting with TRUNCATE TABLE
* @return mixed Returns array with components of TRUNCATE TABLE query on success, otherwise an error message string.
*/
protected function parseTRUNCATETABLE($parseString) {
// Removing TRUNCATE TABLE
$parseString = $this->trimSQL($parseString);
$parseString = ltrim(substr(ltrim(substr($parseString, 8)), 5));
// Init output variable:
$result = array();
$result['type'] = 'TRUNCATETABLE';
// Get table:
$result['TABLE'] = $this->nextPart($parseString, '^([[:alnum:]_]+)[[:space:]]+');
if ($result['TABLE']) {
// Should be no more content now:
if ($parseString) {
return $this->parseError('Still content in clause after parsing!', $parseString);
}
return $result;
} else {
return $this->parseError('No table found!', $parseString);
}
}
......
/**************************************
*
* SQL Parsing, helper functions for parts of queries
......
case 'ALTERTABLE':
$query = $this->compileALTERTABLE($components);
break;
case 'TRUNCATETABLE':
$query = $this->compileTRUNCATETABLE($components);
break;
}
return $query;
......
return $query;
}
/**
* Compiles a TRUNCATE TABLE statement from components array
*
* @param array Array of SQL query components
* @return string SQL TRUNCATE TABLE query
* @see parseTRUNCATETABLE()
*/
protected function compileTRUNCATETABLE(array $components) {
// Make query:
$query = 'TRUNCATE TABLE ' . $components['TABLE'];
// Return query
return $query;
}
......
/**************************************
*
* Compiling queries, helper functions for parts of queries
t3lib/class.t3lib_db.php (working copy)
return $count;
}
/**
* Truncates a table.
*
* @param string Database tablename
* @return mixed Result from handler
*/
public function exec_TRUNCATETABLEquery($table) {
$res = mysql_query($this->TRUNCATETABLEquery($table), $this->link);
if ($this->debugOutput) {
$this->debug('exec_TRUNCATETABLEquery');
}
return $res;
}
......
/**************************************
*
* Query building
......
}
/**
* Creates a TRUNCATE TABLE SQL-statement
*
* @param string See exec_TRUNCATETABLEquery()
* @return string Full SQL query for TRUNCATE TABLE
*/
public function TRUNCATETABLEquery($table) {
// Table should be "SQL-injection-safe" when supplied to this function
// Build basic query:
$query = 'TRUNCATE TABLE ' . $table;
// Return query:
if ($this->debugOutput || $this->store_lastBuiltQuery) {
$this->debug_lastBuiltQuery = $query;
}
return $query;
}
/**
* Returns a WHERE clause that can find a value ($value) in a list field ($field)
* For instance a record in the database might contain a list of numbers,
* "34,234,5" (with no spaces between). This query would be able to select that
(2-2/5)