Fixes for better filtering of variables in querys. Added a new method for filtered querys added
This commit is contained in:
Antonio de la Rosa
parent
40719f8931
commit
7aa56b006d
1 changed files with 40 additions and 10 deletions
|
|
@ -705,6 +705,21 @@ class Webmodel {
|
||||||
return SQLClass::webtsys_query($sql_query, $this->db_selected);
|
return SQLClass::webtsys_query($sql_query, $this->db_selected);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method is used for make string queries with filter.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
public function execute($sql_query, $values)
|
||||||
|
{
|
||||||
|
|
||||||
|
$this->set_phango_connection();
|
||||||
|
|
||||||
|
$sql_query=$this->filter_query([$sql_query, $values]);
|
||||||
|
|
||||||
|
return SQLClass::webtsys_query($sql_query, $this->db_selected);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Method for add conditions to sql operations in this model
|
* Method for add conditions to sql operations in this model
|
||||||
*
|
*
|
||||||
|
|
@ -718,7 +733,22 @@ class Webmodel {
|
||||||
|
|
||||||
$str_conditions=$this->conditions;
|
$str_conditions=$this->conditions;
|
||||||
|
|
||||||
$args=$this->args;
|
$this->conditions=$this->filter_query($conditions);
|
||||||
|
|
||||||
|
//$this->order_by=$order_by;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Method for filter a query or part
|
||||||
|
*
|
||||||
|
* @param array $conditions An array with two elements. The first element define the where statement where the values are marked with ? symbol. The real values are saved in second element of the array. The behaviour is similar to python sql statements or PDO.
|
||||||
|
* @example ['WHERE name=? and lastname=?', ['Anthony', 'Smith']]
|
||||||
|
* @warning Use an string for conditions is deprecated, use the array type.
|
||||||
|
*/
|
||||||
|
|
||||||
|
public function filter_query($conditions)
|
||||||
|
{
|
||||||
|
|
||||||
$raw_query=0;
|
$raw_query=0;
|
||||||
|
|
||||||
|
|
@ -824,22 +854,20 @@ class Webmodel {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->conditions=trim(implode(' ', $arr_conditions));
|
return trim(implode(' ', $arr_conditions));
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
||||||
$this->conditions=trim($str_conditions);
|
return trim($str_conditions);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
//$this->order_by=$order_by;
|
}
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Method for set the order in query
|
* Method for set the order in query
|
||||||
|
|
@ -1876,10 +1904,12 @@ class Webmodel {
|
||||||
* @param string $value The query string to escape.
|
* @param string $value The query string to escape.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
static public function escape_string($value)
|
public function escape_string($value)
|
||||||
{
|
{
|
||||||
|
|
||||||
return addslashes($value);
|
$this->connect_to_db();
|
||||||
|
|
||||||
|
return SQLClass::webtsys_escape_string($value, $this->db_selected);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue