anewt-developers team mailing list archive

[noreply@xxxxxxxxxxxxx]

------------------------------------------------------------
revno: 1813
committer: Wouter Bolsterlee <uws@xxxxxxxxx>
branch nick: anewt
timestamp: Thu 2011-03-17 13:59:10 +0100
message:
  [autorecord] Don't fill SQL templates too early
  
  AnewtAutoRecord::db_find_*_by_sql() with an associative
  array for the $sql parameter allows for extra SELECT and
  JOIN parts in the query. The code incorrectly assumed query
  placeholders only occurred in the WHERE, ORDER BY, LIMIT,
  and OFFSET clauses, and not in the extra SELECT or JOIN
  clauses. An example case where this causes problems is when
  variable table names are used in JOIN clauses.
  
  With this change the placeholders are filled as the final
  step when building the SQL string. This means placeholders
  can now occur anywhere in the query, so that e.g. variable
  table or column names for which the name is provided in the
  $values array now work as expected.
modified:
  autorecord/autorecord.lib.php


--
lp:anewt
https://code.launchpad.net/~uws/anewt/anewt.uws

Your team Anewt developers is subscribed to branch lp:anewt.
To unsubscribe from this branch go to https://code.launchpad.net/~uws/anewt/anewt.uws/+edit-subscription

=== modified file 'autorecord/autorecord.lib.php'
--- autorecord/autorecord.lib.php	2010-11-05 13:41:47 +0000
+++ autorecord/autorecord.lib.php	2011-03-17 12:59:10 +0000
@@ -934,13 +934,10 @@
 
 			/* Combine */
 
-			$sql_parts_combined =
-				$connection->create_sql_template(join(' ', $sql_parts))
+			$sql_full = $connection->create_sql_template(sprintf(
+				'SELECT %s FROM %s %s;',
+				$sql_select, $sql_from, join(' ', $sql_parts)))
 				->fillv($values);
-
-			$sql_full =
-				$connection->create_sql_template('SELECT ?raw? FROM ?raw? ?raw?;')
-				->fill($sql_select, $sql_from, $sql_parts_combined);
 		}