Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
597082a1
Commit
597082a1
authored
Mar 30, 2013
by
Qiang Xue
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Automatic table and column name quoting.
parent
2dbfda65
Show whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
36 additions
and
47 deletions
+36
-47
DbCache.php
framework/caching/DbCache.php
+3
-3
Command.php
framework/db/Command.php
+2
-23
Connection.php
framework/db/Connection.php
+22
-12
Schema.php
framework/db/Schema.php
+5
-5
DbTarget.php
framework/logging/DbTarget.php
+2
-1
DbSession.php
framework/web/DbSession.php
+2
-2
ConnectionTest.php
tests/unit/framework/db/ConnectionTest.php
+0
-1
No files found.
framework/caching/DbCache.php
View file @
597082a1
...
@@ -99,7 +99,7 @@ class DbCache extends Cache
...
@@ -99,7 +99,7 @@ class DbCache extends Cache
$query
=
new
Query
;
$query
=
new
Query
;
$query
->
select
(
array
(
'data'
))
$query
->
select
(
array
(
'data'
))
->
from
(
$this
->
cacheTable
)
->
from
(
$this
->
cacheTable
)
->
where
(
'
id = :id AND (expire = 0 OR expire
>'
.
time
()
.
')'
,
array
(
':id'
=>
$key
));
->
where
(
'
[[id]] = :id AND ([[expire]] = 0 OR [[expire]]
>'
.
time
()
.
')'
,
array
(
':id'
=>
$key
));
if
(
$this
->
db
->
enableQueryCache
)
{
if
(
$this
->
db
->
enableQueryCache
)
{
// temporarily disable and re-enable query caching
// temporarily disable and re-enable query caching
$this
->
db
->
enableQueryCache
=
false
;
$this
->
db
->
enableQueryCache
=
false
;
...
@@ -125,7 +125,7 @@ class DbCache extends Cache
...
@@ -125,7 +125,7 @@ class DbCache extends Cache
$query
->
select
(
array
(
'id'
,
'data'
))
$query
->
select
(
array
(
'id'
,
'data'
))
->
from
(
$this
->
cacheTable
)
->
from
(
$this
->
cacheTable
)
->
where
(
array
(
'id'
=>
$keys
))
->
where
(
array
(
'id'
=>
$keys
))
->
andWhere
(
'(
expire = 0 OR expire
> '
.
time
()
.
')'
);
->
andWhere
(
'(
[[expire]] = 0 OR [[expire]]
> '
.
time
()
.
')'
);
if
(
$this
->
db
->
enableQueryCache
)
{
if
(
$this
->
db
->
enableQueryCache
)
{
$this
->
db
->
enableQueryCache
=
false
;
$this
->
db
->
enableQueryCache
=
false
;
...
@@ -227,7 +227,7 @@ class DbCache extends Cache
...
@@ -227,7 +227,7 @@ class DbCache extends Cache
{
{
if
(
$force
||
mt_rand
(
0
,
1000000
)
<
$this
->
gcProbability
)
{
if
(
$force
||
mt_rand
(
0
,
1000000
)
<
$this
->
gcProbability
)
{
$this
->
db
->
createCommand
()
$this
->
db
->
createCommand
()
->
delete
(
$this
->
cacheTable
,
'
expire > 0 AND expire
< '
.
time
())
->
delete
(
$this
->
cacheTable
,
'
[[expire]] > 0 AND [[expire]]
< '
.
time
())
->
execute
();
->
execute
();
}
}
}
}
...
...
framework/db/Command.php
View file @
597082a1
...
@@ -84,42 +84,21 @@ class Command extends \yii\base\Component
...
@@ -84,42 +84,21 @@ class Command extends \yii\base\Component
/**
/**
* Specifies the SQL statement to be executed.
* Specifies the SQL statement to be executed.
*
Any previous execution will be terminated or cancelled
.
*
The previous SQL execution (if any) will be cancelled, and [[params]] will be cleared as well
.
* @param string $sql the SQL statement to be set.
* @param string $sql the SQL statement to be set.
* @return Command this command instance
* @return Command this command instance
*/
*/
public
function
setSql
(
$sql
)
public
function
setSql
(
$sql
)
{
{
if
(
$sql
!==
$this
->
_sql
)
{
if
(
$sql
!==
$this
->
_sql
)
{
if
(
$this
->
db
->
enableAutoQuoting
&&
$sql
!=
''
)
{
$sql
=
$this
->
expandSql
(
$sql
);
}
$this
->
cancel
();
$this
->
cancel
();
$this
->
_sql
=
$
sql
;
$this
->
_sql
=
$
this
->
db
->
quoteSql
(
$sql
)
;
$this
->
_params
=
array
();
$this
->
_params
=
array
();
}
}
return
$this
;
return
$this
;
}
}
/**
/**
* Expands a SQL statement by quoting table and column names and replacing table prefixes.
* @param string $sql the SQL to be expanded
* @return string the expanded SQL
*/
protected
function
expandSql
(
$sql
)
{
$db
=
$this
->
db
;
return
preg_replace_callback
(
'/(\\{\\{(.*?)\\}\\}|\\[\\[(.*?)\\]\\])/'
,
function
(
$matches
)
use
(
$db
)
{
if
(
isset
(
$matches
[
3
]))
{
return
$db
->
quoteColumnName
(
$matches
[
3
]);
}
else
{
$name
=
str_replace
(
'%'
,
$db
->
tablePrefix
,
$matches
[
2
]);
return
$db
->
quoteTableName
(
$name
);
}
},
$sql
);
}
/**
* Prepares the SQL statement to be executed.
* Prepares the SQL statement to be executed.
* For complex SQL statement that is to be executed multiple times,
* For complex SQL statement that is to be executed multiple times,
* this may improve performance.
* this may improve performance.
...
...
framework/db/Connection.php
View file @
597082a1
...
@@ -223,21 +223,10 @@ class Connection extends Component
...
@@ -223,21 +223,10 @@ class Connection extends Component
* @var string the common prefix or suffix for table names. If a table name is given
* @var string the common prefix or suffix for table names. If a table name is given
* as `{{%TableName}}`, then the percentage character `%` will be replaced with this
* as `{{%TableName}}`, then the percentage character `%` will be replaced with this
* property value. For example, `{{%post}}` becomes `{{tbl_post}}` if this property is
* property value. For example, `{{%post}}` becomes `{{tbl_post}}` if this property is
* set as `"tbl_"`. Note that this property is only effective when [[enableAutoQuoting]]
* set as `"tbl_"`.
* is true.
* @see enableAutoQuoting
*/
*/
public
$tablePrefix
;
public
$tablePrefix
;
/**
/**
* @var boolean whether to enable automatic quoting of table names and column names.
* Defaults to true. When this property is true, any token enclosed within double curly brackets
* (e.g. `{{post}}`) in a SQL statement will be treated as a table name and will be quoted
* accordingly when the SQL statement is executed; and any token enclosed within double square
* brackets (e.g. `[[name]]`) will be treated as a column name and quoted accordingly.
* @see tablePrefix
*/
public
$enableAutoQuoting
=
true
;
/**
* @var array mapping between PDO driver names and [[Schema]] classes.
* @var array mapping between PDO driver names and [[Schema]] classes.
* The keys of the array are PDO driver names while the values the corresponding
* The keys of the array are PDO driver names while the values the corresponding
* schema class name or configuration. Please refer to [[\Yii::createObject()]] for
* schema class name or configuration. Please refer to [[\Yii::createObject()]] for
...
@@ -518,6 +507,27 @@ class Connection extends Component
...
@@ -518,6 +507,27 @@ class Connection extends Component
}
}
/**
/**
* Processes a SQL statement by quoting table and column names that are enclosed within double brackets.
* Tokens enclosed within double curly brackets are treated as table names, while
* tokens enclosed within double square brackets are column names. They will be quoted accordingly.
* Also, the percentage character "%" in a table name will be replaced with [[tablePrefix]].
* @param string $sql the SQL to be quoted
* @return string the quoted SQL
*/
public
function
quoteSql
(
$sql
)
{
$db
=
$this
;
return
preg_replace_callback
(
'/(\\{\\{([\w\-\. ]+)\\}\\}|\\[\\[([\w\-\. ]+)\\]\\])/'
,
function
(
$matches
)
use
(
$db
)
{
if
(
isset
(
$matches
[
3
]))
{
return
$db
->
quoteColumnName
(
$matches
[
3
]);
}
else
{
return
str_replace
(
'%'
,
$this
->
tablePrefix
,
$db
->
quoteTableName
(
$matches
[
2
]));
}
},
$sql
);
}
/**
* Returns the name of the DB driver for the current [[dsn]].
* Returns the name of the DB driver for the current [[dsn]].
* @return string name of the DB driver
* @return string name of the DB driver
*/
*/
...
...
framework/db/Schema.php
View file @
597082a1
...
@@ -248,7 +248,7 @@ abstract class Schema extends \yii\base\Object
...
@@ -248,7 +248,7 @@ abstract class Schema extends \yii\base\Object
/**
/**
* Quotes a table name for use in a query.
* Quotes a table name for use in a query.
* If the table name contains schema prefix, the prefix will also be properly quoted.
* If the table name contains schema prefix, the prefix will also be properly quoted.
* If the table name is already quoted or contains
special characters including '(', '[[' and
'{{',
* If the table name is already quoted or contains
'(' or
'{{',
* then this method will do nothing.
* then this method will do nothing.
* @param string $name table name
* @param string $name table name
* @return string the properly quoted table name
* @return string the properly quoted table name
...
@@ -256,7 +256,7 @@ abstract class Schema extends \yii\base\Object
...
@@ -256,7 +256,7 @@ abstract class Schema extends \yii\base\Object
*/
*/
public
function
quoteTableName
(
$name
)
public
function
quoteTableName
(
$name
)
{
{
if
(
strpos
(
$name
,
'('
)
!==
false
||
strpos
(
$name
,
'
[['
)
!==
false
||
strpos
(
$name
,
'
{{'
)
!==
false
)
{
if
(
strpos
(
$name
,
'('
)
!==
false
||
strpos
(
$name
,
'{{'
)
!==
false
)
{
return
$name
;
return
$name
;
}
}
if
(
strpos
(
$name
,
'.'
)
===
false
)
{
if
(
strpos
(
$name
,
'.'
)
===
false
)
{
...
@@ -273,7 +273,7 @@ abstract class Schema extends \yii\base\Object
...
@@ -273,7 +273,7 @@ abstract class Schema extends \yii\base\Object
/**
/**
* Quotes a column name for use in a query.
* Quotes a column name for use in a query.
* If the column name contains prefix, the prefix will also be properly quoted.
* If the column name contains prefix, the prefix will also be properly quoted.
* If the column name is already quoted or contains
special characters including '(', '[[' and
'{{',
* If the column name is already quoted or contains
'(', '[[' or
'{{',
* then this method will do nothing.
* then this method will do nothing.
* @param string $name column name
* @param string $name column name
* @return string the properly quoted column name
* @return string the properly quoted column name
...
@@ -320,13 +320,13 @@ abstract class Schema extends \yii\base\Object
...
@@ -320,13 +320,13 @@ abstract class Schema extends \yii\base\Object
/**
/**
* Returns the real name of a table name.
* Returns the real name of a table name.
* This method will strip off curly brackets from the given table name
* This method will strip off curly brackets from the given table name
* and replace the percentage character
in the name
with [[Connection::tablePrefix]].
* and replace the percentage character
'%'
with [[Connection::tablePrefix]].
* @param string $name the table name to be converted
* @param string $name the table name to be converted
* @return string the real name of the given table name
* @return string the real name of the given table name
*/
*/
public
function
getRealTableName
(
$name
)
public
function
getRealTableName
(
$name
)
{
{
if
(
$this
->
db
->
enableAutoQuoting
&&
strpos
(
$name
,
'{{'
)
!==
false
)
{
if
(
strpos
(
$name
,
'{{'
)
!==
false
)
{
$name
=
preg_replace
(
'/\\{\\{(.*?)\\}\\}/'
,
'\1'
,
$name
);
$name
=
preg_replace
(
'/\\{\\{(.*?)\\}\\}/'
,
'\1'
,
$name
);
return
str_replace
(
'%'
,
$this
->
db
->
tablePrefix
,
$name
);
return
str_replace
(
'%'
,
$this
->
db
->
tablePrefix
,
$name
);
}
else
{
}
else
{
...
...
framework/logging/DbTarget.php
View file @
597082a1
...
@@ -78,7 +78,8 @@ class DbTarget extends Target
...
@@ -78,7 +78,8 @@ class DbTarget extends Target
public
function
export
(
$messages
)
public
function
export
(
$messages
)
{
{
$tableName
=
$this
->
db
->
quoteTableName
(
$this
->
logTable
);
$tableName
=
$this
->
db
->
quoteTableName
(
$this
->
logTable
);
$sql
=
"INSERT INTO
$tableName
(level, category, log_time, message) VALUES (:level, :category, :log_time, :message)"
;
$sql
=
"INSERT INTO
$tableName
([[level]], [[category]], [[log_time]], [[message]])
VALUES (:level, :category, :log_time, :message)"
;
$command
=
$this
->
db
->
createCommand
(
$sql
);
$command
=
$this
->
db
->
createCommand
(
$sql
);
foreach
(
$messages
as
$message
)
{
foreach
(
$messages
as
$message
)
{
$command
->
bindValues
(
array
(
$command
->
bindValues
(
array
(
...
...
framework/web/DbSession.php
View file @
597082a1
...
@@ -144,7 +144,7 @@ class DbSession extends Session
...
@@ -144,7 +144,7 @@ class DbSession extends Session
$query
=
new
Query
;
$query
=
new
Query
;
$data
=
$query
->
select
(
array
(
'data'
))
$data
=
$query
->
select
(
array
(
'data'
))
->
from
(
$this
->
sessionTable
)
->
from
(
$this
->
sessionTable
)
->
where
(
'
expire>:expire AND id
=:id'
,
array
(
':expire'
=>
time
(),
':id'
=>
$id
))
->
where
(
'
[[expire]]>:expire AND [[id]]
=:id'
,
array
(
':expire'
=>
time
(),
':id'
=>
$id
))
->
createCommand
(
$this
->
db
)
->
createCommand
(
$this
->
db
)
->
queryScalar
();
->
queryScalar
();
return
$data
===
false
?
''
:
$data
;
return
$data
===
false
?
''
:
$data
;
...
@@ -214,7 +214,7 @@ class DbSession extends Session
...
@@ -214,7 +214,7 @@ class DbSession extends Session
public
function
gcSession
(
$maxLifetime
)
public
function
gcSession
(
$maxLifetime
)
{
{
$this
->
db
->
createCommand
()
$this
->
db
->
createCommand
()
->
delete
(
$this
->
sessionTable
,
'
expire
<:expire'
,
array
(
':expire'
=>
time
()))
->
delete
(
$this
->
sessionTable
,
'
[[expire]]
<:expire'
,
array
(
':expire'
=>
time
()))
->
execute
();
->
execute
();
return
true
;
return
true
;
}
}
...
...
tests/unit/framework/db/ConnectionTest.php
View file @
597082a1
...
@@ -59,7 +59,6 @@ class ConnectionTest extends \yiiunit\MysqlTestCase
...
@@ -59,7 +59,6 @@ class ConnectionTest extends \yiiunit\MysqlTestCase
$this
->
assertEquals
(
'`table`'
,
$connection
->
quoteTableName
(
'`table`'
));
$this
->
assertEquals
(
'`table`'
,
$connection
->
quoteTableName
(
'`table`'
));
$this
->
assertEquals
(
'`schema`.`table`'
,
$connection
->
quoteTableName
(
'schema.table'
));
$this
->
assertEquals
(
'`schema`.`table`'
,
$connection
->
quoteTableName
(
'schema.table'
));
$this
->
assertEquals
(
'`schema`.`table`'
,
$connection
->
quoteTableName
(
'schema.`table`'
));
$this
->
assertEquals
(
'`schema`.`table`'
,
$connection
->
quoteTableName
(
'schema.`table`'
));
$this
->
assertEquals
(
'[[table]]'
,
$connection
->
quoteTableName
(
'[[table]]'
));
$this
->
assertEquals
(
'{{table}}'
,
$connection
->
quoteTableName
(
'{{table}}'
));
$this
->
assertEquals
(
'{{table}}'
,
$connection
->
quoteTableName
(
'{{table}}'
));
$this
->
assertEquals
(
'(table)'
,
$connection
->
quoteTableName
(
'(table)'
));
$this
->
assertEquals
(
'(table)'
,
$connection
->
quoteTableName
(
'(table)'
));
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment