Back to index

awl  0.53
Classes | Namespaces | Functions
DataUpdate.php File Reference

Go to the source code of this file.

Classes

class  DBRecord

Namespaces

namespace  awl
 Authentication handling class.

Functions

 sql_from_object ($obj, $type, $tablename, $where, $fprefix="")
 Build SQL INSERT/UPDATE statement from an associative array of fieldnames => values.
 sql_from_post ($type, $tablename, $where, $fprefix="")
 Build SQL INSERT/UPDATE statement from the $_POST associative array.

Function Documentation

sql_from_object ( obj,
type,
tablename,
where,
fprefix = "" 
)

Build SQL INSERT/UPDATE statement from an associative array of fieldnames => values.

Parameters:
array$objThe object of fieldnames => values.
string$typeThe word "update" or something else (which implies "insert").
string$tablenameThe name of the table being updated.
string$whereWhat the "WHERE ..." clause needs to be for an UPDATE statement.
string$fprefixAn optional string which all fieldnames in $assoc are prefixed with.
Returns:
string An SQL Update or Insert statement with all fields/values from the array.

Definition at line 28 of file DataUpdate.php.

                                                                           {
  $fields = get_fields($tablename);
  $update = strtolower($type) == "update";
  if ( $update )
    $sql = "UPDATE $tablename SET ";
  else
    $sql = "INSERT INTO $tablename (";

  $flst = "";
  $vlst = "";
  foreach( $fields as $fn => $typ ) {
    // $prefixed_fn = $fprefix . $fn;
    dbg_error_log( "DataUpdate", ":sql_from_object: %s => %s (%s)", $fn, $typ, (isset($obj->{$fn})?$obj->{$fn}:"[undefined value]"));
    if ( !isset($obj->{$fn}) && isset($obj->{"xxxx$fn"}) ) {
      // Sometimes we will have prepended 'xxxx' to the field name so that the field
      // name differs from the column name in the database.
      $obj->{$fn} = $obj->{"xxxx$fn"};
    }
    if ( !isset($obj->{$fn}) ) continue;
    $value = $obj->{$fn};
    if ( $fn == "password" ) {
      if ( $value == "******" || $value == "" ) continue;
      if ( !preg_match('/^\*[0-9a-z+\/=]+\*({SSHA})?[0-9a-z+\/=]+$/i', $value ) ) {
        $value = (function_exists("session_salted_sha1")
                   ? session_salted_sha1($value)
                   : (function_exists('session_salted_md5')
                       ? session_salted_md5($value)
                       : md5($value)
                     )
                 );
      }
    }
    $value = str_replace( "'", "''", str_replace("\\", "\\\\", $value));
    if ( preg_match('{^(time|date|interval)}i', $typ ) && $value == "" ) {
      $value = "NULL";
    }
    else if ( preg_match('{^bool}i', $typ) )  {
      $value = ( $value == false || $value == "f" || $value == "off" || $value == "no" ? "FALSE"
                  : ( $value == true || $value == "t" || $value == "on" || $value == "yes" ? "TRUE"
                      : "NULL" ));
    }
    else if ( preg_match('{^interval}i', $typ) )  {
      $value = "'$value'::$typ";
    }
    else if ( preg_match('{^int}i', $typ) )  {
      $value = ($value == '' || $value === null ? 'NULL' : intval( $value ));
    }
    else if ( preg_match('{^bit}i', $typ) )  {
      $value = ($value == '' || $value === null ? 'NULL' : "'$value'");
    }
    else if ( preg_match('{^(text|varchar)}i', $typ) )  {
      $value = "'$value'";
    }
    else
      $value = "'$value'::$typ";

    if ( $update )
      $flst .= ", $fn = $value";
    else {
      $flst .= ", $fn";
      $vlst .= ", $value";
    }
  }
  $flst = substr($flst,2);
  $vlst = substr($vlst,2);
  $sql .= $flst;
  if ( $update ) {
    $sql .= " $where; ";
  }
  else {
    $sql .= ") VALUES( $vlst ); ";
  }
 return $sql;
}

Here is the caller graph for this function:

sql_from_post ( type,
tablename,
where,
fprefix = "" 
)

Build SQL INSERT/UPDATE statement from the $_POST associative array.

Parameters:
string$typeThe word "update" or something else (which implies "insert").
string$tablenameThe name of the table being updated.
string$whereWhat the "WHERE ..." clause needs to be for an UPDATE statement.
string$fprefixAn optional string which all fieldnames in $assoc are prefixed with.
Returns:
string An SQL Update or Insert statement with all fields/values from the array.

Definition at line 112 of file DataUpdate.php.

                                                                   {
  $fakeobject = (object) $_POST;
  return sql_from_object( $fakeobject, $type, $tablename, $where, $fprefix );
}

Here is the call graph for this function:

Here is the caller graph for this function: