Changeset 3761:849987324197 for inc/core/class.dc.blog.php
- Timestamp:
- 06/15/18 18:31:29 (7 years ago)
- Branch:
- sql-statement
- File:
-
- 1 edited
-
inc/core/class.dc.blog.php (modified) (49 diffs)
Legend:
- Unmodified
- Added
- Removed
-
inc/core/class.dc.blog.php
r3731 r3761 209 209 $cur->blog_upddt = date('Y-m-d H:i:s'); 210 210 211 $cur->update("WHERE blog_id = '" . $this->con->escape($this->id) . "' "); 211 $sql = new dcUpdateStatement($this->core, 'coreTriggerBlog'); 212 $sql 213 ->where('blog_id = ' . $sql->quote($this->id)); 214 215 $cur->update($sql->whereStatement()); 212 216 213 217 # --BEHAVIOR-- coreBlogAfterTriggerBlog … … 241 245 # Get posts affected by comments edition 242 246 if (empty($affected_posts)) { 243 $strReq = 244 'SELECT post_id ' . 245 'FROM ' . $this->prefix . 'comment ' . 246 'WHERE comment_id' . $this->con->in($comments_ids) . 247 'GROUP BY post_id'; 248 249 $rs = $this->con->select($strReq); 247 $sql = new dcSelectStatement($this->core, 'coreTriggerCommentsScope'); 248 $sql 249 ->columns('post_id') 250 ->from($this->prefix . 'comment') 251 ->where('comment_id' . $sql->in($comments_ids)) 252 ->group('post_id'); 253 254 $rs = $this->con->select($sql->statement()); 250 255 251 256 $affected_posts = array(); … … 253 258 $affected_posts[] = (integer) $rs->post_id; 254 259 } 260 unset($sql); 255 261 } 256 262 … … 260 266 261 267 # Count number of comments if exists for affected posts 262 $strReq = 263 'SELECT post_id, COUNT(post_id) AS nb_comment, comment_trackback ' . 264 'FROM ' . $this->prefix . 'comment ' . 265 'WHERE comment_status = 1 ' . 266 'AND post_id' . $this->con->in($affected_posts) . 267 'GROUP BY post_id,comment_trackback'; 268 269 $rs = $this->con->select($strReq); 268 $sql = new dcSelectStatement($this->core, 'coreTriggerCommentsCount'); 269 $sql 270 ->columns(array('post_id', 'COUNT(post_id) AS nb_comment', 'comment_trackback')) 271 ->from($this->prefix . 'comment') 272 ->where(array( 273 'comment_status = 1', 274 'post_id' . $sql->in($affected_posts) 275 )) 276 ->group(array('post_id', 'comment_trackback')); 277 278 $rs = $this->con->select($sql->statement()); 270 279 271 280 $posts = array(); … … 461 470 private function getCategoriesCounter($params = array()) 462 471 { 463 $strReq = 464 'SELECT C.cat_id, COUNT(P.post_id) AS nb_post ' . 465 'FROM ' . $this->prefix . 'category AS C ' . 466 'JOIN ' . $this->prefix . "post P ON (C.cat_id = P.cat_id AND P.blog_id = '" . $this->con->escape($this->id) . "' ) " . 467 "WHERE C.blog_id = '" . $this->con->escape($this->id) . "' "; 472 $sql = new dcSelectStatement($this->core, 'coreGetCategoriesCounter'); 473 $sql 474 ->columns(array('C.cat_id', 'COUNT(P.post_id) AS nb_post')) 475 ->from($this->prefix . 'category AS C') 476 ->join('JOIN ' . $this->prefix . 'post P ' . 477 'ON (C.cat_id = P.cat_id AND P.blog_id = ' . $sql->quote($this->id) . ')') 478 ->where('C.blog_id = ' . $sql->quote($this->id)); 468 479 469 480 if (!$this->core->auth->userID()) { 470 $s trReq .= 'AND P.post_status = 1 ';481 $sql->where('P.post_status = 1'); 471 482 } 472 483 473 484 if (!empty($params['post_type'])) { 474 $s trReq .= 'AND P.post_type ' . $this->con->in($params['post_type']);475 } 476 477 $s trReq .= 'GROUP BY C.cat_id ';478 479 $rs = $this->con->select($s trReq);485 $sql->where('P.post_type ' . $sql->in($params['post_type'])); 486 } 487 488 $sql->group('C.cat_id'); 489 490 $rs = $this->con->select($sql->statement()); 480 491 $counters = array(); 481 492 while ($rs->fetch()) { … … 568 579 $this->core->callBehavior('coreBeforeCategoryUpdate', $this, $cur); 569 580 570 $cur->update( 571 'WHERE cat_id = ' . (integer) $id . ' ' . 572 "AND blog_id = '" . $this->con->escape($this->id) . "' "); 581 $sql = new dcUpdateStatement($this->core, 'coreCategoryUpdate'); 582 $sql 583 ->where(array( 584 'cat_id = ' . (integer) $id, 585 'blog_id = ' . $sql->quote($this->id) 586 )); 587 $cur->update($sql->whereStatement()); 573 588 574 589 # --BEHAVIOR-- coreAfterCategoryUpdate … … 639 654 } 640 655 641 $strReq = 'SELECT COUNT(post_id) AS nb_post ' . 642 'FROM ' . $this->prefix . 'post ' . 643 'WHERE cat_id = ' . (integer) $id . ' ' . 644 "AND blog_id = '" . $this->con->escape($this->id) . "' "; 645 646 $rs = $this->con->select($strReq); 656 $sql = new dcSelectStatement($this->core, 'coreCategoryPostCount'); 657 $sql 658 ->columns('COUNT(post_id) AS nb_post') 659 ->from($this->prefix . 'post') 660 ->where(array( 661 'cat_id = ' . (integer) $id, 662 'blog_id = ' . $sql->quote($this->id) 663 )); 664 $rs = $this->con->select($sql->statement()); 647 665 648 666 if ($rs->nb_post > 0) { … … 669 687 private function checkCategory($title, $url, $id = null) 670 688 { 671 # Let's check if URL is taken... 672 $strReq = 673 'SELECT cat_url FROM ' . $this->prefix . 'category ' . 674 "WHERE cat_url = '" . $this->con->escape($url) . "' " . 675 ($id ? 'AND cat_id <> ' . (integer) $id . ' ' : '') . 676 "AND blog_id = '" . $this->con->escape($this->id) . "' " . 677 'ORDER BY cat_url DESC'; 678 679 $rs = $this->con->select($strReq); 689 // Let's check if URL is taken... 690 $sql = new dcSelectStatement($this->core, 'coreCheckCategoryURL'); 691 $sql 692 ->columns('cat_url') 693 ->from($this->prefix . 'category') 694 ->where('blog_id = ' . $sql->quote($this->id)) 695 ->order('cat_url DESC'); 696 if ($id) { 697 $sql->where('AND cat_id <> ' . (integer) $i); 698 } 699 $sql->cond('AND cat_url = ' . $sql->quote($url)); 700 701 $rs = $this->con->select($sql->statement()); 680 702 681 703 if (!$rs->isEmpty()) { 682 if ($this->con->driver() == 'mysql' || $this->con->driver() == 'mysqli' || $this->con->driver() == 'mysqlimb4') { 683 $clause = "REGEXP '^" . $this->con->escape($url) . "[0-9]+$'"; 684 } elseif ($this->con->driver() == 'pgsql') { 685 $clause = "~ '^" . $this->con->escape($url) . "[0-9]+$'"; 686 } else { 687 $clause = "LIKE '" . $this->con->escape($url) . "%'"; 688 } 689 $strReq = 690 'SELECT cat_url FROM ' . $this->prefix . 'category ' . 691 "WHERE cat_url " . $clause . ' ' . 692 ($id ? 'AND cat_id <> ' . (integer) $id . ' ' : '') . 693 "AND blog_id = '" . $this->con->escape($this->id) . "' " . 694 'ORDER BY cat_url DESC '; 695 696 $rs = $this->con->select($strReq); 704 // Replace condition on cat_url 705 $sql->cond('AND cat_url ' . $sql->regexp($url), true); 706 707 $rs = $this->con->select($sql->statement()); 697 708 $a = array(); 698 709 while ($rs->fetch()) { … … 791 802 $this->core->callBehavior('coreBlogBeforeGetPosts', $params); 792 803 804 $sql = new dcSelectStatement($this->core, 'coreGetPosts'); 805 793 806 if ($count_only) { 794 $s trReq = 'SELECT count(DISTINCT P.post_id) ';807 $sql->columns('count(DISTINCT P.post_id)'); 795 808 } elseif (!empty($params['sql_only'])) { 796 $s trReq = 'SELECT P.post_id ';809 $sql->columns('P.post_id'); 797 810 } else { 798 if (!empty($params['no_content'])) { 799 $content_req = ''; 800 } else { 801 $content_req = 802 'post_excerpt, post_excerpt_xhtml, ' . 803 'post_content, post_content_xhtml, post_notes, '; 811 if (empty($params['no_content'])) { 812 $sql->columns(array('post_excerpt', 'post_excerpt_xhtml', 'post_content', 'post_content_xhtml', 'post_notes')); 804 813 } 805 814 806 815 if (!empty($params['columns']) && is_array($params['columns'])) { 807 $content_req .= implode(', ', $params['columns']) . ', '; 808 } 809 810 $strReq = 811 'SELECT P.post_id, P.blog_id, P.user_id, P.cat_id, post_dt, ' . 812 'post_tz, post_creadt, post_upddt, post_format, post_password, ' . 813 'post_url, post_lang, post_title, ' . $content_req . 814 'post_type, post_meta, ' . 815 'post_status, post_firstpub, post_selected, post_position, ' . 816 'post_open_comment, post_open_tb, nb_comment, nb_trackback, ' . 817 'U.user_name, U.user_firstname, U.user_displayname, U.user_email, ' . 818 'U.user_url, ' . 819 'C.cat_title, C.cat_url, C.cat_desc '; 820 } 821 822 $strReq .= 823 'FROM ' . $this->prefix . 'post P ' . 824 'INNER JOIN ' . $this->prefix . 'user U ON U.user_id = P.user_id ' . 825 'LEFT OUTER JOIN ' . $this->prefix . 'category C ON P.cat_id = C.cat_id '; 816 $sql->columns($params['columns']); 817 } 818 819 $sql->columns(array('P.post_id', 'P.blog_id', 'P.user_id', 'P.cat_id', 'post_dt', 'post_tz', 'post_creadt', 820 'post_upddt', 'post_format', 'post_password', 'post_url', 'post_lang', 'post_title', 'post_type', 821 'post_meta', 'post_status', 'post_firstpub', 'post_selected', 'post_position', 'post_open_comment', 822 'post_open_tb', 'nb_comment', 'nb_trackback', 'U.user_name', 'U.user_firstname', 'U.user_displayname', 823 'U.user_email', 'U.user_url', 'C.cat_title', 'C.cat_url', 'C.cat_desc')); 824 } 825 826 $sql->from($this->prefix . 'post P') 827 ->join('INNER JOIN ' . $this->prefix . 'user U ON U.user_id = P.user_id') 828 ->join('LEFT OUTER JOIN ' . $this->prefix . 'category C ON P.cat_id = C.cat_id'); 829 830 if (!empty($params['join'])) { 831 $sql->join($params['join']); 832 } 826 833 827 834 if (!empty($params['from'])) { 828 $strReq .= $params['from'] . ' '; 829 } 830 831 $strReq .= 832 "WHERE P.blog_id = '" . $this->con->escape($this->id) . "' "; 835 $sql->from($params['from']); 836 } 837 838 $sql->where('P.blog_id = ' . $sql->quote($this->id)); 833 839 834 840 if (!$this->core->auth->check('contentadmin', $this->id)) { 835 $strReq .= 'AND ((post_status = 1 '; 836 841 $cond = '((post_status = 1'; 837 842 if ($this->without_password) { 838 $strReq .= 'AND post_password IS NULL '; 839 } 840 $strReq .= ') '; 841 843 $cond .= ' AND post_password IS NULL'; 844 } 845 $cond .= ')'; 842 846 if ($this->core->auth->userID()) { 843 $ strReq .= "OR P.user_id = '" . $this->con->escape($this->core->auth->userID()) . "')";844 } else {845 $strReq .= ')';846 }847 $cond .= 'OR P.user_id = ' . $sql->quote($this->core->auth->userID()); 848 } 849 $cond .= ')'; 850 $sql->where($cond); 847 851 } 848 852 … … 850 854 if (isset($params['post_type'])) { 851 855 if (is_array($params['post_type']) || $params['post_type'] != '') { 852 $s trReq .= 'AND post_type ' . $this->con->in($params['post_type']);856 $sql->where('post_type ' . $sql->in($params['post_type'])); 853 857 } 854 858 } else { 855 $s trReq .= "AND post_type = 'post' ";859 $sql->where("post_type = 'post' "); 856 860 } 857 861 … … 862 866 $params['post_id'] = array((integer) $params['post_id']); 863 867 } 864 $s trReq .= 'AND P.post_id ' . $this->con->in($params['post_id']);868 $sql->where('P.post_id ' . $sql->in($params['post_id'])); 865 869 } 866 870 … … 871 875 $params['exclude_post_id'] = array((integer) $params['exclude_post_id']); 872 876 } 873 $s trReq .= 'AND P.post_id NOT ' . $this->con->in($params['exclude_post_id']);877 $sql->where('P.post_id NOT ' . $sql->in($params['exclude_post_id'])); 874 878 } 875 879 876 880 if (isset($params['post_url']) && $params['post_url'] !== '') { 877 $s trReq .= "AND post_url = '" . $this->con->escape($params['post_url']) . "' ";881 $sql->where('post_url = ' . $sql->quote($params['post_url'])); 878 882 } 879 883 880 884 if (!empty($params['user_id'])) { 881 $s trReq .= "AND U.user_id = '" . $this->con->escape($params['user_id']) . "' ";885 $sql->where('U.user_id = ' . $sql->quote($params['user_id'])); 882 886 } 883 887 … … 889 893 array_walk($params['cat_id'], function (&$v, $k) {$v = $v . " ?not";}); 890 894 } 891 $s trReq .= 'AND ' . $this->getPostsCategoryFilter($params['cat_id'], 'cat_id') . ' ';895 $sql->where($this->getPostsCategoryFilter($params['cat_id'], 'cat_id')); 892 896 } elseif (isset($params['cat_url']) && $params['cat_url'] !== '') { 893 897 if (!is_array($params['cat_url'])) { … … 897 901 array_walk($params['cat_url'], function (&$v, $k) {$v = $v . " ?not";}); 898 902 } 899 $s trReq .= 'AND ' . $this->getPostsCategoryFilter($params['cat_url'], 'cat_url') . ' ';903 $sql->where($this->getPostsCategoryFilter($params['cat_url'], 'cat_url')); 900 904 } 901 905 902 906 /* Other filters */ 903 907 if (isset($params['post_status'])) { 904 $s trReq .= 'AND post_status = ' . (integer) $params['post_status'] . ' ';908 $sql->where('post_status = ' . (integer) $params['post_status']); 905 909 } 906 910 907 911 if (isset($params['post_firstpub'])) { 908 $s trReq .= 'AND post_firstpub = ' . (integer) $params['post_firstpub'] . ' ';912 $sql->where('post_firstpub = ' . (integer) $params['post_firstpub']); 909 913 } 910 914 911 915 if (isset($params['post_selected'])) { 912 $s trReq .= 'AND post_selected = ' . (integer) $params['post_selected'] . ' ';916 $sql->where('post_selected = ' . (integer) $params['post_selected']); 913 917 } 914 918 915 919 if (!empty($params['post_year'])) { 916 $strReq .= 'AND ' . $this->con->dateFormat('post_dt', '%Y') . ' = ' . 917 "'" . sprintf('%04d', $params['post_year']) . "' "; 920 $sql->where($sql->dateFormat('post_dt', '%Y') . ' = ' . "'" . sprintf('%04d', $params['post_year']) . "'"); 918 921 } 919 922 920 923 if (!empty($params['post_month'])) { 921 $strReq .= 'AND ' . $this->con->dateFormat('post_dt', '%m') . ' = ' . 922 "'" . sprintf('%02d', $params['post_month']) . "' "; 924 $sql->where($sql->dateFormat('post_dt', '%m') . ' = ' . "'" . sprintf('%02d', $params['post_month']) . "'"); 923 925 } 924 926 925 927 if (!empty($params['post_day'])) { 926 $strReq .= 'AND ' . $this->con->dateFormat('post_dt', '%d') . ' = ' . 927 "'" . sprintf('%02d', $params['post_day']) . "' "; 928 $sql->where($sql->dateFormat('post_dt', '%d') . ' = ' . "'" . sprintf('%02d', $params['post_day']) . "'"); 928 929 } 929 930 930 931 if (!empty($params['post_lang'])) { 931 $s trReq .= "AND P.post_lang = '" . $this->con->escape($params['post_lang']) . "' ";932 $sql->where('P.post_lang = ' . $sql->quote($params['post_lang'])); 932 933 } 933 934 … … 943 944 if ($words) { 944 945 foreach ($words as $i => $w) { 945 $words[$i] = "post_words LIKE '%" . $ this->con->escape($w) . "%'";946 $words[$i] = "post_words LIKE '%" . $sql->escape($w) . "%'"; 946 947 } 947 $s trReq .= 'AND ' . implode(' AND ', $words) . ' ';948 $sql->where(implode(' AND ', $words)); 948 949 } 949 950 } … … 951 952 952 953 if (isset($params['media'])) { 953 if ($params['media'] == '0') { 954 $strReq .= 'AND NOT '; 955 } else { 956 $strReq .= 'AND '; 957 } 958 $strReq .= 'EXISTS (SELECT M.post_id FROM ' . $this->prefix . 'post_media M ' . 959 'WHERE M.post_id = P.post_id '; 954 $sqlEx = new dcSelectStatement($this->core, 'coreGetPostsMedia'); 955 $sqlEx 956 ->columns('M.post_id') 957 ->from($this->prefix . 'post_media M') 958 ->where('M.post_id = P.post_id'); 960 959 if (isset($params['link_type'])) { 961 $s trReq .= " AND M.link_type " . $this->con->in($params['link_type']) . " ";962 } 963 $s trReq .= ")";960 $sqlEx->where('M.link_type ' . $sql->in($params['link_type'])); 961 } 962 $sql->where(($params['media'] == '0' ? 'NOT ' : '') . 'EXISTS (' . $sqlEx->statement() . ')'); 964 963 } 965 964 966 965 if (!empty($params['where'])) { 967 $s trReq .= $params['where'] . ' ';966 $sql->cond($params['where']); 968 967 } 969 968 970 969 if (!empty($params['sql'])) { 971 $s trReq .= $params['sql'] . ' ';970 $sql->sql($params['sql']); 972 971 } 973 972 974 973 if (!$count_only) { 975 974 if (!empty($params['order'])) { 976 $s trReq .= 'ORDER BY ' . $this->con->escape($params['order']) . ' ';975 $sql->order($sql->escape($params['order'])); 977 976 } else { 978 $strReq .= 'ORDER BY post_dt DESC '; 979 } 980 } 981 982 if (!$count_only && !empty($params['limit'])) { 983 $strReq .= $this->con->limit($params['limit']); 984 } 977 $sql->order('post_dt DESC'); 978 } 979 if (!empty($params['limit'])) { 980 $sql->limit($params['limit']); 981 } 982 } 983 984 $query = $sql->statement(); 985 985 986 986 if (!empty($params['sql_only'])) { 987 return $ strReq;988 } 989 990 $rs = $this->con->select($ strReq);987 return $query; 988 } 989 990 $rs = $this->con->select($query); 991 991 $rs->core = $this->core; 992 992 $rs->_nb_media = array(); … … 1070 1070 public function getLangs($params = array()) 1071 1071 { 1072 $strReq = 'SELECT COUNT(post_id) as nb_post, post_lang ' . 1073 'FROM ' . $this->prefix . 'post ' . 1074 "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1075 "AND post_lang <> '' " . 1076 "AND post_lang IS NOT NULL "; 1072 $sql = new dcSelectStatement($this->core, 'coreGetLangs'); 1073 $sql 1074 ->columns(array('COUNT(post_id) as nb_post', 'post_lang')) 1075 ->from($this->prefix . 'post') 1076 ->where(array( 1077 'blog_id = ' . $sql->quote($this->id), 1078 "post_lang <> ''", 1079 'post_lang IS NOT NULL' 1080 )); 1077 1081 1078 1082 if (!$this->core->auth->check('contentadmin', $this->id)) { 1079 $ strReq .= 'AND ((post_status = 1';1083 $cond = '((post_status = 1'; 1080 1084 1081 1085 if ($this->without_password) { 1082 $ strReq .= 'AND post_password IS NULL';1083 } 1084 $ strReq .= ')';1086 $cond .= ' AND post_password IS NULL'; 1087 } 1088 $cond .= ')'; 1085 1089 1086 1090 if ($this->core->auth->userID()) { 1087 $ strReq .= "OR user_id = '" . $this->con->escape($this->core->auth->userID()) . "')";1088 } else {1089 $strReq .= ')';1090 }1091 $cond .= " OR user_id = " . $sql->quote($this->core->auth->userID()); 1092 } 1093 $cond .= ')'; 1094 $sql->where($cond); 1091 1095 } 1092 1096 1093 1097 if (isset($params['post_type'])) { 1094 1098 if ($params['post_type'] != '') { 1095 $s trReq .= "AND post_type = '" . $this->con->escape($params['post_type']) . "' ";1099 $sql->where("post_type = " . $sql->quote($params['post_type'])); 1096 1100 } 1097 1101 } else { 1098 $s trReq .= "AND post_type = 'post' ";1102 $sql->where("post_type = 'post'"); 1099 1103 } 1100 1104 1101 1105 if (isset($params['lang'])) { 1102 $s trReq .= "AND post_lang = '" . $this->con->escape($params['lang']) . "' ";1103 } 1104 1105 $s trReq .= 'GROUP BY post_lang ';1106 $sql->where("post_lang = " . $sql->quote($params['lang'])); 1107 } 1108 1109 $sql->group('post_lang'); 1106 1110 1107 1111 $order = 'desc'; … … 1109 1113 $order = $params['order']; 1110 1114 } 1111 $s trReq .= 'ORDER BY post_lang ' . $order . ' ';1112 1113 return $this->con->select($s trReq);1115 $sql->order('post_lang ' . $order); 1116 1117 return $this->con->select($sql->statement()); 1114 1118 } 1115 1119 … … 1134 1138 public function getDates($params = array()) 1135 1139 { 1140 $sql = new dcSelectStatement($this->core, 'coreGetDates'); 1141 1136 1142 $dt_f = '%Y-%m-%d'; 1137 1143 $dt_fc = '%Y%m%d'; … … 1148 1154 $dt_fc .= '000000'; 1149 1155 1150 $cat_field = $catReq = $limit = ''; 1156 $sql 1157 ->distinct() 1158 ->columns(array( 1159 $sql->dateFormat('post_dt', $dt_f) . ' AS dt', 1160 'COUNT(P.post_id) AS nb_post' 1161 )) 1162 ->from($this->prefix . 'post P') 1163 ->join('LEFT JOIN ' . $this->prefix . 'category C ON P.cat_id = C.cat_id') 1164 ->group('dt'); 1151 1165 1152 1166 if (isset($params['cat_id']) && $params['cat_id'] !== '') { 1153 $catReq = 'AND P.cat_id = ' . (integer) $params['cat_id'] . ' '; 1154 $cat_field = ', C.cat_url '; 1167 $sql 1168 ->columns('C.cat_url') 1169 ->where('P.cat_id = ' . (integer) $params['cat_id']) 1170 ->group('C.car_url'); 1155 1171 } elseif (isset($params['cat_url']) && $params['cat_url'] !== '') { 1156 $catReq = "AND C.cat_url = '" . $this->con->escape($params['cat_url']) . "' "; 1157 $cat_field = ', C.cat_url '; 1172 $sql 1173 ->columns('C.cat_url') 1174 ->where('C.cat_url = ' . $sql->quote($params['cat_url'])) 1175 ->group('C.car_url'); 1158 1176 } 1159 1177 if (!empty($params['post_lang'])) { 1160 $catReq = 'AND P.post_lang = \'' . $params['post_lang'] . '\' '; 1161 } 1162 1163 $strReq = 'SELECT DISTINCT(' . $this->con->dateFormat('post_dt', $dt_f) . ') AS dt ' . 1164 $cat_field . 1165 ',COUNT(P.post_id) AS nb_post ' . 1166 'FROM ' . $this->prefix . 'post P LEFT JOIN ' . $this->prefix . 'category C ' . 1167 'ON P.cat_id = C.cat_id ' . 1168 "WHERE P.blog_id = '" . $this->con->escape($this->id) . "' " . 1169 $catReq; 1178 $sql->where('P.post_lang = ' . $sql->quote($params['post_lang'])); 1179 } 1170 1180 1171 1181 if (!$this->core->auth->check('contentadmin', $this->id)) { 1172 $strReq .= 'AND ((post_status = 1 '; 1173 1182 $cond = '((post_status = 1'; 1174 1183 if ($this->without_password) { 1175 $ strReq .= 'AND post_password IS NULL';1176 } 1177 $ strReq .= ')';1184 $cond .= ' AND post_password IS NULL'; 1185 } 1186 $cond .= ')'; 1178 1187 1179 1188 if ($this->core->auth->userID()) { 1180 $ strReq .= "OR P.user_id = '" . $this->con->escape($this->core->auth->userID()) . "')";1181 } else {1182 $strReq .= ')';1183 }1189 $cond .= ' OR P.user_id = ' . $sql->quote($this->core->auth->userID()); 1190 } 1191 $cond .= ')'; 1192 $sql->where($cond); 1184 1193 } 1185 1194 1186 1195 if (!empty($params['post_type'])) { 1187 $s trReq .= "AND post_type " . $this->con->in($params['post_type']) . " ";1196 $sql->where("post_type " . $sql->in($params['post_type'])); 1188 1197 } else { 1189 $s trReq .= "AND post_type = 'post' ";1198 $sql->where("post_type = 'post'"); 1190 1199 } 1191 1200 1192 1201 if (!empty($params['year'])) { 1193 $s trReq .= 'AND ' . $this->con->dateFormat('post_dt', '%Y') . " = '" . sprintf('%04d', $params['year']) . "' ";1202 $sql->where($sql->dateFormat('post_dt', '%Y') . " = '" . sprintf('%04d', $params['year']) . "'"); 1194 1203 } 1195 1204 1196 1205 if (!empty($params['month'])) { 1197 $s trReq .= 'AND ' . $this->con->dateFormat('post_dt', '%m') . " = '" . sprintf('%02d', $params['month']) . "' ";1206 $sql->where($sql->dateFormat('post_dt', '%m') . " = '" . sprintf('%02d', $params['month']) . "'"); 1198 1207 } 1199 1208 1200 1209 if (!empty($params['day'])) { 1201 $s trReq .= 'AND ' . $this->con->dateFormat('post_dt', '%d') . " = '" . sprintf('%02d', $params['day']) . "' ";1210 $sql->where($sql->dateFormat('post_dt', '%d') . " = '" . sprintf('%02d', $params['day']) . "'"); 1202 1211 } 1203 1212 … … 1216 1225 $dt = date('YmdHis', strtotime($dt)); 1217 1226 1218 $strReq .= 'AND ' . $this->con->dateFormat('post_dt', $dt_fc) . $pdir . "'" . $dt . "' "; 1219 $limit = $this->con->limit(1); 1220 } 1221 1222 $strReq .= 'GROUP BY dt ' . $cat_field; 1227 $sql 1228 ->where($sql->dateFormat('post_dt', $dt_fc) . $pdir . "'" . $dt . "'") 1229 ->limit(1); 1230 } 1223 1231 1224 1232 $order = 'desc'; … … 1226 1234 $order = $params['order']; 1227 1235 } 1228 1229 $strReq .= 1230 'ORDER BY dt ' . $order . ' ' . 1231 $limit; 1232 1233 $rs = $this->con->select($strReq); 1236 $sql->order('dt ' . $order); 1237 1238 $rs = $this->con->select($sql->statement()); 1234 1239 $rs->extend('rsExtDates'); 1235 1240 return $rs; … … 1253 1258 { 1254 1259 # Get ID 1255 $rs = $this->con->select( 1256 'SELECT MAX(post_id) ' . 1257 'FROM ' . $this->prefix . 'post ' 1258 ); 1260 $sql = new dcSelectStatement($this->core, 'corePostCreateGetID'); 1261 $sql 1262 ->columns('MAX(post_id)') 1263 ->from($this->prefix . 'post'); 1264 1265 $rs = $this->con->select($sql->statement()); 1259 1266 1260 1267 $cur->post_id = (integer) $rs->f(0) + 1; … … 1328 1335 $cur->post_upddt = date('Y-m-d H:i:s'); 1329 1336 1330 #If user is only "usage", we need to check the post's owner1337 // If user is only "usage", we need to check the post's owner 1331 1338 if (!$this->core->auth->check('contentadmin', $this->id)) { 1332 $strReq = 'SELECT post_id ' . 1333 'FROM ' . $this->prefix . 'post ' . 1334 'WHERE post_id = ' . $id . ' ' . 1335 "AND user_id = '" . $this->con->escape($this->core->auth->userID()) . "' "; 1336 1337 $rs = $this->con->select($strReq); 1339 $sql = new dcSelectStatement($this->core, 'corePostUpdateCheckOwner'); 1340 $sql 1341 ->column('post_id') 1342 ->from($this->prefix . 'post') 1343 ->where(array( 1344 'post_id = ' . $id, 1345 'user_id = ' . $sql->quote($this->core->auth->userID()) 1346 )); 1347 1348 $rs = $this->con->select($sql->statement()); 1349 unset($sql); 1338 1350 1339 1351 if ($rs->isEmpty()) { … … 1345 1357 $this->core->callBehavior('coreBeforePostUpdate', $this, $cur); 1346 1358 1347 $cur->update('WHERE post_id = ' . $id . ' '); 1359 $sql = new dcUpdateStatement($this->core, 'corePostUpdate'); 1360 $sql->where('post_id = ' . $id); 1361 1362 $cur->update($sql->whereStatement()); 1348 1363 1349 1364 # --BEHAVIOR-- coreAfterPostUpdate … … 1381 1396 $status = (integer) $status; 1382 1397 1383 $strReq = "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1384 "AND post_id " . $this->con->in($posts_ids); 1398 $sql = new dcUpdateStatement($this->core, 'coreUpdPostsStatus'); 1399 $sql 1400 ->where(array( 1401 'blog_id = ' . $sql->quote($this->id), 1402 'post_id ' . $sql->in($posts_ids) 1403 )); 1385 1404 1386 1405 #If user can only publish, we need to check the post's owner 1387 1406 if (!$this->core->auth->check('contentadmin', $this->id)) { 1388 $s trReq .= "AND user_id = '" . $this->con->escape($this->core->auth->userID()) . "' ";1407 $sql->where('user_id = ' . $sql->quote($this->core->auth->userID())); 1389 1408 } 1390 1409 … … 1394 1413 $cur->post_upddt = date('Y-m-d H:i:s'); 1395 1414 1396 $cur->update($s trReq);1415 $cur->update($sql->whereStatement()); 1397 1416 $this->triggerBlog(); 1398 1417 … … 1426 1445 $selected = (boolean) $selected; 1427 1446 1428 $strReq = "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1429 "AND post_id " . $this->con->in($posts_ids); 1447 $sql = new dcUpdateStatement($this->core, 'coreUpdPostsSelected'); 1448 $sql 1449 ->where(array( 1450 'blog_id = ' . $sql->quote($this->id), 1451 'post_id ' . $sql->in($posts_ids) 1452 )); 1430 1453 1431 1454 # If user is only usage, we need to check the post's owner 1432 1455 if (!$this->core->auth->check('contentadmin', $this->id)) { 1433 $s trReq .= "AND user_id = '" . $this->con->escape($this->core->auth->userID()) . "' ";1456 $sql->where('user_id = ' . $sql->quote($this->core->auth->userID())); 1434 1457 } 1435 1458 … … 1439 1462 $cur->post_upddt = date('Y-m-d H:i:s'); 1440 1463 1441 $cur->update($s trReq);1464 $cur->update($sql->whereStatement()); 1442 1465 $this->triggerBlog(); 1443 1466 } … … 1469 1492 $cat_id = (integer) $cat_id; 1470 1493 1471 $strReq = "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1472 "AND post_id " . $this->con->in($posts_ids); 1473 1474 # If user is only usage, we need to check the post's owner 1494 $sql = new dcUpdateStatement($this->core, 'coreUpdPostsCategory'); 1495 $sql 1496 ->where(array( 1497 'blog_id = ' . $sql->quote($this->id), 1498 'post_id ' . $sql->in($posts_ids) 1499 )); 1500 1501 // If user is only usage, we need to check the post's owner 1475 1502 if (!$this->core->auth->check('contentadmin', $this->id)) { 1476 $s trReq .= "AND user_id = '" . $this->con->escape($this->core->auth->userID()) . "' ";1503 $sql->where('user_id = ' . $sql->quote($this->core->auth->userID())); 1477 1504 } 1478 1505 … … 1482 1509 $cur->post_upddt = date('Y-m-d H:i:s'); 1483 1510 1484 $cur->update($s trReq);1511 $cur->update($sql->whereStatement()); 1485 1512 $this->triggerBlog(); 1486 1513 } … … 1506 1533 $cur->post_upddt = date('Y-m-d H:i:s'); 1507 1534 1508 $cur->update( 1509 'WHERE cat_id = ' . $old_cat_id . ' ' . 1510 "AND blog_id = '" . $this->con->escape($this->id) . "' " 1511 ); 1535 $sql = new dcUpdateStatement($this->core, 'coreChangePostsCategory'); 1536 $sql 1537 ->where(array( 1538 'cat_id = ' . $old_cat_id, 1539 'blog_id = ' . $sql->quote($this->id) 1540 )); 1541 $cur->update($sql->whereStatement()); 1512 1542 $this->triggerBlog(); 1513 1543 } … … 1540 1570 } 1541 1571 1542 $strReq = 'DELETE FROM ' . $this->prefix . 'post ' . 1543 "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1544 "AND post_id " . $this->con->in($posts_ids); 1545 1546 #If user can only delete, we need to check the post's owner 1572 $sql = new dcDeleteStatement($this->core, 'coreDelPosts'); 1573 $sql 1574 ->from($this->prefix . 'post') 1575 ->where(array( 1576 'blog_id = ' . $sql->quote($this->id), 1577 'post_id ' . $sql->in($posts_ids) 1578 )); 1579 1580 // If user can only delete, we need to check the post's owner 1547 1581 if (!$this->core->auth->check('contentadmin', $this->id)) { 1548 $s trReq .= "AND user_id = '" . $this->con->escape($this->core->auth->userID()) . "' ";1549 } 1550 1551 $this->con->execute($s trReq);1582 $sql->where('user_id = ' . $sql->quote($this->core->auth->userID())); 1583 } 1584 1585 $this->con->execute($sql->statement()); 1552 1586 $this->triggerBlog(); 1553 1587 } … … 1558 1592 public function publishScheduledEntries() 1559 1593 { 1560 $strReq = 'SELECT post_id, post_dt, post_tz ' . 1561 'FROM ' . $this->prefix . 'post ' . 1562 'WHERE post_status = -1 ' . 1563 "AND blog_id = '" . $this->con->escape($this->id) . "' "; 1564 1565 $rs = $this->con->select($strReq); 1594 $sql = new dcSelectStatement($this->core, 'coreScheduledEntriesPublish'); 1595 $sql 1596 ->columns(array('post_id', 'post_dt', 'post_tz')) 1597 ->from($this->prefix . 'post') 1598 ->where(array( 1599 'post_status = -1', 1600 'blog_id = ' . $sql->quote($this->id) 1601 )); 1602 1603 $rs = $this->con->select($sql->statement()); 1604 unset($sql); 1566 1605 1567 1606 $now = dt::toUTC(time()); … … 1588 1627 $this->core->callBehavior('coreBeforeScheduledEntriesPublish', $this, $to_change); 1589 1628 1590 $strReq = 1591 'UPDATE ' . $this->prefix . 'post SET ' . 1592 'post_status = 1 ' . 1593 "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1594 'AND post_id ' . $this->con->in((array) $to_change) . ' '; 1595 $this->con->execute($strReq); 1629 $sql = new dcUpdateStatement($this->core, 'coreScheduledEntriesPublish'); 1630 $sql 1631 ->reference($this->prefix . 'post') 1632 ->set('post_status = 1') 1633 ->where(array( 1634 'blog_id = ' . $sql->quote($this->id), 1635 'post_id ' . $sql->in((array) $to_change) 1636 )); 1637 1638 $this->con->execute($sql->statement()); 1596 1639 $this->triggerBlog(); 1597 1640 … … 1624 1667 if (count($to_change)) { 1625 1668 1626 $strReq = 1627 'UPDATE ' . $this->prefix . 'post ' . 1628 'SET post_firstpub = 1 ' . 1629 "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1630 'AND post_id ' . $this->con->in((array) $to_change) . ' '; 1631 $this->con->execute($strReq); 1669 $sql = new dcUpdateStatement($this->core, 'coreFirstPublicationEntries'); 1670 $sql 1671 ->reference($this->prefix . 'post') 1672 ->set('post_firstpub = 1') 1673 ->where(array( 1674 'blog_id = ' . $sql->quote($this->id), 1675 'post_id ' . $sql->in((array) $to_change) 1676 )); 1677 1678 $this->con->execute($sql->statement()); 1632 1679 1633 1680 # --BEHAVIOR-- coreFirstPublicationEntries … … 1644 1691 public function getPostsUsers($post_type = 'post') 1645 1692 { 1646 $strReq = 'SELECT P.user_id, user_name, user_firstname, ' . 1647 'user_displayname, user_email ' . 1648 'FROM ' . $this->prefix . 'post P, ' . $this->prefix . 'user U ' . 1649 'WHERE P.user_id = U.user_id ' . 1650 "AND blog_id = '" . $this->con->escape($this->id) . "' "; 1693 $sql = new dcSelectStatement($this->core, 'coreGetPostsUsers'); 1694 $sql 1695 ->columns(array('P.user_id', 'user_name', 'user_firstname', 'user_displayname', 'user_email')) 1696 ->from(array($this->prefix . 'post P', $this->prefix . 'user U')) 1697 ->where(array( 1698 'P.user_id = U.user_id', 1699 'blog_id = ' . $sql->quote($this->id) 1700 )); 1651 1701 1652 1702 if ($post_type) { 1653 $s trReq .= "AND post_type = '" . $this->con->escape($post_type) . "' ";1654 } 1655 1656 $s trReq .= 'GROUP BY P.user_id, user_name, user_firstname, user_displayname, user_email ';1657 1658 return $this->con->select($s trReq);1703 $sql->where("post_type = '" . $sql->escape($post_type) . "'"); 1704 } 1705 1706 $sql->group(array('P.user_id', 'user_name', 'user_firstname', 'user_displayname', 'user_email')); 1707 1708 return $this->con->select($sql->statement()); 1659 1709 } 1660 1710 … … 1687 1737 1688 1738 if (!empty($sub)) { 1689 $rs = $this->con->select( 1690 'SELECT cat_id, cat_url, cat_lft, cat_rgt FROM ' . $this->prefix . 'category ' . 1691 "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1692 'AND ' . $field . ' ' . $this->con->in(array_keys($sub)) 1693 ); 1739 $sql = new dcSelectStatement($this->core); 1740 $sql 1741 ->columns(array('cat_id', 'cat_url', 'cat_lft', 'cat_rgt')) 1742 ->from($this->prefix . 'category') 1743 ->where(array( 1744 'blog_id = ' . $sql->quote($this->id), 1745 $field . ' ' . $sql->in(array_keys($sub)) 1746 )); 1747 $rs = $this->con->select($sql->statement()); 1694 1748 1695 1749 while ($rs->fetch()) { 1696 1750 $queries[$rs->f($field)] = '(C.cat_lft BETWEEN ' . $rs->cat_lft . ' AND ' . $rs->cat_rgt . ')'; 1697 1751 } 1752 unset($sql); 1698 1753 } 1699 1754 … … 1881 1936 1882 1937 # Let's check if URL is taken... 1883 $strReq = 'SELECT post_url FROM ' . $this->prefix . 'post ' . 1884 "WHERE post_url = '" . $this->con->escape($url) . "' " . 1885 'AND post_id <> ' . (integer) $post_id . ' ' . 1886 "AND blog_id = '" . $this->con->escape($this->id) . "' " . 1887 'ORDER BY post_url DESC'; 1888 1889 $rs = $this->con->select($strReq); 1938 $sql = new dcSelectStatement($this->core, 'coreGetPostURL'); 1939 $sql 1940 ->columns('post_url') 1941 ->from($this->prefix . 'post') 1942 ->where(array( 1943 'post_id <> ' . (integer) $post_id, 1944 'blog_id = ' . $sql->quote($this->id) 1945 )) 1946 ->cond('AND post_url = ' . $sql->quote($url)) 1947 ->order('post_url DESC'); 1948 1949 $rs = $this->con->select($sql->statement()); 1890 1950 1891 1951 if (!$rs->isEmpty()) { 1892 if ($this->con->driver() == 'mysql' || $this->con->driver() == 'mysqli' || $this->con->driver() == 'mysqlimb4') { 1893 $clause = "REGEXP '^" . $this->con->escape(preg_quote($url)) . "[0-9]+$'"; 1894 } elseif ($this->con->driver() == 'pgsql') { 1895 $clause = "~ '^" . $this->con->escape(preg_quote($url)) . "[0-9]+$'"; 1896 } else { 1897 $clause = "LIKE '" . 1898 $this->con->escape(preg_replace(array('%', '_', '!'), array('!%', '!_', '!!'), $url)) . 1899 "%' ESCAPE '!'"; 1900 } 1901 $strReq = 'SELECT post_url FROM ' . $this->prefix . 'post ' . 1902 "WHERE post_url " . $clause . ' ' . 1903 'AND post_id <> ' . (integer) $post_id . ' ' . 1904 "AND blog_id = '" . $this->con->escape($this->id) . "' " . 1905 'ORDER BY post_url DESC '; 1906 1907 $rs = $this->con->select($strReq); 1952 // Replace condition on post_url 1953 $sql->cond('AND post_url ' . $sql->regexp($url), true); 1954 1955 $rs = $this->con->select($sql->statement()); 1908 1956 $a = array(); 1909 1957 while ($rs->fetch()) { … … 1963 2011 public function getComments($params = array(), $count_only = false) 1964 2012 { 2013 $sql = new dcSelectStatement($this->core, 'coreGetComments'); 2014 1965 2015 if ($count_only) { 1966 $s trReq = 'SELECT count(comment_id) ';2016 $sql->columns('count(comment_id)'); 1967 2017 } elseif (!empty($params['sql_only'])) { 1968 $s trReq = 'SELECT P.post_id ';2018 $sql->columns('P.post_id'); 1969 2019 } else { 1970 if (!empty($params['no_content'])) { 1971 $content_req = ''; 1972 } else { 1973 $content_req = 'comment_content, '; 2020 if (empty($params['no_content'])) { 2021 $sql->columns('comment_content'); 1974 2022 } 1975 2023 1976 2024 if (!empty($params['columns']) && is_array($params['columns'])) { 1977 $content_req .= implode(', ', $params['columns']) . ', '; 1978 } 1979 1980 $strReq = 1981 'SELECT C.comment_id, comment_dt, comment_tz, comment_upddt, ' . 1982 'comment_author, comment_email, comment_site, ' . 1983 $content_req . ' comment_trackback, comment_status, ' . 1984 'comment_spam_status, comment_spam_filter, comment_ip, ' . 1985 'P.post_title, P.post_url, P.post_id, P.post_password, P.post_type, ' . 1986 'P.post_dt, P.user_id, U.user_email, U.user_url '; 1987 } 1988 1989 $strReq .= 1990 'FROM ' . $this->prefix . 'comment C ' . 1991 'INNER JOIN ' . $this->prefix . 'post P ON C.post_id = P.post_id ' . 1992 'INNER JOIN ' . $this->prefix . 'user U ON P.user_id = U.user_id '; 2025 $sql->columns($params['columns']); 2026 } 2027 2028 $sql->columns(array('C.comment_id', 'comment_dt', 'comment_tz', 'comment_upddt', 'comment_author', 'comment_email', 'comment_site', 'comment_trackback', 'comment_status', 'comment_spam_status', 'comment_spam_filter', 'comment_ip', 'P.post_title', 'P.post_url', 'P.post_id', 'P.post_password', 'P.post_type', 'P.post_dt', 'P.user_id', 'U.user_email', 'U.user_url')); 2029 } 2030 2031 $sql 2032 ->from($this->prefix . 'comment C') 2033 ->join(array( 2034 'INNER JOIN ' . $this->prefix . 'post P ON C.post_id = P.post_id', 2035 'INNER JOIN ' . $this->prefix . 'user U ON P.user_id = U.user_id ' 2036 )); 1993 2037 1994 2038 if (!empty($params['from'])) { 1995 $strReq .= $params['from'] . ' '; 1996 } 1997 1998 $strReq .= 1999 "WHERE P.blog_id = '" . $this->con->escape($this->id) . "' "; 2039 $sql->from($params['from']); 2040 } 2041 2042 $sql->where('P.blog_id = ' . $sql->quote($this->id)); 2000 2043 2001 2044 if (!$this->core->auth->check('contentadmin', $this->id)) { 2002 $ strReq .= 'AND ((comment_status = 1 AND P.post_status = 1';2045 $cond = '((comment_status = 1 AND P.post_status = 1'; 2003 2046 2004 2047 if ($this->without_password) { 2005 $ strReq .= 'AND post_password IS NULL';2006 } 2007 $ strReq .= ')';2048 $cond .= ' AND post_password IS NULL'; 2049 } 2050 $cond .= ')'; 2008 2051 2009 2052 if ($this->core->auth->userID()) { 2010 $ strReq .= "OR P.user_id = '" . $this->con->escape($this->core->auth->userID()) . "')";2011 } else {2012 $strReq .= ')';2013 }2053 $cond .= ' OR P.user_id = ' . $sql->quote($this->core->auth->userID()); 2054 } 2055 $cond .= ')'; 2056 $sql->where($cond); 2014 2057 } 2015 2058 2016 2059 if (!empty($params['post_type'])) { 2017 $s trReq .= 'AND post_type ' . $this->con->in($params['post_type']);2060 $sql->where('post_type ' . $sql->in($params['post_type'])); 2018 2061 } 2019 2062 2020 2063 if (isset($params['post_id']) && $params['post_id'] !== '') { 2021 $s trReq .= 'AND P.post_id = ' . (integer) $params['post_id'] . ' ';2064 $sql->where('P.post_id = ' . (integer) $params['post_id']); 2022 2065 } 2023 2066 2024 2067 if (isset($params['cat_id']) && $params['cat_id'] !== '') { 2025 $s trReq .= 'AND P.cat_id = ' . (integer) $params['cat_id'] . ' ';2068 $sql->where('P.cat_id = ' . (integer) $params['cat_id']); 2026 2069 } 2027 2070 … … 2032 2075 $params['comment_id'] = array((integer) $params['comment_id']); 2033 2076 } 2034 $s trReq .= 'AND comment_id ' . $this->con->in($params['comment_id']);2077 $sql->where('comment_id ' . $sql->in($params['comment_id'])); 2035 2078 } 2036 2079 2037 2080 if (isset($params['comment_email'])) { 2038 $comment_email = $ this->con->escape(str_replace('*', '%', $params['comment_email']));2039 $s trReq .= "AND comment_email LIKE '" . $comment_email . "' ";2081 $comment_email = $sql->quote(str_replace('*', '%', $params['comment_email'])); 2082 $sql->where('comment_email LIKE ' . $comment_email); 2040 2083 } 2041 2084 2042 2085 if (isset($params['comment_site'])) { 2043 $comment_site = $ this->con->escape(str_replace('*', '%', $params['comment_site']));2044 $s trReq .= "AND comment_site LIKE '" . $comment_site . "' ";2086 $comment_site = $sql->quote(str_replace('*', '%', $params['comment_site'])); 2087 $sql->where('comment_site LIKE ' . $comment_site); 2045 2088 } 2046 2089 2047 2090 if (isset($params['comment_status'])) { 2048 $s trReq .= 'AND comment_status = ' . (integer) $params['comment_status'] . ' ';2091 $sql->where('comment_status = ' . (integer) $params['comment_status']); 2049 2092 } 2050 2093 2051 2094 if (!empty($params['comment_status_not'])) { 2052 $s trReq .= 'AND comment_status <> ' . (integer) $params['comment_status_not'] . ' ';2095 $sql->where('comment_status <> ' . (integer) $params['comment_status_not']); 2053 2096 } 2054 2097 2055 2098 if (isset($params['comment_trackback'])) { 2056 $s trReq .= 'AND comment_trackback = ' . (integer) (boolean) $params['comment_trackback'] . ' ';2099 $sql->where('comment_trackback = ' . (integer) (boolean) $params['comment_trackback']); 2057 2100 } 2058 2101 2059 2102 if (isset($params['comment_ip'])) { 2060 $comment_ip = $ this->con->escape(str_replace('*', '%', $params['comment_ip']));2061 $s trReq .= "AND comment_ip LIKE '" . $comment_ip . "' ";2103 $comment_ip = $sql->quote(str_replace('*', '%', $params['comment_ip'])); 2104 $sql->where('comment_ip LIKE ' . $comment_ip); 2062 2105 } 2063 2106 2064 2107 if (isset($params['q_author'])) { 2065 $q_author = $ this->con->escape(str_replace('*', '%', strtolower($params['q_author'])));2066 $s trReq .= "AND LOWER(comment_author) LIKE '" . $q_author . "' ";2108 $q_author = $sql->quote(str_replace('*', '%', strtolower($params['q_author']))); 2109 $sql->where('LOWER(comment_author) LIKE ' . $q_author); 2067 2110 } 2068 2111 … … 2078 2121 if ($words) { 2079 2122 foreach ($words as $i => $w) { 2080 $words[$i] = "comment_words LIKE '%" . $ this->con->escape($w) . "%'";2123 $words[$i] = "comment_words LIKE '%" . $sql->escape($w) . "%'"; 2081 2124 } 2082 $s trReq .= 'AND ' . implode(' AND ', $words) . ' ';2125 $sql->where(implode(' AND ', $words)); 2083 2126 } 2084 2127 } … … 2086 2129 2087 2130 if (!empty($params['sql'])) { 2088 $s trReq .= $params['sql'] . ' ';2131 $sql->sql($params['sql']); 2089 2132 } 2090 2133 2091 2134 if (!$count_only) { 2092 2135 if (!empty($params['order'])) { 2093 $s trReq .= 'ORDER BY ' . $this->con->escape($params['order']) . ' ';2136 $sql->order($sql->escape($params['order'])); 2094 2137 } else { 2095 $s trReq .= 'ORDER BY comment_dt DESC ';2138 $sql->order('comment_dt DESC'); 2096 2139 } 2097 2140 } 2098 2141 2099 2142 if (!$count_only && !empty($params['limit'])) { 2100 $strReq .= $this->con->limit($params['limit']); 2101 } 2143 $sql->limit($params['limit']); 2144 } 2145 2146 $query = $sql->statement(); 2102 2147 2103 2148 if (!empty($params['sql_only'])) { 2104 return $ strReq;2105 } 2106 2107 $rs = $this->con->select($ strReq);2149 return $query; 2150 } 2151 2152 $rs = $this->con->select($query); 2108 2153 $rs->core = $this->core; 2109 2154 $rs->extend('rsExtComment'); … … 2128 2173 { 2129 2174 # Get ID 2130 $rs = $this->con->select( 2131 'SELECT MAX(comment_id) ' . 2132 'FROM ' . $this->prefix . 'comment ' 2133 ); 2175 $sql = new dcSelectStatement($this->core, 'coreCommentCreateGetID'); 2176 $sql 2177 ->columns('MAX(comment_id)') 2178 ->from($this->prefix . 'comment'); 2179 $rs = $this->con->select($sql->statement()); 2134 2180 2135 2181 $cur->comment_id = (integer) $rs->f(0) + 1; … … 2208 2254 $this->core->callBehavior('coreBeforeCommentUpdate', $this, $cur, $rs); 2209 2255 2210 $cur->update('WHERE comment_id = ' . $id . ' '); 2256 $sql = new dcUpdateStatement($this->core, 'coreCommentUpdate'); 2257 $sql->where('comment_id = ' . $id); 2258 2259 $cur->update($sql->whereStatement()); 2211 2260 2212 2261 # --BEHAVIOR-- coreAfterCommentUpdate … … 2243 2292 $status = (integer) $status; 2244 2293 2245 $strReq = 2246 'UPDATE ' . $this->prefix . 'comment ' . 2247 'SET comment_status = ' . $status . ' '; 2248 $strReq .= 2249 'WHERE comment_id' . $this->con->in($co_ids) . 2250 'AND post_id in (SELECT tp.post_id ' . 2251 'FROM ' . $this->prefix . 'post tp ' . 2252 "WHERE tp.blog_id = '" . $this->con->escape($this->id) . "' "; 2294 $sqlIn = new dcSelectStatement($this->core, 'coreUpdCommentsStatusIn'); 2295 $sqlIn 2296 ->columns('tp.post_id') 2297 ->from($this->prefix . 'post tp') 2298 ->where('tp.blog_id = ' . $sqlIn->quote($this->id)); 2253 2299 if (!$this->core->auth->check('contentadmin', $this->id)) { 2254 $strReq .= 2255 "AND user_id = '" . $this->con->escape($this->core->auth->userID()) . "' "; 2256 } 2257 $strReq .= ')'; 2258 $this->con->execute($strReq); 2300 $sqlIn->where('user_id = ' . $sqlIn->quote($this->core->auth->userID())); 2301 } 2302 2303 $sql = new dcUpdateStatement($this->core, 'coreUpdCommentsStatus'); 2304 $sql 2305 ->reference($this->prefix . 'comment') 2306 ->set('comment_status = ' . $status) 2307 ->where(array( 2308 'comment_id ' . $sql->in($co_ids), 2309 'post_id in (' . $sqlIn->statement() . ')' 2310 )); 2311 2312 $this->con->execute($sql->statement()); 2259 2313 $this->triggerComments($co_ids); 2260 2314 $this->triggerBlog(); … … 2290 2344 # Retrieve posts affected by comments edition 2291 2345 $affected_posts = array(); 2292 $strReq = 2293 'SELECT post_id ' . 2294 'FROM ' . $this->prefix . 'comment ' . 2295 'WHERE comment_id' . $this->con->in($co_ids) . 2296 'GROUP BY post_id'; 2297 2298 $rs = $this->con->select($strReq); 2346 2347 $sql = new dcSelectStatement($this->core, 'coreDelCommentsScope'); 2348 $sql 2349 ->column('post_id') 2350 ->from($this->prefix . 'comment') 2351 ->where('comment_id' . $sql->in($co_ids)) 2352 ->group('post_id'); 2353 2354 $rs = $this->con->select($sql->statement()); 2355 unset($sql); 2299 2356 2300 2357 while ($rs->fetch()) { … … 2302 2359 } 2303 2360 2304 $strReq = 2305 'DELETE FROM ' . $this->prefix . 'comment ' . 2306 'WHERE comment_id' . $this->con->in($co_ids) . ' ' . 2307 'AND post_id in (SELECT tp.post_id ' . 2308 'FROM ' . $this->prefix . 'post tp ' . 2309 "WHERE tp.blog_id = '" . $this->con->escape($this->id) . "' "; 2310 #If user can only delete, we need to check the post's owner 2361 $sqlIn = new dcSelectStatement($this->core, 'coreDelCommentsIn'); 2362 $sqlIn 2363 ->columns('tp.post_id') 2364 ->from($this->prefix . 'post tp') 2365 ->where(array('tp.blog_id = ' . $sqlIn->quote($this->id))); 2311 2366 if (!$this->core->auth->check('contentadmin', $this->id)) { 2312 $strReq .= 2313 "AND tp.user_id = '" . $this->con->escape($this->core->auth->userID()) . "' "; 2314 } 2315 $strReq .= ")"; 2316 $this->con->execute($strReq); 2367 $sqlIn->where('tp.user_id = ' . $sqlIn->quote($this->core->auth->userID())); 2368 } 2369 2370 $sql = new dcDeleteStatement($this->core, 'coreDelComments'); 2371 $sql 2372 ->from($this->prefix . 'comment') 2373 ->where(array( 2374 'comment_id ' . $sql->in($co_ids), 2375 'post_id in (' . $sqlIn->statement() . ')' 2376 )); 2377 2378 $this->con->execute($sql->statement()); 2317 2379 $this->triggerComments($co_ids, true, $affected_posts); 2318 2380 $this->triggerBlog(); … … 2325 2387 } 2326 2388 2327 $strReq = 2328 'DELETE FROM ' . $this->prefix . 'comment ' . 2329 'WHERE comment_status = -2 ' . 2330 'AND post_id in (SELECT tp.post_id ' . 2331 'FROM ' . $this->prefix . 'post tp ' . 2332 "WHERE tp.blog_id = '" . $this->con->escape($this->id) . "' "; 2333 #If user can only delete, we need to check the post's owner 2389 $sqlIn = new dcSelectStatement($this->core, 'coreDelJunkCommentsIn'); 2390 $sqlIn 2391 ->columns('tp.post_id') 2392 ->from($this->prefix . 'post tp') 2393 ->where('tp.blog_id = ' . $sqlIn->quote($this->id)); 2334 2394 if (!$this->core->auth->check('contentadmin', $this->id)) { 2335 $strReq .= 2336 "AND tp.user_id = '" . $this->con->escape($this->core->auth->userID()) . "' "; 2337 } 2338 $strReq .= ")"; 2339 $this->con->execute($strReq); 2395 // If user can only delete, we need to check the post's owner 2396 $sqlIn->where('tp.user_id = ' . $sqlIn->quote($this->core->auth->userID())); 2397 } 2398 2399 $sql = new dcDeleteStatement($this->core, 'coreDelJunkComments'); 2400 $sql 2401 ->from($this->prefix . 'comment') 2402 ->where(array( 2403 'comment_status = -2', 2404 'post_id in (' . $sqlIn->statement() . ')' 2405 )); 2406 2407 $this->con->execute($sql->statement()); 2340 2408 $this->triggerBlog(); 2341 2409 }
Note: See TracChangeset
for help on using the changeset viewer.