Changeset 3761:849987324197 for inc
- Timestamp:
- 06/15/18 18:31:29 (7 years ago)
- Branch:
- sql-statement
- Location:
- inc/core
- Files:
-
- 5 edited
-
class.dc.auth.php (modified) (4 diffs)
-
class.dc.blog.php (modified) (49 diffs)
-
class.dc.core.php (modified) (24 diffs)
-
class.dc.rs.extensions.php (modified) (1 diff)
-
class.dc.sql.statement.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
inc/core/class.dc.auth.php
r3731 r3761 93 93 { 94 94 # Check user and password 95 $strReq = 'SELECT user_id, user_super, user_pwd, user_change_pwd, ' . 96 'user_name, user_firstname, user_displayname, user_email, ' . 97 'user_url, user_default_blog, user_options, ' . 98 'user_lang, user_tz, user_post_status, user_creadt, user_upddt ' . 99 'FROM ' . $this->con->escapeSystem($this->user_table) . ' ' . 100 "WHERE user_id = '" . $this->con->escape($user_id) . "' "; 95 $sql = new dcSelectStatement($this->core, 'coreAuthCheckUser'); 96 $sql 97 ->columns(array('user_id', 'user_super', 'user_pwd', 'user_change_pwd', 'user_name', 'user_firstname', 98 'user_displayname', 'user_email', 'user_url', 'user_default_blog', 'user_options', 'user_lang', 99 'user_tz', 'user_post_status', 'user_creadt', 'user_upddt')) 100 ->from($this->user_table) 101 ->where('user_id = ' . $sql->quote($user_id)); 101 102 102 103 try { 103 $rs = $this->con->select($s trReq);104 $rs = $this->con->select($sql->statement()); 104 105 } catch (Exception $e) { 105 106 $err = $e->getMessage(); … … 146 147 $cur = $this->con->openCursor($this->user_table); 147 148 $cur->user_pwd = (string) $rs->user_pwd; 148 $cur->update("WHERE user_id = '" . $rs->user_id . "'"); 149 150 $sql = new dcUpdateStatement($this->core, 'coreAuthCheckUser'); 151 $sql->where('user_id = ' . $sql->quote($rs->user_id)); 152 $cur->update($sql->whereStatement()); 149 153 } 150 154 } elseif ($user_key != '') { … … 618 622 public function recoverUserPassword($recover_key) 619 623 { 620 $strReq = 'SELECT user_id, user_email ' . 621 'FROM ' . $this->user_table . ' ' . 622 "WHERE user_recover_key = '" . $this->con->escape($recover_key) . "' "; 624 $sql = new dcSelectStatement($this->core, 'coreAuthRecoverUserPwd'); 625 $sql 626 ->columns(array('user_id', 'user_email')) 627 ->from($this->user_table) 628 ->where('user_recover_key = ' . $sql->quote($recover_key)); 623 629 624 630 $rs = $this->con->select($strReq); … … 635 641 $cur->user_change_pwd = 1; // User will have to change this temporary password at next login 636 642 637 $cur->update("WHERE user_recover_key = '" . $this->con->escape($recover_key) . "'"); 643 $sql = new dcUpdateStatement($this->core, 'coreAuthRecoverUserPwd'); 644 $sql->where('user_recover_key = ' . $sql->quote($recover_key)); 645 $cur->update($sql->whereStatement()); 638 646 639 647 return array('user_email' => $rs->user_email, 'user_id' => $rs->user_id, 'new_pass' => $new_pass); -
inc/core/class.dc.blog.php
r3731 r3761 209 209 $cur->blog_upddt = date('Y-m-d H:i:s'); 210 210 211 $cur->update("WHERE blog_id = '" . $this->con->escape($this->id) . "' "); 211 $sql = new dcUpdateStatement($this->core, 'coreTriggerBlog'); 212 $sql 213 ->where('blog_id = ' . $sql->quote($this->id)); 214 215 $cur->update($sql->whereStatement()); 212 216 213 217 # --BEHAVIOR-- coreBlogAfterTriggerBlog … … 241 245 # Get posts affected by comments edition 242 246 if (empty($affected_posts)) { 243 $strReq = 244 'SELECT post_id ' . 245 'FROM ' . $this->prefix . 'comment ' . 246 'WHERE comment_id' . $this->con->in($comments_ids) . 247 'GROUP BY post_id'; 248 249 $rs = $this->con->select($strReq); 247 $sql = new dcSelectStatement($this->core, 'coreTriggerCommentsScope'); 248 $sql 249 ->columns('post_id') 250 ->from($this->prefix . 'comment') 251 ->where('comment_id' . $sql->in($comments_ids)) 252 ->group('post_id'); 253 254 $rs = $this->con->select($sql->statement()); 250 255 251 256 $affected_posts = array(); … … 253 258 $affected_posts[] = (integer) $rs->post_id; 254 259 } 260 unset($sql); 255 261 } 256 262 … … 260 266 261 267 # Count number of comments if exists for affected posts 262 $strReq = 263 'SELECT post_id, COUNT(post_id) AS nb_comment, comment_trackback ' . 264 'FROM ' . $this->prefix . 'comment ' . 265 'WHERE comment_status = 1 ' . 266 'AND post_id' . $this->con->in($affected_posts) . 267 'GROUP BY post_id,comment_trackback'; 268 269 $rs = $this->con->select($strReq); 268 $sql = new dcSelectStatement($this->core, 'coreTriggerCommentsCount'); 269 $sql 270 ->columns(array('post_id', 'COUNT(post_id) AS nb_comment', 'comment_trackback')) 271 ->from($this->prefix . 'comment') 272 ->where(array( 273 'comment_status = 1', 274 'post_id' . $sql->in($affected_posts) 275 )) 276 ->group(array('post_id', 'comment_trackback')); 277 278 $rs = $this->con->select($sql->statement()); 270 279 271 280 $posts = array(); … … 461 470 private function getCategoriesCounter($params = array()) 462 471 { 463 $strReq = 464 'SELECT C.cat_id, COUNT(P.post_id) AS nb_post ' . 465 'FROM ' . $this->prefix . 'category AS C ' . 466 'JOIN ' . $this->prefix . "post P ON (C.cat_id = P.cat_id AND P.blog_id = '" . $this->con->escape($this->id) . "' ) " . 467 "WHERE C.blog_id = '" . $this->con->escape($this->id) . "' "; 472 $sql = new dcSelectStatement($this->core, 'coreGetCategoriesCounter'); 473 $sql 474 ->columns(array('C.cat_id', 'COUNT(P.post_id) AS nb_post')) 475 ->from($this->prefix . 'category AS C') 476 ->join('JOIN ' . $this->prefix . 'post P ' . 477 'ON (C.cat_id = P.cat_id AND P.blog_id = ' . $sql->quote($this->id) . ')') 478 ->where('C.blog_id = ' . $sql->quote($this->id)); 468 479 469 480 if (!$this->core->auth->userID()) { 470 $s trReq .= 'AND P.post_status = 1 ';481 $sql->where('P.post_status = 1'); 471 482 } 472 483 473 484 if (!empty($params['post_type'])) { 474 $s trReq .= 'AND P.post_type ' . $this->con->in($params['post_type']);475 } 476 477 $s trReq .= 'GROUP BY C.cat_id ';478 479 $rs = $this->con->select($s trReq);485 $sql->where('P.post_type ' . $sql->in($params['post_type'])); 486 } 487 488 $sql->group('C.cat_id'); 489 490 $rs = $this->con->select($sql->statement()); 480 491 $counters = array(); 481 492 while ($rs->fetch()) { … … 568 579 $this->core->callBehavior('coreBeforeCategoryUpdate', $this, $cur); 569 580 570 $cur->update( 571 'WHERE cat_id = ' . (integer) $id . ' ' . 572 "AND blog_id = '" . $this->con->escape($this->id) . "' "); 581 $sql = new dcUpdateStatement($this->core, 'coreCategoryUpdate'); 582 $sql 583 ->where(array( 584 'cat_id = ' . (integer) $id, 585 'blog_id = ' . $sql->quote($this->id) 586 )); 587 $cur->update($sql->whereStatement()); 573 588 574 589 # --BEHAVIOR-- coreAfterCategoryUpdate … … 639 654 } 640 655 641 $strReq = 'SELECT COUNT(post_id) AS nb_post ' . 642 'FROM ' . $this->prefix . 'post ' . 643 'WHERE cat_id = ' . (integer) $id . ' ' . 644 "AND blog_id = '" . $this->con->escape($this->id) . "' "; 645 646 $rs = $this->con->select($strReq); 656 $sql = new dcSelectStatement($this->core, 'coreCategoryPostCount'); 657 $sql 658 ->columns('COUNT(post_id) AS nb_post') 659 ->from($this->prefix . 'post') 660 ->where(array( 661 'cat_id = ' . (integer) $id, 662 'blog_id = ' . $sql->quote($this->id) 663 )); 664 $rs = $this->con->select($sql->statement()); 647 665 648 666 if ($rs->nb_post > 0) { … … 669 687 private function checkCategory($title, $url, $id = null) 670 688 { 671 # Let's check if URL is taken... 672 $strReq = 673 'SELECT cat_url FROM ' . $this->prefix . 'category ' . 674 "WHERE cat_url = '" . $this->con->escape($url) . "' " . 675 ($id ? 'AND cat_id <> ' . (integer) $id . ' ' : '') . 676 "AND blog_id = '" . $this->con->escape($this->id) . "' " . 677 'ORDER BY cat_url DESC'; 678 679 $rs = $this->con->select($strReq); 689 // Let's check if URL is taken... 690 $sql = new dcSelectStatement($this->core, 'coreCheckCategoryURL'); 691 $sql 692 ->columns('cat_url') 693 ->from($this->prefix . 'category') 694 ->where('blog_id = ' . $sql->quote($this->id)) 695 ->order('cat_url DESC'); 696 if ($id) { 697 $sql->where('AND cat_id <> ' . (integer) $i); 698 } 699 $sql->cond('AND cat_url = ' . $sql->quote($url)); 700 701 $rs = $this->con->select($sql->statement()); 680 702 681 703 if (!$rs->isEmpty()) { 682 if ($this->con->driver() == 'mysql' || $this->con->driver() == 'mysqli' || $this->con->driver() == 'mysqlimb4') { 683 $clause = "REGEXP '^" . $this->con->escape($url) . "[0-9]+$'"; 684 } elseif ($this->con->driver() == 'pgsql') { 685 $clause = "~ '^" . $this->con->escape($url) . "[0-9]+$'"; 686 } else { 687 $clause = "LIKE '" . $this->con->escape($url) . "%'"; 688 } 689 $strReq = 690 'SELECT cat_url FROM ' . $this->prefix . 'category ' . 691 "WHERE cat_url " . $clause . ' ' . 692 ($id ? 'AND cat_id <> ' . (integer) $id . ' ' : '') . 693 "AND blog_id = '" . $this->con->escape($this->id) . "' " . 694 'ORDER BY cat_url DESC '; 695 696 $rs = $this->con->select($strReq); 704 // Replace condition on cat_url 705 $sql->cond('AND cat_url ' . $sql->regexp($url), true); 706 707 $rs = $this->con->select($sql->statement()); 697 708 $a = array(); 698 709 while ($rs->fetch()) { … … 791 802 $this->core->callBehavior('coreBlogBeforeGetPosts', $params); 792 803 804 $sql = new dcSelectStatement($this->core, 'coreGetPosts'); 805 793 806 if ($count_only) { 794 $s trReq = 'SELECT count(DISTINCT P.post_id) ';807 $sql->columns('count(DISTINCT P.post_id)'); 795 808 } elseif (!empty($params['sql_only'])) { 796 $s trReq = 'SELECT P.post_id ';809 $sql->columns('P.post_id'); 797 810 } else { 798 if (!empty($params['no_content'])) { 799 $content_req = ''; 800 } else { 801 $content_req = 802 'post_excerpt, post_excerpt_xhtml, ' . 803 'post_content, post_content_xhtml, post_notes, '; 811 if (empty($params['no_content'])) { 812 $sql->columns(array('post_excerpt', 'post_excerpt_xhtml', 'post_content', 'post_content_xhtml', 'post_notes')); 804 813 } 805 814 806 815 if (!empty($params['columns']) && is_array($params['columns'])) { 807 $content_req .= implode(', ', $params['columns']) . ', '; 808 } 809 810 $strReq = 811 'SELECT P.post_id, P.blog_id, P.user_id, P.cat_id, post_dt, ' . 812 'post_tz, post_creadt, post_upddt, post_format, post_password, ' . 813 'post_url, post_lang, post_title, ' . $content_req . 814 'post_type, post_meta, ' . 815 'post_status, post_firstpub, post_selected, post_position, ' . 816 'post_open_comment, post_open_tb, nb_comment, nb_trackback, ' . 817 'U.user_name, U.user_firstname, U.user_displayname, U.user_email, ' . 818 'U.user_url, ' . 819 'C.cat_title, C.cat_url, C.cat_desc '; 820 } 821 822 $strReq .= 823 'FROM ' . $this->prefix . 'post P ' . 824 'INNER JOIN ' . $this->prefix . 'user U ON U.user_id = P.user_id ' . 825 'LEFT OUTER JOIN ' . $this->prefix . 'category C ON P.cat_id = C.cat_id '; 816 $sql->columns($params['columns']); 817 } 818 819 $sql->columns(array('P.post_id', 'P.blog_id', 'P.user_id', 'P.cat_id', 'post_dt', 'post_tz', 'post_creadt', 820 'post_upddt', 'post_format', 'post_password', 'post_url', 'post_lang', 'post_title', 'post_type', 821 'post_meta', 'post_status', 'post_firstpub', 'post_selected', 'post_position', 'post_open_comment', 822 'post_open_tb', 'nb_comment', 'nb_trackback', 'U.user_name', 'U.user_firstname', 'U.user_displayname', 823 'U.user_email', 'U.user_url', 'C.cat_title', 'C.cat_url', 'C.cat_desc')); 824 } 825 826 $sql->from($this->prefix . 'post P') 827 ->join('INNER JOIN ' . $this->prefix . 'user U ON U.user_id = P.user_id') 828 ->join('LEFT OUTER JOIN ' . $this->prefix . 'category C ON P.cat_id = C.cat_id'); 829 830 if (!empty($params['join'])) { 831 $sql->join($params['join']); 832 } 826 833 827 834 if (!empty($params['from'])) { 828 $strReq .= $params['from'] . ' '; 829 } 830 831 $strReq .= 832 "WHERE P.blog_id = '" . $this->con->escape($this->id) . "' "; 835 $sql->from($params['from']); 836 } 837 838 $sql->where('P.blog_id = ' . $sql->quote($this->id)); 833 839 834 840 if (!$this->core->auth->check('contentadmin', $this->id)) { 835 $strReq .= 'AND ((post_status = 1 '; 836 841 $cond = '((post_status = 1'; 837 842 if ($this->without_password) { 838 $strReq .= 'AND post_password IS NULL '; 839 } 840 $strReq .= ') '; 841 843 $cond .= ' AND post_password IS NULL'; 844 } 845 $cond .= ')'; 842 846 if ($this->core->auth->userID()) { 843 $ strReq .= "OR P.user_id = '" . $this->con->escape($this->core->auth->userID()) . "')";844 } else {845 $strReq .= ')';846 }847 $cond .= 'OR P.user_id = ' . $sql->quote($this->core->auth->userID()); 848 } 849 $cond .= ')'; 850 $sql->where($cond); 847 851 } 848 852 … … 850 854 if (isset($params['post_type'])) { 851 855 if (is_array($params['post_type']) || $params['post_type'] != '') { 852 $s trReq .= 'AND post_type ' . $this->con->in($params['post_type']);856 $sql->where('post_type ' . $sql->in($params['post_type'])); 853 857 } 854 858 } else { 855 $s trReq .= "AND post_type = 'post' ";859 $sql->where("post_type = 'post' "); 856 860 } 857 861 … … 862 866 $params['post_id'] = array((integer) $params['post_id']); 863 867 } 864 $s trReq .= 'AND P.post_id ' . $this->con->in($params['post_id']);868 $sql->where('P.post_id ' . $sql->in($params['post_id'])); 865 869 } 866 870 … … 871 875 $params['exclude_post_id'] = array((integer) $params['exclude_post_id']); 872 876 } 873 $s trReq .= 'AND P.post_id NOT ' . $this->con->in($params['exclude_post_id']);877 $sql->where('P.post_id NOT ' . $sql->in($params['exclude_post_id'])); 874 878 } 875 879 876 880 if (isset($params['post_url']) && $params['post_url'] !== '') { 877 $s trReq .= "AND post_url = '" . $this->con->escape($params['post_url']) . "' ";881 $sql->where('post_url = ' . $sql->quote($params['post_url'])); 878 882 } 879 883 880 884 if (!empty($params['user_id'])) { 881 $s trReq .= "AND U.user_id = '" . $this->con->escape($params['user_id']) . "' ";885 $sql->where('U.user_id = ' . $sql->quote($params['user_id'])); 882 886 } 883 887 … … 889 893 array_walk($params['cat_id'], function (&$v, $k) {$v = $v . " ?not";}); 890 894 } 891 $s trReq .= 'AND ' . $this->getPostsCategoryFilter($params['cat_id'], 'cat_id') . ' ';895 $sql->where($this->getPostsCategoryFilter($params['cat_id'], 'cat_id')); 892 896 } elseif (isset($params['cat_url']) && $params['cat_url'] !== '') { 893 897 if (!is_array($params['cat_url'])) { … … 897 901 array_walk($params['cat_url'], function (&$v, $k) {$v = $v . " ?not";}); 898 902 } 899 $s trReq .= 'AND ' . $this->getPostsCategoryFilter($params['cat_url'], 'cat_url') . ' ';903 $sql->where($this->getPostsCategoryFilter($params['cat_url'], 'cat_url')); 900 904 } 901 905 902 906 /* Other filters */ 903 907 if (isset($params['post_status'])) { 904 $s trReq .= 'AND post_status = ' . (integer) $params['post_status'] . ' ';908 $sql->where('post_status = ' . (integer) $params['post_status']); 905 909 } 906 910 907 911 if (isset($params['post_firstpub'])) { 908 $s trReq .= 'AND post_firstpub = ' . (integer) $params['post_firstpub'] . ' ';912 $sql->where('post_firstpub = ' . (integer) $params['post_firstpub']); 909 913 } 910 914 911 915 if (isset($params['post_selected'])) { 912 $s trReq .= 'AND post_selected = ' . (integer) $params['post_selected'] . ' ';916 $sql->where('post_selected = ' . (integer) $params['post_selected']); 913 917 } 914 918 915 919 if (!empty($params['post_year'])) { 916 $strReq .= 'AND ' . $this->con->dateFormat('post_dt', '%Y') . ' = ' . 917 "'" . sprintf('%04d', $params['post_year']) . "' "; 920 $sql->where($sql->dateFormat('post_dt', '%Y') . ' = ' . "'" . sprintf('%04d', $params['post_year']) . "'"); 918 921 } 919 922 920 923 if (!empty($params['post_month'])) { 921 $strReq .= 'AND ' . $this->con->dateFormat('post_dt', '%m') . ' = ' . 922 "'" . sprintf('%02d', $params['post_month']) . "' "; 924 $sql->where($sql->dateFormat('post_dt', '%m') . ' = ' . "'" . sprintf('%02d', $params['post_month']) . "'"); 923 925 } 924 926 925 927 if (!empty($params['post_day'])) { 926 $strReq .= 'AND ' . $this->con->dateFormat('post_dt', '%d') . ' = ' . 927 "'" . sprintf('%02d', $params['post_day']) . "' "; 928 $sql->where($sql->dateFormat('post_dt', '%d') . ' = ' . "'" . sprintf('%02d', $params['post_day']) . "'"); 928 929 } 929 930 930 931 if (!empty($params['post_lang'])) { 931 $s trReq .= "AND P.post_lang = '" . $this->con->escape($params['post_lang']) . "' ";932 $sql->where('P.post_lang = ' . $sql->quote($params['post_lang'])); 932 933 } 933 934 … … 943 944 if ($words) { 944 945 foreach ($words as $i => $w) { 945 $words[$i] = "post_words LIKE '%" . $ this->con->escape($w) . "%'";946 $words[$i] = "post_words LIKE '%" . $sql->escape($w) . "%'"; 946 947 } 947 $s trReq .= 'AND ' . implode(' AND ', $words) . ' ';948 $sql->where(implode(' AND ', $words)); 948 949 } 949 950 } … … 951 952 952 953 if (isset($params['media'])) { 953 if ($params['media'] == '0') { 954 $strReq .= 'AND NOT '; 955 } else { 956 $strReq .= 'AND '; 957 } 958 $strReq .= 'EXISTS (SELECT M.post_id FROM ' . $this->prefix . 'post_media M ' . 959 'WHERE M.post_id = P.post_id '; 954 $sqlEx = new dcSelectStatement($this->core, 'coreGetPostsMedia'); 955 $sqlEx 956 ->columns('M.post_id') 957 ->from($this->prefix . 'post_media M') 958 ->where('M.post_id = P.post_id'); 960 959 if (isset($params['link_type'])) { 961 $s trReq .= " AND M.link_type " . $this->con->in($params['link_type']) . " ";962 } 963 $s trReq .= ")";960 $sqlEx->where('M.link_type ' . $sql->in($params['link_type'])); 961 } 962 $sql->where(($params['media'] == '0' ? 'NOT ' : '') . 'EXISTS (' . $sqlEx->statement() . ')'); 964 963 } 965 964 966 965 if (!empty($params['where'])) { 967 $s trReq .= $params['where'] . ' ';966 $sql->cond($params['where']); 968 967 } 969 968 970 969 if (!empty($params['sql'])) { 971 $s trReq .= $params['sql'] . ' ';970 $sql->sql($params['sql']); 972 971 } 973 972 974 973 if (!$count_only) { 975 974 if (!empty($params['order'])) { 976 $s trReq .= 'ORDER BY ' . $this->con->escape($params['order']) . ' ';975 $sql->order($sql->escape($params['order'])); 977 976 } else { 978 $strReq .= 'ORDER BY post_dt DESC '; 979 } 980 } 981 982 if (!$count_only && !empty($params['limit'])) { 983 $strReq .= $this->con->limit($params['limit']); 984 } 977 $sql->order('post_dt DESC'); 978 } 979 if (!empty($params['limit'])) { 980 $sql->limit($params['limit']); 981 } 982 } 983 984 $query = $sql->statement(); 985 985 986 986 if (!empty($params['sql_only'])) { 987 return $ strReq;988 } 989 990 $rs = $this->con->select($ strReq);987 return $query; 988 } 989 990 $rs = $this->con->select($query); 991 991 $rs->core = $this->core; 992 992 $rs->_nb_media = array(); … … 1070 1070 public function getLangs($params = array()) 1071 1071 { 1072 $strReq = 'SELECT COUNT(post_id) as nb_post, post_lang ' . 1073 'FROM ' . $this->prefix . 'post ' . 1074 "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1075 "AND post_lang <> '' " . 1076 "AND post_lang IS NOT NULL "; 1072 $sql = new dcSelectStatement($this->core, 'coreGetLangs'); 1073 $sql 1074 ->columns(array('COUNT(post_id) as nb_post', 'post_lang')) 1075 ->from($this->prefix . 'post') 1076 ->where(array( 1077 'blog_id = ' . $sql->quote($this->id), 1078 "post_lang <> ''", 1079 'post_lang IS NOT NULL' 1080 )); 1077 1081 1078 1082 if (!$this->core->auth->check('contentadmin', $this->id)) { 1079 $ strReq .= 'AND ((post_status = 1';1083 $cond = '((post_status = 1'; 1080 1084 1081 1085 if ($this->without_password) { 1082 $ strReq .= 'AND post_password IS NULL';1083 } 1084 $ strReq .= ')';1086 $cond .= ' AND post_password IS NULL'; 1087 } 1088 $cond .= ')'; 1085 1089 1086 1090 if ($this->core->auth->userID()) { 1087 $ strReq .= "OR user_id = '" . $this->con->escape($this->core->auth->userID()) . "')";1088 } else {1089 $strReq .= ')';1090 }1091 $cond .= " OR user_id = " . $sql->quote($this->core->auth->userID()); 1092 } 1093 $cond .= ')'; 1094 $sql->where($cond); 1091 1095 } 1092 1096 1093 1097 if (isset($params['post_type'])) { 1094 1098 if ($params['post_type'] != '') { 1095 $s trReq .= "AND post_type = '" . $this->con->escape($params['post_type']) . "' ";1099 $sql->where("post_type = " . $sql->quote($params['post_type'])); 1096 1100 } 1097 1101 } else { 1098 $s trReq .= "AND post_type = 'post' ";1102 $sql->where("post_type = 'post'"); 1099 1103 } 1100 1104 1101 1105 if (isset($params['lang'])) { 1102 $s trReq .= "AND post_lang = '" . $this->con->escape($params['lang']) . "' ";1103 } 1104 1105 $s trReq .= 'GROUP BY post_lang ';1106 $sql->where("post_lang = " . $sql->quote($params['lang'])); 1107 } 1108 1109 $sql->group('post_lang'); 1106 1110 1107 1111 $order = 'desc'; … … 1109 1113 $order = $params['order']; 1110 1114 } 1111 $s trReq .= 'ORDER BY post_lang ' . $order . ' ';1112 1113 return $this->con->select($s trReq);1115 $sql->order('post_lang ' . $order); 1116 1117 return $this->con->select($sql->statement()); 1114 1118 } 1115 1119 … … 1134 1138 public function getDates($params = array()) 1135 1139 { 1140 $sql = new dcSelectStatement($this->core, 'coreGetDates'); 1141 1136 1142 $dt_f = '%Y-%m-%d'; 1137 1143 $dt_fc = '%Y%m%d'; … … 1148 1154 $dt_fc .= '000000'; 1149 1155 1150 $cat_field = $catReq = $limit = ''; 1156 $sql 1157 ->distinct() 1158 ->columns(array( 1159 $sql->dateFormat('post_dt', $dt_f) . ' AS dt', 1160 'COUNT(P.post_id) AS nb_post' 1161 )) 1162 ->from($this->prefix . 'post P') 1163 ->join('LEFT JOIN ' . $this->prefix . 'category C ON P.cat_id = C.cat_id') 1164 ->group('dt'); 1151 1165 1152 1166 if (isset($params['cat_id']) && $params['cat_id'] !== '') { 1153 $catReq = 'AND P.cat_id = ' . (integer) $params['cat_id'] . ' '; 1154 $cat_field = ', C.cat_url '; 1167 $sql 1168 ->columns('C.cat_url') 1169 ->where('P.cat_id = ' . (integer) $params['cat_id']) 1170 ->group('C.car_url'); 1155 1171 } elseif (isset($params['cat_url']) && $params['cat_url'] !== '') { 1156 $catReq = "AND C.cat_url = '" . $this->con->escape($params['cat_url']) . "' "; 1157 $cat_field = ', C.cat_url '; 1172 $sql 1173 ->columns('C.cat_url') 1174 ->where('C.cat_url = ' . $sql->quote($params['cat_url'])) 1175 ->group('C.car_url'); 1158 1176 } 1159 1177 if (!empty($params['post_lang'])) { 1160 $catReq = 'AND P.post_lang = \'' . $params['post_lang'] . '\' '; 1161 } 1162 1163 $strReq = 'SELECT DISTINCT(' . $this->con->dateFormat('post_dt', $dt_f) . ') AS dt ' . 1164 $cat_field . 1165 ',COUNT(P.post_id) AS nb_post ' . 1166 'FROM ' . $this->prefix . 'post P LEFT JOIN ' . $this->prefix . 'category C ' . 1167 'ON P.cat_id = C.cat_id ' . 1168 "WHERE P.blog_id = '" . $this->con->escape($this->id) . "' " . 1169 $catReq; 1178 $sql->where('P.post_lang = ' . $sql->quote($params['post_lang'])); 1179 } 1170 1180 1171 1181 if (!$this->core->auth->check('contentadmin', $this->id)) { 1172 $strReq .= 'AND ((post_status = 1 '; 1173 1182 $cond = '((post_status = 1'; 1174 1183 if ($this->without_password) { 1175 $ strReq .= 'AND post_password IS NULL';1176 } 1177 $ strReq .= ')';1184 $cond .= ' AND post_password IS NULL'; 1185 } 1186 $cond .= ')'; 1178 1187 1179 1188 if ($this->core->auth->userID()) { 1180 $ strReq .= "OR P.user_id = '" . $this->con->escape($this->core->auth->userID()) . "')";1181 } else {1182 $strReq .= ')';1183 }1189 $cond .= ' OR P.user_id = ' . $sql->quote($this->core->auth->userID()); 1190 } 1191 $cond .= ')'; 1192 $sql->where($cond); 1184 1193 } 1185 1194 1186 1195 if (!empty($params['post_type'])) { 1187 $s trReq .= "AND post_type " . $this->con->in($params['post_type']) . " ";1196 $sql->where("post_type " . $sql->in($params['post_type'])); 1188 1197 } else { 1189 $s trReq .= "AND post_type = 'post' ";1198 $sql->where("post_type = 'post'"); 1190 1199 } 1191 1200 1192 1201 if (!empty($params['year'])) { 1193 $s trReq .= 'AND ' . $this->con->dateFormat('post_dt', '%Y') . " = '" . sprintf('%04d', $params['year']) . "' ";1202 $sql->where($sql->dateFormat('post_dt', '%Y') . " = '" . sprintf('%04d', $params['year']) . "'"); 1194 1203 } 1195 1204 1196 1205 if (!empty($params['month'])) { 1197 $s trReq .= 'AND ' . $this->con->dateFormat('post_dt', '%m') . " = '" . sprintf('%02d', $params['month']) . "' ";1206 $sql->where($sql->dateFormat('post_dt', '%m') . " = '" . sprintf('%02d', $params['month']) . "'"); 1198 1207 } 1199 1208 1200 1209 if (!empty($params['day'])) { 1201 $s trReq .= 'AND ' . $this->con->dateFormat('post_dt', '%d') . " = '" . sprintf('%02d', $params['day']) . "' ";1210 $sql->where($sql->dateFormat('post_dt', '%d') . " = '" . sprintf('%02d', $params['day']) . "'"); 1202 1211 } 1203 1212 … … 1216 1225 $dt = date('YmdHis', strtotime($dt)); 1217 1226 1218 $strReq .= 'AND ' . $this->con->dateFormat('post_dt', $dt_fc) . $pdir . "'" . $dt . "' "; 1219 $limit = $this->con->limit(1); 1220 } 1221 1222 $strReq .= 'GROUP BY dt ' . $cat_field; 1227 $sql 1228 ->where($sql->dateFormat('post_dt', $dt_fc) . $pdir . "'" . $dt . "'") 1229 ->limit(1); 1230 } 1223 1231 1224 1232 $order = 'desc'; … … 1226 1234 $order = $params['order']; 1227 1235 } 1228 1229 $strReq .= 1230 'ORDER BY dt ' . $order . ' ' . 1231 $limit; 1232 1233 $rs = $this->con->select($strReq); 1236 $sql->order('dt ' . $order); 1237 1238 $rs = $this->con->select($sql->statement()); 1234 1239 $rs->extend('rsExtDates'); 1235 1240 return $rs; … … 1253 1258 { 1254 1259 # Get ID 1255 $rs = $this->con->select( 1256 'SELECT MAX(post_id) ' . 1257 'FROM ' . $this->prefix . 'post ' 1258 ); 1260 $sql = new dcSelectStatement($this->core, 'corePostCreateGetID'); 1261 $sql 1262 ->columns('MAX(post_id)') 1263 ->from($this->prefix . 'post'); 1264 1265 $rs = $this->con->select($sql->statement()); 1259 1266 1260 1267 $cur->post_id = (integer) $rs->f(0) + 1; … … 1328 1335 $cur->post_upddt = date('Y-m-d H:i:s'); 1329 1336 1330 #If user is only "usage", we need to check the post's owner1337 // If user is only "usage", we need to check the post's owner 1331 1338 if (!$this->core->auth->check('contentadmin', $this->id)) { 1332 $strReq = 'SELECT post_id ' . 1333 'FROM ' . $this->prefix . 'post ' . 1334 'WHERE post_id = ' . $id . ' ' . 1335 "AND user_id = '" . $this->con->escape($this->core->auth->userID()) . "' "; 1336 1337 $rs = $this->con->select($strReq); 1339 $sql = new dcSelectStatement($this->core, 'corePostUpdateCheckOwner'); 1340 $sql 1341 ->column('post_id') 1342 ->from($this->prefix . 'post') 1343 ->where(array( 1344 'post_id = ' . $id, 1345 'user_id = ' . $sql->quote($this->core->auth->userID()) 1346 )); 1347 1348 $rs = $this->con->select($sql->statement()); 1349 unset($sql); 1338 1350 1339 1351 if ($rs->isEmpty()) { … … 1345 1357 $this->core->callBehavior('coreBeforePostUpdate', $this, $cur); 1346 1358 1347 $cur->update('WHERE post_id = ' . $id . ' '); 1359 $sql = new dcUpdateStatement($this->core, 'corePostUpdate'); 1360 $sql->where('post_id = ' . $id); 1361 1362 $cur->update($sql->whereStatement()); 1348 1363 1349 1364 # --BEHAVIOR-- coreAfterPostUpdate … … 1381 1396 $status = (integer) $status; 1382 1397 1383 $strReq = "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1384 "AND post_id " . $this->con->in($posts_ids); 1398 $sql = new dcUpdateStatement($this->core, 'coreUpdPostsStatus'); 1399 $sql 1400 ->where(array( 1401 'blog_id = ' . $sql->quote($this->id), 1402 'post_id ' . $sql->in($posts_ids) 1403 )); 1385 1404 1386 1405 #If user can only publish, we need to check the post's owner 1387 1406 if (!$this->core->auth->check('contentadmin', $this->id)) { 1388 $s trReq .= "AND user_id = '" . $this->con->escape($this->core->auth->userID()) . "' ";1407 $sql->where('user_id = ' . $sql->quote($this->core->auth->userID())); 1389 1408 } 1390 1409 … … 1394 1413 $cur->post_upddt = date('Y-m-d H:i:s'); 1395 1414 1396 $cur->update($s trReq);1415 $cur->update($sql->whereStatement()); 1397 1416 $this->triggerBlog(); 1398 1417 … … 1426 1445 $selected = (boolean) $selected; 1427 1446 1428 $strReq = "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1429 "AND post_id " . $this->con->in($posts_ids); 1447 $sql = new dcUpdateStatement($this->core, 'coreUpdPostsSelected'); 1448 $sql 1449 ->where(array( 1450 'blog_id = ' . $sql->quote($this->id), 1451 'post_id ' . $sql->in($posts_ids) 1452 )); 1430 1453 1431 1454 # If user is only usage, we need to check the post's owner 1432 1455 if (!$this->core->auth->check('contentadmin', $this->id)) { 1433 $s trReq .= "AND user_id = '" . $this->con->escape($this->core->auth->userID()) . "' ";1456 $sql->where('user_id = ' . $sql->quote($this->core->auth->userID())); 1434 1457 } 1435 1458 … … 1439 1462 $cur->post_upddt = date('Y-m-d H:i:s'); 1440 1463 1441 $cur->update($s trReq);1464 $cur->update($sql->whereStatement()); 1442 1465 $this->triggerBlog(); 1443 1466 } … … 1469 1492 $cat_id = (integer) $cat_id; 1470 1493 1471 $strReq = "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1472 "AND post_id " . $this->con->in($posts_ids); 1473 1474 # If user is only usage, we need to check the post's owner 1494 $sql = new dcUpdateStatement($this->core, 'coreUpdPostsCategory'); 1495 $sql 1496 ->where(array( 1497 'blog_id = ' . $sql->quote($this->id), 1498 'post_id ' . $sql->in($posts_ids) 1499 )); 1500 1501 // If user is only usage, we need to check the post's owner 1475 1502 if (!$this->core->auth->check('contentadmin', $this->id)) { 1476 $s trReq .= "AND user_id = '" . $this->con->escape($this->core->auth->userID()) . "' ";1503 $sql->where('user_id = ' . $sql->quote($this->core->auth->userID())); 1477 1504 } 1478 1505 … … 1482 1509 $cur->post_upddt = date('Y-m-d H:i:s'); 1483 1510 1484 $cur->update($s trReq);1511 $cur->update($sql->whereStatement()); 1485 1512 $this->triggerBlog(); 1486 1513 } … … 1506 1533 $cur->post_upddt = date('Y-m-d H:i:s'); 1507 1534 1508 $cur->update( 1509 'WHERE cat_id = ' . $old_cat_id . ' ' . 1510 "AND blog_id = '" . $this->con->escape($this->id) . "' " 1511 ); 1535 $sql = new dcUpdateStatement($this->core, 'coreChangePostsCategory'); 1536 $sql 1537 ->where(array( 1538 'cat_id = ' . $old_cat_id, 1539 'blog_id = ' . $sql->quote($this->id) 1540 )); 1541 $cur->update($sql->whereStatement()); 1512 1542 $this->triggerBlog(); 1513 1543 } … … 1540 1570 } 1541 1571 1542 $strReq = 'DELETE FROM ' . $this->prefix . 'post ' . 1543 "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1544 "AND post_id " . $this->con->in($posts_ids); 1545 1546 #If user can only delete, we need to check the post's owner 1572 $sql = new dcDeleteStatement($this->core, 'coreDelPosts'); 1573 $sql 1574 ->from($this->prefix . 'post') 1575 ->where(array( 1576 'blog_id = ' . $sql->quote($this->id), 1577 'post_id ' . $sql->in($posts_ids) 1578 )); 1579 1580 // If user can only delete, we need to check the post's owner 1547 1581 if (!$this->core->auth->check('contentadmin', $this->id)) { 1548 $s trReq .= "AND user_id = '" . $this->con->escape($this->core->auth->userID()) . "' ";1549 } 1550 1551 $this->con->execute($s trReq);1582 $sql->where('user_id = ' . $sql->quote($this->core->auth->userID())); 1583 } 1584 1585 $this->con->execute($sql->statement()); 1552 1586 $this->triggerBlog(); 1553 1587 } … … 1558 1592 public function publishScheduledEntries() 1559 1593 { 1560 $strReq = 'SELECT post_id, post_dt, post_tz ' . 1561 'FROM ' . $this->prefix . 'post ' . 1562 'WHERE post_status = -1 ' . 1563 "AND blog_id = '" . $this->con->escape($this->id) . "' "; 1564 1565 $rs = $this->con->select($strReq); 1594 $sql = new dcSelectStatement($this->core, 'coreScheduledEntriesPublish'); 1595 $sql 1596 ->columns(array('post_id', 'post_dt', 'post_tz')) 1597 ->from($this->prefix . 'post') 1598 ->where(array( 1599 'post_status = -1', 1600 'blog_id = ' . $sql->quote($this->id) 1601 )); 1602 1603 $rs = $this->con->select($sql->statement()); 1604 unset($sql); 1566 1605 1567 1606 $now = dt::toUTC(time()); … … 1588 1627 $this->core->callBehavior('coreBeforeScheduledEntriesPublish', $this, $to_change); 1589 1628 1590 $strReq = 1591 'UPDATE ' . $this->prefix . 'post SET ' . 1592 'post_status = 1 ' . 1593 "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1594 'AND post_id ' . $this->con->in((array) $to_change) . ' '; 1595 $this->con->execute($strReq); 1629 $sql = new dcUpdateStatement($this->core, 'coreScheduledEntriesPublish'); 1630 $sql 1631 ->reference($this->prefix . 'post') 1632 ->set('post_status = 1') 1633 ->where(array( 1634 'blog_id = ' . $sql->quote($this->id), 1635 'post_id ' . $sql->in((array) $to_change) 1636 )); 1637 1638 $this->con->execute($sql->statement()); 1596 1639 $this->triggerBlog(); 1597 1640 … … 1624 1667 if (count($to_change)) { 1625 1668 1626 $strReq = 1627 'UPDATE ' . $this->prefix . 'post ' . 1628 'SET post_firstpub = 1 ' . 1629 "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1630 'AND post_id ' . $this->con->in((array) $to_change) . ' '; 1631 $this->con->execute($strReq); 1669 $sql = new dcUpdateStatement($this->core, 'coreFirstPublicationEntries'); 1670 $sql 1671 ->reference($this->prefix . 'post') 1672 ->set('post_firstpub = 1') 1673 ->where(array( 1674 'blog_id = ' . $sql->quote($this->id), 1675 'post_id ' . $sql->in((array) $to_change) 1676 )); 1677 1678 $this->con->execute($sql->statement()); 1632 1679 1633 1680 # --BEHAVIOR-- coreFirstPublicationEntries … … 1644 1691 public function getPostsUsers($post_type = 'post') 1645 1692 { 1646 $strReq = 'SELECT P.user_id, user_name, user_firstname, ' . 1647 'user_displayname, user_email ' . 1648 'FROM ' . $this->prefix . 'post P, ' . $this->prefix . 'user U ' . 1649 'WHERE P.user_id = U.user_id ' . 1650 "AND blog_id = '" . $this->con->escape($this->id) . "' "; 1693 $sql = new dcSelectStatement($this->core, 'coreGetPostsUsers'); 1694 $sql 1695 ->columns(array('P.user_id', 'user_name', 'user_firstname', 'user_displayname', 'user_email')) 1696 ->from(array($this->prefix . 'post P', $this->prefix . 'user U')) 1697 ->where(array( 1698 'P.user_id = U.user_id', 1699 'blog_id = ' . $sql->quote($this->id) 1700 )); 1651 1701 1652 1702 if ($post_type) { 1653 $s trReq .= "AND post_type = '" . $this->con->escape($post_type) . "' ";1654 } 1655 1656 $s trReq .= 'GROUP BY P.user_id, user_name, user_firstname, user_displayname, user_email ';1657 1658 return $this->con->select($s trReq);1703 $sql->where("post_type = '" . $sql->escape($post_type) . "'"); 1704 } 1705 1706 $sql->group(array('P.user_id', 'user_name', 'user_firstname', 'user_displayname', 'user_email')); 1707 1708 return $this->con->select($sql->statement()); 1659 1709 } 1660 1710 … … 1687 1737 1688 1738 if (!empty($sub)) { 1689 $rs = $this->con->select( 1690 'SELECT cat_id, cat_url, cat_lft, cat_rgt FROM ' . $this->prefix . 'category ' . 1691 "WHERE blog_id = '" . $this->con->escape($this->id) . "' " . 1692 'AND ' . $field . ' ' . $this->con->in(array_keys($sub)) 1693 ); 1739 $sql = new dcSelectStatement($this->core); 1740 $sql 1741 ->columns(array('cat_id', 'cat_url', 'cat_lft', 'cat_rgt')) 1742 ->from($this->prefix . 'category') 1743 ->where(array( 1744 'blog_id = ' . $sql->quote($this->id), 1745 $field . ' ' . $sql->in(array_keys($sub)) 1746 )); 1747 $rs = $this->con->select($sql->statement()); 1694 1748 1695 1749 while ($rs->fetch()) { 1696 1750 $queries[$rs->f($field)] = '(C.cat_lft BETWEEN ' . $rs->cat_lft . ' AND ' . $rs->cat_rgt . ')'; 1697 1751 } 1752 unset($sql); 1698 1753 } 1699 1754 … … 1881 1936 1882 1937 # Let's check if URL is taken... 1883 $strReq = 'SELECT post_url FROM ' . $this->prefix . 'post ' . 1884 "WHERE post_url = '" . $this->con->escape($url) . "' " . 1885 'AND post_id <> ' . (integer) $post_id . ' ' . 1886 "AND blog_id = '" . $this->con->escape($this->id) . "' " . 1887 'ORDER BY post_url DESC'; 1888 1889 $rs = $this->con->select($strReq); 1938 $sql = new dcSelectStatement($this->core, 'coreGetPostURL'); 1939 $sql 1940 ->columns('post_url') 1941 ->from($this->prefix . 'post') 1942 ->where(array( 1943 'post_id <> ' . (integer) $post_id, 1944 'blog_id = ' . $sql->quote($this->id) 1945 )) 1946 ->cond('AND post_url = ' . $sql->quote($url)) 1947 ->order('post_url DESC'); 1948 1949 $rs = $this->con->select($sql->statement()); 1890 1950 1891 1951 if (!$rs->isEmpty()) { 1892 if ($this->con->driver() == 'mysql' || $this->con->driver() == 'mysqli' || $this->con->driver() == 'mysqlimb4') { 1893 $clause = "REGEXP '^" . $this->con->escape(preg_quote($url)) . "[0-9]+$'"; 1894 } elseif ($this->con->driver() == 'pgsql') { 1895 $clause = "~ '^" . $this->con->escape(preg_quote($url)) . "[0-9]+$'"; 1896 } else { 1897 $clause = "LIKE '" . 1898 $this->con->escape(preg_replace(array('%', '_', '!'), array('!%', '!_', '!!'), $url)) . 1899 "%' ESCAPE '!'"; 1900 } 1901 $strReq = 'SELECT post_url FROM ' . $this->prefix . 'post ' . 1902 "WHERE post_url " . $clause . ' ' . 1903 'AND post_id <> ' . (integer) $post_id . ' ' . 1904 "AND blog_id = '" . $this->con->escape($this->id) . "' " . 1905 'ORDER BY post_url DESC '; 1906 1907 $rs = $this->con->select($strReq); 1952 // Replace condition on post_url 1953 $sql->cond('AND post_url ' . $sql->regexp($url), true); 1954 1955 $rs = $this->con->select($sql->statement()); 1908 1956 $a = array(); 1909 1957 while ($rs->fetch()) { … … 1963 2011 public function getComments($params = array(), $count_only = false) 1964 2012 { 2013 $sql = new dcSelectStatement($this->core, 'coreGetComments'); 2014 1965 2015 if ($count_only) { 1966 $s trReq = 'SELECT count(comment_id) ';2016 $sql->columns('count(comment_id)'); 1967 2017 } elseif (!empty($params['sql_only'])) { 1968 $s trReq = 'SELECT P.post_id ';2018 $sql->columns('P.post_id'); 1969 2019 } else { 1970 if (!empty($params['no_content'])) { 1971 $content_req = ''; 1972 } else { 1973 $content_req = 'comment_content, '; 2020 if (empty($params['no_content'])) { 2021 $sql->columns('comment_content'); 1974 2022 } 1975 2023 1976 2024 if (!empty($params['columns']) && is_array($params['columns'])) { 1977 $content_req .= implode(', ', $params['columns']) . ', '; 1978 } 1979 1980 $strReq = 1981 'SELECT C.comment_id, comment_dt, comment_tz, comment_upddt, ' . 1982 'comment_author, comment_email, comment_site, ' . 1983 $content_req . ' comment_trackback, comment_status, ' . 1984 'comment_spam_status, comment_spam_filter, comment_ip, ' . 1985 'P.post_title, P.post_url, P.post_id, P.post_password, P.post_type, ' . 1986 'P.post_dt, P.user_id, U.user_email, U.user_url '; 1987 } 1988 1989 $strReq .= 1990 'FROM ' . $this->prefix . 'comment C ' . 1991 'INNER JOIN ' . $this->prefix . 'post P ON C.post_id = P.post_id ' . 1992 'INNER JOIN ' . $this->prefix . 'user U ON P.user_id = U.user_id '; 2025 $sql->columns($params['columns']); 2026 } 2027 2028 $sql->columns(array('C.comment_id', 'comment_dt', 'comment_tz', 'comment_upddt', 'comment_author', 'comment_email', 'comment_site', 'comment_trackback', 'comment_status', 'comment_spam_status', 'comment_spam_filter', 'comment_ip', 'P.post_title', 'P.post_url', 'P.post_id', 'P.post_password', 'P.post_type', 'P.post_dt', 'P.user_id', 'U.user_email', 'U.user_url')); 2029 } 2030 2031 $sql 2032 ->from($this->prefix . 'comment C') 2033 ->join(array( 2034 'INNER JOIN ' . $this->prefix . 'post P ON C.post_id = P.post_id', 2035 'INNER JOIN ' . $this->prefix . 'user U ON P.user_id = U.user_id ' 2036 )); 1993 2037 1994 2038 if (!empty($params['from'])) { 1995 $strReq .= $params['from'] . ' '; 1996 } 1997 1998 $strReq .= 1999 "WHERE P.blog_id = '" . $this->con->escape($this->id) . "' "; 2039 $sql->from($params['from']); 2040 } 2041 2042 $sql->where('P.blog_id = ' . $sql->quote($this->id)); 2000 2043 2001 2044 if (!$this->core->auth->check('contentadmin', $this->id)) { 2002 $ strReq .= 'AND ((comment_status = 1 AND P.post_status = 1';2045 $cond = '((comment_status = 1 AND P.post_status = 1'; 2003 2046 2004 2047 if ($this->without_password) { 2005 $ strReq .= 'AND post_password IS NULL';2006 } 2007 $ strReq .= ')';2048 $cond .= ' AND post_password IS NULL'; 2049 } 2050 $cond .= ')'; 2008 2051 2009 2052 if ($this->core->auth->userID()) { 2010 $ strReq .= "OR P.user_id = '" . $this->con->escape($this->core->auth->userID()) . "')";2011 } else {2012 $strReq .= ')';2013 }2053 $cond .= ' OR P.user_id = ' . $sql->quote($this->core->auth->userID()); 2054 } 2055 $cond .= ')'; 2056 $sql->where($cond); 2014 2057 } 2015 2058 2016 2059 if (!empty($params['post_type'])) { 2017 $s trReq .= 'AND post_type ' . $this->con->in($params['post_type']);2060 $sql->where('post_type ' . $sql->in($params['post_type'])); 2018 2061 } 2019 2062 2020 2063 if (isset($params['post_id']) && $params['post_id'] !== '') { 2021 $s trReq .= 'AND P.post_id = ' . (integer) $params['post_id'] . ' ';2064 $sql->where('P.post_id = ' . (integer) $params['post_id']); 2022 2065 } 2023 2066 2024 2067 if (isset($params['cat_id']) && $params['cat_id'] !== '') { 2025 $s trReq .= 'AND P.cat_id = ' . (integer) $params['cat_id'] . ' ';2068 $sql->where('P.cat_id = ' . (integer) $params['cat_id']); 2026 2069 } 2027 2070 … … 2032 2075 $params['comment_id'] = array((integer) $params['comment_id']); 2033 2076 } 2034 $s trReq .= 'AND comment_id ' . $this->con->in($params['comment_id']);2077 $sql->where('comment_id ' . $sql->in($params['comment_id'])); 2035 2078 } 2036 2079 2037 2080 if (isset($params['comment_email'])) { 2038 $comment_email = $ this->con->escape(str_replace('*', '%', $params['comment_email']));2039 $s trReq .= "AND comment_email LIKE '" . $comment_email . "' ";2081 $comment_email = $sql->quote(str_replace('*', '%', $params['comment_email'])); 2082 $sql->where('comment_email LIKE ' . $comment_email); 2040 2083 } 2041 2084 2042 2085 if (isset($params['comment_site'])) { 2043 $comment_site = $ this->con->escape(str_replace('*', '%', $params['comment_site']));2044 $s trReq .= "AND comment_site LIKE '" . $comment_site . "' ";2086 $comment_site = $sql->quote(str_replace('*', '%', $params['comment_site'])); 2087 $sql->where('comment_site LIKE ' . $comment_site); 2045 2088 } 2046 2089 2047 2090 if (isset($params['comment_status'])) { 2048 $s trReq .= 'AND comment_status = ' . (integer) $params['comment_status'] . ' ';2091 $sql->where('comment_status = ' . (integer) $params['comment_status']); 2049 2092 } 2050 2093 2051 2094 if (!empty($params['comment_status_not'])) { 2052 $s trReq .= 'AND comment_status <> ' . (integer) $params['comment_status_not'] . ' ';2095 $sql->where('comment_status <> ' . (integer) $params['comment_status_not']); 2053 2096 } 2054 2097 2055 2098 if (isset($params['comment_trackback'])) { 2056 $s trReq .= 'AND comment_trackback = ' . (integer) (boolean) $params['comment_trackback'] . ' ';2099 $sql->where('comment_trackback = ' . (integer) (boolean) $params['comment_trackback']); 2057 2100 } 2058 2101 2059 2102 if (isset($params['comment_ip'])) { 2060 $comment_ip = $ this->con->escape(str_replace('*', '%', $params['comment_ip']));2061 $s trReq .= "AND comment_ip LIKE '" . $comment_ip . "' ";2103 $comment_ip = $sql->quote(str_replace('*', '%', $params['comment_ip'])); 2104 $sql->where('comment_ip LIKE ' . $comment_ip); 2062 2105 } 2063 2106 2064 2107 if (isset($params['q_author'])) { 2065 $q_author = $ this->con->escape(str_replace('*', '%', strtolower($params['q_author'])));2066 $s trReq .= "AND LOWER(comment_author) LIKE '" . $q_author . "' ";2108 $q_author = $sql->quote(str_replace('*', '%', strtolower($params['q_author']))); 2109 $sql->where('LOWER(comment_author) LIKE ' . $q_author); 2067 2110 } 2068 2111 … … 2078 2121 if ($words) { 2079 2122 foreach ($words as $i => $w) { 2080 $words[$i] = "comment_words LIKE '%" . $ this->con->escape($w) . "%'";2123 $words[$i] = "comment_words LIKE '%" . $sql->escape($w) . "%'"; 2081 2124 } 2082 $s trReq .= 'AND ' . implode(' AND ', $words) . ' ';2125 $sql->where(implode(' AND ', $words)); 2083 2126 } 2084 2127 } … … 2086 2129 2087 2130 if (!empty($params['sql'])) { 2088 $s trReq .= $params['sql'] . ' ';2131 $sql->sql($params['sql']); 2089 2132 } 2090 2133 2091 2134 if (!$count_only) { 2092 2135 if (!empty($params['order'])) { 2093 $s trReq .= 'ORDER BY ' . $this->con->escape($params['order']) . ' ';2136 $sql->order($sql->escape($params['order'])); 2094 2137 } else { 2095 $s trReq .= 'ORDER BY comment_dt DESC ';2138 $sql->order('comment_dt DESC'); 2096 2139 } 2097 2140 } 2098 2141 2099 2142 if (!$count_only && !empty($params['limit'])) { 2100 $strReq .= $this->con->limit($params['limit']); 2101 } 2143 $sql->limit($params['limit']); 2144 } 2145 2146 $query = $sql->statement(); 2102 2147 2103 2148 if (!empty($params['sql_only'])) { 2104 return $ strReq;2105 } 2106 2107 $rs = $this->con->select($ strReq);2149 return $query; 2150 } 2151 2152 $rs = $this->con->select($query); 2108 2153 $rs->core = $this->core; 2109 2154 $rs->extend('rsExtComment'); … … 2128 2173 { 2129 2174 # Get ID 2130 $rs = $this->con->select( 2131 'SELECT MAX(comment_id) ' . 2132 'FROM ' . $this->prefix . 'comment ' 2133 ); 2175 $sql = new dcSelectStatement($this->core, 'coreCommentCreateGetID'); 2176 $sql 2177 ->columns('MAX(comment_id)') 2178 ->from($this->prefix . 'comment'); 2179 $rs = $this->con->select($sql->statement()); 2134 2180 2135 2181 $cur->comment_id = (integer) $rs->f(0) + 1; … … 2208 2254 $this->core->callBehavior('coreBeforeCommentUpdate', $this, $cur, $rs); 2209 2255 2210 $cur->update('WHERE comment_id = ' . $id . ' '); 2256 $sql = new dcUpdateStatement($this->core, 'coreCommentUpdate'); 2257 $sql->where('comment_id = ' . $id); 2258 2259 $cur->update($sql->whereStatement()); 2211 2260 2212 2261 # --BEHAVIOR-- coreAfterCommentUpdate … … 2243 2292 $status = (integer) $status; 2244 2293 2245 $strReq = 2246 'UPDATE ' . $this->prefix . 'comment ' . 2247 'SET comment_status = ' . $status . ' '; 2248 $strReq .= 2249 'WHERE comment_id' . $this->con->in($co_ids) . 2250 'AND post_id in (SELECT tp.post_id ' . 2251 'FROM ' . $this->prefix . 'post tp ' . 2252 "WHERE tp.blog_id = '" . $this->con->escape($this->id) . "' "; 2294 $sqlIn = new dcSelectStatement($this->core, 'coreUpdCommentsStatusIn'); 2295 $sqlIn 2296 ->columns('tp.post_id') 2297 ->from($this->prefix . 'post tp') 2298 ->where('tp.blog_id = ' . $sqlIn->quote($this->id)); 2253 2299 if (!$this->core->auth->check('contentadmin', $this->id)) { 2254 $strReq .= 2255 "AND user_id = '" . $this->con->escape($this->core->auth->userID()) . "' "; 2256 } 2257 $strReq .= ')'; 2258 $this->con->execute($strReq); 2300 $sqlIn->where('user_id = ' . $sqlIn->quote($this->core->auth->userID())); 2301 } 2302 2303 $sql = new dcUpdateStatement($this->core, 'coreUpdCommentsStatus'); 2304 $sql 2305 ->reference($this->prefix . 'comment') 2306 ->set('comment_status = ' . $status) 2307 ->where(array( 2308 'comment_id ' . $sql->in($co_ids), 2309 'post_id in (' . $sqlIn->statement() . ')' 2310 )); 2311 2312 $this->con->execute($sql->statement()); 2259 2313 $this->triggerComments($co_ids); 2260 2314 $this->triggerBlog(); … … 2290 2344 # Retrieve posts affected by comments edition 2291 2345 $affected_posts = array(); 2292 $strReq = 2293 'SELECT post_id ' . 2294 'FROM ' . $this->prefix . 'comment ' . 2295 'WHERE comment_id' . $this->con->in($co_ids) . 2296 'GROUP BY post_id'; 2297 2298 $rs = $this->con->select($strReq); 2346 2347 $sql = new dcSelectStatement($this->core, 'coreDelCommentsScope'); 2348 $sql 2349 ->column('post_id') 2350 ->from($this->prefix . 'comment') 2351 ->where('comment_id' . $sql->in($co_ids)) 2352 ->group('post_id'); 2353 2354 $rs = $this->con->select($sql->statement()); 2355 unset($sql); 2299 2356 2300 2357 while ($rs->fetch()) { … … 2302 2359 } 2303 2360 2304 $strReq = 2305 'DELETE FROM ' . $this->prefix . 'comment ' . 2306 'WHERE comment_id' . $this->con->in($co_ids) . ' ' . 2307 'AND post_id in (SELECT tp.post_id ' . 2308 'FROM ' . $this->prefix . 'post tp ' . 2309 "WHERE tp.blog_id = '" . $this->con->escape($this->id) . "' "; 2310 #If user can only delete, we need to check the post's owner 2361 $sqlIn = new dcSelectStatement($this->core, 'coreDelCommentsIn'); 2362 $sqlIn 2363 ->columns('tp.post_id') 2364 ->from($this->prefix . 'post tp') 2365 ->where(array('tp.blog_id = ' . $sqlIn->quote($this->id))); 2311 2366 if (!$this->core->auth->check('contentadmin', $this->id)) { 2312 $strReq .= 2313 "AND tp.user_id = '" . $this->con->escape($this->core->auth->userID()) . "' "; 2314 } 2315 $strReq .= ")"; 2316 $this->con->execute($strReq); 2367 $sqlIn->where('tp.user_id = ' . $sqlIn->quote($this->core->auth->userID())); 2368 } 2369 2370 $sql = new dcDeleteStatement($this->core, 'coreDelComments'); 2371 $sql 2372 ->from($this->prefix . 'comment') 2373 ->where(array( 2374 'comment_id ' . $sql->in($co_ids), 2375 'post_id in (' . $sqlIn->statement() . ')' 2376 )); 2377 2378 $this->con->execute($sql->statement()); 2317 2379 $this->triggerComments($co_ids, true, $affected_posts); 2318 2380 $this->triggerBlog(); … … 2325 2387 } 2326 2388 2327 $strReq = 2328 'DELETE FROM ' . $this->prefix . 'comment ' . 2329 'WHERE comment_status = -2 ' . 2330 'AND post_id in (SELECT tp.post_id ' . 2331 'FROM ' . $this->prefix . 'post tp ' . 2332 "WHERE tp.blog_id = '" . $this->con->escape($this->id) . "' "; 2333 #If user can only delete, we need to check the post's owner 2389 $sqlIn = new dcSelectStatement($this->core, 'coreDelJunkCommentsIn'); 2390 $sqlIn 2391 ->columns('tp.post_id') 2392 ->from($this->prefix . 'post tp') 2393 ->where('tp.blog_id = ' . $sqlIn->quote($this->id)); 2334 2394 if (!$this->core->auth->check('contentadmin', $this->id)) { 2335 $strReq .= 2336 "AND tp.user_id = '" . $this->con->escape($this->core->auth->userID()) . "' "; 2337 } 2338 $strReq .= ")"; 2339 $this->con->execute($strReq); 2395 // If user can only delete, we need to check the post's owner 2396 $sqlIn->where('tp.user_id = ' . $sqlIn->quote($this->core->auth->userID())); 2397 } 2398 2399 $sql = new dcDeleteStatement($this->core, 'coreDelJunkComments'); 2400 $sql 2401 ->from($this->prefix . 'comment') 2402 ->where(array( 2403 'comment_status = -2', 2404 'post_id in (' . $sqlIn->statement() . ')' 2405 )); 2406 2407 $this->con->execute($sql->statement()); 2340 2408 $this->triggerBlog(); 2341 2409 } -
inc/core/class.dc.core.php
r3731 r3761 442 442 # Fetch versions if needed 443 443 if (!is_array($this->versions)) { 444 $strReq = 'SELECT module, version FROM ' . $this->prefix . 'version'; 445 $rs = $this->con->select($strReq); 444 $sql = new dcSelectStatement($this, 'coreGetVersion'); 445 $sql 446 ->columns(array('module', 'version')) 447 ->from($this->prefix . 'version'); 448 449 $rs = $this->con->select($sql->statement()); 446 450 447 451 while ($rs->fetch()) { … … 474 478 $cur->insert(); 475 479 } else { 476 $cur->update("WHERE module='" . $this->con->escape($module) . "'"); 480 $sql = new dcUpdateStatement($this, 'coreSetVersion'); 481 $sql->where('module=' . $sql->quote($module)); 482 483 $cur->update($sql->whereStatement()); 477 484 } 478 485 … … 487 494 public function delVersion($module) 488 495 { 489 $strReq = 490 'DELETE FROM ' . $this->prefix . 'version ' . 491 "WHERE module = '" . $this->con->escape($module) . "' "; 492 493 $this->con->execute($strReq); 496 $sql = new dcDeleteStatement($this, 'coreDelVersion'); 497 $sql 498 ->from($this->prefix . 'version') 499 ->where('module = ' . $sql->quote($module)); 500 501 $this->con->execute($sql->statement()); 494 502 495 503 if (is_array($this->versions)) { … … 530 538 public function getUsers($params = array(), $count_only = false) 531 539 { 540 $sql = new dcSelectStatement($this, 'coreGetUsers'); 541 $sql 542 ->from($this->prefix . 'user U') 543 ->where('NULL IS NULL'); 544 532 545 if ($count_only) { 533 $strReq = 534 'SELECT count(U.user_id) ' . 535 'FROM ' . $this->prefix . 'user U ' . 536 'WHERE NULL IS NULL '; 546 $sql->columns('COUNT(U.user_id)'); 537 547 } else { 538 $strReq = 539 'SELECT U.user_id,user_super,user_status,user_pwd,user_change_pwd,' . 540 'user_name,user_firstname,user_displayname,user_email,user_url,' . 541 'user_desc, user_lang,user_tz, user_post_status,user_options, ' . 542 'count(P.post_id) AS nb_post ' . 543 'FROM ' . $this->prefix . 'user U ' . 544 'LEFT JOIN ' . $this->prefix . 'post P ON U.user_id = P.user_id ' . 545 'WHERE NULL IS NULL '; 548 $sql 549 ->columns(array('U.user_id', 'user_super', 'user_status', 'user_pwd', 'user_change_pwd', 'user_name', 550 'user_firstname', 'user_displayname', 'user_email', 'user_url', 'user_desc', 'user_lang', 'user_tz', 551 'user_post_status', 'user_options', 'COUNT(P.post_id) AS nb_post')) 552 ->join('LEFT JOIN ' . $this->prefix . 'post P ON U.user_id = P.user_id'); 546 553 } 547 554 548 555 if (!empty($params['q'])) { 549 $q = $this->con->escape(str_replace('*', '%', strtolower($params['q']))); 550 $strReq .= 'AND (' . 556 $q = $sql->escape(str_replace('*', '%', strtolower($params['q']))); 557 $sql->where( 558 '(' . 551 559 "LOWER(U.user_id) LIKE '" . $q . "' " . 552 560 "OR LOWER(user_name) LIKE '" . $q . "' " . 553 561 "OR LOWER(user_firstname) LIKE '" . $q . "' " . 554 ') '; 562 ')' 563 ); 555 564 } 556 565 557 566 if (!empty($params['user_id'])) { 558 $s trReq .= "AND U.user_id = '" . $this->con->escape($params['user_id']) . "' ";567 $sql->where('U.user_id = ' . $sql->quote($params['user_id'])); 559 568 } 560 569 561 570 if (!$count_only) { 562 $strReq .= 'GROUP BY U.user_id,user_super,user_status,user_pwd,user_change_pwd,' . 563 'user_name,user_firstname,user_displayname,user_email,user_url,' . 564 'user_desc, user_lang,user_tz,user_post_status,user_options '; 571 $sql->group(array('U.user_id', 'user_super', 'user_status', 'user_pwd', 'user_change_pwd', 'user_name', 'user_firstname', 'user_displayname', 'user_email', 'user_url', 'user_desc', 'user_lang', 'user_tz', 'user_post_status', 'user_options')); 565 572 566 573 if (!empty($params['order']) && !$count_only) { … … 571 578 $table_prefix = ''; // order = nb_post (asc|desc) 572 579 } 573 $s trReq .= 'ORDER BY ' . $table_prefix . $this->con->escape($params['order']) . ' ';580 $sql->order($table_prefix . $sql->escape($params['order'])); 574 581 } else { 575 $s trReq .= 'ORDER BY ' . $this->con->escape($params['order']) . ' ';582 $sql->order($sql->escape($params['order'])); 576 583 } 577 584 } else { 578 $s trReq .= 'ORDER BY U.user_id ASC ';585 $sql->order('U.user_id ASC'); 579 586 } 580 587 } 581 588 582 589 if (!$count_only && !empty($params['limit'])) { 583 $strReq .= $this->con->limit($params['limit']); 584 } 585 $rs = $this->con->select($strReq); 590 $sql->limit($params['limit']); 591 } 592 593 $rs = $this->con->select($sql->statement()); 586 594 $rs->extend('rsExtUser'); 587 595 return $rs; … … 637 645 } 638 646 639 $cur->update("WHERE user_id = '" . $this->con->escape($id) . "' "); 647 $sql = new dcUpdateStatement($this, 'coreUpdUser'); 648 $sql 649 ->where('user_id = ' . $sql->quote($id)); 650 651 $cur->update($sql->whereStatement()); 640 652 641 653 $this->auth->afterUpdUser($id, $cur); … … 646 658 647 659 # Updating all user's blogs 648 $rs = $this->con->select( 649 'SELECT DISTINCT(blog_id) FROM ' . $this->prefix . 'post ' . 650 "WHERE user_id = '" . $this->con->escape($id) . "' " 651 ); 660 $sql = new dcSelectStatement($this, 'coreUpdUser'); 661 $sql 662 ->columns('DISTINCT(blog_id)') 663 ->from($this->prefix . 'post') 664 ->where('user_id = ' . $sql->quote($id)); 665 666 $rs = $this->con->select($sql->statement()); 652 667 653 668 while ($rs->fetch()) { … … 681 696 } 682 697 683 $strReq = 'DELETE FROM ' . $this->prefix . 'user ' . 684 "WHERE user_id = '" . $this->con->escape($id) . "' "; 685 686 $this->con->execute($strReq); 698 $sql = new dcDeleteStatement($this, 'coreDelUser'); 699 $sql 700 ->from($this->prefix . 'user') 701 ->where('user_id = ' . $sql->quote($id)); 702 703 $this->con->execute($sql->statement()); 687 704 688 705 $this->auth->afterDelUser($id); … … 697 714 public function userExists($id) 698 715 { 699 $strReq = 'SELECT user_id ' . 700 'FROM ' . $this->prefix . 'user ' . 701 "WHERE user_id = '" . $this->con->escape($id) . "' "; 702 703 $rs = $this->con->select($strReq); 716 $sql = new dcSelectStatement($this, 'coreUserExists'); 717 $sql 718 ->columns('user_id') 719 ->from($this->prefix . 'user') 720 ->where('user_id = ' . $sql->quote($id)); 721 722 $rs = $this->con->select($sql->statement()); 704 723 705 724 return !$rs->isEmpty(); … … 721 740 public function getUserPermissions($id) 722 741 { 723 $strReq = 'SELECT B.blog_id, blog_name, blog_url, permissions ' . 724 'FROM ' . $this->prefix . 'permissions P ' . 725 'INNER JOIN ' . $this->prefix . 'blog B ON P.blog_id = B.blog_id ' . 726 "WHERE user_id = '" . $this->con->escape($id) . "' "; 727 728 $rs = $this->con->select($strReq); 742 $sql = new dcSelectStatement($this, 'coreGetUserPermissions'); 743 $sql 744 ->columns(array('B.blog_id', 'blog_name', 'blog_url', 'permissions')) 745 ->from($this->prefix . 'permissions P') 746 ->join('INNER JOIN ' . $this->prefix . 'blog B ON P.blog_id = B.blog_id') 747 ->where('user_id = ' . $sql->quote($id)); 748 749 $rs = $this->con->select($sql->statement()); 729 750 730 751 $res = array(); … … 756 777 } 757 778 758 $strReq = 'DELETE FROM ' . $this->prefix . 'permissions ' . 759 "WHERE user_id = '" . $this->con->escape($id) . "' "; 760 761 $this->con->execute($strReq); 779 $sql = new dcDeleteStatement($this, 'coreSetUserPermissions'); 780 $sql 781 ->from($this->prefix . 'permissions') 782 ->where('user_id = ' . $sql->quote($id)); 783 784 $this->con->execute($sql->statement()); 762 785 763 786 foreach ($perms as $blog_id => $p) { … … 792 815 793 816 if ($delete_first || $no_perm) { 794 $strReq = 'DELETE FROM ' . $this->prefix . 'permissions ' . 795 "WHERE blog_id = '" . $this->con->escape($blog_id) . "' " . 796 "AND user_id = '" . $this->con->escape($id) . "' "; 797 798 $this->con->execute($strReq); 817 $sql = new dcDeleteStatement($this, 'coreSetUserBlogPermissions'); 818 $sql 819 ->from($this->prefix . 'permissions') 820 ->where(array( 821 'blog_id = ' . $sql->quote($blog_id), 822 'user_id = ' . $sql->quote($id) 823 )); 824 $this->con->execute($sql->statement()); 799 825 } 800 826 … … 814 840 $cur = $this->con->openCursor($this->prefix . 'user'); 815 841 842 $sql = new dcUpdateStatement($this, 'coreSetUserDefaultBlog'); 843 $sql->where('user_id = ' . $sql->quote($id)); 844 816 845 $cur->user_default_blog = (string) $blog_id; 817 846 818 $cur->update( "WHERE user_id = '" . $this->con->escape($id) . "'");847 $cur->update($sql->whereStatement()); 819 848 } 820 849 … … 890 919 public function getBlogPermissions($id, $with_super = true) 891 920 { 892 $strReq = 893 'SELECT U.user_id AS user_id, user_super, user_name, user_firstname, ' . 894 'user_displayname, user_email, permissions ' . 895 'FROM ' . $this->prefix . 'user U ' . 896 'JOIN ' . $this->prefix . 'permissions P ON U.user_id = P.user_id ' . 897 "WHERE blog_id = '" . $this->con->escape($id) . "' "; 921 $sql = new dcSelectStatement($this, 'coreGetBlogPermissions'); 922 $sql 923 ->columns(array('U.user_id AS user_id', 'user_super', 'user_name', 'user_firstname', 'user_displayname', 924 'user_email', 'permissions')) 925 ->from($this->prefix . 'user U') 926 ->join('JOIN ' . $this->prefix . 'permissions P ON U.user_id = P.user_id') 927 ->where('blog_id = ' . $sql->quote($id)); 898 928 899 929 if ($with_super) { 900 $strReq .= 901 'UNION ' . 902 'SELECT U.user_id AS user_id, user_super, user_name, user_firstname, ' . 903 "user_displayname, user_email, NULL AS permissions " . 904 'FROM ' . $this->prefix . 'user U ' . 905 'WHERE user_super = 1 '; 906 } 907 908 $rs = $this->con->select($strReq); 930 $sqlSuper = new dcSelectStatement($this, 'coreGetBlogPermissionsSuper'); 931 $sqlSuper 932 ->columns(array('U.user_id AS user_id', 'user_super', 'user_name', 'user_firstname', 'user_displayname', 933 'user_email', 'NULL AS permissions')) 934 ->from($this->prefix . 'user U') 935 ->where('user_super = 1'); 936 $sql->sql('UNION ' . $sqlSuper->statement()); 937 } 938 939 $rs = $this->con->select($sql->statement()); 909 940 910 941 $res = array(); … … 955 986 public function getBlogs($params = array(), $count_only = false) 956 987 { 957 $ join = ''; // %1$s958 $ where = ''; // %2$s988 $sql = new dcSelectStatement($this, 'coreGetBlogs'); 989 $sql->from($this->prefix . 'blog B'); 959 990 960 991 if ($count_only) { 961 $strReq = 'SELECT count(B.blog_id) ' . 962 'FROM ' . $this->prefix . 'blog B ' . 963 '%1$s ' . 964 'WHERE NULL IS NULL ' . 965 '%2$s '; 992 $sql->columns('COUNT(B.blog_id)'); 966 993 } else { 967 $strReq = 968 'SELECT B.blog_id, blog_uid, blog_url, blog_name, blog_desc, blog_creadt, ' . 969 'blog_upddt, blog_status ' . 970 'FROM ' . $this->prefix . 'blog B ' . 971 '%1$s ' . 972 'WHERE NULL IS NULL ' . 973 '%2$s '; 994 $sql->columns(array('B.blog_id', 'blog_uid', 'blog_url', 'blog_name', 'blog_desc', 'blog_creadt', 'blog_upddt', 'blog_status')); 974 995 975 996 if (!empty($params['order'])) { 976 $s trReq .= 'ORDER BY ' . $this->con->escape($params['order']) . ' ';997 $sql->order($sql->escape($params['order'])); 977 998 } else { 978 $s trReq .= 'ORDER BY B.blog_id ASC ';999 $sql->order('B.blog_id ASC'); 979 1000 } 980 1001 981 1002 if (!empty($params['limit'])) { 982 $s trReq .= $this->con->limit($params['limit']);1003 $sql->limit($params['limit']); 983 1004 } 984 1005 } 985 1006 986 1007 if ($this->auth->userID() && !$this->auth->isSuperAdmin()) { 987 $join = 'INNER JOIN ' . $this->prefix . 'permissions PE ON B.blog_id = PE.blog_id '; 988 $where = 989 "AND PE.user_id = '" . $this->con->escape($this->auth->userID()) . "' " . 990 "AND (permissions LIKE '%|usage|%' OR permissions LIKE '%|admin|%' OR permissions LIKE '%|contentadmin|%') " . 991 "AND blog_status IN (1,0) "; 1008 $sql->join('INNER JOIN ' . $this->prefix . 'permissions PE ON B.blog_id = PE.blog_id'); 1009 $sql->where("AND PE.user_id = " . $sql->quote($this->auth->userID()) . 1010 " AND (permissions LIKE '%|usage|%' OR permissions LIKE '%|admin|%' OR permissions LIKE '%|contentadmin|%')" . 1011 " AND blog_status IN (1,0)"); 992 1012 } elseif (!$this->auth->userID()) { 993 $ where = 'AND blog_status IN (1,0) ';1013 $sql->where('blog_status IN (1,0)'); 994 1014 } 995 1015 996 1016 if (isset($params['blog_status']) && $params['blog_status'] !== '' && $this->auth->isSuperAdmin()) { 997 $ where .= 'AND blog_status = ' . (integer) $params['blog_status'] . ' ';1017 $sql->where('blog_status = ' . (integer) $params['blog_status']); 998 1018 } 999 1019 … … 1002 1022 $params['blog_id'] = array($params['blog_id']); 1003 1023 } 1004 $ where .= 'AND B.blog_id ' . $this->con->in($params['blog_id']);1024 $sql->where('B.blog_id ' . $sql->in($params['blog_id'])); 1005 1025 } 1006 1026 1007 1027 if (!empty($params['q'])) { 1008 1028 $params['q'] = strtolower(str_replace('*', '%', $params['q'])); 1009 $where .= 1010 'AND (' . 1011 "LOWER(B.blog_id) LIKE '" . $this->con->escape($params['q']) . "' " . 1012 "OR LOWER(B.blog_name) LIKE '" . $this->con->escape($params['q']) . "' " . 1013 "OR LOWER(B.blog_url) LIKE '" . $this->con->escape($params['q']) . "' " . 1014 ') '; 1015 } 1016 1017 $strReq = sprintf($strReq, $join, $where); 1018 return $this->con->select($strReq); 1029 $sql->where('(' . 1030 "LOWER(B.blog_id) LIKE " . $sql->quote($params['q']) . 1031 " OR LOWER(B.blog_name) LIKE " . $sql->quote($params['q']) . 1032 " OR LOWER(B.blog_url) LIKE " . $sql->quote($params['q']) . 1033 ')'); 1034 } 1035 1036 return $this->con->select($sql->statement()); 1019 1037 } 1020 1038 … … 1051 1069 $cur->blog_upddt = date('Y-m-d H:i:s'); 1052 1070 1053 $cur->update("WHERE blog_id = '" . $this->con->escape($id) . "'"); 1071 $sql = new dcUpdateStatement($this, 'coreUpdBlog'); 1072 $sql->where('blog_id = ' . $sql->quote($id)); 1073 $cur->update($sql->whereStatement()); 1054 1074 } 1055 1075 … … 1090 1110 } 1091 1111 1092 $strReq = 'DELETE FROM ' . $this->prefix . 'blog ' . 1093 "WHERE blog_id = '" . $this->con->escape($id) . "' "; 1094 1095 $this->con->execute($strReq); 1112 $sql = new dcDeleteStatement($this, 'coreDelBlog'); 1113 $sql 1114 ->from($this->prefix . 'blog') 1115 ->where('blog_id = ' . $sql->quote($id)); 1116 1117 $this->con->execute($sql->statement()); 1096 1118 } 1097 1119 … … 1104 1126 public function blogExists($id) 1105 1127 { 1106 $strReq = 'SELECT blog_id ' . 1107 'FROM ' . $this->prefix . 'blog ' . 1108 "WHERE blog_id = '" . $this->con->escape($id) . "' "; 1109 1110 $rs = $this->con->select($strReq); 1128 $sql = new dcSelectStatement($this, 'coreBlogExists'); 1129 $sql 1130 ->columns('blog_id') 1131 ->from($this->prefix . 'blog') 1132 ->where('blog_id = ' . $sql->quote($id)); 1133 1134 $rs = $this->con->select($sql->statement()); 1111 1135 1112 1136 return !$rs->isEmpty(); … … 1122 1146 public function countBlogPosts($id, $type = null) 1123 1147 { 1124 $strReq = 'SELECT COUNT(post_id) ' . 1125 'FROM ' . $this->prefix . 'post ' . 1126 "WHERE blog_id = '" . $this->con->escape($id) . "' "; 1148 $sql = new dcSelectStatement($this, 'coreCountBlogPosts'); 1149 $sql 1150 ->columns('COUNT(post_id)') 1151 ->from($this->prefix . 'post') 1152 ->where('blog_id = ' . $sql->quote($id)); 1127 1153 1128 1154 if ($type) { 1129 $s trReq .= "AND post_type = '" . $this->con->escape($type) . "' ";1130 } 1131 1132 return $this->con->select($s trReq)->f(0);1155 $sql->where('post_type = ' . $sql->quote($type)); 1156 } 1157 1158 return $this->con->select($sql->statement())->f(0); 1133 1159 } 1134 1160 //@} … … 1468 1494 public function indexAllPosts($start = null, $limit = null) 1469 1495 { 1470 $strReq = 'SELECT COUNT(post_id) ' . 1471 'FROM ' . $this->prefix . 'post'; 1472 $rs = $this->con->select($strReq); 1496 $sql = new dcSelectStatement($this, 'coreIndexAllPostsCount'); 1497 $sql 1498 ->columns('COUNT(post_id)') 1499 ->from($this->prefix . 'post'); 1500 1501 $rs = $this->con->select($sql->statement()); 1473 1502 $count = $rs->f(0); 1474 1475 $strReq = 'SELECT post_id, post_title, post_excerpt_xhtml, post_content_xhtml ' . 1476 'FROM ' . $this->prefix . 'post '; 1503 unset($sql); 1504 1505 $sql = new dcSelectStatement($this, 'coreIndexAllPosts'); 1506 $sql 1507 ->columns(array('post_id', 'post_title', 'post_excerpt_xhtml', 'post_content_xhtml')) 1508 ->from($this->prefix . 'post'); 1477 1509 1478 1510 if ($start !== null && $limit !== null) { 1479 $strReq .= $this->con->limit($start, $limit); 1480 } 1481 1482 $rs = $this->con->select($strReq, true); 1511 $sql->limit($start, $limit); 1512 } 1513 1514 $rs = $this->con->select($sql->statement()); 1515 unset($sql); 1483 1516 1484 1517 $cur = $this->con->openCursor($this->prefix . 'post'); 1485 1518 1519 $sql = new dcUpdateStatement($this, 'coreIndexAllPosts'); 1486 1520 while ($rs->fetch()) { 1487 1521 $words = $rs->post_title . ' ' . $rs->post_excerpt_xhtml . ' ' . … … 1489 1523 1490 1524 $cur->post_words = implode(' ', text::splitWords($words)); 1491 $cur->update('WHERE post_id = ' . (integer) $rs->post_id); 1525 $sql->where('post_id = ' . (integer) $rs->post_id, true); 1526 $cur->update($sql->whereStatement()); 1492 1527 $cur->clean(); 1493 1528 } … … 1509 1544 public function indexAllComments($start = null, $limit = null) 1510 1545 { 1511 $strReq = 'SELECT COUNT(comment_id) ' . 1512 'FROM ' . $this->prefix . 'comment'; 1513 $rs = $this->con->select($strReq); 1546 $sql = new dcSelectStatement($this, 'coreIndexAllCommentsCount'); 1547 $sql 1548 ->columns('COUNT(comment_id)') 1549 ->from($this->prefix . 'comment'); 1550 1551 $rs = $this->con->select($sql->statement()); 1514 1552 $count = $rs->f(0); 1515 1516 $strReq = 'SELECT comment_id, comment_content ' . 1517 'FROM ' . $this->prefix . 'comment '; 1553 unset($sql); 1554 1555 $sql = new dcSelectStatement($this, 'coreIndexAllComments'); 1556 $sql 1557 ->columns(array('comment_id', 'comment_content')) 1558 ->from($this->prefix . 'comment'); 1518 1559 1519 1560 if ($start !== null && $limit !== null) { 1520 $strReq .= $this->con->limit($start, $limit); 1521 } 1522 1523 $rs = $this->con->select($strReq); 1561 $sql->limit($start, $limit); 1562 } 1563 1564 $rs = $this->con->select($sql->statement()); 1565 unset($sql); 1524 1566 1525 1567 $cur = $this->con->openCursor($this->prefix . 'comment'); 1526 1568 1569 $sql = new dcUpdateStatement($this, 'coreIndexAllComments'); 1527 1570 while ($rs->fetch()) { 1528 1571 $cur->comment_words = implode(' ', text::splitWords($rs->comment_content)); 1529 $cur->update('WHERE comment_id = ' . (integer) $rs->comment_id); 1572 $sql->where('comment_id = ' . (integer) $rs->comment_id, true); 1573 $cur->update($sql->whereStatement()); 1530 1574 $cur->clean(); 1531 1575 } … … 1542 1586 public function countAllComments() 1543 1587 { 1544 1545 $updCommentReq = 'UPDATE ' . $this->prefix . 'post P ' . 1546 'SET nb_comment = (' . 1547 'SELECT COUNT(C.comment_id) from ' . $this->prefix . 'comment C ' . 1548 'WHERE C.post_id = P.post_id AND C.comment_trackback <> 1 ' . 1549 'AND C.comment_status = 1 ' . 1550 ')'; 1551 $updTrackbackReq = 'UPDATE ' . $this->prefix . 'post P ' . 1552 'SET nb_trackback = (' . 1553 'SELECT COUNT(C.comment_id) from ' . $this->prefix . 'comment C ' . 1554 'WHERE C.post_id = P.post_id AND C.comment_trackback = 1 ' . 1555 'AND C.comment_status = 1 ' . 1556 ')'; 1557 $this->con->execute($updCommentReq); 1558 $this->con->execute($updTrackbackReq); 1588 $sqlCount = new dcSelectStatement($this, 'coreCountAllComments'); 1589 $sqlCount 1590 ->columns('COUNT(C.comment_id)') 1591 ->from($this->prefix . 'comment C') 1592 ->where(array( 1593 'C.post_id = P.post_id', 1594 'C.comment_status = 1' 1595 )); 1596 1597 $sql = new dcUpdateStatement($this, 'coreCountAllComments'); 1598 $sql 1599 ->ref($this->prefix . 'post P'); 1600 1601 $sqlCount->cond('AND C.comment_trackback <> 1', true); 1602 $sql->set('nb_comment = (' . $sqlCount->statement() . ')', true); 1603 $this->con->execute($sql->statement()); 1604 1605 $sqlCount->cond('AND C.comment_trackback = 1', true); 1606 $sql->set('nb_trackback = (' . $sqlCount->statement() . ')', true); 1607 $this->con->execute($sql->statement()); 1559 1608 } 1560 1609 -
inc/core/class.dc.rs.extensions.php
r3731 r3761 444 444 return $rs->_nb_media[$rs->index()]; 445 445 } else { 446 $strReq = 447 'SELECT count(media_id) ' . 448 'FROM ' . $rs->core->prefix . 'post_media ' . 449 'WHERE post_id = ' . (integer) $rs->post_id . ' '; 446 $sql = new dcSelectStatement($rs->core, 'coreRsExtCountMedia'); 447 $sql 448 ->columns(array('count(media_id)')) 449 ->from($rs->core->prefix . 'post_media') 450 ->where('post_id = ' . $sql->quote((integer) $rs->post_id)); 450 451 if ($link_type != null) { 451 $s trReq .= "AND link_type = '" . $rs->core->con->escape($link_type) . "'";452 $sql->where('link_type = ' . $sql->quote($link_type)); 452 453 } 453 454 $res = (integer) $rs->core->con->select($strReq)->f(0); 454 $res = (integer) $rs->core->con->select($sql->statement())->f(0); 455 455 $rs->_nb_media[$rs->index()] = $res; 456 456 return $res; -
inc/core/class.dc.sql.statement.php
r3754 r3761 300 300 * May be used for debugging purpose as: 301 301 * 302 * if (!$sql->isSame($sql->statement(), $ oldRequest)) {303 * trigger_error('SQL statement error: ' . $sql->statement() . ' / ' . $ oldRequest, E_USER_ERROR);302 * if (!$sql->isSame($sql->statement(), $strReq)) { 303 * trigger_error('SQL statement error: ' . $sql->statement() . ' / ' . $strReq, E_USER_ERROR); 304 304 * } 305 305 *
Note: See TracChangeset
for help on using the changeset viewer.