History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
We are currently focused especially on Moodle 2.0, Moodle 1.9.x bugs and Moodle 1.9.x testing.    Confused? Lost? Please read this introduction to the Tracker.
Issue Details (XML | Word | Printable)

Key: MDL-14861
Type: Sub-task Sub-task
Status: Resolved Resolved
Resolution: Fixed
Priority: Minor Minor
Assignee: Petr Škoda
Reporter: Eloy Lafuente (stronk7)
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Moodle
MDL-14679

Use proper placeholders for IN senteces

Created: 16/May/08 07:15 AM   Updated: 26/May/08 03:59 AM
Component/s: Database SQL/XMLDB
Affects Version/s: 2.0
Fix Version/s: 2.0

Database: Any
Participants: Eloy Lafuente (stronk7) and Petr Škoda
Security Level: None


 Description  « Hide
While looking at code (accesslib.php), I've detected a lot of uses of IN() statements where the list of values continues being passed as comma-separated string.

While it works... ideally all them should be converted to proper ? placeholders, correct?

Pasting here the function used in Mahara (suggested by Penny):

/**
 * function to convert an array to
 * an array of placeholders (?)
 * with the right number of values
 *
 * @param array $array input array
 */
function db_array_to_ph($array) {
    return array_pad(array(), count($array), '?');
}

note it's enough for us, needing to support :named parameters. And also note it returns an array and should return one string directly.

Not checked if we have implemented this our way (it sounds to me that yes).

Ciao :-)

 All   Comments   Change History   Version Control      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Petr Škoda - 16/May/08 02:38 PM
we already have:

    /**
     * Constructs IN() or = sql fragment
     * @param mixed $items single or array of values
     * @param int $type bound param type
     * @param string named param placeholder start
     * @return array - $sql and $params
     */
    public function get_in_or_equal($items, $type=SQL_PARAMS_QM, $start='param0000') {
        if ($type == SQL_PARAMS_QM) {
            if (!is_array($items) or count($items) == 1) {
                $sql = '= ?';
                $params = array($items);
            } else {
                $sql = 'IN ('.implode(',', array_fill(0, count($items), '?')).')';
                $params = array_values($items);
            }

        } else if ($type == SQL_PARAMS_NAMED) {
            if (!is_array($items) or count($items) == 1) {
                $sql = '= :'.$start;
                $params = array($start=>$items);
            } else {
                $params = array();
                $sql = array();
                foreach ($items as $item) {
                    $params[$start] = $item;
                    $sql .= ':'.$start++;
                }
                $sql = 'IN ('.implode(',', $sql).')';
            }

        } else {
            error('todo: type not implemented');
        }
        return array($sql, $params);
    }

[ Permlink | « Hide ]
Petr Škoda - 26/May/08 03:59 AM
implemented moodle_database method:

    /**
     * Constructs IN() or = sql fragment
     * @param mixed $items single or array of values
     * @param int $type bound param type
     * @param string named param placeholder start
     * @param bool true means equal, false not equal
     * @return array - $sql and $params
     */
    public function get_in_or_equal($items, $type=SQL_PARAMS_QM, $start='param0000', $equal=true) {


please reopen if needed


Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.12.1-#299) - Bug/feature request - Atlassian news - Contact Administrators


moodlelogo