webcraftmedia/system
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed quotes on locale_string sql query

Browse Source
This commit is contained in:
Ulf Gebhardt 2013-05-16 02:44:09 +02:00
parent d6cdd8b449
commit 925d4ce4e2
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
system/locale.php
View File

@ -47,17 +47,19 @@ class locale {
if(!self::isLang($lang)){ if(!self::isLang($lang)){
throw new \Exception("The requested language is not supported: ".$lang);} throw new \Exception("The requested language is not supported: ".$lang);}
$q = \SYSTEM\system::isSystemDbInfoPG() ? '"' : '`';
if(\is_array($request)){ if(\is_array($request)){
$where = ''; $where = '';
foreach($request as $strid){ foreach($request as $strid){
if(!\preg_match("^[a-zA-Z0-9_]+$^", $strid) != 0){ if(!\preg_match("^[a-zA-Z0-9_]+$^", $strid) != 0){
throw new \Exception("Requested id contains inpropper symbols: ".$strid);} throw new \Exception("Requested id contains inpropper symbols: ".$strid);}
$where .= 'OR `'.\SYSTEM\DBD\locale_string::FIELD_ID.'` = $1 '; $where .= 'OR '.$q.\SYSTEM\DBD\locale_string::FIELD_ID.$q.' = $1 ';
} }
$where = substr($where,2); $where = substr($where,2);
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo()); $con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
$res = $con->prepare( 'localeArrStmt', 'SELECT `'.$lang.'`,`'.\SYSTEM\DBD\locale_string::FIELD_ID.'` FROM '.(\SYSTEM\system::isSystemDbInfoPG() ? \SYSTEM\DBD\locale_string::NAME_PG : \SYSTEM\DBD\locale_string::NAME_MYS).' WHERE '.$where, $res = $con->prepare( 'localeArrStmt', 'SELECT '.$q.$lang.$q.','.$q.\SYSTEM\DBD\locale_string::FIELD_ID.$q.' FROM '.(\SYSTEM\system::isSystemDbInfoPG() ? \SYSTEM\DBD\locale_string::NAME_PG : \SYSTEM\DBD\locale_string::NAME_MYS).' WHERE '.$where,
$request); $request);
$result = array(); $result = array();
@ -69,7 +71,7 @@ class locale {
$cat = \intval($request); $cat = \intval($request);
$con = new \SYSTEM\DB\Connection( \SYSTEM\system::getSystemDBInfo()); $con = new \SYSTEM\DB\Connection( \SYSTEM\system::getSystemDBInfo());
$res = $con->prepare( 'localeStmt', 'SELECT `'.$lang.'`,`'.\SYSTEM\DBD\locale_string::FIELD_ID.'` FROM '.(\SYSTEM\system::isSystemDbInfoPG() ? \SYSTEM\DBD\locale_string::NAME_PG : \SYSTEM\DBD\locale_string::NAME_MYS).' WHERE '.\SYSTEM\DBD\locale_string::FIELD_CATEGORY.' = '.(\SYSTEM\system::isSystemDbInfoPG() ? '$1' : '?').';', $res = $con->prepare( 'localeStmt', 'SELECT '.$q.$lang.$q.','.$q.\SYSTEM\DBD\locale_string::FIELD_ID.$q.' FROM '.(\SYSTEM\system::isSystemDbInfoPG() ? \SYSTEM\DBD\locale_string::NAME_PG : \SYSTEM\DBD\locale_string::NAME_MYS).' WHERE '.\SYSTEM\DBD\locale_string::FIELD_CATEGORY.' = '.(\SYSTEM\system::isSystemDbInfoPG() ? '$1' : '?').';',
array($cat)); array($cat));
$result = array(); $result = array();