PageRenderTime 32ms CodeModel.GetById 25ms RepoModel.GetById 0ms app.codeStats 0ms

/src/storage/qsprintf/qsprintf.php

http://github.com/facebook/phabricator
PHP | 313 lines | 199 code | 30 blank | 84 comment | 38 complexity | f9b31bcaa7879de957a34f912c2f2c44 MD5 | raw file
Possible License(s): JSON, MPL-2.0-no-copyleft-exception, Apache-2.0, BSD-3-Clause, LGPL-2.0, MIT, LGPL-2.1, LGPL-3.0 
    

  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * Copyright 2011 Facebook, Inc.
    5. 

  5.  *
    6. 

  6.  * Licensed under the Apache License, Version 2.0 (the "License");
    7. 

  7.  * you may not use this file except in compliance with the License.
    8. 

  8.  * You may obtain a copy of the License at
    9. 

  9.  *
    10. 

  10.  *   http://www.apache.org/licenses/LICENSE-2.0
    11. 

  11.  *
    12. 

  12.  * Unless required by applicable law or agreed to in writing, software
    13. 

  13.  * distributed under the License is distributed on an "AS IS" BASIS,
    14. 

  14.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15. 

  15.  * See the License for the specific language governing permissions and
    16. 

  16.  * limitations under the License.
    17. 

  17.  */
    18. 

  18. 

  19. /**
    20. 

  20.  * Format an SQL query. This function behaves like sprintf(), except that
    21. 

  21.  * all the normal conversions (like %s) will be properly escaped, and
    22. 

  22.  * additional conversions are supported:
    23. 

  23.  *
    24. 

  24.  *   %nd, %ns, %nf
    25. 

  25.  *     "Nullable" versions of %d, %s and %f. Will produce 'NULL' if the
    26. 

  26.  *     argument is a strict null.
    27. 

  27.  *
    28. 

  28.  *   %=d, %=s, %=f
    29. 

  29.  *     "Nullable Test" versions of %d, %s and %f. If you pass a value, you
    30. 

  30.  *     get "= 3"; if you pass null, you get "IS NULL". For instance, this
    31. 

  31.  *     will work properly if `hatID' is a nullable column and $hat is null.
    32. 

  32.  *
    33. 

  33.  *       qsprintf($conn, 'WHERE hatID %=d', $hat);
    34. 

  34.  *
    35. 

  35.  *   %Ld, %Ls, %Lf
    36. 

  36.  *     "List" versions of %d, %s and %f. These are appropriate for use in
    37. 

  37.  *     an "IN" clause. For example:
    38. 

  38.  *
    39. 

  39.  *       qsprintf($conn, 'WHERE hatID IN(%Ld)', $list_of_hats);
    40. 

  40.  *
    41. 

  41.  *   %T ("Table")
    42. 

  42.  *     Escapes a table name.
    43. 

  43.  *
    44. 

  44.  *   %C, %LC
    45. 

  45.  *     Escapes a column name or a list of column names.
    46. 

  46.  *
    47. 

  47.  *   %K ("Comment")
    48. 

  48.  *     Escapes a comment.
    49. 

  49.  *
    50. 

  50.  *   %Q ("Query Fragment")
    51. 

  51.  *     Injects a raw query fragment. Extremely dangerous! Not escaped!
    52. 

  52.  *
    53. 

  53.  *   %~ ("Substring")
    54. 

  54.  *     Escapes a substring query for a LIKE (or NOT LIKE) clause. For example:
    55. 

  55.  *
    56. 

  56.  *       //  Find all rows with $search as a substing of `name`.
    57. 

  57.  *       qsprintf($conn, 'WHERE name LIKE %~', $search);
    58. 

  58.  *
    59. 

  59.  *     See also %> and %<.
    60. 

  60.  *
    61. 

  61.  *   %> ("Prefix")
    62. 

  62.  *     Escapes a prefix query for a LIKE clause. For example:
    63. 

  63.  *
    64. 

  64.  *       //  Find all rows where `name` starts with $prefix.
    65. 

  65.  *       qsprintf($conn, 'WHERE name LIKE %>', $prefix);
    66. 

  66.  *
    67. 

  67.  *   %< ("Suffix")
    68. 

  68.  *     Escapes a suffix query for a LIKE clause. For example:
    69. 

  69.  *
    70. 

  70.  *       //  Find all rows where `name` ends with $suffix.
    71. 

  71.  *       qsprintf($conn, 'WHERE name LIKE %<', $suffix);
    72. 

  72.  *
    73. 

  73.  * @group storage
    74. 

  74.  */
    75. 

  75. function qsprintf($conn, $pattern/*, ... */) {
    76. 

  76.   $args = func_get_args();
    77. 

  77.   array_shift($args);
    78. 

  78.   return xsprintf('xsprintf_query', $conn, $args);
    79. 

  79. }
    80. 

  80. 

  81. /**
    82. 

  82.  * @group storage
    83. 

  83.  */
    84. 

  84. function vqsprintf($conn, $pattern, array $argv) {
    85. 

  85.   array_unshift($argv, $pattern);
    86. 

  86.   return xsprintf('xsprintf_query', $conn, $argv);
    87. 

  87. }
    88. 

  88. 

  89. 

  90. /**
    91. 

  91.  * xsprintf() callback for encoding SQL queries. See qsprintf().
    92. 

  92.  * @group storage
    93. 

  93.  */
    94. 

  94. function xsprintf_query($userdata, &$pattern, &$pos, &$value, &$length) {
    95. 

  95.   $type   = $pattern[$pos];
    96. 

  96.   $conn   = $userdata;
    97. 

  97.   $next   = (strlen($pattern) > $pos + 1) ? $pattern[$pos + 1] : null;
    98. 

  98. 

  99.   $nullable = false;
    100. 

  100.   $done     = false;
    101. 

  101. 

  102.   $prefix   = '';
    103. 

  103. 

  104.   if (!($conn instanceof AphrontDatabaseConnection)) {
    105. 

  105.     throw new Exception("Invalid database connection!");
    106. 

  106.   }
    107. 

  107. 

  108.   switch ($type) {
    109. 

  109.     case '=': // Nullable test
    110. 

  110.       switch ($next) {
    111. 

  111.         case 'd':
    112. 

  112.         case 'f':
    113. 

  113.         case 's':
    114. 

  114.           $pattern = substr_replace($pattern, '', $pos, 1);
    115. 

  115.           $length  = strlen($pattern);
    116. 

  116.           $type  = 's';
    117. 

  117.           if ($value === null) {
    118. 

  118.             $value = 'IS NULL';
    119. 

  119.             $done = true;
    120. 

  120.           } else {
    121. 

  121.             $prefix = '= ';
    122. 

  122.             $type = $next;
    123. 

  123.           }
    124. 

  124.           break;
    125. 

  125.         default:
    126. 

  126.           throw new Exception('Unknown conversion, try %=d, %=s, or %=f.');
    127. 

  127.       }
    128. 

  128.       break;
    129. 

  129. 

  130.     case 'n': // Nullable...
    131. 

  131.       switch ($next) {
    132. 

  132.         case 'd': //  ...integer.
    133. 

  133.         case 'f': //  ...float.
    134. 

  134.         case 's': //  ...string.
    135. 

  135.           $pattern = substr_replace($pattern, '', $pos, 1);
    136. 

  136.           $length = strlen($pattern);
    137. 

  137.           $type = $next;
    138. 

  138.           $nullable = true;
    139. 

  139.           break;
    140. 

  140.         default:
    141. 

  141.           throw new Exception('Unknown conversion, try %nd or %ns.');
    142. 

  142.       }
    143. 

  143.       break;
    144. 

  144. 

  145.     case 'L': // List of..
    146. 

  146.       _qsprintf_check_type($value, "L{$next}", $pattern);
    147. 

  147.       $pattern = substr_replace($pattern, '', $pos, 1);
    148. 

  148.       $length  = strlen($pattern);
    149. 

  149.       $type = 's';
    150. 

  150.       $done = true;
    151. 

  151. 

  152.       switch ($next) {
    153. 

  153.         case 'd': //  ...integers.
    154. 

  154.           $value = implode(', ', array_map('intval', $value));
    155. 

  155.           break;
    156. 

  156.         case 's': // ...strings.
    157. 

  157.           foreach ($value as $k => $v) {
    158. 

  158.             $value[$k] = "'".$conn->escapeString($v)."'";
    159. 

  159.           }
    160. 

  160.           $value = implode(', ', $value);
    161. 

  161.           break;
    162. 

  162.         case 'C': // ...columns.
    163. 

  163.           foreach ($value as $k => $v) {
    164. 

  164.             $value[$k] = $conn->escapeColumnName($v);
    165. 

  165.           }
    166. 

  166.           $value = implode(', ', $value);
    167. 

  167.           break;
    168. 

  168.         default:
    169. 

  169.           throw new Exception("Unknown conversion %L{$next}.");
    170. 

  170.       }
    171. 

  171.       break;
    172. 

  172.   }
    173. 

  173. 

  174.   if (!$done) {
    175. 

  175.     _qsprintf_check_type($value, $type, $pattern);
    176. 

  176.     switch ($type) {
    177. 

  177.       case 's': // String
    178. 

  178.         if ($nullable && $value === null) {
    179. 

  179.           $value = 'NULL';
    180. 

  180.         } else {
    181. 

  181.           $value = "'".$conn->escapeString($value)."'";
    182. 

  182.         }
    183. 

  183.         $type = 's';
    184. 

  184.         break;
    185. 

  185. 

  186.       case 'Q': // Query Fragment
    187. 

  187.         $type = 's';
    188. 

  188.         break;
    189. 

  189. 

  190.       case '~': // Like Substring
    191. 

  191.       case '>': // Like Prefix
    192. 

  192.       case '<': // Like Suffix
    193. 

  193.         $value = $conn->escapeStringForLikeClause($value);
    194. 

  194.         switch ($type) {
    195. 

  195.           case '~': $value = "'%".$value."%'"; break;
    196. 

  196.           case '>': $value = "'" .$value."%'"; break;
    197. 

  197.           case '<': $value = "'%".$value. "'"; break;
    198. 

  198.         }
    199. 

  199.         $type  = 's';
    200. 

  200.         break;
    201. 

  201. 

  202.       case 'f': // Float
    203. 

  203.         if ($nullable && $value === null) {
    204. 

  204.           $value = 'NULL';
    205. 

  205.         } else {
    206. 

  206.           $value = (float)$value;
    207. 

  207.         }
    208. 

  208.         $type = 's';
    209. 

  209.         break;
    210. 

  210. 

  211.       case 'd': // Integer
    212. 

  212.         if ($nullable && $value === null) {
    213. 

  213.           $value = 'NULL';
    214. 

  214.         } else {
    215. 

  215.           $value = (int)$value;
    216. 

  216.         }
    217. 

  217.         $type = 's';
    218. 

  218.         break;
    219. 

  219. 

  220.       case 'T': // Table
    221. 

  221.       case 'C': // Column
    222. 

  222.         $value = $conn->escapeColumnName($value);
    223. 

  223.         $type = 's';
    224. 

  224.         break;
    225. 

  225. 

  226.       case 'K': // Komment
    227. 

  227.         $value = $conn->escapeMultilineComment($value);
    228. 

  228.         $type = 's';
    229. 

  229.         break;
    230. 

  230. 

  231.       default:
    232. 

  232.         throw new Exception("Unknown conversion '%{$type}'.");
    233. 

  233. 

  234.     }
    235. 

  235.   }
    236. 

  236. 

  237.   if ($prefix) {
    238. 

  238.     $value = $prefix.$value;
    239. 

  239.   }
    240. 

  240.   $pattern[$pos] = $type;
    241. 

  241. }
    242. 

  242. 

  243. 

  244. /**
    245. 

  245.  * @group storage
    246. 

  246.  */
    247. 

  247. function _qsprintf_check_type($value, $type, $query) {
    248. 

  248.   switch ($type) {
    249. 

  249.     case 'Ld': case 'Ls': case 'LC': case 'LA': case 'LO':
    250. 

  250.       if (!is_array($value)) {
    251. 

  251.         throw new AphrontQueryParameterException(
    252. 

  252.           $query,
    253. 

  253.           "Expected array argument for %{$type} conversion.");
    254. 

  254.       }
    255. 

  255.       if (empty($value)) {
    256. 

  256.         throw new AphrontQueryParameterException(
    257. 

  257.           $query,
    258. 

  258.           "Array for %{$type} conversion is empty.");
    259. 

  259.       }
    260. 

  260. 

  261.       foreach ($value as $scalar) {
    262. 

  262.         _qsprintf_check_scalar_type($scalar, $type, $query);
    263. 

  263.       }
    264. 

  264.       break;
    265. 

  265.     default:
    266. 

  266.       _qsprintf_check_scalar_type($value, $type, $query);
    267. 

  267.   }
    268. 

  268. }
    269. 

  269. 

  270. 

  271. /**
    272. 

  272.  * @group storage
    273. 

  273.  */
    274. 

  274. function _qsprintf_check_scalar_type($value, $type, $query) {
    275. 

  275.   switch ($type) {
    276. 

  276.     case 'Q': case 'LC': case 'T': case 'C':
    277. 

  277.       if (!is_string($value)) {
    278. 

  278.         throw new AphrontQueryParameterException(
    279. 

  279.           $query,
    280. 

  280.           "Expected a string for %{$type} conversion.");
    281. 

  281.       }
    282. 

  282.       break;
    283. 

  283. 

  284.     case 'Ld': case 'd': case 'f':
    285. 

  285.       if (!is_null($value) && !is_numeric($value)) {
    286. 

  286.         throw new AphrontQueryParameterException(
    287. 

  287.           $query,
    288. 

  288.           "Expected a numeric scalar or null for %{$type} conversion.");
    289. 

  289.       }
    290. 

  290.       break;
    291. 

  291. 

  292.     case 'Ls': case 's':
    293. 

  293.     case '~': case '>': case '<': case 'K':
    294. 

  294.       if (!is_null($value) && !is_scalar($value)) {
    295. 

  295.         throw new AphrontQueryParameterException(
    296. 

  296.           $query,
    297. 

  297.           "Expected a scalar or null for %{$type} conversion.");
    298. 

  298.       }
    299. 

  299.       break;
    300. 

  300. 

  301.     case 'LA': case 'LO':
    302. 

  302.       if (!is_null($value) && !is_scalar($value) &&
    303. 

  303.           !(is_array($value) && !empty($value))) {
    304. 

  304.         throw new AphrontQueryParameterException(
    305. 

  305.           $query,
    306. 

  306.           "Expected a scalar or null or non-empty array for ".
    307. 

  307.           "%{$type} conversion.");
    308. 

  308.       }
    309. 

  309.       break;
    310. 

  310.     default:
    311. 

  311.       throw new Exception("Unknown conversion '{$type}'.");
    312. 

  312.   }
    313. 

  313. }
    314. 

  314.