Changeset View
Changeset View
Standalone View
Standalone View
src/xsprintf/qsprintf.php
Show All 14 Lines | |||||
* will work properly if `hatID' is a nullable column and $hat is null. | * will work properly if `hatID' is a nullable column and $hat is null. | ||||
* | * | ||||
* qsprintf($escaper, 'WHERE hatID %=d', $hat); | * qsprintf($escaper, 'WHERE hatID %=d', $hat); | ||||
* | * | ||||
* %Ld, %Ls, %Lf, %LB | * %Ld, %Ls, %Lf, %LB | ||||
* "List" versions of %d, %s, %f and %B. These are appropriate for use in | * "List" versions of %d, %s, %f and %B. These are appropriate for use in | ||||
* an "IN" clause. For example: | * an "IN" clause. For example: | ||||
* | * | ||||
* qsprintf($escaper, 'WHERE hatID IN(%Ld)', $list_of_hats); | * qsprintf($escaper, 'WHERE hatID IN (%Ld)', $list_of_hats); | ||||
* | * | ||||
* %B ("Binary String") | * %B ("Binary String") | ||||
* Escapes a string for insertion into a pure binary column, ignoring | * Escapes a string for insertion into a pure binary column, ignoring | ||||
* tests for characters outside of the basic multilingual plane. | * tests for characters outside of the basic multilingual plane. | ||||
* | * | ||||
* %T ("Table") | * %C, %LC ("Column") | ||||
* Escapes a table name. | |||||
* | |||||
* %C, %LC | |||||
* Escapes a column name or a list of column names. | * Escapes a column name or a list of column names. | ||||
* | * | ||||
* %K ("Comment") | * %K ("Comment") | ||||
* Escapes a comment. | * Escapes a comment. | ||||
* | * | ||||
* %Q ("Query Fragment") | * %Q ("Query Fragment") | ||||
* Injects a raw query fragment. Extremely dangerous! Not escaped! | * Injects a query fragment from a prior call to qsprintf(). | ||||
* | |||||
* %R ("Database and Table Reference") | |||||
* Behaves like "%T.%T" and prints a full reference to a table including | |||||
* the database. Accepts a AphrontDatabaseTableRefInterface. | |||||
* | |||||
* %P ("Password or Secret") | |||||
* Behaves like "%s", but shows "********" when the query is printed in | |||||
* logs or traces. Accepts a PhutilOpaqueEnvelope. | |||||
* | * | ||||
* %~ ("Substring") | * %~ ("Substring") | ||||
* Escapes a substring query for a LIKE (or NOT LIKE) clause. For example: | * Escapes a substring query for a LIKE (or NOT LIKE) clause. For example: | ||||
* | * | ||||
* // Find all rows with $search as a substring of `name`. | * // Find all rows with $search as a substring of `name`. | ||||
* qsprintf($escaper, 'WHERE name LIKE %~', $search); | * qsprintf($escaper, 'WHERE name LIKE %~', $search); | ||||
* | * | ||||
* See also %> and %<. | * See also %> and %<. | ||||
* | * | ||||
* %> ("Prefix") | * %> ("Prefix") | ||||
* Escapes a prefix query for a LIKE clause. For example: | * Escapes a prefix query for a LIKE clause. For example: | ||||
* | * | ||||
* // Find all rows where `name` starts with $prefix. | * // Find all rows where `name` starts with $prefix. | ||||
* qsprintf($escaper, 'WHERE name LIKE %>', $prefix); | * qsprintf($escaper, 'WHERE name LIKE %>', $prefix); | ||||
* | * | ||||
* %< ("Suffix") | * %< ("Suffix") | ||||
* Escapes a suffix query for a LIKE clause. For example: | * Escapes a suffix query for a LIKE clause. For example: | ||||
* | * | ||||
* // Find all rows where `name` ends with $suffix. | * // Find all rows where `name` ends with $suffix. | ||||
* qsprintf($escaper, 'WHERE name LIKE %<', $suffix); | * qsprintf($escaper, 'WHERE name LIKE %<', $suffix); | ||||
* | |||||
* %T ("Table") | |||||
* Escapes a table name. In most cases, you should use "%R" instead. | |||||
*/ | */ | ||||
function qsprintf(PhutilQsprintfInterface $escaper, $pattern /* , ... */) { | function qsprintf(PhutilQsprintfInterface $escaper, $pattern /* , ... */) { | ||||
$args = func_get_args(); | $args = func_get_args(); | ||||
array_shift($args); | array_shift($args); | ||||
return new PhutilQueryString($escaper, $args); | return new PhutilQueryString($escaper, $args); | ||||
} | } | ||||
function vqsprintf(PhutilQsprintfInterface $escaper, $pattern, array $argv) { | function vqsprintf(PhutilQsprintfInterface $escaper, $pattern, array $argv) { | ||||
▲ Show 20 Lines • Show All 182 Lines • ▼ Show 20 Lines | switch ($type) { | ||||
$table_name = $value->getAphrontRefTableName(); | $table_name = $value->getAphrontRefTableName(); | ||||
$table_name = $escaper->escapeColumnName($table_name); | $table_name = $escaper->escapeColumnName($table_name); | ||||
$value = $database_name.'.'.$table_name; | $value = $database_name.'.'.$table_name; | ||||
$type = 's'; | $type = 's'; | ||||
break; | break; | ||||
case 'P': // Password or Secret | |||||
if ($unmasked) { | |||||
$value = $value->openEnvelope(); | |||||
$value = "'".$escaper->escapeUTF8String($value)."'"; | |||||
} else { | |||||
$value = '********'; | |||||
} | |||||
$type = 's'; | |||||
break; | |||||
default: | default: | ||||
throw new XsprintfUnknownConversionException($type); | throw new XsprintfUnknownConversionException($type); | ||||
} | } | ||||
} | } | ||||
if ($prefix) { | if ($prefix) { | ||||
$value = $prefix.$value; | $value = $prefix.$value; | ||||
} | } | ||||
$pattern[$pos] = $type; | $pattern[$pos] = $type; | ||||
} | } | ||||
function qsprintf_check_type($value, $type, $query) { | function qsprintf_check_type($value, $type, $query) { | ||||
switch ($type) { | switch ($type) { | ||||
case 'Ld': | case 'Ld': | ||||
case 'Ls': | case 'Ls': | ||||
case 'LC': | case 'LC': | ||||
▲ Show 20 Lines • Show All 82 Lines • ▼ Show 20 Lines | case 'R': | ||||
throw new AphrontParameterQueryException( | throw new AphrontParameterQueryException( | ||||
pht( | pht( | ||||
'Parameter to "%s" conversion in "qsprintf(...)" is not an '. | 'Parameter to "%s" conversion in "qsprintf(...)" is not an '. | ||||
'instance of AphrontDatabaseTableRefInterface.', | 'instance of AphrontDatabaseTableRefInterface.', | ||||
'%R')); | '%R')); | ||||
} | } | ||||
break; | break; | ||||
case 'P': | |||||
if (!($value instanceof PhutilOpaqueEnvelope)) { | |||||
throw new AphrontParameterQueryException( | |||||
pht( | |||||
'Parameter to "%s" conversion in "qsprintf(...)" is not an '. | |||||
'instance of PhutilOpaqueEnvelope.', | |||||
'%P')); | |||||
} | |||||
break; | |||||
default: | default: | ||||
throw new XsprintfUnknownConversionException($type); | throw new XsprintfUnknownConversionException($type); | ||||
} | } | ||||
} | } |