Changeset View
Changeset View
Standalone View
Standalone View
src/xsprintf/qsprintf.php
| Show All 14 Lines | |||||
| * will work properly if `hatID' is a nullable column and $hat is null. | * will work properly if `hatID' is a nullable column and $hat is null. | ||||
| * | * | ||||
| * qsprintf($escaper, 'WHERE hatID %=d', $hat); | * qsprintf($escaper, 'WHERE hatID %=d', $hat); | ||||
| * | * | ||||
| * %Ld, %Ls, %Lf, %LB | * %Ld, %Ls, %Lf, %LB | ||||
| * "List" versions of %d, %s, %f and %B. These are appropriate for use in | * "List" versions of %d, %s, %f and %B. These are appropriate for use in | ||||
| * an "IN" clause. For example: | * an "IN" clause. For example: | ||||
| * | * | ||||
| * qsprintf($escaper, 'WHERE hatID IN(%Ld)', $list_of_hats); | * qsprintf($escaper, 'WHERE hatID IN (%Ld)', $list_of_hats); | ||||
| * | * | ||||
| * %B ("Binary String") | * %B ("Binary String") | ||||
| * Escapes a string for insertion into a pure binary column, ignoring | * Escapes a string for insertion into a pure binary column, ignoring | ||||
| * tests for characters outside of the basic multilingual plane. | * tests for characters outside of the basic multilingual plane. | ||||
| * | * | ||||
| * %T ("Table") | * %C, %LC ("Column") | ||||
| * Escapes a table name. | |||||
| * | |||||
| * %C, %LC | |||||
| * Escapes a column name or a list of column names. | * Escapes a column name or a list of column names. | ||||
| * | * | ||||
| * %K ("Comment") | * %K ("Comment") | ||||
| * Escapes a comment. | * Escapes a comment. | ||||
| * | * | ||||
| * %Q ("Query Fragment") | * %Q ("Query Fragment") | ||||
| * Injects a raw query fragment. Extremely dangerous! Not escaped! | * Injects a query fragment from a prior call to qsprintf(). | ||||
| * | |||||
| * %R ("Database and Table Reference") | |||||
| * Behaves like "%T.%T" and prints a full reference to a table including | |||||
| * the database. Accepts a AphrontDatabaseTableRefInterface. | |||||
| * | |||||
| * %P ("Password or Secret") | |||||
| * Behaves like "%s", but shows "********" when the query is printed in | |||||
| * logs or traces. Accepts a PhutilOpaqueEnvelope. | |||||
| * | * | ||||
| * %~ ("Substring") | * %~ ("Substring") | ||||
| * Escapes a substring query for a LIKE (or NOT LIKE) clause. For example: | * Escapes a substring query for a LIKE (or NOT LIKE) clause. For example: | ||||
| * | * | ||||
| * // Find all rows with $search as a substring of `name`. | * // Find all rows with $search as a substring of `name`. | ||||
| * qsprintf($escaper, 'WHERE name LIKE %~', $search); | * qsprintf($escaper, 'WHERE name LIKE %~', $search); | ||||
| * | * | ||||
| * See also %> and %<. | * See also %> and %<. | ||||
| * | * | ||||
| * %> ("Prefix") | * %> ("Prefix") | ||||
| * Escapes a prefix query for a LIKE clause. For example: | * Escapes a prefix query for a LIKE clause. For example: | ||||
| * | * | ||||
| * // Find all rows where `name` starts with $prefix. | * // Find all rows where `name` starts with $prefix. | ||||
| * qsprintf($escaper, 'WHERE name LIKE %>', $prefix); | * qsprintf($escaper, 'WHERE name LIKE %>', $prefix); | ||||
| * | * | ||||
| * %< ("Suffix") | * %< ("Suffix") | ||||
| * Escapes a suffix query for a LIKE clause. For example: | * Escapes a suffix query for a LIKE clause. For example: | ||||
| * | * | ||||
| * // Find all rows where `name` ends with $suffix. | * // Find all rows where `name` ends with $suffix. | ||||
| * qsprintf($escaper, 'WHERE name LIKE %<', $suffix); | * qsprintf($escaper, 'WHERE name LIKE %<', $suffix); | ||||
| * | |||||
| * %T ("Table") | |||||
| * Escapes a table name. In most cases, you should use "%R" instead. | |||||
| */ | */ | ||||
| function qsprintf(PhutilQsprintfInterface $escaper, $pattern /* , ... */) { | function qsprintf(PhutilQsprintfInterface $escaper, $pattern /* , ... */) { | ||||
| $args = func_get_args(); | $args = func_get_args(); | ||||
| array_shift($args); | array_shift($args); | ||||
| return new PhutilQueryString($escaper, $args); | return new PhutilQueryString($escaper, $args); | ||||
| } | } | ||||
| function vqsprintf(PhutilQsprintfInterface $escaper, $pattern, array $argv) { | function vqsprintf(PhutilQsprintfInterface $escaper, $pattern, array $argv) { | ||||
| ▲ Show 20 Lines • Show All 182 Lines • ▼ Show 20 Lines | switch ($type) { | ||||
| $table_name = $value->getAphrontRefTableName(); | $table_name = $value->getAphrontRefTableName(); | ||||
| $table_name = $escaper->escapeColumnName($table_name); | $table_name = $escaper->escapeColumnName($table_name); | ||||
| $value = $database_name.'.'.$table_name; | $value = $database_name.'.'.$table_name; | ||||
| $type = 's'; | $type = 's'; | ||||
| break; | break; | ||||
| case 'P': // Password or Secret | |||||
| if ($unmasked) { | |||||
| $value = $value->openEnvelope(); | |||||
| $value = "'".$escaper->escapeUTF8String($value)."'"; | |||||
| } else { | |||||
| $value = '********'; | |||||
| } | |||||
| $type = 's'; | |||||
| break; | |||||
| default: | default: | ||||
| throw new XsprintfUnknownConversionException($type); | throw new XsprintfUnknownConversionException($type); | ||||
| } | } | ||||
| } | } | ||||
| if ($prefix) { | if ($prefix) { | ||||
| $value = $prefix.$value; | $value = $prefix.$value; | ||||
| } | } | ||||
| $pattern[$pos] = $type; | $pattern[$pos] = $type; | ||||
| } | } | ||||
| function qsprintf_check_type($value, $type, $query) { | function qsprintf_check_type($value, $type, $query) { | ||||
| switch ($type) { | switch ($type) { | ||||
| case 'Ld': | case 'Ld': | ||||
| case 'Ls': | case 'Ls': | ||||
| case 'LC': | case 'LC': | ||||
| ▲ Show 20 Lines • Show All 82 Lines • ▼ Show 20 Lines | case 'R': | ||||
| throw new AphrontParameterQueryException( | throw new AphrontParameterQueryException( | ||||
| pht( | pht( | ||||
| 'Parameter to "%s" conversion in "qsprintf(...)" is not an '. | 'Parameter to "%s" conversion in "qsprintf(...)" is not an '. | ||||
| 'instance of AphrontDatabaseTableRefInterface.', | 'instance of AphrontDatabaseTableRefInterface.', | ||||
| '%R')); | '%R')); | ||||
| } | } | ||||
| break; | break; | ||||
| case 'P': | |||||
| if (!($value instanceof PhutilOpaqueEnvelope)) { | |||||
| throw new AphrontParameterQueryException( | |||||
| pht( | |||||
| 'Parameter to "%s" conversion in "qsprintf(...)" is not an '. | |||||
| 'instance of PhutilOpaqueEnvelope.', | |||||
| '%P')); | |||||
| } | |||||
| break; | |||||
| default: | default: | ||||
| throw new XsprintfUnknownConversionException($type); | throw new XsprintfUnknownConversionException($type); | ||||
| } | } | ||||
| } | } | ||||