20 defined(
'XOOPS_ROOT_PATH') or die('Restricted access');
43 function cleanVars(&$object)
48 $vars = $object->getVars();
49 $object->cleanVars = array();
50 foreach (
$vars as $k => $v) {
54 $cleanv = $v[
'value'];
55 switch ($v[
"data_type"]) {
66 if ($v[
'required'] && $cleanv !=
'0' && $cleanv ==
'') {
71 if (isset($v[
'maxlength']) && strlen($cleanv) > intval($v[
'maxlength'])) {
76 $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv));
78 $cleanv = $ts->censorString($cleanv);
80 $cleanv = str_replace(
'\\"',
'"', $this->handler->db->quote($cleanv));
84 if ($v[
'required'] && $cleanv !=
'0' && $cleanv ==
'') {
90 if (!empty(
$vars[
'dohtml'][
'value'])) {
91 $cleanv = $ts->textFilter($cleanv);
93 $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv));
95 $cleanv = $ts->censorString($cleanv);
97 $cleanv = str_replace(
'\\"',
'"', $this->handler->db->quote($cleanv));
101 if ($v[
'required'] && $cleanv !=
'0' && $cleanv ==
'') {
105 if (isset($v[
'maxlength']) && strlen($cleanv) > intval($v[
'maxlength'])) {
109 if (!$v[
'not_gpc']) {
110 $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv));
112 $cleanv = $ts->censorString($cleanv);
114 $cleanv = str_replace(
'\\"',
'"', $this->handler->db->quote($cleanv));
118 if ($v[
'required'] && $cleanv !=
'0' && $cleanv ==
'') {
122 if (!$v[
'not_gpc']) {
123 if (!empty(
$vars[
'dohtml'][
'value'])) {
124 $cleanv = $ts->textFilter($cleanv);
126 $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv));
128 $cleanv = $ts->censorString($cleanv);
130 $cleanv = str_replace(
'\\"',
'"', $this->handler->db->quote($cleanv));
134 $cleanv = trim($cleanv);
135 if (!$v[
'not_gpc']) {
136 $cleanv = $ts->stripSlashesGPC($cleanv);
140 $cleanv = str_replace(
'\\"',
'"', $this->handler->db->quote($cleanv));
144 $cleanv = trim($cleanv);
145 if ($v[
'required'] && $cleanv ==
'') {
149 if (!$v[
'not_gpc']) {
150 $cleanv = $ts->stripSlashesGPC($cleanv);
156 $cleanv = trim($cleanv);
157 if ($v[
'required'] && $cleanv ==
'') {
161 if ($cleanv !=
'' && !preg_match(
"/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+([\.][a-z0-9-]+)+$/i", $cleanv)) {
165 if (!$v[
'not_gpc']) {
166 $cleanv = $ts->stripSlashesGPC($cleanv);
168 $cleanv = str_replace(
'\\"',
'"', $this->handler->db->quote($cleanv));
173 $cleanv = trim($cleanv);
174 if ($v[
'required'] && $cleanv ==
'') {
178 if ($cleanv !=
'' && !preg_match(
"/^http[s]*:\/\//i", $cleanv)) {
179 $cleanv =
'http://' . $cleanv;
181 if (!$v[
'not_gpc']) {
182 $cleanv = $ts->stripSlashesGPC($cleanv);
187 $cleanv = trim($cleanv);
188 if ($v[
'required'] && $cleanv ==
'') {
192 if ($cleanv !=
'' && !preg_match(
"/^http[s]*:\/\//i", $cleanv)) {
193 $cleanv =
'http://' . $cleanv;
195 if (!$v[
'not_gpc']) {
196 $cleanv = $ts->stripSlashesGPC($cleanv);
198 $cleanv = str_replace(
'\\"',
'"', $this->handler->db->quote($cleanv));
207 $cleanv = str_replace(
'\\"',
'"', $this->handler->db->quote($cleanv));
211 $cleanv = intval($cleanv);
215 $cleanv = floatval($cleanv);
219 $cleanv = doubleval($cleanv);
224 if (!$v[
'not_gpc']) {
225 $cleanv = array_map(array(&$ts ,
"stripSlashesGPC"), $cleanv);
227 foreach (array_keys($cleanv) as $key) {
228 $cleanv[$key] = str_replace(
'\\"',
'"', addslashes($cleanv[$key]));
231 $cleanv =
"'" . serialize(array_walk($cleanv,
'xoops_aw_encode')) .
"'";
235 $cleanv = (array) $cleanv;
236 if (!$v[
'not_gpc']) {
237 $cleanv = array_map(array(&$ts ,
"stripSlashesGPC"), $cleanv);
239 foreach (array_keys($cleanv) as $key) {
240 $cleanv[$key] = str_replace(
'\\"',
'"', addslashes($cleanv[$key]));
243 $cleanv =
"'" . serialize($cleanv) .
"'";
249 $cleanv = !is_string($cleanv) ? intval($cleanv) : strtotime($cleanv);
253 $cleanv = str_replace(
'\\"',
'"', $this->handler->db->quote($cleanv));
256 $object->cleanVars[$k] = $cleanv;
261 $object->unsetDirty();
262 return empty(
$errors) ?
true :
false;
272 function insert(&$object, $force =
true)
274 if (!$object->isDirty()) {
275 trigger_error(
"Data entry is not inserted - the object '" . get_class($object) .
"' is not dirty", E_USER_NOTICE);
276 return $object->getVar($this->handler->keyName);
278 if (!$this->cleanVars($object)) {
279 trigger_error(
"Insert failed in method 'cleanVars' of object '" . get_class($object) .
"'", E_USER_WARNING);
280 return $object->getVar($this->handler->keyName);
282 $queryFunc = empty($force) ?
"query" :
"queryF";
284 if ($object->isNew()) {
285 $sql =
"INSERT INTO `" . $this->handler->table .
"`";
286 if (!empty($object->cleanVars)) {
287 $keys = array_keys($object->cleanVars);
288 $vals = array_values($object->cleanVars);
289 $sql .=
" (`" . implode(
"`, `", $keys) .
"`) VALUES (" . implode(
",", $vals) .
")";
291 trigger_error(
"Data entry is not inserted - no variable is changed in object of '" . get_class($object) .
"'", E_USER_NOTICE);
292 return $object->getVar($this->handler->keyName);
294 if (!
$result = $this->handler->db->{$queryFunc}(
$sql)) {
297 if (!$object->getVar($this->handler->keyName) && $object_id = $this->handler->db->getInsertId()) {
298 $object->assignVar($this->handler->keyName, $object_id);
300 }
else if (!empty($object->cleanVars)) {
302 foreach ($object->cleanVars as $k => $v) {
303 $keys[] =
" `{$k}` = {$v}";
305 $sql =
"UPDATE `" . $this->handler->table .
"` SET " . implode(
",", $keys) .
" WHERE `" . $this->handler->keyName .
"` = " . $this->handler->db->quote($object->getVar($this->handler->keyName));
306 if (!
$result = $this->handler->db->{$queryFunc}(
$sql)) {
310 return $object->getVar($this->handler->keyName);
320 function delete(&$object, $force =
false)
322 if (is_array($this->handler->keyName)) {
324 for (
$i = 0;
$i < count($this->handler->keyName);
$i++) {
325 $clause[] =
"`" . $this->handler->keyName[
$i] .
"` = " . $this->handler->db->quote($object->getVar($this->handler->keyName[
$i]));
327 $whereclause = implode(
" AND ", $clause);
329 $whereclause =
"`" . $this->handler->keyName .
"` = " . $this->handler->db->quote($object->getVar($this->handler->keyName));
331 $sql =
"DELETE FROM `" . $this->handler->table .
"` WHERE " . $whereclause;
332 $queryFunc = empty($force) ?
"query" :
"queryF";
334 return empty(
$result) ?
false :
true;
345 function deleteAll(
$criteria = null, $force =
true, $asObject =
false)
348 $objects = $this->handler->getAll(
$criteria);
350 foreach (array_keys($objects) as $key) {
351 $num += $this->
delete($objects[$key], $force) ? 1 : 0;
356 $queryFunc = empty($force) ?
'query' :
'queryF';
357 $sql =
'DELETE FROM ' . $this->handler->table;
359 if (is_subclass_of(
$criteria,
'criteriaelement')) {
365 if (!$this->handler->db->{$queryFunc}(
$sql)) {
368 return $this->handler->db->getAffectedRows();
380 function updateAll($fieldname, $fieldvalue,
$criteria = null, $force =
false)
382 $set_clause =
"`{$fieldname}` = ";
383 if (is_numeric($fieldvalue)) {
384 $set_clause .= $fieldvalue;
385 }
else if (is_array($fieldvalue)) {
386 $set_clause .= $this->handler->db->quote(implode(
',', $fieldvalue));
388 $set_clause .= $this->handler->db->quote($fieldvalue);
390 $sql =
'UPDATE `' . $this->handler->table .
'` SET ' . $set_clause;
394 $queryFunc = empty($force) ?
'query' :
'queryF';
396 return empty(
$result) ?
false :
true;