Properly prepare insertIfNotExist queries.
This commit is contained in:
parent
c2a49b5c1f
commit
1c3f5ba6ef
27
lib/db.php
27
lib/db.php
|
@ -633,18 +633,20 @@ class OC_DB {
|
|||
$type = self::$type;
|
||||
|
||||
$query = '';
|
||||
$inserts = array_values($input);
|
||||
// differences in escaping of table names ('`' for mysql) and getting the current timestamp
|
||||
if( $type == 'sqlite' || $type == 'sqlite3' ) {
|
||||
// NOTE: For SQLite we have to use this clumsy approach
|
||||
// otherwise all fieldnames used must have a unique key.
|
||||
$query = 'SELECT * FROM "' . $table . '" WHERE ';
|
||||
foreach($input as $key => $value) {
|
||||
$query .= $key . " = '" . $value . '\' AND ';
|
||||
$query .= $key . ' = ? AND ';
|
||||
}
|
||||
$query = substr($query, 0, strlen($query) - 5);
|
||||
try {
|
||||
$stmt = self::prepare($query);
|
||||
$result = $stmt->execute();
|
||||
$result = $stmt->execute($inserts);
|
||||
|
||||
} catch(PDOException $e) {
|
||||
$entry = 'DB Error: "'.$e->getMessage() . '"<br />';
|
||||
$entry .= 'Offending command was: ' . $query . '<br />';
|
||||
|
@ -653,27 +655,28 @@ class OC_DB {
|
|||
OC_Template::printErrorPage( $entry );
|
||||
}
|
||||
|
||||
if($result->numRows() == 0) {
|
||||
if((int)$result->numRows() === 0) {
|
||||
$query = 'INSERT INTO "' . $table . '" ("'
|
||||
. implode('","', array_keys($input)) . '") VALUES("'
|
||||
. implode('","', array_values($input)) . '")';
|
||||
. implode('","', array_keys($input)) . '") VALUES('
|
||||
. str_repeat('?,', count($input)-1).'? ' . ')';
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
} elseif( $type == 'pgsql' || $type == 'oci' || $type == 'mysql' || $type == 'mssql') {
|
||||
$query = 'INSERT INTO `' .$table . '` ('
|
||||
. implode(',', array_keys($input)) . ') SELECT \''
|
||||
. implode('\',\'', array_values($input)) . '\' FROM ' . $table . ' WHERE ';
|
||||
$query = 'INSERT INTO `' .$table . '` (`'
|
||||
. implode('`,`', array_keys($input)) . '`) SELECT '
|
||||
. str_repeat('?,', count($input)-1).'? ' // Is there a prettier alternative?
|
||||
. 'FROM ' . $table . ' WHERE ';
|
||||
|
||||
foreach($input as $key => $value) {
|
||||
$query .= $key . " = '" . $value . '\' AND ';
|
||||
$query .= '`' . $key . '` = ? AND ';
|
||||
}
|
||||
$query = substr($query, 0, strlen($query) - 5);
|
||||
$query .= ' HAVING COUNT(*) = 0';
|
||||
$inserts = array_merge($inserts, $inserts);
|
||||
}
|
||||
|
||||
// TODO: oci should be use " (quote) instead of ` (backtick).
|
||||
//OC_Log::write('core', __METHOD__ . ', type: ' . $type . ', query: ' . $query, OC_Log::DEBUG);
|
||||
// TODO: oci should be use " (quote) instead of ` (backtick)?
|
||||
|
||||
try {
|
||||
$result = self::prepare($query);
|
||||
|
@ -685,7 +688,7 @@ class OC_DB {
|
|||
OC_Template::printErrorPage( $entry );
|
||||
}
|
||||
|
||||
return $result->execute();
|
||||
return $result->execute($inserts);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue