diff --git a/src/Libs/Model.php b/src/Libs/Model.php index 8e59f55..f5fb9d0 100644 --- a/src/Libs/Model.php +++ b/src/Libs/Model.php @@ -201,6 +201,23 @@ class Model { return $sql; } + + /** + * Configura $queryVars para vincular un valor a un + * parámetro de sustitución y devuelve este último. + * + * @param string $value + * Valor a vincular. + * + * @return string + * Parámetro de sustitución. + */ + private static function bindValue(string $value) : string{ + $index = ':v_'.count(static::$queryVars); + static::$queryVars[$index] = $value; + return $index; + } + /** * Crea una instancia del objeto actual a partir de un arreglo. * @@ -380,17 +397,6 @@ class Model { return new static(); } - /** - * Elimina los caracteres que no son alfanuméricos o _. - * - * @param string $string - * - * @return string - */ - private static function cleanString(string $string) :string { - return preg_replace('/[^A-Za-z0-9_]/', '', $string); - } - /** * Define el WHERE en la sentencia SQL. * @@ -415,13 +421,10 @@ class Model { $operatorOrValue = '='; } - if ($no_filter) { - static::$querySelect['where'] = "$column$operatorOrValue$value"; - } else { - $cleanColum = static::cleanString($column); - static::$queryVars[":where_$cleanColum"] = $value; - static::$querySelect['where'] = "$column$operatorOrValue:where_$cleanColum"; - } + if (!$no_filter) + $value = static::bindValue($value); + + static::$querySelect['where'] = "$column $operatorOrValue $value"; return new static(); } @@ -442,9 +445,8 @@ class Model { */ public static function where_in(string $column, array $arr, bool $in = true) : Model { $arrIn = []; - foreach($arr as $index => $value) { - $arrIn[] = ":on_$index"; - static::$queryVars[":on_$index"] = $value; + foreach($arr as $value) { + $arrIn[] = static::bindValue($value); } if ($in) @@ -563,13 +565,10 @@ class Model { $operatorOrValue = '='; } - if ($no_filter) - static::$querySelect['AndOr'] .= " AND $column$operatorOrValue$value"; - else { - $cleanColum = static::cleanString($column); - static::$queryVars[":and_$cleanColum"] = $value; - static::$querySelect['AndOr'] .= " AND $column$operatorOrValue:and_$cleanColum"; - } + if (!$no_filter) + $value = static::bindValue($value); + + static::$querySelect['AndOr'] .= " AND $column $operatorOrValue $value"; return new static(); } @@ -598,13 +597,10 @@ class Model { $operatorOrValue = '='; } - if ($no_filter) - static::$querySelect['AndOr'] .= " OR $column$operatorOrValue$value"; - else { - $cleanColum = static::cleanString($column); - static::$queryVars[":or_$cleanColum"] = $value; - static::$querySelect['AndOr'] .= " OR $column$operatorOrValue:or_$cleanColum"; - } + if (!$no_filter) + $value = static::bindValue($value); + + static::$querySelect['AndOr'] .= " OR $column $operatorOrValue $value"; return new static(); } @@ -744,15 +740,15 @@ class Model { $db = static::db(); - static::$queryVars[':search'] = $search; + $search = static::bindValue($search); $where = []; if (DB_TYPE == 'sqlite') foreach($in as $row) - $where[] = "$row LIKE '%' || :search || '%'"; + $where[] = "$row LIKE '%' || $search || '%'"; else foreach($in as $row) - $where[] = "$row LIKE CONCAT('%', :search, '%')"; + $where[] = "$row LIKE CONCAT('%', $search, '%')"; if (static::$querySelect['where']=='')