Fix prepare variables when special where/and/or columns.
This commit is contained in:
parent
38d2a90318
commit
ad7b78f427
@ -380,6 +380,17 @@ class Model {
|
|||||||
return new static();
|
return new static();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Elimina los caracteres que no son alfanuméricos o _.
|
||||||
|
*
|
||||||
|
* @param string $string
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
private static function cleanString(string $string) :string {
|
||||||
|
return preg_replace('/[^A-Za-z0-9_]/', '', $string);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Define el WHERE en la sentencia SQL.
|
* Define el WHERE en la sentencia SQL.
|
||||||
*
|
*
|
||||||
@ -407,8 +418,9 @@ class Model {
|
|||||||
if ($no_filter) {
|
if ($no_filter) {
|
||||||
static::$querySelect['where'] = "$column$operatorOrValue$value";
|
static::$querySelect['where'] = "$column$operatorOrValue$value";
|
||||||
} else {
|
} else {
|
||||||
static::$queryVars[":where_$column"] = $value;
|
$cleanColum = static::cleanString($column);
|
||||||
static::$querySelect['where'] = "$column$operatorOrValue:where_$column";
|
static::$queryVars[":where_$cleanColum"] = $value;
|
||||||
|
static::$querySelect['where'] = "$column$operatorOrValue:where_$cleanColum";
|
||||||
}
|
}
|
||||||
|
|
||||||
return new static();
|
return new static();
|
||||||
@ -554,8 +566,9 @@ class Model {
|
|||||||
if ($no_filter)
|
if ($no_filter)
|
||||||
static::$querySelect['AndOr'] .= " AND $column$operatorOrValue$value";
|
static::$querySelect['AndOr'] .= " AND $column$operatorOrValue$value";
|
||||||
else {
|
else {
|
||||||
static::$queryVars[":and_$column"] = $value;
|
$cleanColum = static::cleanString($column);
|
||||||
static::$querySelect['AndOr'] .= " AND $column$operatorOrValue:and_$column";
|
static::$queryVars[":and_$cleanColum"] = $value;
|
||||||
|
static::$querySelect['AndOr'] .= " AND $column$operatorOrValue:and_$cleanColum";
|
||||||
}
|
}
|
||||||
|
|
||||||
return new static();
|
return new static();
|
||||||
@ -588,8 +601,9 @@ class Model {
|
|||||||
if ($no_filter)
|
if ($no_filter)
|
||||||
static::$querySelect['AndOr'] .= " OR $column$operatorOrValue$value";
|
static::$querySelect['AndOr'] .= " OR $column$operatorOrValue$value";
|
||||||
else {
|
else {
|
||||||
static::$queryVars[":or_$column"] = $value;
|
$cleanColum = static::cleanString($column);
|
||||||
static::$querySelect['AndOr'] .= " OR $column$operatorOrValue:or_$column";
|
static::$queryVars[":or_$cleanColum"] = $value;
|
||||||
|
static::$querySelect['AndOr'] .= " OR $column$operatorOrValue:or_$cleanColum";
|
||||||
}
|
}
|
||||||
|
|
||||||
return new static();
|
return new static();
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user