From 282dff4f18672c22f171768a983a740d1a8e0096 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Wed, 17 Apr 2013 13:33:42 -0400
Subject: [PATCH] Add rcube_db::escape() method, fix escapeSimple() to use escape instead of quote()

---
 program/lib/Roundcube/rcube_db.php |   77 +++++++++++++++++++++++++++++++++++---
 1 files changed, 71 insertions(+), 6 deletions(-)

diff --git a/program/lib/Roundcube/rcube_db.php b/program/lib/Roundcube/rcube_db.php
index 47ddc81..9cda023 100644
--- a/program/lib/Roundcube/rcube_db.php
+++ b/program/lib/Roundcube/rcube_db.php
@@ -70,7 +70,7 @@
         $driver = isset($driver_map[$driver]) ? $driver_map[$driver] : $driver;
         $class  = "rcube_db_$driver";
 
-        if (!class_exists($class)) {
+        if (!$driver || !class_exists($class)) {
             rcube::raise_error(array('code' => 600, 'type' => 'db',
                 'line' => __LINE__, 'file' => __FILE__,
                 'message' => "Configuration error. Unsupported database driver: $driver"),
@@ -222,7 +222,7 @@
         $this->db_connected = is_object($this->dbh);
 
         // use write-master when read-only fails
-        if (!$this->db_connected && $mode == 'r') {
+        if (!$this->db_connected && $mode == 'r' && $this->is_replicated()) {
             $mode = 'w';
             $this->dbh          = $this->dsn_connect($this->db_dsnw_array);
             $this->db_connected = is_object($this->dbh);
@@ -400,6 +400,11 @@
 
         $this->debug($query);
 
+        // destroy reference to previous result, required for SQLite driver (#1488874)
+        $this->last_result = null;
+        $this->db_error_msg = null;
+
+        // send query
         $query = $this->dbh->query($query);
 
         if ($query === false) {
@@ -422,7 +427,7 @@
      *
      * @param mixed $result Optional query handle
      *
-     * @return int Number of rows or false on failure
+     * @return int Number of (matching) rows
      */
     public function affected_rows($result = null)
     {
@@ -431,6 +436,32 @@
         }
 
         return 0;
+    }
+
+    /**
+     * Get number of rows for a SQL query
+     * If no query handle is specified, the last query will be taken as reference
+     *
+     * @param mixed $result Optional query handle
+     * @return mixed   Number of rows or false on failure
+     * @deprecated This method shows very poor performance and should be avoided.
+     */
+    public function num_rows($result = null)
+    {
+        if ($result || ($result === null && ($result = $this->last_result))) {
+            // repeat query with SELECT COUNT(*) ...
+            if (preg_match('/^SELECT\s+(?:ALL\s+|DISTINCT\s+)?(?:.*?)\s+FROM\s+(.*)$/ims', $result->queryString, $m)) {
+                $query = $this->dbh->query('SELECT COUNT(*) FROM ' . $m[1], PDO::FETCH_NUM);
+                return $query ? intval($query->fetchColumn(0)) : false;
+            }
+            else {
+                $num = count($result->fetchAll());
+                $result->execute();  // re-execute query because there's no seek(0)
+                return $num;
+            }
+        }
+
+        return false;
     }
 
     /**
@@ -566,7 +597,7 @@
      * Formats input so it can be safely used in a query
      *
      * @param mixed  $input Value to quote
-     * @param string $type  Type of data
+     * @param string $type  Type of data (integer, bool, ident)
      *
      * @return string Quoted/converted string for use in query
      */
@@ -579,6 +610,10 @@
 
         if (is_null($input)) {
             return 'NULL';
+        }
+
+        if ($type == 'ident') {
+            return $this->quote_identifier($input);
         }
 
         // create DB handle if not available
@@ -599,6 +634,22 @@
     }
 
     /**
+     * Escapes a string so it can be safely used in a query
+     *
+     * @param string $str A string to escape
+     *
+     * @return string Escaped string for use in a query
+     */
+    public function escape($str)
+    {
+        if (is_null($str)) {
+            return 'NULL';
+        }
+
+        return substr($this->quote($str), 1, -1);
+    }
+
+    /**
      * Quotes a string so it can be safely used as a table or column name
      *
      * @param string $str Value to quote
@@ -610,6 +661,20 @@
     public function quoteIdentifier($str)
     {
         return $this->quote_identifier($str);
+    }
+
+    /**
+     * Escapes a string so it can be safely used in a query
+     *
+     * @param string $str A string to escape
+     *
+     * @return string Escaped string for use in a query
+     * @deprecated    Replaced by rcube_db::escape
+     * @see           rcube_db::escape
+     */
+    public function escapeSimple($str)
+    {
+        return $this->escape($str);
     }
 
     /**
@@ -630,7 +695,7 @@
             $name[] = $start . $elem . $end;
         }
 
-        return  implode($name, '.');
+        return implode($name, '.');
     }
 
     /**
@@ -647,7 +712,7 @@
      * Return list of elements for use with SQL's IN clause
      *
      * @param array  $arr  Input array
-     * @param string $type Type of data
+     * @param string $type Type of data (integer, bool, ident)
      *
      * @return string Comma-separated list of quoted values for use in query
      */

--
Gitblit v1.9.1