|
@@ -22,10 +22,10 @@ class MysqlEntity
|
|
|
switch($type){
|
|
|
case 'string':
|
|
|
case 'timestamp':
|
|
|
- $return = 'VARCHAR(225)';
|
|
|
+ $return = 'VARCHAR(225) CHARACTER SET utf8 COLLATE utf8_general_ci';
|
|
|
break;
|
|
|
case 'longstring':
|
|
|
- $return = 'TEXT';
|
|
|
+ $return = 'TEXT CHARACTER SET utf8 COLLATE utf8_general_ci';
|
|
|
break;
|
|
|
case 'key':
|
|
|
$return = 'int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY';
|
|
@@ -38,7 +38,35 @@ class MysqlEntity
|
|
|
$return = 'INT(1)';
|
|
|
break;
|
|
|
default;
|
|
|
- $return = 'TEXT';
|
|
|
+ $return = 'TEXT CHARACTER SET utf8 COLLATE utf8_general_ci';
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ return $return ;
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Protège une variable pour MySQL
|
|
|
+ */
|
|
|
+ protected function secure($value, $field){
|
|
|
+ $type = false;
|
|
|
+
|
|
|
+ // ce champ n'existe pas : on le considère comme une chaîne de caractères
|
|
|
+ if (isset($this->object_fields[$field]))
|
|
|
+ $type = $this->object_fields[$field];
|
|
|
+
|
|
|
+ $return = false;
|
|
|
+ switch($type){
|
|
|
+ case 'key':
|
|
|
+ case 'object':
|
|
|
+ case 'integer':
|
|
|
+ case 'boolean':
|
|
|
+ $return = intval($value);
|
|
|
+ break;
|
|
|
+ case 'string':
|
|
|
+ case 'timestamp':
|
|
|
+ case 'longstring':
|
|
|
+ default;
|
|
|
+ $return = mysql_real_escape_string((string)$value);
|
|
|
break;
|
|
|
}
|
|
|
return $return ;
|
|
@@ -58,10 +86,10 @@ class MysqlEntity
|
|
|
* Methode de suppression de l'entité
|
|
|
* @author Valentin CARRUESCO
|
|
|
* @category manipulation SQL
|
|
|
- * @param <String> $debug='false' active le debug mode (0 ou 1)
|
|
|
+ * @param <String> $debug=false active le debug mode (0 ou 1)
|
|
|
* @return Aucun retour
|
|
|
*/
|
|
|
- public function destroy($debug='false')
|
|
|
+ public function destroy($debug=false)
|
|
|
{
|
|
|
$query = 'DROP TABLE IF EXISTS '.MYSQL_PREFIX.$this->TABLE_NAME.';';
|
|
|
if($this->debug)echo '<hr>'.$this->CLASS_NAME.' ('.__METHOD__ .') : Requete --> '.$query.'<br>'.mysql_error();
|
|
@@ -72,10 +100,10 @@ class MysqlEntity
|
|
|
* Methode de nettoyage de l'entité
|
|
|
* @author Valentin CARRUESCO
|
|
|
* @category manipulation SQL
|
|
|
- * @param <String> $debug='false' active le debug mode (0 ou 1)
|
|
|
+ * @param <String> $debug=false active le debug mode (0 ou 1)
|
|
|
* @return Aucun retour
|
|
|
*/
|
|
|
- public function truncate($debug='false')
|
|
|
+ public function truncate($debug=false)
|
|
|
{
|
|
|
$query = 'TRUNCATE TABLE '.MYSQL_PREFIX.$this->TABLE_NAME.';';
|
|
|
if($this->debug)echo '<hr>'.$this->CLASS_NAME.' ('.__METHOD__ .') : Requete --> '.$query.'<br>'.mysql_error();
|
|
@@ -86,10 +114,10 @@ class MysqlEntity
|
|
|
* Methode de creation de l'entité
|
|
|
* @author Valentin CARRUESCO
|
|
|
* @category manipulation SQL
|
|
|
- * @param <String> $debug='false' active le debug mode (0 ou 1)
|
|
|
+ * @param <String> $debug=false active le debug mode (0 ou 1)
|
|
|
* @return Aucun retour
|
|
|
*/
|
|
|
- public function create($debug='false'){
|
|
|
+ public function create($debug=false){
|
|
|
$query = 'CREATE TABLE IF NOT EXISTS `'.MYSQL_PREFIX.$this->TABLE_NAME.'` (';
|
|
|
|
|
|
$i=false;
|
|
@@ -99,7 +127,10 @@ class MysqlEntity
|
|
|
|
|
|
}
|
|
|
|
|
|
- $query .= ');';
|
|
|
+ $query .= ')
|
|
|
+ ENGINE InnoDB,
|
|
|
+ DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci
|
|
|
+ ;';
|
|
|
if($this->debug)echo '<hr>'.$this->CLASS_NAME.' ('.__METHOD__ .') : Requete --> '.$query.'<br>'.mysql_error();
|
|
|
$myQuery = mysql_query($query) or die(mysql_error());
|
|
|
}
|
|
@@ -120,7 +151,6 @@ class MysqlEntity
|
|
|
$query .=') select';
|
|
|
$u = false;
|
|
|
|
|
|
-
|
|
|
foreach($events as $event){
|
|
|
|
|
|
if($u){$query .=' union select ';}else{$u=true;}
|
|
@@ -129,7 +159,7 @@ class MysqlEntity
|
|
|
foreach($event->object_fields as $field=>$type){
|
|
|
if($type!='key'){
|
|
|
if($i){$query .=',';}else{$i=true;}
|
|
|
- $query .='"'.eval('return htmlentities($event->'.$field.');').'"';
|
|
|
+ $query .='"'.$this->secure($event->$field, $field).'"';
|
|
|
}
|
|
|
}
|
|
|
|
|
@@ -137,7 +167,7 @@ class MysqlEntity
|
|
|
}
|
|
|
|
|
|
$query .=';';
|
|
|
-
|
|
|
+ if($this->debug)echo '<hr>'.$this->CLASS_NAME.' ('.__METHOD__ .') : Requete --> '.$query.'<br>'.mysql_error();
|
|
|
|
|
|
mysql_query($query) or die(mysql_error());
|
|
|
|
|
@@ -158,8 +188,8 @@ class MysqlEntity
|
|
|
$i=false;
|
|
|
foreach($this->object_fields as $field=>$type){
|
|
|
if($i){$query .=',';}else{$i=true;}
|
|
|
- $id = eval('return htmlentities($this->'.$field.');');
|
|
|
- $query .= '`'.$field.'`="'.$id.'"';
|
|
|
+ $id = $this->$field;
|
|
|
+ $query .= '`'.$field.'`="'.$this->secure($id, $field).'"';
|
|
|
}
|
|
|
|
|
|
$query .= ' WHERE `id`="'.$this->id.'";';
|
|
@@ -174,12 +204,12 @@ class MysqlEntity
|
|
|
$i=false;
|
|
|
foreach($this->object_fields as $field=>$type){
|
|
|
if($i){$query .=',';}else{$i=true;}
|
|
|
- $query .='"'.eval('return htmlentities($this->'.$field.');').'"';
|
|
|
+ $query .='"'.$this->secure($this->$field, $field).'"';
|
|
|
}
|
|
|
|
|
|
$query .=');';
|
|
|
}
|
|
|
- //echo '<hr>'.$this->CLASS_NAME.' ('.__METHOD__ .') : Requete --> '.$query.'<br>'.mysql_error();
|
|
|
+ if($this->debug)echo '<hr>'.$this->CLASS_NAME.' ('.__METHOD__ .') : Requete --> '.$query.'<br>'.mysql_error();
|
|
|
mysql_query($query)or die(mysql_error());
|
|
|
$this->id = (!isset($this->id)?mysql_insert_id():$this->id);
|
|
|
}
|
|
@@ -191,25 +221,25 @@ class MysqlEntity
|
|
|
* @param <Array> $colonnes=>$valeurs
|
|
|
* @param <Array> $colonnes (WHERE) =>$valeurs (WHERE)
|
|
|
* @param <String> $operation="=" definis le type d'operateur pour la requete select
|
|
|
- * @param <String> $debug='false' active le debug mode (0 ou 1)
|
|
|
+ * @param <String> $debug=false active le debug mode (0 ou 1)
|
|
|
* @return Aucun retour
|
|
|
*/
|
|
|
- public function change($columns,$columns2,$operation='=',$debug='false'){
|
|
|
+ public function change($columns,$columns2,$operation='=',$debug=false){
|
|
|
$query = 'UPDATE `'.MYSQL_PREFIX.$this->TABLE_NAME.'` SET ';
|
|
|
$i=false;
|
|
|
foreach ($columns as $column=>$value){
|
|
|
if($i){$query .=',';}else{$i=true;}
|
|
|
- $query .= '`'.$column.'`="'.$value.'" ';
|
|
|
+ $query .= '`'.$column.'`="'.$this->secure($value, $column).'" ';
|
|
|
}
|
|
|
$query .=' WHERE ';
|
|
|
|
|
|
$i = false;
|
|
|
foreach ($columns2 as $column=>$value){
|
|
|
if($i){$query .='AND ';}else{$i=true;}
|
|
|
- $query .= '`'.$column.'`'.$operation.'"'.$value.'" ';
|
|
|
+ $query .= '`'.$column.'`'.$operation.'"'.$this->secure($value, $column).'" ';
|
|
|
|
|
|
}
|
|
|
- //echo '<hr>'.$this->CLASS_NAME.' ('.__METHOD__ .') : Requete --> '.$query.'<br>'.mysql_error();
|
|
|
+ if($this->debug)echo '<hr>'.$this->CLASS_NAME.' ('.__METHOD__ .') : Requete --> '.$query.'<br>'.mysql_error();
|
|
|
mysql_query($query)or die(mysql_error());
|
|
|
}
|
|
|
|
|
@@ -219,11 +249,11 @@ class MysqlEntity
|
|
|
* @category manipulation SQL
|
|
|
* @param <String> $ordre=null
|
|
|
* @param <String> $limite=null
|
|
|
- * @param <String> $debug='false' active le debug mode (0 ou 1)
|
|
|
+ * @param <String> $debug=false active le debug mode (0 ou 1)
|
|
|
* @return <Array<Entity>> $Entity
|
|
|
*/
|
|
|
- public function populate($order='null',$limit='null',$debug='false'){
|
|
|
- eval('$results = '.$this->CLASS_NAME.'::loadAll(array(),"'.$order.'",'.$limit.',\'=\','.$debug.');');
|
|
|
+ public function populate($order=null,$limit=null,$debug=false){
|
|
|
+ $results = $this->loadAll(array(),$order,$limit,'=',$debug);
|
|
|
return $results;
|
|
|
}
|
|
|
|
|
@@ -236,10 +266,10 @@ class MysqlEntity
|
|
|
* @param <String> $ordre=null
|
|
|
* @param <String> $limite=null
|
|
|
* @param <String> $operation="=" definis le type d'operateur pour la requete select
|
|
|
- * @param <String> $debug='false' active le debug mode (0 ou 1)
|
|
|
+ * @param <String> $debug=false active le debug mode (0 ou 1)
|
|
|
* @return <Array<Entity>> $Entity
|
|
|
*/
|
|
|
- public function loadAll($columns,$order=null,$limit=null,$operation="=",$debug='false',$selColumn='*'){
|
|
|
+ public function loadAll($columns,$order=null,$limit=null,$operation="=",$debug=false,$selColumn='*'){
|
|
|
$objects = array();
|
|
|
$whereClause = '';
|
|
|
|
|
@@ -249,7 +279,7 @@ class MysqlEntity
|
|
|
foreach($columns as $column=>$value){
|
|
|
|
|
|
if($i){$whereClause .=' AND ';}else{$i=true;}
|
|
|
- $whereClause .= '`'.$column.'`'.$operation.'"'.$value.'"';
|
|
|
+ $whereClause .= '`'.$column.'`'.$operation.'"'.$this->secure($value, $column).'"';
|
|
|
}
|
|
|
}
|
|
|
$query = 'SELECT '.$selColumn.' FROM `'.MYSQL_PREFIX.$this->TABLE_NAME.'` '.$whereClause.' ';
|
|
@@ -257,13 +287,13 @@ class MysqlEntity
|
|
|
if($limit!=null) $query .='LIMIT '.$limit.' ';
|
|
|
$query .=';';
|
|
|
|
|
|
- // echo '<br>'.__METHOD__.' : Requete --> '.$query.'<br>';
|
|
|
+ if($this->debug)echo '<hr>'.$this->CLASS_NAME.' ('.__METHOD__ .') : Requete --> '.$query.'<br>'.mysql_error();
|
|
|
$execQuery = mysql_query($query) or die(mysql_error());
|
|
|
while($queryReturn = mysql_fetch_assoc($execQuery)){
|
|
|
|
|
|
- $object = eval(' return new '.$this->CLASS_NAME.'();');
|
|
|
+ $object = new $this->CLASS_NAME();
|
|
|
foreach($this->object_fields as $field=>$type){
|
|
|
- if(isset($queryReturn[$field])) eval('$object->'.$field .'= html_entity_decode(\''. addslashes($queryReturn[$field]).'\');');
|
|
|
+ if(isset($queryReturn[$field])) $object->$field = $queryReturn[$field];
|
|
|
}
|
|
|
$objects[] = $object;
|
|
|
unset($object);
|
|
@@ -271,8 +301,8 @@ class MysqlEntity
|
|
|
return $objects;
|
|
|
}
|
|
|
|
|
|
- public function loadAllOnlyColumn($selColumn,$columns,$order=null,$limit=null,$operation="=",$debug='false'){
|
|
|
- eval('$objects = $this->loadAll($columns,\''.$order.'\',\''.$limit.'\',\''.$operation.'\',\''.$debug.'\',\''.$selColumn.'\');');
|
|
|
+ public function loadAllOnlyColumn($selColumn,$columns,$order=null,$limit=null,$operation="=",$debug=false){
|
|
|
+ $objects = $this->loadAll($columns,$order,$limit,$operation,$debug,$selColumn);
|
|
|
if(count($objects)==0)$objects = array();
|
|
|
return $objects;
|
|
|
}
|
|
@@ -285,11 +315,11 @@ class MysqlEntity
|
|
|
* @param <Array> $colonnes (WHERE)
|
|
|
* @param <Array> $valeurs (WHERE)
|
|
|
* @param <String> $operation="=" definis le type d'operateur pour la requete select
|
|
|
- * @param <String> $debug='false' active le debug mode (0 ou 1)
|
|
|
+ * @param <String> $debug=false active le debug mode (0 ou 1)
|
|
|
* @return <Entity> $Entity ou false si aucun objet n'est trouvé en base
|
|
|
*/
|
|
|
- public function load($columns,$operation='=',$debug='false'){
|
|
|
- eval('$objects = $this->loadAll($columns,null,\'1\',\''.$operation.'\',\''.$debug.'\');');
|
|
|
+ public function load($columns,$operation='=',$debug=false){
|
|
|
+ $objects = $this->loadAll($columns,null,1,$operation,$debug);
|
|
|
if(!isset($objects[0]))$objects[0] = false;
|
|
|
return $objects[0];
|
|
|
}
|
|
@@ -301,10 +331,10 @@ class MysqlEntity
|
|
|
* @param <Array> $colonnes (WHERE)
|
|
|
* @param <Array> $valeurs (WHERE)
|
|
|
* @param <String> $operation="=" definis le type d'operateur pour la requete select
|
|
|
- * @param <String> $debug='false' active le debug mode (0 ou 1)
|
|
|
+ * @param <String> $debug=false active le debug mode (0 ou 1)
|
|
|
* @return <Entity> $Entity ou false si aucun objet n'est trouvé en base
|
|
|
*/
|
|
|
- public function getById($id,$operation='=',$debug='false'){
|
|
|
+ public function getById($id,$operation='=',$debug=false){
|
|
|
return $this->load(array('id'=>$id),$operation,$debug);
|
|
|
}
|
|
|
|
|
@@ -312,7 +342,7 @@ class MysqlEntity
|
|
|
* Methode de comptage des éléments de l'entité
|
|
|
* @author Valentin CARRUESCO
|
|
|
* @category manipulation SQL
|
|
|
- * @param <String> $debug='false' active le debug mode (0 ou 1)
|
|
|
+ * @param <String> $debug=false active le debug mode (0 ou 1)
|
|
|
* @return<Integer> nombre de ligne dans l'entité'
|
|
|
*/
|
|
|
public function rowCount($columns=null)
|
|
@@ -323,7 +353,7 @@ class MysqlEntity
|
|
|
$i=false;
|
|
|
foreach($columns as $column=>$value){
|
|
|
if($i){$whereClause .=' AND ';}else{$i=true;}
|
|
|
- $whereClause .= '`'.$column.'`="'.$value.'"';
|
|
|
+ $whereClause .= '`'.$column.'`="'.$this->secure($value, $column).'"';
|
|
|
}
|
|
|
}
|
|
|
$query = 'SELECT COUNT(id) FROM '.MYSQL_PREFIX.$this->TABLE_NAME.$whereClause;
|
|
@@ -340,16 +370,16 @@ class MysqlEntity
|
|
|
* @param <Array> $colonnes (WHERE)
|
|
|
* @param <Array> $valeurs (WHERE)
|
|
|
* @param <String> $operation="=" definis le type d'operateur pour la requete select
|
|
|
- * @param <String> $debug='false' active le debug mode (0 ou 1)
|
|
|
+ * @param <String> $debug=false active le debug mode (0 ou 1)
|
|
|
* @return Aucun retour
|
|
|
*/
|
|
|
- public function delete($columns,$operation='=',$debug='false'){
|
|
|
+ public function delete($columns,$operation='=',$debug=false){
|
|
|
$whereClause = '';
|
|
|
|
|
|
$i=false;
|
|
|
foreach($columns as $column=>$value){
|
|
|
if($i){$whereClause .=' AND ';}else{$i=true;}
|
|
|
- $whereClause .= '`'.$column.'`'.$operation.'"'.$value.'"';
|
|
|
+ $whereClause .= '`'.$column.'`'.$operation.'"'.$this->secure($value, $column).'"';
|
|
|
}
|
|
|
$query = 'DELETE FROM `'.MYSQL_PREFIX.$this->TABLE_NAME.'` WHERE '.$whereClause.' ;';
|
|
|
if($this->debug)echo '<hr>'.$this->CLASS_NAME.' ('.__METHOD__ .') : Requete --> '.$query.'<br>'.mysql_error();
|
|
@@ -395,6 +425,5 @@ class MysqlEntity
|
|
|
public function getObject_fields(){
|
|
|
return $this->object_fields;
|
|
|
}
|
|
|
-
|
|
|
}
|
|
|
?>
|