Commit 8b11e7eb authored by Dries's avatar Dries
Browse files

- Patch #543948 by Damien Tournoud: remove db_type_placeholder().

parent 88884f89
......@@ -2175,50 +2175,6 @@ function db_find_tables($table_expression) {
return Database::getConnection()->schema()->findTables($table_expression);
}
/**
* Given a Schema API field type, return the correct %-placeholder.
*
* Embed the placeholder in a query to be passed to db_query and and pass as an
* argument to db_query a value of the specified type.
*
* @todo Remove this after all queries are converted to type-agnostic form.
* @param $type
* The Schema API type of a field.
* @return
* The placeholder string to embed in a query for that type.
*/
function db_type_placeholder($type) {
switch ($type) {
case 'varchar':
case 'char':
case 'text':
case 'datetime':
return '\'%s\'';
case 'numeric':
// Numeric values are arbitrary precision numbers. Syntactically, numerics
// should be specified directly in SQL. However, without single quotes
// the %s placeholder does not protect against non-numeric characters such
// as spaces which would expose us to SQL injection.
return '%n';
case 'serial':
case 'int':
return '%d';
case 'float':
return '%f';
case 'blob':
return '%b';
}
// There is no safe value to return here, so return something that
// will cause the query to fail.
return 'unsupported type ' . $type . 'for db_type_placeholder';
}
function _db_create_keys_sql($spec) {
return Database::getConnection()->schema()->createKeysSql($spec);
}
......
......@@ -286,8 +286,8 @@ public function addField(&$ret, $table, $field, $spec, $keys_new = array()) {
$ret[] = update_sql($query);
if (isset($spec['initial'])) {
// All this because update_sql does not support %-placeholders.
$sql = 'UPDATE {' . $table . '} SET ' . $field . ' = ' . db_type_placeholder($spec['type']);
$result = db_query($sql, $spec['initial']);
$sql = 'UPDATE {' . $table . '} SET ' . $field . ' = :value';
$result = db_query($sql, array(':value' => $spec['initial']));
$ret[] = array('success' => $result !== FALSE, 'query' => check_plain($sql . ' (' . $spec['initial'] . ')'));
}
if ($fixnull) {
......
......@@ -328,8 +328,8 @@ public function addField(&$ret, $table, $field, $spec, $new_keys = array()) {
$ret[] = update_sql($query);
if (isset($spec['initial'])) {
// All this because update_sql does not support %-placeholders.
$sql = 'UPDATE {' . $table . '} SET ' . $field . ' = ' . db_type_placeholder($spec['type']);
$result = db_query($sql, $spec['initial']);
$sql = 'UPDATE {' . $table . '} SET ' . $field . ' = :value';
$result = db_query($sql, array(':value' => $spec['initial']));
$ret[] = array('success' => $result !== FALSE, 'query' => check_plain($sql . ' (' . $spec['initial'] . ')'));
}
if ($fixnull) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment