Commit 250cf34d authored by Nigel McNie's avatar Nigel McNie Committed by Penny Leach
Browse files

Change to how table names are specified in SQL queries.

Now, table names (and other identifiers that could be confused with SQL kewords), should be put into SQL like this:

SELECT * FROM {artefact}

The braces are matched and expanded by DML now to include the prefix and be properly quoted, which means that tables like 'view' and 'group' don't need renaming (and nor should they, there's little reason why we should rename tables to get around such constraints).

This has removed a whole bunch of $prefix = ... and get_config('dbprefix') stuff, which makes things a little simpler yet again.
parent 7f278a16
......@@ -149,11 +149,10 @@ class View {
public function get_artefact_metadata() {
if (!isset($this->artefact_metadata)) {
$prefix = get_config('dbprefix');
$sql = 'SELECT a.*, i.name, va.block, va.format
FROM ' . $prefix . 'view_artefact va
JOIN ' . $prefix . 'artefact a ON va.artefact = a.id
JOIN ' . $prefix . 'artefact_installed_type i ON a.artefacttype = i.name
FROM {view_artefact} va
JOIN {artefact} a ON va.artefact = a.id
JOIN {artefact_installed_type} i ON a.artefacttype = i.name
WHERE va.view = ?';
$this->artefact_metadata = get_records_sql_array($sql, array($this->id));
}
......@@ -172,21 +171,19 @@ class View {
$this->artefact_hierarchy = array('data' => array(),
'refs' => array());
$prefix = get_config('dbprefix');
$sql = 'SELECT a.*,a.parent,pc.parent,a.artefacttype
FROM ' . $prefix . 'artefact a
FROM {artefact} a
JOIN (
SELECT apc1.*
FROM ' . $prefix . 'artefact_parent_cache apc1
JOIN ' . $prefix . 'artefact_parent_cache apc2 ON apc1.artefact = apc2.artefact
FROM {artefact_parent_cache} apc1
JOIN {artefact_parent_cache} apc2 ON apc1.artefact = apc2.artefact
WHERE apc2.parent IN (
SELECT artefact FROM ' . $prefix . 'view_artefact where view = ?
SELECT artefact FROM {view_artefact} where view = ?
)
) pc ON pc.artefact = a.id
UNION SELECT a2.*,a2.parent,null,a2.artefacttype
FROM ' . $prefix . 'artefact a2
JOIN ' . $prefix . 'view_artefact va ON va.artefact = a2.id
FROM {artefact} a2
JOIN {view_artefact} va ON va.artefact = a2.id
WHERE va.id = ?';
$allchildren = get_records_sql_array($sql, array($this->id, $this->id));
......@@ -236,13 +233,11 @@ class View {
}
public function get_artefact_metadata_watchlist($userid) {
$prefix = get_config('dbprefix');
$sql = 'SELECT a.*, i.name
FROM ' . $prefix . 'view_artefact va
JOIN ' . $prefix . 'artefact a ON va.artefact = a.id
JOIN ' . $prefix . 'artefact_installed_type i ON a.artefacttype = i.name
JOIN ' . $prefix . 'usr_watchlist_artefact wa ON wa.artefact = a.id
FROM {view_artefact} va
JOIN {artefact} a ON va.artefact = a.id
JOIN {artefact_installed_type} i ON a.artefacttype = i.name
JOIN {usr_watchlist_artefact} wa ON wa.artefact = a.id
WHERE va.view = ? AND wa.usr = ? AND a.parent IS NULL';
return get_records_sql_array($sql, array($this->id, $userid));
}
......
......@@ -56,8 +56,8 @@ class PluginNotificationEmaildigest extends PluginNotification {
$sitename = get_config('sitename');
$sql = 'SELECT q.id, u.username, u.firstname, u.lastname, u.preferredname, u.email, u.admin, u.staff, q.*,' . db_format_tsfield('ctime').'
FROM ' . get_config('dbprefix') . 'usr u
JOIN ' . get_config('dbprefix') . 'notification_emaildigest_queue q
FROM {usr} u
JOIN {notification_emaildigest_queue} q
ON q.usr = u.id
ORDER BY usr,type,q.ctime';
......
......@@ -306,12 +306,11 @@ $elements = array(
)
)
);
$dbprefix = get_config('dbprefix');
$sql = 'SELECT
i.*
FROM
'.$dbprefix.'institution i,
'.$dbprefix.'auth_instance ai
{institution} i,
{auth_instance} ai
WHERE
ai.authname = \'internal\' AND
ai.institution = i.name';
......
......@@ -74,27 +74,26 @@ class PluginSearchInternal extends PluginSearch {
if (empty($publicfields)) {
$publicfields = array('preferredname');
}
$prefix = get_config('dbprefix');
if (is_postgres()) {
return self::search_user_pg($query_string, $limit, $offset, $prefix, $publicfields);
return self::search_user_pg($query_string, $limit, $offset, $publicfields);
}
else if (is_mysql()) {
return self::search_user_my($query_string, $limit, $offset, $prefix, $publicfields);
return self::search_user_my($query_string, $limit, $offset, $publicfields);
}
else {
throw new SQLException('search_user() is not implemented for your database engine (' . get_config('dbtype') . ')');
}
}
public static function search_user_pg($query_string, $limit, $offset, $prefix, $publicfields) {
public static function search_user_pg($query_string, $limit, $offset, $publicfields) {
$fieldlist = "('" . join("','", $publicfields) . "')";
$count = get_field_sql('
SELECT
COUNT(DISTINCT u.id)
FROM
' . $prefix . 'usr u
LEFT JOIN ' . $prefix . 'artefact a ON u.id=a.owner
{usr} u
LEFT JOIN {artefact} a ON u.id=a.owner
WHERE
u.id <> 0 AND u.active = 1
AND ((
......@@ -117,8 +116,8 @@ class PluginSearchInternal extends PluginSearch {
$data = get_records_sql_array('
SELECT DISTINCT ON (u.firstname, u.lastname, u.id)
u.id, u.username, u.institution, u.firstname, u.lastname, u.preferredname, u.email, u.staff
FROM ' . $prefix . 'artefact a
INNER JOIN ' . $prefix .'usr u ON u.id = a.owner
FROM {artefact} a
INNER JOIN {usr} u ON u.id = a.owner
WHERE
u.id <> 0 AND u.active = 1
AND ((
......@@ -156,15 +155,15 @@ class PluginSearchInternal extends PluginSearch {
);
}
public static function search_user_my($query_string, $limit, $offset, $prefix, $publicfields) {
public static function search_user_my($query_string, $limit, $offset, $publicfields) {
$fieldlist = "('" . join("','", $publicfields) . "')";
$count = get_field_sql('
SELECT
COUNT(DISTINCT owner)
FROM
' . $prefix . 'usr u
LEFT JOIN ' . $prefix . 'artefact a ON u.id=a.owner
{usr} u
LEFT JOIN {artefact} a ON u.id=a.owner
WHERE
u.id <> 0 AND u.active = 1
AND ((
......@@ -192,8 +191,8 @@ class PluginSearchInternal extends PluginSearch {
$data = get_records_sql_array('
SELECT DISTINCT
u.id, u.username, u.institution, u.firstname, u.lastname, u.preferredname, u.email, u.staff
FROM ' . $prefix . 'artefact a
INNER JOIN ' . $prefix .'usr u ON u.id = a.owner
FROM {artefact} a
INNER JOIN {usr} u ON u.id = a.owner
WHERE
u.id <> 0 AND u.active = 1
AND ((
......@@ -283,18 +282,18 @@ class PluginSearchInternal extends PluginSearch {
SELECT
id, name, description, jointype, owner, ctime, mtime
FROM
" . get_config('dbprefix') . "group
{group}
WHERE (
name ILIKE '%' || ? || '%'
OR description ILIKE '%' || ? || '%'
)";
$values = array($query_string, $query_string);
if (!$all) {
$sql .= "AND (
$sql .= 'AND (
owner = ? OR id IN (
SELECT group FROM " . get_config('dbprefix') . "group_member WHERE member = ?
SELECT {group} FROM {group_member} WHERE member = ?
)
)";
)';
$values[] = $USER->get('id');
$values[] = $USER->get('id');
}
......@@ -304,7 +303,7 @@ class PluginSearchInternal extends PluginSearch {
SELECT
COUNT(*)
FROM
" . get_config('dbprefix') . "group u
{group} u
WHERE (
name ILIKE '%' || ? || '%'
OR description ILIKE '%' || ? || '%'
......@@ -312,7 +311,7 @@ class PluginSearchInternal extends PluginSearch {
if (!$all) {
$sql .= "AND (
owner = ? OR id IN (
SELECT group FROM " . get_config('dbprefix') . "group_member WHERE member = ?
SELECT {group} FROM {group_member} WHERE member = ?
)
)
";
......@@ -333,7 +332,7 @@ class PluginSearchInternal extends PluginSearch {
SELECT
id, name, description, jointype, owner, ctime, mtime
FROM
" . get_config('dbprefix') . "group
{group}
WHERE (
name LIKE '%' || ? || '%'
OR description LIKE '%' || ? || '%'
......@@ -342,7 +341,7 @@ class PluginSearchInternal extends PluginSearch {
if (!$all) {
$sql .= "AND (
owner = ? OR id IN (
SELECT group FROM " . get_config('dbprefix') . "group_member WHERE member = ?
SELECT group FROM {group_member} WHERE member = ?
)
)";
$values[] = $USER->get('id');
......@@ -354,7 +353,7 @@ class PluginSearchInternal extends PluginSearch {
SELECT
COUNT(*)
FROM
" . get_config('dbprefix') . "group u
{group} u
WHERE (
name LIKE '%' || ? || '%'
OR description LIKE '%' || ? || '%'
......@@ -362,7 +361,7 @@ class PluginSearchInternal extends PluginSearch {
if (!$all) {
$sql .= "AND (
owner = ? OR id IN (
SELECT group FROM " . get_config('dbprefix') . "group_member WHERE member = ?
SELECT group FROM {group_member} WHERE member = ?
)
)
";
......@@ -409,7 +408,7 @@ class PluginSearchInternal extends PluginSearch {
SELECT
id, artefacttype, title, description
FROM
" . get_config('dbprefix') . "artefact a
{artefact} a
WHERE
owner = ?
AND ($querydata[0])";
......@@ -417,7 +416,7 @@ class PluginSearchInternal extends PluginSearch {
SELECT
COUNT(*)
FROM
" . get_config('dbprefix') . "artefact a
{artefact} a
WHERE
owner = ?
AND ($querydata[0])";
......
......@@ -30,7 +30,6 @@ require_once('pieforms/pieform.php');
$userid = param_integer('id','');
$loggedinid = $USER->get('id');
$prefix = get_config('dbprefix');
$inlinejs = <<<EOF
function messageform_success(formname, data) {
......
......@@ -35,8 +35,6 @@ $limit = param_integer('limit', 10);
$offset = param_integer('offset', 0);
$category = param_variable('category', '');
$dbprefix = get_config('dbprefix');
if (empty($category)) {
$count = get_field('template', 'COUNT(*)');
$data = get_records_array('template', 'deleted', '0', 'title', 'name,title,description,category', $offset, $limit);
......@@ -45,7 +43,7 @@ else {
$count = get_field('template', 'COUNT(*)', 'category', $category);
// $data = get_records_array('template', 'category', $category, 'title', 'name,title,description,category', $offset, $limit);
// not using get_records_array here because we can't have more than one constraint :(
$data = get_records_sql_array('SELECT name,title,description,category FROM ' . get_config('dbprefix') . 'template WHERE category=? AND deleted=0', array($category), $offset, $limit);
$data = get_records_sql_array('SELECT name,title,description,category FROM {template} WHERE category=? AND deleted=0', array($category), $offset, $limit);
}
......
......@@ -42,15 +42,14 @@ require_once('pieforms/pieform/elements/calendar.php');
$smarty = smarty(array('tablerenderer'), pieform_element_calendar_get_headdata(pieform_element_calendar_configure(array())));
$viewid = param_integer('viewid');
$prefix = get_config('dbprefix');
if (!get_field('view', 'COUNT(*)', 'id', $viewid, 'owner', $USER->get('id'))) {
$SESSION->add_error_msg(get_string('canteditdontown', 'view'));
redirect('/view/');
}
$data = get_records_sql_array('SELECT va.accesstype AS type, va.startdate, va.stopdate
FROM ' . $prefix . 'view_access va
LEFT JOIN ' . $prefix . 'view v ON (va.view = v.id)
FROM {view_access} va
LEFT JOIN {view} v ON (va.view = v.id)
WHERE v.id = ?
AND v.owner = ?
ORDER BY va.accesstype', array($viewid, $USER->get('id')));
......@@ -64,11 +63,11 @@ foreach ($data as &$item) {
// Get access for users and groups
$extradata = get_records_sql_array("
SELECT 'user' AS type, usr AS id, 0 AS tutoronly, startdate, stopdate
FROM {$prefix}view_access_usr
FROM {view_access_usr}
WHERE view = ?
UNION
SELECT 'group', group, tutoronly, startdate, stopdate
FROM {$prefix}view_access_group
FROM {view_access_group}
WHERE view = ?", array($viewid, $viewid));
if ($extradata) {
foreach ($extradata as &$extraitem) {
......@@ -140,11 +139,10 @@ function editviewaccess_submit(Pieform $form, $values) {
}
$userids = implode(',', $userids);
$prefix = get_config('dbprefix');
execute_sql('DELETE FROM ' . $prefix . 'usr_watchlist_view
execute_sql('DELETE FROM {usr_watchlist_view}
WHERE view = ' . $viewid . '
AND usr IN (' . $userids . ')');
execute_sql('DELETE FROM ' . $prefix . 'usr_watchlist_artefact
execute_sql('DELETE FROM {usr_watchlist_artefact}
WHERE view = ' . $viewid . '
AND usr IN(' . $userids . ')');
}
......
......@@ -39,12 +39,11 @@ $filename = param_variable('filename');
// fail if the quota is exceeded.
// Group name, view title, feedback number?
$prefix = get_config('dbprefix');
$viewdata = get_record_sql('
SELECT
v.title, v.owner, c.name
FROM ' . $prefix . 'view v
INNER JOIN ' . $prefix . 'group g ON v.submittedto = g.id
FROM {view} v
INNER JOIN {group} g ON v.submittedto = g.id
WHERE v.id = ' . $viewid, '');
$page = '/view/view.php?view=' . $viewid;
......
......@@ -41,7 +41,6 @@ if (!can_view_view($view)) {
throw new AccessDeniedException();
}
$prefix = get_config('dbprefix');
$userid = $USER->get('id');
if ($artefact) {
......@@ -51,13 +50,13 @@ if ($artefact) {
$count = count_records_sql('
SELECT
COUNT(*)
FROM ' . $prefix . $table . '
FROM {artefact_feedback}
WHERE view = ' . $view . ' AND artefact = ' . $artefact
. ($public ? ' AND (public = 1 OR author = ' . $userid . ')' : ''));
$feedback = get_records_sql_array('
SELECT
id, author, ctime, message, public
FROM ' . $prefix . $table . '
FROM {artefact_feedback}
WHERE view = ' . $view . ' AND artefact = ' . $artefact
. ($public ? ' AND (public = 1 OR author = ' . $userid . ')' : '') . '
ORDER BY id DESC', '', $offset, $limit);
......@@ -70,14 +69,14 @@ else {
$count = count_records_sql('
SELECT
COUNT(*)
FROM ' . $prefix . $table . '
FROM {view_feedback}
WHERE view = ' . $view
. ($public ? ' AND (public = 1 OR author = ' . $userid . ')' : ''));
$feedback = get_records_sql_array('
SELECT
f.id, f.author, f.ctime, f.message, f.public, f.attachment, a.title
FROM ' . $prefix . $table . ' f
LEFT OUTER JOIN ' . $prefix . 'artefact a ON f.attachment = a.id
FROM {view_feedback}
LEFT OUTER JOIN {artefact} a ON f.attachment = a.id
WHERE view = ' . $view
. ($public ? ' AND (f.public = 1 OR f.author = ' . $userid . ')' : '') . '
ORDER BY id DESC', '', $offset, $limit);
......
......@@ -43,19 +43,18 @@ $count = count_records('view', 'owner', $userid);
/* Do this in one query sometime */
$prefix = get_config('dbprefix');
$viewdata = get_records_sql_array('SELECT v.id,v.title,v.startdate,v.stopdate,v.description,c.name
FROM ' . $prefix . 'view v
LEFT OUTER JOIN ' . $prefix . 'group g ON v.submittedto = g.id
FROM {view} v
LEFT OUTER JOIN {group} g ON v.submittedto = g.id
WHERE v.owner = ' . $userid . '
ORDER BY v.title', '', $offset, $limit);
if ($viewdata) {
$viewidlist = implode(', ', array_map(create_function('$a', 'return $a->id;'), $viewdata));
$artefacts = get_records_sql_array('SELECT va.view, va.artefact, a.title, a.artefacttype, t.plugin
FROM ' . $prefix . 'view_artefact va
INNER JOIN ' . $prefix . 'artefact a ON va.artefact = a.id
INNER JOIN ' . $prefix . 'artefact_installed_type t ON a.artefacttype = t.name
FROM {view_artefact} va
INNER JOIN {artefact} a ON va.artefact = a.id
INNER JOIN {artefact_installed_type} t ON a.artefacttype = t.name
WHERE va.view IN (' . $viewidlist . ')
GROUP BY 1, 2, 3, 4, 5', '');
}
......@@ -101,9 +100,9 @@ if ($viewdata) {
able to submit views to. */
if (!$tutorgroupdata = @get_records_sql_array('SELECT c.id, c.name
FROM ' . $prefix . 'group_member u
INNER JOIN ' . $prefix . 'group g ON u.group = g.id
INNER JOIN ' . $prefix . 'group_member t ON t.group = g.id
FROM {group_member} u
INNER JOIN {group} g ON u.group = g.id
INNER JOIN {group_member} t ON t.group = g.id
WHERE u.member = ' . $userid . '
AND t.tutor = 1
AND t.member != ' . $userid . ';', '')) {
......
......@@ -66,7 +66,7 @@ if ($artefactid) {
$navlist = array('<a href="' . $viewhref . '">' . $view->get('title') . '</a>');
if (!empty($path)) {
$titles = get_records_sql_assoc('
SELECT id,title FROM ' . get_config('dbprefix') . 'artefact
SELECT id,title FROM {artefact}
WHERE id IN (' . $path . ')','');
$artefactids = split(',', $path);
for ($i = 0; $i < count($artefactids); $i++) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment