}
}
- // CRM-11582
- foreach($tr as $key => $value) {
- $key = preg_quote($key);
- $value = preg_quote($value);
- $query = preg_replace("/$key\b/", $value, $query);
- }
- return $query;
+ return strtr($query, $tr);
}
static function freeResult($ids = NULL) {
$actualSql = CRM_Core_DAO::composeQuery($inputSql, $inputParams);
$this->assertEquals($expectSql, $actualSql);
}
+
+ // CASE: Two params where the %2 is already present in the query
+ // NOTE: This case should rightly FAIL, as using strstr in the replace mechanism will turn
+ // the query into: SELECT * FROM whatever WHERE name = 'Alice' AND title = 'Bob' AND year LIKE ''Bob'012'
+ // So, to avoid such ERROR, the query should be framed like:
+ // 'SELECT * FROM whatever WHERE name = %1 AND title = %3 AND year LIKE '%2012'
+ // $params[3] = array('Bob', 'String');
+ // i.e. the place holder should be unique and should not contain in any other operational use in query
+ function testComposeQueryFailure() {
+ $cases[] = array(
+ 'SELECT * FROM whatever WHERE name = %1 AND title = %2 AND year LIKE \'%2012\' ',
+ array(
+ 1 => array('Alice', 'String'),
+ 2 => array('Bob', 'String'),
+ ),
+ 'SELECT * FROM whatever WHERE name = \'Alice\' AND title = \'Bob\' AND year LIKE \'%2012\' ',
+ );
+ list($inputSql, $inputParams, $expectSql) = $cases[0];
+ $actualSql = CRM_Core_DAO::composeQuery($inputSql, $inputParams);
+ $this->assertFalse(($expectSql == $actualSql));
+ }
}
projects / civicrm-core.git / commitdiff