PluginProbe ʕ •ᴥ•ʔ
Search Regex / 3.4
Search Regex v3.4
trunk 1.4.12 1.4.13 1.4.14 1.4.15 1.4.16 2.0 2.0.1 2.1 2.2 2.2.1 2.3 2.3.1 2.3.2 2.3.3 2.4 2.4.1 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.1 3.1.1 3.1.2 3.2 3.3 3.3.0 3.3.1 3.4 3.4.1 3.4.2
search-regex / includes / sql / class-value.php
search-regex / includes / sql Last commit date
join 4 months ago modifier 5 months ago select 5 months ago where 5 months ago class-builder.php 5 months ago class-from.php 5 months ago class-group.php 5 months ago class-query.php 5 months ago class-value.php 5 months ago
class-value.php
69 lines
1 <?php
2
3 namespace SearchRegex\Sql;
4
5 /**
6 * A simple sanitizer for table names, column names, and raw (pre-sanitized) names. This shouldn't be treated as a replacement for $wpdb->prepare, and is just
7 * a way of being extra-paranoid when forming queries with known column and table names.
8 */
9 class Value {
10 /**
11 * Underlying value
12 *
13 * @readonly
14 */
15 private string $value;
16
17 /**
18 * Constructor
19 *
20 * @param string $value Value.
21 */
22 public function __construct( $value ) {
23 $this->value = $value;
24 }
25
26 /**
27 * Get the sanitized value.
28 *
29 * @return string
30 */
31 public function get_value() {
32 return $this->value;
33 }
34
35 /**
36 * Create a Value with a known sanitized value. You should only use this when you are sure the value is safe.
37 *
38 * @param string $value Value.
39 * @return Value
40 */
41 public static function safe_raw( $value ) {
42 return new Value( $value );
43 }
44
45 /**
46 * Create a Value for a SQL column. Performs column sanitization and allows for column aliases
47 *
48 * @param string $column Column name.
49 * @return Value
50 */
51 public static function column( $column ) {
52 $column = (string) preg_replace( '/[^ A-Za-z0-9_\-\.]/', '', $column );
53
54 return new Value( $column );
55 }
56
57 /**
58 * Create a Value for a SQL table name. Performs table name sanitization.
59 *
60 * @param string $table Table name.
61 * @return Value
62 */
63 public static function table( $table ) {
64 $table = (string) preg_replace( '/[^A-Za-z0-9_\-]/', '', $table );
65
66 return new Value( $table );
67 }
68 }
69