join
4 months ago
modifier
5 months ago
select
3 weeks ago
where
3 weeks ago
class-builder.php
5 months ago
class-from.php
5 months ago
class-group.php
5 months ago
class-query.php
3 weeks ago
class-value.php
5 months ago
class-value.php
69 lines
| 1 | <?php |
| 2 | |
| 3 | namespace SearchRegex\Sql; |
| 4 | |
| 5 | /** |
| 6 | * A simple sanitizer for table names, column names, and raw (pre-sanitized) names. This shouldn't be treated as a replacement for $wpdb->prepare, and is just |
| 7 | * a way of being extra-paranoid when forming queries with known column and table names. |
| 8 | */ |
| 9 | class Value { |
| 10 | /** |
| 11 | * Underlying value |
| 12 | * |
| 13 | * @readonly |
| 14 | */ |
| 15 | private string $value; |
| 16 | |
| 17 | /** |
| 18 | * Constructor |
| 19 | * |
| 20 | * @param string $value Value. |
| 21 | */ |
| 22 | public function __construct( $value ) { |
| 23 | $this->value = $value; |
| 24 | } |
| 25 | |
| 26 | /** |
| 27 | * Get the sanitized value. |
| 28 | * |
| 29 | * @return string |
| 30 | */ |
| 31 | public function get_value() { |
| 32 | return $this->value; |
| 33 | } |
| 34 | |
| 35 | /** |
| 36 | * Create a Value with a known sanitized value. You should only use this when you are sure the value is safe. |
| 37 | * |
| 38 | * @param string $value Value. |
| 39 | * @return Value |
| 40 | */ |
| 41 | public static function safe_raw( $value ) { |
| 42 | return new Value( $value ); |
| 43 | } |
| 44 | |
| 45 | /** |
| 46 | * Create a Value for a SQL column. Performs column sanitization and allows for column aliases |
| 47 | * |
| 48 | * @param string $column Column name. |
| 49 | * @return Value |
| 50 | */ |
| 51 | public static function column( $column ) { |
| 52 | $column = (string) preg_replace( '/[^ A-Za-z0-9_\-\.]/', '', $column ); |
| 53 | |
| 54 | return new Value( $column ); |
| 55 | } |
| 56 | |
| 57 | /** |
| 58 | * Create a Value for a SQL table name. Performs table name sanitization. |
| 59 | * |
| 60 | * @param string $table Table name. |
| 61 | * @return Value |
| 62 | */ |
| 63 | public static function table( $table ) { |
| 64 | $table = (string) preg_replace( '/[^A-Za-z0-9_\-]/', '', $table ); |
| 65 | |
| 66 | return new Value( $table ); |
| 67 | } |
| 68 | } |
| 69 |