vendor/contao/core-bundle/src/Resources/contao/library/Contao/Database/Statement.php line 237

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of Contao.
  5. *
  6. * (c) Leo Feyer
  7. *
  8. * @license LGPL-3.0-or-later
  9. */
  11. namespace Contao\Database;
  13. use Contao\Database;
  14. use Doctrine\DBAL\Connection;
  15. use Doctrine\DBAL\Driver\Result as DoctrineResult;
  16. use Doctrine\DBAL\Exception\DriverException;
  17. use Doctrine\DBAL\ParameterType;
  19. /**
  20. * Create and execute queries
  21. *
  22. * The class creates the database queries replacing the wildcards and escaping
  23. * the values. It then executes the query and returns a result object.
  24. *
  25. * Usage:
  26. *
  27. * $db = Database::getInstance();
  28. * $stmt = $db->prepare("SELECT * FROM tl_member WHERE city=?");
  29. * $stmt->limit(10);
  30. * $res = $stmt->execute('London');
  31. *
  32. * @property string $query The query string
  33. * @property string $error The last error message
  34. * @property integer $affectedRows The number of affected rows
  35. * @property integer $insertId The last insert ID
  36. */
  37. class Statement
  38. {
  39. /**
  40. * Connection ID
  41. * @var Connection
  42. */
  43. protected $resConnection;
  45. /**
  46. * Database statement
  47. * @var DoctrineResult
  48. */
  49. protected $statement;
  51. /**
  52. * Query string
  53. * @var string
  54. */
  55. protected $strQuery;
  57. /**
  58. * @var array
  59. */
  60. private $arrSetParams = array();
  62. /**
  63. * @var array
  64. */
  65. private $arrLastUsedParams = array();
  67. /**
  68. * Validate the connection resource and store the query string
  69. *
  70. * @param Connection $resConnection The connection resource
  71. */
  72. public function __construct(Connection $resConnection)
  73. {
  74. $this->resConnection = $resConnection;
  75. }
  77. /**
  78. * Return an object property
  79. *
  80. * @param string $strKey The property name
  81. *
  82. * @return mixed|null The property value or null
  83. */
  84. public function __get($strKey)
  85. {
  86. switch ($strKey)
  87. {
  88. case 'query':
  89. return $this->strQuery;
  91. case 'affectedRows':
  92. return $this->statement->rowCount();
  94. case 'insertId':
  95. return $this->resConnection->lastInsertId();
  96. }
  98. return null;
  99. }
  101. /**
  102. * Prepare a query string so the following functions can handle it
  103. *
  104. * @param string $strQuery The query string
  105. *
  106. * @return Statement The statement object
  107. *
  108. * @throws \Exception If $strQuery is empty
  109. */
  110. public function prepare($strQuery)
  111. {
  112. if (!$strQuery)
  113. {
  114. throw new \Exception('Empty query string');
  115. }
  117. $this->strQuery = trim($strQuery);
  118. $this->arrLastUsedParams = array();
  120. return $this;
  121. }
  123. /**
  124. * Autogenerate the SET/VALUES subpart of a query from an associative array
  125. *
  126. * Usage:
  127. *
  128. * $set = array(
  129. * 'firstname' => 'Leo',
  130. * 'lastname' => 'Feyer'
  131. * );
  132. * $stmt->prepare("UPDATE tl_member %s")->set($set);
  133. *
  134. * @param array $arrParams The associative array
  135. *
  136. * @return Statement The statement object
  137. */
  138. public function set($arrParams)
  139. {
  140. if (substr_count($this->strQuery, '%s') !== 1 || !\in_array(strtoupper(substr($this->strQuery, 0, 6)), array('INSERT', 'UPDATE'), true))
  141. {
  142. trigger_deprecation('contao/core-bundle', '4.13', 'Using "%s()" is only supported for INSERT and UPDATE queries with the "%%s" placeholder. This will throw an exception in Contao 5.0.', __METHOD__);
  144. return $this;
  145. }
  147. $this->arrSetParams = array_values($arrParams);
  149. $arrParamNames = array_map(
  150. static function ($strName)
  151. {
  152. if (!preg_match('/^(?:[A-Za-z0-9_$]+|`[^`]+`)$/', $strName))
  153. {
  154. throw new \RuntimeException(sprintf('Invalid column name "%s" in %s()', $strName, __METHOD__));
  155. }
  157. return Database::quoteIdentifier($strName);
  158. },
  159. array_keys($arrParams)
  160. );
  162. // INSERT
  163. if (strncasecmp($this->strQuery, 'INSERT', 6) === 0)
  164. {
  165. $strQuery = sprintf(
  166. '(%s) VALUES (%s)',
  167. implode(', ', $arrParamNames),
  168. implode(', ', array_fill(0, \count($arrParams), '?'))
  169. );
  170. }
  172. // UPDATE
  173. else
  174. {
  175. if (!$arrParamNames)
  176. {
  177. throw new \InvalidArgumentException('Set array must not be empty for UPDATE queries');
  178. }
  180. $strQuery = 'SET ' . implode('=?, ', $arrParamNames) . '=?';
  181. }
  183. $this->strQuery = str_replace('%s', $strQuery, $this->strQuery);
  185. return $this;
  186. }
  188. /**
  189. * Handle limit and offset
  190. *
  191. * @param integer $intRows The maximum number of rows
  192. * @param integer $intOffset The number of rows to skip
  193. *
  194. * @return Statement The statement object
  195. */
  196. public function limit($intRows, $intOffset=0)
  197. {
  198. if ($intRows <= 0)
  199. {
  200. // 2^64-1 is the maximum of unsigned BIGINT, the biggest limit possible
  201. $intRows = '18446744073709551615';
  202. }
  204. if ($intOffset < 0)
  205. {
  206. $intOffset = 0;
  207. }
  209. if (strncasecmp($this->strQuery, 'SELECT', 6) === 0)
  210. {
  211. $this->strQuery .= ' LIMIT ' . $intOffset . ',' . $intRows;
  212. }
  213. else
  214. {
  215. $this->strQuery .= ' LIMIT ' . $intRows;
  216. }
  218. return $this;
  219. }
  221. /**
  222. * Execute the query and return the result object
  223. *
  224. * @return Result The result object
  225. */
  226. public function execute()
  227. {
  228. $arrParams = \func_get_args();
  230. if (\count($arrParams) === 1 && \is_array($arrParams[0]))
  231. {
  232. trigger_deprecation('contao/core-bundle', '4.13', 'Using "%s()" with an array parameter has been deprecated and will no longer work in Contao 5.0. Use argument unpacking via ... instead."', __METHOD__);
  234. $arrParams = array_values($arrParams[0]);
  235. }
  237. return $this->query('', array_merge($this->arrSetParams, $arrParams));
  238. }
  240. /**
  241. * Directly send a query string to the database
  242. *
  243. * @param string $strQuery The query string
  244. *
  245. * @return Result|Statement The result object or the statement object if there is no result set
  246. *
  247. * @throws \Exception If the query string is empty
  248. */
  249. public function query($strQuery='', array $arrParams = array(), array $arrTypes = array())
  250. {
  251. if (!empty($strQuery))
  252. {
  253. $this->strQuery = trim($strQuery);
  254. }
  256. // Make sure there is a query string
  257. if (!$this->strQuery)
  258. {
  259. throw new \Exception('Empty query string');
  260. }
  262. foreach ($arrParams as $key => $varParam)
  263. {
  264. // Automatically set type to boolean when no type is defined,
  265. // otherwise "false" will be converted to an empty string.
  266. if (null === ($arrTypes[$key] ?? null))
  267. {
  268. $arrTypes[$key] = \is_bool($varParam) ? ParameterType::BOOLEAN : ParameterType::STRING;
  269. }
  271. if (\is_string($varParam) || \is_bool($varParam) || \is_float($varParam) || \is_int($varParam) || $varParam === null)
  272. {
  273. continue;
  274. }
  276. $arrParams[$key] = serialize($varParam);
  277. }
  279. $this->arrLastUsedParams = $arrParams;
  281. // Execute the query
  282. // TODO: remove the try/catch block in Contao 5.0
  283. try
  284. {
  285. $this->statement = $this->resConnection->executeQuery($this->strQuery, $arrParams, $arrTypes);
  286. }
  287. catch (DriverException|\ArgumentCountError $exception)
  288. {
  289. // SQLSTATE[HY000]: This command is not supported in the prepared statement protocol
  290. if ($exception->getCode() === 1295)
  291. {
  292. $this->resConnection->executeStatement($this->strQuery, $arrParams, $arrTypes);
  294. trigger_deprecation('contao/core-bundle', '4.13', 'Using "%s()" for statements (instead of queries) has been deprecated and will no longer work in Contao 5.0. Use "%s::executeStatement()" instead.', __METHOD__, Connection::class);
  296. return $this;
  297. }
  299. if (!$arrParams)
  300. {
  301. throw $exception;
  302. }
  304. $intTokenCount = substr_count(preg_replace("/('[^']*')/", '', $this->strQuery), '?');
  306. if (\count($arrParams) <= $intTokenCount)
  307. {
  308. throw $exception;
  309. }
  311. // If we get here, there are more parameters than tokens, so we slice the array and try to execute the query again
  312. $this->statement = $this->resConnection->executeQuery($this->strQuery, \array_slice($arrParams, 0, $intTokenCount), $arrTypes);
  314. // Only trigger the deprecation if the parameter count was the reason for the exception and the previous call did not throw
  315. if ($this->arrLastUsedParams === array(null))
  316. {
  317. trigger_deprecation('contao/core-bundle', '4.13', 'Using "%s::execute(null)" has been deprecated and will no longer work in Contao 5.0. Omit the NULL parameters instead.', __CLASS__);
  318. }
  319. else
  320. {
  321. trigger_deprecation('contao/core-bundle', '4.13', 'Passing more parameters than "?" tokens has been deprecated and will no longer work in Contao 5.0. Use the correct number of parameters instead.');
  322. }
  323. }
  325. // No result set available
  326. if ($this->statement->columnCount() < 1)
  327. {
  328. return $this;
  329. }
  331. // Instantiate a result object
  332. return new Result($this->statement, $this->strQuery);
  333. }
  335. /**
  336. * Replace the wildcards in the query string
  337. *
  338. * @param array $arrValues The values array
  339. *
  340. * @throws \Exception If $arrValues has too few values to replace the wildcards in the query string
  341. *
  342. * @deprecated Deprecated since Contao 4.13, to be removed in Contao 5.0.
  343. */
  344. protected function replaceWildcards($arrValues)
  345. {
  346. trigger_deprecation('contao/core-bundle', '4.13', 'Using "%s()" has been deprecated and will no longer work in Contao 5.0.', __METHOD__);
  348. $arrValues = $this->escapeParams($arrValues);
  349. $this->strQuery = preg_replace('/(?<!%)%([^bcdufosxX%])/', '%%$1', $this->strQuery);
  351. // Replace wildcards
  352. if (!$this->strQuery = @vsprintf($this->strQuery, $arrValues))
  353. {
  354. throw new \Exception('Too few arguments to build the query string');
  355. }
  356. }
  358. /**
  359. * Escape the values and serialize objects and arrays
  360. *
  361. * @param array $arrValues The values array
  362. *
  363. * @return array The array with the escaped values
  364. *
  365. * @deprecated Deprecated since Contao 4.13, to be removed in Contao 5.0.
  366. */
  367. protected function escapeParams($arrValues)
  368. {
  369. trigger_deprecation('contao/core-bundle', '4.13', 'Using "%s()" has been deprecated and will no longer work in Contao 5.0.', __METHOD__);
  371. foreach ($arrValues as $k=>$v)
  372. {
  373. switch (\gettype($v))
  374. {
  375. case 'string':
  376. $arrValues[$k] = $this->resConnection->quote($v);
  377. break;
  379. case 'boolean':
  380. $arrValues[$k] = ($v === true) ? 1 : 0;
  381. break;
  383. case 'object':
  384. case 'array':
  385. $arrValues[$k] = $this->resConnection->quote(serialize($v));
  386. break;
  388. default:
  389. $arrValues[$k] = $v ?? 'NULL';
  390. break;
  391. }
  392. }
  394. return $arrValues;
  395. }
  397. /**
  398. * Explain the current query
  399. *
  400. * @return string The explanation string
  401. *
  402. * @deprecated Deprecated since Contao 4.13, to be removed in Contao 5.0.
  403. */
  404. public function explain()
  405. {
  406. trigger_deprecation('contao/core-bundle', '4.13', 'Using "%s()" has been deprecated and will no longer work in Contao 5.0.', __METHOD__);
  408. return $this->resConnection->fetchAssociative('EXPLAIN ' . $this->strQuery, $this->arrLastUsedParams);
  409. }
  411. /**
  412. * Bypass the cache and always execute the query
  413. *
  414. * @return Result The result object
  415. *
  416. * @deprecated Deprecated since Contao 4.0, to be removed in Contao 5.0.
  417. * Use Statement::execute() instead.
  418. */
  419. public function executeUncached()
  420. {
  421. trigger_deprecation('contao/core-bundle', '4.0', 'Using "Contao\Statement::executeUncached()" has been deprecated and will no longer work in Contao 5.0. Use "Contao\Statement::execute()" instead.');
  423. return \call_user_func_array(array($this, 'execute'), \func_get_args());
  424. }
  426. /**
  427. * Always execute the query and add or replace an existing cache entry
  428. *
  429. * @return Result The result object
  430. *
  431. * @deprecated Deprecated since Contao 4.0, to be removed in Contao 5.0.
  432. * Use Statement::execute() instead.
  433. */
  434. public function executeCached()
  435. {
  436. trigger_deprecation('contao/core-bundle', '4.0', 'Using "Contao\Statement::executeCached()" has been deprecated and will no longer work in Contao 5.0. Use "Contao\Statement::execute()" instead.');
  438. return \call_user_func_array(array($this, 'execute'), \func_get_args());
  439. }
  440. }
  442. class_alias(Statement::class, 'Database\Statement');