From 8999b5f5e28f67d9cd4dd2933f0292221ce42de4 Mon Sep 17 00:00:00 2001 From: Yung Han Khoe Date: Sat, 15 Mar 2008 16:19:40 +0000 Subject: [PATCH] Collateral methods now quote table/column names. Removed Collateral methods from Thingy asset. --- lib/WebGUI/Asset/Wobject.pm | 22 ++++++---- lib/WebGUI/Asset/Wobject/Thingy.pm | 68 ------------------------------ 2 files changed, 14 insertions(+), 76 deletions(-) diff --git a/lib/WebGUI/Asset/Wobject.pm b/lib/WebGUI/Asset/Wobject.pm index afcb30e95..79cc80edc 100644 --- a/lib/WebGUI/Asset/Wobject.pm +++ b/lib/WebGUI/Asset/Wobject.pm @@ -136,7 +136,9 @@ sub deleteCollateral { my $table = shift; my $keyName = shift; my $keyValue = shift; - $self->session->db->write("delete from $table where $keyName=".$self->session->db->quote($keyValue)); + my $db = $self->session->db; + $self->session->db->write("delete from ".$db->dbh->quote_identifier($table) + ." where ".$db->dbh->quote_identifier($keyName)."=".$db->quote($keyValue)); $self->updateHistory("deleted collateral item ".$keyName." ".$keyValue); } @@ -204,10 +206,12 @@ sub getCollateral { my $table = shift; my $keyName = shift; my $keyValue = shift; + my $db = $self->session->db; if ($keyValue eq "new" || $keyValue eq "") { return {$keyName=>"new"}; } else { - return $self->session->db->quickHashRef("select * from $table where $keyName=".$self->session->db->quote($keyValue)); + return $db->quickHashRef("select * from ".$db->dbh->quote_identifier($table) + ." where ".$db->dbh->quote_identifier($keyName)."=?",[$keyValue]); } } @@ -432,17 +436,19 @@ sub setCollateral { my $useAssetId = shift; my $setName = shift || "assetId"; my $setValue = shift || $self->get($setName); + my $db = $self->session->db; my ($key, $seq, $dbkeys, $dbvalues); my $counter = 0; my $sql; if ($properties->{$keyName} eq "new" || $properties->{$keyName} eq "") { $properties->{$keyName} = $self->session->id->generate(); - $sql = "insert into $table ("; + $sql = "insert into ".$db->dbh->quote_identifier($table)." ("; my $dbkeys = ""; my $dbvalues = ""; unless ($useSequence eq "0") { unless (exists $properties->{sequenceNumber}) { - my ($seq) = $self->session->db->quickArray("select max(sequenceNumber) from $table where $setName=?",[$setValue]); + my ($seq) = $self->session->db->quickArray("select max(sequenceNumber) " + ." from ".$db->dbh->quote_identifier($table)." where $setName=?",[$setValue]); $properties->{sequenceNumber} = $seq+1; } } @@ -454,20 +460,20 @@ sub setCollateral { $dbkeys .= ','; $dbvalues .= ','; } - $dbkeys .= $key; + $dbkeys .= $db->dbh->quote_identifier($key); $dbvalues .= $self->session->db->quote($properties->{$key}); } $sql .= $dbkeys.') values ('.$dbvalues.')'; $self->updateHistory("added collateral item ".$table." ".$properties->{$keyName}); } else { - $sql = "update $table set "; + $sql = "update ".$db->dbh->quote_identifier($table)." set "; foreach my $key (keys %{$properties}) { unless ($key eq "sequenceNumber") { $sql .= ',' if ($counter++ > 0); - $sql .= $key."=".$self->session->db->quote($properties->{$key}); + $sql .= $db->dbh->quote_identifier($key)."=".$db->quote($properties->{$key}); } } - $sql .= " where $keyName=".$self->session->db->quote($properties->{$keyName}); + $sql .= " where ".$db->dbh->quote_identifier($keyName)."=".$db->quote($properties->{$keyName}); $self->updateHistory("edited collateral item ".$table." ".$properties->{$keyName}); } $self->session->db->write($sql); diff --git a/lib/WebGUI/Asset/Wobject/Thingy.pm b/lib/WebGUI/Asset/Wobject/Thingy.pm index f3905330b..b4341e1ef 100644 --- a/lib/WebGUI/Asset/Wobject/Thingy.pm +++ b/lib/WebGUI/Asset/Wobject/Thingy.pm @@ -2496,72 +2496,4 @@ sequenceNumber'); } -#------------------------------------------------------------------- -# Collateral methods can be removed after Collateral methods in Wobject.pm are updated to quote table/column names. -# - -sub setCollateral { - my $self = shift; - my $table = shift; - my $keyName = shift; - my $properties = shift; - my $useSequence = shift; - my $useAssetId = shift; - my $setName = shift || "assetId"; - my $setValue = shift || $self->get($setName); - my ($key, $seq, $dbkeys, $dbvalues); - my $counter = 0; - my $sql; - if ($properties->{$keyName} eq "new" || $properties->{$keyName} eq "") { - $properties->{$keyName} = $self->session->id->generate(); - $sql = "insert into ".$self->session->db->dbh->quote_identifier($table)." ("; - my $dbkeys = ""; - my $dbvalues = ""; - unless ($useSequence eq "0") { - unless (exists $properties->{sequenceNumber}) { - my ($seq) = $self->session->db->quickArray("select max(sequenceNumber) from $table where -$setName=?",[$setValue]); - $properties->{sequenceNumber} = $seq+1; - } - } - unless ($useAssetId eq "0") { - $properties->{assetId} = $self->get("assetId"); - } - foreach my $key (keys %{$properties}) { - if ($counter++ > 0) { - $dbkeys .= ','; - $dbvalues .= ','; - } - $dbkeys .= $self->session->db->dbh->quote_identifier($key); - $dbvalues .= $self->session->db->quote($properties->{$key}); - } - $sql .= $dbkeys.') values ('.$dbvalues.')'; - $self->updateHistory("added collateral item ".$table." ".$properties->{$keyName}); - } else { - $sql = "update ".$self->session->db->dbh->quote_identifier($table)." set "; - foreach my $key (keys %{$properties}) { - unless ($key eq "sequenceNumber") { - $sql .= ',' if ($counter++ > 0); - $sql .= $self->session->db->dbh->quote_identifier($key)."=".$self->session->db->quote($properties->{$key}); - } - } - $sql .= " where $keyName=".$self->session->db->quote($properties->{$keyName}); - $self->updateHistory("edited collateral item ".$table." ".$properties->{$keyName}); - } - $self->session->db->write($sql); - $self->reorderCollateral($table,$keyName,$setName,$setValue) if ($properties->{sequenceNumber} < 0); - return $properties->{$keyName}; -} - - -sub deleteCollateral { - my $self = shift; - my $table = shift; - my $keyName = shift; - my $keyValue = shift; - $self->session->db->write("delete from ".$self->session->db->dbh->quote_identifier($table) - ." where $keyName=".$self->session->db->quote($keyValue)); - $self->updateHistory("deleted collateral item ".$keyName." ".$keyValue); -} - 1;