diff options
author | icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-05-28 11:02:14 +0000 |
---|---|---|
committer | icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-05-28 11:02:14 +0000 |
commit | 816f381791ed2fb993bcb070aac483bf15d36ea8 (patch) | |
tree | 68b62cdf25977e910dbadb8ba0f8b2836dcdf791 /engine/lib | |
parent | 8746c5bb08c96b63e7c81e592a4fe7bfd7da13d8 (diff) | |
download | elgg-816f381791ed2fb993bcb070aac483bf15d36ea8.tar.gz elgg-816f381791ed2fb993bcb070aac483bf15d36ea8.tar.bz2 |
Marcus Povey <marcus@dushka.co.uk>
* Fixed ACL where "where" is missing
* Added catch for exceptions
git-svn-id: https://code.elgg.org/elgg/trunk@733 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r-- | engine/lib/database.php | 117 |
1 files changed, 65 insertions, 52 deletions
diff --git a/engine/lib/database.php b/engine/lib/database.php index 6b8db1956..1cc348574 100644 --- a/engine/lib/database.php +++ b/engine/lib/database.php @@ -444,67 +444,80 @@ $sql = ""; - // Query prefix & fields - if (!empty($this->query_type)) - { - $sql .= "{$this->query_type} "; - - if (!empty($this->fields)) + try + { + // Query prefix & fields + if (!empty($this->query_type)) { - $fields = ""; + $sql .= "{$this->query_type} "; - foreach ($this->fields as $field) - $fields .= "$field"; + if (!empty($this->fields)) + { + $fields = ""; + + foreach ($this->fields as $field) + $fields .= "$field"; + + $sql .= " $fields from "; + } + } + else + throw new DatabaseException("Unrecognised or unspecified query type."); + + // Tables + if (!empty($this->tables)) + { + foreach($this->tables as $table) + $sql .= "$table, "; + + $sql = trim($sql, ", "); + } + + // Joins on select queries + if ($this->query_type->query_type == 'select') + { + if (!empty($this->joins)) + { + foreach($this->joins as $join) + $sql .= "$join "; + } + } + + // Where + if (!empty($this->where)) + { + $sql .= "where 1 "; - $sql .= " $fields from "; + foreach ($this->where as $where) + $sql .= "$where "; } - } - else - throw new DatabaseException("Unrecognised or unspecified query type."); + + // Access control + if (!empty($this->access_control)) + { + + // Catch missing Where + if (empty($this->where)) + $sql .= "where 1 "; - // Tables - if (!empty($this->tables)) - { - foreach($this->tables as $table) - $sql .= "$table, "; + $sql .= "{$this->access_control} "; + } + else + throw new DatabaseException("No access control was provided on query"); - $sql = trim($sql, ", "); - } - - // Joins on select queries - if ($this->query_type->query_type == 'select') - { - if (!empty($this->joins)) - { - foreach($this->joins as $join) - $sql .= "$join "; - } - } - - // Where - if (!empty($this->where)) - { - $sql .= "where 1 "; + // Limits + if (!empty($this->limit_and_offset)) + $sql .= "{$this->limit_and_offset} "; - foreach ($this->where as $where) - $sql .= "$where "; - } - - // Access control - if (!empty($this->access_control)) - $sql .= "{$this->access_control} "; - else - throw DatabaseException("No access control was provided on query"); + // Order by + if (!empty($this->order)) + $sql .= $this->order; - // Limits - if (!empty($this->limit_and_offset)) - $sql .= "{$this->limit_and_offset} "; - - // Order by - if (!empty($this->order)) - $sql .= $this->order; - + } catch (Exception $e) { + trigger_error($e, E_USER_WARNING); + } + return $sql; } |