Merge branch '3'

This commit is contained in:
Daniel Hensby 2016-09-16 12:07:22 +01:00
commit f65168ef8d
No known key found for this signature in database
GPG Key ID: B00D1E9767F0B06E
6 changed files with 113 additions and 54 deletions

View File

@ -190,21 +190,20 @@ abstract class Database {
* *
* @param string $sql Query to run, and single parameter to callback * @param string $sql Query to run, and single parameter to callback
* @param callable $callback Callback to execute code * @param callable $callback Callback to execute code
* @param array $parameters Parameters to display * @param array $parameters Parameters for any parameterised query
* @return mixed Result of query * @return mixed Result of query
*/ */
protected function benchmarkQuery($sql, $callback, $parameters = null) { protected function benchmarkQuery($sql, $callback, $parameters = array()) {
if (isset($_REQUEST['showqueries']) && Director::isDev()) { if (isset($_REQUEST['showqueries']) && Director::isDev()) {
$this->queryCount++; $this->queryCount++;
$starttime = microtime(true); $starttime = microtime(true);
$result = $callback($sql); $result = $callback($sql);
$endtime = round(microtime(true) - $starttime, 4); $endtime = round(microtime(true) - $starttime, 4);
$message = $sql; // replace parameters as closely as possible to what we'd expect the DB to put in
if($parameters) { if (strtolower($_REQUEST['showqueries']) == 'inline') {
$message .= "\nparams: \"" . implode('", "', $parameters) . '"'; $sql = DB::inline_parameters($sql, $parameters);
} }
Debug::message("\n$this->queryCount: {$message}\n{$endtime}s\n", false); Debug::message("\n$sql\n{$endtime}s\n", false);
return $result; return $result;
} else { } else {
return $callback($sql); return $callback($sql);

View File

@ -128,6 +128,12 @@ class PDOConnector extends DBConnector {
$server .= ",{$parameters['port']}"; $server .= ",{$parameters['port']}";
} }
$dsn[] = "Server=$server"; $dsn[] = "Server=$server";
} elseif ($parameters['driver'] === 'dblib') {
$server = $parameters['server'];
if (!empty($parameters['port'])) {
$server .= ":{$parameters['port']}";
}
$dsn[] = "host={$server}";
} else { } else {
if (!empty($parameters['server'])) { if (!empty($parameters['server'])) {
// Use Server instead of host for sqlsrv // Use Server instead of host for sqlsrv

View File

@ -303,6 +303,60 @@ class DB {
return implode($join, array_fill(0, $number, '?')); return implode($join, array_fill(0, $number, '?'));
} }
/**
* @param string $sql The parameterised query
* @param array $parameters The parameters to inject into the query
*
* @return string
*/
public static function inline_parameters($sql, $parameters) {
$segments = preg_split('/\?/', $sql);
$joined = '';
$inString = false;
$numSegments = count($segments);
for($i = 0; $i < $numSegments; $i++) {
$input = $segments[$i];
// Append next segment
$joined .= $segments[$i];
// Don't add placeholder after last segment
if($i === $numSegments - 1) {
break;
}
// check string escape on previous fragment
// Remove escaped backslashes, count them!
$input = preg_replace('/\\\\\\\\/', '', $input);
// Count quotes
$totalQuotes = substr_count($input, "'"); // Includes double quote escaped quotes
$escapedQuotes = substr_count($input, "\\'");
if((($totalQuotes - $escapedQuotes) % 2) !== 0) {
$inString = !$inString;
}
// Append placeholder replacement
if($inString) {
// Literal question mark
$joined .= '?';
continue;
}
// Encode and insert next parameter
$next = array_shift($parameters);
if(is_array($next) && isset($next['value'])) {
$next = $next['value'];
}
if (is_bool($next)) {
$value = $next ? '1' : '0';
}
elseif (is_int($next)) {
$value = $next;
}
else {
$value = DB::is_active() ? Convert::raw2sql($next, true) : $next;
}
$joined .= $value;
}
return $joined;
}
/** /**
* Execute the given SQL parameterised query with the specified arguments * Execute the given SQL parameterised query with the specified arguments
* *

View File

@ -815,7 +815,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
$id = Member::currentUserID(); $id = Member::currentUserID();
if($id) { if($id) {
return Member::get()->byID($id); return DataObject::get_by_id('SilverStripe\\Security\\Member', $id);
} }
return null; return null;
} }

File diff suppressed because one or more lines are too long

View File

@ -38,8 +38,8 @@ Append the option and corresponding value to your URL in your browser's address
## Database ## Database
| URL Variable | | Values | | Description | | URL Variable | | Values | | Description |
| ------------ | | ------ | | ----------- | | ------------ | | --------- | | ----------- |
| showqueries | | 1 | | List all SQL queries executed | | showqueries | | 1\|inline | | List all SQL queries executed, the `inline` option will do a fudge replacement of parameterised queries |
| previewwrite | | 1 | | List all insert / update SQL queries, and **don't** execute them. Useful for previewing writes to the database. | | previewwrite | | 1 | | List all insert / update SQL queries, and **don't** execute them. Useful for previewing writes to the database. |
## Security Redirects ## Security Redirects