diff options
author | Jamie Matthews <[email protected]> | 2010-02-26 21:08:06 +0000 |
---|---|---|
committer | Jamie Matthews <[email protected]> | 2010-02-26 21:08:06 +0000 |
commit | b3fe39d3a7da8c6d8759e9c668e1536bb3b1daf1 (patch) | |
tree | b4baa477aa4f4e739f1f065a6d0684b2a0709f18 /test/test_queries.php | |
parent | d5df1bdbcb4c1c3645a138337a01e7699bd42f9a (diff) |
Fixed multiple bugs in query building
* ORDER BY, LIMIT and OFFSET parameters cannot be bound to the query
as the database surrounds them with quotes, formining invalid SQL.
They are now simply concatenated to the SQL string. The documentation
has been updated to mark these as "unsafe" and not suitable for use with
unfiltered user input.
* ORDER BY should come before LIMIT and OFFSET.
Diffstat (limited to 'test/test_queries.php')
-rw-r--r-- | test/test_queries.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/test/test_queries.php b/test/test_queries.php index ac90c5e..249b1df 100644 --- a/test/test_queries.php +++ b/test/test_queries.php @@ -35,27 +35,27 @@ Tester::check_equal("where_like method", $expected); ORM::for_table('widget')->limit(5)->find_one(); - $expected = 'SELECT * FROM widget LIMIT "5"'; + $expected = 'SELECT * FROM widget LIMIT 5'; Tester::check_equal("LIMIT clause", $expected); ORM::for_table('widget')->limit(5)->offset(5)->find_one(); - $expected = 'SELECT * FROM widget LIMIT "5" OFFSET "5"'; + $expected = 'SELECT * FROM widget LIMIT 5 OFFSET 5'; Tester::check_equal("LIMIT and OFFSET clause", $expected); ORM::for_table('widget')->order_by_desc('name')->find_one(); - $expected = 'SELECT * FROM widget ORDER BY "name" DESC'; + $expected = 'SELECT * FROM widget ORDER BY name DESC'; Tester::check_equal("ORDER BY DESC", $expected); ORM::for_table('widget')->order_by_asc('name')->find_one(); - $expected = 'SELECT * FROM widget ORDER BY "name" ASC'; + $expected = 'SELECT * FROM widget ORDER BY name ASC'; Tester::check_equal("ORDER BY ASC", $expected); ORM::for_table('widget')->order_by_asc('name')->order_by_desc('age')->find_one(); - $expected = 'SELECT * FROM widget ORDER BY "name" ASC, "age" DESC'; + $expected = 'SELECT * FROM widget ORDER BY name ASC, age DESC'; Tester::check_equal("Multiple ORDER BY", $expected); ORM::for_table('widget')->where('name', 'Fred')->limit(5)->offset(5)->order_by_asc('name')->find_many(); - $expected = 'SELECT * FROM widget WHERE name = "Fred" LIMIT "5" OFFSET "5" ORDER BY "name" ASC'; + $expected = 'SELECT * FROM widget WHERE name = "Fred" ORDER BY name ASC LIMIT 5 OFFSET 5'; Tester::check_equal("Complex query", $expected); ORM::for_table('widget')->where_raw('name = ? AND (age = ? OR age = ?)', array('Fred', 5, 10))->find_many(); |