diff --git a/resources/classes/database.php b/resources/classes/database.php index 8b074a71a1..dfc51b64e2 100644 --- a/resources/classes/database.php +++ b/resources/classes/database.php @@ -585,7 +585,7 @@ include "root.php"; if (is_array($new_array)) { foreach ($new_array as $schema_name => $schema_array) { - $this->name = preg_replace('#[^a-zA-Z0-9_/]#', '', $schema_name); + $this->name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $schema_name); if (is_array($schema_array)) { foreach ($schema_array as $schema_id => $array) { @@ -1005,7 +1005,7 @@ include "root.php"; } //set the name if (isset($array['name'])) { - $this->name = preg_replace('#[^a-zA-Z0-9_/]#', '', $array['name']); + $this->name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $array['name']); } //set the uuid if (isset($array['uuid'])) { @@ -1139,7 +1139,7 @@ include "root.php"; $this->debug["sql"] = true; //start the atomic transaction - $this->db->beginTransaction(); +// $this->db->beginTransaction(); //debug info //echo "
\n";
@@ -1150,13 +1150,13 @@ include "root.php";
 				//loop through the array
 					if (is_array($new_array)) foreach ($new_array as $schema_name => $schema_array) {
 
-						$this->name = preg_replace('#[^a-zA-Z0-9_/]#', '', $schema_name);
+						$this->name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $schema_name);
 						if (is_array($schema_array)) foreach ($schema_array as $schema_id => $array) {
 
 							//set the variables
 								$table_name = "v_".$this->name;
 								$parent_key_name = $this->singular($this->name)."_uuid";
-								$parent_key_name = preg_replace('#[^a-zA-Z0-9_/]#', '', $parent_key_name);
+								$parent_key_name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $parent_key_name);
 
 							//if the uuid is set then set parent key exists and value 
 								//determine if the parent_key_exists
@@ -1176,13 +1176,13 @@ include "root.php";
 								}
 
 							//allow characters found in the uuid only.
-								$parent_key_value = preg_replace('#[^a-zA-Z0-9_/]#', '', $parent_key_value);
+								$parent_key_value = preg_replace('#[^a-zA-Z0-9_\-]#', '', $parent_key_value);
 
 							//get the parent field names
 								$parent_field_names = array();
 								if (is_array($array)) foreach ($array as $key => $value) {
 									if (!is_array($value)) {
-										$parent_field_names[] = preg_replace('#[^a-zA-Z0-9_/]#', '', $key);
+										$parent_field_names[] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $key);
 									}
 								}
 
@@ -1234,7 +1234,7 @@ include "root.php";
 											//}
 											if (is_array($array)) foreach ($array as $array_key => $array_value) {
 												if (!is_array($array_value)) {
-													$array_key = preg_replace('#[^a-zA-Z0-9_/]#', '', $array_key);
+													$array_key = preg_replace('#[^a-zA-Z0-9_\-]#', '', $array_key);
 													$sql .= $array_key.", ";
 												}
 											}
@@ -1253,8 +1253,9 @@ include "root.php";
 														$sql .= "now(), ";
 													}
 													else {
-														$sql .= "'".check_str($array_value)."', ";
-														//$sql .= ":".$array_key.", ";
+														//$sql .= "'".check_str($array_value)."', ";
+														$sql .= ':'.$array_key.", ";
+														$params[$array_key] = $array_value;
 													}
 												}
 											}
@@ -1262,24 +1263,12 @@ include "root.php";
 											$sql = str_replace(", )", ")", $sql);
 
 											$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-											//$prep_statement = $this->db->prepare($sql);
 
 											try {
-												//bind the parameters key and values
-												//if (is_array($array)) foreach ($array as $array_key => $array_value) {
-												//	if (!is_array($array_value)) {
-												//		if (strlen($array_value) == 0) {}
-												//		elseif ($array_value === "now()") {}
-												//		else {
-												//			$prep_statement->bindParam(':'.$array_key, $array_value);
-												//			$params[$array_key] = $array_value;
-												//		}
-												//	}
-												//}
-
-												$this->db->query(check_sql($sql));
-												//$prep_statement->execute();
-												//unset($prep_statement);
+												//$this->db->query(check_sql($sql));
+												$prep_statement = $this->db->prepare($sql);
+												$prep_statement->execute($params);
+												unset($prep_statement);
 												$message["message"] = "OK";
 												$message["code"] = "200";
 												$message["uuid"] = $parent_key_value;
@@ -1289,9 +1278,10 @@ include "root.php";
 												$message["details"][$m]["uuid"] = $parent_key_value;
 												if ($this->debug["sql"]) {
 													$message["details"][$m]["sql"] = $sql;
-													//if (is_array($params)) {
-													//	$message["details"][$m]["params"] = $params;
-													//}
+													if (is_array($params)) {
+														$message["details"][$m]["params"] = $params;
+														unset($params);
+													}
 												}
 												$this->message = $message;
 												$m++;
@@ -1302,11 +1292,13 @@ include "root.php";
 												$message["details"][$m]["name"] = $this->name;
 												$message["details"][$m]["message"] = $e->getMessage();
 												$message["details"][$m]["code"] = "400";
+												$message["details"][$m]["array"] = $array;
 												if ($this->debug["sql"]) {
 													$message["details"][$m]["sql"] = $sql;
-													//if (is_array($params)) {
-													//	$message["details"][$m]["params"] = $params;
-													//}
+													if (is_array($params)) {
+														$message["details"][$m]["params"] = $params;
+														unset($params);
+													}
 												}
 												//print_r($message);
 												$this->message = $message;
@@ -1333,7 +1325,7 @@ include "root.php";
 											if (is_array($array)) {
 												foreach ($array as $array_key => $array_value) {
 													if (!is_array($array_value) && $array_key != $parent_key_name) {
-														$array_key = preg_replace('#[^a-zA-Z0-9_/]#', '', $array_key);
+														$array_key = preg_replace('#[^a-zA-Z0-9_\-]#', '', $array_key);
 														if (strlen($array_value) == 0) {
 															$sql .= $array_key." = null, ";
 														}
@@ -1341,7 +1333,9 @@ include "root.php";
 															$sql .= $array_key." = now(), ";
 														}
 														else {
-															$sql .= $array_key." = '".check_str($array_value)."', ";
+															//$sql .= $array_key." = '".check_str($array_value)."', ";
+															$sql .= $array_key." = :".$array_key.", ";
+															$params[$array_key] = $array_value;
 														}
 													}
 												}
@@ -1350,7 +1344,9 @@ include "root.php";
 											$sql = str_replace(", WHERE", " WHERE", $sql);
 											$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 											try {
-												$this->db->query(check_sql($sql));
+												$prep_statement = $this->db->prepare($sql);
+												$prep_statement->execute($params);
+												//$this->db->query(check_sql($sql));
 												$message["message"] = "OK";
 												$message["code"] = "200";
 												$message["uuid"] = $parent_key_value;
@@ -1360,6 +1356,10 @@ include "root.php";
 												$message["details"][$m]["uuid"] = $parent_key_value;
 												if ($this->debug["sql"]) {
 													$message["details"][$m]["sql"] = $sql;
+													if (is_array($params)) {
+														$message["details"][$m]["params"] = $params;
+														unset($params);
+													}
 												}
 												$this->message = $message;
 												$m++;
@@ -1373,6 +1373,10 @@ include "root.php";
 												$message["details"][$m]["code"] = "400";
 												if ($this->debug["sql"]) {
 													$message["details"][$m]["sql"] = $sql;
+													if (is_array($params)) {
+														$message["details"][$m]["params"] = $params;
+														unset($params);
+													}
 												}
 												$this->message = $message;
 												$m++;
@@ -1396,11 +1400,11 @@ include "root.php";
 
 									if (is_array($value)) {
 											$table_name = "v_".$key;
-											$table_name = preg_replace('#[^a-zA-Z0-9_/]#', '', $table_name);
+											$table_name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $table_name);
 											foreach ($value as $id => $row) {
 												//prepare the variables
 													$child_name = $this->singular($key);
-													$child_name = preg_replace('#[^a-zA-Z0-9_/]#', '', $child_name);
+													$child_name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $child_name);
 													$child_key_name = $child_name."_uuid";
 
 												//determine if the parent key exists in the child array
@@ -1425,13 +1429,13 @@ include "root.php";
 													}
 
 												//allow characters found in the uuid only.
-													$child_key_value = preg_replace('#[^a-zA-Z0-9_/]#', '', $child_key_value);
+													$child_key_value = preg_replace('#[^a-zA-Z0-9_\-]#', '', $child_key_value);
 
 												//get the child field names
 													$child_field_names = array();
 													if (is_array($row)) foreach ($row as $k => $v) {
 														if (!is_array($v)) {
-															$child_field_names[] = preg_replace('#[^a-zA-Z0-9_/]#', '', $k);
+															$child_field_names[] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k);
 														}
 													}
 
@@ -1469,7 +1473,7 @@ include "root.php";
 															if (is_array($row)) {
 																foreach ($row as $k => $v) {
 																	if (!is_array($v) && ($k != $parent_key_name || $k != $child_key_name)) {
-																		$k = preg_replace('#[^a-zA-Z0-9_/]#', '', $k);
+																		$k = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k);
 																		if (strlen($v) == 0) {
 																			$sql .= $k." = null, ";
 																		}
@@ -1477,7 +1481,9 @@ include "root.php";
 																			$sql .= $k." = now(), ";
 																		}
 																		else {
-																			$sql .= "$k = '".check_str($v)."', ";
+																			//$sql .= "$k = '".check_str($v)."', ";
+																			$sql .= $array_key." = :".$array_key.", ";
+																			$params[$array_key] = $array_value;
 																		}
 																	}
 																}
@@ -1490,13 +1496,19 @@ include "root.php";
 															//$prep_statement->bindParam(':domain_uuid', $_SESSION["domain_uuid"] );
 
 															try {
-																$this->db->query(check_sql($sql));
+																//$this->db->query(check_sql($sql));
+																$prep_statement = $this->db->prepare($sql);
+																$prep_statement->execute($params);
 																$message["details"][$m]["name"] = $key;
 																$message["details"][$m]["message"] = "OK";
 																$message["details"][$m]["code"] = "200";
 																$message["details"][$m]["uuid"] = $child_key_value;
 																if ($this->debug["sql"]) {
 																	$message["details"][$m]["sql"] = $sql;
+																	if (is_array($params)) {
+																		$message["details"][$m]["params"] = $params;
+																		unset($params);
+																	}
 																}
 																$this->message = $message;
 																$m++;
@@ -1511,6 +1523,10 @@ include "root.php";
 																$message["details"][$m]["code"] = "400";
 																if ($this->debug["sql"]) {
 																	$message["details"][$m]["sql"] = $sql;
+																	if (is_array($params)) {
+																		$message["details"][$m]["params"] = $params;
+																		unset($params);
+																	}
 																}
 																$this->message = $message;
 																$m++;
@@ -1559,7 +1575,7 @@ include "root.php";
 														if (is_array($row)) {
 															foreach ($row as $k => $v) {
 																if (!is_array($v)) {
-																	$k = preg_replace('#[^a-zA-Z0-9_/]#', '', $k);
+																	$k = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k);
 																	$sql .= $k.", ";
 																}
 															}
@@ -1583,7 +1599,10 @@ include "root.php";
 																		$sql .= "now(), ";
 																	}
 																	else {
-																		$sql .= "'".check_str($v)."', ";
+																		$k = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k);
+																		//$sql .= "'".check_str($v)."', ";
+																		$sql .= ':'.$k.", ";
+																		$params[$k] = $v;
 																	}
 																}
 															}
@@ -1592,13 +1611,20 @@ include "root.php";
 														$sql = str_replace(", )", ")", $sql);
 														$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 														try {
-															$this->db->query(check_sql($sql));
+															//$this->db->query(check_sql($sql));
+															$prep_statement = $this->db->prepare($sql);
+															$prep_statement->execute($params);
+															unset($prep_statement);
 															$message["details"][$m]["name"] = $key;
 															$message["details"][$m]["message"] = "OK";
 															$message["details"][$m]["code"] = "200";
 															$message["details"][$m]["uuid"] = $child_key_value;
 															if ($this->debug["sql"]) {
 																$message["details"][$m]["sql"] = $sql;
+																if (is_array($params)) {
+																	$message["details"][$m]["params"] = $params;
+																	unset($params);
+																}
 															}
 															$this->message = $message;
 															$m++;
@@ -1613,6 +1639,10 @@ include "root.php";
 															$message["details"][$m]["code"] = "400";
 															if ($this->debug["sql"]) {
 																$message["details"][$m]["sql"] = $sql;
+																if (is_array($params)) {
+																	$message["details"][$m]["params"] = $params;
+																	unset($params);
+																}
 															}
 															$this->message = $message;
 															$m++;
@@ -1655,7 +1685,7 @@ include "root.php";
 					$this->message = $message;
 
 				//commit the atomic transaction
-					$this->db->commit();
+//					$this->db->commit();
 
 				//get the UUIDs
 					$user_uuid = $_SESSION['user_uuid'];