Skip to content

P
PHP-MySQLi-Database-Class
Commit 682f3bea authored by Alexander Butenko's avatar Alexander Butenko
Browse files
Options

Input variables validation

parent e215dad1
Hide whitespace changes
Inline Side-by-side
Showing with 22 additions and 8 deletions
MysqliDb.php
View file @ 682f3bea
...@@ -175,9 +175,13 @@ class MysqliDb ...@@ -175,9 +175,13 @@ class MysqliDb
* *
* @return array Contains the returned rows from the select query. * @return array Contains the returned rows from the select query.
*/ */
public function get($tableName, $numRows = null) public function get($tableName, $numRows = null, $columns = '*')
{ {
$this->_query = "SELECT * FROM $tableName"; if (empty ($columns))
$columns = '*';
$column = is_array($columns) ? implode(', ', $columns) : $columns;
$this->_query = "SELECT $column FROM $tableName";
$stmt = $this->_buildQuery($numRows); $stmt = $this->_buildQuery($numRows);
$stmt->execute(); $stmt->execute();
$this->reset(); $this->reset();
...@@ -192,9 +196,9 @@ class MysqliDb ...@@ -192,9 +196,9 @@ class MysqliDb
* *
* @return array Contains the returned rows from the select query. * @return array Contains the returned rows from the select query.
*/ */
public function getOne($tableName) public function getOne($tableName, $columns = '*')
{ {
$res = $this->get ($tableName, 1); $res = $this->get ($tableName, 1, $columns);
return $res[0]; return $res[0];
} }
...@@ -283,13 +287,14 @@ class MysqliDb ...@@ -283,13 +287,14 @@ class MysqliDb
public function join($joinTable, $joinCondition, $joinType = '') public function join($joinTable, $joinCondition, $joinType = '')
{ {
$allowedTypes = array('LEFT', 'RIGHT', 'OUTER', 'INNER', 'LEFT OUTER', 'RIGHT OUTER'); $allowedTypes = array('LEFT', 'RIGHT', 'OUTER', 'INNER', 'LEFT OUTER', 'RIGHT OUTER');
$joinType = strtoupper (trim ($joinType));
$joinTable = filter_var($joinTable, FILTER_SANITIZE_STRING);
if ($joinType && in_array ($joinType, $allowedTypes)) if ($joinType && !in_array ($joinType, $allowedTypes))
$joinType = strtoupper (trim ($joinType)); die ('Wrong JOIN type: '.$joinType);
else
$joinType = '';
$this->_join[$joinType . " JOIN " . $joinTable] = $joinCondition; $this->_join[$joinType . " JOIN " . $joinTable] = $joinCondition;
return $this; return $this;
} }
/** /**
...@@ -304,6 +309,13 @@ class MysqliDb ...@@ -304,6 +309,13 @@ class MysqliDb
*/ */
public function orderBy($orderByField, $orderbyDirection) public function orderBy($orderByField, $orderbyDirection)
{ {
$allowedDirection = Array ("ASC", "DESC");
$orderbyDirection = strtoupper (trim ($orderbyDirection));
$orderByField = filter_var($orderByField, FILTER_SANITIZE_STRING);
if (empty($orderbyDirection) || !in_array ($orderbyDirection, $allowedDirection))
die ('Wrong order direction: '.$orderbyDirection);
$this->_orderBy[$orderByField] = $orderbyDirection; $this->_orderBy[$orderByField] = $orderbyDirection;
return $this; return $this;
} }
...@@ -319,6 +331,8 @@ class MysqliDb ...@@ -319,6 +331,8 @@ class MysqliDb
*/ */
public function groupBy($groupByField) public function groupBy($groupByField)
{ {
$groupByField = filter_var($groupByField, FILTER_SANITIZE_STRING);
$this->_groupBy[] = $groupByField; $this->_groupBy[] = $groupByField;
return $this; return $this;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023