Conversation
Adds `esc_sql_value()` method that tries to make an educated guess about whether the value should be quoted or not. Uses a list of reserved keywords from the Drupal project found here: https://www.drupal.org/docs/develop/coding-standards/list-of-sql-reserved-words Fixes #58
|
Sorry I'm not getting this, all that needs to be done is to quote the Edit: actually it would be best if it only quoted if not a number to avoid MySQL's implicit type conversion. |
|
Yes, you are right. I built a general value quoting mechanism, but we're only dealing with a primary key here. I'll remove all unneeded processing for now, as it is complexity we don't need to deal with yet. |
|
Okay the tests are failing due to wp-cli/wp-cli#4624. I'll do a PR very shortly to adjust them. |
| `updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, | ||
| PRIMARY KEY (`name`) | ||
| ) ENGINE=InnoDB; | ||
| INSERT INTO `wp_123_test` VALUES ('test_val','off','2016-11-15 14:41:33','2016-11-15 21:41:33'); |
There was a problem hiding this comment.
Need further test keys here, eg
INSERT INTO `wp_123_test` VALUES ('123.','off','2016-11-15 14:41:33','2016-11-15 21:41:33');
INSERT INTO `wp_123_test` VALUES ('quote\'quote','off','2016-11-15 14:41:33','2016-11-15 21:41:33');
INSERT INTO `wp_123_test` VALUES ('0','off','2016-11-15 14:41:33','2016-11-15 21:41:33');
INSERT INTO `wp_123_test` VALUES ('','off','2016-11-15 14:41:33','2016-11-15 21:41:33');
src/Search_Replace_Command.php
Outdated
| private static function esc_sql_value( $values ) { | ||
| $quote = function ( $v ) { | ||
| // Don't quote numeric values to MySQL's implicit type conversion. | ||
| if ( is_numeric( $v ) ) { |
There was a problem hiding this comment.
I'd prefer to only not quote decimal integer values rather than general numerics as PHP's definition may or may not match MySQL's definition. Highly unlikely and haven't been able to make it fail (!) but maybe just:
if ( '' !== $v && strlen( $v ) === strspn( $v, '0123456789' ) ) {
Tables with anything other than ints or strings as primary keys would be very rare anyway.
There was a problem hiding this comment.
Agree, but used a different check.
src/Search_Replace_Command.php
Outdated
| } | ||
|
|
||
| // Put any string values between single quotes. | ||
| return "'" . str_replace( "'", "''", esc_sql( $v ) ) . "'"; |
There was a problem hiding this comment.
The str_replace() should not be there.
src/Search_Replace_Command.php
Outdated
| */ | ||
| private static function esc_sql_value( $values ) { | ||
| $quote = function ( $v ) { | ||
| // Don't quote numeric values to MySQL's implicit type conversion. |
Quote SQL values in --regex code
Adds
esc_sql_value()method that tries to make an educated guess about whether the value should be quoted or not.Uses a list of reserved keywords from the Drupal project found here: https://www.drupal.org/docs/develop/coding-standards/list-of-sql-reserved-words
Fixes #58