From c12a6bd4d1b7728724c464c30ee769c11b7e4d31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9=20Courtier?= Date: Thu, 10 Nov 2022 17:10:51 +0100 Subject: [PATCH 1/2] FIX: GetNextValue() adding regexsql() function --- htdocs/core/db/DoliDB.class.php | 19 +++++++++++++++++++ htdocs/core/db/pgsql.class.php | 18 ++++++++++++++++++ htdocs/core/lib/functions2.lib.php | 7 ++++++- 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/htdocs/core/db/DoliDB.class.php b/htdocs/core/db/DoliDB.class.php index 63fec8968ec..31cc300fb2f 100644 --- a/htdocs/core/db/DoliDB.class.php +++ b/htdocs/core/db/DoliDB.class.php @@ -79,6 +79,25 @@ abstract class DoliDB implements Database { return 'IF('.$test.','.$resok.','.$resko.')'; } + + + /** + * Format a SQL REGEXP + * + * @param string $subject string tested + * @param string $pattern SQL pattern to match + * @param string $sqlstring whether or not the string being tested is an SQL expression + * @return string SQL string + */ + public function regexpsql($subject, $pattern, $sqlstring = false) + { + if ($sqlstring) { + return "(". $subject ." REGEXP '" . $pattern . "')"; + } + + return "('". $subject ."' REGEXP '" . $pattern . "')"; + } + /** * Convert (by PHP) a GM Timestamp date into a string date with PHP server TZ to insert into a date field. diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index 543e24a1b12..833be28d6bb 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -724,6 +724,24 @@ class DoliDBPgsql extends DoliDB return '(CASE WHEN '.$test.' THEN '.$resok.' ELSE '.$resko.' END)'; } + /** + * Format a SQL REGEXP + * + * @param string $subject string tested + * @param string $pattern SQL pattern to match + * @param string $sqlstring whether or not the string being tested is an SQL expression + * @return string SQL string + */ + public function regexpsql($subject, $pattern, $sqlstring = false) + { + if ($sqlstring) { + return "(". $subject ." ~ '" . $pattern . "')"; + } + + return "('". $subject ."' ~ '" . $pattern . "')"; + } + + /** * Renvoie le code erreur generique de l'operation precedente. * diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index 0035688c66f..b8a1135c838 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -1282,6 +1282,11 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $ $sql .= " FROM ".MAIN_DB_PREFIX.$table; $sql .= " WHERE ".$field." LIKE '".$db->escape($maskLike)."'"; $sql .= " AND ".$field." NOT LIKE '(PROV%)'"; + + // To ensure that all variables within the MAX() brackets are integers + $sql .= " AND ". $db->regexpsql($sqlstring, '^[0-9]+$', true); + + if ($bentityon) { // only if entity enable $sql .= " AND entity IN (".getEntity($sharetable).")"; } elseif (!empty($forceentity)) { @@ -1293,7 +1298,7 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $ if ($sqlwhere) { $sql .= ' AND '.$sqlwhere; } - + //print $sql.'
'; dol_syslog("functions2::get_next_value mode=".$mode."", LOG_DEBUG); $resql = $db->query($sql); From 97618510e52359892360657114a74839122cbf4c Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Thu, 10 Nov 2022 16:19:12 +0000 Subject: [PATCH 2/2] Fixing style errors. --- htdocs/core/db/DoliDB.class.php | 18 +++++++++--------- htdocs/core/db/pgsql.class.php | 16 ++++++++-------- htdocs/core/lib/functions2.lib.php | 10 +++++----- 3 files changed, 22 insertions(+), 22 deletions(-) diff --git a/htdocs/core/db/DoliDB.class.php b/htdocs/core/db/DoliDB.class.php index 31cc300fb2f..2116148adb8 100644 --- a/htdocs/core/db/DoliDB.class.php +++ b/htdocs/core/db/DoliDB.class.php @@ -79,23 +79,23 @@ abstract class DoliDB implements Database { return 'IF('.$test.','.$resok.','.$resko.')'; } - - - /** + + + /** * Format a SQL REGEXP * * @param string $subject string tested - * @param string $pattern SQL pattern to match + * @param string $pattern SQL pattern to match * @param string $sqlstring whether or not the string being tested is an SQL expression * @return string SQL string */ public function regexpsql($subject, $pattern, $sqlstring = false) { - if ($sqlstring) { - return "(". $subject ." REGEXP '" . $pattern . "')"; - } - - return "('". $subject ."' REGEXP '" . $pattern . "')"; + if ($sqlstring) { + return "(". $subject ." REGEXP '" . $pattern . "')"; + } + + return "('". $subject ."' REGEXP '" . $pattern . "')"; } diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index 833be28d6bb..ee72c63bc0d 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -724,24 +724,24 @@ class DoliDBPgsql extends DoliDB return '(CASE WHEN '.$test.' THEN '.$resok.' ELSE '.$resko.' END)'; } - /** + /** * Format a SQL REGEXP * * @param string $subject string tested - * @param string $pattern SQL pattern to match + * @param string $pattern SQL pattern to match * @param string $sqlstring whether or not the string being tested is an SQL expression * @return string SQL string */ public function regexpsql($subject, $pattern, $sqlstring = false) { - if ($sqlstring) { - return "(". $subject ." ~ '" . $pattern . "')"; - } - - return "('". $subject ."' ~ '" . $pattern . "')"; + if ($sqlstring) { + return "(". $subject ." ~ '" . $pattern . "')"; + } + + return "('". $subject ."' ~ '" . $pattern . "')"; } - + /** * Renvoie le code erreur generique de l'operation precedente. * diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index b8a1135c838..e194a45f9dc 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -1282,11 +1282,11 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $ $sql .= " FROM ".MAIN_DB_PREFIX.$table; $sql .= " WHERE ".$field." LIKE '".$db->escape($maskLike)."'"; $sql .= " AND ".$field." NOT LIKE '(PROV%)'"; - - // To ensure that all variables within the MAX() brackets are integers - $sql .= " AND ". $db->regexpsql($sqlstring, '^[0-9]+$', true); - + // To ensure that all variables within the MAX() brackets are integers + $sql .= " AND ". $db->regexpsql($sqlstring, '^[0-9]+$', true); + + if ($bentityon) { // only if entity enable $sql .= " AND entity IN (".getEntity($sharetable).")"; } elseif (!empty($forceentity)) { @@ -1298,7 +1298,7 @@ function get_next_value($db, $mask, $table, $field, $where = '', $objsoc = '', $ if ($sqlwhere) { $sql .= ' AND '.$sqlwhere; } - + //print $sql.'
'; dol_syslog("functions2::get_next_value mode=".$mode."", LOG_DEBUG); $resql = $db->query($sql);