@@ 253-275 (lines=23) @@ | ||
250 | // if the operand is IN don't quote it because quoting should be done already. |
|
251 | if (is_numeric($pair['value'])) { |
|
252 | $value = $this->db->sanitizeString($pair['value']); |
|
253 | } else if (is_array($pair['value'])) { |
|
254 | $values_array = []; |
|
255 | ||
256 | foreach ($pair['value'] as $pair_value) { |
|
257 | if (is_numeric($pair_value)) { |
|
258 | $values_array[] = $this->db->sanitizeString($pair_value); |
|
259 | } else { |
|
260 | $values_array[] = "'" . $this->db->sanitizeString($pair_value) . "'"; |
|
261 | } |
|
262 | } |
|
263 | ||
264 | if ($values_array) { |
|
265 | $value = '(' . implode(', ', $values_array) . ')'; |
|
266 | } |
|
267 | ||
268 | // @todo allow support for non IN operands with array of values. |
|
269 | // will have to do more silly joins. |
|
270 | $operand = 'IN'; |
|
271 | } else if ($trimmed_operand == 'in') { |
|
272 | $value = "({$pair['value']})"; |
|
273 | } else { |
|
274 | $value = "'" . $this->db->sanitizeString($pair['value']) . "'"; |
|
275 | } |
|
276 | ||
277 | $name = $this->db->sanitizeString($name_prefix . $pair['name']); |
|
278 |
@@ 635-657 (lines=23) @@ | ||
632 | $value = $this->db->sanitizeString($pair['value']); |
|
633 | } else if (is_bool($pair['value'])) { |
|
634 | $value = (int) $pair['value']; |
|
635 | } else if (is_array($pair['value'])) { |
|
636 | $values_array = []; |
|
637 | ||
638 | foreach ($pair['value'] as $pair_value) { |
|
639 | if (is_numeric($pair_value) && !in_array($num_test_operand, $num_safe_operands)) { |
|
640 | $values_array[] = $this->db->sanitizeString($pair_value); |
|
641 | } else { |
|
642 | $values_array[] = "'" . $this->db->sanitizeString($pair_value) . "'"; |
|
643 | } |
|
644 | } |
|
645 | ||
646 | if ($values_array) { |
|
647 | $value = '(' . implode(', ', $values_array) . ')'; |
|
648 | } |
|
649 | ||
650 | // @todo allow support for non IN operands with array of values. |
|
651 | // will have to do more silly joins. |
|
652 | $operand = 'IN'; |
|
653 | } else if ($trimmed_operand == 'in') { |
|
654 | $value = "({$pair['value']})"; |
|
655 | } else { |
|
656 | $value = "'" . $this->db->sanitizeString($pair['value']) . "'"; |
|
657 | } |
|
658 | ||
659 | $name = $this->db->sanitizeString($pair['name']); |
|
660 |