Issues in SQLBuilder.php (master) - Issues in master - samsonframework/orm - Measure and Improve Code Quality continuously with Scrutinizer

Issues (72)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/SQLBuilder.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php declare(strict_types = 1);
/**
 * Created by Vitaly Iegorov <[email protected]>.
 * on 29.08.16 at 14:58
 */
namespace samsonframework\orm;

/**
 * SQL statement builder class.
 *
 * @author Vitaly Egorov <[email protected]>
 */
class SQLBuilder
{
    const NUMERIC_COLUMNS_TYPES = ['int', 'float', 'longint', 'smallint', 'tinyint'];
    const DATE_COLUMNS_TYPES = ['date', 'datetime', 'timestamp'];

    /**
     * Build update statement.
     *
     * @param TableMetadata  $tableMetadata Table metadata
     * @param array          $columnValues  Collection of columnName => columnValue
     * @param Condition|null $condition     Update filtering condition
     *
     * @return string Update SQL statement
     * @throws \InvalidArgumentException
     */
    public function buildUpdateStatement(TableMetadata $tableMetadata, array $columnValues, Condition $condition = null) : string
    {
        $sql = [];
        foreach ($columnValues as $columnName => $columnValue) {
            $columnName = $tableMetadata->getTableColumnName($columnName);

            // Check for null on not nullable columns
            if (!$tableMetadata->isColumnNullable($columnName) && $columnValue === null) {
                throw new \InvalidArgumentException(
                    sprintf(
                        'Cannot update column "%s::%s" with null - column is not nullable',
                        $tableMetadata->tableName,
                        $columnName
                    )
                );
            }

            // Do not update primary field
            if ($tableMetadata->getTablePrimaryField() === $columnName) {
                continue;
            }
            $sql[] = $this->buildFullColumnName($tableMetadata->tableName, $columnName) .
                $this->buildArgumentValue(
                    $columnValue,
                    $tableMetadata->getTableColumnType($columnName),
                    ArgumentInterface::EQUAL,
                    $tableMetadata->isColumnNullable($columnName),
                    $tableMetadata->getColumnDefaultValue($columnName)
                );
        }

        return 'UPDATE `' . $tableMetadata->tableName . '` SET ' . implode(', ', $sql)
        . ($condition !== null ? $this->buildWhereStatement($tableMetadata, $condition) : '');
    }

    /**
     * Build full table column name.
     *
     * @param string $tableName  Table name
     * @param string $columnName Field name
     *
     * @return string Full table column name
     */
    protected function buildFullColumnName(string $tableName, string $columnName) : string
    {
        return '`' . $tableName . '`.' . ($columnName === '*' ? '*' : '`' . $columnName . '`');
    }

    /**
     * Build argument value statement.
     *
     * @param string|array $value      Argument column value
     * @param string       $columnType Argument column type
     * @param string       $relation   Argument relation
     * @param bool         $nullable
     * @param string       $defaultValue
     *
     * @return string Argument relation with value statement
     */
    protected function buildArgumentValue(
        $value,
        string $columnType,
        string $relation,
        bool $nullable = false,
        $defaultValue = ''
    )
    {

        return is_array($value)
            ? $this->buildArrayValue($columnType, $value, $relation)
            : $this->buildValue($columnType, $value, $relation, $nullable, $defaultValue);
    }

    /**
     * Build array argument value statement.
     *
     * @param string $columnType Table column type
     * @param array  $value      Table column array value
     * @param string $relation   Table column relation to value
     *
     * @return string Array argument relation with value statement
     */
    protected function buildArrayValue(string $columnType, array $value, string $relation = 'IN') : string
    {
        $relation = $relation === ArgumentInterface::NOT_EQUAL ? 'NOT IN' : 'IN';

        return $this->isColumnNumeric($columnType)
            ? $this->buildNumericArrayValue($value, $relation)
            : $this->buildStringArrayValue($value, $relation);
    }

    /**
     * Define if table column type is numeric.
     *
     * @param string $columnType Table column type
     *
     * @return bool True if column type is numeric
     */
    protected function isColumnNumeric(string $columnType) : bool
    {
        return in_array($columnType, self::NUMERIC_COLUMNS_TYPES, true);
    }

    /**
     * Build array with numeric values statement.
     *
     * @param array  $value    Array with numeric values
     * @param string $relation Table column relation to value
     *
     * @return string Array with numeric values statement
     */
    protected function buildNumericArrayValue(array $value, string $relation) : string
    {
        return $relation . ' (' . implode(',', $value) . ')';
    }

    /**
     * Build array string value statement.
     *
     * @param array  $value    Array with string values
     * @param string $relation Table column relation to value
     *
     * @return string Array with string values statement
     */
    protected function buildStringArrayValue(array $value, string $relation) : string
    {
        return $relation . ' ("' . implode('","', $value) . '")';
    }

    /**
     * Build not array argument value statement.
     *
     * @param string $columnType Table column type
     * @param mixed  $value      Table column value
     * @param string $relation   Table column relation to value
     *
     * @return string Not array argument relation with value statement
     */
    protected function buildValue(
        string $columnType,
        $value,
        string $relation,
        bool $nullable = false,
        $defaultValue = ''
    ) : string
    {

        // Append space to relation if present
        $relation = strlen($relation) ? $relation . ' ' : '';
        
        if ($this->isColumnNumeric($columnType)) {
            return $relation . $this->buildNumericValue($value);
        } elseif ($this->isColumnDate($columnType)) {
            return $relation . $this->buildDateValue($value);
        } elseif (is_string($value)) {
            return $relation . $this->buildStringValue($value);
        } elseif ($value === null) {
            if ($nullable) {
                return $relation . $this->buildNullValue();
            } else {
                return $relation . $defaultValue;
            }
        }

        throw new \InvalidArgumentException('Cannot build column value ' . $value);
    }

    /**
     * Build not array numeric value statement.
     *
     * @param mixed $value Numeric value
     *
     * @return string Not array numeric value statement
     */
    protected function buildNumericValue($value) : string
    {
        return $value !== null ? (string)$value : '0';
    }

    /**
     * Define if table column type is date.
     *
     * @param string $columnType Table column type
     *
     * @return bool True if column type is date
     */
    protected function isColumnDate(string $columnType) : bool
    {
        return in_array($columnType, self::DATE_COLUMNS_TYPES, true);
    }

    /**
     * Build not array date value statement.
     *
     * @param mixed $value Date value
     *
     * @return string Not array date value statement
     */
    protected function buildDateValue($value) : string
    {
        return '"' . $value . '"';
    }

    /**
     * Build not array string value statement.
     *
     * @param string $value String value
     *
     * @return string Not array string value statement
     */
    protected function buildStringValue(string $value) : string
    {
        return '"' . $value . '"';
    }

    /**
     * Build not array NULL value statement.
     *
     * @return string Not array string value statement
     */
    protected function buildNullValue() : string
    {
        return 'NULL';
    }

    /**
     * Build where statement.
     *
     * @param TableMetadata $metadata
     * @param Condition     $condition
     *
     * @return string Limitation statement
     * @throws \InvalidArgumentException
     *
     */
    public function buildWhereStatement(TableMetadata $metadata, Condition $condition) : string
    {
        $conditions = [];

        foreach ($condition as $argument) {
            if ($argument instanceof ConditionInterface) {
                $result = $this->buildWhereStatement($metadata, $argument);
            } else {
                $result = $this->buildArgumentCondition($argument, $metadata);
<?php

function getDate($date)
{
    if ($date !== null) {
        return new DateTime($date);
    }

    return false;
}
            }
            if (isset($result{0})) {
                $conditions[] = $result;
            }
        }

        if (count($conditions)) {
            return '(' . implode(') ' . $condition->relation . ' (', $conditions) . ')';
        } else { // If arguments is empty return empty where statement
            return '';
        }
    }

    /**
     * Build argument condition.
     *
     * @param Argument      $argument Condition argument
     * @param TableMetadata $metadata Table metadata
     *
     * @return string Argument condition statement
     * @throws \InvalidArgumentException If argument column does not exist
     */
    protected function buildArgumentCondition(Argument $argument, TableMetadata $metadata)
    {
        switch ($argument->relation) {
            case ArgumentInterface::OWN:
                return $this->buildOwnCondition($argument->field);
            case ArgumentInterface::ISNULL:
            case ArgumentInterface::NOTNULL:
                $columnName = $metadata->getTableColumnName($argument->field);
                return $this->buildNullCondition($columnName, $argument->relation);
            default:
                $columnName = $metadata->getTableColumnName($argument->field);
                return $this->buildCondition(
                    $columnName,
                    $this->buildArgumentValue(
                        $argument->value,
                        $metadata->getTableColumnType($columnName),
                        $argument->relation
                    )
                );
        }
    }

    /**
     * Build own  condition statement.
     *
     * @param string $ownCondition Condition statement
     *
     * @return string Own condition statement
     */
    protected function buildOwnCondition(string $ownCondition) : string
    {
        return $this->buildCondition($ownCondition);
    }

    /**
     * Build generic condition statement.
     *
     * @param string $columnName Table column name
     * @param string $relation   Table column value relation
     * @param string $value      Table column value
     *
     * @return string Generic condition statement
     */
    protected function buildCondition(string $columnName, string $relation = '', string $value = '') : string
    {
        return trim($columnName . ' ' . $relation . ' ' . $value);
    }

    /**
     * Build is null/not null condition statement.
     *
     * @param string $columnName Table column name
     * @param string $nullRelation Table column null relation
     *
     * @return string Is null/not null condition statement
     */
    protected function buildNullCondition(string $columnName, string $nullRelation) : string
    {
        return $this->buildCondition($columnName, $nullRelation);
    }

    /**
     * Build insert statement.
     *
     * @param TableMetadata $tableMetadata Table metadata
     * @param array         $columnValues  Collection of columnName => columnValue
     *
     * @return string Insert SQL statement
     * @throws \InvalidArgumentException
     */
    public function buildInsertStatement(TableMetadata $tableMetadata, array $columnValues) : string
    {
        $valuesSQL = [];
        $columnNames = [];
        foreach ($columnValues as $columnName => $columnValue) {
            $columnNames[] = $columnName = $tableMetadata->getTableColumnName($columnName);
            $valuesSQL[] = $this->buildArgumentValue(
                $columnValue,
                $tableMetadata->columnTypes[$columnName],
                '',
                $tableMetadata->columnNullable[$columnName],
                $tableMetadata->columnDefaults[$columnName]
            );
        }

        $sql = 'INSERT INTO `' . $tableMetadata->tableName . '` (`' . implode('`, `', $columnNames) . '`) ';
        $sql .= 'VALUES (' . implode(', ', $valuesSQL) . ')';

        return $sql;
    }

    /**
     * Build selected fields SELECT statement part.
     *
     * @param array $tableColumns Tables and column names collection
     *
     * @return string SELECT statement
     */
    public function buildSelectStatement(array $tableColumns) : string
    {
        return 'SELECT ' . implode(', ', $this->buildFullColumnNames($tableColumns));
    }

    /**
     * Build full table column names collection.
     *
     * @param array $tableColumns Tables and column names collection
     *
     * @return array Collection of full column names for query
     */
    protected function buildFullColumnNames(array $tableColumns) : array
    {
        $grouping = [];
        foreach ($tableColumns as $tableName => $columnNames) {
            /** @var array $columnNames */
            foreach ($columnNames = is_array($columnNames) ? $columnNames : [$columnNames] as $columnName) {
                $grouping[] = $this->buildFullColumnName($tableName, $columnName);
            }
        }

        return $grouping;
    }

    /**
     * Build FROM statement part.
     *
     * @param array $tableNames Tables and column names collection
     *
     * @return string FROM statement
     */
    public function buildFromStatement(array $tableNames = []) : string
    {
        return 'FROM `' . implode('`, `', $tableNames) . '`';
    }

    /**
     * Build grouping statement.
     *
     * @param array $tableColumns Tables and column names collection
     *
     * @return string Grouping statement
     */
    public function buildGroupStatement(array $tableColumns) : string
    {
        return 'GROUP BY ' . implode(', ', $this->buildFullColumnNames($tableColumns));
    }

    /**
     * Build ordering statement.
     *
     * @param array $tableColumns Tables and column names collection
     * @param array $orders       Collection of columns sorting order
     *
     * @return string Ordering statement
     * @throws \InvalidArgumentException
     */
    public function buildOrderStatement(array $tableColumns, array $orders) : string
    {
        $ordering = [];
        $i = 0;
        foreach ($this->buildFullColumnNames($tableColumns) as $columnName) {
            $ordering[] = $columnName . ' ' . ($orders[$i++] ?? 'ASC');
        }

        return 'ORDER BY ' . implode(', ', $ordering);
    }

    /**
     * Build limitation statement.
     *
     * @param int $rows   Rows amount for limitation
     * @param int $offset Rows offset
     *
     * @return string Limitation statement
     */
    public function buildLimitStatement(int $rows, int $offset = 0) : string
    {
        return 'LIMIT ' . $offset . ', ' . $rows;
    }
}


1			<?php declare(strict_types = 1);
2			/**
3			* Created by Vitaly Iegorov <[email protected]>.
4			* on 29.08.16 at 14:58
5			*/
6			namespace samsonframework\orm;
7
8			/**
9			* SQL statement builder class.
10			*
11			* @author Vitaly Egorov <[email protected]>
12			*/
13			class SQLBuilder
14			{
15			const NUMERIC_COLUMNS_TYPES = ['int', 'float', 'longint', 'smallint', 'tinyint'];
16			const DATE_COLUMNS_TYPES = ['date', 'datetime', 'timestamp'];
17
18			/**
19			* Build update statement.
20			*
21			* @param TableMetadata $tableMetadata Table metadata
22			* @param array $columnValues Collection of columnName => columnValue
23			* @param Condition\|null $condition Update filtering condition
24			*
25			* @return string Update SQL statement
26			* @throws \InvalidArgumentException
27			*/
28			public function buildUpdateStatement(TableMetadata $tableMetadata, array $columnValues, Condition $condition = null) : string
29			{
30			$sql = [];
31			foreach ($columnValues as $columnName => $columnValue) {
32			$columnName = $tableMetadata->getTableColumnName($columnName);
33
34			// Check for null on not nullable columns
35			if (!$tableMetadata->isColumnNullable($columnName) && $columnValue === null) {
36			throw new \InvalidArgumentException(
37			sprintf(
38			'Cannot update column "%s::%s" with null - column is not nullable',
39			$tableMetadata->tableName,
40			$columnName
41			)
42			);
43			}
44
45			// Do not update primary field
46			if ($tableMetadata->getTablePrimaryField() === $columnName) {
47			continue;
48			}
49			$sql[] = $this->buildFullColumnName($tableMetadata->tableName, $columnName) .
50			$this->buildArgumentValue(
51			$columnValue,
52			$tableMetadata->getTableColumnType($columnName),
53			ArgumentInterface::EQUAL,
54			$tableMetadata->isColumnNullable($columnName),
55			$tableMetadata->getColumnDefaultValue($columnName)
56			);
57			}
58
59			return 'UPDATE `' . $tableMetadata->tableName . '` SET ' . implode(', ', $sql)
60			. ($condition !== null ? $this->buildWhereStatement($tableMetadata, $condition) : '');
61			}
62
63			/**
64			* Build full table column name.
65			*
66			* @param string $tableName Table name
67			* @param string $columnName Field name
68			*
69			* @return string Full table column name
70			*/
71			protected function buildFullColumnName(string $tableName, string $columnName) : string
72			{
73			return '`' . $tableName . '`.' . ($columnName === '' ? '' : '`' . $columnName . '`');
74			}
75
76			/**
77			* Build argument value statement.
78			*
79			* @param string\|array $value Argument column value
80			* @param string $columnType Argument column type
81			* @param string $relation Argument relation
82			* @param bool $nullable
83			* @param string $defaultValue
84			*
85			* @return string Argument relation with value statement
86			*/
87			protected function buildArgumentValue(
88			$value,
89			string $columnType,
90			string $relation,
91			bool $nullable = false,
92			$defaultValue = ''
93			)
94			{
			0 ignored issues – show Coding Style introduced 2016-10-04 18:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this The closing parenthesis and the opening brace of a multi-line function declaration must be on the same line Loading history...
95			return is_array($value)
96			? $this->buildArrayValue($columnType, $value, $relation)
97			: $this->buildValue($columnType, $value, $relation, $nullable, $defaultValue);
98			}
99
100			/**
101			* Build array argument value statement.
102			*
103			* @param string $columnType Table column type
104			* @param array $value Table column array value
105			* @param string $relation Table column relation to value
106			*
107			* @return string Array argument relation with value statement
108			*/
109			protected function buildArrayValue(string $columnType, array $value, string $relation = 'IN') : string
110			{
111			$relation = $relation === ArgumentInterface::NOT_EQUAL ? 'NOT IN' : 'IN';
112
113			return $this->isColumnNumeric($columnType)
114			? $this->buildNumericArrayValue($value, $relation)
115			: $this->buildStringArrayValue($value, $relation);
116			}
117
118			/**
119			* Define if table column type is numeric.
120			*
121			* @param string $columnType Table column type
122			*
123			* @return bool True if column type is numeric
124			*/
125			protected function isColumnNumeric(string $columnType) : bool
126			{
127			return in_array($columnType, self::NUMERIC_COLUMNS_TYPES, true);
128			}
129
130			/**
131			* Build array with numeric values statement.
132			*
133			* @param array $value Array with numeric values
134			* @param string $relation Table column relation to value
135			*
136			* @return string Array with numeric values statement
137			*/
138			protected function buildNumericArrayValue(array $value, string $relation) : string
139			{
140			return $relation . ' (' . implode(',', $value) . ')';
141			}
142
143			/**
144			* Build array string value statement.
145			*
146			* @param array $value Array with string values
147			* @param string $relation Table column relation to value
148			*
149			* @return string Array with string values statement
150			*/
151			protected function buildStringArrayValue(array $value, string $relation) : string
152			{
153			return $relation . ' ("' . implode('","', $value) . '")';
154			}
155
156			/**
157			* Build not array argument value statement.
158			*
159			* @param string $columnType Table column type
160			* @param mixed $value Table column value
161			* @param string $relation Table column relation to value
162			*
163			* @return string Not array argument relation with value statement
164			*/
165			protected function buildValue(
166			string $columnType,
167			$value,
168			string $relation,
169			bool $nullable = false,
170			$defaultValue = ''
171			) : string
172			{
			0 ignored issues – show Coding Style introduced 2016-10-04 18:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this The closing parenthesis and the opening brace of a multi-line function declaration must be on the same line Loading history...
173			// Append space to relation if present
174			$relation = strlen($relation) ? $relation . ' ' : '';
175
176			if ($this->isColumnNumeric($columnType)) {
177			return $relation . $this->buildNumericValue($value);
178			} elseif ($this->isColumnDate($columnType)) {
179			return $relation . $this->buildDateValue($value);
180			} elseif (is_string($value)) {
181			return $relation . $this->buildStringValue($value);
182			} elseif ($value === null) {
183			if ($nullable) {
184			return $relation . $this->buildNullValue();
185			} else {
186			return $relation . $defaultValue;
187			}
188			}
189
190			throw new \InvalidArgumentException('Cannot build column value ' . $value);
191			}
192
193			/**
194			* Build not array numeric value statement.
195			*
196			* @param mixed $value Numeric value
197			*
198			* @return string Not array numeric value statement
199			*/
200			protected function buildNumericValue($value) : string
201			{
202			return $value !== null ? (string)$value : '0';
203			}
204
205			/**
206			* Define if table column type is date.
207			*
208			* @param string $columnType Table column type
209			*
210			* @return bool True if column type is date
211			*/
212			protected function isColumnDate(string $columnType) : bool
213			{
214			return in_array($columnType, self::DATE_COLUMNS_TYPES, true);
215			}
216
217			/**
218			* Build not array date value statement.
219			*
220			* @param mixed $value Date value
221			*
222			* @return string Not array date value statement
223			*/
224			protected function buildDateValue($value) : string
225			{
226			return '"' . $value . '"';
227			}
228
229			/**
230			* Build not array string value statement.
231			*
232			* @param string $value String value
233			*
234			* @return string Not array string value statement
235			*/
236			protected function buildStringValue(string $value) : string
237			{
238			return '"' . $value . '"';
239			}
240
241			/**
242			* Build not array NULL value statement.
243			*
244			* @return string Not array string value statement
245			*/
246			protected function buildNullValue() : string
247			{
248			return 'NULL';
249			}
250
251			/**
252			* Build where statement.
253			*
254			* @param TableMetadata $metadata
255			* @param Condition $condition
256			*
257			* @return string Limitation statement
258			* @throws \InvalidArgumentException
259			*
260			*/
261			public function buildWhereStatement(TableMetadata $metadata, Condition $condition) : string
262			{
263			$conditions = [];
264
265			foreach ($condition as $argument) {
266			if ($argument instanceof ConditionInterface) {
267			$result = $this->buildWhereStatement($metadata, $argument);
268			} else {
269			$result = $this->buildArgumentCondition($argument, $metadata);
			0 ignored issues – show Security Bug introduced 2016-09-02 11:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$argument` defined by `$argument` on line `265` can also be of type `false`; however, `samsonframework\orm\SQLB...uildArgumentCondition()` does only seem to accept `object<samsonframework\orm\Argument>`, did you maybe forget to handle an error condition? This check looks for type mismatches where the missing type is `false`. This is usually indicative of an error condtion. Consider the follow example <?php function getDate($date) { if ($date !== null) { return new DateTime($date); } return false; } This function either returns a new `DateTime` object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returned `false` before passing on the value to another function or method that may not be able to handle a `false`. Loading history...
270			}
271			if (isset($result{0})) {
272			$conditions[] = $result;
273			}
274			}
275
276			if (count($conditions)) {
277			return '(' . implode(') ' . $condition->relation . ' (', $conditions) . ')';
278			} else { // If arguments is empty return empty where statement
279			return '';
280			}
281			}
282
283			/**
284			* Build argument condition.
285			*
286			* @param Argument $argument Condition argument
287			* @param TableMetadata $metadata Table metadata
288			*
289			* @return string Argument condition statement
290			* @throws \InvalidArgumentException If argument column does not exist
291			*/
292			protected function buildArgumentCondition(Argument $argument, TableMetadata $metadata)
293			{
294			switch ($argument->relation) {
295			case ArgumentInterface::OWN:
296			return $this->buildOwnCondition($argument->field);
297			case ArgumentInterface::ISNULL:
298			case ArgumentInterface::NOTNULL:
299			$columnName = $metadata->getTableColumnName($argument->field);
300			return $this->buildNullCondition($columnName, $argument->relation);
301			default:
302			$columnName = $metadata->getTableColumnName($argument->field);
303			return $this->buildCondition(
304			$columnName,
305			$this->buildArgumentValue(
306			$argument->value,
307			$metadata->getTableColumnType($columnName),
308			$argument->relation
309			)
310			);
311			}
312			}
313
314			/**
315			* Build own condition statement.
316			*
317			* @param string $ownCondition Condition statement
318			*
319			* @return string Own condition statement
320			*/
321			protected function buildOwnCondition(string $ownCondition) : string
322			{
323			return $this->buildCondition($ownCondition);
324			}
325
326			/**
327			* Build generic condition statement.
328			*
329			* @param string $columnName Table column name
330			* @param string $relation Table column value relation
331			* @param string $value Table column value
332			*
333			* @return string Generic condition statement
334			*/
335			protected function buildCondition(string $columnName, string $relation = '', string $value = '') : string
336			{
337			return trim($columnName . ' ' . $relation . ' ' . $value);
338			}
339
340			/**
341			* Build is null/not null condition statement.
342			*
343			* @param string $columnName Table column name
344			* @param string $nullRelation Table column null relation
345			*
346			* @return string Is null/not null condition statement
347			*/
348			protected function buildNullCondition(string $columnName, string $nullRelation) : string
349			{
350			return $this->buildCondition($columnName, $nullRelation);
351			}
352
353			/**
354			* Build insert statement.
355			*
356			* @param TableMetadata $tableMetadata Table metadata
357			* @param array $columnValues Collection of columnName => columnValue
358			*
359			* @return string Insert SQL statement
360			* @throws \InvalidArgumentException
361			*/
362			public function buildInsertStatement(TableMetadata $tableMetadata, array $columnValues) : string
363			{
364			$valuesSQL = [];
365			$columnNames = [];
366			foreach ($columnValues as $columnName => $columnValue) {
367			$columnNames[] = $columnName = $tableMetadata->getTableColumnName($columnName);
368			$valuesSQL[] = $this->buildArgumentValue(
369			$columnValue,
370			$tableMetadata->columnTypes[$columnName],
371			'',
372			$tableMetadata->columnNullable[$columnName],
373			$tableMetadata->columnDefaults[$columnName]
374			);
375			}
376
377			$sql = 'INSERT INTO `' . $tableMetadata->tableName . '` (`' . implode('`, `', $columnNames) . '`) ';
378			$sql .= 'VALUES (' . implode(', ', $valuesSQL) . ')';
379
380			return $sql;
381			}
382
383			/**
384			* Build selected fields SELECT statement part.
385			*
386			* @param array $tableColumns Tables and column names collection
387			*
388			* @return string SELECT statement
389			*/
390			public function buildSelectStatement(array $tableColumns) : string
391			{
392			return 'SELECT ' . implode(', ', $this->buildFullColumnNames($tableColumns));
393			}
394
395			/**
396			* Build full table column names collection.
397			*
398			* @param array $tableColumns Tables and column names collection
399			*
400			* @return array Collection of full column names for query
401			*/
402			protected function buildFullColumnNames(array $tableColumns) : array
403			{
404			$grouping = [];
405			foreach ($tableColumns as $tableName => $columnNames) {
406			/** @var array $columnNames */
407			foreach ($columnNames = is_array($columnNames) ? $columnNames : [$columnNames] as $columnName) {
408			$grouping[] = $this->buildFullColumnName($tableName, $columnName);
409			}
410			}
411
412			return $grouping;
413			}
414
415			/**
416			* Build FROM statement part.
417			*
418			* @param array $tableNames Tables and column names collection
419			*
420			* @return string FROM statement
421			*/
422			public function buildFromStatement(array $tableNames = []) : string
423			{
424			return 'FROM `' . implode('`, `', $tableNames) . '`';
425			}
426
427			/**
428			* Build grouping statement.
429			*
430			* @param array $tableColumns Tables and column names collection
431			*
432			* @return string Grouping statement
433			*/
434			public function buildGroupStatement(array $tableColumns) : string
435			{
436			return 'GROUP BY ' . implode(', ', $this->buildFullColumnNames($tableColumns));
437			}
438
439			/**
440			* Build ordering statement.
441			*
442			* @param array $tableColumns Tables and column names collection
443			* @param array $orders Collection of columns sorting order
444			*
445			* @return string Ordering statement
446			* @throws \InvalidArgumentException
447			*/
448			public function buildOrderStatement(array $tableColumns, array $orders) : string
449			{
450			$ordering = [];
451			$i = 0;
452			foreach ($this->buildFullColumnNames($tableColumns) as $columnName) {
453			$ordering[] = $columnName . ' ' . ($orders[$i++] ?? 'ASC');
454			}
455
456			return 'ORDER BY ' . implode(', ', $ordering);
457			}
458
459			/**
460			* Build limitation statement.
461			*
462			* @param int $rows Rows amount for limitation
463			* @param int $offset Rows offset
464			*
465			* @return string Limitation statement
466			*/
467			public function buildLimitStatement(int $rows, int $offset = 0) : string
468			{
469			return 'LIMIT ' . $offset . ', ' . $rows;
470			}
471			}
472

samsonframework / orm

Issues (72)

Security Analysis no request data

src/SQLBuilder.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like