1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62:
<?php
class PDOQuerier extends AbstractSQLQuerier
{
public function select($query, $parameters = array(), $fetch_mode = SelectQueryResult::FETCH_ASSOC)
{
$statement = $this->prepare_statement($query);
$this->execute($statement, $query, $parameters);
return new PDOSelectQueryResult($query, $parameters, $statement, $fetch_mode);
}
public function inject($query, $parameters = array())
{
$statement = $this->prepare_statement($query, $parameters);
$this->execute($statement, $query, $parameters);
return new PDOInjectQueryResult($query, $parameters, $statement, $this->link);
}
private function prepare_statement($query)
{
return $this->link->prepare($this->prepare($query));
}
private function execute(PDOStatement $statement, $query, array $parameters)
{
$keys_to_remove = array();
foreach (array_keys($parameters) as $key)
{
if (!preg_match('`:' . $key . '[^\w]|$`iu', $query))
{
$keys_to_remove[] = $key;
}
}
foreach ($keys_to_remove as $key)
{
unset($parameters[$key]);
}
$result = $statement->execute($parameters);
if ($result === false)
{
throw new PDOQuerierException('invalid inject request', $statement);
}
}
}
?>