|
|
@@ -585,7 +585,7 @@ include "root.php";
|
|
|
if (is_array($new_array)) {
|
|
|
foreach ($new_array as $schema_name => $schema_array) {
|
|
|
|
|
|
- $this->name = preg_replace('#[^a-zA-Z0-9_/]#', '', $schema_name);
|
|
|
+ $this->name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $schema_name);
|
|
|
if (is_array($schema_array)) {
|
|
|
foreach ($schema_array as $schema_id => $array) {
|
|
|
|
|
|
@@ -1005,7 +1005,7 @@ include "root.php";
|
|
|
}
|
|
|
//set the name
|
|
|
if (isset($array['name'])) {
|
|
|
- $this->name = preg_replace('#[^a-zA-Z0-9_/]#', '', $array['name']);
|
|
|
+ $this->name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $array['name']);
|
|
|
}
|
|
|
//set the uuid
|
|
|
if (isset($array['uuid'])) {
|
|
|
@@ -1139,7 +1139,7 @@ include "root.php";
|
|
|
$this->debug["sql"] = true;
|
|
|
|
|
|
//start the atomic transaction
|
|
|
- $this->db->beginTransaction();
|
|
|
+// $this->db->beginTransaction();
|
|
|
|
|
|
//debug info
|
|
|
//echo "<pre>\n";
|
|
|
@@ -1150,13 +1150,13 @@ include "root.php";
|
|
|
//loop through the array
|
|
|
if (is_array($new_array)) foreach ($new_array as $schema_name => $schema_array) {
|
|
|
|
|
|
- $this->name = preg_replace('#[^a-zA-Z0-9_/]#', '', $schema_name);
|
|
|
+ $this->name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $schema_name);
|
|
|
if (is_array($schema_array)) foreach ($schema_array as $schema_id => $array) {
|
|
|
|
|
|
//set the variables
|
|
|
$table_name = "v_".$this->name;
|
|
|
$parent_key_name = $this->singular($this->name)."_uuid";
|
|
|
- $parent_key_name = preg_replace('#[^a-zA-Z0-9_/]#', '', $parent_key_name);
|
|
|
+ $parent_key_name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $parent_key_name);
|
|
|
|
|
|
//if the uuid is set then set parent key exists and value
|
|
|
//determine if the parent_key_exists
|
|
|
@@ -1176,13 +1176,13 @@ include "root.php";
|
|
|
}
|
|
|
|
|
|
//allow characters found in the uuid only.
|
|
|
- $parent_key_value = preg_replace('#[^a-zA-Z0-9_/]#', '', $parent_key_value);
|
|
|
+ $parent_key_value = preg_replace('#[^a-zA-Z0-9_\-]#', '', $parent_key_value);
|
|
|
|
|
|
//get the parent field names
|
|
|
$parent_field_names = array();
|
|
|
if (is_array($array)) foreach ($array as $key => $value) {
|
|
|
if (!is_array($value)) {
|
|
|
- $parent_field_names[] = preg_replace('#[^a-zA-Z0-9_/]#', '', $key);
|
|
|
+ $parent_field_names[] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $key);
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -1234,7 +1234,7 @@ include "root.php";
|
|
|
//}
|
|
|
if (is_array($array)) foreach ($array as $array_key => $array_value) {
|
|
|
if (!is_array($array_value)) {
|
|
|
- $array_key = preg_replace('#[^a-zA-Z0-9_/]#', '', $array_key);
|
|
|
+ $array_key = preg_replace('#[^a-zA-Z0-9_\-]#', '', $array_key);
|
|
|
$sql .= $array_key.", ";
|
|
|
}
|
|
|
}
|
|
|
@@ -1253,8 +1253,9 @@ include "root.php";
|
|
|
$sql .= "now(), ";
|
|
|
}
|
|
|
else {
|
|
|
- $sql .= "'".check_str($array_value)."', ";
|
|
|
- //$sql .= ":".$array_key.", ";
|
|
|
+ //$sql .= "'".check_str($array_value)."', ";
|
|
|
+ $sql .= ':'.$array_key.", ";
|
|
|
+ $params[$array_key] = $array_value;
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
@@ -1262,24 +1263,12 @@ include "root.php";
|
|
|
$sql = str_replace(", )", ")", $sql);
|
|
|
|
|
|
$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
- //$prep_statement = $this->db->prepare($sql);
|
|
|
|
|
|
try {
|
|
|
- //bind the parameters key and values
|
|
|
- //if (is_array($array)) foreach ($array as $array_key => $array_value) {
|
|
|
- // if (!is_array($array_value)) {
|
|
|
- // if (strlen($array_value) == 0) {}
|
|
|
- // elseif ($array_value === "now()") {}
|
|
|
- // else {
|
|
|
- // $prep_statement->bindParam(':'.$array_key, $array_value);
|
|
|
- // $params[$array_key] = $array_value;
|
|
|
- // }
|
|
|
- // }
|
|
|
- //}
|
|
|
-
|
|
|
- $this->db->query(check_sql($sql));
|
|
|
- //$prep_statement->execute();
|
|
|
- //unset($prep_statement);
|
|
|
+ //$this->db->query(check_sql($sql));
|
|
|
+ $prep_statement = $this->db->prepare($sql);
|
|
|
+ $prep_statement->execute($params);
|
|
|
+ unset($prep_statement);
|
|
|
$message["message"] = "OK";
|
|
|
$message["code"] = "200";
|
|
|
$message["uuid"] = $parent_key_value;
|
|
|
@@ -1289,9 +1278,10 @@ include "root.php";
|
|
|
$message["details"][$m]["uuid"] = $parent_key_value;
|
|
|
if ($this->debug["sql"]) {
|
|
|
$message["details"][$m]["sql"] = $sql;
|
|
|
- //if (is_array($params)) {
|
|
|
- // $message["details"][$m]["params"] = $params;
|
|
|
- //}
|
|
|
+ if (is_array($params)) {
|
|
|
+ $message["details"][$m]["params"] = $params;
|
|
|
+ unset($params);
|
|
|
+ }
|
|
|
}
|
|
|
$this->message = $message;
|
|
|
$m++;
|
|
|
@@ -1302,11 +1292,13 @@ include "root.php";
|
|
|
$message["details"][$m]["name"] = $this->name;
|
|
|
$message["details"][$m]["message"] = $e->getMessage();
|
|
|
$message["details"][$m]["code"] = "400";
|
|
|
+ $message["details"][$m]["array"] = $array;
|
|
|
if ($this->debug["sql"]) {
|
|
|
$message["details"][$m]["sql"] = $sql;
|
|
|
- //if (is_array($params)) {
|
|
|
- // $message["details"][$m]["params"] = $params;
|
|
|
- //}
|
|
|
+ if (is_array($params)) {
|
|
|
+ $message["details"][$m]["params"] = $params;
|
|
|
+ unset($params);
|
|
|
+ }
|
|
|
}
|
|
|
//print_r($message);
|
|
|
$this->message = $message;
|
|
|
@@ -1333,7 +1325,7 @@ include "root.php";
|
|
|
if (is_array($array)) {
|
|
|
foreach ($array as $array_key => $array_value) {
|
|
|
if (!is_array($array_value) && $array_key != $parent_key_name) {
|
|
|
- $array_key = preg_replace('#[^a-zA-Z0-9_/]#', '', $array_key);
|
|
|
+ $array_key = preg_replace('#[^a-zA-Z0-9_\-]#', '', $array_key);
|
|
|
if (strlen($array_value) == 0) {
|
|
|
$sql .= $array_key." = null, ";
|
|
|
}
|
|
|
@@ -1341,7 +1333,9 @@ include "root.php";
|
|
|
$sql .= $array_key." = now(), ";
|
|
|
}
|
|
|
else {
|
|
|
- $sql .= $array_key." = '".check_str($array_value)."', ";
|
|
|
+ //$sql .= $array_key." = '".check_str($array_value)."', ";
|
|
|
+ $sql .= $array_key." = :".$array_key.", ";
|
|
|
+ $params[$array_key] = $array_value;
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
@@ -1350,7 +1344,9 @@ include "root.php";
|
|
|
$sql = str_replace(", WHERE", " WHERE", $sql);
|
|
|
$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
try {
|
|
|
- $this->db->query(check_sql($sql));
|
|
|
+ $prep_statement = $this->db->prepare($sql);
|
|
|
+ $prep_statement->execute($params);
|
|
|
+ //$this->db->query(check_sql($sql));
|
|
|
$message["message"] = "OK";
|
|
|
$message["code"] = "200";
|
|
|
$message["uuid"] = $parent_key_value;
|
|
|
@@ -1360,6 +1356,10 @@ include "root.php";
|
|
|
$message["details"][$m]["uuid"] = $parent_key_value;
|
|
|
if ($this->debug["sql"]) {
|
|
|
$message["details"][$m]["sql"] = $sql;
|
|
|
+ if (is_array($params)) {
|
|
|
+ $message["details"][$m]["params"] = $params;
|
|
|
+ unset($params);
|
|
|
+ }
|
|
|
}
|
|
|
$this->message = $message;
|
|
|
$m++;
|
|
|
@@ -1373,6 +1373,10 @@ include "root.php";
|
|
|
$message["details"][$m]["code"] = "400";
|
|
|
if ($this->debug["sql"]) {
|
|
|
$message["details"][$m]["sql"] = $sql;
|
|
|
+ if (is_array($params)) {
|
|
|
+ $message["details"][$m]["params"] = $params;
|
|
|
+ unset($params);
|
|
|
+ }
|
|
|
}
|
|
|
$this->message = $message;
|
|
|
$m++;
|
|
|
@@ -1396,11 +1400,11 @@ include "root.php";
|
|
|
|
|
|
if (is_array($value)) {
|
|
|
$table_name = "v_".$key;
|
|
|
- $table_name = preg_replace('#[^a-zA-Z0-9_/]#', '', $table_name);
|
|
|
+ $table_name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $table_name);
|
|
|
foreach ($value as $id => $row) {
|
|
|
//prepare the variables
|
|
|
$child_name = $this->singular($key);
|
|
|
- $child_name = preg_replace('#[^a-zA-Z0-9_/]#', '', $child_name);
|
|
|
+ $child_name = preg_replace('#[^a-zA-Z0-9_\-]#', '', $child_name);
|
|
|
$child_key_name = $child_name."_uuid";
|
|
|
|
|
|
//determine if the parent key exists in the child array
|
|
|
@@ -1425,13 +1429,13 @@ include "root.php";
|
|
|
}
|
|
|
|
|
|
//allow characters found in the uuid only.
|
|
|
- $child_key_value = preg_replace('#[^a-zA-Z0-9_/]#', '', $child_key_value);
|
|
|
+ $child_key_value = preg_replace('#[^a-zA-Z0-9_\-]#', '', $child_key_value);
|
|
|
|
|
|
//get the child field names
|
|
|
$child_field_names = array();
|
|
|
if (is_array($row)) foreach ($row as $k => $v) {
|
|
|
if (!is_array($v)) {
|
|
|
- $child_field_names[] = preg_replace('#[^a-zA-Z0-9_/]#', '', $k);
|
|
|
+ $child_field_names[] = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k);
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -1469,7 +1473,7 @@ include "root.php";
|
|
|
if (is_array($row)) {
|
|
|
foreach ($row as $k => $v) {
|
|
|
if (!is_array($v) && ($k != $parent_key_name || $k != $child_key_name)) {
|
|
|
- $k = preg_replace('#[^a-zA-Z0-9_/]#', '', $k);
|
|
|
+ $k = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k);
|
|
|
if (strlen($v) == 0) {
|
|
|
$sql .= $k." = null, ";
|
|
|
}
|
|
|
@@ -1477,7 +1481,9 @@ include "root.php";
|
|
|
$sql .= $k." = now(), ";
|
|
|
}
|
|
|
else {
|
|
|
- $sql .= "$k = '".check_str($v)."', ";
|
|
|
+ //$sql .= "$k = '".check_str($v)."', ";
|
|
|
+ $sql .= $array_key." = :".$array_key.", ";
|
|
|
+ $params[$array_key] = $array_value;
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
@@ -1490,13 +1496,19 @@ include "root.php";
|
|
|
//$prep_statement->bindParam(':domain_uuid', $_SESSION["domain_uuid"] );
|
|
|
|
|
|
try {
|
|
|
- $this->db->query(check_sql($sql));
|
|
|
+ //$this->db->query(check_sql($sql));
|
|
|
+ $prep_statement = $this->db->prepare($sql);
|
|
|
+ $prep_statement->execute($params);
|
|
|
$message["details"][$m]["name"] = $key;
|
|
|
$message["details"][$m]["message"] = "OK";
|
|
|
$message["details"][$m]["code"] = "200";
|
|
|
$message["details"][$m]["uuid"] = $child_key_value;
|
|
|
if ($this->debug["sql"]) {
|
|
|
$message["details"][$m]["sql"] = $sql;
|
|
|
+ if (is_array($params)) {
|
|
|
+ $message["details"][$m]["params"] = $params;
|
|
|
+ unset($params);
|
|
|
+ }
|
|
|
}
|
|
|
$this->message = $message;
|
|
|
$m++;
|
|
|
@@ -1511,6 +1523,10 @@ include "root.php";
|
|
|
$message["details"][$m]["code"] = "400";
|
|
|
if ($this->debug["sql"]) {
|
|
|
$message["details"][$m]["sql"] = $sql;
|
|
|
+ if (is_array($params)) {
|
|
|
+ $message["details"][$m]["params"] = $params;
|
|
|
+ unset($params);
|
|
|
+ }
|
|
|
}
|
|
|
$this->message = $message;
|
|
|
$m++;
|
|
|
@@ -1559,7 +1575,7 @@ include "root.php";
|
|
|
if (is_array($row)) {
|
|
|
foreach ($row as $k => $v) {
|
|
|
if (!is_array($v)) {
|
|
|
- $k = preg_replace('#[^a-zA-Z0-9_/]#', '', $k);
|
|
|
+ $k = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k);
|
|
|
$sql .= $k.", ";
|
|
|
}
|
|
|
}
|
|
|
@@ -1583,7 +1599,10 @@ include "root.php";
|
|
|
$sql .= "now(), ";
|
|
|
}
|
|
|
else {
|
|
|
- $sql .= "'".check_str($v)."', ";
|
|
|
+ $k = preg_replace('#[^a-zA-Z0-9_\-]#', '', $k);
|
|
|
+ //$sql .= "'".check_str($v)."', ";
|
|
|
+ $sql .= ':'.$k.", ";
|
|
|
+ $params[$k] = $v;
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
@@ -1592,13 +1611,20 @@ include "root.php";
|
|
|
$sql = str_replace(", )", ")", $sql);
|
|
|
$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
try {
|
|
|
- $this->db->query(check_sql($sql));
|
|
|
+ //$this->db->query(check_sql($sql));
|
|
|
+ $prep_statement = $this->db->prepare($sql);
|
|
|
+ $prep_statement->execute($params);
|
|
|
+ unset($prep_statement);
|
|
|
$message["details"][$m]["name"] = $key;
|
|
|
$message["details"][$m]["message"] = "OK";
|
|
|
$message["details"][$m]["code"] = "200";
|
|
|
$message["details"][$m]["uuid"] = $child_key_value;
|
|
|
if ($this->debug["sql"]) {
|
|
|
$message["details"][$m]["sql"] = $sql;
|
|
|
+ if (is_array($params)) {
|
|
|
+ $message["details"][$m]["params"] = $params;
|
|
|
+ unset($params);
|
|
|
+ }
|
|
|
}
|
|
|
$this->message = $message;
|
|
|
$m++;
|
|
|
@@ -1613,6 +1639,10 @@ include "root.php";
|
|
|
$message["details"][$m]["code"] = "400";
|
|
|
if ($this->debug["sql"]) {
|
|
|
$message["details"][$m]["sql"] = $sql;
|
|
|
+ if (is_array($params)) {
|
|
|
+ $message["details"][$m]["params"] = $params;
|
|
|
+ unset($params);
|
|
|
+ }
|
|
|
}
|
|
|
$this->message = $message;
|
|
|
$m++;
|
|
|
@@ -1655,7 +1685,7 @@ include "root.php";
|
|
|
$this->message = $message;
|
|
|
|
|
|
//commit the atomic transaction
|
|
|
- $this->db->commit();
|
|
|
+// $this->db->commit();
|
|
|
|
|
|
//get the UUIDs
|
|
|
$user_uuid = $_SESSION['user_uuid'];
|
FusionPBX