Fixed bug #13104: SQL parser cannot parse escaped single quote in INSERT statement
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_sqlparser.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2004-2009 Kasper Skaarhoj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * TYPO3 SQL parser
29 *
30 * $Id$
31 *
32 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
33 */
34 /**
35 * [CLASS/FUNCTION INDEX of SCRIPT]
36 *
37 *
38 *
39 * 107: class t3lib_sqlparser
40 *
41 * SECTION: SQL Parsing, full queries
42 * 129: function parseSQL($parseString)
43 * 192: function parseSELECT($parseString)
44 * 261: function parseUPDATE($parseString)
45 * 315: function parseINSERT($parseString)
46 * 375: function parseDELETE($parseString)
47 * 413: function parseEXPLAIN($parseString)
48 * 435: function parseCREATETABLE($parseString)
49 * 514: function parseALTERTABLE($parseString)
50 * 583: function parseDROPTABLE($parseString)
51 * 616: function parseCREATEDATABASE($parseString)
52 *
53 * SECTION: SQL Parsing, helper functions for parts of queries
54 * 670: function parseFieldList(&$parseString, $stopRegex='')
55 * 791: function parseFromTables(&$parseString, $stopRegex='')
56 * 882: function parseWhereClause(&$parseString, $stopRegex='')
57 * 990: function parseFieldDef(&$parseString, $stopRegex='')
58 *
59 * SECTION: Parsing: Helper functions
60 * 1053: function nextPart(&$parseString,$regex,$trimAll=FALSE)
61 * 1068: function getValue(&$parseString,$comparator='')
62 * 1127: function getValueInQuotes(&$parseString,$quote)
63 * 1153: function parseStripslashes($str)
64 * 1167: function compileAddslashes($str)
65 * 1182: function parseError($msg,$restQuery)
66 * 1196: function trimSQL($str)
67 *
68 * SECTION: Compiling queries
69 * 1225: function compileSQL($components)
70 * 1263: function compileSELECT($components)
71 * 1294: function compileUPDATE($components)
72 * 1322: function compileINSERT($components)
73 * 1362: function compileDELETE($components)
74 * 1382: function compileCREATETABLE($components)
75 * 1415: function compileALTERTABLE($components)
76 *
77 * SECTION: Compiling queries, helper functions for parts of queries
78 * 1468: function compileFieldList($selectFields)
79 * 1510: function compileFromTables($tablesArray)
80 * 1551: function compileWhereClause($clauseArray)
81 * 1605: function compileFieldCfg($fieldCfg)
82 *
83 * SECTION: Debugging
84 * 1654: function debug_parseSQLpart($part,$str)
85 * 1679: function debug_parseSQLpartCompare($str,$newStr,$caseInsensitive=FALSE)
86 * 1712: function debug_testSQL($SQLquery)
87 *
88 * TOTAL FUNCTIONS: 35
89 * (This index is automatically created/updated by the extension "extdeveval")
90 *
91 */
92
93
94
95
96
97
98
99
100 /**
101 * TYPO3 SQL parser class.
102 *
103 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
104 * @package TYPO3
105 * @subpackage t3lib
106 */
107 class t3lib_sqlparser {
108
109 // Parser:
110 var $parse_error = ''; // Parsing error string
111 var $lastStopKeyWord = ''; // Last stop keyword used.
112
113
114
115
116 /*************************************
117 *
118 * SQL Parsing, full queries
119 *
120 **************************************/
121
122 /**
123 * Parses any single SQL query
124 *
125 * @param string SQL query
126 * @return array Result array with all the parts in - or error message string
127 * @see compileSQL(), debug_testSQL()
128 */
129 public function parseSQL($parseString) {
130 // Prepare variables:
131 $parseString = $this->trimSQL($parseString);
132 $this->parse_error = '';
133 $result = array();
134
135 // Finding starting keyword of string:
136 $_parseString = $parseString; // Protecting original string...
137 $keyword = $this->nextPart($_parseString, '^(SELECT|UPDATE|INSERT[[:space:]]+INTO|DELETE[[:space:]]+FROM|EXPLAIN|DROP[[:space:]]+TABLE|CREATE[[:space:]]+TABLE|CREATE[[:space:]]+DATABASE|ALTER[[:space:]]+TABLE)[[:space:]]+');
138 $keyword = strtoupper(str_replace(array(' ',"\t","\r","\n"),'',$keyword));
139
140 switch($keyword) {
141 case 'SELECT':
142 // Parsing SELECT query:
143 $result = $this->parseSELECT($parseString);
144 break;
145 case 'UPDATE':
146 // Parsing UPDATE query:
147 $result = $this->parseUPDATE($parseString);
148 break;
149 case 'INSERTINTO':
150 // Parsing INSERT query:
151 $result = $this->parseINSERT($parseString);
152 break;
153 case 'DELETEFROM':
154 // Parsing DELETE query:
155 $result = $this->parseDELETE($parseString);
156 break;
157 case 'EXPLAIN':
158 // Parsing EXPLAIN SELECT query:
159 $result = $this->parseEXPLAIN($parseString);
160 break;
161 case 'DROPTABLE':
162 // Parsing DROP TABLE query:
163 $result = $this->parseDROPTABLE($parseString);
164 break;
165 case 'ALTERTABLE':
166 // Parsing ALTER TABLE query:
167 $result = $this->parseALTERTABLE($parseString);
168 break;
169 case 'CREATETABLE':
170 // Parsing CREATE TABLE query:
171 $result = $this->parseCREATETABLE($parseString);
172 break;
173 case 'CREATEDATABASE':
174 // Parsing CREATE DATABASE query:
175 $result = $this->parseCREATEDATABASE($parseString);
176 break;
177 default:
178 $result = $this->parseError('"'.$keyword.'" is not a keyword',$parseString);
179 break;
180 }
181
182 return $result;
183 }
184
185 /**
186 * Parsing SELECT query
187 *
188 * @param string SQL string with SELECT query to parse
189 * @return mixed Returns array with components of SELECT query on success, otherwise an error message string.
190 * @see compileSELECT()
191 */
192 protected function parseSELECT($parseString) {
193
194 // Removing SELECT:
195 $parseString = $this->trimSQL($parseString);
196 $parseString = ltrim(substr($parseString,6));
197
198 // Init output variable:
199 $result = array();
200 $result['type'] = 'SELECT';
201
202 // Looking for STRAIGHT_JOIN keyword:
203 $result['STRAIGHT_JOIN'] = $this->nextPart($parseString, '^(STRAIGHT_JOIN)[[:space:]]+');
204
205 // Select fields:
206 $result['SELECT'] = $this->parseFieldList($parseString, '^(FROM)[[:space:]]+');
207 if ($this->parse_error) { return $this->parse_error; }
208
209 // Continue if string is not ended:
210 if ($parseString) {
211
212 // Get table list:
213 $result['FROM'] = $this->parseFromTables($parseString, '^(WHERE)[[:space:]]+');
214 if ($this->parse_error) { return $this->parse_error; }
215
216 // If there are more than just the tables (a WHERE clause that would be...)
217 if ($parseString) {
218
219 // Get WHERE clause:
220 $result['WHERE'] = $this->parseWhereClause($parseString, '^(GROUP[[:space:]]+BY|ORDER[[:space:]]+BY|LIMIT)[[:space:]]+');
221 if ($this->parse_error) { return $this->parse_error; }
222
223 // If the WHERE clause parsing was stopped by GROUP BY, ORDER BY or LIMIT, then proceed with parsing:
224 if ($this->lastStopKeyWord) {
225
226 // GROUP BY parsing:
227 if ($this->lastStopKeyWord == 'GROUPBY') {
228 $result['GROUPBY'] = $this->parseFieldList($parseString, '^(ORDER[[:space:]]+BY|LIMIT)[[:space:]]+');
229 if ($this->parse_error) { return $this->parse_error; }
230 }
231
232 // ORDER BY parsing:
233 if ($this->lastStopKeyWord == 'ORDERBY') {
234 $result['ORDERBY'] = $this->parseFieldList($parseString, '^(LIMIT)[[:space:]]+');
235 if ($this->parse_error) { return $this->parse_error; }
236 }
237
238 // LIMIT parsing:
239 if ($this->lastStopKeyWord == 'LIMIT') {
240 if (preg_match('/^([0-9]+|[0-9]+[[:space:]]*,[[:space:]]*[0-9]+)$/',trim($parseString))) {
241 $result['LIMIT'] = $parseString;
242 } else {
243 return $this->parseError('No value for limit!',$parseString);
244 }
245 }
246 }
247 }
248 } else return $this->parseError('No table to select from!',$parseString);
249
250 // Store current parseString in the result array for possible further processing (e.g., subquery support by DBAL)
251 $result['parseString'] = $parseString;
252
253 // Return result:
254 return $result;
255 }
256
257 /**
258 * Parsing UPDATE query
259 *
260 * @param string SQL string with UPDATE query to parse
261 * @return mixed Returns array with components of UPDATE query on success, otherwise an error message string.
262 * @see compileUPDATE()
263 */
264 protected function parseUPDATE($parseString) {
265
266 // Removing UPDATE
267 $parseString = $this->trimSQL($parseString);
268 $parseString = ltrim(substr($parseString,6));
269
270 // Init output variable:
271 $result = array();
272 $result['type'] = 'UPDATE';
273
274 // Get table:
275 $result['TABLE'] = $this->nextPart($parseString, '^([[:alnum:]_]+)[[:space:]]+');
276
277 // Continue if string is not ended:
278 if ($result['TABLE']) {
279 if ($parseString && $this->nextPart($parseString, '^(SET)[[:space:]]+')) {
280
281 $comma = TRUE;
282
283 // Get field/value pairs:
284 while($comma) {
285 if ($fieldName = $this->nextPart($parseString,'^([[:alnum:]_]+)[[:space:]]*=')) {
286 $this->nextPart($parseString,'^(=)'); // Strip of "=" sign.
287 $value = $this->getValue($parseString);
288 $result['FIELDS'][$fieldName] = $value;
289 } else return $this->parseError('No fieldname found',$parseString);
290
291 $comma = $this->nextPart($parseString,'^(,)');
292 }
293
294 // WHERE
295 if ($this->nextPart($parseString,'^(WHERE)')) {
296 $result['WHERE'] = $this->parseWhereClause($parseString);
297 if ($this->parse_error) { return $this->parse_error; }
298 }
299 } else return $this->parseError('Query missing SET...',$parseString);
300 } else return $this->parseError('No table found!',$parseString);
301
302 // Should be no more content now:
303 if ($parseString) {
304 return $this->parseError('Still content in clause after parsing!',$parseString);
305 }
306
307 // Return result:
308 return $result;
309 }
310
311 /**
312 * Parsing INSERT query
313 *
314 * @param string SQL string with INSERT query to parse
315 * @return mixed Returns array with components of INSERT query on success, otherwise an error message string.
316 * @see compileINSERT()
317 */
318 protected function parseINSERT($parseString) {
319
320 // Removing INSERT
321 $parseString = $this->trimSQL($parseString);
322 $parseString = ltrim(substr(ltrim(substr($parseString,6)),4));
323
324 // Init output variable:
325 $result = array();
326 $result['type'] = 'INSERT';
327
328 // Get table:
329 $result['TABLE'] = $this->nextPart($parseString, '^([[:alnum:]_]+)([[:space:]]+|\()');
330
331 if ($result['TABLE']) {
332
333 if ($this->nextPart($parseString,'^(VALUES)[[:space:]]+')) { // In this case there are no field names mentioned in the SQL!
334 // Get values/fieldnames (depending...)
335 $result['VALUES_ONLY'] = $this->getValue($parseString,'IN');
336 if ($this->parse_error) { return $this->parse_error; }
337 } else { // There are apparently fieldnames listed:
338 $fieldNames = $this->getValue($parseString,'_LIST');
339 if ($this->parse_error) { return $this->parse_error; }
340
341 if ($this->nextPart($parseString,'^(VALUES)[[:space:]]+')) { // "VALUES" keyword binds the fieldnames to values:
342
343 $values = $this->getValue($parseString,'IN'); // Using the "getValue" function to get the field list...
344 if ($this->parse_error) { return $this->parse_error; }
345
346 foreach($fieldNames as $k => $fN) {
347 if (preg_match('/^[[:alnum:]_]+$/',$fN)) {
348 if (isset($values[$k])) {
349 if (!isset($result['FIELDS'][$fN])) {
350 $result['FIELDS'][$fN] = $values[$k];
351 } else return $this->parseError('Fieldname ("'.$fN.'") already found in list!',$parseString);
352 } else return $this->parseError('No value set!',$parseString);
353 } else return $this->parseError('Invalid fieldname ("'.$fN.'")',$parseString);
354 }
355 if (isset($values[$k+1])) {
356 return $this->parseError('Too many values in list!',$parseString);
357 }
358 } else return $this->parseError('VALUES keyword expected',$parseString);
359 }
360 } else return $this->parseError('No table found!',$parseString);
361
362 // Should be no more content now:
363 if ($parseString) {
364 return $this->parseError('Still content after parsing!',$parseString);
365 }
366
367 // Return result
368 return $result;
369 }
370
371 /**
372 * Parsing DELETE query
373 *
374 * @param string SQL string with DELETE query to parse
375 * @return mixed Returns array with components of DELETE query on success, otherwise an error message string.
376 * @see compileDELETE()
377 */
378 protected function parseDELETE($parseString) {
379
380 // Removing DELETE
381 $parseString = $this->trimSQL($parseString);
382 $parseString = ltrim(substr(ltrim(substr($parseString,6)),4));
383
384 // Init output variable:
385 $result = array();
386 $result['type'] = 'DELETE';
387
388 // Get table:
389 $result['TABLE'] = $this->nextPart($parseString, '^([[:alnum:]_]+)[[:space:]]+');
390
391 if ($result['TABLE']) {
392
393 // WHERE
394 if ($this->nextPart($parseString,'^(WHERE)')) {
395 $result['WHERE'] = $this->parseWhereClause($parseString);
396 if ($this->parse_error) { return $this->parse_error; }
397 }
398 } else return $this->parseError('No table found!',$parseString);
399
400 // Should be no more content now:
401 if ($parseString) {
402 return $this->parseError('Still content in clause after parsing!',$parseString);
403 }
404
405 // Return result:
406 return $result;
407 }
408
409 /**
410 * Parsing EXPLAIN query
411 *
412 * @param string SQL string with EXPLAIN query to parse
413 * @return mixed Returns array with components of EXPLAIN query on success, otherwise an error message string.
414 * @see parseSELECT()
415 */
416 protected function parseEXPLAIN($parseString) {
417
418 // Removing EXPLAIN
419 $parseString = $this->trimSQL($parseString);
420 $parseString = ltrim(substr($parseString,6));
421
422 // Init output variable:
423 $result = $this->parseSELECT($parseString);
424 if (is_array($result)) {
425 $result['type'] = 'EXPLAIN';
426 }
427
428 return $result;
429 }
430
431 /**
432 * Parsing CREATE TABLE query
433 *
434 * @param string SQL string starting with CREATE TABLE
435 * @return mixed Returns array with components of CREATE TABLE query on success, otherwise an error message string.
436 * @see compileCREATETABLE()
437 */
438 protected function parseCREATETABLE($parseString) {
439
440 // Removing CREATE TABLE
441 $parseString = $this->trimSQL($parseString);
442 $parseString = ltrim(substr(ltrim(substr($parseString,6)),5));
443
444 // Init output variable:
445 $result = array();
446 $result['type'] = 'CREATETABLE';
447
448 // Get table:
449 $result['TABLE'] = $this->nextPart($parseString, '^([[:alnum:]_]+)[[:space:]]*\(',TRUE);
450
451 if ($result['TABLE']) {
452
453 // While the parseString is not yet empty:
454 while(strlen($parseString)>0) {
455 if ($key = $this->nextPart($parseString, '^(KEY|PRIMARY KEY|UNIQUE KEY|UNIQUE)([[:space:]]+|\()')) { // Getting key
456 $key = strtoupper(str_replace(array(' ',"\t","\r","\n"),'',$key));
457
458 switch($key) {
459 case 'PRIMARYKEY':
460 $result['KEYS']['PRIMARYKEY'] = $this->getValue($parseString,'_LIST');
461 if ($this->parse_error) { return $this->parse_error; }
462 break;
463 case 'UNIQUE':
464 case 'UNIQUEKEY':
465 if ($keyName = $this->nextPart($parseString, '^([[:alnum:]_]+)([[:space:]]+|\()')) {
466 $result['KEYS']['UNIQUE'] = array($keyName => $this->getValue($parseString,'_LIST'));
467 if ($this->parse_error) { return $this->parse_error; }
468 } else return $this->parseError('No keyname found',$parseString);
469 break;
470 case 'KEY':
471 if ($keyName = $this->nextPart($parseString, '^([[:alnum:]_]+)([[:space:]]+|\()')) {
472 $result['KEYS'][$keyName] = $this->getValue($parseString, '_LIST', 'INDEX');
473 if ($this->parse_error) { return $this->parse_error; }
474 } else return $this->parseError('No keyname found',$parseString);
475 break;
476 }
477 } elseif ($fieldName = $this->nextPart($parseString, '^([[:alnum:]_]+)[[:space:]]+')) { // Getting field:
478 $result['FIELDS'][$fieldName]['definition'] = $this->parseFieldDef($parseString);
479 if ($this->parse_error) { return $this->parse_error; }
480 }
481
482 // Finding delimiter:
483 $delim = $this->nextPart($parseString, '^(,|\))');
484 if (!$delim) {
485 return $this->parseError('No delimiter found',$parseString);
486 } elseif ($delim==')') {
487 break;
488 }
489 }
490
491 // Finding what is after the table definition - table type in MySQL
492 if ($delim==')') {
493 if ($this->nextPart($parseString, '^((ENGINE|TYPE)[[:space:]]*=)')) {
494 $result['tableType'] = $parseString;
495 $parseString = '';
496 }
497 } else return $this->parseError('No fieldname found!',$parseString);
498
499 // Getting table type
500 } else return $this->parseError('No table found!',$parseString);
501
502 // Should be no more content now:
503 if ($parseString) {
504 return $this->parseError('Still content in clause after parsing!',$parseString);
505 }
506
507 return $result;
508 }
509
510 /**
511 * Parsing ALTER TABLE query
512 *
513 * @param string SQL string starting with ALTER TABLE
514 * @return mixed Returns array with components of ALTER TABLE query on success, otherwise an error message string.
515 * @see compileALTERTABLE()
516 */
517 protected function parseALTERTABLE($parseString) {
518
519 // Removing ALTER TABLE
520 $parseString = $this->trimSQL($parseString);
521 $parseString = ltrim(substr(ltrim(substr($parseString,5)),5));
522
523 // Init output variable:
524 $result = array();
525 $result['type'] = 'ALTERTABLE';
526
527 // Get table:
528 $result['TABLE'] = $this->nextPart($parseString, '^([[:alnum:]_]+)[[:space:]]+');
529
530 if ($result['TABLE']) {
531 if ($result['action'] = $this->nextPart($parseString, '^(CHANGE|DROP[[:space:]]+KEY|DROP[[:space:]]+PRIMARY[[:space:]]+KEY|ADD[[:space:]]+KEY|ADD[[:space:]]+PRIMARY[[:space:]]+KEY|DROP|ADD|RENAME)([[:space:]]+|\()')) {
532 $actionKey = strtoupper(str_replace(array(' ',"\t","\r","\n"),'',$result['action']));
533
534 // Getting field:
535 if (t3lib_div::inList('ADDPRIMARYKEY,DROPPRIMARYKEY',$actionKey) || $fieldKey = $this->nextPart($parseString, '^([[:alnum:]_]+)[[:space:]]+')) {
536
537 switch($actionKey) {
538 case 'ADD':
539 $result['FIELD'] = $fieldKey;
540 $result['definition'] = $this->parseFieldDef($parseString);
541 if ($this->parse_error) { return $this->parse_error; }
542 break;
543 case 'DROP':
544 case 'RENAME':
545 $result['FIELD'] = $fieldKey;
546 break;
547 case 'CHANGE':
548 $result['FIELD'] = $fieldKey;
549 if ($result['newField'] = $this->nextPart($parseString, '^([[:alnum:]_]+)[[:space:]]+')) {
550 $result['definition'] = $this->parseFieldDef($parseString);
551 if ($this->parse_error) { return $this->parse_error; }
552 } else return $this->parseError('No NEW field name found',$parseString);
553 break;
554
555 case 'ADDKEY':
556 case 'ADDPRIMARYKEY':
557 $result['KEY'] = $fieldKey;
558 $result['fields'] = $this->getValue($parseString,'_LIST');
559 if ($this->parse_error) { return $this->parse_error; }
560 break;
561 case 'DROPKEY':
562 $result['KEY'] = $fieldKey;
563 break;
564 case 'DROPPRIMARYKEY':
565 // ??? todo!
566 break;
567 }
568 } else return $this->parseError('No field name found',$parseString);
569 } else return $this->parseError('No action CHANGE, DROP or ADD found!',$parseString);
570 } else return $this->parseError('No table found!',$parseString);
571
572 // Should be no more content now:
573 if ($parseString) {
574 return $this->parseError('Still content in clause after parsing!',$parseString);
575 }
576
577 return $result;
578 }
579
580 /**
581 * Parsing DROP TABLE query
582 *
583 * @param string SQL string starting with DROP TABLE
584 * @return mixed Returns array with components of DROP TABLE query on success, otherwise an error message string.
585 */
586 protected function parseDROPTABLE($parseString) {
587
588 // Removing DROP TABLE
589 $parseString = $this->trimSQL($parseString);
590 $parseString = ltrim(substr(ltrim(substr($parseString,4)),5));
591
592 // Init output variable:
593 $result = array();
594 $result['type'] = 'DROPTABLE';
595
596 // IF EXISTS
597 $result['ifExists'] = $this->nextPart($parseString, '^(IF[[:space:]]+EXISTS[[:space:]]+)');
598
599 // Get table:
600 $result['TABLE'] = $this->nextPart($parseString, '^([[:alnum:]_]+)[[:space:]]+');
601
602 if ($result['TABLE']) {
603
604 // Should be no more content now:
605 if ($parseString) {
606 return $this->parseError('Still content in clause after parsing!',$parseString);
607 }
608
609 return $result;
610 } else return $this->parseError('No table found!',$parseString);
611 }
612
613 /**
614 * Parsing CREATE DATABASE query
615 *
616 * @param string SQL string starting with CREATE DATABASE
617 * @return mixed Returns array with components of CREATE DATABASE query on success, otherwise an error message string.
618 */
619 protected function parseCREATEDATABASE($parseString) {
620
621 // Removing CREATE DATABASE
622 $parseString = $this->trimSQL($parseString);
623 $parseString = ltrim(substr(ltrim(substr($parseString,6)),8));
624
625 // Init output variable:
626 $result = array();
627 $result['type'] = 'CREATEDATABASE';
628
629 // Get table:
630 $result['DATABASE'] = $this->nextPart($parseString, '^([[:alnum:]_]+)[[:space:]]+');
631
632 if ($result['DATABASE']) {
633
634 // Should be no more content now:
635 if ($parseString) {
636 return $this->parseError('Still content in clause after parsing!',$parseString);
637 }
638
639 return $result;
640 } else return $this->parseError('No database found!',$parseString);
641 }
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657 /**************************************
658 *
659 * SQL Parsing, helper functions for parts of queries
660 *
661 **************************************/
662
663 /**
664 * Parsing the fields in the "SELECT [$selectFields] FROM" part of a query into an array.
665 * The output from this function can be compiled back into a field list with ->compileFieldList()
666 * Will detect the keywords "DESC" and "ASC" after the table name; thus is can be used for parsing the more simply ORDER BY and GROUP BY field lists as well!
667 *
668 * @param string The string with fieldnames, eg. "title, uid AS myUid, max(tstamp), count(*)" etc. NOTICE: passed by reference!
669 * @param string Regular expressing to STOP parsing, eg. '^(FROM)([[:space:]]*)'
670 * @return array If successful parsing, returns an array, otherwise an error string.
671 * @see compileFieldList()
672 */
673 public function parseFieldList(&$parseString, $stopRegex = '') {
674
675 $stack = array(); // Contains the parsed content
676
677 if(strlen($parseString)==0) return $stack; // FIXME - should never happen, why does it?
678
679 $pnt = 0; // Pointer to positions in $stack
680 $level = 0; // Indicates the parenthesis level we are at.
681 $loopExit = 0; // Recursivity brake.
682
683 // Prepare variables:
684 $parseString = $this->trimSQL($parseString);
685 $this->lastStopKeyWord = '';
686 $this->parse_error = '';
687
688 // Parse any SQL hint / comments
689 $stack[$pnt]['comments'] = $this->nextPart($parseString, '^(\/\*.*\*\/)');
690
691 // $parseString is continously shortend by the process and we keep parsing it till it is zero:
692 while (strlen($parseString)) {
693
694 // Checking if we are inside / outside parenthesis (in case of a function like count(), max(), min() etc...):
695 if ($level>0) { // Inside parenthesis here (does NOT detect if values in quotes are used, the only token is ")" or "("):
696
697 // Accumulate function content until next () parenthesis:
698 $funcContent = $this->nextPart($parseString,'^([^()]*.)');
699 $stack[$pnt]['func_content.'][] = array(
700 'level' => $level,
701 'func_content' => substr($funcContent,0,-1)
702 );
703 $stack[$pnt]['func_content'].= $funcContent;
704
705 // Detecting ( or )
706 switch(substr($stack[$pnt]['func_content'],-1)) {
707 case '(':
708 $level++;
709 break;
710 case ')':
711 $level--;
712 if (!$level) { // If this was the last parenthesis:
713 $stack[$pnt]['func_content'] = substr($stack[$pnt]['func_content'],0,-1);
714 $parseString = ltrim($parseString); // Remove any whitespace after the parenthesis.
715 }
716 break;
717 }
718 } else { // Outside parenthesis, looking for next field:
719
720 // Looking for a known function (only known functions supported)
721 $func = $this->nextPart($parseString,'^(count|max|min|floor|sum|avg)[[:space:]]*\(');
722 if ($func) {
723 $parseString = trim(substr($parseString,1)); // Strip of "("
724 $stack[$pnt]['type'] = 'function';
725 $stack[$pnt]['function'] = $func;
726 $level++; // increse parenthesis level counter.
727 } else {
728 $stack[$pnt]['distinct'] = $this->nextPart($parseString,'^(distinct[[:space:]]+)');
729 // Otherwise, look for regular fieldname:
730 if ($fieldName = $this->nextPart($parseString,'^([[:alnum:]\*._]+)(,|[[:space:]]+)')) {
731 $stack[$pnt]['type'] = 'field';
732
733 // Explode fieldname into field and table:
734 $tableField = explode('.',$fieldName,2);
735 if (count($tableField)==2) {
736 $stack[$pnt]['table'] = $tableField[0];
737 $stack[$pnt]['field'] = $tableField[1];
738 } else {
739 $stack[$pnt]['table'] = '';
740 $stack[$pnt]['field'] = $tableField[0];
741 }
742 } else {
743 return $this->parseError('No field name found as expected in parseFieldList()',$parseString);
744 }
745 }
746 }
747
748 // After a function or field we look for "AS" alias and a comma to separate to the next field in the list:
749 if (!$level) {
750
751 // Looking for "AS" alias:
752 if ($as = $this->nextPart($parseString,'^(AS)[[:space:]]+')) {
753 $stack[$pnt]['as'] = $this->nextPart($parseString,'^([[:alnum:]_]+)(,|[[:space:]]+)');
754 $stack[$pnt]['as_keyword'] = $as;
755 }
756
757 // Looking for "ASC" or "DESC" keywords (for ORDER BY)
758 if ($sDir = $this->nextPart($parseString,'^(ASC|DESC)([[:space:]]+|,)')) {
759 $stack[$pnt]['sortDir'] = $sDir;
760 }
761
762 // Looking for stop-keywords:
763 if ($stopRegex && $this->lastStopKeyWord = $this->nextPart($parseString, $stopRegex)) {
764 $this->lastStopKeyWord = strtoupper(str_replace(array(' ',"\t","\r","\n"),'',$this->lastStopKeyWord));
765 return $stack;
766 }
767
768 // Looking for comma (since the stop-keyword did not trigger a return...)
769 if (strlen($parseString) && !$this->nextPart($parseString,'^(,)')) {
770 return $this->parseError('No comma found as expected in parseFieldList()',$parseString);
771 }
772
773 // Increasing pointer:
774 $pnt++;
775 }
776
777 // Check recursivity brake:
778 $loopExit++;
779 if ($loopExit>500) {
780 return $this->parseError('More than 500 loops, exiting prematurely in parseFieldList()...',$parseString);
781 }
782 }
783
784 // Return result array:
785 return $stack;
786 }
787
788 /**
789 * Parsing the tablenames in the "FROM [$parseString] WHERE" part of a query into an array.
790 * The success of this parsing determines if that part of the query is supported by TYPO3.
791 *
792 * @param string list of tables, eg. "pages, tt_content" or "pages A, pages B". NOTICE: passed by reference!
793 * @param string Regular expressing to STOP parsing, eg. '^(WHERE)([[:space:]]*)'
794 * @return array If successful parsing, returns an array, otherwise an error string.
795 * @see compileFromTables()
796 */
797 public function parseFromTables(&$parseString, $stopRegex = '') {
798
799 // Prepare variables:
800 $parseString = $this->trimSQL($parseString);
801 $this->lastStopKeyWord = '';
802 $this->parse_error = '';
803
804 $stack = array(); // Contains the parsed content
805 $pnt = 0; // Pointer to positions in $stack
806 $loopExit = 0; // Recursivity brake.
807
808 // $parseString is continously shortend by the process and we keep parsing it till it is zero:
809 while (strlen($parseString)) {
810 // Looking for the table:
811 if ($stack[$pnt]['table'] = $this->nextPart($parseString,'^([[:alnum:]_]+)(,|[[:space:]]+)')) {
812 // Looking for stop-keywords before fetching potential table alias:
813 if ($stopRegex && ($this->lastStopKeyWord = $this->nextPart($parseString, $stopRegex))) {
814 $this->lastStopKeyWord = strtoupper(str_replace(array(' ',"\t","\r","\n"), '', $this->lastStopKeyWord));
815 return $stack;
816 }
817 if (!preg_match('/^(LEFT|RIGHT|JOIN|INNER)[[:space:]]+/i', $parseString)) {
818 $stack[$pnt]['as_keyword'] = $this->nextPart($parseString,'^(AS[[:space:]]+)');
819 $stack[$pnt]['as'] = $this->nextPart($parseString,'^([[:alnum:]_]+)[[:space:]]*');
820 }
821 } else return $this->parseError('No table name found as expected in parseFromTables()!', $parseString);
822
823 // Looking for JOIN
824 $joinCnt = 0;
825 while ($join = $this->nextPart($parseString,'^(LEFT[[:space:]]+JOIN|LEFT[[:space:]]+OUTER[[:space:]]+JOIN|RIGHT[[:space:]]+JOIN|RIGHT[[:space:]]+OUTER[[:space:]]+JOIN|INNER[[:space:]]+JOIN|JOIN)[[:space:]]+')) {
826 $stack[$pnt]['JOIN'][$joinCnt]['type'] = $join;
827 if ($stack[$pnt]['JOIN'][$joinCnt]['withTable'] = $this->nextPart($parseString, '^([[:alnum:]_]+)[[:space:]]+', 1)) {
828 if (!preg_match('/^ON[[:space:]]+/i', $parseString)) {
829 $stack[$pnt]['JOIN'][$joinCnt]['as_keyword'] = $this->nextPart($parseString, '^(AS[[:space:]]+)');
830 $stack[$pnt]['JOIN'][$joinCnt]['as'] = $this->nextPart($parseString, '^([[:alnum:]_]+)[[:space:]]+');
831 }
832 if (!$this->nextPart($parseString, '^(ON[[:space:]]+)')) {
833 return $this->parseError('No join condition found in parseFromTables()!', $parseString);
834 }
835 $field1 = $this->nextPart($parseString,'^([[:alnum:]_.]+)[[:space:]]*=[[:space:]]*', 1);
836 $field2 = $this->nextPart($parseString,'^([[:alnum:]_.]+)[[:space:]]+');
837 if ($field1 && $field2) {
838
839 // Explode fields into field and table:
840 $tableField = explode('.', $field1, 2);
841 $field1 = array();
842 if (count($tableField) != 2) {
843 $field1['table'] = '';
844 $field1['field'] = $tableField[0];
845 } else {
846 $field1['table'] = $tableField[0];
847 $field1['field'] = $tableField[1];
848 }
849 $tableField = explode('.', $field2, 2);
850 $field2 = array();
851 if (count($tableField) != 2) {
852 $field2['table'] = '';
853 $field2['field'] = $tableField[0];
854 } else {
855 $field2['table'] = $tableField[0];
856 $field2['field'] = $tableField[1];
857 }
858 $stack[$pnt]['JOIN'][$joinCnt]['ON'] = array($field1, $field2);
859 $joinCnt++;
860 } else return $this->parseError('No join fields found in parseFromTables()!', $parseString);
861 } else return $this->parseError('No join table found in parseFromTables()!', $parseString);
862 }
863
864 // Looking for stop-keywords:
865 if ($stopRegex && $this->lastStopKeyWord = $this->nextPart($parseString, $stopRegex)) {
866 $this->lastStopKeyWord = strtoupper(str_replace(array(' ',"\t","\r","\n"), '', $this->lastStopKeyWord));
867 return $stack;
868 }
869
870 // Looking for comma:
871 if (strlen($parseString) && !$this->nextPart($parseString, '^(,)')) {
872 return $this->parseError('No comma found as expected in parseFromTables()', $parseString);
873 }
874
875 // Increasing pointer:
876 $pnt++;
877
878 // Check recursivity brake:
879 $loopExit++;
880 if ($loopExit > 500) {
881 return $this->parseError('More than 500 loops, exiting prematurely in parseFromTables()...', $parseString);
882 }
883 }
884
885 // Return result array:
886 return $stack;
887 }
888
889 /**
890 * Parsing the WHERE clause fields in the "WHERE [$parseString] ..." part of a query into a multidimensional array.
891 * The success of this parsing determines if that part of the query is supported by TYPO3.
892 *
893 * @param string WHERE clause to parse. NOTICE: passed by reference!
894 * @param string Regular expressing to STOP parsing, eg. '^(GROUP BY|ORDER BY|LIMIT)([[:space:]]*)'
895 * @return mixed If successful parsing, returns an array, otherwise an error string.
896 */
897 public function parseWhereClause(&$parseString, $stopRegex = '') {
898
899 // Prepare variables:
900 $parseString = $this->trimSQL($parseString);
901 $this->lastStopKeyWord = '';
902 $this->parse_error = '';
903
904 $stack = array(0 => array()); // Contains the parsed content
905 $pnt = array(0 => 0); // Pointer to positions in $stack
906 $level = 0; // Determines parenthesis level
907 $loopExit = 0; // Recursivity brake.
908
909 // $parseString is continously shortend by the process and we keep parsing it till it is zero:
910 while (strlen($parseString)) {
911
912 // Look for next parenthesis level:
913 $newLevel = $this->nextPart($parseString,'^([(])');
914 if ($newLevel == '(') { // If new level is started, manage stack/pointers:
915 $level++; // Increase level
916 $pnt[$level] = 0; // Reset pointer for this level
917 $stack[$level] = array(); // Reset stack for this level
918 } else { // If no new level is started, just parse the current level:
919
920 // Find "modifier", eg. "NOT or !"
921 $stack[$level][$pnt[$level]]['modifier'] = trim($this->nextPart($parseString, '^(!|NOT[[:space:]]+)'));
922
923 // See if condition is EXISTS with a subquery
924 if (preg_match('/^EXISTS[[:space:]]*[(]/', $parseString)) {
925 $stack[$level][$pnt[$level]]['func']['type'] = $this->nextPart($parseString, '^(EXISTS)');
926 $this->nextPart($parseString, '^([(])');
927 $stack[$level][$pnt[$level]]['func']['subquery'] = $this->parseSELECT($parseString);
928 // Seek to new position in parseString after parsing of the subquery
929 $parseString = $stack[$level][$pnt[$level]]['func']['subquery']['parseString'];
930 unset($stack[$level][$pnt[$level]]['func']['subquery']['parseString']);
931 if (!$this->nextPart($parseString, '^([)])')) {
932 return 'No ) parenthesis at end of subquery';
933 }
934 } else {
935
936 // Support calculated value only for:
937 // - "&" (boolean AND)
938 // - "+" (addition)
939 // - "-" (substraction)
940 // - "*" (multiplication)
941 // - "/" (division)
942 // - "%" (modulo)
943 $calcOperators = '&|\+|-|\*|\/|%';
944
945 // Fieldname:
946 if ($fieldName = $this->nextPart($parseString, '^([[:alnum:]._]+)([[:space:]]+|' . $calcOperators . '|<=|>=|<|>|=|!=|IS)')) {
947
948 // Parse field name into field and table:
949 $tableField = explode('.', $fieldName, 2);
950 if (count($tableField) == 2) {
951 $stack[$level][$pnt[$level]]['table'] = $tableField[0];
952 $stack[$level][$pnt[$level]]['field'] = $tableField[1];
953 } else {
954 $stack[$level][$pnt[$level]]['table'] = '';
955 $stack[$level][$pnt[$level]]['field'] = $tableField[0];
956 }
957 } else {
958 return $this->parseError('No field name found as expected in parseWhereClause()', $parseString);
959 }
960
961 // See if the value is calculated:
962 $stack[$level][$pnt[$level]]['calc'] = $this->nextPart($parseString, '^(' . $calcOperators . ')');
963 if (strlen($stack[$level][$pnt[$level]]['calc'])) {
964 // Finding value for calculation:
965 $calc_value = $this->getValue($parseString);
966 $stack[$level][$pnt[$level]]['calc_value'] = $calc_value;
967 if (count($calc_value) == 1 && is_string($calc_value[0])) {
968 // Value is a field, store it to allow DBAL to post-process it (quoting, remapping)
969 $tableField = explode('.', $calc_value[0], 2);
970 if (count($tableField) == 2) {
971 $stack[$level][$pnt[$level]]['calc_table'] = $tableField[0];
972 $stack[$level][$pnt[$level]]['calc_field'] = $tableField[1];
973 } else {
974 $stack[$level][$pnt[$level]]['calc_table'] = '';
975 $stack[$level][$pnt[$level]]['calc_field'] = $tableField[0];
976 }
977 }
978 }
979
980 // Find "comparator":
981 $stack[$level][$pnt[$level]]['comparator'] = $this->nextPart($parseString, '^(<=|>=|<|>|=|!=|NOT[[:space:]]+IN|IN|NOT[[:space:]]+LIKE|LIKE|IS[[:space:]]+NOT|IS)');
982 if (strlen($stack[$level][$pnt[$level]]['comparator'])) {
983 if (preg_match('/^CONCAT[[:space:]]*\(/', $parseString)) {
984 $this->nextPart($parseString, '^(CONCAT[[:space:]]?[(])');
985 $values = array(
986 'operator' => 'CONCAT',
987 'args' => array(),
988 );
989 $cnt = 0;
990 while ($fieldName = $this->nextPart($parseString, '^([[:alnum:]._]+)')) {
991 // Parse field name into field and table:
992 $tableField = explode('.', $fieldName, 2);
993 if (count($tableField) == 2) {
994 $values['args'][$cnt]['table'] = $tableField[0];
995 $values['args'][$cnt]['field'] = $tableField[1];
996 } else {
997 $values['args'][$cnt]['table'] = '';
998 $values['args'][$cnt]['field'] = $tableField[0];
999 }
1000 // Looking for comma:
1001 $this->nextPart($parseString, '^(,)');
1002 $cnt++;
1003 }
1004 // Look for ending parenthesis:
1005 $this->nextPart($parseString, '([)])');
1006 $stack[$level][$pnt[$level]]['value'] = $values;
1007 } else if (t3lib_div::inList('IN,NOT IN', $stack[$level][$pnt[$level]]['comparator']) && preg_match('/^[(][[:space:]]*SELECT[[:space:]]+/', $parseString)) {
1008 $this->nextPart($parseString, '^([(])');
1009 $stack[$level][$pnt[$level]]['subquery'] = $this->parseSELECT($parseString);
1010 // Seek to new position in parseString after parsing of the subquery
1011 $parseString = $stack[$level][$pnt[$level]]['subquery']['parseString'];
1012 unset($stack[$level][$pnt[$level]]['subquery']['parseString']);
1013 if (!$this->nextPart($parseString, '^([)])')) {
1014 return 'No ) parenthesis at end of subquery';
1015 }
1016 } else {
1017 // Finding value for comparator:
1018 $stack[$level][$pnt[$level]]['value'] = $this->getValue($parseString, $stack[$level][$pnt[$level]]['comparator']);
1019 if ($this->parse_error) {
1020 return $this->parse_error;
1021 }
1022 }
1023 }
1024 }
1025
1026 // Finished, increase pointer:
1027 $pnt[$level]++;
1028
1029 // Checking if we are back to level 0 and we should still decrease level,
1030 // meaning we were probably parsing as subquery and should return here:
1031 if ($level === 0 && preg_match('/^[)]/', $parseString)) {
1032 // Return the stacks lowest level:
1033 return $stack[0];
1034 }
1035
1036 // Checking if we are back to level 0 and we should still decrease level,
1037 // meaning we were probably parsing a subquery and should return here:
1038 if ($level === 0 && preg_match('/^[)]/', $parseString)) {
1039 // Return the stacks lowest level:
1040 return $stack[0];
1041 }
1042
1043 // Checking if the current level is ended, in that case do stack management:
1044 while ($this->nextPart($parseString,'^([)])')) {
1045 $level--; // Decrease level:
1046 $stack[$level][$pnt[$level]]['sub'] = $stack[$level+1]; // Copy stack
1047 $pnt[$level]++; // Increase pointer of the new level
1048
1049 // Make recursivity check:
1050 $loopExit++;
1051 if ($loopExit > 500) {
1052 return $this->parseError('More than 500 loops (in search for exit parenthesis), exiting prematurely in parseWhereClause()...', $parseString);
1053 }
1054 }
1055
1056 // Detecting the operator for the next level:
1057 $op = $this->nextPart($parseString, '^(AND[[:space:]]+NOT|&&[[:space:]]+NOT|OR[[:space:]]+NOT|OR[[:space:]]+NOT|\|\|[[:space:]]+NOT|AND|&&|OR|\|\|)(\(|[[:space:]]+)');
1058 if ($op) {
1059 // Normalize boolean operator
1060 $op = str_replace(array('&&', '||'), array('AND', 'OR'), $op);
1061 $stack[$level][$pnt[$level]]['operator'] = $op;
1062 } elseif (strlen($parseString)) {
1063
1064 // Looking for stop-keywords:
1065 if ($stopRegex && $this->lastStopKeyWord = $this->nextPart($parseString, $stopRegex)) {
1066 $this->lastStopKeyWord = strtoupper(str_replace(array(' ',"\t","\r","\n"), '', $this->lastStopKeyWord));
1067 return $stack[0];
1068 } else {
1069 return $this->parseError('No operator, but parsing not finished in parseWhereClause().', $parseString);
1070 }
1071 }
1072 }
1073
1074 // Make recursivity check:
1075 $loopExit++;
1076 if ($loopExit > 500) {
1077 return $this->parseError('More than 500 loops, exiting prematurely in parseWhereClause()...', $parseString);
1078 }
1079 }
1080
1081 // Return the stacks lowest level:
1082 return $stack[0];
1083 }
1084
1085 /**
1086 * Parsing the WHERE clause fields in the "WHERE [$parseString] ..." part of a query into a multidimensional array.
1087 * The success of this parsing determines if that part of the query is supported by TYPO3.
1088 *
1089 * @param string WHERE clause to parse. NOTICE: passed by reference!
1090 * @param string Regular expressing to STOP parsing, eg. '^(GROUP BY|ORDER BY|LIMIT)([[:space:]]*)'
1091 * @return mixed If successful parsing, returns an array, otherwise an error string.
1092 */
1093 public function parseFieldDef(&$parseString, $stopRegex = '') {
1094 // Prepare variables:
1095 $parseString = $this->trimSQL($parseString);
1096 $this->lastStopKeyWord = '';
1097 $this->parse_error = '';
1098
1099 $result = array();
1100
1101 // Field type:
1102 if ($result['fieldType'] = $this->nextPart($parseString,'^(int|smallint|tinyint|mediumint|bigint|double|numeric|decimal|float|varchar|char|text|tinytext|mediumtext|longtext|blob|tinyblob|mediumblob|longblob)([[:space:],]+|\()')) {
1103
1104 // Looking for value:
1105 if (substr($parseString,0,1)=='(') {
1106 $parseString = substr($parseString,1);
1107 if ($result['value'] = $this->nextPart($parseString,'^([^)]*)')) {
1108 $parseString = ltrim(substr($parseString,1));
1109 } else return $this->parseError('No end-parenthesis for value found in parseFieldDef()!',$parseString);
1110 }
1111
1112 // Looking for keywords
1113 while($keyword = $this->nextPart($parseString,'^(DEFAULT|NOT[[:space:]]+NULL|AUTO_INCREMENT|UNSIGNED)([[:space:]]+|,|\))')) {
1114 $keywordCmp = strtoupper(str_replace(array(' ',"\t","\r","\n"),'',$keyword));
1115
1116 $result['featureIndex'][$keywordCmp]['keyword'] = $keyword;
1117
1118 switch($keywordCmp) {
1119 case 'DEFAULT':
1120 $result['featureIndex'][$keywordCmp]['value'] = $this->getValue($parseString);
1121 break;
1122 }
1123 }
1124 } else {
1125 return $this->parseError('Field type unknown in parseFieldDef()!',$parseString);
1126 }
1127
1128 return $result;
1129 }
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141 /************************************
1142 *
1143 * Parsing: Helper functions
1144 *
1145 ************************************/
1146
1147 /**
1148 * Strips off a part of the parseString and returns the matching part.
1149 * Helper function for the parsing methods.
1150 *
1151 * @param string Parse string; if $regex finds anything the value of the first () level will be stripped of the string in the beginning. Further $parseString is left-trimmed (on success). Notice; parsestring is passed by reference.
1152 * @param string Regex to find a matching part in the beginning of the string. Rules: You MUST start the regex with "^" (finding stuff in the beginning of string) and the result of the first parenthesis is what will be returned to you (and stripped of the string). Eg. '^(AND|OR|&&)[[:space:]]+' will return AND, OR or && if found and having one of more whitespaces after it, plus shorten $parseString with that match and any space after (by ltrim())
1153 * @param boolean If set the full match of the regex is stripped of the beginning of the string!
1154 * @return string The value of the first parenthesis level of the REGEX.
1155 */
1156 protected function nextPart(&$parseString, $regex, $trimAll = FALSE) {
1157 $reg = array();
1158 if (preg_match('/'.$regex.'/i',$parseString.' ', $reg)) { // Adding space char because [[:space:]]+ is often a requirement in regex's
1159 $parseString = ltrim(substr($parseString,strlen($reg[$trimAll?0:1])));
1160 return $reg[1];
1161 }
1162 }
1163
1164 /**
1165 * Finds value in beginning of $parseString, returns result and strips it of parseString
1166 *
1167 * @param string The parseString, eg. "(0,1,2,3) ..." or "('asdf','qwer') ..." or "1234 ..." or "'My string value here' ..."
1168 * @param string The comparator used before. If "NOT IN" or "IN" then the value is expected to be a list of values. Otherwise just an integer (un-quoted) or string (quoted)
1169 * @param string The mode, eg. "INDEX"
1170 * @return mixed The value (string/integer). Otherwise an array with error message in first key (0)
1171 */
1172 protected function getValue(&$parseString, $comparator = '', $mode = '') {
1173 $value = '';
1174
1175 if (t3lib_div::inList('NOTIN,IN,_LIST',strtoupper(str_replace(array(' ',"\n","\r","\t"),'',$comparator)))) { // List of values:
1176 if ($this->nextPart($parseString,'^([(])')) {
1177 $listValues = array();
1178 $comma=',';
1179
1180 while($comma==',') {
1181 $listValues[] = $this->getValue($parseString);
1182 if ($mode === 'INDEX') {
1183 // Remove any length restriction on INDEX definition
1184 $this->nextPart($parseString, '^([(]\d+[)])');
1185 }
1186 $comma = $this->nextPart($parseString,'^([,])');
1187 }
1188
1189 $out = $this->nextPart($parseString,'^([)])');
1190 if ($out) {
1191 if ($comparator=='_LIST') {
1192 $kVals = array();
1193 foreach ($listValues as $vArr) {
1194 $kVals[] = $vArr[0];
1195 }
1196 return $kVals;
1197 } else {
1198 return $listValues;
1199 }
1200 } else return array($this->parseError('No ) parenthesis in list',$parseString));
1201 } else return array($this->parseError('No ( parenthesis starting the list',$parseString));
1202
1203 } else { // Just plain string value, in quotes or not:
1204
1205 // Quote?
1206 $firstChar = substr($parseString,0,1);
1207 switch($firstChar) {
1208 case '"':
1209 $value = array($this->getValueInQuotes($parseString,'"'),'"');
1210 break;
1211 case "'":
1212 $value = array($this->getValueInQuotes($parseString,"'"),"'");
1213 break;
1214 default:
1215 $reg = array();
1216 if (preg_match('/^([[:alnum:]._-]+)/i',$parseString, $reg)) {
1217 $parseString = ltrim(substr($parseString,strlen($reg[0])));
1218 $value = array($reg[1]);
1219 }
1220 break;
1221 }
1222 }
1223 return $value;
1224 }
1225
1226 /**
1227 * Get value in quotes from $parseString.
1228 * NOTICE: If a query being parsed was prepared for another database than MySQL this function should probably be changed
1229 *
1230 * @param string String from which to find value in quotes. Notice that $parseString is passed by reference and is shortend by the output of this function.
1231 * @param string The quote used; input either " or '
1232 * @return string The value, passed through stripslashes() !
1233 */
1234 protected function getValueInQuotes(&$parseString, $quote) {
1235
1236 $parts = explode($quote,substr($parseString,1));
1237 $buffer = '';
1238 foreach($parts as $k => $v) {
1239 $buffer.=$v;
1240
1241 $reg = array();
1242 preg_match('/\\\\$/', $v, $reg);
1243 if ($reg AND strlen($reg[0])%2) {
1244 $buffer.=$quote;
1245 } else {
1246 $parseString = ltrim(substr($parseString,strlen($buffer)+2));
1247 return $this->parseStripslashes($buffer);
1248 }
1249 }
1250 }
1251
1252 /**
1253 * Strip slashes function used for parsing
1254 * NOTICE: If a query being parsed was prepared for another database than MySQL this function should probably be changed
1255 *
1256 * @param string Input string
1257 * @return string Output string
1258 */
1259 protected function parseStripslashes($str) {
1260 $search = array('\\\\', '\\\'', '\\"', '\0', '\n', '\r', '\Z');
1261 $replace = array('\\', '\'', '"', "\x00", "\x0a", "\x0d", "\x1a");
1262
1263 return str_replace($search, $replace, $str);
1264 }
1265
1266 /**
1267 * Add slashes function used for compiling queries
1268 * NOTICE: If a query being parsed was prepared for another database than MySQL this function should probably be changed
1269 *
1270 * @param string Input string
1271 * @return string Output string
1272 */
1273 protected function compileAddslashes($str) {
1274 $search = array('\\', '\'', '"', "\x00", "\x0a", "\x0d", "\x1a");
1275 $replace = array('\\\\', '\\\'', '\\"', '\0', '\n', '\r', '\Z');
1276
1277 return str_replace($search, $replace, $str);
1278 }
1279
1280 /**
1281 * Setting the internal error message value, $this->parse_error and returns that value.
1282 *
1283 * @param string Input error message
1284 * @param string Remaining query to parse.
1285 * @return string Error message.
1286 */
1287 protected function parseError($msg, $restQuery) {
1288 $this->parse_error = 'SQL engine parse ERROR: '.$msg.': near "'.substr($restQuery,0,50).'"';
1289 return $this->parse_error;
1290 }
1291
1292 /**
1293 * Trimming SQL as preparation for parsing.
1294 * ";" in the end is stripped of.
1295 * White space is trimmed away around the value
1296 * A single space-char is added in the end
1297 *
1298 * @param string Input string
1299 * @return string Output string
1300 */
1301 protected function trimSQL($str) {
1302 return trim(rtrim($str, "; \r\n\t")).' ';
1303 }
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316 /*************************
1317 *
1318 * Compiling queries
1319 *
1320 *************************/
1321
1322 /**
1323 * Compiles an SQL query from components
1324 *
1325 * @param array Array of SQL query components
1326 * @return string SQL query
1327 * @see parseSQL()
1328 */
1329 public function compileSQL($components) {
1330 switch($components['type']) {
1331 case 'SELECT':
1332 $query = $this->compileSELECT($components);
1333 break;
1334 case 'UPDATE':
1335 $query = $this->compileUPDATE($components);
1336 break;
1337 case 'INSERT':
1338 $query = $this->compileINSERT($components);
1339 break;
1340 case 'DELETE':
1341 $query = $this->compileDELETE($components);
1342 break;
1343 case 'EXPLAIN':
1344 $query = 'EXPLAIN '.$this->compileSELECT($components);
1345 break;
1346 case 'DROPTABLE':
1347 $query = 'DROP TABLE'.($components['ifExists']?' IF EXISTS':'').' '.$components['TABLE'];
1348 break;
1349 case 'CREATETABLE':
1350 $query = $this->compileCREATETABLE($components);
1351 break;
1352 case 'ALTERTABLE':
1353 $query = $this->compileALTERTABLE($components);
1354 break;
1355 }
1356
1357 return $query;
1358 }
1359
1360 /**
1361 * Compiles a SELECT statement from components array
1362 *
1363 * @param array Array of SQL query components
1364 * @return string SQL SELECT query
1365 * @see parseSELECT()
1366 */
1367 protected function compileSELECT($components) {
1368
1369 // Initialize:
1370 $where = $this->compileWhereClause($components['WHERE']);
1371 $groupBy = $this->compileFieldList($components['GROUPBY']);
1372 $orderBy = $this->compileFieldList($components['ORDERBY']);
1373 $limit = $components['LIMIT'];
1374
1375 // Make query:
1376 $query = 'SELECT '.($components['STRAIGHT_JOIN'] ? $components['STRAIGHT_JOIN'].'' : '').'
1377 '.$this->compileFieldList($components['SELECT']).'
1378 FROM '.$this->compileFromTables($components['FROM']).
1379 (strlen($where)?'
1380 WHERE '.$where : '').
1381 (strlen($groupBy)?'
1382 GROUP BY '.$groupBy : '').
1383 (strlen($orderBy)?'
1384 ORDER BY '.$orderBy : '').
1385 (strlen($limit)?'
1386 LIMIT '.$limit : '');
1387
1388 return $query;
1389 }
1390
1391 /**
1392 * Compiles an UPDATE statement from components array
1393 *
1394 * @param array Array of SQL query components
1395 * @return string SQL UPDATE query
1396 * @see parseUPDATE()
1397 */
1398 protected function compileUPDATE($components) {
1399
1400 // Where clause:
1401 $where = $this->compileWhereClause($components['WHERE']);
1402
1403 // Fields
1404 $fields = array();
1405 foreach($components['FIELDS'] as $fN => $fV) {
1406 $fields[]=$fN.'='.$fV[1].$this->compileAddslashes($fV[0]).$fV[1];
1407 }
1408
1409 // Make query:
1410 $query = 'UPDATE '.$components['TABLE'].' SET
1411 '.implode(',
1412 ',$fields).'
1413 '.(strlen($where)?'
1414 WHERE '.$where : '');
1415
1416 return $query;
1417 }
1418
1419 /**
1420 * Compiles an INSERT statement from components array
1421 *
1422 * @param array Array of SQL query components
1423 * @return string SQL INSERT query
1424 * @see parseINSERT()
1425 */
1426 protected function compileINSERT($components) {
1427
1428 if ($components['VALUES_ONLY']) {
1429 // Initialize:
1430 $fields = array();
1431 foreach($components['VALUES_ONLY'] as $fV) {
1432 $fields[]=$fV[1].$this->compileAddslashes($fV[0]).$fV[1];
1433 }
1434
1435 // Make query:
1436 $query = 'INSERT INTO '.$components['TABLE'].'
1437 VALUES
1438 ('.implode(',
1439 ',$fields).')';
1440 } else {
1441 // Initialize:
1442 $fields = array();
1443 foreach($components['FIELDS'] as $fN => $fV) {
1444 $fields[$fN]=$fV[1].$this->compileAddslashes($fV[0]).$fV[1];
1445 }
1446
1447 // Make query:
1448 $query = 'INSERT INTO '.$components['TABLE'].'
1449 ('.implode(',
1450 ',array_keys($fields)).')
1451 VALUES
1452 ('.implode(',
1453 ',$fields).')';
1454 }
1455
1456 return $query;
1457 }
1458
1459 /**
1460 * Compiles an DELETE statement from components array
1461 *
1462 * @param array Array of SQL query components
1463 * @return string SQL DELETE query
1464 * @see parseDELETE()
1465 */
1466 protected function compileDELETE($components) {
1467
1468 // Where clause:
1469 $where = $this->compileWhereClause($components['WHERE']);
1470
1471 // Make query:
1472 $query = 'DELETE FROM '.$components['TABLE'].
1473 (strlen($where)?'
1474 WHERE '.$where : '');
1475
1476 return $query;
1477 }
1478
1479 /**
1480 * Compiles a CREATE TABLE statement from components array
1481 *
1482 * @param array Array of SQL query components
1483 * @return string SQL CREATE TABLE query
1484 * @see parseCREATETABLE()
1485 */
1486 protected function compileCREATETABLE($components) {
1487
1488 // Create fields and keys:
1489 $fieldsKeys = array();
1490 foreach($components['FIELDS'] as $fN => $fCfg) {
1491 $fieldsKeys[]=$fN.' '.$this->compileFieldCfg($fCfg['definition']);
1492 }
1493 foreach($components['KEYS'] as $kN => $kCfg) {
1494 if ($kN == 'PRIMARYKEY') {
1495 $fieldsKeys[]='PRIMARY KEY ('.implode(',', $kCfg).')';
1496 } elseif ($kN == 'UNIQUE') {
1497 $fieldsKeys[]='UNIQUE '.$kN.' ('.implode(',', $kCfg).')';
1498 } else {
1499 $fieldsKeys[]='KEY '.$kN.' ('.implode(',', $kCfg).')';
1500 }
1501 }
1502
1503 // Make query:
1504 $query = 'CREATE TABLE '.$components['TABLE'].' (
1505 '.implode(',
1506 ', $fieldsKeys).'
1507 )'.($components['tableType'] ? ' TYPE='.$components['tableType'] : '');
1508
1509 return $query;
1510 }
1511
1512 /**
1513 * Compiles an ALTER TABLE statement from components array
1514 *
1515 * @param array Array of SQL query components
1516 * @return string SQL ALTER TABLE query
1517 * @see parseALTERTABLE()
1518 */
1519 protected function compileALTERTABLE($components) {
1520
1521 // Make query:
1522 $query = 'ALTER TABLE '.$components['TABLE'].' '.$components['action'].' '.($components['FIELD']?$components['FIELD']:$components['KEY']);
1523
1524 // Based on action, add the final part:
1525 switch(strtoupper(str_replace(array(' ',"\t","\r","\n"),'',$components['action']))) {
1526 case 'ADD':
1527 $query.=' '.$this->compileFieldCfg($components['definition']);
1528 break;
1529 case 'CHANGE':
1530 $query.=' '.$components['newField'].' '.$this->compileFieldCfg($components['definition']);
1531 break;
1532 case 'DROP':
1533 case 'DROPKEY':
1534 break;
1535 case 'ADDKEY':
1536 case 'ADDPRIMARYKEY':
1537 $query.=' ('.implode(',',$components['fields']).')';
1538 break;
1539 }
1540
1541 // Return query
1542 return $query;
1543 }
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558 /**************************************
1559 *
1560 * Compiling queries, helper functions for parts of queries
1561 *
1562 **************************************/
1563
1564 /**
1565 * Compiles a "SELECT [output] FROM..:" field list based on input array (made with ->parseFieldList())
1566 * Can also compile field lists for ORDER BY and GROUP BY.
1567 *
1568 * @param array Array of select fields, (made with ->parseFieldList())
1569 * @param boolean Whether comments should be compiled
1570 * @return string Select field string
1571 * @see parseFieldList()
1572 */
1573 public function compileFieldList($selectFields, $compileComments = TRUE) {
1574
1575 // Prepare buffer variable:
1576 $fields = '';
1577
1578 // Traverse the selectFields if any:
1579 if (is_array($selectFields)) {
1580 $outputParts = array();
1581 foreach($selectFields as $k => $v) {
1582
1583 // Detecting type:
1584 switch($v['type']) {
1585 case 'function':
1586 $outputParts[$k] = $v['function'].'('.$v['func_content'].')';
1587 break;
1588 case 'field':
1589 $outputParts[$k] = ($v['distinct']?$v['distinct']:'').($v['table']?$v['table'].'.':'').$v['field'];
1590 break;
1591 }
1592
1593 // Alias:
1594 if ($v['as']) {
1595 $outputParts[$k].= ' '.$v['as_keyword'].' '.$v['as'];
1596 }
1597
1598 // Specifically for ORDER BY and GROUP BY field lists:
1599 if ($v['sortDir']) {
1600 $outputParts[$k].= ' '.$v['sortDir'];
1601 }
1602 }
1603 if ($compileComments && $selectFields[0]['comments']) {
1604 $fields = $selectFields[0]['comments'] . ' ';
1605 }
1606 $fields .= implode(', ', $outputParts);
1607 }
1608
1609 return $fields;
1610 }
1611
1612 /**
1613 * Compiles a "FROM [output] WHERE..:" table list based on input array (made with ->parseFromTables())
1614 *
1615 * @param array Array of table names, (made with ->parseFromTables())
1616 * @return string Table name string
1617 * @see parseFromTables()
1618 */
1619 public function compileFromTables($tablesArray) {
1620
1621 // Prepare buffer variable:
1622 $outputParts = array();
1623
1624 // Traverse the table names:
1625 if (is_array($tablesArray)) {
1626 foreach ($tablesArray as $k => $v) {
1627
1628 // Set table name:
1629 $outputParts[$k] = $v['table'];
1630
1631 // Add alias AS if there:
1632 if ($v['as']) {
1633 $outputParts[$k] .= ' ' . $v['as_keyword'] . ' ' . $v['as'];
1634 }
1635
1636 if (is_array($v['JOIN'])) {
1637 foreach ($v['JOIN'] as $join) {
1638 $outputParts[$k] .= ' ' . $join['type'] . ' ' . $join['withTable'];
1639 // Add alias AS if there:
1640 if (isset($join['as']) && $join['as']) {
1641 $outputParts[$k] .= ' ' . $join['as_keyword'] . ' ' . $join['as'];
1642 }
1643 $outputParts[$k] .= ' ON ';
1644 $outputParts[$k] .= ($join['ON'][0]['table']) ? $join['ON'][0]['table'] . '.' : '';
1645 $outputParts[$k] .= $join['ON'][0]['field'];
1646 $outputParts[$k] .= '=';
1647 $outputParts[$k] .= ($join['ON'][1]['table']) ? $join['ON'][1]['table'] . '.' : '';
1648 $outputParts[$k] .= $join['ON'][1]['field'];
1649 }
1650 }
1651 }
1652 }
1653
1654 // Return imploded buffer:
1655 return implode(', ', $outputParts);
1656 }
1657
1658 /**
1659 * Implodes an array of WHERE clause configuration into a WHERE clause.
1660 *
1661 * @param array WHERE clause configuration
1662 * @return string WHERE clause as string.
1663 * @see explodeWhereClause()
1664 */
1665 public function compileWhereClause($clauseArray) {
1666
1667 // Prepare buffer variable:
1668 $output = '';
1669
1670 // Traverse clause array:
1671 if (is_array($clauseArray)) {
1672 foreach ($clauseArray as $k => $v) {
1673
1674 // Set operator:
1675 $output .= $v['operator'] ? ' ' . $v['operator'] : '';
1676
1677 // Look for sublevel:
1678 if (is_array($v['sub'])) {
1679 $output .= ' (' . trim($this->compileWhereClause($v['sub'])) . ')';
1680 } elseif (isset($v['func'])) {
1681 $output .= ' ' . trim($v['modifier']) . ' ' . $v['func']['type'] . ' (' . $this->compileSELECT($v['func']['subquery']) . ')';
1682 } else {
1683
1684 // Set field/table with modifying prefix if any:
1685 $output .= ' ' . trim($v['modifier'] . ' ' . ($v['table'] ? $v['table'] . '.' : '') . $v['field']);
1686
1687 // Set calculation, if any:
1688 if ($v['calc']) {
1689 $output .= $v['calc'] . $v['calc_value'][1] . $this->compileAddslashes($v['calc_value'][0]) . $v['calc_value'][1];
1690 }
1691
1692 // Set comparator:
1693 if ($v['comparator']) {
1694 $output .= ' ' . $v['comparator'];
1695
1696 // Detecting value type; list or plain:
1697 if (t3lib_div::inList('NOTIN,IN', strtoupper(str_replace(array(' ', "\t", "\r", "\n"), '', $v['comparator'])))) {
1698 if (isset($v['subquery'])) {
1699 $output .= ' (' . $this->compileSELECT($v['subquery']) . ')';
1700 } else {
1701 $valueBuffer = array();
1702 foreach ($v['value'] as $realValue) {
1703 $valueBuffer[] = $realValue[1] . $this->compileAddslashes($realValue[0]) . $realValue[1];
1704 }
1705 $output .= ' (' . trim(implode(',', $valueBuffer)) . ')';
1706 }
1707 } else if (isset($v['value']['operator'])) {
1708 $values = array();
1709 foreach ($v['value']['args'] as $fieldDef) {
1710 $values[] = ($fieldDef['table'] ? $fieldDef['table'] . '.' : '') . $fieldDef['field'];
1711 }
1712 $output .= ' ' . $v['value']['operator'] . '(' . implode(',', $values) . ')';
1713 } else {
1714 $output .= ' ' . $v['value'][1] . $this->compileAddslashes($v['value'][0]) . $v['value'][1];
1715 }
1716 }
1717 }
1718 }
1719 }
1720
1721 // Return output buffer:
1722 return $output;
1723 }
1724
1725 /**
1726 * Compile field definition
1727 *
1728 * @param array Field definition parts
1729 * @return string Field definition string
1730 */
1731 public function compileFieldCfg($fieldCfg) {
1732
1733 // Set type:
1734 $cfg = $fieldCfg['fieldType'];
1735
1736 // Add value, if any:
1737 if (strlen($fieldCfg['value'])) {
1738 $cfg.='('.$fieldCfg['value'].')';
1739 }
1740
1741 // Add additional features:
1742 if (is_array($fieldCfg['featureIndex'])) {
1743 foreach($fieldCfg['featureIndex'] as $featureDef) {
1744 $cfg.=' '.$featureDef['keyword'];
1745
1746 // Add value if found:
1747 if (is_array($featureDef['value'])) {
1748 $cfg.=' '.$featureDef['value'][1].$this->compileAddslashes($featureDef['value'][0]).$featureDef['value'][1];
1749 }
1750 }
1751 }
1752
1753 // Return field definition string:
1754 return $cfg;
1755 }
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767 /*************************
1768 *
1769 * Debugging
1770 *
1771 *************************/
1772
1773 /**
1774 * Check parsability of input SQL part string; Will parse and re-compile after which it is compared
1775 *
1776 * @param string Part definition of string; "SELECT" = fieldlist (also ORDER BY and GROUP BY), "FROM" = table list, "WHERE" = Where clause.
1777 * @param string SQL string to verify parsability of
1778 * @return mixed Returns array with string 1 and 2 if error, otherwise false
1779 */
1780 public function debug_parseSQLpart($part, $str) {
1781 $retVal = false;
1782
1783 switch($part) {
1784 case 'SELECT':
1785 $retVal = $this->debug_parseSQLpartCompare($str,$this->compileFieldList($this->parseFieldList($str)));
1786 break;
1787 case 'FROM':
1788 $retVal = $this->debug_parseSQLpartCompare($str,$this->compileFromTables($this->parseFromTables($str)));
1789 break;
1790 case 'WHERE':
1791 $retVal = $this->debug_parseSQLpartCompare($str,$this->compileWhereClause($this->parseWhereClause($str)));
1792 break;
1793 }
1794 return $retVal;
1795 }
1796
1797 /**
1798 * Compare two query strins by stripping away whitespace.
1799 *
1800 * @param string SQL String 1
1801 * @param string SQL string 2
1802 * @param boolean If true, the strings are compared insensitive to case
1803 * @return mixed Returns array with string 1 and 2 if error, otherwise false
1804 */
1805 public function debug_parseSQLpartCompare($str, $newStr, $caseInsensitive = FALSE) {
1806 if ($caseInsensitive) {
1807 $str1 = strtoupper($str);
1808 $str2 = strtoupper($newStr);
1809 } else {
1810 $str1 = $str;
1811 $str2 = $newStr;
1812 }
1813
1814 // Fixing escaped chars:
1815 $search = array('\0', '\n', '\r', '\Z');
1816 $replace = array("\x00", "\x0a", "\x0d", "\x1a");
1817 $str1 = str_replace($search, $replace, $str1);
1818 $str2 = str_replace($search, $replace, $str2);
1819
1820 # Normally, commented out since they are needed only in tricky cases...
1821 # $str1 = stripslashes($str1);
1822 # $str2 = stripslashes($str2);
1823
1824 if (strcmp(str_replace(array(' ',"\t","\r","\n"),'',$this->trimSQL($str1)),str_replace(array(' ',"\t","\r","\n"),'',$this->trimSQL($str2)))) {
1825 return array(
1826 str_replace(array(' ',"\t","\r","\n"),' ',$str),
1827 str_replace(array(' ',"\t","\r","\n"),' ',$newStr),
1828 );
1829 }
1830 }
1831
1832 /**
1833 * Performs the ultimate test of the parser: Direct a SQL query in; You will get it back (through the parsed and re-compiled) if no problems, otherwise the script will print the error and exit
1834 *
1835 * @param string SQL query
1836 * @return string Query if all is well, otherwise exit.
1837 */
1838 public function debug_testSQL($SQLquery) {
1839
1840 // Getting result array:
1841 $parseResult = $this->parseSQL($SQLquery);
1842
1843 // If result array was returned, proceed. Otherwise show error and exit.
1844 if (is_array($parseResult)) {
1845
1846 // Re-compile query:
1847 $newQuery = $this->compileSQL($parseResult);
1848
1849 // TEST the new query:
1850 $testResult = $this->debug_parseSQLpartCompare($SQLquery, $newQuery);
1851
1852 // Return new query if OK, otherwise show error and exit:
1853 if (!is_array($testResult)) {
1854 return $newQuery;
1855 } else {
1856 debug(array('ERROR MESSAGE'=>'Input query did not match the parsed and recompiled query exactly (not observing whitespace)', 'TEST result' => $testResult),'SQL parsing failed:');
1857 exit;
1858 }
1859 } else {
1860 debug(array('query' => $SQLquery, 'ERROR MESSAGE'=>$parseResult),'SQL parsing failed:');
1861 exit;
1862 }
1863 }
1864 }
1865
1866
1867 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_sqlparser.php']) {
1868 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_sqlparser.php']);
1869 }
1870
1871 ?>