X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2FRecord.pm;h=479f9b1f18ec02b9cd4f9e82e286bdd5675f911b;hb=5f7c4a6025b9e3a49bee72dbc06cac37a45e6f10;hp=c3d397389a75d76470a2494312c9a1eadcf69d23;hpb=cf54023e010df76e0c39ac70902877d7c4c94c6e;p=freeside.git diff --git a/FS/FS/Record.pm b/FS/FS/Record.pm index c3d397389..479f9b1f1 100644 --- a/FS/FS/Record.pm +++ b/FS/FS/Record.pm @@ -6,6 +6,7 @@ use charnames ':full'; use vars qw( $AUTOLOAD %virtual_fields_cache %fk_method_cache $fk_table_cache $money_char $lat_lower $lon_upper + $use_placeholders ); use Carp qw(carp cluck croak confess); use Scalar::Util qw( blessed ); @@ -41,6 +42,8 @@ our @EXPORT_OK = qw( our $DEBUG = 0; our $me = '[FS::Record]'; +$use_placeholders = 0; + our $nowarn_identical = 0; our $nowarn_classload = 0; our $no_update_diff = 0; @@ -1349,21 +1352,44 @@ sub insert { grep { defined($self->getfield($_)) && $self->getfield($_) ne "" } real_fields($table) ; - my @values = map { _quote( $self->getfield($_), $table, $_) } @real_fields; - #eslaf my $statement = "INSERT INTO $table "; - if ( @real_fields ) { - $statement .= - "( ". - join( ', ', @real_fields ). - ") VALUES (". - join( ', ', @values ). - ")" - ; - } else { + my @bind_values = (); + + if ( ! @real_fields ) { + $statement .= 'DEFAULT VALUES'; + + } else { + + if ( $use_placeholders ) { + + @bind_values = map $self->getfield($_), @real_fields; + + $statement .= + "( ". + join( ', ', @real_fields ). + ") VALUES (". + join( ', ', map '?', @real_fields ). # @bind_values ). + ")" + ; + + } else { + + my @values = map { _quote( $self->getfield($_), $table, $_) } @real_fields; + + $statement .= + "( ". + join( ', ', @real_fields ). + ") VALUES (". + join( ', ', @values ). + ")" + ; + + } + } + warn "[debug]$me $statement\n" if $DEBUG > 1; my $sth = dbh->prepare($statement) or return dbh->errstr; @@ -1374,7 +1400,7 @@ sub insert { local $SIG{TSTP} = 'IGNORE'; local $SIG{PIPE} = 'IGNORE'; - $sth->execute or return $sth->errstr; + $sth->execute(@bind_values) or return $sth->errstr; # get inserted id from the database, if applicable & needed if ( $db_seq && ! $self->getfield($primary_key) ) { @@ -2621,7 +2647,7 @@ sub ut_currency { =item ut_text COLUMN Check/untaint text. Alphanumerics, spaces, and the following punctuation -symbols are currently permitted: ! @ # $ % & ( ) - + ; : ' " , . ? / = [ ] < > +symbols are currently permitted: ! @ # $ % & ( ) - + ; : ' " , . ? / = [ ] < > ~ May not be null. If there is an error, returns the error, otherwise returns false. @@ -2635,7 +2661,7 @@ sub ut_text { # \p{Word} = alphanumerics, marks (diacritics), and connectors # see perldoc perluniprops $self->getfield($field) - =~ /^([\p{Word} \!\@\#\$\%\&\(\)\-\+\;\:\'\"\,\.\?\/\=\[\]\<\>$money_char]+)$/ + =~ /^([\p{Word} \!\@\#\$\%\&\(\)\-\+\;\:\'\"\,\.\?\/\=\[\]\<\>\~$money_char]+)$/ or return gettext('illegal_or_empty_text'). " $field: ". $self->getfield($field); $self->setfield($field,$1); @@ -3062,6 +3088,13 @@ sub ut_zip { $self->getfield($field); $self->setfield($field, "$1 $2"); + } elsif ( $country eq 'AU' ) { + + $self->getfield($field) =~ /^\s*(\d{4})\s*$/ + or return gettext('illegal_zip'). " $field for country $country: ". + $self->getfield($field); + $self->setfield($field, $1); + } else { if ( $self->getfield($field) =~ /^\s*$/ @@ -3521,11 +3554,7 @@ sub _quote { && driver_name eq 'Pg' ) { - no strict 'subs'; -# dbh->quote($value, { pg_type => PG_BYTEA() }); # doesn't work right - # Pg binary string quoting: convert each character to 3-digit octal prefixed with \\, - # single-quote the whole mess, and put an "E" in front. - return ("E'" . join('', map { sprintf('\\\\%03o', ord($_)) } split(//, $value) ) . "'"); + dbh->quote($value, { pg_type => PG_BYTEA() }); } else { dbh->quote($value); }