ZP-965 Use placeholders for table names in statements for table

creation. Add curly braces around $this->table_name in SQL statements. Released under the Affero GNU General Public License (AGPL) version 3.

ZP-965 Use placeholders for table names in statements for table
creation. Add curly braces around $this->table_name in SQL statements. Released under the Affero GNU General Public License (AGPL) version 3.
15ef4d5c · Manfred Kutas · bf290980 · 15ef4d5c
Commit 15ef4d5c authored Jun 14, 2016 by Manfred Kutas
Show whitespace changes
Inline Side-by-side

Showing with 30 additions and 34 deletions

sqlstatemachine.php src/backend/sqlstatemachine/sqlstatemachine.php +30 -34

No files found.
--- a/src/backend/sqlstatemachine/sqlstatemachine.php
+++ b/src/backend/sqlstatemachine/sqlstatemachine.php
@@ -53,21 +53,17 @@ class SqlStateMachine implements IStateMachine {
    const VERSION = "version";
    const UNKNOWNDATABASE = 1049;
-    const CREATETABLE_SETTINGS = "CREATE TABLE IF NOT EXISTS settings (key_name VARCHAR(50) NOT NULL, key_value VARCHAR(50) NOT NULL, created_at DATETIME NOT NULL, updated_at DATETIME NOT NULL, PRIMARY KEY (key_name));";
+    const CREATETABLE_SETTINGS = "CREATE TABLE IF NOT EXISTS **settings** (key_name VARCHAR(50) NOT NULL, key_value VARCHAR(50) NOT NULL, created_at DATETIME NOT NULL, updated_at DATETIME NOT NULL, PRIMARY KEY (key_name));";
-    const CREATETABLE_USERS = "CREATE TABLE IF NOT EXISTS users (username VARCHAR(50) NOT NULL, device_id VARCHAR(50) NOT NULL, PRIMARY KEY (username, device_id));";
+    const CREATETABLE_USERS = "CREATE TABLE IF NOT EXISTS **users** (username VARCHAR(50) NOT NULL, device_id VARCHAR(50) NOT NULL, PRIMARY KEY (username, device_id));";
-    const CREATETABLE_STATES = "CREATE TABLE IF NOT EXISTS states (id_state INTEGER AUTO_INCREMENT, device_id VARCHAR(50) NOT NULL, uuid VARCHAR(50) NULL, state_type VARCHAR(50), counter INTEGER, state_data MEDIUMBLOB, created_at DATETIME NOT NULL, updated_at DATETIME NOT NULL, PRIMARY KEY (id_state));";
+    const CREATETABLE_STATES = "CREATE TABLE IF NOT EXISTS **states** (id_state INTEGER AUTO_INCREMENT, device_id VARCHAR(50) NOT NULL, uuid VARCHAR(50) NULL, state_type VARCHAR(50), counter INTEGER, state_data MEDIUMBLOB, created_at DATETIME NOT NULL, updated_at DATETIME NOT NULL, PRIMARY KEY (id_state));";
-    const CREATEINDEX_STATES = "CREATE UNIQUE INDEX idx_states_unique ON states (device_id, uuid, state_type, counter);";
+    const CREATEINDEX_STATES = "CREATE UNIQUE INDEX idx_states_unique ON **states** (device_id, uuid, state_type, counter);";
    protected $dbh;
    protected $options;
    protected $dsn;
    protected $stateHashStatement;
-    /**
+    // Name of tables, which can be overwritten in extending classes
-     * Name of tables, which can be overwritten in extending classes
-     *
-     * @var type
-     */
    protected $settings_table = 'settings';
    protected $users_table = 'users';
    protected $states_table = 'states';
@@ -193,7 +189,7 @@ class SqlStateMachine implements IStateMachine {
        if ($counter && $cleanstates)
            $this->CleanStates($devid, $type, $key, $counter);
-        $sql = "SELECT state_data FROM $this->states_table WHERE device_id = :devid AND state_type = :type AND uuid". $this->getSQLOp($key) .":key AND counter = :counter";
+        $sql = "SELECT state_data FROM {$this->states_table} WHERE device_id = :devid AND state_type = :type AND uuid". $this->getSQLOp($key) .":key AND counter = :counter";
        $params = $this->getParams($devid, $type, $key, $counter);
        $data = null;
@@ -246,7 +242,7 @@ class SqlStateMachine implements IStateMachine {
        $key = $this->returnNullified($key);
        ZLog::Write(LOGLEVEL_DEBUG, sprintf("SqlStateMachine->SetState(): devid:'%s' type:'%s' key:'%s' counter:'%s'", $devid, $type, Utils::PrintAsString($key), Utils::PrintAsString($counter)));
-        $sql = "SELECT device_id FROM $this->states_table WHERE device_id = :devid AND state_type = :type AND uuid". $this->getSQLOp($key) .":key AND counter = :counter";
+        $sql = "SELECT device_id FROM {$this->states_table} WHERE device_id = :devid AND state_type = :type AND uuid". $this->getSQLOp($key) .":key AND counter = :counter";
        $params = $this->getParams($devid, $type, $key, $counter);
        $sth = null;
@@ -260,14 +256,14 @@ class SqlStateMachine implements IStateMachine {
            $record = $sth->fetch(PDO::FETCH_ASSOC);
            if (!$record) {
                // New record
-                $sql = "INSERT INTO $this->states_table (device_id, state_type, uuid, counter, state_data, created_at, updated_at) VALUES (:devid, :type, :key, :counter, :data, :created_at, :updated_at)";
+                $sql = "INSERT INTO {$this->states_table} (device_id, state_type, uuid, counter, state_data, created_at, updated_at) VALUES (:devid, :type, :key, :counter, :data, :created_at, :updated_at)";
                $sth = $this->getDbh()->prepare($sql);
                $sth->bindValue(":created_at", $this->getNow(), PDO::PARAM_STR);
            }
            else {
                // Existing record, we update it
-                $sql = "UPDATE $this->states_table SET state_data = :data, updated_at = :updated_at WHERE device_id = :devid AND state_type = :type AND uuid ". $this->getSQLOp($key) .":key AND counter = :counter";
+                $sql = "UPDATE {$this->states_table} SET state_data = :data, updated_at = :updated_at WHERE device_id = :devid AND state_type = :type AND uuid ". $this->getSQLOp($key) .":key AND counter = :counter";
                $sth = $this->getDbh()->prepare($sql);
            }
@@ -318,13 +314,13 @@ class SqlStateMachine implements IStateMachine {
        if ($counter === false) {
            // Remove all the states. Counter are 0 or >0, then deleting >= 0 deletes all
-            $sql = "DELETE FROM $this->states_table WHERE device_id = :devid AND state_type = :type AND uuid". $this->getSQLOp($key) .":key AND counter >= :counter";
+            $sql = "DELETE FROM {$this->states_table} WHERE device_id = :devid AND state_type = :type AND uuid". $this->getSQLOp($key) .":key AND counter >= :counter";
        }
        else if ($counter !== false && $thisCounterOnly === true) {
-            $sql = "DELETE FROM $this->states_table WHERE device_id = :devid AND state_type = :type AND uuid". $this->getSQLOp($key).":key AND counter = :counter";
+            $sql = "DELETE FROM {$this->states_table} WHERE device_id = :devid AND state_type = :type AND uuid". $this->getSQLOp($key).":key AND counter = :counter";
        }
        else {
-            $sql = "DELETE FROM $this->states_table WHERE device_id = :devid AND state_type = :type AND uuid". $this->getSQLOp($key) .":key AND counter < :counter";
+            $sql = "DELETE FROM {$this->states_table} WHERE device_id = :devid AND state_type = :type AND uuid". $this->getSQLOp($key) .":key AND counter < :counter";
        }
        $params = $this->getParams($devid, $type, $key, $counter);
@@ -355,7 +351,7 @@ class SqlStateMachine implements IStateMachine {
        $record = null;
        $changed = false;
        try {
-            $sql = "SELECT username FROM $this->users_table WHERE username = :username AND device_id = :devid";
+            $sql = "SELECT username FROM {$this->users_table} WHERE username = :username AND device_id = :devid";
            $params = array(":username" => $username, ":devid" => $devid);
            $sth = $this->getDbh()->prepare($sql);
@@ -367,7 +363,7 @@ class SqlStateMachine implements IStateMachine {
            }
            else {
                $sth = null;
-                $sql = "INSERT INTO $this->users_table (username, device_id) VALUES (:username, :devid)";
+                $sql = "INSERT INTO {$this->users_table} (username, device_id) VALUES (:username, :devid)";
                $sth = $this->getDbh()->prepare($sql);
                if ($sth->execute($params)) {
                    ZLog::Write(LOGLEVEL_DEBUG, sprintf("SqlStateMachine->LinkUserDevice(): Linked user-device: '%s' '%s'", $username, $devid));
@@ -400,7 +396,7 @@ class SqlStateMachine implements IStateMachine {
        $sth = null;
        $changed = false;
        try {
-            $sql = "DELETE FROM $this->users_table WHERE username = :username AND device_id = :devid";
+            $sql = "DELETE FROM {$this->users_table} WHERE username = :username AND device_id = :devid";
            $params = array(":username" => $username, ":devid" => $devid);
            $sth = $this->getDbh()->prepare($sql);
@@ -432,7 +428,7 @@ class SqlStateMachine implements IStateMachine {
        $record = null;
        $out = array();
        try {
-            $sql = "SELECT device_id, username FROM $this->users_table ORDER BY username";
+            $sql = "SELECT device_id, username FROM {$this->users_table} ORDER BY username";
            $sth = $this->getDbh()->prepare($sql);
            $sth->execute();
@@ -468,11 +464,11 @@ class SqlStateMachine implements IStateMachine {
        try {
            if ($username === false) {
                // we also need to find potentially obsolete states that have no link to the $this->users_table table anymore
-                $sql = "SELECT DISTINCT(device_id) FROM $this->states_table ORDER BY device_id";
+                $sql = "SELECT DISTINCT(device_id) FROM {$this->states_table} ORDER BY device_id";
                $params = array();
            }
            else {
-                $sql = "SELECT device_id FROM $this->users_table WHERE username = :username ORDER BY device_id";
+                $sql = "SELECT device_id FROM {$this->users_table} WHERE username = :username ORDER BY device_id";
                $params = array(":username" => $username);
            }
            $sth = $this->getDbh()->prepare($sql);
@@ -502,7 +498,7 @@ class SqlStateMachine implements IStateMachine {
        $record = null;
        $version = IStateMachine::STATEVERSION_01;
        try {
-            $sql = "SELECT key_value FROM $this->settings_table WHERE key_name = :key_name";
+            $sql = "SELECT key_value FROM {$this->settings_table} WHERE key_name = :key_name";
            $params = array(":key_name" => self::VERSION);
            $sth = $this->getDbh()->prepare($sql);
@@ -540,7 +536,7 @@ class SqlStateMachine implements IStateMachine {
        $record = null;
        $status = false;
        try {
-            $sql = "SELECT key_value FROM $this->settings_table WHERE key_name = :key_name";
+            $sql = "SELECT key_value FROM {$this->settings_table} WHERE key_name = :key_name";
            $params = array(":key_name" => self::VERSION);
            $sth = $this->getDbh()->prepare($sql);
@@ -549,7 +545,7 @@ class SqlStateMachine implements IStateMachine {
            $record = $sth->fetch(PDO::FETCH_ASSOC);
            if ($record) {
                $sth = null;
-                $sql = "UPDATE $this->settings_table SET key_value = :value, updated_at = :updated_at WHERE key_name = :key_name";
+                $sql = "UPDATE {$this->settings_table} SET key_value = :value, updated_at = :updated_at WHERE key_name = :key_name";
                $params[":value"] = $version;
                $params[":updated_at"] = $this->getNow();
@@ -560,7 +556,7 @@ class SqlStateMachine implements IStateMachine {
            }
            else {
                $sth = null;
-                $sql = "INSERT INTO $this->settings_table (key_name, key_value, created_at, updated_at) VALUES (:key_name, :value, :created_at, :updated_at)";
+                $sql = "INSERT INTO {$this->settings_table} (key_name, key_value, created_at, updated_at) VALUES (:key_name, :value, :created_at, :updated_at)";
                $params[":value"] = $version;
                $params[":updated_at"] = $params[":created_at"] = $this->getNow();
@@ -592,7 +588,7 @@ class SqlStateMachine implements IStateMachine {
        $record = null;
        $out = array();
        try {
-            $sql = "SELECT state_type, uuid, counter FROM $this->states_table WHERE device_id = :devid ORDER BY id_state";
+            $sql = "SELECT state_type, uuid, counter FROM {$this->states_table} WHERE device_id = :devid ORDER BY id_state";
            $params = array(":devid" => $devid);
            $sth = $this->getDbh()->prepare($sql);
@@ -712,7 +708,7 @@ class SqlStateMachine implements IStateMachine {
     */
    protected function getStateHashStatement($key) {
        if (!isset($this->stateHashStatement) || $this->stateHashStatement == null) {
-            $sql = "SELECT updated_at FROM $this->states_table WHERE device_id = :devid AND state_type = :type AND uuid ". (($key == null) ? " IS " : " = ") . ":key AND counter = :counter";
+            $sql = "SELECT updated_at FROM {$this->states_table} WHERE device_id = :devid AND state_type = :type AND uuid ". (($key == null) ? " IS " : " = ") . ":key AND counter = :counter";
            $this->stateHashStatement = $this->getDbh()->prepare($sql);
        }
        return $this->stateHashStatement;
@@ -788,9 +784,9 @@ class SqlStateMachine implements IStateMachine {
        try {
            $sqlStmt = strtr(self::CREATETABLE_SETTINGS . self::CREATETABLE_USERS . self::CREATETABLE_STATES . self::CREATEINDEX_STATES,
                array(
-                    ' users ' => $this->users_table,
+                    '**users**' => $this->users_table,
-                    ' states ' => $this->states_table,
+                    '**states**' => $this->states_table,
-                    ' settings' => $this->settings_table,
+                    '**settings**' => $this->settings_table,
                ));
            $sth = $this->getDbh()->prepare($sqlStmt);
            $sth->execute();
@@ -812,7 +808,7 @@ class SqlStateMachine implements IStateMachine {
    public function DoTablesHaveData() {
        try {
            $dataSettings = $dataStates = $dataUsers = false;
-            $sqlStmt = "SELECT key_name FROM $this->settings_table LIMIT 1;";
+            $sqlStmt = "SELECT key_name FROM {$this->settings_table} LIMIT 1;";
            $sth = $this->getDbh()->prepare($sqlStmt);
            $sth->execute();
            if ($sth->rowCount() > 0) {
@@ -823,7 +819,7 @@ class SqlStateMachine implements IStateMachine {
                print("There is no data in settings table." . PHP_EOL);
            }
-            $sqlStmt = "SELECT id_state FROM $this->states_table LIMIT 1;";
+            $sqlStmt = "SELECT id_state FROM {$this->states_table} LIMIT 1;";
            $sth = $this->getDbh()->prepare($sqlStmt);
            $sth->execute();
            if ($sth->rowCount() > 0) {
@@ -834,7 +830,7 @@ class SqlStateMachine implements IStateMachine {
                print("There is no data in states table." . PHP_EOL);
            }
-            $sqlStmt = "SELECT username FROM $this->users_table LIMIT 1;";
+            $sqlStmt = "SELECT username FROM {$this->users_table} LIMIT 1;";
            $sth = $this->getDbh()->prepare($sqlStmt);
            $sth->execute();
            if ($sth->rowCount() > 0) {