修正数据库参数绑定一处BUG

liu21st · liu21st · commit 8d8e002384b5 · 2016-01-20T19:05:04.000+08:00
diff --git a/ThinkPHP/Library/Think/Db/Driver.class.php b/ThinkPHP/Library/Think/Db/Driver.class.php
@@ -414,11 +414,11 @@ protected function parseSet($data)
             } elseif (is_scalar($val)) {
                 // 过滤非标量数据
                 if (0 === strpos($val, ':') && in_array($val, array_keys($this->bind))) {
-                    $set[] = $this->parseKey($key) . '=' . $this->escapeString($val);
+                    $set[] = $this->parseKey($key) . '=' . $val;
                 } else {
                     $name  = count($this->bind);
-                    $set[] = $this->parseKey($key) . '=:' . $name;
-                    $this->bindParam($name, $val);
+                    $set[] = $this->parseKey($key) . '=:' . $key . '_' . $name;
+                    $this->bindParam($key . '_' . $name, $val);
                 }
             }
         }
@@ -443,7 +443,7 @@ protected function bindParam($name, $value)
      * @param string $key
      * @return string
      */
-    protected function parseKey(&$key)
+    protected function parseKey($key)
     {
         return $key;
     }
@@ -522,8 +522,7 @@ protected function parseTable($tables)
             }
             $tables = $array;
         } elseif (is_string($tables)) {
-            $tables = explode(',', $tables);
-            array_walk($tables, array(&$this, 'parseKey'));
+            $tables = array_map(array($this, 'parseKey'), explode(',', $tables));
         }
         return implode(',', $tables);
     }
@@ -909,11 +908,11 @@ public function insert($data, $options = array(), $replace = false)
                 // 过滤非标量数据
                 $fields[] = $this->parseKey($key);
                 if (0 === strpos($val, ':') && in_array($val, array_keys($this->bind))) {
-                    $values[] = $this->parseValue($val);
+                    $values[] = $val;
                 } else {
                     $name     = count($this->bind);
-                    $values[] = ':' . $name;
-                    $this->bindParam($name, $val);
+                    $values[] = ':' . $key . '_' . $name;
+                    $this->bindParam($key . '_' . $name, $val);
                 }
             }
         }
@@ -982,8 +981,8 @@ public function selectInsert($fields, $table, $options = array())
             $fields = explode(',', $fields);
         }
 
-        array_walk($fields, array($this, 'parseKey'));
-        $sql = 'INSERT INTO ' . $this->parseTable($table) . ' (' . implode(',', $fields) . ') ';
+        $fields = array_map(array($this, 'parseKey'), $fields);
+        $sql    = 'INSERT INTO ' . $this->parseTable($table) . ' (' . implode(',', $fields) . ') ';
         $sql .= $this->buildSelectSql($options);
         return $this->execute($sql, !empty($options['fetch_sql']) ? true : false);
     }
diff --git a/ThinkPHP/Library/Think/Db/Driver/Mysql.class.php b/ThinkPHP/Library/Think/Db/Driver/Mysql.class.php
@@ -98,7 +98,7 @@ public function getTables($dbName = '')
      * @param string $key
      * @return string
      */
-    protected function parseKey(&$key)
+    protected function parseKey($key)
     {
         $key = trim($key);
         if (!is_numeric($key) && !preg_match('/[,\'\"\*\(\)`.\s]/', $key)) {
@@ -197,10 +197,10 @@ protected function parseDuplicate($duplicate)
                 }
 
                 switch ($val[0]) {
-                    case 'exp': // 表达式
+                    case 'exp':    // 表达式
                         $updates[] = $this->parseKey($key) . "=($val[1])";
                         break;
-                    case 'value': // 值
+                    case 'value':// 值
                     default:
                         $name      = count($this->bind);
                         $updates[] = $this->parseKey($key) . "=:" . $name;
diff --git a/ThinkPHP/Library/Think/Db/Driver/Sqlsrv.class.php b/ThinkPHP/Library/Think/Db/Driver/Sqlsrv.class.php
@@ -109,7 +109,7 @@ protected function parseOrder($order)
      * @param string $key
      * @return string
      */
-    protected function parseKey(&$key)
+    protected function parseKey($key)
     {
         $key = trim($key);
         if (!is_numeric($key) && !preg_match('/[,\'\"\*\(\)\[.\s]/', $key)) {

Original file line number	Diff line number	Diff line change
`@@ -414,11 +414,11 @@ protected function parseSet($data)`
`414`	`414`	`} elseif (is_scalar($val)) {`
`415`	`415`	`// 过滤非标量数据`
`416`	`416`	`if (0 === strpos($val, ':') && in_array($val, array_keys($this->bind))) {`
`417`		`- $set[] = $this->parseKey($key) . '=' . $this->escapeString($val);`
	`417`	`+ $set[] = $this->parseKey($key) . '=' . $val;`
`418`	`418`	`} else {`
`419`	`419`	`$name = count($this->bind);`
`420`		`- $set[] = $this->parseKey($key) . '=:' . $name;`
`421`		`- $this->bindParam($name, $val);`
	`420`	`+ $set[] = $this->parseKey($key) . '=:' . $key . '_' . $name;`
	`421`	`+ $this->bindParam($key . '_' . $name, $val);`
`422`	`422`	`}`
`423`	`423`	`}`
`424`	`424`	`}`
`@@ -443,7 +443,7 @@ protected function bindParam($name, $value)`
`443`	`443`	`* @param string $key`
`444`	`444`	`* @return string`
`445`	`445`	`*/`
`446`		`- protected function parseKey(&$key)`
	`446`	`+ protected function parseKey($key)`
`447`	`447`	`{`
`448`	`448`	`return $key;`
`449`	`449`	`}`
`@@ -522,8 +522,7 @@ protected function parseTable($tables)`
`522`	`522`	`}`
`523`	`523`	`$tables = $array;`
`524`	`524`	`} elseif (is_string($tables)) {`
`525`		`- $tables = explode(',', $tables);`
`526`		`- array_walk($tables, array(&$this, 'parseKey'));`
	`525`	`+ $tables = array_map(array($this, 'parseKey'), explode(',', $tables));`
`527`	`526`	`}`
`528`	`527`	`return implode(',', $tables);`
`529`	`528`	`}`
`@@ -909,11 +908,11 @@ public function insert($data, $options = array(), $replace = false)`
`909`	`908`	`// 过滤非标量数据`
`910`	`909`	`$fields[] = $this->parseKey($key);`
`911`	`910`	`if (0 === strpos($val, ':') && in_array($val, array_keys($this->bind))) {`
`912`		`- $values[] = $this->parseValue($val);`
	`911`	`+ $values[] = $val;`
`913`	`912`	`} else {`
`914`	`913`	`$name = count($this->bind);`
`915`		`- $values[] = ':' . $name;`
`916`		`- $this->bindParam($name, $val);`
	`914`	`+ $values[] = ':' . $key . '_' . $name;`
	`915`	`+ $this->bindParam($key . '_' . $name, $val);`
`917`	`916`	`}`
`918`	`917`	`}`
`919`	`918`	`}`
`@@ -982,8 +981,8 @@ public function selectInsert($fields, $table, $options = array())`
`982`	`981`	`$fields = explode(',', $fields);`
`983`	`982`	`}`
`984`	`983`
`985`		`- array_walk($fields, array($this, 'parseKey'));`
`986`		`- $sql = 'INSERT INTO ' . $this->parseTable($table) . ' (' . implode(',', $fields) . ') ';`
	`984`	`+ $fields = array_map(array($this, 'parseKey'), $fields);`
	`985`	`+ $sql = 'INSERT INTO ' . $this->parseTable($table) . ' (' . implode(',', $fields) . ') ';`
`987`	`986`	`$sql .= $this->buildSelectSql($options);`
`988`	`987`	`return $this->execute($sql, !empty($options['fetch_sql']) ? true : false);`
`989`	`988`	`}`
Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ protected function parseOrder($order)`
`109`	`109`	`* @param string $key`
`110`	`110`	`* @return string`
`111`	`111`	`*/`
`112`		`- protected function parseKey(&$key)`
	`112`	`+ protected function parseKey($key)`
`113`	`113`	`{`
`114`	`114`	`$key = trim($key);`
`115`	`115`	`if (!is_numeric($key) && !preg_match('/[,\'\"\*\(\)\[.\s]/', $key)) {`