174 * @param string $sql |
174 * @param string $sql |
175 * @return string |
175 * @return string |
176 */ |
176 */ |
177 protected function _stripQuoted($sql) |
177 protected function _stripQuoted($sql) |
178 { |
178 { |
|
179 |
|
180 // get the character for value quoting |
|
181 // this should be ' |
|
182 $q = $this->_adapter->quote('a'); |
|
183 $q = $q[0]; |
|
184 // get the value used as an escaped quote, |
|
185 // e.g. \' or '' |
|
186 $qe = $this->_adapter->quote($q); |
|
187 $qe = substr($qe, 1, 2); |
|
188 $qe = preg_quote($qe); |
|
189 $escapeChar = substr($qe,0,1); |
|
190 // remove 'foo\'bar' |
|
191 if (!empty($q)) { |
|
192 $escapeChar = preg_quote($escapeChar); |
|
193 // this segfaults only after 65,000 characters instead of 9,000 |
|
194 $sql = preg_replace("/$q([^$q{$escapeChar}]*|($qe)*)*$q/s", '', $sql); |
|
195 } |
|
196 |
|
197 // get a version of the SQL statement with all quoted |
|
198 // values and delimited identifiers stripped out |
|
199 // remove "foo\"bar" |
|
200 $sql = preg_replace("/\"(\\\\\"|[^\"])*\"/Us", '', $sql); |
|
201 |
179 // get the character for delimited id quotes, |
202 // get the character for delimited id quotes, |
180 // this is usually " but in MySQL is ` |
203 // this is usually " but in MySQL is ` |
181 $d = $this->_adapter->quoteIdentifier('a'); |
204 $d = $this->_adapter->quoteIdentifier('a'); |
182 $d = $d[0]; |
205 $d = $d[0]; |
183 |
|
184 // get the value used as an escaped delimited id quote, |
206 // get the value used as an escaped delimited id quote, |
185 // e.g. \" or "" or \` |
207 // e.g. \" or "" or \` |
186 $de = $this->_adapter->quoteIdentifier($d); |
208 $de = $this->_adapter->quoteIdentifier($d); |
187 $de = substr($de, 1, 2); |
209 $de = substr($de, 1, 2); |
188 $de = str_replace('\\', '\\\\', $de); |
210 $de = preg_quote($de); |
189 |
211 // Note: $de and $d where never used..., now they are: |
190 // get the character for value quoting |
212 $sql = preg_replace("/$d($de|\\\\{2}|[^$d])*$d/Us", '', $sql); |
191 // this should be ' |
|
192 $q = $this->_adapter->quote('a'); |
|
193 $q = $q[0]; |
|
194 |
|
195 // get the value used as an escaped quote, |
|
196 // e.g. \' or '' |
|
197 $qe = $this->_adapter->quote($q); |
|
198 $qe = substr($qe, 1, 2); |
|
199 $qe = str_replace('\\', '\\\\', $qe); |
|
200 |
|
201 // get a version of the SQL statement with all quoted |
|
202 // values and delimited identifiers stripped out |
|
203 // remove "foo\"bar" |
|
204 $sql = preg_replace("/$q($qe|\\\\{2}|[^$q])*$q/", '', $sql); |
|
205 // remove 'foo\'bar' |
|
206 if (!empty($q)) { |
|
207 $sql = preg_replace("/$q($qe|[^$q])*$q/", '', $sql); |
|
208 } |
|
209 |
|
210 return $sql; |
213 return $sql; |
211 } |
214 } |
212 |
215 |
213 /** |
216 /** |
214 * Bind a column of the statement result set to a PHP variable. |
217 * Bind a column of the statement result set to a PHP variable. |