* @param string $param usually bound query parameter (?, :named)
* @param bool $casesensitive use case sensitive search
* @param bool $accensensitive use accent sensitive search (not all databases support accent insensitive)
+ * @param bool $notlike true means "NOT LIKE"
* @param string $escapechar escape char for '%' and '_'
* @return string SQL code fragment
*/
- public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $escapechar = '\\') {
+ public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $notlike = false, $escapechar = '\\') {
if (strpos($param, '%') !== false) {
debugging('Potential SQL injection detected, sql_like() expects bound parameters (? or :named)');
}
+ $LIKE = $notlike ? 'NOT LIKE' : 'LIKE';
// by default ignore any sensitiveness - each database does it in a different way
- return "$fieldname LIKE $param ESCAPE '$escapechar'";
+ return "$fieldname $LIKE $param ESCAPE '$escapechar'";
}
/**
* @param string $param usually bound query parameter (?, :named)
* @param bool $casesensitive use case sensitive search
* @param bool $accensensitive use accent sensitive search (not all databases support accent insensitive)
+ * @param bool $notlike true means "NOT LIKE"
* @param string $escapechar escape char for '%' and '_'
* @return string SQL code fragment
*/
- public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $escapechar = '\\') {
+ public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $notlike = false, $escapechar = '\\') {
if (strpos($param, '%') !== false) {
debugging('Potential SQL injection detected, sql_ilike() expects bound parameters (? or :named)');
}
$collation = str_replace('_AS', '_AI', $collation);
}
- return "$fieldname COLLATE $collation LIKE $param ESCAPE '$escapechar'";
+ $LIKE = $notlike ? 'NOT LIKE' : 'LIKE';
+
+ return "$fieldname COLLATE $collation $LIKE $param ESCAPE '$escapechar'";
}
public function sql_concat() {
* @param string $param usually bound query parameter (?, :named)
* @param bool $casesensitive use case sensitive search
* @param bool $accensensitive use accent sensitive search (not all databases support accent insensitive)
+ * @param bool $notlike true means "NOT LIKE"
* @param string $escapechar escape char for '%' and '_'
* @return string SQL code fragment
*/
- public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $escapechar = '\\') {
+ public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $notlike = false, $escapechar = '\\') {
if (strpos($param, '%') !== false) {
debugging('Potential SQL injection detected, sql_ilike() expects bound parameters (? or :named)');
}
$escapechar = $this->mysqli->real_escape_string($escapechar); // prevents problems with C-style escapes of enclosing '\'
+ $LIKE = $notlike ? 'NOT LIKE' : 'LIKE';
if ($casesensitive) {
- return "$fieldname LIKE $param COLLATE utf8_bin ESCAPE '$escapechar'";
+ return "$fieldname $LIKE $param COLLATE utf8_bin ESCAPE '$escapechar'";
} else {
if ($accentsensitive) {
- return "LOWER($fieldname) LIKE LOWER($param) COLLATE utf8_bin ESCAPE '$escapechar'";
+ return "LOWER($fieldname) $LIKE LOWER($param) COLLATE utf8_bin ESCAPE '$escapechar'";
} else {
- return "$fieldname LIKE $param ESCAPE '$escapechar'";
+ return "$fieldname $LIKE $param ESCAPE '$escapechar'";
}
}
}
* @param string $param usually bound query parameter (?, :named)
* @param bool $casesensitive use case sensitive search
* @param bool $accensensitive use accent sensitive search (not all databases support accent insensitive)
+ * @param bool $notlike true means "NOT LIKE"
* @param string $escapechar escape char for '%' and '_'
* @return string SQL code fragment
*/
- public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $escapechar = '\\') {
+ public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $notlike = false, $escapechar = '\\') {
if (strpos($param, '%') !== false) {
debugging('Potential SQL injection detected, sql_ilike() expects bound parameters (? or :named)');
}
+ $LIKE = $notlike ? 'NOT LIKE' : 'LIKE';
+
// no accent sensitiveness here for now, sorry
if ($casesensitive) {
- return "$fieldname LIKE $param ESCAPE '$escapechar'";
+ return "$fieldname $LIKE $param ESCAPE '$escapechar'";
} else {
- return "LOWER($fieldname) LIKE LOWER($param) ESCAPE '$escapechar'";
+ return "LOWER($fieldname) $LIKE LOWER($param) ESCAPE '$escapechar'";
}
}
* @param string $param usually bound query parameter (?, :named)
* @param bool $casesensitive use case sensitive search
* @param bool $accensensitive use accent sensitive search (not all databases support accent insensitive)
+ * @param bool $notlike true means "NOT LIKE"
* @param string $escapechar escape char for '%' and '_'
* @return string SQL code fragment
*/
- public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $escapechar = '\\') {
+ public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $notlike = false, $escapechar = '\\') {
if (strpos($param, '%') !== false) {
debugging('Potential SQL injection detected, sql_ilike() expects bound parameters (? or :named)');
}
// postgresql does not support accent insensitive text comparisons, sorry
if ($casesensitive) {
- return "$fieldname LIKE $param ESCAPE '$escapechar'";
+ $LIKE = $notlike ? 'NOT LIKE' : 'LIKE';
} else {
- return "$fieldname ILIKE $param ESCAPE '$escapechar'";
+ $LIKE = $notlike ? 'NOT ILIKE' : 'ILIKE';
}
+ return "$fieldname $LIKE $param ESCAPE '$escapechar'";
}
public function sql_ilike() {
$records = $DB->get_records_sql($sql, array("ouc\\_"));
$this->assertEqual(count($records), 1);
- $sql = "SELECT * FROM {{$tablename}} WHERE ".$DB->sql_like('name', '?', true, true, '|');
+ $sql = "SELECT * FROM {{$tablename}} WHERE ".$DB->sql_like('name', '?', true, true, false, '|');
$records = $DB->get_records_sql($sql, array($DB->sql_like_escape("ouc%", '|')));
$this->assertEqual(count($records), 1);
$records = $DB->get_records_sql($sql, array('aui'));
$this->assertEqual(count($records), 1);
+ $sql = "SELECT * FROM {{$tablename}} WHERE ".$DB->sql_like('name', '?', true, true, true); // NOT LIKE
+ $records = $DB->get_records_sql($sql, array("%o%"));
+ $this->assertEqual(count($records), 3);
+
+ $sql = "SELECT * FROM {{$tablename}} WHERE ".$DB->sql_like('name', '?', false, true, true); // NOT ILIKE
+ $records = $DB->get_records_sql($sql, array("%D%"));
+ $this->assertEqual(count($records), 6);
+
// TODO: we do not require accent insensitivness yet, just make sure it does not throw errors
$sql = "SELECT * FROM {{$tablename}} WHERE ".$DB->sql_like('name', '?', true, false);
$records = $DB->get_records_sql($sql, array('aui'));
* @param string $param usually bound query parameter (?, :named)
* @param bool $casesensitive use case sensitive search
* @param bool $accensensitive use accent sensitive search (not all databases support accent insensitive)
+ * @param bool $notlike true means "NOT LIKE"
* @param string $escapechar escape char for '%' and '_'
* @return string SQL code fragment
*/
- public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $escapechar = '\\') {
+ public function sql_like($fieldname, $param, $casesensitive = true, $accentsensitive = true, $notlike = false, $escapechar = '\\') {
if (strpos($param, '%') !== false) {
debugging('Potential SQL injection detected, sql_ilike() expects bound parameters (? or :named)');
}
$collation = $this->get_collation();
+ $LIKE = $notlike ? 'NOT LIKE' : 'LIKE';
if ($casesensitive) {
$collation = str_replace('_CI', '_CS', $collation);
$collation = str_replace('_AS', '_AI', $collation);
}
- return "$fieldname COLLATE $collation LIKE $param ESCAPE '$escapechar'";
+ return "$fieldname COLLATE $collation $LIKE $param ESCAPE '$escapechar'";
}
public function sql_concat() {
