From 33f15aff333442afb45439ddeddcfbcd5d95b2da Mon Sep 17 00:00:00 2001
From: Dominique Fournier <dominique@fournier38.fr>
Date: Thu, 31 Jul 2014 12:47:19 +0000
Subject: [PATCH] dblayer: Add the verification of the types of fields in
 update

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@1622 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
---
 dblayer.php | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/dblayer.php b/dblayer.php
index d08f81a..82a4726 100644
--- a/dblayer.php
+++ b/dblayer.php
@@ -460,7 +460,52 @@ class dblayer extends PDO
       // Verify the fields, if $verify is defined, before doing insertion
       if (array_key_exists ($key, $datas))
         $datasOK[$key] = $datas[$key];
+      // Check for type inconsistencies if the value is provided
+      if ($datas[$key] !== "" && $params[0] === "integer")
+      {
+        if (strspn ($datas[$key], "0123456789") !== strlen ($datas[$key]))
+          throw new Exception (sprintf (
+                            _("Errors in consistency : '%s' is not an integer"),
+                            $key), 405);
+      }
+      elseif ($datas[$key] !== "" && $params[0] === "varchar")
+      {
+        if (! isset ($params[1]))
+          throw new Exception (sprintf (
+                          _("The length of varchar field '%s' is not provided"),
+                          $key), 500);
+        if (strlen ($datas[$key]) > $params[1])
+          throw new Exception (sprintf (
+                             _("Errors in consistency : '%s' data is too long"),
+                             $key), 405);
+      }
+      elseif ($datas[$key] !== "" && $params[0] === "datetime")
+      {
+        // The date format must be in ANSI SQL : YYYY-MM-DD HH:MM:SS
+        $d = DateTime::createFromFormat("Y-m-d H:i:s", $datas[$key]);
+        if (!$d || $d->format("Y-m-d H:i:s") !== $datas[$key])
+          throw new Exception (sprintf (
+                                _("Incorrect datetime provided for field '%s'"),
+                                $key), 500);
+      }
+      elseif ($datas[$key] !== "" && $params[0] === "date")
+      {
+        // The date format must be in ANSI SQL : YYYY-MM-DD
+        $d = DateTime::createFromFormat("Y-m-d", $datas[$key]);
+        if (!$d || $d->format("Y-m-d") !== $datas[$key])
+          throw new Exception (sprintf (
+                                    _("Incorrect date provided for field '%s'"),
+                                    $key), 500);
+      }
+      elseif ($datas[$key] !== "")
+        throw new Exception (sprintf (_("Unknown field type for '%s'"), $key),
+                             500);
+      else
+      {
+        // Nothing to do if the value is empty : just save it
+      }
     }
+
     if (count ($datasOK) === 0)
       throw new Exception (_("Don't receive any field to display"), 501);