dblayer: Add the verification of the types of fields in update

git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@1622 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
2014-07-31 12:47:19 +00:00
parent 49fbe8b16e
commit 33f15aff33
1 changed files with 45 additions and 0 deletions
--- a/dblayer.php
+++ b/dblayer.php
@@ -460,7 +460,52 @@ class dblayer extends PDO
      // Verify the fields, if $verify is defined, before doing insertion
      if (array_key_exists ($key, $datas))
        $datasOK[$key] = $datas[$key];
+      // Check for type inconsistencies if the value is provided
+      if ($datas[$key] !== "" && $params[0] === "integer")
+      {
+        if (strspn ($datas[$key], "0123456789") !== strlen ($datas[$key]))
+          throw new Exception (sprintf (
+                            _("Errors in consistency : '%s' is not an integer"),
+                            $key), 405);
+      }
+      elseif ($datas[$key] !== "" && $params[0] === "varchar")
+      {
+        if (! isset ($params[1]))
+          throw new Exception (sprintf (
+                          _("The length of varchar field '%s' is not provided"),
+                          $key), 500);
+        if (strlen ($datas[$key]) > $params[1])
+          throw new Exception (sprintf (
+                             _("Errors in consistency : '%s' data is too long"),
+                             $key), 405);
+      }
+      elseif ($datas[$key] !== "" && $params[0] === "datetime")
+      {
+        // The date format must be in ANSI SQL : YYYY-MM-DD HH:MM:SS
+        $d = DateTime::createFromFormat("Y-m-d H:i:s", $datas[$key]);
+        if (!$d || $d->format("Y-m-d H:i:s") !== $datas[$key])
+          throw new Exception (sprintf (
+                                _("Incorrect datetime provided for field '%s'"),
+                                $key), 500);
+      }
+      elseif ($datas[$key] !== "" && $params[0] === "date")
+      {
+        // The date format must be in ANSI SQL : YYYY-MM-DD
+        $d = DateTime::createFromFormat("Y-m-d", $datas[$key]);
+        if (!$d || $d->format("Y-m-d") !== $datas[$key])
+          throw new Exception (sprintf (
+                                    _("Incorrect date provided for field '%s'"),
+                                    $key), 500);
+      }
+      elseif ($datas[$key] !== "")
+        throw new Exception (sprintf (_("Unknown field type for '%s'"), $key),
+                             500);
+      else
+      {
+        // Nothing to do if the value is empty : just save it
+      }
    }
+
    if (count ($datasOK) === 0)
      throw new Exception (_("Don't receive any field to display"), 501);