From 70bc427470b232b8c227eee835094c10a979c367 Mon Sep 17 00:00:00 2001 From: Joe Nahmias Date: Sun, 10 Jul 2022 19:35:33 -0400 Subject: [PATCH] fix(mssql): use picodb ORM for subtask timer query, rather than hardcoded SQL the hardcoded SQL was failing on MSSQL because 'end' is a reserved keyword and thus must be escaped escape identifiers within subtask timer subquery conditions serialize and interpolate values into text after generation --- app/Model/SubtaskTimeTrackingModel.php | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/app/Model/SubtaskTimeTrackingModel.php b/app/Model/SubtaskTimeTrackingModel.php index 25fd95c7c..414ffbc2d 100644 --- a/app/Model/SubtaskTimeTrackingModel.php +++ b/app/Model/SubtaskTimeTrackingModel.php @@ -29,16 +29,20 @@ class SubtaskTimeTrackingModel extends Base */ public function getTimerQuery($user_id) { - return sprintf( - "SELECT %s FROM %s WHERE %s='%d' AND %s='0' AND %s=%s LIMIT 1", - $this->db->escapeIdentifier('start'), - $this->db->escapeIdentifier(self::TABLE), - $this->db->escapeIdentifier('user_id'), - $user_id, - $this->db->escapeIdentifier('end'), - $this->db->escapeIdentifier('subtask_id'), - SubtaskModel::TABLE.'.id' - ); + $sql = $this->db + ->table(self::TABLE) + ->columns('start') + ->eq($this->db->escapeIdentifier('user_id',self::TABLE), $user_id) + ->eq($this->db->escapeIdentifier('end',self::TABLE), 0) + ->eq($this->db->escapeIdentifier('subtask_id',self::TABLE), SubtaskModel::TABLE.'.id') + ->limit(1) + ->buildSelectQuery(); + // need to interpolate values into the SQL text for use as a subquery + // in SubtaskModel::getQuery() + $sql = substr_replace($sql, $user_id, strpos($sql, '?'), 1); + $sql = substr_replace($sql, 0, strpos($sql, '?'), 1); + $sql = substr_replace($sql, SubtaskModel::TABLE.'.id', strpos($sql, '?'), 1); + return $sql; } /**