Usage of `yii\db\Expression` for the 'MATCH' statement fixed

adb36e42 · Klimov Paul · b8c9d515 · adb36e42 · adb36e42 · adb36e42
Commit adb36e42 authored Jun 03, 2014 by Klimov Paul
Showing with 21 additions and 7 deletions

Connection.php extensions/sphinx/Connection.php +3 -2

QueryBuilder.php extensions/sphinx/QueryBuilder.php +2 -4

QueryTest.php tests/unit/extensions/sphinx/QueryTest.php +16 -1

No files found.
--- a/extensions/sphinx/Connection.php
+++ b/extensions/sphinx/Connection.php
@@ -132,15 +132,16 @@ class Connection extends \yii\db\Connection
    /**
     * Escapes all special characters from 'MATCH' statement argument.
     * Make sure you are using this method whenever composing 'MATCH' search statement.
+     * Note: this method does not perform quoting, you should place the result in the quotes manually.
     * @param string $str string to be escaped.
     * @return string the properly escaped string.
     */
    public function escapeMatchValue($str)
    {
-        return str_replace(
+        return addslashes(str_replace(
            ['/', '"', "'", '(', ')', '|', '-', '!', '@', '~', '&', '^', '$', '=', "\x00", "\n", "\r", "\x1a"],
            ['\\/', '\\"', "\\'", '\\(', '\\)', '\\|', '\\-', '\\!', '\\@', '\\~', '\\&', '\\^', '\\$', '\\=', "\\x00", "\\n", "\\r", "\\x1a"],
            $str
-        );
+        ));
    }
 }
--- a/extensions/sphinx/QueryBuilder.php
+++ b/extensions/sphinx/QueryBuilder.php
@@ -65,11 +65,9 @@ class QueryBuilder extends Object
        if ($query->match !== null) {
            if ($query->match instanceof Expression) {
                $query->andWhere('MATCH(' . $query->match->expression . ')');
-                $params = array_merge($query->match->params);
+                $params = array_merge($params, $query->match->params);
            } else {
-                $phName = self::PARAM_PREFIX . count($params);
-                $params[$phName] = $this->db->escapeMatchValue($query->match);
-                $query->andWhere('MATCH(' . $phName . ')');
+                $query->andWhere("MATCH('" . $this->db->escapeMatchValue($query->match) . "')");
            }
        }


--- a/tests/unit/extensions/sphinx/QueryTest.php
+++ b/tests/unit/extensions/sphinx/QueryTest.php
@@ -2,6 +2,7 @@

 namespace yiiunit\extensions\sphinx;

+use yii\db\Expression;
 use yii\sphinx\Query;

 /**
@@ -41,7 +42,7 @@ class QueryTest extends SphinxTestCase

        $command = $query->createCommand($this->getConnection(false));
        $this->assertContains('MATCH(', $command->getSql(), 'No MATCH operator present!');
-        $this->assertContains($match, $command->params, 'No match query among params!');
+        $this->assertContains($match, $command->getSql(), 'No match query in SQL!');
    }

    public function testWhere()
@@ -284,4 +285,18 @@ class QueryTest extends SphinxTestCase
            ->all($connection);
        $this->assertNotEmpty($rows);
    }
+
+    /**
+     * @depends testMatchSpecialCharValue
+     */
+    public function testMatchComplex()
+    {
+        $connection = $this->getConnection();
+
+        $query = new Query;
+        $rows = $query->from('yii2_test_article_index')
+            ->match(new Expression("'@(content) " . $connection->escapeMatchValue('about"') . "'"))
+            ->all($connection);
+        $this->assertNotEmpty($rows);
+    }
 }