From 8652c83ea10661483217c4088b582b9f05b90c20 Mon Sep 17 00:00:00 2001 From: thinkphp Date: Thu, 18 Oct 2018 18:37:53 +0800 Subject: [PATCH] =?UTF-8?q?=E6=94=B9=E8=BF=9B=E8=81=9A=E5=90=88=E6=9F=A5?= =?UTF-8?q?=E8=AF=A2=E7=9A=84=E5=AE=89=E5=85=A8=E6=80=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- library/think/db/Builder.php | 4 ++++ library/think/db/Query.php | 33 ++++++++++++++++++++++++----- library/think/db/builder/Mysql.php | 3 +++ library/think/db/builder/Sqlsrv.php | 4 ++++ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/library/think/db/Builder.php b/library/think/db/Builder.php index 375ebb8c..58b45aa8 100644 --- a/library/think/db/Builder.php +++ b/library/think/db/Builder.php @@ -98,6 +98,10 @@ abstract class Builder $result = []; foreach ($data as $key => $val) { + if ('*' != $options['field'] && !in_array($key, $fields, true)) { + continue; + } + $item = $this->parseKey($key, $options, true); if ($val instanceof Expression) { $result[$item] = $val->getValue(); diff --git a/library/think/db/Query.php b/library/think/db/Query.php index b63c38e5..70c43a3a 100644 --- a/library/think/db/Query.php +++ b/library/think/db/Query.php @@ -531,13 +531,36 @@ class Query public function count($field = '*') { if (isset($this->options['group'])) { + if (!preg_match('/^[\w\.\*]+$/', $field)) { + throw new Exception('not support data:' . $field); + } // 支持GROUP $options = $this->getOptions(); $subSql = $this->options($options)->field('count(' . $field . ')')->bind($this->bind)->buildSql(); + return $this->table([$subSql => '_group_count_'])->value('COUNT(*) AS tp_count', 0, true); } - return $this->value('COUNT(' . $field . ') AS tp_count', 0, true); + return $this->aggregate('COUNT', $field, true); + } + + /** + * 聚合查询 + * @access public + * @param string $aggregate 聚合方法 + * @param string $field 字段名 + * @param bool $force 强制转为数字类型 + * @return mixed + */ + public function aggregate($aggregate, $field, $force = false) + { + if (!preg_match('/^[\w\.\*]+$/', $field)) { + throw new Exception('not support data:' . $field); + } + + $result = $this->value($aggregate . '(' . $field . ') AS tp_' . strtolower($aggregate), 0, $force); + + return $result; } /** @@ -548,7 +571,7 @@ class Query */ public function sum($field) { - return $this->value('SUM(' . $field . ') AS tp_sum', 0, true); + return $this->aggregate('SUM', $field, true); } /** @@ -560,7 +583,7 @@ class Query */ public function min($field, $force = true) { - return $this->value('MIN(' . $field . ') AS tp_min', 0, $force); + return $this->aggregate('MIN', $field, $force); } /** @@ -572,7 +595,7 @@ class Query */ public function max($field, $force = true) { - return $this->value('MAX(' . $field . ') AS tp_max', 0, $force); + return $this->aggregate('MAX', $field, $force); } /** @@ -583,7 +606,7 @@ class Query */ public function avg($field) { - return $this->value('AVG(' . $field . ') AS tp_avg', 0, true); + return $this->aggregate('AVG', $field, true); } /** diff --git a/library/think/db/builder/Mysql.php b/library/think/db/builder/Mysql.php index 8eee746f..be2af714 100644 --- a/library/think/db/builder/Mysql.php +++ b/library/think/db/builder/Mysql.php @@ -109,6 +109,9 @@ class Mysql extends Builder } } + if ($strict && !preg_match('/^[\w\.\*]+$/', $key)) { + throw new Exception('not support data:' . $key); + } if ('*' != $key && ($strict || !preg_match('/[,\'\"\*\(\)`.\s]/', $key))) { $key = '`' . $key . '`'; } diff --git a/library/think/db/builder/Sqlsrv.php b/library/think/db/builder/Sqlsrv.php index f79ae030..dc425d9e 100644 --- a/library/think/db/builder/Sqlsrv.php +++ b/library/think/db/builder/Sqlsrv.php @@ -94,6 +94,10 @@ class Sqlsrv extends Builder $table = $options['alias'][$table]; } } + + if ($strict && !preg_match('/^[\w\.\*]+$/', $key)) { + throw new Exception('not support data:' . $key); + } if ('*' != $key && ($strict || !preg_match('/[,\'\"\*\(\)\[.\s]/', $key))) { $key = '[' . $key . ']'; }