added new method: bind_param_generic_fetch to allow binding parameters instead...

added new method: bind_param_generic_fetch to allow binding parameters instead of using parameters within sql

added new method: bind_param_generic_fetch to allow binding parameters instead...
added new method: bind_param_generic_fetch to allow binding parameters instead of using parameters within sql
5041376e · Daniel Rios · 77281969 · 5041376e
Commit 5041376e authored Jul 18, 2008 by Daniel Rios
Hide whitespace changes
Inline Side-by-side

Showing with 46 additions and 1 deletion

modules/Bio/EnsEMBL/DBSQL/BaseAdaptor.pm modules/Bio/EnsEMBL/DBSQL/BaseAdaptor.pm +46 -1

No files found.
--- a/modules/Bio/EnsEMBL/DBSQL/BaseAdaptor.pm
+++ b/modules/Bio/EnsEMBL/DBSQL/BaseAdaptor.pm
@@ -259,6 +259,42 @@ sub _straight_join {
 }


+=head2 bind_param_generic_fetch
+
+ Arg [1]   : (optional)  scalar $param
+              This is the parameter to bind
+ Arg [2]   : (optional) int $sql_type
+              Type of the parameter (from DBI (:sql_types))
+ Example   :  $adaptor->bind_param_generic_fetch($stable_id,SQL_VARCHAR);
+              $adaptor->generic_fetch();
+ Description:  When using parameters for the query, will call the bind_param to avoid
+               some security issues. If there are no arguments, will return the bind_parameters
+ ReturnType : listref
+ Exceptions:  if called with one argument
+
+=cut
+
+sub bind_param_generic_fetch{
+    my $self = shift;
+    my $param = shift;
+    my $sql_type = shift;
+
+    if (defined $param && !defined $sql_type){
+	throw("Need to specify sql_type for parameter $param\n");
+    }
+    elsif (defined $param && defined $sql_type){
+	#both paramters have been entered, push it to the bind_param array
+	push @{$self->{'_bind_param_generic_fetch'}},[$param,$sql_type];
+    }
+    elsif (!defined $param && !defined $sql_type){
+	#when there are no arguments, return the array
+	return $self->{'_bind_param_generic_fetch'};
+    }
+	
+}
+
+
+
 =head2 generic_fetch

  Arg [1]    : (optional) string $constraint
@@ -280,7 +316,6 @@ sub _straight_join {

 sub generic_fetch {
  my ($self, $constraint, $mapper, $slice) = @_;
-
  my @tabs = $self->_tables;
  my $columns = join(', ', $self->_columns());

@@ -344,6 +379,16 @@ sub generic_fetch {
  # printf(STDERR "SQL:\n%s\n", $sql);

  my $sth = $db->dbc->prepare($sql);
+  my $bind_parameters = $self->bind_param_generic_fetch();
+  if (defined $bind_parameters){
+      #if we have bind the parameters, call the DBI to bind them
+      for(my $i=0;$i<length @{$bind_parameters};$i++){
+	  $sth->bind_param($i+1,$bind_parameters->[$i]->[0],$bind_parameters->[$i]->[1]);
+      }
+      #after binding parameters, undef for future queries
+      $self->{'_bind_param_generic_fetch'} = ();
+  }
+#  print STDERR $sql,"\n";
  $sth->execute;
  my $res = $self->_objs_from_sth($sth, $mapper, $slice);
  $sth->finish();