WebSVN – eFlore/Applications.cel – Diff – /trunk/jrest/services/InventoryImageLink.php

 * PHP Version 5
+*
 * @category  PHP
 * @package   jrest
 * @author    Aurélien Peronnet <aurelien@tela-botanica.org>
+* @author    Raphaël Droz <raphael@tela-botanica.org>
-* @copyright 2010 Tela-Botanica
+* @copyright 2010,2013 Tela-Botanica
 * @license   http://www.cecill.info/licences/Licence_CeCILL_V2-fr.txt Licence CECILL
 * @version   SVN: <svn_id>
 * @link      /doc/jrest/
 */
+	{
 		// Controle detournement utilisateur
 		$this->controleUtilisateur($pairs['ce_utilisateur']);
 		if(!isset($pairs['id_image'])) exit;
-		$ids_images = $pairs['id_image'] ;
-		$ids_images = rtrim($ids_images,',') ;
-		$ids_images_liste = explode(",",$ids_images) ;
+		$utilisateur = $pairs['ce_utilisateur'] ;
-		$utilisateur = $pairs['ce_utilisateur'] ;
+		// filtrage des entiers
-		$ids_observations = $pairs['id_observation'] ;
+		$ids_observations = self::filterInt($pairs['id_observation']);
-		$ids_observations = rtrim($ids_observations,',') ;
-		$ids_observations_liste = explode(",",$ids_observations) ;
+		$ids_images = self::filterInt($pairs['id_image']);
-		$retour = false;
+		if(empty($ids_images) || empty($ids_observations)) die('err');
-		foreach($ids_images_liste as $image)
-		{
-			foreach($ids_observations_liste as $observation)
+		// filtrage des entiers à partir des ids existant réellement en DB
+		$ids_observations = array_map(array(__CLASS__, 'getRequeteVal'),
-			{
+									  Cel::db()->requeter(sprintf("SELECT id_observation FROM cel_obs WHERE id_observation IN (%s) AND ce_utilisateur = %d",
+																  implode(',', $ids_observations),
-				$requete_creation_lien = 'INSERT INTO cel_obs_images (id_image, id_observation, date_liaison) '.
+																  $utilisateur)));
-					   	 'VALUES '.
+		$ids_images = array_map(array(__CLASS__, 'getRequeteVal'),
+								Cel::db()->requeter(sprintf("SELECT id_image FROM cel_images WHERE id_image IN (%s) AND ce_utilisateur = %d",
-						 '('.Cel::db()->proteger($image).','.Cel::db()->proteger($observation).', NOW()) '.
+															implode(',', $ids_images),
-						 'ON DUPLICATE KEY UPDATE id_image = id_image' ;
+															$utilisateur)));
+		if(empty($ids_images) || empty($ids_observations)) die('err');
-				$resultat_creation_lien = Cel::db()->executer($requete_creation_lien);
+		$requete_creation_lien = 'INSERT INTO cel_obs_images (id_image, id_observation, date_liaison) VALUES %s ON DUPLICATE KEY UPDATE id_image = id_image' . ' -- ' . __FILE__ . ':' . __LINE__;
+		$update = Array();
+		foreach($ids_images as $image) {
-				if ($resultat_creation_lien) {
-					$retour = "OK";
+			foreach($ids_observations as $observation) {
 				$update[] = "($image, $observation, NOW())";
-			}
+			}
 		}
+		$resultat_creation_lien = Cel::db()->executer(sprintf($requete_creation_lien, implode(',', $update)));
-		echo $retour ;
+		if ($resultat_creation_lien) die("OK");
-		exit ;
+		exit; // peut-être qu'aucune mise à jour n'a eu lieu (ON DUPLICATE KEY)
+	}
 	 * uid[0] : utilisateur obligatoire
 	 * uid[1] : identifiant(s) image(s) obligatoire(s)
 	 * uid[2] : identifiant(s) observations
+	 *
 	 */
-	function deleteElement($uid)
+	function deleteElement($uid) {
-	{
 	 	// Controle detournement utilisateur
 		$this->controleUtilisateur($uid[0]);
+		$id = $uid[0];
-		$id_img = $uid[1] ;
+		$ids_images = self::filterInt($uid[1]);
-		$id_obs = Cel::db()->proteger($uid[2]) ;
+		$ids_observations = self::filterInt($uid[2]);
-		$id = $uid[0] ;
-		if (isset($id)) {
-	           	$requete_suppression_lien = "DELETE FROM cel_obs_images ".
+		if(empty($ids_images) || empty($ids_observations) || ! $id) die('err');
-											"WHERE id_image IN (".$id_img.") ".
+		$ids_images = array_map(array(__CLASS__, 'getRequeteVal'),
+								Cel::db()->requeter(sprintf("SELECT id_image FROM cel_images WHERE id_image IN (%s) AND ce_utilisateur = %d",
+															implode(',', $ids_images),
+															$id)));
+		$ids_observations = array_map(array(__CLASS__, 'getRequeteVal'),
+									  Cel::db()->requeter(sprintf("SELECT id_observation FROM cel_obs WHERE id_observation IN (%s) AND ce_utilisateur = %d",
+																  implode(',', $ids_observations),
+																  $id)));
-											"AND id_observation IN (".$id_obs.") " ;
+		if(empty($ids_images) || empty($ids_observations)) die('err');
-		}
+		$resultat_suppression_lien = Cel::db()->executer(sprintf("DELETE FROM cel_obs_images WHERE id_image IN (%s) AND id_observation IN (%s)",
+																implode(',', $ids_images),
+																implode(',', $ids_observations)));
+		if ($resultat_suppression_lien) die('OK');
-		$resultat_suppression_lien = Cel::db()->executer($requete_suppression_lien);
+		die;
+	}
+	static function filterInt($str_liste) {
-		$retour = false;
+		return array_filter(array_map('intval', explode(',', $str_liste)));
 		if ($resultat_suppression_lien) {
 			$retour = "OK";
 	// extrait la première valeur d'un tableau, utile pour renvoyer un tableau de simple valeur
 	// à partir d'une requête effectuée sur un seul champ.

Subversion Repositories eFlore/Applications.cel

(root)/trunk/jrest/services/InventoryImageLink.php – Rev 1765 → 1767