Class WPDA_Dictionary_Exist

WP Data Access provides interactive database access. Users might follow the interaction provided by the plugin, but might as well influence it's behaviour through plugin arguments (hack query strings and post values). The dynamic nature of WP Data Access allows users to change table and column names that are communicated from one page to another, which clearly leads to a SQL injection risk. This class deals with this issue through checks of existence of database object, like tables, columns, ect.

author Peter Schulz
since 1.0.0
package WPDataAccess\Data_Dictionary

 Methods

WPDA_Dictionary_Checks constructor

__construct(string $schema_name, string $table_name) 

For table and column checks this class should be used by instantiating it. The table name must be provided as an argument. The schema name might be part of the table name provided in which case the schema name and table name should be seperated by a '.' (dot) as in MySQL notations. If no schema name is provided the WordPress schema is used as the default.

since 1.0.0

Parameters

$schema_name

string

Database schema name.

$table_name

string

Database table name.

Check is a column exists

column_exists(string $column_name) : boolean

Checks whether a column name exists in the WordPress database. Used to prevent SQL injection. Also read \WPDataAccess\Data_Dictionary\WPDA_Dictionary_Exist::table_exists().

Works with tables as well as views.

since 1.0.0

Parameters

$column_name

string

Database columns name.

Returns

booleanTRUE = column exists.

Check if function exists

function_exists(string $schema_name, string $function_name) : boolean
Static
since 1.0.0

Parameters

$schema_name

string

Database schema name.

$function_name

string

Database function name.

Returns

booleanTRUE = function exists, FALSE = function does not exist.

Is provided table name a view?

is_view() : boolean

Returns

booleanTRUE = $this->table_name is a view, FALSE = $this->table_name is a table

Plain check if table exists

plain_table_exists() : boolean

No access control, back-end or front-end checks are taken into account. This method only checks the existence of the table.

Returns

boolean

Check if procedure exists

procedure_exists(string $schema_name, string $procedure_name) : boolean
Static
since 1.0.0

Parameters

$schema_name

string

Database schema name.

$procedure_name

string

Database procedure name.

Returns

booleanTRUE = procedure exists, FALSE = procedure does not exist.

schema_exists()

schema_exists($schema_name) 
Static

Parameters

$schema_name

Checks if a table exists

table_exists(boolean $use_table_access_settings = true, boolean $check_back_end = true) : boolean

A dynamic SQL statement might use a table or view name which can be supplied as argument on the url. This is a source of a possible SQL injection attack. In cases where users have the possibility to change a table or view name argument, we must check if the table or view name exists in the WordPress database to protect ourselves against SQL injection attacks.

Before the existence of a table is checked against the MySQL data dictionary, an access check is performed. If the access check returns FALSE, a query for existence is no longer needed. The access check is performed prior to the existence check as it quicker and might save us a more expensive action.

Works with tables as well as views.

since 1.0.0

Parameters

$use_table_access_settings

boolean

Indicator whether settings should be checked (default = true).

$check_back_end

boolean

TRUE = back-end check, FALSE = font-end check.

Returns

booleanTRUE means table name is valid.

Check if trigger exists

trigger_exists(string $schema_name, string $trigger_name) : boolean
Static
since 1.0.0

Parameters

$schema_name

string

Database schema name.

$trigger_name

string

Database trigger name.

Returns

booleanTRUE = trigger exists, FALSE = trigger does not exist.

Load plugin table name into cache

load_plugin_tables() 
Static

Loads the plugin tables into a named array to be cached for fast table named access.

since 2.0.11

Check is routine exists

routine_exists(string $schema_name, string $routine_name, string $routine_type) : boolean
Static
since 1.0.0

Parameters

$schema_name

string

Database schema name.

$routine_name

string

Database routine name.

$routine_type

string

Database routine type.

Returns

booleanTRUE = routine exists, FALSE = routine does not exist.

 Properties

 

Indicator to identify if standard database schema and plugin tables are loaded

$plugin_schema_and_tables_loaded : boolean

Default

false
Static
 

Database schema name

$schema_name : string

Default

''
 

Cached schema names

$schema_name_cache : array

Default

array()
Static
 

Database table name

$table_name : string

Default

''
 

Cached table names

$table_name_cache : array

Default

array()
Static