From c121a1aa1f82dd9a1d4509a1e7c7a18d44416d83 Mon Sep 17 00:00:00 2001
From: Konstantin Tarasov <ktarasov@peredelka-saitov.ru>
Date: Tue, 24 Jun 2025 16:21:52 +0300
Subject: Active record: handle empty string in dbquote()

The method did not generate the appropriate quote for empty strings,
resulting in invalid SQL syntax in the UPDATE statement's where clause.

Fix #1073, PR #1074
---
 adodb-active-record.inc.php  | 6 ++++--
 adodb-active-recordx.inc.php | 5 ++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/adodb-active-record.inc.php b/adodb-active-record.inc.php
index 08f7ca8d..4790e074 100644
--- a/adodb-active-record.inc.php
+++ b/adodb-active-record.inc.php
@@ -717,7 +717,7 @@ class ADODB_Active_Record {
 	}
 
 	// quote data in where clause
-	function doquote(&$db, $val,$t)
+	function doquote(&$db, $val, $t)
 	{
 		switch($t) {
 		case 'L':
@@ -736,7 +736,9 @@ class ADODB_Active_Record {
 			if (is_null($val)) {
 				return 'null';
 			}
-
+			if ('' === (string) $val) {
+				return "''";
+			}
 			if (strlen($val)>0 &&
 				(strncmp($val,"'",1) != 0 || substr($val,strlen($val)-1,1) != "'")
 			) {
diff --git a/adodb-active-recordx.inc.php b/adodb-active-recordx.inc.php
index 18e2a189..21ab47b2 100644
--- a/adodb-active-recordx.inc.php
+++ b/adodb-active-recordx.inc.php
@@ -762,7 +762,7 @@ class ADODB_Active_Record {
 	}
 
 	// quote data in where clause
-	function doquote(&$db, $val,$t)
+	function doquote(&$db, $val, $t)
 	{
 		switch($t) {
 		case 'D':
@@ -775,6 +775,9 @@ class ADODB_Active_Record {
 			if (is_null($val)) {
 				return 'null';
 			}
+			if ('' === (string) $val) {
+				return "''";
+			}
 			if (strlen($val)>0 &&
 				(strncmp($val,"'",1) != 0 || substr($val,strlen($val)-1,1) != "'")
 			) {
-- 
cgit v1.3


From ca87e1ad23bc5cfd1b09b1d1bc7de586cc681338 Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Sat, 22 Nov 2025 12:17:08 +0100
Subject: Coding guidelines

---
 adodb-active-record.inc.php  | 62 ++++++++++++++++++++++----------------------
 adodb-active-recordx.inc.php | 50 +++++++++++++++++------------------
 2 files changed, 56 insertions(+), 56 deletions(-)

diff --git a/adodb-active-record.inc.php b/adodb-active-record.inc.php
index 4790e074..398abd3d 100644
--- a/adodb-active-record.inc.php
+++ b/adodb-active-record.inc.php
@@ -717,37 +717,37 @@ class ADODB_Active_Record {
 	}
 
 	// quote data in where clause
-	function doquote(&$db, $val, $t)
+	function doQuote(&$db, $val, $t)
 	{
-		switch($t) {
-		case 'L':
-			if (strpos($db->databaseType,'postgres') !== false) {
-				return $db->qstr($val);
-			}
-		case 'D':
-		case 'T':
-			if (empty($val)) {
-				return 'null';
-			}
-		case 'B':
-		case 'N':
-		case 'C':
-		case 'X':
-			if (is_null($val)) {
-				return 'null';
-			}
-			if ('' === (string) $val) {
-				return "''";
-			}
-			if (strlen($val)>0 &&
-				(strncmp($val,"'",1) != 0 || substr($val,strlen($val)-1,1) != "'")
-			) {
-				return $db->qstr($val);
+		switch ($t) {
+			case 'L':
+				if (strpos($db->databaseType, 'postgres') !== false) {
+					return $db->qstr($val);
+				}
+			case 'D':
+			case 'T':
+				if (empty($val)) {
+					return 'null';
+				}
+			case 'B':
+			case 'N':
+			case 'C':
+			case 'X':
+				if (is_null($val)) {
+					return 'null';
+				}
+				if ('' === (string)$val) {
+					return "''";
+				}
+				if (strlen($val) > 0 &&
+					(strncmp($val, "'", 1) != 0 || substr($val, strlen($val) - 1, 1) != "'")
+				) {
+					return $db->qstr($val);
+					break;
+				}
+			default:
+				return $val;
 				break;
-			}
-		default:
-			return $val;
-			break;
 		}
 	}
 
@@ -761,7 +761,7 @@ class ADODB_Active_Record {
 			$f = $table->flds[$k];
 			if ($f) {
 				$columnName = $this->nameQuoter($db,$k);
-				$parr[] = $columnName.' = '.$this->doquote($db,$this->$k,$db->MetaType($f->type));
+				$parr[] = $columnName . ' = ' . $this->doQuote($db, $this->$k, $db->MetaType($f->type));
 			}
 		}
 		return implode(' AND ', $parr);
@@ -985,7 +985,7 @@ class ADODB_Active_Record {
 			}
 
 			$t = $db->MetaType($fld->type);
-			$arr[$name] = $this->doquote($db,$val,$t);
+			$arr[$name] = $this->doQuote($db, $val, $t);
 			$valarr[] = $val;
 		}
 
diff --git a/adodb-active-recordx.inc.php b/adodb-active-recordx.inc.php
index 21ab47b2..9daa05ec 100644
--- a/adodb-active-recordx.inc.php
+++ b/adodb-active-recordx.inc.php
@@ -762,31 +762,31 @@ class ADODB_Active_Record {
 	}
 
 	// quote data in where clause
-	function doquote(&$db, $val, $t)
+	function doQuote(&$db, $val, $t)
 	{
-		switch($t) {
-		case 'D':
-		case 'T':
-			if (empty($val)) {
-				return 'null';
-			}
-		case 'C':
-		case 'X':
-			if (is_null($val)) {
-				return 'null';
-			}
-			if ('' === (string) $val) {
-				return "''";
-			}
-			if (strlen($val)>0 &&
-				(strncmp($val,"'",1) != 0 || substr($val,strlen($val)-1,1) != "'")
-			) {
-				return $db->qstr($val);
+		switch ($t) {
+			case 'D':
+			case 'T':
+				if (empty($val)) {
+					return 'null';
+				}
+			case 'C':
+			case 'X':
+				if (is_null($val)) {
+					return 'null';
+				}
+				if ('' === (string)$val) {
+					return "''";
+				}
+				if (strlen($val) > 0 &&
+					(strncmp($val, "'", 1) != 0 || substr($val, strlen($val) - 1, 1) != "'")
+				) {
+					return $db->qstr($val);
+					break;
+				}
+			default:
+				return $val;
 				break;
-			}
-		default:
-			return $val;
-			break;
 		}
 	}
 
@@ -799,7 +799,7 @@ class ADODB_Active_Record {
 		foreach($keys as $k) {
 			$f = $table->flds[$k];
 			if ($f) {
-				$parr[] = $k.' = '.$this->doquote($db,$this->$k,$db->MetaType($f->type));
+				$parr[] = $k . ' = ' . $this->doQuote($db, $this->$k, $db->MetaType($f->type));
 			}
 		}
 		return implode(' and ', $parr);
@@ -1084,7 +1084,7 @@ class ADODB_Active_Record {
 				continue;
 			}
 			$t = $db->MetaType($fld->type);
-			$arr[$name] = $this->doquote($db,$val,$t);
+			$arr[$name] = $this->doQuote($db, $val, $t);
 			$valarr[] = $val;
 		}
 
-- 
cgit v1.3


From 30504fcefbc0c2442ba63a8ced905e722b9eae42 Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Sat, 22 Nov 2025 12:19:55 +0100
Subject: Fix static analysis warnings

---
 adodb-active-record.inc.php  | 7 ++++---
 adodb-active-recordx.inc.php | 6 +++---
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/adodb-active-record.inc.php b/adodb-active-record.inc.php
index 398abd3d..001d46d9 100644
--- a/adodb-active-record.inc.php
+++ b/adodb-active-record.inc.php
@@ -717,14 +717,16 @@ class ADODB_Active_Record {
 	}
 
 	// quote data in where clause
-	function doQuote(&$db, $val, $t)
+	function doQuote($db, $val, $t)
 	{
 		switch ($t) {
+			/** @noinspection PhpMissingBreakStatementInspection */
 			case 'L':
 				if (strpos($db->databaseType, 'postgres') !== false) {
 					return $db->qstr($val);
 				}
 			case 'D':
+			/** @noinspection PhpMissingBreakStatementInspection */
 			case 'T':
 				if (empty($val)) {
 					return 'null';
@@ -732,6 +734,7 @@ class ADODB_Active_Record {
 			case 'B':
 			case 'N':
 			case 'C':
+			/** @noinspection PhpMissingBreakStatementInspection */
 			case 'X':
 				if (is_null($val)) {
 					return 'null';
@@ -743,11 +746,9 @@ class ADODB_Active_Record {
 					(strncmp($val, "'", 1) != 0 || substr($val, strlen($val) - 1, 1) != "'")
 				) {
 					return $db->qstr($val);
-					break;
 				}
 			default:
 				return $val;
-				break;
 		}
 	}
 
diff --git a/adodb-active-recordx.inc.php b/adodb-active-recordx.inc.php
index 9daa05ec..079352f1 100644
--- a/adodb-active-recordx.inc.php
+++ b/adodb-active-recordx.inc.php
@@ -762,15 +762,17 @@ class ADODB_Active_Record {
 	}
 
 	// quote data in where clause
-	function doQuote(&$db, $val, $t)
+	function doQuote($db, $val, $t)
 	{
 		switch ($t) {
 			case 'D':
+			/** @noinspection PhpMissingBreakStatementInspection */
 			case 'T':
 				if (empty($val)) {
 					return 'null';
 				}
 			case 'C':
+			/** @noinspection PhpMissingBreakStatementInspection */
 			case 'X':
 				if (is_null($val)) {
 					return 'null';
@@ -782,11 +784,9 @@ class ADODB_Active_Record {
 					(strncmp($val, "'", 1) != 0 || substr($val, strlen($val) - 1, 1) != "'")
 				) {
 					return $db->qstr($val);
-					break;
 				}
 			default:
 				return $val;
-				break;
 		}
 	}
 
-- 
cgit v1.3


From 7cafbbfa3bd1b065dd4ea491252d586835f3456b Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Sat, 22 Nov 2025 12:21:31 +0100
Subject: Remove useless strlen() and simplify quote check

---
 adodb-active-record.inc.php  | 4 +---
 adodb-active-recordx.inc.php | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/adodb-active-record.inc.php b/adodb-active-record.inc.php
index 001d46d9..e3eb52c0 100644
--- a/adodb-active-record.inc.php
+++ b/adodb-active-record.inc.php
@@ -742,9 +742,7 @@ class ADODB_Active_Record {
 				if ('' === (string)$val) {
 					return "''";
 				}
-				if (strlen($val) > 0 &&
-					(strncmp($val, "'", 1) != 0 || substr($val, strlen($val) - 1, 1) != "'")
-				) {
+				if (substr($val, 0, 1) != "'" || substr($val,-1) != "'") {
 					return $db->qstr($val);
 				}
 			default:
diff --git a/adodb-active-recordx.inc.php b/adodb-active-recordx.inc.php
index 079352f1..503d34dd 100644
--- a/adodb-active-recordx.inc.php
+++ b/adodb-active-recordx.inc.php
@@ -780,9 +780,7 @@ class ADODB_Active_Record {
 				if ('' === (string)$val) {
 					return "''";
 				}
-				if (strlen($val) > 0 &&
-					(strncmp($val, "'", 1) != 0 || substr($val, strlen($val) - 1, 1) != "'")
-				) {
+				if (substr($val, 0, 1) != "'" || substr($val,-1) != "'") {
 					return $db->qstr($val);
 				}
 			default:
-- 
cgit v1.3


From 352ee036e8e26add59d42730581616c8299e1491 Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Sat, 22 Nov 2025 12:29:54 +0100
Subject: Add missing MetaTypes in switch

Some changes made in the standard ADODB_Active_Record class's doQuote()
method were never applied to the extended version.
---
 adodb-active-recordx.inc.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/adodb-active-recordx.inc.php b/adodb-active-recordx.inc.php
index 503d34dd..789c9930 100644
--- a/adodb-active-recordx.inc.php
+++ b/adodb-active-recordx.inc.php
@@ -765,12 +765,19 @@ class ADODB_Active_Record {
 	function doQuote($db, $val, $t)
 	{
 		switch ($t) {
+			/** @noinspection PhpMissingBreakStatementInspection */
+			case 'L':
+				if (strpos($db->databaseType, 'postgres') !== false) {
+					return $db->qstr($val);
+				}
 			case 'D':
 			/** @noinspection PhpMissingBreakStatementInspection */
 			case 'T':
 				if (empty($val)) {
 					return 'null';
 				}
+			case 'B':
+			case 'N':
 			case 'C':
 			/** @noinspection PhpMissingBreakStatementInspection */
 			case 'X':
-- 
cgit v1.3


From c6f8078b252084b17094e7183b7cea290d8ea960 Mon Sep 17 00:00:00 2001
From: Damien Regad <dregad@mantisbt.org>
Date: Sat, 22 Nov 2025 12:46:43 +0100
Subject: Removed unused _QName() method

It was replaced by nameQuoter() many years ago, see commit
876d51b73a5efa089e4cb12589de242e4f24b4c2.
---
 adodb-active-record.inc.php | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/adodb-active-record.inc.php b/adodb-active-record.inc.php
index e3eb52c0..ea1d4ed3 100644
--- a/adodb-active-record.inc.php
+++ b/adodb-active-record.inc.php
@@ -766,21 +766,6 @@ class ADODB_Active_Record {
 		return implode(' AND ', $parr);
 	}
 
-
-	function _QName($n,$db=false)
-	{
-		if (!ADODB_Active_Record::$_quoteNames) {
-			return $n;
-		}
-		if (!$db) {
-			$db = $this->DB();
-			if (!$db) {
-				return false;
-			}
-		}
-		return $db->nameQuote.$n.$db->nameQuote;
-	}
-
 	//------------------------------------------------------------ Public functions below
 
 	function Load($where=null,$bindarr=false, $lock = false)
-- 
cgit v1.3