Use bindParam on db executes
Use bind param to have stricter typing Fix bug in Sccp-Manager where key and keyword were not the same
This commit is contained in:
steve-lad
Diederik de Groot
parent
5892afc653
commit
09beeb449e
|
|
@ -869,7 +869,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
|
|||
}
|
||||
break;
|
||||
case 'getDeviceModel':
|
||||
dbug('getting Device model');
|
||||
//dbug('getting Device model');
|
||||
switch ($request['type']) {
|
||||
case 'all':
|
||||
case 'extension':
|
||||
|
|
@ -930,7 +930,7 @@ dbug('getting Device model');
|
|||
return $result;
|
||||
break;
|
||||
case 'getExtensionGrid':
|
||||
dbug('getting Extension Grid');
|
||||
//dbug('getting Extension Grid');
|
||||
$result = $this->dbinterface->HWextension_db_SccpTableData('SccpExtension');
|
||||
if (empty($result)) {
|
||||
return array();
|
||||
|
|
@ -954,7 +954,7 @@ dbug('getting Extension Grid');
|
|||
return $result;
|
||||
break;
|
||||
case 'getPhoneGrid':
|
||||
dbug('getting Phone Grid');
|
||||
//dbug('getting Phone Grid');
|
||||
$cmd_type = !empty($request['type']) ? $request['type'] : '';
|
||||
|
||||
$result = $this->dbinterface->HWextension_db_SccpTableData('SccpDevice', array('type' => $cmd_type));
|
||||
|
|
@ -2132,7 +2132,7 @@ dbug('getting Phone Grid');
|
|||
$dir_list = $this->findAllFiles($dir, $file_ext, 'fileonly');
|
||||
}
|
||||
$raw_settings = $this->dbinterface->getDb_model_info($get, $format_list, $filter);
|
||||
dbug('reloading table');
|
||||
//dbug('reloading table');
|
||||
if ($validate) {
|
||||
for ($i = 0; $i < count($raw_settings); $i++) {
|
||||
$raw_settings[$i]['validate'] = '-;-';
|
||||
|
|
|
|||
|
|
@ -245,13 +245,6 @@ class dbinterface
|
|||
|
||||
function write($table_name = "", $save_value = array(), $mode = 'update', $key_fld = "", $hwid = "")
|
||||
{
|
||||
//dbug('entering write for table', $table_name);
|
||||
if ($table_name === 'sccpdevmodel'){
|
||||
dbug('entering write with save_value', $save_value);
|
||||
dbug('entering write with mode', $mode);
|
||||
dbug('entering write with key_fld', $key_fld);
|
||||
dbug('entering write with hwid', $hwid);
|
||||
}
|
||||
// mode clear - Empty table before update
|
||||
// mode update - update / replace record
|
||||
global $db;
|
||||
|
|
@ -259,33 +252,31 @@ dbug('entering write with hwid', $hwid);
|
|||
$delete_value = array();
|
||||
switch ($table_name) {
|
||||
case 'sccpsettings':
|
||||
foreach ($save_value as $key_v => $data) {
|
||||
if (!empty($data) && isset($data['data'])) {
|
||||
if ($data['data'] == $this->val_null) {
|
||||
$delete_value[] = $save_value[$key_v]['keyword'];
|
||||
unset($save_value[$key_v]);
|
||||
}
|
||||
/* if (isset($data['data'])) {
|
||||
if ($data['data'] == $this->val_null) {
|
||||
$delete_value[] = $save_value[$key_v]['keyword'];
|
||||
unset($save_value[$key_v]);
|
||||
}
|
||||
}
|
||||
*/ }
|
||||
}
|
||||
$time = -microtime(true);
|
||||
if ($mode == 'clear') {
|
||||
// $sql = 'truncate `sccpsettings`';
|
||||
$db->prepare('TRUNCATE sccpsettings')->execute();
|
||||
$stmt = $db->prepare('INSERT INTO sccpsettings (keyword, data, seq, type) VALUES (?,?,?,?)');
|
||||
$result = $db->executeMultiple($stmt, $save_value);
|
||||
$stmt = $db->prepare('INSERT INTO sccpsettings (keyword, data, seq, type) VALUES (:keyword,:data,:seq,:type)');
|
||||
} else {
|
||||
if (!empty($delete_value)) {
|
||||
$stmt = $db->prepare('DELETE FROM sccpsettings WHERE keyword = ?');
|
||||
$result = $db->executeMultiple($stmt, $delete_value);
|
||||
$stmt = $db->prepare('REPLACE INTO sccpsettings (keyword, data, seq, type) VALUES (:keyword,:data,:seq,:type)');
|
||||
}
|
||||
foreach ($save_value as $key => $dataArr) {
|
||||
if (!empty($dataArr) && isset($dataArr['data'])) {
|
||||
if ($dataArr['data'] == $this->val_null) {
|
||||
$delete_value[] = $save_value[$key]['keyword'];
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!empty($save_value)) {
|
||||
$stmt = $db->prepare('REPLACE INTO sccpsettings (keyword, data, seq, type) VALUES (?,?,?,?)');
|
||||
$result = $db->executeMultiple($stmt, $save_value);
|
||||
$stmt->bindParam(':keyword',$dataArr['keyword'],\PDO::PARAM_STR);
|
||||
$stmt->bindParam(':data',$dataArr['data'],\PDO::PARAM_STR);
|
||||
$stmt->bindParam(':seq',$dataArr['seq'],\PDO::PARAM_INT);
|
||||
$stmt->bindParam(':type',$dataArr['type'],\PDO::PARAM_INT);
|
||||
$result = $stmt->execute();
|
||||
}
|
||||
if (!empty($delete_value)) {
|
||||
$stmt = $db->prepare('DELETE FROM sccpsettings WHERE keyword = :keyword');
|
||||
foreach ($delete_value as $del_key) {
|
||||
$stmt->bindParam(':keyword',$del_key,\PDO::PARAM_STR);
|
||||
$result = $stmt->execute();
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
|
|
|||
Loading…
Reference in a new issue