Use bindParam on db executes
Use bind param to have stricter typing Fix bug in Sccp-Manager where key and keyword were not the same
This commit is contained in:
steve-lad
Diederik de Groot
parent
3fbccb982f
commit
91c2d233d4
|
|
@ -869,7 +869,7 @@ class Sccp_manager extends \FreePBX_Helpers implements \BMO {
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'getDeviceModel':
|
case 'getDeviceModel':
|
||||||
dbug('getting Device model');
|
//dbug('getting Device model');
|
||||||
switch ($request['type']) {
|
switch ($request['type']) {
|
||||||
case 'all':
|
case 'all':
|
||||||
case 'extension':
|
case 'extension':
|
||||||
|
|
@ -930,7 +930,7 @@ dbug('getting Device model');
|
||||||
return $result;
|
return $result;
|
||||||
break;
|
break;
|
||||||
case 'getExtensionGrid':
|
case 'getExtensionGrid':
|
||||||
dbug('getting Extension Grid');
|
//dbug('getting Extension Grid');
|
||||||
$result = $this->dbinterface->HWextension_db_SccpTableData('SccpExtension');
|
$result = $this->dbinterface->HWextension_db_SccpTableData('SccpExtension');
|
||||||
if (empty($result)) {
|
if (empty($result)) {
|
||||||
return array();
|
return array();
|
||||||
|
|
@ -954,7 +954,7 @@ dbug('getting Extension Grid');
|
||||||
return $result;
|
return $result;
|
||||||
break;
|
break;
|
||||||
case 'getPhoneGrid':
|
case 'getPhoneGrid':
|
||||||
dbug('getting Phone Grid');
|
//dbug('getting Phone Grid');
|
||||||
$cmd_type = !empty($request['type']) ? $request['type'] : '';
|
$cmd_type = !empty($request['type']) ? $request['type'] : '';
|
||||||
|
|
||||||
$result = $this->dbinterface->HWextension_db_SccpTableData('SccpDevice', array('type' => $cmd_type));
|
$result = $this->dbinterface->HWextension_db_SccpTableData('SccpDevice', array('type' => $cmd_type));
|
||||||
|
|
@ -2132,7 +2132,7 @@ dbug('getting Phone Grid');
|
||||||
$dir_list = $this->findAllFiles($dir, $file_ext, 'fileonly');
|
$dir_list = $this->findAllFiles($dir, $file_ext, 'fileonly');
|
||||||
}
|
}
|
||||||
$raw_settings = $this->dbinterface->getDb_model_info($get, $format_list, $filter);
|
$raw_settings = $this->dbinterface->getDb_model_info($get, $format_list, $filter);
|
||||||
dbug('reloading table');
|
//dbug('reloading table');
|
||||||
if ($validate) {
|
if ($validate) {
|
||||||
for ($i = 0; $i < count($raw_settings); $i++) {
|
for ($i = 0; $i < count($raw_settings); $i++) {
|
||||||
$raw_settings[$i]['validate'] = '-;-';
|
$raw_settings[$i]['validate'] = '-;-';
|
||||||
|
|
|
||||||
|
|
@ -246,48 +246,38 @@ class dbinterface
|
||||||
|
|
||||||
function write($table_name = "", $save_value = array(), $mode = 'update', $key_fld = "", $hwid = "")
|
function write($table_name = "", $save_value = array(), $mode = 'update', $key_fld = "", $hwid = "")
|
||||||
{
|
{
|
||||||
//dbug('entering write for table', $table_name);
|
|
||||||
if ($table_name === 'sccpdevmodel'){
|
|
||||||
dbug('entering write with save_value', $save_value);
|
|
||||||
dbug('entering write with mode', $mode);
|
|
||||||
dbug('entering write with key_fld', $key_fld);
|
|
||||||
dbug('entering write with hwid', $hwid);
|
|
||||||
}
|
|
||||||
// mode clear - Empty table before update
|
// mode clear - Empty table before update
|
||||||
// mode update - update / replace record
|
// mode update - update / replace record
|
||||||
global $db;
|
global $db;
|
||||||
// global $amp_conf;
|
|
||||||
$result = false;
|
$result = false;
|
||||||
$delete_value = array();
|
$delete_value = array();
|
||||||
switch ($table_name) {
|
switch ($table_name) {
|
||||||
case 'sccpsettings':
|
case 'sccpsettings':
|
||||||
foreach ($save_value as $key_v => $data) {
|
$time = -microtime(true);
|
||||||
if (!empty($data) && isset($data['data'])) {
|
|
||||||
if ($data['data'] == $this->val_null) {
|
|
||||||
$delete_value[] = $save_value[$key_v]['keyword'];
|
|
||||||
unset($save_value[$key_v]);
|
|
||||||
}
|
|
||||||
/* if (isset($data['data'])) {
|
|
||||||
if ($data['data'] == $this->val_null) {
|
|
||||||
$delete_value[] = $save_value[$key_v]['keyword'];
|
|
||||||
unset($save_value[$key_v]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
*/ }
|
|
||||||
}
|
|
||||||
if ($mode == 'clear') {
|
if ($mode == 'clear') {
|
||||||
// $sql = 'truncate `sccpsettings`';
|
|
||||||
$db->prepare('TRUNCATE sccpsettings')->execute();
|
$db->prepare('TRUNCATE sccpsettings')->execute();
|
||||||
$stmt = $db->prepare('INSERT INTO sccpsettings (keyword, data, seq, type) VALUES (?,?,?,?)');
|
$stmt = $db->prepare('INSERT INTO sccpsettings (keyword, data, seq, type) VALUES (:keyword,:data,:seq,:type)');
|
||||||
$result = $db->executeMultiple($stmt, $save_value);
|
|
||||||
} else {
|
} else {
|
||||||
if (!empty($delete_value)) {
|
$stmt = $db->prepare('REPLACE INTO sccpsettings (keyword, data, seq, type) VALUES (:keyword,:data,:seq,:type)');
|
||||||
$stmt = $db->prepare('DELETE FROM sccpsettings WHERE keyword = ?');
|
}
|
||||||
$result = $db->executeMultiple($stmt, $delete_value);
|
foreach ($save_value as $key => $dataArr) {
|
||||||
|
if (!empty($dataArr) && isset($dataArr['data'])) {
|
||||||
|
if ($dataArr['data'] == $this->val_null) {
|
||||||
|
$delete_value[] = $save_value[$key]['keyword'];
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (!empty($save_value)) {
|
$stmt->bindParam(':keyword',$dataArr['keyword'],\PDO::PARAM_STR);
|
||||||
$stmt = $db->prepare('REPLACE INTO sccpsettings (keyword, data, seq, type) VALUES (?,?,?,?)');
|
$stmt->bindParam(':data',$dataArr['data'],\PDO::PARAM_STR);
|
||||||
$result = $db->executeMultiple($stmt, $save_value);
|
$stmt->bindParam(':seq',$dataArr['seq'],\PDO::PARAM_INT);
|
||||||
|
$stmt->bindParam(':type',$dataArr['type'],\PDO::PARAM_INT);
|
||||||
|
$result = $stmt->execute();
|
||||||
|
}
|
||||||
|
if (!empty($delete_value)) {
|
||||||
|
$stmt = $db->prepare('DELETE FROM sccpsettings WHERE keyword = :keyword');
|
||||||
|
foreach ($delete_value as $del_key) {
|
||||||
|
$stmt->bindParam(':keyword',$del_key,\PDO::PARAM_STR);
|
||||||
|
$result = $stmt->execute();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue