ChrisChrome/sccp_manager
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Update dbinterface.class.php

Browse source 
Check that labels exist before binding or an exception will occur
This commit is contained in:
steve-lad 2021-03-24 08:59:13 +01:00 committed by Diederik de Groot
parent bd257cec9b
commit 9f5459f7c5
No known key found for this signature in database
GPG key ID: AFA728250A1BECD6
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
Sccp_manager.inc/dbinterface.class.php
View file

@ -129,9 +129,15 @@ class dbinterface
$sql .= (empty($sql)) ? 'ref = :ref' : ' and ref = :ref'; $sql .= (empty($sql)) ? 'ref = :ref' : ' and ref = :ref';
} }
if (!empty($sql)) { if (!empty($sql)) {
$stmts = $dbh->prepare('SELECT * FROM sccpbuttonconfig WHERE ' .$sql. ' ORDER BY instance'); $stmts = $dbh->prepare("SELECT * FROM sccpbuttonconfig WHERE {$sql} ORDER BY instance");
$stmts->bindParam(':buttontype', $data['buttontype'],\PDO::PARAM_STR); // Now bind labels - only bind label if it exists or bind will create exception.
$stmts->bindParam(':ref', $data['id'],\PDO::PARAM_STR); // can only bind once have prepared, so need to test again.
if (!empty($data['buttontype'])) {
$stmts->bindParam(':buttontype', $data['buttontype'],\PDO::PARAM_STR);
}
if (!empty($data['id'])) {
$stmts->bindParam(':ref', $data['id'],\PDO::PARAM_STR);
}
} else { } else {
$raw_settings = array(); $raw_settings = array();
} }
@ -141,6 +147,7 @@ class dbinterface
$stmt->execute(); $stmt->execute();
$raw_settings = $stmt->fetch(\PDO::FETCH_ASSOC); $raw_settings = $stmt->fetch(\PDO::FETCH_ASSOC);
} elseif (!empty($stmts)) { } elseif (!empty($stmts)) {
dbug('statement is before execute', $stmts);
$stmts->execute(); $stmts->execute();
$raw_settings = $stmts->fetchAll(\PDO::FETCH_ASSOC); $raw_settings = $stmts->fetchAll(\PDO::FETCH_ASSOC);
} }