From e3116d39cb1e5caff38e40a714efda9bf877d654 Mon Sep 17 00:00:00 2001 From: steve-lad <72376554+steve-lad@users.noreply.github.com> Date: Wed, 24 Mar 2021 08:59:13 +0100 Subject: [PATCH] Update dbinterface.class.php Check that labels exist before binding or an exception will occur --- Sccp_manager.inc/dbinterface.class.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/Sccp_manager.inc/dbinterface.class.php b/Sccp_manager.inc/dbinterface.class.php index aed76f6..c147dfc 100644 --- a/Sccp_manager.inc/dbinterface.class.php +++ b/Sccp_manager.inc/dbinterface.class.php @@ -129,9 +129,15 @@ class dbinterface $sql .= (empty($sql)) ? 'ref = :ref' : ' and ref = :ref'; } if (!empty($sql)) { - $stmts = $dbh->prepare('SELECT * FROM sccpbuttonconfig WHERE ' .$sql. ' ORDER BY instance'); - $stmts->bindParam(':buttontype', $data['buttontype'],\PDO::PARAM_STR); - $stmts->bindParam(':ref', $data['id'],\PDO::PARAM_STR); + $stmts = $dbh->prepare("SELECT * FROM sccpbuttonconfig WHERE {$sql} ORDER BY instance"); + // Now bind labels - only bind label if it exists or bind will create exception. + // can only bind once have prepared, so need to test again. + if (!empty($data['buttontype'])) { + $stmts->bindParam(':buttontype', $data['buttontype'],\PDO::PARAM_STR); + } + if (!empty($data['id'])) { + $stmts->bindParam(':ref', $data['id'],\PDO::PARAM_STR); + } } else { $raw_settings = array(); } @@ -141,6 +147,7 @@ class dbinterface $stmt->execute(); $raw_settings = $stmt->fetch(\PDO::FETCH_ASSOC); } elseif (!empty($stmts)) { +dbug('statement is before execute', $stmts); $stmts->execute(); $raw_settings = $stmts->fetchAll(\PDO::FETCH_ASSOC); }