diff options
Diffstat (limited to 'classes/db')
| -rw-r--r-- | classes/db/mysqli.php | 2 | ||||
| -rw-r--r-- | classes/db/pdo.php | 100 | ||||
| -rw-r--r-- | classes/db/prefs.php | 77 | ||||
| -rw-r--r-- | classes/db/stmt.php | 31 |
4 files changed, 33 insertions, 177 deletions
diff --git a/classes/db/mysqli.php b/classes/db/mysqli.php index 817b48c0c..a05b121fc 100644 --- a/classes/db/mysqli.php +++ b/classes/db/mysqli.php @@ -65,7 +65,7 @@ class Db_Mysqli implements IDb { } function last_error() { - return mysqli_error(); + return mysqli_error($this->link); } function last_query_error() { diff --git a/classes/db/pdo.php b/classes/db/pdo.php deleted file mode 100644 index d3070fac4..000000000 --- a/classes/db/pdo.php +++ /dev/null @@ -1,100 +0,0 @@ -<?php -class Db_PDO implements IDb { - private $pdo; - - function connect($host, $user, $pass, $db, $port) { - $connstr = DB_TYPE . ":host=$host;dbname=$db"; - - if (DB_TYPE == "mysql") $connstr .= ";charset=utf8"; - - try { - $this->pdo = new PDO($connstr, $user, $pass); - $this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - $this->init(); - } catch (PDOException $e) { - die($e->getMessage()); - } - - return $this->pdo; - } - - function escape_string($s, $strip_tags = true) { - if ($strip_tags) $s = strip_tags($s); - - $qs = $this->pdo->quote($s); - - return mb_substr($qs, 1, mb_strlen($qs)-2); - } - - function query($query, $die_on_error = true) { - try { - return new Db_Stmt($this->pdo->query($query)); - } catch (PDOException $e) { - user_error($e->getMessage(), $die_on_error ? E_USER_ERROR : E_USER_WARNING); - } - } - - function fetch_assoc($result) { - try { - if ($result) { - return $result->fetch(); - } else { - return null; - } - } catch (PDOException $e) { - user_error($e->getMessage(), E_USER_WARNING); - } - } - - function num_rows($result) { - try { - if ($result) { - return $result->rowCount(); - } else { - return false; - } - } catch (PDOException $e) { - user_error($e->getMessage(), E_USER_WARNING); - } - } - - function fetch_result($result, $row, $param) { - return $result->fetch_result($row, $param); - } - - function close() { - $this->pdo = null; - } - - function affected_rows($result) { - try { - if ($result) { - return $result->rowCount(); - } else { - return null; - } - } catch (PDOException $e) { - user_error($e->getMessage(), E_USER_WARNING); - } - } - - function last_error() { - return join(" ", $this->pdo->errorInfo()); - } - - function init() { - switch (DB_TYPE) { - case "pgsql": - $this->query("set client_encoding = 'UTF-8'"); - $this->query("set datestyle = 'ISO, european'"); - $this->query("set TIME ZONE 0"); - return; - case "mysql": - $this->query("SET time_zone = '+0:0'"); - return; - } - - return true; - } - -}
\ No newline at end of file diff --git a/classes/db/prefs.php b/classes/db/prefs.php index d61cc107b..64238bc78 100644 --- a/classes/db/prefs.php +++ b/classes/db/prefs.php @@ -1,11 +1,11 @@ <?php class Db_Prefs { - private $dbh; + private $pdo; private static $instance; private $cache; function __construct() { - $this->dbh = Db::get(); + $this->pdo = Db::pdo(); $this->cache = array(); if ($_SESSION["uid"]) $this->cache(); @@ -26,26 +26,22 @@ class Db_Prefs { $user_id = $_SESSION["uid"]; @$profile = $_SESSION["profile"]; - if ($profile) { - $profile_qpart = "profile = '$profile' AND"; - } else { - $profile_qpart = "profile IS NULL AND"; - } - - if (get_schema_version() < 63) $profile_qpart = ""; + if (!$profile || get_schema_version() < 63) $profile = null; - $result = db_query("SELECT + $sth = $this->pdo->prepare("SELECT value,ttrss_prefs_types.type_name as type_name,ttrss_prefs.pref_name AS pref_name FROM ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types WHERE - $profile_qpart + (profile = :profile OR (:profile IS NULL AND profile IS NULL)) AND ttrss_prefs.pref_name NOT LIKE '_MOBILE%' AND ttrss_prefs_types.id = type_id AND - owner_uid = '$user_id' AND + owner_uid = :uid AND ttrss_user_prefs.pref_name = ttrss_prefs.pref_name"); - while ($line = db_fetch_assoc($result)) { + $sth->execute([":profile" => $profile, ":uid" => $user_id]); + + while ($line = $sth->fetch()) { if ($user_id == $_SESSION["uid"]) { $pref_name = $line["pref_name"]; @@ -57,7 +53,6 @@ class Db_Prefs { function read($pref_name, $user_id = false, $die_on_error = false) { - $pref_name = db_escape_string($pref_name); $profile = false; if (!$user_id) { @@ -72,28 +67,23 @@ class Db_Prefs { return $this->convert($tuple["value"], $tuple["type"]); } - if ($profile) { - $profile_qpart = "profile = '$profile' AND"; - } else { - $profile_qpart = "profile IS NULL AND"; - } - - if (get_schema_version() < 63) $profile_qpart = ""; + if (!$profile || get_schema_version() < 63) $profile = null; - $result = db_query("SELECT + $sth = $this->pdo->prepare("SELECT value,ttrss_prefs_types.type_name as type_name FROM ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types WHERE - $profile_qpart - ttrss_user_prefs.pref_name = '$pref_name' AND + (profile = :profile OR (:profile IS NULL AND profile IS NULL)) AND + ttrss_user_prefs.pref_name = :pref_name AND ttrss_prefs_types.id = type_id AND - owner_uid = '$user_id' AND + owner_uid = :uid AND ttrss_user_prefs.pref_name = ttrss_prefs.pref_name"); + $sth->execute([":uid" => $user_id, ":profile" => $profile, ":pref_name" => $pref_name]); - if (db_num_rows($result) > 0) { - $value = db_fetch_result($result, 0, "value"); - $type_name = db_fetch_result($result, 0, "type_name"); + if ($row = $sth->fetch()) { + $value = $row["value"]; + $type_name = $row["type_name"]; if ($user_id == $_SESSION["uid"]) { $this->cache[$pref_name]["type"] = $type_name; @@ -119,8 +109,7 @@ class Db_Prefs { } function write($pref_name, $value, $user_id = false, $strip_tags = true) { - $pref_name = db_escape_string($pref_name); - $value = db_escape_string($value, $strip_tags); + if ($strip_tags) $value = strip_tags($value); if (!$user_id) { $user_id = $_SESSION["uid"]; @@ -129,13 +118,7 @@ class Db_Prefs { $user_id = sprintf("%d", $user_id); } - if ($profile) { - $profile_qpart = "AND profile = '$profile'"; - } else { - $profile_qpart = "AND profile IS NULL"; - } - - if (get_schema_version() < 63) $profile_qpart = ""; + if (!$profile || get_schema_version() < 63) $profile = null; $type_name = ""; $current_value = ""; @@ -146,12 +129,14 @@ class Db_Prefs { } if (!$type_name) { - $result = db_query("SELECT type_name + $sth = $this->pdo->prepare("SELECT type_name FROM ttrss_prefs,ttrss_prefs_types - WHERE pref_name = '$pref_name' AND type_id = ttrss_prefs_types.id"); + WHERE pref_name = ? AND type_id = ttrss_prefs_types.id"); + $sth->execute([$pref_name]); + + if ($row = $sth->fetch()) + $type_name = $row["type_name"]; - if (db_num_rows($result) > 0) - $type_name = db_fetch_result($result, 0, "type_name"); } else if ($current_value == $value) { return; } @@ -171,10 +156,12 @@ class Db_Prefs { $value = 'UTC'; } - db_query("UPDATE ttrss_user_prefs SET - value = '$value' WHERE pref_name = '$pref_name' - $profile_qpart - AND owner_uid = " . $user_id); + $sth = $this->pdo->prepare("UPDATE ttrss_user_prefs SET + value = :value WHERE pref_name = :pref_name + AND (profile = :profile OR (:profile IS NULL AND profile IS NULL)) + AND owner_uid = :uid"); + + $sth->execute([":pref_name" => $pref_name, ":value" => $value, ":uid" => $user_id, ":profile" => $profile]); if ($user_id == $_SESSION["uid"]) { $this->cache[$pref_name]["type"] = $type_name; diff --git a/classes/db/stmt.php b/classes/db/stmt.php deleted file mode 100644 index 7d6bbb30a..000000000 --- a/classes/db/stmt.php +++ /dev/null @@ -1,31 +0,0 @@ -<?php -class Db_Stmt { - private $stmt; - private $cache; - - function __construct($stmt) { - $this->stmt = $stmt; - $this->cache = false; - } - - function fetch_result($row, $param) { - if (!$this->cache) { - $this->cache = $this->stmt->fetchAll(); - } - - if (isset($this->cache[$row])) { - return $this->cache[$row][$param]; - } else { - user_error("Unable to jump to row $row", E_USER_WARNING); - return false; - } - } - - function rowCount() { - return $this->stmt->rowCount(); - } - - function fetch() { - return $this->stmt->fetch(); - } -}
\ No newline at end of file |