diff --git a/src/api/wishes.php b/src/api/wishes.php index 1152eb5d..026d2d43 100644 --- a/src/api/wishes.php +++ b/src/api/wishes.php @@ -96,7 +96,7 @@ switch ($_SERVER['REQUEST_METHOD']) { $wish_image = Sanitiser::getURL($_POST['wish_image']); $wish_url = Sanitiser::getURL($_POST['wish_url']); $wish_priority = !empty(Sanitiser::getNumber($_POST['wish_priority'])) ? Sanitiser::getNumber($_POST['wish_priority']) : 'NULL'; - $wish_is_purchasable = isset($_POST['wish_is_purchasable']) ? 'true' : 'false'; + $wish_is_purchasable = isset($_POST['wish_is_purchasable']); if (Wish::NO_IMAGE === $wish_image) { $wish_image = ''; @@ -150,7 +150,7 @@ switch ($_SERVER['REQUEST_METHOD']) { `image` = :wish_image, `url` = :wish_url, `priority` = :wish_priority, - `is_purchasable` = :wish_is_purchasable, + `is_purchasable` = :wish_is_purchasable WHERE `id` = :wish_id', array( 'wishlist_id' => $wish->wishlist, diff --git a/src/classes/database.php b/src/classes/database.php index f50062df..7ef077cb 100644 --- a/src/classes/database.php +++ b/src/classes/database.php @@ -37,7 +37,24 @@ class Database public function query(string $query, array $placeholders = array()): \PDOStatement { $statement = $this->pdo->prepare($query, array(\PDO::FETCH_ASSOC)); - $statement->execute($placeholders); + + foreach ($placeholders as $name => $value) { + switch (gettype($value)) { + case 'boolean': + $statement->bindValue($name, $value, \PDO::PARAM_BOOL); + break; + + case 'integer': + $statement->bindValue($name, $value, \PDO::PARAM_INT); + break; + + default: + $statement->bindValue($name, $value, \PDO::PARAM_STR); + break; + } + } + + $statement->execute(); $this->lastInsertId = $this->pdo->lastInsertId();