PrivateCoffee/wishthis
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix sql incorrect types

Browse source
This commit is contained in:
grandeljay 2023-01-28 15:02:01 +01:00
parent f613b11fe7
commit 68947b616b
2 changed files with 20 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/api/wishes.php
View file

@ -96,7 +96,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
$wish_image = Sanitiser::getURL($_POST['wish_image']); $wish_image = Sanitiser::getURL($_POST['wish_image']);
$wish_url = Sanitiser::getURL($_POST['wish_url']); $wish_url = Sanitiser::getURL($_POST['wish_url']);
$wish_priority = !empty(Sanitiser::getNumber($_POST['wish_priority'])) ? Sanitiser::getNumber($_POST['wish_priority']) : 'NULL'; $wish_priority = !empty(Sanitiser::getNumber($_POST['wish_priority'])) ? Sanitiser::getNumber($_POST['wish_priority']) : 'NULL';
$wish_is_purchasable = isset($_POST['wish_is_purchasable']) ? 'true' : 'false'; $wish_is_purchasable = isset($_POST['wish_is_purchasable']);
if (Wish::NO_IMAGE === $wish_image) { if (Wish::NO_IMAGE === $wish_image) {
$wish_image = ''; $wish_image = '';
@ -150,7 +150,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
`image` = :wish_image, `image` = :wish_image,
`url` = :wish_url, `url` = :wish_url,
`priority` = :wish_priority, `priority` = :wish_priority,
`is_purchasable` = :wish_is_purchasable, `is_purchasable` = :wish_is_purchasable
WHERE `id` = :wish_id', WHERE `id` = :wish_id',
array( array(
'wishlist_id' => $wish->wishlist, 'wishlist_id' => $wish->wishlist,

19
src/classes/database.php
View file

@ -37,7 +37,24 @@ class Database
public function query(string $query, array $placeholders = array()): \PDOStatement public function query(string $query, array $placeholders = array()): \PDOStatement
{ {
$statement = $this->pdo->prepare($query, array(\PDO::FETCH_ASSOC)); $statement = $this->pdo->prepare($query, array(\PDO::FETCH_ASSOC));
$statement->execute($placeholders);
foreach ($placeholders as $name => $value) {
switch (gettype($value)) {
case 'boolean':
$statement->bindValue($name, $value, \PDO::PARAM_BOOL);
break;
case 'integer':
$statement->bindValue($name, $value, \PDO::PARAM_INT);
break;
default:
$statement->bindValue($name, $value, \PDO::PARAM_STR);
break;
}
}
$statement->execute();
$this->lastInsertId = $this->pdo->lastInsertId(); $this->lastInsertId = $this->pdo->lastInsertId();