PrivateCoffee/wishthis
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix quotes in wish fields

Browse source
This commit is contained in:
grandeljay 2023-01-28 15:10:53 +01:00
parent 68947b616b
commit c347707517
2 changed files with 14 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/api/wishes.php
View file

@ -95,7 +95,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
$wish_description = Sanitiser::getText($_POST['wish_description']);
$wish_image = Sanitiser::getURL($_POST['wish_image']);
$wish_url = Sanitiser::getURL($_POST['wish_url']);
$wish_priority = !empty(Sanitiser::getNumber($_POST['wish_priority'])) ? Sanitiser::getNumber($_POST['wish_priority']) : 'NULL';
$wish_priority = !empty(Sanitiser::getNumber($_POST['wish_priority'])) ? Sanitiser::getNumber($_POST['wish_priority']) : null;
$wish_is_purchasable = isset($_POST['wish_is_purchasable']);
if (Wish::NO_IMAGE === $wish_image) {
@ -136,10 +136,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
}
/** Update */
$wish_title = empty($wish_title) ? 'NULL' : '"' . substr($wish_title, 0, 128) . '"';
$wish_description = empty($wish_description) ? 'NULL' : '"' . $wish_description . '"';
$wish_image = empty($wish_image) || Wish::NO_IMAGE === $wish_image ? 'NULL' : '"' . $wish_image . '"';
$wish_url = empty($wish_url) ? 'NULL' : '"' . $wish_url . '"';
$wish_title = empty($wish_title) ? null : substr($wish_title, 0, 128);
$wish_description = empty($wish_description) ? null : $wish_description ;
$wish_image = empty($wish_image) || Wish::NO_IMAGE === $wish_image ? null : $wish_image ;
$wish_url = empty($wish_url) ? null : $wish_url ;
$database
->query(
@ -168,7 +168,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
* Product
*/
$wish_price = empty($_POST['wish_price']) || 'false' === $wish_is_purchasable
? 'NULL'
? null
: Sanitiser::getNumber($_POST['wish_price']);
$database
@ -222,10 +222,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
}
/** Update */
$wish_title = empty($wish_title) ? 'NULL' : '"' . substr($wish_title, 0, 128) . '"';
$wish_description = empty($wish_description) ? 'NULL' : '"' . $wish_description . '"';
$wish_image = empty($wish_image) || Wish::NO_IMAGE === $wish_image ? 'NULL' : '"' . $wish_image . '"';
$wish_url = empty($wish_url) ? 'NULL' : '"' . $wish_url . '"';
$wish_title = empty($wish_title) ? null : substr($wish_title, 0, 128);
$wish_description = empty($wish_description) ? null : $wish_description ;
$wish_image = empty($wish_image) || Wish::NO_IMAGE === $wish_image ? null : $wish_image ;
$wish_url = empty($wish_url) ? null : $wish_url ;
$database
->query(

4
src/classes/database.php
View file

@ -48,6 +48,10 @@ class Database
$statement->bindValue($name, $value, \PDO::PARAM_INT);
break;
case 'NULL':
$statement->bindValue($name, $value, \PDO::PARAM_NULL);
break;
default:
$statement->bindValue($name, $value, \PDO::PARAM_STR);
break;