From c34770751789e3d0198c56f994bceb403a7c0920 Mon Sep 17 00:00:00 2001 From: grandeljay Date: Sat, 28 Jan 2023 15:10:53 +0100 Subject: [PATCH] Fix quotes in wish fields --- src/api/wishes.php | 20 ++++++++++---------- src/classes/database.php | 4 ++++ 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/src/api/wishes.php b/src/api/wishes.php index 026d2d43..9596a6b7 100644 --- a/src/api/wishes.php +++ b/src/api/wishes.php @@ -95,7 +95,7 @@ switch ($_SERVER['REQUEST_METHOD']) { $wish_description = Sanitiser::getText($_POST['wish_description']); $wish_image = Sanitiser::getURL($_POST['wish_image']); $wish_url = Sanitiser::getURL($_POST['wish_url']); - $wish_priority = !empty(Sanitiser::getNumber($_POST['wish_priority'])) ? Sanitiser::getNumber($_POST['wish_priority']) : 'NULL'; + $wish_priority = !empty(Sanitiser::getNumber($_POST['wish_priority'])) ? Sanitiser::getNumber($_POST['wish_priority']) : null; $wish_is_purchasable = isset($_POST['wish_is_purchasable']); if (Wish::NO_IMAGE === $wish_image) { @@ -136,10 +136,10 @@ switch ($_SERVER['REQUEST_METHOD']) { } /** Update */ - $wish_title = empty($wish_title) ? 'NULL' : '"' . substr($wish_title, 0, 128) . '"'; - $wish_description = empty($wish_description) ? 'NULL' : '"' . $wish_description . '"'; - $wish_image = empty($wish_image) || Wish::NO_IMAGE === $wish_image ? 'NULL' : '"' . $wish_image . '"'; - $wish_url = empty($wish_url) ? 'NULL' : '"' . $wish_url . '"'; + $wish_title = empty($wish_title) ? null : substr($wish_title, 0, 128); + $wish_description = empty($wish_description) ? null : $wish_description ; + $wish_image = empty($wish_image) || Wish::NO_IMAGE === $wish_image ? null : $wish_image ; + $wish_url = empty($wish_url) ? null : $wish_url ; $database ->query( @@ -168,7 +168,7 @@ switch ($_SERVER['REQUEST_METHOD']) { * Product */ $wish_price = empty($_POST['wish_price']) || 'false' === $wish_is_purchasable - ? 'NULL' + ? null : Sanitiser::getNumber($_POST['wish_price']); $database @@ -222,10 +222,10 @@ switch ($_SERVER['REQUEST_METHOD']) { } /** Update */ - $wish_title = empty($wish_title) ? 'NULL' : '"' . substr($wish_title, 0, 128) . '"'; - $wish_description = empty($wish_description) ? 'NULL' : '"' . $wish_description . '"'; - $wish_image = empty($wish_image) || Wish::NO_IMAGE === $wish_image ? 'NULL' : '"' . $wish_image . '"'; - $wish_url = empty($wish_url) ? 'NULL' : '"' . $wish_url . '"'; + $wish_title = empty($wish_title) ? null : substr($wish_title, 0, 128); + $wish_description = empty($wish_description) ? null : $wish_description ; + $wish_image = empty($wish_image) || Wish::NO_IMAGE === $wish_image ? null : $wish_image ; + $wish_url = empty($wish_url) ? null : $wish_url ; $database ->query( diff --git a/src/classes/database.php b/src/classes/database.php index 7ef077cb..2584d00d 100644 --- a/src/classes/database.php +++ b/src/classes/database.php @@ -48,6 +48,10 @@ class Database $statement->bindValue($name, $value, \PDO::PARAM_INT); break; + case 'NULL': + $statement->bindValue($name, $value, \PDO::PARAM_NULL); + break; + default: $statement->bindValue($name, $value, \PDO::PARAM_STR); break;