PrivateCoffee/wishthis
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix quotes in wish fields

Browse source
This commit is contained in:
grandeljay 2023-01-28 15:10:53 +01:00
parent 68947b616b
commit c347707517
2 changed files with 14 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
src/api/wishes.php
View file

@ -95,7 +95,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
$wish_description = Sanitiser::getText($_POST['wish_description']); $wish_description = Sanitiser::getText($_POST['wish_description']);
$wish_image = Sanitiser::getURL($_POST['wish_image']); $wish_image = Sanitiser::getURL($_POST['wish_image']);
$wish_url = Sanitiser::getURL($_POST['wish_url']); $wish_url = Sanitiser::getURL($_POST['wish_url']);
$wish_priority = !empty(Sanitiser::getNumber($_POST['wish_priority'])) ? Sanitiser::getNumber($_POST['wish_priority']) : 'NULL'; $wish_priority = !empty(Sanitiser::getNumber($_POST['wish_priority'])) ? Sanitiser::getNumber($_POST['wish_priority']) : null;
$wish_is_purchasable = isset($_POST['wish_is_purchasable']); $wish_is_purchasable = isset($_POST['wish_is_purchasable']);
if (Wish::NO_IMAGE === $wish_image) { if (Wish::NO_IMAGE === $wish_image) {
@ -136,10 +136,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
} }
/** Update */ /** Update */
$wish_title = empty($wish_title) ? 'NULL' : '"' . substr($wish_title, 0, 128) . '"'; $wish_title = empty($wish_title) ? null : substr($wish_title, 0, 128);
$wish_description = empty($wish_description) ? 'NULL' : '"' . $wish_description . '"'; $wish_description = empty($wish_description) ? null : $wish_description ;
$wish_image = empty($wish_image) || Wish::NO_IMAGE === $wish_image ? 'NULL' : '"' . $wish_image . '"'; $wish_image = empty($wish_image) || Wish::NO_IMAGE === $wish_image ? null : $wish_image ;
$wish_url = empty($wish_url) ? 'NULL' : '"' . $wish_url . '"'; $wish_url = empty($wish_url) ? null : $wish_url ;
$database $database
->query( ->query(
@ -168,7 +168,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
* Product * Product
*/ */
$wish_price = empty($_POST['wish_price']) || 'false' === $wish_is_purchasable $wish_price = empty($_POST['wish_price']) || 'false' === $wish_is_purchasable
? 'NULL' ? null
: Sanitiser::getNumber($_POST['wish_price']); : Sanitiser::getNumber($_POST['wish_price']);
$database $database
@ -222,10 +222,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
} }
/** Update */ /** Update */
$wish_title = empty($wish_title) ? 'NULL' : '"' . substr($wish_title, 0, 128) . '"'; $wish_title = empty($wish_title) ? null : substr($wish_title, 0, 128);
$wish_description = empty($wish_description) ? 'NULL' : '"' . $wish_description . '"'; $wish_description = empty($wish_description) ? null : $wish_description ;
$wish_image = empty($wish_image) || Wish::NO_IMAGE === $wish_image ? 'NULL' : '"' . $wish_image . '"'; $wish_image = empty($wish_image) || Wish::NO_IMAGE === $wish_image ? null : $wish_image ;
$wish_url = empty($wish_url) ? 'NULL' : '"' . $wish_url . '"'; $wish_url = empty($wish_url) ? null : $wish_url ;
$database $database
->query( ->query(

4
src/classes/database.php
View file

@ -48,6 +48,10 @@ class Database
$statement->bindValue($name, $value, \PDO::PARAM_INT); $statement->bindValue($name, $value, \PDO::PARAM_INT);
break; break;
case 'NULL':
$statement->bindValue($name, $value, \PDO::PARAM_NULL);
break;
default: default:
$statement->bindValue($name, $value, \PDO::PARAM_STR); $statement->bindValue($name, $value, \PDO::PARAM_STR);
break; break;