PrivateCoffee/wishthis
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Refactor

Browse source
This commit is contained in:
grandeljay 2022-11-10 09:54:40 +01:00
parent fa8662a0d1
commit c5c2893201
1 changed files with 13 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
src/api/wishlists.php
View file

@ -24,8 +24,8 @@ switch ($_SERVER['REQUEST_METHOD']) {
$user_id = Sanitiser::getNumber($_SESSION['user']->id); $user_id = Sanitiser::getNumber($_SESSION['user']->id);
$wish_name = Sanitiser::getTitle($_POST['wishlist-name']); $wish_name = Sanitiser::getTitle($_POST['wishlist-name']);
$database->query('INSERT INTO `wishlists` $database->query(
( 'INSERT INTO `wishlists` (
`user`, `user`,
`name`, `name`,
`hash` `hash`
@ -33,8 +33,8 @@ switch ($_SERVER['REQUEST_METHOD']) {
' . $user_id . ', ' . $user_id . ',
"' . $wish_name . '", "' . $wish_name . '",
"' . sha1(time() . $user_id . $wish_name) . '" "' . sha1(time() . $user_id . $wish_name) . '"
) );'
;'); );
$response['data'] = array( $response['data'] = array(
'lastInsertId' => $database->lastInsertId(), 'lastInsertId' => $database->lastInsertId(),
@ -150,10 +150,11 @@ switch ($_SERVER['REQUEST_METHOD']) {
parse_str(file_get_contents("php://input"), $_PUT); parse_str(file_get_contents("php://input"), $_PUT);
$database $database
->query('UPDATE `wishlists` ->query(
SET `name` = "' . Sanitiser::getTitle($_PUT['wishlist_title']) . '" 'UPDATE `wishlists`
WHERE `id` = ' . Sanitiser::getNumber($_PUT['wishlist_id']) . ' SET `name` = "' . Sanitiser::getTitle($_PUT['wishlist_title']) . '"
;'); WHERE `id` = ' . Sanitiser::getNumber($_PUT['wishlist_id']) . ';'
);
$response['success'] = true; $response['success'] = true;
break; break;
@ -161,9 +162,10 @@ switch ($_SERVER['REQUEST_METHOD']) {
case 'DELETE': case 'DELETE':
parse_str(file_get_contents("php://input"), $_DELETE); parse_str(file_get_contents("php://input"), $_DELETE);
$database->query('DELETE FROM `wishlists` $database->query(
WHERE `id` = ' . Sanitiser::getNumber($_DELETE['wishlistID']) . ' 'DELETE FROM `wishlists`
;'); WHERE `id` = ' . Sanitiser::getNumber($_DELETE['wishlistID']) . ';'
);
$response['success'] = true; $response['success'] = true;
break; break;