<?php
class PluginHost {
private $dbh;
+ private $pdo;
private $hooks = array();
private $plugins = array();
private $handlers = array();
function __construct() {
$this->dbh = Db::get();
+ $this->pdo = Db::pdo();
$this->storage = array();
}
return $this->dbh;
}
+ function get_pdo() {
+ return $this->pdo;
+ }
+
function get_plugin_names() {
$names = array();
function load_data() {
if ($this->owner_uid) {
- $result = $this->dbh->query("SELECT name, content FROM ttrss_plugin_storage
- WHERE owner_uid = '".$this->owner_uid."'");
+ $sth = $this->pdo->prepare("SELECT name, content FROM ttrss_plugin_storage
+ WHERE owner_uid = ?");
+ $sth->execute([$this->owner_uid]);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$this->storage[$line["name"]] = unserialize($line["content"]);
}
}
private function save_data($plugin) {
if ($this->owner_uid) {
- $plugin = $this->dbh->escape_string($plugin);
-
- $this->dbh->query("BEGIN");
+ $this->pdo->beginTransaction();
- $result = $this->dbh->query("SELECT id FROM ttrss_plugin_storage WHERE
- owner_uid= '".$this->owner_uid."' AND name = '$plugin'");
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_plugin_storage WHERE
+ owner_uid= ? AND name = ?");
+ $sth->execute([$this->owner_uid, $plugin]);
if (!isset($this->storage[$plugin]))
$this->storage[$plugin] = array();
- $content = $this->dbh->escape_string(serialize($this->storage[$plugin]),
+ $content = serialize($this->storage[$plugin],
false);
- if ($this->dbh->num_rows($result) != 0) {
- $this->dbh->query("UPDATE ttrss_plugin_storage SET content = '$content'
- WHERE owner_uid= '".$this->owner_uid."' AND name = '$plugin'");
+ if ($sth->fetch()) {
+ $sth = $this->pdo->prepare("UPDATE ttrss_plugin_storage SET content = ?
+ WHERE owner_uid= ? AND name = ?");
+ $sth->execute([$content, $this->owner_uid, $plugin]);
} else {
- $this->dbh->query("INSERT INTO ttrss_plugin_storage
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_plugin_storage
(name,owner_uid,content) VALUES
- ('$plugin','".$this->owner_uid."','$content')");
+ (?, ?, ?)");
+ $sth->execute([$plugin, $this->owner_uid, $content]);
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
}
}
unset($this->storage[$idx]);
- $this->dbh->query("DELETE FROM ttrss_plugin_storage WHERE name = '$idx'
- AND owner_uid = " . $this->owner_uid);
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_plugin_storage WHERE name = ?
+ AND owner_uid = ?");
+ $sth->execute([$idx, $this->owner_uid]);
}
}