]> git.wh0rd.org Git - tt-rss.git/commitdiff
pluginhost: use PDO
authorAndrew Dolgov <noreply@fakecake.org>
Sat, 2 Dec 2017 08:25:43 +0000 (11:25 +0300)
committerAndrew Dolgov <noreply@fakecake.org>
Sat, 2 Dec 2017 08:25:43 +0000 (11:25 +0300)
classes/pluginhost.php

index 533e7ee911f59872b518dcb62d039d0acf911a3e..bff7c32d0b5ea3f69ee145ec06e750fac69b57b6 100644 (file)
@@ -1,6 +1,7 @@
 <?php
 class PluginHost {
        private $dbh;
+       private $pdo;
        private $hooks = array();
        private $plugins = array();
        private $handlers = array();
@@ -63,6 +64,7 @@ class PluginHost {
 
        function __construct() {
                $this->dbh = Db::get();
+               $this->pdo = Db::pdo();
 
                $this->storage = array();
        }
@@ -92,6 +94,10 @@ class PluginHost {
                return $this->dbh;
        }
 
+       function get_pdo() {
+               return $this->pdo;
+       }
+       
        function get_plugin_names() {
                $names = array();
 
@@ -294,10 +300,11 @@ class PluginHost {
 
        function load_data() {
                if ($this->owner_uid)  {
-                       $result = $this->dbh->query("SELECT name, content FROM ttrss_plugin_storage
-                               WHERE owner_uid = '".$this->owner_uid."'");
+                       $sth = $this->pdo->prepare("SELECT name, content FROM ttrss_plugin_storage
+                               WHERE owner_uid = ?");
+                       $sth->execute([$this->owner_uid]);
 
-                       while ($line = $this->dbh->fetch_assoc($result)) {
+                       while ($line = $sth->fetch()) {
                                $this->storage[$line["name"]] = unserialize($line["content"]);
                        }
                }
@@ -305,30 +312,31 @@ class PluginHost {
 
        private function save_data($plugin) {
                if ($this->owner_uid) {
-                       $plugin = $this->dbh->escape_string($plugin);
-
-                       $this->dbh->query("BEGIN");
+                       $this->pdo->beginTransaction();
 
-                       $result = $this->dbh->query("SELECT id FROM ttrss_plugin_storage WHERE
-                               owner_uid= '".$this->owner_uid."' AND name = '$plugin'");
+                       $sth = $this->pdo->prepare("SELECT id FROM ttrss_plugin_storage WHERE
+                               owner_uid= ? AND name = ?");
+                       $sth->execute([$this->owner_uid, $plugin]);
 
                        if (!isset($this->storage[$plugin]))
                                $this->storage[$plugin] = array();
 
-                       $content = $this->dbh->escape_string(serialize($this->storage[$plugin]),
+                       $content = serialize($this->storage[$plugin],
                                false);
 
-                       if ($this->dbh->num_rows($result) != 0) {
-                               $this->dbh->query("UPDATE ttrss_plugin_storage SET content = '$content'
-                                       WHERE owner_uid= '".$this->owner_uid."' AND name = '$plugin'");
+                       if ($sth->fetch()) {
+                               $sth = $this->pdo->prepare("UPDATE ttrss_plugin_storage SET content = ?
+                                       WHERE owner_uid= ? AND name = ?");
+                               $sth->execute([$content, $this->owner_uid, $plugin]);
 
                        } else {
-                               $this->dbh->query("INSERT INTO ttrss_plugin_storage
+                               $sth = $this->pdo->prepare("INSERT INTO ttrss_plugin_storage
                                        (name,owner_uid,content) VALUES
-                                       ('$plugin','".$this->owner_uid."','$content')");
+                                       (?, ?, ?)");
+                               $sth->execute([$plugin, $this->owner_uid, $content]);
                        }
 
-                       $this->dbh->query("COMMIT");
+                       $this->pdo->commit();
                }
        }
 
@@ -365,8 +373,9 @@ class PluginHost {
 
                        unset($this->storage[$idx]);
 
-                       $this->dbh->query("DELETE FROM ttrss_plugin_storage WHERE name = '$idx'
-                               AND owner_uid = " . $this->owner_uid);
+                       $sth = $this->pdo->prepare("DELETE FROM ttrss_plugin_storage WHERE name = ?
+                               AND owner_uid = ?");
+                       $sth->execute([$idx, $this->owner_uid]);
                }
        }