<?php
class Db_Prefs {
- private $dbh;
+ private $pdo;
private static $instance;
private $cache;
function __construct() {
- $this->dbh = Db::get();
+ $this->pdo = Db::pdo();
$this->cache = array();
if ($_SESSION["uid"]) $this->cache();
$user_id = $_SESSION["uid"];
@$profile = $_SESSION["profile"];
- if ($profile) {
- $profile_qpart = "profile = '$profile' AND";
- } else {
- $profile_qpart = "profile IS NULL AND";
- }
+ if (!$profile || get_schema_version() < 63) $profile = null;
- if (get_schema_version() < 63) $profile_qpart = "";
-
- $result = db_query("SELECT
+ $sth = $this->pdo->prepare("SELECT
value,ttrss_prefs_types.type_name as type_name,ttrss_prefs.pref_name AS pref_name
FROM
ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types
WHERE
- $profile_qpart
+ profile = :profile OR (:profile IS NULL AND profile IS NULL) AND
ttrss_prefs.pref_name NOT LIKE '_MOBILE%' AND
ttrss_prefs_types.id = type_id AND
- owner_uid = '$user_id' AND
+ owner_uid = :uid AND
ttrss_user_prefs.pref_name = ttrss_prefs.pref_name");
- while ($line = db_fetch_assoc($result)) {
+ $sth->execute([":profile" => $profile, ":uid" => $user_id]);
+
+ while ($line = $sth->fetch()) {
if ($user_id == $_SESSION["uid"]) {
$pref_name = $line["pref_name"];
function read($pref_name, $user_id = false, $die_on_error = false) {
- $pref_name = db_escape_string($pref_name);
$profile = false;
if (!$user_id) {
return $this->convert($tuple["value"], $tuple["type"]);
}
- if ($profile) {
- $profile_qpart = "profile = '$profile' AND";
- } else {
- $profile_qpart = "profile IS NULL AND";
- }
-
- if (get_schema_version() < 63) $profile_qpart = "";
+ if (!$profile || get_schema_version() < 63) $profile = null;
- $result = db_query("SELECT
+ $sth = $this->pdo->prepare("SELECT
value,ttrss_prefs_types.type_name as type_name
FROM
ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types
WHERE
- $profile_qpart
- ttrss_user_prefs.pref_name = '$pref_name' AND
+ profile = :profile OR (:profile IS NULL AND profile IS NULL) AND
+ ttrss_user_prefs.pref_name = :pref_name AND
ttrss_prefs_types.id = type_id AND
- owner_uid = '$user_id' AND
+ owner_uid = :uid AND
ttrss_user_prefs.pref_name = ttrss_prefs.pref_name");
+ $sth->execute([":uid" => $user_id, ":profile" => $profile, ":pref_name" => $pref_name]);
- if (db_num_rows($result) > 0) {
- $value = db_fetch_result($result, 0, "value");
- $type_name = db_fetch_result($result, 0, "type_name");
+ if ($row = $sth->fetch()) {
+ $value = $row["value"];
+ $type_name = $row["type_name"];
if ($user_id == $_SESSION["uid"]) {
$this->cache[$pref_name]["type"] = $type_name;
}
function write($pref_name, $value, $user_id = false, $strip_tags = true) {
- $pref_name = db_escape_string($pref_name);
- $value = db_escape_string($value, $strip_tags);
+ if ($strip_tags) $value = strip_tags($value);
if (!$user_id) {
$user_id = $_SESSION["uid"];
$profile_qpart = "AND profile IS NULL";
}
- if (get_schema_version() < 63) $profile_qpart = "";
+ if (!$profile || get_schema_version() < 63) $profile = null;
$type_name = "";
$current_value = "";
}
if (!$type_name) {
- $result = db_query("SELECT type_name
+ $sth = $this->pdo->prepare("SELECT type_name
FROM ttrss_prefs,ttrss_prefs_types
- WHERE pref_name = '$pref_name' AND type_id = ttrss_prefs_types.id");
+ WHERE pref_name = ? AND type_id = ttrss_prefs_types.id");
+ $sth->execute([$pref_name]);
+
+ if ($row = $sth->fetch())
+ $type_name = $row["type_name"];
- if (db_num_rows($result) > 0)
- $type_name = db_fetch_result($result, 0, "type_name");
} else if ($current_value == $value) {
return;
}
$value = 'UTC';
}
- db_query("UPDATE ttrss_user_prefs SET
- value = '$value' WHERE pref_name = '$pref_name'
- $profile_qpart
- AND owner_uid = " . $user_id);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_prefs SET
+ value = :value WHERE pref_name = :pref_name
+ AND (profile = :profile OR (:profile IS NULL AND profile IS NULL))
+ AND owner_uid = :uid");
+
+ $sth->execute([":pref_name" => $pref_name, ":value" => $value, ":uid" => $user_id, ":profile" => $profile]);
if ($user_id == $_SESSION["uid"]) {
$this->cache[$pref_name]["type"] = $type_name;