]> git.wh0rd.org Git - tt-rss.git/commitdiff
db_prefs: PDO
authorAndrew Dolgov <noreply@fakecake.org>
Fri, 1 Dec 2017 15:40:48 +0000 (18:40 +0300)
committerAndrew Dolgov <noreply@fakecake.org>
Fri, 1 Dec 2017 15:40:48 +0000 (18:40 +0300)
classes/db/prefs.php

index d61cc107bbb09c40c1deb50543d05e3257fbca11..9683202f392cbddd05997c234b9bf20758c254ba 100644 (file)
@@ -1,11 +1,11 @@
 <?php
 class Db_Prefs {
-       private $dbh;
+       private $pdo;
        private static $instance;
        private $cache;
 
        function __construct() {
-               $this->dbh = Db::get();
+               $this->pdo = Db::pdo();
                $this->cache = array();
 
                if ($_SESSION["uid"]) $this->cache();
@@ -26,26 +26,22 @@ class Db_Prefs {
                $user_id = $_SESSION["uid"];
                @$profile = $_SESSION["profile"];
 
-               if ($profile) {
-                       $profile_qpart = "profile = '$profile' AND";
-               } else {
-                       $profile_qpart = "profile IS NULL AND";
-               }
+               if (!$profile || get_schema_version() < 63) $profile = null;
 
-               if (get_schema_version() < 63) $profile_qpart = "";
-
-               $result = db_query("SELECT
+               $sth = $this->pdo->prepare("SELECT
                        value,ttrss_prefs_types.type_name as type_name,ttrss_prefs.pref_name AS pref_name
                        FROM
                                ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types
                        WHERE
-                               $profile_qpart
+                               profile = :profile OR (:profile IS NULL AND profile IS NULL) AND
                                ttrss_prefs.pref_name NOT LIKE '_MOBILE%' AND
                                ttrss_prefs_types.id = type_id AND
-                               owner_uid = '$user_id' AND
+                               owner_uid = :uid AND
                                ttrss_user_prefs.pref_name = ttrss_prefs.pref_name");
 
-               while ($line = db_fetch_assoc($result)) {
+               $sth->execute([":profile" => $profile, ":uid" => $user_id]);
+
+               while ($line = $sth->fetch()) {
                        if ($user_id == $_SESSION["uid"]) {
                                $pref_name = $line["pref_name"];
 
@@ -57,7 +53,6 @@ class Db_Prefs {
 
        function read($pref_name, $user_id = false, $die_on_error = false) {
 
-               $pref_name = db_escape_string($pref_name);
                $profile = false;
 
                if (!$user_id) {
@@ -72,28 +67,23 @@ class Db_Prefs {
                        return $this->convert($tuple["value"], $tuple["type"]);
                }
 
-               if ($profile) {
-                       $profile_qpart = "profile = '$profile' AND";
-               } else {
-                       $profile_qpart = "profile IS NULL AND";
-               }
-
-               if (get_schema_version() < 63) $profile_qpart = "";
+               if (!$profile || get_schema_version() < 63) $profile = null;
 
-               $result = db_query("SELECT
+               $sth = $this->pdo->prepare("SELECT
                        value,ttrss_prefs_types.type_name as type_name
                        FROM
                                ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types
                        WHERE
-                               $profile_qpart
-                               ttrss_user_prefs.pref_name = '$pref_name' AND
+                               profile = :profile OR (:profile IS NULL AND profile IS NULL) AND
+                               ttrss_user_prefs.pref_name = :pref_name AND
                                ttrss_prefs_types.id = type_id AND
-                               owner_uid = '$user_id' AND
+                               owner_uid = :uid AND
                                ttrss_user_prefs.pref_name = ttrss_prefs.pref_name");
+               $sth->execute([":uid" => $user_id, ":profile" => $profile, ":pref_name" => $pref_name]);
 
-               if (db_num_rows($result) > 0) {
-                       $value = db_fetch_result($result, 0, "value");
-                       $type_name = db_fetch_result($result, 0, "type_name");
+               if ($row = $sth->fetch()) {
+                       $value = $row["value"];
+                       $type_name = $row["type_name"];
 
                        if ($user_id == $_SESSION["uid"]) {
                                $this->cache[$pref_name]["type"] = $type_name;
@@ -119,8 +109,7 @@ class Db_Prefs {
        }
 
        function write($pref_name, $value, $user_id = false, $strip_tags = true) {
-               $pref_name = db_escape_string($pref_name);
-               $value = db_escape_string($value, $strip_tags);
+               if ($strip_tags) $value = strip_tags($value);
 
                if (!$user_id) {
                        $user_id = $_SESSION["uid"];
@@ -135,7 +124,7 @@ class Db_Prefs {
                        $profile_qpart = "AND profile IS NULL";
                }
 
-               if (get_schema_version() < 63) $profile_qpart = "";
+               if (!$profile || get_schema_version() < 63) $profile = null;
 
                $type_name = "";
                $current_value = "";
@@ -146,12 +135,14 @@ class Db_Prefs {
                }
 
                if (!$type_name) {
-                       $result = db_query("SELECT type_name
+                       $sth = $this->pdo->prepare("SELECT type_name
                                FROM ttrss_prefs,ttrss_prefs_types
-                               WHERE pref_name = '$pref_name' AND type_id = ttrss_prefs_types.id");
+                               WHERE pref_name = ? AND type_id = ttrss_prefs_types.id");
+                       $sth->execute([$pref_name]);
+
+                       if ($row = $sth->fetch())
+                               $type_name = $row["type_name"];
 
-                       if (db_num_rows($result) > 0)
-                               $type_name = db_fetch_result($result, 0, "type_name");
                } else if ($current_value == $value) {
                        return;
                }
@@ -171,10 +162,12 @@ class Db_Prefs {
                                $value = 'UTC';
                        }
 
-                       db_query("UPDATE ttrss_user_prefs SET
-                               value = '$value' WHERE pref_name = '$pref_name'
-                                       $profile_qpart
-                                       AND owner_uid = " . $user_id);
+                       $sth = $this->pdo->prepare("UPDATE ttrss_user_prefs SET
+                               value = :value WHERE pref_name = :pref_name
+                                       AND (profile = :profile OR (:profile IS NULL AND profile IS NULL))
+                                       AND owner_uid = :uid");
+
+                       $sth->execute([":pref_name" => $pref_name, ":value" => $value, ":uid" => $user_id, ":profile" => $profile]);
 
                        if ($user_id == $_SESSION["uid"]) {
                                $this->cache[$pref_name]["type"] = $type_name;