summaryrefslogtreecommitdiff
path: root/classes/db
diff options
context:
space:
mode:
Diffstat (limited to 'classes/db')
-rw-r--r--classes/db/pdo.php100
-rw-r--r--classes/db/prefs.php71
-rw-r--r--classes/db/stmt.php31
3 files changed, 32 insertions, 170 deletions
diff --git a/classes/db/pdo.php b/classes/db/pdo.php
deleted file mode 100644
index d3070fac4..000000000
--- a/classes/db/pdo.php
+++ /dev/null
@@ -1,100 +0,0 @@
-<?php
-class Db_PDO implements IDb {
- private $pdo;
-
- function connect($host, $user, $pass, $db, $port) {
- $connstr = DB_TYPE . ":host=$host;dbname=$db";
-
- if (DB_TYPE == "mysql") $connstr .= ";charset=utf8";
-
- try {
- $this->pdo = new PDO($connstr, $user, $pass);
- $this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $this->init();
- } catch (PDOException $e) {
- die($e->getMessage());
- }
-
- return $this->pdo;
- }
-
- function escape_string($s, $strip_tags = true) {
- if ($strip_tags) $s = strip_tags($s);
-
- $qs = $this->pdo->quote($s);
-
- return mb_substr($qs, 1, mb_strlen($qs)-2);
- }
-
- function query($query, $die_on_error = true) {
- try {
- return new Db_Stmt($this->pdo->query($query));
- } catch (PDOException $e) {
- user_error($e->getMessage(), $die_on_error ? E_USER_ERROR : E_USER_WARNING);
- }
- }
-
- function fetch_assoc($result) {
- try {
- if ($result) {
- return $result->fetch();
- } else {
- return null;
- }
- } catch (PDOException $e) {
- user_error($e->getMessage(), E_USER_WARNING);
- }
- }
-
- function num_rows($result) {
- try {
- if ($result) {
- return $result->rowCount();
- } else {
- return false;
- }
- } catch (PDOException $e) {
- user_error($e->getMessage(), E_USER_WARNING);
- }
- }
-
- function fetch_result($result, $row, $param) {
- return $result->fetch_result($row, $param);
- }
-
- function close() {
- $this->pdo = null;
- }
-
- function affected_rows($result) {
- try {
- if ($result) {
- return $result->rowCount();
- } else {
- return null;
- }
- } catch (PDOException $e) {
- user_error($e->getMessage(), E_USER_WARNING);
- }
- }
-
- function last_error() {
- return join(" ", $this->pdo->errorInfo());
- }
-
- function init() {
- switch (DB_TYPE) {
- case "pgsql":
- $this->query("set client_encoding = 'UTF-8'");
- $this->query("set datestyle = 'ISO, european'");
- $this->query("set TIME ZONE 0");
- return;
- case "mysql":
- $this->query("SET time_zone = '+0:0'");
- return;
- }
-
- return true;
- }
-
-} \ No newline at end of file
diff --git a/classes/db/prefs.php b/classes/db/prefs.php
index d61cc107b..e704a135a 100644
--- a/classes/db/prefs.php
+++ b/classes/db/prefs.php
@@ -1,11 +1,11 @@
<?php
class Db_Prefs {
- private $dbh;
+ private $pdo;
private static $instance;
private $cache;
function __construct() {
- $this->dbh = Db::get();
+ $this->pdo = Db::pdo();
$this->cache = array();
if ($_SESSION["uid"]) $this->cache();
@@ -26,26 +26,22 @@ class Db_Prefs {
$user_id = $_SESSION["uid"];
@$profile = $_SESSION["profile"];
- if ($profile) {
- $profile_qpart = "profile = '$profile' AND";
- } else {
- $profile_qpart = "profile IS NULL AND";
- }
+ if (!$profile || get_schema_version() < 63) $profile = null;
- if (get_schema_version() < 63) $profile_qpart = "";
-
- $result = db_query("SELECT
+ $sth = $this->pdo->prepare("SELECT
value,ttrss_prefs_types.type_name as type_name,ttrss_prefs.pref_name AS pref_name
FROM
ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types
WHERE
- $profile_qpart
+ (profile = :profile OR (:profile IS NULL AND profile IS NULL)) AND
ttrss_prefs.pref_name NOT LIKE '_MOBILE%' AND
ttrss_prefs_types.id = type_id AND
- owner_uid = '$user_id' AND
+ owner_uid = :uid AND
ttrss_user_prefs.pref_name = ttrss_prefs.pref_name");
- while ($line = db_fetch_assoc($result)) {
+ $sth->execute([":profile" => $profile, ":uid" => $user_id]);
+
+ while ($line = $sth->fetch()) {
if ($user_id == $_SESSION["uid"]) {
$pref_name = $line["pref_name"];
@@ -57,7 +53,6 @@ class Db_Prefs {
function read($pref_name, $user_id = false, $die_on_error = false) {
- $pref_name = db_escape_string($pref_name);
$profile = false;
if (!$user_id) {
@@ -72,28 +67,23 @@ class Db_Prefs {
return $this->convert($tuple["value"], $tuple["type"]);
}
- if ($profile) {
- $profile_qpart = "profile = '$profile' AND";
- } else {
- $profile_qpart = "profile IS NULL AND";
- }
-
- if (get_schema_version() < 63) $profile_qpart = "";
+ if (!$profile || get_schema_version() < 63) $profile = null;
- $result = db_query("SELECT
+ $sth = $this->pdo->prepare("SELECT
value,ttrss_prefs_types.type_name as type_name
FROM
ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types
WHERE
- $profile_qpart
- ttrss_user_prefs.pref_name = '$pref_name' AND
+ (profile = :profile OR (:profile IS NULL AND profile IS NULL)) AND
+ ttrss_user_prefs.pref_name = :pref_name AND
ttrss_prefs_types.id = type_id AND
- owner_uid = '$user_id' AND
+ owner_uid = :uid AND
ttrss_user_prefs.pref_name = ttrss_prefs.pref_name");
+ $sth->execute([":uid" => $user_id, ":profile" => $profile, ":pref_name" => $pref_name]);
- if (db_num_rows($result) > 0) {
- $value = db_fetch_result($result, 0, "value");
- $type_name = db_fetch_result($result, 0, "type_name");
+ if ($row = $sth->fetch()) {
+ $value = $row["value"];
+ $type_name = $row["type_name"];
if ($user_id == $_SESSION["uid"]) {
$this->cache[$pref_name]["type"] = $type_name;
@@ -119,8 +109,7 @@ class Db_Prefs {
}
function write($pref_name, $value, $user_id = false, $strip_tags = true) {
- $pref_name = db_escape_string($pref_name);
- $value = db_escape_string($value, $strip_tags);
+ if ($strip_tags) $value = strip_tags($value);
if (!$user_id) {
$user_id = $_SESSION["uid"];
@@ -135,7 +124,7 @@ class Db_Prefs {
$profile_qpart = "AND profile IS NULL";
}
- if (get_schema_version() < 63) $profile_qpart = "";
+ if (!$profile || get_schema_version() < 63) $profile = null;
$type_name = "";
$current_value = "";
@@ -146,12 +135,14 @@ class Db_Prefs {
}
if (!$type_name) {
- $result = db_query("SELECT type_name
+ $sth = $this->pdo->prepare("SELECT type_name
FROM ttrss_prefs,ttrss_prefs_types
- WHERE pref_name = '$pref_name' AND type_id = ttrss_prefs_types.id");
+ WHERE pref_name = ? AND type_id = ttrss_prefs_types.id");
+ $sth->execute([$pref_name]);
+
+ if ($row = $sth->fetch())
+ $type_name = $row["type_name"];
- if (db_num_rows($result) > 0)
- $type_name = db_fetch_result($result, 0, "type_name");
} else if ($current_value == $value) {
return;
}
@@ -171,10 +162,12 @@ class Db_Prefs {
$value = 'UTC';
}
- db_query("UPDATE ttrss_user_prefs SET
- value = '$value' WHERE pref_name = '$pref_name'
- $profile_qpart
- AND owner_uid = " . $user_id);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_prefs SET
+ value = :value WHERE pref_name = :pref_name
+ AND (profile = :profile OR (:profile IS NULL AND profile IS NULL))
+ AND owner_uid = :uid");
+
+ $sth->execute([":pref_name" => $pref_name, ":value" => $value, ":uid" => $user_id, ":profile" => $profile]);
if ($user_id == $_SESSION["uid"]) {
$this->cache[$pref_name]["type"] = $type_name;
diff --git a/classes/db/stmt.php b/classes/db/stmt.php
deleted file mode 100644
index 7d6bbb30a..000000000
--- a/classes/db/stmt.php
+++ /dev/null
@@ -1,31 +0,0 @@
-<?php
-class Db_Stmt {
- private $stmt;
- private $cache;
-
- function __construct($stmt) {
- $this->stmt = $stmt;
- $this->cache = false;
- }
-
- function fetch_result($row, $param) {
- if (!$this->cache) {
- $this->cache = $this->stmt->fetchAll();
- }
-
- if (isset($this->cache[$row])) {
- return $this->cache[$row][$param];
- } else {
- user_error("Unable to jump to row $row", E_USER_WARNING);
- return false;
- }
- }
-
- function rowCount() {
- return $this->stmt->rowCount();
- }
-
- function fetch() {
- return $this->stmt->fetch();
- }
-} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-26 01:48:08 +0000