1
1
Fork 0

We now avoid prepared statements without an argument

This commit is contained in:
Michael 2017-09-15 03:00:38 +00:00
parent c6ceae5225
commit f29e21eb5c

View file

@ -423,6 +423,19 @@ class dba {
switch (self::$dbo->driver) { switch (self::$dbo->driver) {
case 'pdo': case 'pdo':
// If there are no arguments we use "query"
if (count($args) == 0) {
if (!$retval = self::$dbo->db->query($sql)) {
$errorInfo = self::$dbo->db->errorInfo();
self::$dbo->error = $errorInfo[2];
self::$dbo->errorno = $errorInfo[1];
$retval = false;
break;
}
self::$dbo->affected_rows = $retval->rowCount();
break;
}
if (!$stmt = self::$dbo->db->prepare($sql)) { if (!$stmt = self::$dbo->db->prepare($sql)) {
$errorInfo = self::$dbo->db->errorInfo(); $errorInfo = self::$dbo->db->errorInfo();
self::$dbo->error = $errorInfo[2]; self::$dbo->error = $errorInfo[2];
@ -451,8 +464,8 @@ class dba {
$command = strtolower($parts[0]); $command = strtolower($parts[0]);
$can_be_prepared = in_array($command, array('select', 'update', 'insert', 'delete')); $can_be_prepared = in_array($command, array('select', 'update', 'insert', 'delete'));
// The fallback routine currently only works with statements that doesn't return values // The fallback routine is called as well when there are no arguments
if (!$can_be_prepared && $called_from_e) { if (!$can_be_prepared || (count($args) == 0)) {
$retval = self::$dbo->db->query(self::replace_parameters($sql, $args)); $retval = self::$dbo->db->query(self::replace_parameters($sql, $args));
if (self::$dbo->db->errno) { if (self::$dbo->db->errno) {
self::$dbo->error = self::$dbo->db->error; self::$dbo->error = self::$dbo->db->error;
@ -727,6 +740,10 @@ class dba {
case 'pdo': case 'pdo':
return $stmt->fetch(PDO::FETCH_ASSOC); return $stmt->fetch(PDO::FETCH_ASSOC);
case 'mysqli': case 'mysqli':
if (get_class($stmt) == 'mysqli_result') {
return $stmt->fetch_assoc();
}
// This code works, but is slow // This code works, but is slow
// Bind the result to a result array // Bind the result to a result array