From c1059875bce7bd8f66a634f4a0c040f988442f2a Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 21 Jun 2018 19:48:25 +0000 Subject: [PATCH] This fixes the problem with mixed variables in queries --- include/dba.php | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/include/dba.php b/include/dba.php index 478a1a10c2..17234f02b3 100644 --- a/include/dba.php +++ b/include/dba.php @@ -171,7 +171,7 @@ class dba { */ public static function database_name() { $ret = self::p("SELECT DATABASE() AS `db`"); - $data = self::inArray($ret); + $data = self::inArray($ret); return $data[0]['db']; } @@ -1296,6 +1296,33 @@ class dba { $condition_string .= " AND "; } if (is_array($value)) { + // Check if there are integer values in the parameters + $is_int = false; + $is_alpha = false; + foreach ($value as $single_value) { + if (is_int($single_value)) { + $is_int = true; + } + + // Is any non numeric value present? + if (!is_numeric($single_value)) { + $is_alpha = true; + } + } + + // Cast them all in an unique method + if ($is_int) { + $casted = []; + foreach ($value as $single_value) { + if ($is_int AND !$is_alpha) { + $casted[] = (int)$single_value; + } else { + $casted[] = (string)$single_value; + } + } + $value = $casted; + } + $new_values = array_merge($new_values, array_values($value)); $placeholders = substr(str_repeat("?, ", count($value)), 0, -2); $condition_string .= "`" . $field . "` IN (" . $placeholders . ")";