From fd752be1145e3960610343f8c46e558d3d5b65a4 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 28 Apr 2020 05:40:23 +0000 Subject: [PATCH] Issue 8546: Added option to not use prepared statements --- src/Database/Database.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/Database/Database.php b/src/Database/Database.php index f86f279965..db906bd01e 100644 --- a/src/Database/Database.php +++ b/src/Database/Database.php @@ -57,6 +57,7 @@ class Database /** @var PDO|mysqli */ protected $connection; protected $driver; + private $emulate_prepares = false; private $error = false; private $errorno = 0; private $affected_rows = 0; @@ -130,6 +131,8 @@ class Database return false; } + $this->emulate_prepares = (bool)$this->configCache->get('database', 'emulate_prepares'); + if (class_exists('\PDO') && in_array('mysql', PDO::getAvailableDrivers())) { $this->driver = 'pdo'; $connect = "mysql:host=" . $server . ";dbname=" . $db; @@ -428,8 +431,10 @@ class Database { $offset = 0; foreach ($args AS $param => $value) { - if (is_int($args[$param]) || is_float($args[$param])) { + if (is_int($args[$param]) || is_float($args[$param]) || is_bool($args[$param])) { $replace = intval($args[$param]); + } elseif (is_null($args[$param])) { + $replace = 'NULL'; } else { $replace = "'" . $this->escape($args[$param]) . "'"; } @@ -515,8 +520,8 @@ class Database switch ($this->driver) { case 'pdo': // If there are no arguments we use "query" - if (count($args) == 0) { - if (!$retval = $this->connection->query($sql)) { + if ($this->emulate_prepares || count($args) == 0) { + if (!$retval = $this->connection->query($this->replaceParameters($sql, $args))) { $errorInfo = $this->connection->errorInfo(); $this->error = $errorInfo[2]; $this->errorno = $errorInfo[1]; @@ -562,7 +567,7 @@ class Database $can_be_prepared = in_array($command, ['select', 'update', 'insert', 'delete']); // The fallback routine is called as well when there are no arguments - if (!$can_be_prepared || (count($args) == 0)) { + if ($this->emulate_prepares || !$can_be_prepared || (count($args) == 0)) { $retval = $this->connection->query($this->replaceParameters($sql, $args)); if ($this->connection->errno) { $this->error = $this->connection->error;