db_prefs: PDO

2017-12-01 18:40:48 +03:00 · 2017-12-01 18:40:48 +03:00 · fbde19580c
commit fbde19580c
parent abf94f00b4
1 changed files with 32 additions and 39 deletions
--- a/classes/db/prefs.php
+++ b/classes/db/prefs.php
@ -1,11 +1,11 @@
 <?php
 class Db_Prefs {
-	private $dbh;
+	private $pdo;
 	private static $instance;
 	private $cache;

 	function __construct() {
-		$this->dbh = Db::get();
+		$this->pdo = Db::pdo();
 		$this->cache = array();

 		if ($_SESSION["uid"]) $this->cache();
@ -26,26 +26,22 @@ class Db_Prefs {
 		$user_id = $_SESSION["uid"];
 		@$profile = $_SESSION["profile"];

-		if ($profile) {
-			$profile_qpart = "profile = '$profile' AND";
-		} else {
-			$profile_qpart = "profile IS NULL AND";
-		}
+		if (!$profile || get_schema_version() < 63) $profile = null;

-		if (get_schema_version() < 63) $profile_qpart = "";
-
-		$result = db_query("SELECT
+		$sth = $this->pdo->prepare("SELECT
 			value,ttrss_prefs_types.type_name as type_name,ttrss_prefs.pref_name AS pref_name
 			FROM
 				ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types
 			WHERE
-				$profile_qpart
+				profile = :profile OR (:profile IS NULL AND profile IS NULL) AND
 				ttrss_prefs.pref_name NOT LIKE '_MOBILE%' AND
 				ttrss_prefs_types.id = type_id AND
-				owner_uid = '$user_id' AND
+				owner_uid = :uid AND
 				ttrss_user_prefs.pref_name = ttrss_prefs.pref_name");

-		while ($line = db_fetch_assoc($result)) {
+		$sth->execute([":profile" => $profile, ":uid" => $user_id]);
+
+		while ($line = $sth->fetch()) {
 			if ($user_id == $_SESSION["uid"]) {
 				$pref_name = $line["pref_name"];

@ -57,7 +53,6 @@ class Db_Prefs {

 	function read($pref_name, $user_id = false, $die_on_error = false) {

-		$pref_name = db_escape_string($pref_name);
 		$profile = false;

 		if (!$user_id) {
@ -72,28 +67,23 @@ class Db_Prefs {
 			return $this->convert($tuple["value"], $tuple["type"]);
 		}

-		if ($profile) {
-			$profile_qpart = "profile = '$profile' AND";
-		} else {
-			$profile_qpart = "profile IS NULL AND";
-		}
+		if (!$profile || get_schema_version() < 63) $profile = null;

-		if (get_schema_version() < 63) $profile_qpart = "";
-
-		$result = db_query("SELECT
+		$sth = $this->pdo->prepare("SELECT
 			value,ttrss_prefs_types.type_name as type_name
 			FROM
 				ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types
 			WHERE
-				$profile_qpart
-				ttrss_user_prefs.pref_name = '$pref_name' AND
+				profile = :profile OR (:profile IS NULL AND profile IS NULL) AND
+				ttrss_user_prefs.pref_name = :pref_name AND
 				ttrss_prefs_types.id = type_id AND
-				owner_uid = '$user_id' AND
+				owner_uid = :uid AND
 				ttrss_user_prefs.pref_name = ttrss_prefs.pref_name");
+		$sth->execute([":uid" => $user_id, ":profile" => $profile, ":pref_name" => $pref_name]);

-		if (db_num_rows($result) > 0) {
-			$value = db_fetch_result($result, 0, "value");
-			$type_name = db_fetch_result($result, 0, "type_name");
+		if ($row = $sth->fetch()) {
+			$value = $row["value"];
+			$type_name = $row["type_name"];

 			if ($user_id == $_SESSION["uid"]) {
 				$this->cache[$pref_name]["type"] = $type_name;
@ -119,8 +109,7 @@ class Db_Prefs {
 	}

 	function write($pref_name, $value, $user_id = false, $strip_tags = true) {
-		$pref_name = db_escape_string($pref_name);
-		$value = db_escape_string($value, $strip_tags);
+		if ($strip_tags) $value = strip_tags($value);

 		if (!$user_id) {
 			$user_id = $_SESSION["uid"];
@ -135,7 +124,7 @@ class Db_Prefs {
 			$profile_qpart = "AND profile IS NULL";
 		}

-		if (get_schema_version() < 63) $profile_qpart = "";
+		if (!$profile || get_schema_version() < 63) $profile = null;

 		$type_name = "";
 		$current_value = "";
@ -146,12 +135,14 @@ class Db_Prefs {
 		}

 		if (!$type_name) {
-			$result = db_query("SELECT type_name
+			$sth = $this->pdo->prepare("SELECT type_name
 				FROM ttrss_prefs,ttrss_prefs_types
-				WHERE pref_name = '$pref_name' AND type_id = ttrss_prefs_types.id");
+				WHERE pref_name = ? AND type_id = ttrss_prefs_types.id");
+			$sth->execute([$pref_name]);
+
+			if ($row = $sth->fetch())
+				$type_name = $row["type_name"];

-			if (db_num_rows($result) > 0)
-				$type_name = db_fetch_result($result, 0, "type_name");
 		} else if ($current_value == $value) {
 			return;
 		}
@ -171,10 +162,12 @@ class Db_Prefs {
 				$value = 'UTC';
 			}

-			db_query("UPDATE ttrss_user_prefs SET
-				value = '$value' WHERE pref_name = '$pref_name'
-					$profile_qpart
-					AND owner_uid = " . $user_id);
+			$sth = $this->pdo->prepare("UPDATE ttrss_user_prefs SET
+				value = :value WHERE pref_name = :pref_name
+					AND (profile = :profile OR (:profile IS NULL AND profile IS NULL))
+					AND owner_uid = :uid");
+
+			$sth->execute([":pref_name" => $pref_name, ":value" => $value, ":uid" => $user_id, ":profile" => $profile]);

 			if ($user_id == $_SESSION["uid"]) {
 				$this->cache[$pref_name]["type"] = $type_name;