Skip to content

P
PHP-MySQLi-Database-Class
Commit c4df3db0 authored by Josh Campbell's avatar Josh Campbell
Browse files
Options

Bug Fix: Dynamized parameter binding

parent ca56e7d8
Hide whitespace changes
Inline Side-by-side
Showing with 19 additions and 18 deletions
MysqliDb.php
View file @ c4df3db0
...@@ -18,6 +18,7 @@ class MysqliDB { ...@@ -18,6 +18,7 @@ class MysqliDB {
protected $_where = array(); protected $_where = array();
protected $_whereTypeList; protected $_whereTypeList;
protected $_paramTypeList; protected $_paramTypeList;
protected $_bindParams = array('');
public function __construct($host, $username, $password, $db) { public function __construct($host, $username, $password, $db) {
$this->_mysqli = new mysqli($host, $username, $password, $db) $this->_mysqli = new mysqli($host, $username, $password, $db)
...@@ -45,6 +46,7 @@ class MysqliDB { ...@@ -45,6 +46,7 @@ class MysqliDB {
protected function reset() protected function reset()
{ {
$this->_where = array(); $this->_where = array();
$this->_bindParams = array('');
unset($this->_query); unset($this->_query);
unset($this->_whereTypeList); unset($this->_whereTypeList);
unset($this->_paramTypeList); unset($this->_paramTypeList);
...@@ -57,7 +59,7 @@ class MysqliDB { ...@@ -57,7 +59,7 @@ class MysqliDB {
* @param array $bindData All variables to bind to the SQL statment. * @param array $bindData All variables to bind to the SQL statment.
* @return array Contains the returned rows from the query. * @return array Contains the returned rows from the query.
*/ */
public function rawQuery($query,$bindParams = NULL) public function rawQuery($query, $bindParams = NULL)
{ {
$this->_query = filter_var($query, FILTER_SANITIZE_STRING); $this->_query = filter_var($query, FILTER_SANITIZE_STRING);
$stmt = $this->_prepareQuery(); $stmt = $this->_prepareQuery();
...@@ -220,9 +222,8 @@ class MysqliDB { ...@@ -220,9 +222,8 @@ class MysqliDB {
*/ */
protected function _buildQuery($numRows = NULL, $tableData = NULL) protected function _buildQuery($numRows = NULL, $tableData = NULL)
{ {
$hasTableData = false; (gettype($tableData) === 'array') ? $hasTableData = true : $hasTableData = false;
if (gettype($tableData) === 'array') (!empty($this->_where )) ? $hasConditional = true : $hasConditional = false;
$hasTableData = true;
// Did the user call the "where" method? // Did the user call the "where" method?
if (!empty($this->_where)) { if (!empty($this->_where)) {
...@@ -296,26 +297,26 @@ class MysqliDB { ...@@ -296,26 +297,26 @@ class MysqliDB {
// Prepare query // Prepare query
$stmt = $this->_prepareQuery(); $stmt = $this->_prepareQuery();
// Bind parameters // Prepare table data bind parameters
if ($hasTableData) { if ($hasTableData) {
$args = array(); $this->_bindParams[0] = $this->_paramTypeList;
array_push($args, $this->_paramTypeList);
foreach ($tableData as $prop => $val) { foreach ($tableData as $prop => $val) {
array_push($args, &$tableData[$prop]); array_push($this->_bindParams, &$tableData[$prop]);
} }
}
call_user_func_array(array($stmt, 'bind_param'), $args); // Prepare where condition bind parameters
} else { if($hasConditional) {
if ($this->_where) { if ($this->_where) {
$wheres = array(); $this->_bindParams[0] .= $this->_whereTypeList;
array_push($wheres, $this->_whereTypeList); foreach ($this->_where as $prop => $val) {
foreach ($this->_where as $prop => $val) { array_push($this->_bindParams, &$this->_where[$prop]);
array_push($wheres, &$this->_where[$prop]); }
}
call_user_func_array(array($stmt, 'bind_param'), $wheres);
} }
} }
// Bind parameters to statment
if ($hasTableData || $hasConditional){
call_user_func_array(array($stmt, 'bind_param'), $this->_bindParams);
}
return $stmt; return $stmt;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023