mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-25 17:01:43 +02:00
Code Issues Releases Wiki Activity

#4564: Un-break validatorClass::dbValidateArray() counter

Browse Source 
I forgot an `AND` in the `WHERE` clause for the `e_db_pdo`
implementation of `validatorClass::dbValidateArray()`.

Fixes: https://github.com/e107inc/e107/issues/4564
This commit is contained in:
Nick Liu
2021-09-13 12:41:26 -05:00
parent 036b301c31
commit c94722e00b
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
e107_handlers/validator_class.php
View File

@@ -1387,17 +1387,24 @@ class validatorClass
} }
$field = varset($options['dbFieldName'], $f); $field = varset($options['dbFieldName'], $f);
// XXX: Different implementations due to missing API for preventing SQL injections // XXX: Different implementations due to missing API for preventing SQL injections
$count = 0;
if ($u_sql instanceof e_db_mysql) if ($u_sql instanceof e_db_mysql)
{ {
$v = $u_sql->escape($v); $v = $u_sql->escape($v);
$count = $u_sql->count($targetTable, "(*)", "WHERE `{$f}`='$v' AND `user_id` != " . $userID); $count = (int) $u_sql->count($targetTable, "(*)", "WHERE `{$f}`='$v' AND `user_id` != " . $userID);
} }
else else
{ {
$u_sql->select($targetTable, "COUNT(*)", "`{$f}`=:value", ['value' => $v]); $u_sql->select(
$targetTable,
"COUNT(*)",
"`{$f}`=:value AND `user_id` != :userID",
[
'value' => $v,
'userID' => $userID,
]
);
$row = $u_sql->fetch('num'); $row = $u_sql->fetch('num');
$count = $row[0]; $count = (int) $row[0];
} }
if ($count) if ($count)
{ {