From 0cc2bf4b794e819db17a914cc29e7329477125c5 Mon Sep 17 00:00:00 2001 From: Ryan Cramer Date: Fri, 10 Jul 2020 12:46:55 -0400 Subject: [PATCH] DB query updates in WireSaveableItems class --- wire/core/WireSaveableItems.php | 28 +++++++++++++++++---------- wire/core/WireSaveableItemsLookup.php | 8 +++++++- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/wire/core/WireSaveableItems.php b/wire/core/WireSaveableItems.php index ae3fb85e..79a14518 100644 --- a/wire/core/WireSaveableItems.php +++ b/wire/core/WireSaveableItems.php @@ -232,25 +232,27 @@ abstract class WireSaveableItems extends Wire implements \IteratorAggregate { public function ___save(Saveable $item) { $blank = $this->makeBlankItem(); - if(!$item instanceof $blank) throw new WireException("WireSaveableItems::save(item) requires item to be of type '" . $blank->className() . "'"); + + if(!$item instanceof $blank) { + $className = $blank->className(); + throw new WireException("WireSaveableItems::save(item) requires item to be of type: $className"); + } - $database = $this->wire('database'); + $database = $this->wire()->database; $table = $database->escapeTable($this->getTable()); $sql = "`$table` SET "; $id = (int) $item->id; $this->saveReady($item); $data = $item->getTableData(); + $binds = array(); foreach($data as $key => $value) { if(!$this->saveItemKey($key)) continue; - if($key == 'data') { - if(is_array($value)) { - $value = $this->encodeData($value); - } else $value = ''; - } + if($key === 'data') $value = is_array($value) ? $this->encodeData($value) : ''; $key = $database->escapeTableCol($key); - $value = $database->escapeStr("$value"); - $sql .= "`$key`='$value', "; + $bindKey = $database->escapeCol($key); + $binds[":$bindKey"] = $value; + $sql .= "`$key`=:$bindKey, "; } $sql = rtrim($sql, ", "); @@ -258,15 +260,21 @@ abstract class WireSaveableItems extends Wire implements \IteratorAggregate { if($id) { $query = $database->prepare("UPDATE $sql WHERE id=:id"); + foreach($binds as $key => $value) { + $query->bindValue($key, $value); + } $query->bindValue(":id", $id, \PDO::PARAM_INT); $result = $query->execute(); } else { $query = $database->prepare("INSERT INTO $sql"); + foreach($binds as $key => $value) { + $query->bindValue($key, $value); + } $result = $query->execute(); if($result) { - $item->id = $database->lastInsertId(); + $item->id = (int) $database->lastInsertId(); $this->getAll()->add($item); $this->added($item); } diff --git a/wire/core/WireSaveableItemsLookup.php b/wire/core/WireSaveableItemsLookup.php index 5b7608f4..763775a5 100644 --- a/wire/core/WireSaveableItemsLookup.php +++ b/wire/core/WireSaveableItemsLookup.php @@ -100,6 +100,9 @@ abstract class WireSaveableItemsLookup extends WireSaveableItems { * Should the given item key/field be saved in the database? * * Template method used by ___save() + * + * @param string $key + * @return bool * */ protected function saveItemKey($key) { @@ -117,7 +120,10 @@ abstract class WireSaveableItemsLookup extends WireSaveableItems { */ public function ___save(Saveable $item) { - if(!$item instanceof HasLookupItems) throw new WireException($this->className() . "::save() requires an item that implements HasLookupItems interface"); + if(!$item instanceof HasLookupItems) { + $class = $this->className(); + throw new WireException("$class::save() requires an item that implements HasLookupItems interface"); + } $database = $this->wire('database'); $lookupTable = $database->escapeTable($this->getLookupTable());