Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CC-5121: fix some SQL statements not being escaped/prepared

This commit is contained in:
Martin Konecny 2013-05-09 14:43:59 -04:00
parent 3ed106af56
commit 21df9013ee
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
airtime_mvc/application/common/Database.php
View File

@ -5,9 +5,13 @@ class Application_Common_Database
const COLUMN = 'column';
const ALL = 'all';
const EXECUTE = 'execute';
const ROW_COUNT = 'row_count';
public static function prepareAndExecute($sql, array $paramValueMap,
$type='all', $fetchType=PDO::FETCH_ASSOC, $con=null)
public static function prepareAndExecute($sql,
array $paramValueMap = array(),
$type=self::ALL,
$fetchType=PDO::FETCH_ASSOC,
$con=null)
{
if (is_null($con)) {
$con = Propel::getConnection();
@ -26,6 +30,8 @@ class Application_Common_Database
$rows = $stmt->fetchAll($fetchType);
} else if ($type == self::EXECUTE) {
$rows = null;
} else if ($type == self::ROW_COUNT) {
$rows = $stmt->rowCount();
} else {
$msg = "bad type passed: type($type)";
throw new Exception("Error: $msg");