From 9b29f5e701a8b48702efdb6d5def14a53622841c Mon Sep 17 00:00:00 2001 From: denise Date: Thu, 6 Sep 2012 11:21:36 -0400 Subject: [PATCH] CC-4345: Prepared statements - part 1 -modified Datatables.php to use Application_Common_Database::prepareAndExecute() --- airtime_mvc/application/models/Datatables.php | 25 ++----------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/airtime_mvc/application/models/Datatables.php b/airtime_mvc/application/models/Datatables.php index 041530407..4a455fedd 100644 --- a/airtime_mvc/application/models/Datatables.php +++ b/airtime_mvc/application/models/Datatables.php @@ -164,35 +164,14 @@ class Application_Model_Datatables $totalRows = $r->fetchColumn(0); if (isset($sqlTotalDisplayRows)) { - $stmt = $con->prepare($sqlTotalDisplayRows); - foreach($params as $param=>&$value) { - $stmt->bindParam(":$param", $value); - } - if ($stmt->execute()) { - $totalDisplayRows = $stmt->fetchColumn(0); - } else { - $msg = implode(',', $stmt->errorInfo()); - throw new Exception("Error: $msg"); - } + $totalDisplayRows = Application_Common_Database::prepareAndExecute($sqlTotalDisplayRows, $params, 'column'); } else { $totalDisplayRows = $totalRows; } //TODO if ($needToBind) { - $stmt = $con->prepare($sql); - - foreach($params as $param=>&$value) { - $stmt->bindParam(":$param", $value); - } - - if ($stmt->execute()) { - $stmt->setFetchMode(PDO::FETCH_ASSOC); - $results = $stmt->fetchAll(); - } else { - $msg = implode(',', $stmt->errorInfo()); - throw new Exception("Error: $msg"); - } + $results = Application_Common_Database::prepareAndExecute($sql, $params); } else { $stmt = $con->query($sql); $stmt->setFetchMode(PDO::FETCH_ASSOC);