alex
/
PhpSpreadsheet
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make consistent use of prepared statements

This commit is contained in:
Mark Baker 2013-03-01 13:50:06 +00:00
parent e5613be860
commit 5144932a8b
1 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
Classes/PHPExcel/CachedObjectStorage/SQLite3.php
View File

@ -106,19 +106,22 @@ class PHPExcel_CachedObjectStorage_SQLite3 extends PHPExcel_CachedObjectStorage_
} }
$this->_storeData(); $this->_storeData();
$query = "SELECT value FROM kvp_".$this->_TableName." WHERE id='".$pCoord."'"; $query = $this->_DBHandle->prepare("SELECT value FROM kvp_".$this->_TableName." WHERE id = :id");
$cellResult = $this->_DBHandle->querySingle($query); $query->bindValue('id',$pCoord,SQLITE3_TEXT);
if ($cellResult === false) { $cellResult = $query->execute();
if ($cellResult === FALSE) {
throw new PHPExcel_Exception($this->_DBHandle->lastErrorMsg()); throw new PHPExcel_Exception($this->_DBHandle->lastErrorMsg());
} elseif (is_null($cellResult)) { }
$cellData = $cellResult->fetchArray(SQLITE3_ASSOC);
if ($cellData === FALSE) {
// Return null if requested entry doesn't exist in cache // Return null if requested entry doesn't exist in cache
return null; return NULL;
} }
// Set current entry to the requested entry // Set current entry to the requested entry
$this->_currentObjectID = $pCoord; $this->_currentObjectID = $pCoord;
$this->_currentObject = unserialize($cellResult); $this->_currentObject = unserialize($cellData['value']);
// Re-attach this as the cell's parent // Re-attach this as the cell's parent
$this->_currentObject->attach($this); $this->_currentObject->attach($this);
@ -135,19 +138,19 @@ class PHPExcel_CachedObjectStorage_SQLite3 extends PHPExcel_CachedObjectStorage_
*/ */
public function isDataSet($pCoord) { public function isDataSet($pCoord) {
if ($pCoord === $this->_currentObjectID) { if ($pCoord === $this->_currentObjectID) {
return true; return TRUE;
} }
// Check if the requested entry exists in the cache // Check if the requested entry exists in the cache
$query = "SELECT id FROM kvp_".$this->_TableName." WHERE id='".$pCoord."'"; $query = $this->_DBHandle->prepare("SELECT value FROM kvp_".$this->_TableName." WHERE id = :id");
$cellResult = $this->_DBHandle->querySingle($query); $query->bindValue('id',$pCoord,SQLITE3_TEXT);
if ($cellResult === false) { $cellResult = $query->execute();
if ($cellResult === FALSE) {
throw new PHPExcel_Exception($this->_DBHandle->lastErrorMsg()); throw new PHPExcel_Exception($this->_DBHandle->lastErrorMsg());
} elseif (is_null($cellResult)) {
// Return null if requested entry doesn't exist in cache
return false;
} }
return true; $cellData = $cellResult->fetchArray(SQLITE3_ASSOC);
return ($cellData === FALSE) ? FALSE : TRUE;
} // function isDataSet() } // function isDataSet()
@ -160,16 +163,17 @@ class PHPExcel_CachedObjectStorage_SQLite3 extends PHPExcel_CachedObjectStorage_
public function deleteCacheData($pCoord) { public function deleteCacheData($pCoord) {
if ($pCoord === $this->_currentObjectID) { if ($pCoord === $this->_currentObjectID) {
$this->_currentObject->detach(); $this->_currentObject->detach();
$this->_currentObjectID = $this->_currentObject = null; $this->_currentObjectID = $this->_currentObject = NULL;
} }
// Check if the requested entry exists in the cache // Check if the requested entry exists in the cache
$query = "DELETE FROM kvp_".$this->_TableName." WHERE id='".$pCoord."'"; $query = $this->_DBHandle->prepare("DELETE FROM kvp_".$this->_TableName." WHERE id = :id");
$result = $this->_DBHandle->exec($query); $query->bindValue('id',$pCoord,SQLITE3_TEXT);
if ($result === false) $result = $query->execute();
if ($result === FALSE)
throw new PHPExcel_Exception($this->_DBHandle->lastErrorMsg()); throw new PHPExcel_Exception($this->_DBHandle->lastErrorMsg());
$this->_currentCellIsDirty = false; $this->_currentCellIsDirty = FALSE;
} // function deleteCacheData() } // function deleteCacheData()