junior/ComicsViewer
junior/ComicsViewer
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update SQL queries to use parameter binding instead of (the old way) a variables array

Browse Source
This commit is contained in:
Junior 2026-03-10 19:50:26 -04:00
parent a33bf21475
commit bf8905f5f7
3 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ajax/getfoldercontents.php
View File

@ -39,10 +39,9 @@ $fullcompath = COMICSDIR . (($compath == "/") ? "" : $compath) . "/";
// Build up a list of comics and issues which have been read in descending order by lastupdate // Build up a list of comics and issues which have been read in descending order by lastupdate
$query = "SELECT comic, issue FROM pagetracker WHERE username=:username"; $query = "SELECT comic, issue FROM pagetracker WHERE username=:username";
//$query = "SELECT comic, issue FROM pagetracker WHERE username=:username ORDER BY lastupdate DESC"; //$query = "SELECT comic, issue FROM pagetracker WHERE username=:username ORDER BY lastupdate DESC";
$fields = array();
$fields[":username"] = $_SESSION['username'];
$sth = $globaldbh->prepare($query); $sth = $globaldbh->prepare($query);
$sth->execute($fields); $sth->bindValue(":username", $_SESSION['username'], PDO::PARAM_STR);
$sth->execute();
$comics_read = array(); $comics_read = array();
$issues_read = array(); $issues_read = array();
while ( $row = $sth->fetch(PDO::FETCH_ASSOC) ) { while ( $row = $sth->fetch(PDO::FETCH_ASSOC) ) {

11
ajax/setpage.php
View File

@ -24,13 +24,12 @@ $page = intval($_REQUEST['page']);
$query = "INSERT INTO pagetracker (username, comic, issue, currentpage, lastupdate) "; $query = "INSERT INTO pagetracker (username, comic, issue, currentpage, lastupdate) ";
$query .= "VALUES(:username, :comic, :issue, :currentpage, NOW()) "; $query .= "VALUES(:username, :comic, :issue, :currentpage, NOW()) ";
$query .= "ON DUPLICATE KEY UPDATE currentpage=:currentpage, lastupdate=NOW()"; $query .= "ON DUPLICATE KEY UPDATE currentpage=:currentpage, lastupdate=NOW()";
$fields = array();
$fields[':username'] = $_SESSION['username'];
$fields[':comic'] = str_replace("/", "", $_SESSION['compath']);
$fields[':issue'] = $_SESSION['comfile'];
$fields[':currentpage'] = $page;
$sth = $globaldbh->prepare($query); $sth = $globaldbh->prepare($query);
$sth->execute($fields); $sth->bindValue(":username", $_SESSION['username'], PDO::PARAM_STR);
$sth->bindValue(":comic", str_replace("/", "", $_SESSION['compath']), PDO::PARAM_STR);
$sth->bindValue(":issue", $_SESSION['comfile'], PDO::PARAM_STR);
$sth->bindValue(":currentpage", $page, PDO::PARAM_INT);
$sth->execute();
$data['message'] = "Page set to $page for {$_SESSION['username']} reading {$_SESSION['comfile']}"; $data['message'] = "Page set to $page for {$_SESSION['username']} reading {$_SESSION['comfile']}";

7
ajax/showcomic.php
View File

@ -35,11 +35,10 @@ $_SESSION['comfile'] = basename($comicfull);
// Get the current page for this comic or 0 (zero) if never opened // Get the current page for this comic or 0 (zero) if never opened
$query = "SELECT currentpage FROM pagetracker WHERE username=:username AND issue=:issue"; $query = "SELECT currentpage FROM pagetracker WHERE username=:username AND issue=:issue";
$fields = array();
$fields[':username'] = $_SESSION['username'];
$fields[':issue'] = $_SESSION['comfile'];
$sth = $globaldbh->prepare($query); $sth = $globaldbh->prepare($query);
$sth->execute($fields); $sth->bindValue(":username", $_SESSION['username'], PDO::PARAM_STR);
$sth->bindValue(":issue", $_SESSION['comfile'], PDO::PARAM_STR);
$sth->execute();
if ( $row = $sth->fetch(PDO::FETCH_ASSOC) ) { if ( $row = $sth->fetch(PDO::FETCH_ASSOC) ) {
$currentpage = intval($row['currentpage']); $currentpage = intval($row['currentpage']);
} else { } else {