[vhffs-dev] [950] Mysql API is now only using prepared statements

[ Thread Index | Date Index | More vhffs.org/vhffs-dev Archives ]

To: vhffs-dev@xxxxxxxxx
Subject: [vhffs-dev] [950] Mysql API is now only using prepared statements
From: subversion@xxxxxxxxxxxxx
Date: Sun, 30 Sep 2007 03:02:13 +0200

Revision: 950
Author:   gradator
Date:     2007-09-30 01:02:12 +0000 (Sun, 30 Sep 2007)

Log Message:
-----------
Mysql API is now only using prepared statements

Modified Paths:
--------------
    trunk/vhffs-api/src/Vhffs/Services/Mysql.pm

Modified: trunk/vhffs-api/src/Vhffs/Services/Mysql.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Services/Mysql.pm	2007-09-29 16:58:21 UTC (rev 949)
+++ trunk/vhffs-api/src/Vhffs/Services/Mysql.pm	2007-09-30 01:02:12 UTC (rev 950)
@@ -88,15 +88,11 @@
 sub delete
 {
 	my $self = shift;
-
-    my $query = "DELETE FROM vhffs_mysql WHERE object_id='".$self->{'object_id'}."'";
-    my $request = $self->{'db'}->prepare($query);
-    $request->execute or return -1;
+	my $request = $self->{'db'}->prepare( 'DELETE FROM vhffs_mysql WHERE object_id=?' );
+	$request->execute( $self->{'object_id'} ) or return -1;
         
 	return -2 if( $self->SUPER::delete < 0 );
-
 	return 1;
-
 }
 
 =pod
@@ -126,8 +122,7 @@
         my $parent = Vhffs::Object::create($main, $user->get_uid, $group->get_gid, $description, undef, Vhffs::Constants::TYPE_MYSQL);
         die('Unable to create parent object') unless defined ($parent);
 
-        my $sql = 'INSERT INTO vhffs_mysql(dbname, dbuser, dbpass, object_id) VALUES(?, ?, ?, ?)';
-        my $sth = $dbh->prepare($sql);
+        my $sth = $dbh->prepare( 'INSERT INTO vhffs_mysql(dbname, dbuser, dbpass, object_id) VALUES(?, ?, ?, ?)' );
         $sth->execute($dbname, $dbuser, $dbpass, $parent->get_oid);
 
         $dbh->commit;
@@ -147,8 +142,7 @@
 {
 	my $self = shift;	
 
-	my $query = 'UPDATE vhffs_mysql SET dbpass = ? WHERE dbname = ?';
-	my $request = $self->get_db_object()->prepare( $query );
+	my $request = $self->get_db_object()->prepare( 'UPDATE vhffs_mysql SET dbpass = ? WHERE dbname = ?' );
 	$request->execute($self->{dbpass}, $self->{dbname});
 
 	$self->SUPER::commit;
@@ -187,8 +181,8 @@
 {
 	my $self = shift;
 
-	my $request = $self->{'db'}->prepare("UPDATE vhffs_mysql SET dbpass='' WHERE dbname='".$self->get_dbname."'") or return -1;
-	$request->execute();
+	my $request = $self->{'db'}->prepare('UPDATE vhffs_mysql SET dbpass=\'\' WHERE dbname=?') or return -1;
+	$request->execute( $self->get_dbname );
 	return 1;
 }
 
@@ -196,10 +190,10 @@
 {
 	my ($self , $value) = @_;	
 
-    return 1 if( $value eq $self->{'dbuser'});
+	return 1 if( $value eq $self->{'dbuser'});
 
-	my $request = $self->{'db'}->prepare("SELECT * FROM vhffs_mysql where dbuser='".$value."'") or return -1;
-    my $rows = $request->execute();
+	my $request = $self->{'db'}->prepare('SELECT * FROM vhffs_mysql where dbuser=?') or return -1;
+	my $rows = $request->execute( $value );
 
 	return -1 if( $rows >= 1 );
 	
@@ -257,8 +251,7 @@
 
 sub fill_object {
     my ($class, $obj) = @_;
-    my $sql = q{SELECT mysql_id, dbname, dbuser, dbpass FROM vhffs_mysql
-        WHERE object_id = ?};
+    my $sql = q{SELECT mysql_id, dbname, dbuser, dbpass FROM vhffs_mysql WHERE object_id = ?};
     return $class->SUPER::_fill_object($obj, $sql);
 }

Messages sorted by: [ date | thread ]
Prev by Date: [vhffs-dev] [949] Fixing the "blanked" feature on mysql passwords (well, an empty field is better then a field containing "blanked" which is a valid password ...)
Next by Date: [vhffs-dev] [951] Pgsql API is now only using prepared statements
Previous by thread: [vhffs-dev] [949] Fixing the "blanked" feature on mysql passwords (well, an empty field is better then a field containing "blanked" which is a valid password ...)
Next by thread: [vhffs-dev] [951] Pgsql API is now only using prepared statements

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/