Cavemanon/piratepoet
8
Fork 0
Code Pull Requests Actions Releases 16 Activity
Files
246a10f058dfbc58ceb51e43b32f62249c1fb8da
piratepoet/mailpoet/lib/Doctrine/WPDB/Statement.php
Jan Jakes b7b62f5fbc Remove confusing comments in WPDB driver 
On the low lever of the WPDB driver, we're indeed executing an unknown query,
and we can't say that they are by themeselves fully safe. It's higher levels of
abstraction in Doctrine that aim to prevent us from generating unsafe querires.

[MAILPOET-6150]
2024-08-29 17:23:34 +02:00

71 lines
2.1 KiB
PHP
Raw Blame History

<?php declare(strict_types = 1);
namespace MailPoet\Doctrine\WPDB;
use MailPoet\Doctrine\WPDB\Exceptions\NotSupportedException;
use MailPoetVendor\Doctrine\DBAL\Driver\Result;
use MailPoetVendor\Doctrine\DBAL\Driver\Statement as StatementInterface;
use MailPoetVendor\Doctrine\DBAL\ParameterType;
use MailPoetVendor\Doctrine\DBAL\SQL\Parser;
class Statement implements StatementInterface {
private Connection $connection;
private Parser $parser;
private string $sql;
private array $params = [];
public function __construct(
Connection $connection,
string $sql
) {
$this->connection = $connection;
$this->parser = new Parser(false);
$this->sql = $sql;
}
/**
* @param string|int $param
* @param mixed $value
* @param int $type
* @return true
*/
public function bindValue($param, $value, $type = ParameterType::STRING) {
$this->params[$param] = [$param, $value, $type];
return true;
}
/**
* @param string|int $param
* @param mixed $variable
* @param int $type
* @param int|null $length
* @return true
*/
public function bindParam($param, &$variable, $type = ParameterType::STRING, $length = null) {
throw new NotSupportedException(
'Statement::bindParam() is deprecated in Doctrine and not implemented in WPDB driver. Use Statement::bindValue() instead.'
);
}
public function execute($params = null): Result {
if ($params !== null) {
throw new NotSupportedException(
'Statement::execute() with parameters is deprecated in Doctrine and not implemented in WPDB driver. Use Statement::bindValue() instead.'
);
}
// Convert '?' parameters to WPDB format (sprintf-like: '%s', '%d', ...),
// and add support for named parameters that are not supported by mysqli.
$visitor = new ConvertParameters($this->params);
$this->parser->parse($this->sql, $visitor);
$sql = $visitor->getSQL();
$values = $visitor->getValues();
global $wpdb;
$query = count($values) > 0
? $wpdb->prepare($sql, $values) // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
: $sql;
return $this->connection->query($query);
}
}
View Git Blame Copy Permalink