tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 15:54:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Support prepared statements in DbTool::exec and DbTool::query

Browse Source 
refs #7163
This commit is contained in:
Johannes Meyer 2014-10-09 15:03:51 +02:00
parent 62544111ff
commit c3404fdc67
1 changed files with 48 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
library/Icinga/Web/Setup/DbTool.php
View File

@ -245,15 +245,49 @@ class DbTool
/** /**
* Execute a SQL statement and return the affected row count * Execute a SQL statement and return the affected row count
* *
* Use $params to use a prepared statement.
*
* @param string $statement The statement to execute * @param string $statement The statement to execute
* @param array $params The params to bind
* *
* @return int * @return int
*/ */
public function exec($statement) public function exec($statement, $params = array())
{ {
if (empty($params)) {
return $this->pdoConn->exec($statement); return $this->pdoConn->exec($statement);
} }
$stmt = $this->pdoConn->prepare($statement);
$stmt->execute($params);
return $stmt->rowCount();
}
/**
* Execute a SQL statement and return the result
*
* Use $params to use a prepared statement.
*
* @param string $statement The statement to execute
* @param array $params The params to bind
*
* @return mixed
*/
public function query($statement, $params = array())
{
if ($this->zendConn !== null) {
return $this->zendConn->query($statement, $params);
}
if (empty($params)) {
return $this->pdoConn->query($statement);
}
$stmt = $this->pdoConn->prepare($statement);
$stmt->execute($params);
return $stmt;
}
/** /**
* Import the given SQL file * Import the given SQL file
* *
@ -304,20 +338,18 @@ class DbTool
public function hasLogin($username) public function hasLogin($username)
{ {
if ($this->config['db'] === 'mysql') { if ($this->config['db'] === 'mysql') {
$stmt = $this->pdoConn->prepare( $rowCount = $this->exec(
'SELECT grantee FROM information_schema.user_privileges WHERE grantee = :ident LIMIT 1' 'SELECT grantee FROM information_schema.user_privileges WHERE grantee = :ident LIMIT 1',
array(':ident' => "'" . $username . "'@'" . Platform::getFqdn() . "'")
); );
$stmt->execute(array(':ident' => "'" . $username . "'@'" . Platform::getFqdn() . "'"));
return $stmt->rowCount() === 1;
} elseif ($this->config['db'] === 'pgsql') { } elseif ($this->config['db'] === 'pgsql') {
$stmt = $this->pdoConn->prepare( $rowCount = $this->exec(
'SELECT usename FROM pg_catalog.pg_user WHERE usename = :ident LIMIT 1' 'SELECT usename FROM pg_catalog.pg_user WHERE usename = :ident LIMIT 1',
array(':ident' => $username)
); );
$stmt->execute(array(':ident' => $username));
return $stmt->rowCount() === 1;
} }
return false; return $rowCount === 1;
} }
/** /**
@ -329,10 +361,12 @@ class DbTool
public function addLogin($username, $password) public function addLogin($username, $password)
{ {
if ($this->config['db'] === 'mysql') { if ($this->config['db'] === 'mysql') {
$stmt = $this->pdoConn->prepare('CREATE USER :user@:host IDENTIFIED BY :passw'); $this->exec(
$stmt->execute(array(':user' => $username, ':host' => Platform::getFqdn(), ':passw' => $password)); 'CREATE USER :user@:host IDENTIFIED BY :passw',
array(':user' => $username, ':host' => Platform::getFqdn(), ':passw' => $password)
);
} elseif ($this->config['db'] === 'pgsql') { } elseif ($this->config['db'] === 'pgsql') {
$this->pdoConn->exec("CREATE USER $username WITH PASSWORD '$password'"); $this->exec("CREATE USER $username WITH PASSWORD '$password'");
} }
} }
} }