Update database operations and form capabilities
Database operations have been redefined and additional functionality has been added for handling database queries. Functions for updating rows by ID and inserting array into table have been updated for better reliability. In addition, new form attributes for managing decimal steps have been added to enhance data input capabilities. Refactoring and security improvements have also been addressed in the PDO class.
This commit is contained in:
stephan.kasdorf
@@ -72,9 +72,21 @@ abstract class Db implements IDb
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $rowset
|
||||
* @param bool $id
|
||||
* @return mixed|void
|
||||
* @desc will update the a row with the $rowset parameter by the given id
|
||||
* @param array $rowData
|
||||
* @param int $id
|
||||
* @return bool
|
||||
*/
|
||||
public function updateRowById(array $rowData, int $id): bool
|
||||
{
|
||||
return Pdo::updateRowById( self::getTable()['table'], self::getTable()['fields'], $rowData, $id );
|
||||
}
|
||||
|
||||
/**
|
||||
* @desc inserts a rowset into the table, by the given nextInsertIndex return
|
||||
* @param $rowset
|
||||
* @param $id
|
||||
* @return void
|
||||
*/
|
||||
public function insertRowsetById($rowset = array(), $id = false)
|
||||
{
|
||||
@@ -95,16 +107,17 @@ abstract class Db implements IDb
|
||||
* @desc inserts an array into the database as on of the fields may be encrypted, but it has to be a varbinary field
|
||||
* @param array $dataset
|
||||
* @param bool $encrypted
|
||||
* @return bool
|
||||
*/
|
||||
public function insertArrayIntoTable($dataset = array(), $encrypted = false)
|
||||
public function insertArrayIntoTable($dataset = array(), $encrypted = false): bool
|
||||
{
|
||||
if($encrypted)
|
||||
{
|
||||
Pdo::insertArrayIntoTable(self::$table['table'], $dataset, $encrypted);
|
||||
return Pdo::insertArrayIntoTable(self::$table['table'], $dataset, $encrypted);
|
||||
}
|
||||
else
|
||||
{
|
||||
Pdo::insertArrayIntoTable(self::$table['table'], $dataset);
|
||||
return Pdo::insertArrayIntoTable(self::$table['table'], $dataset);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -4,6 +4,7 @@ namespace Nibiru;
|
||||
* User - stephan
|
||||
* Date - 01.02.17
|
||||
* Time - 18:55
|
||||
* @TODO - SECURITY FIX REFACTORING NEEDED!
|
||||
* @author - alllinux.de GbR
|
||||
* @category - [PLEASE SPECIFIY]
|
||||
* @license - BSD License
|
||||
@@ -27,6 +28,32 @@ final class Pdo extends Mysql implements IPdo
|
||||
{
|
||||
return self::$section;
|
||||
}
|
||||
|
||||
/**
|
||||
* @desc Loads all table names from the current database.
|
||||
*
|
||||
* @security This method is protected and intended for use within the class hierarchy.
|
||||
* It fetches the names of all tables in the database to facilitate validation
|
||||
* of table names in database operations.
|
||||
*
|
||||
* @return array An array of table names.
|
||||
*/
|
||||
protected static function loadTableNames(): array
|
||||
{
|
||||
try {
|
||||
$pdo = parent::getInstance(self::getSettingsSection())->getConn();
|
||||
$query = "SHOW TABLES";
|
||||
$stmt = $pdo->prepare($query);
|
||||
$stmt->execute();
|
||||
$tables = $stmt->fetchAll(\PDO::FETCH_COLUMN);
|
||||
return $tables;
|
||||
} catch (\PDOException $e) {
|
||||
error_log($e->getMessage());
|
||||
return [];
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param string $string
|
||||
*
|
||||
@@ -154,6 +181,70 @@ final class Pdo extends Mysql implements IPdo
|
||||
$insert->execute();
|
||||
}
|
||||
|
||||
/**
|
||||
* @desc Update a row in a database table by its primary key ID.
|
||||
*
|
||||
* @param string $tableName The name of the table to update.
|
||||
* @param array $data An associative array where keys are column names and values are the new values for those columns.
|
||||
* @param int $id The value of the primary key for the row to update.
|
||||
*
|
||||
* @return bool Returns true on success or false on failure.
|
||||
*/
|
||||
public static function updateRowById(string $tableName, array $columnNames, array $data, int $id): bool
|
||||
{
|
||||
try {
|
||||
// Inside a method of the mysql.db.php class or its subclass
|
||||
$validTables = self::loadTableNames();
|
||||
|
||||
// Validate the table name
|
||||
if (!in_array($tableName, $validTables, true)) {
|
||||
throw new \InvalidArgumentException("FATAL ERROR in main CORE updateRowById: Invalid table name: {$tableName}");
|
||||
}
|
||||
|
||||
// Validate column names
|
||||
foreach (array_keys($data) as $column) {
|
||||
if (!in_array($column, $columnNames, true))
|
||||
{
|
||||
throw new \InvalidArgumentException("FATAL ERROR in main CORE updateRowById: Invalid column name: {$column}");
|
||||
}
|
||||
}
|
||||
|
||||
// Get PDO instance
|
||||
$pdo = parent::getInstance(self::getSettingsSection())->getConn();
|
||||
|
||||
// Fetch the primary key field name
|
||||
$queryPrimaryKey = "SELECT COLUMN_NAME FROM information_schema.COLUMNS
|
||||
WHERE TABLE_NAME = :tableName
|
||||
AND COLUMN_KEY = 'PRI' LIMIT 1;";
|
||||
$stmtPrimaryKey = $pdo->prepare($queryPrimaryKey);
|
||||
$stmtPrimaryKey->bindValue(':tableName', $tableName);
|
||||
$stmtPrimaryKey->execute();
|
||||
$primaryKeyResult = $stmtPrimaryKey->fetch(\PDO::FETCH_ASSOC);
|
||||
|
||||
if (!$primaryKeyResult)
|
||||
{
|
||||
throw new \RuntimeException('FATAL ERROR in main CORE updateRowById: No primary key found for table ' . $tableName);
|
||||
}
|
||||
$primaryKeyField = $primaryKeyResult['COLUMN_NAME'];
|
||||
$query = "UPDATE " . $tableName . " SET ";
|
||||
$updateParts = [];
|
||||
foreach ($data as $column => $value) {
|
||||
$updateParts[] = $column . " = :" . $column;
|
||||
}
|
||||
$query .= implode(', ', $updateParts);
|
||||
$query .= " WHERE " . $primaryKeyField . " = :primaryKeyValue";
|
||||
$stmt = $pdo->prepare($query);
|
||||
foreach ($data as $column => $value) {
|
||||
$stmt->bindValue(':' . $column, $value);
|
||||
}
|
||||
$stmt->bindValue(':primaryKeyValue', $id);
|
||||
return $stmt->execute();
|
||||
} catch (\PDOException $e) {
|
||||
error_log($e->getMessage());
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $tablename
|
||||
* @param bool $id
|
||||
@@ -314,8 +405,9 @@ final class Pdo extends Mysql implements IPdo
|
||||
* @param string $tablename
|
||||
* @param string $array_name
|
||||
* @param bool $encrypted
|
||||
* @return bool
|
||||
*/
|
||||
public static function insertArrayIntoTable( $tablename = IMysql::PLACE_TABLE_NAME, $array_name = IMysql::PLACE_ARRAY_NAME, $encrypted = IMysql::PLACE_DES_ENCRYPT )
|
||||
public static function insertArrayIntoTable( $tablename = IMysql::PLACE_TABLE_NAME, $array_name = IMysql::PLACE_ARRAY_NAME, $encrypted = IMysql::PLACE_DES_ENCRYPT ): bool
|
||||
{
|
||||
$statement = parent::getInstance( self::getSettingsSection() )->getConn();
|
||||
|
||||
@@ -373,7 +465,7 @@ final class Pdo extends Mysql implements IPdo
|
||||
{
|
||||
$array_name['key'] = Config::getInstance()->getConfig()[View::NIBIRU_SECURITY]["password_hash"];
|
||||
}
|
||||
$query->execute( $entry );
|
||||
return $query->execute( $entry );
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -426,7 +518,7 @@ final class Pdo extends Mysql implements IPdo
|
||||
{
|
||||
$array_name['key'] = Config::getInstance()->getConfig()[View::NIBIRU_SECURITY]["password_hash"];
|
||||
}
|
||||
$query->execute( $array_name );
|
||||
return $query->execute( $array_name );
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -21,7 +21,9 @@ class TypeText extends FormAttributes implements IForm
|
||||
self::FORM_ATTRIBUTE_REQUIRED => '',
|
||||
self::FORM_ATTRIBUTE_MAXLENGTH => '',
|
||||
self::FORM_ATTRIBUTE_TABINDEX => '',
|
||||
self::FORM_ATTRIBUTE_DISABLED => ''
|
||||
self::FORM_ATTRIBUTE_DISABLED => '',
|
||||
self::FORM_ATTRIBUTE_TS_DECIMALS => '',
|
||||
self::FORM_ATTRIBUTE_TS_STEPS => ''
|
||||
);
|
||||
|
||||
public function loadElement( $attributes )
|
||||
@@ -37,7 +39,7 @@ class TypeText extends FormAttributes implements IForm
|
||||
*/
|
||||
private function _setElement( )
|
||||
{
|
||||
$this->_element = '<input type="text" name="NAME" value="VALUE" placeholder="PLACEHOLDER" maxlength="MAXLENGTH" tabindex="TABINDEX" required="REQUIRED" disabled="DISABLED" SPEECH ID CLASS>' . "\n";
|
||||
$this->_element = '<input type="text" name="NAME" value="VALUE" placeholder="PLACEHOLDER" maxlength="MAXLENGTH" tabindex="TABINDEX" required="REQUIRED" disabled="DISABLED" data-bts-decimals="DATA-BTS-DECIMALS" data-bts-step="DATA-BTS-STEP" SPEECH ID CLASS>' . "\n";
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -9,6 +9,14 @@ namespace Nibiru\Adapter;
|
||||
|
||||
interface IDb
|
||||
{
|
||||
/**
|
||||
* @desc will update the a row with the $rowset parameter by the given id
|
||||
* @param array $rowData
|
||||
* @param int $id
|
||||
* @return mixed
|
||||
*/
|
||||
public function updateRowById( array $rowData, int $id );
|
||||
|
||||
/**
|
||||
* @desc updates a row by a given field and field where search value
|
||||
* @param false $wherefield
|
||||
|
||||
@@ -52,6 +52,8 @@ interface IForm
|
||||
const FORM_ATTRIBUTE_PATTERN = 'pattern';
|
||||
const FORM_ATTRIBUTE_ANY = 'any';
|
||||
const FORM_ATTRIBUTE_HREF = 'href';
|
||||
const FORM_ATTRIBUTE_TS_DECIMALS = "data-bts-decimals";
|
||||
const FORM_ATTRIBUTE_TS_STEPS = "data-bts-step";
|
||||
|
||||
/**
|
||||
* @desc loads the current Form element to the form
|
||||
|
||||
@@ -15,6 +15,7 @@ interface IMysql
|
||||
const PLACE_NO_QUERY = "NO QUERY";
|
||||
const NO_ID = false;
|
||||
const PLACE_TABLE_NAME = "NO TABLENAME";
|
||||
const PLACE_ARRAY_NAME = "NO ARRAY";
|
||||
const PLACE_QUERY_LIMIT = "NO LIMIT";
|
||||
const PLACE_SORT_ORDER = "NO ORDER";
|
||||
const PLACE_DSN = "NO CONNECTION STRING";
|
||||
|
||||
Reference in New Issue
Block a user