From: Andrey Kutejko <andy128k@gmail.com>
Date: Sat, 30 Dec 2017 14:54:01 +0000 (+0100)
Subject: use PDO for admin log queries
X-Git-Tag: 0.6~26
X-Git-Url: https://git.andy128k.dev/?a=commitdiff_plain;h=2a46595fb511f39f69feee5bac7893e860453642;p=ipf.git

use PDO for admin log queries
---

diff --git a/ipf/admin/log.php b/ipf/admin/log.php
index e7b562b..747cbbd 100644
--- a/ipf/admin/log.php
+++ b/ipf/admin/log.php
@@ -4,37 +4,38 @@ class IPF_Admin_Log
 {
     public static function count()
     {
-        return \PFF\Container::databaseQuery()
-            ->from('admin_log')
-            ->select(null)
-            ->select('COUNT(1) AS cnt')
-            ->fetch('cnt');
+        $connection = \PFF\Container::databaseConnection();
+        $stmt = $connection->prepare('SELECT COUNT(1) AS cnt FROM admin_log');
+        $stmt->execute();
+        $row = $stmt->fetch(PDO::FETCH_ASSOC);
+        return $row['cnt'];
     }
 
     public static function recent($limit=10, $offset=0)
     {
-        return \PFF\Container::databaseQuery()
-            ->from('admin_log')
-            ->orderBy('created_at DESC')
-            ->limit($limit)
-            ->offset($offset)
-            ->asObject(true)
-            ->fetchAll();
+        $connection = \PFF\Container::databaseConnection();
+        $stmt = $connection->prepare('SELECT * FROM admin_log ORDER BY created_at DESC LIMIT :limit OFFSET :offset');
+        $stmt->bindValue('limit', (int)$limit, PDO::PARAM_INT);
+        $stmt->bindValue('offset', (int)$offset, PDO::PARAM_INT);
+        $stmt->execute();
+        return $stmt->fetchAll(PDO::FETCH_OBJ);
     }
 
     public static function log($who, $action, $repr, $class, $url=null)
     {
-        $data = array(
-            'username'      => $who->username,
-            'user_id'       => $who->id,
-            'action'        => $action,
-            'object_class'  => $class,
-            'object_repr'   => $repr,
-            'object_url'    => $url,
+        $connection = \PFF\Container::databaseConnection();
+        $stmt = $connection->prepare('INSERT INTO admin_log ' .
+            '(username, user_id, action, object_class, object_repr, object_url)' .
+            ' VALUES ' .
+            '(:username, :user_id, :action, :object_class, :object_repr, :object_url)'
         );
-        \PFF\Container::databaseQuery()
-            ->insertInto('admin_log', $data)
-            ->execute();
+        $stmt->bindValue('username', $who->username, PDO::PARAM_STR);
+        $stmt->bindValue('user_id', $who->id, PDO::PARAM_STR);
+        $stmt->bindValue('action', $action, PDO::PARAM_STR);
+        $stmt->bindValue('object_class', $class, PDO::PARAM_STR);
+        $stmt->bindValue('object_repr', $repr, PDO::PARAM_STR);
+        $stmt->bindValue('object_url', $url, PDO::PARAM_STR);
+        $stmt->execute();
     }
 
     public static function logObject($component, $action, $object, $object_id=null)
@@ -43,4 +44,3 @@ class IPF_Admin_Log
         self::log($component->request->user, $action, (string)$object, $component->verbose_name(), $url);
     }
 }
-