From c1cb06aadce37896d46ea5f6230649d7edc8b49c Mon Sep 17 00:00:00 2001
From: Andrey Kutejko <andy128k@gmail.com>
Date: Sat, 30 Dec 2017 15:31:09 +0100
Subject: [PATCH] use PDO in session middleware

---
 ipf/session/app.php | 48 +++++++++++++++++++--------------------------
 1 file changed, 20 insertions(+), 28 deletions(-)

diff --git a/ipf/session/app.php b/ipf/session/app.php
index 09b9f26..0c0ad89 100644
--- a/ipf/session/app.php
+++ b/ipf/session/app.php
@@ -106,53 +106,46 @@ class CookieSession extends Session
 
 class DBSession extends Session
 {
-    private static function query()
+    private static function getConnection()
     {
-        $connection = \PFF\Container::databaseConnection();
-        return new FluentPDO($connection);
+        return \PFF\Container::databaseConnection();
     }
 
     public static function getData($key)
     {
-        $data = self::query()
-            ->from('session')
-            ->where('session_key', $key)
-            ->fetch('data');
-        if ($data)
-            return unserialize($data);
+        $connection = self::getConnection();
+        $stmt = $connection->prepare('SELECT data FROM session WHERE session_key = :key');
+        $stmt->bindValue('key', $key, PDO::PARAM_STR);
+        $stmt->execute();
+        $row = $stmt->fetch(PDO::FETCH_ASSOC);
+        if ($row !== false)
+            return unserialize($row['data']);
         else
             return null;
     }
 
     public function delete()
     {
-        self::query()
-            ->deleteFrom('session')
-            ->where('session_key', $key)
-            ->execute();
+        $connection = self::getConnection();
+        $stmt = $connection->prepare('DELETE FROM session WHERE session_key = :key');
+        $stmt->bindValue('key', $key, PDO::PARAM_STR);
+        $stmt->execute();
 
         $this->key = null;
     }
 
     protected function save()
     {
-        $params = array(
-            'data' => serialize($this->data),
-            'updated_at' => gmdate('Y-m-d H:i:s', $this->updatedAt()),
-        );
-
+        $connection = self::getConnection();
         if ($this->key) {
-            self::query()
-                ->update('session')
-                ->where('session_key', $this->key)
-                ->set($params)
-                ->execute();
+            $stmt = $connection->prepare('UPDATE session SET data = :data, updated_at = NOW() WHERE session_key = :key');
         } else {
-            $params['session_key'] = $this->key = self::getNewSessionKey();
-            self::query()
-                ->insertInto('session', $params)
-                ->execute();
+            $this->key = self::getNewSessionKey();
+            $stmt = $connection->prepare('INSERT INTO session (session_key, data) VALUES (:key, :data)');
         }
+        $stmt->bindValue('key', $this->key, PDO::PARAM_STR);
+        $stmt->bindValue('data', serialize($this->data), PDO::PARAM_STR);
+        $stmt->execute();
     }
 
     private static function getNewSessionKey($secret_key=null)
@@ -162,4 +155,3 @@ class DBSession extends Session
         return md5(microtime().rand(0, 123456789).rand(0, 123456789).$secret_key);
     }
 }
-
-- 
2.49.0