From 67bae59c666a308e62b0d5c8cad28d5ec52b5cf1 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 25 Apr 2017 05:11:04 +0000 Subject: [PATCH] Small corrections --- include/dba.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/include/dba.php b/include/dba.php index d4a05ff948..3383da86b5 100644 --- a/include/dba.php +++ b/include/dba.php @@ -443,8 +443,8 @@ class dba { } /** - * @brief Executes a prepared statement - * + * @brief Executes a prepared statement that returns data + * @usage Example: $r = p("SELECT * FROM `item` WHERE `guid` = ?", $guid); * @param string $sql SQL statement * @return object statement object */ @@ -529,6 +529,7 @@ class dba { break; case 'mysql': // For the old "mysql" functions we cannot use prepared statements + $offset = 0; foreach ($args AS $param => $value) { if (is_int($args[$param]) OR is_float($args[$param])) { $replace = intval($args[$param]); @@ -536,10 +537,11 @@ class dba { $replace = "'".dbesc($args[$param])."'"; } - $pos = strpos($sql, '?'); + $pos = strpos($sql, '?', $offset); if ($pos !== false) { $sql = substr_replace($sql, $replace, $pos, 1); } + $offset = $pos + strlen($replace); } $retval = mysql_query($sql, self::$dbo->db); @@ -570,10 +572,10 @@ class dba { } /** - * @brief Executes a prepared statement + * @brief Executes a prepared statement like UPDATE or INSERT that doesn't return data * * @param string $sql SQL statement - * @return boolean Was the query successfull? + * @return boolean Was the query successfull? False is returned only if an error occurred */ static public function e($sql) { $a = get_app();