Witam.
Mam taką klasę do obsługi baz danych:
class Db
{
private $_hostname;
private $_database;
private $_username;
private $_password;
private $_port;
private $_pdo;
private $_sQuery;
private $_bConnected = false;
private $_parameters;
private $_config;
private $_psException;
public function __construct()
{
$this->_config = Registry::register("Core\Utilities\Config");
$this->_psException = new PsException();
$this->_hostname = $this->_config->db_host;
$this->_database = $this->_config->db_db;
$this->_username = $this->_config->db_user;
$this->_password = $this->_config->db_pass;
$this->_port = $this->_config->db_port;
$this->Connect($this->_hostname, $this->_database, $this->_username, $this->_password, $this->_port);
$this->_parameters = array();
}
private function Connect($hostname, $database, $username, $password, $port)
{
try {
$options = array(\PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'");
$this->_pdo = new \PDO("mysql:host={$hostname};dbname={$database};port={$port};charset=utf8", $username, $password, $options);
$this->_pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
$this->_pdo->setAttribute(\PDO::ATTR_DEFAULT_FETCH_MODE, \PDO::FETCH_ASSOC);
$this->_pdo->setAttribute(\PDO::ATTR_EMULATE_PREPARES, true);
$this->_pdo->query('SET NAMES utf8');
$this->_bConnected = true;
} catch (PDOException $ex) {
$this->_psException->registerError("Failed to connect to the database: " . $ex->getMessage());
} catch (Exception $e) {
$this->_psException->registerError("Failed to connect to the database: " . $e->getCode() . "." . $e->getMessage());
}
}
public function CloseConnection()
{
$this->_pdo = null;
}
private function Init($query, $parameters = "")
{
if (!$this->_bConnected) {
$this->Connect();
}
try {
$this->_sQuery = $this->_pdo->prepare($query);
$this->bindMore($parameters);
if (!empty($this->_parameters)) {
foreach ($this->_parameters as $param) {
$parameters = explode("\x7F", $param);
$this->_sQuery->bindParam($parameters[0], $parameters[1]);
}
}
$this->success = $this->_sQuery->execute();
} catch (PDOException $e) {
$this->ExceptionLog($e->getMessage(), $query);
}
$this->_parameters = array();
}
public function bind($para, $value)
{
$this->_parameters[sizeof($this->_parameters)] = ":" . $para . "\x7F" . ($value);
}
public function bindMore($parray)
{
if (empty($this->_parameters) && is_array($parray)) {
$columns = array_keys($parray);
foreach ($columns as $i => &$column) {
$this->bind($column, $parray[$column]);
}
}
}
public function query($query, $params = null, $fetchmode = \PDO::FETCH_ASSOC)
{
$query = trim($query);
$this->Init($query, $params);
$rawStatement = explode(" ", $query);
$statement = strtolower($rawStatement[0]);
if ($statement === 'select' || $statement === 'show') {
return $this->_sQuery->fetchAll($fetchmode);
} elseif ($statement === 'insert' || $statement === 'update' || $statement === 'delete') {
return $this->_sQuery->rowCount();
} else {
return null;
}
}
public function lastInsertId()
{
return $this->_pdo->lastInsertId();
}
public function column($query, $params = null)
{
$this->Init($query, $params);
$Columns = $this->_sQuery->fetchAll(\PDO::FETCH_NUM);
$column = null;
foreach ($Columns as $cells) {
$column[] = $cells[0];
}
return $column;
}
public function row($query, $params = null, $fetchmode = \PDO::FETCH_ASSOC)
{
$this->Init($query, $params);
return $this->_sQuery->fetch($fetchmode);
}
public function single($query, $params = null)
{
$this->Init($query, $params);
return $this->_sQuery->fetchColumn();
}
private function ExceptionLog($message, $sql = "")
{
$message .= 'Unhandled Exception. $message';
if (!empty($sql)) {
$message .= "\r\nQuery SQL : " . $sql;
}
$this->_psException->registerError($message);
}
}
oraz metodę do zapisu:
$queryValue["enable"] = $dataValues['enable'];
$queryValue["number"] = $dataValues['number'];
$queryValue["description"] = $dataValues['description'];
$queryValue["date"] = $dataValues['date'];
$queryValue["visible_on_the_front"] = $dataValues['visible_on_the_front'];
$queryValue["id_category_page"] = $dataValues['id_category_page'];
$queryValue["visible_on_the_front2"] = $dataValues['visible_on_the_front2'];
$this->_db->query("INSERT INTO psGalleryCategories (visible_on_the_front2, id_category_page, visible_on_the_front, date, description, enable, number) VALUES (:visible_on_the_front2, :id_category_page, :visible_on_the_front, :date, :description, :enable, :number);", $queryValue);
W momencie gdy zapisuje taki ciąg znaków:
'';fwefewfpew'f'wef'wefew.''fewvdsniu*&&^&^@^7ef125e2'""''
Otrzymuję błąd:
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'f'wef'wefew.''fewvdsniu*&&^&^@^7ef125e2''' at line 1 in /Applications/XAMPP/xamppfiles/htdocs/um/apps/core/utilities/DbClass.php:78 Stack trace: #0 /Applications/XAMPP/xamppfiles/htdocs/um/apps/core/utilities/DbClass.php(78): PDOStatement->execute() #1 /Applications/XAMPP/xamppfiles/htdocs/um/apps/core/utilities/DbClass.php(139): Core\Utilities\Db->Init('SELECT COUNT(ti...', NULL) #2 /Applications/XAMPP/xamppfiles/htdocs/um/apps/core/models/ModelClass.php(24): Core\Utilities\Db->row('SELECT COUNT(ti...') #3 /Applications/XAMPP/xamppfiles/htdocs/um/apps/backend/models/GalleryModel.php(230): Core\Models\Model->createSeoUrl(''';fwefewfpew'f...', 'title_pl', 'psGalleryCatego...') #4 /Applications/XAMPP/xamppfiles/htdocs/um/apps/backend/controllers/GalleryList.php(14 in /Applications/XAMPP/xamppfiles/htdocs/um/apps/core/utilities/DbClass.php on line 78
Jak naprawić ten błąd?