kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-10-31 02:36:54 +00:00
Code Issues Projects Releases Wiki Activity

Use bind params when copying a recipe (fixes #2337)

Browse Source
This commit is contained in:
Bernd Bestel
2023-09-15 13:58:57 +02:00
parent 1e60f940e4
commit 3308e79027
3 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
changelog/74_UNRELEASED_xxxx-xx-xx.md
View File

@@ -18,7 +18,7 @@
### Recipes ### Recipes
- xxx - Fixed that copying recipes with special characters in the name was not possible
### Meal plan ### Meal plan

18
services/DatabaseService.php
View File

@@ -23,7 +23,7 @@ class DatabaseService
return false; return false;
} }
public function ExecuteDbStatement(string $sql) public function ExecuteDbStatement(string $sql, array $params = null)
{ {
$pdo = $this->GetDbConnectionRaw(); $pdo = $this->GetDbConnectionRaw();
@@ -36,9 +36,21 @@ class DatabaseService
} }
} }
if ($pdo->exec($sql) === false) if ($params == null)
{ {
throw new \Exception($pdo->errorInfo());
if ($pdo->exec($sql) === false)
{
throw new \Exception($pdo->errorInfo());
}
}
else
{
$cmd = $pdo->prepare($sql);
if ($cmd->execute($params) === false)
{
throw new \Exception($pdo->errorInfo());
}
} }
return true; return true;

6
services/RecipesService.php
View File

@@ -145,10 +145,10 @@ class RecipesService extends BaseService
$newName = $this->getLocalizationService()->__t('Copy of %s', $this->getDataBase()->recipes($recipeId)->name); $newName = $this->getLocalizationService()->__t('Copy of %s', $this->getDataBase()->recipes($recipeId)->name);
$this->getDatabaseService()->ExecuteDbStatement('INSERT INTO recipes (name, description, picture_file_name, base_servings, desired_servings, not_check_shoppinglist, type, product_id) SELECT \'' . $newName . '\', description, picture_file_name, base_servings, desired_servings, not_check_shoppinglist, type, product_id FROM recipes WHERE id = ' . $recipeId); $this->getDatabaseService()->ExecuteDbStatement('INSERT INTO recipes (name, description, picture_file_name, base_servings, desired_servings, not_check_shoppinglist, type, product_id) SELECT :new_name, description, picture_file_name, base_servings, desired_servings, not_check_shoppinglist, type, product_id FROM recipes WHERE id = :recipe_id', ['recipe_id' => $recipeId, 'new_name' => $newName]);
$lastInsertId = $this->getDatabase()->lastInsertId(); $lastInsertId = $this->getDatabase()->lastInsertId();
$this->getDatabaseService()->ExecuteDbStatement('INSERT INTO recipes_pos (recipe_id, product_id, amount, note, qu_id, only_check_single_unit_in_stock, ingredient_group, not_check_stock_fulfillment, variable_amount, price_factor) SELECT ' . $lastInsertId . ', product_id, amount, note, qu_id, only_check_single_unit_in_stock, ingredient_group, not_check_stock_fulfillment, variable_amount, price_factor FROM recipes_pos WHERE recipe_id = ' . $recipeId); $this->getDatabaseService()->ExecuteDbStatement('INSERT INTO recipes_pos (recipe_id, product_id, amount, note, qu_id, only_check_single_unit_in_stock, ingredient_group, not_check_stock_fulfillment, variable_amount, price_factor) SELECT :last_insert_id, product_id, amount, note, qu_id, only_check_single_unit_in_stock, ingredient_group, not_check_stock_fulfillment, variable_amount, price_factor FROM recipes_pos WHERE recipe_id = :recipe_id', ['recipe_id' => $recipeId, 'last_insert_id' => $lastInsertId]);
$this->getDatabaseService()->ExecuteDbStatement('INSERT INTO recipes_nestings (recipe_id, includes_recipe_id, servings) SELECT ' . $lastInsertId . ', includes_recipe_id, servings FROM recipes_nestings WHERE recipe_id = ' . $recipeId); $this->getDatabaseService()->ExecuteDbStatement('INSERT INTO recipes_nestings (recipe_id, includes_recipe_id, servings) SELECT :last_insert_id, includes_recipe_id, servings FROM recipes_nestings WHERE recipe_id = :recipe_id', ['recipe_id' => $recipeId, 'last_insert_id' => $lastInsertId]);
return $lastInsertId; return $lastInsertId;
} }