From 0a87d41891c6e5876d05885662b5b7d120673538 Mon Sep 17 00:00:00 2001 From: Banana Date: Tue, 23 Jul 2019 21:08:00 +0200 Subject: [PATCH] using objects and mysql transactions --- webroot/lib/link.class.php | 25 ++++++++++++++++++++++++- webroot/view/home.inc.php | 36 ++++++++++++++++-------------------- webroot/view/home.php | 1 - 3 files changed, 40 insertions(+), 22 deletions(-) diff --git a/webroot/lib/link.class.php b/webroot/lib/link.class.php index c1fd042..df36008 100644 --- a/webroot/lib/link.class.php +++ b/webroot/lib/link.class.php @@ -99,8 +99,31 @@ class Link { /** * create a new link with the given data * @param array $data + * @return boolean|int */ - public function create($data) { + public function create($data,$returnId=false) { + $ret = false; + + if(!isset($data['link']) || empty($data['link'])) return false; + if(!isset($data['hash']) || empty($data['hash'])) return false; + if(!isset($data['title']) || empty($data['title'])) return false; + + $queryStr = "INSERT IGNORE INTO `".DB_PREFIX."_link` SET + `link` = '".$this->DB->real_escape_string($data['link'])."', + `created` = NOW(), + `status` = '".$this->DB->real_escape_string($data['status'])."', + `description` = '".$this->DB->real_escape_string($data['description'])."', + `title` = '".$this->DB->real_escape_string($data['title'])."', + `image` = '".$this->DB->real_escape_string($data['image'])."', + `hash` = '".$this->DB->real_escape_string($data['hash'])."', + `search` = '".$this->DB->real_escape_string($data['search'])."'"; + + $this->DB->query($queryStr); + if($returnId === true) { + $ret = $this->DB->insert_id; + } + + return $ret; } /** diff --git a/webroot/view/home.inc.php b/webroot/view/home.inc.php index 21ade71..de1321e 100644 --- a/webroot/view/home.inc.php +++ b/webroot/view/home.inc.php @@ -36,7 +36,7 @@ $formData = false; $honeypotCheck = false; if((isset($_POST['password']) && !empty($_POST['password'])) || (isset($_POST['username']) && !empty($_POST['username']))) { - # those are hidden fields. A robot my input these. A valid user does not. + # those are hidden fields. A robot may input these. A valid user does not. $honeypotCheck = true; } @@ -131,25 +131,18 @@ if(isset($_POST['data']) && !empty($_POST['data']) && isset($_POST['addnewone']) $search .= ' '.implode(" ",$tagArr); $search .= ' '.implode(" ",$catArr); - $queryStr = "INSERT IGNORE INTO `".DB_PREFIX."_link` SET - `link` = '".$DB->real_escape_string($formData['url'])."', - `created` = NOW(), - `status` = '".$DB->real_escape_string($formData['private'])."', - `description` = '".$DB->real_escape_string($formData['description'])."', - `title` = '".$DB->real_escape_string($formData['title'])."', - `image` = '".$DB->real_escape_string($formData['image'])."', - `hash` = '".$DB->real_escape_string($hash)."', - `search` = '".$DB->real_escape_string($search)."'"; - - /* - var_dump($catArr); - var_dump($tagArr); - var_dump($queryStr); - exit(); - */ - - $DB->query($queryStr); - $linkID = $DB->insert_id; + $DB->begin_transaction(MYSQLI_TRANS_START_READ_WRITE); + + $linkObj = new Link($DB); + $linkID = $linkObj->create(array( + 'hash' => $hash, + 'search' => $search, + 'link' => $formData['url'], + 'status' => $formData['private'], + 'description' => $formData['description'], + 'title' => $formData['title'], + 'image' => $formData['image'] + ),true); if(!empty($linkID)) { @@ -172,11 +165,14 @@ if(isset($_POST['data']) && !empty($_POST['data']) && isset($_POST['addnewone']) } } + $DB->commit(); + $submitFeedback['message'] = 'Link added successfully.'; $submitFeedback['status'] = 'success'; $TemplateData['refresh'] = 'index.php?p=linkinfo&id='.$hash; } else { + $DB->rollback(); $submitFeedback['message'] = 'Something went wrong...'; $submitFeedback['status'] = 'error'; $showAddForm = true; diff --git a/webroot/view/home.php b/webroot/view/home.php index d0ed0d4..fc4768c 100644 --- a/webroot/view/home.php +++ b/webroot/view/home.php @@ -26,7 +26,6 @@ * */ ?> -
-- 2.39.5