From c4a86060b7193e1072a1149be53863c3418dda82 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Mon, 11 May 2026 22:02:38 +0900 Subject: [PATCH] treewide: swap all uses of `bindParam` with `bindValue` This causes complaints and warnings when used with functions generating values instead of already bound variables. Nowhere do we rely on the arguments being passed by reference. --- src/pvv/admin/usermanager.php | 16 +++++++-------- src/pvv/side/dbactivity.php | 2 +- src/pvv/side/door.php | 10 ++++------ src/pvv/side/motd.php | 6 +++--- src/pvv/side/projectmanager.php | 10 +++++----- www/admin/aktiviteter/update.php | 26 ++++++++++++------------ www/admin/prosjekter/update.php | 26 ++++++++++++------------ www/prosjekt/update.php | 34 ++++++++++++++++---------------- 8 files changed, 64 insertions(+), 66 deletions(-) diff --git a/src/pvv/admin/usermanager.php b/src/pvv/admin/usermanager.php index c1b75eb..8126840 100644 --- a/src/pvv/admin/usermanager.php +++ b/src/pvv/admin/usermanager.php @@ -20,16 +20,16 @@ class UserManager { public function setupUser(string $uname, int $groups = 0): void { $query = 'INSERT INTO users (uname, groups) VALUES (:uname, :groups)'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':uname', $uname, \PDO::PARAM_STR); - $statement->bindParam(':groups', $groups, \PDO::PARAM_INT); + $statement->bindValue(':uname', $uname, \PDO::PARAM_STR); + $statement->bindValue(':groups', $groups, \PDO::PARAM_INT); $statement->execute(); } public function updateFlags(string $uname, int $flags): void { $query = 'UPDATE users set groups=:groups WHERE uname=:uname'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':groups', $flags, \PDO::PARAM_INT); - $statement->bindParam(':uname', $uname, \PDO::PARAM_STR); + $statement->bindValue(':groups', $flags, \PDO::PARAM_INT); + $statement->bindValue(':uname', $uname, \PDO::PARAM_STR); } public function addGroup(string $uname, int $group): void { @@ -53,15 +53,15 @@ class UserManager { public function setGroups(string $uname, int $groups): void { $query = 'SELECT * FROM users WHERE uname=:uname LIMIT 1'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':uname', $uname, \PDO::PARAM_STR); + $statement->bindValue(':uname', $uname, \PDO::PARAM_STR); $statement->execute(); $row = $statement->fetch(); if ($row) { $query = 'UPDATE users set groups=:groups WHERE uname=:uname'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':groups', $groups, \PDO::PARAM_INT); - $statement->bindParam(':uname', $uname, \PDO::PARAM_STR); + $statement->bindValue(':groups', $groups, \PDO::PARAM_INT); + $statement->bindValue(':uname', $uname, \PDO::PARAM_STR); $statement->execute(); } else { $this->setupUser($uname, $groups); @@ -94,7 +94,7 @@ class UserManager { public function getUsergroups(string $uname): int { $query = 'SELECT groups FROM users WHERE uname=:uname LIMIT 1'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':uname', $uname, \PDO::PARAM_STR); + $statement->bindValue(':uname', $uname, \PDO::PARAM_STR); $statement->execute(); $row = $statement->fetch(); diff --git a/src/pvv/side/dbactivity.php b/src/pvv/side/dbactivity.php index 91c0d4f..0bcf7c3 100644 --- a/src/pvv/side/dbactivity.php +++ b/src/pvv/side/dbactivity.php @@ -39,7 +39,7 @@ class DBActivity implements Activity { public function getEventByID(int $id): SimpleEvent { $query = 'SELECT * FROM events WHERE id=:id LIMIT 1'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':id', $id, \PDO::PARAM_INT); + $statement->bindValue(':id', $id, \PDO::PARAM_INT); $statement->execute(); $dbEvent = $statement->fetch(); diff --git a/src/pvv/side/door.php b/src/pvv/side/door.php index 9880cb5..817ac23 100644 --- a/src/pvv/side/door.php +++ b/src/pvv/side/door.php @@ -68,8 +68,6 @@ class Door { * @return DoorStatus[] */ public function getEntriesAfter(\DateTimeImmutable $startTime): array { - $timestamp = $startTime->getTimestamp(); - $query = ' SELECT time, @@ -79,7 +77,7 @@ class Door { ORDER BY time DESC '; $statement = $this->pdo->prepare($query); - $statement->bindParam(':startTime', $timestamp, \PDO::PARAM_INT); + $statement->bindValue(':startTime', $startTime->getTimestamp(), \PDO::PARAM_INT); $statement->execute(); $result = array_map( @@ -124,15 +122,15 @@ class Door { $firstValidTime = time() - 60 * 60 * 24 * self::DAYS_OF_DOOR_HISTORY; $query = 'DELETE FROM door WHERE time < :firstValid'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':firstValid', $firstValidTime, \PDO::PARAM_INT); + $statement->bindValue(':firstValid', $firstValidTime, \PDO::PARAM_INT); $statement->execute(); } public function createEvent(\DateTimeImmutable $time, bool $open): void { $query = 'INSERT INTO door(time, open) VALUES (:time, :open)'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':time', $time->getTimestamp(), \PDO::PARAM_INT); - $statement->bindParam(':open', $open, \PDO::PARAM_BOOL); + $statement->bindValue(':time', $time->getTimestamp(), \PDO::PARAM_INT); + $statement->bindValue(':open', $open, \PDO::PARAM_BOOL); $statement->execute(); $this->removeOld(); diff --git a/src/pvv/side/motd.php b/src/pvv/side/motd.php index 5a1c5c3..dcc63e9 100644 --- a/src/pvv/side/motd.php +++ b/src/pvv/side/motd.php @@ -47,8 +47,8 @@ class MOTD { $query = 'INSERT INTO motd(title, content) VALUES (:title, :content)'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':title', $title, \PDO::PARAM_STR); - $statement->bindParam(':content', $content, \PDO::PARAM_STR); + $statement->bindValue(':title', $title, \PDO::PARAM_STR); + $statement->bindValue(':content', $content, \PDO::PARAM_STR); $statement->execute(); } @@ -88,7 +88,7 @@ class MOTD { LIMIT :limit '; $statement = $this->pdo->prepare($query); - $statement->bindParam(':limit', $limit, \PDO::PARAM_STR); + $statement->bindValue(':limit', $limit, \PDO::PARAM_STR); $statement->execute(); $result = array_map( diff --git a/src/pvv/side/projectmanager.php b/src/pvv/side/projectmanager.php index fe9407c..8cf55ed 100644 --- a/src/pvv/side/projectmanager.php +++ b/src/pvv/side/projectmanager.php @@ -36,7 +36,7 @@ class ProjectManager { public function getByID(int $id): ?Project { $query = 'SELECT * FROM projects WHERE id=:id LIMIT 1'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':id', $id, \PDO::PARAM_INT); + $statement->bindValue(':id', $id, \PDO::PARAM_INT); $statement->execute(); $dbProj = $statement->fetch(); @@ -58,7 +58,7 @@ class ProjectManager { public function getByOwner(string $uname): array { $query = 'SELECT projectid FROM projectmembers WHERE uname=:uname'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':uname', $uname, \PDO::PARAM_STR); + $statement->bindValue(':uname', $uname, \PDO::PARAM_STR); $statement->execute(); $projectIDs = $statement->fetchAll(); @@ -68,7 +68,7 @@ class ProjectManager { $query = 'SELECT * FROM projects WHERE id=:id'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':id', $id, \PDO::PARAM_INT); + $statement->bindValue(':id', $id, \PDO::PARAM_INT); $statement->execute(); foreach ($statement->fetchAll() as $dbProj) { @@ -91,7 +91,7 @@ class ProjectManager { public function getProjectMembers(int $id): array { $query = 'SELECT * FROM projectmembers WHERE projectid=:id'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':id', $id, \PDO::PARAM_STR); + $statement->bindValue(':id', $id, \PDO::PARAM_STR); $statement->execute(); $members = []; @@ -115,7 +115,7 @@ class ProjectManager { public function getProjectOwner(int $id): array { $query = 'SELECT * FROM projectmembers WHERE (projectid=:id AND owner=1)'; $statement = $this->pdo->prepare($query); - $statement->bindParam(':id', $id, \PDO::PARAM_STR); + $statement->bindValue(':id', $id, \PDO::PARAM_STR); $statement->execute(); $dbOwner = $statement->fetch(); diff --git a/www/admin/aktiviteter/update.php b/www/admin/aktiviteter/update.php index 653d80d..a369453 100644 --- a/www/admin/aktiviteter/update.php +++ b/www/admin/aktiviteter/update.php @@ -78,12 +78,12 @@ if ($id == 0) { '; $statement = $pdo->prepare($query); - $statement->bindParam(':title', $title, PDO::PARAM_STR); - $statement->bindParam(':desc', $desc, PDO::PARAM_STR); - $statement->bindParam(':start', $start, PDO::PARAM_STR); - $statement->bindParam(':stop', $stop, PDO::PARAM_STR); - $statement->bindParam(':organiser', $organiser, PDO::PARAM_STR); - $statement->bindParam(':loc', $location, PDO::PARAM_STR); + $statement->bindValue(':title', $title, PDO::PARAM_STR); + $statement->bindValue(':desc', $desc, PDO::PARAM_STR); + $statement->bindValue(':start', $start, PDO::PARAM_STR); + $statement->bindValue(':stop', $stop, PDO::PARAM_STR); + $statement->bindValue(':organiser', $organiser, PDO::PARAM_STR); + $statement->bindValue(':loc', $location, PDO::PARAM_STR); } else { $query = ' UPDATE @@ -100,13 +100,13 @@ if ($id == 0) { '; $statement = $pdo->prepare($query); - $statement->bindParam(':title', $title, PDO::PARAM_STR); - $statement->bindParam(':desc', $desc, PDO::PARAM_STR); - $statement->bindParam(':start', $start, PDO::PARAM_STR); - $statement->bindParam(':stop', $stop, PDO::PARAM_STR); - $statement->bindParam(':organiser', $organiser, PDO::PARAM_STR); - $statement->bindParam(':loc', $location, PDO::PARAM_STR); - $statement->bindParam(':id', $id, PDO::PARAM_INT); + $statement->bindValue(':title', $title, PDO::PARAM_STR); + $statement->bindValue(':desc', $desc, PDO::PARAM_STR); + $statement->bindValue(':start', $start, PDO::PARAM_STR); + $statement->bindValue(':stop', $stop, PDO::PARAM_STR); + $statement->bindValue(':organiser', $organiser, PDO::PARAM_STR); + $statement->bindValue(':loc', $location, PDO::PARAM_STR); + $statement->bindValue(':id', $id, PDO::PARAM_INT); } $statement->execute(); diff --git a/www/admin/prosjekter/update.php b/www/admin/prosjekter/update.php index 0dc5a73..13c2944 100644 --- a/www/admin/prosjekter/update.php +++ b/www/admin/prosjekter/update.php @@ -45,9 +45,9 @@ if ($id == 0) { '; $statement = $pdo->prepare($query); - $statement->bindParam(':title', $title, PDO::PARAM_STR); - $statement->bindParam(':desc', $desc, PDO::PARAM_STR); - $statement->bindParam(':active', $active, PDO::PARAM_BOOL); + $statement->bindValue(':title', $title, PDO::PARAM_STR); + $statement->bindValue(':desc', $desc, PDO::PARAM_STR); + $statement->bindValue(':active', $active, PDO::PARAM_BOOL); $statement->execute(); @@ -58,9 +58,9 @@ if ($id == 0) { (last_insert_rowid(), :owner, :owneruname, :owneremail, \'Prosjektleder\', 1, 1) '; $statement = $pdo->prepare($ownerQuery); - $statement->bindParam(':owner', $name, PDO::PARAM_STR); - $statement->bindParam(':owneruname', $uname, PDO::PARAM_STR); - $statement->bindParam(':owneremail', $mail, PDO::PARAM_STR); + $statement->bindValue(':owner', $name, PDO::PARAM_STR); + $statement->bindValue(':owneruname', $uname, PDO::PARAM_STR); + $statement->bindValue(':owneremail', $mail, PDO::PARAM_STR); $statement->execute(); } else { @@ -76,10 +76,10 @@ if ($id == 0) { '; $statement = $pdo->prepare($query); - $statement->bindParam(':title', $title, PDO::PARAM_STR); - $statement->bindParam(':desc', $desc, PDO::PARAM_STR); - $statement->bindParam(':active', $active, PDO::PARAM_BOOL); - $statement->bindParam(':id', $id, PDO::PARAM_INT); + $statement->bindValue(':title', $title, PDO::PARAM_STR); + $statement->bindValue(':desc', $desc, PDO::PARAM_STR); + $statement->bindValue(':active', $active, PDO::PARAM_BOOL); + $statement->bindValue(':id', $id, PDO::PARAM_INT); $statement->execute(); @@ -93,9 +93,9 @@ if ($id == 0) { '; $statement = $pdo->prepare($query); - $statement->bindParam(':name', $name, PDO::PARAM_STR); - $statement->bindParam(':uname', $uname, PDO::PARAM_STR); - $statement->bindParam(':mail', $mail, PDO::PARAM_STR); + $statement->bindValue(':name', $name, PDO::PARAM_STR); + $statement->bindValue(':uname', $uname, PDO::PARAM_STR); + $statement->bindValue(':mail', $mail, PDO::PARAM_STR); $statement->execute(); } diff --git a/www/prosjekt/update.php b/www/prosjekt/update.php index bedd19a..df848ed 100644 --- a/www/prosjekt/update.php +++ b/www/prosjekt/update.php @@ -33,18 +33,18 @@ if ($id == 0) { $query = 'INSERT INTO projects (name, description, active) VALUES (:title, :desc, TRUE)'; $statement = $pdo->prepare($query); - $statement->bindParam(':title', $title, PDO::PARAM_STR); - $statement->bindParam(':desc', $desc, PDO::PARAM_STR); + $statement->bindValue(':title', $title, PDO::PARAM_STR); + $statement->bindValue(':desc', $desc, PDO::PARAM_STR); $statement->execute(); $new_id = $pdo->lastInsertId(); $ownerQuery = "INSERT INTO projectmembers (projectid, name, uname, mail, role, lead, owner) VALUES (:id, :owner, :owneruname, :owneremail, 'Prosjektleder', TRUE, TRUE)"; $statement = $pdo->prepare($ownerQuery); - $statement->bindParam(':id', $new_id, PDO::PARAM_STR); - $statement->bindParam(':owner', $name, PDO::PARAM_STR); - $statement->bindParam(':owneruname', $uname, PDO::PARAM_STR); - $statement->bindParam(':owneremail', $mail, PDO::PARAM_STR); + $statement->bindValue(':id', $new_id, PDO::PARAM_STR); + $statement->bindValue(':owner', $name, PDO::PARAM_STR); + $statement->bindValue(':owneruname', $uname, PDO::PARAM_STR); + $statement->bindValue(':owneremail', $mail, PDO::PARAM_STR); $statement->execute(); } else { @@ -64,18 +64,18 @@ if ($id == 0) { if ($is_member) {// leave $query = 'DELETE FROM projectmembers WHERE projectid=:id AND uname=:uname and lead=FALSE and owner=FALSE;'; $statement = $pdo->prepare($query); - $statement->bindParam(':id', $id, PDO::PARAM_STR); - $statement->bindParam(':uname', $uname, PDO::PARAM_STR); + $statement->bindValue(':id', $id, PDO::PARAM_STR); + $statement->bindValue(':uname', $uname, PDO::PARAM_STR); $statement->execute(); echo 'leave'; } else {// join $query = "INSERT INTO projectmembers (projectid, name, uname, mail, role, lead, owner) VALUES (:id, :name, :uname, :mail, 'Medlem', FALSE, FALSE)"; $statement = $pdo->prepare($query); - $statement->bindParam(':id', $id, PDO::PARAM_STR); - $statement->bindParam(':name', $name, PDO::PARAM_STR); - $statement->bindParam(':uname', $uname, PDO::PARAM_STR); - $statement->bindParam(':mail', $mail, PDO::PARAM_STR); + $statement->bindValue(':id', $id, PDO::PARAM_STR); + $statement->bindValue(':name', $name, PDO::PARAM_STR); + $statement->bindValue(':uname', $uname, PDO::PARAM_STR); + $statement->bindValue(':mail', $mail, PDO::PARAM_STR); $statement->execute(); echo 'join'; @@ -96,12 +96,12 @@ if ($id == 0) { $query = 'DELETE FROM projects WHERE id=:id'; $statement = $pdo->prepare($query); - $statement->bindParam(':id', $id, PDO::PARAM_INT); + $statement->bindValue(':id', $id, PDO::PARAM_INT); $statement->execute(); $query = 'DELETE FROM projectmembers WHERE projectid=:id'; $statement = $pdo->prepare($query); - $statement->bindParam(':id', $id, PDO::PARAM_INT); + $statement->bindValue(':id', $id, PDO::PARAM_INT); $statement->execute(); $pdo->commit(); @@ -109,9 +109,9 @@ if ($id == 0) { $query = 'UPDATE projects SET name=:title, description=:desc WHERE id=:id'; $statement = $pdo->prepare($query); - $statement->bindParam(':title', $title, PDO::PARAM_STR); - $statement->bindParam(':desc', $desc, PDO::PARAM_STR); - $statement->bindParam(':id', $id, PDO::PARAM_INT); + $statement->bindValue(':title', $title, PDO::PARAM_STR); + $statement->bindValue(':desc', $desc, PDO::PARAM_STR); + $statement->bindValue(':id', $id, PDO::PARAM_INT); $statement->execute(); }