From 18d9ab2337caadce2485c5e067078c6e7fd9ee9f Mon Sep 17 00:00:00 2001 From: Sergey Tsalkov Date: Mon, 27 Jan 2020 08:45:36 -0800 Subject: [PATCH] make sure insertOrReplace() gets valid input, throw an error if it doesn't --- db.class.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/db.class.php b/db.class.php index 6b02eee..54baca4 100644 --- a/db.class.php +++ b/db.class.php @@ -335,10 +335,12 @@ class MeekroDB { $keys = array_keys($datas); $values = array_values($datas); } + + if ($which != 'INSERT' && $which != 'INSERT IGNORE' && $which != 'REPLACE') { + return $this->nonSQLError('insertOrReplace() must be called with one of: INSERT, INSERT IGNORE, REPLACE'); + } - if (isset($options['ignore']) && $options['ignore']) $which = 'INSERT IGNORE'; - - if (isset($options['update']) && is_array($options['update']) && $options['update'] && strtoupper($which) == 'INSERT') { + if (isset($options['update']) && is_array($options['update']) && $options['update'] && $which == 'INSERT') { if (array_values($options['update']) !== $options['update']) { return $this->query( str_replace('%', $this->param_char, "INSERT INTO %b %lb VALUES $var ON DUPLICATE KEY UPDATE %hc"), @@ -360,7 +362,7 @@ class MeekroDB { } public function insert($table, $data) { return $this->insertOrReplace('INSERT', $table, $data); } - public function insertIgnore($table, $data) { return $this->insertOrReplace('INSERT', $table, $data, array('ignore' => true)); } + public function insertIgnore($table, $data) { return $this->insertOrReplace('INSERT IGNORE', $table, $data); } public function replace($table, $data) { return $this->insertOrReplace('REPLACE', $table, $data); } public function insertUpdate() {