kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-08-08 07:19:32 +00:00
Code Issues Projects Releases Wiki Activity

Use bind params when copying a recipe (fixes #2337)

Browse Source
This commit is contained in:
Bernd Bestel 2023-09-15 13:58:57 +02:00
parent 1e60f940e4
commit 3308e79027
No known key found for this signature in database
GPG Key ID: 71BD34C0D4891300
3 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changelog/74_UNRELEASED_xxxx-xx-xx.md
View File

@ -18,7 +18,7 @@
### Recipes
- xxx
- Fixed that copying recipes with special characters in the name was not possible
### Meal plan

18
services/DatabaseService.php
View File

@ -23,7 +23,7 @@ class DatabaseService
return false;
}
public function ExecuteDbStatement(string $sql)
public function ExecuteDbStatement(string $sql, array $params = null)
{
$pdo = $this->GetDbConnectionRaw();
@ -36,9 +36,21 @@ class DatabaseService
}
}
if ($pdo->exec($sql) === false)
if ($params == null)
{
throw new \Exception($pdo->errorInfo());
if ($pdo->exec($sql) === false)
{
throw new \Exception($pdo->errorInfo());
}
}
else
{
$cmd = $pdo->prepare($sql);
if ($cmd->execute($params) === false)
{
throw new \Exception($pdo->errorInfo());
}
}
return true;

6
services/RecipesService.php
View File

@ -145,10 +145,10 @@ class RecipesService extends BaseService
$newName = $this->getLocalizationService()->__t('Copy of %s', $this->getDataBase()->recipes($recipeId)->name);
$this->getDatabaseService()->ExecuteDbStatement('INSERT INTO recipes (name, description, picture_file_name, base_servings, desired_servings, not_check_shoppinglist, type, product_id) SELECT \'' . $newName . '\', description, picture_file_name, base_servings, desired_servings, not_check_shoppinglist, type, product_id FROM recipes WHERE id = ' . $recipeId);
$this->getDatabaseService()->ExecuteDbStatement('INSERT INTO recipes (name, description, picture_file_name, base_servings, desired_servings, not_check_shoppinglist, type, product_id) SELECT :new_name, description, picture_file_name, base_servings, desired_servings, not_check_shoppinglist, type, product_id FROM recipes WHERE id = :recipe_id', ['recipe_id' => $recipeId, 'new_name' => $newName]);
$lastInsertId = $this->getDatabase()->lastInsertId();
$this->getDatabaseService()->ExecuteDbStatement('INSERT INTO recipes_pos (recipe_id, product_id, amount, note, qu_id, only_check_single_unit_in_stock, ingredient_group, not_check_stock_fulfillment, variable_amount, price_factor) SELECT ' . $lastInsertId . ', product_id, amount, note, qu_id, only_check_single_unit_in_stock, ingredient_group, not_check_stock_fulfillment, variable_amount, price_factor FROM recipes_pos WHERE recipe_id = ' . $recipeId);
$this->getDatabaseService()->ExecuteDbStatement('INSERT INTO recipes_nestings (recipe_id, includes_recipe_id, servings) SELECT ' . $lastInsertId . ', includes_recipe_id, servings FROM recipes_nestings WHERE recipe_id = ' . $recipeId);
$this->getDatabaseService()->ExecuteDbStatement('INSERT INTO recipes_pos (recipe_id, product_id, amount, note, qu_id, only_check_single_unit_in_stock, ingredient_group, not_check_stock_fulfillment, variable_amount, price_factor) SELECT :last_insert_id, product_id, amount, note, qu_id, only_check_single_unit_in_stock, ingredient_group, not_check_stock_fulfillment, variable_amount, price_factor FROM recipes_pos WHERE recipe_id = :recipe_id', ['recipe_id' => $recipeId, 'last_insert_id' => $lastInsertId]);
$this->getDatabaseService()->ExecuteDbStatement('INSERT INTO recipes_nestings (recipe_id, includes_recipe_id, servings) SELECT :last_insert_id, includes_recipe_id, servings FROM recipes_nestings WHERE recipe_id = :recipe_id', ['recipe_id' => $recipeId, 'last_insert_id' => $lastInsertId]);
return $lastInsertId;
}