Fix Issue #62 - "dbi_update_blob" is not implemented for mysqli

- Implement dbi_update_blob for mysqli - Implement dbi_get_blob for for mysqli - Affects usage of attachments and comments (which both use blobs)
craigk5n · Jul 13, 2018 · d48dd68 · d48dd68
1 parent 729e69a
commit d48dd68
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 7 deletions.
diff --git a/doc.php b/doc.php
@@ -24,9 +24,9 @@
 
 if ( empty ( $error ) ) {
   $row = dbi_fetch_row ( $res );
-  if ( ! $row )
+  if ( ! $row ) {
     $error = str_replace ( 'XXX', $blid, $invalidIDStr );
-  else {
+  } else {
     $doc = new Doc( $row );
     $description = $doc->getDescription();
     $filedata = $doc->getData();
@@ -159,6 +159,7 @@
     $error = print_not_auth();
 }
 
+
 if ( ! empty ( $error ) ) {
   print_header();
   echo print_error ( $error, true) . print_trailer();

diff --git a/includes/dbi4php.php b/includes/dbi4php.php
@@ -524,7 +524,12 @@ function dbi_update_blob( $table, $column, $key, $data ) {
 
   if( strcmp( $GLOBALS['db_type'], 'mssql' ) == 0 )
     return dbi_execute( $sql . ' = 0x' . bin2hex( $data ) . ' WHERE ' . $key );
-  elseif( strcmp( $GLOBALS['db_type'], 'mysql' ) == 0 ) {
+  elseif ( strcmp( $GLOBALS['db_type'], 'mysqli' ) == 0 ) {
+    return dbi_execute( $sql . ' = \''
+     . ( function_exists( 'mysqli_real_escape_string' )
+       ? $db_connection_info['connection']->real_escape_string( $data ) : addslashes( $data ) )
+     . '\' WHERE ' . $key );
+  } elseif ( strcmp( $GLOBALS['db_type'], 'mysql' ) == 0 ) {
     return dbi_execute( $sql . ' = \''
      . ( function_exists( 'mysql_real_escape_string' )
        ? mysql_real_escape_string( $data ) : addslashes( $data ) )
@@ -569,16 +574,18 @@ function dbi_get_blob( $table, $column, $key ) {
   $res =
     dbi_execute( 'SELECT ' . $column . ' FROM ' . $table . ' WHERE ' . $key );
 
-  if( ! $res )
+  if( ! $res ) {
     return false;
+  }
 
   $ret = '';
 
   if( $row = dbi_fetch_row( $res ) ) {
-    if( strcmp( $GLOBALS['db_type'], 'mssql' ) == 0
-        || strcmp( $GLOBALS['db_type'], 'mysql' ) == 0 )
+    if( strcmp( $GLOBALS['db_type'], 'mssql' ) == 0 
+        || strcmp( $GLOBALS['db_type'], 'mysql' ) == 0 ||
+        strcmp( $GLOBALS['db_type'], 'mysqli' ) == 0 ) {
       $ret = $row[0];
-    elseif( strcmp( $GLOBALS['db_type'], 'postgresql' ) == 0 )
+    } elseif( strcmp( $GLOBALS['db_type'], 'postgresql' ) == 0 )
       $ret = pg_unescape_bytea ( $row[0] );
     elseif( strcmp( $GLOBALS['db_type'], 'sqlite' ) == 0 )
       $ret = sqlite_udf_decode_binary( $row[0] );