From 9f8170507e629fec3c20cd573749927ef22bc0ce Mon Sep 17 00:00:00 2001 From: Milan Date: Sat, 29 Feb 2020 23:01:49 +0100 Subject: [PATCH] use sorted keys on SQL update statement make sure, sorted keys are used for query and binding variable. --- lib/calcms/comments.pm | 11 ++++++----- lib/calcms/db.pm | 9 +++++---- lib/calcms/password_requests.pm | 5 +++-- lib/calcms/project.pm | 5 +++-- lib/calcms/series.pm | 5 +++-- lib/calcms/series_schedule.pm | 5 +++-- lib/calcms/studio_timeslot_schedule.pm | 5 +++-- lib/calcms/studios.pm | 5 +++-- lib/calcms/uac.pm | 12 +++++++----- lib/calcms/user_sessions.pm | 5 +++-- lib/calcms/user_settings.pm | 5 +++-- lib/calcms/user_stats.pm | 5 +++-- lib/calcms/work_schedule.pm | 5 +++-- 13 files changed, 48 insertions(+), 34 deletions(-) diff --git a/lib/calcms/comments.pm b/lib/calcms/comments.pm index 7b5d8fc..61eb561 100644 --- a/lib/calcms/comments.pm +++ b/lib/calcms/comments.pm @@ -410,12 +410,13 @@ sub get_events($$$$) { $event_ids->{$event_id} = 1; } + my @keys = keys %{$event_ids}; #get events from comment's event ids - return [] if ( scalar keys %{$event_ids} ) == 0; + return [] if ( scalar @keys ) == 0; - #my $quoted_event_ids=join "," ,(map {$dbh->quote($_)}(keys %{$event_ids})); - my @bind_values = keys %{$event_ids}; - my $event_id_values = join ",", ( map { '?' } ( keys %{$event_ids} ) ); + #my $quoted_event_ids=join "," ,(map {$dbh->quote($_)}(@keys)); + my @bind_values = @keys; + my $event_id_values = join ",", ( map { '?' } ( @keys ) ); my $query = qq{ select id, start, program, series_name, title, excerpt @@ -433,7 +434,7 @@ sub get_events($$$$) { } #add unassigned events - # for my $event_id (keys %{$event_ids}){ + # for my $event_id (@keys){ # if ($events_by_id->{$event_id}eq''){ # my $event={ # title => "not assigned", diff --git a/lib/calcms/db.pm b/lib/calcms/db.pm index 5a63c67..ed2c850 100644 --- a/lib/calcms/db.pm +++ b/lib/calcms/db.pm @@ -138,15 +138,16 @@ sub insert ($$$){ my $tablename = shift; my $entry = shift; - my $keys = join( ",", map { $_ } ( keys %$entry ) ); - my $values = join( ",", map { '?' } ( keys %$entry ) ); - my @bind_values = map { $entry->{$_} } ( keys %$entry ); + my @keys = sort keys %$entry; + my $keys = join( ",", @keys ); + my $values = join( ",", map { '?' } @keys ); + my @bind_values = map { $entry->{$_} } @keys; my $sql = "insert into $tablename \n ($keys) \n values ($values);\n"; if ( $debug_write == 1 ) { print STDERR $sql . "\n"; - print STDERR Dumper( \@bind_values ) . "\n" if (@bind_values); + print STDERR Dumper( \@bind_values ) . "\n" if scalar(@bind_values); } put( $dbh, $sql, \@bind_values ); diff --git a/lib/calcms/password_requests.pm b/lib/calcms/password_requests.pm index e94d157..76bf2cc 100644 --- a/lib/calcms/password_requests.pm +++ b/lib/calcms/password_requests.pm @@ -71,8 +71,9 @@ sub update($$) { return unless defined $entry->{user}; my $dbh = db::connect($config); - my $values = join( ",", map { $_ . '=?' } ( keys %$entry ) ); - my @bind_values = map { $entry->{$_} } ( keys %$entry ); + my @keys = sort keys %$entry; + my $values = join( ",", map { $_ . '=?' } @keys); + my @bind_values = map { $entry->{$_} } @keys; push @bind_values, $entry->{token}; my $query = qq{ diff --git a/lib/calcms/project.pm b/lib/calcms/project.pm index 1592368..8875810 100644 --- a/lib/calcms/project.pm +++ b/lib/calcms/project.pm @@ -134,8 +134,9 @@ sub update($$) { $entry->{image} = images::normalizeName( $entry->{image} ) if defined $entry->{image}; - my $values = join( ",", map { $_ . '=?' } ( keys %$entry ) ); - my @bind_values = map { $entry->{$_} } ( keys %$entry ); + my @keys = sort keys %$entry; + my $values = join( ",", map { $_ . '=?' } @keys ); + my @bind_values = map { $entry->{$_} } @keys; push @bind_values, $entry->{project_id}; my $query = qq{ diff --git a/lib/calcms/series.pm b/lib/calcms/series.pm index eb0facc..518ba19 100644 --- a/lib/calcms/series.pm +++ b/lib/calcms/series.pm @@ -193,8 +193,9 @@ sub update ($$) { $entry->{id} = $series->{series_id}; $entry->{modified_at} = time::time_to_datetime( time() ); - my $values = join( ",", map { $_ . '=?' } ( keys %$entry ) ); - my @bind_values = map { $entry->{$_} } ( keys %$entry ); + my @keys = keys %$entry; + my $values = join( ",", map { $_ . '=?' } @keys ); + my @bind_values = map { $entry->{$_} } @keys; push @bind_values, $entry->{id}; my $query = qq{ diff --git a/lib/calcms/series_schedule.pm b/lib/calcms/series_schedule.pm index 7e83176..9afff13 100644 --- a/lib/calcms/series_schedule.pm +++ b/lib/calcms/series_schedule.pm @@ -137,8 +137,9 @@ sub update($$) { delete $entry->{schedule_id}; my $dbh = db::connect($config); - my $values = join( ",", map { $_ . '=?' } ( keys %$entry ) ); - my @bind_values = map { $entry->{$_} } ( keys %$entry ); + my @keys = sort keys %$entry; + my $values = join( ",", map { $_ . '=?' } @keys ); + my @bind_values = map { $entry->{$_} } @keys; push @bind_values, $entry->{project_id}; push @bind_values, $entry->{studio_id}; diff --git a/lib/calcms/studio_timeslot_schedule.pm b/lib/calcms/studio_timeslot_schedule.pm index 26459ba..521f4d9 100644 --- a/lib/calcms/studio_timeslot_schedule.pm +++ b/lib/calcms/studio_timeslot_schedule.pm @@ -101,8 +101,9 @@ sub update($$) { delete $entry->{schedule_id}; my $dbh = db::connect($config); - my $values = join( ",", map { $_ . '=?' } ( keys %$entry ) ); - my @bind_values = map { $entry->{$_} } ( keys %$entry ); + my @keys = sort keys %$entry; + my $values = join( ",", map { $_ . '=?' } @keys ); + my @bind_values = map { $entry->{$_} } @keys; push @bind_values, $entry->{id}; my $query = qq{ diff --git a/lib/calcms/studios.pm b/lib/calcms/studios.pm index 0288da5..2ae2953 100644 --- a/lib/calcms/studios.pm +++ b/lib/calcms/studios.pm @@ -117,8 +117,9 @@ sub update ($$) { } $entry->{image} = images::normalizeName( $entry->{image} ) if defined $entry->{image}; - my $values = join( ",", map { $_ . '=?' } ( keys %$entry ) ); - my @bind_values = map { $entry->{$_} } ( keys %$entry ); + my @keys = sort keys %$entry; + my $values = join( ",", map { $_ . '=?' } @keys ); + my @bind_values = map { $entry->{$_} } @keys; push @bind_values, $entry->{id}; my $query = qq{ diff --git a/lib/calcms/uac.pm b/lib/calcms/uac.pm index 0c99153..18ee678 100644 --- a/lib/calcms/uac.pm +++ b/lib/calcms/uac.pm @@ -211,8 +211,9 @@ sub update_user($$) { $entry->{modified_at} = time::time_to_datetime( time() ); - my $values = join( ",", map { $_ . '=?' } ( keys %$entry ) ); - my @bind_values = map { $entry->{$_} } ( keys %$entry ); + my @keys = sort keys %$entry; + my $values = join( ",", map { $_ . '=?' } @keys ); + my @bind_values = map { $entry->{$_} } @keys; push @bind_values, $entry->{id}; my $query = qq{ @@ -294,7 +295,7 @@ sub get_roles($$) { my $dbh = db::connect($config); my $columns = db::get_columns_hash( $dbh, 'calcms_roles' ); - for my $column ( keys %$columns ) { + for my $column ( sort keys %$columns ) { if ( defined $condition->{$column} ) { push @conditions, $column . '=?'; push @bind_values, $condition->{$column}; @@ -340,8 +341,9 @@ sub update_role($$) { my $dbh = db::connect($config); my $columns = db::get_columns_hash( $dbh, 'calcms_roles' ); - my $values = join( ",", map { $_ . '=?' } ( keys %$columns ) ); - my @bind_values = map { $entry->{$_} } ( keys %$columns ); + my @keys = sort keys %$columns; + my $values = join( ",", map { $_ . '=?' } @keys ); + my @bind_values = map { $entry->{$_} } @keys; push @bind_values, $entry->{id}; my $query = qq{ diff --git a/lib/calcms/user_sessions.pm b/lib/calcms/user_sessions.pm index 8954eda..6d1f52a 100644 --- a/lib/calcms/user_sessions.pm +++ b/lib/calcms/user_sessions.pm @@ -190,8 +190,9 @@ sub update ($$) { return undef unless defined $entry->{session_id}; my $dbh = db::connect($config); - my $values = join( ",", map { $_ . '=?' } ( keys %$entry ) ); - my @bind_values = map { $entry->{$_} } ( keys %$entry ); + my @keys = sort keys %$entry; + my $values = join( ",", map { $_ . '=?' } @keys ); + my @bind_values = map { $entry->{$_} } @keys; push @bind_values, $entry->{session_id}; diff --git a/lib/calcms/user_settings.pm b/lib/calcms/user_settings.pm index 732d8c5..0dc7b25 100644 --- a/lib/calcms/user_settings.pm +++ b/lib/calcms/user_settings.pm @@ -189,8 +189,9 @@ sub update($$) { return unless ( defined $entry->{user} ); my $dbh = db::connect($config); - my $values = join( ",", map { $_ . '=?' } ( keys %$entry ) ); - my @bind_values = map { $entry->{$_} } ( keys %$entry ); + my @keys = sort keys %$entry; + my $values = join( ",", map { $_ . '=?' } @keys ); + my @bind_values = map { $entry->{$_} } @keys; push @bind_values, $entry->{user}; my $query = qq{ diff --git a/lib/calcms/user_stats.pm b/lib/calcms/user_stats.pm index 0af00dd..3cd66a5 100644 --- a/lib/calcms/user_stats.pm +++ b/lib/calcms/user_stats.pm @@ -179,8 +179,9 @@ sub update ($$) { } $entry->{modified_at} = time::time_to_datetime( time() ); - my $values = join( ",", map { $_ . '=?' } ( keys %$entry ) ); - my @bind_values = map { $entry->{$_} } ( keys %$entry ); + my @keys = sort keys %$entry; + my $values = join( ",", map { $_ . '=?' } @keys ); + my @bind_values = map { $entry->{$_} } @keys; push @bind_values, $entry->{user}; push @bind_values, $entry->{project_id}; push @bind_values, $entry->{studio_id}; diff --git a/lib/calcms/work_schedule.pm b/lib/calcms/work_schedule.pm index 00508b7..bc0c078 100644 --- a/lib/calcms/work_schedule.pm +++ b/lib/calcms/work_schedule.pm @@ -112,8 +112,9 @@ sub update ($$) { return undef unless defined $entry->{start}; my $dbh = db::connect($config); - my $values = join( ",", map { $_ . '=?' } ( keys %$entry ) ); - my @bind_values = map { $entry->{$_} } ( keys %$entry ); + my @keys = sort keys %$entry; + my $values = join( ",", map { $_ . '=?' } @keys); + my @bind_values = map { $entry->{$_} } @keys; push @bind_values, $entry->{project_id}; push @bind_values, $entry->{studio_id};