From 7fdb933d6bd72ba727005952cb3f71c4e780c7b8 Mon Sep 17 00:00:00 2001
From: Isaac Connor <iconnor@pseudo.connortechnology.com>
Date: Fri, 18 Oct 2013 14:15:24 -0400
Subject: [PATCH] rework dbQuery, dbFetchOne to take a parameters array, and
 use it

---
 web/includes/database.php | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/web/includes/database.php b/web/includes/database.php
index cbb2f997b..a31d8337e 100644
--- a/web/includes/database.php
+++ b/web/includes/database.php
@@ -97,21 +97,32 @@ function dbEscape( $string )
             return( $dbConn->quote( $string ) );
 }
 
-function dbQuery( $sql )
+function dbQuery( $sql, $params=NULL )
 {
     global $dbConn;
     if ( dbLog( $sql, true ) )
         return;
-    if (!($result = $dbConn->query( $sql )))
-        dbError( $sql );
+    $result = NULL;
+    try {
+        if ( isset($params) ) {
+            $result = $dbConn->prepare( $sql );
+            $result->execute( $params );
+        } else {
+            $result = $dbConn->query( $sql );
+        }
+    } catch(PDOException $e) {
+        dbError( $sql . $e->getMessage() );
+    }
     return( $result );
 }
 
-function dbFetchOne( $sql, $col=false )
+function dbFetchOne( $sql, $col=false, $params=NULL )
 {
-	$result = dbQuery( $sql );
+	$result = dbQuery( $sql, $params );
+	if ( ! $result ) 
+		return false;
 
-    if ( $dbRow = $result->fetch( PDO::FETCH_ASSOC ) )
+    if ( $result && $dbRow = $result->fetch( PDO::FETCH_ASSOC ) )
         return( $col?$dbRow[$col]:$dbRow );
     return( false );
 }