/** * Rende persistenti le modifiche all'anagrafica di un admin sul db * @param Admin $a l'admin considerato * @param mysqli_stmt $stmt un prepared statement * @return int il numero di righe modificate */ private function salvaAdmin(Admin $a, mysqli_stmt $stmt) { $query = " update admins set \n password = ?,\n nome = ?,\n cognome = ?,\n email = ?,\n where admins.id = ?\n "; $stmt->prepare($query); if (!$stmt) { error_log("[salvaAdmin] impossibile" . " inizializzare il prepared statement"); return 0; } if (!$stmt->bind_param('ssssi', $a->getPassword(), $a->getNome(), $a->getCognome(), $a->getEmail(), $a->getId())) { error_log("[salvaAdmin] impossibile" . " effettuare il binding in input"); return 0; } if (!$stmt->execute()) { error_log("[caricaRegistrati] impossibile" . " eseguire lo statement"); return 0; } return $stmt->affected_rows; }
/** * Rende persistenti le modifiche all'anagrafica di un docente sul db * @param Docente $d il docente considerato * @param mysqli_stmt $stmt un prepared statement * @return int il numero di righe modificate */ private function salvaDocente(Docente $d, mysqli_stmt $stmt) { $query = " update docenti set \n password = ?,\n nome = ?,\n cognome = ?,\n email = ?,\n citta = ?,\n provincia = ?,\n cap = ?,\n via = ?,\n ricevimento = ?,\n numero_civico = ?,\n dipartimento_id = ?\n where docenti.id = ?\n "; $stmt->prepare($query); if (!$stmt) { error_log("[salvaStudente] impossibile" . " inizializzare il prepared statement"); return 0; } if (!$stmt->bind_param('sssssssssiii', $d->getPassword(), $d->getNome(), $d->getCognome(), $d->getEmail(), $d->getCitta(), $d->getProvincia(), $d->getCap(), $d->getVia(), $d->getRicevimento(), $d->getNumeroCivico(), $d->getDipartimento()->getId(), $d->getId())) { error_log("[salvaStudente] impossibile" . " effettuare il binding in input"); return 0; } if (!$stmt->execute()) { error_log("[caricaIscritti] impossibile" . " eseguire lo statement"); return 0; } return $stmt->affected_rows; }
/** * Rende persistenti le modifiche all'anagrafica di un docente sul db * @param Admin $d il docente considerato * @param mysqli_stmt $stmt un prepared statement * @return int il numero di righe modificate */ private function salvaAdmin(admin $d, mysqli_stmt $stmt) { $query = " update admin set \n password = ?,\n nome = ?,\n cognome = ?,\n via = ?,\n civico = ?,\n citta = ?,\n cap = ?,\n telefono = ?,\n where admin.id = ?\n "; $stmt->prepare($query); if (!$stmt) { error_log("[salvaCliente] impossibile" . " inizializzare il prepared statement"); return 0; } if (!$stmt->bind_param('ssssissii', $d->getPassword(), $d->getNome(), $d->getCognome(), $d->getVia(), $d->getCivico(), $d->getCitta(), $d->getCap(), $d->getTelefono(), $d->getId())) { error_log("[salvaCliente] impossibile" . " effettuare il binding in input"); return 0; } if (!$stmt->execute()) { error_log("[caricaIscritti] impossibile" . " eseguire lo statement"); return 0; } return $stmt->affected_rows; }
/** * Prepare an SQL statement for execution * * @link http://php.net/manual/en/mysqli-stmt.prepare.php * * @param string $query <p> * The query, as a string. It must consist of a single SQL statement. * </p> * <p> * You can include one or more parameter markers in the SQL statement by * embedding question mark (?) characters at the * appropriate positions. * </p> * <p> * You should not add a terminating semicolon or \g * to the statement. * </p> * <p> * The markers are legal only in certain places in SQL statements. * For example, they are allowed in the VALUES() list of an INSERT statement * (to specify column values for a row), or in a comparison with a column in * a WHERE clause to specify a comparison value. * </p> * <p> * However, they are not allowed for identifiers (such as table or column names), * in the select list that names the columns to be returned by a SELECT statement), * or to specify both operands of a binary operator such as the = * equal sign. The latter restriction is necessary because it would be impossible * to determine the parameter type. In general, parameters are legal only in Data * Manipulation Language (DML) statements, and not in Data Definition Language * (DDL) statements. * </p> * * @return bool false on error * @since 5.0 */ public function prepare($query) { $this->_sql = $query; $this->_sql_with_bound_parameters = $query; if (!$this->_db->isReady()) { return false; } if (!$query || $query === '') { $this->_debug->displayError('Can\'t prepare an empty Query', false); return false; } $bool = parent::prepare($query); if ($bool === false) { $this->_debug->displayError('Can\'t prepare Query: ' . $query . ' | ' . $this->error, false); } return true; }