Merge pull request #46 from noten-app/hotfix-ids-datatype

🚑 Hotfix ids datatype
noten-app · Nov 29, 2023 · 0d19f18 · 0d19f18
2 parents afecb82 + dd29dba
commit 0d19f18
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 9 deletions.
diff --git a/subjects/edit/delete.php b/subjects/edit/delete.php
@@ -23,7 +23,7 @@
 
 // Delete subject if belonging to user, then check if one was deleted
 if ($stmt = $con->prepare('DELETE FROM subjects WHERE id = ? AND user_id = ?')) {
-	$stmt->bind_param('is', $subject_id, $_SESSION["user_id"]);
+	$stmt->bind_param('ss', $subject_id, $_SESSION["user_id"]);
 	$stmt->execute();
 	if ($stmt->affected_rows === 0) die("no subject deleted");
 	else if ($stmt->affected_rows === 1) {

diff --git a/subjects/edit/modify.php b/subjects/edit/modify.php
@@ -40,7 +40,7 @@
 
 // Check if subject exists and belongs to user
 if ($stmt = $con->prepare('SELECT user_id FROM ' . $config["db"]["tables"]["subjects"] . ' WHERE id = ?')) {
-    $stmt->bind_param('i', $subjectID);
+    $stmt->bind_param('s', $subjectID);
     $stmt->execute();
     $stmt->store_result();
     $stmt->bind_result($userID);
@@ -61,7 +61,7 @@
 
 // Update subject in DB
 if ($stmt = $con->prepare('UPDATE ' . $config["db"]["tables"]["subjects"] . ' SET name = ?, color = ?, weight_exam = ?, weight_oral = ?, weight_test = ?, weight_other = ? WHERE id = ?')) {
-    $stmt->bind_param('ssiisii', $subjectName, $subjectColor, $gradingTypeK, $gradingTypeM, $gradingTypeT, $gradingTypeS, $subjectID);
+    $stmt->bind_param('ssiisis', $subjectName, $subjectColor, $gradingTypeK, $gradingTypeM, $gradingTypeT, $gradingTypeS, $subjectID);
     $stmt->execute();
     $stmt->close();
     exit("success");

diff --git a/subjects/grades/add/add.php b/subjects/grades/add/add.php
@@ -34,7 +34,7 @@
 
 // Check if subject is owned by user
 if ($stmt = $con->prepare('SELECT user_id FROM ' . $config["db"]["tables"]["subjects"] . ' WHERE id = ?')) {
-    $stmt->bind_param('i', $subject_id);
+    $stmt->bind_param('s', $subject_id);
     $stmt->execute();
     $stmt->store_result();
     $stmt->bind_result($user_id);
@@ -66,15 +66,18 @@
 // Check if note is valid (max 25 chars)
 if (strlen($note) > 25) die("invalid-note");
 
+// Generate id (8char random string)
+$gradeID = bin2hex(random_bytes(4));
+
 // Add grade
-if ($stmt = $con->prepare('INSERT INTO ' . $config["db"]["tables"]["grades"] . ' (user_id, subject, note, type, date, grade, year) VALUES (?, ?, ?, ?, ?, ?, ?)')) {
-    $stmt->bind_param('sisssss', $_SESSION["user_id"], $subject_id, $note, $type, $date, $grade_float, $_SESSION["setting_years"]);
+if ($stmt = $con->prepare('INSERT INTO ' . $config["db"]["tables"]["grades"] . ' (user_id, id, subject, note, type, date, grade, year) VALUES (?, ?, ?, ?, ?, ?, ?, ?)')) {
+    $stmt->bind_param('ssssssss', $_SESSION["user_id"], $gradeID, $subject_id, $note, $type, $date, $grade_float, $_SESSION["setting_years"]);
     $stmt->execute();
     $stmt->close();
 
     // Change subject last used
     if ($stmt = $con->prepare('UPDATE ' . $config["db"]["tables"]["subjects"] . ' SET last_used = ? WHERE id = ?')) {
-        $stmt->bind_param('si', $date, $subject_id);
+        $stmt->bind_param('ss', $date, $subject_id);
         $stmt->execute();
         $stmt->close();
         exit("success");

diff --git a/subjects/grades/edit/edit.php b/subjects/grades/edit/edit.php
@@ -37,7 +37,7 @@
 
 // Check if grade is owned by user
 if ($stmt = $con->prepare('SELECT user_id FROM ' . $config["db"]["tables"]["grades"] . ' WHERE id = ?')) {
-    $stmt->bind_param('i', $grade_id);
+    $stmt->bind_param('s', $grade_id);
     $stmt->execute();
     $stmt->store_result();
     $stmt->bind_result($user_id);
@@ -77,7 +77,7 @@
 
     // Change subject last used
     if ($stmt = $con->prepare('UPDATE ' . $config["db"]["tables"]["subjects"] . ' SET last_used = ? WHERE id = ?')) {
-        $stmt->bind_param('si', $date, $subject_id);
+        $stmt->bind_param('ss', $date, $subject_id);
         $stmt->execute();
         $stmt->close();
         exit("success");