From b76507025ecf9e0d2cb33d14378dd805c6c97a30 Mon Sep 17 00:00:00 2001 From: Daniel Seifert Date: Thu, 29 Apr 2021 15:49:20 +0200 Subject: [PATCH] prevent the use of not countable parameters in prepared statemant rendering --- src/OxidSQLLogger.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/OxidSQLLogger.php b/src/OxidSQLLogger.php index 557e760..084f32a 100644 --- a/src/OxidSQLLogger.php +++ b/src/OxidSQLLogger.php @@ -70,10 +70,11 @@ class OxidSQLLogger implements SQLLogger * @param array $params * @throws \OxidEsales\Eshop\Core\Exception\DatabaseConnectionException */ - public function getPreparedStatementQuery(&$sql, array $params = null) + public function getPreparedStatementQuery(&$sql, $params = []) { if (class_exists(d3database::class) && method_exists(d3database::class, 'getPreparedStatementQuery') + && is_array($params) && count($params) && ($query = d3database::getInstance()->getPreparedStatementQuery($sql, $params)) && strlen(trim($query))