From 45b27c84a0f72c64c5dcfad77d96b5ec2ea47d7a Mon Sep 17 00:00:00 2001
From: Tyler Antonio <tantonio@ualberta.ca>
Date: Mon, 20 Jul 2015 12:28:02 -0600
Subject: [PATCH] Added the exec function for SQL queries that don't need to be
 prepared

---
 lib/SimpleSAML/Database.php | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/lib/SimpleSAML/Database.php b/lib/SimpleSAML/Database.php
index f9796ad6b..d0d8dc71f 100644
--- a/lib/SimpleSAML/Database.php
+++ b/lib/SimpleSAML/Database.php
@@ -99,6 +99,7 @@ class SimpleSAML_Database {
 				'database.dsn' => $config->getValue('database.dsn'),
 				'database.username' => $config->getValue('database.username'),
 				'database.password' => $config->getValue('database.password'),
+				'database.prefix' => $config->getValue('database.prefix'),
 				'database.persistent' => $config->getValue('database.persistent'),
 			),
 			'slaves' => $config->getValue('database.slaves'),
@@ -177,7 +178,7 @@ class SimpleSAML_Database {
 					$query->bindValue(":$param", $value[0], ($value[1])? $value[1] : PDO::PARAM_STR);
 				}
 				else{
-					$query->bindValue(":$param", $value, PDO::PARAM_STR);	
+					$query->bindValue(":$param", $value, PDO::PARAM_STR);
 				}
 			}
 
@@ -193,6 +194,29 @@ class SimpleSAML_Database {
 		}
 	}
 
+	/**
+	 * This function queries the database without using a
+	 * prepared statement.
+	 *
+	 * @param $db 			PDO object to use
+	 * @param $stmt 		Prepared SQL statement
+	 * @param $params 		Parameters
+	 *
+	 * @return PDO statement object
+	 */
+	private function exec($db, $stmt){
+		assert('is_object($db)');
+		assert('is_string($stmt)');
+
+		try{
+			$query = $db->exec($stmt);
+
+			return $query;
+		} catch (PDOException $e){
+			throw new Exception("Database error: ". $e->getMessage());
+		}
+	}
+
 	/**
 	 * This executes queries directly on the master.
 	 *
@@ -204,7 +228,11 @@ class SimpleSAML_Database {
 	public function write($stmt, $params = array()){
 		$db = $this->dbMaster;
 
-		return $this->query($db, $stmt, $params);
+		if (is_array($params)) {
+			return $this->query($db, $stmt, $params);
+		} else {
+			return $this->exec($db, $stmt);
+		}
 	}
 
 	/**
-- 
GitLab