From 5fc6ad2eab6b9903c8d39aca1f6ca443f5216157 Mon Sep 17 00:00:00 2001
From: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com>
Date: Wed, 17 Aug 2022 14:47:02 +0100
Subject: [PATCH] =?UTF-8?q?=C3=83bind=20queries=20an=20fix=20array=20bindi?=
 =?UTF-8?q?ng=20(#11575)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 www/install/php/Update-22.04.0-beta.1.php | 32 ++++++++++++++---------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/www/install/php/Update-22.04.0-beta.1.php b/www/install/php/Update-22.04.0-beta.1.php
index 611ddf87ef4..5e4a9550566 100644
--- a/www/install/php/Update-22.04.0-beta.1.php
+++ b/www/install/php/Update-22.04.0-beta.1.php
@@ -528,26 +528,34 @@ function migrateBrokerConfigOutputsToUnifiedSql(CentreonDB $pearDB): void
             throw new \Exception("Cannot find max config group id in cfg_centreonbroker_info table");
         }
         $nextConfigGroupId = (int) $maxConfigGroupId['max_config_group_id'] + 1;
-
+        $blockIdsQueryBinds = [];
+        foreach ($blockIds as $key => $value) {
+            $blockIdsQueryBinds[':block_id_' . $key] = $value;
+        }
+        $blockIdBinds = implode(',', array_keys($blockIdsQueryBinds));
         // Find config group ids of outputs to replace
-        $dbResult = $pearDB->query(
-            "SELECT config_group_id FROM cfg_centreonbroker_info
-            WHERE config_id = $configId AND config_key = 'blockId'
-            AND config_value IN ('" . implode('\', \'', $blockIds) . "')"
-        );
-        $configGroupIds = $dbResult->fetchAll(\PDO::FETCH_COLUMN, 0);
+        $grpIdStatement = $pearDB->prepare("SELECT config_group_id FROM cfg_centreonbroker_info
+            WHERE config_id = :configId AND config_key = 'blockId'
+            AND config_value IN ($blockIdBinds)");
+        $grpIdStatement->bindValue(':configId', (int) $configId, PDO::PARAM_INT);
+        foreach ($blockIdsQueryBinds as $key => $value) {
+            $grpIdStatement->bindValue($key, (int) $value, PDO::PARAM_INT);
+        }
+        $grpIdStatement->execute();
+        $configGroupIds = $grpIdStatement->fetchAll(\PDO::FETCH_COLUMN, 0);
         if (empty($configGroupIds)) {
             throw new \Exception("Cannot find config group ids in cfg_centreonbroker_info table");
         }
 
         // Build unified sql output config from outputs to replace
         $unifiedSqlOutput = [];
+        $statement = $pearDB->prepare("SELECT * FROM cfg_centreonbroker_info
+                WHERE config_id = :configId AND config_group = 'output' AND config_group_id = :configGroupId");
         foreach ($configGroupIds as $configGroupId) {
-            $dbResult = $pearDB->query(
-                "SELECT * FROM cfg_centreonbroker_info
-                WHERE config_id = $configId AND config_group = 'output' AND config_group_id = $configGroupId"
-            );
-            while ($row = $dbResult->fetch()) {
+            $statement->bindValue(':configId', (int) $configId, PDO::PARAM_INT);
+            $statement->bindValue(':configGroupId', (int) $configGroupId, PDO::PARAM_INT);
+            $statement->execute();
+            while ($row = $statement->fetch()) {
                 $unifiedSqlOutput[$row['config_key']] = array_merge($unifiedSqlOutput[$row['config_key']] ?? [], $row);
                 $unifiedSqlOutput[$row['config_key']]['config_group_id'] = $nextConfigGroupId;
             }