From a90ffa590d948fface420dbf332c7a9815c2bfdc Mon Sep 17 00:00:00 2001 From: Sven Slootweg Date: Thu, 23 May 2013 20:21:11 +0200 Subject: [PATCH] Throw a DatabaseException when an object is specified as a query parameter. --- include.mysql.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include.mysql.php b/include.mysql.php index a8d0316..5a28ded 100644 --- a/include.mysql.php +++ b/include.mysql.php @@ -118,6 +118,10 @@ class CachedPDO extends PDO public function GuessType($value) { + if(is_object($value)) + { + throw new DatabaseException("Query parameters must be numeric, boolean, null, a string value, or something that can be auto-cast to a string. You provided an object."); + } if(is_int($value)) { return PDO::PARAM_INT;