From 500486ba383604e86c336fc8f7ab1b6cf3f89e1f Mon Sep 17 00:00:00 2001
From: Luca Haid <luca@haid.in>
Date: Thu, 25 Jul 2024 09:21:54 +0200
Subject: [PATCH] fixed mysql query for history

---
 .../WarehouseHistory/WarehouseHistoryModel.php   | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/application/WarehouseHistory/WarehouseHistoryModel.php b/application/WarehouseHistory/WarehouseHistoryModel.php
index 5e92ee25b..4c90decf5 100644
--- a/application/WarehouseHistory/WarehouseHistoryModel.php
+++ b/application/WarehouseHistory/WarehouseHistoryModel.php
@@ -24,9 +24,8 @@ class WarehouseHistoryModel {
     public static function create($data) {
         $FronkDB = FronkDB::singleton();
         $db = $FronkDB->link;
-        $sql = /** @lang text */ "INSERT INTO `WarehouseHistory` (`table`, `row_id`, `key`, `old_value`, `new_value`, `note`, `user_id`, `create`) VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
-        $stmt = $db->prepare($sql);
-        $stmt->execute([
+
+        $dataArr = [
             $data["table"],
             $data["row_id"],
             $data["key"],
@@ -35,9 +34,16 @@ class WarehouseHistoryModel {
             $data["note"],
             $data["user_id"],
             $data["create"]
-        ]);
+        ];
 
-        return $stmt->insert_id;
+        $sqlValueStr = "(" . implode(", ", array_map(function ($item) use ($db) {
+                return "'" . $db->real_escape_string($item) . "'";
+            }, $dataArr)) . ")";
+
+        $sql = /** @lang text */ "INSERT INTO `WarehouseHistory` (`table`, `row_id`, `key`, `old_value`, `new_value`, `note`, `user_id`, `create`) VALUES $sqlValueStr";
+        $db->query($sql) or die($db->error);
+
+        return $db->insert_id;
     }
     /**
      * Retrieves an array of WarehouseHistoryModel objects by row ID.