From bc362adbef6450cf93347ebdd5aaffad76888d27 Mon Sep 17 00:00:00 2001
From: "Namhyeon, Go" <gnh1201@gmail.com>
Date: Thu, 15 Mar 2018 17:36:30 +0900
Subject: [PATCH] Update database.php

---
 system/database.php | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/system/database.php b/system/database.php
index 93f385b..1b7463d 100644
--- a/system/database.php
+++ b/system/database.php
@@ -41,13 +41,25 @@ if(!function_exists("get_dbc_object")) {
 }
 
 if(!function_exists("get_db_stmt")) {
-	function get_db_stmt($sql, $bind=array()) {
-		$stmt = get_dbc_object()->prepare($sql);
-		if(count($bind) > 0) {
-			foreach($bind as $k=>$v) {
-				$stmt->bindParam(':' . $k, $v, PDO::PARAM_STR);
+	function get_db_stmt($sql, $bind=array(), $bind_pdo=false) {
+		if(!$bind_pdo) {
+			if(count($bind) > 0) {
+				foreach($bind as $k=>$v) {
+					$sql = str_replace(":" . $k, "'" . addslashes($v) . "'", $sql);					
+				}
 			}
 		}
+		$stmt = get_dbc_object()->prepare($sql);
+
+		// bind parameter by PDO statement
+		if($bind_pdo) {
+			if(count($bind) > 0) {
+				foreach($bind as $k=>$v) {
+					$stmt->bindParam(':' . $k, $v);
+				}
+			}
+		}
+
 		return $stmt;
 	}
 }
@@ -71,14 +83,7 @@ if(!function_exists("exec_db_query")) {
 			if(count($bind) > 0) {
 				$is_insert_with_bind = true;
 			}
-		} else if($sql_terms[0] == "update") {
-			if(count($bind) > 0) {
-				foreach($bind as $k=>$v) {
-					$sql = str_replace(":" . $k, "'" . addslashes($v) . "'", $sql);					
-				}
-			}
-			$stmt = get_db_stmt($sql);
-		} else{
+		} else {
 			$stmt = get_db_stmt($sql, $bind);
 		}