Skip to content

Use prepared statements and add PHPStan config #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Use prepared statements and add PHPStan config #8

wants to merge 1 commit into from

Conversation

DeFiTON
Copy link
Collaborator

@DeFiTON DeFiTON commented Aug 23, 2025

Summary

  • Refactor tgbot initialization to use parameterized queries and error handling
  • Update general helper functions with prepared statements and basic input validation
  • Introduce PHPStan configuration for static analysis

Testing

  • php -l tgbot.php
  • php -l func_gen.php
  • composer install (fails: CONNECT tunnel failed 403)

https://chatgpt.com/codex/tasks/task_e_68a9daeabe44832cbce59ddf7545ad67

cursor[bot]
cursor bot reviewed Aug 23, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bugbot free trial expires on September 6, 2025
Learn more in the Cursor dashboard.

func_gen.php
}
$suminUSD = $sum * $tonrate;
$takenSum = ($sum+$fee)." TON";
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Null Object Access in Database Queries

The refactoring to prepared statements introduced several places where database result objects (like $row and $row5) can be null if a query fails or finds no results. Code in referralFee, takeFee, payOut, and tgbot.php's main logic then accesses properties of these potentially null objects without checking, causing fatal errors.

Additional Locations (4)

Fix in Cursor Fix in Web

func_gen.php
$result = mysqli_stmt_get_result($stmt);
$row = $result ? mysqli_fetch_object($result) : null;
mysqli_stmt_close($stmt);
if($row && $row->ref == 0){
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Database Preparation Errors Not Handled

The saveReferral function uses the result of mysqli_prepare() without checking for success. Similarly, in referralFee, if statement preparation fails, the code attempts to access properties of a null object. Both scenarios can lead to fatal errors. Other database operations in this file correctly validate prepared statements or their results.

Additional Locations (1)

Fix in Cursor Fix in Web

func_gen.php

$newtotalTon = $row3->ton_ton_full + $value;
$str2upd = "UPDATE `users` SET `ton_ton_full`='$newtotalTon' WHERE `chatid`='".$row->ref."'";
mysqli_query($link, $str2upd);
$stmtUpd = mysqli_prepare($link, "UPDATE `users` SET `ton_ton_full`=? WHERE `chatid`=?");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Null Object Access in Referral Fee Calculation

In referralFee, the code accesses $row3->ton_ton_full without checking if $row3 is null. If the preceding database query for $row3 doesn't return a result, $row3 will be null, causing a fatal error when attempting to access its ton_ton_full property.

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees
No one assigned
Labels
codex
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@DeFiTON