Array combined: new arraySearchKey method

Also update publish script and move URLS to .env file

publish/last.published

@@ -1 +1 @@
-8.0.2
+8.2.2

publish/publish.sh

@@ -20,7 +20,11 @@ fi;
 # read in the .env.deploy file and we must have
 # GITLAB_USER
 # GITLAB_TOKEN
+# GITLAB_URL
+# GITEA_USER
 # GITEA_DEPLOY_TOKEN
+# GITEA_URL_DL
+# GITEA_URL_PUSH
 if [ ! -f "${BASE_FOLDER}.env.deploy" ]; then
      echo "Deploy enviroment file .env.deploy is missing";
      exit;
@@ -31,30 +35,34 @@ source .env.deploy;
 cd -;
 set +o allexport;
 
+echo "[START]";
 # gitea
-if [ ! -z "${GITEA_USER}" ] && [ ! -z "${GITEA_TOKEN}" ]; then
+if [ ! -z "${GITEA_URL_DL}" ] && [ ! -z "${GITEA_URL_PUSH}" ] &&
+     [ ! -z "${GITEA_USER}" ] && [ ! -z "${GITEA_TOKEN}" ]; then
      curl -LJO \
           --output-dir "${BASE_FOLDER}" \
-          https://git.egplusww.jp/Composer/CoreLibs-Composer-All/archive/v${VERSION}.zip;
+          ${GITEA_URL_DL}/v${VERSION}.zip;
      curl --user ${GITEA_USER}:${GITEA_TOKEN} \
           --upload-file "${BASE_FOLDER}/CoreLibs-Composer-All-v${VERSION}.zip" \
-          https://git.egplusww.jp/api/packages/Composer/composer?version=${VERSION};
+          ${GITEA_URL_PUSH}?version=${VERSION};
      echo "${VERSION}" > "${file_last_published}";
 else
      echo "Missing either GITEA_USER or GITEA_TOKEN environment variable";
 fi;
 
 # gitlab
-if [ ! -z  "${GITLAB_DEPLOY_TOKEN}" ]; then
+if [ ! -z "${GITLAB_URL}" ] && [ ! -z  "${GITLAB_DEPLOY_TOKEN}" ]; then
      curl --data tag=v${VERSION} \
           --header "Deploy-Token: ${GITLAB_DEPLOY_TOKEN}" \
-          "https://gitlab-na.factory.tools/api/v4/projects/950/packages/composer";
+          "${GITLAB_URL}";
      curl --data branch=master \
           --header "Deploy-Token: ${GITLAB_DEPLOY_TOKEN}" \
-          "https://gitlab-na.factory.tools/api/v4/projects/950/packages/composer";
+          "${GITLAB_URL}";
      echo "${VERSION}" > "${file_last_published}";
 else
      echo "Missing GITLAB_DEPLOY_TOKEN environment variable";
 fi;
+echo "";
+echo "[DONE]";
 
 # __END__

src/ACL/Login.php

@@ -69,6 +69,7 @@ declare(strict_types=1);
 namespace CoreLibs\ACL;
 
 use CoreLibs\Check\Password;
+use CoreLibs\Convert\Json;
 
 class Login
 {
@@ -428,7 +429,7 @@ class Login
 
 	/**
 	 * Set options
-	 * Current allowed
+	 * Current allowed:
 	 * target <string>: site target
 	 * debug <bool>
 	 * auto_login <bool>: self start login process
@@ -753,7 +754,10 @@ class Login
 		// we have to get the themes in here too
 		$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
 			. "eu.edit_group_id, "
-			. "eg.name AS edit_group_name, admin, "
+			. "eg.name AS edit_group_name, eu.admin, "
+			// additinal acl lists
+			. "eu.additional_acl AS user_additional_acl, "
+			. "eg.additional_acl AS group_additional_acl, "
 			// login error + locked
 			. "eu.login_error_count, eu.login_error_date_last, "
 			. "eu.login_error_date_first, eu.strict, eu.locked, "
@@ -901,8 +905,10 @@ class Login
 				$_SESSION['GROUP_NAME'] = $res['edit_group_name'];
 				$_SESSION['USER_ACL_LEVEL'] = $res['user_level'];
 				$_SESSION['USER_ACL_TYPE'] = $res['user_type'];
+				$_SESSION['USER_ADDITIONAL_ACL'] = Json::jsonConvertToArray($res['user_additional_acl']);
 				$_SESSION['GROUP_ACL_LEVEL'] = $res['group_level'];
 				$_SESSION['GROUP_ACL_TYPE'] = $res['group_type'];
+				$_SESSION['GROUP_ADDITIONAL_ACL'] = Json::jsonConvertToArray($res['group_additional_acl']);
 				// deprecated TEMPLATE setting
 				$_SESSION['TEMPLATE'] = $res['template'] ? $res['template'] : '';
 				$_SESSION['HEADER_COLOR'] = !empty($res['second_header_color']) ?
@@ -1021,7 +1027,8 @@ class Login
 				$_SESSION['PAGES'] = $pages;
 				$_SESSION['PAGES_ACL_LEVEL'] = $pages_acl;
 				// load the edit_access user rights
-				$q = "SELECT ea.edit_access_id, level, type, ea.name, ea.color, ea.uid, edit_default "
+				$q = "SELECT ea.edit_access_id, level, type, ea.name, "
+					. "ea.color, ea.uid, edit_default, ea.additional_acl "
 					. "FROM edit_access_user eau, edit_access_right ear, edit_access ea "
 					. "WHERE eau.edit_access_id = ea.edit_access_id "
 					. "AND eau.edit_access_right_id = ear.edit_access_right_id "
@@ -1048,6 +1055,7 @@ class Login
 						'uid' => $res['uid'],
 						'color' => $res['color'],
 						'default' => $res['edit_default'],
+						'additional_acl' => Json::jsonConvertToArray($res['additional_acl']),
 						'data' => $ea_data
 					];
 					// set the default unit
@@ -1122,6 +1130,11 @@ class Login
 		// username (login), group name
 		$this->acl['user_name'] = $_SESSION['USER_NAME'];
 		$this->acl['group_name'] = $_SESSION['GROUP_NAME'];
+		// set additional acl
+		$this->acl['additional_acl'] = [
+			'user' => $_SESSION['USER_ADDITIONAL_ACL'],
+			'group' => $_SESSION['GROUP_ADDITIONAL_ACL'],
+		];
 		// we start with the default acl
 		$this->acl['base'] = $this->default_acl_level;
 
@@ -1184,7 +1197,8 @@ class Login
 				'uid' => $unit['uid'],
 				'level' => $this->default_acl_list[$this->acl['unit'][$ea_id]]['name'] ?? -1,
 				'default' => $unit['default'],
-				'data' => $unit['data']
+				'data' => $unit['data'],
+				'additional_acl' => $unit['additional_acl']
 			];
 			// set default
 			if (!empty($unit['default'])) {

src/Combined/ArrayHandler.php

@@ -177,6 +177,63 @@ class ArrayHandler
 		return false;
 	}
 
+	/**
+	 * search for one or many keys in array and return matching values
+	 * If flat is set to true, return flat array with found values only
+	 * If prefix is turned on each found group will be prefixed with the
+	 * search key
+	 *
+	 * @param  array<mixed> $array   array to search in
+	 * @param  array<mixed> $needles keys to find in array
+	 * @param  bool         $flat    [false] Turn on flat output
+	 * @param  bool         $prefix  [false] Prefix found with needle key
+	 * @return array<mixed>          Found values
+	 */
+	public static function arraySearchKey(
+		array $array,
+		array $needles,
+		bool $flat = false,
+		bool $prefix = false
+	): array {
+		$iterator  = new \RecursiveArrayIterator($array);
+		$recursive = new \RecursiveIteratorIterator(
+			$iterator,
+			\RecursiveIteratorIterator::SELF_FIRST
+		);
+		$hit_list = [];
+		if ($prefix === true) {
+			$hit_list = array_fill_keys($needles, []);
+		}
+		$key_path = [];
+		$prev_depth = 0;
+		foreach ($recursive as $key => $value) {
+			if ($prev_depth > $recursive->getDepth()) {
+				$key_path = [];
+			}
+			$prev_depth = $recursive->getDepth();
+			if ($flat === false) {
+				$key_path[$recursive->getDepth()] = $key;
+			}
+			if (in_array($key, $needles, true)) {
+				ksort($key_path);
+				if ($flat === true) {
+					$hit = $value;
+				} else {
+					$hit = [
+						'value' => $value,
+						'path' => $key_path
+					];
+				}
+				if ($prefix === true) {
+					$hit_list[$key][] = $hit;
+				} else {
+					$hit_list[] = $hit;
+				}
+			}
+		}
+		return $hit_list;
+	}
+
 	/**
 	 * correctly recursive merges as an array as array_merge_recursive
 	 * just glues things together

src/DB/IO.php

@@ -69,12 +69,16 @@
 *     - sets the SQL query (will be set with the $query parameter from method)
 *       if u leave the parameter free the class will try to use this var, but this
 *       method is not so reccomended
+*   $params
+*     - array for query parameters, if not set, ignored
 *   $num_rows
 *     - the number of rows returned by a SELECT or alterd bei UPDATE/INSERT
 *   $num_fields
 *     - the number of fields from the SELECT, is usefull if you do a SELECT *
 *   $field_names
 *     - array of field names (in the order of the return)
+*   $field_types
+*     - array of field types
 *   $insert_id
 *     - for INSERT with auto_increment PK, the ID is stored here
 *   $error_msg
@@ -258,7 +262,6 @@ use CoreLibs\Create\Uids;
 
 // below no ignore is needed if we want to use PgSql interface checks with PHP 8.0
 // as main system. Currently all @var sets are written as object
-/** @#phan-file-suppress PhanUndeclaredTypeProperty,PhanUndeclaredTypeParameter,PhanUndeclaredTypeReturnType */
 
 class IO
 {
@@ -276,8 +279,20 @@ class IO
 	public const NO_CACHE = 3;
 	/** @var string default hash type */
 	public const ERROR_HASH_TYPE = 'adler32';
+	/**
+	 * @var string regex for params: only stand alone $number allowed
+	 *             never allowed to start with '
+	 *             must be after space/tab, =, (
+	*/
+	public const REGEX_PARAMS = '/[^\'][\s(=](\$[0-9]{1,})/';
 	/** @var string regex to get returning with matches at position 1 */
-	public const REGEX_RETURNING = '/\s+returning\s+(.+?);?$/i';
+	public const REGEX_RETURNING = '/\s+returning\s+(.+\s*(?:.+\s*)+);?$/i';
+	// REGEX_SELECT
+	// REGEX_UPDATE
+	// REGEX INSERT
+	// REGEX_INSERT_UPDATE_DELETE
+	// REGEX_FROM_TABLE
+	// REGEX_INSERT_UPDATE_DELETE_TABLE
 
 	// recommend to set private/protected and only allow setting via method
 	// can bet set from outside
@@ -286,10 +301,12 @@ class IO
 	private $to_encoding = '';
 	/** @var string */
 	private $query; // the query string at the moment
+	/** @var array<mixed> */
+	private $params; // current params for query
 	// only inside
 	// basic vars
 	/** @var \PgSql\Connection|false|null */ // replace object with PgSql\Connection|
-	private $dbh; // the dbh handler, if disconnected by command is null, bool:false/int:-1 on error,
+	private $dbh; // the dbh handler, if disconnected by command is null, bool:false on error,
 	/** @var bool */
 	private $db_debug = false; // DB_DEBUG ... (if set prints out debug msgs)
 	/** @var string */
@@ -321,8 +338,10 @@ class IO
 	private $num_rows; // how many rows have been found
 	/** @var int */
 	private $num_fields; // how many fields has the query
-	/** @var array<mixed> */
-	private $field_names = []; // array with the field names of the current query
+	/** @var array<string> array with the field names of the current query */
+	private $field_names = [];
+	/** @var array<string> field type names */
+	private $field_types = [];
 	/** @var array<mixed> */
 	private $insert_id_arr = []; // always return as array, even if only one
 	/** @var string */
@@ -652,13 +671,16 @@ class IO
 	 * @param  string       $error_string error message or debug data
 	 * @param  string       $id           db debug group
 	 * @param  string       $type         query identifier (Q, I, etc)
-	 * @return void                 has no return
+	 * @param  array<mixed> $error_data   Optional error data as array
+	 *                                    Will be printed after main error string
+	 * @return void
 	 */
 	protected function __dbDebug(
 		string $debug_id,
 		string $error_string,
 		string $id = '',
-		string $type = ''
+		string $type = '',
+		array $error_data = []
 	): void {
 		// NOTE prefix allows html for echo output, will be stripped on file print
 		$prefix = '';
@@ -679,6 +701,11 @@ class IO
 		if ($prefix) {
 			$prefix .= '- ';
 		}
+		if ($error_data !== []) {
+			$error_string .= '<br>['
+				. $this->log->prAr($error_data)
+				. ']';
+		}
 		$this->log->debug($debug_id, $error_string, true, $prefix);
 	}
 
@@ -860,20 +887,33 @@ class IO
 
 	/**
 	 * for debug purpose replaces $1, $2, etc with actual data
-	 * @param  string       $stm_name prepared statement name
-	 * @param  array<mixed> $data     the data array
+	 * @param  string       $query Query to replace values in
+	 * @param  array<mixed> $data  The data array
 	 * @return string              string of query with data inside
 	 */
-	private function __dbDebugPrepare(string $stm_name, array $data = []): string
+	private function __dbDebugPrepare(string $query, array $data = []): string
 	{
+		// skip anything if there is no data
+		if ($data === []) {
+			return $query;
+		}
 		// get the keys from data array
 		$keys = array_keys($data);
-		// because the placeholders start with $ and at 1, we need to increase each key and prefix it with a $ char
+		// because the placeholders start with $ and at 1,
+		// we need to increase each key and prefix it with a $ char
 		for ($i = 0, $iMax = count($keys); $i < $iMax; $i++) {
 			$keys[$i] = '$' . ($keys[$i] + 1);
+			// prefix data set with parameter pos
+			$data[$i] = $keys[$i] . ':' . ($data[$i] === null ?
+				'"NULL"' : (string)$data[$i]
+			);
 		}
 		// simply replace the $1, $2, ... with the actual data and return it
-		return str_replace(array_reverse($keys), array_reverse($data), $this->prepare_cursor[$stm_name]['query']);
+		return str_replace(
+			array_reverse($keys),
+			array_reverse($data),
+			$query
+		);
 	}
 
 	/**
@@ -977,6 +1017,33 @@ class IO
 		return $return;
 	}
 
+	/**
+	 * Checks if the placeholder count in the query matches the params given
+	 * on call
+	 *
+	 * @param  string $query        Query to check
+	 * @param  int    $params_count The parms count expected
+	 * @return bool                 True for params count ok, else false
+	 */
+	private function __dbCheckQueryParams(string $query, int $params_count): bool
+	{
+		// search for $1, $2, in the query and push it into the control array
+		// skip counts for same eg $1, $1, $2 = 2 and not 3
+		preg_match_all(self::REGEX_PARAMS, $query, $match);
+		$placeholder_count = count(array_unique($match[1]));
+		if ($params_count != $placeholder_count) {
+			$this->__dbError(
+				23,
+				false,
+				'Array data count does not match prepared fields. Need: '
+				. $placeholder_count . ', has: '
+				. $params_count
+			);
+			return false;
+		}
+		return true;
+	}
+
 	/**
 	 * sub function for dbExec and dbExecAsync
 	 * - checks query is set
@@ -985,13 +1052,17 @@ class IO
 	 * - checks for insert if returning is set/pk name
 	 * - sets internal hash for query
 	 * - checks multiple call count
-	 * @param  string      $query   query string
+	 * @param  string       $query   Query string
+	 * @param  array<mixed> $params  Query params, needed for hash creation
 	 * @param  string       $pk_name primary key
 	 *                               [if set to NULL no returning will be added]
 	 * @return string|false          queryt hash OR bool false on error
 	 */
-	private function __dbPrepareExec(string $query, string $pk_name): string|false
-	{
+	private function __dbPrepareExec(
+		string $query,
+		array $params,
+		string $pk_name
+	): string|false {
 		// reset current cursor before exec
 		$this->cursor = false;
 		// clear matches for regex lookups
@@ -1001,6 +1072,8 @@ class IO
 		$this->returning_id = false;
 		// set the query
 		$this->query = $query;
+		// current params
+		$this->params = $params;
 		// no query set
 		if (empty($this->query)) {
 			$this->__dbError(11);
@@ -1066,10 +1139,18 @@ class IO
 		// $this->debug('DB IO', 'Q: '.$this->query.', RETURN: '.$this->returning_id);
 		// for DEBUG, only on first time ;)
 		if ($this->db_debug) {
-			$this->__dbDebug('db', $this->query, '__dbPrepareExec', 'Q');
+			$this->__dbDebug(
+				'db',
+				$this->__dbDebugPrepare(
+					$this->query,
+					$this->params
+				),
+				'__dbPrepareExec',
+				($this->params === [] ? 'Q' : 'Qp')
+			);
 		}
 		// import protection, hash needed
-		$query_hash = $this->dbGetQueryHash($this->query);
+		$query_hash = $this->dbGetQueryHash($this->query, $this->params);
 		// if the array index does not exists set it 0
 		if (!array_key_exists($query_hash, $this->query_called)) {
 			$this->query_called[$query_hash] = 0;
@@ -1085,7 +1166,15 @@ class IO
 			$this->query_called[$query_hash] > $this->MAX_QUERY_CALL
 		) {
 				$this->__dbError(30, false, $this->query);
-				$this->__dbDebug('db', $this->query, 'dbExec', 'Q[nc]');
+				$this->__dbDebug(
+					'db',
+					$this->__dbDebugPrepare(
+						$this->query,
+						$this->params
+					),
+					'dbExec',
+					($this->params === [] ? 'Q[nc]' : 'Qp[nc]')
+				);
 				return false;
 		}
 		$this->query_called[$query_hash] ++;
@@ -1121,7 +1210,11 @@ class IO
 				// set field names
 				$this->field_names = [];
 				for ($i = 0; $i < $this->num_fields; $i++) {
-					$this->field_names[] = $this->db_functions->__dbFieldName($this->cursor, $i);
+					$this->field_names[] = $this->db_functions->__dbFieldName($this->cursor, $i) ?: '';
+				}
+				$this->field_types = [];
+				for ($i = 0; $i < $this->num_fields; $i++) {
+					$this->field_types[] = $this->db_functions->__dbFieldType($this->cursor, $i) ?: '';
 				}
 			} elseif ($this->__checkQueryForInsert($this->query)) {
 				// if not select do here
@@ -1745,8 +1838,10 @@ class IO
 	 *   the stored array will be deleted ...
 	 * - if set to 3, after EACH row, the data will be reset,
 	 *   no caching is done except for basic (count, etc)
+	 * Wrapper for dbReturnParams
+	 *
 	 * @param  string $query      Query string
-	 * @param  int    $cache      reset status: default: USE_CACHE
+	 * @param  int    $cache      reset status: default: NO_CACHE
 	 *                            USE_CACHE/0: normal read from cache on second run
 	 *                            READ_NEW/1: write to cache, clean before new run
 	 *                            CLEAR_CACHE/2: write cache, clean after finished
@@ -1758,7 +1853,42 @@ class IO
 	 */
 	public function dbReturn(
 		string $query,
-		int $cache = self::USE_CACHE,
+		int $cache = self::NO_CACHE,
+		bool $assoc_only = false
+	): array|false {
+		return $this->dbReturnParams($query, [], $cache, $assoc_only);
+	}
+
+	/**
+	 * single running function, if called creates hash from
+	 * query string and so can itself call exec/return calls
+	 * caches data, so next time called with IDENTICAL (!!!!)
+	 * [this means 1:1 bit to bit identical query] returns cached
+	 * data, or with reset flag set calls data from DB again
+	 * NOTE on $cache param:
+	 * - if set to 0, if same query run again, will read from cache
+	 * - if set to 1, the data will be read new and cached, cache reset a new run
+	 *   (wheres 1 reads cache AND destroys at end of read)
+	 * - if set to 2, at the end of the query (last row returned),
+	 *   the stored array will be deleted ...
+	 * - if set to 3, after EACH row, the data will be reset,
+	 *   no caching is done except for basic (count, etc)
+	 *
+	 * @param  string       $query      Query string
+	 * @param  array<mixed> $params     Query parameters
+	 * @param  int          $cache      reset status: default: NO_CACHE
+	 *                                  USE_CACHE/0: normal read from cache on second run
+	 *                                  READ_NEW/1: write to cache, clean before new run
+	 *                                  CLEAR_CACHE/2: write cache, clean after finished
+	 *                                  NO_CACHE/3: don't write cache
+	 * @param  bool         $assoc_only True to only returned the named and not
+	 *                                  index position ones
+	 * @return array<mixed>|false       return array data or false on error/end
+	 */
+	public function dbReturnParams(
+		string $query,
+		array $params = [],
+		int $cache = self::NO_CACHE,
 		bool $assoc_only = false
 	): array|false {
 		$this->__dbErrorReset();
@@ -1767,7 +1897,7 @@ class IO
 			return false;
 		}
 		// create hash from query ...
-		$query_hash = $this->dbGetQueryHash($query);
+		$query_hash = $this->dbGetQueryHash($query, $params);
 		// pre declare array
 		if (!isset($this->cursor_ext[$query_hash])) {
 			$this->cursor_ext[$query_hash] = [
@@ -1787,6 +1917,8 @@ class IO
 				'pos' => 0,
 				// the query used in this call
 				'query' => '',
+				// parameter
+				'params' => [],
 				// cache flag from method call
 				'cache_flag' => $cache,
 				// flag if we only have assoc data
@@ -1816,6 +1948,25 @@ class IO
 			$this->__dbError(17, false, $this->cursor_ext[$query_hash]['query']);
 			return false;
 		}
+		// set the query parameters
+		$this->cursor_ext[$query_hash]['params'] = $params;
+		// check if params count matches
+		// checks if the params count given matches the expected count
+		if ($this->__dbCheckQueryParams($query, count($params)) === false) {
+			// in case we got an error print out query
+			if ($this->db_debug) {
+				$this->__dbDebug(
+					'db',
+					$this->__dbDebugPrepare(
+						$this->query,
+						$this->params
+					),
+					'dbReturn',
+					($this->params === [] ? 'Q[e]' : 'Qp[e]')
+				);
+			}
+			return false;
+		}
 		// set first call to false
 		$first_call = false;
 		// init return als false
@@ -1837,7 +1988,15 @@ class IO
 			$this->cursor_ext[$query_hash]['log'][] = 'No cursor';
 			// for DEBUG, print out each query executed
 			if ($this->db_debug) {
-				$this->__dbDebug('db', $this->cursor_ext[$query_hash]['query'], 'dbReturn', 'Q');
+				$this->__dbDebug(
+					'db',
+					$this->__dbDebugPrepare(
+						$this->cursor_ext[$query_hash]['query'],
+						$this->cursor_ext[$query_hash]['params']
+					),
+					'dbReturn',
+					($this->cursor_ext[$query_hash]['params'] === [] ? 'Q' : 'Qp'),
+				);
 			}
 			// if no DB Handler try to reconnect
 			if (!$this->dbh) {
@@ -1851,12 +2010,30 @@ class IO
 			if (!$this->__dbCheckConnectionOk()) {
 				return false;
 			}
+			if ($this->cursor_ext[$query_hash]['params'] === []) {
 				$this->cursor_ext[$query_hash]['cursor'] =
-				$this->db_functions->__dbQuery($this->cursor_ext[$query_hash]['query']);
+					$this->db_functions->__dbQuery(
+						$this->cursor_ext[$query_hash]['query']
+					);
+			} else {
+				$this->cursor_ext[$query_hash]['cursor'] =
+					$this->db_functions->__dbQueryParams(
+						$this->cursor_ext[$query_hash]['query'],
+						$this->cursor_ext[$query_hash]['params']
+					);
+			}
 			// if still no cursor ...
 			if (!$this->cursor_ext[$query_hash]['cursor']) {
 				if ($this->db_debug) {
-					$this->__dbDebug('db', $this->cursor_ext[$query_hash]['query'], 'dbReturn', 'Q');
+					$this->__dbDebug(
+						'db',
+						$this->__dbDebugPrepare(
+							$this->cursor_ext[$query_hash]['query'],
+							$this->cursor_ext[$query_hash]['params']
+						),
+						'dbReturn',
+						($this->cursor_ext[$query_hash]['params'] === [] ? 'Q[e]' : 'Qp[e]'),
+					);
 				}
 				// internal error handling
 				$this->__dbError(13, $this->cursor_ext[$query_hash]['cursor']);
@@ -1889,6 +2066,16 @@ class IO
 						);
 				}
 				$this->field_names = $this->cursor_ext[$query_hash]['field_names'];
+				// field types
+				$this->cursor_ext[$query_hash]['field_types'] = [];
+				for ($i = 0; $i < $this->cursor_ext[$query_hash]['num_fields']; $i++) {
+					$this->cursor_ext[$query_hash]['field_types'][] =
+						$this->db_functions->__dbFieldType(
+							$this->cursor_ext[$query_hash]['cursor'],
+							$i
+						);
+				}
+				$this->field_types = $this->cursor_ext[$query_hash]['field_types'];
 				// reset first call var
 				$first_call = false;
 				// reset the internal pos counter
@@ -2009,9 +2196,10 @@ class IO
 	 * like num_rows, num_fields, etc depending on query
 	 * for INSERT INTO queries it is highly recommended to set the pk_name to avoid an
 	 * additional read from the database for the PK NAME
+	 * Wrapper for dbExecParams without params
 	 * @param  string $query   the query, if not given,
 	 *                         the query class var will be used
-	 *                         if this was not set, method will quit with a 0 (failure)
+	 *                         if this was not set, method will quit with false
 	 * @param  string $pk_name optional primary key name, for insert id
 	 *                         return if the pk name is very different
 	 *                         if pk name is table name and _id, pk_name
@@ -2019,16 +2207,50 @@ class IO
 	 *                         if NULL is given here, no RETURNING will be auto added
 	 * @return \PgSql\Result|false    cursor for this query or false on error
 	 */
-	public function dbExec(string $query = '', string $pk_name = ''): \PgSql\Result|false
-	{
+	public function dbExec(
+		string $query = '',
+		string $pk_name = ''
+	): \PgSql\Result|false {
+		// just calls the same without any params
+		// which will trigger normal pg_query call
+		return $this->dbExecParams($query, [], $pk_name);
+	}
+
+	/**
+	 * Execute any query, but with the use of placeholders
+	 *
+	 * @param  string $query   Query, if not given, query class var will be used
+	 *                         if this was not set, method will quit with false
+	 * @param  array<mixed> $params  Parameters to be replaced.
+	 *         NOTE: bytea data cannot be used here (pg_query_params)
+	 * @param  string $pk_name Optional primary key name, for insert id
+	 *                         return if the pk name is very different
+	 *                         if pk name is table name and _id, pk_name
+	 *                         is not needed to be set
+	 *                         if NULL is given here, no RETURNING will be auto added
+	 * @return \PgSql\Result|false  cursor for this query or false on error
+	 */
+	public function dbExecParams(
+		string $query = '',
+		array $params = [],
+		string $pk_name = ''
+	): \PgSql\Result|false {
 		$this->__dbErrorReset();
 		// prepare and check if we can actually run it
-		if ($this->__dbPrepareExec($query, $pk_name) === false) {
+		if ($this->__dbPrepareExec($query, $params, $pk_name) === false) {
 			// bail if no query hash set
 			return false;
 		}
+		// checks if the params count given matches the expected count
+		if ($this->__dbCheckQueryParams($query, count($params)) === false) {
+			return false;
+		}
 		// ** actual db exec call
+		if ($params === []) {
 			$cursor = $this->db_functions->__dbQuery($this->query);
+		} else {
+			$cursor = $this->db_functions->__dbQueryParams($this->query, $params);
+		}
 		// if we faield, just set the master cursors to false too
 		$this->cursor = $cursor;
 		if ($cursor === false) {
@@ -2079,12 +2301,30 @@ class IO
 
 	/**
 	 * returns the FIRST row of the given query
+	 * wrapper for dbReturnRowParms
 	 * @param  string $query      the query to be executed
 	 * @param  bool   $assoc_only if true, only return assoc entry (default false)
 	 * @return array<mixed>|false row array or false on error
 	 */
 	public function dbReturnRow(string $query, bool $assoc_only = false): array|false
 	{
+		return $this->dbReturnRowParams($query, [], $assoc_only);
+	}
+
+	/**
+	 * Returns the first row only for the given query
+	 * Uses db_query_params
+	 *
+	 * @param  string       $query      the query to be executed
+	 * @param  array<mixed> $params     params to be used in query
+	 * @param  bool         $assoc_only if true, only return assoc entry (default false)
+	 * @return array<mixed>|false       row array or false on error
+	 */
+	public function dbReturnRowParams(
+		string $query,
+		array $params = [],
+		bool $assoc_only = false
+	): array|false {
 		$this->__dbErrorReset();
 		if (!$query) {
 			$this->__dbError(11);
@@ -2096,7 +2336,7 @@ class IO
 			$this->__dbError(17, false, $query);
 			return false;
 		}
-		$cursor = $this->dbExec($query);
+		$cursor = $this->dbExecParams($query, $params);
 		if ($cursor === false) {
 			return false;
 		}
@@ -2105,13 +2345,31 @@ class IO
 	}
 
 	/**
-	 * createds an array of hashes of the query (all data)
+	 * creates an array of hashes of the query (all data)
+	 * Wrapper for dbReturnArrayParams
 	 * @param  string $query      the query to be executed
 	 * @param  bool   $assoc_only if true, only name ref are returned (default true)
 	 * @return array<mixed>|false array of hashes (row -> fields), false on error
 	 */
 	public function dbReturnArray(string $query, bool $assoc_only = true): array|false
 	{
+		return $this->dbReturnArrayParams($query, [], $assoc_only);
+	}
+
+	/**
+	 * Creates an array of hashes of all data returned from the query
+	 * uses db_query_param
+	 *
+	 * @param  string       $query      the query to be executed
+	 * @param  array<mixed> $params     params to be used in query
+	 * @param  bool         $assoc_only if true, only name ref are returned (default true)
+	 * @return array<mixed>|false       array of hashes (row -> fields), false on error
+	 */
+	public function dbReturnArrayParams(
+		string $query,
+		array $params = [],
+		bool $assoc_only = true
+	): array|false {
 		$this->__dbErrorReset();
 		if (!$query) {
 			$this->__dbError(11);
@@ -2122,17 +2380,12 @@ class IO
 			$this->__dbError(17, false, $query);
 			return false;
 		}
-		$cursor = $this->dbExec($query);
+		$cursor = $this->dbExecParams($query, $params);
 		if ($cursor === false) {
 			return false;
 		}
 		$rows = [];
 		while (is_array($res = $this->dbFetchArray($cursor, $assoc_only))) {
-			// $data = [];
-			// for ($i = 0; $i < $this->num_fields; $i++) {
-			// 	$data[$this->field_names[$i]] = $res[$this->field_names[$i]] ?? null;
-			// }
-			// $rows[] = $data;
 			$rows[] = $res;
 		}
 		return $rows;
@@ -2145,12 +2398,14 @@ class IO
 	/**
 	 * resets all data stored to this query
 	 * @param  string       $query  The Query whose cache should be cleaned
-	 * @return bool          false if query not found, true if success
+	 * @param  array<mixed> $params If the query is params type we need params
+	 *                              data to create a unique call one, optional
+	 * @return bool                 False if query not found, true if success
 	 */
-	public function dbCacheReset(string $query): bool
+	public function dbCacheReset(string $query, array $params = []): bool
 	{
 		$this->__dbErrorReset();
-		$query_hash = $this->dbGetQueryHash($query);
+		$query_hash = $this->dbGetQueryHash($query, $params);
 		// clears cache for this query
 		if (empty($this->cursor_ext[$query_hash]['query'])) {
 			$this->__dbError(18);
@@ -2168,9 +2423,11 @@ class IO
 	 * returns the full array for cursor ext
 	 * or cursor for one query
 	 * or detail data fonr one query cursor data
+	 *
 	 * @param  string|null $query        Query string, if not null convert to hash
 	 *                                   and return set cursor ext for only this
 	 *                                   if not found or null return null
+	 * @param  array<mixed> $params      Optional params for query hash get
 	 * @param  string       $query_field [=''] optional query field to get
 	 * @return array<mixed>|string|int|\PgSql\Result|null
 	 *                                   Cursor Extended array full if no parameter
@@ -2179,13 +2436,14 @@ class IO
 	 *                                   If nothing found return null
 	 */
 	public function dbGetCursorExt(
-		$query = null,
+		?string $query = null,
+		array $params = [],
 		string $query_field = ''
 	): array|string|int|\PgSql\Result|null {
 		if ($query === null) {
 			return $this->cursor_ext;
 		}
-		$query_hash = $this->dbGetQueryHash($query);
+		$query_hash = $this->dbGetQueryHash($query, $params);
 		if (
 			is_array($this->cursor_ext) &&
 			isset($this->cursor_ext[$query_hash])
@@ -2202,33 +2460,39 @@ class IO
 
 	/**
 	 * returns the current position the read out
-	 * @param  string   $query query to find in cursor_ext
+	 *
+	 * @param  string       $query  Query to find in cursor_ext
+	 * @param  array<mixed> $params If the query is params type we need params
+	 *                              data to create a unique call one, optional
 	 * @return int|false            query position (row pos), false on error
 	 */
-	public function dbGetCursorPos(string $query): int|false
+	public function dbGetCursorPos(string $query, array $params = []): int|false
 	{
 		$this->__dbErrorReset();
 		if (!$query) {
 			$this->__dbError(11);
 			return false;
 		}
-		$query_hash = $this->dbGetQueryHash($query);
+		$query_hash = $this->dbGetQueryHash($query, $params);
 		return (int)$this->cursor_ext[$query_hash]['pos'];
 	}
 
 	/**
 	 * returns the number of rows for the current select query
-	 * @param  string   $query query to find in cursor_ext
+	 *
+	 * @param  string       $query  Query to find in cursor_ext
+	 * @param  array<mixed> $params If the query is params type we need params
+	 *                              data to create a unique call one, optional
 	 * @return int|false            query position (row pos), false on error
 	 */
-	public function dbGetCursorNumRows(string $query): int|false
+	public function dbGetCursorNumRows(string $query, array $params = []): int|false
 	{
 		$this->__dbErrorReset();
 		if (!$query) {
 			$this->__dbError(11);
 			return false;
 		}
-		$query_hash = $this->dbGetQueryHash($query);
+		$query_hash = $this->dbGetQueryHash($query, $params);
 		return (int)$this->cursor_ext[$query_hash]['num_rows'];
 	}
 
@@ -2239,22 +2503,27 @@ class IO
 	/**
 	 * resets the call times for the max query called to 0
 	 * USE CAREFULLY: rather make the query prepare -> execute
+	 *
 	 * @param  string       $query  query string
-	 * @return void          has no return
+	 * @param  array<mixed> $params If the query is params type we need params
+	 *                              data to create a unique call one, optional
+	 * @return void
 	 */
-	public function dbResetQueryCalled(string $query): void
+	public function dbResetQueryCalled(string $query, array $params = []): void
 	{
-		$this->query_called[$this->dbGetQueryHash($query)] = 0;
+		$this->query_called[$this->dbGetQueryHash($query, $params)] = 0;
 	}
 
 	/**
 	 * gets how often a query was called already
 	 * @param  string       $query  query string
+	 * @param  array<mixed> $params If the query is params type we need params
+	 *                              data to create a unique call one, optional
 	 * @return int                  count of times the query was executed
 	 */
-	public function dbGetQueryCalled(string $query): int
+	public function dbGetQueryCalled(string $query, array $params = []): int
 	{
-		$query_hash = $this->dbGetQueryHash($query);
+		$query_hash = $this->dbGetQueryHash($query, $params);
 		if (!empty($this->query_called[$query_hash])) {
 			return $this->query_called[$query_hash];
 		} else {
@@ -2268,7 +2537,8 @@ class IO
 
 	/**
 	 * prepares a query
-	 * for INSERT INTO queries it is highly recommended to set the pk_name to avoid an additional
+	 * for INSERT INTO queries it is highly recommended
+	 * to set the pk_name to avoid an additional
 	 * read from the database for the PK NAME
 	 * @param  string        $stm_name statement name
 	 * @param  string        $query    queryt string to run
@@ -2358,7 +2628,7 @@ class IO
 			$match = [];
 			// search for $1, $2, in the query and push it into the control array
 			// skip counts for same eg $1, $1, $2 = 2 and not 3
-			preg_match_all('/(\$[0-9]{1,})/', $query, $match);
+			preg_match_all(self::REGEX_PARAMS, $query, $match);
 			$this->prepare_cursor[$stm_name]['count'] = count(array_unique($match[1]));
 			$this->prepare_cursor[$stm_name]['query'] = $query;
 			$result = $this->db_functions->__dbPrepare($stm_name, $query);
@@ -2419,6 +2689,17 @@ class IO
 			);
 			return false;
 		}
+		if ($this->db_debug) {
+			$this->__dbDebug(
+				'db',
+				$this->__dbDebugPrepare(
+					$this->prepare_cursor[$stm_name]['query'],
+					$data
+				),
+				'dbExecPrep',
+				'Qpe'
+			);
+		}
 		// if the count does not match
 		if ($this->prepare_cursor[$stm_name]['count'] != count($data)) {
 			$this->__dbError(
@@ -2431,9 +2712,6 @@ class IO
 			);
 			return false;
 		}
-		if ($this->db_debug) {
-			$this->__dbDebug('db', $this->__dbDebugPrepare($stm_name, $data), 'dbExecPrep', 'Q');
-		}
 		$result = $this->db_functions->__dbExecute($stm_name, $data);
 		if ($result === false) {
 			$this->log->debug('ExecuteData', 'ERROR in STM[' . $stm_name . '|'
@@ -2471,27 +2749,58 @@ class IO
 	// ***************************
 
 	/**
-	 * executres the query async so other methods can be run during this
-	 * for INSERT INTO queries it is highly recommended to set the pk_name
-	 * to avoid an additional read from the database for the PK NAME
+	 * executes the query async so other methods can be run at the same time
+	 * Wrapper for dbExecParamsAsync
 	 * NEEDS : dbCheckAsync
 	 * @param  string $query   query to run
 	 * @param  string $pk_name optional primary key name, only used with
 	 *                         insert for returning call
 	 * @return bool            true if async query was sent ok,
-	 *                         false if error happened
+	 *                         false on error
 	 */
 	public function dbExecAsync(string $query, string $pk_name = ''): bool
 	{
+		return $this->dbExecParamsAsync($query, [], $pk_name);
+	}
+
+	/**
+	 * eexecutes the query async so other methods can be run at the same time
+	 * Runs with db_send_query_params
+	 * NEEDS : dbCheckAsync
+	 *
+	 * @param  string $query query to run
+	 * @param  array<mixed> $params
+	 * @param  string $pk_name optional primary key name, only used with
+	 *                         insert for returning call
+	 * @return bool            true if async query was sent ok,
+	 *                         false on error
+	 */
+	public function dbExecParamsAsync(
+		string $query,
+		array $params = [],
+		string $pk_name = ''
+	): bool {
 		$this->__dbErrorReset();
 		// prepare and check if we can actually run the query
-		if (($query_hash = $this->__dbPrepareExec($query, $pk_name)) === false) {
+		if (
+			($query_hash = $this->__dbPrepareExec($query, $params, $pk_name)) === false
+		) {
 			// bail if no hash set
 			return false;
 		}
+		// checks if the params count given matches the expected count
+		if ($this->__dbCheckQueryParams($query, count($params)) === false) {
+			return false;
+		}
+		// ** actual db exec call
+		if ($params === []) {
+			$status = $this->db_functions->__dbSendQuery($this->query);
+		} else {
+			$status = $this->db_functions->__dbSendQueryParams($this->query, $params);
+		}
 		// run the async query, this just returns true or false
 		// the actually result is in dbCheckAsync
-		if (!$this->db_functions->__dbSendQuery($this->query)) {
+		if (!$status) {
 			// if failed, process here
 			$this->__dbError(40);
 			return false;
@@ -2503,6 +2812,42 @@ class IO
 		}
 	}
 
+	/**
+	 * TODO write dbPrepareAsync
+	 * Asnychronus prepare call
+	 * NEEDS : dbCheckAsync
+	 *
+	 * @param  string $stm_name
+	 * @param  string $query
+	 * @param  string $pk_name
+	 * @return bool
+	 */
+	public function dbPrepareAsync(
+		string $stm_name,
+		string $query,
+		string $pk_name = ''
+	): bool {
+		$status = $this->db_functions->__dbSendPrepare($stm_name, $query);
+		return $status;
+	}
+
+	/**
+	 * TODO write dbExecuteAsync
+	 * Asynchronus execute call
+	 * NEEDS : dbCheckAsync
+	 *
+	 * @param  string       $stm_name
+	 * @param  array<mixed> $data
+	 * @return bool
+	 */
+	public function dbExecuteAsync(
+		string $stm_name,
+		array $data = []
+	): bool {
+		$status = $this->db_functions->__dbSendExecute($stm_name, $data);
+		return $status;
+	}
+
 	/**
 	 * checks a previous async query and returns data if finished
 	 * NEEDS : dbExecAsync
@@ -2953,6 +3298,7 @@ class IO
 
 	/**
 	 * Return current database handler
+	 *
 	 * @return \PgSql\Connection|false|null
 	 */
 	public function dbGetDbh(): \PgSql\Connection|false|null
@@ -2963,16 +3309,25 @@ class IO
 	/**
 	 * Returns hash for query
 	 * Hash is used in all internal storage systems for return data
+	 *
 	 * @param  string       $query  The query to create the hash from
-	 * @return string        Hash, as set by hash lpng
+	 * @param  array<mixed> $params If the query is params type we need params
+	 *                              data to create a unique call one, optional
+	 * @return string               Hash, as set by hash long
 	 */
-	public function dbGetQueryHash(string $query): string
+	public function dbGetQueryHash(string $query, array $params = []): string
 	{
-		return Hash::__hashLong($query);
+		return Hash::__hashLong(
+			$query . (
+				$params !== [] ?
+					'#' . json_encode($params) : ''
+			)
+		);
 	}
 
 	/**
 	 * Get current set query
+	 *
 	 * @return string Current set query string
 	 */
 	public function dbGetQuery(): string
@@ -2982,6 +3337,7 @@ class IO
 
 	/**
 	 * Clear current query
+	 *
 	 * @return void
 	 */
 	public function dbResetQuery(): void
@@ -2989,6 +3345,26 @@ class IO
 		$this->query = '';
 	}
 
+	/**
+	 * Get current set params
+	 *
+	 * @return array<mixed>
+	 */
+	public function dbGetParams(): array
+	{
+		return $this->params;
+	}
+
+	/**
+	 * Rset current set params
+	 *
+	 * @return void
+	 */
+	public function dbResetParams(): void
+	{
+		$this->params = [];
+	}
+
 	// ***************************
 	// INTERNAL VARIABLES READ POST QUERY RUN
 	// ***************************
@@ -3031,12 +3407,14 @@ class IO
 	 *
 	 * Replacement for insert_id_ext array access before
 	 *
-	 * @param  string|null  $key
-	 * @param  integer|null $pos
-	 * @return array<mixed>|string|int|null
+	 * @param  string|null  $key            Key to find in insert_id_arr
+	 * @param  integer|null $pos            Multiple in array, which row to search in
+	 * @return array<mixed>|string|int|null Return value, null for error/not found
 	 */
-	public function dbGetReturningExt(?string $key = null, ?int $pos = null): array|string|int|null
-	{
+	public function dbGetReturningExt(
+		?string $key = null,
+		?int $pos = null
+	): array|string|int|null {
 		// return as is if key is null
 		if ($key === null) {
 			if (count($this->insert_id_arr) == 1) {
@@ -3080,6 +3458,7 @@ class IO
 
 	/**
 	 * Always returns the returning block as an array
+	 *
 	 * @return array<mixed> All returning data as array. even if one row only
 	 */
 	public function dbGetReturningArray(): array
@@ -3091,6 +3470,7 @@ class IO
 	 * returns current number of rows that where
 	 * affected by UPDATE/SELECT, etc
 	 * null on empty
+	 *
 	 * @return int|null Number of rows or null if not set
 	 */
 	public function dbGetNumRows(): ?int
@@ -3100,6 +3480,7 @@ class IO
 
 	/**
 	 * Number of fields in select query
+	 *
 	 * @return integer|null Number of fields in select or null if not set
 	 */
 	public function dbGetNumFields(): ?int
@@ -3109,13 +3490,26 @@ class IO
 
 	/**
 	 * Return field names from query
-	 * @return array<mixed> Field names as array
+	 * Order based on order in query
+	 *
+	 * @return array<string> Field names as array
 	 */
 	public function dbGetFieldNames(): array
 	{
 		return $this->field_names;
 	}
 
+	/**
+	 * Return field types from query
+	 * Order based on order in query, use field names to get position
+	 *
+	 * @return array<string> Field types as array
+	 */
+	public function dbGetFieldTypes(): array
+	{
+		return $this->field_types;
+	}
+
 	/**
 	 * Returns the value for given key in statement
 	 * Will write error if statemen id does not exist
@@ -3129,8 +3523,10 @@ class IO
 	 *                          Not ethat returnin_id also can return false
 	 *                          but will not set an error entry
 	 */
-	public function dbGetPrepareCursorValue(string $stm_name, string $key): null|string|int|bool
-	{
+	public function dbGetPrepareCursorValue(
+		string $stm_name,
+		string $key
+	): null|string|int|bool {
 		// if no statement name
 		if (empty($stm_name)) {
 			$this->__dbError(

src/DB/SQL/Interface/SqlFunctions.php

@@ -42,6 +42,15 @@ interface SqlFunctions
 	 */
 	public function __dbSendQuery(string $query): bool;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $query
+	 * @param  array<mixed> $params
+	 * @return bool
+	 */
+	public function __dbSendQueryParams(string $query, array $params): bool;
+
 	/**
 	 * Undocumented function
 	 *
@@ -74,6 +83,24 @@ interface SqlFunctions
 	 */
 	public function __dbExecute(string $name, array $data): \PgSql\Result|false;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $name
+	 * @param  string $query
+	 * @return bool
+	 */
+	public function __dbSendPrepare(string $name, string $query): bool;
+
+	/**
+	 * Undocumented function
+	 *
+	 * @param  string $name
+	 * @param  array<mixed> $params
+	 * @return bool
+	 */
+	public function __dbSendExecute(string $name, array $params): bool;
+
 	/**
 	 * Undocumented function
 	 *
@@ -99,6 +126,15 @@ interface SqlFunctions
 	 */
 	public function __dbFieldName(\PgSql\Result|false $cursor, int $i): string|false;
 
+	/**
+	 * Undocumented function
+	 *
+	 * @param  \PgSql\Result|false $cursor
+	 * @param  int $i
+	 * @return string|false
+	 */
+	public function __dbFieldType(\PgSql\Result|false $cursor, int $i): string|false;
+
 	/**
 	 * Undocumented function
 	 *

src/DB/SQL/PgSQL.php

@@ -33,7 +33,11 @@
 * pg_affected_rows (*)
 * pg_fetch_array
 * pg_query
+* pg_query_params
 * pg_send_query
+* pg_send_query_params
+* pg_send_prepare
+* pg_send_execute
 * pg_get_result
 * pg_connection_busy
 * pg_close
@@ -50,6 +54,7 @@ namespace CoreLibs\DB\SQL;
 // below no ignore is needed if we want to use PgSql interface checks with PHP 8.0
 // as main system. Currently all @var sets are written as object
 /** @#phan-file-suppress PhanUndeclaredTypeProperty,PhanUndeclaredTypeParameter,PhanUndeclaredTypeReturnType */
+/** @phan-file-suppress PhanTypeMismatchArgumentInternal, PhanTypeMismatchReturn */
 
 class PgSQL implements Interface\SqlFunctions
 {
@@ -93,8 +98,7 @@ class PgSQL implements Interface\SqlFunctions
 	}
 
 	/**
-	 * Proposed
-	 * wrapperf or pg_query_params for queries in the style of
+	 * wrapper for pg_query_params for queries in the style of
 	 * SELECT foo FROM bar WHERE foobar = $1
 	 *
 	 * @param  string       $query  Query string with placeholders $1, ..
@@ -132,6 +136,22 @@ class PgSQL implements Interface\SqlFunctions
 		return $result ? true : false;
 	}
 
+	/**
+	 * sends an async query to the server with params
+	 *
+	 * @param  string       $query  Query string with placeholders $1, ..
+	 * @param  array<mixed> $params Matching parameters for each placerhold
+	 * @return bool         true/false Query sent successful status
+	 */
+	public function __dbSendQueryParams(string $query, array $params): bool
+	{
+		if (is_bool($this->dbh)) {
+			return false;
+		}
+		$result = pg_send_query_params($this->dbh, $query, $params);
+		return $result ? true : false;
+	}
+
 	/**
 	 * wrapper for pg_get_result
 	 *
@@ -208,6 +228,38 @@ class PgSQL implements Interface\SqlFunctions
 		return $result;
 	}
 
+	/**
+	 * Asnyc send for a prepared statement
+	 *
+	 * @param  string $name
+	 * @param  string $query
+	 * @return bool
+	 */
+	public function __dbSendPrepare(string $name, string $query): bool
+	{
+		if (is_bool($this->dbh)) {
+			return false;
+		}
+		$result = pg_send_prepare($this->dbh, $name, $query);
+		return $result ? true : false;
+	}
+
+	/**
+	 * Asnyc ssend for a prepared statement execution
+	 *
+	 * @param  string $name
+	 * @param  array<mixed> $params
+	 * @return bool
+	 */
+	public function __dbSendExecute(string $name, array $params): bool
+	{
+		if (is_bool($this->dbh)) {
+			return false;
+		}
+		$result = pg_send_execute($this->dbh, $name, $params);
+		return $result ? true : false;
+	}
+
 	/**
 	 * wrapper for pg_num_rows
 	 *
@@ -251,6 +303,21 @@ class PgSQL implements Interface\SqlFunctions
 		return pg_field_name($cursor, $i);
 	}
 
+	/**
+	 * wrapper for pg_field_name
+	 *
+	 * @param  \PgSql\Result|false $cursor cursor
+	 * @param  int                 $i      field position
+	 * @return string|false                field type name or false
+	 */
+	public function __dbFieldType(\PgSql\Result|false $cursor, int $i): string|false
+	{
+		if (is_bool($cursor)) {
+			return false;
+		}
+		return pg_field_type($cursor, $i);
+	}
+
 	/**
 	 * wrapper for pg_fetch_array
 	 * if through/true false, use __dbResultType(true)

src/Template/SmartyExtend.php

@@ -452,92 +452,95 @@ class SmartyExtend extends \Smarty
 	 * wrapper call for setSmartyVars
 	 * this is for frontend type and will not set any only admin needed variables
 	 *
-	 * @param  string|null $compile_dir          BASE . TEMPLATES_C
-	 * @param  string|null $cache_dir            BASE . CACHE
-	 * @param  string|null $set_js               JS
-	 * @param  string|null $set_css              CSS
-	 * @param  string|null $set_font             FONT
-	 * @param  string|null $set_default_encoding DEFAULT_ENCODING
-	 * @param  string|null $set_g_title          G_TITLE
-	 * @param  string|null $set_stylesheet       STYLESHEET
-	 * @param  string|null $set_javascript       JAVASCRIPT
-	 * @param  \CoreLibs\Admin\Backend|null $cms Optinal Admin Backend for
-	 *                                           smarty variables merge
+	 * @param  array<string,string> $options list with the following value:
+	 *                              compile_dir      :BASE . TEMPLATES_C
+	 *                              cache_dir        :BASE . CACHE
+	 *                              js               :JS
+	 *                              css              :CSS
+	 *                              font             :FONT
+	 *                              default_encoding :DEFAULT_ENCODING
+	 *                              g_title          :G_TITLE
+	 *                              stylesheet       :STYLESHEET
+	 *                              javascript       :JAVASCRIPT
+	 * @param  array<string,mixed>  $smarty_data     array of three keys
+	 *                                               that hold smarty set strings
+	 *                                               HEADER, DATA, DEBUG_DATA
 	 * @return void
 	 */
 	public function setSmartyVarsFrontend(
-		?string $compile_dir = null,
-		?string $cache_dir = null,
-		?string $set_js = null,
-		?string $set_css = null,
-		?string $set_font = null,
-		?string $set_default_encoding = null,
-		?string $set_g_title = null,
-		?string $set_stylesheet = null,
-		?string $set_javascript = null,
-		?\CoreLibs\Admin\Backend $cms = null
+		array $options,
+		array $smarty_data
 	): void {
 		$this->setSmartyVars(
 			false,
-			$cms,
-			$compile_dir,
-			$cache_dir,
-			$set_js,
-			$set_css,
-			$set_font,
-			$set_default_encoding,
-			$set_g_title,
+			$smarty_data,
+			null,
+			$options['compile_dir'] ?? null,
+			$options['cache_dir'] ?? null,
+			$options['js'] ?? null,
+			$options['css'] ?? null,
+			$options['font'] ?? null,
+			$options['default_encoding'] ?? null,
+			$options['g_title'] ?? null,
 			null,
 			null,
 			null,
-			$set_stylesheet,
-			$set_javascript
+			null,
+			null,
+			$options['stylesheet'] ?? null,
+			$options['javascript'] ?? null
 		);
 	}
 
 	/**
 	 * wrapper call for setSmartyVars
 	 * this is only for admin interface and will set additional variables
-	 * @param  string|null $compile_dir          BASE . TEMPLATES_C
-	 * @param  string|null $cache_dir            BASE . CACHE
-	 * @param  string|null $set_js               JS
-	 * @param  string|null $set_css              CSS
-	 * @param  string|null $set_font             FONT
-	 * @param  string|null $set_default_encoding DEFAULT_ENCODING
-	 * @param  string|null $set_g_title          G_TITLE
-	 * @param  string|null $set_admin_stylesheet ADMIN_STYLESHEET
-	 * @param  string|null $set_admin_javascript ADMIN_JAVASCRIPT
-	 * @param  string|null $set_page_width       PAGE_WIDTH
+	 * @param  array<string,string> $options list with the following value:
+	 *                              compile_dir      :BASE . TEMPLATES_C
+	 *                              cache_dir        :BASE . CACHE
+	 *                              js               :JS
+	 *                              css              :CSS
+	 *                              font             :FONT
+	 *                              default_encoding :DEFAULT_ENCODING
+	 *                              g_title          :G_TITLE
+	 *                              admin_stylesheet :ADMIN_STYLESHEET
+	 *                              admin_javascript :ADMIN_JAVASCRIPT
+	 *                              page_width       :PAGE_WIDTH
+	 *                              content_path     :CONTENT_PATH
+	 *                              user_name        :_SESSION['USER_NAME']
 	 * @param  \CoreLibs\Admin\Backend|null $cms Optinal Admin Backend for
 	 *                                           smarty variables merge
 	 * @return void
 	 */
 	public function setSmartyVarsAdmin(
-		?string $compile_dir = null,
-		?string $cache_dir = null,
-		?string $set_js = null,
-		?string $set_css = null,
-		?string $set_font = null,
-		?string $set_default_encoding = null,
-		?string $set_g_title = null,
-		?string $set_admin_stylesheet = null,
-		?string $set_admin_javascript = null,
-		?string $set_page_width = null,
+		array $options,
 		?\CoreLibs\Admin\Backend $cms = null
 	): void {
+		// if we have cms data, check for array blocks and build
+		$smarty_data = [];
+		if ($cms !== null) {
+			$smarty_data = [
+				'HEADER' => $cms->HEADER,
+				'DATA' => $cms->DATA,
+				'DEBUG_DATA' => $cms->DEBUG_DATA
+			];
+		}
 		$this->setSmartyVars(
 			true,
+			$smarty_data,
 			$cms,
-			$compile_dir,
-			$cache_dir,
-			$set_js,
-			$set_css,
-			$set_font,
-			$set_g_title,
-			$set_default_encoding,
-			$set_admin_stylesheet,
-			$set_admin_javascript,
-			$set_page_width,
+			$options['compile_dir'] ?? null,
+			$options['cache_dir'] ?? null,
+			$options['js'] ?? null,
+			$options['css'] ?? null,
+			$options['font'] ?? null,
+			$options['g_title'] ?? null,
+			$options['default_encoding'] ?? null,
+			$options['admin_stylesheet'] ?? null,
+			$options['admin_javascript'] ?? null,
+			$options['page_width'] ?? null,
+			$options['content_path'] ?? null,
+			$options['user_name'] ?? null,
 			null,
 			null
 		);
@@ -549,6 +552,7 @@ class SmartyExtend extends \Smarty
 	 *
 	 * @param  bool        $admin_call           default false
 	 *                                           will set admin only variables
+	 * @param  array<string,mixed> $smarty_data  smarty data to merge
 	 * @param  \CoreLibs\Admin\Backend|null $cms Optinal Admin Backend for
 	 *                                           smarty variables merge
 	 * @param  string|null $compile_dir          BASE . TEMPLATES_C
@@ -561,13 +565,15 @@ class SmartyExtend extends \Smarty
 	 * @param  string|null $set_admin_stylesheet ADMIN_STYLESHEET
 	 * @param  string|null $set_admin_javascript ADMIN_JAVASCRIPT
 	 * @param  string|null $set_page_width       PAGE_WIDTH
+	 * @param  string|null $set_content_path     CONTENT_PATH  (only if $cms set and admin)
+	 * @param  string|null $set_user_name        _SESSION['USER_NAME']
 	 * @param  string|null $set_stylesheet       STYLESHEET
 	 * @param  string|null $set_javascript       JAVASCRIPT
-	 * @param  string|null $set_user_name        _SESSION['USER_NAME']
 	 * @return void
 	 */
 	private function setSmartyVars(
 		bool $admin_call,
+		array $smarty_data = [],
 		?\CoreLibs\Admin\Backend $cms = null,
 		?string $compile_dir = null,
 		?string $cache_dir = null,
@@ -579,9 +585,10 @@ class SmartyExtend extends \Smarty
 		?string $set_admin_stylesheet = null,
 		?string $set_admin_javascript = null,
 		?string $set_page_width = null,
+		?string $set_content_path = null,
+		?string $set_user_name = null,
 		?string $set_stylesheet = null,
 		?string $set_javascript = null,
-		?string $set_user_name = null,
 	): void {
 		// trigger deprecation
 		if (
@@ -605,6 +612,9 @@ class SmartyExtend extends \Smarty
 					$set_stylesheet === null ||
 					$set_javascript === null
 				)
+			) ||
+			(
+				$admin_call === true && $cms !== null && $set_content_path === null
 			)
 		) {
 			/** @deprecated setSmartyVars call without parameters */
@@ -624,25 +634,12 @@ class SmartyExtend extends \Smarty
 		$set_admin_stylesheet = $set_admin_stylesheet ?? ADMIN_STYLESHEET;
 		$set_admin_javascript = $set_admin_javascript ?? ADMIN_JAVASCRIPT;
 		$set_page_width = $set_page_width ?? PAGE_WIDTH;
+		$set_content_path = $set_content_path ?? CONTENT_PATH;
 		$set_stylesheet = $set_stylesheet ?? STYLESHEET;
 		$set_javascript = $set_javascript ?? JAVASCRIPT;
 		$set_user_name = $set_user_name ?? $_SESSION['USER_NAME'] ?? '';
-		// depreacte call globals cms on null 4mcs
-		if (
-			$cms === null &&
-			isset($GLOBALS['cms'])
-		) {
-			/** @deprecated setSmartyVars globals cms is deprecated */
-			trigger_error(
-				'Calling setSmartyVars without cms parameter when needed is deprecated',
-				E_USER_DEPRECATED
-			);
-		}
-		// this is ugly
-		$cms = $cms ?? $GLOBALS['cms'] ?? null;
-		if ($cms instanceof \CoreLibs\Admin\Backend) {
-			$this->mergeCmsSmartyVars($cms);
-		}
+		// merge additional smarty data
+		$this->mergeCmsSmartyVars($smarty_data);
 
 		// trigger flags
 		$this->HEADER['USE_PROTOTYPE'] = $this->USE_PROTOTYPE;
@@ -684,12 +681,27 @@ class SmartyExtend extends \Smarty
 		$this->DATA['FORM_ACTION'] = $this->FORM_ACTION;
 		// special for admin
 		if ($admin_call === true) {
+			// depreacte call globals cms on null 4mcs
+			if (
+				$cms === null &&
+				isset($GLOBALS['cms'])
+			) {
+				/** @deprecated setSmartyVars globals cms is deprecated */
+				trigger_error(
+					'Calling setSmartyVars without cms parameter when needed is deprecated',
+					E_USER_DEPRECATED
+				);
+			}
+			// this is ugly
+			$cms = $cms ?? $GLOBALS['cms'] ?? null;
 			// set ACL extra show
 			if ($cms instanceof \CoreLibs\Admin\Backend) {
 				$this->DATA['show_ea_extra'] = $cms->acl['show_ea_extra'] ?? false;
 				$this->DATA['ADMIN'] = $cms->acl['admin'] ?? 0;
 				// top menu
-				$this->DATA['nav_menu'] = $cms->adbTopMenu();
+				$this->DATA['nav_menu'] = $cms->adbTopMenu(
+					$set_content_path
+				);
 				$this->DATA['nav_menu_count'] = count($this->DATA['nav_menu']);
 				// messages = ['msg' =>, 'class' => 'error/warning/...']
 				$this->DATA['messages'] = $cms->messages;
@@ -749,18 +761,18 @@ class SmartyExtend extends \Smarty
 	/**
 	 * merge outside object HEADER/DATA/DEBUG_DATA vars into the smarty class
 	 *
-	 * @param  \CoreLibs\Admin\Backend $cms object that has header/data/debug_data
+	 * @param  array<string,mixed> $smarty_data array that has header/data/debug_data
 	 * @return void
 	 */
-	public function mergeCmsSmartyVars(\CoreLibs\Admin\Backend $cms): void
+	public function mergeCmsSmartyVars(array $smarty_data): void
 	{
 		// array merge HEADER, DATA, DEBUG DATA
 		foreach (['HEADER', 'DATA', 'DEBUG_DATA'] as $ext_smarty) {
 			if (
-				isset($cms->{$ext_smarty}) &&
-				is_array($cms->{$ext_smarty})
+				isset($smarty_data[$ext_smarty]) &&
+				is_array($smarty_data[$ext_smarty])
 			) {
-				$this->{$ext_smarty} = array_merge($this->{$ext_smarty}, $cms->{$ext_smarty});
+				$this->{$ext_smarty} = array_merge($this->{$ext_smarty}, $smarty_data[$ext_smarty]);
 			}
 		}
 	}

test/phpunit/ACL/CoreLibsACLLoginTest.php

@@ -267,6 +267,8 @@ final class CoreLibsACLLoginTest extends TestCase
 					'GROUP_ACL_LEVEL' => -1,
 					'PAGES_ACL_LEVEL' => [],
 					'USER_ACL_LEVEL' => -1,
+					'USER_ADDITIONAL_ACL' => [],
+					'GROUP_ADDITIONAL_ACL' => [],
 					'UNIT_UID' => [
 						'AdminAccess' => 1,
 					],
@@ -280,6 +282,7 @@ final class CoreLibsACLLoginTest extends TestCase
 							'data' => [
 								'test' => 'value',
 							],
+							'additional_acl' => []
 						],
 					],
 					// 'UNIT_DEFAULT' => '',

test/phpunit/Combined/CoreLibsCombinedArrayHandlerTest.php

@@ -31,6 +31,7 @@ final class CoreLibsCombinedArrayHandlerTest extends TestCase
 		4,
 		'b',
 		'c' => 'test',
+		'single' => 'single',
 		'same' => 'same',
 		'deep' => [
 			'sub' => [
@@ -288,6 +289,188 @@ final class CoreLibsCombinedArrayHandlerTest extends TestCase
 		];
 	}
 
+	/**
+	 * Undocumented function
+	 *
+	 * @return array
+	 */
+	public function arraySearchKeyProvider(): array
+	{
+		/*
+		0: search in array
+		1: search keys
+		2: flat flag
+		3: prefix flag
+		4: expected array
+		*/
+		return [
+			// single
+			'find single, standard' => [
+				0 => self::$array,
+				1 => ['single'],
+				2 => null,
+				3 => null,
+				4 => [
+					0 => [
+						'value' => 'single',
+						'path' => ['single'],
+					],
+				],
+			],
+			'find single, prefix' => [
+				0 => self::$array,
+				1 => ['single'],
+				2 => null,
+				3 => true,
+				4 => [
+					'single' => [
+						0 => [
+							'value' => 'single',
+							'path' => ['single'],
+						],
+					],
+				],
+			],
+			'find single, flat' => [
+				0 => self::$array,
+				1 => ['single'],
+				2 => true,
+				3 => null,
+				4 => [
+					'single',
+				],
+			],
+			'find single, flat, prefix' => [
+				0 => self::$array,
+				1 => ['single'],
+				2 => true,
+				3 => true,
+				4 => [
+					'single' => [
+						'single',
+					],
+				],
+			],
+			// not found
+			'not found, standard' => [
+				0 => self::$array,
+				1 => ['NOT FOUND'],
+				2 => null,
+				3 => null,
+				4 => [],
+			],
+			'not found, standard, prefix' => [
+				0 => self::$array,
+				1 => ['NOT FOUND'],
+				2 => null,
+				3 => true,
+				4 => [
+					'NOT FOUND' => [],
+				],
+			],
+			'not found, flat' => [
+				0 => self::$array,
+				1 => ['NOT FOUND'],
+				2 => true,
+				3 => null,
+				4 => [],
+			],
+			'not found, flat, prefix' => [
+				0 => self::$array,
+				1 => ['NOT FOUND'],
+				2 => true,
+				3 => true,
+				4 => [
+					'NOT FOUND' => [],
+				],
+			],
+			// multi
+			'multiple found, standard' => [
+				0 => self::$array,
+				1 => ['same'],
+				2 => null,
+				3 => null,
+				4 => [
+					[
+						'value' => 'same',
+						'path' => ['a', 'same', ],
+					],
+					[
+						'value' => 'same',
+						'path' => ['same', ],
+					],
+					[
+						'value' => 'same',
+						'path' => ['deep', 'sub', 'same', ],
+					],
+				]
+			],
+			'multiple found, flat' => [
+				0 => self::$array,
+				1 => ['same'],
+				2 => true,
+				3 => null,
+				4 => ['same', 'same', 'same', ],
+			],
+			// search with multiple
+			'search multiple, standard' => [
+				0 => self::$array,
+				1 => ['single', 'nested'],
+				2 => null,
+				3 => null,
+				4 => [
+					[
+						'value' => 'single',
+						'path' => ['single'],
+					],
+					[
+						'value' => 'bar',
+						'path' => ['deep', 'sub', 'nested', ],
+					],
+				],
+			],
+			'search multiple, prefix' => [
+				0 => self::$array,
+				1 => ['single', 'nested'],
+				2 => null,
+				3 => true,
+				4 => [
+					'single' => [
+						[
+							'value' => 'single',
+							'path' => ['single'],
+						],
+					],
+					'nested' => [
+						[
+							'value' => 'bar',
+							'path' => ['deep', 'sub', 'nested', ],
+						],
+					],
+				],
+			],
+			'search multiple, flat' => [
+				0 => self::$array,
+				1 => ['single', 'nested'],
+				2 => true,
+				3 => null,
+				4 => [
+					'single', 'bar',
+				],
+			],
+			'search multiple, flat, prefix' => [
+				0 => self::$array,
+				1 => ['single', 'nested'],
+				2 => true,
+				3 => true,
+				4 => [
+					'single' => ['single', ],
+					'nested' => ['bar', ],
+				],
+			],
+		];
+	}
+
 	/**
 	 * provides array listing for the merge test
 	 *
@@ -691,6 +874,44 @@ final class CoreLibsCombinedArrayHandlerTest extends TestCase
 		);
 	}
 
+	/**
+	 * Undocumented function
+	 *
+	 * @covers::arraySearchKey
+	 * @dataProvider arraySearchKeyProvider
+	 * @testdox arraySearchKey Search array with keys and flat: $flat, prefix: $prefix [$_dataName]
+	 *
+	 * @param  array $input
+	 * @param  array $needles
+	 * @param  bool|null $flat
+	 * @param  bool|null $prefix
+	 * @param  array $expected
+	 * @return void
+	 */
+	public function testArraySearchKey(
+		array $input,
+		array $needles,
+		?bool $flat,
+		?bool $prefix,
+		array $expected
+	): void {
+		if ($flat === null && $prefix === null) {
+			$result = \CoreLibs\Combined\ArrayHandler::arraySearchKey($input, $needles);
+		} elseif ($flat === null) {
+			$result = \CoreLibs\Combined\ArrayHandler::arraySearchKey($input, $needles, prefix: $prefix);
+		} elseif ($prefix === null) {
+			$result = \CoreLibs\Combined\ArrayHandler::arraySearchKey($input, $needles, flat: $flat);
+		} else {
+			$result = \CoreLibs\Combined\ArrayHandler::arraySearchKey($input, $needles, $flat, $prefix);
+		}
+		// print "E: " . print_r($expected, true) . "\n";
+		// print "R: " . print_r($result, true) . "\n";
+		$this->assertEquals(
+			$expected,
+			$result
+		);
+	}
+
 	/**
 	 * Undocumented function
 	 *