Changeset:
7d80e093122f
https://sourceforge.net/p/mrbs/hg-code/ci/7d80e093122f9e0e1eff70440975ac2da440ac6c
Author:
John Beranek <[email protected]>
Date:
Sat Sep 17 13:29:27 2016 +0100
Log message:
Finished parameterisation of mrbs_sql.inc
diffstat:
web/mrbs_sql.inc | 172 ++++++++++++++++++++++++++++++------------------------
1 files changed, 94 insertions(+), 78 deletions(-)
diffs (truncated from 474 to 300 lines):
diff -r 6e0aa8dfd402 -r 7d80e093122f web/mrbs_sql.inc
--- a/web/mrbs_sql.inc Sat Sep 17 13:29:14 2016 +0100
+++ b/web/mrbs_sql.inc Sat Sep 17 13:29:27 2016 +0100
@@ -28,25 +28,33 @@
get_area_settings(get_area($room_id));
+ $sql_params = array();
+
// Select any meetings which overlap for this room:
$sql = "SELECT E.id, name, start_time, create_by, status, room_name
FROM $tbl_entry E, $tbl_room R
WHERE E.room_id=R.id
- AND start_time < ${booking['end_time']}
- AND end_time > ${booking['start_time']}
- AND E.room_id = $room_id";
+ AND start_time < ?
+ AND end_time > ?
+ AND E.room_id = ?";
+
+ $sql_params = array($booking['end_time'],
+ $booking['start_time'],
+ $room_id);
if ($ignore > 0)
{
- $sql .= " AND E.id <> $ignore";
+ $sql .= " AND E.id <> ?";
+ $sql_params[] = $ignore;
}
if ($repignore > 0)
{
- $sql .= " AND (repeat_id IS NULL OR repeat_id <> $repignore)";
+ $sql .= " AND (repeat_id IS NULL OR repeat_id <> ?)";
+ $sql_params[] = $repignore;
}
$sql .= " ORDER BY start_time";
- $res = sql_query($sql);
+ $res = sql_query($sql, $sql_params);
if (! $res)
{
// probably because the table hasn't been created properly
@@ -440,10 +448,10 @@
$sql = "SELECT *
FROM $tbl_entry
- WHERE id=$id
+ WHERE id=?
LIMIT 1";
- $res = sql_query($sql);
+ $res = sql_query($sql, array($id));
if ($res === FALSE)
{
@@ -468,12 +476,12 @@
$sql = "SELECT E.*
FROM $tbl_entry E, $tbl_room R
WHERE E.room_id = R.id
- AND R.area_id = $area_id
+ AND R.area_id = ?
AND R.disabled = 0
- AND start_time <= $interval_end AND end_time > $interval_start
+ AND start_time <= ? AND end_time > ?
ORDER BY start_time"; // necessary so that multiple bookings appear
in the right order
- $res = sql_query($sql);
+ $res = sql_query($sql, array($area_id, $interval_end, $interval_start));
if ($res === FALSE)
{
trigger_error(sql_error(), E_USER_WARNING);
@@ -496,10 +504,10 @@
$sql = "SELECT *
FROM $tbl_entry
- WHERE room_id = $room_id
- AND start_time <= $interval_end AND end_time > $interval_start
+ WHERE room_id = ?
+ AND start_time <= ? AND end_time > ?
ORDER BY start_time"; // necessary so that multiple bookings appear
in the right order
- $res = sql_query($sql);
+ $res = sql_query($sql, array($room_id, $interval_end, $interval_start));
if ($res === FALSE)
{
@@ -534,7 +542,7 @@
$start_times = array();
// Get the repeat_id and room_id for this entry
- $res = sql_query("SELECT repeat_id, room_id FROM $tbl_entry WHERE id=$id
LIMIT 1");
+ $res = sql_query("SELECT repeat_id, room_id FROM $tbl_entry WHERE id=? LIMIT
1", array($id));
if (($res === FALSE) || (sql_count($res) <= 0))
{
return FALSE;
@@ -544,17 +552,21 @@
$room_id = $row['room_id'];
$sql = "SELECT start_time, end_time, room_id, create_by, id, entry_type FROM
$tbl_entry WHERE ";
-
+
+ $sql_params = array();
+
if ($series)
{
- $sql .= "repeat_id=$repeat_id";
+ $sql .= "repeat_id=";
+ $sql_params[] = $repeat_id;
}
else
{
- $sql .= "id=$id";
+ $sql .= "id=?";
+ $sql_params[] = $id;
}
- $res = sql_query($sql);
+ $res = sql_query($sql, $sql_params);
for ($i = 0; ($row = sql_row_keyed($res, $i)); $i++)
{
@@ -575,7 +587,7 @@
continue;
}
- if (sql_command("DELETE FROM $tbl_entry WHERE id=" . $row['id']) > 0)
+ if (sql_command("DELETE FROM $tbl_entry WHERE id=?", array($row['id'])) >
0)
{
$start_times[] = $row['start_time'];
}
@@ -583,9 +595,9 @@
// Get rid of any orphaned rows in the repeat table
if (!empty($repeat_id) &&
- sql_query1("SELECT COUNT(*) FROM $tbl_entry WHERE repeat_id=$repeat_id")
== 0)
+ sql_query1("SELECT COUNT(*) FROM $tbl_entry WHERE
repeat_id=?",array($repeat_id)) == 0)
{
- sql_command("DELETE FROM $tbl_repeat WHERE id=$repeat_id");
+ sql_command("DELETE FROM $tbl_repeat WHERE id=?",array($repeat_id));
}
asort($start_times);
@@ -1070,10 +1082,10 @@
$sql = "SELECT repeat_id
FROM $tbl_entry
- WHERE id=$entry_id
+ WHERE id=?
LIMIT 1";
- $res = sql_query($sql);
+ $res = sql_query($sql, array($entry_id));
if ($res === FALSE)
{
@@ -1110,32 +1122,32 @@
$sql = "UPDATE $tbl_repeat
SET reminded=$now,
ical_sequence=ical_sequence+1
- WHERE id=$id";
- if (sql_command($sql) >= 0)
+ WHERE id=?";
+ if (sql_command($sql, array($id)) >= 0)
{
$sql = "UPDATE $tbl_entry
- SET reminded=$now,
+ SET reminded=?,
ical_sequence=ical_sequence+1
- WHERE repeat_id=$id";
- return sql_command($sql);
+ WHERE repeat_id=?";
+ return sql_command($sql, array($now, $id));
}
}
else
{
$sql = "UPDATE $tbl_entry
- SET reminded=$now,
+ SET reminded=?,
ical_sequence=ical_sequence+1
- WHERE id=$id";
- if (sql_command($sql) > 0)
+ WHERE id=?";
+ if (sql_command($sql, array($now,$id)) > 0)
{
$repeat_id = get_repeat_id($id);
if (isset($repeat_id))
{
$sql = "UPDATE $tbl_repeat
- SET reminded=$now,
+ SET reminded=?,
ical_sequence=ical_sequence+1
- WHERE id=$repeat_id";
- return sql_command($sql);
+ WHERE id=?";
+ return sql_command($sql, array($now,$id));
}
}
}
@@ -1157,12 +1169,18 @@
$table = ($series) ? $tbl_repeat : $tbl_entry;
$now = time();
+
+ $sql_params = array();
$sql = "UPDATE $table SET";
- $sql .= " info_time=$now";
- $sql .= ", info_user='" . sql_escape($user) . "'";
- $sql .= ", info_text='" . sql_escape($note) . "'";
- $sql .= " WHERE id=$id";
- return sql_command($sql);
+ $sql .= " info_time=?";
+ $sql_params[] = $now;
+ $sql .= ", info_user=?";
+ $sql_params[] = $user;
+ $sql .= ", info_text=?";
+ $sql_params[] = $note;
+ $sql .= " WHERE id=?";
+ $sql_params[] = $id;
+ return sql_command($sql, $sql_params);
}
// mrbsApproveEntry($id, $series)
@@ -1186,8 +1204,8 @@
$sql = "UPDATE $tbl_repeat
SET status=status&(~" . STATUS_AWAITING_APPROVAL . "),
ical_sequence=ical_sequence+1
- WHERE id=$id"; // PostgreSQL does not support LIMIT with UPDATE
- if (sql_command($sql) < 0)
+ WHERE id=?"; // PostgreSQL does not support LIMIT with UPDATE
+ if (sql_command($sql, array($id)) < 0)
{
trigger_error(sql_error(), E_USER_WARNING);
fatal_error(FALSE, get_vocab("fatal_db_error"));
@@ -1200,11 +1218,11 @@
}
// Then update the entry table. First of all we get a list of the
// start times that will be approved, then we do the approval.
- $condition = "$id_column=$id AND status&" . STATUS_AWAITING_APPROVAL . "!=0";
+ $condition = "$id_column=? AND status&" . STATUS_AWAITING_APPROVAL . "!=0";
$sql = "SELECT start_time
FROM $tbl_entry
WHERE $condition";
- $start_times = sql_query_array($sql);
+ $start_times = sql_query_array($sql,array($id));
if (($start_times !== FALSE) && (count($start_times) != 0))
{
@@ -1325,9 +1343,9 @@
FROM $table T, $tbl_room M, $tbl_area A
WHERE T.room_id = M.id
AND M.area_id = A.id
- AND T.id=$id";
+ AND T.id=?";
- $res = sql_query($sql);
+ $res = sql_query($sql, array($id));
if (! $res)
{
trigger_error(sql_error(), E_USER_WARNING);
@@ -1386,7 +1404,7 @@
{
$res = sql_query("SELECT rep_type, end_date, rep_opt, rep_num_weeks,
month_absolute, month_relative,
info_time AS repeat_info_time, info_user AS
repeat_info_user, info_text AS repeat_info_text
- FROM $tbl_repeat WHERE id=${row['repeat_id']} LIMIT
1");
+ FROM $tbl_repeat WHERE id=? LIMIT 1",
array($row['repeat_id']));
if (!$res || (!$extra_row = sql_row_keyed($res, 0)))
{
if (!$res)
@@ -1431,14 +1449,14 @@
$sql = "SELECT area_name
FROM $tbl_area
- WHERE id=$id";
+ WHERE id=?";
if (empty($all))
{
$sql .= " AND disabled=0";
}
$sql .= " LIMIT 1";
- $res = sql_query($sql);
+ $res = sql_query($sql, array($id));
if ($res === FALSE)
{
@@ -1498,10 +1516,10 @@
$sql = "SELECT *
FROM $tbl_area
- WHERE id=$area_id
+ WHERE id=?
LIMIT 1";
- $res = sql_query($sql);
+ $res = sql_query($sql, array($area_id));
if ($res === FALSE)
{
@@ -1532,7 +1550,7 @@
------------------------------------------------------------------------------
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
