Changeset: 3d4daa0a0f89 https://sourceforge.net/p/mrbs/hg-code/ci/3d4daa0a0f895ab59ef26fb98aea9c29e0550205 Author: John Beranek <jbera...@users.sourceforge.net> Date: Sat Sep 17 16:37:47 2016 +0100 Log message:
Merge diffstat: convert_db_to_utf8.php | 28 +++++++++++++++------------- web/search.php | 24 +++++++++++++----------- 2 files changed, 28 insertions(+), 24 deletions(-) diffs (166 lines): diff -r bc57c643cd09 -r 3d4daa0a0f89 convert_db_to_utf8.php --- a/convert_db_to_utf8.php Sat Sep 17 16:32:29 2016 +0100 +++ b/convert_db_to_utf8.php Sat Sep 17 16:37:47 2016 +0100 @@ -160,21 +160,23 @@ Updating '$table' table... "; $sql = "SELECT id,".implode(',',$columns)." FROM $table"; - $res = sql_query($sql, $db_handle); + $res = sql_query($sql, array(), $db_handle); for ($i = 0; ($row = sql_row_keyed($res, $i)); $i++) { + $sql_params = array(); $updates = array(); $id = $row['id']; foreach ($columns as $col) { - $updates[] = "$col='". - addslashes(iconv($encoding,"utf-8",$row[$col]))."'"; + $updates[] = "$col=?"; + $sql_params[] = iconv($encoding,"utf-8",$row[$col]); } $upd_sql = "UPDATE $table SET ". - implode(',', $updates)." WHERE id=$id"; + implode(',', $updates)." WHERE id=?"; + $sql_params[] = $id; - sql_query($upd_sql, $db_handle); + sql_query($upd_sql, $sql_params, $db_handle); print "<!-- $upd_sql -->\n"; } print " @@ -222,7 +224,7 @@ global $db_handle; $sq='SHOW CREATE DATABASE `'.$db.'`;'; - $res = sql_query($sq, $db_handle); + $res = sql_query($sq, array(), $db_handle); if(!$res) { echo "\n\n".$sq."\n".sql_error($db_handle)."\n\n"; @@ -276,8 +278,8 @@ return; } - sql_command("USE $db", $db_handle); - $rs = sql_query("SHOW TABLES", $db_handle); + sql_command("USE $db", array(), $db_handle); + $rs = sql_query("SHOW TABLES", array(), $db_handle); if(!$rs) { echo "\n\n".sql_error($db_handle)."\n\n"; @@ -287,7 +289,7 @@ for ($i = 0; ($data = sql_row($rs, $i, $db_handle)); $i++) { echo "Converting '$data[0]' table...\n"; - $rs1 = sql_query("show FULL columns from $data[0]", $db_handle); + $rs1 = sql_query("show FULL columns from $data[0]", array(), $db_handle); if(!$rs1) { echo "\n\n".sql_error($db_handle)."\n\n"; @@ -327,7 +329,7 @@ (($data1['Null'] == 'YES') ? ' NULL ' : ' NOT NULL'); if (!$printonly && - !sql_query($sq, $db_handle)) + !sql_query($sq, array(), $db_handle)) { echo "\n\n".$sq."\n".sql_error($db_handle)."\n\n"; } @@ -354,7 +356,7 @@ ' COMMENT \''.addslashes($data1['Comment']).'\''); if (!$printonly && - !sql_query($sq, $db_handle)) + !sql_query($sq, array(), $db_handle)) { echo "\n\n".$sq."\n".sql_error($db_handle)."\n\n"; } @@ -380,7 +382,7 @@ } else { - if (!sql_query($sq, $db_handle)) + if (!sql_query($sq, array(), $db_handle)) { echo "\n\n".$sq."\n".sql_error($db_handle)."\n\n"; } @@ -401,7 +403,7 @@ } else { - if (!sql_query($sq, $db_handle)) + if (!sql_query($sq, array(), $db_handle)) { echo "\n\n".$sq."\n".sql_error($db_handle)."\n\n"; } diff -r bc57c643cd09 -r 3d4daa0a0f89 web/search.php --- a/web/search.php Sat Sep 17 16:32:29 2016 +0100 +++ b/web/search.php Sat Sep 17 16:37:47 2016 +0100 @@ -197,10 +197,9 @@ // NOTE: sql_syntax_caseless_contains() does the SQL escaping $sql_params = array(); -$sql_pred = "( " . sql_syntax_caseless_contains("E.create_by", '?') - . " OR " . sql_syntax_caseless_contains("E.name", '?') - . " OR " . sql_syntax_caseless_contains("E.description", '?'); -array_push($sql_params, $search_str, $search_str, $search_str); +$sql_pred = "( " . sql_syntax_caseless_contains("E.create_by", $search_str) + . " OR " . sql_syntax_caseless_contains("E.name", $search_str) + . " OR " . sql_syntax_caseless_contains("E.description", $search_str); // Also need to search custom fields (but only those with character data, // which can include fields that have an associative array of options) @@ -221,7 +220,7 @@ if (($key !== '') && (strpos(utf8_strtolower($value), utf8_strtolower($search_str)) !== FALSE)) { $sql_pred .= " OR E." . sql_quote($field['name']) . "=?"; - array_push($sql_params, $key); + $sql_params[] = $key; } } } @@ -232,7 +231,8 @@ } } -$sql_pred .= ") AND E.end_time > $now"; +$sql_pred .= ") AND E.end_time > ?"; +$sql_params[] = $now; $sql_pred .= " AND E.room_id = R.id AND R.area_id = A.id"; @@ -251,7 +251,8 @@ $sql_pred .= " AND ((A.private_override='public') OR (A.private_override='none' AND ((E.status&" . STATUS_PRIVATE . "=0) OR E.create_by = ? OR (A.private_override='private' AND E.create_by = ?))"; - array_push($sql_params, $user, $user); + $sql_params[] = $user; + $sql_params[] = $user; } else { @@ -268,9 +269,10 @@ // searches so that we don't have to run it for each page. if (!isset($total)) { - $total = sql_query1("SELECT count(*) - FROM $tbl_entry E, $tbl_room R, $tbl_area A - WHERE $sql_pred", $sql_params); + $sql = "SELECT count(*) + FROM $tbl_entry E, $tbl_room R, $tbl_area A + WHERE $sql_pred"; + $total = sql_query1($sql, $sql_params); } if ($total < 0) { @@ -315,7 +317,7 @@ $result = sql_query($sql, $sql_params); if (! $result) { - trigger_error(sql_error(), E_USER_WARNING); + trigger_error("sql ".$sql." err ".sql_error(), E_USER_WARNING); fatal_error(FALSE, get_vocab("fatal_db_error")); } $num_records = sql_count($result); ------------------------------------------------------------------------------ _______________________________________________ Mrbs-commits mailing list Mrbs-commits@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mrbs-commits