Changeset:
3d4daa0a0f89
https://sourceforge.net/p/mrbs/hg-code/ci/3d4daa0a0f895ab59ef26fb98aea9c29e0550205
Author:
John Beranek <jbera...@users.sourceforge.net>
Date:
Sat Sep 17 16:37:47 2016 +0100
Log message:
Merge
diffstat:
convert_db_to_utf8.php | 28 +++++++++++++++-------------
web/search.php | 24 +++++++++++++-----------
2 files changed, 28 insertions(+), 24 deletions(-)
diffs (166 lines):
diff -r bc57c643cd09 -r 3d4daa0a0f89 convert_db_to_utf8.php
--- a/convert_db_to_utf8.php Sat Sep 17 16:32:29 2016 +0100
+++ b/convert_db_to_utf8.php Sat Sep 17 16:37:47 2016 +0100
@@ -160,21 +160,23 @@
Updating '$table' table...
";
$sql = "SELECT id,".implode(',',$columns)." FROM $table";
- $res = sql_query($sql, $db_handle);
+ $res = sql_query($sql, array(), $db_handle);
for ($i = 0; ($row = sql_row_keyed($res, $i)); $i++)
{
+ $sql_params = array();
$updates = array();
$id = $row['id'];
foreach ($columns as $col)
{
- $updates[] = "$col='".
- addslashes(iconv($encoding,"utf-8",$row[$col]))."'";
+ $updates[] = "$col=?";
+ $sql_params[] = iconv($encoding,"utf-8",$row[$col]);
}
$upd_sql = "UPDATE $table SET ".
- implode(',', $updates)." WHERE id=$id";
+ implode(',', $updates)." WHERE id=?";
+ $sql_params[] = $id;
- sql_query($upd_sql, $db_handle);
+ sql_query($upd_sql, $sql_params, $db_handle);
print "<!-- $upd_sql -->\n";
}
print "
@@ -222,7 +224,7 @@
global $db_handle;
$sq='SHOW CREATE DATABASE `'.$db.'`;';
- $res = sql_query($sq, $db_handle);
+ $res = sql_query($sq, array(), $db_handle);
if(!$res)
{
echo "\n\n".$sq."\n".sql_error($db_handle)."\n\n";
@@ -276,8 +278,8 @@
return;
}
- sql_command("USE $db", $db_handle);
- $rs = sql_query("SHOW TABLES", $db_handle);
+ sql_command("USE $db", array(), $db_handle);
+ $rs = sql_query("SHOW TABLES", array(), $db_handle);
if(!$rs)
{
echo "\n\n".sql_error($db_handle)."\n\n";
@@ -287,7 +289,7 @@
for ($i = 0; ($data = sql_row($rs, $i, $db_handle)); $i++)
{
echo "Converting '$data[0]' table...\n";
- $rs1 = sql_query("show FULL columns from $data[0]", $db_handle);
+ $rs1 = sql_query("show FULL columns from $data[0]", array(), $db_handle);
if(!$rs1)
{
echo "\n\n".sql_error($db_handle)."\n\n";
@@ -327,7 +329,7 @@
(($data1['Null'] == 'YES') ? ' NULL ' : ' NOT NULL');
if (!$printonly &&
- !sql_query($sq, $db_handle))
+ !sql_query($sq, array(), $db_handle))
{
echo "\n\n".$sq."\n".sql_error($db_handle)."\n\n";
}
@@ -354,7 +356,7 @@
' COMMENT \''.addslashes($data1['Comment']).'\'');
if (!$printonly &&
- !sql_query($sq, $db_handle))
+ !sql_query($sq, array(), $db_handle))
{
echo "\n\n".$sq."\n".sql_error($db_handle)."\n\n";
}
@@ -380,7 +382,7 @@
}
else
{
- if (!sql_query($sq, $db_handle))
+ if (!sql_query($sq, array(), $db_handle))
{
echo "\n\n".$sq."\n".sql_error($db_handle)."\n\n";
}
@@ -401,7 +403,7 @@
}
else
{
- if (!sql_query($sq, $db_handle))
+ if (!sql_query($sq, array(), $db_handle))
{
echo "\n\n".$sq."\n".sql_error($db_handle)."\n\n";
}
diff -r bc57c643cd09 -r 3d4daa0a0f89 web/search.php
--- a/web/search.php Sat Sep 17 16:32:29 2016 +0100
+++ b/web/search.php Sat Sep 17 16:37:47 2016 +0100
@@ -197,10 +197,9 @@
// NOTE: sql_syntax_caseless_contains() does the SQL escaping
$sql_params = array();
-$sql_pred = "( " . sql_syntax_caseless_contains("E.create_by", '?')
- . " OR " . sql_syntax_caseless_contains("E.name", '?')
- . " OR " . sql_syntax_caseless_contains("E.description", '?');
-array_push($sql_params, $search_str, $search_str, $search_str);
+$sql_pred = "( " . sql_syntax_caseless_contains("E.create_by", $search_str)
+ . " OR " . sql_syntax_caseless_contains("E.name", $search_str)
+ . " OR " . sql_syntax_caseless_contains("E.description", $search_str);
// Also need to search custom fields (but only those with character data,
// which can include fields that have an associative array of options)
@@ -221,7 +220,7 @@
if (($key !== '') && (strpos(utf8_strtolower($value),
utf8_strtolower($search_str)) !== FALSE))
{
$sql_pred .= " OR E." . sql_quote($field['name']) . "=?";
- array_push($sql_params, $key);
+ $sql_params[] = $key;
}
}
}
@@ -232,7 +231,8 @@
}
}
-$sql_pred .= ") AND E.end_time > $now";
+$sql_pred .= ") AND E.end_time > ?";
+$sql_params[] = $now;
$sql_pred .= " AND E.room_id = R.id AND R.area_id = A.id";
@@ -251,7 +251,8 @@
$sql_pred .= " AND ((A.private_override='public') OR
(A.private_override='none' AND ((E.status&" .
STATUS_PRIVATE . "=0) OR E.create_by = ? OR
(A.private_override='private' AND E.create_by = ?))";
- array_push($sql_params, $user, $user);
+ $sql_params[] = $user;
+ $sql_params[] = $user;
}
else
{
@@ -268,9 +269,10 @@
// searches so that we don't have to run it for each page.
if (!isset($total))
{
- $total = sql_query1("SELECT count(*)
- FROM $tbl_entry E, $tbl_room R, $tbl_area A
- WHERE $sql_pred", $sql_params);
+ $sql = "SELECT count(*)
+ FROM $tbl_entry E, $tbl_room R, $tbl_area A
+ WHERE $sql_pred";
+ $total = sql_query1($sql, $sql_params);
}
if ($total < 0)
{
@@ -315,7 +317,7 @@
$result = sql_query($sql, $sql_params);
if (! $result)
{
- trigger_error(sql_error(), E_USER_WARNING);
+ trigger_error("sql ".$sql." err ".sql_error(), E_USER_WARNING);
fatal_error(FALSE, get_vocab("fatal_db_error"));
}
$num_records = sql_count($result);
------------------------------------------------------------------------------
_______________________________________________
Mrbs-commits mailing list
Mrbs-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
