[Fusionforge-commits] r7450 - branches/Branch_4_8/gforge/common/pm

Roland Mas lolando at libremir.placard.fr.eu.org
Sun Apr 19 22:02:46 CEST 2009


Author: lolando
Date: 2009-04-19 22:02:46 +0200 (Sun, 19 Apr 2009)
New Revision: 7450

Modified:
   branches/Branch_4_8/gforge/common/pm/ProjectCategory.class.php
   branches/Branch_4_8/gforge/common/pm/ProjectGroup.class.php
   branches/Branch_4_8/gforge/common/pm/ProjectGroupFactory.class.php
   branches/Branch_4_8/gforge/common/pm/ProjectTask.class.php
   branches/Branch_4_8/gforge/common/pm/ProjectTaskFactory.class.php
   branches/Branch_4_8/gforge/common/pm/ProjectTasksForUser.class.php
   branches/Branch_4_8/gforge/common/pm/Validator.class.php
Log:
db_query_params transition: common/pm

Modified: branches/Branch_4_8/gforge/common/pm/ProjectCategory.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/pm/ProjectCategory.class.php	2009-04-19 13:52:47 UTC (rev 7449)
+++ branches/Branch_4_8/gforge/common/pm/ProjectCategory.class.php	2009-04-19 20:02:46 UTC (rev 7450)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2000, Tim Perdue/Sourceforge
  * Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -100,11 +101,10 @@
 			$this->setPermissionDeniedError();
 			return false;
 		}
-		$sql="INSERT INTO project_category (group_project_id,category_name) 
-			VALUES ('".$this->ProjectGroup->getID()."','".htmlspecialchars($name)."')";
+		$result = db_query_params ('INSERT INTO project_category (group_project_id,category_name) VALUES ($1,$2)',
+					   array ($this->ProjectGroup->getID(),
+						  htmlspecialchars($name))) ;
 
-		$result=db_query($sql);
-
 		if ($result && db_affected_rows($result) > 0) {
 			$this->clearError();
 			return true;
@@ -130,7 +130,8 @@
 	 *	@return	boolean	success.
 	 */
 	function fetchData($id) {
-		$res=db_query("SELECT * FROM project_category WHERE category_id='$id'");
+		$res = db_query_params ('SELECT * FROM project_category WHERE category_id=$1',
+					array ($id)) ;
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('ProjectCategory: Invalid ProjectCategory ID');
 			return false;
@@ -187,7 +188,11 @@
 			SET category_name='".htmlspecialchars($name)."'
 			WHERE category_id='". $this->getID() ."' 
 			AND group_project_id='".$this->ProjectGroup->getID()."'";
-		$result=db_query($sql);
+		$result = db_query_params ('UPDATE project_category SET category_name=$1
+			WHERE category_id=$2 AND group_project_id=$3',
+					   array (htmlspecialchars($name),
+						  $this->getID(),
+						  $this->ProjectGroup->getID())) ;
 		if ($result && db_affected_rows($result) > 0) {
 			return true;
 		} else {

Modified: branches/Branch_4_8/gforge/common/pm/ProjectGroup.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/pm/ProjectGroup.class.php	2009-04-19 13:52:47 UTC (rev 7449)
+++ branches/Branch_4_8/gforge/common/pm/ProjectGroup.class.php	2009-04-19 20:02:46 UTC (rev 7450)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2000, Tim Perdue/Sourceforge
  * Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -38,8 +39,8 @@
 			if ($data) {
 				//the db result handle was passed in
 			} else {
-				$res=db_query("SELECT * FROM project_group_list_vw
-				WHERE group_project_id='$group_project_id'");
+				$res = db_query_params ('SELECT * FROM project_group_list_vw WHERE group_project_id=$1',
+							array ($group_project_id)) ;
 				if (db_numrows($res) <1 ) {
 					$PROJECTGROUP_OBJ["_".$group_project_id."_"]=false;
 					return false;
@@ -150,13 +151,13 @@
 			return false;
 		}
 
-		$sql="INSERT INTO project_group_list (group_id,project_name,is_public,
-			description,send_all_posts_to)
-			VALUES ('".$this->Group->getId()."','". htmlspecialchars($project_name) ."','$is_public',
-			'". htmlspecialchars($description) ."','$send_all_posts_to')";
-
 		db_begin();
-		$result=db_query($sql);
+		$result = db_query_params ('INSERT INTO project_group_list (group_id,project_name,is_public,description,send_all_posts_to) VALUES ($1,$2,$3,$4,$5)',
+					   array ($this->Group->getId(),
+						  htmlspecialchars($project_name),
+						  $is_public,
+						  htmlspecialchars($description),
+						  $send_all_posts_to)) ;
 		if (!$result) {
 			db_rollback();
 			$this->setError('Error Adding ProjectGroup: '.db_error());
@@ -176,9 +177,9 @@
 	 *  @return	boolean	success.
 	 */
 	function fetchData($group_project_id) {
-		$res=db_query("SELECT * FROM project_group_list_vw
-			WHERE group_project_id='$group_project_id'
-			AND group_id='". $this->Group->getID() ."'");
+		$res = db_query_params ('SELECT * FROM project_group_list_vw WHERE group_project_id=$1 AND group_id=$2',
+					array ($group_project_id,
+					       $this->Group->getID())) ;
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('ProjectGroup:: Invalid group_project_id');
 			return false;
@@ -267,8 +268,8 @@
 	 */
 	function getStatuses () {
 		if (!$this->statuses) {
-			$sql='SELECT * FROM project_status';
-			$this->statuses=db_query($sql);
+			$this->statuses = db_query_params ('SELECT * FROM project_status',
+							   array());
 		}
 		return $this->statuses;
 	}
@@ -280,10 +281,8 @@
 	 */
 	function getCategories () {
 		if (!$this->categories) {
-			$sql="SELECT category_id,category_name 
-				FROM project_category 
-				WHERE group_project_id='".$this->getID()."'";
-			$this->categories=db_query($sql);
+			$this->categories = db_query_params ('SELECT category_id,category_name FROM project_category WHERE group_project_id=$1',
+							     array ($this->getID()));
 		}
 		return $this->categories;
 	}
@@ -309,15 +308,17 @@
 	 */
 	function getTechnicians () {
 		if (!$this->technicians) {
-			$sql="SELECT users.user_id, users.realname 
+			$sql="";
+			$this->technicians = db_query_params ('SELECT users.user_id, users.realname 
 				FROM users, role_setting, user_group
 				WHERE users.user_id=user_group.user_id
                                 AND role_setting.role_id=user_group.role_id
-                                AND role_setting.ref_id='". $this->getID() ."' 
+                                AND role_setting.ref_id=$1
 				AND role_setting.value::integer IN (1,2) 
-                                AND role_setting.section_name='pm'
-				ORDER BY users.realname";
-			$this->technicians=db_query($sql);
+                                AND role_setting.section_name=$2
+				ORDER BY users.realname',
+							      array ($this->getID(),
+								     'pm')) ;
 		}
 		return $this->technicians;
 	}
@@ -365,13 +366,14 @@
 			return false;
 		}
 
-		$sql="UPDATE project_group_list SET
-			project_name='". htmlspecialchars($project_name) ."',
-			description='". htmlspecialchars($description) ."',
-			send_all_posts_to='$send_all_posts_to'
-			WHERE group_id='".$this->Group->getID()."'
-			AND group_project_id='".$this->getID()."'";
-		$res=db_query($sql);
+		$res = db_query_params ('UPDATE project_group_list SET project_name=$1,
+			description=$2,	send_all_posts_to=$3
+			WHERE group_id=$4 AND group_project_id=$5',
+					array (htmlspecialchars($project_name),
+					       htmlspecialchars($description),
+					       $send_all_posts_to,
+					       $this->Group->getID(),
+					       $this->getID())) ;
 
 		if (!$res || db_affected_rows($res) < 1) {
 			$this->setError('Error On Update: '.db_error().$sql);
@@ -399,114 +401,112 @@
 
 		db_begin();
 
-                $sql = "DELETE FROM project_assigned_to
+                $res = db_query_params ('DELETE FROM project_assigned_to
 			WHERE EXISTS (SELECT project_task_id FROM project_task
-			WHERE group_project_id='".$this->getID()."'
-			AND project_task.project_task_id=project_assigned_to.project_task_id)";
-                $res = db_query($sql);
+			WHERE group_project_id=$1
+			AND project_task.project_task_id=project_assigned_to.project_task_id)',
+					array ($this->getID())) ;
 
                 if (!$res)
                 {
-                        $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+                        $this->setError('DATABASE '.db_error());
                         return false;
                 }
 
-                $sql = "DELETE FROM project_dependencies
+		$res = db_query_params ('DELETE FROM project_dependencies
 			WHERE EXISTS (SELECT project_task_id FROM project_task
-			WHERE group_project_id='".$this->getID()."'
-			AND project_task.project_task_id=project_dependencies.project_task_id)";
-                $res = db_query($sql);
+			WHERE group_project_id=$1
+			AND project_task.project_task_id=project_dependencies.project_task_id)',
+					array ($this->getID())) ;
 
                 if (!$res)
                 {
-                        $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+                        $this->setError('DATABASE '.db_error());
                         return false;
                 }
 
-                $sql = "DELETE FROM project_history
+		$res = db_query_params ('DELETE FROM project_history
 			WHERE EXISTS (SELECT project_task_id FROM project_task
-			WHERE group_project_id='".$this->getID()."'
-			AND project_task.project_task_id=project_history.project_task_id)";
-                $res = db_query($sql);
+			WHERE group_project_id=$1
+			AND project_task.project_task_id=project_history.project_task_id)',
+					array ($this->getID())) ;
 
                 if (!$res)
                 {
-                        $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+                        $this->setError('DATABASE '.db_error());
                         return false;
                 }
 
-                $sql = "DELETE FROM project_messages
+                $res = db_query_params ('DELETE FROM project_messages
 			WHERE EXISTS (SELECT project_task_id FROM project_task
-			WHERE group_project_id='".$this->getID()."'
-			AND project_task.project_task_id=project_messages.project_task_id)";
-                $res = db_query($sql);
+			WHERE group_project_id=$1
+			AND project_task.project_task_id=project_messages.project_task_id)',
+					array ($this->getID())) ;
 
                 if (!$res)
                 {
-                        $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+                        $this->setError('DATABASE '.db_error());
                         return false;
                 }
 
-                $sql = "DELETE FROM project_task_artifact
+                $res = db_query_params ('DELETE FROM project_task_artifact
 			WHERE EXISTS (SELECT project_task_id FROM project_task
-			WHERE group_project_id='".$this->getID()."'
-			AND project_task.project_task_id=project_task_artifact.project_task_id)";
-                $res = db_query($sql);
+			WHERE group_project_id=$1
+			AND project_task.project_task_id=project_task_artifact.project_task_id)',
+					array ($this->getID())) ;
 
                 if (!$res)
                 {
-                        $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+                        $this->setError('DATABASE '.db_error());
                         return false;
                 }
 
-                $sql = "DELETE FROM rep_time_tracking
+                $res = db_query_params ('DELETE FROM rep_time_tracking
 			WHERE EXISTS (SELECT project_task_id FROM project_task
-			WHERE group_project_id='".$this->getID()."'
-			AND project_task.project_task_id=rep_time_tracking.project_task_id)";
-                $res = db_query($sql);
+			WHERE group_project_id=$1
+			AND project_task.project_task_id=rep_time_tracking.project_task_id)',
+					array ($this->getID())) ;
 
                 if (!$res)
                 {
-                        $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+                        $this->setError('DATABASE '.db_error());
                         return false;
                 }
 
-                $sql = "DELETE FROM project_task
-			WHERE group_project_id='".$this->getID()."'";
-                $res = db_query($sql);
+                $res = db_query_params ('DELETE FROM project_task
+			WHERE group_project_id=$1',
+					array ($this->getID())) ;
 
                 if (!$res)
                 {
-                        $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+                        $this->setError('DATABASE '.db_error());
                         return false;
                 }
 
-		$sql = "DELETE FROM project_category WHERE group_project_id='".$this->getID()."'";
-		$res = db_query($sql);
+		$res = db_query_params ('DELETE FROM project_category WHERE group_project_id=$1',
+					array ($this->getID())) ;
 
 		if (!$res)
 		{
-			$this->setError('DATABASE '.db_error().' QUERY='.$sql);
+			$this->setError('DATABASE '.db_error());
 			return false;
 		}
 
-                $sql = "DELETE FROM project_group_list
-			WHERE group_project_id='".$this->getID()."'";
-                $res = db_query($sql);
+		$res = db_query_params ('DELETE FROM project_group_list WHERE group_project_id=$1',
+					array ($this->getID())) ;
 
                 if (!$res)
                 {
-                        $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+                        $this->setError('DATABASE '.db_error());
                         return false;
                 }
 
-                $sql = "DELETE FROM project_counts_agg
-			WHERE group_project_id='".$this->getID()."'";
-                $res = db_query($sql);
+		$res = db_query_params ('DELETE FROM project_counts_agg WHERE group_project_id=$1',
+					array ($this->getID())) ;
 
                 if (!$res)
                 {
-                        $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+                        $this->setError('DATABASE '.db_error());
                         return false;
                 }
 
@@ -593,13 +593,16 @@
 			return -1;
 		} else {
 			if (!isset($this->current_user_perm)) {
-				$sql="SELECT role_setting.value::integer
+				$res = db_query_params ('SELECT role_setting.value::integer
 				FROM role_setting, user_group
-				WHERE role_setting.ref_id='". $this->getID() ."'
+				WHERE role_setting.ref_id=$1
 				AND user_group.role_id = role_setting.role_id
-                                AND user_group.user_id='".user_getid()."'
-                                AND role_setting.section_name='pm'";
-				$this->current_user_perm=db_result(db_query($sql),0,0);
+                                AND user_group.user_id=$2
+                                AND role_setting.section_name=$3',
+							array ($this->getID(),
+							       user_getid(),
+							       'pm')) ;
+				$this->current_user_perm=db_result($res,0,0);
 			}
 			return $this->current_user_perm;
 		}

Modified: branches/Branch_4_8/gforge/common/pm/ProjectGroupFactory.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/pm/ProjectGroupFactory.class.php	2009-04-19 13:52:47 UTC (rev 7449)
+++ branches/Branch_4_8/gforge/common/pm/ProjectGroupFactory.class.php	2009-04-19 20:02:46 UTC (rev 7450)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2000, Tim Perdue/Sourceforge
  * Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -84,36 +85,32 @@
 		if (session_loggedin()) {
 			$perm =& $this->Group->getPermission( session_get_user() );
 			if (!$perm || !is_object($perm) || !$perm->isMember()) {
-				$public_flag='=1';
-				$exists = '';
+				$result = db_query_params ('SELECT * FROM project_group_list_vw WHERE group_id=$1 AND is_public=1 ORDER BY group_project_id',
+							   array ($this->Group->getID())) ;
 			} else {
-				$public_flag='<3';
 				if ($perm->isPMAdmin()) {
-					$exists='';
+					$result = db_query_params ('SELECT * FROM project_group_list_vw WHERE group_id=$1 AND is_public<3 ORDER BY group_project_id',
+								   array ($this->Group->getID())) ;
 				} else {
-					$exists=" AND group_project_id IN (SELECT role_setting.ref_id
-					FROM role_setting, user_group
-					WHERE role_setting.value::integer >= 0
-                                          AND role_setting.section_name = 'pm'
-                                          AND role_setting.ref_id=project_group_list_vw.group_project_id
-                                          
-   					  AND user_group.role_id = role_setting.role_id
-					  AND user_group.user_id='".user_getid()."') ";
+					$result = db_query_params ('SELECT * FROM project_group_list_vw
+	WHERE group_id=$1 AND is_public<3
+	  AND group_project_id IN (SELECT role_setting.ref_id
+			           FROM role_setting, user_group
+				   WHERE role_setting.value::integer >= 0
+                                     AND role_setting.section_name = $2
+                                     AND role_setting.ref_id=project_group_list_vw.group_project_id
+				     AND user_group.role_id = role_setting.role_id
+				     AND user_group.user_id=$3
+        ORDER BY group_project_id',
+								   array ($this->Group->getID(),
+									  'pm',
+									  user_getid())) ;
 				}
 			}
 		} else {
-			$public_flag='=1';
-			$exists = '';
+				$result = db_query_params ('SELECT * FROM project_group_list_vw WHERE group_id=$1 AND is_public=1 ORDER BY group_project_id',
+							   array ($this->Group->getID())) ;
 		}
-
-		$sql="SELECT *
-			FROM project_group_list_vw
-			WHERE group_id='". $this->Group->getID() ."' 
-			AND is_public $public_flag $exists
-			ORDER BY group_project_id;";
-
-		$result = db_query ($sql);
-
 		$rows = db_numrows($result);
 
 		if (!$result || $rows < 1) {

Modified: branches/Branch_4_8/gforge/common/pm/ProjectTask.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/pm/ProjectTask.class.php	2009-04-19 13:52:47 UTC (rev 7449)
+++ branches/Branch_4_8/gforge/common/pm/ProjectTask.class.php	2009-04-19 20:02:46 UTC (rev 7450)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2000, Tim Perdue/Sourceforge
  * Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -32,8 +33,8 @@
 			if ($data) {
 				//the db result handle was passed in
 			} else {
-				$res=db_query("SELECT * FROM project_task_vw
-					WHERE project_task_id='$project_task_id'");
+				$res = db_query_params ('SELECT * FROM project_task_vw WHERE project_task_id=$1',
+							array ($project_task_id)) ;
 
 				if (db_numrows($res) <1 ) {
 					$PROJECTTASK_OBJ["_".$project_task_id."_"]=false;
@@ -193,7 +194,8 @@
 			$this->data_array['project_task_id']=$project_task_id;
 
 		} else {
-			$res=db_query("SELECT nextval('project_task_pk_seq') AS id");
+			$res = db_query_params ('SELECT nextval($1) AS id', 
+						aarray ('project_task_pk_seq'));
 			if (!$project_task_id=db_result($res,0,'id')) {
 				$this->setError( 'Could Not Get Next Project Task ID' );
 				db_rollback();
@@ -202,12 +204,22 @@
 
 			$this->data_array['project_task_id']=$project_task_id;
 
-			$sql="INSERT INTO project_task (project_task_id,group_project_id,created_by,summary,
-					details,start_date,end_date,status_id,category_id,priority,percent_complete,hours,duration,parent_id) 
-					VALUES ('$project_task_id','". $this->ProjectGroup->getID() ."', '".user_getid()."', '". htmlspecialchars($summary) ."',
-					'". htmlspecialchars($details) ."','$start_date','$end_date','1','$category_id','$priority','$percent_complete','$hours','$duration','$parent_id')";
+			$result = db_query_params ('INSERT INTO project_task (project_task_id,group_project_id,created_by,summary,details,start_date,end_date,status_id,category_id,priority,percent_complete,hours,duration,parent_id) VALUES ($1,$2,$3,$4,$5,$6,$7,8,$9,$10,$11,$12,$13,$14)',
+						   array ($project_task_id,
+							  $this->ProjectGroup->getID(),
+							  user_getid(),
+							  htmlspecialchars($summary),
+							  htmlspecialchars($details),
+							  $start_date,
+							  $end_date,
+							  1,
+							  $category_id,
+							  $priority,
+							  $percent_complete,
+							  $hours,
+							  $duration,
+							  $parent_id)) ;
 
-			$result=db_query($sql);
 			if (!$result || db_affected_rows($result) < 1) {
 				$this->setError('ProjectTask::create() Posting Failed '.db_error().$sql);
 				db_rollback();
@@ -239,9 +251,11 @@
 	 *  @return	boolean	success.
 	 */
 	function fetchData($project_task_id) {
-		$res=db_query("SELECT * FROM project_task_vw
-			WHERE project_task_id='$project_task_id'
-			AND group_project_id='". $this->ProjectGroup->getID() ."'");
+		$res = db_query_params ('SELECT * FROM project_task_vw
+			WHERE project_task_id=$1
+			AND group_project_id=$2',
+					array ($project_task_id,
+					       $this->ProjectGroup->getID())) ;
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('ProjectTask::fetchData() Invalid Task ID'.db_error());
 			return false;
@@ -418,11 +432,14 @@
 	 *	an id, for example an ID generated by MS Project, which needs to be restored later
 	 */
 	function setExternalID($id) {
-		$res=db_query("UPDATE project_task_external_order SET external_id='$id' 
-			WHERE project_task_id='".$this->getID()."'");
+		$res = db_query_params ('UPDATE project_task_external_order SET external_id=$1
+			WHERE project_task_id=$2',
+					array ($id,
+					       $this->getID())) ;
 		if (db_affected_rows($res) < 1) {
-			$res=db_query("INSERT INTO project_task_external_order (project_task_id,external_id) 
-				VALUES ('".$this->getID()."','$id')");
+			$res = db_query_params ('INSERT INTO project_task_external_order (project_task_id,external_id) VALUES ($1, $2)', 
+						array ($this->getID(),
+						       $id)) ;
 		}
 	}
 
@@ -443,12 +460,13 @@
 	function getRelatedArtifacts() {
 		if (!$this->relatedartifacts) {
 			$this->relatedartifacts=
-			db_query("SELECT agl.group_id,agl.name,agl.group_artifact_id,a.artifact_id,a.open_date,a.summary 
+				db_query_params ('SELECT agl.group_id,agl.name,agl.group_artifact_id,a.artifact_id,a.open_date,a.summary 
 			FROM artifact_group_list agl, artifact a 
 			WHERE a.group_artifact_id=agl.group_artifact_id
 			AND EXISTS (SELECT artifact_id FROM project_task_artifact 
 				WHERE artifact_id=a.artifact_id
-				AND project_task_id='". $this->getID() ."')");
+				AND project_task_id=$1',
+						 array ($this->getID())) ;
 		}
 		return $this->relatedartifacts;
 	}
@@ -473,8 +491,9 @@
 			if ($art_array[$i] < 1) {
 				continue;
 			}
-			$res=db_query("INSERT INTO project_task_artifact (project_task_id,artifact_id) 
-				VALUES ('".$this->getID()."','".$art_array[$i]."')");
+			$res = db_query_params ('INSERT INTO project_task_artifact (project_task_id,artifact_id) VALUES ($1,$2)', 
+						array ($this->getID(),
+						       $art_array[$i])) ;
 			if (!$res) {
 				$this->setError('Error inserting artifact relationship: '.db_error());
 				return false;
@@ -496,9 +515,11 @@
 		}
 
 		for ($i=0; $i<count($art_array); $i++) {
-			$res=db_query("DELETE FROM project_task_artifact
-				WHERE project_task_id='".$this->getID()."'
-				AND artifact_id='".$art_array[$i]."'");
+			$res = db_query_params ('DELETE FROM project_task_artifact
+				WHERE project_task_id=$1
+				AND artifact_id=$2',
+						array ($this->getID(),
+						       $art_array[$i])) ;
 			if (!$res) {
 				$this->setError('Error deleting artifact relationship: '.db_error());
 				return false;
@@ -524,43 +545,50 @@
 		}
 		db_begin();
 
-		$res = db_query("DELETE FROM project_assigned_to WHERE project_task_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM project_assigned_to WHERE project_task_id=$1',
+					array ($this->getID())) ;
 		if (!$res) {
 			$this->setError('Error deleting assigned users relationship: '.db_error());
 			db_rollback();
 			return false;
 		}
-		$res = db_query("DELETE FROM project_dependencies WHERE project_task_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM project_dependencies WHERE project_task_id=$1',
+					array ($this->getID())) ;
 		if (!$res) {
 			$this->setError('Error deleting dependencies: '.db_error());
 			db_rollback();
 			return false;
 		}
-		$res = db_query("DELETE FROM project_history WHERE project_task_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM project_history WHERE project_task_id=$1',
+					array ($this->getID())) ;
 		if (!$res) {
 			$this->setError('Error deleting history: '.db_error());
 			db_rollback();
 			return false;
 		}
-		$res = db_query("DELETE FROM project_messages WHERE project_task_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM project_messages WHERE project_task_id=$1',
+					array ($this->getID())) ;
 		if (!$res) {
 			$this->setError('Error deleting messages: '.db_error());
 			db_rollback();
 			return false;
 		}
-		$res = db_query("DELETE FROM project_task_artifact	WHERE project_task_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM project_task_artifact WHERE project_task_id=$1',
+					array ($this->getID())) ;
 		if (!$res) {
 			$this->setError('Error deleting artifacts: '.db_error());
 			db_rollback();
 			return false;
 		}
-		$res = db_query("DELETE FROM rep_time_tracking	WHERE project_task_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM rep_time_trackingWHERE project_task_id=$1',
+					array ($this->getID())) ;
 		if (!$res) {
 			$this->setError('Error deleting time tracking report: '.db_error());
 			db_rollback();
 			return false;
 		}
-		$res = db_query("DELETE FROM project_task WHERE project_task_id='".$this->getID()."'");
+		$res = db_query_params ('DELETE FROM project_task WHERE project_task_id=$1',
+					array ($this->getID())) ;
 		if (!$res) {
 			$this->setError('Error deleting task: '.db_error());
 			db_rollback();
@@ -582,15 +610,21 @@
 		//	May not yet have an ID, if we are creating a NEW task
 		//
 		if ($this->getID()) {
-			$addstr=" AND project_task_id <> '". $this->getID() ."' ";
+			return db_query_params ('SELECT project_task_id,summary 
+		FROM project_task 
+		WHERE group_project_id=$1
+		AND project_task_id <> $2
+                ORDER BY project_task_id DESC',
+						array ($this->ProjectGroup->getID(),
+						       $this->getID())) ;
 		} else {
-			$addstr='';
+			return db_query_params ('SELECT project_task_id,summary 
+		FROM project_task 
+		WHERE group_project_id=$1
+		ORDER BY project_task_id DESC',
+						array ($this->ProjectGroup->getID(),
+						       $this->getID())) ;
 		}
-		$sql="SELECT project_task_id,summary 
-		FROM project_task 
-		WHERE group_project_id='". $this->ProjectGroup->getID() ."' 
-		$addstr ORDER BY project_task_id DESC";
-		return db_query($sql);
 	}
 
 	/**
@@ -599,11 +633,12 @@
 	 *  @return database result set.
 	 */
 	function getHistory() {
-		$sql="SELECT * 
+		$sql="";
+		return db_query_params ('SELECT * 
 		FROM project_history_user_vw 
-		WHERE project_task_id='". $this->getID() ."' 
-		ORDER BY mod_date DESC";
-		return db_query($sql);
+		WHERE project_task_id=$1
+		ORDER BY mod_date DESC',
+					array ($this->getID())) ;
 	}
 
 	/**
@@ -612,10 +647,11 @@
 	 *  @return database result set.
 	 */
 	function getMessages() {
-		$sql="select * 
-			FROM project_message_user_vw 
-			WHERE project_task_id='". $this->getID() ."' ORDER BY postdate DESC";
-		return db_query($sql);
+		return db_query_params ('SELECT * 
+		FROM project_message_user_vw 
+		WHERE project_task_id=$1
+		ORDER BY postdate DESC',
+					array ($this->getID())) ;
 	}
 
 	/**
@@ -629,13 +665,17 @@
 		if ($this->getDetails() == htmlspecialchars($message)) {
 			return true;
 		}
-		$res=db_query("SELECT * FROM project_messages 
-			WHERE project_task_id='".$this->getID()."'
-			AND body='". htmlspecialchars($message) ."'");
+		$res = db_query_params ('SELECT * FROM project_messages 
+			WHERE project_task_id=$1
+			AND body=$2',
+					array ($this->getID(),
+					       htmlspecialchars($message))) ;
 		if (!$res || db_numrows($res) < 1) {
-			$sql="INSERT INTO project_messages (project_task_id,body,posted_by,postdate) 
-				VALUES ('". $this->getID() ."','". htmlspecialchars($message) ."','".user_getid()."','". time() ."')";
-			$res=db_query($sql);
+			$res = db_query_params ('INSERT INTO project_messages (project_task_id,body,posted_by,postdate) VALUES ($1,$2,$3,$4)',
+						array ($this->getID(),
+						       htmlspecialchars($message),
+						       user_getid(),
+						       time())) ;
 			if (!$res || db_affected_rows($res) < 1) {
 				$this->setError('AddMessage():: '.db_error());
 				return false;
@@ -657,7 +697,12 @@
 	function addHistory ($field_name,$old_value) {
 		$sql="insert into project_history(project_task_id,field_name,old_value,mod_by,mod_date) 
 			VALUES ('". $this->getID() ."','$field_name','$old_value','".user_getid()."','".time()."')";
-		$result=db_query($sql);
+		$result = db_query_params ('INSERT INTO project_history (project_task_id,field_name,old_value,mod_by,mod_date) VALUES ($1,$2,$3,$4,$5)',
+					   array ($this->getID(),
+						  $field_name,
+						  $old_value,
+						  user_getid(),
+						  time())) ;
 		if (!$result) {
 			$this->setError('ERROR IN AUDIT TRAIL - '.db_error());
 			return false;
@@ -682,9 +727,10 @@
 	 		return false;
 		}
 
-		$res=db_query("SELECT is_dependent_on_task_id AS id 
+		$res = db_query_params ('SELECT is_dependent_on_task_id AS id 
 			FROM project_dependencies 
-			WHERE project_task_id='$depend_on_id'");
+			WHERE project_task_id=$1',
+					array ($depend_on_id)) ;
 		$rows=db_numrows($res);
 
 		for ($i=0; $i<$rows; $i++) {
@@ -719,9 +765,11 @@
 			$del_arr = array_values (array_diff ($arr2, $arr));
 //echo "del arr: ".print_r($del_arr);
 			for ($i=0; $i<count($del_arr); $i++) {
-				db_query("DELETE FROM project_dependencies 
-					WHERE project_task_id='".$this->getID()."'
-					AND is_dependent_on_task_id='". $del_arr[$i] ."'");
+				db_query_params ('DELETE FROM project_dependencies 
+					WHERE project_task_id=$1
+					AND is_dependent_on_task_id=$2',
+						 array ($this->getID(),
+							$del_arr[$i])) ;
 				if (db_error()) {
 					$this->setError('setDependentOn()-1:: '.db_error());
 					return false;
@@ -738,9 +786,10 @@
 				if (!$lnk) {
 					$lnk=PM_LINK_DEFAULT;
 				}
-				$sql="INSERT INTO project_dependencies (project_task_id,is_dependent_on_task_id,link_type) 
-					VALUES ('".$this->getID()."','". $add_arr[$i] ."','$lnk')";
-				db_query($sql);
+				db_query_params ('INSERT INTO project_dependencies (project_task_id,is_dependent_on_task_id,link_type) VALUES ($1,$2,$3)',
+						 array ($this->getID(),
+							$add_arr[$i],
+							$lnk)) ;
 				if (db_error()) {
 					$this->setError('setDependentOn()-2:: '.db_error().$sql);
 					return false;
@@ -786,9 +835,10 @@
 			return $this->dependon;
 		}
 		if (!$this->dependon) {
-			$res=db_query("SELECT is_dependent_on_task_id,link_type
+			$res = db_query_params ('SELECT is_dependent_on_task_id,link_type
 				FROM project_dependencies
-				WHERE project_task_id='".$this->getID()."'");
+				WHERE project_task_id=$1',
+						array ($this->getID())) ;
 			for ($i=0; $i<db_numrows($res); $i++) {
 				$this->dependon[db_result($res,$i,'is_dependent_on_task_id')] = db_result($res,$i,'link_type');
 			}
@@ -818,17 +868,20 @@
 			$add_arr = array_values(array_diff ($arr, $arr2));
 			$del_arr = array_values(array_diff ($arr2, $arr));
 			for ($i=0; $i<count($del_arr); $i++) {
-				db_query("DELETE FROM project_assigned_to
-					WHERE project_task_id='".$this->getID()."'
-					AND assigned_to_id='". $del_arr[$i] ."'");
+				db_query_params ('DELETE FROM project_assigned_to
+					WHERE project_task_id=$1
+					AND assigned_to_id=$2',
+						 array ($this->getID(),
+							$del_arr[$i])) ;
 				if (db_error()) {
 					$this->setError('setAssignedTo()-1:: '.db_error());
 					return false;
 				}
 			}
 			for ($i=0; $i<count($add_arr); $i++) {
-				db_query("INSERT INTO project_assigned_to (project_task_id,assigned_to_id) 
-					VALUES ('".$this->getID()."','". $add_arr[$i] ."')");
+				db_query_params ('INSERT INTO project_assigned_to (project_task_id,assigned_to_id) VALUES ($1,$2)',
+						 array ($this->getID(),
+							$add_arr[$i])) ;
 				if (db_error()) {
 					$this->setError('setAssignedTo()-2:: '.db_error());
 					return false;
@@ -851,9 +904,8 @@
 			return $this->assignedto;
 		}
 		if (!$this->assignedto) {
-			$this->assignedto =& util_result_column_to_array(db_query("SELECT assigned_to_id 
-				FROM project_assigned_to 
-				WHERE project_task_id='".$this->getID()."'"));
+			$this->assignedto =& util_result_column_to_array(db_query_params('SELECT assigned_to_id FROM project_assigned_to WHERE project_task_id=$1',
+											 array ($this->getID()))) ;
 		}
 		return $this->assignedto;
 	}
@@ -1025,22 +1077,33 @@
 			db_rollback();
 			return false;
 		} else {
-			$sql="UPDATE project_task SET
-				summary='".htmlspecialchars($summary)."',
-				priority='$priority',
-				hours='$hours',
-				start_date='$start_date',
-				end_date='$end_date',
-				status_id='$status_id',
-				percent_complete='$percent_complete',
-				category_id='$category_id',
-				group_project_id='$new_group_project_id',
-				duration='$duration',
-				parent_id='$parent_id'
-				WHERE group_project_id='$group_project_id'
-				AND project_task_id='".$this->getID()."'";
-
-			$res=db_query($sql);
+			$res = db_query_params ('UPDATE project_task SET
+				summary=$1,
+				priority=$2,
+				hours=$3,
+				start_date=$4,
+				end_date=$5,
+				status_id=$6,
+				percent_complete=$7,
+				category_id=$8,
+				group_project_id=$9,
+				duration=$10,
+				parent_id=$11
+				WHERE group_project_id=$12
+				AND project_task_id=$13',
+						array (htmlspecialchars($summary),
+						       $priority,
+						       $hours,
+						       $start_date,
+						       $end_date,
+						       $status_id,
+						       $percent_complete,
+						       $category_id,
+						       $new_group_project_id,
+						       $duration,
+						       $parent_id,
+						       $group_project_id,
+						       $this->getID())) ;
 			if (!$res) {
 				$this->setError('Error On ProjectTask::update-5: '.db_error().$sql);
 				db_rollback();

Modified: branches/Branch_4_8/gforge/common/pm/ProjectTaskFactory.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/pm/ProjectTaskFactory.class.php	2009-04-19 13:52:47 UTC (rev 7449)
+++ branches/Branch_4_8/gforge/common/pm/ProjectTaskFactory.class.php	2009-04-19 20:02:46 UTC (rev 7450)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2000, Tim Perdue/Sourceforge
  * Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -145,7 +146,7 @@
 		}
 		$this->max_rows=$max_rows;
 	}
-
+	
 	/**
 	 *	getTasks - get an array of ProjectTask objects.
 	 *
@@ -156,62 +157,35 @@
 			return $this->project_tasks;
 		}
 
-		//if status selected, and more to where clause
-		if ($this->status && ($this->status != 100)) {
-			//for open tasks, add status=100 to make sure we show all
-			$status_str="AND project_task_vw.status_id IN (".$this->status.(($this->status==1)?',100':'').")";
+		if ($this->order=='priority') {
+			$order = 'ORDER BY priority DESC' ;
 		} else {
-			//no status was chosen, so don't add it to where clause
-			$status_str='';
+			$order = "ORDER BY $this->order ASC" ;
 		}
 
-		//if assigned to selected, and more to where clause
 		if ($this->assigned_to) {
-			if (is_array ($this->assigned_to)) {
-				$assigned_str="AND project_assigned_to.assigned_to_id IN (".join ($this->assigned_to,', ').")";
-			} else {
-				$assigned_str="AND project_assigned_to.assigned_to_id='".$this->assigned_to."'";
-			}
-			$assigned_str2=',project_assigned_to';
-			$assigned_str3='project_task_vw.project_task_id=project_assigned_to.project_task_id AND';
-
+			$tat = $this->assigned_to ;
+			if (! is_array ($tat)) 
+				$tat = array ($tat) ;
+			
+			$result = db_query_params ('SELECT project_task_vw.*, project_task_external_order.external_id
+			FROM project_task_vw natural left join project_task_external_order, project_assigned_to
+			WHERE project_task_vw.project_task_id=project_assigned_to.project_task_id 
+                          AND project_task_vw.group_project_id = $1
+                          AND project_assigned_to.assigned_to_id = ANY ($2)' . $order,
+						   array ($this->ProjectGroup->getID(),
+							  db_int_array_to_any_clause ($tat)),
+						   $this->max_rows,
+						   $this->offset) ;
 		} else {
-			//no assigned to was chosen, so don't add it to where clause
-			$assigned_str='';
-			$assigned_str2='';
-			$assigned_str3='';
+			$result = db_query_params ('SELECT project_task_vw.*, project_task_external_order.external_id
+			FROM project_task_vw natural left join project_task_external_order
+			WHERE project_task_vw.group_project_id = $1' . $order,
+						   array ($this->ProjectGroup->getID()),
+						   $this->max_rows,
+						   $this->offset) ;
 		}
 
-		if ($this->category) {
-			$cat_str="AND project_task_vw.category_id='".$this->category."'";
-		} else {
-			$cat_str='';
-		}
-
-		//
-		//	sort using an external ID useful only to something like MS Project
-		//
-		if ($this->order=='external_id') {
-			$ext_str='natural left join project_task_external_order';
-			$ext_fld_str=',project_task_external_order.external_id';
-		} else {
-			$ext_str='';
-			$ext_fld_str='';
-		}
-
-/*
-select project_task_vw.*,project_assigned_to.* FROM project_task_vw,project_assigned_to 
-WHERE project_assigned_to.project_task_id=project_task_vw.project_task_id;
-*/
-		$sql="SELECT project_task_vw.* $ext_fld_str
-			FROM project_task_vw $ext_str $assigned_str2 
-			WHERE $assigned_str3 project_task_vw.group_project_id='". $this->ProjectGroup->getID() ."' 
-			$assigned_str $status_str $cat_str 
-			ORDER BY ".$this->order.(($this->order=='priority') ? ' DESC ':' ');
-
-//echo $sql;
-	
-		$result=db_query($sql,($this->max_rows),$this->offset);
 		$rows = db_numrows($result);
 		$this->fetched_rows=$rows;
 		if (db_error()) {
@@ -221,6 +195,21 @@
 
 		$this->project_tasks = array();
 		while ($arr =& db_fetch_array($result)) {
+			if ($this->status && ($this->status != 100)) {
+				if ($this->status == 1) {
+					if ($arr['status_id'] != 1 && $arr['status_id'] != 100)
+						continue ;
+				} else {
+					if ($arr['status_id'] != $this->status)
+						continue ;
+				}
+			}
+
+			if ($this->category) {
+				if ($arr['category_id'] != $this->category_id)
+					continue ;
+			}
+					
 			$this->project_tasks[] = new ProjectTask($this->ProjectGroup, $arr['project_task_id'], $arr);
 		}
 		return $this->project_tasks;

Modified: branches/Branch_4_8/gforge/common/pm/ProjectTasksForUser.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/pm/ProjectTasksForUser.class.php	2009-04-19 13:52:47 UTC (rev 7449)
+++ branches/Branch_4_8/gforge/common/pm/ProjectTasksForUser.class.php	2009-04-19 20:02:46 UTC (rev 7450)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2000, Tim Perdue/Sourceforge
  * Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -54,9 +55,9 @@
 	* @param the SQL query to use to fetch the tasks
 	*	@return	an array of ProjectTask objects
 	*/
-	function &getTasksFromSQL ($sql) {
+	function &getTasksFromSQLwithParams ($sql, $params) {
 		$tasks = array();
-		$result=db_query($sql);
+		$result = db_query_params ($sql, $params);
 		$rows=db_numrows($result);
 		for ($i=0; $i < $rows; $i++) {
 			$project_task_id = db_result($result,$i,'project_task_id');
@@ -73,7 +74,7 @@
 	* @return an array of ProjectTask objects
 	*/
 	function &getTasksByGroupProjectName () {
-		$sql = "SELECT ptv.*,g.group_name,pgl.project_name 
+		return $this->getTasksFromSQLwithParams ('SELECT ptv.*,g.group_name,pgl.project_name 
 			FROM project_task_vw ptv,
 				project_assigned_to pat,
 				groups g,
@@ -82,16 +83,16 @@
 				AND pgl.group_id=g.group_id
 				AND pgl.group_project_id=ptv.group_project_id
 				AND ptv.status_id=1
-				AND pat.assigned_to_id='".$this->User->getID()."'
-			ORDER BY group_name,project_name";
-		return $this->getTasksFromSQL($sql);
+				AND pat.assigned_to_id=$1
+			ORDER BY group_name,project_name',
+							 array ($this->User->getID())) ;
 	}
 	
 	function &getTasksForToday() {
 		$now = getdate();
 		$today = mktime (18, 00, 00, $now['mon'], $now['mday'], $now['year']);
 		
-		$sql = "SELECT ptv.*,g.group_name,pgl.project_name 
+		return $this->getTasksFromSQLwithParams ('SELECT ptv.*,g.group_name,pgl.project_name 
 			FROM project_task_vw ptv,
 				project_assigned_to pat,
 				groups g,
@@ -99,11 +100,12 @@
 			WHERE ptv.project_task_id=pat.project_task_id
 				AND pgl.group_id=g.group_id
 				AND pgl.group_project_id=ptv.group_project_id
-				AND ptv.start_date < '$today'
+				AND ptv.start_date < $1
 				AND ptv.status_id=1
-				AND pat.assigned_to_id='".$this->User->getID()."'
-			ORDER BY group_name,project_name";
-		return $this->getTasksFromSQL($sql);
+				AND pat.assigned_to_id=$2
+			ORDER BY group_name,project_name',
+							 array ($today,
+								$this->User->getID())) ;
 	}
 }
 

Modified: branches/Branch_4_8/gforge/common/pm/Validator.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/pm/Validator.class.php	2009-04-19 13:52:47 UTC (rev 7449)
+++ branches/Branch_4_8/gforge/common/pm/Validator.class.php	2009-04-19 20:02:46 UTC (rev 7450)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2000, Tim Perdue/Sourceforge
  * Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *




More information about the Fusionforge-commits mailing list