[Fusionforge-commits] r7453 - branches/Branch_4_8/gforge/common/tracker
Roland Mas
lolando at libremir.placard.fr.eu.org
Sun Apr 19 22:03:17 CEST 2009
Author: lolando
Date: 2009-04-19 22:03:17 +0200 (Sun, 19 Apr 2009)
New Revision: 7453
Modified:
branches/Branch_4_8/gforge/common/tracker/ArtifactBoxOptions.class.php
branches/Branch_4_8/gforge/common/tracker/ArtifactExtraFieldElement.class.php
branches/Branch_4_8/gforge/common/tracker/ArtifactFromID.class.php
branches/Branch_4_8/gforge/common/tracker/ArtifactHistory.class.php
branches/Branch_4_8/gforge/common/tracker/ArtifactMessage.class.php
branches/Branch_4_8/gforge/common/tracker/ArtifactQuery.class.php
branches/Branch_4_8/gforge/common/tracker/ArtifactQueryFactory.class.php
branches/Branch_4_8/gforge/common/tracker/ArtifactType.class.php
branches/Branch_4_8/gforge/common/tracker/ArtifactTypeFactory.class.php
branches/Branch_4_8/gforge/common/tracker/ArtifactTypes.class.php
branches/Branch_4_8/gforge/common/tracker/Artifacts.class.php
branches/Branch_4_8/gforge/common/tracker/ArtifactsForUser.class.php
Log:
db_query_params transition: common/tracker (incomplete)
Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactBoxOptions.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactBoxOptions.class.php 2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactBoxOptions.class.php 2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2004, Anthony J. Pugliese
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -97,10 +98,10 @@
$this->setPermissionDeniedError();
return false;
}
- $sql="INSERT INTO artifact_group_selection_box_options (artifact_box_id,box_options_name)
- VALUES ('$id','".htmlspecialchars($name)."')";
+ $result = db_query_params ('INSERT INTO artifact_group_selection_box_options (artifact_box_id,box_options_name) VALUES ($1,$2)',
+ array ($id,
+ htmlspecialchars($name))) ;
- $result=db_query($sql);
if ($result && db_affected_rows($result) > 0) {
$this->clearError();
return true;
@@ -127,7 +128,8 @@
* @return boolean success.
*/
function fetchData($id) {
- $res=db_query("SELECT * FROM artifact_group_selection_box_options WHERE id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_group_selection_box_options WHERE id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactSelectionBox: Invalid Artifact ID');
return false;
@@ -193,11 +195,11 @@
$this->setMissingParamsError();
return false;
}
- $sql="UPDATE artifact_group_selection_box_options
- SET box_options_name='".htmlspecialchars($name)."'
- WHERE id='$id'";
-// AND artifact_box_id='$boxid'";
- $result=db_query($sql);
+ $result = db_query_params ('UPDATE artifact_group_selection_box_options
+ SET box_options_name=$1
+ WHERE id=$2',
+ array (htmlspecialchars($name),
+ $id)) ;
if ($result && db_affected_rows($result) > 0) {
return true;
} else {
Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactExtraFieldElement.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactExtraFieldElement.class.php 2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactExtraFieldElement.class.php 2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2004, Anthony J. Pugliese
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -106,10 +107,11 @@
$this->setPermissionDeniedError();
return false;
}
- $sql="INSERT INTO artifact_extra_field_elements (extra_field_id,element_name,status_id)
- VALUES ('".$this->ArtifactExtraField->getID()."','".htmlspecialchars($name)."','$status_id')";
db_begin();
- $result=db_query($sql);
+ $result = db_query_params ('INSERT INTO artifact_extra_field_elements (extra_field_id,element_name,status_id) VALUES ($1,$2,$3)',
+ array ($this->ArtifactExtraField->getID(),
+ htmlspecialchars($name),
+ $status_id)) ;
if ($result && db_affected_rows($result) > 0) {
$this->clearError();
$id=db_insertid($result,'artifact_extra_field_elements','element_id');
@@ -138,7 +140,8 @@
* @return boolean success.
*/
function fetchData($id) {
- $res=db_query("SELECT * FROM artifact_extra_field_elements WHERE element_id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_extra_field_elements WHERE element_id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactExtraField: Invalid ArtifactExtraFieldElement ID');
return false;
@@ -219,11 +222,12 @@
} else {
$status_id=0;
}
- $sql="UPDATE artifact_extra_field_elements
- SET element_name='".htmlspecialchars($name)."',
- status_id='$status_id'
- WHERE element_id='".$this->getID()."'";
- $result=db_query($sql);
+ $result = db_query_params ('UPDATE artifact_extra_field_elements
+ SET element_name=$1, status_id=$2
+ WHERE element_id=$3',
+ array (htmlspecialchars($name),
+ $status_id,
+ $this->getID())) ;
if ($result && db_affected_rows($result) > 0) {
return true;
} else {
Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactFromID.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactFromID.class.php 2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactFromID.class.php 2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -26,8 +27,6 @@
class ArtifactFromID extends Error {
-//artifact_vw
-
var $Group;
var $ArtifactType;
var $Artifact;
@@ -36,7 +35,8 @@
if ($data) {
$art_arr =& $data;
} else {
- $res=db_query("SELECT * FROM artifact_vw WHERE artifact_id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_vw WHERE artifact_id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError("Invalid Artifact ID");
return false;
Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactHistory.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactHistory.class.php 2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactHistory.class.php 2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -95,10 +96,12 @@
$this->setPermissionDeniedError();
return false;
}
- $sql="INSERT INTO artifact_category (group_artifact_id,category_name,auto_assign_to)
- VALUES ('".$this->Artifact->getID()."','".htmlspecialchars($name)."','$auto_assign_to')";
+ $result = db_query_params ('INSERT INTO artifact_category (group_artifact_id,category_name,auto_assign_to)
+ VALUES ($1,$2,$3)',
+ array ($this->Artifact->getID(),
+ htmlspecialchars($name),
+ $auto_assign_to)) ;
- $result=db_query($sql);
if ($result && db_affected_rows($result) > 0) {
$this->clearError();
@@ -121,7 +124,8 @@
* @return boolean success.
*/
function fetchData($id) {
- $res=db_query("SELECT * FROM artifact_category WHERE id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_category WHERE id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactHistory: Invalid ArtifactHistory ID');
return false;
Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactMessage.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactMessage.class.php 2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactMessage.class.php 2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -110,10 +111,13 @@
}
}
- $sql="insert into artifact_message (artifact_id,submitted_by,from_email,adddate,body)
- VALUES ('". $this->Artifact->getID() ."','$user_id','$by','". time() ."','". htmlspecialchars($body). "')";
- $res = db_query($sql);
-
+ $res = db_query_params ('INSERT INTO artifact_message (artifact_id,submitted_by,from_email,adddate,body)
+ VALUES ($1,$2,$3,$4,$5)',
+ array ($this->Artifact->getID(),
+ $user_id,
+ $by,
+ time(),
+ htmlspecialchars($body))) ;
if (!$res) {
$this->setError(db_error());
return false;
@@ -137,7 +141,8 @@
* @return boolean success.
*/
function fetchData($id) {
- $res=db_query("SELECT * FROM artifact_message_user_vw WHERE id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_message_user_vw WHERE id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactMessage: Invalid ArtifactMessage ID');
return false;
Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactQuery.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactQuery.class.php 2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactQuery.class.php 2009-04-19 20:03:17 UTC (rev 7453)
@@ -4,6 +4,7 @@
*
* Copyright 2005, Anthony J. Pugliese
* Copyright 2005, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -111,11 +112,11 @@
return false;
}
- $sql="INSERT INTO artifact_query (group_artifact_id,query_name,user_id)
- VALUES ('".$this->ArtifactType->getID()."','".htmlspecialchars($name)."','".user_getid()."')";
-
db_begin();
- $result=db_query($sql);
+ $result = db_query_params ('INSERT INTO artifact_query (group_artifact_id,query_name,user_id) VALUES ($1,$2,$3)',
+ array ($this->ArtifactType->getID(),
+ htmlspecialchars($name),
+ user_getid())) ;
if ($result && db_affected_rows($result) > 0) {
$this->clearError();
$id=db_insertid($result,'artifact_query','artifact_query_id');
@@ -153,7 +154,8 @@
* @return boolean success.
*/
function fetchData($id) {
- $res=db_query("SELECT * FROM artifact_query WHERE artifact_query_id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_query WHERE artifact_query_id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactQuery: Invalid ArtifactQuery ID'.db_error());
@@ -161,7 +163,8 @@
}
$this->data_array =& db_fetch_array($res);
db_free_result($res);
- $res=db_query("SELECT * FROM artifact_query_fields WHERE artifact_query_id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_query_fields WHERE artifact_query_id=$1',
+ array ($id)) ;
unset($this->element_array);
while ($arr = db_fetch_array($res)) {
//
@@ -189,15 +192,19 @@
*
*/
function insertElements($id,$status,$assignee,$moddaterange,$sort_col,$sort_ord,$extra_fields,$opendaterange,$closedaterange) {
- $res=db_query("DELETE FROM artifact_query_fields WHERE artifact_query_id='$id'");
+ $res = db_query_params ('DELETE FROM artifact_query_fields WHERE artifact_query_id=$1',
+ array ($id)) ;
if (!$res) {
$this->setError('Deleting Old Elements: '.db_error());
return false;
}
$id = intval($id);
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_STATE."','0','".intval($status)."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_STATE,
+ intval($status))) ;
if (!$res) {
$this->setError('Setting Status: '.db_error());
return false;
@@ -223,9 +230,12 @@
}
//CSV LIST OF ASSIGNEES
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_ASSIGNEE."','0','".$assignee."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_ASSIGNEE,
+ $assignee)) ;
if (!$res) {
$this->setError('Setting Assignee: '.db_error());
return false;
@@ -236,9 +246,12 @@
$this->setError('Invalid Mod Date Range');
return false;
}
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_MODDATE."','0','".$moddaterange."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_MODDATE,
+ $moddaterange)) ;
if (!$res) {
$this->setError('Setting Last Modified Date Range: '.db_error());
return false;
@@ -249,9 +262,12 @@
$this->setError('Invalid Open Date Range');
return false;
}
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_OPENDATE."','0','".$opendaterange."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_OPENDATE,
+ $opendaterange)) ;
if (!$res) {
$this->setError('Setting Open Date Range: '.db_error());
return false;
@@ -262,25 +278,34 @@
$this->setError('Invalid Close Date Range');
return false;
}
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_CLOSEDATE."','0','".$closedaterange."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_CLOSEDATE,
+ $closedaterange)) ;
if (!$res) {
$this->setError('Setting Close Date Range: '.db_error());
return false;
}
// SORT COLUMN
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_SORTCOL."','0','".$sort_col."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_SORTCOL,
+ $sort_col)) ;
if (!$res) {
$this->setError('Setting Sort Col: '.db_error());
return false;
}
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_SORTORD."','0','".$sort_ord."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_SORTORD,
+ $sort_ord)) ;
if (!$res) {
$this->setError('Setting Sort Order: '.db_error());
return false;
@@ -307,9 +332,13 @@
} else {
$vals[$i] = intval($vals[$i]);
}
- $res=db_query("INSERT INTO artifact_query_fields
- (artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_EXTRAFIELD."','".((int)$keys[$i]) ."','". $vals[$i] ."')");
+ $res = db_query_params ('INSERT INTO artifact_query_fields
+ (artifact_query_id,query_field_type,query_field_id,query_field_values)
+ VALUES ($1,$2,$3,$4)',
+ array ($id,
+ ARTIFACT_QUERY_EXTRAFIELD,
+ intval ($keys[$i]),
+ $vals[$i])) ;
if (!$res) {
$this->setError('Setting values: '.db_error());
return false;
@@ -450,13 +479,14 @@
$this->setError(_('Query does not exist'));
return false;
}
- $sql="UPDATE artifact_query
- SET
- query_name='".htmlspecialchars($name)."'
- WHERE artifact_query_id='".$this->getID()."'
- AND user_id='".user_getid()."'";
db_begin();
- $result=db_query($sql);
+ $result = db_query_params ('UPDATE artifact_query
+ SET query_name=$1
+ WHERE artifact_query_id=$2
+ AND user_id=$3',
+ array (htmlspecialchars($name),
+ $this->getID(),
+ user_getid())) ;
if ($result && db_affected_rows($result) > 0) {
if (!$this->insertElements($this->getID(),$status,$assignee,$moddaterange,$sort_col,$sort_ord,$extra_fields,$opendaterange,$closedaterange)) {
db_rollback();
@@ -488,10 +518,12 @@
}
function delete() {
- $res=db_query("DELETE FROM artifact_query WHERE artifact_query_id='".$this->getID()."'
- AND user_id='".user_getid()."'");
- $res=db_query("DELETE FROM user_preferences WHERE preference_value='".$this->getID()."'
- AND preference_name 'art_query".$this->ArtifactType->getID()."'");
+ $res = db_query_params ('DELETE FROM artifact_query WHERE artifact_query_id=$1 AND user_id=$2',
+ array ($this->getID(),
+ user_getid())) ;
+ $res = db_query_params ('DELETE FROM user_preferences WHERE preference_value=$1 AND preference_name =$2',
+ array ($this->getID(),
+ 'art_query'.$this->ArtifactType->getID())) ;
unset($this->data_array);
unset($this->element_array);
}
@@ -504,8 +536,10 @@
function Exist($name) {
$user_id = user_getid();
$art_id = $this->ArtifactType->getID();
- $sql = "SELECT * FROM artifact_query WHERE group_artifact_id = '$art_id' AND query_name = '$name' AND user_id = '$user_id'";
- $res = db_query($sql);
+ $res = db_query_params ('SELECT * FROM artifact_query WHERE group_artifact_id = $1 AND query_name = $2 AND user_id = $3',
+ array ($art_id,
+ $name,
+ $user_id)) ;
if (db_numrows($res)>0) {
return true;
} else {
Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactQueryFactory.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactQueryFactory.class.php 2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactQueryFactory.class.php 2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -62,15 +63,17 @@
return true;
}
- function& getArtifactQueries() {
+ function &getArtifactQueries() {
if (!is_null($this->ArtifactQueries)) {
return $this->ArtifactQueries;
}
$this->ArtifactQueries = array();
- $res = db_query("SELECT * FROM artifact_query WHERE user_id='".user_getid()."' ".
- "AND group_artifact_id='".$this->ArtifactType->getID()."'");
+ $res = db_query_params ('SELECT * FROM artifact_query WHERE user_id=$1
+ AND group_artifact_id=$2',
+ array (user_getid(),
+ $this->ArtifactType->getID())) ;
if (!$res) {
$this->setError("ArtifactQueryFactory:: Database error");
}
Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactType.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactType.class.php 2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactType.class.php 2009-04-19 20:03:17 UTC (rev 7453)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2001, VA Linux Systems, Inc.
* Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -38,8 +39,8 @@
if ($res) {
//the db result handle was passed in
} else {
- $res=db_query("SELECT * FROM artifact_group_list_vw
- WHERE group_artifact_id='$artType_id'");
+ $res = db_query_params ('SELECT * FROM artifact_group_list_vw WHERE group_artifact_id=$1',
+ array ($artType_id)) ;
}
if (!$res || db_numrows($res) < 1 ){
$ARTIFACTTYPE_OBJ["_".$artType_id."_"]=false;
@@ -225,8 +226,9 @@
$allow_anon = ((!$allow_anon) ? 0 : $allow_anon);
$email_all = ((!$email_all) ? 0 : $email_all);
-
- $sql="INSERT INTO
+ db_begin();
+
+ $res = db_query_params ('INSERT INTO
artifact_group_list
(group_id,
name,
@@ -241,22 +243,19 @@
browse_instructions,
datatype)
VALUES
- ('". $this->Group->getID() ."',
- '". htmlspecialchars($name) ."',
- '". htmlspecialchars($description) ."',
- '$is_public',
- '$allow_anon',
- '$email_all',
- '$email_address',
- '". ($due_period*(60*60*24)) ."',
- '1209600',
- '".htmlspecialchars($submit_instructions)."',
- '".htmlspecialchars($browse_instructions)."',
- '$datatype')";
-
- db_begin();
-
- $res = db_query($sql);
+ ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12)',
+ array ($this->Group->getID(),
+ htmlspecialchars($name),
+ htmlspecialchars($description),
+ $is_public,
+ $allow_anon,
+ $email_all,
+ $email_address,
+ $due_period*(60*60*24),
+ 1209600,
+ htmlspecialchars($submit_instructions),
+ htmlspecialchars($browse_instructions),
+ $datatype)) ;
$id = db_insertid($res,'artifact_group_list','group_artifact_id');
@@ -282,9 +281,11 @@
* @return boolean success.
*/
function fetchData($artifact_type_id) {
- $res=db_query("SELECT * FROM artifact_group_list_vw
- WHERE group_artifact_id='$artifact_type_id'
- AND group_id='". $this->Group->getID() ."'");
+ $res = db_query_params ('SELECT * FROM artifact_group_list_vw
+ WHERE group_artifact_id=$1
+ AND group_id=$2',
+ array ($artifact_type_id,
+ $this->Group->getID())) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactType: Invalid ArtifactTypeID');
return false;
@@ -472,8 +473,10 @@
* @return boolean success.
*/
function setCustomStatusField($extra_field_id) {
- $res=db_query("UPDATE artifact_group_list SET custom_status_field='$extra_field_id'
- WHERE group_artifact_id='".$this->getID()."'");
+ $res = db_query_params ('UPDATE artifact_group_list SET custom_status_field=$1
+ WHERE group_artifact_id=$2',
+ array ($extra_field_id,
+ $this->getID())) ;
return $res;
}
@@ -500,7 +503,8 @@
$element_id=$extra_fields[$csfield];
//convert that element_id into the status_id
- $res=db_query("SELECT status_id FROM artifact_extra_field_elements WHERE element_id='$element_id'");
+ $res = db_query_params ('SELECT status_id FROM artifact_extra_field_elements WHERE element_id=$1',
+ array ($element_id)) ;
if (!$res) {
$this->setError('Error Remapping Status: '.db_error());
return false;
@@ -508,7 +512,8 @@
$status_id=db_result($res,0,'status_id');
} else {
// custom status was not passed... use the first status from the database
- $res = db_query("SELECT status_id FROM artifact_extra_field_elements WHERE extra_field_id='".$csfield."' ORDER BY element_id ASC LIMIT 1 OFFSET 0");
+ $res = db_query_prams ('SELECT status_id FROM artifact_extra_field_elements WHERE extra_field_id=$1 ORDER BY element_id ASC LIMIT 1 OFFSET 0',
+ array ($csfield)) ;
if (db_numrows($res) == 0) { // No values available
$this->setError('Error Remapping Status');
return false;
@@ -553,14 +558,15 @@
}
- $res=db_query("SELECT * FROM artifact_type_monitor
- WHERE group_artifact_id='". $this->getID() ."'
- AND user_id='$user_id'");
+ $res = db_query_params ('SELECT * FROM artifact_type_monitor WHERE group_artifact_id=$1 AND user_id=$2',
+ array ($this->getID(),
+ $user_id)) ;
if (!$res || db_numrows($res) < 1) {
//not yet monitoring
- $res=db_query("INSERT INTO artifact_type_monitor (group_artifact_id,user_id)
- VALUES ('". $this->getID() ."','$user_id')");
+ $res = db_query_params ('INSERT INTO artifact_type_monitor (group_artifact_id,user_id) VALUES ($1,$2)',
+ array ($this->getID(),
+ $user_id)) ;
if (!$res) {
$this->setError(db_error());
return false;
@@ -570,9 +576,11 @@
}
} else {
//already monitoring - remove their monitor
- db_query("DELETE FROM artifact_type_monitor
- WHERE group_artifact_id='". $this->getID() ."'
- AND user_id='$user_id'");
+ db_query_params ('DELETE FROM artifact_type_monitor
+ WHERE group_artifact_id=$1
+ AND user_id=$2',
+ array ($this->getID(),
+ $user_id)) ;
$this->setError(_('Tracker Monitoring Deactivated'));
return false;
}
@@ -582,9 +590,10 @@
if (!session_loggedin()) {
return false;
}
- $sql="SELECT count(*) AS count FROM artifact_type_monitor
- WHERE user_id='".user_getid()."' AND group_artifact_id='".$this->getID()."';";
- $result = db_query($sql);
+ $result = db_query_params ('SELECT count(*) AS count FROM artifact_type_monitor
+ WHERE user_id=$1 AND group_artifact_id=$2',
+ array (user_getid(),
+ $this->getID())) ;
$row_count = db_fetch_array($result);
return $result && $row_count['count'] > 0;
}
@@ -595,9 +604,8 @@
* @return array of email addresses monitoring this Artifact.
*/
function &getMonitorIds() {
- $res=db_query("SELECT user_id
- FROM artifact_type_monitor
- WHERE group_artifact_id='". $this->getID() ."'");
+ $res = db_query_params ('SELECT user_id FROM artifact_type_monitor WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
return util_result_column_to_array($res);
}
@@ -611,16 +619,20 @@
if (!isset($this->extra_fields["$filter"])) {
$this->extra_fields["$filter"] = array();
if ($filter) {
- $filter_str=" AND field_type IN ($filter) ";
+ $res = db_query_params ('SELECT *
+ FROM artifact_extra_field_list
+ WHERE group_artifact_id=$1
+ AND field_type = ANY ($2)
+ ORDER BY field_type ASC',
+ array ($this->getID(),
+ db_int_array_to_any_clause (explode (',', $filter)))) ;
} else {
- $filter_str="";
+ $res = db_query_params ('SELECT *
+ FROM artifact_extra_field_list
+ WHERE group_artifact_id=$1
+ ORDER BY field_type ASC',
+ array ($this->getID())) ;
}
- $sql="select *
- FROM artifact_extra_field_list
- WHERE group_artifact_id='".$this->getID() ."'
- $filter_str
- ORDER BY field_type ASC";
- $res=db_query($sql);
while($arr = db_fetch_array($res)) {
$this->extra_fields["$filter"][$arr['extra_field_id']] = $arr;
}
@@ -670,7 +682,8 @@
//
// Iterate the elements
//
- $resel=db_query("SELECT * FROM artifact_extra_field_elements WHERE extra_field_id='".$ef['extra_field_id']."'");
+ $resel = db_query_params ('SELECT * FROM artifact_extra_field_elements WHERE extra_field_id=$1',
+ array ($ef['extra_field_id'])) ;
while ($el =& db_fetch_array($resel)) {
//new element
$nel = new ArtifactExtraFieldElement($nef);
@@ -712,12 +725,11 @@
}
if (!isset($this->extra_field[$id])) {
$this->extra_field[$id] = array();
- $sql="select element_id,element_name,status_id
+ $res = db_query_params ('SELECT element_id,element_name,status_id
FROM artifact_extra_field_elements
- WHERE extra_field_id ='".$id."'
- ORDER BY element_id ASC";
-
- $res=db_query($sql);
+ WHERE extra_field_id = $1
+ ORDER BY element_id ASC',
+ array ($id)) ;
$i=0;
while($arr =& db_fetch_array($res)) {
$this->extra_field[$id][$i++] = $arr;
@@ -748,10 +760,10 @@
return 'None';
}
if (!isset($this->element_name["$choiceid"])) {
- $sql="select element_id,extra_field_id,element_name
+ $res = db_query_params ('SELECT element_id,extra_field_id,element_name
FROM artifact_extra_field_elements
- WHERE element_id IN ($choiceid)";
- $res=db_query($sql);
+ WHERE element_id = ANY ($1)',
+ array (db_int_array_to_any_clause (explode (',', $choiceid)))) ;
if (db_numrows($res) > 1) {
$arr=util_result_column_to_array($res,2);
$this->element_name["$choiceid"]=implode(',',$arr);
@@ -778,10 +790,10 @@
return 0;
}
if (!$this->element_status["$choiceid"]) {
- $sql="select element_id,extra_field_id,status_id
+ $res = db_query_params ('SELECT element_id,extra_field_id,status_id
FROM artifact_extra_field_elements
- WHERE element_id IN ($choiceid)";
- $res=db_query($sql);
+ WHERE element_id = ANY ($1)',
+ array (db_int_array_to_any_clause (explode (',', $choiceid)))) ;
if (db_numrows($res) > 1) {
$arr=util_result_column_to_array($res,2);
$this->element_status["$choiceid"]=implode(',',$arr);
@@ -810,50 +822,61 @@
return false;
}
db_begin();
- db_query("DELETE FROM artifact_extra_field_data
+ db_query_params ('DELETE FROM artifact_extra_field_data
WHERE EXISTS (SELECT artifact_id FROM artifact
- WHERE group_artifact_id='".$this->getID()."'
- AND artifact.artifact_id=artifact_extra_field_data.artifact_id)");
+ WHERE group_artifact_id=$1
+ AND artifact.artifact_id=artifact_extra_field_data.artifact_id)',
+ array ($this->getID())) ;
//echo '0.1'.db_error();
- db_query("DELETE FROM artifact_extra_field_elements
+ db_query_params ('DELETE FROM artifact_extra_field_elements
WHERE EXISTS (SELECT extra_field_id FROM artifact_extra_field_list
- WHERE group_artifact_id='".$this->getID()."'
- AND artifact_extra_field_list.extra_field_id = artifact_extra_field_elements.extra_field_id)");
+ WHERE group_artifact_id=$1
+ AND artifact_extra_field_list.extra_field_id = artifact_extra_field_elements.extra_field_id)',
+ array ($this->getID())) ;
//echo '0.2'.db_error();
- db_query ("DELETE FROM artifact_extra_field_list
- WHERE group_artifact_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM artifact_extra_field_list
+ WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
//echo '0.3'.db_error();
- db_query("DELETE FROM artifact_canned_responses
- WHERE group_artifact_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM artifact_canned_responses
+ WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
//echo '1'.db_error();
- db_query("DELETE FROM artifact_counts_agg
- WHERE group_artifact_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM artifact_counts_agg
+ WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
//echo '5'.db_error();
- db_query("DELETE FROM artifact_file
+ db_query_params ('DELETE FROM artifact_file
WHERE EXISTS (SELECT artifact_id FROM artifact
- WHERE group_artifact_id='".$this->getID()."'
- AND artifact.artifact_id=artifact_file.artifact_id)");
+ WHERE group_artifact_id=$1
+ AND artifact.artifact_id=artifact_file.artifact_id)',
+ array ($this->getID())) ;
//echo '6'.db_error();
- db_query("DELETE FROM artifact_message
+ db_query_params ('DELETE FROM artifact_message
WHERE EXISTS (SELECT artifact_id FROM artifact
- WHERE group_artifact_id='".$this->getID()."'
- AND artifact.artifact_id=artifact_message.artifact_id)");
+ WHERE group_artifact_id=$1
+ AND artifact.artifact_id=artifact_message.artifact_id)',
+ array ($this->getID())) ;
//echo '7'.db_error();
- db_query("DELETE FROM artifact_history
+ db_query_params ('DELETE FROM artifact_history
WHERE EXISTS (SELECT artifact_id FROM artifact
- WHERE group_artifact_id='".$this->getID()."'
- AND artifact.artifact_id=artifact_history.artifact_id)");
+ WHERE group_artifact_id=$1
+ AND artifact.artifact_id=artifact_history.artifact_id)',
+ array ($this->getID())) ;
//echo '8'.db_error();
- db_query("DELETE FROM artifact_monitor
+ db_query_params ('DELETE FROM artifact_monitor
WHERE EXISTS (SELECT artifact_id FROM artifact
- WHERE group_artifact_id='".$this->getID()."'
- AND artifact.artifact_id=artifact_monitor.artifact_id)");
+ WHERE group_artifact_id=$1
+ AND artifact.artifact_id=artifact_monitor.artifact_id)',
+ array ($this->getID())) ;
//echo '9'.db_error();
- db_query("DELETE FROM artifact
- WHERE group_artifact_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM artifact
+ WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
//echo '4'.db_error();
- db_query("DELETE FROM artifact_group_list
- WHERE group_artifact_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM artifact_group_list
+ WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
//echo '11'.db_error();
db_commit();
@@ -867,12 +890,13 @@
*/
function getTechnicians() {
if (!isset($this->technicians_res)) {
- $sql="SELECT user_id,realname
+ $this->technicians_res = db_query_params ('SELECT user_id,realname
FROM artifactperm_user_vw
- WHERE group_artifact_id='". $this->getID() ."'
+ WHERE group_artifact_id=$1
AND perm_level in (1,2)
- ORDER BY realname";
- $this->technicians_res = db_query($sql);
+ ORDER BY realname',
+ array ($this->getID())) ;
+ ($sql);
}
return $this->technicians_res;
}
@@ -895,10 +919,10 @@
*/
function getCannedResponses() {
if (!isset($this->cannedresponses_res)) {
- $sql="SELECT id,title
+ $this->cannedresponses_res = db_query_params ('SELECT id,title
FROM artifact_canned_responses
- WHERE group_artifact_id='". $this->getID() ."'";
- $this->cannedresponses_res = db_query($sql);
+ WHERE group_artifact_id=$1',
+ array ($this->getID()));
}
return $this->cannedresponses_res;
}
@@ -916,8 +940,7 @@
*/
function getStatuses() {
if (!isset($this->status_res)) {
- $sql="select * from artifact_status";
- $this->status_res=db_query($sql);
+ $this->status_res = db_query_params ('SELECT * FROM artifact_status');
}
return $this->status_res;
}
@@ -929,8 +952,8 @@
* @return string name.
*/
function getStatusName($id) {
- $sql="select status_name from artifact_status WHERE id='$id'";
- $result=db_query($sql);
+ $result = db_query_params ('select status_name from artifact_status WHERE id=$1',
+ array ($id)) ;
if ($result && db_numrows($result) > 0) {
return db_result($result,0,'status_name');
} else {
@@ -1016,13 +1039,15 @@
return 0;
} else {
if (!isset($this->current_user_perm)) {
- $sql="SELECT role_setting.value::integer
+ $this->current_user_perm=db_result(db_query_params ('SELECT role_setting.value::integer
FROM role_setting, user_group
- WHERE role_setting.ref_id='". $this->getID() ."'
- AND user_group.role_id = role_setting.role_id
- AND user_group.user_id='".user_getid()."'
- AND role_setting.section_name='tracker'";
- $this->current_user_perm=db_result(db_query($sql),0,0);
+ WHERE role_setting.ref_id=$1
+ AND user_group.role_id=role_setting.role_id
+ AND user_group.user_id=$2
+ AND role_setting.section_name=$3',
+ array ($this->getID(),
+ user_getid(),
+ 'tracker'))) ;
}
return $this->current_user_perm;
}
@@ -1071,20 +1096,29 @@
$email_all = ((!$email_all) ? 0 : $email_all);
$use_resolution = ((!$use_resolution) ? 0 : $use_resolution);
- $sql="UPDATE artifact_group_list SET
- name='". htmlspecialchars($name). "',
- description='". htmlspecialchars($description) ."',
- email_all_updates='$email_all',
- email_address='$email_address',
- due_period='". ($due_period * (60*60*24)) ."',
- status_timeout='". ($status_timeout * (60*60*24)) . "',
- submit_instructions='". htmlspecialchars($submit_instructions)."',
- browse_instructions='" .htmlspecialchars($browse_instructions)."'
- WHERE
- group_artifact_id='". $this->getID() ."'
- AND group_id='". $this->Group->getID() ."'";
+ $res = db_query_params ('UPDATE artifact_group_list SET
+ name=$1,
+ description=$2,
+ email_all_updates=$3,
+ email_address=$4,
+ due_period=$5,
+ status_timeout=$6,
+ submit_instructions=$7,
+ browse_instructions=$8
+ WHERE group_artifact_id=$9 AND group_id=$10',
+ array (
+ htmlspecialchars($name),
+ htmlspecialchars($description),
+ $email_all,
+ $email_address,
+ $due_period * (60*60*24),
+ $status_timeout * (60*60*24),
+ htmlspecialchars($submit_instructions),
+ htmlspecialchars($browse_instructions),
+ $this->getID(),
+ $this->Group->getID())) ;
- $res=db_query($sql);
+ ($sql);
if (!$res || db_affected_rows($res) < 1) {
$this->setError('ArtifactType::Update(): '.db_error());
return false;
Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactTypeFactory.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactTypeFactory.class.php 2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactTypeFactory.class.php 2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -90,36 +91,44 @@
if (session_loggedin()) {
$perm =& $this->Group->getPermission( session_get_user() );
if (!$perm || !is_object($perm) || !$perm->isMember()) {
- $public_flag='=1';
- $exists = '';
+ $result = db_query_params ('SELECT * FROM artifact_group_list_vw
+ WHERE group_id=$1
+ AND is_public=1
+ ORDER BY group_artifact_id ASC',
+ array ($this->Group->getID())) ;
} else {
- $public_flag='<3';
if ($perm->isArtifactAdmin()) {
- $exists='';
+ $result = db_query_params ('SELECT * FROM artifact_group_list_vw
+ WHERE group_id=$1
+ AND is_public<3
+ ORDER BY group_artifact_id ASC',
+ array ($this->Group->getID())) ;
} else {
- $exists=" AND group_artifact_id IN (SELECT role_setting.ref_id
+ $result = db_query_params ('SELECT * FROM artifact_group_list_vw
+ WHERE group_id=$1
+ AND is_public<3
+ AND group_artifact_id IN (SELECT role_setting.ref_id
FROM role_setting, user_group
WHERE role_setting.value::integer >= 0
- AND role_setting.section_name = 'tracker'
+ AND role_setting.section_name = $2
AND role_setting.ref_id=artifact_group_list_vw.group_artifact_id
AND user_group.role_id = role_setting.role_id
- AND user_group.user_id='".user_getid()."') ";
+ AND user_group.user_id = $3
+ ORDER BY group_artifact_id ASC',
+ array ($this->Group->getID(),
+ 'tracker',
+ user_getid ())) ;
}
}
} else {
- $public_flag='=1';
- $exists = '';
+ $result = db_query_params ('SELECT * FROM artifact_group_list_vw
+ WHERE group_id=$1
+ AND is_public=1
+ ORDER BY group_artifact_id ASC',
+ array ($this->Group->getID())) ;
}
- $sql="SELECT * FROM artifact_group_list_vw
- WHERE group_id='". $this->Group->getID() ."'
- AND is_public $public_flag
- $exists
- ORDER BY group_artifact_id ASC";
-
- $result = db_query ($sql);
-
$rows = db_numrows($result);
if (!$result || $rows < 1) {
Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactTypes.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactTypes.class.php 2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactTypes.class.php 2009-04-19 20:03:17 UTC (rev 7453)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2001, VA Linux Systems, Inc.
* Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -71,8 +72,9 @@
function createTrackers() {
// first, check if trackers already exist
- $res=db_query("SELECT * FROM artifact_group_list
- WHERE group_id='".$this->Group->getID()."' AND datatype > 0");
+ $res = db_query_params ('SELECT * FROM artifact_group_list
+ WHERE group_id=$1 AND datatype > 0',
+ array ($this->Group->getID()));
if (db_numrows($res) > 0) {
return true;
}
Modified: branches/Branch_4_8/gforge/common/tracker/Artifacts.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/Artifacts.class.php 2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/Artifacts.class.php 2009-04-19 20:03:17 UTC (rev 7453)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2001, VA Linux Systems, Inc.
* Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -88,16 +89,11 @@
if (!$offset) {
$offset = 0;
}
+ $res = db_query_params ('SELECT * FROM artifact_vw WHERE group_artifact_id=$1',
+ array ($this->ArtifactType->getID()),
+ 500,
+ $offset) ;
- $sql = "SELECT
- *
- FROM
- artifact_vw
- WHERE
- group_artifact_id='". $this->ArtifactType->getID() ."'";
-
- $res = db_query($sql,500,$offset);
-
if (!$res) {
$this->setError('Could not get artifacts: ' . db_error());
return false;
Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactsForUser.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactsForUser.class.php 2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactsForUser.class.php 2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -50,9 +51,9 @@
* @param sql The sql that returns artifact_id
* @return Artifact[] The array of Artifacts
*/
- function & getArtifactsFromSQL($sql) {
+ function &getArtifactsFromSQLwithParams ($sql, $params) {
$artifacts = array();
- $result=db_query($sql);
+ $result = db_query_params ($sql, $params);
$rows=db_numrows($result);
if ($rows<=0) {
return $artifacts;
@@ -74,10 +75,10 @@
* getAssignedArtifacts - Get the users's assigned artifacts
* @return Artifact[] The array of Artifacts
*/
- function & getAssignedArtifactsByGroup() {
- $sql="SELECT * FROM artifact_vw av WHERE av.assigned_to=".$this->User->getID()."
- AND av.status_id='1' ORDER BY av.group_artifact_id, av.artifact_id DESC";
- return $this->getArtifactsFromSQL($sql);
+ function &getAssignedArtifactsByGroup() {
+ return $this->getArtifactsFromSQLwithParams('SELECT * FROM artifact_vw av WHERE av.assigned_to=$1 AND av.status_id=1 ORDER BY av.group_artifact_id, av.artifact_id DESC',
+ array($this->User->getID())) ;
+
}
/**
@@ -85,13 +86,9 @@
*
* @return Artifact[] The array of Artifacts
*/
- function & getSubmittedArtifactsByGroup() {
- $sql="SELECT *
- FROM artifact_vw av
- WHERE av.submitted_by=".$this->User->getID()."
- AND av.status_id='1'
- ORDER BY av.group_artifact_id, av.artifact_id DESC";
- return $this->getArtifactsFromSQL($sql);
+ function &getSubmittedArtifactsByGroup() {
+ return $this->getArtifactsFromSQLwithParams('SELECT * FROM artifact_vw av WHERE av.submitted_by=$1 AND av.status_id=1 ORDER BY av.group_artifact_id, av.artifact_id DESC',
+ array($this->User->getID())) ;
}
}
More information about the Fusionforge-commits
mailing list