[Fusionforge-commits] r7453 - branches/Branch_4_8/gforge/common/tracker

Roland Mas lolando at libremir.placard.fr.eu.org
Sun Apr 19 22:03:17 CEST 2009


Author: lolando
Date: 2009-04-19 22:03:17 +0200 (Sun, 19 Apr 2009)
New Revision: 7453

Modified:
   branches/Branch_4_8/gforge/common/tracker/ArtifactBoxOptions.class.php
   branches/Branch_4_8/gforge/common/tracker/ArtifactExtraFieldElement.class.php
   branches/Branch_4_8/gforge/common/tracker/ArtifactFromID.class.php
   branches/Branch_4_8/gforge/common/tracker/ArtifactHistory.class.php
   branches/Branch_4_8/gforge/common/tracker/ArtifactMessage.class.php
   branches/Branch_4_8/gforge/common/tracker/ArtifactQuery.class.php
   branches/Branch_4_8/gforge/common/tracker/ArtifactQueryFactory.class.php
   branches/Branch_4_8/gforge/common/tracker/ArtifactType.class.php
   branches/Branch_4_8/gforge/common/tracker/ArtifactTypeFactory.class.php
   branches/Branch_4_8/gforge/common/tracker/ArtifactTypes.class.php
   branches/Branch_4_8/gforge/common/tracker/Artifacts.class.php
   branches/Branch_4_8/gforge/common/tracker/ArtifactsForUser.class.php
Log:
db_query_params transition: common/tracker (incomplete)

Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactBoxOptions.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactBoxOptions.class.php	2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactBoxOptions.class.php	2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
  * FusionForge trackers
  *
  * Copyright 2004, Anthony J. Pugliese
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -97,10 +98,10 @@
 			$this->setPermissionDeniedError();
 			return false;
 		}
-		$sql="INSERT INTO artifact_group_selection_box_options (artifact_box_id,box_options_name) 
-			VALUES ('$id','".htmlspecialchars($name)."')";
+		$result = db_query_params ('INSERT INTO artifact_group_selection_box_options (artifact_box_id,box_options_name) VALUES ($1,$2)',
+					   array ($id,
+						  htmlspecialchars($name))) ;
 
-		$result=db_query($sql);
 		if ($result && db_affected_rows($result) > 0) {
 			$this->clearError();
 			return true;
@@ -127,7 +128,8 @@
 	 *	@return	boolean	success.
 	 */
 	function fetchData($id) {
-		$res=db_query("SELECT * FROM artifact_group_selection_box_options WHERE id='$id'");
+		$res = db_query_params ('SELECT * FROM artifact_group_selection_box_options WHERE id=$1',
+					array ($id)) ;
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('ArtifactSelectionBox: Invalid Artifact ID');
 			return false;
@@ -193,11 +195,11 @@
 			$this->setMissingParamsError();
 			return false;
 		}   
-		$sql="UPDATE artifact_group_selection_box_options 
-			SET box_options_name='".htmlspecialchars($name)."' 
-			WHERE id='$id'"; 
-//			AND artifact_box_id='$boxid'";
-		$result=db_query($sql);
+		$result = db_query_params ('UPDATE artifact_group_selection_box_options 
+			SET box_options_name=$1
+			WHERE id=$2',
+					   array (htmlspecialchars($name),
+						  $id)) ;
 		if ($result && db_affected_rows($result) > 0) {
 			return true;
 		} else {

Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactExtraFieldElement.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactExtraFieldElement.class.php	2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactExtraFieldElement.class.php	2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
  * FusionForge trackers
  *
  * Copyright 2004, Anthony J. Pugliese
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -106,10 +107,11 @@
 			$this->setPermissionDeniedError();
 			return false;
 		}
-		$sql="INSERT INTO artifact_extra_field_elements (extra_field_id,element_name,status_id) 
-			VALUES ('".$this->ArtifactExtraField->getID()."','".htmlspecialchars($name)."','$status_id')";
 		db_begin();
-		$result=db_query($sql);
+		$result = db_query_params ('INSERT INTO artifact_extra_field_elements (extra_field_id,element_name,status_id) VALUES ($1,$2,$3)',
+					   array ($this->ArtifactExtraField->getID(),
+						  htmlspecialchars($name),
+						  $status_id)) ;
 		if ($result && db_affected_rows($result) > 0) {
 			$this->clearError();
 			$id=db_insertid($result,'artifact_extra_field_elements','element_id');
@@ -138,7 +140,8 @@
 	 *	@return	boolean	success.
 	 */
 	function fetchData($id) {
-		$res=db_query("SELECT * FROM artifact_extra_field_elements WHERE element_id='$id'");
+		$res = db_query_params ('SELECT * FROM artifact_extra_field_elements WHERE element_id=$1',
+					array ($id)) ;
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('ArtifactExtraField: Invalid ArtifactExtraFieldElement ID');
 			return false;
@@ -219,11 +222,12 @@
 		} else {
 			$status_id=0;
 		}
-		$sql="UPDATE artifact_extra_field_elements 
-			SET element_name='".htmlspecialchars($name)."',
-			status_id='$status_id' 
-			WHERE element_id='".$this->getID()."'"; 
-		$result=db_query($sql);
+		$result = db_query_params ('UPDATE artifact_extra_field_elements 
+			SET element_name=$1, status_id=$2
+			WHERE element_id=$3',
+					   array (htmlspecialchars($name),
+						  $status_id,
+						  $this->getID())) ;
 		if ($result && db_affected_rows($result) > 0) {
 			return true;
 		} else {

Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactFromID.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactFromID.class.php	2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactFromID.class.php	2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
  * FusionForge trackers
  *
  * Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -26,8 +27,6 @@
 
 class ArtifactFromID extends Error {
 
-//artifact_vw
-
 	var $Group;
 	var $ArtifactType;
 	var $Artifact;
@@ -36,7 +35,8 @@
 		if ($data) {
 			$art_arr =& $data;
 		} else {
-			$res=db_query("SELECT * FROM artifact_vw WHERE artifact_id='$id'");
+			$res = db_query_params ('SELECT * FROM artifact_vw WHERE artifact_id=$1',
+						array ($id)) ;
 			if (!$res || db_numrows($res) < 1) {
 				$this->setError("Invalid Artifact ID");
 				return false;

Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactHistory.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactHistory.class.php	2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactHistory.class.php	2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
  * FusionForge trackers
  *
  * Copyright 2004, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -95,10 +96,12 @@
 			$this->setPermissionDeniedError();
 			return false;
 		}
-		$sql="INSERT INTO artifact_category (group_artifact_id,category_name,auto_assign_to) 
-			VALUES ('".$this->Artifact->getID()."','".htmlspecialchars($name)."','$auto_assign_to')";
+		$result = db_query_params ('INSERT INTO artifact_category (group_artifact_id,category_name,auto_assign_to) 
+			VALUES ($1,$2,$3)',
+					   array ($this->Artifact->getID(),
+						  htmlspecialchars($name),
+						  $auto_assign_to)) ;
 
-		$result=db_query($sql);
 
 		if ($result && db_affected_rows($result) > 0) {
 			$this->clearError();
@@ -121,7 +124,8 @@
 	 *	@return	boolean	success.
 	 */
 	function fetchData($id) {
-		$res=db_query("SELECT * FROM artifact_category WHERE id='$id'");
+		$res = db_query_params ('SELECT * FROM artifact_category WHERE id=$1',
+					array ($id)) ;
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('ArtifactHistory: Invalid ArtifactHistory ID');
 			return false;

Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactMessage.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactMessage.class.php	2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactMessage.class.php	2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
  * FusionForge trackers
  *
  * Copyright 2004, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -110,10 +111,13 @@
 			}
 		}
 
-		$sql="insert into artifact_message (artifact_id,submitted_by,from_email,adddate,body) 
-			VALUES ('". $this->Artifact->getID() ."','$user_id','$by','". time() ."','". htmlspecialchars($body). "')";
-		$res = db_query($sql);
-
+		$res = db_query_params ('INSERT INTO artifact_message (artifact_id,submitted_by,from_email,adddate,body) 
+			VALUES ($1,$2,$3,$4,$5)',
+					array ($this->Artifact->getID(),
+					       $user_id,
+					       $by,
+					       time(),
+					       htmlspecialchars($body))) ;
 		if (!$res) {
 			$this->setError(db_error());
 			return false;
@@ -137,7 +141,8 @@
 	 *	@return	boolean	success.
 	 */
 	function fetchData($id) {
-		$res=db_query("SELECT * FROM artifact_message_user_vw WHERE id='$id'");
+		$res = db_query_params ('SELECT * FROM artifact_message_user_vw WHERE id=$1',
+					array ($id)) ;
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('ArtifactMessage: Invalid ArtifactMessage ID');
 			return false;

Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactQuery.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactQuery.class.php	2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactQuery.class.php	2009-04-19 20:03:17 UTC (rev 7453)
@@ -4,6 +4,7 @@
  *
  * Copyright 2005, Anthony J. Pugliese
  * Copyright 2005, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -111,11 +112,11 @@
 			return false;
 		}
 
-		$sql="INSERT INTO artifact_query (group_artifact_id,query_name,user_id) 
-			VALUES ('".$this->ArtifactType->getID()."','".htmlspecialchars($name)."','".user_getid()."')";
-
 		db_begin();
-		$result=db_query($sql);
+		$result = db_query_params ('INSERT INTO artifact_query (group_artifact_id,query_name,user_id) VALUES ($1,$2,$3)',
+					   array ($this->ArtifactType->getID(),
+						  htmlspecialchars($name),
+						  user_getid())) ;
 		if ($result && db_affected_rows($result) > 0) {
 			$this->clearError();
 			$id=db_insertid($result,'artifact_query','artifact_query_id');
@@ -153,7 +154,8 @@
 	 *	@return	boolean	success.
 	 */
 	function fetchData($id) {
-		$res=db_query("SELECT * FROM artifact_query WHERE artifact_query_id='$id'");
+			$res = db_query_params ('SELECT * FROM artifact_query WHERE artifact_query_id=$1',
+						array ($id)) ;
 		
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('ArtifactQuery: Invalid ArtifactQuery ID'.db_error());
@@ -161,7 +163,8 @@
 		}
 		$this->data_array =& db_fetch_array($res);
 		db_free_result($res);
-		$res=db_query("SELECT * FROM artifact_query_fields WHERE artifact_query_id='$id'");
+			$res = db_query_params ('SELECT * FROM artifact_query_fields WHERE artifact_query_id=$1',
+						array ($id)) ;
 		unset($this->element_array);
 		while ($arr = db_fetch_array($res)) {
 			//
@@ -189,15 +192,19 @@
 	 *
 	 */
 	function insertElements($id,$status,$assignee,$moddaterange,$sort_col,$sort_ord,$extra_fields,$opendaterange,$closedaterange) {
-		$res=db_query("DELETE FROM artifact_query_fields WHERE artifact_query_id='$id'");
+		$res = db_query_params ('DELETE FROM artifact_query_fields WHERE artifact_query_id=$1',
+					array ($id)) ;
 		if (!$res) {
 			$this->setError('Deleting Old Elements: '.db_error());
 			return false;
 		}
 		$id = intval($id);
-		$res=db_query("INSERT INTO artifact_query_fields 
+		$res = db_query_params ('INSERT INTO artifact_query_fields 
 			(artifact_query_id,query_field_type,query_field_id,query_field_values) 
-			VALUES ('$id','".ARTIFACT_QUERY_STATE."','0','".intval($status)."')");
+                        VALUES ($1,$2,0,$3)',
+					array ($id,
+					       ARTIFACT_QUERY_STATE,
+					       intval($status))) ;
 		if (!$res) {
 			$this->setError('Setting Status: '.db_error());
 			return false;
@@ -223,9 +230,12 @@
 		}
 
 		//CSV LIST OF ASSIGNEES
-		$res=db_query("INSERT INTO artifact_query_fields 
+		$res = db_query_params ('INSERT INTO artifact_query_fields 
 			(artifact_query_id,query_field_type,query_field_id,query_field_values) 
-			VALUES ('$id','".ARTIFACT_QUERY_ASSIGNEE."','0','".$assignee."')");
+			VALUES ($1,$2,0,$3)',
+					array ($id,
+					       ARTIFACT_QUERY_ASSIGNEE,
+					       $assignee)) ;
 		if (!$res) {
 			$this->setError('Setting Assignee: '.db_error());
 			return false;
@@ -236,9 +246,12 @@
 			$this->setError('Invalid Mod Date Range');
 			return false;
 		}
-		$res=db_query("INSERT INTO artifact_query_fields 
+		$res = db_query_params ('INSERT INTO artifact_query_fields 
 			(artifact_query_id,query_field_type,query_field_id,query_field_values) 
-			VALUES ('$id','".ARTIFACT_QUERY_MODDATE."','0','".$moddaterange."')");
+			VALUES ($1,$2,0,$3)',
+					array ($id,
+					       ARTIFACT_QUERY_MODDATE,
+					       $moddaterange)) ;
 		if (!$res) {
 			$this->setError('Setting Last Modified Date Range: '.db_error());
 			return false;
@@ -249,9 +262,12 @@
 			$this->setError('Invalid Open Date Range');
 			return false;
 		}
-		$res=db_query("INSERT INTO artifact_query_fields 
+		$res = db_query_params ('INSERT INTO artifact_query_fields 
 			(artifact_query_id,query_field_type,query_field_id,query_field_values) 
-			VALUES ('$id','".ARTIFACT_QUERY_OPENDATE."','0','".$opendaterange."')");
+			VALUES ($1,$2,0,$3)',
+					array ($id,
+					       ARTIFACT_QUERY_OPENDATE,
+					       $opendaterange)) ;
 		if (!$res) {
 			$this->setError('Setting Open Date Range: '.db_error());
 			return false;
@@ -262,25 +278,34 @@
 			$this->setError('Invalid Close Date Range');
 			return false;
 		}
-		$res=db_query("INSERT INTO artifact_query_fields 
+		$res = db_query_params ('INSERT INTO artifact_query_fields 
 			(artifact_query_id,query_field_type,query_field_id,query_field_values) 
-			VALUES ('$id','".ARTIFACT_QUERY_CLOSEDATE."','0','".$closedaterange."')");
+			VALUES ($1,$2,0,$3)',
+					array ($id,
+					       ARTIFACT_QUERY_CLOSEDATE,
+					       $closedaterange)) ;
 		if (!$res) {
 			$this->setError('Setting Close Date Range: '.db_error());
 			return false;
 		}
 
 		// SORT COLUMN
-		$res=db_query("INSERT INTO artifact_query_fields 
+		$res = db_query_params ('INSERT INTO artifact_query_fields 
 			(artifact_query_id,query_field_type,query_field_id,query_field_values) 
-			VALUES ('$id','".ARTIFACT_QUERY_SORTCOL."','0','".$sort_col."')");
+			VALUES ($1,$2,0,$3)',
+					array ($id,
+					       ARTIFACT_QUERY_SORTCOL,
+					       $sort_col)) ;
 		if (!$res) {
 			$this->setError('Setting Sort Col: '.db_error());
 			return false;
 		}
-		$res=db_query("INSERT INTO artifact_query_fields 
+		$res = db_query_params ('INSERT INTO artifact_query_fields 
 			(artifact_query_id,query_field_type,query_field_id,query_field_values) 
-			VALUES ('$id','".ARTIFACT_QUERY_SORTORD."','0','".$sort_ord."')");
+			VALUES ($1,$2,0,$3)',
+					array ($id,
+					       ARTIFACT_QUERY_SORTORD,
+					       $sort_ord)) ;
 		if (!$res) {
 			$this->setError('Setting Sort Order: '.db_error());
 			return false;
@@ -307,9 +332,13 @@
 			} else {
 				$vals[$i] =	 intval($vals[$i]);
 			}
-			$res=db_query("INSERT INTO artifact_query_fields 
-				(artifact_query_id,query_field_type,query_field_id,query_field_values) 
-				VALUES ('$id','".ARTIFACT_QUERY_EXTRAFIELD."','".((int)$keys[$i]) ."','". $vals[$i] ."')");
+			$res = db_query_params ('INSERT INTO artifact_query_fields 
+			(artifact_query_id,query_field_type,query_field_id,query_field_values) 
+			VALUES ($1,$2,$3,$4)',
+						array ($id,
+						       ARTIFACT_QUERY_EXTRAFIELD,
+						       intval ($keys[$i]),
+						       $vals[$i])) ;
 			if (!$res) {
 				$this->setError('Setting values: '.db_error());
 				return false;
@@ -450,13 +479,14 @@
 			$this->setError(_('Query does not exist'));
 			return false;
 		}
-		$sql="UPDATE artifact_query
-			SET 
-			query_name='".htmlspecialchars($name)."'
-			WHERE artifact_query_id='".$this->getID()."'
-			AND user_id='".user_getid()."'";
 		db_begin();
-		$result=db_query($sql);
+		$result = db_query_params ('UPDATE artifact_query
+			SET query_name=$1
+			WHERE artifact_query_id=$2
+			AND user_id=$3',
+					   array (htmlspecialchars($name),
+						  $this->getID(),
+						  user_getid())) ;
 		if ($result && db_affected_rows($result) > 0) {
 			if (!$this->insertElements($this->getID(),$status,$assignee,$moddaterange,$sort_col,$sort_ord,$extra_fields,$opendaterange,$closedaterange)) {
 				db_rollback();
@@ -488,10 +518,12 @@
 	}
 
 	function delete() {
-		$res=db_query("DELETE FROM artifact_query WHERE artifact_query_id='".$this->getID()."'
-            AND user_id='".user_getid()."'");
-		$res=db_query("DELETE FROM user_preferences WHERE preference_value='".$this->getID()."'
-            AND preference_name 'art_query".$this->ArtifactType->getID()."'");
+		$res = db_query_params ('DELETE FROM artifact_query WHERE artifact_query_id=$1 AND user_id=$2',
+					array ($this->getID(),
+					       user_getid())) ;
+		$res = db_query_params ('DELETE FROM user_preferences WHERE preference_value=$1 AND preference_name =$2',
+					array ($this->getID(),
+					       'art_query'.$this->ArtifactType->getID())) ;
 		unset($this->data_array);
 		unset($this->element_array);
 	}
@@ -504,8 +536,10 @@
 	function Exist($name) {
 		$user_id = user_getid();
 		$art_id = $this->ArtifactType->getID();
-		$sql = "SELECT * FROM artifact_query WHERE group_artifact_id = '$art_id' AND query_name = '$name' AND user_id = '$user_id'";
-		$res = db_query($sql);
+		$res = db_query_params ('SELECT * FROM artifact_query WHERE group_artifact_id = $1 AND query_name = $2 AND user_id = $3',
+					array ($art_id,
+					       $name,
+					       $user_id)) ;
 		if (db_numrows($res)>0) {
 			return true;
 		} else {

Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactQueryFactory.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactQueryFactory.class.php	2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactQueryFactory.class.php	2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
  * FusionForge trackers
  *
  * Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -62,15 +63,17 @@
 		return true;
 	}
 	
-	function& getArtifactQueries() {
+	function &getArtifactQueries() {
 		if (!is_null($this->ArtifactQueries)) {
 			return $this->ArtifactQueries;
 		}
 		
 		$this->ArtifactQueries = array();
 		
-		$res = db_query("SELECT * FROM artifact_query WHERE user_id='".user_getid()."' ".
-					"AND group_artifact_id='".$this->ArtifactType->getID()."'");
+		$res = db_query_params ('SELECT * FROM artifact_query WHERE user_id=$1
+					 AND group_artifact_id=$2',
+					array (user_getid(),
+					       $this->ArtifactType->getID())) ;
 		if (!$res) {
 			$this->setError("ArtifactQueryFactory:: Database error");
 		}

Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactType.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactType.class.php	2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactType.class.php	2009-04-19 20:03:17 UTC (rev 7453)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2001, VA Linux Systems, Inc.
  * Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -38,8 +39,8 @@
 			if ($res) {
 				//the db result handle was passed in
 			} else {
-				$res=db_query("SELECT * FROM artifact_group_list_vw
-						WHERE group_artifact_id='$artType_id'");
+				$res = db_query_params ('SELECT * FROM artifact_group_list_vw WHERE group_artifact_id=$1',
+							array ($artType_id)) ;
 			}
 			if (!$res || db_numrows($res) < 1 ){
 				$ARTIFACTTYPE_OBJ["_".$artType_id."_"]=false;
@@ -225,8 +226,9 @@
 		$allow_anon = ((!$allow_anon) ? 0 : $allow_anon);
 		$email_all = ((!$email_all) ? 0 : $email_all);
 
-
-		$sql="INSERT INTO 
+		db_begin();
+		
+		$res = db_query_params ('INSERT INTO 
 			artifact_group_list 
 			(group_id,
 			name,
@@ -241,22 +243,19 @@
 			browse_instructions,
 			datatype) 
 			VALUES 
-			('". $this->Group->getID() ."',
-			'". htmlspecialchars($name) ."',
-			'". htmlspecialchars($description) ."',
-			'$is_public',
-			'$allow_anon',
-			'$email_all',
-			'$email_address',
-			'". ($due_period*(60*60*24)) ."',
-			'1209600',
-			'".htmlspecialchars($submit_instructions)."',
-			'".htmlspecialchars($browse_instructions)."',
-			'$datatype')";
-		
-		db_begin();
-		
-		$res = db_query($sql);
+			($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12)',
+					array ($this->Group->getID(),
+					       htmlspecialchars($name),
+					       htmlspecialchars($description),
+					       $is_public,
+					       $allow_anon,
+					       $email_all,
+					       $email_address,
+					       $due_period*(60*60*24),
+					       1209600,
+					       htmlspecialchars($submit_instructions),
+					       htmlspecialchars($browse_instructions),
+					       $datatype)) ;
 
 		$id = db_insertid($res,'artifact_group_list','group_artifact_id');
 		
@@ -282,9 +281,11 @@
 	 *  @return boolean	success.
 	 */
 	function fetchData($artifact_type_id) {
-		$res=db_query("SELECT * FROM artifact_group_list_vw
-			WHERE group_artifact_id='$artifact_type_id' 
-			AND group_id='". $this->Group->getID() ."'");
+		$res = db_query_params ('SELECT * FROM artifact_group_list_vw
+			WHERE group_artifact_id=$1
+			AND group_id=$2',
+					array ($artifact_type_id,
+					       $this->Group->getID())) ;
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError('ArtifactType: Invalid ArtifactTypeID');
 			return false;
@@ -472,8 +473,10 @@
 	 *	@return	boolean	success.
 	 */
 	function setCustomStatusField($extra_field_id) {
-		$res=db_query("UPDATE artifact_group_list SET custom_status_field='$extra_field_id'
-			WHERE group_artifact_id='".$this->getID()."'");
+		$res = db_query_params ('UPDATE artifact_group_list SET custom_status_field=$1
+			WHERE group_artifact_id=$2',
+					array ($extra_field_id,
+					       $this->getID())) ;
 		return $res;
 	}
 
@@ -500,7 +503,8 @@
 				$element_id=$extra_fields[$csfield];
 
 				//convert that element_id into the status_id
-				$res=db_query("SELECT status_id FROM artifact_extra_field_elements WHERE element_id='$element_id'");
+				$res = db_query_params ('SELECT status_id FROM artifact_extra_field_elements WHERE element_id=$1',
+							array ($element_id)) ;
 				if (!$res) {
 					$this->setError('Error Remapping Status: '.db_error());
 					return false;
@@ -508,7 +512,8 @@
 				$status_id=db_result($res,0,'status_id');
 			} else {
 				// custom status was not passed... use the first status from the database
-				$res = db_query("SELECT status_id FROM artifact_extra_field_elements WHERE extra_field_id='".$csfield."' ORDER BY element_id ASC LIMIT 1 OFFSET 0");
+				$res = db_query_prams ('SELECT status_id FROM artifact_extra_field_elements WHERE extra_field_id=$1 ORDER BY element_id ASC LIMIT 1 OFFSET 0',
+						       array ($csfield)) ;
 				if (db_numrows($res) == 0) {		// No values available
 					$this->setError('Error Remapping Status');
 					return false;
@@ -553,14 +558,15 @@
 
 		}
 
-		$res=db_query("SELECT * FROM artifact_type_monitor
-			WHERE group_artifact_id='". $this->getID() ."'
-			AND user_id='$user_id'");
+		$res = db_query_params ('SELECT * FROM artifact_type_monitor WHERE group_artifact_id=$1 AND user_id=$2',
+					array ($this->getID(),
+					       $user_id)) ;
 
 		if (!$res || db_numrows($res) < 1) {
 			//not yet monitoring
-			$res=db_query("INSERT INTO artifact_type_monitor (group_artifact_id,user_id)
-				VALUES ('". $this->getID() ."','$user_id')");
+			$res = db_query_params ('INSERT INTO artifact_type_monitor (group_artifact_id,user_id) VALUES ($1,$2)',
+						array ($this->getID(),
+						       $user_id)) ;
 			if (!$res) {
 				$this->setError(db_error());
 				return false;
@@ -570,9 +576,11 @@
 			}
 		} else {
 			//already monitoring - remove their monitor
-			db_query("DELETE FROM artifact_type_monitor
-				WHERE group_artifact_id='". $this->getID() ."'
-				AND user_id='$user_id'");
+			db_query_params ('DELETE FROM artifact_type_monitor
+				WHERE group_artifact_id=$1
+				AND user_id=$2',
+					 array ($this->getID(),
+						$user_id)) ;
 			$this->setError(_('Tracker Monitoring Deactivated'));
 			return false;
 		}
@@ -582,9 +590,10 @@
 		if (!session_loggedin()) {
 			return false;
 		}
-		$sql="SELECT count(*) AS count FROM artifact_type_monitor 
-			WHERE user_id='".user_getid()."' AND group_artifact_id='".$this->getID()."';";
-		$result = db_query($sql);
+		$result = db_query_params ('SELECT count(*) AS count FROM artifact_type_monitor 
+			WHERE user_id=$1 AND group_artifact_id=$2',
+					   array (user_getid(),
+						  $this->getID())) ;
 		$row_count = db_fetch_array($result);
 		return $result && $row_count['count'] > 0;
 	}
@@ -595,9 +604,8 @@
 	 *  @return array of email addresses monitoring this Artifact.
 	 */
 	function &getMonitorIds() {
-		$res=db_query("SELECT user_id
-			FROM artifact_type_monitor
-			WHERE group_artifact_id='". $this->getID() ."'");
+		$res = db_query_params ('SELECT user_id	FROM artifact_type_monitor WHERE group_artifact_id=$1',
+					array ($this->getID())) ;
 		return util_result_column_to_array($res);
 	}
 
@@ -611,16 +619,20 @@
 		if (!isset($this->extra_fields["$filter"])) {
 			$this->extra_fields["$filter"] = array();
 			if ($filter) {
-				$filter_str=" AND field_type IN ($filter) ";
+				$res = db_query_params ('SELECT *
+				FROM artifact_extra_field_list 
+				WHERE group_artifact_id=$1
+                                AND field_type = ANY ($2)
+				ORDER BY field_type ASC',
+							array ($this->getID(),
+							       db_int_array_to_any_clause (explode (',', $filter)))) ;
 			} else {
-				$filter_str="";
+				$res = db_query_params ('SELECT *
+				FROM artifact_extra_field_list 
+				WHERE group_artifact_id=$1
+				ORDER BY field_type ASC',
+							array ($this->getID())) ;
 			}
-			$sql="select *
-				FROM artifact_extra_field_list 
-				WHERE group_artifact_id='".$this->getID() ."'
-				$filter_str
-				ORDER BY field_type ASC";
-			$res=db_query($sql);
 			while($arr = db_fetch_array($res)) {
 				$this->extra_fields["$filter"][$arr['extra_field_id']] = $arr;
 			}
@@ -670,7 +682,8 @@
 			//
 			//	Iterate the elements
 			//
-			$resel=db_query("SELECT * FROM artifact_extra_field_elements WHERE extra_field_id='".$ef['extra_field_id']."'");
+			$resel = db_query_params ('SELECT * FROM artifact_extra_field_elements WHERE extra_field_id=$1',
+						  array ($ef['extra_field_id'])) ;
 			while ($el =& db_fetch_array($resel)) {
 				//new element
 				$nel = new ArtifactExtraFieldElement($nef);
@@ -712,12 +725,11 @@
 		}
 		if (!isset($this->extra_field[$id])) {
 			$this->extra_field[$id] = array();
-			$sql="select element_id,element_name,status_id
+			$res = db_query_params  ('SELECT element_id,element_name,status_id
 				FROM artifact_extra_field_elements
-				WHERE extra_field_id ='".$id."'  
-				ORDER BY element_id ASC";
-
-			$res=db_query($sql);
+				WHERE extra_field_id = $1
+				ORDER BY element_id ASC',
+						 array ($id)) ;
 			$i=0;
 			while($arr =& db_fetch_array($res)) {
 				$this->extra_field[$id][$i++] = $arr;
@@ -748,10 +760,10 @@
 			return 'None';
 		}
 		if (!isset($this->element_name["$choiceid"])) {
-			$sql="select element_id,extra_field_id,element_name
+			$res = db_query_params ('SELECT element_id,extra_field_id,element_name
 				FROM artifact_extra_field_elements
-				WHERE element_id IN ($choiceid)";
-			$res=db_query($sql);
+				WHERE element_id = ANY ($1)',
+						array (db_int_array_to_any_clause (explode (',', $choiceid)))) ;
 			if (db_numrows($res) > 1) {
 				$arr=util_result_column_to_array($res,2);
 				$this->element_name["$choiceid"]=implode(',',$arr);
@@ -778,10 +790,10 @@
 			return 0;
 		}
 		if (!$this->element_status["$choiceid"]) {
-			$sql="select element_id,extra_field_id,status_id
+			$res = db_query_params ('SELECT element_id,extra_field_id,status_id
 				FROM artifact_extra_field_elements
-				WHERE element_id IN ($choiceid)";
-			$res=db_query($sql);
+				WHERE element_id = ANY ($1)',
+						array (db_int_array_to_any_clause (explode (',', $choiceid)))) ;
 			if (db_numrows($res) > 1) {
 				$arr=util_result_column_to_array($res,2);
 				$this->element_status["$choiceid"]=implode(',',$arr);
@@ -810,50 +822,61 @@
 			return false;
 		}
 		db_begin();
-		db_query("DELETE FROM artifact_extra_field_data
+		db_query_params ('DELETE FROM artifact_extra_field_data
 			WHERE EXISTS (SELECT artifact_id FROM artifact 
-			WHERE group_artifact_id='".$this->getID()."'
-			AND artifact.artifact_id=artifact_extra_field_data.artifact_id)");
+			WHERE group_artifact_id=$1
+			AND artifact.artifact_id=artifact_extra_field_data.artifact_id)',
+				 array ($this->getID())) ;
 //echo '0.1'.db_error();
-		db_query("DELETE FROM artifact_extra_field_elements
+		db_query_params ('DELETE FROM artifact_extra_field_elements
 			WHERE EXISTS (SELECT extra_field_id FROM artifact_extra_field_list 
-			WHERE group_artifact_id='".$this->getID()."'
-			AND artifact_extra_field_list.extra_field_id = artifact_extra_field_elements.extra_field_id)");
+			WHERE group_artifact_id=$1
+			AND artifact_extra_field_list.extra_field_id = artifact_extra_field_elements.extra_field_id)',
+				 array ($this->getID())) ;
 //echo '0.2'.db_error();
-		db_query ("DELETE FROM artifact_extra_field_list
-			WHERE group_artifact_id='".$this->getID()."'");
+		db_query_params ('DELETE FROM artifact_extra_field_list
+			WHERE group_artifact_id=$1',
+			array ($this->getID())) ;
 //echo '0.3'.db_error();
-		db_query("DELETE FROM artifact_canned_responses 
-			WHERE group_artifact_id='".$this->getID()."'");
+		db_query_params ('DELETE FROM artifact_canned_responses 
+			WHERE group_artifact_id=$1',
+				 array ($this->getID())) ;
 //echo '1'.db_error();
-		db_query("DELETE FROM artifact_counts_agg
-			WHERE group_artifact_id='".$this->getID()."'");
+		db_query_params ('DELETE FROM artifact_counts_agg
+			WHERE group_artifact_id=$1',
+				 array ($this->getID())) ;
 //echo '5'.db_error();
-		db_query("DELETE FROM artifact_file
+		db_query_params ('DELETE FROM artifact_file
 			WHERE EXISTS (SELECT artifact_id FROM artifact 
-			WHERE group_artifact_id='".$this->getID()."'
-			AND artifact.artifact_id=artifact_file.artifact_id)");
+			WHERE group_artifact_id=$1
+			AND artifact.artifact_id=artifact_file.artifact_id)',
+				 array ($this->getID())) ;
 //echo '6'.db_error();
-		db_query("DELETE FROM artifact_message
+		db_query_params ('DELETE FROM artifact_message
 			WHERE EXISTS (SELECT artifact_id FROM artifact 
-			WHERE group_artifact_id='".$this->getID()."'
-			AND artifact.artifact_id=artifact_message.artifact_id)");
+			WHERE group_artifact_id=$1
+			AND artifact.artifact_id=artifact_message.artifact_id)',
+				 array ($this->getID())) ;
 //echo '7'.db_error();
-		db_query("DELETE FROM artifact_history
+		db_query_params ('DELETE FROM artifact_history
 			WHERE EXISTS (SELECT artifact_id FROM artifact 
-			WHERE group_artifact_id='".$this->getID()."'
-			AND artifact.artifact_id=artifact_history.artifact_id)");
+			WHERE group_artifact_id=$1
+			AND artifact.artifact_id=artifact_history.artifact_id)',
+				 array ($this->getID())) ;
 //echo '8'.db_error();
-		db_query("DELETE FROM artifact_monitor
+		db_query_params ('DELETE FROM artifact_monitor
 			WHERE EXISTS (SELECT artifact_id FROM artifact 
-			WHERE group_artifact_id='".$this->getID()."'
-			AND artifact.artifact_id=artifact_monitor.artifact_id)");
+			WHERE group_artifact_id=$1
+			AND artifact.artifact_id=artifact_monitor.artifact_id)',
+				 array ($this->getID())) ;
 //echo '9'.db_error();
-		db_query("DELETE FROM artifact
-			WHERE group_artifact_id='".$this->getID()."'");
+		db_query_params ('DELETE FROM artifact
+			WHERE group_artifact_id=$1',
+				 array ($this->getID())) ;
 //echo '4'.db_error();
-		db_query("DELETE FROM artifact_group_list
-			WHERE group_artifact_id='".$this->getID()."'");
+		db_query_params ('DELETE FROM artifact_group_list
+			WHERE group_artifact_id=$1',
+				 array ($this->getID())) ;
 //echo '11'.db_error();
 		
 		db_commit();
@@ -867,12 +890,13 @@
 	 */
 	function getTechnicians() {
 		if (!isset($this->technicians_res)) {
-			$sql="SELECT user_id,realname 
+			$this->technicians_res = db_query_params ('SELECT user_id,realname 
 				FROM artifactperm_user_vw
-				WHERE group_artifact_id='". $this->getID() ."' 
+				WHERE group_artifact_id=$1
 				AND perm_level in (1,2)
-				ORDER BY realname";
-			$this->technicians_res = db_query($sql);
+				ORDER BY realname',
+								  array ($this->getID())) ;
+			($sql);
 		}
 		return $this->technicians_res;
 	}
@@ -895,10 +919,10 @@
 	 */
 	function getCannedResponses() {
 		if (!isset($this->cannedresponses_res)) {
-			$sql="SELECT id,title
+			$this->cannedresponses_res = db_query_params ('SELECT id,title
 				FROM artifact_canned_responses 
-				WHERE group_artifact_id='". $this->getID() ."'";
-			$this->cannedresponses_res = db_query($sql);
+				WHERE group_artifact_id=$1',
+								      array ($this->getID()));
 		}
 		return $this->cannedresponses_res;
 	}
@@ -916,8 +940,7 @@
 	 */
 	function getStatuses() {
 		if (!isset($this->status_res)) {
-			$sql="select * from artifact_status";
-			$this->status_res=db_query($sql);
+			$this->status_res = db_query_params ('SELECT * FROM artifact_status');
 		}
 		return $this->status_res;
 	}
@@ -929,8 +952,8 @@
 	 * @return	string	name.
 	 */
 	function getStatusName($id) {
-		$sql="select status_name from artifact_status WHERE id='$id'";
-		$result=db_query($sql);
+		$result = db_query_params ('select status_name from artifact_status WHERE id=$1',
+					   array ($id)) ;
 		if ($result && db_numrows($result) > 0) {
 			return db_result($result,0,'status_name');
 		} else {
@@ -1016,13 +1039,15 @@
 			return 0;
 		} else {
 			if (!isset($this->current_user_perm)) {
-				$sql="SELECT role_setting.value::integer
+				$this->current_user_perm=db_result(db_query_params ('SELECT role_setting.value::integer
 				FROM role_setting, user_group
-				WHERE role_setting.ref_id='". $this->getID() ."'
-				AND user_group.role_id = role_setting.role_id
-                                AND user_group.user_id='".user_getid()."'
-                                AND role_setting.section_name='tracker'";
-				$this->current_user_perm=db_result(db_query($sql),0,0);
+				WHERE role_setting.ref_id=$1
+				AND user_group.role_id=role_setting.role_id
+                                AND user_group.user_id=$2
+                                AND role_setting.section_name=$3',
+										    array ($this->getID(),
+											   user_getid(),
+											   'tracker'))) ;
 			}
 			return $this->current_user_perm;
 		}
@@ -1071,20 +1096,29 @@
 		$email_all = ((!$email_all) ? 0 : $email_all); 
 		$use_resolution = ((!$use_resolution) ? 0 : $use_resolution); 
 
-		$sql="UPDATE artifact_group_list SET 
-			name='". htmlspecialchars($name). "',
-			description='". htmlspecialchars($description) ."',
-			email_all_updates='$email_all',
-			email_address='$email_address',
-			due_period='". ($due_period * (60*60*24)) ."',
-			status_timeout='". ($status_timeout * (60*60*24)) . "',
-			submit_instructions='". htmlspecialchars($submit_instructions)."',
-			browse_instructions='" .htmlspecialchars($browse_instructions)."'
-			WHERE 
-			group_artifact_id='". $this->getID() ."' 
-			AND group_id='". $this->Group->getID() ."'";
+		$res = db_query_params  ('UPDATE artifact_group_list SET 
+			name=$1,
+			description=$2,
+			email_all_updates=$3,
+			email_address=$4,
+			due_period=$5,
+			status_timeout=$6,
+			submit_instructions=$7,
+			browse_instructions=$8
+			WHERE group_artifact_id=$9 AND group_id=$10',
+					 array (
+						 htmlspecialchars($name),
+						 htmlspecialchars($description),
+						 $email_all,
+						 $email_address,
+						 $due_period * (60*60*24),
+						 $status_timeout * (60*60*24),
+						 htmlspecialchars($submit_instructions),
+						 htmlspecialchars($browse_instructions),
+						 $this->getID(),
+						 $this->Group->getID())) ;
 
-		$res=db_query($sql);
+		($sql);
 		if (!$res || db_affected_rows($res) < 1) {
 			$this->setError('ArtifactType::Update(): '.db_error());
 			return false;

Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactTypeFactory.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactTypeFactory.class.php	2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactTypeFactory.class.php	2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
  * FusionForge trackers
  *
  * Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -90,36 +91,44 @@
 		if (session_loggedin()) {
 			$perm =& $this->Group->getPermission( session_get_user() );
 			if (!$perm || !is_object($perm) || !$perm->isMember()) {
-				$public_flag='=1';
-				$exists = '';
+				$result = db_query_params ('SELECT * FROM artifact_group_list_vw
+			WHERE group_id=$1
+			AND is_public=1
+			ORDER BY group_artifact_id ASC',
+							   array ($this->Group->getID())) ;
 			} else {
-				$public_flag='<3';
 				if ($perm->isArtifactAdmin()) {
-					$exists='';
+					$result = db_query_params ('SELECT * FROM artifact_group_list_vw
+			WHERE group_id=$1
+			AND is_public<3
+			ORDER BY group_artifact_id ASC',
+								   array ($this->Group->getID())) ;
 				} else {
-					$exists=" AND group_artifact_id IN (SELECT role_setting.ref_id
+					$result = db_query_params ('SELECT * FROM artifact_group_list_vw
+			WHERE group_id=$1
+			AND is_public<3
+                        AND group_artifact_id IN (SELECT role_setting.ref_id
 					FROM role_setting, user_group
 					WHERE role_setting.value::integer >= 0
-                                          AND role_setting.section_name = 'tracker'
+                                          AND role_setting.section_name = $2
                                           AND role_setting.ref_id=artifact_group_list_vw.group_artifact_id
                                           
    					  AND user_group.role_id = role_setting.role_id
-					  AND user_group.user_id='".user_getid()."') ";
+					  AND user_group.user_id = $3
+			ORDER BY group_artifact_id ASC',
+								   array ($this->Group->getID(),
+									  'tracker',
+									  user_getid ())) ;
 				}
 			}
 		} else {
-			$public_flag='=1';
-			$exists = '';
+			$result = db_query_params ('SELECT * FROM artifact_group_list_vw
+			WHERE group_id=$1
+			AND is_public=1
+			ORDER BY group_artifact_id ASC',
+						   array ($this->Group->getID())) ;
 		}
 
-		$sql="SELECT * FROM artifact_group_list_vw
-			WHERE group_id='". $this->Group->getID() ."'
-			AND is_public $public_flag
-			$exists
-			ORDER BY group_artifact_id ASC";
-
-		$result = db_query ($sql);
-
 		$rows = db_numrows($result);
 
 		if (!$result || $rows < 1) {

Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactTypes.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactTypes.class.php	2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactTypes.class.php	2009-04-19 20:03:17 UTC (rev 7453)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2001, VA Linux Systems, Inc.
  * Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -71,8 +72,9 @@
 	function createTrackers() {
 
 		// first, check if trackers already exist
-		$res=db_query("SELECT * FROM artifact_group_list 
-			WHERE group_id='".$this->Group->getID()."' AND datatype > 0");
+		$res = db_query_params ('SELECT * FROM artifact_group_list 
+			WHERE group_id=$1 AND datatype > 0',
+					array ($this->Group->getID()));
 		if (db_numrows($res) > 0) {
 			return true;
 		}

Modified: branches/Branch_4_8/gforge/common/tracker/Artifacts.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/Artifacts.class.php	2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/Artifacts.class.php	2009-04-19 20:03:17 UTC (rev 7453)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2001, VA Linux Systems, Inc.
  * Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -88,16 +89,11 @@
 		if (!$offset) {
 			$offset = 0;
 		}
+		$res = db_query_params ('SELECT * FROM artifact_vw WHERE group_artifact_id=$1',
+					array ($this->ArtifactType->getID()),
+					500,
+					$offset) ;
 
-		$sql = "SELECT 
-					* 
-				FROM 
-					artifact_vw 
-				WHERE 
-					group_artifact_id='". $this->ArtifactType->getID() ."'";
-	
-		$res = db_query($sql,500,$offset);
-
 		if (!$res) {
 			$this->setError('Could not get artifacts: ' . db_error());
 			return false;

Modified: branches/Branch_4_8/gforge/common/tracker/ArtifactsForUser.class.php
===================================================================
--- branches/Branch_4_8/gforge/common/tracker/ArtifactsForUser.class.php	2009-04-19 20:03:07 UTC (rev 7452)
+++ branches/Branch_4_8/gforge/common/tracker/ArtifactsForUser.class.php	2009-04-19 20:03:17 UTC (rev 7453)
@@ -3,6 +3,7 @@
  * FusionForge trackers
  *
  * Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -50,9 +51,9 @@
 	*	@param	sql	The sql that returns artifact_id
 	*	@return	Artifact[]	The array of Artifacts
 	*/
-	function & getArtifactsFromSQL($sql) {
+	function &getArtifactsFromSQLwithParams ($sql, $params) {
 		$artifacts = array();
-		$result=db_query($sql);
+		$result = db_query_params ($sql, $params);
 		$rows=db_numrows($result);
 		if ($rows<=0) {
 			return $artifacts;
@@ -74,10 +75,10 @@
 	*	getAssignedArtifacts	- Get the users's assigned artifacts
 	*	@return	Artifact[]	The array of Artifacts
 	*/
-	function & getAssignedArtifactsByGroup() {
-		$sql="SELECT * FROM artifact_vw av WHERE av.assigned_to=".$this->User->getID()."
-			AND av.status_id='1' ORDER BY av.group_artifact_id, av.artifact_id DESC";
-		return $this->getArtifactsFromSQL($sql);
+	function &getAssignedArtifactsByGroup() {
+		return $this->getArtifactsFromSQLwithParams('SELECT * FROM artifact_vw av WHERE av.assigned_to=$1 AND av.status_id=1 ORDER BY av.group_artifact_id, av.artifact_id DESC',
+							    array($this->User->getID())) ;
+								  
 	}
 
 	/**
@@ -85,13 +86,9 @@
 	*
 	*	@return Artifact[] The array of Artifacts
 	*/
-	function & getSubmittedArtifactsByGroup() {
-		$sql="SELECT *
-			FROM artifact_vw av
-			WHERE av.submitted_by=".$this->User->getID()."
-			AND av.status_id='1'
-			ORDER BY av.group_artifact_id, av.artifact_id DESC";
-		return $this->getArtifactsFromSQL($sql);
+	function &getSubmittedArtifactsByGroup() {
+		return $this->getArtifactsFromSQLwithParams('SELECT * FROM artifact_vw av WHERE av.submitted_by=$1 AND av.status_id=1 ORDER BY av.group_artifact_id, av.artifact_id DESC',
+							    array($this->User->getID())) ;
 	}
 }
 




More information about the Fusionforge-commits mailing list