[Fusionforge-commits] r7185 - trunk/gforge/common/forum

Roland Mas lolando at libremir.placard.fr.eu.org
Wed Mar 18 20:25:32 CET 2009


Author: lolando
Date: 2009-03-18 20:25:32 +0100 (Wed, 18 Mar 2009)
New Revision: 7185

Modified:
   trunk/gforge/common/forum/Forum.class.php
   trunk/gforge/common/forum/ForumFactory.class.php
   trunk/gforge/common/forum/ForumMessage.class.php
   trunk/gforge/common/forum/ForumMessageFactory.class.php
   trunk/gforge/common/forum/ForumsForUser.class.php
Log:
Parametrised SQL queries: forums

Modified: trunk/gforge/common/forum/Forum.class.php
===================================================================
--- trunk/gforge/common/forum/Forum.class.php	2009-03-18 19:25:21 UTC (rev 7184)
+++ trunk/gforge/common/forum/Forum.class.php	2009-03-18 19:25:32 UTC (rev 7185)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2000, Tim Perdue/Sourceforge
  * Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -137,8 +138,11 @@
 		}
 
 		$project_name = $this->Group->getUnixName();
-		$result_list_samename = db_query('SELECT 1 FROM mail_group_list WHERE list_name = \''.$project_name.'-'.$forum_name.'\' AND group_id='.$this->Group->getID().''); 
+		$result_list_samename = db_query_params ('SELECT 1 FROM mail_group_list WHERE list_name=$1 AND group_id=$2',
 
+							 array ($project_name.'-'.$forum_name,
+								$this->Group->getID())) ; 
+
 		if (db_numrows($result_list_samename) > 0){
 			$this->setError(_('Mailing List Exists with same name'));	
 			return false;
@@ -163,16 +167,15 @@
 			}
 		}
 
-		$sql="INSERT INTO forum_group_list (group_id,forum_name,is_public,description,send_all_posts_to,allow_anonymous,moderation_level)
-			VALUES ('".$this->Group->getId()."',
-			'". strtolower($forum_name) ."',
-			'$is_public',
-			'". htmlspecialchars($description) ."',
-			'$send_all_posts_to',
-			'$allow_anonymous','$moderation_level')";
-
 		db_begin();
-		$result=db_query($sql);
+		$result = db_query_params('INSERT INTO forum_group_list (group_id,forum_name,is_public,description,send_all_posts_to,allow_anonymous,moderation_level) VALUES ($1,$2,$3,$4,$5,$6,$7)',
+					  array ($this->Group->getID(),
+						 strtolower($forum_name),
+						 $is_public,
+						 htmlspecialchars($description),
+						 $send_all_posts_to,
+						 $allow_anonymous,
+						 $moderation_level)) ;
 		if (!$result) {
 			db_rollback();
 			$this->setError(_('Error Adding Forum').db_error());
@@ -216,11 +219,11 @@
 					) AS threads 
 				FROM forum_group_list_vw AS fgl
 				WHERE group_forum_id='$group_forum_id'";
+			$res = db_query ($sql);
 		} else {
-			$sql="SELECT * FROM forum_group_list_vw
-				WHERE group_forum_id='$group_forum_id'";
+			$res = db_query_params ('SELECT * FROM forum_group_list_vw WHERE group_forum_id=$1',
+						array ($group_forum_id)) ;
 		}
-		$res=db_query($sql);
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError(_('Invalid forum group identifier'));
 			return false;
@@ -264,10 +267,11 @@
 				return false;
 			}
 			$sql="select @res";
+			$result = db_query ($sql);
 		} else {
-			$sql="SELECT nextval('forum_thread_seq')";
+			$result = db_query_params ('SELECT nextval($1)',
+						   array ('forum_thread_seq')) ;
 		}
-		$result=db_query($sql);
 		if (!$result || db_numrows($result) < 1) {
 			echo db_error();
 			return false;
@@ -294,9 +298,10 @@
 			return $this->save_date;
 		} else {
 			if (session_loggedin()) {
-				$sql="SELECT save_date FROM forum_saved_place
-					WHERE user_id='".user_getid()."' AND forum_id='". $this->getID() ."';";
-				$result = db_query($sql);
+				$result = db_query_params ('SELECT save_date FROM forum_saved_place WHERE user_id=$1 AND forum_id=$2',
+							   array (user_getid(),
+								  $this->getID())) ;
+);
 				if ($result && db_numrows($result) > 0) {
 					$this->save_date=db_result($result,0,'save_date');
 					return $this->save_date;
@@ -400,8 +405,8 @@
 	 *	@return	array	The array of user_id's.
 	 */
 	function getMonitoringIDs() {
-		$sql="SELECT user_id FROM forum_monitored_forums WHERE forum_id='".$this->getID()."'";
-		$result=db_query($sql);
+		$result = db_query_params ('SELECT user_id FROM forum_monitored_forums WHERE forum_id=$1',
+					   array ($this->getID())) ;
 		return util_result_column_to_array($result);
 	}
 	
@@ -411,13 +416,13 @@
 	 *	@return	array 	The array of user_id's.
 	 */
 	function getForumAdminIDs() {
-		$sql = "SELECT user_group.user_id
-                        FROM user_group, role_setting
-                        WHERE role_setting.section_name='forum'
-                          AND role_setting.ref_id='".$this->getID()."'
-                          AND role_setting.value::integer > 1
-                          AND user_group.role_id = role_setting.role_id";
-		$result = db_query($sql);
+		$result = db_query_params ('SELECT user_group.user_id FROM user_group, role_setting
+			WHERE role_setting.section_name=$1
+			  AND role_setting.ref_id=$2
+			  AND role_setting.value::integer > 1
+			  AND user_group.role_id = role_setting.role_id',
+					   array ('forum',
+						  $this->getID())) ;
 		return util_result_column_to_array($result);
 	}
 	
@@ -453,9 +458,9 @@
 			$this->setError(_('You can only monitor if you are logged in'));
 			return false;
 		}
-		$sql="SELECT * FROM forum_monitored_forums
-			WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."';";
-		$result = db_query($sql);
+		$result = db_query_params ('SELECT * FROM forum_monitored_forums WHERE user_id=$1 AND forum_id=$2',
+					   array (user_getid(),
+						  $this->getID())) ;
 
 		if (!$result || db_numrows($result) < 1) {
 			/*
@@ -465,7 +470,9 @@
 			$sql="INSERT INTO forum_monitored_forums (forum_id,user_id)
 				VALUES ('".$this->getID()."','".user_getid()."')";
 
-			$result = db_query($sql);
+			$result = db_query_params ('INSERT INTO forum_monitored_forums (forum_id,user_id) VALUES ($1,$2)',
+						   array ($this->getID(),
+							  user_getid())) ;
 
 			if (!$result) {
 				$this->setError(_('Unable To Add Monitor').' : '.db_error());
@@ -486,9 +493,9 @@
 			$this->setError(_('You can only monitor if you are logged in'));
 			return false;
 		}
-		$sql="DELETE FROM forum_monitored_forums
-			WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."';";
-		return db_query($sql);
+		return db_query_params ('DELETE FROM forum_monitored_forums WHERE user_id=$1 AND forum_id=$2',
+					array (user_getid(),
+					       $this->getID())) ;
 	}
 
 	/**
@@ -500,8 +507,9 @@
 		if (!session_loggedin()) {
 			return false;
 		}
-		$sql="SELECT count(*) AS count FROM forum_monitored_forums WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."';";
-		$result = db_query($sql);
+		$result = db_query_params ('SELECT count(*) AS count FROM forum_monitored_forums WHERE user_id=$1 AND forum_id=$2',
+					   array (user_getid(),
+						  $this->getID())) ;
 		$row_count = db_fetch_array($result);
 		return $result && $row_count['count'] > 0;
 	}
@@ -516,31 +524,30 @@
 			$this->setError(_('You Can Only Save Your Place If You Are Logged In'));
 			return false;
 		}
-		$sql="SELECT * FROM forum_saved_place
-			WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."'";
+		$result = db_query_params ('SELECT * FROM forum_saved_place WHERE user_id=$1 AND forum_id=$2',
+					   array (user_getid(),
+						  $this->getID())) ;
 
-		$result = db_query($sql);
-
 		if (!$result || db_numrows($result) < 1) {
 			/*
 				User is not already monitoring thread, so
 				insert a row so monitoring can begin
 			*/
-			$sql="INSERT INTO forum_saved_place (forum_id,user_id,save_date)
-				VALUES ('".$this->getID()."','".user_getid()."','".time()."')";
+			$result = db_query_params ('INSERT INTO forum_saved_place (forum_id,user_id,save_date) VALUES ($1,$2,$3)',
+						   array ($this->getID(),
+							  user_getid(),
+							  time())) ;
 
-			$result = db_query($sql);
-
 			if (!$result) {
 				$this->setError(_('Forum::savePlace()').': '.db_error());
 				return false;
 			}
 
 		} else {
-			$sql="UPDATE forum_saved_place
-				SET save_date='".time()."'
-				WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."'";
-			$result = db_query($sql);
+			$result = db_query_params ('UPDATE forum_saved_place SET save_date=$1 WHERE user_id=$2 AND forum_id=$3',
+						   array (time(),
+							  user_getid(),
+							  $this->getID())) ;
 
 			if (!$result) {
 				$this->setError('Forum::savePlace() '.db_error());
@@ -587,16 +594,24 @@
 			return false;
 		}
 
-		$res=db_query("UPDATE forum_group_list SET
-			forum_name='". strtolower($forum_name) ."',
-			description='". htmlspecialchars($description) ."',
-			send_all_posts_to='".$send_all_posts_to ."',
-			allow_anonymous='" .$allow_anonymous . "',
-			moderation_level='" .$moderation_level . "',
-			is_public='" .$is_public . "'
-			WHERE group_id='".$this->Group->getID()."'
-			AND group_forum_id='".$this->getID()."'");
-
+		$res = db_query_params ('UPDATE forum_group_list SET
+			forum_name=$1,
+			description=$2,
+			send_all_posts_to=$3,
+			allow_anonymous=$4,
+			moderation_level=$5,
+			is_public=$6
+			WHERE group_id=$7,
+			AND group_forum_id=$8',
+					array (strtolower($forum_name),
+					       htmlspecialchars($description),
+					       $send_all_posts_to,
+					       $allow_anonymous,
+					       $moderation_level,
+					       $is_public,
+					       $this->Group->getID(),
+					       $this->getID())) ;
+		
 		if (!$res || db_affected_rows($res) < 1) {
 			$this->setError(_('Error On Update:').': '.db_error());
 			return false;
@@ -621,30 +636,22 @@
 			return false;
 		}
 		db_begin();
-		db_query("DELETE FROM forum_agg_msg_count
-			WHERE group_forum_id='".$this->getID()."'");
+		db_query_params ('DELETE FROM forum_agg_msg_count WHERE group_forum_id=$1',
+				 array ($this->getID())) ;
 //echo '1'.db_error();
-		db_query("DELETE FROM forum_monitored_forums
-			WHERE forum_id='".$this->getID()."'");
+		db_query_params ('DELETE FROM forum_monitored_forums WHERE forum_id=$1',
+				 array ($this->getID())) ;
 //echo '2'.db_error();
-		db_query("DELETE FROM forum_saved_place
-			WHERE forum_id='".$this->getID()."'");
+		db_query_params ('DELETE FROM forum_saved_place WHERE forum_id=$1',
+				 array ($this->getID())) ;
 //echo '3'.db_error();
-		$res = db_query("SELECT msg_id from forum where group_forum_id='".$this->getID()."'");//get the messages for this forum, to delete its attachments
-		$delete_ids = array();
-		for ($i=0;$i<db_numrows($res);$i++) {
-			$aux = db_fetch_array($res);
-			$delete_ids[] = $aux[0];
-		}
-		foreach ($delete_ids as $id) {
-			db_query("DELETE FROM forum_attachment where msg_id='$id'");
-		}
-		
-		db_query("DELETE FROM forum
-			WHERE group_forum_id='".$this->getID()."'");
+		db_query_params ('DELETE FROM forum_attachment WHERE msg_id IN (SELECT msg_id from forum where group_forum_id=$1)',
+					array ($this->getID())) ;
+		db_query_params ('DELETE FROM forum WHERE group_forum_id=$1',
+				 array ($this->getID())) ;
 //echo '4'.db_error();
-		db_query("DELETE FROM forum_group_list
-			WHERE group_forum_id='".$this->getID()."'");
+		db_query_params ('DELETE FROM forum_group_list WHERE group_forum_id=$1',
+				 array ($this->getID())) ;
 //echo '5'.db_error();
 		db_commit();
 		return true;
@@ -765,13 +772,16 @@
 			return -1;
 		} else {
 			if (!isset($this->current_user_perm)) {
-				$sql="SELECT role_setting.value::integer
+				$res = db_query_params ('SELECT role_setting.value::integer
 				FROM role_setting, user_group
-				WHERE role_setting.ref_id='". $this->getID() ."'
-				AND user_group.role_id = role_setting.role_id
-                                AND user_group.user_id='".user_getid()."'
-                                AND role_setting.section_name='forum'";
-				$this->current_user_perm=db_result(db_query($sql),0,0);
+				WHERE role_setting.ref_id=$1
+				AND user_group.role_id=role_setting.role_id
+                                AND user_group.user_id=$2
+                                AND role_setting.section_name=$3',
+							array ($this->getID(),
+							       user_getid(),
+							       'forum')) ;
+				$this->current_user_perm=db_result($res,0,0);
 
 				// Return no access if no access rights defined.
 				if (!$this->current_user_perm)

Modified: trunk/gforge/common/forum/ForumFactory.class.php
===================================================================
--- trunk/gforge/common/forum/ForumFactory.class.php	2009-03-18 19:25:21 UTC (rev 7184)
+++ trunk/gforge/common/forum/ForumFactory.class.php	2009-03-18 19:25:32 UTC (rev 7185)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2000, Tim Perdue/Sourceforge
  * Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -82,17 +83,20 @@
 		if ($this->forums) {
 			return $this->forums;
 		}
-		if (session_loggedin()) {
-			$perm =& $this->Group->getPermission( session_get_user() );
-			if (!$perm || !is_object($perm) || !$perm->isMember()) {
-				$public_flag='=1';
-				$exists = '';
-			} else {
-				$public_flag='<3';
-				if ($perm->isForumAdmin()) {
-					$exists='';
+
+		
+		if ($sys_database_type == "mysql") {
+			if (session_loggedin()) {
+				$perm =& $this->Group->getPermission( session_get_user() );
+				if (!$perm || !is_object($perm) || !$perm->isMember()) {
+					$public_flag='=1';
+					$exists = '';
 				} else {
-					$exists=" AND group_forum_id IN (SELECT role_setting.ref_id
+					$public_flag='<3';
+					if ($perm->isForumAdmin()) {
+						$exists='';
+					} else {
+						$exists=" AND group_forum_id IN (SELECT role_setting.ref_id
 					FROM role_setting, user_group
 					WHERE role_setting.value::integer >= 0
                                           AND role_setting.section_name = 'forum'
@@ -100,14 +104,13 @@
                                           
    					  AND user_group.role_id = role_setting.role_id
 					  AND user_group.user_id='".user_getid()."') ";
+					}
 				}
+			} else {
+				$public_flag='=1';
+				$exists = '';
 			}
-		} else {
-			$public_flag='=1';
-			$exists = '';
-		}
-
-		if ($sys_database_type == "mysql") {
+			
 			$sql="SELECT fgl.*,
 					(SELECT count(*) AS `count`
 						FROM (
@@ -115,32 +118,80 @@
 						) AS tmp
 						WHERE tmp.group_forum_id = fgl.group_forum_id
 					) AS threads 
-				FROM forum_group_list_vw AS fgl";
-		} else {
-			$sql="SELECT *
-				FROM forum_group_list_vw";
-		}
-		$sql .= "
+			FROM forum_group_list_vw AS fgl
 			WHERE group_id='". $this->Group->getID() ."' 
 			AND is_public $public_flag 
 			$exists
 			ORDER BY group_forum_id;";
+			
+			$result = db_query ($sql);
+			
+			$rows = db_numrows($result);
+			
+			if (!$result) {
+				$this->setError(_('Forum not found').' : '.db_error());
+				$this->forums = false;
+			} else {
+				while ($arr = db_fetch_array($result)) {
+					$this->forums[] = new Forum($this->Group, $arr['group_forum_id'], $arr);
+				}
+			}
+			return $this->forums;
+		} else {	// Not MySQL
+			if (session_loggedin()) {
+				$perm =& $this->Group->getPermission( session_get_user() );
+				if (!$perm || !is_object($perm) || !$perm->isMember()) {
+					$result = db_query_params ('SELECT * FROM forum_group_list_vw
+WHERE group_id=$1
+AND is_public=1
+ORDER BY group_forum_id',
+								   array ($this->Group->getID())) ;
+				} else {
+					$public_flag='<3';
+					if ($perm->isForumAdmin()) {
+						$result = db_query_params ('SELECT * FROM forum_group_list_vw
+WHERE group_id=$1
+AND is_public < 3
+ORDER BY group_forum_id',
+									   array ($this->Group->getID())) ;
+					} else {
+						$result = db_query_params ('SELECT * FROM forum_group_list_vw
+WHERE group_id=$1
+AND is_public < 3
+AND group_forum_id IN (SELECT role_setting.ref_id
+                         FROM role_setting, user_group
+		       WHERE role_setting.value::integer >= 0
+                         AND role_setting.section_name = $2
+                         AND role_setting.ref_id=forum_group_list_vw.group_forum_id
+			 AND user_group.role_id = role_setting.role_id
+			 AND user_group.user_id=$3)
+ORDER BY group_forum_id',
+									   array ($this->Group->getID(),
+										  'forum',
+										  user_getid())) ;
+					}
+				}
+			} else {
+				$result = db_query_params ('SELECT * FROM forum_group_list_vw
+WHERE group_id=$1
+AND is_public=1
+ORDER BY group_forum_id',
+							   array ($this->Group->getID())) ;
+			}
 
-		$result = db_query ($sql);
+			$rows = db_numrows($result);
 
-		$rows = db_numrows($result);
-
-		if (!$result) {
-			$this->setError(_('Forum not found').' : '.db_error());
-			$this->forums = false;
-		} else {
-			while ($arr = db_fetch_array($result)) {
-				$this->forums[] = new Forum($this->Group, $arr['group_forum_id'], $arr);
+			if (!$result) {
+				$this->setError(_('Forum not found').' : '.db_error());
+				$this->forums = false;
+			} else {
+				while ($arr = db_fetch_array($result)) {
+					$this->forums[] = new Forum($this->Group, $arr['group_forum_id'], $arr);
+				}
 			}
+			return $this->forums;
 		}
-		return $this->forums;
 	}
-
 }
 
 // Local Variables:

Modified: trunk/gforge/common/forum/ForumMessage.class.php
===================================================================
--- trunk/gforge/common/forum/ForumMessage.class.php	2009-03-18 19:25:21 UTC (rev 7184)
+++ trunk/gforge/common/forum/ForumMessage.class.php	2009-03-18 19:25:32 UTC (rev 7185)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2000, Tim Perdue/Sourceforge
  * Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -115,12 +116,17 @@
 			}
 		}
 		
-		$sql="INSERT INTO forum_pending_messages (group_forum_id,posted_by,subject,
-		body,post_date,is_followup_to,thread_id,most_recent_date) 
-		VALUES ('". $this->Forum->getID() ."', '$user_id', '". htmlspecialchars($subject) ."', 
-		'". $body ."', '". time() ."','$is_followup_to','$thread_id','". time() ."')";
-
-		$result=db_query($sql);
+		$result = db_query_params ('INSERT INTO forum_pending_messages (group_forum_id,posted_by,subject,
+		body,post_date,is_followup_to,thread_id,most_recent_date) VALUES ($1,$2,$3,$4,$5,$6,$7,$8)',
+					   array ($this->Forum->getID(),
+						  $user_id,
+						  htmlspecialchars($subject),
+						  $body,
+						  time(),
+						  $is_followup_to,
+						  $thread_id,
+						  time ())) ;
+);
 		if (!$result || db_affected_rows($result) < 1) {
 			$this->setError(_('ForumMessage::create() Posting Failed').' '.db_error());
 			db_rollback();
@@ -171,8 +177,9 @@
 			//  increment the parent's followup count if necessary
 			//
 			db_begin();
-			$res4=db_query("UPDATE forum SET most_recent_date='". time() ."' 
-				WHERE thread_id='$thread_id' AND is_followup_to='0'");
+			$res4 = db_query_params ('UPDATE forum SET most_recent_date=$1 WHERE thread_id=$2 AND is_followup_to=0',
+						 array (time(),
+							$thread_id)) ;
 			if (!$res4 || db_affected_rows($res4) < 1) {
 				$this->setError(_('Couldn\'t Update Master Thread parent with current time'));
 				db_rollback();
@@ -181,8 +188,9 @@
 				//
 				//  mark the parent with followups as an optimization later
 				//
-				$res3=db_query("UPDATE forum SET has_followups='1',most_recent_date='". time() ."' 
-					WHERE msg_id='$is_followup_to'");
+				$res3 = db_query_params ('UPDATE forum SET has_followups=1,most_recent_date=$1 WHERE msg_id=$2',
+							 array (time(),
+								$is_followup_to)) ;
 				if (!$res3) {
 					$this->setError(_('Could Not Update Parent'));
 					db_rollback();
@@ -194,12 +202,16 @@
 			
 			
 		db_begin();
-		$sql="INSERT INTO forum (group_forum_id,posted_by,subject,
-		body,post_date,is_followup_to,thread_id,most_recent_date) 
-		VALUES ('". $group_forum_id ."', '$posted_by', '". htmlspecialchars($subject) ."', 
-		'". $body ."', '". $post_date ."','$is_followup_to','$thread_id','". $most_recent_date ."')";
+		$result = db_query_params ('INSERT INTO forum (group_forum_id,posted_by,subject,body,post_date,is_followup_to,thread_id,most_recent_date) VALUES ($1,$2,$3,$4,$5,$6,$7,$8)',
+					   array ($group_forum_id,
+						  $posted_by,
+						  htmlspecialchars($subject),
+						  $body,
+						  $post_date,
+						  $is_followup_to,
+						  $thread_id,
+						  $most_recent_date)) ;
 
-		$result=db_query($sql);
 		if (!$result || db_affected_rows($result) < 1) {
 			$this->setError(_('ForumMessage::create() Posting Failed').' '.db_error());
 			db_rollback();
@@ -253,8 +265,9 @@
 			//
 			//  increment the parent's followup count if necessary
 			//
-			$res4=db_query("UPDATE forum SET most_recent_date='". time() ."' 
-				WHERE thread_id='$thread_id' AND is_followup_to='0'");
+			$res4 = db_query_params ('UPDATE forum SET most_recent_date=$1 WHERE thread_id=$2 AND is_followup_to=0',
+						 array (time(),
+							$thread_id)) ;
 			if (!$res4 || db_affected_rows($res4) < 1) {
 				$this->setError(_('Couldn\'t Update Master Thread parent with current time'));
 				db_rollback();
@@ -263,8 +276,9 @@
 				//
 				//  mark the parent with followups as an optimization later
 				//
-				$res3=db_query("UPDATE forum SET has_followups='1',most_recent_date='". time() ."' 
-					WHERE msg_id='$is_followup_to'");
+				$res3 = db_query_params ('UPDATE forum SET has_followups=1,most_recent_date=$1 WHERE msg_id=$2',
+							 array (time(),
+								$is_followup_to)) ;
 				if (!$res3) {
 					$this->setError(_('Could Not Update Parent'));
 					db_rollback();
@@ -273,12 +287,15 @@
 			}
 		}
 		
-		$sql="INSERT INTO forum (group_forum_id,posted_by,subject,
-			body,post_date,is_followup_to,thread_id,most_recent_date) 
-			VALUES ('". $this->Forum->getID() ."', '$user_id', '". htmlspecialchars($subject) ."', 
-			'". $body ."', '". time() ."','$is_followup_to','$thread_id','". time() ."')";
-
-		$result=db_query($sql);
+		$result = db_query_params ('INSERT INTO forum (group_forum_id,posted_by,subject,body,post_date,is_followup_to,thread_id,most_recent_date) VALUES ($1,$2,$3,$4,$5,$6,$7,$8)',
+					   array ($this->Forum->getID(),
+						  $user_id,
+						  htmlspecialchars($subject),
+						  $body,
+						  time(),
+						  $is_followup_to,
+						  $thread_id,
+						  time())) ;
 		if (!$result || db_affected_rows($result) < 1) {
 			$this->setError(_('ForumMessage::create() Posting Failed').' '.db_error());
 			db_rollback();
@@ -349,23 +366,6 @@
 			$is_followup_to=0; 
 		}
 
-		//see if that message has been posted already for all the idiots that double-post
-		//we shouldn't need this, the double post checker functions solve this issue now
-		/*$res3=db_query("SELECT * FROM forum 
-			WHERE is_followup_to='$is_followup_to' 
-			AND body='".  htmlspecialchars($body) ."'
-			AND subject='".  htmlspecialchars($subject) ."' 
-			AND group_forum_id='". $this->Forum->getId() ."' 
-			AND posted_by='$user_id'");
-
-		if (db_numrows($res3) > 0) {
-			//already posted this message
-			$this->setError(_('You appear to be double-posting this message, since it has the same subject and followup information as a prior post.'));
-			return false;
-		} else {
-			echo db_error();
-		}*/
-
 		db_begin();
 		
 		//now we check the moderation status of the forum and act accordingly
@@ -401,9 +401,9 @@
 	 *  @return boolean	success.
 	 */
 	function fetchData($msg_id) {
-		$res=db_query("SELECT * FROM forum_user_vw
-			WHERE msg_id='$msg_id'
-			AND group_forum_id='". $this->Forum->getID() ."'");
+		$res = db_query_params ('SELECT * FROM forum_user_vw WHERE msg_id=$1 AND group_forum_id=$2',
+					array ($msg_id,
+					       $this->Forum->getID())) ;
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError(_('ForumMessage::fetchData() Invalid MessageID').db_error());
 			return false;
@@ -420,9 +420,9 @@
 	 *  @return boolean	success.
 	 */
 	function fetchModeratedData($msg_id) {
-		$res=db_query("SELECT * FROM forum_pending_user_vw
-			WHERE msg_id='$msg_id'
-			AND group_forum_id='". $this->Forum->getID() ."'");
+		$res = db_query_params ('SELECT * FROM forum_pending_user_vw WHERE msg_id=$1 AND group_forum_id=$2',
+					array ($msg_id,
+					       $this->Forum->getID())) ;
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError(_('ForumMessage::fetchData() Invalid MessageID').db_error());
 			return false;
@@ -557,11 +557,13 @@
 	
 	function hasAttach() {
 		if ($this->isPending()) {
-			$sql = "SELECT attachmentid FROM forum_pending_attachment WHERE msg_id='$this->getID()'";
+			$res = db_query_params ('SELECT attachmentid FROM forum_pending_attachment WHERE msg_id=$1',
+						array ($this->getID())) ;
 		} else {
-			$sql = "SELECT attachmentid FROM forum_attachment WHERE msg_id='$this->getID()'";
+			$res = db_query_params ('SELECT attachmentid FROM forum_attachment WHERE msg_id=$1',
+						array ($this->getID())) ;
 		}
-		if ((db_numrows(db_query($sql)) > 0 )) {
+		if (db_numrows($res) > 0) {
 			return true;
 		}
 		return false;		
@@ -590,25 +592,25 @@
 			$this->setPermissionDeniedError();
 			return false;
 		}*/
-
-		$sql="SELECT msg_id FROM forum 
-			WHERE is_followup_to='$msg_id' 
-			AND group_forum_id='".$this->Forum->getID()."'";
-		$result=db_query($sql);
+		$result = db_query_params ('SELECT msg_id FROM forum 
+			WHERE is_followup_to=$1
+			AND group_forum_id=$2',
+					   array ($msg_id,
+						  $this->Forum->getID())) ;
 		$rows=db_numrows($result);
 		$count=1;
-		
 
 		for ($i=0;$i<$rows;$i++) {
 			$msg = new ForumMessage($this->Forum,db_result($result,$i,'msg_id'));
 			$count += $msg->delete();
 		}
-		$sql="DELETE FROM forum 
-			WHERE msg_id='$msg_id' 
-			AND group_forum_id='".$this->Forum->getID()."'";
-		$toss=db_query($sql);
-		$sql = "DELETE FROM forum_attachment where msg_id='$msg_id'";
-		$res = db_query($res);
+		$toss = db_query_params ('DELETE FROM forum 
+			WHERE msg_id=$1
+			AND group_forum_id=$2',
+					 array ($msg_id,
+						$this->Forum->getID())) ;
+		$res = db_query_params ('DELETE FROM forum_attachment where msg_id=$1',
+					array ($msg_id));
 
 		return $count;
 
@@ -763,8 +765,9 @@
 
 		$subject="[" . $this->Forum->getUnixName() ."][".$this->getID()."] ".util_unconvert_htmlspecialchars($this->getSubject());
 		if (count($ids) != 0) {
-			$sql="SELECT email FROM users WHERE status='A' AND user_id IN ('".implode($ids,'\',\'')."')";
-			$bccres = db_query($sql);
+			$bccres = db_query_params ('SELECT email FROM users WHERE status=$1 AND user_id = ANY ($2)',
+						   array ('A',
+							  db_int_array_to_any_clause ($ids))) ;
 		}
 		
 		$BCC =& implode(util_result_column_to_array($bccres),',').','.$this->Forum->getSendAllPostsTo();
@@ -794,12 +797,20 @@
 		$subject = htmlspecialchars($subject);
 		$body = $body;
 		$msg_id = $this->getID();
-		$sql="UPDATE forum 
-			SET group_forum_id='$group_forum_id' , posted_by='$posted_by' , subject='$subject',
-			body='$body', post_date='$post_date' , is_followup_to='$is_followup_to' ,
-			thread_id='$thread_id',most_recent_date='$most_recent_date'
-			WHERE msg_id='$msg_id'";
-		$res = db_query($sql);
+		$res = db_query_params ('UPDATE forum 
+			SET group_forum_id=$1, posted_by=$2, subject=$3,
+			body=$4, post_date=$4, is_followup_to=$6,
+			thread_id=$7, most_recent_date=$8
+			WHERE msg_id=$9',
+					array ($group_forum_id,
+					       $posted_by,
+					       $subject,
+					       $body,
+					       $post_date,
+					       $is_followup_to,
+					       $thread_id,
+					       $most_recent_date,
+					       $msg_id)) ;
 		if (!$res) {
 			$this->setError(db_error());
 			return false;
@@ -859,8 +870,9 @@
 	
 			$subject="[" . $this->Forum->getUnixName() ."][".$this->getID()."] ".util_unconvert_htmlspecialchars($this->getSubject());
 			if (count($ids) != 0) {
-				$sql="SELECT email FROM users WHERE status='A' AND user_id IN ('".implode($ids,'\',\'')."')";
-				$bccres = db_query($sql);
+				$bccres = db_query_params ('SELECT email FROM users WHERE status=$1 AND user_id = ANY ($2)',
+							   array ('A',
+								  db_int_array_to_any_clause ($ids))) ;
 			}
 			$BCC =& implode(util_result_column_to_array($bccres),',').','.$this->Forum->getSendAllPostsTo();
 			$User = user_get_object($this->getPosterID());

Modified: trunk/gforge/common/forum/ForumMessageFactory.class.php
===================================================================
--- trunk/gforge/common/forum/ForumMessageFactory.class.php	2009-03-18 19:25:21 UTC (rev 7184)
+++ trunk/gforge/common/forum/ForumMessageFactory.class.php	2009-03-18 19:25:32 UTC (rev 7185)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2000, Tim Perdue/Sourceforge
  * Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -159,16 +160,24 @@
 		if ($this->forum_messages) {
 			return $this->forum_messages;
 		}
-		if ($thread_id) {
-			$thread_sql=" AND thread_id='$thread_id' ";
+		if (isset ($thread_id) && is_int ($thread_id)) {
+			$result = db_query_params ('SELECT * FROM forum_user_vw 
+		WHERE group_forum_id=$1
+                  AND thread_id=$2
+		ORDER BY most_recent_date DESC',
+						   array ($this->Forum->getID(),
+							  $thread_id),
+						   $this->max_rows+25,
+						   $this->offset);
+		} else {
+			$result = db_query_params ('SELECT * FROM forum_user_vw 
+		WHERE group_forum_id=$1
+		ORDER BY most_recent_date DESC',
+						   array ($this->Forum->getID()),
+						   $this->max_rows+25,
+						   $this->offset);
 		}
 
-		$sql="SELECT * FROM forum_user_vw 
-		WHERE group_forum_id='".$this->Forum->getID()."' 
-		$thread_sql 
-		ORDER BY most_recent_date DESC";
-
-		$result=db_query($sql,($this->max_rows+25),$this->offset);
 		$rows = db_numrows($result);
 		$this->fetched_rows=$rows;
 		if (!$result || $rows < 1) {
@@ -191,15 +200,23 @@
 		if ($this->forum_messages) {
 			return $this->forum_messages;
 		}
-		if ($thread_id) {
-			$thread_sql=" AND thread_id='$thread_id' ";
+		if (isset ($thread_id) && is_int ($thread_id)) {
+			$result = db_query_params ('SELECT * FROM forum_user_vw 
+		WHERE group_forum_id=$1
+                  AND thread_id=$2
+		ORDER BY most_recent_date DESC',
+						   array ($this->Forum->getID(),
+							  $thread_id),
+						   $this->max_rows+25,
+						   $this->offset);
+		} else {
+			$result = db_query_params ('SELECT * FROM forum_user_vw 
+		WHERE group_forum_id=$1
+		ORDER BY most_recent_date DESC',
+						   array ($this->Forum->getID()),
+						   $this->max_rows+25,
+						   $this->offset);
 		}
-		$sql="SELECT * FROM forum_user_vw 
-		WHERE group_forum_id='".$this->Forum->getID()."' 
-		$thread_sql 
-		ORDER BY most_recent_date DESC";
-
-		$result=db_query($sql,($this->max_rows+25),$this->offset);
 		$rows = db_numrows($result);
 		$this->fetched_rows=$rows;
 		if (!$result || $rows < 1) {
@@ -222,15 +239,24 @@
 		if ($this->forum_messages) {
 			return $this->forum_messages;
 		}
-		if ($thread_id) {
-			$thread_sql=" AND thread_id='$thread_id' ";
+		if (isset ($thread_id) && is_int ($thread_id)) {
+			$result = db_query_params ('SELECT * FROM forum_user_vw 
+		WHERE group_forum_id=$1
+                  AND thread_id=$2
+		ORDER BY msg_id DESC',
+						   array ($this->Forum->getID(),
+							  $thread_id),
+						   $this->max_rows+25,
+						   $this->offset);
+		} else {
+			$result = db_query_params ('SELECT * FROM forum_user_vw 
+		WHERE group_forum_id=$1
+		ORDER BY msg_id DESC',
+						   array ($this->Forum->getID()),
+						   $this->max_rows+25,
+						   $this->offset);
 		}
-		$sql="SELECT * FROM forum_user_vw 
-		WHERE group_forum_id='".$this->Forum->getID()."' 
-		$thread_sql 
-		ORDER BY msg_id DESC";
 
-		$result=db_query($sql,($this->max_rows+1),$this->offset);
 		$rows = db_numrows($result);
 		$this->fetched_rows=$rows;
 		if (!$result || $rows < 1) {

Modified: trunk/gforge/common/forum/ForumsForUser.class.php
===================================================================
--- trunk/gforge/common/forum/ForumsForUser.class.php	2009-03-18 19:25:21 UTC (rev 7184)
+++ trunk/gforge/common/forum/ForumsForUser.class.php	2009-03-18 19:25:32 UTC (rev 7185)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2000, Tim Perdue/Sourceforge
  * Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -56,13 +57,14 @@
 	*/
 	function getMonitoredForums() {
 		$forums = array();
-		$sql="SELECT groups.group_name,groups.group_id,forum_group_list.group_forum_id,forum_group_list.forum_name ".
-		     "FROM groups,forum_group_list,forum_monitored_forums ".
-		     "WHERE groups.group_id=forum_group_list.group_id AND groups.status ='A' ".
-		     "AND forum_group_list.group_forum_id=forum_monitored_forums.forum_id ".
-		     "AND forum_monitored_forums.user_id='".$this->User->getID()."' ORDER BY group_name DESC";
-
-		$result=db_query($sql);
+		$result = db_query_params ('SELECT groups.group_name,groups.group_id,forum_group_list.group_forum_id,forum_group_list.forum_name
+		     FROM groups,forum_group_list,forum_monitored_forums
+		     WHERE groups.group_id=forum_group_list.group_id AND groups.status=$1
+		     AND forum_group_list.group_forum_id=forum_monitored_forums.forum_id
+		     AND forum_monitored_forums.user_id=$2
+                     ORDER BY group_name DESC',
+					   array ('A',
+						  $this->User->getID())) ;
 		$rows=db_numrows($result);
 		if ($rows < 1) {
 		        return $forums;




More information about the Fusionforge-commits mailing list