[Fusionforge-commits] r7185 - trunk/gforge/common/forum
Roland Mas
lolando at libremir.placard.fr.eu.org
Wed Mar 18 20:25:32 CET 2009
Author: lolando
Date: 2009-03-18 20:25:32 +0100 (Wed, 18 Mar 2009)
New Revision: 7185
Modified:
trunk/gforge/common/forum/Forum.class.php
trunk/gforge/common/forum/ForumFactory.class.php
trunk/gforge/common/forum/ForumMessage.class.php
trunk/gforge/common/forum/ForumMessageFactory.class.php
trunk/gforge/common/forum/ForumsForUser.class.php
Log:
Parametrised SQL queries: forums
Modified: trunk/gforge/common/forum/Forum.class.php
===================================================================
--- trunk/gforge/common/forum/Forum.class.php 2009-03-18 19:25:21 UTC (rev 7184)
+++ trunk/gforge/common/forum/Forum.class.php 2009-03-18 19:25:32 UTC (rev 7185)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2000, Tim Perdue/Sourceforge
* Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -137,8 +138,11 @@
}
$project_name = $this->Group->getUnixName();
- $result_list_samename = db_query('SELECT 1 FROM mail_group_list WHERE list_name = \''.$project_name.'-'.$forum_name.'\' AND group_id='.$this->Group->getID().'');
+ $result_list_samename = db_query_params ('SELECT 1 FROM mail_group_list WHERE list_name=$1 AND group_id=$2',
+ array ($project_name.'-'.$forum_name,
+ $this->Group->getID())) ;
+
if (db_numrows($result_list_samename) > 0){
$this->setError(_('Mailing List Exists with same name'));
return false;
@@ -163,16 +167,15 @@
}
}
- $sql="INSERT INTO forum_group_list (group_id,forum_name,is_public,description,send_all_posts_to,allow_anonymous,moderation_level)
- VALUES ('".$this->Group->getId()."',
- '". strtolower($forum_name) ."',
- '$is_public',
- '". htmlspecialchars($description) ."',
- '$send_all_posts_to',
- '$allow_anonymous','$moderation_level')";
-
db_begin();
- $result=db_query($sql);
+ $result = db_query_params('INSERT INTO forum_group_list (group_id,forum_name,is_public,description,send_all_posts_to,allow_anonymous,moderation_level) VALUES ($1,$2,$3,$4,$5,$6,$7)',
+ array ($this->Group->getID(),
+ strtolower($forum_name),
+ $is_public,
+ htmlspecialchars($description),
+ $send_all_posts_to,
+ $allow_anonymous,
+ $moderation_level)) ;
if (!$result) {
db_rollback();
$this->setError(_('Error Adding Forum').db_error());
@@ -216,11 +219,11 @@
) AS threads
FROM forum_group_list_vw AS fgl
WHERE group_forum_id='$group_forum_id'";
+ $res = db_query ($sql);
} else {
- $sql="SELECT * FROM forum_group_list_vw
- WHERE group_forum_id='$group_forum_id'";
+ $res = db_query_params ('SELECT * FROM forum_group_list_vw WHERE group_forum_id=$1',
+ array ($group_forum_id)) ;
}
- $res=db_query($sql);
if (!$res || db_numrows($res) < 1) {
$this->setError(_('Invalid forum group identifier'));
return false;
@@ -264,10 +267,11 @@
return false;
}
$sql="select @res";
+ $result = db_query ($sql);
} else {
- $sql="SELECT nextval('forum_thread_seq')";
+ $result = db_query_params ('SELECT nextval($1)',
+ array ('forum_thread_seq')) ;
}
- $result=db_query($sql);
if (!$result || db_numrows($result) < 1) {
echo db_error();
return false;
@@ -294,9 +298,10 @@
return $this->save_date;
} else {
if (session_loggedin()) {
- $sql="SELECT save_date FROM forum_saved_place
- WHERE user_id='".user_getid()."' AND forum_id='". $this->getID() ."';";
- $result = db_query($sql);
+ $result = db_query_params ('SELECT save_date FROM forum_saved_place WHERE user_id=$1 AND forum_id=$2',
+ array (user_getid(),
+ $this->getID())) ;
+);
if ($result && db_numrows($result) > 0) {
$this->save_date=db_result($result,0,'save_date');
return $this->save_date;
@@ -400,8 +405,8 @@
* @return array The array of user_id's.
*/
function getMonitoringIDs() {
- $sql="SELECT user_id FROM forum_monitored_forums WHERE forum_id='".$this->getID()."'";
- $result=db_query($sql);
+ $result = db_query_params ('SELECT user_id FROM forum_monitored_forums WHERE forum_id=$1',
+ array ($this->getID())) ;
return util_result_column_to_array($result);
}
@@ -411,13 +416,13 @@
* @return array The array of user_id's.
*/
function getForumAdminIDs() {
- $sql = "SELECT user_group.user_id
- FROM user_group, role_setting
- WHERE role_setting.section_name='forum'
- AND role_setting.ref_id='".$this->getID()."'
- AND role_setting.value::integer > 1
- AND user_group.role_id = role_setting.role_id";
- $result = db_query($sql);
+ $result = db_query_params ('SELECT user_group.user_id FROM user_group, role_setting
+ WHERE role_setting.section_name=$1
+ AND role_setting.ref_id=$2
+ AND role_setting.value::integer > 1
+ AND user_group.role_id = role_setting.role_id',
+ array ('forum',
+ $this->getID())) ;
return util_result_column_to_array($result);
}
@@ -453,9 +458,9 @@
$this->setError(_('You can only monitor if you are logged in'));
return false;
}
- $sql="SELECT * FROM forum_monitored_forums
- WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."';";
- $result = db_query($sql);
+ $result = db_query_params ('SELECT * FROM forum_monitored_forums WHERE user_id=$1 AND forum_id=$2',
+ array (user_getid(),
+ $this->getID())) ;
if (!$result || db_numrows($result) < 1) {
/*
@@ -465,7 +470,9 @@
$sql="INSERT INTO forum_monitored_forums (forum_id,user_id)
VALUES ('".$this->getID()."','".user_getid()."')";
- $result = db_query($sql);
+ $result = db_query_params ('INSERT INTO forum_monitored_forums (forum_id,user_id) VALUES ($1,$2)',
+ array ($this->getID(),
+ user_getid())) ;
if (!$result) {
$this->setError(_('Unable To Add Monitor').' : '.db_error());
@@ -486,9 +493,9 @@
$this->setError(_('You can only monitor if you are logged in'));
return false;
}
- $sql="DELETE FROM forum_monitored_forums
- WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."';";
- return db_query($sql);
+ return db_query_params ('DELETE FROM forum_monitored_forums WHERE user_id=$1 AND forum_id=$2',
+ array (user_getid(),
+ $this->getID())) ;
}
/**
@@ -500,8 +507,9 @@
if (!session_loggedin()) {
return false;
}
- $sql="SELECT count(*) AS count FROM forum_monitored_forums WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."';";
- $result = db_query($sql);
+ $result = db_query_params ('SELECT count(*) AS count FROM forum_monitored_forums WHERE user_id=$1 AND forum_id=$2',
+ array (user_getid(),
+ $this->getID())) ;
$row_count = db_fetch_array($result);
return $result && $row_count['count'] > 0;
}
@@ -516,31 +524,30 @@
$this->setError(_('You Can Only Save Your Place If You Are Logged In'));
return false;
}
- $sql="SELECT * FROM forum_saved_place
- WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."'";
+ $result = db_query_params ('SELECT * FROM forum_saved_place WHERE user_id=$1 AND forum_id=$2',
+ array (user_getid(),
+ $this->getID())) ;
- $result = db_query($sql);
-
if (!$result || db_numrows($result) < 1) {
/*
User is not already monitoring thread, so
insert a row so monitoring can begin
*/
- $sql="INSERT INTO forum_saved_place (forum_id,user_id,save_date)
- VALUES ('".$this->getID()."','".user_getid()."','".time()."')";
+ $result = db_query_params ('INSERT INTO forum_saved_place (forum_id,user_id,save_date) VALUES ($1,$2,$3)',
+ array ($this->getID(),
+ user_getid(),
+ time())) ;
- $result = db_query($sql);
-
if (!$result) {
$this->setError(_('Forum::savePlace()').': '.db_error());
return false;
}
} else {
- $sql="UPDATE forum_saved_place
- SET save_date='".time()."'
- WHERE user_id='".user_getid()."' AND forum_id='".$this->getID()."'";
- $result = db_query($sql);
+ $result = db_query_params ('UPDATE forum_saved_place SET save_date=$1 WHERE user_id=$2 AND forum_id=$3',
+ array (time(),
+ user_getid(),
+ $this->getID())) ;
if (!$result) {
$this->setError('Forum::savePlace() '.db_error());
@@ -587,16 +594,24 @@
return false;
}
- $res=db_query("UPDATE forum_group_list SET
- forum_name='". strtolower($forum_name) ."',
- description='". htmlspecialchars($description) ."',
- send_all_posts_to='".$send_all_posts_to ."',
- allow_anonymous='" .$allow_anonymous . "',
- moderation_level='" .$moderation_level . "',
- is_public='" .$is_public . "'
- WHERE group_id='".$this->Group->getID()."'
- AND group_forum_id='".$this->getID()."'");
-
+ $res = db_query_params ('UPDATE forum_group_list SET
+ forum_name=$1,
+ description=$2,
+ send_all_posts_to=$3,
+ allow_anonymous=$4,
+ moderation_level=$5,
+ is_public=$6
+ WHERE group_id=$7,
+ AND group_forum_id=$8',
+ array (strtolower($forum_name),
+ htmlspecialchars($description),
+ $send_all_posts_to,
+ $allow_anonymous,
+ $moderation_level,
+ $is_public,
+ $this->Group->getID(),
+ $this->getID())) ;
+
if (!$res || db_affected_rows($res) < 1) {
$this->setError(_('Error On Update:').': '.db_error());
return false;
@@ -621,30 +636,22 @@
return false;
}
db_begin();
- db_query("DELETE FROM forum_agg_msg_count
- WHERE group_forum_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM forum_agg_msg_count WHERE group_forum_id=$1',
+ array ($this->getID())) ;
//echo '1'.db_error();
- db_query("DELETE FROM forum_monitored_forums
- WHERE forum_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM forum_monitored_forums WHERE forum_id=$1',
+ array ($this->getID())) ;
//echo '2'.db_error();
- db_query("DELETE FROM forum_saved_place
- WHERE forum_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM forum_saved_place WHERE forum_id=$1',
+ array ($this->getID())) ;
//echo '3'.db_error();
- $res = db_query("SELECT msg_id from forum where group_forum_id='".$this->getID()."'");//get the messages for this forum, to delete its attachments
- $delete_ids = array();
- for ($i=0;$i<db_numrows($res);$i++) {
- $aux = db_fetch_array($res);
- $delete_ids[] = $aux[0];
- }
- foreach ($delete_ids as $id) {
- db_query("DELETE FROM forum_attachment where msg_id='$id'");
- }
-
- db_query("DELETE FROM forum
- WHERE group_forum_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM forum_attachment WHERE msg_id IN (SELECT msg_id from forum where group_forum_id=$1)',
+ array ($this->getID())) ;
+ db_query_params ('DELETE FROM forum WHERE group_forum_id=$1',
+ array ($this->getID())) ;
//echo '4'.db_error();
- db_query("DELETE FROM forum_group_list
- WHERE group_forum_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM forum_group_list WHERE group_forum_id=$1',
+ array ($this->getID())) ;
//echo '5'.db_error();
db_commit();
return true;
@@ -765,13 +772,16 @@
return -1;
} else {
if (!isset($this->current_user_perm)) {
- $sql="SELECT role_setting.value::integer
+ $res = db_query_params ('SELECT role_setting.value::integer
FROM role_setting, user_group
- WHERE role_setting.ref_id='". $this->getID() ."'
- AND user_group.role_id = role_setting.role_id
- AND user_group.user_id='".user_getid()."'
- AND role_setting.section_name='forum'";
- $this->current_user_perm=db_result(db_query($sql),0,0);
+ WHERE role_setting.ref_id=$1
+ AND user_group.role_id=role_setting.role_id
+ AND user_group.user_id=$2
+ AND role_setting.section_name=$3',
+ array ($this->getID(),
+ user_getid(),
+ 'forum')) ;
+ $this->current_user_perm=db_result($res,0,0);
// Return no access if no access rights defined.
if (!$this->current_user_perm)
Modified: trunk/gforge/common/forum/ForumFactory.class.php
===================================================================
--- trunk/gforge/common/forum/ForumFactory.class.php 2009-03-18 19:25:21 UTC (rev 7184)
+++ trunk/gforge/common/forum/ForumFactory.class.php 2009-03-18 19:25:32 UTC (rev 7185)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2000, Tim Perdue/Sourceforge
* Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -82,17 +83,20 @@
if ($this->forums) {
return $this->forums;
}
- if (session_loggedin()) {
- $perm =& $this->Group->getPermission( session_get_user() );
- if (!$perm || !is_object($perm) || !$perm->isMember()) {
- $public_flag='=1';
- $exists = '';
- } else {
- $public_flag='<3';
- if ($perm->isForumAdmin()) {
- $exists='';
+
+
+ if ($sys_database_type == "mysql") {
+ if (session_loggedin()) {
+ $perm =& $this->Group->getPermission( session_get_user() );
+ if (!$perm || !is_object($perm) || !$perm->isMember()) {
+ $public_flag='=1';
+ $exists = '';
} else {
- $exists=" AND group_forum_id IN (SELECT role_setting.ref_id
+ $public_flag='<3';
+ if ($perm->isForumAdmin()) {
+ $exists='';
+ } else {
+ $exists=" AND group_forum_id IN (SELECT role_setting.ref_id
FROM role_setting, user_group
WHERE role_setting.value::integer >= 0
AND role_setting.section_name = 'forum'
@@ -100,14 +104,13 @@
AND user_group.role_id = role_setting.role_id
AND user_group.user_id='".user_getid()."') ";
+ }
}
+ } else {
+ $public_flag='=1';
+ $exists = '';
}
- } else {
- $public_flag='=1';
- $exists = '';
- }
-
- if ($sys_database_type == "mysql") {
+
$sql="SELECT fgl.*,
(SELECT count(*) AS `count`
FROM (
@@ -115,32 +118,80 @@
) AS tmp
WHERE tmp.group_forum_id = fgl.group_forum_id
) AS threads
- FROM forum_group_list_vw AS fgl";
- } else {
- $sql="SELECT *
- FROM forum_group_list_vw";
- }
- $sql .= "
+ FROM forum_group_list_vw AS fgl
WHERE group_id='". $this->Group->getID() ."'
AND is_public $public_flag
$exists
ORDER BY group_forum_id;";
+
+ $result = db_query ($sql);
+
+ $rows = db_numrows($result);
+
+ if (!$result) {
+ $this->setError(_('Forum not found').' : '.db_error());
+ $this->forums = false;
+ } else {
+ while ($arr = db_fetch_array($result)) {
+ $this->forums[] = new Forum($this->Group, $arr['group_forum_id'], $arr);
+ }
+ }
+ return $this->forums;
+ } else { // Not MySQL
+ if (session_loggedin()) {
+ $perm =& $this->Group->getPermission( session_get_user() );
+ if (!$perm || !is_object($perm) || !$perm->isMember()) {
+ $result = db_query_params ('SELECT * FROM forum_group_list_vw
+WHERE group_id=$1
+AND is_public=1
+ORDER BY group_forum_id',
+ array ($this->Group->getID())) ;
+ } else {
+ $public_flag='<3';
+ if ($perm->isForumAdmin()) {
+ $result = db_query_params ('SELECT * FROM forum_group_list_vw
+WHERE group_id=$1
+AND is_public < 3
+ORDER BY group_forum_id',
+ array ($this->Group->getID())) ;
+ } else {
+ $result = db_query_params ('SELECT * FROM forum_group_list_vw
+WHERE group_id=$1
+AND is_public < 3
+AND group_forum_id IN (SELECT role_setting.ref_id
+ FROM role_setting, user_group
+ WHERE role_setting.value::integer >= 0
+ AND role_setting.section_name = $2
+ AND role_setting.ref_id=forum_group_list_vw.group_forum_id
+ AND user_group.role_id = role_setting.role_id
+ AND user_group.user_id=$3)
+ORDER BY group_forum_id',
+ array ($this->Group->getID(),
+ 'forum',
+ user_getid())) ;
+ }
+ }
+ } else {
+ $result = db_query_params ('SELECT * FROM forum_group_list_vw
+WHERE group_id=$1
+AND is_public=1
+ORDER BY group_forum_id',
+ array ($this->Group->getID())) ;
+ }
- $result = db_query ($sql);
+ $rows = db_numrows($result);
- $rows = db_numrows($result);
-
- if (!$result) {
- $this->setError(_('Forum not found').' : '.db_error());
- $this->forums = false;
- } else {
- while ($arr = db_fetch_array($result)) {
- $this->forums[] = new Forum($this->Group, $arr['group_forum_id'], $arr);
+ if (!$result) {
+ $this->setError(_('Forum not found').' : '.db_error());
+ $this->forums = false;
+ } else {
+ while ($arr = db_fetch_array($result)) {
+ $this->forums[] = new Forum($this->Group, $arr['group_forum_id'], $arr);
+ }
}
+ return $this->forums;
}
- return $this->forums;
}
-
}
// Local Variables:
Modified: trunk/gforge/common/forum/ForumMessage.class.php
===================================================================
--- trunk/gforge/common/forum/ForumMessage.class.php 2009-03-18 19:25:21 UTC (rev 7184)
+++ trunk/gforge/common/forum/ForumMessage.class.php 2009-03-18 19:25:32 UTC (rev 7185)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2000, Tim Perdue/Sourceforge
* Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -115,12 +116,17 @@
}
}
- $sql="INSERT INTO forum_pending_messages (group_forum_id,posted_by,subject,
- body,post_date,is_followup_to,thread_id,most_recent_date)
- VALUES ('". $this->Forum->getID() ."', '$user_id', '". htmlspecialchars($subject) ."',
- '". $body ."', '". time() ."','$is_followup_to','$thread_id','". time() ."')";
-
- $result=db_query($sql);
+ $result = db_query_params ('INSERT INTO forum_pending_messages (group_forum_id,posted_by,subject,
+ body,post_date,is_followup_to,thread_id,most_recent_date) VALUES ($1,$2,$3,$4,$5,$6,$7,$8)',
+ array ($this->Forum->getID(),
+ $user_id,
+ htmlspecialchars($subject),
+ $body,
+ time(),
+ $is_followup_to,
+ $thread_id,
+ time ())) ;
+);
if (!$result || db_affected_rows($result) < 1) {
$this->setError(_('ForumMessage::create() Posting Failed').' '.db_error());
db_rollback();
@@ -171,8 +177,9 @@
// increment the parent's followup count if necessary
//
db_begin();
- $res4=db_query("UPDATE forum SET most_recent_date='". time() ."'
- WHERE thread_id='$thread_id' AND is_followup_to='0'");
+ $res4 = db_query_params ('UPDATE forum SET most_recent_date=$1 WHERE thread_id=$2 AND is_followup_to=0',
+ array (time(),
+ $thread_id)) ;
if (!$res4 || db_affected_rows($res4) < 1) {
$this->setError(_('Couldn\'t Update Master Thread parent with current time'));
db_rollback();
@@ -181,8 +188,9 @@
//
// mark the parent with followups as an optimization later
//
- $res3=db_query("UPDATE forum SET has_followups='1',most_recent_date='". time() ."'
- WHERE msg_id='$is_followup_to'");
+ $res3 = db_query_params ('UPDATE forum SET has_followups=1,most_recent_date=$1 WHERE msg_id=$2',
+ array (time(),
+ $is_followup_to)) ;
if (!$res3) {
$this->setError(_('Could Not Update Parent'));
db_rollback();
@@ -194,12 +202,16 @@
db_begin();
- $sql="INSERT INTO forum (group_forum_id,posted_by,subject,
- body,post_date,is_followup_to,thread_id,most_recent_date)
- VALUES ('". $group_forum_id ."', '$posted_by', '". htmlspecialchars($subject) ."',
- '". $body ."', '". $post_date ."','$is_followup_to','$thread_id','". $most_recent_date ."')";
+ $result = db_query_params ('INSERT INTO forum (group_forum_id,posted_by,subject,body,post_date,is_followup_to,thread_id,most_recent_date) VALUES ($1,$2,$3,$4,$5,$6,$7,$8)',
+ array ($group_forum_id,
+ $posted_by,
+ htmlspecialchars($subject),
+ $body,
+ $post_date,
+ $is_followup_to,
+ $thread_id,
+ $most_recent_date)) ;
- $result=db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$this->setError(_('ForumMessage::create() Posting Failed').' '.db_error());
db_rollback();
@@ -253,8 +265,9 @@
//
// increment the parent's followup count if necessary
//
- $res4=db_query("UPDATE forum SET most_recent_date='". time() ."'
- WHERE thread_id='$thread_id' AND is_followup_to='0'");
+ $res4 = db_query_params ('UPDATE forum SET most_recent_date=$1 WHERE thread_id=$2 AND is_followup_to=0',
+ array (time(),
+ $thread_id)) ;
if (!$res4 || db_affected_rows($res4) < 1) {
$this->setError(_('Couldn\'t Update Master Thread parent with current time'));
db_rollback();
@@ -263,8 +276,9 @@
//
// mark the parent with followups as an optimization later
//
- $res3=db_query("UPDATE forum SET has_followups='1',most_recent_date='". time() ."'
- WHERE msg_id='$is_followup_to'");
+ $res3 = db_query_params ('UPDATE forum SET has_followups=1,most_recent_date=$1 WHERE msg_id=$2',
+ array (time(),
+ $is_followup_to)) ;
if (!$res3) {
$this->setError(_('Could Not Update Parent'));
db_rollback();
@@ -273,12 +287,15 @@
}
}
- $sql="INSERT INTO forum (group_forum_id,posted_by,subject,
- body,post_date,is_followup_to,thread_id,most_recent_date)
- VALUES ('". $this->Forum->getID() ."', '$user_id', '". htmlspecialchars($subject) ."',
- '". $body ."', '". time() ."','$is_followup_to','$thread_id','". time() ."')";
-
- $result=db_query($sql);
+ $result = db_query_params ('INSERT INTO forum (group_forum_id,posted_by,subject,body,post_date,is_followup_to,thread_id,most_recent_date) VALUES ($1,$2,$3,$4,$5,$6,$7,$8)',
+ array ($this->Forum->getID(),
+ $user_id,
+ htmlspecialchars($subject),
+ $body,
+ time(),
+ $is_followup_to,
+ $thread_id,
+ time())) ;
if (!$result || db_affected_rows($result) < 1) {
$this->setError(_('ForumMessage::create() Posting Failed').' '.db_error());
db_rollback();
@@ -349,23 +366,6 @@
$is_followup_to=0;
}
- //see if that message has been posted already for all the idiots that double-post
- //we shouldn't need this, the double post checker functions solve this issue now
- /*$res3=db_query("SELECT * FROM forum
- WHERE is_followup_to='$is_followup_to'
- AND body='". htmlspecialchars($body) ."'
- AND subject='". htmlspecialchars($subject) ."'
- AND group_forum_id='". $this->Forum->getId() ."'
- AND posted_by='$user_id'");
-
- if (db_numrows($res3) > 0) {
- //already posted this message
- $this->setError(_('You appear to be double-posting this message, since it has the same subject and followup information as a prior post.'));
- return false;
- } else {
- echo db_error();
- }*/
-
db_begin();
//now we check the moderation status of the forum and act accordingly
@@ -401,9 +401,9 @@
* @return boolean success.
*/
function fetchData($msg_id) {
- $res=db_query("SELECT * FROM forum_user_vw
- WHERE msg_id='$msg_id'
- AND group_forum_id='". $this->Forum->getID() ."'");
+ $res = db_query_params ('SELECT * FROM forum_user_vw WHERE msg_id=$1 AND group_forum_id=$2',
+ array ($msg_id,
+ $this->Forum->getID())) ;
if (!$res || db_numrows($res) < 1) {
$this->setError(_('ForumMessage::fetchData() Invalid MessageID').db_error());
return false;
@@ -420,9 +420,9 @@
* @return boolean success.
*/
function fetchModeratedData($msg_id) {
- $res=db_query("SELECT * FROM forum_pending_user_vw
- WHERE msg_id='$msg_id'
- AND group_forum_id='". $this->Forum->getID() ."'");
+ $res = db_query_params ('SELECT * FROM forum_pending_user_vw WHERE msg_id=$1 AND group_forum_id=$2',
+ array ($msg_id,
+ $this->Forum->getID())) ;
if (!$res || db_numrows($res) < 1) {
$this->setError(_('ForumMessage::fetchData() Invalid MessageID').db_error());
return false;
@@ -557,11 +557,13 @@
function hasAttach() {
if ($this->isPending()) {
- $sql = "SELECT attachmentid FROM forum_pending_attachment WHERE msg_id='$this->getID()'";
+ $res = db_query_params ('SELECT attachmentid FROM forum_pending_attachment WHERE msg_id=$1',
+ array ($this->getID())) ;
} else {
- $sql = "SELECT attachmentid FROM forum_attachment WHERE msg_id='$this->getID()'";
+ $res = db_query_params ('SELECT attachmentid FROM forum_attachment WHERE msg_id=$1',
+ array ($this->getID())) ;
}
- if ((db_numrows(db_query($sql)) > 0 )) {
+ if (db_numrows($res) > 0) {
return true;
}
return false;
@@ -590,25 +592,25 @@
$this->setPermissionDeniedError();
return false;
}*/
-
- $sql="SELECT msg_id FROM forum
- WHERE is_followup_to='$msg_id'
- AND group_forum_id='".$this->Forum->getID()."'";
- $result=db_query($sql);
+ $result = db_query_params ('SELECT msg_id FROM forum
+ WHERE is_followup_to=$1
+ AND group_forum_id=$2',
+ array ($msg_id,
+ $this->Forum->getID())) ;
$rows=db_numrows($result);
$count=1;
-
for ($i=0;$i<$rows;$i++) {
$msg = new ForumMessage($this->Forum,db_result($result,$i,'msg_id'));
$count += $msg->delete();
}
- $sql="DELETE FROM forum
- WHERE msg_id='$msg_id'
- AND group_forum_id='".$this->Forum->getID()."'";
- $toss=db_query($sql);
- $sql = "DELETE FROM forum_attachment where msg_id='$msg_id'";
- $res = db_query($res);
+ $toss = db_query_params ('DELETE FROM forum
+ WHERE msg_id=$1
+ AND group_forum_id=$2',
+ array ($msg_id,
+ $this->Forum->getID())) ;
+ $res = db_query_params ('DELETE FROM forum_attachment where msg_id=$1',
+ array ($msg_id));
return $count;
@@ -763,8 +765,9 @@
$subject="[" . $this->Forum->getUnixName() ."][".$this->getID()."] ".util_unconvert_htmlspecialchars($this->getSubject());
if (count($ids) != 0) {
- $sql="SELECT email FROM users WHERE status='A' AND user_id IN ('".implode($ids,'\',\'')."')";
- $bccres = db_query($sql);
+ $bccres = db_query_params ('SELECT email FROM users WHERE status=$1 AND user_id = ANY ($2)',
+ array ('A',
+ db_int_array_to_any_clause ($ids))) ;
}
$BCC =& implode(util_result_column_to_array($bccres),',').','.$this->Forum->getSendAllPostsTo();
@@ -794,12 +797,20 @@
$subject = htmlspecialchars($subject);
$body = $body;
$msg_id = $this->getID();
- $sql="UPDATE forum
- SET group_forum_id='$group_forum_id' , posted_by='$posted_by' , subject='$subject',
- body='$body', post_date='$post_date' , is_followup_to='$is_followup_to' ,
- thread_id='$thread_id',most_recent_date='$most_recent_date'
- WHERE msg_id='$msg_id'";
- $res = db_query($sql);
+ $res = db_query_params ('UPDATE forum
+ SET group_forum_id=$1, posted_by=$2, subject=$3,
+ body=$4, post_date=$4, is_followup_to=$6,
+ thread_id=$7, most_recent_date=$8
+ WHERE msg_id=$9',
+ array ($group_forum_id,
+ $posted_by,
+ $subject,
+ $body,
+ $post_date,
+ $is_followup_to,
+ $thread_id,
+ $most_recent_date,
+ $msg_id)) ;
if (!$res) {
$this->setError(db_error());
return false;
@@ -859,8 +870,9 @@
$subject="[" . $this->Forum->getUnixName() ."][".$this->getID()."] ".util_unconvert_htmlspecialchars($this->getSubject());
if (count($ids) != 0) {
- $sql="SELECT email FROM users WHERE status='A' AND user_id IN ('".implode($ids,'\',\'')."')";
- $bccres = db_query($sql);
+ $bccres = db_query_params ('SELECT email FROM users WHERE status=$1 AND user_id = ANY ($2)',
+ array ('A',
+ db_int_array_to_any_clause ($ids))) ;
}
$BCC =& implode(util_result_column_to_array($bccres),',').','.$this->Forum->getSendAllPostsTo();
$User = user_get_object($this->getPosterID());
Modified: trunk/gforge/common/forum/ForumMessageFactory.class.php
===================================================================
--- trunk/gforge/common/forum/ForumMessageFactory.class.php 2009-03-18 19:25:21 UTC (rev 7184)
+++ trunk/gforge/common/forum/ForumMessageFactory.class.php 2009-03-18 19:25:32 UTC (rev 7185)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2000, Tim Perdue/Sourceforge
* Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -159,16 +160,24 @@
if ($this->forum_messages) {
return $this->forum_messages;
}
- if ($thread_id) {
- $thread_sql=" AND thread_id='$thread_id' ";
+ if (isset ($thread_id) && is_int ($thread_id)) {
+ $result = db_query_params ('SELECT * FROM forum_user_vw
+ WHERE group_forum_id=$1
+ AND thread_id=$2
+ ORDER BY most_recent_date DESC',
+ array ($this->Forum->getID(),
+ $thread_id),
+ $this->max_rows+25,
+ $this->offset);
+ } else {
+ $result = db_query_params ('SELECT * FROM forum_user_vw
+ WHERE group_forum_id=$1
+ ORDER BY most_recent_date DESC',
+ array ($this->Forum->getID()),
+ $this->max_rows+25,
+ $this->offset);
}
- $sql="SELECT * FROM forum_user_vw
- WHERE group_forum_id='".$this->Forum->getID()."'
- $thread_sql
- ORDER BY most_recent_date DESC";
-
- $result=db_query($sql,($this->max_rows+25),$this->offset);
$rows = db_numrows($result);
$this->fetched_rows=$rows;
if (!$result || $rows < 1) {
@@ -191,15 +200,23 @@
if ($this->forum_messages) {
return $this->forum_messages;
}
- if ($thread_id) {
- $thread_sql=" AND thread_id='$thread_id' ";
+ if (isset ($thread_id) && is_int ($thread_id)) {
+ $result = db_query_params ('SELECT * FROM forum_user_vw
+ WHERE group_forum_id=$1
+ AND thread_id=$2
+ ORDER BY most_recent_date DESC',
+ array ($this->Forum->getID(),
+ $thread_id),
+ $this->max_rows+25,
+ $this->offset);
+ } else {
+ $result = db_query_params ('SELECT * FROM forum_user_vw
+ WHERE group_forum_id=$1
+ ORDER BY most_recent_date DESC',
+ array ($this->Forum->getID()),
+ $this->max_rows+25,
+ $this->offset);
}
- $sql="SELECT * FROM forum_user_vw
- WHERE group_forum_id='".$this->Forum->getID()."'
- $thread_sql
- ORDER BY most_recent_date DESC";
-
- $result=db_query($sql,($this->max_rows+25),$this->offset);
$rows = db_numrows($result);
$this->fetched_rows=$rows;
if (!$result || $rows < 1) {
@@ -222,15 +239,24 @@
if ($this->forum_messages) {
return $this->forum_messages;
}
- if ($thread_id) {
- $thread_sql=" AND thread_id='$thread_id' ";
+ if (isset ($thread_id) && is_int ($thread_id)) {
+ $result = db_query_params ('SELECT * FROM forum_user_vw
+ WHERE group_forum_id=$1
+ AND thread_id=$2
+ ORDER BY msg_id DESC',
+ array ($this->Forum->getID(),
+ $thread_id),
+ $this->max_rows+25,
+ $this->offset);
+ } else {
+ $result = db_query_params ('SELECT * FROM forum_user_vw
+ WHERE group_forum_id=$1
+ ORDER BY msg_id DESC',
+ array ($this->Forum->getID()),
+ $this->max_rows+25,
+ $this->offset);
}
- $sql="SELECT * FROM forum_user_vw
- WHERE group_forum_id='".$this->Forum->getID()."'
- $thread_sql
- ORDER BY msg_id DESC";
- $result=db_query($sql,($this->max_rows+1),$this->offset);
$rows = db_numrows($result);
$this->fetched_rows=$rows;
if (!$result || $rows < 1) {
Modified: trunk/gforge/common/forum/ForumsForUser.class.php
===================================================================
--- trunk/gforge/common/forum/ForumsForUser.class.php 2009-03-18 19:25:21 UTC (rev 7184)
+++ trunk/gforge/common/forum/ForumsForUser.class.php 2009-03-18 19:25:32 UTC (rev 7185)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2000, Tim Perdue/Sourceforge
* Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -56,13 +57,14 @@
*/
function getMonitoredForums() {
$forums = array();
- $sql="SELECT groups.group_name,groups.group_id,forum_group_list.group_forum_id,forum_group_list.forum_name ".
- "FROM groups,forum_group_list,forum_monitored_forums ".
- "WHERE groups.group_id=forum_group_list.group_id AND groups.status ='A' ".
- "AND forum_group_list.group_forum_id=forum_monitored_forums.forum_id ".
- "AND forum_monitored_forums.user_id='".$this->User->getID()."' ORDER BY group_name DESC";
-
- $result=db_query($sql);
+ $result = db_query_params ('SELECT groups.group_name,groups.group_id,forum_group_list.group_forum_id,forum_group_list.forum_name
+ FROM groups,forum_group_list,forum_monitored_forums
+ WHERE groups.group_id=forum_group_list.group_id AND groups.status=$1
+ AND forum_group_list.group_forum_id=forum_monitored_forums.forum_id
+ AND forum_monitored_forums.user_id=$2
+ ORDER BY group_name DESC',
+ array ('A',
+ $this->User->getID())) ;
$rows=db_numrows($result);
if ($rows < 1) {
return $forums;
More information about the Fusionforge-commits
mailing list