[Fusionforge-commits] r7647 - trunk/gforge/common/survey

Roland Mas lolando at libremir.placard.fr.eu.org
Thu May 14 20:24:56 CEST 2009


Author: lolando
Date: 2009-05-14 20:24:56 +0200 (Thu, 14 May 2009)
New Revision: 7647

Modified:
   trunk/gforge/common/survey/Survey.class.php
   trunk/gforge/common/survey/SurveyResponseFactory.class.php
Log:
db_query_params transition: started on common/survey

Modified: trunk/gforge/common/survey/Survey.class.php
===================================================================
--- trunk/gforge/common/survey/Survey.class.php	2009-05-14 16:58:01 UTC (rev 7646)
+++ trunk/gforge/common/survey/Survey.class.php	2009-05-14 18:24:56 UTC (rev 7647)
@@ -3,6 +3,7 @@
  * FusionForge surveys
  *
  * Copyright 2004, Sung Kim/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -112,9 +113,11 @@
 		/* Make old style survey string from array: 1, 2, 3, ..., n */
 		$survey_questions = $this->_makeQuestionString(array_reverse($add_questions));
 
-		$sql="INSERT INTO surveys (survey_title,group_id,survey_questions,is_active) VALUES ('".htmlspecialchars($survey_title)."','$group_id','$survey_questions','$is_active')";
-
-		$result=db_query($sql);
+		$result = db_query_params ('INSERT INTO surveys (survey_title,group_id,survey_questions,is_active) VALUES ($1,$2,$3,$4)',
+					   array (htmlspecialchars($survey_title),
+						  $group_id,
+						  $survey_questions,
+						  $is_active)) ;
 		if (!$result) {
 			$this->setError(_('Insert Error').db_error());
 			return false;
@@ -159,9 +162,12 @@
 			$add_questions = array_reverse($add_questions);
 			
 		$survey_questions = $this->_updateQuestionString($add_questions, $del_questions);
-		$sql="UPDATE surveys SET survey_title='".htmlspecialchars($survey_title)."', survey_questions='$survey_questions', is_active='$is_active' ".
-			"WHERE survey_id='$survey_id' AND group_id='$group_id'";
-		$result=db_query($sql);
+		$result = db_query_params ('UPDATE surveys SET survey_title=$1, survey_questions=$2, is_active=$3 WHERE survey_id=$4 AND group_id=$5',
+					   array (htmlspecialchars($survey_title),
+						  $survey_questions,
+						  $is_active,
+						  $survey_id,
+						  $group_id)) ;
 		if (db_affected_rows($result) < 1) {
 			 $this->setError(_('UPDATE FAILED').db_error());
 			 return false;
@@ -195,9 +201,10 @@
 		}
 
 		$survey_questions = $this->_updateQuestionStringOrder($question_number, $delta);
-		$sql="UPDATE surveys SET survey_questions='$survey_questions' ".
-			"WHERE survey_id='$survey_id' AND group_id='$group_id'";
-		$result=db_query($sql);
+		$result = db_query_params ('UPDATE surveys SET survey_questions=$1 WHERE survey_id=$2 AND group_id=$3',
+					   array ($survey_questions,
+						  $survey_id,
+						  $group_id)) ;
 		if (db_affected_rows($result) < 1) {
 			 $this->setError(_('UPDATE FAILED').db_error());
 			 return false;
@@ -217,9 +224,9 @@
 		$group_id = $this->Group->GetID();
 		$survey_id = $this->getID();
 
-		$sql="DELETE FROM surveys where survey_id='$survey_id' AND group_id='$group_id'";
- 
-		$res=db_query($sql);
+		$res = db_query_params ('DELETE FROM surveys where survey_id=$1 AND group_id=$2',
+					array ($survey_id,
+					       $group_id)) ;
 		if (!$res || db_affected_rows($res) < 1) {
 			$this->setError(_('Delete failed').db_error());
 			return false;
@@ -239,8 +246,9 @@
 	function fetchData($survey_id) {
 		$group_id = $this->Group->GetID();
 		
-		$sql="SELECT * FROM surveys WHERE survey_id='$survey_id' AND group_id='$group_id'";
-		$res=db_query($sql);
+		$res = db_query_params ('SELECT * FROM surveys where survey_id=$1 AND group_id=$2',
+					array ($survey_id,
+					       $group_id)) ;
 	
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError(_('No Survey is found').db_error());
@@ -314,9 +322,10 @@
 		$group_id = $this->Group->GetID();
 		$survey_id = $this->getID();
 		
-		$sql = "SELECT 1 from survey_responses where group_id='$group_id' and survey_id='$survey_id' group by user_id";
-		$res=db_query($sql);
-		$ret  =  db_numrows($res);
+		$res = db_query_params ('SELECT 1 FROM survey_responses where survey_id=$1 AND group_id=$2',
+					array ($survey_id,
+					       $group_id)) ;
+		$ret = db_numrows($res);
 		db_free_result($res);		
 		
 		return $ret;
@@ -332,10 +341,11 @@
 		$group_id = $this->Group->GetID();
 		$survey_id = $this->getID();
 
-		$sql = "SELECT 1 from survey_responses where group_id='$group_id' and survey_id='$survey_id' and user_id='$user_id'";
-		
-		$res=db_query($sql, 1);
-		$ret  =  db_numrows($res);
+		$res = db_query_params ('SELECT 1 FROM survey_responses where survey_id=$1 AND group_id=$2 AND user_id=$3',
+					array ($survey_id,
+					       $group_id,
+					       $user_id)) ;
+		$ret = db_numrows($res);
 		db_free_result($res);		
 		
 		return $ret;

Modified: trunk/gforge/common/survey/SurveyResponseFactory.class.php
===================================================================
--- trunk/gforge/common/survey/SurveyResponseFactory.class.php	2009-05-14 16:58:01 UTC (rev 7646)
+++ trunk/gforge/common/survey/SurveyResponseFactory.class.php	2009-05-14 18:24:56 UTC (rev 7647)
@@ -3,6 +3,7 @@
  * FusionForge surveys
  *
  * Copyright 2004, Sung Kim/GForge, LLC
+ * Copyright 2009, Roland Mas
  *
  * This file is part of FusionForge.
  *
@@ -135,12 +136,10 @@
 		$question = $this->getQUestion();
 		$question_id = $question->GetID();
 		
-		$sql="SELECT * FROM survey_responses ".
-			"WHERE survey_id='$survey_id' ".
-			"AND question_id='$question_id' ".
-			"AND group_id='$group_id' ORDER BY post_date DESC";
-
-		$result = db_query ($sql);
+		$result = db_query_params ('SELECT * FROM survey_responses WHERE survey_id=$1 AND question_id=$2 AND group_id=$3 ORDER BY post_date DESC',
+					   array ($survey_id,
+						  $question_id,
+						  $group_id)) ;
 		if (!$result) {
 			$this->setError(_('No Survey Response is found').db_error());
 			return false;




More information about the Fusionforge-commits mailing list