[Fusionforge-commits] r8180 - in trunk/gforge/www/forum: . admin include

Roland Mas lolando at libremir.placard.fr.eu.org
Fri Sep 25 11:52:38 CEST 2009


Author: lolando
Date: 2009-09-25 11:52:38 +0200 (Fri, 25 Sep 2009)
New Revision: 8180

Modified:
   trunk/gforge/www/forum/admin/ForumAdmin.class.php
   trunk/gforge/www/forum/admin/monitor.php
   trunk/gforge/www/forum/attachment.php
   trunk/gforge/www/forum/forum.php
   trunk/gforge/www/forum/include/AttachManager.class.php
   trunk/gforge/www/forum/include/ForumHTML.class.php
   trunk/gforge/www/forum/myforums.php
Log:
db_query_params() migration

Modified: trunk/gforge/www/forum/admin/ForumAdmin.class.php
===================================================================
--- trunk/gforge/www/forum/admin/ForumAdmin.class.php	2009-09-25 09:52:29 UTC (rev 8179)
+++ trunk/gforge/www/forum/admin/ForumAdmin.class.php	2009-09-25 09:52:38 UTC (rev 8180)
@@ -288,8 +288,8 @@
 			if ($this->isGroupAdmin()) {
 				$this->PrintAdminOptions();
 			}
-			$sql = "SELECT forum_name, group_forum_id FROM forum_group_list WHERE group_id='$group_id' and moderation_level > 0";
-			$res = db_query($sql);
+			$res = db_query_params ('SELECT forum_name, group_forum_id FROM forum_group_list WHERE group_id=$1 and moderation_level > 0',
+			array ($group_id));
 			if (!$res) {
 				echo db_error();
 				return;			
@@ -342,8 +342,9 @@
 			$title[] = _('Message');
 			$title[] = "Action";
 			
-			$sql = "SELECT msg_id,subject,pm.group_forum_id,gl.forum_name FROM forum_pending_messages pm, forum_group_list gl WHERE pm.group_forum_id='$forum_id' AND pm.group_forum_id=gl.group_forum_id AND gl.group_forum_id='$forum_id'";
-			$res = db_query($sql);
+			$res = db_query_params ('SELECT msg_id,subject,pm.group_forum_id,gl.forum_name FROM forum_pending_messages pm, forum_group_list gl WHERE pm.group_forum_id=$1 AND pm.group_forum_id=gl.group_forum_id AND gl.group_forum_id=$2',
+			array ($forum_id,
+				$forum_id));
 			if (!$res) {
 				echo db_error();
 				return;			
@@ -401,15 +402,15 @@
 					case 2 : { 
 						//delete
 						db_begin();
-						$sql = "DELETE FROM forum_pending_attachment WHERE msg_id='$msgids[$i]'";
-						if (!db_query($sql)) {
+						if (!db_query_params ('DELETE FROM forum_pending_attachment WHERE msg_id=$1',
+			array ($msgids[$i]))) {
 							$feedback .= "DB Error ";
 							$feedback .= db_error() . "<br>";
 							db_rollback();
 							break;
 						}
-						$sql = "DELETE FROM forum_pending_messages WHERE msg_id='$msgids[$i]'";
-						if (!db_query($sql)) {
+						if (!db_query_params ('DELETE FROM forum_pending_messages WHERE msg_id=$1',
+			array ($msgids[$i]))) {
 							$feedback .= "DB Error ";
 							$feedback .= db_error() . "<br>";
 							db_rollback();
@@ -421,14 +422,14 @@
 					}
 					case 3 : { 
 						//release
-						$sql = "SELECT * FROM forum_pending_messages WHERE msg_id='$msgids[$i]'";
-						$res1 = db_query($sql);
+						$res1 = db_query_params ('SELECT * FROM forum_pending_messages WHERE msg_id=$1',
+			array ($msgids[$i]));
 						if (!$res1) {
 							$feedback .= "DB Error " . db_error() . "<br>";
 							break;
 						}
-						$sql = "SELECT * FROM forum_pending_attachment WHERE msg_id='$msgids[$i]'";
-						$res2 = db_query($sql);
+						$res2 = db_query_params ('SELECT * FROM forum_pending_attachment WHERE msg_id=$1',
+			array ($msgids[$i]));
 						if (!$res2) {
 							$feedback .= "DB Error " . db_error() . "<br>";
 							break;
@@ -494,8 +495,8 @@
 							 } else {
 							 	//undo the changes to the forum table
 								db_begin();
-								$sql = "DELETE FROM forum WHERE msg_id='$fm->getID()'";
-								if (!db_query($sql)) {
+								if (!db_query_params ('DELETE FROM forum WHERE msg_id=$1',
+										      array ($fm->getID()))) {
 									$feedback .= "DB Error ";
 									$feedback .= db_error() . "<br>";
 									db_rollback();
@@ -509,15 +510,15 @@
 						if ($deleteok) {
 							//delete the message and attach
 							db_begin();
-							$sql = "DELETE FROM forum_pending_attachment WHERE msg_id='$msgids[$i]'";
-							if (!db_query($sql)) {
+							if (!db_query_params ('DELETE FROM forum_pending_attachment WHERE msg_id=$1',
+			array ($msgids[$i]))) {
 								$feedback .= "DB Error ";
 								$feedback .= db_error() . "<br>";
 								db_rollback();
 								break;
 							}
-							$sql = "DELETE FROM forum_pending_messages WHERE msg_id='$msgids[$i]'";
-							if (!db_query($sql)) {
+							if (!db_query_params ('DELETE FROM forum_pending_messages WHERE msg_id=$1',
+			array ($msgids[$i]))) {
 								$feedback .= "DB Error ";
 								$feedback .= db_error() . "<br>";
 								db_rollback();

Modified: trunk/gforge/www/forum/admin/monitor.php
===================================================================
--- trunk/gforge/www/forum/admin/monitor.php	2009-09-25 09:52:29 UTC (rev 8179)
+++ trunk/gforge/www/forum/admin/monitor.php	2009-09-25 09:52:38 UTC (rev 8180)
@@ -43,12 +43,11 @@
 
 forum_header(array('title'=>_('Add forum')));
 
-$sql="select users.user_id,users.user_name, users.email, users.realname from
+$res = db_query_params ('select users.user_id,users.user_name, users.email, users.realname from
 users,forum_monitored_forums fmf where fmf.user_id=users.user_id and
-fmf.forum_id ='$group_forum_id' order by users.user_id;";
+fmf.forum_id =$1 order by users.user_id',
+			array ($group_forum_id));
 
-$res=db_query($sql);
-
 $head=array();
 $head[]='User';
 $head[]='Email';

Modified: trunk/gforge/www/forum/attachment.php
===================================================================
--- trunk/gforge/www/forum/attachment.php	2009-09-25 09:52:29 UTC (rev 8179)
+++ trunk/gforge/www/forum/attachment.php	2009-09-25 09:52:38 UTC (rev 8180)
@@ -85,9 +85,11 @@
 	}
 	//only the user that created the attach  or forum admin can delete it (safecheck)
 	if (!$pending) { //pending messages aren't deleted from this page
-		$sql = "SELECT userid FROM forum_attachment WHERE attachmentid='$attachid'";
+		$res = db_query_params ('SELECT userid FROM forum_attachment WHERE attachmentid=$1',
+			array ($attachid));
+	} else {
+		$res = false ;
 	}
-	$res = db_query($sql);
 	if ( (!$res) ) {
 		exit_error("Attachment Download error","DB Error");
 	}
@@ -112,11 +114,14 @@
 	}
 	//only the user that created the attach  or forum admin can edit it (safecheck)
 	if (!$pending) { //pending messages aren't deleted from this page
-		$sql1 = "SELECT filename FROM forum_attachment WHERE attachmentid='$attachid'";
-		$sql2 = "SELECT posted_by FROM forum WHERE msg_id='$msg_id'";
+		$res = db_query_params ('SELECT filename FROM forum_attachment WHERE attachmentid=$1',
+			array ($attachid));
+		$res2 = db_query_params ('SELECT posted_by FROM forum WHERE msg_id=$1',
+			array ($msg_id));
+	} else {
+		$res = false ;
+		$res2 = false ;
 	}
-	$res = db_query($sql1);
-	$res2 = db_query($sql2);
 	if ( (!$res) || (!$res2) ) {
 		exit_error("Attachment error","DB Error");
 	}
@@ -183,11 +188,12 @@
 }
 
 if ($pending=="yes") {
-	$sql = "SELECT * FROM forum_pending_attachment where attachmentid='$attachid'";
+	$res = db_query_params ('SELECT * FROM forum_pending_attachment where attachmentid=$1',
+			array ($attachid));
 } else {
-	$sql = "SELECT * FROM forum_attachment where attachmentid='$attachid'";
+	$res = db_query_params ('SELECT * FROM forum_attachment where attachmentid=$1',
+			array ($attachid));
 }
-$res = db_query($sql);
 if ( (!$res) ) {
 	exit_error("Attachment Download error","DB Error");
 }

Modified: trunk/gforge/www/forum/forum.php
===================================================================
--- trunk/gforge/www/forum/forum.php	2009-09-25 09:52:29 UTC (rev 8179)
+++ trunk/gforge/www/forum/forum.php	2009-09-25 09:52:38 UTC (rev 8180)
@@ -295,18 +295,19 @@
 			This is the view that is most similar to the "Ultimate BB view"
 		*/
 
-		$sql="SELECT f.most_recent_date,users.user_name,users.realname,users.user_id,f.msg_id,f.subject,f.thread_id,
-(count(f2.thread_id)-1) AS followups,max(f2.post_date) AS recent 
-FROM forum f, forum f2, users 
-WHERE f.group_forum_id='$forum_id' 
-AND f.is_followup_to=0 
-AND users.user_id=f.posted_by 
-AND f.thread_id=f2.thread_id 
-GROUP BY f.most_recent_date,users.user_name,users.realname,users.user_id,f.msg_id,f.subject,f.thread_id 
-ORDER BY f.most_recent_date DESC";
+		$result = db_query_params ('SELECT f.most_recent_date,users.user_name,users.realname,users.user_id,f.msg_id,f.subject,f.thread_id,
+(count(f2.thread_id)-1) AS followups,max(f2.post_date) AS recent
+FROM forum f, forum f2, users
+WHERE f.group_forum_id=$1
+AND f.is_followup_to=0
+AND users.user_id=f.posted_by
+AND f.thread_id=f2.thread_id
+GROUP BY f.most_recent_date,users.user_name,users.realname,users.user_id,f.msg_id,f.subject,f.thread_id
+ORDER BY f.most_recent_date DESC',
+					   array ($forum_id),
+					   $max_rows+1,
+					   $offset);
 
-		$result=db_query($sql,($max_rows+1),$offset);
-
 		$avail_rows=db_numrows($result);
 
 		echo db_error();

Modified: trunk/gforge/www/forum/include/AttachManager.class.php
===================================================================
--- trunk/gforge/www/forum/include/AttachManager.class.php	2009-09-25 09:52:29 UTC (rev 8179)
+++ trunk/gforge/www/forum/include/AttachManager.class.php	2009-09-25 09:52:38 UTC (rev 8180)
@@ -72,8 +72,8 @@
 	* Returns the attach id for the message id passed as a parameter or false if error
 	*/
 	function GetAttachId($msg_id) {
-		$sql = "SELECT attachmentid FROM forum_attachment WHERE msg_id='$msg_id'";
-		$res = db_query($sql);
+		$res = db_query_params ('SELECT attachmentid FROM forum_attachment WHERE msg_id=$1',
+			array ($msg_id));
 		if ($res) {
 			return db_result($res,0,0);
 		} else {
@@ -123,14 +123,15 @@
 		//ask if the message has an attachment
 		$msg_id = $msg->getID();
 		if ($msg->isPending()) {
-			$sql = "SELECT attachmentid,filename,userid,counter FROM forum_pending_attachment where msg_id='$msg_id'";
+			$res = db_query_params ('SELECT attachmentid,filename,userid,counter FROM forum_pending_attachment where msg_id=$1',
+						array ($msg_id));
 			$pend = "&pending=yes";
 		} else {
-			$sql = "SELECT attachmentid,filename,userid,counter FROM forum_attachment where msg_id='$msg_id'";
+			$res = db_query_params ('SELECT attachmentid,filename,userid,counter FROM forum_attachment where msg_id=$1',
+						array ($msg_id));
 			$pend = "";
 		}
 		
-		$res = db_query($sql);
 		if ($res) {
 			$attachid = db_result($res,0,'attachmentid');
 		}
@@ -176,11 +177,19 @@
 			$this->messages[] = _('Couldn\'t get message id');
 		} else {
 			$this->msg_id = db_result($result,0,0);
-			$sql = "INSERT INTO forum_attachment (userid, dateline, filename, filedata, filesize, visible, msg_id , filehash, mimetype)
+			if (db_query_params ('INSERT INTO forum_attachment (userid, dateline, filename, filedata, filesize, visible, msg_id , filehash, mimetype)
 					VALUES 
-					( $userid , " . $dateline . ", '" . $filename . "',
-					'" .  $filedata . "', $filesize, $visible, $this->msg_id,  '" . $filehash . "', '" . $mimetype  . "')";
-			if (db_query($sql)) {
+					( $1 , $2, $3,
+					$4, $5, $6, $7,  $8, $9)',
+			array ($userid,
+				$dateline ,
+				$filename ,
+				$filedata ,
+				$filesize,
+				$visible,
+				$this->msg_id,
+				$filehash ,
+				$mimetype  ))) {
 				$this->messages[] = _('File uploaded');
 			}	else {
 				$this->messages[] = _('File not uploaded');
@@ -245,12 +254,6 @@
 		if ($this->ForumMsg->isPending()) {
 			if ($update) {
 				//update the fileinfo
-				/*$sql = "UPDATE forum_pending_attachment SET dateline = '" . time() . "' , filedata = '" . base64_encode($filestuff) .  "' , filename = '" . addslashes($attachment_name) . "' , filehash = '" . addslashes(md5($filestuff)) . "' where attachmentid=$update";
-				if (db_query($sql)) {
-					$this->messages[] = _('File uploaded');
-				}	else {
-					$this->messages[] = _('File not uploaded');
-				}*/
 				// not implemented
 			} else {
 				// add to db
@@ -267,11 +270,18 @@
 						$this->msg_id = db_result($result,0,0);
 					}
 				}
-				$sql = "INSERT INTO forum_pending_attachment (userid, dateline, filename, filedata, filesize, visible, msg_id , filehash, mimetype)
+				$res = db_query_params ('INSERT INTO forum_pending_attachment (userid, dateline, filename, filedata, filesize, visible, msg_id , filehash, mimetype)
 					VALUES 
-					( $user_id , " . time() . ", '" . addslashes($attachment_name) . "',
-					'" .  base64_encode($filestuff) . "', $attachment_size, 1, $this->msg_id,  '" . addslashes(md5($filestuff)) . "', '". addslashes($attachment_type) ."')";
-				$res = db_query($sql);
+					( $1 , $2, $3,
+					$4, $5, 1, $6,  $7, $8)',
+			array ($user_id,
+				time() ,
+				addslashes($attachment_name) ,
+				base64_encode($filestuff) ,
+				$attachment_size,
+				$this->msg_id,
+				addslashes(md5($filestuff)) ,
+				addslashes($attachment_type) ));
 				if ($res) {
 					$this->messages[] = _('File uploaded');
 					$id = db_insertid($res,'forum_pending_attachment','attachmentid');
@@ -282,13 +292,19 @@
 		} else {
 			if ($update) {
 				//update the fileinfo
-				$sql = "UPDATE forum_attachment SET dateline = '" . time() . "' , filedata = '" . base64_encode($filestuff) .  "' ,
-				 filename = '" . addslashes($attachment_name) . "' , 
-				 filehash = '" . addslashes(md5($filestuff)) . "' , 
-				 mimetype = '" . addslashes($attachment_type) . "' ,
-				 counter = '0' ,
-				 filesize = '" . $attachment_size . "' where attachmentid=$update";
-				if (db_query($sql)) {
+				if (db_query_params ('UPDATE forum_attachment SET dateline = $1 , filedata = $2 ,
+				 filename = $3 , 
+				 filehash = $4 , 
+				 mimetype = $5 ,
+				 counter = 0 ,
+				 filesize = $6 where attachmentid=$7',
+			array (time() ,
+				base64_encode($filestuff) ,
+				addslashes($attachment_name) ,
+				addslashes(md5($filestuff)) ,
+				addslashes($attachment_type) ,
+				$attachment_size ,
+				$update))) {
 					$this->messages[] = _('File uploaded');
 					$this->messages[] = _('File Updated Successfully');
 					$id = $update;
@@ -310,11 +326,18 @@
 						$this->msg_id = db_result($result,0,0);
 					}
 				}
-				$sql = "INSERT INTO forum_attachment (userid, dateline, filename, filedata, filesize, visible, msg_id , filehash, mimetype)
+				$res = db_query_params ('INSERT INTO forum_attachment (userid, dateline, filename, filedata, filesize, visible, msg_id , filehash, mimetype)
 					VALUES 
-					( $user_id , " . time() . ", '" . addslashes($attachment_name) . "',
-					'" .  base64_encode($filestuff) . "', $attachment_size, 1, $this->msg_id,  '" . addslashes(md5($filestuff)) . "', '" . addslashes($attachment_type) . "')";
-				$res = db_query($sql);
+					( $1 , $2, $3,
+					$4, $5, 1, $6,  $7, $8)',
+			array ($user_id,
+				time() ,
+				addslashes($attachment_name) ,
+				base64_encode($filestuff) ,
+				$attachment_size,
+				$this->msg_id,
+				addslashes(md5($filestuff)) ,
+				addslashes($attachment_type) ));
 				if ($res) {
 					$this->messages[] = _('File uploaded');
 					$id = db_insertid($res,'forum_attachment','attachmentid');

Modified: trunk/gforge/www/forum/include/ForumHTML.class.php
===================================================================
--- trunk/gforge/www/forum/include/ForumHTML.class.php	2009-09-25 09:52:29 UTC (rev 8179)
+++ trunk/gforge/www/forum/include/ForumHTML.class.php	2009-09-25 09:52:38 UTC (rev 8180)
@@ -44,8 +44,8 @@
 		//this is a news item, not a regular forum
 		if ($forum_id) {
 			// Show this news item at the top of the page
-			$sql="SELECT submitted_by, post_date, group_id, forum_id, summary, details FROM news_bytes WHERE forum_id='$forum_id'";
-			$result=db_query($sql);
+			$result = db_query_params ('SELECT submitted_by, post_date, group_id, forum_id, summary, details FROM news_bytes WHERE forum_id=$1',
+						   array ($forum_id));
 
 			// checks which group the news item belongs to
 			$params['group']=db_result($result,0,'group_id');

Modified: trunk/gforge/www/forum/myforums.php
===================================================================
--- trunk/gforge/www/forum/myforums.php	2009-09-25 09:52:29 UTC (rev 8179)
+++ trunk/gforge/www/forum/myforums.php	2009-09-25 09:52:38 UTC (rev 8180)
@@ -47,8 +47,8 @@
 $user_id = user_getid();
 $group_id = getIntFromRequest("group_id");
 //get the user monitored forums
-$sql = "SELECT mon.forum_id, fg.group_id FROM forum_monitored_forums mon,forum_group_list fg where mon.user_id='$user_id' and fg.group_forum_id=mon.forum_id";
-$result = db_query($sql);
+$result = db_query_params ('SELECT mon.forum_id, fg.group_id FROM forum_monitored_forums mon,forum_group_list fg where mon.user_id=$1 and fg.group_forum_id=mon.forum_id',
+			   array ($user_id));
 if (!$result || db_numrows($result) < 1) {
 	exit_error(_('You have no monitored forums'),_('You are not monitoring any forums.').' '.db_error(), 'forums');
 }




More information about the Fusionforge-commits mailing list