site_admin_header(array('title'=>_('Site admin')));
-$which = getIntFromRequest('which');
-
-if (!$which || $which==100) {
- $which=100;
- $sql_str = '';
-} else {
- $sql_str = " WHERE job='$which' ";
-}
+$which = getIntFromRequest('which', 100);
?>
<form action="<?php echo getStringFromServer('PHP_SELF'); ?>" method="get">
echo $HTML->listTableTop ($title_arr);
-$sql = 'SELECT COUNT(*) AS count FROM cron_history '.$sql_str;
-$res = db_query($sql);
+if ($which==100) {
+ $res = db_query_params ('SELECT COUNT(*) AS count FROM cron_history',
+ arary ());
+} else {
+ $res = db_query_params ('SELECT COUNT(*) AS count FROM cron_history WHERE job=$1',
+ arary ($which));
+}
$totalCount = db_result($res, 0, 'count');
$offset = getIntFromRequest('offset');
$offset = 0;
}
-$sql = 'SELECT * FROM cron_history '.$sql_str.' ORDER BY rundate DESC LIMIT '.ADMIN_CRONMAN_ROWS.' OFFSET '.$offset;
-$res = db_query($sql);
+if ($which==100) {
+ $res = db_query_params ('SELECT * FROM cron_history ORDER BY rundate',
+ array (),
+ ADMIN_CRONMAN_ROWS,
+ $offset);
+} else {
+ $res = db_query_params ('SELECT * FROM cron_history WHERE job=$1 ORDER BY rundate',
+ array ($which),
+ ADMIN_CRONMAN_ROWS,
+ $offset);
+}
for ($i=0; $i<db_numrows($res); $i++) {
if ($form_catroot == 1) {
if (isset($group_name_search)) {
echo "<p>"._('Groups that begin with'). " <strong>".$group_name_search."</strong></p>\n";
- $sql = "SELECT group_name,register_time,unix_group_name,groups.group_id,is_public,status,license_name,COUNT(user_group.group_id) AS members ";
- if ($sys_database_type == "mysql") {
- $sql.="FROM groups LEFT JOIN user_group ON user_group.group_id=groups.group_id, licenses WHERE license_id=license AND group_name LIKE '$group_name_search%' ";
- } else {
- $sql.="FROM groups LEFT JOIN user_group ON user_group.group_id=groups.group_id, licenses WHERE license_id=license AND group_name ILIKE '$group_name_search%' ";
- }
- $sql.="GROUP BY group_name,register_time,unix_group_name,groups.group_id,is_public,status,license_name "
- . ($form_pending?"AND WHERE status='P' ":"")
- . " ORDER BY $sortorder";
- $res = db_query($sql);
+ $res = db_query_params ('SELECT group_name,register_time,unix_group_name,groups.group_id,is_public,status,license_name,COUNT(user_group.group_id) AS members
+FROM groups
+LEFT JOIN user_group ON user_group.group_id=groups.group_id, licenses
+WHERE license_id=license
+AND lower(group_name) LIKE $1
+AND (status=$2 AND 1=$3)
+GROUP BY group_name,register_time,unix_group_name,groups.group_id,is_public,status,license_name',
+ array (strtolower ("$group_name_search%"),
+ 'P',
+ $form_pending ? 1 : 0)) ;
} else {
$res = db_query("SELECT group_name,register_time,unix_group_name,groups.group_id,is_public,status,license_name, COUNT(user_group.group_id) AS members "
. "FROM groups LEFT JOIN user_group ON user_group.group_id=groups.group_id, licenses "
SELECT DISTINCT *
FROM users WHERE ";
- if(is_numeric($search)) {
- $sql .="user_id = '$search' OR ";
- }
- if ( $sys_database_type == "mysql" ) {
- $sql .= "user_name LIKE '%$search%'
- OR email LIKE '%$search%'
- OR realname LIKE '%$search%'";
+ if (is_numeric($search)) {
+ $result = db_query_params ('SELECT DISTINCT * FROM users
+WHERE user_id = $1
+OR lower(user_name) LIKE $2
+OR lower(email) LIKE $2
+OR lower(realname) LIKE $2',
+ array ($search,
+ strtolower("%$search%")));
} else {
- $sql .= "user_name ILIKE '%$search%'
- OR email ILIKE '%$search%'
- OR realname ILIKE '%$search%'";
+ $result = db_query_params ('SELECT DISTINCT * FROM users
+WHERE lower(user_name) LIKE $1
+OR lower(email) LIKE $1
+OR lower(realname) LIKE $1',
+ array (strtolower("%$search%")));
}
- $result = db_query($sql);
print '<p><strong>' .sprintf(ngettext('User search with criteria <em>%1$s</em>: %2$s match', 'User search with criteria <em>%1$s</em>: %2$s matches', db_numrows($result)), $search, db_numrows($result)).'</strong></p>';
FROM groups WHERE (";
if(is_numeric($search)) {
- $sql .="group_id = '$search' OR ";
- }
- if ( $sys_database_type == "mysql" ) {
- $sql .= "unix_group_name LIKE '%$search%'
- OR group_name LIKE '%$search%')
- $crit_sql";
+ $result = db_query_params ('SELECT DISTINCT * FROM groups
+WHERE group_id=$1
+OR lower (unix_group_name) LIKE $2
+OR lower (group_name) LIKE $2',
+ array ($search,
+ strtolower ("%$search%"))) ;
} else {
- $sql .= "unix_group_name ILIKE '%$search%'
- OR group_name ILIKE '%$search%')
- $crit_sql";
+ $result = db_query_params ('SELECT DISTINCT * FROM groups
+WHERE lower (unix_group_name) LIKE $2
+OR lower (group_name) LIKE $2',
+ array (strtolower ("%$search%"))) ;
}
- $result = db_query($sql);
if ($crit_desc) {
$crit_desc = "($crit_desc )";
print "\n</p>";
if ($user_name_search) {
- $sql = 'SELECT user_name,lastname,firstname,user_id,status,add_date FROM users WHERE user_name ';
- $sql .= $sys_database_type == 'mysql' ? 'LIKE' : 'ILIKE';
- $sql .= ' \''.$user_name_search.'%\' OR lastname ';
- $sql .= $sys_database_type == 'mysql' ? 'LIKE' : 'ILIKE';
- $sql .= ' \''.$user_name_search.'%\' ORDER BY lastname';
- $result = db_query($sql);
+ $result = db_query_params ('SELECT user_name,lastname,firstname,user_id,status,add_date FROM users WHERE user_name ILIKE $1 OR lastname ILIKE $1 ORDER BY lastname',
+ array ("$user_name_search%"));
} else {
$sortorder = getStringFromRequest('sortorder', 'user_name');
$result = db_query_params("SELECT user_name,lastname,firstname,user_id,status,add_date FROM users ORDER BY $1", array($sortorder));