for ($i=0; $i<count($sql); $i++) {
- $res=db_query($sql[$i]);
+ $res=db_query_params($sql[$i], array());
}
</td>
<td>
<?php
- $sql="SELECT * FROM frs_package WHERE group_id='$group_id' AND status_id='1'";
- $res=db_query($sql);
+ $res=db_query_params("SELECT * FROM frs_package WHERE group_id=$1 AND status_id='1'", array($group_id));
$rows=db_numrows($res);
if (!$res || $rows < 1) {
echo '<h4>'._('No File Types Available').'</h4>';
}
$ip=getStringFromServer('REMOTE_ADDR');
- $res=db_query("INSERT INTO frs_dlstats_file (ip_address,file_id,month,day,user_id)
- VALUES ('$ip','$file_id','".date('Ym')."','".date('d')."','$us')");
+ $res=db_query_params("INSERT INTO frs_dlstats_file (ip_address,file_id,month,day,user_id)
+ VALUES ($1, $2, $3, $4, $5)"; array($ip,$file_id,date('Ym'),date('d'),$us));
} else {
Header("Status: 404");
}
}
$sql .=
"FROM frs_release,frs_package
-WHERE frs_package.group_id='$group_id'
+WHERE frs_package.group_id=$1
AND frs_release.package_id=frs_package.package_id";
- $FRS_RELEASE_RES = db_query($sql);
+ $FRS_RELEASE_RES = db_query_params($sql,array($group_id));
echo db_error();
}
return html_build_select_box($FRS_RELEASE_RES,$name,$checked_val,false);
$sql = "SELECT *
FROM frs_package
- WHERE group_id='$group_id'
+ WHERE group_id=$1
AND status_id='1'
$pub_sql
ORDER BY name";
-$res_package = db_query( $sql );
+$res_package = db_query_params( $sql, array($group_id));
$num_packages = db_numrows( $res_package );
print $GLOBALS['HTML']->multiTableRow($bgstyle, $cell_data, FALSE);
// get the files in this release....
- $sql = "SELECT frs_file.filename AS filename,
+ $res_file = db_query_params("SELECT frs_file.filename AS filename,
frs_file.file_size AS file_size,
frs_file.file_id AS file_id,
frs_file.release_time AS release_time,
frs_dlstats_filetotal_agg.downloads AS downloads
FROM frs_filetype,frs_processor,
frs_file LEFT JOIN frs_dlstats_filetotal_agg ON frs_dlstats_filetotal_agg.file_id=frs_file.file_id
- WHERE release_id='". $package_release['release_id'] ."'
+ WHERE release_id=$1
AND frs_filetype.type_id=frs_file.type_id
AND frs_processor.processor_id=frs_file.processor_id
- ORDER BY filename";
- $res_file = db_query($sql);
+ ORDER BY filename", array($package_release['release_id']));
$num_files = db_numrows( $res_file );
@$proj_stats['files'] += $num_files;
$sanitizer = new TextSanitizer();
$details = $sanitizer->SanitizeHtml($details);
- $sql="UPDATE news_bytes SET is_approved='$status', summary='".htmlspecialchars($summary)."',
-details='".$details."' WHERE id='$id' AND group_id='$group_id'";
- $result=db_query($sql);
+ $result = db_query_params("UPDATE news_bytes SET is_approved=$1, summary=$2,
+details=$3 WHERE id=$4 AND group_id=$5", array($status, htmlspecialchars($summary), $details, $id, $group_id));
if (!$result || db_affected_rows($result) < 1) {
$feedback .= _('Error On Update:');
Show the submit form
*/
- $sql="SELECT * FROM news_bytes WHERE id='$id' AND group_id='$group_id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM news_bytes WHERE id=$1 AND group_id=$2", array($id, $group_id));
if (db_numrows($result) < 1) {
exit_error(_('Error'), _('NewsByte not found'));
}
Show list of waiting news items
*/
- $sql="SELECT * FROM news_bytes WHERE is_approved <> 4 AND group_id='$group_id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM news_bytes WHERE is_approved <> 4 AND group_id=$1", array($group_id));
$rows=db_numrows($result);
$group =& group_get_object($group_id);
*/
$sanitizer = new TextSanitizer();
$details = $sanitizer->SanitizeHtml($details);
- $sql="UPDATE news_bytes SET is_approved='1', post_date='".time()."',
-summary='".htmlspecialchars($summary)."', details='".$details."' WHERE id='$id'";
- $result=db_query($sql);
+ $result=db_query_params("UPDATE news_bytes SET is_approved='1', post_date=$1,
+summary=$2, details=$3 WHERE id=$4", array(time(), htmlspecialchars($summary), $details, $id));
if (!$result || db_affected_rows($result) < 1) {
$feedback .= _('Error On Update:');
} else {
/*
Move msg to deleted status
*/
- $sql="UPDATE news_bytes SET is_approved='2' WHERE id='$id'";
- $result=db_query($sql);
+ $result=db_query_params("UPDATE news_bytes SET is_approved='2' WHERE id=$1", array($id));
if (!$result || db_affected_rows($result) < 1) {
$feedback .= _('Error On Update:');
$feedback .= db_error();
Move msg to rejected status
*/
$news_id = getArrayFromRequest('news_id');
- $sql="UPDATE news_bytes
+ $result = db_query_params("UPDATE news_bytes
SET is_approved='2'
-WHERE id IN ('".implode("','",$news_id)."')";
- $result=db_query($sql);
+WHERE id = ANY($1)",array(db_int_array_to_any_clause($news_id)));
if (!$result || db_affected_rows($result) < 1) {
$feedback .= _('Error On Update:');
$feedback .= db_error();
Show the submit form
*/
- $sql="SELECT groups.unix_group_name,groups.group_id,news_bytes.*
-FROM news_bytes,groups WHERE id='$id'
-AND news_bytes.group_id=groups.group_id ";
- $result=db_query($sql);
+ $result=db_query_params("SELECT groups.unix_group_name,groups.group_id,news_bytes.*
+FROM news_bytes,groups WHERE id=$1
+AND news_bytes.group_id=groups.group_id ", array($id));
if (db_numrows($result) < 1) {
exit_error(_('Error'), _('NewsByte not found'));
}
Show a the latest news for a portal
*/
- $sql="SELECT groups.group_name,groups.unix_group_name,groups.group_id,
+ $result=db_query_params("SELECT groups.group_name,groups.unix_group_name,groups.group_id,
users.user_name,users.realname,news_bytes.forum_id,
news_bytes.summary,news_bytes.post_date,news_bytes.details
FROM users,news_bytes,groups,foundry_news
- WHERE foundry_news.foundry_id='$group_id'
+ WHERE foundry_news.foundry_id=$1
AND users.user_id=news_bytes.submitted_by
AND foundry_news.news_id=news_bytes.id
AND news_bytes.group_id=groups.group_id
AND foundry_news.is_approved=1
- ORDER BY news_bytes.post_date DESC";
+ ORDER BY news_bytes.post_date DESC", array($group_id),$limit);
- $result=db_query($sql,$limit);
$rows=db_numrows($result);
if (!$result || $rows < 1) {
/*
Takes an ID and returns the corresponding forum name
*/
- $sql="SELECT summary FROM news_bytes WHERE id='$id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT summary FROM news_bytes WHERE id=$1", array($id));
if (!$result || db_numrows($result) < 1) {
return "Not Found";
} else {
if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
- $sql="INSERT INTO people_job_category (name) VALUES ('$cat_name')";
- $result=db_query($sql);
+ $result=db_query_params("INSERT INTO people_job_category (name) VALUES ($1)", array($cat_name));
if (!$result) {
echo db_error();
form_release_key(getStringFromRequest("form_key"));
if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
- $sql="INSERT INTO people_skill (name) VALUES ('$skill_name')";
- $result=db_query($sql);
+ $result=db_query_params("INSERT INTO people_skill (name) VALUES ($1)", array($skill_name));
if (!$result) {
echo db_error();
form_release_key(getStringFromRequest("form_key"));
/*
List of possible categories for this group
*/
- $sql="select category_id,name from people_job_category";
- $result=db_query($sql);
+ $result=db_query_params("select category_id,name from people_job_category", array());
echo "<p>";
if ($result && db_numrows($result) > 0) {
ShowResultSet($result,'Existing Categories','people_cat');
/*
List of possible people_groups for this group
*/
- $sql="select skill_id,name from people_skill";
- $result=db_query($sql);
+ $result=db_query_params("select skill_id,name from people_skill", array());
echo "<p>";
if ($result && db_numrows($result) > 0) {
ShowResultSet($result,"Existing Skills","people_skills");
if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
- $sql="INSERT INTO people_job (group_id,created_by,title,description,post_date,status_id,category_id)
-VALUES ('$group_id','". user_getid() ."','".htmlspecialchars($title)."','".htmlspecialchars($description)."','".time()."','1','$category_id')";
- $result=db_query($sql);
+ $result=db_query_params("INSERT INTO people_job (group_id,created_by,title,description,post_date,status_id,category_id)
+VALUES ($1, $2, $3, $4, $5, $6, $7)",
+array($group_id, user_getid(), htmlspecialchars($title), htmlspecialchars($description), time(), '1',$category_id));
if (!$result || db_affected_rows($result) < 1) {
$feedback .= _('JOB insert FAILED');
echo db_error();
exit_error(_('error - missing info'),_('Fill in all required fields'));
}
- $sql="UPDATE people_job SET title='".htmlspecialchars($title)."',description='".htmlspecialchars($description)."',status_id='$status_id',category_id='$category_id'
-WHERE job_id='$job_id' AND group_id='$group_id'";
- $result=db_query($sql);
+ $result=db_query_params("UPDATE people_job SET title=$1,description=$2,status_id=$3,category_id=$4 WHERE job_id=$5 AND group_id=$6",
+ array(htmlspecialchars($title), htmlspecialchars($description), $status_id, $category_id, $job_id, $group_id));
if (!$result || db_affected_rows($result) < 1) {
$feedback = _('JOB update FAILED');
echo db_error();
}
if (people_verify_job_group($job_id,$group_id)) {
- $sql="UPDATE people_job_inventory SET skill_level_id='$skill_level_id',skill_year_id='$skill_year_id'
-WHERE job_id='$job_id' AND job_inventory_id='$job_inventory_id'";
- $result=db_query($sql);
+ $result=db_query_params("UPDATE people_job_inventory SET skill_level_id=$1,skill_year_id=$2 WHERE job_id=$3 AND job_inventory_id=$4",
+ array($skill_level_id, $skill_year_id, $job_id, $job_inventory_id));
if (!$result || db_affected_rows($result) < 1) {
$feedback .= _('JOB skill update FAILED');
echo db_error();
}
if (people_verify_job_group($job_id,$group_id)) {
- $sql="DELETE FROM people_job_inventory WHERE job_id='$job_id' AND job_inventory_id='$job_inventory_id'";
- $result=db_query($sql);
+ $result = db_query_params="DELETE FROM people_job_inventory WHERE job_id=$1 AND job_inventory_id=$2", array($job_id, $job_inventory_id));
if (!$result || db_affected_rows($result) < 1) {
$feedback .= _('JOB skill delete FAILED');
echo db_error();
people_header(array('title'=>_('Edit Job')));
//for security, include group_id
- $sql="SELECT * FROM people_job WHERE job_id='$job_id' AND group_id='$group_id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM people_job WHERE job_id=$1 AND group_id=$2", array($job_id, $group_id));
if (!$result || db_numrows($result) < 1) {
echo db_error();
$feedback .= _('POSTING fetch FAILED');
exit_form_double_submit();
}
- $sql="UPDATE users SET people_view_skills='$people_view_skills'
-WHERE user_id='".user_getid()."'";
- $result=db_query($sql);
+ $result=db_query_params("UPDATE users SET people_view_skills=$1
+WHERE user_id=$2", array($people_view_skills, $user_getid()));
if (!$result || db_affected_rows($result) < 1) {
form_release_key(getStringFromRequest("form_key"));
$feedback .= _('User update FAILED');
$title = str_replace("\n", " ", $title);
- $sql = "SELECT * from skills_data where user_id = ".user_getid().
- " AND type=".$type.
- " AND title='".$title."'".
- " AND start=".$start.
- " AND finish=".$finish.
- " AND keywords='".$keywords."'";
+ $result = db_query_params("SELECT * from skills_data where user_id = $1
+ AND type=$2
+ AND title=$3
+ AND start=$4
+ AND finish=$5
+ AND keywords=$6",
+ array($user_getid(), $type, $title, $start, $finish, $keywords));
- $result=db_query($sql);
if (db_numrows($result) >= 1) {
$feedback .= ''; /* don't tell them anything! */
} else {
- $sql = "INSERT into skills_data (user_id, type, title, start, finish, keywords) values
-(".user_getid().",".$type.",'".$title."',".$start.",".$finish.",'".$keywords."')";
+ $result = db_query_params("INSERT into skills_data (user_id, type, title, start, finish, keywords) values
+($1, $2, $3, $4, $5, $6)",array(user_getid(), $type, $title, $start, $finish, $keywords));
- $result=db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
form_release_key(getStringFromRequest("form_key"));
echo db_error();
$keywords[$i] = str_replace("\n", " ", $keywords[$i]); /* strip out any backspace characters. */
$title[$i] = str_replace("\n", " ", $title[$i]);
- $sql="UPDATE skills_data SET type='$type[$i]',title='$title[$i]',start='$startY[$i]$startM[$i]',
-finish='$endY[$i]$endM[$i]',keywords='$keywords[$i]'
-WHERE skills_data_id='$skill_edit[$i]'";
+ $result = db_query_params("UPDATE skills_data SET type=$1 ,title=$2 ,start=$3,finish=$4, keywords=$5 WHERE skills_data_id=$6",
+ array($type[$i], $title[$i], $startY[$i]$startM[$i], $endY[$i]$endM[$i], $keywords[$i], $skill_edit[$i]));
- $result=db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
echo db_error();
$feedback = _('Failed to update skills');
html_feedback_top($feedback);
//for security, include group_id
- $sql="SELECT * FROM users WHERE user_id='". user_getid() ."'";
-
- $result=db_query($sql);
+ $result = db_query_params("SELECT * FROM users WHERE user_id=$1", array(user_getid()));
if (!$result || db_numrows($result) < 1) {
echo db_error();
//now show the list of desired skills
//echo '<p>'.people_edit_skill_inventory( user_getid() );
- $sql="SELECT * FROM skills_data_types WHERE type_id > 0";
- $skills=db_query($sql);
+ $skills = db_query_params("SELECT * FROM skills_data_types WHERE type_id > 0", array());
if (!$skills || db_numrows($skills) < 1) {
echo db_error();
$feedback .= _('No skill types in database (skills_data_types table)');
{
echo '<p>';
- $sql="SELECT people_job.group_id,people_job.job_id,groups.group_name,groups.unix_group_name,people_job.title,people_job.post_date,people_job_category.name AS category_name
+ $result=db_query_params("SELECT people_job.group_id,people_job.job_id,groups.group_name,groups.unix_group_name,people_job.title,people_job.post_date,people_job_category.name AS category_name
FROM people_job,people_job_category,groups
WHERE people_job.group_id=groups.group_id
AND people_job.category_id=people_job_category.category_id
AND people_job.status_id=1
-ORDER BY post_date DESC";
- $result=db_query($sql,30);
+ORDER BY post_date DESC",
+array(),30);
echo people_show_job_list($result) . '</p>';
}
echo '<h4>'._('Last posts').'</h4>';
- $sql="SELECT people_job.group_id,people_job.job_id,groups.group_name,groups.unix_group_name,people_job.title,people_job.post_date,people_job_category.name AS category_name
+ $result=db_query_params("SELECT people_job.group_id,people_job.job_id,groups.group_name,groups.unix_group_name,people_job.title,people_job.post_date,people_job_category.name AS category_name
FROM people_job,people_job_category,groups
WHERE people_job.group_id=groups.group_id
AND people_job.category_id=people_job_category.category_id
AND people_job.status_id=1
-ORDER BY post_date DESC";
- $result=db_query($sql,5);
+ORDER BY post_date DESC", array(), 5);
echo people_show_job_list($result);
echo '<p><a href="helpwanted-latest.php">['._('more latest posts').']</a></p>';
global $PEOPLE_SKILL;
if (!$PEOPLE_SKILL) {
//will be used many times potentially on a single page
- $sql="SELECT * FROM people_skill ORDER BY name ASC";
- $PEOPLE_SKILL=db_query($sql);
+ $PEOPLE_SKILL=db_query_params("SELECT * FROM people_skill ORDER BY name ASC"; array());
}
return html_build_select_box($PEOPLE_SKILL,$name,$checked);
}
global $PEOPLE_SKILL_LEVEL;
if (!$PEOPLE_SKILL_LEVEL) {
//will be used many times potentially on a single page
- $sql="SELECT * FROM people_skill_level";
- $PEOPLE_SKILL_LEVEL=db_query($sql);
+ $PEOPLE_SKILL_LEVEL=db_query_params("SELECT * FROM people_skill_level", array());
}
return html_build_select_box ($PEOPLE_SKILL_LEVEL,$name,$checked);
}
global $PEOPLE_SKILL_YEAR;
if (!$PEOPLE_SKILL_YEAR) {
//will be used many times potentially on a single page
- $sql="SELECT * FROM people_skill_year";
- $PEOPLE_SKILL_YEAR=db_query($sql);
+ $PEOPLE_SKILL_YEAR=db_query_params("SELECT * FROM people_skill_year", array());
}
return html_build_select_box ($PEOPLE_SKILL_YEAR,$name,$checked);
}
function people_job_status_box($name='status_id',$checked='xyxy') {
- $sql="SELECT * FROM people_job_status";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM people_job_status", array());
return html_build_select_box ($result,$name,$checked);
}
function people_job_category_box($name='category_id',$checked='xyxy') {
- $sql="SELECT category_id,name FROM people_job_category WHERE private_flag=0";
- $result=db_query($sql);
+ $result=db_query_params("SELECT category_id,name FROM people_job_category WHERE private_flag=0", array());
return html_build_select_box ($result,$name,$checked);
}
$feedback .= _('Must select a skill ID');
} else {
//check if they've already added this skill
- $sql="SELECT * FROM people_skill_inventory WHERE user_id='". user_getid() ."' AND skill_id='$skill_id'";
- $result=db_query($sql);
+ $result=db_query_prams("SELECT * FROM people_skill_inventory WHERE user_id=$1 AND skill_id=$2", array(user_getid(), $skill_id));
if (!$result || db_numrows($result) < 1) {
//skill not already in inventory
- $sql="INSERT INTO people_skill_inventory (user_id,skill_id,skill_level_id,skill_year_id)
-VALUES ('". user_getid() ."','$skill_id','$skill_level_id','$skill_year_id')";
- $result=db_query($sql);
+ $result = db_query_params("INSERT INTO people_skill_inventory (user_id,skill_id,skill_level_id,skill_year_id)
+VALUES ($1, $2, $3, $4)", array(user_getid() ,$skill_id, $skill_level_id, $skill_year_id));
if (!$result || db_affected_rows($result) < 1) {
$feedback .= _('ERROR inserting into skill inventory');
echo db_error();
}
function people_show_skill_inventory($user_id) {
- $sql="SELECT people_skill.name AS skill_name, people_skill_level.name AS level_name, people_skill_year.name AS year_name
+ $result = db_query_params("SELECT people_skill.name AS skill_name, people_skill_level.name AS level_name, people_skill_year.name AS year_name
FROM people_skill_year,people_skill_level,people_skill,people_skill_inventory
WHERE people_skill_year.skill_year_id=people_skill_inventory.skill_year_id
AND people_skill_level.skill_level_id=people_skill_inventory.skill_level_id
AND people_skill.skill_id=people_skill_inventory.skill_id
-AND people_skill_inventory.user_id='$user_id'";
- $result=db_query($sql);
+AND people_skill_inventory.user_id=$1", array($user_id));
$title_arr=array();
$title_arr[]=_('Skill');
}
function people_edit_skill_inventory($user_id) {
- $sql="SELECT * FROM people_skill_inventory WHERE user_id='$user_id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM people_skill_inventory WHERE user_id=$1", array($user_id));
$title_arr=array();
$title_arr[]=_('Skill');
global $feedback;
if (session_loggedin()) {
//check if they've already added this skill
- $sql="SELECT * FROM people_job_inventory WHERE job_id='$job_id' AND skill_id='$skill_id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM people_job_inventory WHERE job_id=$1 AND skill_id=$2", array($job_id, $skill_id));
if (!$result || db_numrows($result) < 1) {
//skill isn't already in this inventory
- $sql="INSERT INTO people_job_inventory (job_id,skill_id,skill_level_id,skill_year_id)
-VALUES ('$job_id','$skill_id','$skill_level_id','$skill_year_id')";
- $result=db_query($sql);
+ $result=db_query_params("INSERT INTO people_job_inventory (job_id,skill_id,skill_level_id,skill_year_id)
+VALUES ($1, $2, $3, $4)", array($job_id, $skill_id, $skill_level_id, $skill_year_id));
if (!$result || db_affected_rows($result) < 1) {
$feedback .= _('ERROR inserting into skill inventory');
echo db_error();
}
function people_show_job_inventory($job_id) {
- $sql="SELECT people_skill.name AS skill_name, people_skill_level.name AS level_name, people_skill_year.name AS year_name
+ $result=db_query_params="SELECT people_skill.name AS skill_name, people_skill_level.name AS level_name, people_skill_year.name AS year_name
FROM people_skill_year,people_skill_level,people_skill,people_job_inventory
WHERE people_skill_year.skill_year_id=people_job_inventory.skill_year_id
AND people_skill_level.skill_level_id=people_job_inventory.skill_level_id
AND people_skill.skill_id=people_job_inventory.skill_id
-AND people_job_inventory.job_id='$job_id'";
- $result=db_query($sql);
+AND people_job_inventory.job_id=$1", array($job_id));
$title_arr=array();
$title_arr=array();
}
function people_verify_job_group($job_id,$group_id) {
- $sql="SELECT * FROM people_job WHERE job_id='$job_id' AND group_id='$group_id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM people_job WHERE job_id=$1 AND group_id=$2", array($job_id, $group_id));
if (!$result || db_numrows($result) < 1) {
return false;
} else {
}
function people_get_skill_name($skill_id) {
- $sql="SELECT name FROM people_skill WHERE skill_id='$skill_id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT name FROM people_skill WHERE skill_id=$1", array($skill_id));
if (!$result || db_numrows($result) < 1) {
return _('Invalid ID');
} else {
}
function people_get_category_name($category_id) {
- $sql="SELECT name FROM people_job_category WHERE category_id='$category_id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT name FROM people_job_category WHERE category_id=$1", array($category_id));
if (!$result || db_numrows($result) < 1) {
return 'Invalid ID';
} else {
// table looking like poo.
function people_edit_job_inventory($job_id,$group_id) {
global $HTML;
- $sql="SELECT * FROM people_job_inventory WHERE job_id='$job_id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM people_job_inventory WHERE job_id=$1", array($job_id));
$title_arr=array();
$title_arr[]=_('Skill').utils_requiredField();
AND pj.status_id=1
GROUP BY pjc.category_id, pjc.name";
*/
- $sql="SELECT pjc.category_id, pjc.name, COUNT(pj.category_id) AS total
+ $result= db_query_params("SELECT pjc.category_id, pjc.name, COUNT(pj.category_id) AS total
FROM people_job_category pjc LEFT JOIN people_job pj
ON pjc.category_id=pj.category_id
WHERE pjc.private_flag=0
AND (pj.status_id=1 OR pj.status_id IS NULL)
-GROUP BY pjc.category_id, pjc.name";
+GROUP BY pjc.category_id, pjc.name", array());
- $result=db_query($sql);
$rows=db_numrows($result);
if (!$result || $rows < 1) {
$return .= '<tr><td><h2>'._('No Categories Found').'</h2></td></tr>';
function people_show_project_jobs($group_id) {
//show open jobs for this project
- $sql="SELECT people_job.group_id,people_job.job_id,groups.group_name,groups.unix_group_name,people_job.title,people_job.post_date,people_job_category.name AS category_name
+ $result = db_query_params("SELECT people_job.group_id,people_job.job_id,groups.group_name,groups.unix_group_name,people_job.title,people_job.post_date,people_job_category.name AS category_name
FROM people_job,people_job_category,groups
-WHERE people_job.group_id='$group_id'
+WHERE people_job.group_id=$1
AND people_job.group_id=groups.group_id
AND people_job.category_id=people_job_category.category_id
-AND people_job.status_id=1 ORDER BY post_date DESC";
- $result=db_query($sql);
+AND people_job.status_id=1 ORDER BY post_date DESC", array($group_id));
return people_show_job_list($result);
}
function people_show_category_jobs($category_id) {
//show open jobs for this category
- $sql="SELECT people_job.group_id,people_job.job_id,groups.unix_group_name,groups.group_name,people_job.title,people_job.post_date,people_job_category.name AS category_name
+ $result=db_query_params("SELECT people_job.group_id,people_job.job_id,groups.unix_group_name,groups.group_name,people_job.title,people_job.post_date,people_job_category.name AS category_name
FROM people_job,people_job_category,groups
-WHERE people_job.category_id='$category_id'
+WHERE people_job.category_id=$1
AND people_job.group_id=groups.group_id
AND people_job.category_id=people_job_category.category_id
-AND people_job.status_id=1 ORDER BY post_date DESC";
- $result=db_query($sql);
+AND people_job.status_id=1 ORDER BY post_date DESC", array($category_id));
return people_show_job_list($result);
}
function displayUserSkills($user_id, $allowEdit) {
global $HTML;
- $sql = "SELECT * FROM skills_data_types ORDER BY type_id ASC";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM skills_data_types ORDER BY type_id ASC", array());
$rows = db_numrows($result);
if ($rows >= 1) {
/* obtain the types keywords... */
}
}
- $sql="SELECT * FROM skills_data WHERE user_id='$user_id' ORDER BY finish DESC, start ASC, skills_data_id DESC";
- $result=db_query($sql);
+ $result= db_query_params("SELECT * FROM skills_data WHERE user_id=$1 ORDER BY finish DESC, start ASC, skills_data_id DESC",array($user_id));
$rows = db_numrows($result);
if (!$result || $rows < 1) {
echo db_error();
if (!$result || $rows < 1) {
echo db_error();
} else {
- $sql="SELECT * FROM skills_data_types WHERE type_id > 0";
- $skills=db_query($sql);
+ $skills=db_query_params("SELECT * FROM skills_data_types WHERE type_id > 0", array());
if (!$skills || db_numrows($skills) < 1) {
echo db_error();
$feedback .= _('User fetch FAILED');
*/
//for security, include group_id
- $sql="SELECT groups.group_name,people_job_category.name AS category_name,
+ $result=db_query_params("SELECT groups.group_name,people_job_category.name AS category_name,
people_job_status.name AS status_name,people_job.title,
people_job.description,people_job.post_date,users.user_name,users.user_id
FROM people_job,groups,people_job_status,people_job_category,users
AND people_job_status.status_id=people_job.status_id
AND users.user_id=people_job.created_by
AND groups.group_id=people_job.group_id
-AND people_job.job_id='$job_id' AND people_job.group_id='$group_id'";
- $result=db_query($sql);
+AND people_job.job_id=$1 AND people_job.group_id=$2",
+array($job_id, $group_id));
if (!$result || db_numrows($result) < 1) {
people_header(array('title'=>_('View a Job')));
echo db_error();
people_header(array('title'=>_('View a User Profile')));
//for security, include group_id
- $sql="SELECT * FROM users WHERE user_id='$user_id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM users WHERE user_id=$1", array($user_id));
if (!$result || db_numrows($result) < 1) {
echo db_error();
$feedback .= _('User fetch FAILED');
/*
check to see if they are the creator of this version
*/
- $result=db_query("SELECT * FROM snippet_package_version ".
- "WHERE submitted_by='".user_getid()."' AND ".
- "snippet_package_version_id='$snippet_package_version_id'");
+ $result=db_query_params("SELECT * FROM snippet_package_version ".
+ "WHERE submitted_by=$1 AND ".
+ "snippet_package_version_id=$2", array(user_getid(), $snippet_package_version_id));
if (!$result || db_numrows($result) < 1) {
echo '<h1>' ._('Error - Only the creator of a package version can add snippets to it.').'</h1>';
handle_add_exit();
/*
create the snippet version
*/
- $sql="INSERT INTO snippet_package_item (snippet_package_version_id,snippet_version_id)
-VALUES ('$snippet_package_version_id','$snippet_version_id')";
- $result=db_query($sql);
+ $result=db_query_params("INSERT INTO snippet_package_item (snippet_package_version_id,snippet_version_id)
+VALUES ($1, $2)", array($snippet_package_version_id, $snippet_version_id));
if (!$result) {
$feedback .= _('ERROR DOING SNIPPET VERSION INSERT!');
*/
//Check to see if they are the creator of this package_version
- $result=db_query("SELECT * FROM snippet_package_version ".
- "WHERE submitted_by='".user_getid()."' AND ".
- "snippet_package_version_id='$snippet_package_version_id'");
+ $result=db_query_params("SELECT * FROM snippet_package_version ".
+ "WHERE submitted_by=$1 AND ".
+ "snippet_package_version_id=$2", array(user_getid(), $snippet_package_version_id));
if (!$result || db_numrows($result) < 1) {
echo '<h1>Error - Only the creator of a package version can delete snippets from it.</h1>';
snippet_footer(array());
*/
//find this snippet id and make sure the current user created it
- $result=db_query("SELECT * FROM snippet_version ".
- "WHERE snippet_version_id='$snippet_version_id' AND submitted_by='".user_getid()."'");
+ $result=db_query_params("SELECT * FROM snippet_version ".
+ "WHERE snippet_version_id=$1 AND submitted_by=$2", array($snippet_version_id, user_getid()));
if (!$result || db_numrows($result) < 1) {
echo '<h1>Error - That snippet doesn\'t exist.</h1>';
snippet_footer(array());
$snippet_id=db_result($result,0,'snippet_id');
//do the delete
- $result=db_query("DELETE FROM snippet_version ".
- "WHERE snippet_version_id='$snippet_version_id' AND submitted_by='".user_getid()."'");
+ $result=db_query_params("DELETE FROM snippet_version ".
+ "WHERE snippet_version_id=$1 AND submitted_by=$2", array($snippet_version_id, user_getid()));
//see if any versions of this snippet are left
- $result=db_query("SELECT * FROM snippet_version WHERE snippet_id='$snippet_id'");
+ $result=db_query_params("SELECT * FROM snippet_version WHERE snippet_id=$1", array($snippet_id));
if (!$result || db_numrows($result) < 1) {
//since no version of this snippet exist, delete the main snippet entry,
//even if this person is not the creator of the original snippet
- $result=db_query("DELETE FROM snippet WHERE snippet_id='$snippet_id'");
+ $result=db_query_params("DELETE FROM snippet WHERE snippet_id=$1",array($snippet_id));
}
echo '<h1>Snippet Removed</h1>';
*/
//make sure they own this version of the package
- $result=db_query("SELECT * FROM snippet_package_version ".
- "WHERE submitted_by='".user_getid()."' AND ".
- "snippet_package_version_id='$snippet_package_version_id'");
+ $result=db_query_params("SELECT * FROM snippet_package_version ".
+ "WHERE submitted_by=$1 AND ".
+ "snippet_package_version_id=$2", array(user_getid(), $snippet_package_version_id));
if (!$result || db_numrows($result) < 1) {
//they don't own it or it's not found
echo '<h1>Error - Only the creator of a package version can delete it.</h1>';
$snippet_package_id=db_result($result,0,'snippet_package_id');
//do the version delete
- $result=db_query("DELETE FROM snippet_package_version ".
- "WHERE submitted_by='".user_getid()."' AND ".
- "snippet_package_version_id='$snippet_package_version_id'");
+ $result=db_query_params("DELETE FROM snippet_package_version ".
+ "WHERE submitted_by=$1 AND ".
+ "snippet_package_version_id=$2", array(user_getid(), $snippet_package_version_id));
//delete snippet_package_items
- $result=db_query("DELETE FROM snippet_package_item ".
- "WHERE snippet_package_version_id='$snippet_package_version_id'");
+ $result=db_query_params("DELETE FROM snippet_package_item ".
+ "WHERE snippet_package_version_id=$1", array($snippet_package_version_id));
//see if any versions of this package remain
- $result=db_query("SELECT * FROM snippet_package_version ".
- "WHERE snippet_package_id='$snippet_package_id'");
+ $result=db_query_params("SELECT * FROM snippet_package_version ".
+ "WHERE snippet_package_id=$1", array($snippet_package_id));
if (!$result || db_numrows($result) < 1) {
//since no versions of this package remain,
//delete the main package even if the user didn't create it
- $result=db_query("DELETE FROM snippet_package WHERE snippet_package_id='$snippet_package_id'");
+ $result=db_query_params("DELETE FROM snippet_package WHERE snippet_package_id=$1", array($snippet_package_id));
}
echo '<h1>Package Removed</h1>';
snippet_footer(array());
/*
Get all the versions of this snippet
*/
- $sql="SELECT users.realname,users.user_name,users.user_id,snippet_version.snippet_version_id,snippet_version.version,snippet_version.post_date,snippet_version.changes
+ $result=db_query_params("SELECT users.realname,users.user_name,users.user_id,snippet_version.snippet_version_id,snippet_version.version,snippet_version.post_date,snippet_version.changes
FROM snippet_version,users
-WHERE users.user_id=snippet_version.submitted_by AND snippet_id='$id'
-ORDER BY snippet_version.snippet_version_id DESC";
+WHERE users.user_id=snippet_version.submitted_by AND snippet_id=$1
+ORDER BY snippet_version.snippet_version_id DESC", array($id));
- $result=db_query($sql);
$rows=db_numrows($result);
if (!$result || $rows < 1) {
echo '<h3>' ._('Error - no versions found').'</h3>';
/*
Get all the versions of this package
*/
- $sql="SELECT users.realname,users.user_name,users.user_id,snippet_package_version.snippet_package_version_id,
+ $result=db_query_params("SELECT users.realname,users.user_name,users.user_id,snippet_package_version.snippet_package_version_id,
snippet_package_version.version,snippet_package_version.post_date
FROM snippet_package_version,users
-WHERE users.user_id=snippet_package_version.submitted_by AND snippet_package_id='$id'
-ORDER BY snippet_package_version.snippet_package_version_id DESC";
+WHERE users.user_id=snippet_package_version.submitted_by AND snippet_package_id=$1
+ORDER BY snippet_package_version.snippet_package_version_id DESC", array($id));
$result=db_query($sql);
$rows=db_numrows($result);
function snippet_show_package_snippets($version) {
//show the latest version
- $sql="SELECT snippet_package_item.snippet_version_id, snippet_version.version,snippet.name,users.user_name
+ $result=db_query_params("SELECT snippet_package_item.snippet_version_id, snippet_version.version,snippet.name,users.user_name
FROM snippet,snippet_version,snippet_package_item,users
WHERE snippet.snippet_id=snippet_version.snippet_id
AND users.user_id=snippet_version.submitted_by
AND snippet_version.snippet_version_id=snippet_package_item.snippet_version_id
-AND snippet_package_item.snippet_package_version_id='$version'";
+AND snippet_package_item.snippet_package_version_id=$1", array($version));
- $result=db_query($sql);
$rows=db_numrows($result);
echo '
<p> </p>
function snippet_show_package_details($id) {
global $SCRIPT_CATEGORY,$SCRIPT_LANGUAGE;
- $sql="SELECT * FROM snippet_package WHERE snippet_package_id='$id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM snippet_package WHERE snippet_package_id=$1", array($id));
echo '
<p>
function snippet_show_snippet_details($id) {
global $SCRIPT_TYPE,$SCRIPT_CATEGORY,$SCRIPT_LICENSE,$SCRIPT_LANGUAGE;
- $sql="SELECT * FROM snippet WHERE snippet_id='$id'";
- $result=db_query($sql);
+ $result=db_query_params("SELECT * FROM snippet WHERE snippet_id=$1", array($id));
echo '
<p>
* @return boolean success.
*/
function fetchData($categoryId) {
- $res=db_query("SELECT *
+ $res=db_query_params("SELECT *
FROM trove_cat
- WHERE trove_cat_id='".$categoryId."'", -1, 0, SYS_DB_TROVE);
+ WHERE trove_cat_id=$1",array($categoryId) -1, 0, SYS_DB_TROVE);
if (!$res || db_numrows($res) < 1) {
return false;
}
return false;
} else {
db_begin();
- $result = db_query("UPDATE trove_cat
- SET shortname='".htmlspecialchars($shortName)."',
- fullname='".htmlspecialchars($fullName)."',
- description='".htmlspecialchars($description)."',
- version='".date('Ymd',time())."01'
- WHERE trove_cat_id='".$this->categoryId."'"
+ $result = db_query_params("UPDATE trove_cat
+ SET shortname=$1,
+ fullname=$2,
+ description=$3,
+ version=$4
+ WHERE trove_cat_id=$5",
+ array(htmlspecialchars($shortName), htmlspecialchars($fullName), htmlspecialchars($description), date('Ymd',time())."01", $this->categoryId));
);
if(!$result || db_affected_rows($result) != 1) {
$this->setError(_('ERROR'), _('Cannot update'));
function & getLabels() {
if(!isset($this->labels)) {
$this->labels = array();
- $sql = 'SELECT trove_category_labels.*, supported_languages.name AS language_name FROM trove_category_labels, supported_languages WHERE category_id='.$this->categoryId.' AND supported_languages.language_id=trove_category_labels.language_id';
- $res = db_query($sql);
+ $res = db_query_params("SELECT trove_category_labels.*, supported_languages.name AS language_name FROM trove_category_labels, supported_languages
+ WHERE category_id=$1 AND supported_languages.language_id=trove_category_labels.language_id",
+ array($this->cathergoryId));
if (!$res) {
return $this->labels;
if(!isset($this->children)) {
$this->children = array();
- $result = db_query("
+ $result = db_query_params("
SELECT trove_cat.*,
trove_treesums.subprojects AS subprojects
FROM trove_cat LEFT JOIN trove_treesums USING (trove_cat_id)
trove_treesums.limit_1=0
OR trove_treesums.limit_1 IS NULL
)
- AND trove_cat.parent='".$this->categoryId."'
- ORDER BY fullname
- ", -1, 0, SYS_DB_TROVE);
+ AND trove_cat.parent=$1
+ ORDER BY fullname",
+ array($this->categoryId), -1, 0, SYS_DB_TROVE);
if(!$result) {
$this->setError();
* @return array The array of TroveCategory objects.
*/
function & getRootCategories() {
- $result = db_query('
+ $result = db_query_params("
SELECT *
FROM trove_cat
WHERE parent = 0
AND trove_cat_id != 0
ORDER BY fullname
- ');
+ ", array());
if(!$result) {
$this->setError();
}
function & getCategories($ids) {
- $result = db_query('
+ $result = db_query_params("
SELECT *
FROM trove_cat
- WHERE trove_cat_id IN('.implode(',', $ids).')
+ WHERE trove_cat_id = ANY ($1)
ORDER BY fullname
- ');
+ ", array(db_int_array_to_any_clause($ids)));
if(!$result) {
$this->setError();
return false;
return false;
}
- $sql = 'INSERT INTO trove_category_labels '
- . '(category_id, label, language_id) VALUES ('
- . $this->category->getId(). ', '
- . "'".$label."',"
- . "'".$languageId."')";
-
db_begin();
- $result = db_query($sql);
+ $result = db_query_params("INSERT INTO trove_category_labels
+ (category_id, label, language_id) VALUES ($1, $2, $3)",
+ array($this->category->getId(), $label, $languageId));
echo db_error();
if (!$result) {
db_rollback();
}
function fetchData($labelId) {
- $res=db_query("SELECT trove_category_labels.*, supported_languages.name AS language_name FROM trove_category_labels, supported_languages "
- . "WHERE trove_category_labels.label_id='".$labelId."' "
- . "AND trove_category_labels.category_id='". $this->category->getId() ."' "
- . "AND supported_languages.language_id=trove_category_labels.language_id"
- );
+ $res=db_query_params("SELECT trove_category_labels.*, supported_languages.name AS language_name FROM trove_category_labels, supported_languages "
+ . "WHERE trove_category_labels.label_id=$1 "
+ . "AND trove_category_labels.category_id=$2 "
+ . "AND supported_languages.language_id=trove_category_labels.language_id",
+ array($labelId, $this->category->getId()));
if (!$res || db_numrows($res) < 1) {
return false;
function remove() {
db_begin();
- $res = db_query('DELETE FROM trove_category_labels WHERE label_id='.$this->labelId);
+ $res = db_query_params("DELETE FROM trove_category_labels WHERE label_id=$1", array($this->labelId));
if(!res || db_affected_rows($res) != 1) {
// $this->setError();
db_rollback();
}
-?>
\ No newline at end of file
+?>
$newroot = trove_getrootcat($GLOBALS['form_parent']);
if ($GLOBALS[form_shortname]) {
- $res = db_query("
+ $res = db_query_params("
INSERT INTO trove_cat
(shortname,fullname,description,parent,version,root_parent)
- VALUES (
- '".htmlspecialchars($form_shortname)."',
- '".htmlspecialchars($form_fullname)."',
- '".htmlspecialchars($form_description)."',
- '$form_parent',
- '".date("Ymd",time())."01',
- '$newroot'
- )
- ");
+ VALUES ($1, $2, $3, $4, $5, $6)",
+ array(htmlspecialchars($form_shortname),
+ htmlspecialchars($form_fullname),
+ htmlspecialchars($form_description),
+ $form_parent,
+ date("Ymd",time())."01",
+ $newroot)
+ );
if (!$res || db_affected_rows($res)<1) {
exit_error(
*/
function trove_genfullpaths($mynode,$myfullpath,$myfullpathids) {
// first generate own path
- $res_update = db_query('UPDATE trove_cat SET fullpath=\''
- .$myfullpath.'\',fullpath_ids=\''
- .$myfullpathids.'\' WHERE trove_cat_id='.$mynode);
+ $res_update = db_query_params("UPDATE trove_cat SET fullpath=$1,
+ fullpath_ids=$2
+ WHERE trove_cat_id=$3", array($myfullpath, $myfullpathids, $mynode));
// now generate paths for all children by recursive call
if($mynode!=0)
{
- $res_child = db_query("
+ $res_child = db_query_params("
SELECT trove_cat_id,fullname
FROM trove_cat
- WHERE parent='$mynode'
- AND trove_cat_id!=0;
- ", -1, 0, SYS_DB_TROVE);
+ WHERE parent=$1
+ AND trove_cat_id!=0;", array($mynode), -1, 0, SYS_DB_TROVE);
while ($row_child = db_fetch_array($res_child)) {
trove_genfullpaths($row_child['trove_cat_id'],
*/
function trove_updaterootparent($mynode,$rootnode) {
// first generate own path
- if($mynode!=$rootnode) $res_update = db_query('UPDATE trove_cat SET root_parent=' .$rootnode. ' WHERE trove_cat_id='.$mynode);
- else $res_update = db_query('UPDATE trove_cat SET root_parent=0 WHERE trove_cat_id='.$mynode);
+ if($mynode!=$rootnode) $res_update = db_query_params("UPDATE trove_cat SET root_parent=$1 WHERE trove_cat_id=$2", array($rootnode, $mynode));
+ else $res_update = db_query_params("UPDATE trove_cat SET root_parent=0 WHERE trove_cat_id=$1", array($mynode));
// now generate paths for all children by recursive call
if($mynode!=0)
{
- $res_child = db_query("
+ $res_child = db_query_params("
SELECT trove_cat_id
FROM trove_cat
- WHERE parent='$mynode'
- AND trove_cat_id!=0;
- ", -1, 0, SYS_DB_TROVE);
+ WHERE parent=$1
+ AND trove_cat_id!=0;", array($mynode), -1, 0, SYS_DB_TROVE);
while ($row_child = db_fetch_array($res_child)) {
trove_updaterootparent($row_child['trove_cat_id'],$rootnode);
if ((!$group_id) || (!$trove_cat_id)) return 1;
// verify trove category exists
- $res_verifycat = db_query("
+ $res_verifycat = db_query_params("
SELECT trove_cat_id,fullpath_ids
FROM trove_cat
- WHERE trove_cat_id='$trove_cat_id'
- ", -1, 0, SYS_DB_TROVE);
+ WHERE trove_cat_id=$1", array($trove_cat_id), -1, 0, SYS_DB_TROVE);
if (db_numrows($res_verifycat) != 1) return 1;
$row_verifycat = db_fetch_array($res_verifycat);
}
// must first make sure that this is not a subnode of anything current
- $res_topnodes = db_query("
+ $res_topnodes = db_query_params("
SELECT trove_cat.trove_cat_id AS trove_cat_id,
trove_cat.fullpath_ids AS fullpath_ids
FROM trove_cat,trove_group_link
WHERE trove_cat.trove_cat_id=trove_group_link.trove_cat_id
- AND trove_group_link.group_id='$group_id'
- AND trove_cat.root_parent='$rootnode'");
+ AND trove_group_link.group_id=$1
+ AND trove_cat.root_parent=$2", array($group_id, $rootnode));
while($row_topnodes = db_fetch_array($res_topnodes)) {
$pathids = explode(' :: ',$row_topnodes['fullpath_ids']);
for ($i=0;$i<count($subnodeids);$i++) {
if ($subnodeids[$i] == $row_checksubs['trove_cat_id']) {
// then delete subnode
- db_query('DELETE FROM trove_group_link WHERE '
- .'group_id='.$group_id.' AND trove_cat_id='
- .$subnodeids[$i]);
+ db_query_params("DELETE FROM trove_group_link WHERE
+ group_id=$1 AND trove_cat_id=$2",
+ array($group_id, $subnodeids[$i]));
}
}
}
// if we got this far, must be ok
- db_query('INSERT INTO trove_group_link (trove_cat_id,trove_cat_version,'
- .'group_id,trove_cat_root) VALUES ('.$trove_cat_id.','
- .time().','.$group_id.','.$rootnode.')');
+ db_query_params("INSERT INTO trove_group_link (trove_cat_id,trove_cat_version,
+ group_id,trove_cat_root) VALUES ($1, $2, $3, $4)",
+ array($trove_cat_id, time(), $group_id, $rootnode));
return 0;
}