*/
function admin_table_confirmdelete($table, $unit, $primary_key, $id) {
if ($unit == "processor") {
- $result = db_numrows(db_query("SELECT processor_id FROM frs_file WHERE processor_id = $id"));
+ $result = db_numrows(db_query_params ('SELECT processor_id FROM frs_file WHERE processor_id = $1',
+ array($id)));
if ($result > 0) {
- echo '<p>'.sprintf(_('You can\'t delete the processor %1$s since it\'s currently referenced in a file release.'), db_result(db_query("select name from frs_processor where processor_id = $id"), 0, 0)).'</p>';
+ echo '<p>'.sprintf(_('You can\'t delete the processor %1$s since it\'s currently referenced in a file release.'), db_result(db_query_params ('select name from frs_processor where processor_id = $1',
+ array($id)), 0, 0)).'</p>';
return;
}
}
if ($unit == "license") {
- $result = db_numrows(db_query("SELECT license FROM groups WHERE license = $id"));
+ $result = db_numrows(db_query_params ('SELECT license FROM groups WHERE license = $1',
+ array($id)));
if ($result > 0) {
- echo '<p>'.sprintf(_('You can\'t delete the license %1$s since it\'s currently referenced in a project.'), db_result(db_query("select license_name from licenses where license_id = $id"), 0, 0)).'</p>';
+ echo '<p>'.sprintf(_('You can\'t delete the license %1$s since it\'s currently referenced in a project.'), db_result(db_query_params ('select license_name from licenses where license_id = $1',
+ array($id)), 0, 0)).'</p>';
return;
}
}
if ($unit == "supported_language") {
$result = db_numrows(db_query('SELECT language FROM users WHERE language='.$id));
if ($result > 0) {
- echo '<p>'.sprintf(_('You can\'t delete the language %1$s since it\'s currently referenced in a user profile.'), db_result(db_query("select license_name from licenses where license_id = $id"), 0, 0)).'</p>';
+ echo '<p>'.sprintf(_('You can\'t delete the language %1$s since it\'s currently referenced in a user profile.'), db_result(db_query_params ('select license_name from licenses where license_id = $1',
+ array($id)), 0, 0)).'</p>';
return;
}
}
}
- $res = db_query("
+ $res = db_query_params ('
INSERT INTO prdb_dbs(group_id, dbname, dbusername, dbuserpass, requestdate, dbtype, created_by, state)
- VALUES ($group_id,'$dbname','$dbname','xxx',".time().",1,".$user->getID().",1)
- ");
+ VALUES ($group_id,$1,$2,$3,$4,1,$5,1)
+ ',
+ array($dbname,
+ $dbname,
+ 'xxx',
+ time(),
+ $user->getID()));
if (!$res || db_affected_rows($res) < 1) {
$feedback .= _('Error Adding Database') .db_error();
if ($displaydb) {
- $res_db = db_query("
+ $res_db = db_query_params ('
SELECT statename
FROM prdb_states
- WHERE stateid=".$dbstate."
- ");
+ WHERE stateid=$1
+ ',
+ array($dbstate));
$row_db = db_fetch_array($res_db);
print '<hr /><h3>' ._('Displaying Databases of Type:') .$row_db['statename'].' </h3><ul>';
- $res_db = db_query("
+ $res_db = db_query_params ('
SELECT *
FROM prdb_dbs
- WHERE state=".$dbstate."
+ WHERE state=$1
ORDER BY dbname
- ");
+ ',
+ array($dbstate));
while ($row_db = db_fetch_array($res_db)) {
print '<li>'.util_make_link ('/project/admin/database.php?group_id='.$row_db['group_id'],$row_db['dbname']).'</li>';
);
}
- $res = db_query("
+ $res = db_query_params ('
INSERT INTO massmail_queue(type,subject,message,queued_date)
- VALUES ('$mail_type','$mail_subject','$mail_message',".time().")
- ");
+ VALUES ($1,$2,$3,$4)
+ ',
+ array($mail_type,
+ $mail_subject,
+ $mail_message,
+ time()));
if (!$res || db_affected_rows($res)<1) {
form_release_key(getStringFromRequest('form_key'));
if ((getStringFromRequest('action')=='deactivate')) {
if (getStringFromRequest('delusers')) {
- $sql = "DELETE FROM user_plugin WHERE plugin_id = (SELECT plugin_id FROM plugins WHERE plugin_name = '$pluginname')";
- $res = db_query($sql);
+
+ $res = db_query_params ('DELETE FROM user_plugin WHERE plugin_id = (SELECT plugin_id FROM plugins WHERE plugin_name = $1)',
+ array($pluginname));
if (!$res) {
exit_error("SQL ERROR",db_error());
} else {
}
}
if (getStringFromRequest('delgroups')) {
- $sql = "DELETE FROM group_plugin WHERE plugin_id = (SELECT plugin_id FROM plugins WHERE plugin_name = '$pluginname')";
- $res = db_query($sql);
+
+ $res = db_query_params ('DELETE FROM group_plugin WHERE plugin_id = (SELECT plugin_id FROM plugins WHERE plugin_name = $1)',
+ array($pluginname));
if (!$res) {
exit_error("SQL ERROR",db_error());
} else {
$msg = _('Active');
$status="active";
$link = "<a href=\"javascript:change('" . getStringFromServer('PHP_SELF') . "?update=$filename&action=deactivate";
- $sql = "SELECT u.user_name FROM plugins p, user_plugin up, users u WHERE p.plugin_name = '$filename' and up.user_id = u.user_id and p.plugin_id = up.plugin_id";
- $res = db_query($sql);
+
+ $res = db_query_params ('SELECT u.user_name FROM plugins p, user_plugin up, users u WHERE p.plugin_name = $1 and up.user_id = u.user_id and p.plugin_id = up.plugin_id',
+ array($filename));
if ($res) {
if (db_numrows($res)>0) {
// tell the form to delete the users, so that we don't re-do the query
$users = "none";
}
}
- $sql = "SELECT g.group_name FROM plugins p, group_plugin gp, groups g WHERE plugin_name = '$filename' and gp.group_id = g.group_id and p.plugin_id = gp.plugin_id";
- $res = db_query($sql);
+
+ $res = db_query_params ('SELECT g.group_name FROM plugins p, group_plugin gp, groups g WHERE plugin_name = $1 and gp.group_id = g.group_id and p.plugin_id = gp.plugin_id',
+ array($filename));
if ($res) {
if (db_numrows($res)>0) {
// tell the form to delete the groups, so that we don't re-do the query
$newroot = trove_getrootcat($form_parent);
if ($form_shortname) {
- $res = db_query("
+ $res = db_query_params ('
INSERT INTO trove_cat
(shortname,fullname,description,parent,version,root_parent)
VALUES (
- '".htmlspecialchars($form_shortname)."',
- '".htmlspecialchars($form_fullname)."',
- '".htmlspecialchars($form_description)."',
- '$form_parent',
- '".date("Ymd",time())."01',
- '$newroot'
+ $1,
+ $2,
+ $3,
+ $4,
+ $5,
+ $6
)
- ");
+ ',
+ array(htmlspecialchars($form_shortname),
+ htmlspecialchars($form_fullname),
+ htmlspecialchars($form_description),
+ $form_parent,
+ date("Ymd",time()).'01',
+ $newroot));
if (!$res || db_affected_rows($res)<1) {
form_release_key(getStringFromRequest("form_key"));
db_error()
);
} else {
- $res = db_query("
+ $res = db_query_params ('
UPDATE trove_cat
- SET shortname='".htmlspecialchars($form_shortname)."',
- fullname='".htmlspecialchars($form_fullname)."',
- description='".htmlspecialchars($form_description)."',
- parent='$form_parent',
- version='".date("Ymd",time())."01',
- root_parent='$newroot'
- WHERE trove_cat_id='$form_trove_cat_id'
- ");
+ SET shortname=$1,
+ fullname=$2,
+ description=$3,
+ parent=$4,
+ version=$5,
+ root_parent=$6
+ WHERE trove_cat_id=$7
+ ',
+ array(htmlspecialchars($form_shortname),
+ htmlspecialchars($form_fullname),
+ htmlspecialchars($form_description),
+ $form_parent,
+ date("Ymd",time()).'01',
+ $newroot,
+ $form_trove_cat_id));
}
if (!$res || db_affected_rows($res)<1) {
<?php
// generate list of possible parents (a category can't be a parent of itself)
-$res_parent = db_query("SELECT shortname,fullname,trove_cat_id FROM trove_cat WHERE trove_cat_id <> ".$trove_cat_id);
+$res_parent = db_query_params ('SELECT shortname,fullname,trove_cat_id FROM trove_cat WHERE trove_cat_id <> $1',
+ array($trove_cat_id));
// Place the root node at the start of the list
print('<option value="0"');
print "<strong>" . group_getname($group_id) . "</strong></p>";
- $result = db_query("SELECT users.user_id AS user_id,users.user_name AS user_name,users.status AS status, users.add_date AS add_date "
- . "FROM users,user_group "
- . "WHERE users.user_id=user_group.user_id AND "
- . "user_group.group_id='$group_id' ORDER BY users.user_name");
+ $result = db_query_params ('SELECT users.user_id AS user_id,users.user_name AS user_name,users.status AS status, users.add_date AS add_date
+FROM users,user_group
+WHERE users.user_id=user_group.user_id AND
+user_group.group_id=$1 ORDER BY users.user_name',
+ array($group_id));
show_users_list ($result);
/*