chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r17967] Minor - mysql to Database:: calls, some cleaning

Browse Source
skala
Julio Montoya 16 years ago
parent f3b21022c3
commit 0589a0ac18
2 changed files with 23 additions and 22 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      main/reservation/m_reservation.php
  2. 37
      main/reservation/rsys.php

2
main/reservation/m_reservation.php
Unescape View File

@ -344,7 +344,7 @@ switch ($_GET['action']) {
Display :: display_normal_message(get_lang('BookingPeriodTimePickerLimitation'),false);
break;
case 5:
Display :: display_normal_meGotossage(get_lang('BookingPeriodTimePickerError1'),false);
Display :: display_normal_message(get_lang('BookingPeriodTimePickerError1'),false);
break;
case 6:
Display :: display_normal_message(get_lang('BookingPeriodTimePickerError2'),false);

37
main/reservation/rsys.php
Unescape View File

@ -179,7 +179,7 @@ class Rsys {
* @return - boolean True or False
*/
function check_category($name, $id=0) {
$sql = "SELECT name FROM ".Rsys :: getTable("category")." WHERE LCASE(name)='".strtolower($name)."' AND id<>'".$id."'";
$sql = "SELECT name FROM ".Rsys :: getTable("category")." WHERE LCASE(name)='".strtolower($name)."' AND id<>".Database::escape_string($id)."";
$Result = api_sql_query($sql, __FILE__, __LINE__);
return (Database::num_rows($Result) == 0);
}
@ -192,7 +192,7 @@ class Rsys {
*/
function edit_category($id, $name) {
if (Rsys :: check_category($name, $id)) {
$sql = "UPDATE ".Rsys :: getTable("category")." SET name = '".Database::escape_string($name)."' WHERE id ='".$id."'";
$sql = "UPDATE ".Rsys :: getTable("category")." SET name = '".Database::escape_string($name)."' WHERE id =".Database::escape_string($id)."";
api_sql_query($sql, __FILE__, __LINE__);
return $id;
}
@ -205,10 +205,10 @@ class Rsys {
* @param - int $id The id
*/
function delete_category($id) {
$sql = "SELECT id FROM ".Rsys :: getTable("item")." WHERE category_id='".$id."'";
$sql = "SELECT id FROM ".Rsys :: getTable("item")." WHERE category_id=".Database::escape_string($id)."";
$result = api_sql_query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) == 0) {
$sql2 = "DELETE FROM ".Rsys :: getTable("category")." WHERE id ='".$id."'";
$sql2 = "DELETE FROM ".Rsys :: getTable("category")." WHERE id =".Database::escape_string($id)."";
api_sql_query($sql2, __FILE__, __LINE__);
return 0;
} else {
@ -227,7 +227,7 @@ class Rsys {
function get_category($id = null, $orderby = "name ASC") {
$sql = "SELECT * FROM ".Rsys :: getTable("category");
if (!empty ($id))
$sql .= " WHERE id = '".$id."'";
$sql .= " WHERE id = ".Database::escape_string($id)."";
else
$sql .= " ORDER BY ".$orderby;
$arr = api_store_result(api_sql_query($sql, __FILE__, __LINE__));
@ -287,7 +287,7 @@ class Rsys {
$sql = "SELECT id AS col0, name as col1, id AS col2 FROM ".Rsys :: getTable("category");
if (isset ($_GET['keyword'])) {
$keyword = Database::escape_string($_GET['keyword']);
$sql .= " WHERE name LIKE '%".$keyword."%' OR id LIKE '%".$keyword."%'";
$sql .= " WHERE name LIKE '%".Database::escape_string($keyword)."%' OR id LIKE '%".Database::escape_string($keyword)."%'";
}
$sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
$result = api_sql_query($sql, __FILE__, __LINE__);
@ -305,7 +305,7 @@ class Rsys {
$sql = "SELECT COUNT(id) FROM ".Rsys :: getTable("category");
if (isset ($_GET['keyword'])) {
$keyword = Database::escape_string($_GET['keyword']);
$sql .= " WHERE name LIKE '%".$keyword."%' OR id LIKE '%".$keyword."%'";
$sql .= " WHERE name LIKE '%".Database::escape_string($keyword)."%' OR id LIKE '%".Database::escape_string($keyword)."%'";
}
return @ Database::result(api_sql_query($sql, __FILE__, __LINE__), 0, 0);
}
@ -327,9 +327,9 @@ class Rsys {
*/
function check_item($item, $category, $id=0) {
$sql = "SELECT name FROM ".Rsys :: getTable("item")."
WHERE LCASE(name)='".strtolower($item)."'
AND category_id='".$category."'
AND id<>'".$id."'";
WHERE LCASE(name)='".strtolower(Database::escape_string($item))."'
AND category_id=".Database::escape_string($category)."
AND id<>".Database::escape_string($id)."";
$Result = api_sql_query($sql, __FILE__, __LINE__);
return (Database::num_rows($Result) == 0);
}
@ -366,7 +366,8 @@ class Rsys {
return false;
if (!Rsys :: check_item($name, $category, $id))
return false;
$sql = "UPDATE ".Rsys :: getTable("item")." SET category_id='".Database::escape_string($category)."',course_code='".Database::escape_string($course)."',name='".Database::escape_string($name)."',description='".Database::escape_string($description)."' WHERE id ='".$id."'";
$sql = "UPDATE ".Rsys :: getTable("item")." SET category_id='".Database::escape_string($category)."',course_code='".Database::escape_string($course)."',name='".Database::escape_string($name)."',description='".Database::escape_string($description)."' " .
"WHERE id =".Database::escape_string($id)."";
api_sql_query($sql, __FILE__, __LINE__);
return $id;
}
@ -379,18 +380,18 @@ class Rsys {
function delete_item($id) {
if (!Rsys :: item_allow($id, 'delete'))
return false;
$sql = "SELECT id,end_at FROM".Rsys :: getTable('reservation')." WHERE item_id='".$id."'";
$sql = "SELECT id,end_at FROM".Rsys :: getTable('reservation')." WHERE item_id=".Database::escape_string($id)."";
$result = api_sql_query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result)) {
if (Rsys :: mysql_datetime_to_timestamp(date('Y-m-d H:i:s')) <= Rsys :: mysql_datetime_to_timestamp($array[1]))
$checked = true;
}
if (!$checked) {
$sql = "DELETE FROM ".Rsys :: getTable("item")." WHERE id ='".$id."'";
$sql = "DELETE FROM ".Rsys :: getTable("item")." WHERE id =".Database::escape_string($id)."";
api_sql_query($sql, __FILE__, __LINE__);
$sql = "DELETE FROM ".Rsys :: getTable("item_rights")." WHERE item_id ='".$id."'";
$sql = "DELETE FROM ".Rsys :: getTable("item_rights")." WHERE item_id =".Database::escape_string($id)."";
api_sql_query($sql, __FILE__, __LINE__);
$sql = "DELETE FROM ".Rsys :: getTable("reservation")." WHERE item_id ='".$id."'";
$sql = "DELETE FROM ".Rsys :: getTable("reservation")." WHERE item_id =".Database::escape_string($id)."";
api_sql_query($sql, __FILE__, __LINE__);
return '0';
} else {
@ -456,7 +457,7 @@ class Rsys {
*/
function is_blackout($itemid) {
$sql = "SELECT id FROM ".Rsys :: getTable("item");
$sql .= " WHERE id = '".$itemid."' AND blackout=1";
$sql .= " WHERE id = ".Database::escape_string($itemid)." AND blackout=1";
return Database::num_rows(api_sql_query($sql, __FILE__, __LINE__)) == 1;
}
@ -468,7 +469,7 @@ class Rsys {
* @return - Array The returned rows
*/
function get_category_items($id, $orderby = "name ASC") {
$sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE category_id = '".$id."' ORDER BY ".$orderby;
$sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE category_id = ".Database::escape_string($id)." ORDER BY ".$orderby;
$arr = api_store_result(api_sql_query($sql, __FILE__, __LINE__));
return $arr;
}
@ -481,7 +482,7 @@ class Rsys {
* @return - Array The returned rows
*/
function get_course_items($id, $orderby = "name ASC") {
$sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE course_id = '".$id."' ORDER BY ".$orderby;
$sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE course_id = ".Database::escape_string($id)." ORDER BY ".$orderby;
$arr = api_store_result(api_sql_query($sql, __FILE__, __LINE__));
return $arr;
}

Write Preview
Loading…
Cancel
Save