chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #306 - Replacing the function api_sql_query() with Database::query(), starting from "link" folder and ending with "work" folder.

Browse Source
skala
Ivan Tcholakov 16 years ago
parent e1f30c1001
commit 1fa21303bd
85 changed files with 1032 additions and 1032 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      main/link/link.php
  2. 66
      main/link/linkfunctions.php
  3. 38
      main/messages/message.class.php
  4. 2
      main/messages/new_message.php
  5. 6
      main/metadata/importlinks.php
  6. 2
      main/metadata/importmanifest.php
  7. 2
      main/metadata/index.php
  8. 4
      main/metadata/md_document.php
  9. 4
      main/metadata/md_funcs.php
  10. 6
      main/metadata/md_link.php
  11. 4
      main/metadata/md_mix.php
  12. 20
      main/metadata/md_phpdig.php
  13. 2
      main/metadata/md_scorm.php
  14. 22
      main/newscorm/aicc.class.php
  15. 2
      main/newscorm/audiorecorder.inc.php
  16. 12
      main/newscorm/document.php
  17. 316
      main/newscorm/learnpath.class.php
  18. 66
      main/newscorm/learnpathItem.class.php
  19. 4
      main/newscorm/learnpathList.class.php
  20. 124
      main/newscorm/learnpath_functions.inc.php
  21. 2
      main/newscorm/lp_add.php
  22. 2
      main/newscorm/lp_add_item.php
  23. 6
      main/newscorm/lp_admin_view.php
  24. 4
      main/newscorm/lp_ajax_save_item.php
  25. 4
      main/newscorm/lp_build.php
  26. 4
      main/newscorm/lp_comm.server.php
  27. 2
      main/newscorm/lp_controller.php
  28. 4
      main/newscorm/lp_edit_item.php
  29. 2
      main/newscorm/lp_edit_item_prereq.php
  30. 2
      main/newscorm/lp_header.php
  31. 2
      main/newscorm/lp_move_item.php
  32. 24
      main/newscorm/lp_stats.php
  33. 14
      main/newscorm/lp_view.php
  34. 2
      main/newscorm/lp_view_item.php
  35. 2
      main/newscorm/openoffice_presentation.class.php
  36. 2
      main/newscorm/openoffice_text.class.php
  37. 2
      main/newscorm/openoffice_text_document.class.php
  38. 168
      main/newscorm/resourcelinker.inc.php
  39. 62
      main/newscorm/resourcelinker.php
  40. 28
      main/newscorm/scorm.class.php
  41. 6
      main/newscorm/scorm.lib.php
  42. 28
      main/newscorm/scorm_admin.php
  43. 4
      main/notebook/index.php
  44. 2
      main/online/online_chat.php
  45. 6
      main/online/online_hidden1.php
  46. 2
      main/online/online_hidden2.php
  47. 2
      main/online/online_htmlarea.php
  48. 10
      main/online/online_links.php
  49. 4
      main/online/online_master.php
  50. 2
      main/online/online_message.php
  51. 2
      main/online/online_streaming.php
  52. 4
      main/online/online_whoisonline.php
  53. 2
      main/online/online_working_area.php
  54. 2
      main/permissions/blog_permissions.inc.php
  55. 24
      main/permissions/permissions_functions.inc.php
  56. 8
      main/permissions/roles.php
  57. 192
      main/reservation/rsys.php
  58. 2
      main/reservation/subscribe.php
  59. 120
      main/resourcelinker/resourcelinker.inc.php
  60. 48
      main/resourcelinker/resourcelinker.php
  61. 4
      main/search/search_suggestions.php
  62. 2
      main/social/profile.php
  63. 38
      main/survey/fillsurvey.php
  64. 6
      main/survey/preview.php
  65. 2
      main/survey/question.php
  66. 6
      main/survey/survey.download.inc.php
  67. 192
      main/survey/survey.lib.php
  68. 14
      main/survey/survey.php
  69. 2
      main/survey/survey_invitation.php
  70. 2
      main/survey/survey_invite.php
  71. 14
      main/tracking/courseLog.php
  72. 8
      main/tracking/courseLogCSV.php
  73. 2
      main/tracking/logins_details.php
  74. 10
      main/tracking/userLog.php
  75. 10
      main/tracking/userlogCSV.php
  76. 2
      main/upload/upload.document.php
  77. 4
      main/user/class.php
  78. 8
      main/user/subscribe_class.php
  79. 4
      main/user/subscribe_user.php
  80. 38
      main/user/userInfoLib.php
  81. 6
      main/user/user_add.php
  82. 2
      main/work/download.php
  83. 8
      main/work/downloadfolder.inc.php
  84. 68
      main/work/work.lib.php
  85. 94
      main/work/work.php

8
main/link/link.php
Unescape View File

@ -268,7 +268,7 @@ if(api_get_setting('search_enabled')=='true') {
$sqlcategories="SELECT * FROM ".$tbl_categories." ORDER BY display_order DESC";
$resultcategories = api_sql_query($sqlcategories,__FILE__,__LINE__);
$resultcategories = Database::query($sqlcategories,__FILE__,__LINE__);
if (Database::num_rows($resultcategories)) {
echo ' <div class="row">
@ -447,7 +447,7 @@ if (empty($_GET['action']) || ($_GET['action']!='editlink' && $_GET['action']!='
//making the show none / show all links. Show none means urlview=0000 (number of zeros depending on the
//number of categories). Show all means urlview=1111 (number of 1 depending on teh number of categories).
$sqlcategories="SELECT * FROM ".$tbl_categories." ORDER BY display_order DESC";
$resultcategories=api_sql_query($sqlcategories);
$resultcategories=Database::query($sqlcategories);
$aantalcategories = Database::num_rows($resultcategories);
if ($aantalcategories > 0) {
echo Display::return_icon('remove.gif', $shownone)." <a href=\"".api_get_self()."?".api_get_cidreq()."&urlview=";
@ -466,12 +466,12 @@ if (empty($_GET['action']) || ($_GET['action']!='editlink' && $_GET['action']!='
//Starting the table which contains the categories
$sqlcategories="SELECT * FROM ".$tbl_categories." ORDER BY display_order DESC";
$resultcategories=api_sql_query($sqlcategories);
$resultcategories=Database::query($sqlcategories);
echo '<table class="data_table">';
// displaying the links which have no category (thus category = 0 or NULL), if none present this will not be displayed
$sqlLinks = "SELECT * FROM ".$tbl_link." WHERE category_id=0 or category_id IS NULL";
$result = api_sql_query($sqlLinks);
$result = Database::query($sqlLinks);
$numberofzerocategory=Database::num_rows($result);
if ($numberofzerocategory!==0) {
echo "<tr><th style=\"font-weight: bold; text-align:left;padding-left: 10px;\"><i>".get_lang('General')."</i></th></tr>";

66
main/link/linkfunctions.php
Unescape View File

@ -104,7 +104,7 @@ function addlinkcategory($type)
}
// looking for the largest order number for this category
$result = api_sql_query("SELECT MAX(display_order) FROM ".$tbl_link." WHERE category_id='".Database::escape_string($_POST['selectcategory'])."'");
$result = Database::query("SELECT MAX(display_order) FROM ".$tbl_link." WHERE category_id='".Database::escape_string($_POST['selectcategory'])."'");
list ($orderMax) = Database::fetch_row($result);
@ -112,7 +112,7 @@ function addlinkcategory($type)
$sql = "INSERT INTO ".$tbl_link." (url, title, description, category_id,display_order,on_homepage,target) VALUES ('$urllink','$title','$description','$selectcategory','$order', '$onhomepage','$target')";
$catlinkstatus = get_lang('LinkAdded');
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$link_id = Database::insert_id();
@ -160,7 +160,7 @@ function addlinkcategory($type)
$table_link_category = Database::get_course_table(TABLE_LINK_CATEGORY);
$sql_cat = 'SELECT * FROM %s WHERE id=%d LIMIT 1';
$sql_cat = sprintf($sql_cat, $table_link_category, (int)$selectcategory);
$result = api_sql_query($sql_cat, __FILE__, __LINE__);
$result = Database::query($sql_cat, __FILE__, __LINE__);
if (Database::num_rows($result) == 1) {
$row = Database::fetch_array($result);
$ic_slide->addValue("category", $row['category_title']);
@ -180,7 +180,7 @@ function addlinkcategory($type)
$sql = 'INSERT INTO %s (id, course_code, tool_id, ref_id_high_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, $courseid, TOOL_LINK, $link_id, $did);
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
}
@ -203,14 +203,14 @@ function addlinkcategory($type)
$ok = false;
} else {
// looking for the largest order number for this category
$result = api_sql_query("SELECT MAX(display_order) FROM ".$tbl_categories."");
$result = Database::query("SELECT MAX(display_order) FROM ".$tbl_categories."");
list ($orderMax) = Database::fetch_row($result);
$order = $orderMax +1;
$sql = "INSERT INTO ".$tbl_categories." (category_title, description, display_order) VALUES ('".Security::remove_XSS($category_title)."','".Security::remove_XSS($description)."', '$order')";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$catlinkstatus = get_lang('CategoryAdded');
@ -270,11 +270,11 @@ function deletelinkcategory($type)
// first we delete the category itself and afterwards all the links of this category.
$sql = "DELETE FROM ".$tbl_categories." WHERE id='".Database::escape_string(Security::remove_XSS($_GET['id']))."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = "DELETE FROM ".$tbl_link." WHERE category_id='".Database::escape_string(Security::remove_XSS($_GET['id']))."'";
$catlinkstatus = get_lang('CategoryDeleted');
unset ($id);
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
Display::display_confirmation_message(get_lang('CategoryDeleted'));
}
@ -292,7 +292,7 @@ function delete_link_from_search_engine($course_id, $link_id) {
$tbl_se_ref = Database::get_main_table(TABLE_MAIN_SEARCH_ENGINE_REF);
$sql = 'SELECT * FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $link_id);
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($res) > 0) {
$row = Database::fetch_array($res);
require_once(api_get_path(LIBRARY_PATH) .'search/DokeosIndexer.class.php');
@ -301,7 +301,7 @@ function delete_link_from_search_engine($course_id, $link_id) {
}
$sql = 'DELETE FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $link_id);
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// remove terms from db
require_once(api_get_path(LIBRARY_PATH) .'specific_fields_manager.lib.php');
@ -343,7 +343,7 @@ function editlinkcategory($type)
{
// this is used to populate the link-form with the info found in the database
$sql = "SELECT * FROM ".$tbl_link." WHERE id='".$_GET['id']."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if ($myrow = Database::fetch_array($result))
{
$urllink = $myrow["url"];
@ -369,13 +369,13 @@ function editlinkcategory($type)
// finding the old category_id
$sql = "SELECT * FROM ".$tbl_link." WHERE id='".Database::escape_string(Security::remove_XSS($_POST['id']))."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result);
$category_id = $row['category_id'];
if ($category_id <> $_POST['selectcategory']) {
$sql = "SELECT MAX(display_order) FROM ".$tbl_link." WHERE category_id='".$_POST['selectcategory']."'";
$result = api_sql_query($sql);
$result = Database::query($sql);
list ($max_display_order) = Database::fetch_row($result);
$max_display_order ++;
} else {
@ -383,7 +383,7 @@ function editlinkcategory($type)
}
$sql = "UPDATE ".$tbl_link." set url='".Database::escape_string(Security::remove_XSS($_POST['urllink']))."', title='".Database::escape_string(Security::remove_XSS($_POST['title']))."', description='".Database::escape_string(Security::remove_XSS($_POST['description']))."', category_id='".Database::escape_string(Security::remove_XSS($_POST['selectcategory']))."', display_order='".$max_display_order."', on_homepage='".Database::escape_string(Security::remove_XSS($onhomepage))." ' $mytarget WHERE id='".Database::escape_string(Security::remove_XSS($_POST['id']))."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// update search enchine and its values table if enabled
if (api_get_setting('search_enabled')=='true') {
@ -398,7 +398,7 @@ function editlinkcategory($type)
$tbl_se_ref = Database::get_main_table(TABLE_MAIN_SEARCH_ENGINE_REF);
$sql = 'SELECT * FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $link_id);
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($res) > 0) {
require_once(api_get_path(LIBRARY_PATH) . 'search/DokeosIndexer.class.php');
@ -444,7 +444,7 @@ function editlinkcategory($type)
$table_link_category = Database::get_course_table(TABLE_LINK_CATEGORY);
$sql_cat = 'SELECT * FROM %s WHERE id=%d LIMIT 1';
$sql_cat = sprintf($sql_cat, $table_link_category, (int)$selectcategory);
$result = api_sql_query($sql_cat, __FILE__, __LINE__);
$result = Database::query($sql_cat, __FILE__, __LINE__);
if (Database::num_rows($result) == 1) {
$row = Database::fetch_array($result);
$ic_slide->addValue("category", $row['category_title']);
@ -463,12 +463,12 @@ function editlinkcategory($type)
// save it to db
$sql = 'DELETE FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=\'%s\'';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $link_id);
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
//var_dump($sql);
$sql = 'INSERT INTO %s (id, course_code, tool_id, ref_id_high_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_LINK, $link_id, $did);
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
}
@ -486,7 +486,7 @@ function editlinkcategory($type)
if (!$submitCategory)
{
$sql = "SELECT * FROM ".$tbl_categories." WHERE id='".$_GET['id']."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if ($myrow = Database::fetch_array($result))
{
$category_title = $myrow["category_title"];
@ -497,7 +497,7 @@ function editlinkcategory($type)
if ($submitCategory)
{
$sql = "UPDATE ".$tbl_categories." set category_title='".Database::escape_string(Security::remove_XSS($_POST['category_title']))."', description='".Database::escape_string(Security::remove_XSS($_POST['description']))."' WHERE id='".Database::escape_string(Security::remove_XSS($_POST['id']))."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
Display::display_confirmation_message(get_lang('CategoryModded'));
}
@ -537,7 +537,7 @@ function change_visibility($id, $scope)
if ($scope == "link")
{
$sqlselect = "SELECT * FROM $TABLE_ITEM_PROPERTY WHERE tool='".TOOL_LINK."' and ref='".Database::escape_string($id)."'";
$result = api_sql_query($sqlselect);
$result = Database::query($sqlselect);
$row = Database::fetch_array($result);
api_item_property_update($_course, TOOL_LINK, $id, $_GET['action'], $_user['user_id']);
}
@ -557,7 +557,7 @@ function showlinksofcategory($catid)
$TABLE_ITEM_PROPERTY = Database :: get_course_table(TABLE_ITEM_PROPERTY);
$sqlLinks = "SELECT * FROM ".$tbl_link." link, ".$TABLE_ITEM_PROPERTY." itemproperties WHERE itemproperties.tool='".TOOL_LINK."' AND link.id=itemproperties.ref AND link.category_id='".$catid."' AND (itemproperties.visibility='0' OR itemproperties.visibility='1')ORDER BY link.display_order DESC";
$result = api_sql_query($sqlLinks);
$result = Database::query($sqlLinks);
$numberoflinks = Database::num_rows($result);
echo '<table class="data_table" width="100%">';
@ -690,7 +690,7 @@ function movecatlink($catlinkid)
if(!empty($thiscatlinkId))
{
$sql = "SELECT category_id from ".$movetable." WHERE id='$thiscatlinkId'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$catid = Database::fetch_array($result);
}
}
@ -708,7 +708,7 @@ function movecatlink($catlinkid)
{
$sqlcatlinks = "SELECT id, display_order FROM ".$movetable." WHERE category_id='".$catid[0]."' ORDER BY display_order $sortDirection";
}
$linkresult = api_sql_query($sqlcatlinks);
$linkresult = Database::query($sqlcatlinks);
while ($sortrow = Database::fetch_array($linkresult))
{
// STEP 2 : FOUND THE NEXT ANNOUNCEMENT ID AND ORDER, COMMIT SWAP
@ -719,11 +719,11 @@ function movecatlink($catlinkid)
$nextlinkId = $sortrow["id"];
$nextlinkOrdre = $sortrow["display_order"];
api_sql_query("UPDATE ".$movetable."
Database::query("UPDATE ".$movetable."
SET display_order = '$nextlinkOrdre'
WHERE id = '$thiscatlinkId'");
api_sql_query("UPDATE ".$movetable."
Database::query("UPDATE ".$movetable."
SET display_order = '$thislinkOrdre'
WHERE id = '$nextlinkId'");
@ -749,15 +749,15 @@ function get_cat($catname) // get category id (existing or make new)
{
$tbl_categories = Database :: get_course_table(TABLE_LINK_CATEGORY);
$result = api_sql_query("SELECT `id` FROM ".$tbl_categories." WHERE `category_title`='".addslashes($catname)."'", __FILE__, __LINE__);
$result = Database::query("SELECT `id` FROM ".$tbl_categories." WHERE `category_title`='".addslashes($catname)."'", __FILE__, __LINE__);
if (Database::num_rows($result) >= 1 && ($row = Database::fetch_array($result)))
return $row['id']; // several categories with same name: take first
$result = api_sql_query("SELECT MAX(display_order) FROM ".$tbl_categories."", __FILE__, __LINE__);
$result = Database::query("SELECT MAX(display_order) FROM ".$tbl_categories."", __FILE__, __LINE__);
list ($max_order) = Database::fetch_row($result);
api_sql_query("INSERT INTO ".$tbl_categories." (category_title, description, display_order) VALUES ('".addslashes($catname)."','','". ($max_order +1)."')", __FILE__, __LINE__);
Database::query("INSERT INTO ".$tbl_categories." (category_title, description, display_order) VALUES ('".addslashes($catname)."','','". ($max_order +1)."')", __FILE__, __LINE__);
return Database::insert_id();
}
@ -772,11 +772,11 @@ function put_link($url, $cat, $title, $description, $on_homepage, $hidden)
$urleq = "url='".addslashes($url)."'";
$cateq = "category_id=".$cat;
$result = api_sql_query("SELECT id FROM $tbl_link WHERE ".$urleq.' AND '.$cateq, __FILE__, __LINE__);
$result = Database::query("SELECT id FROM $tbl_link WHERE ".$urleq.' AND '.$cateq, __FILE__, __LINE__);
if (Database::num_rows($result) >= 1 && ($row = Database::fetch_array($result)))
{
api_sql_query("UPDATE $tbl_link set title='".addslashes($title)."', description='".addslashes($description)."' WHERE id='".addslashes($id = $row['id'])."'", __FILE__, __LINE__);
Database::query("UPDATE $tbl_link set title='".addslashes($title)."', description='".addslashes($description)."' WHERE id='".addslashes($id = $row['id'])."'", __FILE__, __LINE__);
$lang_link = get_lang('update_link');
$ipu = "LinkUpdated";
@ -784,10 +784,10 @@ function put_link($url, $cat, $title, $description, $on_homepage, $hidden)
}
else // add new link
{
$result = api_sql_query("SELECT MAX(display_order) FROM $tbl_link WHERE category_id='".addslashes($cat)."'", __FILE__, __LINE__);
$result = Database::query("SELECT MAX(display_order) FROM $tbl_link WHERE category_id='".addslashes($cat)."'", __FILE__, __LINE__);
list ($max_order) = mysql_fetch_row($result);
api_sql_query("INSERT INTO $tbl_link (url, title, description, category_id, display_order, on_homepage) VALUES ('".addslashes($url)."','".addslashes($title)."','".addslashes($description)."','".addslashes($cat)."','". ($max_order +1)."','".$on_homepage."')", __FILE__, __LINE__);
Database::query("INSERT INTO $tbl_link (url, title, description, category_id, display_order, on_homepage) VALUES ('".addslashes($url)."','".addslashes($title)."','".addslashes($description)."','".addslashes($cat)."','". ($max_order +1)."','".$on_homepage."')", __FILE__, __LINE__);
$id = Database::insert_id();
$lang_link = get_lang('new_link');

38
main/messages/message.class.php
Unescape View File

@ -84,7 +84,7 @@ class MessageManager
}
$i=0;
$query = "SELECT * FROM $table_message WHERE user_receiver_id=".api_get_user_id()." AND msg_status=1";
$result = api_sql_query($query,__FILE__,__LINE__);
$result = Database::query($query,__FILE__,__LINE__);
$i = Database::num_rows($result);
return $i;
}
@ -108,7 +108,7 @@ class MessageManager
public static function get_number_of_messages () {
$table_message = Database::get_main_table(TABLE_MESSAGE);
$sql_query = "SELECT COUNT(*) as number_messages FROM $table_message WHERE msg_status IN (0,1) AND user_receiver_id=".api_get_user_id();
$sql_result = api_sql_query($sql_query,__FILE__,__LINE__);
$sql_result = Database::query($sql_query,__FILE__,__LINE__);
$result = Database::fetch_array($sql_result);
return $result['number_messages'];
}
@ -132,7 +132,7 @@ class MessageManager
$sql_query = "SELECT id as col0, user_sender_id as col1, title as col2, send_date as col3, msg_status as col4 FROM $table_message " .
"WHERE user_receiver_id=".api_get_user_id()." AND msg_status IN (0,1)" .
"ORDER BY send_date desc, col$column $direction LIMIT $from,$number_of_items";
$sql_result = api_sql_query($sql_query,__FILE__,__LINE__);
$sql_result = Database::query($sql_query,__FILE__,__LINE__);
$i = 0;
$message_list = array ();
while ($result = Database::fetch_row($sql_result)) {
@ -181,7 +181,7 @@ class MessageManager
$content = api_convert_encoding($content,$charset,'UTF-8');
//message in inbox
$sql = "SELECT COUNT(*) as count FROM $table_message WHERE user_sender_id = ".api_get_user_id()." AND user_receiver_id='".Database::escape_string($receiver_user_id)."' AND title = '".Database::escape_string($title)."' AND content ='".Database::escape_string($content)."' ";
$res_exist = api_sql_query($sql,__FILE__,__LINE__);
$res_exist = Database::query($sql,__FILE__,__LINE__);
$row_exist = Database::fetch_array($res_exist,'ASSOC');
if ($row_exist['count'] ==0) {
$query = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content ) ".
@ -193,8 +193,8 @@ class MessageManager
" VALUES (".
"'".api_get_user_id()."', '".Database::escape_string($receiver_user_id)."', '4', '".date('Y-m-d H:i:s')."','".Database::escape_string($title)."','".Database::escape_string($content)."'".
")";
$rs = api_sql_query($sql,__FILE__,__LINE__);
$result = api_sql_query($query,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($query,__FILE__,__LINE__);
return $result;
}
} else {
@ -208,12 +208,12 @@ class MessageManager
$table_message = Database::get_main_table(TABLE_MESSAGE);
$id = Database::escape_string($id);
$sql="SELECT COUNT(*) as count FROM $table_message WHERE id=".$id." AND msg_status<>4;";
$rs=api_sql_query($sql,__FILE__,__LINE__);
$rs=Database::query($sql,__FILE__,__LINE__);
$row=Database::fetch_array($rs,'ASSOC');
if ($row['count']==1) {
$query = "DELETE FROM $table_message " .
"WHERE user_receiver_id=".Database::escape_string($user_receiver_id)." AND id=".$id;
$result = api_sql_query($query,__FILE__,__LINE__);
$result = Database::query($query,__FILE__,__LINE__);
return $result;
} else {
return false;
@ -230,19 +230,19 @@ class MessageManager
$table_message = Database::get_main_table(TABLE_MESSAGE);
$query = "DELETE FROM $table_message " .
"WHERE user_sender_id=".Database::escape_string($user_sender_id)." AND id=".Database::escape_string($id);
$result = api_sql_query($query,__FILE__,__LINE__);
$result = Database::query($query,__FILE__,__LINE__);
return $result;
}
public static function update_message ($user_id, $id) {
$table_message = Database::get_main_table(TABLE_MESSAGE);
$query = "UPDATE $table_message SET msg_status = '0' WHERE msg_status<>4 AND user_receiver_id=".Database::escape_string($user_id)." AND id='".Database::escape_string($id)."'";
$result = api_sql_query($query,__FILE__,__LINE__);
$result = Database::query($query,__FILE__,__LINE__);
}
public static function get_message_by_user ($user_id,$id) {
$table_message = Database::get_main_table(TABLE_MESSAGE);
$query = "SELECT * FROM $table_message WHERE user_receiver_id=".Database::escape_string($user_id)." AND id='".Database::escape_string($id)."'";
$result = api_sql_query($query,__FILE__,__LINE__);
$result = Database::query($query,__FILE__,__LINE__);
return $row = Database::fetch_array($result);
}
/**
@ -255,7 +255,7 @@ class MessageManager
public static function exist_message ($user_id, $id) {
$table_message = Database::get_main_table(TABLE_MESSAGE);
$query = "SELECT id FROM $table_message WHERE user_receiver_id=".Database::escape_string($user_id)." AND id='".Database::escape_string($id)."'";
$result = api_sql_query($query,__FILE__,__LINE__);
$result = Database::query($query,__FILE__,__LINE__);
$num = Database::num_rows($result);
if ($num>0)
return true;
@ -285,7 +285,7 @@ class MessageManager
"WHERE user_sender_id=".api_get_user_id()." AND msg_status=4 " .
"ORDER BY col$column $direction LIMIT $from,$number_of_items";
$sql_result = api_sql_query($sql_query,__FILE__,__LINE__);
$sql_result = Database::query($sql_query,__FILE__,__LINE__);
$i = 0;
$message_list = array ();
while ($result = Database::fetch_row($sql_result)) {
@ -327,7 +327,7 @@ class MessageManager
public static function get_number_of_messages_sent () {
$table_message = Database::get_main_table(TABLE_MESSAGE);
$sql_query = "SELECT COUNT(*) as number_messages FROM $table_message WHERE msg_status=4 AND user_sender_id=".api_get_user_id();
$sql_result = api_sql_query($sql_query,__FILE__,__LINE__);
$sql_result = Database::query($sql_query,__FILE__,__LINE__);
$result = Database::fetch_array($sql_result);
return $result['number_messages'];
}
@ -336,14 +336,14 @@ class MessageManager
$table_message = Database::get_main_table(TABLE_MESSAGE);
if (isset($_GET['id_send']) && is_numeric($_GET['id_send'])) {
$query = "SELECT * FROM $table_message WHERE user_sender_id=".api_get_user_id()." AND id=".Database::escape_string($_GET['id_send'])." AND msg_status=4;";
$result = api_sql_query($query,__FILE__,__LINE__);
$result = Database::query($query,__FILE__,__LINE__);
$path='outbox.php';
} else {
if (is_numeric($_GET['id'])) {
$query = "UPDATE $table_message SET msg_status = '0' WHERE user_receiver_id=".api_get_user_id()." AND id='".Database::escape_string($_GET['id'])."';";
$result = api_sql_query($query,__FILE__,__LINE__);
$result = Database::query($query,__FILE__,__LINE__);
$query = "SELECT * FROM $table_message WHERE msg_status<>4 AND user_receiver_id=".api_get_user_id()." AND id='".Database::escape_string($_GET['id'])."';";
$result = api_sql_query($query,__FILE__,__LINE__);
$result = Database::query($query,__FILE__,__LINE__);
}
$path='inbox.php';
}
@ -400,7 +400,7 @@ class MessageManager
$table_message = Database::get_main_table(TABLE_MESSAGE);
if (is_numeric($_GET['id_send'])) {
$query = "SELECT * FROM $table_message WHERE user_sender_id=".api_get_user_id()." AND id=".Database::escape_string($_GET['id_send'])." AND msg_status=4;";
$result = api_sql_query($query,__FILE__,__LINE__);
$result = Database::query($query,__FILE__,__LINE__);
}
$path='outbox.php';
@ -454,7 +454,7 @@ class MessageManager
public static function get_user_id_by_email ($user_email) {
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$sql='SELECT user_id FROM '.$tbl_user.' WHERE email="'.Database::escape_string($user_email).'";';
$rs=api_sql_query($sql,__FILE__,__LINE__);
$rs=Database::query($sql,__FILE__,__LINE__);
$row=Database::fetch_array($rs,'ASSOC');
if (isset($row['user_id'])) {
return $row['user_id'];

2
main/messages/new_message.php
Unescape View File

@ -122,7 +122,7 @@ function show_compose_reply_to_message ($message_id, $receiver_id) {
global $charset;
$table_message = Database::get_main_table(TABLE_MESSAGE);
$query = "SELECT * FROM $table_message WHERE user_receiver_id=".$receiver_id." AND id='".$message_id."';";
$result = api_sql_query($query,__FILE__,__LINE__);
$result = Database::query($query,__FILE__,__LINE__);
$row = Database::fetch_array($result);
if (!isset($row[1])) {

6
main/metadata/importlinks.php
Unescape View File

@ -86,7 +86,7 @@ function get_cat($catname)
global $_course; $cateq = "category_title='". addslashes($catname) . "'";
$linkcat_table = Database::get_course_table(TABLE_LINK_CATEGORY);
$result = api_sql_query("SELECT id FROM $linkcat_table WHERE " . $cateq, __FILE__, __LINE__);
$result = Database::query("SELECT id FROM $linkcat_table WHERE " . $cateq, __FILE__, __LINE__);
if (mysql_num_rows($result) >= 1 && ($row = mysql_fetch_array($result)))
return $row['id']; // several categories with same name: take first
@ -113,7 +113,7 @@ if (isset($lcn)) // category_title
if (($lci = get_cat($lcn)) !== FALSE)
{
$link_table = Database::get_course_table(TABLE_LINK);
$result = api_sql_query("SELECT id FROM $link_table WHERE category_id=" . $lci, __FILE__, __LINE__);
$result = Database::query("SELECT id FROM $link_table WHERE category_id=" . $lci, __FILE__, __LINE__);
while ($row = mysql_fetch_array($result))
{
@ -325,7 +325,7 @@ if (count($perCat)) foreach ($perCat as $cat => $number)
$perCat[$cat] = '(' . htmlspecialchars($cat, ENT_QUOTES, $charset) . ')';
$linkcat_table = Database::get_course_table(TABLE_LINK_CATEGORY);
$result = api_sql_query("SELECT category_title FROM $linkcat_table", __FILE__, __LINE__);
$result = Database::query("SELECT category_title FROM $linkcat_table", __FILE__, __LINE__);
while ($row = mysql_fetch_array($result))
{

2
main/metadata/importmanifest.php
Unescape View File

@ -61,7 +61,7 @@ if (isset($workWith)) // explicit in URL, or selected at bottom of screen
{
$scormdocument = Database::get_course_table(TABLE_LP_MAIN);
$sql = "SELECT id FROM $scormdocument WHERE path='". Database::escape_string(api_substr($workWith,1)) . "' OR path='". Database::escape_string(substr($workWith,1)) . "/.'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) == 1)
{

2
main/metadata/index.php
Unescape View File

@ -64,7 +64,7 @@ $mdObj = new mdobject($_course, EID_ID); // see 'md_' . EID_TYPE . '.php'
// Construct assoclist $langLangs from language table ------------------------->
$result = api_sql_query("SELECT isocode FROM " .
$result = Database::query("SELECT isocode FROM " .
Database :: get_main_table(TABLE_MAIN_LANGUAGE) .
" WHERE available='1' ORDER BY isocode ASC", __FILE__, __LINE__);

4
main/metadata/md_document.php
Unescape View File

@ -164,7 +164,7 @@ function mdobject($_course, $id)
$this->mdo_dcmap_e = $ieee_dcmap_e; $this->mdo_dcmap_v = $ieee_dcmap_v;
$document_table = Database::get_course_table(TABLE_DOCUMENT);
if (($docinfo = @mysql_fetch_array(api_sql_query(
if (($docinfo = @mysql_fetch_array(Database::query(
"SELECT path,title,comment,filetype FROM $document_table WHERE id='" .
addslashes($id) . "'", __FILE__, __LINE__))))
{
@ -175,7 +175,7 @@ function mdobject($_course, $id)
$this->mdo_group = ''; // 2005-05-30: find group_id, if any
$group_info = Database::get_course_table(TABLE_GROUP);
if (($result = api_sql_query(
if (($result = Database::query(
"SELECT id,secret_directory FROM $group_info", __FILE__, __LINE__)))
while (($row = mysql_fetch_array($result)))
if (($secdir = $row['secret_directory'] . '/') ==

4
main/metadata/md_funcs.php
Unescape View File

@ -420,7 +420,7 @@ function mdstore($allow_create)
define('MDS_TABLE', Database::get_course_table(TABLE_METADATA));
if (!api_sql_query("SELECT eid FROM " . MDS_TABLE))
if (!Database::query("SELECT eid FROM " . MDS_TABLE))
if ($allow_create)
$this->_query("CREATE TABLE " . MDS_TABLE . " ( " .
"eid varchar(250) NOT NULL," . // entry-id, e.g. doc.1
@ -448,7 +448,7 @@ function _query($sql, $eid = '', $sep = '')
if ($eid) $sql .= $sep ? $this->_coldatstart('eid', $eid . $sep) :
$this->_coldat('eid', $eid);
return api_sql_query($sql, __FILE__, __LINE__);
return Database::query($sql, __FILE__, __LINE__);
}
}

6
main/metadata/md_link.php
Unescape View File

@ -168,7 +168,7 @@ function mdo_storeback(&$xmlDoc) // by ref!
// do not store back a modified coverage as category...
$link_table = Database::get_course_table(TABLE_LINK);
if ($u) api_sql_query("UPDATE $link_table SET " . substr($u, 2) .
if ($u) Database::query("UPDATE $link_table SET " . substr($u, 2) .
" WHERE id='" . addslashes($this->mdo_id) . "'", __FILE__, __LINE__);
}
@ -198,7 +198,7 @@ function mdobject($_course, $id)
$this->mdo_dcmap_e = $ieee_dcmap_e; $this->mdo_dcmap_v = $ieee_dcmap_v;
$link_table = Database::get_course_table(TABLE_LINK);
if (($linkinfo = @mysql_fetch_array(api_sql_query(
if (($linkinfo = @mysql_fetch_array(Database::query(
"SELECT url,title,description,category_id FROM $link_table WHERE id='" .
addslashes($id) . "'", __FILE__, __LINE__))))
{
@ -208,7 +208,7 @@ function mdobject($_course, $id)
$this->mdo_category = ($lci = $linkinfo['category_id']);
$linkcat_table = Database::get_course_table(TABLE_LINK_CATEGORY);
if (($catinfo = @mysql_fetch_array(api_sql_query(
if (($catinfo = @mysql_fetch_array(Database::query(
"SELECT category_title FROM $linkcat_table WHERE id='" .
addslashes($lci) . "'", __FILE__, __LINE__))))
$this->mdo_category_title = $catinfo['category_title'];

4
main/metadata/md_mix.php
Unescape View File

@ -49,7 +49,7 @@ function mdobject($_course, $eid)
$id = substr($id, 0, $dotpos);
}
if (($docinfo = @mysql_fetch_array(api_sql_query(
if (($docinfo = @mysql_fetch_array(Database::query(
"SELECT path,comment,filetype FROM
$table WHERE id='" .
addslashes($id) . "'", __FILE__, __LINE__))))
@ -76,7 +76,7 @@ function mdobject($_course, $eid)
elseif ($type == 'Link')
{
$link_table = Database::get_course_table(TABLE_LINK);
if (($linkinfo = @mysql_fetch_array(api_sql_query(
if (($linkinfo = @mysql_fetch_array(Database::query(
"SELECT url,title,description,category_id FROM
$link_table WHERE id='" . addslashes($id) .
"'", __FILE__, __LINE__))))

20
main/metadata/md_phpdig.php
Unescape View File

@ -73,7 +73,7 @@ function find_site($url)
{
$site_url = "site_url = '" . addslashes($url) . "'";
$result = api_sql_query("SELECT site_id FROM " . PHPDIG_DB_PREFIX .
$result = Database::query("SELECT site_id FROM " . PHPDIG_DB_PREFIX .
"sites WHERE " . $site_url, __FILE__, __LINE__); // find site
if (mysql_num_rows($result) == 1)
@ -82,11 +82,11 @@ function find_site($url)
}
else
{
$result = api_sql_query("INSERT INTO " . PHPDIG_DB_PREFIX .
$result = Database::query("INSERT INTO " . PHPDIG_DB_PREFIX .
"sites SET " . $site_url, __FILE__, __LINE__); // new site
$site_id = mysql_insert_id();
$result = api_sql_query("INSERT INTO " . PHPDIG_DB_PREFIX .
$result = Database::query("INSERT INTO " . PHPDIG_DB_PREFIX .
"site_page (site_id,num_page) VALUES ('$site_id', '0')");
return $site_id;
@ -101,19 +101,19 @@ function remove_engine_entries($url, $path, $file = '')
if ($file) $and_path .= " AND file LIKE '" . addslashes(
str_replace(array('_', '%'), array('\_', '\%'), $file)) . "%'";
$result = api_sql_query("SELECT spider_id FROM " . PHPDIG_DB_PREFIX .
$result = Database::query("SELECT spider_id FROM " . PHPDIG_DB_PREFIX .
"spider WHERE site_id=" . ($site_id = find_site($url)) . $and_path,
__FILE__, __LINE__); // find page(s)
while ($row = mysql_fetch_array($result))
{
api_sql_query("DELETE FROM " . PHPDIG_DB_PREFIX .
Database::query("DELETE FROM " . PHPDIG_DB_PREFIX .
"engine WHERE spider_id=" . (int)$row['spider_id'],
__FILE__, __LINE__); // delete all references to keywords
$aff .= ' +' . mysql_affected_rows();
}
api_sql_query("DELETE FROM " . PHPDIG_DB_PREFIX .
Database::query("DELETE FROM " . PHPDIG_DB_PREFIX .
"spider WHERE site_id=" . $site_id . $and_path,
__FILE__, __LINE__); // delete page
@ -133,7 +133,7 @@ function index_words($site_id, $path, $file, $first_words, $keywords)
addslashes($first_words) . "',site_id='$site_id'";
// do not set upddate,md5,num_words,last_modified,filesize
api_sql_query("INSERT INTO " . PHPDIG_DB_PREFIX . $spider_set_path_etc,
Database::query("INSERT INTO " . PHPDIG_DB_PREFIX . $spider_set_path_etc,
__FILE__, __LINE__);
$spider_id = mysql_insert_id(); $new = 0;
@ -143,13 +143,13 @@ function index_words($site_id, $path, $file, $first_words, $keywords)
!isset($common_words[$key]) and
ereg('^['.WORDS_CHARS_LATIN1.'#$]', $key))
{
$result = api_sql_query("SELECT key_id FROM " . PHPDIG_DB_PREFIX .
$result = Database::query("SELECT key_id FROM " . PHPDIG_DB_PREFIX .
"keywords WHERE keyword = '" . addslashes($key) . "'",
__FILE__, __LINE__);
if (mysql_num_rows($result) == 0)
{
api_sql_query("INSERT INTO " . PHPDIG_DB_PREFIX .
Database::query("INSERT INTO " . PHPDIG_DB_PREFIX .
"keywords (keyword,twoletters) VALUES ('" . addslashes($key) .
"','" .addslashes(substr(str_replace('\\','',$key),0,2)) ."')",
__FILE__, __LINE__);
@ -160,7 +160,7 @@ function index_words($site_id, $path, $file, $first_words, $keywords)
$keyid = mysql_fetch_row($result); $key_id = $keyid[0];
}
api_sql_query("INSERT INTO " . PHPDIG_DB_PREFIX .
Database::query("INSERT INTO " . PHPDIG_DB_PREFIX .
"engine (spider_id,key_id,weight) VALUES ($spider_id,$key_id,$w)",
__FILE__, __LINE__);
}

2
main/metadata/md_scorm.php
Unescape View File

@ -87,7 +87,7 @@ function mdobject($_course, $id)
$this->mdo_dcmap_e = $ieee_dcmap_e; $this->mdo_dcmap_v = $ieee_dcmap_v;
$sql = "SELECT path,description,lp_type FROM $scormdocument WHERE id='" . addslashes($id) . "'";
if (($docinfo = @mysql_fetch_array(api_sql_query($sql,__FILE__, __LINE__))))
if (($docinfo = @mysql_fetch_array(Database::query($sql,__FILE__, __LINE__))))
{
$this->mdo_path = $docinfo['path'];
//Sometimes the new scorm-tool adds '/.' at the end of a directory name, so remove this before continue

22
main/newscorm/aicc.class.php
Unescape View File

@ -230,7 +230,7 @@ class aicc extends learnpath {
//The previous method wasn't safe to get the database name, so do it manually with the course_code
$sql = "SELECT * FROM ".Database::get_main_table(TABLE_MAIN_COURSE)." WHERE code='$course_code'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($res)<1){ error_log('New LP - Database for '.$course_code.' not found '.__FILE__.' '.__LINE__,0);return -1;}
$row = Database::fetch_array($res);
$dbname = Database::get_course_table_prefix().$row['db_name'].Database::get_database_glue();
@ -238,7 +238,7 @@ class aicc extends learnpath {
$new_lp = Database::get_course_table(TABLE_LP_MAIN);
$new_lp_item = Database::get_course_table(TABLE_LP_ITEM);
$get_max = "SELECT MAX(display_order) FROM $new_lp";
$res_max = api_sql_query($get_max);
$res_max = Database::query($get_max);
if(Database::num_rows($res_max)<1){
$dsp = 1;
}else{
@ -257,7 +257,7 @@ class aicc extends learnpath {
"'".$this->subdir."', 0, 'embedded', '".$this->config_encoding."'," .
"'aicc_api.php','".$this->course_creator."',$dsp)";
if($this->debug>2){error_log('New LP - In import_aicc(), inserting path: '. $sql,0);}
$res = api_sql_query($sql);
$res = Database::query($sql);
$lp_id = Database::get_last_insert_id();
$this->lp_id = $lp_id;
api_item_property_update(api_get_course_info($course_code),TOOL_LEARNPATH,$this->lp_id,'LearnpathAdded',api_get_user_id());
@ -296,13 +296,13 @@ class aicc extends learnpath {
"$parent, $previous, 0, " .
"'$prereq', 0" .
")";
$res_item = api_sql_query($sql_item);
$res_item = Database::query($sql_item);
if($this->debug>1){error_log('New LP - In aicc::import_aicc() - inserting item : '.$sql_item.' : '.mysql_error(),0);}
$item_id = Database::get_last_insert_id();
//now update previous item to change next_item_id
if($previous != 0){
$upd = "UPDATE $new_lp_item SET next_item_id = $item_id WHERE id = $previous";
$upd_res = api_sql_query($upd);
$upd_res = Database::query($upd);
//update previous item id
}
$previous = $item_id;
@ -563,7 +563,7 @@ class aicc extends learnpath {
if($lp!=0){
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$sql = "UPDATE $tbl_lp SET content_local = '$proxy' WHERE id = ".$lp;
$res = api_sql_query($sql);
$res = Database::query($sql);
return $res;
}else{
return false;
@ -580,7 +580,7 @@ class aicc extends learnpath {
if($lp!=0){
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$sql = "UPDATE $tbl_lp SET theme = '$theme' WHERE id = ".$lp;
$res = api_sql_query($sql);
$res = Database::query($sql);
return $res;
}else{
return false;
@ -597,7 +597,7 @@ class aicc extends learnpath {
if($lp!=0){
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$sql = "UPDATE $tbl_lp SET preview_image = '$preview_image' WHERE id = ".$lp;
$res = api_sql_query($sql);
$res = Database::query($sql);
return $res;
}else{
return false;
@ -614,7 +614,7 @@ class aicc extends learnpath {
if($lp!=0){
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$sql = "UPDATE $tbl_lp SET author = '$author' WHERE id = ".$lp;
$res = api_sql_query($sql);
$res = Database::query($sql);
return $res;
}else{
return false;
@ -633,7 +633,7 @@ class aicc extends learnpath {
if($lp!=0){
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$sql = "UPDATE $tbl_lp SET content_maker = '$maker' WHERE id = ".$lp;
$res = api_sql_query($sql);
$res = Database::query($sql);
return $res;
}else{
return false;
@ -672,7 +672,7 @@ class aicc extends learnpath {
$_course = Database::get_course_info(api_get_course_id());
$sql = "SELECT * FROM $tbl_lp WHERE id=".$lp_id;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_array($result);
$LPname = $row['path'];
$list = split('/',$LPname);

2
main/newscorm/audiorecorder.inc.php
Unescape View File

@ -46,7 +46,7 @@ else
$select = "SELECT * FROM $docs " .
" WHERE path like BINARY '/audio/lpi".Database::escape_string($audio_recorder_item_id)."-%' AND filetype='file' " .
" ORDER BY path DESC";
$res = api_sql_query($select);
$res = Database::query($select);
if(Database::num_rows($res)>0)
{
$row = Database::fetch_array($res);

12
main/newscorm/document.php
Unescape View File

@ -162,9 +162,9 @@ if ( is_array($attribute) && ( count($attribute['path']) > 0 ) )
{
$queryClause = ' WHERE path IN ( "'.implode('" , "' , $attribute['path']).'" )';
api_sql_query("DELETE FROM $tbl_document ".$queryClause,__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_document ".$queryClause,__FILE__,__LINE__);
api_sql_query("DELETE FROM $tbl_document WHERE comment LIKE '' AND visibility LIKE 'v'",__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_document WHERE comment LIKE '' AND visibility LIKE 'v'",__FILE__,__LINE__);
// The second query clean the DB 'in case of' empty records (no comment an visibility=v)
// These kind of records should'nt be there, but we never know...
@ -352,7 +352,7 @@ if ($fileList)
$sqlpath="/".$fileList['name'][$fileKey]."";
}
$sql="SELECT name FROM $tbl_document WHERE ((path='$sqlpath') and (filetype='folder'))";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$row=mysql_fetch_array($result);
if ($row['name']) { $name=$row['name']; } else { $name=$dspFileName; }
echo "<tr align=\"center\"", " class=".$oddclass.">\n",
@ -416,7 +416,7 @@ if (!$curDirPath) {
echo "<tr><td colspan='4'>&nbsp;</td></tr>";
$sql="select * from $tbl_learnpath_main";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$counter=0;
while ($row=mysql_fetch_array($result)) {
$counter++;
@ -424,11 +424,11 @@ if (!$curDirPath) {
$id=$row["learnpath_id"];
$sql2="SELECT * FROM $tbl_learnpath_main where learnpath_id=$id";
$result2=api_sql_query($sql2,__FILE__,__LINE__);
$result2=Database::query($sql2,__FILE__,__LINE__);
$row2=mysql_fetch_array($result2);
$name=$row2['learnpath_name'];
$sql3="SELECT * FROM $tbl_tool where (name=\"$name\" and image='scormbuilder.gif')";
$result3=api_sql_query($sql3,__FILE__,__LINE__);
$result3=Database::query($sql3,__FILE__,__LINE__);
$row3=mysql_fetch_array($result3);
if ((api_is_allowed_to_edit()) or ((!api_is_allowed_to_edit()) and ($row3["visibility"] == '1'))) {
$row['learnpath_name']=str_replace(' ','&nbsp;',$row['learnpath_name']);

316
main/newscorm/learnpath.class.php
View File

File diff suppressed because it is too large Load Diff

66
main/newscorm/learnpathItem.class.php
Unescape View File

@ -73,7 +73,7 @@ class learnpathItem{
$id = (int) $db_id;
$sql = "SELECT * FROM $items_table WHERE id = $id";
//error_log('New LP - Creating item object from DB: '.$sql,0);
$res = @api_sql_query($sql);
$res = @Database::query($sql);
if(Database::num_rows($res)<1)
{
$this->error = "Could not find given learnpath item in learnpath_item table";
@ -109,7 +109,7 @@ class learnpathItem{
$sql = 'SELECT * FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s AND ref_id_second_level=%d LIMIT 1';
// TODO: verify if it's possible to assume the actual course instead of getting it from db
$sql = sprintf($sql, $tbl_se_ref, api_get_course_id(), TOOL_LEARNPATH, $this->lp_id, $id);
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($res) > 0) {
$se_ref = Database::fetch_array($res);
$this->search_did = (int)$se_ref['search_did'];
@ -211,16 +211,16 @@ class learnpathItem{
$lp_item = Database::get_course_table(TABLE_LP_ITEM);
$sql_del_view = "DELETE FROM $lp_item_view WHERE item_id = ".$this->db_id;
//error_log('New LP - Deleting from lp_item_view: '.$sql_del_view,0);
$res_del_view = api_sql_query($sql_del_view);
$res_del_view = Database::query($sql_del_view);
$sql_sel = "SELECT * FROM $lp_item WHERE id = ".$this->db_id;
$res_sel = api_sql_query($sql_sel,__FILE__,__LINE__);
$res_sel = Database::query($sql_sel,__FILE__,__LINE__);
if(Database::num_rows($res_sel)<1){return false;}
$row = Database::fetch_array($res_sel);
$sql_del_item = "DELETE FROM $lp_item WHERE id = ".$this->db_id;
//error_log('New LP - Deleting from lp_item: '.$sql_del_view,0);
$res_del_item = api_sql_query($sql_del_item);
$res_del_item = Database::query($sql_del_item);
if (api_get_setting('search_enabled') == 'true') {
if (!is_null($this->search_did)) {
@ -362,7 +362,7 @@ class learnpathItem{
case TOOL_DOCUMENT:
$table_doc = Database::get_course_table(TABLE_DOCUMENT);
$sql = 'SELECT path FROM '.$table_doc.' WHERE id = '.$path;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$row = Database::fetch_array($res);
$real_path = 'document'.$row['path'];
return $real_path;
@ -408,14 +408,14 @@ class learnpathItem{
"WHERE lp_item_id = ".$this->db_id." " .
"AND lp_view_id = ".$this->view_id." " .
"AND view_count = ".$this->attempt_id;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($res)>0) {
$row = Database::fetch_array($res);
$lp_iv_id = $row[0];
$iva_table = Database::get_course_table(TABLE_LP_IV_INTERACTION);
$iva_sql = "SELECT * FROM $iva_table " .
"WHERE lp_iv_id = $lp_iv_id ";
$res_sql = api_sql_query($iva_sql);
$res_sql = Database::query($iva_sql);
while ($row = Database::fetch_array($res_sql)) {
$this->interactions[$row['interaction_id']] = array($row['interaction_id'],$row['interaction_type'],$row['weighting'],$row['completion_time'],$row['correct_responses'],$row['student_responses'],$row['result'],$row['latency']);
}
@ -436,14 +436,14 @@ class learnpathItem{
"WHERE lp_item_id = ".$this->db_id." " .
"AND lp_view_id = ".$this->view_id." " .
"AND view_count = ".$this->attempt_id;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($res)>0) {
$row = Database::fetch_array($res);
$lp_iv_id = $row[0];
$iva_table = Database::get_course_table(TABLE_LP_IV_INTERACTION);
$iva_sql = "SELECT count(id) as mycount FROM $iva_table " .
"WHERE lp_iv_id = $lp_iv_id ";
$res_sql = api_sql_query($iva_sql);
$res_sql = Database::query($iva_sql);
if (Database::num_rows($res_sql)>0) {
$row = Database::fetch_array($res_sql);
$return = $row['mycount'];
@ -628,7 +628,7 @@ class learnpathItem{
if(!empty($this->lp_id)){
$db = Database::get_course_table(TABLE_LP_MAIN);
$sql = "SELECT * FROM $db WHERE id = ".$this->lp_id;
$res = @api_sql_query($sql);
$res = @Database::query($sql);
if(Database::num_rows($res)<1)
{
$this->error = "Could not find parent learnpath in learnpath table";
@ -1014,7 +1014,7 @@ class learnpathItem{
$sql = "SELECT * FROM $table WHERE id = '".$this->db_item_view_id."' AND view_count = '".$this->get_attempt_id()."'";
if($this->debug>2){error_log('New LP - In learnpathItem::get_status() - Checking DB: '.$sql,0);}
$res = api_sql_query($sql);
$res = Database::query($sql);
if (Database::num_rows($res)==1) {
$row = Database::fetch_array($res);
if($update_local==true){
@ -1082,7 +1082,7 @@ function get_terms()
{
$lp_item = Database::get_course_table(TABLE_LP_ITEM);
$sql = "SELECT * FROM $lp_item WHERE id='".Database::escape_string($this->db_id)."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$row = Database::fetch_array($res);
return $row['terms'];
}
@ -1440,7 +1440,7 @@ function get_terms()
AND status <> "incomplete"
ORDER BY exe_date DESC
LIMIT 0, 1';
$rs_quiz = api_sql_query($sql, __FILE__, __LINE__);
$rs_quiz = Database::query($sql, __FILE__, __LINE__);
if($quiz = Database :: fetch_array($rs_quiz))
{
if($quiz['exe_result'] >= $items[$refs_list[$prereqs_string]]->get_mastery_score())
@ -1833,7 +1833,7 @@ function get_terms()
$sql = "SELECT * FROM $item_view_table WHERE lp_item_id = ".$this->get_id()." " .
" AND lp_view_id = ".$lp_view_id." ORDER BY view_count DESC";
if($this->debug>2){error_log('New LP - In learnpathItem::set_lp_view() - Querying lp_item_view: '.$sql,0);}
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($res)>0){
$row = Database::fetch_array($res);
$this->db_item_view_id = $row['id'];
@ -1852,7 +1852,7 @@ function get_terms()
//now get the number of interactions for this little guy
$item_view_interaction_table = Database::get_course_table(TABLE_LP_IV_INTERACTION);
$sql = "SELECT * FROM $item_view_interaction_table WHERE lp_iv_id = '".$this->db_item_view_id."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if($res !== false){
$this->interactions_count = Database::num_rows($res);
}else{
@ -1861,7 +1861,7 @@ function get_terms()
//now get the number of objectives for this little guy
$item_view_objective_table = Database::get_course_table(TABLE_LP_IV_OBJECTIVE);
$sql = "SELECT * FROM $item_view_objective_table WHERE lp_iv_id = '".$this->db_item_view_id."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if($res !== false){
$this->objectives_count = Database::num_rows($res);
}else{
@ -1980,7 +1980,7 @@ function get_terms()
$terms_update_sql='';
//TODO: validate csv string
$terms_update_sql = "UPDATE $lp_item SET terms = '". Database::escape_string(api_htmlentities($new_terms_string, ENT_QUOTES, $charset)) . "' WHERE id=".$this->get_id();
$res = api_sql_query($terms_update_sql,__FILE__,__LINE__);
$res = Database::query($terms_update_sql,__FILE__,__LINE__);
// save it to search engine
if (api_get_setting('search_enabled') == 'true') {
$di = new DokeosIndexer();
@ -2121,7 +2121,7 @@ function get_terms()
"WHERE lp_item_id = ".$this->db_id." " .
"AND lp_view_id = ".$this->view_id." " .
"AND view_count = ".$this->attempt_id;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($res)>0){
$row = Database::fetch_array($res);
$lp_iv_id = $row[0];
@ -2133,7 +2133,7 @@ function get_terms()
//"AND order_id = $index";
//also check for the objective ID as it must be unique for this SCO view
"AND objective_id = '".Database::escape_string($objective[0])."'";
$iva_res = api_sql_query($iva_sql,__FILE__,__LINE__);
$iva_res = Database::query($iva_sql,__FILE__,__LINE__);
//id(0), type(1), time(2), weighting(3),correct_responses(4),student_response(5),result(6),latency(7)
if(Database::num_rows($iva_res)>0){
//update (or don't)
@ -2146,7 +2146,7 @@ function get_terms()
"score_min = '".Database::escape_string($objective[4])."'," .
"score_max = '".Database::escape_string($objective[3])."' " .
"WHERE id = $iva_id";
$ivau_res = api_sql_query($ivau_sql,__FILE__,__LINE__);
$ivau_res = Database::query($ivau_sql,__FILE__,__LINE__);
//error_log($ivau_sql,0);
}else{
//insert new one
@ -2155,7 +2155,7 @@ function get_terms()
"VALUES" .
"(".$lp_iv_id.", ".$index.",'".Database::escape_string($objective[0])."','".Database::escape_string($objective[1])."'," .
"'".Database::escape_string($objective[2])."','".Database::escape_string($objective[4])."','".Database::escape_string($objective[3])."')";
$ivai_res = api_sql_query($ivai_sql,__FILE__,__LINE__);
$ivai_res = Database::query($ivai_sql,__FILE__,__LINE__);
//error_log($ivai_sql);
}
}
@ -2180,7 +2180,7 @@ function get_terms()
$item_view_table = Database::get_course_table(TABLE_LP_ITEM_VIEW);
$sql_verified='SELECT status FROM '.$item_view_table.' WHERE lp_item_id="'.$this->db_id.'" AND lp_view_id="'.$this->view_id.'" AND view_count="'.$this->attempt_id.'" ;';
$rs_verified=api_sql_query($sql_verified,__FILE__,__LINE__);
$rs_verified=Database::query($sql_verified,__FILE__,__LINE__);
$row_verified=Database::fetch_array($rs_verified);
$my_case_completed=array('completed','passed','browsed','failed');//added by isaac flores
@ -2229,7 +2229,7 @@ function get_terms()
"'".$this->lesson_location."')";
if($this->debug>2){error_log('New LP - In learnpathItem::write_to_db() - Inserting into item_view forced: '.$sql,0);}
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$this->db_item_view_id = Database::get_last_insert_id();
$inserted = true;
}
@ -2240,7 +2240,7 @@ function get_terms()
"AND lp_view_id = ".$this->view_id. " ".
"AND view_count = ".$this->get_attempt_id();
if($this->debug>2){error_log('New LP - In learnpathItem::write_to_db() - Querying item_view: '.$check,0);}
$check_res = api_sql_query($check);
$check_res = Database::query($check);
//depending on what we want (really), we'll update or insert a new row
//now save into DB
$res = 0;
@ -2275,7 +2275,7 @@ function get_terms()
//"'".$this->get_max_time_allowed()."'," .
"'".$this->lesson_location."')";
if($this->debug>2){error_log('New LP - In learnpathItem::write_to_db() - Inserting into item_view: '.$sql,0);}
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$this->db_item_view_id = Database::get_last_insert_id();
} else {
$sql = '';
@ -2303,7 +2303,7 @@ function get_terms()
$safe_exe_id = Database::escape_string($_REQUEST['exeId']);
$sql = 'SELECT start_date,exe_date FROM ' . $TBL_TRACK_EXERCICES . ' WHERE exe_id = '.(int)$safe_exe_id;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$row_dates = Database::fetch_array($res);
$time_start_date = convert_mysql_date($row_dates['start_date']);
@ -2321,7 +2321,7 @@ function get_terms()
// process of status verified into data base
$sql_verified='SELECT status FROM '.$item_view_table.' WHERE lp_item_id="'.$this->db_id.'" AND lp_view_id="'.$this->view_id.'" AND view_count="'.$this->attempt_id.'" ;';
$rs_verified=api_sql_query($sql_verified,__FILE__,__LINE__);
$rs_verified=Database::query($sql_verified,__FILE__,__LINE__);
$row_verified=Database::fetch_array($rs_verified);
//get type lp: 1=lp dokeos and 2=scorm
@ -2397,7 +2397,7 @@ function get_terms()
$this->current_start_time = time();
}
if($this->debug>2){error_log('New LP - In learnpathItem::write_to_db() - Updating item_view: '.$sql,0);}
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
}
//if(!$res)
//{
@ -2410,7 +2410,7 @@ function get_terms()
"WHERE lp_item_id = ".$this->db_id." " .
"AND lp_view_id = ".$this->view_id." " .
"AND view_count = ".$this->attempt_id;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($res)>0){
$row = Database::fetch_array($res);
$lp_iv_id = $row[0];
@ -2430,7 +2430,7 @@ function get_terms()
//also check for the interaction ID as it must be unique for this SCO view
"AND (order_id = $index " .
"OR interaction_id = '".Database::escape_string($interaction[0])."')";
$iva_res = api_sql_query($iva_sql,__FILE__,__LINE__);
$iva_res = Database::query($iva_sql,__FILE__,__LINE__);
//id(0), type(1), time(2), weighting(3),correct_responses(4),student_response(5),result(6),latency(7)
if(Database::num_rows($iva_res)>0){
//update (or don't)
@ -2446,7 +2446,7 @@ function get_terms()
"result = '".Database::escape_string($interaction[6])."'," .
"latency = '".Database::escape_string($interaction[7])."'" .
"WHERE id = $iva_id";
$ivau_res = api_sql_query($ivau_sql,__FILE__,__LINE__);
$ivau_res = Database::query($ivau_sql,__FILE__,__LINE__);
} else {
//insert new one
$ivai_sql = "INSERT INTO $iva_table " .
@ -2458,7 +2458,7 @@ function get_terms()
"'".Database::escape_string($interaction[3])."','".Database::escape_string($interaction[2])."','".Database::escape_string($correct_resp)."'," .
"'".Database::escape_string($interaction[5])."','".Database::escape_string($interaction[6])."','".Database::escape_string($interaction[7])."'" .
")";
$ivai_res = api_sql_query($ivai_sql,__FILE__,__LINE__);
$ivai_res = Database::query($ivai_sql,__FILE__,__LINE__);
}
}
}

4
main/newscorm/learnpathList.class.php
Unescape View File

@ -36,7 +36,7 @@ class learnpathList {
$this->course_code = $course_code;
$this->user_id = $user_id;
$sql = "SELECT * FROM $lp_table ORDER BY display_order ASC, name ASC";
$res = api_sql_query($sql);
$res = Database::query($sql);
$names = array();
while ($row = Database::fetch_array($res))
{
@ -50,7 +50,7 @@ class learnpathList {
$mylink = 'newscorm/lp_controller.php?action=view&lp_id='.$row['id'];
$sql2="SELECT * FROM $tbl_tool where (name='$myname' and image='scormbuilder.gif' and link LIKE '$mylink%')";
//error_log('New LP - learnpathList::learnpathList - getting visibility - '.$sql2,0);
$res2 = api_sql_query($sql2,__FILE__,__LINE__);
$res2 = Database::query($sql2,__FILE__,__LINE__);
if(Database::num_rows($res2)>0){
$row2 = Database::fetch_array($res2);
$pub = $row2['visibility'];

124
main/newscorm/learnpath_functions.inc.php
Unescape View File

@ -56,7 +56,7 @@ function deleteitem($id)
$tbl_learnpath_chapter = Database :: get_course_table(TABLE_LEARNPATH_CHAPTER);
//get the display order for this item before it is deleted
$sql = "SELECT display_order, parent_item_id FROM $tbl_lp_item WHERE id=$id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) == 0)
{
return false;
@ -66,16 +66,16 @@ function deleteitem($id)
$parent_item_id = $row[1];
// delete the item
$sql = "DELETE FROM $tbl_learnpath_item WHERE id='$id'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if ($result === false)
{
return false;
}
// update the other items and chapters
$sql = "UPDATE $tbl_learnpath_item SET display_order = display_order-1 WHERE display_order > $display_order AND parent_item_id = $parent_item_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$sql = "UPDATE $tbl_learnpath_chapter SET display_order = display_order-1 WHERE display_order > $display_order AND parent_item_id = $parent_item_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
//return
return true;
}
@ -94,7 +94,7 @@ function deletemodule($parent_item_id)
//Added for multi-level behaviour - slightly recursive
$sql = "SELECT * FROM $tbl_learnpath_chapter WHERE lp_id=$learnpath_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_array($result))
{
if ($row['parent_item_id'] == $parent_item_id)
@ -109,7 +109,7 @@ function deletemodule($parent_item_id)
//get this chapter's display order
$sql = "SELECT display_order, parent_item_id FROM $tbl_learnpath_chapter WHERE id=$parent_item_id and lp_id=$learnpath_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) == 0)
{
return false;
@ -121,16 +121,16 @@ function deletemodule($parent_item_id)
//delete the chapter itself
$sql = "DELETE FROM $tbl_learnpath_chapter WHERE (id=$parent_item_id and lp_id=$learnpath_id)";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
//delete items from that chapter
$sql2 = "DELETE FROM $tbl_learnpath_item WHERE parent_item_id=$parent_item_id";
$result = api_sql_query($sql2, __FILE__, __LINE__);
$result = Database::query($sql2, __FILE__, __LINE__);
//update all other chapters accordingly
$sql = "UPDATE $tbl_learnpath_item SET display_order = display_order-1 WHERE display_order > $display_order AND parent_item_id = $parent_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$sql = "UPDATE $tbl_learnpath_chapter SET display_order = display_order-1 WHERE display_order > $display_order AND parent_item_id = $parent_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
return true;
}
@ -148,12 +148,12 @@ function deletepath($path_id)
$tbl_learnpath_chapter = Database :: get_course_table(TABLE_LEARNPATH_CHAPTER);
$sql = "DELETE FROM $tbl_learnpath_main WHERE lp_id='$path_id'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
//@TODO check how this function is used before uncommenting the following
//also delete all elements inside that path
$sql = "SELECT * FROM $tbl_learnpath_chapter WHERE lp_id=$path_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_array($result))
{
deletemodule($row['id']);
@ -248,8 +248,8 @@ function moveitem($direction, $id, $moduleid, $type = 'item')
{
return false;
}
api_sql_query($sql1, __FILE__, __LINE__);
api_sql_query($sql2, __FILE__, __LINE__);
Database::query($sql1, __FILE__, __LINE__);
Database::query($sql2, __FILE__, __LINE__);
}
/**
@ -274,7 +274,7 @@ function movemodule($direction, $id)
// Select all chapters of first level (parent_item_id = 0)
$sql = "SELECT * FROM $tbl_learnpath_chapter where (lp_id=$learnpath_id AND parent_item_id = 0) ORDER BY display_order $sortDirection";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$previousrow = "";
// see similar comment in moveitem() function
@ -290,8 +290,8 @@ function movemodule($direction, $id)
$sql1 = "UPDATE $tbl_learnpath_chapter SET display_order = '$next_cat_order' WHERE (id='$this_cat_id' and lp_id=$learnpath_id)";
$sql2 = "UPDATE $tbl_learnpath_chapter SET display_order = '$this_cat_order' WHERE (id='$next_cat_id' and lp_id=$learnpath_id)";
api_sql_query($sql1, __FILE__, __LINE__);
api_sql_query($sql2, __FILE__, __LINE__);
Database::query($sql1, __FILE__, __LINE__);
Database::query($sql2, __FILE__, __LINE__);
unset ($this_cat_order);
unset ($this_cat_id);
unset ($next_cat_order);
@ -331,7 +331,7 @@ function insert_item($type = 'item', $name, $chapter_description = '', $parent_i
WHERE lp_id=$learnpath_id
AND parent_item_id = $parent_id
ORDER BY display_order DESC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_array($result);
$last_chapter_order = $row["display_order"];
@ -339,7 +339,7 @@ function insert_item($type = 'item', $name, $chapter_description = '', $parent_i
$sql = "SELECT * FROM $tbl_learnpath_item
AND parent_item_id = $parent_id
ORDER BY display_order DESC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_array($result);
$last_item_order = $row["display_order"];
$new_order = max($last_chapter_order, $last_item_order) + 1;
@ -352,7 +352,7 @@ function insert_item($type = 'item', $name, $chapter_description = '', $parent_i
'".domesticate(htmlspecialchars($chapter_name))."',
'".domesticate(htmlspecialchars($chapter_description))."',
$new_order )";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if ($result === false)
{
return false;
@ -367,7 +367,7 @@ function insert_item($type = 'item', $name, $chapter_description = '', $parent_i
'".domesticate(htmlspecialchars($item_type))."',
'".domesticate(htmlspecialchars($item_id))."',
$new_order )";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if ($result === false)
{
return false;
@ -388,7 +388,7 @@ function array_learnpath_categories()
$tbl_learnpath_chapter = Database :: get_course_table(TABLE_LEARNPATH_CHAPTER);
$sql = "SELECT * FROM $tbl_learnpath_chapter WHERE (lp_id=$learnpath_id) ORDER BY display_order ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_array($result))
{
@ -573,7 +573,7 @@ function display_learnpath_chapters($parent_item_id = 0, $tree = array (), $leve
//{
//item
$sql_items2 = "SELECT * FROM $tbl_lp_item WHERE id='$prereq'"; //check if prereq has been deleted
$result_items2 = api_sql_query($sql_items2, __FILE__, __LINE__);
$result_items2 = Database::query($sql_items2, __FILE__, __LINE__);
$number_items2 = Database::num_rows($result_items2);
if ($number_items2 == 0)
{
@ -591,7 +591,7 @@ function display_learnpath_chapters($parent_item_id = 0, $tree = array (), $leve
{
//chapter
$sql_items2 = "SELECT * FROM $tbl_lp_item WHERE id='$prereq' AND item_type='dokeos_chapter'"; //check if prereq has been deleted
$result_items2 = api_sql_query($sql_items2, __FILE__, __LINE__);
$result_items2 = Database::query($sql_items2, __FILE__, __LINE__);
$number_items2 = Database::num_rows($result_items2);
if ($number_items2 == 0)
{
@ -654,7 +654,7 @@ function display_all_learnpath()
$tbl_learnpath_main = Database :: get_course_table(TABLE_LEARNPATH_MAIN);
$sql = "SELECT * FROM $tbl_learnpath_main ORDER BY learnpath_name";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$i = 1;
$num_modules = mysql_num_rows($result);
@ -673,11 +673,11 @@ function display_all_learnpath()
echo "<td bgcolor=\"$color2\" align=center><a href='".api_get_self()."?action=deletepath&id=".$row["lp_id"]."'&SQMSESSID=36812c2dea7d8d6e708d5e6a2f09b0b9><img src=\"../img/delete.gif\" border=\"0\" title=\"$lang_delete_learnpath\" onclick=\"return confirmation('".$row2['learnpath_name']."');\"></a></td>";
$id = $row["lp_id"];
$sql2 = "SELECT * FROM $tbl_learnpath_main where lp_id=$id";
$result2 = api_sql_query($sql2, __FILE__, __LINE__);
$result2 = Database::query($sql2, __FILE__, __LINE__);
$row2 = mysql_fetch_array($result2);
$name = $row2['learnpath_name'];
$sql3 = "SELECT * FROM $tbl_tool where (name=\"$name\" and image='scormbuilder.gif')";
$result3 = api_sql_query($sql3, __FILE__, __LINE__);
$result3 = Database::query($sql3, __FILE__, __LINE__);
$row3 = mysql_fetch_array($result3);
if (($row3["visibility"]) == '1')
{
@ -706,7 +706,7 @@ function display_learnpath_items($categoryid)
$tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM);
$sql_items = "SELECT * FROM $tbl_lp_item WHERE parent_item_id='$categoryid' ORDER BY display_order ASC";
$result_items = api_sql_query($sql_items,__FILE__,__LINE__);
$result_items = Database::query($sql_items,__FILE__,__LINE__);
$number_items = Database::num_rows($result_items);
$i = 1;
error_log('Selected item under '.$categoryid,0);
@ -742,7 +742,7 @@ function display_learnpath_items($categoryid)
//{
//item
$sql_items2 = "SELECT * FROM $tbl_lp_item WHERE id='$prereq'"; //check if prereq has been deleted
$result_items2 = api_sql_query($sql_items2);
$result_items2 = Database::query($sql_items2);
$number_items2 = Database::num_rows($result_items2);
if ($number_items2 == 0)
{
@ -759,7 +759,7 @@ function display_learnpath_items($categoryid)
{
//chapter
$sql_items2 = "SELECT * FROM $tbl_learnpath_chapter WHERE id='$prereq'"; //check if prereq has been deleted
$result_items2 = api_sql_query($sql_items2,__FILE__,__LINE__);
$result_items2 = Database::query($sql_items2,__FILE__,__LINE__);
$number_items2 = Database::num_rows($result_items2);
if ($number_items2 == 0)
{
@ -819,12 +819,12 @@ function learnpath_items($itemid)
$tbl_learnpath_item = Database :: get_course_table(TABLE_LEARNPATH_ITEM);
$sql_items = "SELECT parent_item_id FROM $tbl_lp_item WHERE id='$itemid'";
$moduleid_sql = api_sql_query($sql_items);
$moduleid_sql = Database::query($sql_items);
$moduleid_array = mysql_fetch_array($moduleid_sql); //first row of the results
$moduleid = $moduleid_array["parent_item_id"];
$sql_items = "SELECT * FROM $tbl_lp_item WHERE parent_item_id='$moduleid' ORDER BY display_order ASC";
$result_items = api_sql_query($sql_items);
$result_items = Database::query($sql_items);
$ar = mysql_fetch_array($result_items);
while ($ar != '')
{
@ -849,7 +849,7 @@ function learnpath_chapters($learnpath_id)
$sql_items = "SELECT * FROM $tbl_lp_item WHERE lp_id='$learnpath_id' AND item_type='dokeos_chapter' ORDER BY display_order ASC";
//$sql_items = "SELECT * FROM $tbl_learnpath_chapter WHERE lp_id='$learnpath_id' ORDER BY display_order ASC";
$result_items = api_sql_query($sql_items, __FILE__, __LINE__);
$result_items = Database::query($sql_items, __FILE__, __LINE__);
$ar = mysql_fetch_array($result_items);
while ($ar != '')
{
@ -873,12 +873,12 @@ function is_prereq($learnpath_id)
$prereq = false;
$sql_items = "SELECT * FROM $tbl_lp_item WHERE lp_id='$learnpath_id' AND parent_item_id=0 ORDER BY display_order ASC";
$result_items = api_sql_query($sql_items,__FILE__,__LINE__);
$result_items = Database::query($sql_items,__FILE__,__LINE__);
while ($ar = Database::fetch_array($result_items))
{
$c = $ar['id'];
$sql_items2 = "SELECT * FROM $tbl_lp_item WHERE lp_id = $learnpath_id AND parent_item_id='$c' ORDER BY display_order ASC";
$result_items2 = api_sql_query($sql_items2,__FILE__,__LINE__);
$result_items2 = Database::query($sql_items2,__FILE__,__LINE__);
while ($ar2 = Database::fetch_array($result_items2))
{
if ($ar2['prerequisite'] != '')
@ -909,7 +909,7 @@ function prereqcheck($id_in_path)
//3 Get item data from the database
$sql_items = "SELECT * FROM $tbl_learnpath_item WHERE id='$id_in_path'";
$result_items = api_sql_query($sql_items);
$result_items = Database::query($sql_items);
$row = mysql_fetch_array($result_items);
//4 Check prerequisite's type
if ($row['prereq_type'] == 'i')
@ -929,7 +929,7 @@ function prereqcheck($id_in_path)
$user_id = $_user['user_id'];
}
$sql_items3 = "SELECT * FROM $tbl_learnpath_user WHERE (learnpath_item_id='$id_in_path3' and user_id=$user_id)";
$result_items3 = api_sql_query($sql_items3);
$result_items3 = Database::query($sql_items3);
$row3 = mysql_fetch_array($result_items3);
//4.a.3 Get the link that needs to be shown for the current item (not the prereq)
@ -939,7 +939,7 @@ function prereqcheck($id_in_path)
//4.a.4 Get the prerequisite item
$sql6 = "SELECT * FROM $tbl_learnpath_item WHERE (id='$id_in_path3')";
$result6 = api_sql_query($sql6);
$result6 = Database::query($sql6);
$row6 = mysql_fetch_array($result6);
//4.a.5 Get a link to the prerequisite item
$prereqname = display_addedresource_link_in_learnpath($row6['item_type'], $row6['ref'], '', $id_in_path3, 'builder', 'nolink'); //this is the prereq of the step we want to open
@ -984,7 +984,7 @@ function prereqcheck($id_in_path)
$id_in_path2 = $row['prereq_id'];
//4.b.2 Get all items in the prerequisite chapter
$sql_items3 = "SELECT * FROM $tbl_lp_item WHERE parent_item_id='$id_in_path2'";
$result_items3 = api_sql_query($sql_items3);
$result_items3 = Database::query($sql_items3);
$allcompleted = true;
while ($row3 = mysql_fetch_array($result_items3))
{
@ -1001,7 +1001,7 @@ function prereqcheck($id_in_path)
}
//4.b.3.2 Get user-item relation
$sql_items4 = "SELECT * FROM $tbl_learnpath_user WHERE (learnpath_item_id='$id_in_path4' and user_id=$user_id)";
$result_items4 = api_sql_query($sql_items4);
$result_items4 = Database::query($sql_items4);
$row4 = mysql_fetch_array($result_items4);
//4.b.3.3 If any of these elements is not 'completed', the overall completion status is false
if ($row4['status'] != "completed" and $row4['status'] != 'passed')
@ -1018,7 +1018,7 @@ function prereqcheck($id_in_path)
{
//4.b.4.b Something was not completed. Return corresponding message
$sql5 = "SELECT * FROM $tbl_learnpath_chapter WHERE (lp_id='$learnpath_id' and id='$id_in_path2')";
$result5 = api_sql_query($sql5);
$result5 = Database::query($sql5);
$row5 = mysql_fetch_array($result5);
$prereqmodulename = trim($row5['chapter_name']);
$prereq = $langPrereqModuleMinimum1.$prereqmodulename.$langPrereqModuleMinimum2;
@ -1061,7 +1061,7 @@ function get_learnpath_tree($learnpath_id)
$all_items_by_chapter = array ();
$sql = "SELECT * FROM $tbl_lp_item WHERE lp_id = ".$learnpath_id." AND item_type='dokeos_chapter' ORDER BY display_order";
//error_log('New LP - learnpath_functions - get_learnpath_tree: '.$sql,0);
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
// format the $chapters_by_parent array so we have a suitable structure to work with
while ($row = Database::fetch_array($res))
{
@ -1082,7 +1082,7 @@ function get_learnpath_tree($learnpath_id)
// select items from this chapter
$sql = "SELECT * FROM $tbl_lp_item WHERE lp_id = $learnpath_id AND parent_item_id = ".$row['id']." ORDER BY display_order";
//error_log('New LP - learnpath_functions - get_learnpath_tree: '.$sql,0);
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
//error_log('New LP - learnpath_functions - get_learnpath_tree: Found '.Database::num_rows($res).' results',0);
while ($myrow = mysql_fetch_array($res, MYSQL_ASSOC))
{
@ -1195,7 +1195,7 @@ function display_toc_chapter_contents($tree, $parent_item_id = 0, $learnpath_id,
{
// If this element is an item (understand: not a directory/module)
$sql0 = "SELECT * FROM $tbl_learnpath_user WHERE (user_id='".$uid."' and learnpath_item_id='".$elem['id']."' and lp_id='".$learnpath_id."')";
$result0 = api_sql_query($sql0, __FILE__, __LINE__);
$result0 = Database::query($sql0, __FILE__, __LINE__);
$row0 = mysql_fetch_array($result0);
$completed = '';
@ -1294,7 +1294,7 @@ function get_tracking_table($learnpath_id, $user_id, $parent_item_id = 0, $tree
{
$sql = "SELECT * FROM $tbl_learnpath_user "."WHERE user_id = $user_id "."AND lp_id = $learnpath_id "."AND learnpath_item_id = ".$elem['id'];
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$myrow = mysql_fetch_array($res);
if (($myrow['status'] == 'completed') || ($myrow['status'] == 'passed'))
@ -1335,7 +1335,7 @@ function is_empty($id)
$tbl_learnpath_chapter = Database :: get_course_table(TABLE_LEARNPATH_CHAPTER);
$sql = "SELECT * FROM $tbl_learnpath_chapter WHERE lp_id=$id ORDER BY display_order ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$num_modules = mysql_num_rows($result);
$empty = true;
@ -1347,7 +1347,7 @@ function is_empty($id)
$num_items = 0;
$parent_item_id = $row['id'];
$sql2 = "SELECT * FROM $tbl_learnpath_item WHERE (parent_item_id=$parent_item_id) ORDER BY display_order ASC";
$result2 = api_sql_query($sql2, __FILE__, __LINE__);
$result2 = Database::query($sql2, __FILE__, __LINE__);
$num_items = mysql_num_rows($result2);
if ($num_items > 0)
{
@ -1693,7 +1693,7 @@ function exportitem($id, $item_id, $item_type, $add_scorm_communications = false
//1 Get agenda event data from the database table
$TABLEAGENDA = Database :: get_course_table(TABLE_AGENDA);
$sql = "SELECT * FROM ".$TABLEAGENDA." where (id=$item_id)";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
//2 Prepare table output
$expcontent .= "<table class=\"data_table\" >";
@ -1768,7 +1768,7 @@ function exportitem($id, $item_id, $item_type, $add_scorm_communications = false
//1 Get the announcement data from the database
$tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT);
$sql = "SELECT * FROM $tbl_announcement where id='$item_id'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
//2 Initialise export string
$expcontent .= "<table class=\"data_table\">";
@ -1813,7 +1813,7 @@ function exportitem($id, $item_id, $item_type, $add_scorm_communications = false
case "Course_description" :
//1 Get course description data from database
$tbl_course_description = Database :: get_course_table(TABLE_COURSE_DESCRIPTION);
$result = api_sql_query("SELECT id, title, content FROM ".$tbl_course_description." ORDER BY id", __FILE__, __LINE__);
$result = Database::query("SELECT id, title, content FROM ".$tbl_course_description." ORDER BY id", __FILE__, __LINE__);
//2 Check this element
if (mysql_num_rows($result))
@ -1844,7 +1844,7 @@ function exportitem($id, $item_id, $item_type, $add_scorm_communications = false
//1 Get the document data from the database
$tbl_document = Database::get_course_table(TABLE_DOCUMENT);
$sql_query = "SELECT * FROM $tbl_document WHERE id=$item_id";
$sql_result = api_sql_query($sql_query, __FILE__, __LINE__);
$sql_result = Database::query($sql_query, __FILE__, __LINE__);
$myrow = mysql_fetch_array($sql_result);
//2 Get the origin path of the document to treat it internally
$orig = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document'.$myrow["path"];
@ -1957,7 +1957,7 @@ function exportitem($id, $item_id, $item_type, $add_scorm_communications = false
case "Introduction_text" :
//1 Get the introduction text data from the database
$TBL_INTRO = Database :: get_course_tool_intro_table();
$result = api_sql_query("SELECT * FROM ".$TBL_INTRO." WHERE id=1");
$result = Database::query("SELECT * FROM ".$TBL_INTRO." WHERE id=1");
$myrow = mysql_fetch_array($result);
$intro = $myrow["intro_text"];
//2 Write introduction text to the export string
@ -1968,7 +1968,7 @@ function exportitem($id, $item_id, $item_type, $add_scorm_communications = false
case "HotPotatoes" :
//1 Get HotPotatoes data from the document table
$tbl_document = Database::get_course_table(TABLE_DOCUMENT);
$result = api_sql_query("SELECT * FROM $tbl_document WHERE id=$item_id", __FILE__, __LINE__);
$result = Database::query("SELECT * FROM $tbl_document WHERE id=$item_id", __FILE__, __LINE__);
$myrow = mysql_fetch_array($result);
//2 Get the document path
$testfile = api_get_path(SYS_COURSE_PATH).$_course['path']."/document".urldecode($myrow['path']);
@ -2046,11 +2046,11 @@ function exportitem($id, $item_id, $item_type, $add_scorm_communications = false
//1 Get the forum post data from the database
$tbl_posts =Database::get_course_table(TABLE_FORUM_POST);
$tbl_posts_text =Database::get_course_table(TOOL_FORUM_POST_TEXT_TABLE);
$result = api_sql_query("SELECT * FROM $tbl_posts where post_id=$item_id", __FILE__, __LINE__);
$result = Database::query("SELECT * FROM $tbl_posts where post_id=$item_id", __FILE__, __LINE__);
$myrow = mysql_fetch_array($result);
// grabbing the title of the post
$sql_titel = "SELECT * FROM $tbl_posts_text WHERE post_id=".$myrow["post_id"];
$result_titel = api_sql_query($sql_titel, __FILE__, __LINE__);
$result_titel = Database::query($sql_titel, __FILE__, __LINE__);
$myrow_titel = mysql_fetch_array($result_titel);
$posternom = $myrow['nom'];
@ -2092,7 +2092,7 @@ function exportitem($id, $item_id, $item_type, $add_scorm_communications = false
case "Link _blank" :
//1 Get the link data from the database
$TABLETOOLLINK = Database :: get_course_link_table();
$result = api_sql_query("SELECT * FROM $TABLETOOLLINK WHERE id=$item_id", __FILE__, __LINE__);
$result = Database::query("SELECT * FROM $TABLETOOLLINK WHERE id=$item_id", __FILE__, __LINE__);
$myrow = mysql_fetch_array($result);
$thelink = $myrow["url"];
//2 Check the link type (open in blank page or in current page)
@ -2199,7 +2199,7 @@ function exportpath($learnpath_id)
//2 Get the name of the LP
include_once (api_get_path(LIBRARY_PATH)."fileUpload.lib.php");
$sql = "SELECT * FROM $tbl_learnpath_main WHERE (lp_id=$learnpath_id)";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_array($result);
$LPname = $row['learnpath_name'];
$LPnamesafe = replace_dangerous_char($LPname, 'strict');
@ -2228,7 +2228,7 @@ function exportpath($learnpath_id)
//to get all the elements, we should use the function that builds the table of content get_learnpath_tree
//WHERE (lp_id=$learnpath_id)
//ORDER BY parent_item_id, display_order ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
//5 export the items listed in Circle I one by one
while ($row = mysql_fetch_array($result))
@ -2236,9 +2236,9 @@ function exportpath($learnpath_id)
//5.1 Get items data from the database for this chapter
$parent_item_id = $row['id'];
//$sql2a="SELECT * FROM $tbl_learnpath_chapter WHERE (lp_id=$learnpath_id and parent_item_id=$parent_item_id) ORDER BY display_order ASC";
//$result2a=api_sql_query($sql,__FILE__,__LINE__);
//$result2a=Database::query($sql,__FILE__,__LINE__);
$sql2b = "SELECT * FROM $tbl_learnpath_item WHERE (parent_item_id=$parent_item_id) ORDER BY display_order ASC";
$result2b = api_sql_query($sql2b, __FILE__, __LINE__);
$result2b = Database::query($sql2b, __FILE__, __LINE__);
while ($row2 = mysql_fetch_array($result2b))
{
@ -2455,7 +2455,7 @@ function createimsmanifest($circle1_files, $learnpath_id)
//if (!$desc=strpos($circle1_files[2][$i],'scription')) { //this is is needed if the descriptions are exported to file
$sql = "SELECT * FROM $tbl_learnpath_item WHERE (id=".$circle1_files[2][$i].")";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_array($result);
$parent_item_id = $row['parent_item_id'];
@ -2463,7 +2463,7 @@ function createimsmanifest($circle1_files, $learnpath_id)
{
//we create the item tag for the chapter (without indifierref)
$sql2 = "SELECT * FROM $tbl_learnpath_chapter WHERE (id=".$parent_item_id.")";
$result2 = api_sql_query($sql2, __FILE__, __LINE__);
$result2 = Database::query($sql2, __FILE__, __LINE__);
$row2 = mysql_fetch_array($result2);
$chapter_name = $row2['chapter_name'];

2
main/newscorm/lp_add.php
Unescape View File

@ -98,7 +98,7 @@ if ( (! $is_allowed_to_edit) or ($isStudentView) )
//from here on, we are admin because of the previous condition, so don't check anymore
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$result=api_sql_query($sql_query);
$result=Database::query($sql_query);
$therow=Database::fetch_array($result);
/*

2
main/newscorm/lp_add_item.php
Unescape View File

@ -196,7 +196,7 @@ if ( (! $is_allowed_to_edit) or ($isStudentView) )
//from here on, we are admin because of the previous condition, so don't check anymore
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$result=api_sql_query($sql_query);
$result=Database::query($sql_query);
$therow=Database::fetch_array($result);
//$admin_output = '';

6
main/newscorm/lp_admin_view.php
Unescape View File

@ -101,7 +101,7 @@ if ( (! $is_allowed_to_edit) or ($isStudentView) )
//from here on, we are admin because of the previous condition, so don't check anymore
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$result=api_sql_query($sql_query);
$result=Database::query($sql_query);
$therow=Database::fetch_array($result);
//$admin_output = '';
@ -213,7 +213,7 @@ if (isset($_POST['save_audio']))
}
if (count($lp_items_to_remove_audio)>0) {
$sql = "UPDATE $tbl_lp_item SET audio = '' WHERE id IN (".$in.")";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
// uploading the audio files
@ -274,7 +274,7 @@ if (isset($_POST['save_audio']))
// store the mp3 file in the lp_item table
$tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM);
$sql_insert_audio = "UPDATE $tbl_lp_item SET audio = '".Database::escape_string($file)."' WHERE id = '".Database::escape_string($lp_item_id)."'";
api_sql_query($sql_insert_audio, __FILE__, __LINE__);
Database::query($sql_insert_audio, __FILE__, __LINE__);
}
}

4
main/newscorm/lp_ajax_save_item.php
Unescape View File

@ -169,13 +169,13 @@ function save_item($lp_id,$user_id,$view_id,$item_id,$score=-1,$max=-1,$min=-1,$
$sql_last_connection="SELECT login_id, login_date FROM $tbl_track_login WHERE login_user_id='".api_get_user_id()."' ORDER BY login_date DESC LIMIT 0,1";
$q_last_connection=api_sql_query($sql_last_connection);
$q_last_connection=Database::query($sql_last_connection);
if(Database::num_rows($q_last_connection) > 0) {
$current_time=date('Y-m-d H:i:s');
$row = Database::fetch_array($q_last_connection);
$i_id_last_connection=$row['login_id'];
$s_sql_update_logout_date="UPDATE $tbl_track_login SET logout_date='".$current_time."' WHERE login_id='$i_id_last_connection'";
api_sql_query($s_sql_update_logout_date);
Database::query($s_sql_update_logout_date);
}
}

4
main/newscorm/lp_build.php
Unescape View File

@ -115,7 +115,7 @@ if($learnpath_id == 0)
FROM " . $tbl_lp . "
ORDER BY id DESC
LIMIT 0, 1";
$result = api_sql_query($sql);
$result = Database::query($sql);
$row = Database::fetch_array($result);
$learnpath_id = $row['id'];
@ -124,7 +124,7 @@ if($learnpath_id == 0)
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$result=api_sql_query($sql_query);
$result=Database::query($sql_query);
$therow=Database::fetch_array($result);
//$admin_output = '';

4
main/newscorm/lp_comm.server.php
Unescape View File

@ -178,13 +178,13 @@ function save_item($lp_id,$user_id,$view_id,$item_id,$score=-1,$max=-1,$min=-1,$
$sql_last_connection="SELECT login_id, login_date FROM $tbl_track_login WHERE login_user_id='".api_get_user_id()."' ORDER BY login_date DESC LIMIT 0,1";
$q_last_connection=api_sql_query($sql_last_connection);
$q_last_connection=Database::query($sql_last_connection);
if(Database::num_rows($q_last_connection) > 0)
{
$row = Database::fetch_array($q_last_connection);
$i_id_last_connection=$row['login_id'];
$s_sql_update_logout_date="UPDATE $tbl_track_login SET logout_date=NOW() WHERE login_id='$i_id_last_connection'";
api_sql_query($s_sql_update_logout_date);
Database::query($s_sql_update_logout_date);
}
}

2
main/newscorm/lp_controller.php
Unescape View File

@ -111,7 +111,7 @@ if($lp_found == false || (!empty($_REQUEST['lp_id']) && $_SESSION['oLP']->get_id
$sel = "SELECT * FROM $lp_table WHERE id = $lp_id";
if($debug>0) error_log('New LP - querying '.$sel,0);
$res = api_sql_query($sel);
$res = Database::query($sel);
if(Database::num_rows($res)) {
$row = Database::fetch_array($res);
$type = $row['lp_type'];

4
main/newscorm/lp_edit_item.php
Unescape View File

@ -135,7 +135,7 @@ if ( (! $is_allowed_to_edit) or ($isStudentView) )
//from here on, we are admin because of the previous condition, so don't check anymore
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$result=api_sql_query($sql_query);
$result=Database::query($sql_query);
$therow=Database::fetch_array($result);
//$admin_output = '';
@ -216,7 +216,7 @@ echo '<table cellpadding="0" cellspacing="0" class="lp_build">';
$path_item = Database::escape_string($path_item);
$tbl_doc = Database :: get_course_table(TABLE_DOCUMENT);
$sql_doc = "SELECT path FROM " . $tbl_doc . " WHERE id = '". $path_item."' ";
$res_doc=api_sql_query($sql_doc, __FILE__, __LINE__);
$res_doc=Database::query($sql_doc, __FILE__, __LINE__);
$path_file=Database::result($res_doc,0,0);
$path_parts = pathinfo($path_file);

2
main/newscorm/lp_edit_item_prereq.php
Unescape View File

@ -104,7 +104,7 @@ if ( (! $is_allowed_to_edit) or ($isStudentView) )
//from here on, we are admin because of the previous condition, so don't check anymore
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$result=api_sql_query($sql_query);
$result=Database::query($sql_query);
$therow=Database::fetch_array($result);
//$admin_output = '';

2
main/newscorm/lp_header.php
Unescape View File

@ -34,7 +34,7 @@ $show_link = true;
if(!api_is_allowed_to_edit()) //if the user has no edit permission (simple user)
{
$course_tool_table = Database::get_course_table(TABLE_TOOL_LIST);
$result = api_sql_query("SELECT * FROM $course_tool_table WHERE name='learnpath'",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $course_tool_table WHERE name='learnpath'",__FILE__,__LINE__);
if(Database::num_rows($result)>0)
{
$row = Database::fetch_array($result);

2
main/newscorm/lp_move_item.php
Unescape View File

@ -110,7 +110,7 @@ if ( (! $is_allowed_to_edit) or ($isStudentView) )
//from here on, we are admin because of the previous condition, so don't check anymore
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$result=api_sql_query($sql_query);
$result=Database::query($sql_query);
$therow=Database::fetch_array($result);
//$admin_output = '';

24
main/newscorm/lp_stats.php
Unescape View File

@ -52,7 +52,7 @@ if($origin != 'tracking') {
$TBL_LP = Database :: get_course_table(TABLE_LP_MAIN);
$sql = "SELECT default_encoding FROM $TBL_LP " .
"WHERE id = '".(int)$_GET['lp_id']."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
if (Database :: num_rows($res) > 0) {
$row = Database::fetch_array($res);
$lp_charset = $row['default_encoding'];
@ -100,7 +100,7 @@ $tbl_stats_attempts= Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_ATT
$tbl_quiz_questions= Database :: get_course_table(TABLE_QUIZ_QUESTION);
$sql = "SELECT max(view_count) FROM $TBL_LP_VIEW " .
"WHERE lp_id = $lp_id AND user_id = '" . $user_id . "'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$view = '';
$num = 0;
if (Database :: num_rows($res) > 0) {
@ -130,7 +130,7 @@ if (isset($_GET['lp_id']) && isset($_GET['my_lp_id'])) {
$clean_lp_id = Database::escape_string($_GET['lp_id']);
$clean_course_code = Database :: escape_string($course_code);
$sql_path = "SELECT path FROM $TBL_LP_ITEM WHERE id = '$clean_lp_item_id' AND lp_id = '$clean_lp_id'";
$res_path = api_sql_query($sql_path,__FILE__,__LINE__);
$res_path = Database::query($sql_path,__FILE__,__LINE__);
$row_path = Database::fetch_array($res_path);
if (Database::num_rows($res_path) > 0 ){
@ -186,7 +186,7 @@ if (is_array($list) && count($list) > 0){
" ORDER BY iv.view_count $qry_order ";
}
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$num = Database :: num_rows($result);
$time_for_total = 'NaN';
@ -198,7 +198,7 @@ if (is_array($list) && count($list) > 0){
$my_path = Database::escape_string($row['path']);
$sql = "SELECT results_disabled FROM $TBL_QUIZ WHERE id ='".(int)$my_path."'";
$res_result_disabled = api_sql_query($sql,__FILE__,__LINE__);
$res_result_disabled = Database::query($sql,__FILE__,__LINE__);
$row_result_disabled = Database::fetch_row($res_result_disabled);
if (Database::num_rows($res_result_disabled) > 0 && (int)$row_result_disabled[0]===1) {
@ -383,7 +383,7 @@ if (is_array($list) && count($list) > 0){
$my_path = Database::escape_string($my_path);
$sql = "SELECT results_disabled FROM $TBL_QUIZ WHERE id ='".(int)$my_path."'";
$res_result_disabled = api_sql_query($sql,__FILE__,__LINE__);
$res_result_disabled = Database::query($sql,__FILE__,__LINE__);
$row_result_disabled = Database::fetch_row($res_result_disabled);
if (Database::num_rows($res_result_disabled) > 0 && (int)$row_result_disabled[0]===1) {
@ -442,7 +442,7 @@ if (is_array($list) && count($list) > 0){
$sql_last_attempt = 'SELECT * FROM ' . $tbl_stats_exercices . ' WHERE exe_exo_id="' . $row['path'] . '" AND exe_user_id="' . $student_id . '" AND orig_lp_id = "'.$lp_id.'" AND orig_lp_item_id = "'.$row['myid'].'" AND exe_cours_id="' . $course_code . '" AND status <> "incomplete" ORDER BY exe_date DESC limit 1';
}
$resultLastAttempt = api_sql_query($sql_last_attempt, __FILE__, __LINE__);
$resultLastAttempt = Database::query($sql_last_attempt, __FILE__, __LINE__);
$num = Database :: num_rows($resultLastAttempt);
if ($num > 0) {
while ($rowLA = Database :: fetch_array($resultLastAttempt)) {
@ -474,11 +474,11 @@ if (is_array($list) && count($list) > 0){
// get score and total time from last attempt of a exercise en lp
$sql = "SELECT score FROM $TBL_LP_ITEM_VIEW WHERE lp_item_id = '".(int)$my_id."' and lp_view_id = '".(int)$my_lp_view_id."'
ORDER BY view_count DESC limit 1";
$res_score = api_sql_query($sql,__FILE__,__LINE__);
$res_score = Database::query($sql,__FILE__,__LINE__);
$row_score = Database::fetch_array($res_score);
$sql = "SELECT SUM(total_time) as total_time FROM $TBL_LP_ITEM_VIEW WHERE lp_item_id = '".(int)$my_id."' and lp_view_id = '".(int)$my_lp_view_id."'";
$res_time = api_sql_query($sql,__FILE__,__LINE__);
$res_time = Database::query($sql,__FILE__,__LINE__);
$row_time = Database::fetch_array($res_time);
if (Database::num_rows($res_score) > 0 && Database::num_rows($res_time) > 0) {
@ -494,7 +494,7 @@ if (is_array($list) && count($list) > 0){
$sql = "SELECT SUM(t.ponderation) as maxscore from ( SELECT distinct question_id, marks,ponderation FROM $tbl_stats_attempts as at " .
"INNER JOIN $tbl_quiz_questions as q on(q.id = at.question_id) where exe_id ='$id_last_attempt' ) as t";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row_max_score = Database :: fetch_array($result);
$maxscore = $row_max_score['maxscore'];
}
@ -540,7 +540,7 @@ if (is_array($list) && count($list) > 0){
$sql_last_attempt = 'SELECT * FROM ' . $tbl_stats_exercices . ' WHERE exe_exo_id="' . $row['path'] . '" AND exe_user_id="' . $student_id . '" AND orig_lp_id = "'.$lp_id.'" AND orig_lp_item_id = "'.$row['myid'].'" AND exe_cours_id="' . Database :: escape_string($_GET['course']) . '" AND status <> "incomplete" ORDER BY exe_date DESC ';
}
$resultLastAttempt = api_sql_query($sql_last_attempt, __FILE__, __LINE__);
$resultLastAttempt = Database::query($sql_last_attempt, __FILE__, __LINE__);
$num = Database :: num_rows($resultLastAttempt);
if ($num > 0) {
if (isset($_GET['extend_attempt']) && $_GET['extend_attempt'] == 1 && (isset($_GET['lp_id']) && $_GET['lp_id'] == $my_lp_id) && (isset($_GET['my_lp_id']) && $_GET['my_lp_id'] == $my_id) ) {
@ -642,7 +642,7 @@ if (is_array($list) && count($list) > 0){
// attempts list by exercise
if ( (isset($_GET['lp_id']) && $_GET['lp_id'] == $my_lp_id ) && (isset($_GET['my_lp_id']) && $_GET['my_lp_id'] == $my_id)) {
$res_attempts = api_sql_query($sql_attempts,__FILE__,__LINE__);
$res_attempts = Database::query($sql_attempts,__FILE__,__LINE__);
$num_attempts = Database :: num_rows($res_attempts);
if ($row['item_type'] === 'quiz') {
if ($num_attempts > 0) {

14
main/newscorm/lp_view.php
Unescape View File

@ -180,7 +180,7 @@ if ($type_quiz && !empty($_REQUEST['exeId']) && isset($_GET['lp_id']) && isset($
if ($safe_id == strval(intval($safe_id)) && $safe_item_id == strval(intval($safe_item_id))) {
$sql = 'SELECT start_date,exe_date,exe_result,exe_weighting FROM ' . $TBL_TRACK_EXERCICES . ' WHERE exe_id = '.(int)$safe_exe_id;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$row_dates = Database::fetch_array($res);
$time_start_date = convert_mysql_date($row_dates['start_date']);
@ -191,18 +191,18 @@ if ($type_quiz && !empty($_REQUEST['exeId']) && isset($_GET['lp_id']) && isset($
$sql_upd_status = "UPDATE $TBL_LP_ITEM_VIEW SET status = 'completed' WHERE lp_item_id = '".(int)$safe_item_id."'
AND lp_view_id = (SELECT lp_view.id FROM $TBL_LP_VIEW lp_view WHERE user_id = '".(int)$_SESSION['oLP']->user_id."' AND lp_id='".(int)$safe_id."')";
api_sql_query($sql_upd_status,__FILE__,__LINE__);
Database::query($sql_upd_status,__FILE__,__LINE__);
$sql_upd_max_score = "UPDATE $TBL_LP_ITEM SET max_score = '$max_score' WHERE id = '".(int)$safe_item_id."'";
api_sql_query($sql_upd_max_score,__FILE__,__LINE__);
Database::query($sql_upd_max_score,__FILE__,__LINE__);
$sql_last_attempt = "SELECT id FROM $TBL_LP_ITEM_VIEW WHERE lp_item_id = '$safe_item_id' AND lp_view_id = '".$_SESSION['oLP']->lp_view_id."' order by id desc limit 1";
$res_last_attempt = api_sql_query($sql_last_attempt,__FILE__,__LINE__);
$res_last_attempt = Database::query($sql_last_attempt,__FILE__,__LINE__);
$row_last_attempt = Database::fetch_row($res_last_attempt);
if (Database::num_rows($res_last_attempt)>0) {
$sql_upd_score = "UPDATE $TBL_LP_ITEM_VIEW SET score = $score,total_time = $mytime WHERE id='".$row_last_attempt[0]."'";
api_sql_query($sql_upd_score,__FILE__,__LINE__);
Database::query($sql_upd_score,__FILE__,__LINE__);
}
}
@ -293,7 +293,7 @@ if($_SESSION['oLP']->mode == 'fullscreen') {
$show_audioplayer = false;
// getting all the information about the item
$sql = "SELECT audio FROM " . $tbl_lp_item . " WHERE lp_id = '" . $_SESSION['oLP']->lp_id."'";
$res_media= api_sql_query($sql, __FILE__, __LINE__);
$res_media= Database::query($sql, __FILE__, __LINE__);
if(Database::num_rows($res_media) > 0){
while($row_media= Database::fetch_array($res_media)) {
@ -501,7 +501,7 @@ else
$show_audioplayer = false;
// getting all the information about the item
$sql = "SELECT audio FROM " . $tbl_lp_item . " WHERE lp_id = '" . $_SESSION['oLP']->lp_id."'";
$res_media= api_sql_query($sql, __FILE__, __LINE__);
$res_media= Database::query($sql, __FILE__, __LINE__);
if(Database::num_rows($res_media) > 0){
while($row_media= Database::fetch_array($res_media)) {

2
main/newscorm/lp_view_item.php
Unescape View File

@ -113,7 +113,7 @@ if ( (! $is_allowed_to_edit) or ($isStudentView) )
//from here on, we are admin because of the previous condition, so don't check anymore
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$result=api_sql_query($sql_query);
$result=Database::query($sql_query);
$therow=Database::fetch_array($result);
//$admin_output = '';

2
main/newscorm/openoffice_presentation.class.php
Unescape View File

@ -172,7 +172,7 @@ class OpenofficePresentation extends OpenofficeDocument {
$sql = 'INSERT INTO %s (id, course_code, tool_id, ref_id_high_level, ref_id_second_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, api_get_course_id(), TOOL_LEARNPATH, $lp_id, $previous, $did);
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
}
}

2
main/newscorm/openoffice_text.class.php
Unescape View File

@ -265,7 +265,7 @@ class OpenofficeText extends OpenofficeDocument {
$sql = 'INSERT INTO %s (id, course_code, tool_id, ref_id_high_level, ref_id_second_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, api_get_course_id(), TOOL_LEARNPATH, $lp_id, $previous, $did);
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
}
}

2
main/newscorm/openoffice_text_document.class.php
Unescape View File

@ -263,7 +263,7 @@ class OpenOfficeTextDocument extends OpenofficeDocument {
$sql = 'INSERT INTO %s (id, course_code, tool_id, ref_id_high_level, ref_id_second_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, api_get_course_id(), TOOL_LEARNPATH, $lp_id, $previous, $did);
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
}
}

168
main/newscorm/resourcelinker.inc.php
Unescape View File

@ -113,7 +113,7 @@ function show_documents($folder)
$item_property_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$document_table = Database::get_course_table(TABLE_DOCUMENT);
$sql="SELECT * from $document_table, $item_property_table WHERE id=ref AND tool = '".TOOL_DOCUMENT."' AND $visibility AND to_group_id = 0 AND to_user_id IS NULL ORDER BY path ASC";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
while ($row=mysql_fetch_array($result))
{
if (!$folder)
@ -248,7 +248,7 @@ function store_resources($source_type, $source_id)
foreach ($addedresource as $resource_type)
{
$sql="INSERT INTO $resource_table (source_type, source_id, resource_type, resource_id) VALUES ('$source_type', '$source_id', '$resource_type', '".$addedresourceid[key($addedresource)]."')";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
$i=key($addedresource);
next($addedresource);
}
@ -281,31 +281,31 @@ function display_addedresource_link($type, $id, $style='')
{
case 'Agenda':
$TABLEAGENDA = $_course['dbNameGlu'].'calendar_event';
$result = api_sql_query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
echo '<img src="../img/agenda.gif" align="middle" /> <a href="../calendar/agenda.php"'.$styling.'>'.$myrow['title']."</a><br />\n";
break;
case 'Ad_Valvas':
$tbl_announcement = $_course['dbNameGlu'].'announcement';
$result = api_sql_query("SELECT * FROM `$tbl_announcement` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$tbl_announcement` WHERE id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
echo '<img src="../img/valves.gif" align="middle" /> <a href="../announcements/announcements.php"'.$styling.'>'.$myrow['title']."</a><br />\n";
break;
case 'Link':
$TABLETOOLLINK = $_course['dbNameGlu'].'link';
$result = api_sql_query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
echo '<img src="../img/links.gif" align="middle" /> <a href="#" onclick="javascript:window.open(\'../link/link_goto.php?link_id='.$myrow['id'].'&amp;link_url='.urlencode($myrow['url'])."','MyWindow','width=500,height=400,top='+((screen.height-400)/2)+',left='+((screen.width-500)/2)+',scrollbars=1,resizable=1,menubar=1'); return false;\"".$styling.'>'.$myrow['title']."</a><br />\n";
break;
case 'Exercise':
$TBL_EXERCICES = $_course['dbNameGlu'].'quiz';
$result = api_sql_query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
echo '<img src="../img/quiz.gif" align="middle" /> <a href="../exercice/exercice_submit.php?exerciseId='.$myrow['id'].'"'.$styling.'>'.$myrow['title']."</a><br />\n";
break;
case 'Forum':
$TBL_FORUMS = $_course['dbNameGlu'].'bb_forums';
$result = api_sql_query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
echo '<img src="../img/forum.gif" align="middle" /> <a href="../phpbb/viewforum.php?forum='.$myrow['forum_id'].'&amp;md5='.$myrow['md5'].'"'.$styling.'>'.$myrow['forum_name']."</a><br />\n";
break;
@ -313,24 +313,24 @@ function display_addedresource_link($type, $id, $style='')
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$tbl_posts_text = $_course['dbNameGlu'].'bb_posts_text';
$TBL_FORUMS = $_course['dbNameGlu'].'bb_forums';
$result = api_sql_query("SELECT * FROM `$tbl_posts` posts, `$TBL_FORUMS` forum WHERE forum.forum_id=posts.forum_id and post_id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$tbl_posts` posts, `$TBL_FORUMS` forum WHERE forum.forum_id=posts.forum_id and post_id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
// grabbing the title of the post
$sql_title = "SELECT * FROM `$tbl_posts_text` WHERE post_id=".$myrow["post_id"];
$result_title = api_sql_query($sql_title,__FILE__,__LINE__);
$result_title = Database::query($sql_title,__FILE__,__LINE__);
$myrow_title = mysql_fetch_array($result_title);
echo '<img src="../img/forum.gif" align="middle" /> <a href="../phpbb/viewtopic.php?topic='.$myrow['topic_id'].'&amp;forum='.$myrow['forum_id'].'&amp;md5='.$myrow['md5'].'"'.$styling.'>'.$myrow_title['post_title']."</a><br />\n";
break;
case 'Post':
$tbl_post = Database::get_course_table(TABLE_FORUM_POST);
$sql = "SELECT * FROM $tbl_post p WHERE post_id = $id";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$post = mysql_fetch_object($result);
echo '<img src="../img/forum.gif" align="middle" /> <a href="../phpbb/viewtopic.php?topic='.$post->topic_id.'&amp;forum='.$post->forum_id.'"'.$styling.'>'.$post->post_title."</a><br />\n";
break;
case 'Document':
$dbTable = $_course['dbNameGlu'].'document';
$result = api_sql_query("SELECT * FROM `$dbTable` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$dbTable` WHERE id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
$pathname = explode('/',$myrow['path']); // making a correct name for the link
$last = count($pathname) - 1; // making a correct name for the link
@ -385,11 +385,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case TOOL_CALENDAR_EVENT:
case "Agenda":
$TABLEAGENDA = $_course['dbNameGlu']."calendar_event";
$result = api_sql_query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
$desc=$row['description'];
$agenda_id=$row['item_id'];
@ -435,11 +435,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case TOOL_ANNOUNCEMENT:
case "Ad_Valvas":
$tbl_announcement = $_course['dbNameGlu']."announcement";
$result = api_sql_query("SELECT * FROM `$tbl_announcement` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$tbl_announcement` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["content"]=$row['title']; }
$desc=$row['description'];
$ann_id=$row['item_id'];
@ -495,11 +495,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case TOOL_LINK:
case "Link" :
$TABLETOOLLINK = $_course['dbNameGlu']."link";
$result= api_sql_query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -554,14 +554,14 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case TOOL_QUIZ:
case "Exercise":
$TBL_EXERCICES = $_course['dbNameGlu'].'quiz';
$result= api_sql_query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
if ($builder=='builder') { $origin='builder'; }
//this is needed for the exercise_submit.php can delete the session info about tests
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
$desc=$row['description'];
@ -612,7 +612,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "HotPotatoes":
$TBL_DOCUMENT = $_course['dbNameGlu'].'document';
$documentPath=api_get_path('SYS_COURSE_PATH').$_course['path'].'/document';
$result = api_sql_query("SELECT * FROM `".$TBL_DOCUMENT."` WHERE id=$id");
$result = Database::query("SELECT * FROM `".$TBL_DOCUMENT."` WHERE id=$id");
$myrow= mysql_fetch_array($result);
$path=$myrow["path"];
$name=GetQuizName($path,$documentPath);
@ -621,7 +621,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
//this is needed for the exercise_submit.php can delete the session info about tests
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -670,11 +670,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case TOOL_FORUM:
case "Forum":
$TBL_FORUMS = Database::get_course_table(TABLE_FORUM,$_course['database']);
$result= api_sql_query("SELECT * FROM $TBL_FORUMS WHERE forum_id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM $TBL_FORUMS WHERE forum_id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["forum_name"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -722,11 +722,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Thread": //forum post
$tbl_topics = Database::get_course_table(TABLE_FORUM_THREAD,$_course['database']);
$sql="SELECT * FROM $tbl_topics where topic_id=$id";
$result= api_sql_query($sql,__FILE__,__LINE__);
$result= Database::query($sql,__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["topic_title"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -774,15 +774,15 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$tbl_posts_text = $_course['dbNameGlu'].'bb_posts_text';
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$result= api_sql_query("SELECT * FROM `$tbl_posts` where post_id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$tbl_posts` where post_id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
// grabbing the title of the post
$sql_titel="SELECT * FROM `$tbl_posts_text` WHERE post_id=".$myrow["post_id"];
$result_titel=api_sql_query($sql_titel,__FILE__,__LINE__);
$result_titel=Database::query($sql_titel,__FILE__,__LINE__);
$myrow_titel=mysql_fetch_array($result_titel);
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow_titel["post_title"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -838,7 +838,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
$dbTable = $_course['dbNameGlu']."document";
$mysql = "SELECT * FROM `$dbTable` WHERE id=$id";
//error_log('New LP - Querying document table: '.$mysql,0);
$result = api_sql_query($mysql,__FILE__,__LINE__);
$result = Database::query($mysql,__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$pathname=explode("/",$myrow["path"]); // making a correct name for the link
@ -861,7 +861,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
$sql="select * from $tbl_lp_item where id=$id_in_path";
//error_log('New LP - Querying lp_item table: '.$sql,0);
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $filename=$row['title']; }
$desc=$row['description'];
@ -906,7 +906,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Assignments":
$name=get_lang('Assignments');
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -955,7 +955,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Dropbox":
$name=get_lang('Dropbox');
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -994,7 +994,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Introduction_text":
$name=get_lang('IntroductionText');
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -1035,7 +1035,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Course_description":
$name=get_lang('CourseDescription');
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -1075,7 +1075,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Groups":
$name=get_lang('Groups');
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -1114,7 +1114,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Users":
$name=get_lang('Users');
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -1180,11 +1180,11 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
{
case "Agenda":
$TABLEAGENDA = $_course['dbNameGlu']."calendar_event";
$result = api_sql_query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
$desc=$row['description'];
$agenda_id=$row['item_id'];
@ -1201,7 +1201,7 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Ad_Valvas":
$tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT);
$result = api_sql_query("SELECT * FROM $tbl_announcement WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $tbl_announcement WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
if ($builder != 'builder')
@ -1216,11 +1216,11 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Link" :
$TABLETOOLLINK = $_course['dbNameGlu']."link";
$result= api_sql_query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$thelink=$myrow["url"];
if ($builder != 'builder')
@ -1235,14 +1235,14 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Exercise":
$TBL_EXERCICES = $_course['dbNameGlu'].'quiz';
$result= api_sql_query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
if ($builder=='builder') { $origin='builder'; }
//this is needed for the exercise_submit.php can delete the session info about tests
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
if ($builder != 'builder')
@ -1258,7 +1258,7 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "HotPotatoes":
$TBL_DOCUMENT = $_course['dbNameGlu'].'document';
$documentPath=api_get_path('SYS_COURSE_PATH').$_course['path'].'/document';
$result = api_sql_query("SELECT * FROM `".$TBL_DOCUMENT."` WHERE id=$id");
$result = Database::query("SELECT * FROM `".$TBL_DOCUMENT."` WHERE id=$id");
$myrow= mysql_fetch_array($result);
$path=$myrow["path"];
$name=GetQuizName($path,$documentPath);
@ -1279,13 +1279,13 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Forum":
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums"; // TODO: This is the old table name, it should be corrected.
$result= api_sql_query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
if ($builder=='builder') { $origin='builder'; }
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["forum_name"]=$row['title']; }
if ($myrow["forum_name"]=='') { $type="Forum"; }
@ -1306,11 +1306,11 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$sql="SELECT * FROM `$tbl_topics` where topic_id=$id";
$result= api_sql_query($sql,__FILE__,__LINE__);
$result= Database::query($sql,__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($builder != 'builder')
{
@ -1326,15 +1326,15 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$tbl_posts_text = $_course['dbNameGlu'].'bb_posts_text';
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$result= api_sql_query("SELECT * FROM `$tbl_posts` where post_id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$tbl_posts` where post_id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
// grabbing the title of the post
$sql_titel="SELECT * FROM `$tbl_posts_text` WHERE post_id=".$myrow["post_id"];
$result_titel=api_sql_query($sql_titel,__FILE__,__LINE__);
$result_titel=Database::query($sql_titel,__FILE__,__LINE__);
$myrow_titel=mysql_fetch_array($result_titel);
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow_titel["post_title"]=$row['title']; }
$desc=$row['description'];
$link .= str_repeat("&nbsp;&gt;",$level);
@ -1356,7 +1356,7 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Document":
$dbTable = $_course['dbNameGlu']."document";
$result=api_sql_query("SELECT * FROM `$dbTable` WHERE id=$id",__FILE__,__LINE__);
$result=Database::query("SELECT * FROM `$dbTable` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$pathname=explode("/",$myrow["path"]); // making a correct name for the link
@ -1364,7 +1364,7 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
$filename=$pathname[$last]; // making a correct name for the link
$sql="select * from $tbl_lp_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($builder != 'builder')
{
@ -1476,7 +1476,7 @@ function delete_one_added_resource($source_type, $source_id, $resource_type, $re
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="DELETE FROM `$TABLERESOURCE` WHERE source_type='$source_type' and source_id='$source_id' and resource_type='$resource_type' and resource_id='$resource_id'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
/**
@ -1488,7 +1488,7 @@ function delete_added_resource($type, $id)
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="DELETE FROM `$TABLERESOURCE` WHERE source_type='$type' and source_id='$id'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
/**
@ -1502,7 +1502,7 @@ function delete_all_resources_type($type)
$sql="DELETE FROM `$TABLERESOURCE` WHERE source_type='$type'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
/**
@ -1513,7 +1513,7 @@ function check_added_resources($type, $id)
global $_course, $origin;
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="SELECT * FROM `$TABLERESOURCE` WHERE source_type='$type' and source_id='$id'";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$number_added=mysql_num_rows($result);
if ($number_added<>0)
return true;
@ -1532,7 +1532,7 @@ function edit_added_resources($type, $id)
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="SELECT * FROM `$TABLERESOURCE` WHERE source_type='$type' and source_id=$id";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
while ($row=mysql_fetch_array($result))
{
$addedresource[]=$row["resource_type"];
@ -1554,7 +1554,7 @@ function update_added_resources($type, $id)
// delete all the added resources for this item in the database;
$sql="DELETE FROM `$TABLERESOURCE` WHERE source_type='$type' AND source_id='$id'";
//echo $sql;
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
// store the resources from the session into the database
store_resources($type, $id);
@ -1575,7 +1575,7 @@ function display_added_resources($type, $id, $style='')
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="SELECT * FROM `$TABLERESOURCE` WHERE source_type='$type' and source_id='$id'";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
while ($row=mysql_fetch_array($result))
{
if ($origin != 'learnpath')
@ -1712,32 +1712,32 @@ function rl_get_html_resource_link($course_code, $type, $id, $style='', $new_win
{
case TOOL_CALENDAR_EVENT:
$TABLEAGENDA = Database::get_course_table(TABLE_AGENDA,$_course['database']);
$result = api_sql_query("SELECT * FROM $TABLEAGENDA WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $TABLEAGENDA WHERE id=$id",__FILE__,__LINE__);
$myrow = Database::fetch_array($result);
$output = '<img src="../img/agenda.gif" align="middle" /> <a href="../calendar/agenda.php"'.$styling.' '.$target.'>'.$myrow['title']."</a><br />\n";
break;
case TOOL_ANNOUNCEMENT:
$tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT,$_course['database']);
$result = api_sql_query("SELECT * FROM $tbl_announcement WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $tbl_announcement WHERE id=$id",__FILE__,__LINE__);
$myrow = Database::fetch_array($result);
$output = '<img src="../img/valves.gif" align="middle" /> <a href="../announcements/announcements.php"'.$styling.' '.$target.'>'.$myrow['title']."</a><br />\n";
break;
case TOOL_LINK:
//doesn't take $target into account
$TABLETOOLLINK = Database::get_course_table(TABLE_LINK,$_course['database']);
$result = api_sql_query("SELECT * FROM $TABLETOOLLINK WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $TABLETOOLLINK WHERE id=$id",__FILE__,__LINE__);
$myrow = Database::fetch_array($result);
$output = '<img src="../img/links.gif" align="middle" /> <a href="#" onclick="javascript:window.open(\'../link/link_goto.php?link_id='.$myrow['id'].'&amp;link_url='.urlencode($myrow['url'])."','MyWindow','width=500,height=400,top='+((screen.height-400)/2)+',left='+((screen.width-500)/2)+',scrollbars=1,resizable=1,menubar=1'); return false;\"".$styling.'>'.$myrow['title']."</a><br />\n";
break;
case TOOL_QUIZ:
$TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST,$_course['database']);
$result = api_sql_query("SELECT * FROM $TBL_EXERCICES WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $TBL_EXERCICES WHERE id=$id",__FILE__,__LINE__);
$myrow = Database::fetch_array($result);
$output = '<img src="../img/quiz.gif" align="middle" /> <a href="../exercice/exercice_submit.php?exerciseId='.$myrow['id'].'"'.$styling.' '.$target.'>'.$myrow['title']."</a><br />\n";
break;
case TOOL_FORUM:
$TBL_FORUMS = Database::get_course_table(TABLE_FORUM,$_course['database']);
$result = api_sql_query("SELECT * FROM $TBL_FORUMS WHERE forum_id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $TBL_FORUMS WHERE forum_id=$id",__FILE__,__LINE__);
$myrow = Database::fetch_array($result);
$output = '<img src="../img/forum.gif" align="middle" /> <a href="../phpbb/viewforum.php?forum='.$myrow['forum_id'].'&md5='.$myrow['md5'].'"'.$styling.' '.$target.'>'.$myrow['forum_name']."</a><br />\n";
break;
@ -1747,7 +1747,7 @@ function rl_get_html_resource_link($course_code, $type, $id, $style='', $new_win
$tbl_post = Database::get_course_table(TABLE_FORUM_POST,$_course['database']);
// grabbing the title of the post
$sql_title = "SELECT * FROM $tbl_post WHERE post_id=".$id;
$result_title = api_sql_query($sql_title,__FILE__,__LINE__);
$result_title = Database::query($sql_title,__FILE__,__LINE__);
$myrow_title = Database::fetch_array($result_title);
$output = '<img src="../img/forum.gif" align="middle" /> <a href="../phpbb/viewtopic.php?topic='.$myrow_title['thread_id'].'&forum='.$myrow_title['forum_id'].'" '.$styling.' '.$target.'>'.$myrow_title['post_title']."</a><br />\n";
break;
@ -1755,13 +1755,13 @@ function rl_get_html_resource_link($course_code, $type, $id, $style='', $new_win
$tbl_post = Database::get_course_table(TABLE_FORUM_POST,$_course['database']);
//$tbl_post_text = Database::get_course_table(FORUM_POST_TEXT_TABLE);
$sql = "SELECT * FROM $tbl_post p WHERE p.post_id = $id";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$post = Database::fetch_array($result);
$output = '<img src="../img/forum.gif" align="middle" /> <a href="../phpbb/viewtopic.php?topic='.$post['thread_id'].'&forum='.$post['forum_id'].'"'.$styling.' '.$target.'>'.$post['post_title']."</a><br />\n";
break;
case TOOL_DOCUMENT:
$tbl_doc = Database::get_course_table(TABLE_DOCUMENT,$_course['database']);
$result = api_sql_query("SELECT * FROM $tbl_doc WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $tbl_doc WHERE id=$id",__FILE__,__LINE__);
$myrow = Database::fetch_array($result);
$pathname = explode('/',$myrow['path']); // making a correct name for the link
$last = count($pathname) - 1; // making a correct name for the link
@ -1807,7 +1807,7 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
$sql_item = "SELECT * FROM $tbl_lp_item " .
"WHERE lp_id = $learnpath_id AND id = $id_in_path";
$res_item = api_sql_query($sql_item,__FILE__,__LINE__);
$res_item = Database::query($sql_item,__FILE__,__LINE__);
if(Database::num_rows($res_item)<1) return -1; //exit
$row_item = Database::fetch_array($res_item);
@ -1833,7 +1833,7 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
case TOOL_LINK:
$TABLETOOLLINK = Database::get_course_table(TABLE_LINK,$_course['database']);
$result= api_sql_query("SELECT * FROM $TABLETOOLLINK WHERE id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM $TABLETOOLLINK WHERE id=$id",__FILE__,__LINE__);
$myrow=Database::fetch_array($result);
$thelink=$myrow["url"];
$link .= $thelink;
@ -1844,7 +1844,7 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
{
$TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST,$_course['database']);
$sql = "SELECT * FROM $TBL_EXERCICES WHERE id=$id";
$result= api_sql_query($sql,__FILE__,__LINE__);
$result= Database::query($sql,__FILE__,__LINE__);
$myrow=Database::fetch_array($result);
if ($row_item['title'] != '') { $myrow["title"]=$row_item['title']; }
@ -1855,7 +1855,7 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
case "hotpotatoes": //lowercase because of strtolower above
$TBL_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT);
$result = api_sql_query("SELECT * FROM ".$TBL_DOCUMENT." WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM ".$TBL_DOCUMENT." WHERE id=$id",__FILE__,__LINE__);
$myrow= Database::fetch_array($result);
$path=$myrow["path"];
$link .= $main_dir_path.'exercice/showinframes.php?file='.$path.'' .
@ -1872,7 +1872,7 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
if(!empty($id))
{
$sql="SELECT * FROM $tbl_topics where thread_id=$id";
$result= api_sql_query($sql,__FILE__,__LINE__);
$result= Database::query($sql,__FILE__,__LINE__);
$myrow=Database::fetch_array($result);
$link .= $main_dir_path.'forum/viewthread.php?origin=learnpath&thread='.$id.'' .
'&forum='.$myrow['forum_id'].'&lp=true';
@ -1881,7 +1881,7 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
case TOOL_POST:
$tbl_post = Database::get_course_table(TABLE_FORUM_POST,$_course['database']);
$result= api_sql_query("SELECT * FROM $tbl_post where post_id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM $tbl_post where post_id=$id",__FILE__,__LINE__);
$myrow=Database::fetch_array($result);
$title=$myrow['post_title'];
@ -1901,7 +1901,7 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
case TOOL_DOCUMENT:
$tbl_doc = Database::get_course_table(TABLE_DOCUMENT,$_course['database']);
$sql = "SELECT * FROM $tbl_doc WHERE id=$id";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$myrow=Database::fetch_array($result);
$docurl=str_replace('%2F','/',urlencode($myrow['path']));
$link .= $main_course_path.'document'.$docurl.'?'.api_get_cidreq();
@ -1950,7 +1950,7 @@ function rl_get_resource_name($course_code, $learnpath_id, $id_in_path)
$sql_item = "SELECT * FROM $tbl_lp_item " .
"WHERE lp_id = $learnpath_id AND id = $id_in_path";
$res_item = api_sql_query($sql_item,__FILE__,__LINE__);
$res_item = Database::query($sql_item,__FILE__,__LINE__);
if(Database::num_rows($res_item)<1)
{
@ -1965,32 +1965,32 @@ function rl_get_resource_name($course_code, $learnpath_id, $id_in_path)
{
case TOOL_CALENDAR_EVENT:
$TABLEAGENDA = Database::get_course_table(TABLE_AGENDA,$_course['database']);
$result = api_sql_query("SELECT * FROM $TABLEAGENDA WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $TABLEAGENDA WHERE id=$id",__FILE__,__LINE__);
$myrow = Database::fetch_array($result);
$output = $myrow['title'];
break;
case TOOL_ANNOUNCEMENT:
$tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT,$_course['database']);
$result = api_sql_query("SELECT * FROM $tbl_announcement WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $tbl_announcement WHERE id=$id",__FILE__,__LINE__);
$myrow = Database::fetch_array($result);
$output = $myrow['title'];
break;
case TOOL_LINK:
//doesn't take $target into account
$TABLETOOLLINK = Database::get_course_table(TABLE_LINK,$_course['database']);
$result = api_sql_query("SELECT * FROM $TABLETOOLLINK WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $TABLETOOLLINK WHERE id=$id",__FILE__,__LINE__);
$myrow = Database::fetch_array($result);
$output = $myrow['title'];
break;
case TOOL_QUIZ:
$TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST,$_course['database']);
$result = api_sql_query("SELECT * FROM $TBL_EXERCICES WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $TBL_EXERCICES WHERE id=$id",__FILE__,__LINE__);
$myrow = Database::fetch_array($result);
$output = $myrow['title'];
break;
case TOOL_FORUM:
$TBL_FORUMS = Database::get_course_table(TABLE_FORUM,$_course['database']);
$result = api_sql_query("SELECT * FROM $TBL_FORUMS WHERE forum_id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $TBL_FORUMS WHERE forum_id=$id",__FILE__,__LINE__);
$myrow = Database::fetch_array($result);
$output = $myrow['forum_name'];
break;
@ -1998,7 +1998,7 @@ function rl_get_resource_name($course_code, $learnpath_id, $id_in_path)
$tbl_post = Database::get_course_table(TABLE_FORUM_POST,$_course['database']);
// grabbing the title of the post
$sql_title = "SELECT * FROM $tbl_post WHERE post_id=".$id;
$result_title = api_sql_query($sql_title,__FILE__,__LINE__);
$result_title = Database::query($sql_title,__FILE__,__LINE__);
$myrow_title = Database::fetch_array($result_title);
$output = $myrow_title['post_title'];
break;
@ -2006,7 +2006,7 @@ function rl_get_resource_name($course_code, $learnpath_id, $id_in_path)
$tbl_post = Database::get_course_table(TABLE_FORUM_POST,$_course['database']);
//$tbl_post_text = Database::get_course_table(FORUM_POST_TEXT_TABLE);
$sql = "SELECT * FROM $tbl_post p WHERE p.post_id = $id";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$post = Database::fetch_array($result);
$output = $post['post_title'];
break;
@ -2034,7 +2034,7 @@ function rl_get_resource_name($course_code, $learnpath_id, $id_in_path)
break;
case 'hotpotatoes':
$tbl_doc = Database::get_course_table(TABLE_DOCUMENT,$_course['database']);
$result = api_sql_query("SELECT * FROM $tbl_doc WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $tbl_doc WHERE id=$id",__FILE__,__LINE__);
$myrow = Database::fetch_array($result);
$pathname = explode('/',$myrow['path']); // making a correct name for the link
$last = count($pathname) - 1; // making a correct name for the link

62
main/newscorm/resourcelinker.php
Unescape View File

@ -129,7 +129,7 @@ if (!empty ($_POST['add_chapter']) && !empty ($_POST['title']))
$sql = "SELECT MAX(display_order) as maxi FROM $tbl_lp_item " .
"WHERE lp_id = $learnpath_id ".
" AND parent_item_id = $chapter_id";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_array($res);
$lastorder_item = $row['maxi'];
if(empty($lastorder_item)){
@ -138,7 +138,7 @@ if (!empty ($_POST['add_chapter']) && !empty ($_POST['title']))
}else{
$sql = "SELECT id FROM $tbl_lp_item " .
"WHERE lp_id = $learnpath_id AND parent_item_id=$chapter_id AND display_order = $lastorder_item";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result);
$previous = $row['id'];
}
@ -147,11 +147,11 @@ if (!empty ($_POST['add_chapter']) && !empty ($_POST['title']))
$sql = "INSERT INTO $tbl_lp_item "."(lp_id,item_type,title,parent_item_id,previous_item_id, next_item_id, display_order) " .
"VALUES "."($learnpath_id,'dokeos_chapter','$title', $chapter_id, $previous, 0, $order )";
//error_log('New LP - Inserting new resource: '.$sql,0);
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$my_id = Database::get_last_insert_id($res);
if($previous>0){
$sql = "UPDATE $tbl_lp_item SET next_item_id = $my_id WHERE id=$previous";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
}
if ($res !== false)
{
@ -179,7 +179,7 @@ if (!empty ($_POST['external_link_submit']))
}
$sql = "INSERT INTO $link_table (url, title, category_id) VALUES ('$external_link','$external_link','$add_2_links')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$addedresource[] = "Link";
$addedresourceid[] = mysql_insert_id();
$_SESSION['addedresource'] = $addedresource;
@ -226,7 +226,7 @@ if ($add)
//calculating the last order of the items of this chapter
$sql = "SELECT MAX(display_order) as maxi FROM $tbl_lp_item " .
"WHERE lp_id = $learnpath_id AND parent_item_id=$chapter_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result);
$lastorder_item = $row['maxi'];
if(empty($lastorder_item)){
@ -236,7 +236,7 @@ if ($add)
$sql = "SELECT id FROM $tbl_lp_item " .
"WHERE lp_id = $learnpath_id AND parent_item_id=$chapter_id AND display_order = $lastorder_item";
//error_log('New LP - resourcelinker.php - '.$sql,0);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result);
$previous = $row['id'];
}
@ -250,11 +250,11 @@ if ($add)
"(lp_id,item_type,title,parent_item_id,previous_item_id,next_item_id,display_order) " .
"VALUES (".$learnpath_id.",'dokeos_chapter','".$learnpath_chapter_name."',".$chapter_id.",$previous,0,".$lastorder.")";
//error_log('New LP - Inserting new resource: '.$sql,0);
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$my_id = Database::get_last_insert_id($res);
if($previous>0){
$sql = "UPDATE $tbl_lp_item SET next_item_id = $my_id WHERE id=$previous";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
}
}
@ -309,7 +309,7 @@ if ($add)
$addedresource_item = TOOL_DOCUMENT;
//get title from tool-type table
$tooltable = Database::get_course_table(TABLE_DOCUMENT);
$result = api_sql_query("SELECT * FROM $tooltable WHERE id=".$addedresourceid[$i],__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $tooltable WHERE id=".$addedresourceid[$i],__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$title = $myrow['title'];
break;
@ -317,7 +317,7 @@ if ($add)
$addedresource_item = TOOL_QUIZ;
//get title from tool-type table
$tooltable = Database::get_course_table(TABLE_QUIZ_TEST);
$result = api_sql_query("SELECT * FROM $tooltable WHERE id=".$addedresourceid[$i],__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $tooltable WHERE id=".$addedresourceid[$i],__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$title = $myrow['title'];
break;
@ -329,7 +329,7 @@ if ($add)
$addedresource_item = TOOL_CALENDAR_EVENT;
//get title from tool-type table
$tooltable = Database::get_course_table(TABLE_AGENDA);
$result = api_sql_query("SELECT * FROM $tooltable WHERE id=".$addedresourceid[$i],__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $tooltable WHERE id=".$addedresourceid[$i],__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$title = $myrow['title'];
break;
@ -337,7 +337,7 @@ if ($add)
$addedresource_item = TOOL_ANNOUNCEMENT;
//get title from tool-type table
$tooltable = Database::get_course_table(TABLE_ANNOUNCEMENT);
$result = api_sql_query("SELECT * FROM $tooltable WHERE id=".$addedresourceid[$i],__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $tooltable WHERE id=".$addedresourceid[$i],__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$title = $myrow['title'];
break;
@ -346,12 +346,12 @@ if ($add)
$sql = "INSERT INTO $tbl_lp_item (lp_id, title, parent_item_id, item_type, ref, previous_item_id, next_item_id, display_order) " .
"VALUES ($learnpath_id, '$title','$chapter_id', '$addedresource_item','$addedresourceid[$i]',$previous,0,'".$lastorder."')";
//error_log('New LP - Inserting new resource: '.$sql,0);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$my_id = Database::get_last_insert_id($result);
if($previous>0){
$sql = "UPDATE $tbl_lp_item SET next_item_id = $my_id WHERE id = $previous";
//error_log($sql,0);
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
}
$addedresourceassigned[$i] = 1;
$resource_added = true;
@ -494,12 +494,12 @@ else
{
$learnpath_select_query = " SELECT * FROM $tbl_lp
WHERE id=$learnpath_id";
$sql_result = api_sql_query($learnpath_select_query);
$sql_result = Database::query($learnpath_select_query);
$therow = mysql_fetch_array($sql_result);
$learnpath_chapter_query = " SELECT * FROM $tbl_lp_item
WHERE (lp_id = '$learnpath_id' and id = '$chapter_id')";
$sql_result = api_sql_query($learnpath_chapter_query);
$sql_result = Database::query($learnpath_chapter_query);
$therow2 = mysql_fetch_array($sql_result);
$from_learnpath = 'yes';
@ -534,7 +534,7 @@ echo "</h3>";
$active_modules=array();
$tool_table = Database::get_course_table(TABLE_TOOL_LIST);
$sql_select_active="SELECT * FROM $tool_table WHERE visibility='1'";
$result_select_active=api_sql_query($sql_select_active);
$result_select_active=Database::query($sql_select_active);
while ($row=mysql_fetch_array($result_select_active))
{
$active_modules[]=$row['name'];
@ -748,7 +748,7 @@ if ($content == "Agenda")
AND `toolitemproperties`.`to_group_id`='0'
AND `toolitemproperties`.`visibility`='1'";
$result = api_sql_query($sql);
$result = Database::query($sql);
while ($myrow = mysql_fetch_array($result))
{
@ -820,7 +820,7 @@ if ($content == "Ad_Valvas")
$tbl_announcement = Database :: get_course_table(TABLE_ANNOUNCEMENT);
$sql = "SELECT * FROM ".$tbl_announcement." a, ".$item_property_table." i WHERE i.tool = '".TOOL_ANNOUNCEMENT."' AND a.id=i.ref AND i.visibility='1' AND i.to_group_id = 0 AND i.to_user_id IS NULL ORDER BY a.display_order ASC";
//error_log($sql,0);
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
while ($myrow = mysql_fetch_array($result))
{
echo "<table width=\"100%\"><tr><td>";
@ -852,7 +852,7 @@ if ($content == "Forum")
{
$sql = "SELECT * FROM ".$TBL_FORUMS." forums, ".$TBL_CATAGORIES." categories WHERE forums.forum_category=categories.cat_id ORDER BY forums.forum_category DESC";
//error_log($sql,0);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($myrow = mysql_fetch_array($result))
{
if ($myrow["cat_title"] !== $old_cat_title)
@ -870,13 +870,13 @@ if ($content == "Forum")
{
// displaying the category title
$sql = "SELECT * FROM ".$TBL_CATAGORIES." WHERE cat_id=$category";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$myrow = mysql_fetch_array($result);
echo "<tr><td bgcolor='#4171B5' colspan='2'><font color='white'><b>".$myrow["cat_title"]."</b></font></td></tr>";
// displaying the forum title
$sql = "SELECT * FROM ".$TBL_FORUMS." forums, ".$TBL_FORUMTOPICS." topics WHERE forums.forum_id=topics.forum_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$myrow = mysql_fetch_array($result);
echo "<tr><td bgcolor='#cccccc' colspan='2'><b>".$myrow["forum_name"]."</b></td></tr>";
@ -884,7 +884,7 @@ if ($content == "Forum")
{
// displaying all the threads of this forum
$sql = "SELECT * FROM ".$TBL_FORUMTOPICS." WHERE forum_id=$forum";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($myrow = mysql_fetch_array($result))
{
echo "<tr><td><a href='".api_get_self()."?content=Forum&category=$category&forum=1&thread=".$myrow["topic_id"]."&action=$action&lp_id=$learnpath_id&parent_item_id=$chapter_id&originalresource=no'>".$myrow["topic_title"]."</a> (".$myrow["prenom"]." ".$myrow["nom"].")</td><td>";
@ -896,7 +896,7 @@ if ($content == "Forum")
{
// displaying all the replies
$sql = "SELECT * FROM ".$tbl_posts." post WHERE post.topic_id=$thread ORDER BY post.post_id ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($myrow = mysql_fetch_array($result))
{
echo "<tr><td><b>".$myrow["post_title"]."</b><br>";
@ -943,7 +943,7 @@ if ($content == "Link")
// showing the links that are in the root (having no category)
$sql = "SELECT * FROM ".$link_table.", ".$item_property_table." WHERE (category_id=0 or category_id IS NULL) AND tool = '".TOOL_LINK."' AND id=ref AND visibility='1'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) > 0)
{
echo "<table width=\"100%\"><tr><td bgcolor=\"#E6E6E6\"><i>".get_lang('NoCategory')."</i></td></tr></table>";
@ -958,12 +958,12 @@ if ($content == "Link")
// showing the categories and the links in it.
$sqlcategories = "SELECT * FROM ".$tbl_categories." ORDER by display_order DESC";
$resultcategories = api_sql_query($sqlcategories) or die;
$resultcategories = Database::query($sqlcategories) or die;
while ($myrow = @ mysql_fetch_array($resultcategories))
{
$sql_links = "SELECT * FROM ".$link_table.", ".$item_property_table." WHERE category_id='".$myrow["id"]."' AND tool = '".TOOL_LINK."' AND id=ref AND visibility='1' ORDER BY display_order DESC";
echo "<table width=\"100%\"><tr><td bgcolor=\"#E6E6E6\"><i>".$myrow["category_title"]."</i></td></tr></table>";
$result_links = api_sql_query($sql_links, __FILE__, __LINE__);
$result_links = Database::query($sql_links, __FILE__, __LINE__);
while ($myrow = mysql_fetch_array($result_links))
{
echo "<img src='../img/links.gif' />".$myrow["title"];
@ -982,7 +982,7 @@ if ($content == "Link")
if (($content == "Exercise") or ($content == "HotPotatoes"))
{
$TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST);
$result = api_sql_query("SELECT * FROM ".$TBL_EXERCICES." WHERE active='1' ORDER BY id ASC");
$result = Database::query("SELECT * FROM ".$TBL_EXERCICES." WHERE active='1' ORDER BY id ASC");
while ($myrow = mysql_fetch_array($result))
{
echo "<img src='../img/quiz.gif'>".$myrow["title"]."<br>";
@ -996,7 +996,7 @@ if (($content == "Exercise") or ($content == "HotPotatoes"))
$TBL_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT);
$documentPath = api_get_path('SYS_COURSE_PATH').$_course['path'].'/document';
$sql = "SELECT * FROM ".$TBL_DOCUMENT." WHERE (path LIKE '%htm%' OR path LIKE '%html%') AND path LIKE '".$uploadPath."/%/%' ORDER BY `id` ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($myrow = mysql_fetch_array($result))
{
$path = $myrow["path"];
@ -1041,7 +1041,7 @@ if ($content == "Externallink")
$tbl_categories = Database::get_course_table(TABLE_LINK_CATEGORY);
$sql = "SELECT * FROM `$tbl_categories` ORDER BY display_order ASC";
echo $sql;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_array($result))
{
echo "<option value='".$row["id"]."'>".$row["category_title"]."</option>";

28
main/newscorm/scorm.class.php
Unescape View File

@ -355,7 +355,7 @@ class scorm extends learnpath {
if($this->debug>0){error_log('New LP - Entered import_manifest('.$course_code.')',0);}
$sql = "SELECT * FROM ".Database::get_main_table(TABLE_MAIN_COURSE)." WHERE code='$course_code'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($res)<1){ error_log('Database for '.$course_code.' not found '.__FILE__.' '.__LINE__,0);return -1;}
$row = Database::fetch_array($res);
$dbname = $row['db_name'];
@ -372,7 +372,7 @@ class scorm extends learnpath {
//-for items
//-for views?
$get_max = "SELECT MAX(display_order) FROM $new_lp";
$res_max = api_sql_query($get_max);
$res_max = Database::query($get_max);
$dsp = 1;
if(Database::num_rows($res_max)>0){
$row = Database::fetch_array($res_max);
@ -387,7 +387,7 @@ class scorm extends learnpath {
$sql = "INSERT INTO $new_lp (lp_type, name, ref, description, path, force_commit, default_view_mod, default_encoding, js_lib,display_order)" .
"VALUES (2,'".$myname."', '".$oOrganization->get_ref()."','','".$this->subdir."', 0, 'embedded', '".$this->manifest_encoding."','scorm_api.php',$dsp)";
if($this->debug>1){error_log('New LP - In import_manifest(), inserting path: '. $sql,0);}
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$lp_id = Database::get_last_insert_id();
$this->lp_id = $lp_id;
//insert into item_property
@ -468,12 +468,12 @@ class scorm extends learnpath {
"'$prereq', ".$item['rel_order'] .", '".$item['datafromlms']."'," .
"'".$item['parameters']."'" .
")";
$res_item = api_sql_query($sql_item);
$res_item = Database::query($sql_item);
if($this->debug>1){error_log('New LP - In import_manifest(), inserting item : '.$sql_item.' : '.mysql_error(),0);}
$item_id = Database::get_last_insert_id();
//now update previous item to change next_item_id
$upd = "UPDATE $new_lp_item SET next_item_id = $item_id WHERE id = $previous";
$upd_res = api_sql_query($upd);
$upd_res = Database::query($upd);
//update previous item id
$previous = $item_id;
@ -524,7 +524,7 @@ class scorm extends learnpath {
$sql = 'INSERT INTO %s (id, course_code, tool_id, ref_id_high_level, ref_id_second_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, api_get_course_id(), TOOL_LEARNPATH, $lp_id, $previous, $did);
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
}
@ -750,7 +750,7 @@ class scorm extends learnpath {
if($lp!=0){
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$sql = "UPDATE $tbl_lp SET content_local = '$proxy' WHERE id = ".$lp;
$res = api_sql_query($sql);
$res = Database::query($sql);
return $res;
}else{
return false;
@ -767,7 +767,7 @@ class scorm extends learnpath {
if($lp!=0){
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$sql = "UPDATE $tbl_lp SET theme = '$theme' WHERE id = ".$lp;
$res = api_sql_query($sql);
$res = Database::query($sql);
return $res;
}else{
return false;
@ -784,7 +784,7 @@ class scorm extends learnpath {
if($lp!=0){
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$sql = "UPDATE $tbl_lp SET preview_image = '$preview_image' WHERE id = ".$lp;
$res = api_sql_query($sql);
$res = Database::query($sql);
return $res;
}else{
return false;
@ -802,7 +802,7 @@ class scorm extends learnpath {
if($lp!=0){
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$sql = "UPDATE $tbl_lp SET author = '$author' WHERE id = ".$lp;
$res = api_sql_query($sql);
$res = Database::query($sql);
return $res;
}else{
return false;
@ -822,7 +822,7 @@ class scorm extends learnpath {
if($lp!=0){
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$sql = "UPDATE $tbl_lp SET content_maker = '$maker' WHERE id = ".$lp;
$res = api_sql_query($sql);
$res = Database::query($sql);
return $res;
}else{
return false;
@ -861,7 +861,7 @@ class scorm extends learnpath {
$_course = Database::get_course_info(api_get_course_id());
$sql = "SELECT * FROM $tbl_lp WHERE id=".$lp_id;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_array($result);
$LPname = $row['path'];
$list = split('/',$LPname);
@ -963,7 +963,7 @@ class scorm extends learnpath {
$sql = "SELECT * FROM $main_table WHERE code = '$course'";
if($this->debug>2){error_log('New LP - scorm::reimport_manifest() '.__LINE__.' - Querying course: '.$sql,0);}
//$res = Database::query($sql);
$res = api_sql_query($sql);
$res = Database::query($sql);
if(Database::num_rows($res)>0)
{
$this->cc = $course;
@ -983,7 +983,7 @@ class scorm extends learnpath {
$sql = "SELECT * FROM $lp_table WHERE id = '$lp_id'";
if($this->debug>2){error_log('New LP - scorm::reimport_manifest() '.__LINE__.' - Querying lp: '.$sql,0);}
//$res = Database::query($sql);
$res = api_sql_query($sql);
$res = Database::query($sql);
if(Database::num_rows($res)>0)
{
$this->lp_id = $lp_id;

6
main/newscorm/scorm.lib.php
Unescape View File

@ -60,15 +60,15 @@ function removescormDir($dir)
$scormdir=substr($dir,strlen($path),strlen($dir)-strlen($path));
$courseid=$_course['official_code'];
$sql="SELECT * FROM ".Database::get_scorm_table(TABLE_SCORM_MAIN)." where (contentTitle='$scormdir' and dokeosCourse='$courseid')";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
while ($row=mysql_fetch_array($result))
{
$c=$row['contentId'];
$sql2="DELETE FROM ".Database::get_scorm_table(TABLE_SCORM_SCO_DATA)." where contentId=$c";
$result2=api_sql_query($sql2,__FILE__,__LINE__);
$result2=Database::query($sql2,__FILE__,__LINE__);
}
$sql="DELETE FROM ".Database::get_scorm_table(TABLE_SCORM_MAIN)." where (contentTitle='$scormdir' and dokeosCourse='$courseid')";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
}
}
if(!@unlink($dir.'/'.$readdir))

28
main/newscorm/scorm_admin.php
Unescape View File

@ -97,17 +97,17 @@ switch($action){
if(!empty($id)){
$l="learnpath/learnpath_handler.php?learnpath_id=$id";
$sql="DELETE FROM $tbl_tool where (link='$l' AND image='scormbuilder.gif')";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$sql="SELECT * FROM $tbl_learnpath_chapter where learnpath_id=$id";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
while ($row=mysql_fetch_array($result))
{
$c=$row['id'];
$sql2="DELETE FROM $tbl_learnpath_item where chapter_id=$c";
$result2=api_sql_query($sql2,__FILE__,__LINE__);
$result2=Database::query($sql2,__FILE__,__LINE__);
}
$sql="DELETE FROM $tbl_learnpath_chapter where learnpath_id=$id";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
deletepath($id);
$dialogBox=get_lang('_learnpath_deleted');
}
@ -118,7 +118,7 @@ switch($action){
==================================================================*/
if(!empty($id)){
$sql="SELECT * FROM $tbl_learnpath_main where learnpath_id=$id";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$row=mysql_fetch_array($result);
$name=domesticate($row['learnpath_name']);
if ($set_visibility == 'i') {
@ -132,7 +132,7 @@ switch($action){
$v=1;
}
$sql="SELECT * FROM $tbl_tool where (name='$name' and image='scormbuilder.gif')";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$row2=mysql_fetch_array($result);
$num=mysql_num_rows($result);
if (($set_visibility == 'i') && ($num>0))
@ -155,7 +155,7 @@ switch($action){
{
//parameter and database incompatible, do nothing
}
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
}
break;
@ -167,9 +167,9 @@ switch($action){
{
$l="learnpath/learnpath_handler.php?learnpath_id=$id";
$sql="UPDATE $tbl_tool set name='".domesticate($learnpath_name)."' where (link='$l' and image='scormbuilder.gif')";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$sql ="UPDATE $tbl_learnpath_main SET learnpath_name='".domesticate($learnpath_name)."', learnpath_description='".domesticate($learnpath_description)."' WHERE learnpath_id=$id";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$dialogBox=get_lang('_learnpath_edited');
}
break;
@ -180,10 +180,10 @@ switch($action){
if (!empty($Submit))
{
$sql ="INSERT INTO $tbl_learnpath_main (learnpath_name, learnpath_description) VALUES ('".domesticate($learnpath_name)."','".domesticate($learnpath_description)."')";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
$my_lp_id = Database::get_last_insert_id();
$sql ="INSERT INTO $tbl_tool (name, link, image, visibility, admin, address, added_tool) VALUES ('".domesticate($learnpath_name)."','learnpath/learnpath_handler.php?learnpath_id=$my_lp_id','scormbuilder.gif','1','0','pastillegris.gif',0)";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
//instead of displaying this info text, get the user directly to the learnpath edit page
//$dialogBox=get_lang('_learnpath_added');
header('location:../learnpath/learnpath_handler.php?'.api_get_cidreq().'&learnpath_id='.$my_lp_id);
@ -197,7 +197,7 @@ switch($action){
if (!empty($Submit))
{
$sql ="UPDATE $tbl_document SET comment='".domesticate($learnpath_description)."', name='".domesticate($learnpath_name)."' WHERE path='$path'";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$dialogBox=get_lang('_learnpath_edited');
}
break;
@ -402,10 +402,10 @@ if($is_allowedToEdit) // TEACHER ONLY
$newVisibilityStatus = "i";
}
$query = "UPDATE $tbl_document SET visibility='$newVisibilityStatus' WHERE path=\"".$visibilityPath."\""; //added by Toon
api_sql_query($query,__FILE__,__LINE__);
Database::query($query,__FILE__,__LINE__);
if (mysql_affected_rows() == 0) // extra check added by Toon, normally not necessary anymore because all files are in the db
{
api_sql_query("INSERT INTO $tbl_document SET path=\"".$visibilityPath."\", visibility=\"".$newVisibilityStatus."\"",__FILE__,__LINE__);
Database::query("INSERT INTO $tbl_document SET path=\"".$visibilityPath."\", visibility=\"".$newVisibilityStatus."\"",__FILE__,__LINE__);
}
unset($attribute);
$dialogBox = get_lang('ViMod');

4
main/notebook/index.php
Unescape View File

@ -253,7 +253,7 @@ function save_note($values) {
'".Database::escape_string(date('Y-m-d H:i:s'))."',
'".Database::escape_string(date('Y-m-d H:i:s'))."',
'0')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
// display the feedback message
Display::display_confirmation_message(get_lang('NoteAdded'));
}
@ -267,7 +267,7 @@ function get_note_information($notebook_id) {
description AS note_comment
FROM $t_notebook
WHERE notebook_id = '".Database::escape_string($notebook_id)."' ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
return Database::fetch_array($result);
}

2
main/online/online_chat.php
Unescape View File

@ -41,7 +41,7 @@ $reset=$_GET['reset']?true:false;
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
list($pseudoUser)=mysql_fetch_row($result);

6
main/online/online_hidden1.php
Unescape View File

@ -42,7 +42,7 @@ $tbl_user=Database::get_main_table(TABLE_MAIN_USER);
$tbl_online_connected=Database::get_course_table(TABLE_ONLINE_CONNECTED);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
list($pseudoUser)=mysql_fetch_row($result);
@ -63,10 +63,10 @@ $chat_size_old=intval($_POST['chat_size_old']);
$chat_size_new=filesize($onlinePath.'messages-'.$dateNow.'.log');
$query="REPLACE INTO $tbl_online_connected (user_id,last_connection) VALUES('".$_user['user_id']."',NOW())";
api_sql_query($query,__FILE__,__LINE__);
Database::query($query,__FILE__,__LINE__);
$query="SELECT COUNT(user_id) FROM $tbl_online_connected WHERE last_connection>'".date('Y-m-d H:i:s',time()-60*5)."'";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
$connected_old=intval($_POST['connected_old']);
list($connected_new)=mysql_fetch_row($result);

2
main/online/online_hidden2.php
Unescape View File

@ -41,7 +41,7 @@ $this_section=SECTION_COURSES;
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
list($pseudoUser)=mysql_fetch_row($result);

2
main/online/online_htmlarea.php
Unescape View File

@ -41,7 +41,7 @@ $this_section=SECTION_COURSES;
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
list($pseudoUser)=mysql_fetch_row($result);

10
main/online/online_links.php
Unescape View File

@ -47,7 +47,7 @@ $tbl_user=Database::get_main_table(TABLE_MAIN_USER);
$tbl_online_link=Database::get_course_table(TABLE_ONLINE_LINK);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
list($pseudoUser)=mysql_fetch_row($result);
@ -118,12 +118,12 @@ if($_POST['sent'])
SET name='".addslashes($link_name)."',
url='".addslashes($link_url)."'
WHERE id='$link'";
api_sql_query($query,__FILE__,__LINE__);
Database::query($query,__FILE__,__LINE__);
}
else
{
$query="INSERT INTO $tbl_online_link (name,url) VALUES('".addslashes($link_name)."','".addslashes($link_url)."')";
api_sql_query($query,__FILE__,__LINE__);
Database::query($query,__FILE__,__LINE__);
}
}
@ -137,7 +137,7 @@ if($action == 'delete')
$link=intval($_GET['link']);
$query="DELETE FROM $tbl_online_link WHERE id='$link'";
api_sql_query($query,__FILE__,__LINE__);
Database::query($query,__FILE__,__LINE__);
mysql_close();
header('Location: '.api_get_self());
@ -145,7 +145,7 @@ if($action == 'delete')
}
$query="SELECT id,name,url FROM $tbl_online_link ORDER BY name";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
$Links=array();

4
main/online/online_master.php
Unescape View File

@ -45,7 +45,7 @@ $tbl_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$tbl_online_link=Database::get_course_table(TABLE_ONLINE_LINK);
$query="SELECT t1.user_id,username,picture_uri,t2.status FROM $tbl_user t1,$tbl_course_user t2 WHERE t1.user_id=t2.user_id AND course_code='$_cid' AND (t1.user_id='".$_user['user_id']."' OR t2.status='1')";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
while($row=mysql_fetch_array($result))
{
@ -115,7 +115,7 @@ if(!$isMaster)
}
$query="SELECT id,name,url FROM $tbl_online_link ORDER BY name";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
$Links=Database::store_result($result);
}

2
main/online/online_message.php
Unescape View File

@ -50,7 +50,7 @@ $question = $_REQUEST['question'];
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
list($pseudoUser)=mysql_fetch_row($result);

2
main/online/online_streaming.php
Unescape View File

@ -41,7 +41,7 @@ $this_section=SECTION_COURSES;
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
list($pseudoUser)=mysql_fetch_row($result);

4
main/online/online_whoisonline.php
Unescape View File

@ -45,7 +45,7 @@ $tbl_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$tbl_online_connected = Database::get_course_table(TABLE_ONLINE_CONNECTED);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
list($pseudoUser)=mysql_fetch_row($result);
@ -60,7 +60,7 @@ if(!$isAllowed)
$pictureURL=api_get_path(WEB_CODE_PATH).'upload/users/';
$query="SELECT t1.user_id,t1.username,t1.firstname,t1.lastname,t1.picture_uri,t3.status FROM $tbl_user t1,$tbl_online_connected t2,$tbl_course_user t3 WHERE t1.user_id=t2.user_id AND t3.user_id=t1.user_id AND t3.course_code = '".$_course[sysCode]."' AND t2.last_connection>'".date('Y-m-d H:i:s',time()-60*5)."' ORDER BY t1.username";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
$Users=Database::store_result($result);

2
main/online/online_working_area.php
Unescape View File

@ -40,7 +40,7 @@ $this_section=SECTION_COURSES;
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
list($pseudoUser)=mysql_fetch_row($result);

2
main/permissions/blog_permissions.inc.php
Unescape View File

@ -19,7 +19,7 @@ $blog_users = Blog::get_blog_users(mysql_escape_string($_GET['blog_id']));
// and we want to keep it that way.
$tbl_course_rel_user = $table=Database::get_main_table(TABLE_MAIN_COURSE_USER);
$sql = "SELECT user_id FROM $tbl_course_rel_user WHERE status = '1' AND course_code = '".$_SESSION['_cid']."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
while ($user = mysql_fetch_assoc($result)) {
unset($blog_users[$user['user_id']]);
}

24
main/permissions/permissions_functions.inc.php
Unescape View File

@ -42,7 +42,7 @@ function store_permissions($content, $id)
// We first delete all the existing permissions for that user/group/role
$sql="DELETE FROM $table WHERE $id_field = '".mysql_real_escape_string($id)."'";
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
// looping through the post values to find the permission (containing the string permission* )
foreach ($_POST as $key => $value)
@ -51,7 +51,7 @@ function store_permissions($content, $id)
{
list($brol,$tool,$action)=explode("*",$key);
$sql="INSERT INTO $table ($id_field,tool,action) VALUES ('".mysql_real_escape_string($id)."','".mysql_real_escape_string($tool)."','".mysql_real_escape_string($action)."')";
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
}
@ -101,7 +101,7 @@ function store_one_permission($content, $action, $id, $tool,$permission)
if($action=='grant')
{
$sql="INSERT INTO $table ($id_field,tool,action) VALUES ('".mysql_real_escape_string($id)."','".mysql_real_escape_string($tool)."','".mysql_real_escape_string($permission)."')";
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
if($result)
{
$result_message=get_lang('PermissionGranted');
@ -110,7 +110,7 @@ function store_one_permission($content, $action, $id, $tool,$permission)
if($action=='revoke')
{
$sql="DELETE FROM $table WHERE $id_field = '".mysql_real_escape_string($id)."' AND tool='".mysql_real_escape_string($tool)."' AND action='".mysql_real_escape_string($permission)."'";
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
if($result)
{
$result_message=get_lang('PermissionRevoked');
@ -162,7 +162,7 @@ function get_permissions($content, $id)
$sql="
SELECT * FROM " . $table . "
WHERE " . $id_field . "='" . mysql_real_escape_string($id) . "'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while($row = mysql_fetch_array($result))
$currentpermissions[$row['tool']][] = $row['action'];
@ -419,7 +419,7 @@ function display_role_list($current_course_roles, $current_platform_roles)
// platform roles
$sql="SELECT * FROM $platform_roles_table";
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
while ($row=mysql_fetch_array($result))
{
if(in_array($row['role_id'], $current_platform_roles))
@ -448,7 +448,7 @@ function display_role_list($current_course_roles, $current_platform_roles)
// course roles
$sql="SELECT * FROM $coures_roles_table";
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
while ($row=mysql_fetch_array($result))
{
if(in_array($row['role_id'], $current_course_roles))
@ -504,7 +504,7 @@ function get_roles($content,$id, $scope='course')
$current_roles=array();
//$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";$sql="SELECT role.role_id FROM $table role_group_user, $table_role role WHERE role_group_user.$id_field = '$id' AND role_group_user.role_id=role.role_id AND role_group_user.scope='".$scope."'";
$sql="SELECT role_id FROM $table WHERE $id_field = '$id' AND scope='".$scope."'";
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
while ($row=mysql_fetch_array($result))
{
$current_roles[]=$row['role_id'];
@ -532,7 +532,7 @@ function get_all_roles($content='course')
$current_roles=array();
$sql="SELECT * FROM $table_role";
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
while ($row=mysql_fetch_array($result))
{
$roles[]=$row;
@ -594,7 +594,7 @@ function get_roles_permissions($content,$id, $scope='course')
role_group_user.role_id = role.role_id AND
role.role_id = role_permissions.role_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while($row=mysql_fetch_array($result))
$current_role_permissions[$row['tool']][]=$row['action'];
@ -633,7 +633,7 @@ function assign_role($content, $action, $id, $role_id, $scope='course')
if($action=='grant')
{
$sql="INSERT INTO $table (role_id, scope, $id_field) VALUES ('".mysql_real_escape_string($role_id)."','".mysql_real_escape_string($scope)."','".mysql_real_escape_string($id)."')";
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
if($result)
{
$result_message=get_lang('RoleGranted');
@ -642,7 +642,7 @@ function assign_role($content, $action, $id, $role_id, $scope='course')
if($action=='revoke')
{
$sql="DELETE FROM $table WHERE $id_field = '".mysql_real_escape_string($id)."' AND role_id='".mysql_real_escape_string($role_id)."'";
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
if($result)
{
$result_message=get_lang('RoleRevoked');

8
main/permissions/roles.php
Unescape View File

@ -42,22 +42,22 @@ if (isset($_GET['action']) AND isset($_GET['role_id']) AND $_GET['action']=='del
//deleting the assignments fo this role: users
$table=Database::get_course_table(TABLE_ROLE_USER);
$sql="DELETE FROM $table WHERE role_id='".mysql_real_escape_string($_GET['role_id'])."'";
$result=api_sql_query($sql, __LINE__, __FILE__);
$result=Database::query($sql, __LINE__, __FILE__);
// deleting the assignments of this role: groups
$table=Database::get_course_table(TABLE_ROLE_GROUP);
$sql="DELETE FROM $table WHERE role_id='".mysql_real_escape_string($_GET['role_id'])."'";
$result=api_sql_query($sql, __LINE__, __FILE__);
$result=Database::query($sql, __LINE__, __FILE__);
// deleting the permissions of this role
$table=Database::get_course_table(TABLE_ROLE_PERMISSION);
$sql="DELETE FROM $table WHERE role_id='".mysql_real_escape_string($_GET['role_id'])."'";
$result=api_sql_query($sql, __LINE__, __FILE__);
$result=Database::query($sql, __LINE__, __FILE__);
// deleting the role
$table_role=Database::get_course_table(TABLE_ROLE);
$sql="DELETE FROM $table_role WHERE role_id='".mysql_real_escape_string($_GET['role_id'])."'";
$result=api_sql_query($sql, __LINE__, __FILE__);
$result=Database::query($sql, __LINE__, __FILE__);
$result_message=get_lang('RoleDeleted');
}

192
main/reservation/rsys.php
Unescape View File

@ -59,7 +59,7 @@ class Rsys {
function get_num_subscriptions_reservationperiods($res_id) {
$sql = "SELECT COUNT(*) FROM ".Rsys :: getTable("subscription")." s
WHERE s.reservation_id = '".Database::escape_string($res_id)."'";
return @ Database::result(api_sql_query($sql, __FILE__, __LINE__), 0, 0);
return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
}
/**
@ -166,7 +166,7 @@ class Rsys {
function add_category($naam) {
if (Rsys :: check_category($naam)) {
$sql = "INSERT INTO ".Rsys :: getTable("category")." (name) VALUES ('".Database::escape_string($naam)."')";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
return Database::get_last_insert_id();
}
return false;
@ -180,7 +180,7 @@ class Rsys {
*/
function check_category($name, $id=0) {
$sql = "SELECT name FROM ".Rsys :: getTable("category")." WHERE LCASE(name)='".strtolower(Database::escape_string($name))."' AND id<>".Database::escape_string($id)."";
$Result = api_sql_query($sql, __FILE__, __LINE__);
$Result = Database::query($sql, __FILE__, __LINE__);
return (Database::num_rows($Result) == 0);
}
@ -193,7 +193,7 @@ class Rsys {
function edit_category($id, $name) {
if (Rsys :: check_category($name, $id)) {
$sql = "UPDATE ".Rsys :: getTable("category")." SET name = '".Database::escape_string($name)."' WHERE id =".Database::escape_string($id)."";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
return $id;
}
return false;
@ -206,10 +206,10 @@ class Rsys {
*/
function delete_category($id) {
$sql = "SELECT id FROM ".Rsys :: getTable("item")." WHERE category_id=".Database::escape_string($id)."";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) == 0) {
$sql2 = "DELETE FROM ".Rsys :: getTable("category")." WHERE id =".Database::escape_string($id)."";
api_sql_query($sql2, __FILE__, __LINE__);
Database::query($sql2, __FILE__, __LINE__);
return 0;
} else {
return Database::num_rows($result);
@ -230,7 +230,7 @@ class Rsys {
$sql .= " WHERE id = ".Database::escape_string($id)."";
else
$sql .= " ORDER BY ".$orderby;
$arr = Database::store_result(api_sql_query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
if (!empty ($id))
return $arr[0];
else
@ -252,7 +252,7 @@ class Rsys {
WHERE (cu.user_id='".api_get_user_id()."' AND ir.view_right=1) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0)."
GROUP BY c.id ORDER BY ".$orderby;
$arr = Database::store_result(api_sql_query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
return $arr;
}
@ -271,7 +271,7 @@ class Rsys {
WHERE (cu.user_id='".api_get_user_id()."' AND (ir.edit_right=1 OR ir.delete_right=1)) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0)."
GROUP BY c.id ORDER BY ".$orderby;
$arr = Database::store_result(api_sql_query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
return $arr;
}
@ -297,7 +297,7 @@ class Rsys {
}
$sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM'))
$arr[] = $array;
return $arr;
@ -314,7 +314,7 @@ class Rsys {
$keyword = Database::escape_string($_GET['keyword']);
$sql .= " WHERE name LIKE '%".Database::escape_string($keyword)."%' OR id LIKE '%".Database::escape_string($keyword)."%'";
}
return @ Database::result(api_sql_query($sql, __FILE__, __LINE__), 0, 0);
return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
}
/*
@ -337,7 +337,7 @@ class Rsys {
WHERE LCASE(name)='".strtolower(Database::escape_string($item))."'
AND category_id=".Database::escape_string($category)."
AND id<>".Database::escape_string($id)."";
$Result = api_sql_query($sql, __FILE__, __LINE__);
$Result = Database::query($sql, __FILE__, __LINE__);
return (Database::num_rows($Result) == 0);
}
@ -353,7 +353,7 @@ class Rsys {
function add_item($name, $description, $category, $course = "") {
if (Rsys :: check_item($name, $category)) {
$sql = "INSERT INTO ".Rsys :: getTable("item")." (category_id,course_code,name,description,creator) VALUES ('".Database::escape_string($category)."','".Database::escape_string($course)."','".Database::escape_string($name)."','".Database::escape_string($description)."','".api_get_user_id()."')";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
return Database::get_last_insert_id();
}
return false;
@ -375,7 +375,7 @@ class Rsys {
return false;
$sql = "UPDATE ".Rsys :: getTable("item")." SET category_id='".Database::escape_string($category)."',course_code='".Database::escape_string($course)."',name='".Database::escape_string($name)."',description='".Database::escape_string($description)."' " .
"WHERE id =".Database::escape_string($id)."";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
return $id;
}
@ -388,18 +388,18 @@ class Rsys {
if (!Rsys :: item_allow($id, 'delete'))
return false;
$sql = "SELECT id,end_at FROM".Rsys :: getTable('reservation')." WHERE item_id=".Database::escape_string($id)."";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result)) {
if (Rsys :: mysql_datetime_to_timestamp(date('Y-m-d H:i:s')) <= Rsys :: mysql_datetime_to_timestamp($array[1]))
$checked = true;
}
if (!$checked) {
$sql = "DELETE FROM ".Rsys :: getTable("item")." WHERE id =".Database::escape_string($id)."";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = "DELETE FROM ".Rsys :: getTable("item_rights")." WHERE item_id =".Database::escape_string($id)."";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = "DELETE FROM ".Rsys :: getTable("reservation")." WHERE item_id =".Database::escape_string($id)."";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
return '0';
} else {
return Database::num_rows($result);
@ -431,7 +431,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE i.id='".Database::escape_string($item_id)."' AND (". (!empty ($x) ? "(cu.user_id='".api_get_user_id()."' AND ".$x.") OR " : '')." i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).")";
return Database::num_rows(api_sql_query($sql, __FILE__, __LINE__)) > 0;
return Database::num_rows(Database::query($sql, __FILE__, __LINE__)) > 0;
}
/**
@ -450,7 +450,7 @@ class Rsys {
$sql .= " WHERE i.id = '".$id."'";
} else
$sql .= " LEFT JOIN ".Rsys :: getTable("item_rights")." ir ON ir.item_id=i.id LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id WHERE (cu.user_id='".api_get_user_id()."' AND ir.view_right=1) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0)." ORDER BY ".$orderby;
$arr = Database::store_result(api_sql_query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
if (!empty ($id))
return $arr[0]; // Return one row only
else
@ -466,7 +466,7 @@ class Rsys {
function is_blackout($itemid) {
$sql = "SELECT id FROM ".Rsys :: getTable("item");
$sql .= " WHERE id = ".Database::escape_string($itemid)." AND blackout=1";
return Database::num_rows(api_sql_query($sql, __FILE__, __LINE__)) == 1;
return Database::num_rows(Database::query($sql, __FILE__, __LINE__)) == 1;
}
/**
@ -478,7 +478,7 @@ class Rsys {
*/
function get_category_items($id, $orderby = "name ASC") {
$sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE category_id = ".Database::escape_string($id)." ORDER BY ".$orderby;
$arr = Database::store_result(api_sql_query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
return $arr;
}
@ -491,7 +491,7 @@ class Rsys {
*/
function get_course_items($id, $orderby = "name ASC") {
$sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE course_id = ".Database::escape_string($id)." ORDER BY ".$orderby;
$arr = Database::store_result(api_sql_query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
return $arr;
}
@ -524,7 +524,7 @@ class Rsys {
}
$sql .= " GROUP BY i.id ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM')) {
if (!$array[4])
@ -547,7 +547,7 @@ class Rsys {
WHERE ( 1=". (api_is_platform_admin() ? 1 : 0)."
OR ((cu.user_id='".api_get_user_id()."' AND (ir.edit_right=1 OR ir.delete_right=1)) OR i.creator='".api_get_user_id()."' ))";
return @ Database::result(api_sql_query($sql, __FILE__, __LINE__), 0, 0);
return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
}
/**
@ -562,13 +562,13 @@ class Rsys {
function get_table_itemrights($from, $per_page, $column, $direction) {
$itemid = Database::escape_string($_GET['item_id']);
$sql = "SELECT id, name FROM ".Database :: get_main_table(TABLE_MAIN_CLASS);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr[] = $array;
}
$sql = "SELECT item_id, class_id,edit_right,delete_right,m_reservation,view_right
FROM ".Rsys :: getTable("item_rights")." WHERE item_id=".$itemid;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr1[] = $array;
}
@ -624,14 +624,14 @@ class Rsys {
$column = Database::escape_string($column);
$sql = "SELECT item_id FROM ".Rsys :: getTable("item_rights")."WHERE item_id=".$item_id." AND class_id=".$class_id;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$switcher = Database::num_rows($result);
if ($switcher > 0) {
$sql = $sql = "UPDATE ".Rsys :: getTable("item_rights")." SET ".$column."='".$value."' WHERE class_id = '".$class_id."' AND item_id ='".$item_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
} else {
$sql = "INSERT INTO ".Rsys :: getTable("item_rights")." (item_id,class_id,".$column.") VALUES ('".$item_id."','".$class_id."','".$value."')";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
}
@ -642,7 +642,7 @@ class Rsys {
*/
function get_num_itemrights() {
$sql = "SELECT COUNT(id) FROM ".Database :: get_main_table(TABLE_MAIN_CLASS);
return @ Database::result(api_sql_query($sql, __FILE__, __LINE__), 0, 0);
return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
}
/**
@ -655,7 +655,7 @@ class Rsys {
$item_id = Database::escape_string($item_id);
$sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)."
WHERE id NOT IN (SELECT class_id FROM ".Rsys :: getTable("item_rights")." WHERE item_id='".$item_id."') ORDER BY name ASC, code ASC";
$arr = Database::store_result(api_sql_query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
return $arr;
}
@ -668,7 +668,7 @@ class Rsys {
function get_num_itemfiltered_class($item_id) {
$item_id = Database::escape_string($item_id);
$sql = "SELECT COUNT(id) FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)." WHERE id NOT IN (SELECT class_id FROM ".Rsys :: getTable("item_rights")." WHERE item_id='".$item_id."') ORDER BY name ASC, code ASC";
return Database::result(api_sql_query($sql, __FILE__, __LINE__), 0, 0);
return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
}
/**
@ -684,7 +684,7 @@ class Rsys {
if (!Rsys :: item_allow($item_id, 'm_rights'))
return false;
$sql = "INSERT INTO ".Rsys :: getTable("item_rights")." (item_id,class_id,edit_right,delete_right,m_reservation) VALUES ('".Database::escape_string($item_id)."','".Database::escape_string($class_id)."','".Database::escape_string($edit)."','".Database::escape_string($delete)."','".Database::escape_string($m_reservation)."')";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/**
@ -704,7 +704,7 @@ class Rsys {
if (!Rsys :: item_allow($item_id, 'm_rights'))
return false;
$sql = "UPDATE ".Rsys :: getTable("item_rights")." SET edit_right='".Database::escape_string($edit)."', delete_right='".Database::escape_string($delete)."', m_reservation='".Database::escape_string($m_reservation)."' WHERE class_id = '".$class_id."' AND item_id ='".$item_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/**
@ -719,13 +719,13 @@ class Rsys {
if (!Rsys :: item_allow($item_id, 'm_rights'))
return false;
$sql = "DELETE FROM ".Rsys :: getTable("item_rights")." WHERE item_id='".$item_id."' AND class_id='".$class_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
function get_class_group($class_id) {
$class_id = Database::escape_string($class_id);
$sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)." WHERE id='".$class_id."'";
$arr = Database::store_result(api_sql_query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
return $arr;
}
@ -734,17 +734,17 @@ class Rsys {
$class_id = Database::escape_string($class_id);
$sql = "SELECT * FROM ".Rsys :: getTable('item_rights')." WHERE item_id='".$item_id."' AND class_id='".$class_id."'";
$arr = Database::store_result(api_sql_query($sql, __FILE__, __LINE__));
$arr = Database::store_result(Database::query($sql, __FILE__, __LINE__));
return $arr;
}
function black_out_changer($item_id) {
$item_id = Database::escape_string($item_id);
$sql = "SELECT blackout FROM ".Rsys :: getTable("item")." WHERE id='".$item_id."'";
$Value = Database::store_result(api_sql_query($sql, __FILE__, __LINE__));
$Value = Database::store_result(Database::query($sql, __FILE__, __LINE__));
($Value[0][0] == 0 ? $changedValue = 1 : $changedValue = 0);
$sql = "UPDATE ".Rsys :: getTable("item")." SET blackout='".$changedValue."' WHERE id = '".$item_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
Rsys :: black_out_notifier($item_id, $Value[0][0]);
return $changedValue;
}
@ -756,17 +756,17 @@ class Rsys {
$sql = "SELECT id, timepicker FROM ".Rsys :: getTable('reservation')."
WHERE item_id='".$item_id."' AND subscribers > '0'";
$value == 1 ? $sql .= " AND end_at >= (NOW()-7000000) " : $sql .= " AND end_at >= NOW()";
$reservations = api_sql_query($sql, __FILE__, __LINE__);
$reservations = Database::query($sql, __FILE__, __LINE__);
while ($reservation = Database::fetch_array($reservations)) {
$sql = "SELECT user_id FROM ".Rsys :: getTable('subscription')." WHERE reservation_id='".$reservation[0]."'";
if ($reservation[1] == 1) {
$sql .= " AND end_at >= NOW() ";
}
$subscriptions = api_sql_query($sql, __FILE__, __LINE__);
$subscriptions = Database::query($sql, __FILE__, __LINE__);
while ($subscription = Database::fetch_array($subscriptions)) {
$user_info = api_get_user_info($subscription[0]);
$sql2 = "SELECT name FROM ".Rsys :: getTable('item')." WHERE id='".$item_id."'";
$items = api_sql_query($sql2, __FILE__, __LINE__);
$items = Database::query($sql2, __FILE__, __LINE__);
$item = Database::fetch_array($items);
$item_name=$item['name'];
if ($reservation[1] == 0)
@ -779,7 +779,7 @@ class Rsys {
//er wordt gebruik gemaakt van een timepicker dus begin en einddatum kan opgehaald worden uit subscriptions
$sql2 = "SELECT start_at,end_at FROM ".Rsys :: getTable('subscription')." WHERE reservation_id='".$reservation[0]."'";
}
$items = api_sql_query($sql2, __FILE__, __LINE__);
$items = Database::query($sql2, __FILE__, __LINE__);
$item = Database::fetch_array($items);
$begindatum = $item['start_at'];
$einddatum = $item['end_at'];
@ -826,7 +826,7 @@ class Rsys {
$sql = "SELECT * FROM ".Rsys :: getTable('reservation')." WHERE item_id='".$item_id."' ORDER BY start_at";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result)) {
$GLOBALS['start_date'] = $array[5];
@ -843,7 +843,7 @@ class Rsys {
start_at < '".$end_at."') OR
(end_at > '".$start_at."' AND
end_at < '".$end_at."') OR (start_at <= '".$start_at."' AND end_at >= '".$end_at."')) AND item_id='".$item_id."'";
$result = Database::fetch_array(api_sql_query($sql, __FILE__, __LINE__));
$result = Database::fetch_array(Database::query($sql, __FILE__, __LINE__));
if (count($result) != 0){
$GLOBALS['start_date'] = $result[1];
$GLOBALS['end_date'] = $result[2];
@ -862,7 +862,7 @@ class Rsys {
$sql = "SELECT * FROM ".Rsys :: getTable('reservation')." WHERE item_id='".$item_id."' AND id <> '".$reservation_id."' ORDER BY start_at";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result)) {
$GLOBALS['start_date'] = $array[5];
@ -881,7 +881,7 @@ class Rsys {
end_at < '".$end_at."') OR
(start_at <= '".$start_at."' AND
end_at >= '".$end_at."')) AND item_id='".$item_id."' AND id <> '".$reservation_id."'";
$result = Database::fetch_array(api_sql_query($sql, __FILE__, __LINE__));
$result = Database::fetch_array(Database::query($sql, __FILE__, __LINE__));
if (count($result) != 0){
$GLOBALS['start_date'] = $result[1];
@ -899,7 +899,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE (cu.user_id='".api_get_user_id()."' AND ir.m_reservation=1 ) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0)." ORDER BY cat.name ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result))
$arr[$array['catid']] = $array['catname'];
return $arr;
@ -918,7 +918,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE ((cu.user_id='".api_get_user_id()."' AND ir.m_reservation=1 ) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).") AND (category_id =".$category.")
ORDER BY cat.name ASC, i.name ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result))
$arr[$array['id']] = $array['catitem'];
return $arr;
@ -937,7 +937,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE ((cu.user_id='".api_get_user_id()."' AND ir.view_right=1 ) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).") AND (category_id =".$category.")
ORDER BY cat.name ASC, i.name ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result))
$arr[$array['id']] = $array['catitem'];
return $arr;
@ -974,7 +974,7 @@ class Rsys {
}
$sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr[] = $array;
}
@ -990,7 +990,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE ((cu.user_id='".api_get_user_id()."'AND ir.edit_right=1) OR 1=". (api_is_platform_admin() ? 1 : 0).") AND r.id='".$id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr[] = $array;
}
@ -1006,7 +1006,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE ((cu.user_id='".api_get_user_id()."'AND ir.delete_right=1) OR 1=". (api_is_platform_admin() ? 1 : 0).") AND r.id='".$id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr[] = $array;
}
@ -1016,7 +1016,7 @@ class Rsys {
function check_auto_accept($id) {
$id = Database::escape_string($id);
$sql = "SELECT auto_accept FROM ".Rsys :: getTable('reservation')." WHERE id='".$id."'";
return Database::result(api_sql_query($sql, __FILE__, __LINE__), 0, 0);
return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
}
/**
@ -1036,7 +1036,7 @@ class Rsys {
$keyword = Database::escape_string($_GET['keyword']);
$sql .= " AND (i.name LIKE '%".$keyword."%' OR i.description LIKE '%".$keyword."%' OR r.notes LIKE '%".$keyword."%')";
}
return Database::result(api_sql_query($sql, __FILE__, __LINE__), 0, 0);
return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
}
/**
@ -1096,7 +1096,7 @@ class Rsys {
}
$sql = "INSERT INTO ".Rsys :: getTable("reservation")." (item_id,auto_accept,max_users,start_at,end_at,subscribe_from,subscribe_until,notes,timepicker,timepicker_min,timepicker_max,subid) VALUES ('".Database::escape_string($item_id)."','".Database::escape_string($auto_accept)."','". (intval($max_users) > 1 ? $max_users : 1)."','".Database::escape_string($start_at)."','".Database::escape_string($end_at)."','".Database::escape_string($subscribe_from)."','".Database::escape_string($subscribe_until)."','".Database::escape_string($notes)."','".$timepicker."','".$min."','".$max."','". ($subid == 0 ? 0 : $subid)."')";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
return 0;
}
@ -1126,7 +1126,7 @@ class Rsys {
return 2;
}
$sql = "SELECT timepicker, subscribers FROM ".Rsys :: getTable("reservation")." WHERE id='".$id."'";
$result = Database::fetch_array(api_sql_query($sql, __FILE__, __LINE__));
$result = Database::fetch_array(Database::query($sql, __FILE__, __LINE__));
if ($result[0] == 0 && $result[1] > $max_users) {
return 3;
}
@ -1136,7 +1136,7 @@ class Rsys {
}
if ($auto_accept == 1) {
$sql = "SELECT dummy FROM ".Rsys :: getTable("subscription")." WHERE reservation_id='".$id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM')) {
Rsys :: set_accepted($array[0], 1);
}
@ -1144,7 +1144,7 @@ class Rsys {
$auto_accept = 0;
}
$sql = "UPDATE ".Rsys :: getTable("reservation")." SET item_id='".Database::escape_string($item_id)."',auto_accept='".Database::escape_string($auto_accept)."',max_users='". ($max_users > 1 ? $max_users : 1)."',start_at='".Database::escape_string($start_at)."',end_at='".Database::escape_string($end_at)."',subscribe_from='".Database::escape_string($subscribe_from)."',subscribe_until='".Database::escape_string($subscribe_until)."',notes='".Database::escape_string($notes)."' WHERE id='".$id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
return 0;
}
@ -1155,22 +1155,22 @@ class Rsys {
$id = Database::escape_string($id);
$sql = "SELECT id FROM ".Rsys :: getTable("reservation")."WHERE id='".$id."' OR subid='".$id."'";
$result2 = api_sql_query($sql, __FILE__, __LINE__);
$result2 = Database::query($sql, __FILE__, __LINE__);
while ($arr = Database::fetch_array($result2, 'NUM')) {
$sql = "SELECT s.dummy, s.user_id, i.name, r.start_at, r.end_at
FROM ".Rsys :: getTable("subscription")." s
INNER JOIN ".Rsys :: getTable("reservation")." r ON s.reservation_id = r.id
INNER JOIN ".Rsys :: getTable("item")." i ON r.item_id = i.id
WHERE s.reservation_id='".$arr[0]."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM')) {
$user_info = api_get_user_info($array[1]);
api_send_mail($user_info['mail'], str_replace('#NAME#', $array[2], get_lang("ReservationDeleteTitle")), str_replace('#START#', $array[3], str_replace('#END#', $array[4], str_replace('#NAME#', $array[2], get_lang("ReservationDeleteMessage")))));
$sql = "DELETE FROM ".Rsys :: getTable("subscription")." WHERE dummy='".$array[0]."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
$sql = "DELETE FROM ".Rsys :: getTable("reservation")." WHERE id='".$arr[0]."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
}
@ -1180,7 +1180,7 @@ class Rsys {
where i.id = r.item_id
and r.id = '".$id."'
and i.creator ='".api_get_user_id()."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) != 0)
return 1;
return 0;
@ -1196,7 +1196,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE (cu.user_id='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0)." OR 1=".(Rsys :: is_owner_item("$id")? 1 : 0).") AND r.id='".$id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM'))
$arr[] = $array;
return $arr;
@ -1223,7 +1223,7 @@ class Rsys {
$keyword = Database::escape_string($_GET['keyword']);
$sql .= " AND (i1.name LIKE '%".$keyword."%' or r1.start_at LIKE '%".$keyword."%' or r1.end_at LIKE '%".$keyword."%' or u.lastname LIKE '%".$keyword."%' or u.firstname LIKE '%".$keyword."%' or s.start_at LIKE '%".$keyword."%' or s.end_at LIKE '%".$keyword."%')";
}
return Database::result(api_sql_query($sql, __FILE__, __LINE__), 0, 0);
return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
}
function get_table_subcribed_reservations($from, $per_page, $column, $direction) {
@ -1260,10 +1260,10 @@ class Rsys {
$sql .= " AND (i1.name LIKE '%".$keyword."%' or c.name LIKE '%".$keyword."%' or r1.start_at LIKE '%".$keyword."%' or r1.end_at LIKE '%".$keyword."%' or u.lastname LIKE '%".$keyword."%' or u.firstname LIKE '%".$keyword."%' or s.start_at LIKE '%".$keyword."%' or s.end_at LIKE '%".$keyword."%')";
}
$sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
/*$result = api_sql_query($sql, __FILE__, __LINE__);
/*$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM'))
$arr[] = $array;*/
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM')) {
$row = array();
$row[] = $array[0];
@ -1302,7 +1302,7 @@ class Rsys {
if (isset ($_GET['rid'])) {
$sql .= " WHERE reservation_id = '".intval($_GET['rid'])."'";
}
return Database::result(api_sql_query($sql, __FILE__, __LINE__), 0, 0);
return Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
}
function get_table_waiting_users($from, $per_page, $column, $direction) {
@ -1331,7 +1331,7 @@ class Rsys {
$sql .= " and r.id = '".Database::escape_string($_GET['rid'])."'";
}
$sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr[] = $array;
}
@ -1342,7 +1342,7 @@ class Rsys {
FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)." cl
INNER JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = cl.id
WHERE cu.user_id=".$arr[$count][2]." LIMIT 1";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM')) {
$arr2[] = $array;
}
@ -1384,13 +1384,13 @@ class Rsys {
$id = Database::escape_string($id);
$value = Database::escape_string($value);
$sql = "UPDATE ".Rsys :: getTable('subscription')." SET ACCEPTED='".$value."' WHERE dummy='".$id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$user_info = api_get_user_info($subscription[0]);
$sql = "SELECT name FROM ".Rsys :: getTable('subscription')." s
INNER JOIN ".Rsys :: getTable('reservation')." r ON s.reservation_id = r.id
INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id = i.id
WHERE dummy='".$id."'";
$items = api_sql_query($sql, __FILE__, __LINE__);
$items = Database::query($sql, __FILE__, __LINE__);
$item = Database::fetch_array($items);
$item_name = $item[0];
@ -1399,14 +1399,14 @@ class Rsys {
where id in ( SELECT reservation_id
from ".Rsys :: getTable('subscription')."
where dummy ='".$id."')";
$items = api_sql_query($sql, __FILE__, __LINE__);
$items = Database::query($sql, __FILE__, __LINE__);
$item = Database::fetch_array($items);
if ($item['timepicker'] == '1')
{
$sql = "SELECT start_at, end_at
from ".Rsys :: getTable('subscription')."
where dummy ='".$id."'";
$items = api_sql_query($sql, __FILE__, __LINE__);
$items = Database::query($sql, __FILE__, __LINE__);
$item = Database::fetch_array($items);
}
$begin_datum = $item['start_at'];
@ -1441,7 +1441,7 @@ class Rsys {
$sql = "SELECT id, start_at, end_at FROM ".Rsys :: getTable('reservation')."
WHERE start_at > '".$start_at."' AND id='".$reservation_id."' ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) != 0){
$result2 = Database::fetch_array($result);
$GLOBALS['start_date'] = $result2[1];
@ -1451,7 +1451,7 @@ class Rsys {
$sql = "SELECT id, start_at, end_at FROM ".Rsys :: getTable('reservation')."
WHERE end_at < '".$end_at."' AND id='".$reservation_id."' ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) != 0){
$result2 = Database::fetch_array($result);
$GLOBALS['start_date'] = $result2[1];
@ -1461,7 +1461,7 @@ class Rsys {
$sql = "SELECT * FROM ".Rsys :: getTable('subscription')." WHERE reservation_id='".$reservation_id."' ORDER BY start_at";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result)) {
$GLOBALS['start_date'] = $array[4];
$GLOBALS['end_date'] = $array[5];
@ -1478,7 +1478,7 @@ class Rsys {
end_at < '".$end_at."')OR
(start_at <= '".$start_at."' AND
end_at >= '".$end_at."')) AND reservation_id='".$reservation_id."' ";
$result = Database::fetch_array(api_sql_query($sql, __FILE__, __LINE__));
$result = Database::fetch_array(Database::query($sql, __FILE__, __LINE__));
if (count($result) != 0){
$GLOBALS['start_date'] = $result[1];
$GLOBALS['end_date'] = $result[2];
@ -1500,7 +1500,7 @@ class Rsys {
*/
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) != 0)
return true;
return false;
@ -1517,17 +1517,17 @@ class Rsys {
$accepted = Database::escape_string($accepted);
$sql = "SELECT user_id FROM ".Rsys :: getTable("subscription")." WHERE user_id='".$user_id."' AND reservation_id='".$reservation_id."'";
if (Database::num_rows(api_sql_query($sql, __FILE__, __LINE__)) == 0) {
if (Database::num_rows(Database::query($sql, __FILE__, __LINE__)) == 0) {
$sql = "INSERT INTO ".Rsys :: getTable("subscription")." (user_id,reservation_id,accepted) VALUES ('".Database::escape_string($user_id)."','".Database::escape_string($reservation_id)."','". ($accepted ? '1' : '0')."')";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = "UPDATE ".Rsys :: getTable("reservation")." SET subscribers=subscribers+1 WHERE id='".$reservation_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = "SELECT s.user_id, i.name, r.start_at, r.end_at
FROM ".Rsys :: getTable("subscription")." s
INNER JOIN ".Rsys :: getTable("reservation")." r ON s.reservation_id = r.id
INNER JOIN ".Rsys :: getTable("item")." i ON r.item_id = i.id
WHERE reservation_id='".$reservation_id."' AND user_id='".$user_id."'";
$result = Database::store_result(api_sql_query($sql, __FILE__, __LINE__));
$result = Database::store_result(Database::query($sql, __FILE__, __LINE__));
$user_info = api_get_user_info();
$titel = str_replace('#ITEM#', $result[0][1], get_lang("ReservationMadeTitle"));
$inhoud = str_replace('#ITEM#', $result[0][1], str_replace('#START#', $result[0][2], str_replace('#END#', $result[0][3], get_lang("ReservationMadeMessage"))));
@ -1556,7 +1556,7 @@ class Rsys {
return 3;
}
$sql = "INSERT INTO ".Rsys :: getTable("subscription")." (user_id,reservation_id,accepted,start_at,end_at) VALUES ('".Database::escape_string($user_id)."','".Database::escape_string($reservation_id)."','". ($accepted ? '1' : '0')."','".$start_date."','".$end_date."')";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
return 0;
}
@ -1565,9 +1565,9 @@ class Rsys {
*/
function delete_subscription($reservation_id, $dummy) {
$sql = "DELETE FROM ".Rsys :: getTable("subscription")." WHERE dummy='".Database::escape_string($dummy)."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = "UPDATE ".Rsys :: getTable("reservation")." SET subscribers=subscribers-1 WHERE id='".Database::escape_string($reservation_id)."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/**
@ -1594,7 +1594,7 @@ class Rsys {
INNER JOIN ".Rsys :: getTable("item")." i ON i.id=r.item_id
WHERE s.user_id = '".api_get_user_id()."'";
$sql .= "ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'NUM'))
{ $row = array();
$row[] = $array[0];
@ -1641,7 +1641,7 @@ class Rsys {
INNER JOIN ".Rsys :: getTable("reservation")." r ON r.id = s.reservation_id
INNER JOIN ".Rsys :: getTable("item")." i ON i.id=r.item_id
WHERE s.user_id = '".api_get_user_id()."'";
return @ Database::result(api_sql_query($sql, __FILE__, __LINE__), 0, 0);
return @ Database::result(Database::query($sql, __FILE__, __LINE__), 0, 0);
}
/**
@ -1652,7 +1652,7 @@ class Rsys {
FROM ".Rsys::getTable('reservation')." r
INNER JOIN ".Rsys::getTable('item')." i ON r.item_id=i.id
WHERE i.id='".$item_id."'"; // AND r.subscribe_until < NOW() // TODO: subscribe_until controle
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
while($array=Database::fetch_array($result))
$arr[$array['reservation_id']]=$array['start_at'].' - '.$array['end_at'];
return $arr;
@ -1682,7 +1682,7 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE r.item_id='".$itemid."' AND (((cu.user_id='".api_get_user_id()."' AND ir.view_right=1) OR 1=". (api_is_platform_admin() ? 1 : 0).") AND
(r.start_at<='".$from."' AND r.end_at>='".$from."') OR (r.start_at>='".$from."' AND r.start_at<='".$till."')) ORDER BY start_at ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$max_start_at = -1;
$min_end_at = -1;
$ids = '';
@ -1705,7 +1705,7 @@ class Rsys {
}
$ids = substr($ids, 0, -1);
$sql = "SELECT * FROM ".Rsys :: getTable('subscription')." WHERE reservation_id IN (".$ids.") AND (start_at='0000-00-00 00:00:00' OR (start_at<='".$from."' AND end_at>='".$from."') OR (start_at>='".$from."' AND start_at<='".$till."')) ORDER BY start_at ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result, 'ASSOC')) {
// echo $array['reservation_id'].': '.$array['start_at'].'-'.$array['end_at'].'<br />';
if ($rarr['reservations'][$array['reservation_id']]['info']['timepicker']) {
@ -1730,7 +1730,7 @@ class Rsys {
FROM ".Rsys :: getTable('reservation')." r
INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id=i.id
WHERE r.id NOT IN (SELECT s.reservation_id FROM ".Rsys :: getTable('subscription')." s WHERE r.id=s.reservation_id AND s.user_id='".api_get_user_id()."') AND i.id='".$item_id."'"; // AND r.subscribe_until < NOW() // TODO: subscribe_until controle
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result))
$arr[$array['reservation_id']] = $array['start_at'].' - '.$array['end_at'];
return $arr;
@ -1748,7 +1748,7 @@ class Rsys {
// TODO: only return for current user...
$sql = "SELECT r.*,s.start_at AS tp_start,s.end_at AS tp_end,s.accepted FROM ".Rsys :: getTable('subscription')." s INNER JOIN ".Rsys :: getTable('reservation')." r ON s.reservation_id = r.id WHERE ((r.timepicker=0 AND r.start_at>='".$from."' AND r.end_at<='".$till."') OR (s.start_at>='".$from."' AND s.end_at<='".$till."'))";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($array = Database::fetch_array($result)) {
$arr[] = $array;
if ($arr['timepicker'] == 1) {
@ -1762,7 +1762,7 @@ class Rsys {
{
$item_name = Database::escape_string($item_name);
$sql = "SELECT id FROM ".Rsys :: getTable('item')." WHERE name='".$item_name."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$result_array = Database::fetch_array($result);
return $result_array['id'];
}

2
main/reservation/subscribe.php
Unescape View File

@ -88,7 +88,7 @@ if ($reservation[0][9] < $reservation[0][4]) {
$sql = "SELECT start_at, end_at FROM ".Rsys :: getTable('subscription')."
WHERE reservation_id='".$reservationid."' and end_at > NOW() ORDER BY start_at";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) != 0){
$start_end = "<ul>";
while ($array = Database::fetch_array($result)) {

120
main/resourcelinker/resourcelinker.inc.php
Unescape View File

@ -109,7 +109,7 @@ function show_documents($folder)
$item_property_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$document_table = Database::get_course_table(TABLE_DOCUMENT);
$sql="SELECT * from $document_table, $item_property_table WHERE id=ref AND tool = '".TOOL_DOCUMENT."' AND $visibility AND to_group_id = 0 AND to_user_id IS NULL ORDER BY path ASC";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
while ($row=mysql_fetch_array($result))
{
if (!$folder)
@ -244,7 +244,7 @@ function store_resources($source_type, $source_id)
foreach ($addedresource as $resource_type)
{
$sql="INSERT INTO $resource_table (source_type, source_id, resource_type, resource_id) VALUES ('$source_type', '$source_id', '$resource_type', '".$addedresourceid[key($addedresource)]."')";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
$i=key($addedresource);
next($addedresource);
}
@ -276,31 +276,31 @@ function display_addedresource_link($type, $id, $style='')
{
case 'Agenda':
$TABLEAGENDA = $_course['dbNameGlu'].'calendar_event';
$result = api_sql_query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
echo '<img src="../img/agenda.gif" align="middle" /> <a href="../calendar/agenda.php"'.$styling.'>'.$myrow['title']."</a><br />\n";
break;
case 'Ad_Valvas':
$tbl_announcement = $_course['dbNameGlu'].'announcement';
$result = api_sql_query("SELECT * FROM `$tbl_announcement` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$tbl_announcement` WHERE id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
echo '<img src="../img/valves.gif" align="middle" /> <a href="../announcements/announcements.php"'.$styling.'>'.$myrow['title']."</a><br />\n";
break;
case 'Link':
$TABLETOOLLINK = $_course['dbNameGlu'].'link';
$result = api_sql_query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
echo '<img src="../img/links.gif" align="middle" /> <a href="#" onclick="javascript:window.open(\'../link/link_goto.php?link_id='.$myrow['id'].'&amp;link_url='.urlencode($myrow['url'])."','MyWindow','width=500,height=400,top='+((screen.height-400)/2)+',left='+((screen.width-500)/2)+',scrollbars=1,resizable=1,menubar=1'); return false;\"".$styling.'>'.$myrow['title']."</a><br />\n";
break;
case 'Exercise':
$TBL_EXERCICES = $_course['dbNameGlu'].'quiz';
$result = api_sql_query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
echo '<img src="../img/quiz.gif" align="middle" /> <a href="../exercice/exercice_submit.php?exerciseId='.$myrow['id'].'"'.$styling.'>'.$myrow['title']."</a><br />\n";
break;
case 'Forum':
$TBL_FORUMS = $_course['dbNameGlu'].'bb_forums';
$result = api_sql_query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
echo '<img src="../img/forum.gif" align="middle" /> <a href="../phpbb/viewforum.php?forum='.$myrow['forum_id'].'&amp;md5='.$myrow['md5'].'"'.$styling.'>'.$myrow['forum_name']."</a><br />\n";
break;
@ -308,11 +308,11 @@ function display_addedresource_link($type, $id, $style='')
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$tbl_posts_text = $_course['dbNameGlu'].'bb_posts_text';
$TBL_FORUMS = $_course['dbNameGlu'].'bb_forums';
$result = api_sql_query("SELECT * FROM `$tbl_posts` posts, `$TBL_FORUMS` forum WHERE forum.forum_id=posts.forum_id and post_id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$tbl_posts` posts, `$TBL_FORUMS` forum WHERE forum.forum_id=posts.forum_id and post_id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
// grabbing the title of the post
$sql_title = "SELECT * FROM `$tbl_posts_text` WHERE post_id=".$myrow["post_id"];
$result_title = api_sql_query($sql_title,__FILE__,__LINE__);
$result_title = Database::query($sql_title,__FILE__,__LINE__);
$myrow_title = mysql_fetch_array($result_title);
echo '<img src="../img/forum.gif" align="middle" /> <a href="../phpbb/viewtopic.php?topic='.$myrow['topic_id'].'&amp;forum='.$myrow['forum_id'].'&amp;md5='.$myrow['md5'].'"'.$styling.'>'.$myrow_title['post_title']."</a><br />\n";
break;
@ -320,13 +320,13 @@ function display_addedresource_link($type, $id, $style='')
$tbl_post = Database::get_course_table(TABLE_FORUM_POST);
$tbl_post_text = Database::get_course_table(TOOL_FORUM_POST_TEXT_TABLE);
$sql = "SELECT * FROM $tbl_post p, $tbl_post_text t WHERE p.post_id = t.post_id AND p.post_id = $id";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$post = mysql_fetch_object($result);
echo '<img src="../img/forum.gif" align="middle" /> <a href="../phpbb/viewtopic.php?topic='.$post->topic_id.'&amp;forum='.$post->forum_id.'"'.$styling.'>'.$post->post_title."</a><br />\n";
break;
case 'Document':
$dbTable = $_course['dbNameGlu'].'document';
$result = api_sql_query("SELECT * FROM `$dbTable` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$dbTable` WHERE id=$id",__FILE__,__LINE__);
$myrow = mysql_fetch_array($result);
$pathname = explode('/',$myrow['path']); // making a correct name for the link
$last = count($pathname) - 1; // making a correct name for the link
@ -378,11 +378,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
{
case "Agenda":
$TABLEAGENDA = $_course['dbNameGlu']."calendar_event";
$result = api_sql_query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
$desc=$row['description'];
$agenda_id=$row['item_id'];
@ -427,11 +427,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Ad_Valvas":
$tbl_announcement = $_course['dbNameGlu']."announcement";
$result = api_sql_query("SELECT * FROM `$tbl_announcement` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$tbl_announcement` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["content"]=$row['title']; }
$desc=$row['description'];
$ann_id=$row['item_id'];
@ -486,11 +486,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Link" :
$TABLETOOLLINK = $_course['dbNameGlu']."link";
$result= api_sql_query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -544,14 +544,14 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Exercise":
$TBL_EXERCICES = $_course['dbNameGlu'].'quiz';
$result= api_sql_query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
if ($builder=='builder') { $origin='builder'; }
//this is needed for the exercise_submit.php can delete the session info about tests
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -600,7 +600,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "HotPotatoes":
$TBL_DOCUMENT = $_course['dbNameGlu'].'document';
$documentPath=api_get_path('SYS_COURSE_PATH').$_course['path'].'/document';
$result = api_sql_query("SELECT * FROM `".$TBL_DOCUMENT."` WHERE id=$id");
$result = Database::query("SELECT * FROM `".$TBL_DOCUMENT."` WHERE id=$id");
$myrow= mysql_fetch_array($result);
$path=$myrow["path"];
$name=GetQuizName($path,$documentPath);
@ -609,7 +609,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
//this is needed for the exercise_submit.php can delete the session info about tests
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -657,11 +657,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Forum":
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$result= api_sql_query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["forum_name"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -710,11 +710,11 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$sql="SELECT * FROM `$tbl_topics` where topic_id=$id";
$result= api_sql_query($sql,__FILE__,__LINE__);
$result= Database::query($sql,__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["topic_title"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -761,15 +761,15 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$tbl_posts_text = $_course['dbNameGlu'].'bb_posts_text';
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$result= api_sql_query("SELECT * FROM `$tbl_posts` where post_id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$tbl_posts` where post_id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
// grabbing the title of the post
$sql_titel="SELECT * FROM `$tbl_posts_text` WHERE post_id=".$myrow["post_id"];
$result_titel=api_sql_query($sql_titel,__FILE__,__LINE__);
$result_titel=Database::query($sql_titel,__FILE__,__LINE__);
$myrow_titel=mysql_fetch_array($result_titel);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow_titel["post_title"]=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -822,7 +822,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Document":
$dbTable = $_course['dbNameGlu']."document";
$result=api_sql_query("SELECT * FROM `$dbTable` WHERE id=$id",__FILE__,__LINE__);
$result=Database::query("SELECT * FROM `$dbTable` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$pathname=explode("/",$myrow["path"]); // making a correct name for the link
@ -844,7 +844,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
$image=choose_image($filename);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $filename=$row['title']; }
$desc=$row['description'];
@ -888,7 +888,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Assignments":
$name=get_lang('Assignments');
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -935,7 +935,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Dropbox":
$name=get_lang('Dropbox');
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -972,7 +972,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Introduction_text":
$name=get_lang('IntroductionText');
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -1011,7 +1011,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Course_description":
$name=get_lang('CourseDescription');
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -1049,7 +1049,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Groups":
$name=get_lang('Groups');
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -1086,7 +1086,7 @@ function display_addedresource_link_in_learnpath($type, $id, $completed, $id_in_
case "Users":
$name=get_lang('Users');
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $name=$row['title']; }
$desc=$row['description'];
echo str_repeat("&nbsp;&gt;",$level);
@ -1151,11 +1151,11 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
{
case "Agenda":
$TABLEAGENDA = $_course['dbNameGlu']."calendar_event";
$result = api_sql_query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM `$TABLEAGENDA` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
$desc=$row['description'];
$agenda_id=$row['item_id'];
@ -1172,7 +1172,7 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Ad_Valvas":
$tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT);
$result = api_sql_query("SELECT * FROM $tbl_announcement WHERE id=$id",__FILE__,__LINE__);
$result = Database::query("SELECT * FROM $tbl_announcement WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
if ($builder != 'builder')
@ -1187,11 +1187,11 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Link" :
$TABLETOOLLINK = $_course['dbNameGlu']."link";
$result= api_sql_query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TABLETOOLLINK` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$thelink=$myrow["url"];
if ($builder != 'builder')
@ -1206,14 +1206,14 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Exercise":
$TBL_EXERCICES = $_course['dbNameGlu'].'quiz';
$result= api_sql_query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TBL_EXERCICES` WHERE id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
if ($builder=='builder') { $origin='builder'; }
//this is needed for the exercise_submit.php can delete the session info about tests
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["title"]=$row['title']; }
if ($builder != 'builder')
@ -1229,7 +1229,7 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "HotPotatoes":
$TBL_DOCUMENT = $_course['dbNameGlu'].'document';
$documentPath=api_get_path('SYS_COURSE_PATH').$_course['path'].'/document';
$result = api_sql_query("SELECT * FROM `".$TBL_DOCUMENT."` WHERE id=$id");
$result = Database::query("SELECT * FROM `".$TBL_DOCUMENT."` WHERE id=$id");
$myrow= mysql_fetch_array($result);
$path=$myrow["path"];
$name=GetQuizName($path,$documentPath);
@ -1250,13 +1250,13 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Forum":
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$result= api_sql_query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$TBL_FORUMS` WHERE forum_id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
if ($builder=='builder') { $origin='builder'; }
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow["forum_name"]=$row['title']; }
if ($myrow["forum_name"]=='') { $type="Forum"; }
@ -1277,11 +1277,11 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$sql="SELECT * FROM `$tbl_topics` where topic_id=$id";
$result= api_sql_query($sql,__FILE__,__LINE__);
$result= Database::query($sql,__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($builder != 'builder')
{
@ -1298,15 +1298,15 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
$tbl_posts = $_course['dbNameGlu'].'bb_posts';
$tbl_posts_text = $_course['dbNameGlu'].'bb_posts_text';
$TBL_FORUMS = $_course['dbNameGlu']."bb_forums";
$result= api_sql_query("SELECT * FROM `$tbl_posts` where post_id=$id",__FILE__,__LINE__);
$result= Database::query("SELECT * FROM `$tbl_posts` where post_id=$id",__FILE__,__LINE__);
$myrow=mysql_fetch_array($result);
// grabbing the title of the post
$sql_titel="SELECT * FROM `$tbl_posts_text` WHERE post_id=".$myrow["post_id"];
$result_titel=api_sql_query($sql_titel,__FILE__,__LINE__);
$result_titel=Database::query($sql_titel,__FILE__,__LINE__);
$myrow_titel=mysql_fetch_array($result_titel);
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($row['title'] != '') { $myrow_titel["post_title"]=$row['title']; }
$desc=$row['description'];
$link .= str_repeat("&nbsp;&gt;",$level);
@ -1329,7 +1329,7 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
case "Document":
$dbTable = $_course['dbNameGlu']."document";
$result=api_sql_query("SELECT * FROM `$dbTable` WHERE id=$id",__FILE__,__LINE);
$result=Database::query("SELECT * FROM `$dbTable` WHERE id=$id",__FILE__,__LINE);
$myrow=mysql_fetch_array($result);
$pathname=explode("/",$myrow["path"]); // making a correct name for the link
@ -1337,7 +1337,7 @@ function get_addedresource_link_in_learnpath($type, $id, $id_in_path)
$filename=$pathname[$last]; // making a correct name for the link
$sql="select * from $tbl_learnpath_item where id=$id_in_path";
$result=api_sql_query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
$result=Database::query($sql,__FILE__,__LINE__); $row=mysql_fetch_array($result);
if ($builder != 'builder')
{
@ -1449,7 +1449,7 @@ function delete_one_added_resource($source_type, $source_id, $resource_type, $re
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="DELETE FROM `$TABLERESOURCE` WHERE source_type='$source_type' and source_id='$source_id' and resource_type='$resource_type' and resource_id='$resource_id'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
/**
@ -1461,7 +1461,7 @@ function delete_added_resource($type, $id)
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="DELETE FROM `$TABLERESOURCE` WHERE source_type='$type' and source_id='$id'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
/**
@ -1475,7 +1475,7 @@ function delete_all_resources_type($type)
$sql="DELETE FROM `$TABLERESOURCE` WHERE source_type='$type'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
/**
@ -1486,7 +1486,7 @@ function check_added_resources($type, $id)
global $_course, $origin;
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="SELECT * FROM `$TABLERESOURCE` WHERE source_type='$type' and source_id='$id'";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$number_added=mysql_num_rows($result);
if ($number_added<>0)
return true;
@ -1505,7 +1505,7 @@ function edit_added_resources($type, $id)
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="SELECT * FROM `$TABLERESOURCE` WHERE source_type='$type' and source_id=$id";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
while ($row=mysql_fetch_array($result))
{
$addedresource[]=$row["resource_type"];
@ -1527,7 +1527,7 @@ function update_added_resources($type, $id)
// delete all the added resources for this item in the database;
$sql="DELETE FROM `$TABLERESOURCE` WHERE source_type='$type' AND source_id='$id'";
//echo $sql;
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
// store the resources from the session into the database
store_resources($type, $id);
@ -1548,7 +1548,7 @@ function display_added_resources($type, $id, $style='')
$TABLERESOURCE = $_course['dbNameGlu']."resource";
$sql="SELECT * FROM `$TABLERESOURCE` WHERE source_type='$type' and source_id='$id'";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
while ($row=mysql_fetch_array($result))
{
if ($origin != 'learnpath')

48
main/resourcelinker/resourcelinker.php
Unescape View File

@ -124,12 +124,12 @@ if (!empty ($_POST['add_chapter']) && !empty ($_POST['title']))
// get max display_order so far in this parent chapter
$sql = "SELECT MAX(display_order) FROM $tbl_learnpath_chapter WHERE learnpath_id = $learnpath_id "." AND parent_chapter_id = $chapter_id";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_array($res);
$max_temp = $row[0];
$sql = "SELECT MAX(display_order) FROM $tbl_learnpath_item WHERE "." chapter_id = $chapter_id";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_array($res);
$max_temp2 = $row[0];
if ($max_temp2 > $max_temp)
@ -142,7 +142,7 @@ if (!empty ($_POST['add_chapter']) && !empty ($_POST['title']))
}
$sql = "INSERT INTO $tbl_learnpath_chapter "."(learnpath_id,chapter_name,chapter_description,parent_chapter_id,display_order) "." VALUES "."($learnpath_id, '$title', '$description', $chapter_id, $order )";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
if ($res !== false)
{
$title = '';
@ -164,7 +164,7 @@ if (!empty ($_POST['external_link_submit']))
}
$sql = "INSERT INTO $link_table (url, title, category_id) VALUES ('$external_link','$external_link','$add_2_links')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$addedresource[] = "Link";
$addedresourceid[] = mysql_insert_id();
$_SESSION['addedresource'] = $addedresource;
@ -209,7 +209,7 @@ if ($add)
$i = 0;
//calculating the last order of the items of this chapter
$sql = "SELECT MAX(display_order) FROM $tbl_learnpath_item WHERE chapter_id=$chapter_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if(mysql_num_rows($result)==0){
$lastorder_item = 0;
}else{
@ -217,7 +217,7 @@ if ($add)
$lastorder_item = ($row[0]);
}
$sql = "SELECT MAX(display_order) FROM $tbl_learnpath_chapter WHERE parent_chapter_id=$chapter_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if(mysql_num_rows($result)==0){
$lastorder_chapter = 0;
}else{
@ -232,7 +232,7 @@ if ($add)
if ($addedresource_item == "Chap")
{
$sql = "INSERT INTO $tbl_learnpath_chapter ("."'learnpath_id','chapter_name','chapter_description','parent_chapter_id','display_order'".") VALUES (".$learnpath_id.",'".$learnpath_chapter_name."','".$learnpath_chapter_description."',".$chapter_id.",".$lastorder.")";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
if (!$addedresourceassigned[$i])
@ -271,7 +271,7 @@ if ($add)
$addedresource_item .= ' '.$target;
}
$sql = "INSERT INTO $tbl_learnpath_item (id, chapter_id, item_type, item_id, display_order) VALUES ( '$autoid', '$chapter_id', '$addedresource_item','$addedresourceid[$i]','".$lastorder."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$addedresourceassigned[$i] = 1;
$resource_added = true;
}
@ -402,12 +402,12 @@ else
{
$learnpath_select_query = " SELECT * FROM $tbl_learnpath_main
WHERE learnpath_id=$learnpath_id";
$sql_result = api_sql_query($learnpath_select_query);
$sql_result = Database::query($learnpath_select_query);
$therow = mysql_fetch_array($sql_result);
$learnpath_chapter_query = " SELECT * FROM $tbl_learnpath_chapter
WHERE (learnpath_id = '$learnpath_id' and id = '$chapter_id')";
$sql_result = api_sql_query($learnpath_chapter_query);
$sql_result = Database::query($learnpath_chapter_query);
$therow2 = mysql_fetch_array($sql_result);
$from_learnpath = 'yes';
@ -442,7 +442,7 @@ echo "</h3>";
$active_modules=array();
$tool_table = Database::get_course_table(TABLE_TOOL_LIST);
$sql_select_active="SELECT * FROM $tool_table WHERE visibility='1'";
$result_select_active=api_sql_query($sql_select_active);
$result_select_active=Database::query($sql_select_active);
while ($row=mysql_fetch_array($result_select_active))
{
$active_modules[]=$row['name'];
@ -651,7 +651,7 @@ if ($content == "Agenda")
AND `toolitemproperties`.`to_group_id`='0'
AND `toolitemproperties`.`visibility`='1'";
$result = api_sql_query($sql);
$result = Database::query($sql);
while ($myrow = mysql_fetch_array($result))
{
@ -722,7 +722,7 @@ if ($content == "Ad_Valvas")
$tbl_announcement = Database :: get_course_table(TABLE_ANNOUNCEMENT);
$sql = "SELECT * FROM ".$tbl_announcement." a, ".$item_property_table." i WHERE i.tool = '".TOOL_ANNOUNCEMENT."' AND a.id=i.ref AND i.visibility='1' AND i.to_group_id = 0 AND i.to_user_id IS NULL ORDER BY a.display_order ASC";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
while ($myrow = mysql_fetch_array($result))
{
echo "<table width=\"100%\"><tr><td>";
@ -754,7 +754,7 @@ if ($content == "Forum")
if (!$forum and !$thread)
{
$sql = "SELECT * FROM ".$TBL_FORUMS." forums, ".$TBL_CATAGORIES." categories WHERE forums.cat_id=categories.cat_id ORDER BY forums.cat_id DESC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($myrow = mysql_fetch_array($result))
{
if ($myrow["cat_title"] !== $old_cat_title)
@ -772,13 +772,13 @@ if ($content == "Forum")
{
// displaying the category title
$sql = "SELECT * FROM ".$TBL_CATAGORIES." WHERE cat_id=$category";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$myrow = mysql_fetch_array($result);
echo "<tr><td bgcolor='#4171B5' colspan='2'><font color='white'><b>".$myrow["cat_title"]."</b></font></td></tr>";
// displaying the forum title
$sql = "SELECT * FROM ".$TBL_FORUMS." forums, ".$TBL_FORUMTOPICS." topics WHERE forums.forum_id=topics.forum_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$myrow = mysql_fetch_array($result);
echo "<tr><td bgcolor='#cccccc' colspan='2'><b>".$myrow["forum_name"]."</b></td></tr>";
@ -786,7 +786,7 @@ if ($content == "Forum")
{
// displaying all the threads of this forum
$sql = "SELECT * FROM ".$TBL_FORUMTOPICS." WHERE forum_id=$forum";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($myrow = mysql_fetch_array($result))
{
echo "<tr><td><a href='".api_get_self()."?content=Forum&category=$category&forum=1&thread=".$myrow["topic_id"]."&action=$action&learnpath_id=$learnpath_id&chapter_id=$chapter_id&originalresource=no'>".$myrow["topic_title"]."</a> (".$myrow["prenom"]." ".$myrow["nom"].")</td><td>";
@ -798,7 +798,7 @@ if ($content == "Forum")
{
// displaying all the replies
$sql = "SELECT * FROM ".$tbl_posts." post, ".$tbl_posts_text." post_text WHERE post_text.post_id=post.post_id and post.topic_id=$thread ORDER BY post_text.post_id ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($myrow = mysql_fetch_array($result))
{
echo "<tr><td><b>".$myrow["post_title"]."</b><br>";
@ -845,7 +845,7 @@ if ($content == "Link")
// showing the links that are in the root (having no category)
$sql = "SELECT * FROM ".$link_table.", ".$item_property_table." WHERE (category_id=0 or category_id IS NULL) AND tool = '".TOOL_LINK."' AND id=ref AND visibility='1'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) > 0)
{
echo "<table width=\"100%\"><tr><td bgcolor=\"#E6E6E6\"><i>".get_lang('NoCategory')."</i></td></tr></table>";
@ -860,12 +860,12 @@ if ($content == "Link")
// showing the categories and the links in it.
$sqlcategories = "SELECT * FROM ".$tbl_categories." ORDER by display_order DESC";
$resultcategories = api_sql_query($sqlcategories) or die;
$resultcategories = Database::query($sqlcategories) or die;
while ($myrow = @ mysql_fetch_array($resultcategories))
{
$sql_links = "SELECT * FROM ".$link_table.", ".$item_property_table." WHERE category_id='".$myrow["id"]."' AND tool = '".TOOL_LINK."' AND id=ref AND visibility='1' ORDER BY display_order DESC";
echo "<table width=\"100%\"><tr><td bgcolor=\"#E6E6E6\"><i>".$myrow["category_title"]."</i></td></tr></table>";
$result_links = api_sql_query($sql_links, __FILE__, __LINE__);
$result_links = Database::query($sql_links, __FILE__, __LINE__);
while ($myrow = mysql_fetch_array($result_links))
{
echo "<img src='../img/links.gif' />".$myrow["title"];
@ -884,7 +884,7 @@ if ($content == "Link")
if (($content == "Exercise") or ($content == "HotPotatoes"))
{
$TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST);
$result = api_sql_query("SELECT * FROM ".$TBL_EXERCICES." WHERE active='1' ORDER BY id ASC");
$result = Database::query("SELECT * FROM ".$TBL_EXERCICES." WHERE active='1' ORDER BY id ASC");
while ($myrow = mysql_fetch_array($result))
{
echo "<img src='../img/quiz.gif'>".$myrow["title"]."<br>";
@ -898,7 +898,7 @@ if (($content == "Exercise") or ($content == "HotPotatoes"))
$TBL_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT);
$documentPath = api_get_path('SYS_COURSE_PATH').$_course['path'].'/document';
$sql = "SELECT * FROM ".$TBL_DOCUMENT." WHERE (path LIKE '%htm%' OR path LIKE '%html%') AND path LIKE '".$uploadPath."/%/%' ORDER BY `id` ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($myrow = mysql_fetch_array($result))
{
$path = $myrow["path"];
@ -943,7 +943,7 @@ if ($content == "Externallink")
$tbl_categories = Database::get_course_table(TABLE_LINK_CATEGORY);
$sql = "SELECT * FROM `$tbl_categories` ORDER BY display_order ASC";
echo $sql;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_array($result))
{
echo "<option value='".$row["id"]."'>".$row["category_title"]."</option>";

4
main/search/search_suggestions.php
Unescape View File

@ -15,7 +15,7 @@ function get_suggestions_from_search_engine($q) {
$sql_add = " AND course_code = '".$cid."' ";
}
$sql = "SELECT * FROM $table_sfv where value LIKE '%$q%'".$sql_add." ORDER BY course_code, tool_id, ref_id, field_id";
$sql_result = api_sql_query($sql,__FILE__,__LINE__);
$sql_result = Database::query($sql,__FILE__,__LINE__);
$data = array();
$i = 0;
while ($row = Database::fetch_array($sql_result)) {
@ -36,7 +36,7 @@ function get_suggestions_from_search_engine($q) {
$output = array();
$field_val = array();
$sql2 = "SELECT * FROM $table_sfv where course_code = '$cc' AND tool_id = '$ti' AND ref_id = '$ri' ORDER BY field_id";
$res2 = api_sql_query($sql2,__FILE__,__LINE__);
$res2 = Database::query($sql2,__FILE__,__LINE__);
// TODO this code doesn't manage multiple terms in one same field just yet (should duplicate results in this case)
$field_id = 0;
while ($row2 = Database::fetch_array($res2)) {

2
main/social/profile.php
Unescape View File

@ -373,7 +373,7 @@ function get_logged_user_course_html($my_course, $count) {
FROM '.$tbl_session.' ts LEFT JOIN '.$main_user_table .' tu
ON ts.id_coach = tu.user_id
WHERE ts.id='.(int) $my_course['id_session']. ' LIMIT 1';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$sessioncoach = Database::store_result($rs);
$sessioncoach = $sessioncoach[0];

38
main/survey/fillsurvey.php
Unescape View File

@ -93,7 +93,7 @@ if ($invitationcode == "auto" && isset($_GET['scode'])){
$autoInvitationcode = "auto-$userid-".$scode; //new invitation code from userid
// the survey code must exist in this course, or the URL is invalid
$sql = "SELECT * FROM $table_survey WHERE code='" . $scode . "'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (Database :: num_rows($result) > 0){ // ok
// check availability
$row = Database :: fetch_array($result, 'ASSOC'); //
@ -101,11 +101,11 @@ if ($invitationcode == "auto" && isset($_GET['scode'])){
check_time_availability($tempdata); //exit if survey not available anymore
// check for double invitation records (insert should be done once)
$sql = "SELECT user from $table_survey_invitation where invitation_code = '".Database::escape_string($autoInvitationcode)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (Database :: num_rows($result) == 0){ // ok
$sql = "insert into $table_survey_invitation (survey_code,user, invitation_code, invitation_date) ";
$sql .= " values (\"$scode\", \"$userid\", \"$autoInvitationcode\", now())";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
// from here we use the new invitationcode auto-userid-surveycode string
$_GET['invitationcode'] = $autoInvitationcode;
@ -116,7 +116,7 @@ if ($invitationcode == "auto" && isset($_GET['scode'])){
// now we check if the invitationcode is valid
$sql = "SELECT * FROM $table_survey_invitation WHERE invitation_code = '" . Database :: escape_string($invitationcode) . "'";
$result = api_sql_query($sql, __FILE__, false); // false=suppress errors
$result = Database::query($sql, __FILE__, false); // false=suppress errors
if (Database::num_rows($result) < 1)
{
Display :: display_error_message(get_lang('WrongInvitationCode'), false);
@ -136,7 +136,7 @@ if ($survey_invitation['answered'] == 1 && !isset($_GET['user_id']))
// checking if there is another survey with this code.
// If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_invitation['survey_code'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) > 1)
{
@ -179,7 +179,7 @@ if (count($_POST)>0)
{
// getting all the types of the question (because of the special treatment of the score question type
$sql = "SELECT * FROM $table_survey_question WHERE survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result,'ASSOC'))
{
@ -222,7 +222,7 @@ if (count($_POST)>0)
if ($types[$survey_question_id] == 'percentage')
{
$sql = "SELECT * FROM $table_survey_question_option WHERE question_option_id='".Database::escape_string($value)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result,'ASSOC');
$option_value = $row['option_text'];
} else {
@ -253,7 +253,7 @@ if (count($_POST)>0)
WHERE survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'
AND survey_group_pri='0' $shuffle
";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
// there is only one question type for conditional surveys
while ($row = Database::fetch_array($result,'ASSOC'))
{
@ -271,7 +271,7 @@ if (count($_POST)>0)
// we select the correct answer and the puntuacion
$sql = "SELECT value FROM $table_survey_question_option " .
" WHERE question_option_id='".Database::escape_string($value)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result,'ASSOC');
$option_value = $row['value'];
//$option_value = 0;
@ -569,7 +569,7 @@ if ($survey_data['form_fields'] && $survey_data['anonymous'] == 0 && is_array($u
// remove trailing , from the query we have so far
$sql = rtrim($sql, ',');
$sql .= " WHERE user_id = '" . $user_id . "'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
//update the extra fields
if (is_array($extras)) {
foreach ($extras as $key => $value) {
@ -634,7 +634,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
$sql = "SELECT * FROM $table_survey_question
WHERE survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'
ORDER BY sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result,'ASSOC'))
{
if($row['type'] == 'pagebreak')
@ -682,7 +682,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
ORDER BY survey_question.sort, survey_question_option.sort ASC";
}
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$question_counter_max = Database::num_rows($result);
$counter = 0;
$limit=0;
@ -734,7 +734,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
ORDER BY survey_group_pri
";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database :: fetch_array($result)) {
$answer_list['value']=$row['value'];
$answer_list['group']=$row['survey_group_pri'];
@ -755,7 +755,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
GROUP BY temp.survey_group_pri
ORDER BY temp.survey_group_pri";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
$list['value']=$row['value'];
@ -955,7 +955,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
WHERE survey_id = '".$my_survey_id."'
AND ($secondary )
ORDER BY sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$counter=0;
while ($row = Database::fetch_array($result,'ASSOC'))
{
@ -1005,7 +1005,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
AND survey_question.question_id IN (".implode(',',$paged_questions_sec[$val]).")
ORDER $shuffle ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$question_counter_max = Database::num_rows($result);
$counter = 0;
$limit=0;
@ -1069,7 +1069,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
AND survey_group_sec1='0' AND survey_group_sec2='0'
ORDER ".$order_sql." ";
//echo "<br>";echo "<br>";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$counter=0;
while ($row = Database::fetch_array($result,'ASSOC'))
{
@ -1124,7 +1124,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
WHERE survey_question.survey_id = '" . Database :: escape_string($survey_invitation['survey_id']) . "'
AND survey_question.question_id IN (" .$imploded. ")
ORDER $order_sql ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$question_counter_max = Database :: num_rows($result);
}
}
@ -1167,7 +1167,7 @@ if ( isset($_GET['show']) || isset($_POST['personality']))
// selecting the maximum number of pages
$sql = "SELECT * FROM $table_survey_question WHERE type='".Database::escape_string('pagebreak')."' AND survey_id='".Database::escape_string($survey_invitation['survey_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$numberofpages = Database::num_rows($result) + 1;
// Displaying the form with the questions

6
main/survey/preview.php
Unescape View File

@ -118,7 +118,7 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView']=='
$sql = "SELECT * FROM $table_survey_question
WHERE survey_id = '".Database::escape_string($survey_id)."'
ORDER BY sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
@ -143,7 +143,7 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView']=='
AND survey_question.question_id IN (".Database::escape_string(implode(',',$paged_questions[$_GET['show']])).")
ORDER BY survey_question.sort, survey_question_option.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$question_counter_max = Database::num_rows($result);
$counter = 0;
$limit=0;
@ -172,7 +172,7 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView']=='
}
// selecting the maximum number of pages
$sql = "SELECT * FROM $table_survey_question WHERE type='".Database::escape_string('pagebreak')."' AND survey_id='".Database::escape_string($survey_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$numberofpages = Database::num_rows($result) + 1;
// Displaying the form with the questions
if (isset($_GET['show']))

2
main/survey/question.php
Unescape View File

@ -89,7 +89,7 @@ if (api_strlen(strip_tags($survey_data['title'])) > 40) {
if($survey_data['survey_type']==1) {
$sql = 'SELECT id FROM '.Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP).' WHERE survey_id = '.(int)$_GET['survey_id'].' LIMIT 1';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($rs)===0) {
header('Location: survey.php?survey_id='.(int)$_GET['survey_id'].'&message='.'YouNeedToCreateGroups');
exit;

6
main/survey/survey.download.inc.php
Unescape View File

@ -46,7 +46,7 @@ function check_download_survey($course, $invitation, $doc_url) {
// now we check if the invitationcode is valid
$sql = "SELECT * FROM $table_survey_invitation WHERE invitation_code = '".Database::escape_string($invitation)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) < 1)
{
Display :: display_error_message(get_lang('WrongInvitationCode'), false);
@ -72,7 +72,7 @@ function check_download_survey($course, $invitation, $doc_url) {
// If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_invitation['survey_code'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) > 1)
{
if ($_POST['language'])
@ -115,7 +115,7 @@ function check_download_survey($course, $invitation, $doc_url) {
and (
option_text LIKE '%$doc_url%'
)";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) == 0)
{

192
main/survey/survey.lib.php
Unescape View File

@ -68,7 +68,7 @@ class survey_manager
}
$sql = "SELECT * FROM $table_survey WHERE survey_id='".Database::escape_string($survey_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$return = array();
if (Database::num_rows($result)> 0) {
@ -125,7 +125,7 @@ class survey_manager
{
// check if the code doesn't soon exists in this language
$sql = 'SELECT 1 FROM '.$table_survey.' WHERE code="'.Database::escape_string($values['survey_code']).'" AND lang="'.Database::escape_string($values['survey_language']).'"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
if(Database::num_rows($rs)>0)
{
$return['message'] = 'ThisSurveyCodeSoonExistsInThisLanguage';
@ -200,10 +200,10 @@ class survey_manager
{
$additional['columns'] .= ', survey_version';
$sql = 'SELECT survey_version FROM '.$table_survey.' WHERE parent_id = '.Database::escape_string($values['parent_id']).' ORDER BY survey_version DESC LIMIT 1';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($rs)===0) {
$sql = 'SELECT survey_version FROM '.$table_survey.' WHERE survey_id = '.Database::escape_string($values['parent_id']);
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
$getversion = Database::fetch_array($rs,ASSOC);
if(empty($getversion['survey_version']))
{
@ -255,7 +255,7 @@ class survey_manager
'".Database::escape_string($values['anonymous'])."'".$additional['values'].",
".intval($_SESSION['id_session'])."
)";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$survey_id = Database::insert_id();
if($values['survey_type']==1 && !empty($values['parent_id'])){
survey_manager::copy_survey($values['parent_id'],$survey_id);
@ -272,7 +272,7 @@ class survey_manager
// check if the code doesn't soon exists in this language
$sql = 'SELECT 1 FROM '.$table_survey.' WHERE code="'.Database::escape_string($values['survey_code']).'" AND lang="'.Database::escape_string($values['survey_language']).'" AND survey_id!='.intval($values['survey_id']);
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
if(Database::num_rows($rs)>0)
{
$return['message'] = 'ThisSurveyCodeSoonExistsInThisLanguage';
@ -333,7 +333,7 @@ class survey_manager
surveythanks = '".Database::escape_string($values['survey_thanks'])."',
anonymous = '".Database::escape_string($values['anonymous'])."'".$additionalsets."
WHERE survey_id = '".Database::escape_string($values['survey_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
//$return['message'] = get_lang('SurveyUpdatedSuccesfully').'<br />'.get_lang('YouCanNowAddQuestionToYourSurvey').': ';
//$return['message'] .= '<a href="survey.php?survey_id='.$values['survey_id'].'">'.get_lang('Here').'</a>';
@ -376,7 +376,7 @@ class survey_manager
'".Database::escape_string($values['survey_thanks'])."',
'".date('Y-m-d H:i:s')."',
'".$_course['id']."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$return = Database::insert_id();
}
else
@ -391,7 +391,7 @@ class survey_manager
intro = '".Database::escape_string($values['survey_introduction'])."',
surveythanks = '".Database::escape_string($values['survey_thanks'])."'
WHERE survey_id = '".Database::escape_string($values['survey_share']['survey_share'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$return = $values['survey_share']['survey_share'];
}
return $return;
@ -418,11 +418,11 @@ class survey_manager
// deleting the survey
$sql = "DELETE from $table_survey WHERE survey_id='".Database::escape_string($survey_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
// deleting groups of this survey
$sql = "DELETE from $table_survey_question_group WHERE survey_id='".Database::escape_string($survey_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
// deleting the questions of the survey
survey_manager::delete_all_survey_questions($survey_id, $shared);
@ -440,33 +440,33 @@ class survey_manager
$parent_survey = Database::escape_string($parent_survey);
//get groups
$sql = "SELECT * from $table_survey_question_group WHERE survey_id='".$parent_survey."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
if(Database::num_rows($res)===0) return true;
while($row = Database::fetch_array($res,ASSOC)){
$sql1 = 'INSERT INTO '.$table_survey_question_group.' (name,description,survey_id) VALUES (\''.Database::escape_string($row['name']).'\',\''.Database::escape_string($row['description']).'\',\''.$new_survey_id.'\')';
$res1 = api_sql_query($sql1, __FILE__, __LINE__);
$res1 = Database::query($sql1, __FILE__, __LINE__);
$group_id[$row['id']] = Database::insert_id();
}
//get questions
$sql = "SELECT * FROM $table_survey_question WHERE survey_id='".$parent_survey."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
while($row = Database::fetch_array($res,ASSOC)){
$sql2 = 'INSERT INTO '.$table_survey_question.' (survey_id,survey_question,survey_question_comment,type,display,sort,shared_question_id,max_value,survey_group_pri,survey_group_sec1,survey_group_sec2) VALUES '.
'(\''.$new_survey_id.'\',\''.Database::escape_string($row['survey_question']).'\',\''.Database::escape_string($row['survey_comment']).'\',\''.$row['type'].'\',\''.$row['display'].'\',\''.$row['sort'].'\',\''.$row['shared_question_id'].'\',\''.$row['max_value'].
'\',\''.$group_id[$row['survey_group_pri']].'\',\''.$group_id[$row['survey_group_sec1']].'\',\''.$group_id[$row['survey_group_sec2']].'\')';
$res2 = api_sql_query($sql2, __FILE__, __LINE__);
$res2 = Database::query($sql2, __FILE__, __LINE__);
$question_id[$row['question_id']] = Database::insert_id();
}
//get questions options
$sql = "SELECT * FROM $table_survey_options WHERE survey_id='".$parent_survey."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
while($row = Database::fetch_array($res,ASSOC)){
$sql3 = 'INSERT INTO '.$table_survey_options.' (question_id,survey_id,option_text,sort,value) VALUES ('.
"'".$question_id[$row['question_id']]."','".$new_survey_id."','".Database::escape_string($row['option_text'])."','".$row['sort']."','".$row['value']."')";
$res3 = api_sql_query($sql3, __FILE__, __LINE__);
$res3 = Database::query($sql3, __FILE__, __LINE__);
}
return true;
}
@ -495,13 +495,13 @@ class survey_manager
}
$sql = 'DELETE FROM '.$table_survey_invitation.' WHERE survey_code = "'.Database::escape_string($datas['code']).'" '.$session_where.' ';
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = 'DELETE FROM '.$table_survey_answer.' WHERE survey_id='.intval($survey_id);
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = 'UPDATE '.$table_survey.' SET invited=0, answered=0 WHERE survey_id='.intval($survey_id);
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
return true;
}
@ -529,11 +529,11 @@ class survey_manager
// storing this value in the survey table
$sql = "UPDATE $table_survey SET answered = '".Database::escape_string($number)."' WHERE survey_id = '".Database::escape_string($survey_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
// storing that the user has finished the survey.
$sql = "UPDATE $table_survey_invitation SET answered='1' WHERE session_id='".api_get_session_id()."' AND user='".Database::escape_string($user)."' AND survey_code='".Database::escape_string($survey_code)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
}
/**
@ -630,7 +630,7 @@ class survey_manager
// getting the information of the question
$sql = "SELECT * FROM $tbl_survey_question WHERE question_id='".Database::escape_string($question_id)."' ORDER BY `sort`";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result,'ASSOC');
$return['survey_id'] = $row['survey_id'];
$return['question_id'] = $row['question_id'];
@ -654,7 +654,7 @@ class survey_manager
// getting the information of the question options
$sql = "SELECT * FROM $table_survey_question_option WHERE question_id='".Database::escape_string($question_id)."' ORDER BY `sort` ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result,'ASSOC'))
{
/** @todo this should be renamed to options instead of answers */
@ -688,7 +688,7 @@ class survey_manager
// getting the information of the question
$sql = "SELECT * FROM $tbl_survey_question WHERE survey_id='".Database::escape_string($survey_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result,'ASSOC'))
{
$return[$row['question_id']]['survey_id'] = $row['survey_id'];
@ -703,7 +703,7 @@ class survey_manager
// getting the information of the question options
$sql = "SELECT * FROM $table_survey_question_option WHERE survey_id='".Database::escape_string($survey_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result,'ASSOC'))
{
$return[$row['question_id']]['answers'][] = $row['option_text'];
@ -787,7 +787,7 @@ class survey_manager
{
// finding the max sort order of the questions in the given survey
$sql = "SELECT max(sort) AS max_sort FROM $tbl_survey_question WHERE survey_id='".Database::escape_string($form_content['survey_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result,'ASSOC');
$max_sort = $row['max_sort'];
@ -818,7 +818,7 @@ class survey_manager
'".Database::escape_string($form_content['maximum_score'])."'".
$additional['value']."
)";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$question_id = Database::insert_id();
$form_content['question_id'] = $question_id;
$return_message = 'QuestionAdded';
@ -847,7 +847,7 @@ class survey_manager
max_value = '".Database::escape_string($form_content['maximum_score'])."'" .
$additionalsets."
WHERE question_id = '".Database::escape_string($form_content['question_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$return_message = 'QuestionUpdated';
}
// storing the options of the question
@ -890,7 +890,7 @@ class survey_manager
$sql = "SELECT max(sort) AS max_sort FROM $tbl_survey_question
WHERE survey_id='".Database::escape_string($survey_data['survey_share'])."'
AND code='".Database::escape_string($_course['id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result,'ASSOC');
$max_sort = $row['max_sort'];
@ -903,7 +903,7 @@ class survey_manager
'".Database::escape_string($form_content['horizontalvertical'])."',
'".Database::escape_string($max_sort+1)."',
'".Database::escape_string($_course['id'])."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$shared_question_id = Database::insert_id();
}
// updating an existing question
@ -916,7 +916,7 @@ class survey_manager
display = '".Database::escape_string($form_content['horizontalvertical'])."'
WHERE question_id = '".Database::escape_string($form_content['shared_question_id'])."'
AND code='".Database::escape_string($_course['id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$shared_question_id = $form_content['shared_question_id'];
}
@ -949,7 +949,7 @@ class survey_manager
// finding the two questions that needs to be swapped
$sql = "SELECT * FROM $table_survey_question WHERE survey_id='".Database::escape_string($survey_id)."' ORDER BY sort $sort";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$found = false;
while ($row = Database::fetch_array($result,'ASSOC'))
{
@ -968,9 +968,9 @@ class survey_manager
}
$sql1 = "UPDATE $table_survey_question SET sort = '".Database::escape_string($question_sort_two)."' WHERE question_id='".Database::escape_string($question_id_one)."'";
$result = api_sql_query($sql1, __FILE__, __LINE__);
$result = Database::query($sql1, __FILE__, __LINE__);
$sql2 = "UPDATE $table_survey_question SET sort = '".Database::escape_string($question_sort_one)."' WHERE question_id='".Database::escape_string($question_id_two)."'";
$result = api_sql_query($sql2, __FILE__, __LINE__);
$result = Database::query($sql2, __FILE__, __LINE__);
}
@ -995,7 +995,7 @@ class survey_manager
// deleting the survey questions
$sql = "DELETE from $table_survey_question WHERE survey_id='".Database::escape_string($survey_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
// deleting all the options of the questions of the survey
survey_manager::delete_all_survey_questions_options($survey_id, $shared);
@ -1028,7 +1028,7 @@ class survey_manager
// deleting the survey questions
$sql = "DELETE from $table_survey_question WHERE survey_id='".Database::escape_string($survey_id)."' AND question_id='".Database::escape_string($question_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
// deleting the options of the question of the survey
@ -1057,11 +1057,11 @@ class survey_manager
// deleting the survey questions
$sql = "DELETE FROM $table_survey_question WHERE question_id='".Database::escape_string($question_data['shared_question_id'])."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
// deleting the options of the question of the survey question
$sql = "DELETE FROM $table_survey_question_option WHERE question_id='".Database::escape_string($question_data['shared_question_id'])."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
}
/******************************************************************************************************
@ -1101,7 +1101,7 @@ class survey_manager
if (is_numeric($form_content['question_id']))
{
$sql = "DELETE FROM $table_survey_question_option WHERE question_id = '".Database::escape_string($form_content['question_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
$counter=1;
@ -1116,7 +1116,7 @@ class survey_manager
'".Database::escape_string($form_content['answers'][$i])."',
'".Database::escape_string($form_content['values'][$i])."',
'".Database::escape_string($counter)."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$counter++;
}
@ -1143,7 +1143,7 @@ class survey_manager
// we are editing a question so we first have to remove all the existing options from the database
$sql = "DELETE FROM $table_survey_question_option WHERE question_id = '".Database::escape_string($form_content['shared_question_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$counter = 1;
@ -1154,7 +1154,7 @@ class survey_manager
'".Database::escape_string($survey_data['is_shared'])."',
'".Database::escape_string($answer)."',
'".Database::escape_string($counter)."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$counter++;
}
}
@ -1189,7 +1189,7 @@ class survey_manager
// deleting the options of the survey questions
$sql = "DELETE from $table_survey_question_option WHERE survey_id='".Database::escape_string($survey_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
return true;
}
@ -1216,7 +1216,7 @@ class survey_manager
// deleting the options of the survey questions
$sql = "DELETE from $table_survey_question_option WHERE survey_id='".Database::escape_string($survey_id)."' AND question_id='".Database::escape_string($question_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
return true;
}
@ -1241,7 +1241,7 @@ class survey_manager
*/
function delete_all_survey_answers($survey_id) {
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER);
api_sql_query('DELETE FROM '.$table_survey_answer.' WHERE survey_id='.$survey_id,__FILE__,__LINE__);
Database::query('DELETE FROM '.$table_survey_answer.' WHERE survey_id='.$survey_id,__FILE__,__LINE__);
return true;
}
@ -1282,7 +1282,7 @@ class survey_manager
{
$sql = "SELECT DISTINCT user FROM $table_survey_answer WHERE survey_id= '".Database::escape_string($survey_data['survey_id'])."'";
}
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($res,'ASSOC'))
{
if ($all_user_info)
@ -1375,7 +1375,7 @@ class question
if($survey_data['survey_type']==1) {
$table_survey_question_group = Database::get_course_table(TABLE_SURVEY_QUESTION_GROUP);
$sql = 'SELECT id,name FROM '.$table_survey_question_group.' WHERE survey_id = '.(int)$_GET['survey_id'].' ORDER BY name';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
while($row = Database::fetch_array($rs,NUM)) {
$glist .= '<option value="'.$row[0].'" >'.$row[1].'</option>';
@ -1503,7 +1503,7 @@ class question
if ($message == 'QuestionAdded' || $message == 'QuestionUpdated' ) {
$sql='SELECT COUNT(*) FROM '.Database :: get_course_table(TABLE_SURVEY_QUESTION).' WHERE survey_id = '.(int)$_GET['survey_id'];
$res = Database :: fetch_array (api_sql_query($sql, __FILE__, __LINE__));
$res = Database :: fetch_array (Database::query($sql, __FILE__, __LINE__));
if ($config['survey']['debug']) {
Display :: display_header();
@ -2317,7 +2317,7 @@ class SurveyUtil {
// getting the information of the question
$sql = "SELECT * FROM $tbl_survey_question WHERE survey_id='".Database::escape_string($survey_id)."' ORDER BY sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$total = Database::num_rows($result);
$counter=1;
$error = false;
@ -2362,7 +2362,7 @@ class SurveyUtil {
WHERE user = '".Database::escape_string($user)."'
AND survey_id = '".Database::escape_string($survey_id)."'
AND question_id = '".Database::escape_string($question_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
/**
* This function stores an answer of a user on a question of a survey
@ -2404,7 +2404,7 @@ class SurveyUtil {
'".Database::escape_string($option_id)."',
'".Database::escape_string($option_value)."'
)";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
/**
* This function checks the parameters that are used in this page
@ -2550,10 +2550,10 @@ class SurveyUtil {
if (!empty($survey_id) && !empty($user_id)) {
// delete data from survey_answer by user_id and survey_id
$sql = "DELETE FROM $table_survey_answer WHERE survey_id = '".(int)$survey_id."' AND user = '".(int)$user_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
// update field answered from survey_invitation by user_id and survey_id
$sql = "UPDATE $table_survey_invitation SET answered = '0' WHERE survey_code = (SELECT code FROM $table_survey WHERE survey_id = '".(int)$survey_id."') AND user = '".(int)$user_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
if($result !== false) {
$message = get_lang('SurveyUserAnswersHaveBeenRemovedSuccessfully').'<br />
@ -2655,7 +2655,7 @@ class SurveyUtil {
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."'
ORDER BY survey_question.sort, survey_question_option.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result,'ASSOC'))
{
if($row['type'] <> 'pagebreak')
@ -2672,7 +2672,7 @@ class SurveyUtil {
// getting all the answers of the user
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id = '".Database::escape_string($_GET['survey_id'])."' AND user = '".Database::escape_string($_GET['user'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result,'ASSOC'))
{
$answers[$row['question_id']][] = $row['option_id'];
@ -2767,7 +2767,7 @@ class SurveyUtil {
// getting the question information
$sql = "SELECT * FROM $table_survey_question WHERE survey_id='".Database::escape_string($_GET['survey_id'])."' AND type<>'pagebreak' AND type<>'comment' ORDER BY sort ASC LIMIT ".$offset.",1";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$question = Database::fetch_array($result);
// navigate through the questions (next and previous)
@ -2804,7 +2804,7 @@ class SurveyUtil {
/** @todo also get the user who has answered this */
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
echo $row['option_id'].'<hr noshade="noshade" size="1" />';
@ -2818,7 +2818,7 @@ class SurveyUtil {
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
ORDER BY sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
$options[$row['question_option_id']] = $row;
@ -2828,7 +2828,7 @@ class SurveyUtil {
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
GROUP BY option_id, value";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
$number_of_answers += $row['total'];
@ -2895,7 +2895,7 @@ class SurveyUtil {
}
$sql = "SELECT user FROM $table_survey_answer WHERE option_id = '".Database::escape_string($_GET['viewoption'])."' $sql_restriction";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
echo '<a href="reporting.php?action=userreport&survey_id='.Security::remove_XSS($_GET['survey_id']).'&user='.$row['user'].'">'.$row['user'].'</a><br />';
@ -2920,7 +2920,7 @@ class SurveyUtil {
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
ORDER BY sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
$options[$row['question_option_id']] = $row;
@ -2931,7 +2931,7 @@ class SurveyUtil {
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
GROUP BY option_id, value";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
$number_of_answers += $row['total'];
@ -3048,7 +3048,7 @@ class SurveyUtil {
AND q.survey_id = '".Database::escape_string($_GET['survey_id'])."'
GROUP BY q.question_id
ORDER BY q.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
// we show the questions if
@ -3098,7 +3098,7 @@ class SurveyUtil {
ON sq.question_id = sqo.question_id
WHERE sq.survey_id = '".Database::escape_string($_GET['survey_id'])."'
ORDER BY sq.sort ASC, sqo.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
// we show the options if
@ -3123,7 +3123,7 @@ class SurveyUtil {
$old_user='';
$answers_of_user = array();
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id='".Database::escape_string($_GET['survey_id'])."' ORDER BY user ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
if ($old_user <> $row['user'] AND $old_user<>'')
@ -3170,7 +3170,7 @@ class SurveyUtil {
if(intval($user)!==0)
{
$sql = 'SELECT firstname, lastname FROM '.Database::get_main_table(TABLE_MAIN_USER).' WHERE user_id='.intval($user);
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
if($row = Database::fetch_array($rs))
{
$user_displayed = api_get_person_name($row['firstname'], $row['lastname']);
@ -3271,7 +3271,7 @@ class SurveyUtil {
." WHERE questions.survey_id = '".Database::escape_string($_GET['survey_id'])."'
GROUP BY questions.question_id "
." ORDER BY questions.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
// we show the questions if
@ -3318,7 +3318,7 @@ class SurveyUtil {
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."'
ORDER BY survey_question.sort ASC, survey_question_option.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$possible_answers = array();
$possible_answers_type = array();
while ($row = Database::fetch_array($result))
@ -3351,7 +3351,7 @@ class SurveyUtil {
$sql .= "ORDER BY user ASC";
$open_question_iterator = 1;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
if ($old_user <> $row['user'] AND $old_user <> '')
@ -3398,7 +3398,7 @@ class SurveyUtil {
if(intval($user)!==0)
{
$sql = 'SELECT firstname, lastname FROM '.Database::get_main_table(TABLE_MAIN_USER).' WHERE user_id='.intval($user);
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
if($row = Database::fetch_array($rs))
{
$user_displayed = api_get_person_name($row['firstname'], $row['lastname']);
@ -3512,7 +3512,7 @@ class SurveyUtil {
." WHERE questions.survey_id = '".Database::escape_string($_GET['survey_id'])."'
GROUP BY questions.question_id "
." ORDER BY questions.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
// we show the questions if
@ -3561,7 +3561,7 @@ class SurveyUtil {
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."'
ORDER BY survey_question.sort ASC, survey_question_option.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$possible_answers = array();
$possible_answers_type = array();
while ($row = Database::fetch_array($result))
@ -3597,7 +3597,7 @@ class SurveyUtil {
$open_question_iterator = 1;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
if ($old_user <> $row['user'] AND $old_user <> '')
@ -3655,7 +3655,7 @@ class SurveyUtil {
if(intval($user)!==0)
{
$sql = 'SELECT firstname, lastname FROM '.Database::get_main_table(TABLE_MAIN_USER).' WHERE user_id='.intval($user);
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
if($row = Database::fetch_array($rs))
{
$user_displayed = api_get_person_name($row['firstname'], $row['lastname']);
@ -3954,7 +3954,7 @@ class SurveyUtil {
WHERE survey_id='".Database::escape_string($survey_id)."'
AND question_id='".Database::escape_string($question_id)."'
ORDER BY USER ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
if ($row['value'] == 0)
@ -4041,7 +4041,7 @@ class SurveyUtil {
FROM $table_survey_invitation survey_invitation
LEFT JOIN $table_user user ON survey_invitation.user = user.user_id
WHERE survey_invitation.survey_id = '".Database::escape_string($_GET['survey_id'])."' AND session_id='".api_get_session_id()."' ";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($res))
{
$survey_invitation_data[] = $row;
@ -4065,7 +4065,7 @@ class SurveyUtil {
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$sql = "SELECT count(user) AS total FROM $table_survey_invitation WHERE survey_id='".Database::escape_string($_GET['survey_id'])."' AND session_id='".api_get_session_id()."' ";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($res,'ASSOC');
return $row['total'];
}
@ -4091,7 +4091,7 @@ class SurveyUtil {
}
$sql = "UPDATE $table_survey SET mail_subject='".Database::escape_string($mail_subject)."', $mail_field = '".Database::escape_string($mailtext)."' WHERE survey_id = '".Database::escape_string($_GET['survey_id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
/**
@ -4152,7 +4152,7 @@ class SurveyUtil {
if (!array_key_exists($value,$survey_invitations)) {
$sql = "INSERT INTO $table_survey_invitation (user, survey_code, invitation_code, invitation_date) VALUES
('".Database::escape_string($value)."','".Database::escape_string($survey_data['code'])."','".Database::escape_string($invitation_code)."','".Database::escape_string(date('Y-m-d H:i:s'))."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
}
// send the email if checkboxed
@ -4207,7 +4207,7 @@ class SurveyUtil {
if (is_numeric($invitedUser)) {
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT firstname, lastname, email FROM $table_user WHERE user_id='".Database::escape_string($invitedUser)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result);
$recipient_email = $row['email'];
$recipient_name = api_get_person_name($row['firstname'], $row['lastname'], null, PERSON_NAME_EMAIL_ADDRESS);
@ -4251,13 +4251,13 @@ class SurveyUtil {
// counting the number of people that are invited
$sql = "SELECT count(user) as total FROM $table_survey_invitation WHERE survey_code = '".Database::escape_string($survey_code)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result);
$total_invited = $row['total'];
// updating the field in the survey table
$sql = "UPDATE $table_survey SET invited = '".Database::escape_string($total_invited)."' WHERE code = '".Database::escape_string($survey_code)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
/**
@ -4288,7 +4288,7 @@ class SurveyUtil {
$defaults = array();
$defaults['course_users'] = array();
$defaults['additional_users'] = '';
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
if (is_numeric($row['user']))
@ -4324,7 +4324,7 @@ class SurveyUtil {
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$sql = "SELECT * FROM $table_survey_invitation WHERE survey_code = '".Database::escape_string($survey_code)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$return = array();
while ($row = Database::fetch_array($result))
{
@ -4580,7 +4580,7 @@ class SurveyUtil {
$search_restriction = 'WHERE '.$search_restriction;
}
$sql = "SELECT count(survey_id) AS total_number_of_items FROM ".$table_survey.' '.$search_restriction;
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$obj = Database::fetch_object($res);
return $obj->total_number_of_items;
}
@ -4594,7 +4594,7 @@ class SurveyUtil {
$search_restriction = 'WHERE '.$search_restriction;
}
$sql = "SELECT count(survey_id) AS total_number_of_items FROM ".$table_survey.' '.$search_restriction;
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$obj = Database::fetch_object($res);
return $obj->total_number_of_items;
*/
@ -4655,7 +4655,7 @@ class SurveyUtil {
$sql .= " GROUP BY survey.survey_id";
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$surveys = array ();
while ($survey = Database::fetch_array($res))
{
@ -4716,7 +4716,7 @@ class SurveyUtil {
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$surveys = array ();
while ($survey = Database::fetch_array($res))
{
@ -4748,7 +4748,7 @@ class SurveyUtil {
$all_question_id=array();
$sql='SELECT question_id from '.$table_survey_question;
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
while($row=Database::fetch_array($result,'ASSOC')) {
$all_question_id[]=$row;
@ -4757,7 +4757,7 @@ class SurveyUtil {
$count=0;
for ($i=0;$i<count($all_question_id);$i++) {
$sql='SELECT COUNT(*) as count FROM '.$table_survey_answer.' WHERE question_id='.Database::escape_string($all_question_id[$i]['question_id']).' AND user='.api_get_user_id();
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
while($row=Database::fetch_array($result,'ASSOC')) {
if ($row['count'] == 0) {
$count++;
@ -4781,13 +4781,13 @@ class SurveyUtil {
AND survey.avail_from <= '".date('Y-m-d H:i:s')."'
AND survey.avail_till >= '".date('Y-m-d H:i:s')."'
";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$counter = 0;
while ($row = Database::fetch_array($result,'ASSOC')) {
// get the user into survey answer table (user or anonymus)
$sql = "SELECT user FROM $table_survey_answer
WHERE survey_id = (SELECT survey_id from $table_survey WHERE code ='".Database::escape_string($row['code'])."')";
$result_answer = api_sql_query($sql, __FILE__, __LINE__);
$result_answer = Database::query($sql, __FILE__, __LINE__);
$row_answer = Database::fetch_array($result_answer,'ASSOC');
echo '<tr>';
if ($row['answered'] == 0)
@ -5078,9 +5078,9 @@ class SurveyUtil {
$sql2='SELECT COUNT(*) as count FROM '.$table_survey.' s INNER JOIN '.$table_survey_question.' q ON s.survey_id=q.survey_id WHERE s.code="'.$survey_code.'" AND q.type NOT IN("pagebreak","comment")';
$sql3='SELECT COUNT(DISTINCT question_id) as count FROM '.$table_survey_answer.' WHERE survey_id=(SELECT survey_id FROM '.$table_survey.' WHERE code="'.$survey_code.'") AND user="'.$user_answer.'" ';
$result=api_sql_query($sql,__FILE__,__LINE__);
$result2=api_sql_query($sql2,__FILE__,__LINE__);
$result3=api_sql_query($sql3,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$result2=Database::query($sql2,__FILE__,__LINE__);
$result3=Database::query($sql3,__FILE__,__LINE__);
$row=Database::fetch_array($result,'ASSOC');
$row2=Database::fetch_array($result2,'ASSOC');

14
main/survey/survey.php
Unescape View File

@ -76,12 +76,12 @@ if($is_survey_type_1 && ($_GET['action']=='addgroup')||($_GET['action']=='delete
{
if(!empty($_POST['group_id']))
{
api_sql_query('UPDATE '.$table_survey_question_group.' SET description = \''.Database::escape_string($_POST['description']).'\' WHERE id = \''.Database::escape_string($_POST['group_id']).'\'');
Database::query('UPDATE '.$table_survey_question_group.' SET description = \''.Database::escape_string($_POST['description']).'\' WHERE id = \''.Database::escape_string($_POST['group_id']).'\'');
$sendmsg = 'GroupUpdatedSuccessfully';
}
elseif(!empty($_POST['name']))
{
api_sql_query('INSERT INTO '.$table_survey_question_group.' (name,description,survey_id) values (\''.Database::escape_string($_POST['name']).'\',\''.Database::escape_string($_POST['description']).'\',\''.Database::escape_string($survey_id).'\') ');
Database::query('INSERT INTO '.$table_survey_question_group.' (name,description,survey_id) values (\''.Database::escape_string($_POST['name']).'\',\''.Database::escape_string($_POST['description']).'\',\''.Database::escape_string($survey_id).'\') ');
$sendmsg = 'GroupCreatedSuccessfully';
} else {
$sendmsg = 'GroupNeedName';
@ -89,7 +89,7 @@ if($is_survey_type_1 && ($_GET['action']=='addgroup')||($_GET['action']=='delete
}
if($_GET['action']=='deletegroup'){
api_sql_query('DELETE FROM '.$table_survey_question_group.' WHERE id = '.Database::escape_string($_GET['gid']).' and survey_id = '.Database::escape_string($survey_id));
Database::query('DELETE FROM '.$table_survey_question_group.' WHERE id = '.Database::escape_string($_GET['gid']).' and survey_id = '.Database::escape_string($survey_id));
$sendmsg = 'GroupDeletedSuccessfully';
}
@ -176,7 +176,7 @@ echo ' </tr>';
// Displaying the table contents with all the questions
$question_counter = 1;
$sql = "SELECT * FROM $table_survey_question_group WHERE survey_id = '".Database::escape_string($survey_id)."' ORDER BY id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$groups = array();
while($row = Database::fetch_array($result)) {
$groups[$row['id']] = $row['name'];
@ -188,7 +188,7 @@ $sql = "SELECT survey_question.*, count(survey_question_option.question_option_i
WHERE survey_question.survey_id = '".Database::escape_string($survey_id)."'
GROUP BY survey_question.question_id
ORDER BY survey_question.sort ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$question_counter_max = Database::num_rows($result);
while ($row = Database::fetch_array($result,'ASSOC')) {
echo '<tr>';
@ -256,7 +256,7 @@ if($is_survey_type_1)
echo '<form action="survey.php?action=addgroup&survey_id='.$survey_id.'" method="post">';
if($_GET['action']=='editgroup') {
$sql = 'SELECT name,description FROM '.$table_survey_question_group.' WHERE id = '.Database::escape_string($_GET['gid']).' AND survey_id = '.Database::escape_string($survey_id).' limit 1';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
$editedrow = Database::fetch_array($rs,'ASSOC');
echo '<input type="text" maxlength="20" name="name" value="'.$editedrow['name'].'" size="10" disabled>';
@ -279,7 +279,7 @@ if($is_survey_type_1)
$sql = 'SELECT id,name,description FROM '.$table_survey_question_group.' WHERE survey_id = '.Database::escape_string($survey_id).' ORDER BY name';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
while($row = Database::fetch_array($rs,ASSOC)){
$grouplist .= '<tr><td>'.$row['name'].'</td><td>'.$row['description'].'</td><td>'.
'<a href="survey.php?survey_id='.$survey_id.'&gid='.$row['id'].'&action=editgroup">'.

2
main/survey/survey_invitation.php
Unescape View File

@ -141,7 +141,7 @@ echo ' </tr>';
$sql = "SELECT survey_invitation.*, user.firstname, user.lastname, user.email FROM $table_survey_invitation survey_invitation
LEFT JOIN $table_user user ON survey_invitation.user = user.user_id
WHERE survey_invitation.survey_code = '".Database::escape_string($survey_data['code'])."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
while ($row = mysql_fetch_assoc($res))
{
if (!$_GET['view'] OR $_GET['view'] == 'invited' OR ($_GET['view'] == 'answered' AND in_array($row['user'], $answered_data)) OR ($_GET['view'] == 'unanswered' AND !in_array($row['user'], $answered_data)))

2
main/survey/survey_invite.php
Unescape View File

@ -93,7 +93,7 @@ Display::display_header($tool_name,'Survey');
// checking if there is another survey with this code.
// If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_data['code'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) > 1)
{
Display::display_warning_message(get_lang('IdenticalSurveycodeWarning'));

14
main/tracking/courseLog.php
Unescape View File

@ -65,7 +65,7 @@ if (!empty($_GET['scormcontopen'])) {
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$contopen = (int) $_GET['scormcontopen'];
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$contopen;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$row = Database::fetch_array($res);
$lp_charset = $row['default_encoding'];
}
@ -226,7 +226,7 @@ if ($_GET['studentlist'] == 'false') {
$sql = "SELECT id, title
FROM $TABLEQUIZ WHERE active <> -1";
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
if ($export_csv) {
$temp = array(get_lang('AverageProgressInLearnpath'), '');
@ -238,7 +238,7 @@ if ($_GET['studentlist'] == 'false') {
// gets course actual administrators
$sql = "SELECT user.user_id FROM $table_user user, $TABLECOURSUSER course_user
WHERE course_user.user_id=user.user_id AND course_user.course_code='".api_get_course_id()."' AND course_user.status <> '1' ";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$student_ids = array();
@ -259,7 +259,7 @@ if ($_GET['studentlist'] == 'false') {
AND orig_lp_id = 0
AND orig_lp_item_id = 0
ORDER BY exe_date DESC';
$rsAttempt = api_sql_query($sql, __FILE__, __LINE__);
$rsAttempt = Database::query($sql, __FILE__, __LINE__);
$nb_attempts = 0;
$avg_student_score = 0;
while ($attempt = Database::fetch_array($rsAttempt)) {
@ -352,7 +352,7 @@ if ($_GET['studentlist'] == 'false') {
GROUP BY access_tool
ORDER BY count_access_tool DESC
LIMIT 0, 3";
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
if ($export_csv) {
$temp = array(get_lang('ToolsMostUsed'), '');
@ -396,7 +396,7 @@ if ($_GET['studentlist'] == 'false') {
GROUP BY down_doc_path
ORDER BY count_down DESC
LIMIT 0, $num";
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
if ($export_csv) {
$temp = array(get_lang('DocumentsMostDownloaded', ''), '');
@ -442,7 +442,7 @@ if ($_GET['studentlist'] == 'false') {
GROUP BY cl.title, cl.url
ORDER BY count_visits DESC
LIMIT 0, 3";
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
if ($export_csv) {
$temp = array(get_lang('LinksMostClicked'),'');

8
main/tracking/courseLogCSV.php
Unescape View File

@ -58,7 +58,7 @@ if ($_GET['scormcontopen'])
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$contopen = (int) $_GET['scormcontopen'];
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$contopen;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$row = Database::fetch_array($res);
$lp_charset = $row['default_encoding'];
//header('Content-Type: text/html; charset='. $row['default_encoding']);
@ -427,7 +427,7 @@ if($is_allowedToTrack && $_configuration['tracking_enabled'])
$sql = "SELECT id, name
FROM $tbl_learnpath_main";
//WHERE dokeosCourse='$_cid'"; we are using a table inside the course now, so no need for course id
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$ar=Database::fetch_array($result);
@ -451,7 +451,7 @@ if($is_allowedToTrack && $_configuration['tracking_enabled'])
"ON u.user_id = sd.user_id " .
"WHERE sd.lp_id=$contentId group by u.user_id";
//error_log($sql2,0);
$result2=api_sql_query($sql2,__FILE__,__LINE__);
$result2=Database::query($sql2,__FILE__,__LINE__);
if(mysql_num_rows($result2)>0){
@ -481,7 +481,7 @@ if($is_allowedToTrack && $_configuration['tracking_enabled'])
"INNER JOIN $tbl_learnpath_item_view iv ON i.id=iv.lp_item_id " .
"INNER JOIN $tbl_learnpath_view v ON iv.lp_view_id=v.id " .
"WHERE (v.user_id=$studentId and v.lp_id=$contentId) ORDER BY v.id, i.id";
$result3=api_sql_query($sql3,__FILE__,__LINE__);
$result3=Database::query($sql3,__FILE__,__LINE__);
$ar3=Database::fetch_array($result3);
$title_line .= get_lang('ScormTitleColumn').";".get_lang('ScormStatusColumn').";".get_lang('ScormScoreColumn').";".get_lang('ScormTimeColumn');
while ($ar3['status'] != '') {

2
main/tracking/logins_details.php
Unescape View File

@ -116,7 +116,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
AND `gu`.`group_id` = '$_gid'
AND `u`.`user_id` = '$uInfo'";
}
$query = api_sql_query($sql,__FILE__,__LINE__);
$query = Database::query($sql,__FILE__,__LINE__);
$res = @mysql_fetch_array($query);
if(is_array($res))
{

10
main/tracking/userLog.php
Unescape View File

@ -77,7 +77,7 @@ if (isset($_GET['scormcontopen'])) {
if (is_numeric($contopen)) {
$contopen = intval($contopen);
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$contopen;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$row = Database::fetch_array($res);
$lp_charset = $row['default_encoding'];
}
@ -147,7 +147,7 @@ if(api_get_setting('use_session_mode') == "true") {
OR (date_start='0000-00-00' AND date_end='0000-00-00'))
WHERE id_session='".$_SESSION['id_session']."' AND course_code='$_cid'";
//echo $sql;
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
if(!mysql_num_rows($result)){
$disabled = true;
}
@ -679,7 +679,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
WHERE gu.user_id = u.user_id`
AND gu.group_id = '".Database::escape_string($_gid)."'
AND u.user_id = '".Database::escape_string($uInfo)."'";
$query = api_sql_query($sql,__FILE__,__LINE__);
$query = Database::query($sql,__FILE__,__LINE__);
$tracked_user_info = @mysql_fetch_assoc($query);
if(is_array($tracked_user_info)) $tracking_is_accepted = true;
}
@ -743,7 +743,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
</tr>";
$sql = "SELECT id, name FROM $tbl_learnpath_main";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$ar=Database::fetch_array($result);
echo "<tr><td style='padding-left : 40px;padding-right : 40px;'>";
@ -765,7 +765,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
"INNER JOIN $tbl_learnpath_item_view iv ON i.id=iv.lp_item_id " .
"INNER JOIN $tbl_learnpath_view v ON iv.lp_view_id=v.id " .
"WHERE (v.user_id=".Database::escape_string($uInfo)." and v.lp_id=$contentId) ORDER BY v.id, i.id";
$result3=api_sql_query($sql3,__FILE__,__LINE__);
$result3=Database::query($sql3,__FILE__,__LINE__);
$ar3=Database::fetch_array($result3);
if (is_array($ar3)) {
echo "<tr><td>&nbsp;&nbsp;&nbsp;</td>

10
main/tracking/userlogCSV.php
Unescape View File

@ -79,7 +79,7 @@ if ($_GET['scormcontopen'])
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$contopen = (int) $_GET['scormcontopen'];
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$contopen;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$row = Database::fetch_array($res);
$lp_charset = $row['default_encoding'];
//header('Content-Type: text/html; charset='. $row['default_encoding']);
@ -138,7 +138,7 @@ if(api_get_setting('use_session_mode') == "true") {
OR (date_start='0000-00-00' AND date_end='0000-00-00'))
WHERE id_session='".$_SESSION['id_session']."' AND course_code='$_cid'";
//echo $sql;
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
if(!mysql_num_rows($result)){
$disabled = true;
}
@ -559,7 +559,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
WHERE `gu`.`user_id` = `u`.`user_id`
AND `gu`.`group_id` = '$_gid'
AND `u`.`user_id` = '$uInfo'";
$query = api_sql_query($sql,__FILE__,__LINE__);
$query = Database::query($sql,__FILE__,__LINE__);
$tracked_user_info = @mysql_fetch_assoc($query);
if(is_array($tracked_user_info)) $tracking_is_accepted = true;
@ -610,7 +610,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
$title[1]=myEnc(get_lang('ScormContentColumn'));
$line ='';
$sql = "SELECT id, name FROM $tbl_learnpath_main";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$ar=Database::fetch_array($result);
if (is_array($ar))
@ -627,7 +627,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
"INNER JOIN $tbl_learnpath_item_view iv ON i.id=iv.lp_item_id " .
"INNER JOIN $tbl_learnpath_view v ON iv.lp_view_id=v.id " .
"WHERE (v.user_id=$uInfo and v.lp_id=$contentId) ORDER BY v.id, i.id";
$result3=api_sql_query($sql3,__FILE__,__LINE__);
$result3=Database::query($sql3,__FILE__,__LINE__);
$ar3=Database::fetch_array($result3);
if (is_array($ar3)) {
$title_line=myEnc(get_lang('ScormTitleColumn')).";".myEnc(get_lang('ScormStatusColumn')).";".myEnc(get_lang('ScormScoreColumn')).";".myEnc(get_lang('ScormTimeColumn'))."\n";

2
main/upload/upload.document.php
Unescape View File

@ -86,7 +86,7 @@ if(isset($_FILES['user_upload']))
$ct = '';
if ($new_comment) $ct .= ", comment='$new_comment'";
if ($new_title) $ct .= ", title='$new_title'";
api_sql_query("UPDATE $table_document SET" . substr($ct, 1) .
Database::query("UPDATE $table_document SET" . substr($ct, 1) .
" WHERE id = '$docid'", __FILE__, __LINE__);
}
//check for missing images in html files

4
main/user/class.php
Unescape View File

@ -120,7 +120,7 @@ function get_number_of_classes()
$keyword = mysql_real_escape_string($_GET['keyword']);
$sql .= " AND (c.name LIKE '%".$keyword."%')";
}
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$result = mysql_num_rows($res);
return $result;
}
@ -152,7 +152,7 @@ function get_class_data($from, $number_of_items, $column, $direction)
$sql .= " GROUP BY c.id, c.name ";
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$classes = array ();
while ($class = mysql_fetch_row($res))
{

8
main/user/subscribe_class.php
Unescape View File

@ -116,7 +116,7 @@ function get_number_of_classes()
$class_table = Database :: get_main_table(TABLE_MAIN_CLASS);
$course_class_table = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$sql = "SELECT * FROM $course_class_table WHERE course_code = '".$_SESSION['_course']['id']."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$subscribed_classes = array();
while($obj = mysql_fetch_object($res))
{
@ -132,7 +132,7 @@ function get_number_of_classes()
{
$sql .= " AND c.id NOT IN ('".implode("','",$subscribed_classes)."')";
}
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$result = mysql_num_rows($res);
return $result;
}
@ -145,7 +145,7 @@ function get_class_data($from, $number_of_items, $column, $direction)
$course_class_table = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$class_user_table = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$sql = "SELECT * FROM $course_class_table WHERE course_code = '".$_SESSION['_course']['id']."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$subscribed_classes = array();
while($obj = mysql_fetch_object($res))
{
@ -172,7 +172,7 @@ function get_class_data($from, $number_of_items, $column, $direction)
$sql .= " GROUP BY c.id, c.name ";
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$classes = array ();
while ($class = mysql_fetch_row($res))
{

4
main/user/subscribe_user.php
Unescape View File

@ -243,7 +243,7 @@ function get_number_of_users() {
$keyword = Database::escape_string($_REQUEST['keyword']);
$sql .= " AND (firstname LIKE '%".$keyword."%' OR lastname LIKE '%".$keyword."%' OR email LIKE '%".$keyword."%' OR username LIKE '%".$keyword."%' OR official_code LIKE '%".$keyword."%')";
}
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$result = Database::num_rows($res);
return $result;
}
@ -375,7 +375,7 @@ function get_user_data($from, $number_of_items, $column, $direction) {
}
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$users = array ();
while ($user = Database::fetch_row($res)) {
$users[] = $user;

38
main/user/userInfoLib.php
Unescape View File

@ -55,7 +55,7 @@ function create_cat_def($title="", $comment="", $nbline="5")
}
$sql = "SELECT MAX(rank) as maxRank FROM ".$TBL_USERINFO_DEF;
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if ($result) $maxRank = Database::fetch_array($result);
$maxRank = $maxRank['maxRank'];
@ -68,7 +68,7 @@ function create_cat_def($title="", $comment="", $nbline="5")
line_count = '$nbline',
rank = '$thisRank'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
return true;
}
@ -103,7 +103,7 @@ function edit_cat_def($id, $title, $comment, $nbline)
comment = '$comment',
line_count = '$nbline'
WHERE id = '$id'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
return true;
}
@ -136,7 +136,7 @@ function remove_cat_def($id, $force = false)
if ($force == false)
{
$sql = "SELECT * FROM $TBL_USERINFO_CONTENT $sqlCondition";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if ( Database::num_rows($result) > 0)
{
@ -144,7 +144,7 @@ function remove_cat_def($id, $force = false)
}
}
$sql = "DELETE FROM $TBL_USERINFO_DEF $sqlCondition";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
/**
@ -172,7 +172,7 @@ function move_cat_rank($id, $direction) // up & down.
}
$sql = "SELECT rank FROM $TBL_USERINFO_DEF WHERE id = '$id'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) < 1)
{
@ -222,7 +222,7 @@ function move_cat_rank_by_rank($rank, $direction) // up & down.
$sql = "SELECT id, rank FROM ".$TBL_USERINFO_DEF." WHERE rank $compOp $rank
ORDER BY rank $sort LIMIT 2";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) < 2)
{
@ -237,8 +237,8 @@ function move_cat_rank_by_rank($rank, $direction) // up & down.
$sql2 = "UPDATE ".$TBL_USERINFO_DEF." SET rank ='".$thisCat['rank'].
"' WHERE id = '".$nextCat['id']."'";
api_sql_query($sql1,__FILE__,__LINE__);
api_sql_query($sql2,__FILE__,__LINE__);
Database::query($sql1,__FILE__,__LINE__);
Database::query($sql2,__FILE__,__LINE__);
return true;
}
@ -271,7 +271,7 @@ function update_user_course_properties($user_id, $course_code, $properties)
WHERE user_id = '".$user_id."'
AND course_code = '".$course_code."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (mysql_affected_rows() > 0)
{
@ -333,7 +333,7 @@ function fill_new_cat_content($definition_id, $user_id, $content="", $user_ip=""
WHERE definition_id = '$definition_id'
AND user_id = '$user_id'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0)
{
@ -347,7 +347,7 @@ function fill_new_cat_content($definition_id, $user_id, $content="", $user_ip=""
editor_ip = '$user_ip',
edition_time = now()";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
return true;
}
@ -391,7 +391,7 @@ function edit_cat_content($definition_id, $user_id, $content ="", $user_ip="")
edition_time = now()
WHERE definition_id = '$definition_id' AND user_id = '$user_id'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
return true;
}
@ -420,7 +420,7 @@ function cleanout_cat_content($user_id, $definition_id)
$sql = "DELETE FROM ".$TBL_USERINFO_CONTENT."
WHERE user_id = '$user_id' AND definition_id = '$definition_id'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
return true;
}
@ -451,7 +451,7 @@ function get_course_user_info($user_id)
ON cat.id = content.definition_id AND content.user_id = '$user_id'
ORDER BY cat.rank, content.id";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0)
{
@ -497,7 +497,7 @@ function get_main_user_info($user_id, $courseCode)
AND u.user_id = '$user_id'
AND cu.course_code = '$courseCode'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0)
{
@ -535,7 +535,7 @@ function get_cat_content($userId, $catId)
ON cat.id = content.definition_id
AND content.user_id = '$userId'
WHERE cat.id = '$catId' ";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0)
{
@ -563,7 +563,7 @@ function get_cat_def($catId)
$catId = strval(intval($catId));
$sql = "SELECT id, title, comment, line_count, rank FROM ".$TBL_USERINFO_DEF." WHERE id = '$catId'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0)
{
@ -593,7 +593,7 @@ function get_cat_def_list()
FROM ".$TBL_USERINFO_DEF."
ORDER BY rank";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0)
{

6
main/user/user_add.php
Unescape View File

@ -91,7 +91,7 @@ if($register)
if($dataChecked)
{
$result=api_sql_query("SELECT user_id,
$result=Database::query("SELECT user_id,
(username='$username_form') AS loginExists,
(lastname='$lastname_form' AND firstname='$firstname_form' AND email='$email_form') AS userExists
FROM $tbl_user
@ -146,7 +146,7 @@ if($register)
//if ($userPasswordCrypted) $pw = md5($password_form);
//else $pw = $password_form;
$pw = api_get_encrypted_password($password_form);
$result = api_sql_query("INSERT INTO $tbl_user
$result = Database::query("INSERT INTO $tbl_user
SET lastname = '$lastname_form',
firstname = '$firstname_form',
username = '$username_form',
@ -179,7 +179,7 @@ if($register)
* if 0, the user is already registered to the course
*/
if (api_sql_query("INSERT INTO $tbl_courseUser
if (Database::query("INSERT INTO $tbl_courseUser
SET user_id = '$userId',
course_code = '$currentCourseID',
status = '$admin_form',

2
main/work/download.php
Unescape View File

@ -51,7 +51,7 @@ event_download($doc_url);
$sql='SELECT title FROM '.$tbl_student_publication.'
WHERE url LIKE BINARY "'.$doc_url.'"';
$result= api_sql_query($sql, __FILE__, __LINE__);
$result= Database::query($sql, __FILE__, __LINE__);
$row= Database::fetch_array($result);
$title = str_replace(' ','_', $row['title']);
DocumentManager::file_send_for_download($full_file_name,TRUE, $title);

8
main/work/downloadfolder.inc.php
Unescape View File

@ -68,7 +68,7 @@ if (is_allowed_to_edit()) {
}
//search for all files that are not deleted => visibility != 2
$query = api_sql_query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$querypath."/%' AND work.filetype='file' AND props.visibility<>'2'",__FILE__,__LINE__);
$query = Database::query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$querypath."/%' AND work.filetype='file' AND props.visibility<>'2'",__FILE__,__LINE__);
//add tem to the zip file
while ($not_deleted_file = mysql_fetch_assoc($query)) { //var_dump($sys_course_path.$_course['path']."/".$not_deleted_file['url']);exit();
$zip_folder->add($sys_course_path.$_course['path']."/".$not_deleted_file['url'],PCLZIP_OPT_REMOVE_PATH, $sys_course_path.$_course['path']."/work".$remove_dir);
@ -86,21 +86,21 @@ else
//big problem: visible files that are in a hidden folder are included when we do a query for visiblity='v'!!!
//so... I do it in a couple of steps:
//1st: get all files that are visible in the given path
$query = api_sql_query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$querypath."/%' AND work.filetype='file' AND props.visibility='1' AND props.lastedit_user_id='".api_get_user_id()."'",__FILE__,__LINE__);
$query = Database::query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$querypath."/%' AND work.filetype='file' AND props.visibility='1' AND props.lastedit_user_id='".api_get_user_id()."'",__FILE__,__LINE__);
//add them to an array
$all_visible_files_path = array();
while ($all_visible_files = mysql_fetch_assoc($query)) {
$all_visible_files_path[] = $all_visible_files['url'];
}
//2nd: get all folders that are invisible in the given path
$query2 = api_sql_query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$querypath."/%' AND work.filetype='file' AND props.visibility<>'1' AND props.lastedit_user_id='".api_get_user_id()."'",__FILE__,__LINE__);
$query2 = Database::query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$querypath."/%' AND work.filetype='file' AND props.visibility<>'1' AND props.lastedit_user_id='".api_get_user_id()."'",__FILE__,__LINE__);
//if we get invisible folders, we have to filter out these results from all visible files we found
if (Database::num_rows($query2)>0) {
//add tem to an array
while ($invisible_folders = mysql_fetch_assoc($query2)) {
//3rd: get all files that are in the found invisible folder (these are "invisible" too)
$query3 = api_sql_query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$invisible_folders['path']."/%' AND work.filetype='file' AND props.visibility='1' AND props.lastedit_user_id='".api_get_user_id()."'",__FILE__,__LINE__);
$query3 = Database::query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$invisible_folders['path']."/%' AND work.filetype='file' AND props.visibility='1' AND props.lastedit_user_id='".api_get_user_id()."'",__FILE__,__LINE__);
//add tem to an array
while ($files_in_invisible_folder = mysql_fetch_assoc($query3)) {
$files_in_invisible_folder_path[] = $files_in_invisible_folder['url'];

68
main/work/work.lib.php
Unescape View File

@ -61,7 +61,7 @@ function display_action_links($cur_dir_path, $always_show_tool_options, $always_
// make all files visible or invisible
$work_table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$sql_query = "SHOW COLUMNS FROM ".$work_table." LIKE 'accepted'";
$sql_result = api_sql_query($sql_query,__FILE__,__LINE__);
$sql_result = Database::query($sql_query,__FILE__,__LINE__);
if ($sql_result) {
$columnStatus = Database::fetch_array($sql_result);
@ -161,7 +161,7 @@ function display_user_link($user_id, $name='')
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$sql="SELECT * FROM $table_user WHERE user_id='".Database::escape_string($user_id)."'";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$row=Database::fetch_array($result);
if ($name=='') {
return "<a href=\"../user/userInfo.php?cidReq=".api_get_course_id()."&gradebook=$gradebook&origin=&uInfo=".$row['user_id']."\">".api_get_person_name($row['firstname'], $row['lastname'])."</a>";
@ -306,8 +306,8 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
}
$sql_result = api_sql_query($sql_get_publications_list,__FILE__,__LINE__);
$sql_result_num = api_sql_query($sql_get_publications_num,__FILE__,__LINE__);
$sql_result = Database::query($sql_get_publications_list,__FILE__,__LINE__);
$sql_result_num = Database::query($sql_get_publications_num,__FILE__,__LINE__);
$row=Database::fetch_array($sql_result_num);
$count_files=$row[0];
@ -386,7 +386,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
$sql_select_directory.=" work.post_group_id = '0' ";
}
$sql_select_directory.=" AND work.url LIKE BINARY '".$mydir_temp."' AND work.filetype = 'folder' AND prop.tool='work' $session_condition";
$result=api_sql_query($sql_select_directory,__FILE__,__LINE__);
$result=Database::query($sql_select_directory,__FILE__,__LINE__);
$row=Database::fetch_array($result);
@ -407,7 +407,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
// form edit directory
if(isset($clean_edit_dir) && $clean_edit_dir==$mydir) {
if(!empty($row['has_properties'])) {
$sql = api_sql_query('SELECT * FROM '.$work_assigment.' WHERE id = '."'".$row['has_properties']."'".' LIMIT 1',__FILE__,__LINE__);
$sql = Database::query('SELECT * FROM '.$work_assigment.' WHERE id = '."'".$row['has_properties']."'".' LIMIT 1',__FILE__,__LINE__);
$homework = Database::fetch_array($sql);
}
@ -491,31 +491,31 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
if($there_is_a_end_date == true || $there_is_a_expire_date == true) {
if($row['view_properties']=='1') {
$sql_add_publication = "UPDATE ".$work_table." SET has_properties = '".$row['has_properties']. "', view_properties=1 where id ='".$row['id']."'";
api_sql_query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication, __FILE__, __LINE__);
$expires_query= ' SET expires_on = '."'".(($there_is_a_expire_date == true)?get_date_from_group('expires'):'0000-00-00 00:00:00')."'".',';
$ends_query = ' ends_on = '."'".(($there_is_a_end_date == true) ? get_date_from_group('ends') : '0000-00-00 00:00:00')."'";
api_sql_query('UPDATE '.$work_assigment.$expires_query.$ends_query.' WHERE id = '."'".$row['has_properties']."'",__FILE__,__LINE__);
Database::query('UPDATE '.$work_assigment.$expires_query.$ends_query.' WHERE id = '."'".$row['has_properties']."'",__FILE__,__LINE__);
} else if($row['view_properties']=='0') {
if ($_POST['enableExpiryDate']=='1') {
$expires_query= ' SET expires_on = '."'".(($there_is_a_expire_date == true)?get_date_from_group('expires'):'0000-00-00 00:00:00')."'";
//$ends_query = ' ends_on = '."'".(($there_is_a_end_date == true) ? get_date_from_group('ends') : '0000-00-00 00:00:00')."'";
api_sql_query('UPDATE '.$work_assigment.$expires_query.' WHERE id = '."'".$row['has_properties']."'",__FILE__,__LINE__);
Database::query('UPDATE '.$work_assigment.$expires_query.' WHERE id = '."'".$row['has_properties']."'",__FILE__,__LINE__);
$sql_add_publication = "UPDATE ".$work_table." SET has_properties = '".$row['has_properties']. "', view_properties=1 where id ='".$row['id']."'";
api_sql_query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication, __FILE__, __LINE__);
}
if ($_POST['enableEndDate']=='1') {
//$expires_query= ' SET expires_on = '."'".(($there_is_a_expire_date == true)?get_date_from_group('expires'):'0000-00-00 00:00:00')."'".',';
$ends_query = ' SET ends_on = '."'".(($there_is_a_end_date == true) ? get_date_from_group('ends') : '0000-00-00 00:00:00')."'";
api_sql_query('UPDATE '.$work_assigment.$ends_query.' WHERE id = '."'".$row['has_properties']."'",__FILE__,__LINE__);
Database::query('UPDATE '.$work_assigment.$ends_query.' WHERE id = '."'".$row['has_properties']."'",__FILE__,__LINE__);
$sql_add_publication = "UPDATE ".$work_table." SET has_properties = '".$row['has_properties']. "', view_properties=1 where id ='".$row['id']."'";
api_sql_query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication, __FILE__, __LINE__);
}
}
}
//if($_POST['qualification']['qualification']!='')
api_sql_query('UPDATE '.$work_table.' SET description = '."'".Database::escape_string(Security::remove_XSS($_POST['description']))."'".', qualification = '."'".Database::escape_string($_POST['qualification']['qualification'])."'".' WHERE id = '."'".$row['id']."'",__FILE__,__LINE__);
//api_sql_query('UPDATE '.Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK).' SET weight = '."'".Database::escape_string($_POST['qualification']['qualification'])."'".' WHERE course_code = '."'".api_get_course_id()."'".' AND ref_id = '."'".$row['id']."'".'',__FILE__,__LINE__);
Database::query('UPDATE '.$work_table.' SET description = '."'".Database::escape_string(Security::remove_XSS($_POST['description']))."'".', qualification = '."'".Database::escape_string($_POST['qualification']['qualification'])."'".' WHERE id = '."'".$row['id']."'",__FILE__,__LINE__);
//Database::query('UPDATE '.Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK).' SET weight = '."'".Database::escape_string($_POST['qualification']['qualification'])."'".' WHERE course_code = '."'".api_get_course_id()."'".' AND ref_id = '."'".$row['id']."'".'',__FILE__,__LINE__);
Display::display_confirmation_message(get_lang('FolderEdited'));
@ -531,7 +531,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
// gets calendar_id from student_publication_assigment
$sql = "SELECT add_to_calendar FROM $work_assigment WHERE publication_id ='".$row['id']."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$calendar_id = Database::fetch_row($res);
// update from agenda if it exists
if (!empty($calendar_id[0])) {
@ -540,7 +540,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
content = '".$dir_name."',
end_date='".get_date_from_group('ends')."'
WHERE id='".$calendar_id[0]."'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
@ -564,7 +564,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT course_user.user_id FROM $table_user user, $table_course_user course_user
WHERE course_user.user_id=user.user_id AND course_user.course_code='".api_get_course_id()."' AND course_user.status='1'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$admin_course = '';
while($row_admin = Database::fetch_row($res)) {
$admin_course .='\''.$row_admin[0].'\',';
@ -572,12 +572,12 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
$sql_document = "SELECT count(*) FROM $work_table s, $iprop_table p WHERE s.id = p.ref AND p.tool='work' AND lastedit_user_id IN(".$admin_course.'\''.api_get_user_id().'\''.") AND s.accepted='1' AND url NOT LIKE '".$sub_course_dir.$dir."/%/%' AND url LIKE '".$sub_course_dir.$dir."/%'";
}
//count documents
$res_document = api_sql_query($sql_document,__FILE__,__LINE__);
$res_document = Database::query($sql_document,__FILE__,__LINE__);
$count_document = Database::fetch_row($res_document);
$cant_files = $count_document[0];
//count directories
$sql_directory = "SELECT count(*) FROM $work_table s WHERE url NOT LIKE '/".$mydir."/%/%' AND url LIKE '/".$mydir."/%'";
$res_directory = api_sql_query($sql_directory,__FILE__,__LINE__);
$res_directory = Database::query($sql_directory,__FILE__,__LINE__);
$count_directory = Database::fetch_row($res_directory);
$cant_dir = $count_directory[0];
@ -604,7 +604,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
$tbl_gradebook_link = Database::get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
$add_to_name = '';
$sql = "SELECT weight FROM ". $tbl_gradebook_link ." WHERE type='3' AND ref_id= '".$id2."'";
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
$count = Database::num_rows($result);
if($count>0) {
$add_to_name = ' / <span style="color:blue">'.get_lang('Assignment').'</span>';
@ -650,7 +650,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
//Get the author ID for that document from the item_property table
$is_author = false;
$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND ref=".$work->id;
$author_qry = api_sql_query($author_sql,__FILE__,__LINE__);
$author_qry = Database::query($author_sql,__FILE__,__LINE__);
$row2=Database::fetch_array($author_qry);
@ -821,7 +821,7 @@ function build_work_move_to_selector($folders,$curdirpath,$move_file,$group_dir=
//gets file title
$tbl_work = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$sql = "SELECT title FROM $tbl_work WHERE id ='".(int)$move_file."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$title = Database::fetch_row($result);
global $gradebook;
@ -953,11 +953,11 @@ function del_dir($base_work_dir,$dir,$id) {
}
$table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$sql = "DELETE FROM $table WHERE url LIKE BINARY 'work/".$dir."/%'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
//delete from DB the directories
$sql = "DELETE FROM $table WHERE filetype = 'folder' AND url LIKE BINARY '/".$dir."%'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
require_once(api_get_path(LIBRARY_PATH).'/fileManage.lib.php');
//my_delete($base_work_dir.$dir);
@ -974,7 +974,7 @@ function get_work_path($id)
{
$table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$sql = "SELECT * FROM $table WHERE id=$id";
$res = api_sql_query($sql);
$res = Database::query($sql);
if(Database::num_rows($res)!=1) {
return -1;
} else {
@ -993,7 +993,7 @@ function update_work_url($id,$new_path)
if(empty($id)) return -1;
$table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$sql = "SELECT * FROM $table WHERE id=$id";
$res = api_sql_query($sql);
$res = Database::query($sql);
if(Database::num_rows($res)!=1) {
return -1;
} else {
@ -1001,7 +1001,7 @@ function update_work_url($id,$new_path)
$filename = basename($row['url']);
$new_url = $new_path.$filename;
$sql2 = "UPDATE $table SET url = '$new_url' WHERE id=$id";
$res2 = api_sql_query($sql2);
$res2 = Database::query($sql2);
return $res2;
}
}
@ -1035,26 +1035,26 @@ function update_dir_name($path, $new_name) {
//update all the files in the other directories according with the next query
$sql = 'SELECT id, url FROM '.$table.' WHERE url LIKE BINARY "work/'.$path.'/%"'; // like binary (Case Sensitive)
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$work_len=strlen('work/'.$path);
while($work = Database :: fetch_array($rs)) {
$new_dir=$work['url'];
$name_with_directory=substr($new_dir,$work_len,strlen($new_dir));
$sql = 'UPDATE '.$table.' SET url="work/'.$path_to_dir.$new_name.$name_with_directory.'" WHERE id= '.$work['id'];
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
//update all the directory's children according with the next query
$sql = 'SELECT id, url FROM '.$table.' WHERE url LIKE BINARY "/'.$path.'%"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$work_len=strlen('/'.$path);
while($work = Database :: fetch_array($rs)) {
$new_dir=$work['url'];
$name_with_directory=substr($new_dir,$work_len,strlen($new_dir));
$url=$path_to_dir.$new_name.$name_with_directory;
$sql = 'UPDATE '.$table.' SET url="/'.$url.'" WHERE id= '.$work['id'];
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
}
}
@ -1078,7 +1078,7 @@ function get_parent_directories($my_cur_dir_path) {
$where_sentence = "url LIKE BINARY '" . $dir_acum . "/" . $item."'";
$dir_acum .= '/' . $list_parents[$i];
$sql = "SELECT id FROM ". $work_table . " WHERE ". $where_sentence;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row= Database::fetch_array($result);
$list_id[]=$row['id'];
}
@ -1138,7 +1138,7 @@ function insert_all_directory_in_course_table($base_work_dir) {
filetype = 'folder',
post_group_id = '".intval($_GET['toolgroup'])."',
sent_date = '0000-00-00 00:00:00' ";
api_sql_query($sql_insert_all, __FILE__, __LINE__);
Database::query($sql_insert_all, __FILE__, __LINE__);
}
}
@ -1343,7 +1343,7 @@ function get_work_id($path) {
} else {
$sql = "SELECT id FROM $TBL_STUDENT_PUBLICATION AS work,$TBL_PROP_TABLE AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work/".$path."%' AND work.filetype='file' AND props.visibility<>'2' AND props.lastedit_user_id='".api_get_user_id()."'";
}
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$num_rows = Database::num_rows($result);
if ($result && $num_rows > 0) {

94
main/work/work.php
Unescape View File

@ -390,12 +390,12 @@ $is_allowed_to_edit = api_is_allowed_to_edit(false,true); //has to come after di
if (!empty ($_POST['changeProperties'])) {
$query = "UPDATE " . $main_course_table . " SET show_score='" . $uploadvisibledisabled . "' WHERE code='" . $_course['sysCode'] . "'";
api_sql_query($query, __FILE__, __LINE__);
Database::query($query, __FILE__, __LINE__);
$_course['show_score'] = $uploadvisibledisabled;
} else {
$query = "SELECT * FROM " . $main_course_table . " WHERE code=\"" . $_course['sysCode'] . "\"";
$result = api_sql_query($query, __FILE__, __LINE__);
$result = Database::query($query, __FILE__, __LINE__);
$row = mysql_fetch_array($result);
$uploadvisibledisabled = $row["show_score"];
}
@ -429,9 +429,9 @@ if (api_is_allowed_to_edit(false,true)) {
$queryString3 = "DELETE FROM " . $TSTDPUBASG . " WHERE publication_id='$delete'";
}
$result1 = api_sql_query($queryString1, __FILE__, __LINE__);
$result2 = api_sql_query($queryString2, __FILE__, __LINE__);
$result3 = api_sql_query($queryString3, __FILE__, __LINE__);
$result1 = Database::query($queryString1, __FILE__, __LINE__);
$result2 = Database::query($queryString2, __FILE__, __LINE__);
$result3 = Database::query($queryString3, __FILE__, __LINE__);
}
}
@ -441,7 +441,7 @@ if (api_is_allowed_to_edit(false,true)) {
$qualification_number=0;
if (!empty($edit)) {
$sql = "SELECT * FROM " . $work_table . " WHERE id='" . $edit . "'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (!empty($result)) {
$row = Database::fetch_array($result);
@ -462,12 +462,12 @@ if (api_is_allowed_to_edit(false,true)) {
$sql = "ALTER TABLE " . $work_table . "
CHANGE accepted accepted TINYINT(1) DEFAULT '0'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = "UPDATE " . $work_table . "
SET accepted = 0";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
Display::display_confirmation_message(get_lang('AllFilesInvisible'));
} else {
@ -475,7 +475,7 @@ if (api_is_allowed_to_edit(false,true)) {
SET accepted = 0
WHERE id = '" . $make_invisible . "'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
Display::display_confirmation_message(get_lang('FileInvisible'));
}
@ -489,17 +489,17 @@ if (api_is_allowed_to_edit(false,true)) {
if (isset($make_visible) && $make_visible == "all") {
$sql = "ALTER TABLE " . $work_table . "
CHANGE accepted accepted TINYINT(1) DEFAULT '1'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = "UPDATE " . $work_table . "
SET accepted = 1";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
Display::display_confirmation_message(get_lang('AllFilesVisible'));
} else {
$sql = "UPDATE " . $work_table . "
SET accepted = 1
WHERE id = '" . $make_visible . "'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
Display::display_confirmation_message(get_lang('FileVisible'));
}
@ -565,7 +565,7 @@ if (api_is_allowed_to_edit(false,true)) {
date_of_qualification = '0000-00-00 00:00:00',
session_id = ".intval($id_session);
api_sql_query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication, __FILE__, __LINE__);
// add the directory
$id = Database::insert_id();
@ -587,11 +587,11 @@ if (api_is_allowed_to_edit(false,true)) {
add_to_calendar = '$agenda_id',
enable_qualification = '".$enable_calification."',
publication_id = '".$id."'";
api_sql_query($sql_add_homework, __FILE__, __LINE__);
//api_sql_query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_homework, __FILE__, __LINE__);
//Database::query($sql_add_publication, __FILE__, __LINE__);
$sql_add_publication = "UPDATE ".$work_table." SET "."has_properties = ".Database::insert_id().", view_properties = 1 ".' where id = '.$id;
api_sql_query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication, __FILE__, __LINE__);
} else {
@ -601,11 +601,11 @@ if (api_is_allowed_to_edit(false,true)) {
add_to_calendar = '$agenda_id',
enable_qualification = '".(isset($_POST['enable_calification'])?(int)$_POST['enable_calification']:'')."',
publication_id = '".$id."'";
api_sql_query($sql_add_homework, __FILE__, __LINE__);
//api_sql_query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_homework, __FILE__, __LINE__);
//Database::query($sql_add_publication, __FILE__, __LINE__);
$sql_add_publication = "UPDATE ".$work_table." SET "."has_properties = ".Database::insert_id().", view_properties = 0 ".' where id = '.$id;
api_sql_query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication, __FILE__, __LINE__);
}
@ -655,18 +655,18 @@ if (api_is_allowed_to_edit(false,true)) {
$delete_2=$_REQUEST['delete2'];
// gets calendar_id from student_publication_assigment
$sql = "SELECT add_to_calendar FROM $TSTDPUBASG WHERE publication_id ='$delete_2'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$calendar_id = Database::fetch_row($res);
// delete from agenda if it exists
if (!empty($calendar_id[0])) {
$t_agenda = Database::get_course_table(TABLE_AGENDA);
$sql = "DELETE FROM $t_agenda WHERE id ='".$calendar_id[0]."'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
$sql2="DELETE FROM $TSTDPUBASG WHERE publication_id ='$delete_2'";
$result2 = api_sql_query($sql2, __FILE__, __LINE__);
$result2 = Database::query($sql2, __FILE__, __LINE__);
$sql3="DELETE FROM $t_gradebook_link WHERE course_code='$course_code' AND ref_id='$delete_2'";
$result3 = api_sql_query($sql3, __FILE__, __LINE__);
$result3 = Database::query($sql3, __FILE__, __LINE__);
}
/* ----------------------
@ -675,7 +675,7 @@ if (api_is_allowed_to_edit(false,true)) {
if (!empty ($_REQUEST['move'])) {
$folders = array();
$sql = "SELECT url FROM $work_table WHERE url LIKE '/%' AND post_group_id = '".(empty($_SESSION['toolgroup'])?0:$_SESSION['toolgroup'])."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
while($folder = Database::fetch_array($res)) {
$folders[] = substr($folder['url'],1,(strlen($folder['url'])-1));
}
@ -736,7 +736,7 @@ else {
} else {
//Get the author ID for that document from the item_property table
$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=" .Database::escape_string($delete);
$author_qry = api_sql_query($author_sql, __FILE__, __LINE__);
$author_qry = Database::query($author_sql, __FILE__, __LINE__);
if (Database :: num_rows($author_qry) == 1) {
//we found the current user is the author
@ -744,9 +744,9 @@ else {
$queryString2 = "DELETE FROM " . $work_table . " WHERE id='$delete'";
$queryString3 = "DELETE FROM " . $TSTDPUBASG . " WHERE publication_id='$delete'";
$result1 = api_sql_query($queryString1, __FILE__, __LINE__);
$result2 = api_sql_query($queryString2, __FILE__, __LINE__);
$result3 = api_sql_query($queryString3, __FILE__, __LINE__);
$result1 = Database::query($queryString1, __FILE__, __LINE__);
$result2 = Database::query($queryString2, __FILE__, __LINE__);
$result3 = Database::query($queryString3, __FILE__, __LINE__);
if ($result1) {
api_item_property_update($_course, 'work', $delete, 'DocumentDeleted', $user_id);
@ -768,11 +768,11 @@ else {
if ($edit) {
//Get the author ID for that document from the item_property table
$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=" . $edit;
$author_qry = api_sql_query($author_sql, __FILE__, __LINE__);
$author_qry = Database::query($author_sql, __FILE__, __LINE__);
if (Database :: num_rows($author_qry) == 1) {
//we found the current user is the author
$sql = "SELECT * FROM " . $work_table . " WHERE id='" . $edit . "'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if ($result ) {
$row = mysql_fetch_array($result);
$workTitle = $row['title'];
@ -828,15 +828,15 @@ if ($ctok==$_POST['sec_token']) { //check the token inserted into the form
//if we come from the group tools the groupid will be saved in $work_table
@move_uploaded_file($_FILES['file']['tmp_name'], $updir . $my_cur_dir_path . $new_file_name);
$url = "work/" . $my_cur_dir_path . $new_file_name;
$result = api_sql_query("SHOW FIELDS FROM " . $work_table . " LIKE 'sent_date'", __FILE__, __LINE__);
$result = Database::query("SHOW FIELDS FROM " . $work_table . " LIKE 'sent_date'", __FILE__, __LINE__);
if (!Database::num_rows($result)) {
api_sql_query("ALTER TABLE " . $work_table . " ADD sent_date DATETIME NOT NULL");
Database::query("ALTER TABLE " . $work_table . " ADD sent_date DATETIME NOT NULL");
}
$current_date = date('Y-m-d H:i:s');
$parent_id = '';
$active = '';
$sql = api_sql_query('SELECT id FROM '.Database::get_course_table(TABLE_STUDENT_PUBLICATION).' WHERE url = '."'/".Database::escape_string($_GET['curdirpath'])."' AND filetype='folder' LIMIT 1");
$sql = Database::query('SELECT id FROM '.Database::get_course_table(TABLE_STUDENT_PUBLICATION).' WHERE url = '."'/".Database::escape_string($_GET['curdirpath'])."' AND filetype='folder' LIMIT 1");
if(Database::num_rows($sql) > 0 ) {
$dir_row = Database::fetch_array($sql);
$parent_id = $dir_row['id'];
@ -854,7 +854,7 @@ if ($ctok==$_POST['sec_token']) { //check the token inserted into the form
session_id = ".intval($id_session);
api_sql_query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication, __FILE__, __LINE__);
$Id = Database::insert_id();
api_item_property_update($_course, 'work', $Id, 'DocumentAdded', $user_id);
@ -883,10 +883,10 @@ if ($ctok==$_POST['sec_token']) { //check the token inserted into the form
$title = basename($workUrl);
}
$result = api_sql_query("SHOW FIELDS FROM " . $work_table . " LIKE 'sent_date'", __FILE__, __LINE__);
$result = Database::query("SHOW FIELDS FROM " . $work_table . " LIKE 'sent_date'", __FILE__, __LINE__);
if (!Database::num_rows($result)) {
api_sql_query("ALTER TABLE " . $work_table . " ADD sent_date DATETIME NOT NULL");
Database::query("ALTER TABLE " . $work_table . " ADD sent_date DATETIME NOT NULL");
}
$current_date = date('Y-m-d H:i:s');
$sql = "INSERT INTO " . $work_table . "
@ -898,7 +898,7 @@ if ($ctok==$_POST['sec_token']) { //check the token inserted into the form
sent_date = '".$current_date."',
session_id = ".intval($id_session);
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$insertId = Database::insert_id();
api_item_property_update($_course, 'work', $insertId, 'DocumentAdded', $user_id);
@ -922,7 +922,7 @@ if ($ctok==$_POST['sec_token']) { //check the token inserted into the form
if ($id<>'') {
$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=" . mysql_real_escape_string($id);
$author_qry = api_sql_query($author_sql, __FILE__, __LINE__);
$author_qry = Database::query($author_sql, __FILE__, __LINE__);
if (Database :: num_rows($author_qry) == 1) {
$is_author = true;
}
@ -948,7 +948,7 @@ if ($ctok==$_POST['sec_token']) { //check the token inserted into the form
description = '" . Database::escape_string(Security::remove_XSS($description)) . "'
".$add_to_update."
WHERE id = '$id'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
$insertId = $id;
@ -971,7 +971,7 @@ if (!empty($_POST['submitWork']) && !empty($succeed) && !$id) {
$emailto = array ();
if (empty ($id_session)) {
$sql_resp = 'SELECT u.email as myemail FROM ' . $table_course_user . ' cu, ' . $table_user . ' u WHERE cu.course_code = ' . "'" . api_get_course_id() . "'" . ' AND cu.status = 1 AND u.user_id = cu.user_id';
$res_resp = api_sql_query($sql_resp, __FILE__, __LINE__);
$res_resp = Database::query($sql_resp, __FILE__, __LINE__);
while ($row_email = Database :: fetch_array($res_resp)) {
if (!empty ($row_email['myemail'])) {
$emailto[$row_email['myemail']] = $row_email['myemail'];
@ -984,7 +984,7 @@ if (!empty($_POST['submitWork']) && !empty($succeed) && !$id) {
INNER JOIN ' . $table_user . ' user
ON user.user_id = session.id_coach
WHERE session.id = ' . intval($id_session);
$res_resp = api_sql_query($sql_resp, __FILE__, __LINE__);
$res_resp = Database::query($sql_resp, __FILE__, __LINE__);
while ($row_email = Database :: fetch_array($res_resp)) {
if (!empty ($row_email['myemail'])) {
$emailto[$row_email['myemail']] = $row_email['myemail'];
@ -997,7 +997,7 @@ if (!empty($_POST['submitWork']) && !empty($succeed) && !$id) {
INNER JOIN ' . $table_user . ' user
ON user.user_id = session_course.id_coach
WHERE session_course.id_session = ' . intval($id_session);
$res_resp = api_sql_query($sql_resp, __FILE__, __LINE__);
$res_resp = Database::query($sql_resp, __FILE__, __LINE__);
while ($row_email = Database :: fetch_array($res_resp)) {
if (!empty ($row_email['myemail'])) {
$emailto[$row_email['myemail']] = $row_email['myemail'];
@ -1044,13 +1044,13 @@ if (!empty($_POST['submitWork']) && !empty($succeed) && !$id) {
$has_expired = false;
$has_ended = false;
isset($_GET['curdirpath'])?$curdirpath=Database::escape_string($_GET['curdirpath']):$curdirpath='';
$sql = api_sql_query('SELECT description,id FROM '.Database :: get_course_table(TABLE_STUDENT_PUBLICATION).' WHERE filetype = '."'folder'".' and has_properties != '."''".' and url = '."'/".$curdirpath."'".' LIMIT 1',__FILE__,__LINE__);
$sql = Database::query('SELECT description,id FROM '.Database :: get_course_table(TABLE_STUDENT_PUBLICATION).' WHERE filetype = '."'folder'".' and has_properties != '."''".' and url = '."'/".$curdirpath."'".' LIMIT 1',__FILE__,__LINE__);
$is_special = Database::num_rows($sql);
if($is_special > 0):
$is_special = true;
define('IS_ASSIGNMENT',1);
$publication = Database::fetch_array($sql);
$sql = api_sql_query('SELECT * FROM '.$TSTDPUBASG.' WHERE publication_id = '.(string)$publication['id'].' LIMIT 1',__FILE__,__LINE__);
$sql = Database::query('SELECT * FROM '.$TSTDPUBASG.' WHERE publication_id = '.(string)$publication['id'].' LIMIT 1',__FILE__,__LINE__);
$homework = Database::fetch_array($sql);
if($homework['expires_on']!='0000-00-00 00:00:00' || $homework['ends_on']!='0000-00-00 00:00:00'):
@ -1101,7 +1101,7 @@ if ($is_course_member) {
//Get the author ID for that document from the item_property table
$is_author = false;
$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=" . $edit;
$author_qry = api_sql_query($author_sql, __FILE__, __LINE__);
$author_qry = Database::query($author_sql, __FILE__, __LINE__);
if (Database :: num_rows($author_qry) == 1) {
$is_author = true;
}
@ -1167,7 +1167,7 @@ if ($is_course_member) {
if($is_allowed_to_edit && !empty($edit) && !empty($parent_id)) {
// Get qualification from parent_id that'll allow the validation qualification over
$sql = "SELECT qualification FROM $work_table WHERE id='$parent_id'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$row = Database::fetch_array($result);
$qualification_over = $row['qualification'];
$form->addElement('text', 'qualification', get_lang('Qualification'),'size="10"');
@ -1370,7 +1370,7 @@ if (!$display_upload_form && !$display_tool_options) {
$add_query = '';
$sql = "SELECT user.firstname, user.lastname FROM $table_user user, $table_course_user course_user
WHERE course_user.user_id=user.user_id AND course_user.course_code='".api_get_course_id()."' AND course_user.status='1'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$admin_course = '';
while($row = Database::fetch_row($res)) {
$admin_course .='\''.api_get_person_name($row[0], $row[1]).'\',';

Write Preview
Loading…
Cancel
Save