[svn r12204] Updated all table names to use Database class (called in dropbox_config.inc.php) and removed dangerous ` signs

18 years ago · 24042b9485
parent 325bc6eb48
commit 24042b9485
7 changed files with 67 additions and 91 deletions
--- a/main/dropbox/dropbox_class.inc.php
+++ b/main/dropbox/dropbox_class.inc.php
@ -160,7 +160,7 @@ class Dropbox_Work {
 		// with updated information (authors, descriptio, upload_date)
 		$this->isOldWork = FALSE;
 		$sql="SELECT id, upload_date 
-				FROM `".dropbox_cnf("fileTbl")."` 
+				FROM ".dropbox_cnf("tbl_file")." 
 				WHERE filename = '".addslashes($this->filename)."'";
        $result = api_sql_query($sql,__FILE__,__LINE__);
 		$res = mysql_fetch_array($result);
@ -171,7 +171,7 @@ class Dropbox_Work {
 		{
 			$this->id = $res["id"];
 			$this->upload_date = $res["upload_date"];
-		    $sql = "UPDATE `".dropbox_cnf("fileTbl")."`
+		    $sql = "UPDATE ".dropbox_cnf("tbl_file")."
 					SET filesize = '".addslashes($this->filesize)."'
 					, title = '".addslashes($this->title)."'
 					, description = '".addslashes($this->description)."'
@ -183,7 +183,7 @@ class Dropbox_Work {
 		else 
 		{
 			$this->upload_date = $this->last_upload_date;
-			$sql="INSERT INTO `".dropbox_cnf("fileTbl")."` 
+			$sql="INSERT INTO ".dropbox_cnf("tbl_file")." 
 				(uploader_id, filename, filesize, title, description, author, upload_date, last_upload_date)
 				VALUES ('".addslashes($this->uploader_id)."'
 						, '".addslashes($this->filename)."'
@ -200,7 +200,7 @@ class Dropbox_Work {
 		}
 		// insert entries into person table
-		$sql="INSERT INTO `".dropbox_cnf("personTbl")."` 
+		$sql="INSERT INTO ".dropbox_cnf("tbl_person")." 
 				(file_id, user_id)
 				VALUES ('".addslashes($this->id)."'
 						, '".addslashes($this->uploader_id)."'
@ -222,7 +222,7 @@ class Dropbox_Work {
 		// get the data from DB
 		$sql="SELECT uploader_id, filename, filesize, title, description, author, upload_date, last_upload_date, cat_id
-				FROM `".dropbox_cnf("fileTbl")."`
+				FROM ".dropbox_cnf("tbl_file")."
 				WHERE id='".addslashes($id)."'";
        $result = api_sql_query($sql,__FILE__,__LINE__);
 		$res = mysql_fetch_array($result,MYSQL_ASSOC);
@ -258,7 +258,7 @@ class Dropbox_Work {
 		if ($_GET['action']=='viewfeedback' AND $this->id==$_GET['id'])
 		{
 			$feedback2=array();
-			$sql_feedback = "SELECT * FROM `".dropbox_cnf("tbl_feedback")."` WHERE file_id='".$id."' ORDER BY feedback_id ASC";
+			$sql_feedback = "SELECT * FROM ".dropbox_cnf("tbl_feedback")." WHERE file_id='".$id."' ORDER BY feedback_id ASC";
 			$result = api_sql_query($sql_feedback, __FILE__, __LINE__);
 			while ($row_feedback=mysql_fetch_array($result))
 			{
@ -270,8 +270,8 @@ class Dropbox_Work {
 		/*
 		// RH: Feedback
-		$result = api_sql_query("SELECT feedback_date, feedback, cat_id FROM `".
+		$result = api_sql_query("SELECT feedback_date, feedback, cat_id FROM ".
-		    dropbox_cnf("postTbl")."` WHERE dest_user_id='".$_user['user_id'].
+		    dropbox_cnf("tbl_post")." WHERE dest_user_id='".$_user['user_id'].
 		    "' AND file_id='".$id."'",__FILE__,__LINE__);		
 		if ($res = mysql_fetch_array($result))
 		{
@ -355,13 +355,13 @@ class Dropbox_SentWork extends Dropbox_Work
 		// insert data in dropbox_post and dropbox_person table for each recipient
 		foreach ($this->recipients as $rec)
 		{
-			$sql="INSERT INTO `".dropbox_cnf("postTbl")."` 
+			$sql="INSERT INTO ".dropbox_cnf("tbl_post")." 
 				(file_id, dest_user_id)
 				VALUES ('".addslashes($this->id)."', '".addslashes($rec["id"])."')";
 	        $result = api_sql_query($sql);	//if work already exists no error is generated
 			//insert entries into person table
-			$sql="INSERT INTO `".dropbox_cnf("personTbl")."` 
+			$sql="INSERT INTO ".dropbox_cnf("tbl_person")." 
 				(file_id, user_id)
 				VALUES ('".addslashes($this->id)."'
 						, '".addslashes($rec["id"])."'
@ -401,7 +401,7 @@ class Dropbox_SentWork extends Dropbox_Work
 		//Fill in recipients array/
 		$this->recipients = array();  // RH: Feedback: added to SELECT
 		$sql="SELECT dest_user_id, feedback_date, feedback 
-				FROM `".dropbox_cnf("postTbl")."`
+				FROM ".dropbox_cnf("tbl_post")."
 				WHERE file_id='".addslashes($id)."'";
        $result = api_sql_query($sql,__FILE__,__LINE__);
 		while ($res = mysql_fetch_array($result))
@ -434,13 +434,13 @@ class Dropbox_Person
 						//the receivedWork and the sentWork arrays are sorted
 	/**
-		* Constructor for recreating the Dropbox_Person object
+	 * Constructor for recreating the Dropbox_Person object
 	 *
 	 * @param unknown_type $userId
 	 * @param unknown_type $isCourseAdmin
 	 * @param unknown_type $isCourseTutor
 	 * @return Dropbox_Person
-		*/
+	 */
 	function Dropbox_Person ($userId, $isCourseAdmin, $isCourseTutor)
 	{
 		// Fill in properties
@ -452,11 +452,14 @@ class Dropbox_Person
 		//Note: perhaps include an ex coursemember check to delete old files
 		$post_tbl = Database::get_course_table();
 		$person_tbl = Database::get_course_table();
 		$file_tbl = Database::get_course_table();
 		// find all entries where this person is the recipient
 		$sql = "SELECT r.file_id
 				FROM 
-					`".dropbox_cnf("postTbl")."` r
+					".dropbox_cnf("tbl_post")." r
-					, `".dropbox_cnf("personTbl")."` p
+					, ".dropbox_cnf("tbl_person")." p
 				WHERE r.dest_user_id = '".addslashes($this->userId)."' 
 					AND r.dest_user_id = p.user_id
 					AND r.file_id = p.file_id";
@ -467,7 +470,7 @@ class Dropbox_Person
 		// find all entries where this person is the sender/uploader
 		$sql = "SELECT f.id 
-				FROM `".dropbox_cnf("fileTbl")."` f, `".dropbox_cnf("personTbl")."` p 
+				FROM ".dropbox_cnf("tbl_file")." f, ".dropbox_cnf("tbl_person")." p 
 				WHERE f.uploader_id = '".addslashes($this->userId)."'
 				AND f.uploader_id = p.user_id
 				AND f.id = p.file_id";
@ -588,7 +591,7 @@ class Dropbox_Person
 		//delete entries in person table concerning received works
 		foreach ($this->receivedWork as $w)
 		{
-			api_sql_query("DELETE FROM `".dropbox_cnf("personTbl")."` WHERE user_id='".$this->userId."' AND file_id='".$w->id."'",__FILE__,__LINE__);		
+			api_sql_query("DELETE FROM ".dropbox_cnf("tbl_person")." WHERE user_id='".$this->userId."' AND file_id='".$w->id."'",__FILE__,__LINE__);		
 		}
 		removeUnusedFiles();	//check for unused files
@ -617,7 +620,7 @@ class Dropbox_Person
 		}
 		//delete entries in person table concerning received works
-		api_sql_query("DELETE FROM `".dropbox_cnf("personTbl")."` WHERE user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);		
+		api_sql_query("DELETE FROM ".dropbox_cnf("tbl_person")." WHERE user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);		
 		removeUnusedFiles();	//check for unused files
 	}
@ -630,7 +633,7 @@ class Dropbox_Person
 		//delete entries in person table concerning sent works
 		foreach ($this->sentWork as $w)
 		{
-			api_sql_query("DELETE FROM `".dropbox_cnf("personTbl")."` WHERE user_id='".$this->userId."' AND file_id='".$w->id."'",__FILE__,__LINE__);		
+			api_sql_query("DELETE FROM ".dropbox_cnf("tbl_person")." WHERE user_id='".$this->userId."' AND file_id='".$w->id."'",__FILE__,__LINE__);		
 			removeMoreIfMailing($w->id);  // RH: Mailing: see init1
 		}		
 		removeUnusedFiles();	//check for unused files
@ -658,7 +661,7 @@ class Dropbox_Person
 		//$file_id = $this->sentWork[$index]->id;  // RH: Mailing
 		//delete entries in person table concerning sent works
-		api_sql_query("DELETE FROM `".dropbox_cnf("personTbl")."` WHERE user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);		
+		api_sql_query("DELETE FROM ".dropbox_cnf("tbl_person")." WHERE user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);		
 		removeMoreIfMailing($id);  // RH: Mailing: see init1
 		removeUnusedFiles();	//check for unused files
@ -690,7 +693,7 @@ class Dropbox_Person
 		$this->receivedWork[$wi]->feedback_date = $feedback_date;
 		$this->receivedWork[$wi]->feedback = $text;
-		api_sql_query("UPDATE `".dropbox_cnf("postTbl")."` SET feedback_date='".
+		api_sql_query("UPDATE ".dropbox_cnf("tbl_post")." SET feedback_date='".
 		    addslashes($feedback_date)."', feedback='".addslashes($text).
 		    "' WHERE dest_user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);		
--- a/main/dropbox/dropbox_config.inc.php
+++ b/main/dropbox/dropbox_config.inc.php
@ -33,14 +33,14 @@ $DEBUG = TRUE;
 *       DATABASE TABLE VARIABLES
 * --------------------------------------
 */
-$dropbox_cnf["postTbl"] 		= $_course["dbNameGlu"] . "dropbox_post";
+$dropbox_cnf['tbl_post'] 		= Database::get_course_table(TABLE_DROPBOX_POST);
-$dropbox_cnf["fileTbl"] 		= $_course["dbNameGlu"] . "dropbox_file";
+$dropbox_cnf['tbl_file'] 		= Database::get_course_table(TABLE_DROPBOX_FILE);
-$dropbox_cnf["personTbl"] 		= $_course["dbNameGlu"] . "dropbox_person";
+$dropbox_cnf['tbl_person'] 		= Database::get_course_table(TABLE_DROPBOX_PERSON);
-$dropbox_cnf["introTbl"] 		= $_course["dbNameGlu"] . "tool_intro";
+$dropbox_cnf['tbl_intro'] 		= Database::get_course_table(TABLE_TOOL_INTRO);
-$dropbox_cnf["userTbl"] 		= $_configuration['main_database'] . "`.`user";
+$dropbox_cnf['tbl_user'] 		= Database::get_main_table(TABLE_MAIN_USER);
-$dropbox_cnf["courseUserTbl"] 	= Database::get_main_table(TABLE_MAIN_COURSE_USER);
+$dropbox_cnf['tbl_course_user']	= Database::get_main_table(TABLE_MAIN_COURSE_USER);
-$dropbox_cnf['tbl_category'] 	= $_course["dbNameGlu"] . "dropbox_category";
+$dropbox_cnf['tbl_category'] 	= Database::get_course_table(TABLE_DROPBOX_CATEGORY);
-$dropbox_cnf['tbl_feedback'] 	= $_course["dbNameGlu"] . "dropbox_feedback";
+$dropbox_cnf['tbl_feedback'] 	= Database::get_course_table(TABLE_DROPBOX_FEEDBACK);
 /**
 * --------------------------------------
--- a/main/dropbox/dropbox_download.php
+++ b/main/dropbox/dropbox_download.php
@ -65,7 +65,7 @@ if ( isset($_GET['cat_id']) AND is_numeric($_GET['cat_id']) AND $_GET['action']=
 	if ($_GET['sent_received']=='sent')
 	{
 		// here we also incorporate the person table to make sure that deleted sent documents are not included.
-		$sql="SELECT DISTINCT file.id, file.filename, file.title FROM `".$dropbox_cnf["fileTbl"]."` file, `".$dropbox_cnf["personTbl"]."` person
+		$sql="SELECT DISTINCT file.id, file.filename, file.title FROM ".$dropbox_cnf["tbl_file"]." file, ".$dropbox_cnf["tbl_person"]." person
 				WHERE file.uploader_id='".mysql_real_escape_string($_user['user_id'])."'
 				AND file.cat_id='".mysql_real_escape_string($_GET['cat_id'])."'
 				AND person.user_id='".mysql_real_escape_string($_user['user_id'])."'
@ -74,7 +74,7 @@ if ( isset($_GET['cat_id']) AND is_numeric($_GET['cat_id']) AND $_GET['action']=
 	}
 	if ($_GET['sent_received']=='received')
 	{
-		$sql="SELECT DISTINCT file.id, file.filename, file.title FROM `".$dropbox_cnf["fileTbl"]."` file, `".$dropbox_cnf["personTbl"]."` person, `".$dropbox_cnf["postTbl"]."` post
+		$sql="SELECT DISTINCT file.id, file.filename, file.title FROM ".$dropbox_cnf["tbl_file"]." file, ".$dropbox_cnf["tbl_personTbl"]." person, ".$dropbox_cnf["tbl_post"]." post
 				WHERE post.cat_id='".mysql_real_escape_string($_GET['cat_id'])."'
 				AND person.user_id='".mysql_real_escape_string($_user['user_id'])."'
 				AND person.file_id=file.id
@ -121,7 +121,7 @@ if ( ! isset( $_GET['id']) || ! is_numeric( $_GET['id']))
 $allowed_to_download=false;
 // Check if the user has sent or received the file.
-$sql="SELECT * FROM `".$dropbox_cnf["personTbl"]."` WHERE file_id='".mysql_real_escape_string($_GET['id'])."' AND user_id='".mysql_real_escape_string($_user['user_id'])."'";
+$sql="SELECT * FROM ".$dropbox_cnf["tbl_person"]." WHERE file_id='".mysql_real_escape_string($_GET['id'])."' AND user_id='".mysql_real_escape_string($_user['user_id'])."'";
 $result=api_sql_query($sql);
 if (mysql_num_rows($result)>0)
 {
--- a/main/dropbox/dropbox_functions.inc.php
+++ b/main/dropbox/dropbox_functions.inc.php
@ -126,13 +126,13 @@ function delete_category($action, $id)
 	if ($action=='deletereceivedcategory')
 	{
 		$sentreceived='received';
-		$entries_table=$dropbox_cnf['postTbl'];
+		$entries_table=$dropbox_cnf['tbl_post'];
 		$id_field='file_id';
 	}
 	elseif ($action=='deletesentcategory')
 	{
 		$sentreceived='sent';
-		$entries_table=$dropbox_cnf['fileTbl'];
+		$entries_table=$dropbox_cnf['tbl_file'];
 		$id_field='id';
 	}
 	else
@ -145,7 +145,7 @@ function delete_category($action, $id)
 	$result=api_sql_query($sql);
 	// step 2: delete all the documents in this category
-	$sql="SELECT * FROM `".$entries_table."` WHERE cat_id='".Database::escape_string($id)."'";
+	$sql="SELECT * FROM ".$entries_table." WHERE cat_id='".Database::escape_string($id)."'";
 	$result=api_sql_query($sql);
 	while ($row=mysql_fetch_array($result))
@ -209,7 +209,7 @@ function store_move($id, $target, $part)
 	{
 		if ($part=='received')
 		{
-			$sql="UPDATE `".$dropbox_cnf["postTbl"]."` SET cat_id='".Database::escape_string($target)."'
+			$sql="UPDATE ".$dropbox_cnf["tbl_post"]." SET cat_id='".Database::escape_string($target)."'
 						WHERE dest_user_id='".Database::escape_string($_user['user_id'])."'
 						AND file_id='".Database::escape_string($id)."'
 						";
@ -218,7 +218,7 @@ function store_move($id, $target, $part)
 		}
 		if ($part=='sent')
 		{
-			$sql="UPDATE `".$dropbox_cnf["fileTbl"]."` SET cat_id='".Database::escape_string($target)."'
+			$sql="UPDATE ".$dropbox_cnf["tbl_file"]." SET cat_id='".Database::escape_string($target)."'
 						WHERE uploader_id='".Database::escape_string($_user['user_id'])."'
 						AND id='".Database::escape_string($id)."'
 						";
@ -309,7 +309,7 @@ function get_dropbox_categories($filter='')
 	$return_array=array();
-	$sql="SELECT * FROM `".$dropbox_cnf['tbl_category']."` WHERE user_id='".$_user['user_id']."'";
+	$sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."'";
 	$result=api_sql_query($sql);
 	while ($row=mysql_fetch_array($result))
@ -367,14 +367,14 @@ function store_addcategory()
 	if (!$_POST['edit_id'])
 	{
 		// step 3a, we check if the category doesn't already exist
-		$sql="SELECT * FROM `".$dropbox_cnf['tbl_category']."` WHERE user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string($_POST['category_name'])."' AND received='".$received."' AND sent='".$sent."'";
+		$sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string($_POST['category_name'])."' AND received='".$received."' AND sent='".$sent."'";
 		$result=api_sql_query($sql);
 		// step 3b, we add the category if it does not exist yet.
 		if (mysql_num_rows($result)==0)
 		{
-			$sql="INSERT INTO `".$dropbox_cnf['tbl_category']."` (cat_name, received, sent, user_id)
+			$sql="INSERT INTO ".$dropbox_cnf['tbl_category']." (cat_name, received, sent, user_id)
 					VALUES ('".Database::escape_string($_POST['category_name'])."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', '".Database::escape_string($_user['user_id'])."')";
 			api_sql_query($sql);
 			return get_lang('CategoryStored');
@ -386,7 +386,7 @@ function store_addcategory()
 	}
 	else
 	{
-		$sql="UPDATE `".$dropbox_cnf['tbl_category']."` SET cat_name='".Database::escape_string($_POST['category_name'])."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."'
+		$sql="UPDATE ".$dropbox_cnf['tbl_category']." SET cat_name='".Database::escape_string($_POST['category_name'])."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."'
 				WHERE user_id='".Database::escape_string($_user['user_id'])."'
 				AND cat_id='".Database::escape_string($_POST['edit_id'])."'";
 		api_sql_query($sql);
@ -412,7 +412,7 @@ function display_addcategory_form($category_name='', $id='')
 	if (isset($id) AND $id<>'')
 	{
 		// retrieve the category we are editing
-		$sql="SELECT * FROM `".$dropbox_cnf['tbl_category']."` WHERE cat_id='".Database::escape_string($id)."'";
+		$sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE cat_id='".Database::escape_string($id)."'";
 		$result=api_sql_query($sql);
 		$row=mysql_fetch_array($result);
@ -622,7 +622,7 @@ function getUserNameFromId ( $id)  // RH: Mailing: return 'Mailing ' + id
    }
    $sql = "SELECT CONCAT(lastname,' ', firstname) AS name
-			FROM `" . dropbox_cnf("userTbl") . "`
+			FROM " . dropbox_cnf("tbl_user") . "
 			WHERE user_id='" . addslashes( $id) . "'";
    $result = api_sql_query($sql,__FILE__,__LINE__);
    $res = mysql_fetch_array( $result);
@ -638,7 +638,7 @@ function getUserNameFromId ( $id)  // RH: Mailing: return 'Mailing ' + id
 function getLoginFromId ( $id)
 {
    $sql = "SELECT username
-			FROM `" . dropbox_cnf("userTbl") . "`
+			FROM " . dropbox_cnf("tbl_user") . "
 			WHERE user_id='" . addslashes( $id) . "'";
    $result =api_sql_query($sql,__FILE__,__LINE__);
    $res = mysql_fetch_array( $result);
@ -667,16 +667,16 @@ function removeUnusedFiles( )
 {
    // select all files that aren't referenced anymore
    $sql = "SELECT DISTINCT f.id, f.filename
-			FROM `" . dropbox_cnf("fileTbl") . "` f
+			FROM " . dropbox_cnf("tbl_file") . " f
-			LEFT JOIN `" . dropbox_cnf("personTbl") . "` p ON f.id = p.file_id
+			LEFT JOIN " . dropbox_cnf("tbl_person") . " p ON f.id = p.file_id
 			WHERE p.user_id IS NULL";
    $result = api_sql_query($sql,__FILE__,__LINE__);
    while ( $res = mysql_fetch_array( $result))
    {
 		//delete the selected files from the post and file tables
-        $sql = "DELETE FROM `" . dropbox_cnf("postTbl") . "` WHERE file_id='" . $res['id'] . "'";
+        $sql = "DELETE FROM " . dropbox_cnf("tbl_post") . " WHERE file_id='" . $res['id'] . "'";
        $result1 = api_sql_query($sql,__FILE__,__LINE__);
-        $sql = "DELETE FROM `" . dropbox_cnf("fileTbl") . "` WHERE id='" . $res['id'] . "'";
+        $sql = "DELETE FROM " . dropbox_cnf("tbl_file") . " WHERE id='" . $res['id'] . "'";
        $result1 = api_sql_query($sql,__FILE__,__LINE__);
 		//delete file from server
@ -700,8 +700,8 @@ function removeUnusedFiles( )
 function getUserOwningThisMailing($mailingPseudoId, $owner = 0, $or_die = '')
 {
    $sql = "SELECT f.uploader_id
-			FROM `" . dropbox_cnf("fileTbl") . "` f
+			FROM " . dropbox_cnf("tbl_file") . " f
-			LEFT JOIN `" . dropbox_cnf("postTbl") . "` p ON f.id = p.file_id
+			LEFT JOIN " . dropbox_cnf("tbl_post") . " p ON f.id = p.file_id
 			WHERE p.dest_user_id = '" . $mailingPseudoId . "'";
    $result = api_sql_query($sql,__FILE__,__LINE__);
@ -727,7 +727,7 @@ function removeMoreIfMailing($file_id)
    //    for all content files, replace mailingPseudoId by owner as uploader
    $sql = "SELECT p.dest_user_id
-			FROM `" . dropbox_cnf("postTbl") . "` p
+			FROM " . dropbox_cnf("tbl_post") . " p
 			WHERE p.file_id = '" . $file_id . "'";
    $result = api_sql_query($sql,__FILE__,__LINE__);
@ -736,11 +736,11 @@ function removeMoreIfMailing($file_id)
 	    $mailingPseudoId = $res['dest_user_id'];
 	    if ( $mailingPseudoId > dropbox_cnf("mailingIdBase"))
 	    {
-	        $sql = "DELETE FROM `" . dropbox_cnf("personTbl") . "` WHERE user_id='" . $mailingPseudoId . "'";
+	        $sql = "DELETE FROM " . dropbox_cnf("tbl_person") . " WHERE user_id='" . $mailingPseudoId . "'";
 	        $result1 = api_sql_query($sql,__FILE__,__LINE__);
-	        $sql = "UPDATE `" . dropbox_cnf("fileTbl") .
+	        $sql = "UPDATE " . dropbox_cnf("tbl_file") .
-	            "` SET uploader_id='" . api_get_user_id() . "' WHERE uploader_id='" . $mailingPseudoId . "'";
+	            " SET uploader_id='" . api_get_user_id() . "' WHERE uploader_id='" . $mailingPseudoId . "'";
 	        $result1 = api_sql_query($sql,__FILE__,__LINE__);
        }
    }
@ -1034,7 +1034,7 @@ function feedback_form()
 	// we now check if the other users have not delete this document yet. If this is the case then it is useless to see the
 	// add feedback since the other users will never get to see the feedback.
-	$sql="SELECT * FROM `".$dropbox_cnf["personTbl"]."` WHERE file_id='".Database::escape_string($_GET['id'])."'";
+	$sql="SELECT * FROM ".$dropbox_cnf["tbl_person"]." WHERE file_id='".Database::escape_string($_GET['id'])."'";
 	$result=api_sql_query($sql,__LINE__, __FILE__);
 	$number_users_who_see_file=mysql_num_rows($result);
 	if ($number_users_who_see_file>1)
@ -1070,7 +1070,7 @@ function store_feedback()
 	}
 	else
 	{
-		$sql="INSERT INTO `".$dropbox_cnf['tbl_feedback']."` (file_id, author_user_id, feedback, feedback_date) VALUES
+		$sql="INSERT INTO ".$dropbox_cnf['tbl_feedback']." (file_id, author_user_id, feedback, feedback_date) VALUES
 				('".Database::escape_string($_GET['id'])."','".Database::escape_string($_user['user_id'])."','".Database::escape_string($_POST['feedback'])."',NOW())";
 		api_sql_query($sql);
 		return get_lang('DropboxFeedbackStored');
@ -1112,7 +1112,7 @@ function zip_download ($array)
 	// note: we also have to add the check if the user has received or sent this file. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 	$sql="SELECT distinct file.filename, file.title, file.author, file.description
-			FROM `".$dropbox_cnf["fileTbl"]."` file, `".$dropbox_cnf["personTbl"]."` person
+			FROM ".$dropbox_cnf["tbl_file"]." file, ".$dropbox_cnf["tbl_person"]." person
 			WHERE file.id IN (".implode(', ',$array).")
 			AND file.id=person.file_id
 			AND person.user_id='".$_user['user_id']."'";
@ -1362,7 +1362,7 @@ function get_total_number_feedback($file_id='')
 {
 	global $dropbox_cnf;
-	$sql="SELECT COUNT(feedback_id) AS total, file_id FROM `".$dropbox_cnf['tbl_feedback']."` GROUP BY file_id";
+	$sql="SELECT COUNT(feedback_id) AS total, file_id FROM ".$dropbox_cnf['tbl_feedback']." GROUP BY file_id";
 	$result=api_sql_query($sql, __FILE__, __LINE__);
 	while ($row=mysql_fetch_array($result))
 	{
--- a/main/dropbox/dropbox_init.inc.php
+++ b/main/dropbox/dropbox_init.inc.php
@ -321,35 +321,4 @@ if(! $is_allowed_in_course || ! $is_courseMember)
 	}
 	exit();
 }
-
+?>
 /**
 * ========================================
 *       SANITY CHECK
 * ========================================
 * @todo This has to be moved to the install / update script
 */
 if (mysql_query("SELECT * FROM `".$dropbox_cnf['tbl_category']."`")==false)
 {
 	$sql="CREATE TABLE `".$dropbox_cnf['tbl_category']."` (
 			  `cat_id` int(11) NOT NULL auto_increment,
 			  `cat_name` text NOT NULL,
 			  `received` enum('0','1') NOT NULL default '0',
 			  `sent` enum('0','1') NOT NULL default '0',
 			  `user_id` int(11) NOT NULL default '0',
 			  PRIMARY KEY  (`cat_id`)
 			  );";
 	api_sql_query($sql);
 }
 if (mysql_query("SELECT cat_id FROM `".$dropbox_cnf["fileTbl"]."`")==false)
 {
 	$sql="ALTER TABLE `".$dropbox_cnf["fileTbl"]."`
 			ADD `cat_id` int(11) NOT NULL default '0'";
 	api_sql_query($sql);
 }
 ?>
--- a/main/dropbox/dropbox_submit.php
+++ b/main/dropbox/dropbox_submit.php
@ -527,7 +527,7 @@ if ( isset( $_GET['mailingIndex']))  // examine or send
 			    $sendDT = addslashes(date("Y-m-d H:i:s",time()));
 			    // set filesize to zero on send, to avoid 2nd send (see index.php)
-				$sql = "UPDATE `".dropbox_cnf("fileTbl")."`
+				$sql = "UPDATE ".dropbox_cnf("tbl_file")."
 						SET filesize = '0'
 						, upload_date = '".$sendDT."', last_upload_date = '".$sendDT."'
 						WHERE id='".addslashes($mailing_item->id)."'";
--- a/main/dropbox/index.php
+++ b/main/dropbox/index.php
@ -107,6 +107,10 @@ Version 1.3 (Patrick Cool)
 - same action on multiple documents ([zip]download, move, delete)
 - consistency with the docuements tool (open/download file, icons of documents, ...)
 - zip download of complete folder
 Version 1.4 (Yannick Warnier)
 -----------------------------
 - removed all self-built database tables names
 ==============================================================================
 */