diff --git a/main/exercise/answer.class.php b/main/exercise/answer.class.php index 3a1c0c5737..6102ca5a9f 100755 --- a/main/exercise/answer.class.php +++ b/main/exercise/answer.class.php @@ -125,7 +125,7 @@ class Answer $sql = "SELECT * FROM $table WHERE - question_id ='".$questionId."' + question_id = $questionId ORDER BY position"; $result = Database::query($sql); @@ -210,7 +210,7 @@ class Answer $sql = "SELECT id FROM $table - WHERE question_id ='".$questionId."'"; + WHERE question_id = $questionId"; $result = Database::query($sql); $id = []; @@ -394,7 +394,7 @@ class Answer $table = Database::get_course_table(TABLE_QUIZ_ANSWER); $auto_id = (int) $auto_id; $sql = "SELECT iid, answer, id_auto FROM $table - WHERE id_auto='$auto_id'"; + WHERE id_auto = $auto_id"; $rs = Database::query($sql); if (Database::num_rows($rs) > 0) { @@ -501,7 +501,7 @@ class Answer { $table = Database::get_course_table(TABLE_QUIZ_QUESTION); $sql = "SELECT type FROM $table - WHERE iid = '".$this->questionId."'"; + WHERE iid = {$this->questionId}"; $res = Database::query($sql); if (Database::num_rows($res) <= 0) { return null; diff --git a/main/exercise/exercise.class.php b/main/exercise/exercise.class.php index cda47281b2..e7084d68bf 100755 --- a/main/exercise/exercise.class.php +++ b/main/exercise/exercise.class.php @@ -179,7 +179,7 @@ class Exercise } $sql = "SELECT * FROM $table - WHERE iid = ".$id; + WHERE iid = $id"; $result = Database::query($sql); // if the exercise has been found @@ -665,14 +665,14 @@ class Exercise FROM $TBL_EXERCICE_QUESTION e INNER JOIN $TBL_QUESTIONS q ON e.question_id = q.iid - WHERE e.exercice_id = '".$this->id."' AND e.c_id = {$this->course_id}"; + WHERE e.exercice_id = {$this->id} AND e.c_id = {$this->course_id}"; $orderCondition = ' ORDER BY question_order '; if (!empty($sidx) && !empty($sord)) { if ('question' === $sidx) { if (in_array(strtolower($sord), ['desc', 'asc'])) { - $orderCondition = " ORDER BY `q.$sidx` $sord"; + $orderCondition = " ORDER BY q.$sidx $sord"; } } } diff --git a/main/exercise/question.class.php b/main/exercise/question.class.php index 0669703cd8..ab7d08c981 100755 --- a/main/exercise/question.class.php +++ b/main/exercise/question.class.php @@ -869,7 +869,7 @@ abstract class Question * * @return bool - true if copied, otherwise false */ - public function exportPicture($questionId, $courseInfo) + public function exportPicture(int $questionId, array $courseInfo) { if (empty($questionId) || empty($courseInfo)) { return false; @@ -919,7 +919,7 @@ abstract class Question $table = Database::get_course_table(TABLE_QUIZ_QUESTION); $sql = "UPDATE $table SET picture = '".Database::escape_string($picture)."' - WHERE iid='".intval($questionId)."'"; + WHERE iid = $questionId"; Database::query($sql); $documentId = add_document( diff --git a/main/exercise/question_create.php b/main/exercise/question_create.php index 4200b52686..15667036c6 100755 --- a/main/exercise/question_create.php +++ b/main/exercise/question_create.php @@ -82,8 +82,8 @@ if ($form->validate()) { $answer_type = $values['question_type_hidden']; // check feedback_type from current exercise for type of question delineation - $exercise_id = intval($values['exercise']); - $sql = "SELECT feedback_type FROM $tbl_exercises WHERE iid = '$exercise_id'"; + $exercise_id = (int) $values['exercise']; + $sql = "SELECT feedback_type FROM $tbl_exercises WHERE iid = $exercise_id"; $rs_feedback_type = Database::query($sql); $row_feedback_type = Database::fetch_row($rs_feedback_type); $feedback_type = $row_feedback_type[0]; diff --git a/main/exercise/unique_answer.class.php b/main/exercise/unique_answer.class.php index 39ee4052b7..5e4aea2229 100755 --- a/main/exercise/unique_answer.class.php +++ b/main/exercise/unique_answer.class.php @@ -485,7 +485,7 @@ class UniqueAnswer extends Question $tbl_quiz_answer = Database::get_course_table(TABLE_QUIZ_ANSWER); $tbl_quiz_question = Database::get_course_table(TABLE_QUIZ_QUESTION); $course_id = api_get_course_int_id(); - $question_id = intval($question_id); + $question_id = (int) $question_id; $score = floatval($score); $correct = intval($correct); $title = Database::escape_string($title); @@ -528,7 +528,7 @@ class UniqueAnswer extends Question if ($correct) { $sql = "UPDATE $tbl_quiz_question SET ponderation = (ponderation + $score) - WHERE iid = ".$question_id; + WHERE iid = $question_id"; Database::query($sql); } } diff --git a/main/extra/myStudents.php b/main/extra/myStudents.php index a7b4c2f397..f2daa97d25 100644 --- a/main/extra/myStudents.php +++ b/main/extra/myStudents.php @@ -1119,7 +1119,7 @@ if (!empty($studentId)) { $sql = "SELECT quiz.title, iid FROM $t_quiz AS quiz WHERE - quiz.c_id = ".$courseInfo['real_id']." AND + quiz.c_id = {$courseInfo['real_id']} AND active IN (0, 1) $sessionCondition ORDER BY quiz.title ASC "; @@ -2231,7 +2231,7 @@ if (empty($_GET['details'])) { ]; $t_quiz = Database:: get_course_table(TABLE_QUIZ_TEST); - $sql = "SELECT quiz.title, iid FROM ".$t_quiz." AS quiz + $sql = "SELECT quiz.title, iid FROM $t_quiz AS quiz WHERE quiz.c_id = $c_id AND (quiz.session_id = $session_id OR quiz.session_id = 0) AND diff --git a/main/gradebook/lib/be/exerciselink.class.php b/main/gradebook/lib/be/exerciselink.class.php index 6ccb8ba70c..894f705bde 100755 --- a/main/gradebook/lib/be/exerciselink.class.php +++ b/main/gradebook/lib/be/exerciselink.class.php @@ -638,9 +638,9 @@ class ExerciseLink extends AbstractLink $this->exercise_data = Database::fetch_array($result); } else { // Try with iid - $sql = 'SELECT * FROM '.$table.' - WHERE - iid = '.$exerciseId; + $sql = "SELECT * FROM $table + WHERE + iid = $exerciseId"; $result = Database::query($sql); $rows = Database::num_rows($result); @@ -648,9 +648,9 @@ class ExerciseLink extends AbstractLink $this->exercise_data = Database::fetch_array($result); } else { // Try wit id - $sql = 'SELECT * FROM '.$table.' - WHERE - iid = '.$exerciseId; + $sql = "SELECT * FROM $table + WHERE + iid = $exerciseId"; $result = Database::query($sql); $this->exercise_data = Database::fetch_array($result); } diff --git a/main/inc/lib/tracking.lib.php b/main/inc/lib/tracking.lib.php index 080989fe72..5a8e5cefc7 100755 --- a/main/inc/lib/tracking.lib.php +++ b/main/inc/lib/tracking.lib.php @@ -384,11 +384,11 @@ class Tracking $result_disabled_ext_all = false; if ('quiz' === $row['item_type']) { // Check results_disabled in quiz table. - $my_path = Database::escape_string($row['path']); + $lpItemPath = (int) $row['path']; $sql = "SELECT results_disabled FROM $TBL_QUIZ WHERE - iid ='".$my_path."'"; + iid = $lpItemPath"; $res_result_disabled = Database::query($sql); $row_result_disabled = Database::fetch_row($res_result_disabled); @@ -686,14 +686,13 @@ class Tracking $my_id = $row['myid']; $my_lp_id = $row['mylpid']; $my_lp_view_id = $row['mylpviewid']; - $my_path = $row['path']; + $lpItemPath = (int) $row['path']; $result_disabled_ext_all = false; if ($row['item_type'] === 'quiz') { // Check results_disabled in quiz table. - $my_path = Database::escape_string($my_path); $sql = "SELECT results_disabled FROM $TBL_QUIZ - WHERE iid = '$my_path' "; + WHERE iid = $lpItemPath"; $res_result_disabled = Database::query($sql); $row_result_disabled = Database::fetch_row($res_result_disabled); @@ -2982,7 +2981,7 @@ class Tracking $num = Database::num_rows($result_last_attempt); if ($num > 0) { $attemptResult = Database::fetch_array($result_last_attempt, 'ASSOC'); - $id_last_attempt = $attemptResult['exe_id']; + $id_last_attempt = (int) $attemptResult['exe_id']; // We overwrite the score with the best one not the one saved in the LP (latest) if ($getOnlyBestAttempt && $get_only_latest_attempt_results == false) { if ($debug) { @@ -3007,7 +3006,7 @@ class Tracking INNER JOIN $tbl_quiz_questions AS q ON q.iid = at.question_id WHERE - exe_id ='$id_last_attempt' AND + exe_id = $id_last_attempt AND at.c_id = $course_id ) AS t"; diff --git a/main/lp/learnpath.class.php b/main/lp/learnpath.class.php index 74c457081a..bdb9dcff97 100755 --- a/main/lp/learnpath.class.php +++ b/main/lp/learnpath.class.php @@ -7686,7 +7686,7 @@ class learnpath } elseif (is_numeric($extra_info)) { $sql = "SELECT title, description FROM $tbl_quiz - WHERE iid = ".$extra_info; + WHERE iid = $extra_info"; $result = Database::query($sql); $row = Database::fetch_array($result); diff --git a/src/Chamilo/CourseBundle/Component/CourseCopy/CourseBuilder.php b/src/Chamilo/CourseBundle/Component/CourseCopy/CourseBuilder.php index 9c9be40fcc..63c8eeae2b 100644 --- a/src/Chamilo/CourseBundle/Component/CourseCopy/CourseBuilder.php +++ b/src/Chamilo/CourseBundle/Component/CourseCopy/CourseBuilder.php @@ -797,8 +797,8 @@ class CourseBuilder $this->findAndSetDocumentsInText($obj->description); $quiz = new Quiz($obj); - $sql = 'SELECT * FROM '.$table_rel.' - WHERE c_id = '.$courseId.' AND exercice_id = '.$obj->iid; + $sql = "SELECT * FROM $table_rel + WHERE c_id = $courseId AND exercice_id = {$obj->iid}"; $db_result2 = Database::query($sql); while ($obj2 = Database::fetch_object($db_result2)) { $quiz->add_question($obj2->question_id, $obj2->question_order); @@ -860,8 +860,8 @@ class CourseBuilder ); $question->addPicture($this); - $sql = 'SELECT * FROM '.$table_ans.' - WHERE question_id = '.$obj->iid; + $sql = "SELECT * FROM $table_ans + WHERE question_id = {$obj->iid}"; $db_result2 = Database::query($sql); while ($obj2 = Database::fetch_object($db_result2)) { $question->add_answer( @@ -880,8 +880,8 @@ class CourseBuilder if ($obj->type == MULTIPLE_ANSWER_TRUE_FALSE) { $table_options = Database::get_course_table(TABLE_QUIZ_QUESTION_OPTION); - $sql = 'SELECT * FROM '.$table_options.' - WHERE question_id = '.$obj->iid; + $sql = "SELECT * FROM $table_options + WHERE question_id = {$obj->iid}"; $db_result3 = Database::query($sql); while ($obj3 = Database::fetch_object($db_result3)) { $question_option = new QuizQuestionOption($obj3); @@ -951,7 +951,7 @@ class CourseBuilder ); $question->addPicture($this); $sql = "SELECT * FROM $table_ans - WHERE question_id = ".$obj->id; + WHERE question_id = {$obj->id}"; $db_result2 = Database::query($sql); if (Database::num_rows($db_result2)) { while ($obj2 = Database::fetch_object($db_result2)) {