chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove unnecessary quotes in queries - refs BT#18201

Browse Source
pull/3824/head
Angel Fernando Quiroz Campos 5 years ago
parent 3428e54fb7
commit 316bc309f6
10 changed files with 35 additions and 36 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      main/exercise/answer.class.php
  2. 6
      main/exercise/exercise.class.php
  3. 4
      main/exercise/question.class.php
  4. 4
      main/exercise/question_create.php
  5. 4
      main/exercise/unique_answer.class.php
  6. 4
      main/extra/myStudents.php
  7. 8
      main/gradebook/lib/be/exerciselink.class.php
  8. 13
      main/inc/lib/tracking.lib.php
  9. 2
      main/lp/learnpath.class.php
  10. 14
      src/Chamilo/CourseBundle/Component/CourseCopy/CourseBuilder.php

8
main/exercise/answer.class.php
Unescape View File

@ -125,7 +125,7 @@ class Answer
$sql = "SELECT * FROM $table $sql = "SELECT * FROM $table
WHERE WHERE
question_id ='".$questionId."' question_id = $questionId
ORDER BY position"; ORDER BY position";
$result = Database::query($sql); $result = Database::query($sql);
@ -210,7 +210,7 @@ class Answer
$sql = "SELECT id FROM $sql = "SELECT id FROM
$table $table
WHERE question_id ='".$questionId."'"; WHERE question_id = $questionId";
$result = Database::query($sql); $result = Database::query($sql);
$id = []; $id = [];
@ -394,7 +394,7 @@ class Answer
$table = Database::get_course_table(TABLE_QUIZ_ANSWER); $table = Database::get_course_table(TABLE_QUIZ_ANSWER);
$auto_id = (int) $auto_id; $auto_id = (int) $auto_id;
$sql = "SELECT iid, answer, id_auto FROM $table $sql = "SELECT iid, answer, id_auto FROM $table
WHERE id_auto='$auto_id'"; WHERE id_auto = $auto_id";
$rs = Database::query($sql); $rs = Database::query($sql);
if (Database::num_rows($rs) > 0) { if (Database::num_rows($rs) > 0) {
@ -501,7 +501,7 @@ class Answer
{ {
$table = Database::get_course_table(TABLE_QUIZ_QUESTION); $table = Database::get_course_table(TABLE_QUIZ_QUESTION);
$sql = "SELECT type FROM $table $sql = "SELECT type FROM $table
WHERE iid = '".$this->questionId."'"; WHERE iid = {$this->questionId}";
$res = Database::query($sql); $res = Database::query($sql);
if (Database::num_rows($res) <= 0) { if (Database::num_rows($res) <= 0) {
return null; return null;

6
main/exercise/exercise.class.php
Unescape View File

@ -179,7 +179,7 @@ class Exercise
} }
$sql = "SELECT * FROM $table $sql = "SELECT * FROM $table
WHERE iid = ".$id; WHERE iid = $id";
$result = Database::query($sql); $result = Database::query($sql);
// if the exercise has been found // if the exercise has been found
@ -665,14 +665,14 @@ class Exercise
FROM $TBL_EXERCICE_QUESTION e FROM $TBL_EXERCICE_QUESTION e
INNER JOIN $TBL_QUESTIONS q INNER JOIN $TBL_QUESTIONS q
ON e.question_id = q.iid ON e.question_id = q.iid
WHERE e.exercice_id = '".$this->id."' AND e.c_id = {$this->course_id}"; WHERE e.exercice_id = {$this->id} AND e.c_id = {$this->course_id}";
$orderCondition = ' ORDER BY question_order '; $orderCondition = ' ORDER BY question_order ';
if (!empty($sidx) && !empty($sord)) { if (!empty($sidx) && !empty($sord)) {
if ('question' === $sidx) { if ('question' === $sidx) {
if (in_array(strtolower($sord), ['desc', 'asc'])) { if (in_array(strtolower($sord), ['desc', 'asc'])) {
$orderCondition = " ORDER BY `q.$sidx` $sord"; $orderCondition = " ORDER BY q.$sidx $sord";
} }
} }
} }

4
main/exercise/question.class.php
Unescape View File

@ -869,7 +869,7 @@ abstract class Question
* *
* @return bool - true if copied, otherwise false * @return bool - true if copied, otherwise false
*/ */
public function exportPicture($questionId, $courseInfo) public function exportPicture(int $questionId, array $courseInfo)
{ {
if (empty($questionId) || empty($courseInfo)) { if (empty($questionId) || empty($courseInfo)) {
return false; return false;
@ -919,7 +919,7 @@ abstract class Question
$table = Database::get_course_table(TABLE_QUIZ_QUESTION); $table = Database::get_course_table(TABLE_QUIZ_QUESTION);
$sql = "UPDATE $table SET $sql = "UPDATE $table SET
picture = '".Database::escape_string($picture)."' picture = '".Database::escape_string($picture)."'
WHERE iid='".intval($questionId)."'"; WHERE iid = $questionId";
Database::query($sql); Database::query($sql);
$documentId = add_document( $documentId = add_document(

4
main/exercise/question_create.php
Unescape View File

@ -82,8 +82,8 @@ if ($form->validate()) {
$answer_type = $values['question_type_hidden']; $answer_type = $values['question_type_hidden'];
// check feedback_type from current exercise for type of question delineation // check feedback_type from current exercise for type of question delineation
$exercise_id = intval($values['exercise']); $exercise_id = (int) $values['exercise'];
$sql = "SELECT feedback_type FROM $tbl_exercises WHERE iid = '$exercise_id'"; $sql = "SELECT feedback_type FROM $tbl_exercises WHERE iid = $exercise_id";
$rs_feedback_type = Database::query($sql); $rs_feedback_type = Database::query($sql);
$row_feedback_type = Database::fetch_row($rs_feedback_type); $row_feedback_type = Database::fetch_row($rs_feedback_type);
$feedback_type = $row_feedback_type[0]; $feedback_type = $row_feedback_type[0];

4
main/exercise/unique_answer.class.php
Unescape View File

@ -485,7 +485,7 @@ class UniqueAnswer extends Question
$tbl_quiz_answer = Database::get_course_table(TABLE_QUIZ_ANSWER); $tbl_quiz_answer = Database::get_course_table(TABLE_QUIZ_ANSWER);
$tbl_quiz_question = Database::get_course_table(TABLE_QUIZ_QUESTION); $tbl_quiz_question = Database::get_course_table(TABLE_QUIZ_QUESTION);
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$question_id = intval($question_id); $question_id = (int) $question_id;
$score = floatval($score); $score = floatval($score);
$correct = intval($correct); $correct = intval($correct);
$title = Database::escape_string($title); $title = Database::escape_string($title);
@ -528,7 +528,7 @@ class UniqueAnswer extends Question
if ($correct) { if ($correct) {
$sql = "UPDATE $tbl_quiz_question $sql = "UPDATE $tbl_quiz_question
SET ponderation = (ponderation + $score) SET ponderation = (ponderation + $score)
WHERE iid = ".$question_id; WHERE iid = $question_id";
Database::query($sql); Database::query($sql);
} }
} }

4
main/extra/myStudents.php
Unescape View File

@ -1119,7 +1119,7 @@ if (!empty($studentId)) {
$sql = "SELECT quiz.title, iid FROM $t_quiz AS quiz $sql = "SELECT quiz.title, iid FROM $t_quiz AS quiz
WHERE WHERE
quiz.c_id = ".$courseInfo['real_id']." AND quiz.c_id = {$courseInfo['real_id']} AND
active IN (0, 1) active IN (0, 1)
$sessionCondition $sessionCondition
ORDER BY quiz.title ASC "; ORDER BY quiz.title ASC ";
@ -2231,7 +2231,7 @@ if (empty($_GET['details'])) {
]; ];
$t_quiz = Database:: get_course_table(TABLE_QUIZ_TEST); $t_quiz = Database:: get_course_table(TABLE_QUIZ_TEST);
$sql = "SELECT quiz.title, iid FROM ".$t_quiz." AS quiz $sql = "SELECT quiz.title, iid FROM $t_quiz AS quiz
WHERE WHERE
quiz.c_id = $c_id AND quiz.c_id = $c_id AND
(quiz.session_id = $session_id OR quiz.session_id = 0) AND (quiz.session_id = $session_id OR quiz.session_id = 0) AND

8
main/gradebook/lib/be/exerciselink.class.php
Unescape View File

@ -638,9 +638,9 @@ class ExerciseLink extends AbstractLink
$this->exercise_data = Database::fetch_array($result); $this->exercise_data = Database::fetch_array($result);
} else { } else {
// Try with iid // Try with iid
$sql = 'SELECT * FROM '.$table.' $sql = "SELECT * FROM $table
WHERE WHERE
iid = '.$exerciseId; iid = $exerciseId";
$result = Database::query($sql); $result = Database::query($sql);
$rows = Database::num_rows($result); $rows = Database::num_rows($result);
@ -648,9 +648,9 @@ class ExerciseLink extends AbstractLink
$this->exercise_data = Database::fetch_array($result); $this->exercise_data = Database::fetch_array($result);
} else { } else {
// Try wit id // Try wit id
$sql = 'SELECT * FROM '.$table.' $sql = "SELECT * FROM $table
WHERE WHERE
iid = '.$exerciseId; iid = $exerciseId";
$result = Database::query($sql); $result = Database::query($sql);
$this->exercise_data = Database::fetch_array($result); $this->exercise_data = Database::fetch_array($result);
} }

13
main/inc/lib/tracking.lib.php
Unescape View File

@ -384,11 +384,11 @@ class Tracking
$result_disabled_ext_all = false; $result_disabled_ext_all = false;
if ('quiz' === $row['item_type']) { if ('quiz' === $row['item_type']) {
// Check results_disabled in quiz table. // Check results_disabled in quiz table.
$my_path = Database::escape_string($row['path']); $lpItemPath = (int) $row['path'];
$sql = "SELECT results_disabled $sql = "SELECT results_disabled
FROM $TBL_QUIZ FROM $TBL_QUIZ
WHERE WHERE
iid ='".$my_path."'"; iid = $lpItemPath";
$res_result_disabled = Database::query($sql); $res_result_disabled = Database::query($sql);
$row_result_disabled = Database::fetch_row($res_result_disabled); $row_result_disabled = Database::fetch_row($res_result_disabled);
@ -686,14 +686,13 @@ class Tracking
$my_id = $row['myid']; $my_id = $row['myid'];
$my_lp_id = $row['mylpid']; $my_lp_id = $row['mylpid'];
$my_lp_view_id = $row['mylpviewid']; $my_lp_view_id = $row['mylpviewid'];
$my_path = $row['path']; $lpItemPath = (int) $row['path'];
$result_disabled_ext_all = false; $result_disabled_ext_all = false;
if ($row['item_type'] === 'quiz') { if ($row['item_type'] === 'quiz') {
// Check results_disabled in quiz table. // Check results_disabled in quiz table.
$my_path = Database::escape_string($my_path);
$sql = "SELECT results_disabled $sql = "SELECT results_disabled
FROM $TBL_QUIZ FROM $TBL_QUIZ
WHERE iid = '$my_path' "; WHERE iid = $lpItemPath";
$res_result_disabled = Database::query($sql); $res_result_disabled = Database::query($sql);
$row_result_disabled = Database::fetch_row($res_result_disabled); $row_result_disabled = Database::fetch_row($res_result_disabled);
@ -2982,7 +2981,7 @@ class Tracking
$num = Database::num_rows($result_last_attempt); $num = Database::num_rows($result_last_attempt);
if ($num > 0) { if ($num > 0) {
$attemptResult = Database::fetch_array($result_last_attempt, 'ASSOC'); $attemptResult = Database::fetch_array($result_last_attempt, 'ASSOC');
$id_last_attempt = $attemptResult['exe_id']; $id_last_attempt = (int) $attemptResult['exe_id'];
// We overwrite the score with the best one not the one saved in the LP (latest) // We overwrite the score with the best one not the one saved in the LP (latest)
if ($getOnlyBestAttempt && $get_only_latest_attempt_results == false) { if ($getOnlyBestAttempt && $get_only_latest_attempt_results == false) {
if ($debug) { if ($debug) {
@ -3007,7 +3006,7 @@ class Tracking
INNER JOIN $tbl_quiz_questions AS q INNER JOIN $tbl_quiz_questions AS q
ON q.iid = at.question_id ON q.iid = at.question_id
WHERE WHERE
exe_id ='$id_last_attempt' AND exe_id = $id_last_attempt AND
at.c_id = $course_id at.c_id = $course_id
) )
AS t"; AS t";

2
main/lp/learnpath.class.php
Unescape View File

@ -7686,7 +7686,7 @@ class learnpath
} elseif (is_numeric($extra_info)) { } elseif (is_numeric($extra_info)) {
$sql = "SELECT title, description $sql = "SELECT title, description
FROM $tbl_quiz FROM $tbl_quiz
WHERE iid = ".$extra_info; WHERE iid = $extra_info";
$result = Database::query($sql); $result = Database::query($sql);
$row = Database::fetch_array($result); $row = Database::fetch_array($result);

14
src/Chamilo/CourseBundle/Component/CourseCopy/CourseBuilder.php
Unescape View File

@ -797,8 +797,8 @@ class CourseBuilder
$this->findAndSetDocumentsInText($obj->description); $this->findAndSetDocumentsInText($obj->description);
$quiz = new Quiz($obj); $quiz = new Quiz($obj);
$sql = 'SELECT * FROM '.$table_rel.' $sql = "SELECT * FROM $table_rel
WHERE c_id = '.$courseId.' AND exercice_id = '.$obj->iid; WHERE c_id = $courseId AND exercice_id = {$obj->iid}";
$db_result2 = Database::query($sql); $db_result2 = Database::query($sql);
while ($obj2 = Database::fetch_object($db_result2)) { while ($obj2 = Database::fetch_object($db_result2)) {
$quiz->add_question($obj2->question_id, $obj2->question_order); $quiz->add_question($obj2->question_id, $obj2->question_order);
@ -860,8 +860,8 @@ class CourseBuilder
); );
$question->addPicture($this); $question->addPicture($this);
$sql = 'SELECT * FROM '.$table_ans.' $sql = "SELECT * FROM $table_ans
WHERE question_id = '.$obj->iid; WHERE question_id = {$obj->iid}";
$db_result2 = Database::query($sql); $db_result2 = Database::query($sql);
while ($obj2 = Database::fetch_object($db_result2)) { while ($obj2 = Database::fetch_object($db_result2)) {
$question->add_answer( $question->add_answer(
@ -880,8 +880,8 @@ class CourseBuilder
if ($obj->type == MULTIPLE_ANSWER_TRUE_FALSE) { if ($obj->type == MULTIPLE_ANSWER_TRUE_FALSE) {
$table_options = Database::get_course_table(TABLE_QUIZ_QUESTION_OPTION); $table_options = Database::get_course_table(TABLE_QUIZ_QUESTION_OPTION);
$sql = 'SELECT * FROM '.$table_options.' $sql = "SELECT * FROM $table_options
WHERE question_id = '.$obj->iid; WHERE question_id = {$obj->iid}";
$db_result3 = Database::query($sql); $db_result3 = Database::query($sql);
while ($obj3 = Database::fetch_object($db_result3)) { while ($obj3 = Database::fetch_object($db_result3)) {
$question_option = new QuizQuestionOption($obj3); $question_option = new QuizQuestionOption($obj3);
@ -951,7 +951,7 @@ class CourseBuilder
); );
$question->addPicture($this); $question->addPicture($this);
$sql = "SELECT * FROM $table_ans $sql = "SELECT * FROM $table_ans
WHERE question_id = ".$obj->id; WHERE question_id = {$obj->id}";
$db_result2 = Database::query($sql); $db_result2 = Database::query($sql);
if (Database::num_rows($db_result2)) { if (Database::num_rows($db_result2)) {
while ($obj2 = Database::fetch_object($db_result2)) { while ($obj2 = Database::fetch_object($db_result2)) {

Write Preview
Loading…
Cancel
Save