diff --git a/main/exercice/savescores.php b/main/exercice/savescores.php index 92beea17c9..777889ce02 100755 --- a/main/exercice/savescores.php +++ b/main/exercice/savescores.php @@ -51,15 +51,17 @@ function save_scores($file, $score) // anonymous $user_id = "NULL"; } - $sql = "INSERT INTO $TABLETRACK_HOTPOTATOES (exe_name, exe_user_id, exe_date, c_id, exe_result, exe_weighting) VALUES ( - '".Database::escape_string($file)."', - ".intval($user_id).", - '".Database::escape_string($date)."', - $c_id, - '".Database::escape_string($score)."', - '".Database::escape_string($weighting)."')"; - Database::query($sql); + $params = [ + 'exe_name' => $file, + 'exe_user_id' => $user_id, + 'exe_date' => $date, + 'c_id' => $c_id, + 'exe_result' => $score, + 'exe_weighting' => $weighting, + ]; + Database::insert($TABLETRACK_HOTPOTATOES, $params); + if ($origin == 'learnpath') { //if we are in a learning path, save the score in the corresponding diff --git a/main/gradebook/lib/GradebookUtils.php b/main/gradebook/lib/GradebookUtils.php index 82ba3f50fc..d74f90ed83 100644 --- a/main/gradebook/lib/GradebookUtils.php +++ b/main/gradebook/lib/GradebookUtils.php @@ -585,15 +585,20 @@ class GradebookUtils */ public static function register_user_info_about_certificate($cat_id, $user_id, $score_certificate, $date_certificate) { - $table_certificate = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE); - $sql = 'SELECT COUNT(*) as count FROM ' . $table_certificate . ' gc + $table = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE); + $sql = 'SELECT COUNT(*) as count + FROM ' . $table . ' gc WHERE gc.cat_id="' . intval($cat_id) . '" AND user_id="' . intval($user_id) . '" '; $rs_exist = Database::query($sql); $row = Database::fetch_array($rs_exist); if ($row['count'] == 0) { - $sql = 'INSERT INTO ' . $table_certificate . ' (cat_id,user_id,score_certificate,created_at) - VALUES ("' . intval($cat_id) . '","' . intval($user_id) . '","' . Database::escape_string($score_certificate) . '","' . Database::escape_string($date_certificate) . '")'; - Database::query($sql); + $params = [ + 'cat_id' => $cat_id, + 'user_id' => $user_id, + 'score_certificate' => $score_certificate, + 'created_at' => $date_certificate + ]; + Database::insert($table, $params); } } diff --git a/main/gradebook/lib/be/abstractlink.class.php b/main/gradebook/lib/be/abstractlink.class.php index 28b3da2233..f9ee13ebb0 100755 --- a/main/gradebook/lib/be/abstractlink.class.php +++ b/main/gradebook/lib/be/abstractlink.class.php @@ -335,18 +335,17 @@ abstract class AbstractLink implements GradebookItem $row_testing = Database::fetch_array($result); if ($row_testing[0] == 0) { - $sql = 'INSERT INTO '.$tbl_grade_links.' (type, ref_id, user_id, course_code, category_id, weight, visible, created_at) VALUES (' - .intval($this->get_type()) - .','.intval($this->get_ref_id()) - .','.intval($this->get_user_id()) - .",'".Database::escape_string($this->get_course_code())."'" - .','.intval($this->get_category_id()) - .",'".Database::escape_string($this->get_weight())."'" - .','.intval($this->is_visible()); - $sql .= ','.'"'.$date_current = api_get_local_time().'"'; - $sql .= ")"; - Database::query($sql); - $inserted_id = Database::insert_id(); + $params = [ + 'type' => $this->get_type(), + 'ref_id' => $this->get_ref_id(), + 'user_id' => $this->get_user_id(), + 'course_code' => $this->get_course_code(), + 'category_id' => $this->get_category_id(), + 'weight' => $this->get_weight(), + 'visible' => $this->is_visible(), + 'created_at' => api_get_utc_datetime(), + ]; + $inserted_id = Database::insert($tbl_grade_links, $params); $this->set_id($inserted_id); return $inserted_id; } @@ -363,20 +362,21 @@ abstract class AbstractLink implements GradebookItem public function save() { $this->save_linked_data(); - $tbl_grade_links = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK); - $sql = "UPDATE $tbl_grade_links SET - type = ".intval($this->get_type()).", - ref_id = ".intval($this->get_ref_id()).", - user_id = ".intval($this->get_user_id()).", - course_code = '".Database::escape_string($this->get_course_code())."', - category_id = ".intval($this->get_category_id()).", - weight = '".Database::escape_string($this->get_weight())."', - visible = ".intval($this->is_visible())." - WHERE id = ".intval($this->id); + $table = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK); + + $params = [ + 'type' => $this->get_type(), + 'ref_id' => $this->get_ref_id(), + 'user_id' => $this->get_user_id(), + 'course_code' => $this->get_course_code(), + 'category_id' => $this->get_category_id(), + 'weight' => $this->get_weight(), + 'visible' => $this->is_visible(), + ]; + Database::insert($table, $params, ['id = ?' => $this->id]); AbstractLink::add_link_log($this->id); - Database::query($sql); } /** @@ -384,14 +384,14 @@ abstract class AbstractLink implements GradebookItem */ public static function add_link_log($idevaluation, $nameLog = null) { - $tbl_grade_linkeval_log = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINKEVAL_LOG); - $dateobject=AbstractLink::load ($idevaluation,null,null,null,null); - $current_date_server=api_get_utc_datetime(); + $table = Database:: get_main_table(TABLE_MAIN_GRADEBOOK_LINKEVAL_LOG); + $dateobject = AbstractLink::load($idevaluation, null, null, null, null); + $current_date_server = api_get_utc_datetime(); $arreval = get_object_vars($dateobject[0]); $description_log = isset($arreval['description']) ? $arreval['description']:''; if (empty($nameLog)) { if (isset($_POST['name_link'])) { - $name_log = isset($_POST['name_link']) ? Security::remove_XSS($_POST['name_link']) : $arreval['course_code']; + $name_log = isset($_POST['name_link']) ? $_POST['name_link'] : $arreval['course_code']; } elseif (isset($_POST['link_' . $idevaluation]) && $_POST['link_' . $idevaluation]) { $name_log = $_POST['link_' . $idevaluation]; } else { @@ -400,10 +400,18 @@ abstract class AbstractLink implements GradebookItem } else { $name_log = $nameLog; } - $sql="INSERT INTO ".$tbl_grade_linkeval_log."(id_linkeval_log, name,description,created_at,weight,visible,type,user_id_log) - VALUES('".Database::escape_string($arreval['id'])."','".Database::escape_string($name_log)."','".Database::escape_string($description_log)."','".Database::escape_string($current_date_server)."','".Database::escape_string($arreval['weight'])."','".Database::escape_string($arreval['visible'])."','Link',".api_get_user_id().")"; - Database::query($sql); + $params = [ + 'id_linkeval_log' => $arreval['id'], + 'name' => $name_log, + 'description' => $description_log, + 'created_at' => $current_date_server, + 'weight' => $arreval['weight'], + 'visible' => $arreval['visible'], + 'type' => 'Link', + 'user_id_log' => api_get_user_id(), + ]; + Database::insert($table, $params); } /** diff --git a/main/gradebook/lib/be/evaluation.class.php b/main/gradebook/lib/be/evaluation.class.php index 7d8508c585..757725d219 100755 --- a/main/gradebook/lib/be/evaluation.class.php +++ b/main/gradebook/lib/be/evaluation.class.php @@ -352,7 +352,7 @@ class Evaluation implements GradebookItem } /** - * @param $idevaluation + * @param int $idevaluation */ public function add_evaluation_log($idevaluation) { @@ -363,13 +363,22 @@ class Evaluation implements GradebookItem $dateobject = $eval->load($idevaluation,null,null,null,null); $arreval = get_object_vars($dateobject[0]); if (!empty($arreval['id'])) { - $sql_eval='SELECT weight from '.$tbl_grade_evaluations.' WHERE id='.$arreval['id']; - $rs=Database::query($sql_eval); - $row_old_weight=Database::fetch_array($rs,'ASSOC'); - $current_date=api_get_utc_datetime(); - $sql = "INSERT INTO ".$tbl_grade_linkeval_log."(id_linkeval_log,name,description,created_at,weight,visible,type,user_id_log) - VALUES('".Database::escape_string($arreval['id'])."','".Database::escape_string($arreval['name'])."','".Database::escape_string($arreval['description'])."','".$current_date."','".Database::escape_string($row_old_weight['weight'])."','".Database::escape_string($arreval['visible'])."','evaluation',".api_get_user_id().")"; - Database::query($sql); + $sql = 'SELECT weight from '.$tbl_grade_evaluations.' + WHERE id='.$arreval['id']; + $rs = Database::query($sql); + $row_old_weight = Database::fetch_array($rs, 'ASSOC'); + $current_date = api_get_utc_datetime(); + $params = [ + 'id_linkeval_log' => $arreval['id'], + 'name' => $arreval['name'], + 'description' => $arreval['description'], + 'created_at' => $current_date, + 'weight' => $row_old_weight['weight'], + 'visible' => $arreval['visible'], + 'type' => 'evaluation', + 'user_id_log' => api_get_user_id() + ]; + Database::insert($tbl_grade_linkeval_log, $params); } } } @@ -478,8 +487,9 @@ class Evaluation implements GradebookItem public function has_results() { $tbl_grade_results = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_RESULT); - $sql='SELECT count(id) AS number FROM '.$tbl_grade_results - .' WHERE evaluation_id = '.intval($this->id); + $sql = 'SELECT count(id) AS number + FROM '.$tbl_grade_results.' + WHERE evaluation_id = '.intval($this->id); $result = Database::query($sql); $number=Database::fetch_row($result); @@ -492,7 +502,8 @@ class Evaluation implements GradebookItem public function delete_results() { $tbl_grade_results = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_RESULT); - $sql = 'DELETE FROM '.$tbl_grade_results.' WHERE evaluation_id = '.intval($this->id); + $sql = 'DELETE FROM '.$tbl_grade_results.' + WHERE evaluation_id = '.intval($this->id); Database::query($sql); } diff --git a/main/gradebook/lib/scoredisplay.class.php b/main/gradebook/lib/scoredisplay.class.php index e7ccf33de2..e5f612b153 100755 --- a/main/gradebook/lib/scoredisplay.class.php +++ b/main/gradebook/lib/scoredisplay.class.php @@ -195,10 +195,10 @@ class ScoreDisplay * @param int score color percent (optional) * @param int gradebook category id (optional) */ - public function update_custom_score_display_settings ($displays, $scorecolpercent = 0, $category_id = null) + public function update_custom_score_display_settings($displays, $scorecolpercent = 0, $category_id = null) { $this->custom_display = $displays; - $this->custom_display_conv = $this->convert_displays($this->custom_display); + $this->custom_display_conv = $this->convert_displays($this->custom_display); if (isset($category_id)) { $category_id = intval($category_id); @@ -207,21 +207,23 @@ class ScoreDisplay } // remove previous settings - $tbl_display = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_SCORE_DISPLAY); - $sql = 'DELETE FROM '.$tbl_display.' WHERE category_id = '.$category_id; + $table = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_SCORE_DISPLAY); + $sql = 'DELETE FROM '.$table.' WHERE category_id = '.$category_id; Database::query($sql); // add new settings - $sql = 'INSERT INTO '.$tbl_display.' (id, score, display, category_id, score_color_percent) VALUES '; $count = 0; foreach ($displays as $display) { - if ($count > 0) { - $sql .= ','; - } - $sql .= "(NULL, '".$display['score']."', '".Database::escape_string($display['display'])."', ".$category_id.", ".intval($scorecolpercent).")"; + $params = [ + 'score' => $display['score'], + 'display' => $display['display'], + 'category_id' => $category_id, + 'score_color_percent' => $scorecolpercent, + ]; + Database::insert($table, $params); + $count++; } - Database::query($sql); } /** diff --git a/main/inc/lib/course.lib.php b/main/inc/lib/course.lib.php index e54de3577e..fdfe3adbe8 100755 --- a/main/inc/lib/course.lib.php +++ b/main/inc/lib/course.lib.php @@ -4828,12 +4828,12 @@ class CourseManager WHERE c_id = "' . $courseId . '" AND user_id = "' . $userId . '" '; } else { $sql = "INSERT INTO " . $course_user_table . " SET - c_id = '" . $courseId . "', - user_id = '" . $userId . "', - status = '1', - is_tutor = '0', - sort = '0', - user_course_cat='0'"; + c_id = " . $courseId . ", + user_id = " . $userId . ", + status = '1', + is_tutor = '0', + sort = '0', + user_course_cat='0'"; } Database::query($sql); } diff --git a/main/inc/lib/document.lib.php b/main/inc/lib/document.lib.php index fb60c3c8e3..267faed084 100755 --- a/main/inc/lib/document.lib.php +++ b/main/inc/lib/document.lib.php @@ -1455,19 +1455,15 @@ class DocumentManager { // Database table definition $table_template = Database::get_main_table(TABLE_MAIN_TEMPLATES); - - // creating the sql statement - $sql = "INSERT INTO $table_template - (title, description, course_code, user_id, ref_doc, image) - VALUES ( - '" . Database::escape_string($title) . "', - '" . Database::escape_string($description) . "', - '" . Database::escape_string($course_code) . "', - '" . intval($user_id) . "', - '" . Database::escape_string($document_id_for_template) . "', - '" . Database::escape_string($image) . "')"; - Database::query($sql); - + $params = [ + 'title' => $title, + 'description' => $description, + 'course_code' => $course_code, + 'user_id' => $user_id, + 'ref_doc' => $document_id_for_template, + 'image' => $image, + ]; + Database::insert($table_template, $params); return true; } diff --git a/main/inc/lib/events.lib.php b/main/inc/lib/events.lib.php index 63f3148da0..e7434fff22 100644 --- a/main/inc/lib/events.lib.php +++ b/main/inc/lib/events.lib.php @@ -34,19 +34,19 @@ class Event if ($pos === false && $referer != '') { $ip = api_get_real_ip(); $remhost = @ getHostByAddr($ip); - if ($remhost == $ip) - $remhost = "Unknown"; // don't change this + if ($remhost == $ip) { + $remhost = "Unknown"; + } // don't change this $reallyNow = api_get_utc_datetime(); - $sql = "INSERT INTO ".$TABLETRACK_OPEN." - (open_remote_host, - open_agent, - open_referer, - open_date) - VALUES - ('".$remhost."', - '".Database::escape_string($_SERVER['HTTP_USER_AGENT'])."', '".Database::escape_string($referer)."', '$reallyNow')"; - $res = Database::query($sql); + $params = [ + 'open_remote_host' => $remhost, + 'open_agent' => $_SERVER['HTTP_USER_AGENT'], + 'open_referer' => $referer, + 'open_date' => $reallyNow, + ]; + Database::insert($TABLETRACK_OPEN, $params); } + return 1; } diff --git a/main/inc/lib/groupmanager.lib.php b/main/inc/lib/groupmanager.lib.php index 2d919ab989..696e6fba18 100755 --- a/main/inc/lib/groupmanager.lib.php +++ b/main/inc/lib/groupmanager.lib.php @@ -816,29 +816,31 @@ class GroupManager if (!isset ($obj->new_order)) { $obj->new_order = 1; } - $sql = "INSERT INTO ".$table_group_category." SET - c_id = $course_id , - title='".Database::escape_string($title)."', - display_order ='".$obj->new_order."', - description='".Database::escape_string($description)."', - doc_state = '".Database::escape_string($doc_state)."', - work_state = '".Database::escape_string($work_state)."', - calendar_state = '".Database::escape_string($calendar_state)."', - announcements_state = '".Database::escape_string($announcements_state)."', - forum_state = '".Database::escape_string($forum_state)."', - wiki_state = '".Database::escape_string($wiki_state)."', - chat_state = '".Database::escape_string($chat_state)."', - groups_per_user = '".Database::escape_string($groups_per_user)."', - self_reg_allowed = '".Database::escape_string($self_registration_allowed)."', - self_unreg_allowed = '".Database::escape_string($self_unregistration_allowed)."', - max_student = '".Database::escape_string($maximum_number_of_students)."' "; - Database::query($sql); - $categoryId = Database::insert_id(); - if ($categoryId) { + $params = [ + 'c_id' => $course_id, + 'title' => $title, + 'display_order' => $obj->new_order, + 'description' => $description, + 'doc_state' => $doc_state, + 'work_state' => $work_state, + 'calendar_state' => $calendar_state, + 'announcements_state' => $announcements_state, + 'forum_state' => $forum_state, + 'wiki_state' => $wiki_state, + 'chat_state' => $chat_state, + 'groups_per_user' => $groups_per_user, + 'self_reg_allowed' => $self_registration_allowed, + 'self_unreg_allowed' => $self_unregistration_allowed, + 'max_student' => $maximum_number_of_students + ]; + + $categoryId = Database::insert($table_group_category, $params); + if ($categoryId) { $sql = "UPDATE $table_group_category SET id = iid WHERE iid = $categoryId"; Database::query($sql); + return $categoryId; } diff --git a/main/inc/lib/message.lib.php b/main/inc/lib/message.lib.php index 27c0b51b25..aa2aa59b43 100755 --- a/main/inc/lib/message.lib.php +++ b/main/inc/lib/message.lib.php @@ -264,10 +264,19 @@ class MessageManager Database::query($query); $inbox_last_id = $edit_message_id; } else { - $query = "INSERT INTO $table_message (user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id, update_date ) ". - "VALUES ('$user_sender_id', '$receiver_user_id', '1', '".$now."','$clean_subject','$clean_content','$group_id','$parent_id', '".$now."')"; - Database::query($query); - $inbox_last_id = Database::insert_id(); + + $params = [ + 'user_sender_id' => $user_sender_id, + 'user_receiver_id' => $receiver_user_id, + 'msg_status' => '1', + 'send_date' => $now, + 'title' => $subject, + 'content' => $content, + 'group_id' => $group_id, + 'parent_id' => $parent_id, + 'update_date' => $now + ]; + $inbox_last_id = Database::insert($table_message, $params); } // Save attachment file for inbox messages @@ -289,11 +298,19 @@ class MessageManager } if (empty($group_id)) { - //message in outbox for user friend or group - $sql = "INSERT INTO $table_message (user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id, update_date ) - VALUES ('$user_sender_id', '$receiver_user_id', '4', '".$now."','$clean_subject','$clean_content', '$group_id', '$parent_id', '".$now."')"; - Database::query($sql); - $outbox_last_id = Database::insert_id(); + // message in outbox for user friend or group + $params = [ + 'user_sender_id' => $user_sender_id, + 'user_receiver_id' => $receiver_user_id, + 'msg_status' => '4', + 'send_date' => $now, + 'title' => $subject, + 'content' => $content, + 'group_id' => $group_id, + 'parent_id' => $parent_id, + 'update_date' => $now + ]; + $outbox_last_id = Database::insert($table_message, $params); // save attachment file for outbox messages if (is_array($file_attachments)) { @@ -574,13 +591,16 @@ class MessageManager if (is_uploaded_file($file_attach['tmp_name'])) { @copy($file_attach['tmp_name'], $new_path); } - $safe_file_comment = Database::escape_string($file_comment); - $safe_file_name = Database::escape_string($file_name); - $safe_new_file_name = Database::escape_string($new_file_name); + // Storing the attachments if any - $sql = "INSERT INTO $tbl_message_attach(filename,comment, path,message_id,size) - VALUES ('$safe_file_name', '$safe_file_comment', '$safe_new_file_name' , '$message_id', '".$file_attach['size']."' )"; - Database::query($sql); + $params = [ + 'filename' => $file_name, + 'comment' => $file_comment, + 'path' => $new_file_name, + 'message_id' => $message_id, + 'size' => $file_attach['size'] + ]; + Database::insert($tbl_message_attach, $params); } } diff --git a/main/inc/lib/sessionmanager.lib.php b/main/inc/lib/sessionmanager.lib.php index 022f4c3bf2..60ff5f3329 100755 --- a/main/inc/lib/sessionmanager.lib.php +++ b/main/inc/lib/sessionmanager.lib.php @@ -2408,11 +2408,16 @@ class SessionManager $msg = get_lang('StartDateShouldBeBeforeEndDate'); return $msg; } + $access_url_id = api_get_current_access_url_id(); - $sql = "INSERT INTO $tbl_session_category (name, date_start, date_end, access_url_id) - VALUES('" . Database::escape_string($name) . "','$date_start','$date_end', '$access_url_id')"; - Database::query($sql); - $id_session = Database::insert_id(); + $params = [ + 'name' => $name, + 'date_start' => $date_start, + 'date_end' => $date_end, + 'access_url_id' => $access_url_id + ]; + $id_session = Database::insert($tbl_session_category, $params); + // Add event to system log $user_id = api_get_user_id(); Event::addEvent( diff --git a/main/inc/lib/system_announcements.lib.php b/main/inc/lib/system_announcements.lib.php index 423a7a12ed..c4df0d7ccd 100755 --- a/main/inc/lib/system_announcements.lib.php +++ b/main/inc/lib/system_announcements.lib.php @@ -353,63 +353,71 @@ class SystemAnnouncementManager $start = api_get_utc_datetime($date_start); $end = api_get_utc_datetime($date_end); - $title = Database::escape_string($title); - $content = Database::escape_string($content); - //Fixing urls that are sent by email $content = str_replace('src=\"/home/', 'src=\"'.api_get_path(WEB_PATH).'home/', $content); $content = str_replace('file=/home/', 'file='.api_get_path(WEB_PATH).'home/', $content); - $langsql = is_null($lang) ? 'NULL' : "'".Database::escape_string($lang)."'"; + $lang = is_null($lang) ? 'NULL' : $lang; $current_access_url_id = 1; if (api_is_multiple_url_enabled()) { $current_access_url_id = api_get_current_access_url_id(); } - $sql = "INSERT INTO ".$db_table." (title,content,date_start,date_end,visible_teacher,visible_student,visible_guest, lang, access_url_id) - VALUES ('".$title."','".$content."','".$start."','".$end."','".$visible_teacher."','".$visible_student."','".$visible_guest."',".$langsql.", ".$current_access_url_id.")"; + $params = [ + 'title' => $title, + 'content' => $content, + 'date_start' => $start, + 'date_end' => $end, + 'visible_teacher' => $visible_teacher, + 'visible_student' => $visible_student, + 'visible_guest' => $visible_guest, + 'lang' => $lang, + 'access_url_id' => $current_access_url_id, + ]; + + $resultId = Database::insert($db_table, $params); + + if ($resultId) { + + if ($sendEmailTest) { + SystemAnnouncementManager::send_system_announcement_by_email( + $title, + $content, + $visible_teacher, + $visible_student, + $lang, + true + ); + } else { + if ($send_mail == 1) { + SystemAnnouncementManager::send_system_announcement_by_email( + $title, + $content, + $visible_teacher, + $visible_student, + $lang + ); + } + } - if ($sendEmailTest) { - SystemAnnouncementManager::send_system_announcement_by_email( - $title, - $content, - $visible_teacher, - $visible_student, - $lang, - true - ); - } else { - if ($send_mail == 1) { - SystemAnnouncementManager::send_system_announcement_by_email( - $title, - $content, - $visible_teacher, - $visible_student, - $lang - ); - } - } + if ($add_to_calendar) { + $agenda = new Agenda(); + $agenda->setType('admin'); + $agenda->addEvent( + $date_start, + $date_end, + false, + $title, + $original_content + ); + } - $res = Database::query($sql); - if ($res === false) { - return false; - } + return $resultId; - $id = null; - if ($add_to_calendar) { - $agenda = new Agenda(); - $agenda->setType('admin'); - $id = $agenda->addEvent( - $date_start, - $date_end, - false, - $title, - $original_content - ); } - return $id; + return false; } /** diff --git a/main/inc/lib/thematic.lib.php b/main/inc/lib/thematic.lib.php index 3e9bc58389..024e16f021 100755 --- a/main/inc/lib/thematic.lib.php +++ b/main/inc/lib/thematic.lib.php @@ -292,32 +292,53 @@ class Thematic if (empty($id)) { // insert - $sql = "INSERT INTO $tbl_thematic (c_id, title, content, active, display_order, session_id) - VALUES ($this->course_int_id, '$title', '$content', 1, ".(intval($max_thematic_item)+1).", $session_id) "; - $result = Database::query($sql); - $last_id = Database::insert_id(); + $params = [ + 'c_id' => $this->course_int_id, + 'title' => $title, + 'content' => $content, + 'active' => 1, + 'display_order' => intval($max_thematic_item) + 1, + 'session_id' => $session_id + ]; + $last_id = Database::insert($tbl_thematic, $params); if ($last_id) { $sql = "UPDATE $tbl_thematic SET id = iid WHERE iid = $last_id"; Database::query($sql); - api_item_property_update($_course, 'thematic', $last_id,"ThematicAdded", $user_id); - } - } else { - // update - $sql = "UPDATE $tbl_thematic SET title = '$title', content = '$content', session_id = $session_id - WHERE id = $id AND c_id = {$this->course_int_id}"; - $result = Database::query($sql); - $last_id = $id; - if (Database::affected_rows($result)) { - // save inside item property table api_item_property_update( $_course, 'thematic', $last_id, - "ThematicUpdated", + "ThematicAdded", $user_id ); } + } else { + // Update + $params = [ + 'title' => $title, + 'content' => $content, + 'session_id' => $session_id + ]; + + Database::update( + $tbl_thematic, + $params, + ['id = ? AND c_id = ?' => [$id, $this->course_int_id]] + ); + + $last_id = $id; + + // save inside item property table + api_item_property_update( + $_course, + 'thematic', + $last_id, + "ThematicUpdated", + $user_id + ); + } + return $last_id; } @@ -328,7 +349,7 @@ class Thematic */ public function thematic_destroy($thematic_id) { - global $_course; + $_course = api_get_course_info(); $tbl_thematic = Database::get_course_table(TABLE_THEMATIC); $affected_rows = 0; $user_id = api_get_user_id();