chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #306 - Platform admin tools: Replacing the function api_sql_query() with Database::query().

Browse Source
skala
Ivan Tcholakov 16 years ago
parent 22084ecbdc
commit 8b50531cc0
41 changed files with 249 additions and 249 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      main/admin/access_url_add_courses_to_url.php
  2. 6
      main/admin/access_url_add_sessions_to_url.php
  3. 6
      main/admin/access_url_add_users_to_url.php
  4. 4
      main/admin/access_url_edit_courses_to_url.php
  5. 4
      main/admin/access_url_edit_sessions_to_url.php
  6. 4
      main/admin/access_url_edit_users_to_url.php
  7. 30
      main/admin/add_courses_to_session.php
  8. 14
      main/admin/add_users_to_session.php
  9. 36
      main/admin/calendar.lib.php
  10. 2
      main/admin/calendar.php
  11. 2
      main/admin/calendar_view_print.php
  12. 40
      main/admin/configure_extensions.php
  13. 2
      main/admin/configure_homepage.php
  14. 4
      main/admin/course_add.php
  15. 46
      main/admin/course_category.php
  16. 18
      main/admin/course_edit.php
  17. 8
      main/admin/course_information.php
  18. 4
      main/admin/course_list.php
  19. 2
      main/admin/course_virtual.php
  20. 10
      main/admin/index.php
  21. 12
      main/admin/languages.php
  22. 6
      main/admin/ldap_import_students_to_session.php
  23. 20
      main/admin/ldap_synchro.php
  24. 26
      main/admin/resume_session.php
  25. 6
      main/admin/session_add.php
  26. 8
      main/admin/session_course_edit.php
  27. 10
      main/admin/session_course_list.php
  28. 8
      main/admin/session_course_user_list.php
  29. 4
      main/admin/session_edit.php
  30. 12
      main/admin/session_export.php
  31. 6
      main/admin/session_list.php
  32. 42
      main/admin/settings.php
  33. 26
      main/admin/statistics/statistics.lib.php
  34. 4
      main/admin/subscribe_class2course.php
  35. 6
      main/admin/subscribe_user2class.php
  36. 6
      main/admin/subscribe_user2course.php
  37. 4
      main/admin/user_export.php
  38. 16
      main/admin/user_fields.php
  39. 10
      main/admin/user_fields_options.php
  40. 10
      main/admin/user_information.php
  41. 8
      main/admin/user_list.php

6
main/admin/access_url_add_courses_to_url.php
Unescape View File

@ -115,7 +115,7 @@ if ($_POST['form_sent']) {
if(empty($first_letter_user))
{
$sql = "SELECT count(*) as num_courses FROM $tbl_course";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$num_row = Database::fetch_array($result);
if($num_row['num_courses']>1000)
{//if there are too much num_courses to gracefully handle with the HTML select list,
@ -130,12 +130,12 @@ $sql = "SELECT code, title FROM $tbl_course
WHERE title LIKE '".$first_letter_course."%' OR title LIKE '".api_strtolower($first_letter_course)."%'
ORDER BY title, code DESC ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$db_courses = Database::store_result($result);
unset($result);
$sql = "SELECT id, url FROM $tbl_access_url WHERE active=1 ORDER BY url";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$db_urls = Database::store_result($result);
unset($result);
?>

6
main/admin/access_url_add_sessions_to_url.php
Unescape View File

@ -113,7 +113,7 @@ if ($_POST['form_sent']) {
/*
if(empty($first_letter_user)) {
$sql = "SELECT count(*) as num_courses FROM $tbl_course";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$num_row = Database::fetch_array($result);
if($num_row['num_courses']>1000)
{//if there are too much num_courses to gracefully handle with the HTML select list,
@ -128,12 +128,12 @@ $sql = "SELECT id, name FROM $tbl_session
WHERE name LIKE '".$first_letter_session."%' OR name LIKE '".api_strtolower($first_letter_session)."%'
ORDER BY name DESC ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$db_sessions = Database::store_result($result);
unset($result);
$sql = "SELECT id, url FROM $tbl_access_url WHERE active=1 ORDER BY url";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$db_urls = Database::store_result($result);
unset($result);
?>

6
main/admin/access_url_add_users_to_url.php
Unescape View File

@ -118,7 +118,7 @@ if ($_POST['form_sent']) {
if(empty($first_letter_user)) {
$sql = "SELECT count(*) as nb_users FROM $tbl_user";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$num_row = Database::fetch_array($result);
if($num_row['nb_users']>1000) {
//if there are too much users to gracefully handle with the HTML select list,
@ -133,12 +133,12 @@ $target_name = api_sort_by_first_name() ? 'firstname' : 'lastname';
$sql = "SELECT user_id,lastname,firstname,username FROM $tbl_user
WHERE ".$target_name." LIKE '".$first_letter_user."%' OR ".$target_name." LIKE '".api_strtolower($first_letter_user)."%'
ORDER BY ". (count($users) > 0 ? "(user_id IN(".implode(',', $users).")) DESC," : "")." ".$target_name;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$db_users = Database::store_result($result);
unset($result);
$sql = "SELECT id, url FROM $tbl_access_url WHERE active=1 ORDER BY url";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$db_urls = Database::store_result($result);
unset($result);
?>

4
main/admin/access_url_edit_courses_to_url.php
Unescape View File

@ -88,7 +88,7 @@ function search_courses($needle, $id)
)
ORDER BY title, code
LIMIT 11';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$i=0;
while ($course = Database :: fetch_array($rs)) {
$i++;
@ -197,7 +197,7 @@ if($ajax_search) {
$sql="SELECT code, title
FROM $tbl_course u
ORDER BY title, code";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$courses=Database::store_result($result);
$course_list_leys = array_keys($course_list);
foreach($courses as $course) {

4
main/admin/access_url_edit_sessions_to_url.php
Unescape View File

@ -85,7 +85,7 @@ function search_sessions($needle, $id)
WHERE (name LIKE "'.$needle.'%")
ORDER BY name, id
LIMIT 11';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$i=0;
while ($session = Database :: fetch_array($rs)) {
$i++;
@ -193,7 +193,7 @@ if($ajax_search) {
$sql="SELECT id, name
FROM $tbl_session u
ORDER BY name, id";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$sessions=Database::store_result($result);
$session_list_leys = array_keys($session_list);
foreach($sessions as $session) {

4
main/admin/access_url_edit_users_to_url.php
Unescape View File

@ -89,7 +89,7 @@ function search_users($needle, $id)
$order_clause.
' LIMIT 11';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$i=0;
while ($user = Database :: fetch_array($rs)) {
@ -195,7 +195,7 @@ if($ajax_search) {
$sql="SELECT u.user_id, lastname, firstname, username
FROM $tbl_user u".
$order_clause;
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$Users=Database::store_result($result);
$user_list_leys = array_keys($sessionUsersList);
foreach($Users as $user) {

30
main/admin/add_courses_to_session.php
Unescape View File

@ -51,7 +51,7 @@ if(isset($_GET['add_type']) && $_GET['add_type']!=''){
if (!api_is_platform_admin()) {
$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session;
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
if (Database::result($rs,0,0)!=$_user['user_id']) {
api_not_allowed(true);
}
@ -73,7 +73,7 @@ function search_courses($needle,$type)
$id_session = Database::escape_string($id_session);
// check course_code from session_rel_course table
$sql = 'SELECT course_code FROM '.$tbl_session_rel_course.' WHERE id_session ="'.(int)$id_session.'"';
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$course_codes = '';
if (Database::num_rows($res) > 0) {
while ($row = Database::fetch_row($res)) {
@ -125,7 +125,7 @@ function search_courses($needle,$type)
}
}
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$course_list = array();
if ($type=='single') {
@ -205,17 +205,17 @@ if ($_POST['formSent']) {
}
$nbr_courses=0;
$id_coach = api_sql_query("SELECT id_coach FROM $tbl_session WHERE id=$id_session");
$id_coach = Database::query("SELECT id_coach FROM $tbl_session WHERE id=$id_session");
$id_coach = Database::fetch_array($id_coach);
$id_coach = $id_coach[0];
$rs = api_sql_query("SELECT course_code FROM $tbl_session_rel_course WHERE id_session=$id_session");
$rs = Database::query("SELECT course_code FROM $tbl_session_rel_course WHERE id_session=$id_session");
$existingCourses = Database::store_result($rs);
$sql="SELECT id_user
FROM $tbl_session_rel_user
WHERE id_session = $id_session";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$UserList=Database::store_result($result);
@ -229,32 +229,32 @@ if ($_POST['formSent']) {
}
if(!$exists) {
$sql_insert_rel_course= "INSERT INTO $tbl_session_rel_course(id_session,course_code, id_coach) VALUES('$id_session','$enreg_course','$id_coach')";
api_sql_query($sql_insert_rel_course ,__FILE__,__LINE__);
Database::query($sql_insert_rel_course ,__FILE__,__LINE__);
//We add in the existing courses table the current course, to not try to add another time the current course
$existingCourses[]=array('course_code'=>$enreg_course);
$nbr_users=0;
foreach ($UserList as $enreg_user) {
$enreg_user = Database::escape_string($enreg_user['id_user']);
$sql_insert = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')";
api_sql_query($sql_insert,__FILE__,__LINE__);
Database::query($sql_insert,__FILE__,__LINE__);
if(Database::affected_rows()) {
$nbr_users++;
}
}
api_sql_query("UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'",__FILE__,__LINE__);
}
}
foreach($existingCourses as $existingCourse) {
if(!in_array($existingCourse['course_code'], $CourseList)){
api_sql_query("DELETE FROM $tbl_session_rel_course WHERE course_code='".$existingCourse['course_code']."' AND id_session=$id_session");
api_sql_query("DELETE FROM $tbl_session_rel_course_rel_user WHERE course_code='".$existingCourse['course_code']."' AND id_session=$id_session");
Database::query("DELETE FROM $tbl_session_rel_course WHERE course_code='".$existingCourse['course_code']."' AND id_session=$id_session");
Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE course_code='".$existingCourse['course_code']."' AND id_session=$id_session");
}
}
$nbr_courses=count($CourseList);
api_sql_query("UPDATE $tbl_session SET nbr_courses=$nbr_courses WHERE id='$id_session'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_session SET nbr_courses=$nbr_courses WHERE id='$id_session'",__FILE__,__LINE__);
if(isset($_GET['add']))
header('Location: add_users_to_session.php?id_session='.$id_session.'&add=true');
@ -289,7 +289,7 @@ echo '<div class="row"><div class="form_header">'.$tool_name.' ('.$session_info[
/*$sql = 'SELECT COUNT(1) FROM '.$tbl_course;
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$count_courses = mysql_result($rs, 0, 0);*/
$ajax_search = $add_type == 'unique' ? true : false;
@ -320,7 +320,7 @@ if ($ajax_search) {
}
}
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$Courses=Database::store_result($result);
foreach($Courses as $course) {
@ -350,7 +350,7 @@ if ($ajax_search) {
}
}
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$Courses=Database::store_result($result);
foreach($Courses as $course) {
if ($course['id_session'] == $id_session) {

14
main/admin/add_users_to_session.php
Unescape View File

@ -53,7 +53,7 @@ if(isset($_REQUEST['add_type']) && $_REQUEST['add_type']!=''){
if (!api_is_platform_admin()) {
$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session;
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
if(Database::result($rs,0,0)!=$_user['user_id']) {
api_not_allowed(true);
}
@ -93,7 +93,7 @@ function search_users($needle,$type)
$id_session = Database::escape_string($id_session);
// check id_user from session_rel_user table
$sql = 'SELECT id_user FROM '.$tbl_session_rel_user.' WHERE id_session ="'.(int)$id_session.'"';
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$user_ids = array();
if (Database::num_rows($res) > 0) {
while ($row = Database::fetch_row($res)) {
@ -143,7 +143,7 @@ function search_users($needle,$type)
}
}
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$i=0;
if ($type=='single') {
while ($user = Database :: fetch_array($rs)) {
@ -264,7 +264,7 @@ Display::display_header($tool_name);
$nosessionUsersList = $sessionUsersList = array();
/*$sql = 'SELECT COUNT(1) FROM '.$tbl_user;
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$count_courses = Database::result($rs, 0, 0);*/
$ajax_search = $add_type == 'unique' ? true : false;
global $_configuration;
@ -292,7 +292,7 @@ if ($ajax_search) {
$order_clause";
}
}
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$Users=Database::store_result($result);
foreach ($Users as $user) {
$sessionUsersList[$user['user_id']] = $user ;
@ -374,7 +374,7 @@ if ($ajax_search) {
}
}
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$Users=Database::store_result($result);
//var_dump($_REQUEST['id_session']);
foreach ($Users as $user) {
@ -407,7 +407,7 @@ if ($ajax_search) {
$order_clause";
}
}
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$Users=Database::store_result($result);
foreach($Users as $key_user_list =>$value_user_list) {

36
main/admin/calendar.lib.php
Unescape View File

@ -425,7 +425,7 @@ function store_new_agenda_item()
VALUES
('".$title."','".$content."', '".$start_date."','".$end_date."')";
$result = api_sql_query($sql,__FILE__,__LINE__) or die (Database::error());
$result = Database::query($sql,__FILE__,__LINE__) or die (Database::error());
$last_id=Database::insert_id();
// store in last_tooledit (first the groups, then the users
@ -531,7 +531,7 @@ function get_agenda_item($id)
}
if(empty($id)){return $item;}
$sql = "SELECT * FROM ".$TABLEAGENDA." WHERE id='".$id."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$entry_to_edit = Database::fetch_array($result);
$item['title'] = $entry_to_edit["title"];
$item['content'] = $entry_to_edit["content"];
@ -597,7 +597,7 @@ function save_edit_agenda_item($id,$title,$content,$start_date,$end_date)
start_date='".$start_date."',
end_date='".$end_date."'
WHERE id='".$id."'";
$result = api_sql_query($sql,__FILE__,__LINE__) or die (Database::error());
$result = Database::query($sql,__FILE__,__LINE__) or die (Database::error());
return true;
}
@ -625,7 +625,7 @@ function delete_agenda_item($id)
if(Database::num_rows($res)>0)
{
$sql = "DELETE FROM ".$t_agenda." WHERE id='$id'";
$result = api_sql_query($sql,__FILE__,__LINE__) or die (Database::error());
$result = Database::query($sql,__FILE__,__LINE__) or die (Database::error());
}
api_item_property_update($_course,TOOL_CALENDAR_EVENT,$id,'delete',api_get_user_id());
$id=null;
@ -715,7 +715,7 @@ function display_agenda_items()
if (is_allowed_to_edit() && !api_is_anonymous()) {
$sql="SELECT * FROM ".$TABLEAGENDA.' ORDER BY start_date '.$_SESSION['sort'];
//echo "<pre>".$sql."</pre>";
$result=api_sql_query($sql,__FILE__,__LINE__) or die(Database::error());
$result=Database::query($sql,__FILE__,__LINE__) or die(Database::error());
$number_items=Database::num_rows($result);
} else {
$number_items = 0;
@ -981,7 +981,7 @@ function display_one_agenda_item($agenda_id)
--------------------------------------------------*/
$sql="SELECT * FROM ".$TABLEAGENDA;
$result=api_sql_query($sql,__FILE__,__LINE__) or die(Database::error());
$result=Database::query($sql,__FILE__,__LINE__) or die(Database::error());
$number_items=Database::num_rows($result);
$myrow=Database::fetch_array($result); // there should be only one item so no need for a while loop
@ -1670,7 +1670,7 @@ function get_agendaitems($month, $year)
}
}
$result = api_sql_query($sqlquery, __FILE__, __LINE__);
$result = Database::query($sqlquery, __FILE__, __LINE__);
while ($item = Database::fetch_array($result))
{
$agendaday = date('j',strtotime($item['start_date']));
@ -1714,7 +1714,7 @@ function display_upcoming_events()
ORDER BY start_date ";
//}
// if the user is not an administrator of that course
$result = api_sql_query($sqlquery, __FILE__, __LINE__);
$result = Database::query($sqlquery, __FILE__, __LINE__);
$counter = 0;
while ($item = Database::fetch_array($result,'ASSOC'))
{
@ -1934,7 +1934,7 @@ function get_day_agendaitems($courses_dbs, $month, $year, $day)
$items = array ();
// get agenda-items for every course
//$query=api_sql_query($sql_select_courses);
//$query=Database::query($sql_select_courses);
foreach ($courses_dbs as $key => $array_course_info)
{
//databases of the courses
@ -1980,7 +1980,7 @@ function get_day_agendaitems($courses_dbs, $month, $year, $day)
//$sqlquery = "SELECT * FROM $agendadb WHERE DAYOFMONTH(day)='$day' AND month(day)='$month' AND year(day)='$year'";
//echo "abc";
//echo $sqlquery;
$result = api_sql_query($sqlquery, __FILE__, __LINE__);
$result = Database::query($sqlquery, __FILE__, __LINE__);
$portal_url = $_configuration['root_web'];
if ($_configuration['multiple_access_urls']==true) {
$access_url_id = api_get_current_access_url_id();
@ -2091,7 +2091,7 @@ function get_week_agendaitems($courses_dbs, $month, $year, $week = '')
// $sqlquery = "SELECT * FROM $agendadb WHERE (DAYOFMONTH(day)>='$start_day' AND DAYOFMONTH(day)<='$end_day')
// AND (MONTH(day)>='$start_month' AND MONTH(day)<='$end_month')
// AND (YEAR(day)>='$start_year' AND YEAR(day)<='$end_year')";
$result = api_sql_query($sqlquery, __FILE__, __LINE__);
$result = Database::query($sqlquery, __FILE__, __LINE__);
$portal_url = $_configuration['root_web'];
if ($_configuration['multiple_access_urls']==true) {
@ -2184,7 +2184,7 @@ function get_repeated_events_day_view($course_info,$start=0,$end=0,$params)
.(!empty($params['conditions'])?$params['conditions']:'')
.(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'')
.(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:'');
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($res)>0)
{
while($row = Database::fetch_array($res))
@ -2305,7 +2305,7 @@ function get_repeated_events_week_view($course_info,$start=0,$end=0,$params)
.(!empty($params['conditions'])?$params['conditions']:'')
.(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'')
.(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:'');
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($res)>0)
{
while($row = Database::fetch_array($res))
@ -2436,7 +2436,7 @@ function get_repeated_events_month_view($course_info,$start=0,$end=0,$params)
.(!empty($params['conditions'])?$params['conditions']:'')
.(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'')
.(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:'');
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($res)>0)
{
while($row = Database::fetch_array($res))
@ -2607,7 +2607,7 @@ function get_repeated_events_list_view($course_info,$start=0,$end=0,$params)
.(!empty($params['conditions'])?$params['conditions']:'')
.(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'')
.(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:'');
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($res)>0)
{
while($row = Database::fetch_array($res))
@ -2863,7 +2863,7 @@ function agenda_add_item($course_info, $title, $content, $db_start_date, $db_end
// check if exists in calendar_event table
$sql = "SELECT * FROM $t_agenda WHERE title='$title' AND content = '$content' AND start_date = '$start_date'
AND end_date = '$end_date' ".(!empty($parent_id)? "AND parent_event_id = '$parent_id'":"");
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$count = Database::num_rows($result);
if ($count > 0) {
return false;
@ -2874,7 +2874,7 @@ function agenda_add_item($course_info, $title, $content, $db_start_date, $db_end
VALUES
('".$title."','".$content."', '".$start_date."','".$end_date."')";
$result = api_sql_query($sql,__FILE__,__LINE__) or die (Database::error());
$result = Database::query($sql,__FILE__,__LINE__) or die (Database::error());
$last_id=Database::insert_id();
// add a attachment file in agenda
@ -2951,7 +2951,7 @@ function agenda_add_item($course_info, $title, $content, $db_start_date, $db_end
WHERE MONTH(start_date)='".$month."' AND YEAR(start_date)='".$year."'
GROUP BY id ".
"ORDER BY start_date ";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
while ($row=Database::fetch_array($result)) {
$datum_item=(int)substr($row["start_date"],8,2);

2
main/admin/calendar.php
Unescape View File

@ -60,7 +60,7 @@ $id_session=intval($_GET['id_session']);
if(!api_is_platform_admin())
{
$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session;
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
if(mysql_result($rs,0,0)!=$_user['user_id'])
{
api_not_allowed(true);

2
main/admin/calendar_view_print.php
Unescape View File

@ -48,7 +48,7 @@ require('../inc/global.inc.php');
$TABLEAGENDA = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR);
$sql = "SELECT * FROM $TABLEAGENDA WHERE id IN($id) ORDER BY start_date DESC";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
?>
<html>

40
main/admin/configure_extensions.php
Unescape View File

@ -52,19 +52,19 @@ if(isset($_POST['activeExtension'])){
selected_value="true"
WHERE variable="service_visio"
AND subkey="active"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
if(Database::affected_rows()>0)
{
// select all the courses and insert the tool inside
$sql = 'SELECT db_name FROM '.Database::get_main_table(TABLE_MAIN_COURSE);
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
while($row = Database::fetch_array($rs)){
if(!empty($_POST['visio_host']))
{
$tool_table = Database::get_course_table(TABLE_TOOL_LIST,$row['db_name']);
$select = "SELECT id FROM $tool_table WHERE name='".TOOL_VISIO_CONFERENCE."'";
$selectres = api_sql_query($select,__FILE__, __LINE__);
$selectres = Database::query($select,__FILE__, __LINE__);
if(Database::num_rows($selectres)<1)
{
$sql = 'INSERT INTO '.$tool_table.' SET
@ -76,10 +76,10 @@ if(isset($_POST['activeExtension'])){
address="squaregrey.gif",
target="_self",
category="interaction"';
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
$select = "SELECT id FROM $tool_table WHERE name='".TOOL_VISIO_CLASSROOM."'";
$selectres = api_sql_query($select,__FILE__, __LINE__);
$selectres = Database::query($select,__FILE__, __LINE__);
if(Database::num_rows($selectres)<1)
{
$sql = 'INSERT INTO '.$tool_table.' SET
@ -91,7 +91,7 @@ if(isset($_POST['activeExtension'])){
address="squaregrey.gif",
target="_self",
category="authoring"';
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
}
}
@ -102,25 +102,25 @@ if(isset($_POST['activeExtension'])){
selected_value="'.Database::escape_string($_POST['visio_host']).'"
WHERE variable="service_visio"
AND subkey="visio_host"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.Database::escape_string($_POST['visio_port']).'"
WHERE variable="service_visio"
AND subkey="visio_port"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.Database::escape_string($_POST['visio_pass']).'"
WHERE variable="service_visio"
AND subkey="visio_pass"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.($_POST['visio_use_rtmpt']=='true'?'true':'false').'"
WHERE variable="service_visio"
AND subkey="visio_use_rtmpt"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
if(empty($message))
{
@ -138,7 +138,7 @@ if(isset($_POST['activeExtension'])){
WHERE variable="service_ppt2lp"
AND subkey="active"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
if(Database::affected_rows()>0){
$message = get_lang('ServiceActivated');
@ -148,37 +148,37 @@ if(isset($_POST['activeExtension'])){
selected_value="'.addslashes($_POST['host']).'"
WHERE variable="service_ppt2lp"
AND subkey="host"';
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.addslashes($_POST['port']).'"
WHERE variable="service_ppt2lp"
AND subkey="port"';
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.addslashes($_POST['ftp_password']).'"
WHERE variable="service_ppt2lp"
AND subkey="ftp_password"';
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.addslashes($_POST['user']).'"
WHERE variable="service_ppt2lp"
AND subkey="user"';
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.addslashes($_POST['path_to_lzx']).'"
WHERE variable="service_ppt2lp"
AND subkey="path_to_lzx"';
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.addslashes($_POST['size']).'"
WHERE variable="service_ppt2lp"
AND subkey="size"';
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
break;
}
@ -191,7 +191,7 @@ $listActiveServices = array();
// get the list of active services
$sql = 'SELECT variable FROM '.$tbl_settings_current.' WHERE variable LIKE "service_%" AND subkey="active" and selected_value="true"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
while($row = Database::fetch_array($rs)){
$listActiveServices[] = $row['variable'];
}
@ -315,7 +315,7 @@ Display::display_header($nameTool);
{
$sql = 'SELECT subkey, selected_value FROM '.$tbl_settings_current.'
WHERE variable = "service_visio"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
while($row = Database::fetch_array($rs,'ASSOC'))
{
$defaults[$row['subkey']] = $row['selected_value'];
@ -382,7 +382,7 @@ Display::display_header($nameTool);
$sql = 'SELECT subkey, selected_value FROM '.$tbl_settings_current.'
WHERE variable = "service_ppt2lp"
AND subkey <> "active"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
while($row = Database::fetch_array($rs,'ASSOC'))
{
$defaults[$row['subkey']] = $row['selected_value'];

2
main/admin/configure_homepage.php
Unescape View File

@ -587,7 +587,7 @@ if(!empty($action)) {
}
else //if $action is empty, then prepare a list of the course categories to display (?)
{
$result=api_sql_query("SELECT name FROM $tbl_category WHERE parent_id IS NULL ORDER BY tree_pos",__FILE__,__LINE__);
$result=Database::query("SELECT name FROM $tbl_category WHERE parent_id IS NULL ORDER BY tree_pos",__FILE__,__LINE__);
$Categories=Database::store_result($result);
}

4
main/admin/course_add.php
Unescape View File

@ -71,7 +71,7 @@ if ($_configuration['multiple_access_urls']==true){
ON (u.user_id=url_rel_user.user_id) WHERE url_rel_user.access_url_id=".api_get_current_access_url_id()." AND status=1".$order_clause;
}
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$teachers = array();
$teachers[0] = '-- '.get_lang('NoManager').' --';
while($obj = mysql_fetch_object($res))
@ -183,7 +183,7 @@ if( $form->validate()) {
fill_Db_course($currentCourseDbName, $currentCourseRepository, $course_language,$pictures_array);
register_course($currentCourseId, $currentCourseCode, $currentCourseRepository, $currentCourseDbName, $tutor_name, $category, $title, $course_language, $teacher_id, $expiration_date,$course_teachers);
$sql = "UPDATE $table_course SET disk_quota = '".$disk_quota."', visibility = '".mysql_real_escape_string($course['visibility'])."', subscribe = '".mysql_real_escape_string($course['subscribe'])."', unsubscribe='".mysql_real_escape_string($course['unsubscribe'])."' WHERE code = '".$currentCourseId."'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
header('Location: course_list.php');
exit ();
}

46
main/admin/course_category.php
Unescape View File

@ -90,7 +90,7 @@ if(!empty($action))
{
$categoryCode=Database::escape_string($_GET['id']);
$result=api_sql_query("SELECT name,auth_course_child FROM $tbl_category WHERE code='$categoryCode'",__FILE__,__LINE__);
$result=Database::query("SELECT name,auth_course_child FROM $tbl_category WHERE code='$categoryCode'",__FILE__,__LINE__);
list($categoryName,$canHaveCourses)=Database::fetch_row($result);
@ -117,7 +117,7 @@ Display::display_header($tool_name);
if(!empty($category))
{
$myquery = "SELECT * FROM $tbl_category WHERE code ='$category'";
$result = api_sql_query($myquery,__FILE__,__LINE__);
$result = Database::query($myquery,__FILE__,__LINE__);
if(Database::num_rows($result)==0)
{
$category = '';
@ -127,7 +127,7 @@ if(!empty($category))
if(empty($action))
{
$myquery="SELECT t1.name,t1.code,t1.parent_id,t1.tree_pos,t1.children_count,COUNT(DISTINCT t3.code) AS nbr_courses FROM $tbl_category t1 LEFT JOIN $tbl_category t2 ON t1.code=t2.parent_id LEFT JOIN $tbl_course t3 ON t3.category_code=t1.code WHERE t1.parent_id ".(empty($category)?"IS NULL":"='$category'")." GROUP BY t1.name,t1.code,t1.parent_id,t1.tree_pos,t1.children_count ORDER BY t1.tree_pos";
$result=api_sql_query($myquery,__FILE__,__LINE__);
$result=Database::query($myquery,__FILE__,__LINE__);
$Categories=Database::store_result($result);
}
@ -221,7 +221,7 @@ else
if(!empty($category) && empty($action))
{
$myquery = "SELECT parent_id FROM $tbl_category WHERE code='$category'";
$result=api_sql_query($myquery,__FILE__,__LINE__);
$result=Database::query($myquery,__FILE__,__LINE__);
$parent_id = 0;
if(Database::num_rows($result)>0){
$parent_id=Database::fetch_array($result);
@ -283,23 +283,23 @@ function deleteNode($node)
global $tbl_category, $tbl_course;
$node = Database::escape_string($node);
$result=api_sql_query("SELECT parent_id,tree_pos FROM $tbl_category WHERE code='$node'",__FILE__,__LINE__);
$result=Database::query("SELECT parent_id,tree_pos FROM $tbl_category WHERE code='$node'",__FILE__,__LINE__);
if($row=Database::fetch_array($result))
{
if(!empty($row['parent_id']))
{
api_sql_query("UPDATE $tbl_course SET category_code='".$row['parent_id']."' WHERE category_code='$node'",__FILE__,__LINE__);
api_sql_query("UPDATE $tbl_category SET parent_id='".$row['parent_id']."' WHERE parent_id='$node'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_course SET category_code='".$row['parent_id']."' WHERE category_code='$node'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_category SET parent_id='".$row['parent_id']."' WHERE parent_id='$node'",__FILE__,__LINE__);
}
else
{
api_sql_query("UPDATE $tbl_course SET category_code='' WHERE category_code='$node'",__FILE__,__LINE__);
api_sql_query("UPDATE $tbl_category SET parent_id=NULL WHERE parent_id='$node'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_course SET category_code='' WHERE category_code='$node'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_category SET parent_id=NULL WHERE parent_id='$node'",__FILE__,__LINE__);
}
api_sql_query("UPDATE $tbl_category SET tree_pos=tree_pos-1 WHERE tree_pos > '".$row['tree_pos']."'",__FILE__,__LINE__);
api_sql_query("DELETE FROM $tbl_category WHERE code='$node'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_category SET tree_pos=tree_pos-1 WHERE tree_pos > '".$row['tree_pos']."'",__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_category WHERE code='$node'",__FILE__,__LINE__);
if(!empty($row['parent_id']))
{
@ -317,20 +317,20 @@ function addNode($code,$name,$canHaveCourses,$parent_id)
$name = Database::escape_string($name);
$parent_id = Database::escape_string($parent_id);
$result=api_sql_query("SELECT 1 FROM $tbl_category WHERE code='$code'",__FILE__,__LINE__);
$result=Database::query("SELECT 1 FROM $tbl_category WHERE code='$code'",__FILE__,__LINE__);
if(Database::num_rows($result))
{
return false;
}
$result=api_sql_query("SELECT MAX(tree_pos) AS maxTreePos FROM $tbl_category",__FILE__,__LINE__);
$result=Database::query("SELECT MAX(tree_pos) AS maxTreePos FROM $tbl_category",__FILE__,__LINE__);
$row=Database::fetch_array($result);
$tree_pos=$row['maxTreePos']+1;
api_sql_query("INSERT INTO $tbl_category(name,code,parent_id,tree_pos,children_count,auth_course_child) VALUES('$name','$code',".(empty($parent_id)?"NULL":"'$parent_id'").",'$tree_pos','0','$canHaveCourses')",__FILE__,__LINE__);
Database::query("INSERT INTO $tbl_category(name,code,parent_id,tree_pos,children_count,auth_course_child) VALUES('$name','$code',".(empty($parent_id)?"NULL":"'$parent_id'").",'$tree_pos','0','$canHaveCourses')",__FILE__,__LINE__);
updateFils($parent_id);
@ -348,7 +348,7 @@ function editNode($code,$name,$canHaveCourses,$old_code)
if($code != $old_code)
{
$result=api_sql_query("SELECT 1 FROM $tbl_category WHERE code='$code'",__FILE__,__LINE__);
$result=Database::query("SELECT 1 FROM $tbl_category WHERE code='$code'",__FILE__,__LINE__);
if(Database::num_rows($result))
{
@ -356,7 +356,7 @@ function editNode($code,$name,$canHaveCourses,$old_code)
}
}
api_sql_query("UPDATE $tbl_category SET name='$name',code='$code',auth_course_child='$canHaveCourses' WHERE code='$old_code'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_category SET name='$name',code='$code',auth_course_child='$canHaveCourses' WHERE code='$old_code'",__FILE__,__LINE__);
return true;
}
@ -368,11 +368,11 @@ function moveNodeUp($code,$tree_pos,$parent_id)
$tree_pos = Database::escape_string($tree_pos);
$parent_id = Database::escape_string($parent_id);
$result=api_sql_query("SELECT code,tree_pos FROM $tbl_category WHERE parent_id ".(empty($parent_id)?"IS NULL":"='$parent_id'")." AND tree_pos<'$tree_pos' ORDER BY tree_pos DESC LIMIT 0,1",__FILE__,__LINE__);
$result=Database::query("SELECT code,tree_pos FROM $tbl_category WHERE parent_id ".(empty($parent_id)?"IS NULL":"='$parent_id'")." AND tree_pos<'$tree_pos' ORDER BY tree_pos DESC LIMIT 0,1",__FILE__,__LINE__);
if(!$row=Database::fetch_array($result))
{
$result=api_sql_query("SELECT code,tree_pos FROM $tbl_category WHERE parent_id ".(empty($parent_id)?"IS NULL":"='$parent_id'")." AND tree_pos>'$tree_pos' ORDER BY tree_pos DESC LIMIT 0,1",__FILE__,__LINE__);
$result=Database::query("SELECT code,tree_pos FROM $tbl_category WHERE parent_id ".(empty($parent_id)?"IS NULL":"='$parent_id'")." AND tree_pos>'$tree_pos' ORDER BY tree_pos DESC LIMIT 0,1",__FILE__,__LINE__);
if(!$row=Database::fetch_array($result))
{
@ -380,15 +380,15 @@ function moveNodeUp($code,$tree_pos,$parent_id)
}
}
api_sql_query("UPDATE $tbl_category SET tree_pos='".$row['tree_pos']."' WHERE code='$code'",__FILE__,__LINE__);
api_sql_query("UPDATE $tbl_category SET tree_pos='$tree_pos' WHERE code='$row[code]'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_category SET tree_pos='".$row['tree_pos']."' WHERE code='$code'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_category SET tree_pos='$tree_pos' WHERE code='$row[code]'",__FILE__,__LINE__);
}
function updateFils($category)
{
global $tbl_category;
$category = Database::escape_string($category);
$result=api_sql_query("SELECT parent_id FROM $tbl_category WHERE code='$category'",__FILE__,__LINE__);
$result=Database::query("SELECT parent_id FROM $tbl_category WHERE code='$category'",__FILE__,__LINE__);
if($row=Database::fetch_array($result))
{
@ -397,14 +397,14 @@ function updateFils($category)
$children_count=compterFils($category,0)-1;
api_sql_query("UPDATE $tbl_category SET children_count='$children_count' WHERE code='$category'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_category SET children_count='$children_count' WHERE code='$category'",__FILE__,__LINE__);
}
function compterFils($pere,$cpt)
{
global $tbl_category;
$pere = Database::escape_string($pere);
$result=api_sql_query("SELECT code FROM $tbl_category WHERE parent_id='$pere'",__FILE__,__LINE__);
$result=Database::query("SELECT code FROM $tbl_category WHERE parent_id='$pere'",__FILE__,__LINE__);
while($row=Database::fetch_array($result))
{

18
main/admin/course_edit.php
Unescape View File

@ -51,7 +51,7 @@ $table_user = Database :: get_main_table(TABLE_MAIN_USER);
//Get the course infos
$sql = "SELECT * FROM $course_table WHERE code='".Database::escape_string($course_code)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) != 1)
{
header('Location: course_list.php');
@ -63,7 +63,7 @@ $course = Database::fetch_array($result,'ASSOC');
$table_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname' : ' ORDER BY lastname, firstname';
$sql = "SELECT user.user_id,lastname,firstname FROM $table_user as user,$table_course_user as course_user WHERE course_user.status='1' AND course_user.user_id=user.user_id AND course_user.course_code='".$course_code."'".$order_clause;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$course_teachers = array();
while($obj = Database::fetch_object($res))
{
@ -72,7 +72,7 @@ while($obj = Database::fetch_object($res))
// Get all possible teachers without the course teachers
$sql = "SELECT user_id,lastname,firstname FROM $table_user WHERE status='1'".$order_clause;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$teachers = array();
$platform_teachers[0] = '-- '.get_lang('NoManager').' --';
@ -93,7 +93,7 @@ while($obj = Database::fetch_object($res))
//Case where there is no teacher in the course
if(count($course_teachers)==0){
$sql='SELECT tutor_name FROM '.$course_table.' WHERE code="'.$course_code.'"';
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$tutor_name=Database::result($res,0,0);
$course['tutor_name']=array_search($tutor_name,$platform_teachers);
}
@ -222,7 +222,7 @@ if( $form->validate())
subscribe = '".Database::escape_string($subscribe)."',
unsubscribe='".Database::escape_string($unsubscribe)."'
WHERE code='".Database::escape_string($course_code)."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
//Delete only teacher relations that doesn't match the selected teachers
$cond='';
@ -230,14 +230,14 @@ if( $form->validate())
foreach($teachers as $key) $cond.=" AND user_id<>'".$key."'";
}
$sql='DELETE FROM '.$course_user_table.' WHERE course_code="'.Database::escape_string($course_code).'" AND status="1"'.$cond;
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
if(count($teachers)>0){
foreach($teachers as $key){
//We check if the teacher is already subscribed in this course
$sql_select_teacher = 'SELECT 1 FROM '.$course_user_table.' WHERE user_id = "'.$key.'" AND course_code = "'.$course_code.'"';
$result = api_sql_query($sql_select_teacher, __FILE__, __LINE__);
$result = Database::query($sql_select_teacher, __FILE__, __LINE__);
if(Database::num_rows($result) == 1){
$sql = 'UPDATE '.$course_user_table.' SET status = "1" WHERE course_code = "'.$course_code.'" AND user_id = "'.$key.'"';
@ -252,7 +252,7 @@ if( $form->validate())
sort='0',
user_course_cat='0'";
}
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
@ -266,7 +266,7 @@ if( $form->validate())
tutor_id='0',
sort='0',
user_course_cat='0'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$forum_config_table = Database::get_course_table(TOOL_FORUM_CONFIG_TABLE,$course_db_name);
$sql = "UPDATE ".$forum_config_table." SET default_lang='".Database::escape_string($course_language)."'";

8
main/admin/course_information.php
Unescape View File

@ -27,7 +27,7 @@ function get_course_usage($course_code)
$table = Database::get_main_table(TABLE_MAIN_COURSE);
$course_code = Database::escape_string($course_code);
$sql = "SELECT * FROM $table WHERE code='".$course_code."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$course = mysql_fetch_object($res);
// Learnpaths
$table = Database :: get_course_table(TABLE_LP_MAIN, $course->db_name);
@ -65,7 +65,7 @@ $interbreadcrumb[] = array ("url" => 'course_list.php', "name" => get_lang('Cour
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$code = Database::escape_string($_GET['code']);
$sql = "SELECT * FROM $table_course WHERE code = '".$code."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$course = mysql_fetch_object($res);
$tool_name = $course->title.' ('.$course->visual_code.')';
Display::display_header($tool_name);
@ -102,7 +102,7 @@ echo '<blockquote>';
$table_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT *,cu.status as course_status FROM $table_course_user cu, $table_user u WHERE cu.user_id = u.user_id AND cu.course_code = '".$code."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$is_western_name_order = api_is_western_name_order();
if (mysql_num_rows($res) > 0)
{
@ -156,7 +156,7 @@ echo '</blockquote>';
$table_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "SELECT * FROM $table_course_class cc, $table_class c WHERE cc.class_id = c.id AND cc.course_code = '".$code."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if (mysql_num_rows($res) > 0)
{
$data = array ();

4
main/admin/course_list.php
Unescape View File

@ -59,7 +59,7 @@ function get_number_of_courses()
$sql.= " AND url_rel_course.access_url_id=".api_get_current_access_url_id();
}
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$obj = Database::fetch_object($res);
return $obj->total_number_of_items;
}
@ -104,7 +104,7 @@ function get_course_data($from, $number_of_items, $column, $direction)
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$courses = array ();
while ($course = Database::fetch_row($res))
{

2
main/admin/course_virtual.php
Unescape View File

@ -225,7 +225,7 @@ function display_create_virtual_course_form()
FROM $category_table
WHERE auth_course_child ='TRUE'
ORDER BY tree_pos";
$category_result = api_sql_query($sql_query, __FILE__, __LINE__);
$category_result = Database::query($sql_query, __FILE__, __LINE__);
while ($current_category = mysql_fetch_array($category_result))
{

10
main/admin/index.php
Unescape View File

@ -287,7 +287,7 @@ function version_check()
{
$tbl_settings = Database :: get_main_table(TABLE_MAIN_SETTINGS_CURRENT);
$sql = 'SELECT selected_value FROM '.$tbl_settings.' WHERE variable="registered" ';
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$row=Database::fetch_array($result,'ASSOC');
// The site has not been registered yet
@ -338,13 +338,13 @@ function register_site()
// the SQL statment
$sql = "UPDATE $tbl_settings SET selected_value='true' WHERE variable='registered'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
//
if ($_POST['donotlistcampus'])
{
$sql = "UPDATE $tbl_settings SET selected_value='true' WHERE variable='donotlistcampus'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
}
// reload the settings
@ -367,13 +367,13 @@ function check_dokeos_version2()
{
// the number of courses
$sql="SELECT count(code) FROM ".Database::get_main_table(TABLE_MAIN_COURSE);
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$row = Database::fetch_array($result);
$number_of_courses = $row[0];
// the number of users
$sql="SELECT count(user_id) FROM ".Database::get_main_table(TABLE_MAIN_USER);
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$row = Database::fetch_array($result);
$number_of_users = $row[0];

12
main/admin/languages.php
Unescape View File

@ -146,12 +146,12 @@ if ($_POST['Submit'])
{
// changing the name
$sql_update = "UPDATE $tbl_admin_languages SET original_name='{$_POST['txt_name']}' WHERE id='{$_POST['edit_id']}'";
$result = api_sql_query($sql_update);
$result = Database::query($sql_update);
// changing the Platform language
if ($_POST['platformlanguage'] && $_POST['platformlanguage'] <> '')
{
//$sql_update_2 = "UPDATE $tbl_settings_current SET selected_value='{$_POST['platformlanguage']}' WHERE variable='platformLanguage'";
//$result_2 = api_sql_query($sql_update_2);
//$result_2 = Database::query($sql_update_2);
api_set_setting('platformLanguage',$_POST['platformlanguage'],null,null,$_configuration['access_url']);
}
}
@ -168,7 +168,7 @@ elseif (isset($_POST['action']))
$ids[] = Database::escape_string($id);
}
$sql = "UPDATE $tbl_admin_languages SET available='1' WHERE id IN ('".implode("','", $ids)."')";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
break;
case 'makeunavailable' :
@ -180,7 +180,7 @@ elseif (isset($_POST['action']))
$ids[] = Database::escape_string($id);
}
$sql = "UPDATE $tbl_admin_languages SET available='0' WHERE id IN ('".implode("','", $ids)."')";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
break;
}
@ -209,10 +209,10 @@ echo '<p>'.get_lang('PlatformLanguagesExplanation').'</p>';
// selecting all the languages
$sql_select = "SELECT * FROM $tbl_admin_languages";
$result_select = api_sql_query($sql_select);
$result_select = Database::query($sql_select);
$sql_select_lang = "SELECT * FROM $tbl_settings_current WHERE category='Languages'";
$result_select_lang = api_sql_query($sql_select_lang,__FILE__,__LINE__);
$result_select_lang = Database::query($sql_select_lang,__FILE__,__LINE__);
$row_lang=Database::fetch_array($result_select_lang);
/*

6
main/admin/ldap_import_students_to_session.php
Unescape View File

@ -92,7 +92,7 @@ elseif(!empty($annee) && empty($id_session))
$sql = "SELECT id,name,nbr_courses,date_start,date_end " .
" FROM $tbl_session ".
" ORDER BY name";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$sessions=Database::store_result($result);
$nbr_results=count($sessions);
@ -184,7 +184,7 @@ elseif (!empty($annee) && !empty($id_session) && ($_POST['confirmed']=='yes'))
$sql = 'INSERT INTO '.$tbl_session_user.' SET
id_user="'.intval($user_id).'",
id_session = "'.intval($id_session).'"';
$res_user = api_sql_query($sql,__FILE__,__LINE__);
$res_user = Database::query($sql,__FILE__,__LINE__);
if($res_user != false)
{
$num++;
@ -193,7 +193,7 @@ elseif (!empty($annee) && !empty($id_session) && ($_POST['confirmed']=='yes'))
if($num>0)
{
$sql = 'UPDATE '.$tbl_session.' SET nbr_users = (nbr_users + '.$num.') WHERE id = '.intval($id_session);
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
}
header('Location: resume_session.php?id_session='.Security::remove_XSS($_POST['id_session']));
}

20
main/admin/ldap_synchro.php
Unescape View File

@ -60,10 +60,10 @@ $tbl_session_rel_etape = "session_rel_etape";
$message="";
$result=api_sql_query("SELECT id, name FROM $tbl_session",__FILE__,__LINE__);
$result=Database::query("SELECT id, name FROM $tbl_session",__FILE__,__LINE__);
$Sessions=Database::store_result($result);
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$users=Database::store_result($result);
foreach($Sessions as $session){
@ -79,7 +79,7 @@ foreach($Sessions as $session){
FROM $tbl_session_rel_etape
WHERE id_session='$id_session'
ORDER BY code_ufr, code_etape";
$result = api_sql_query($sql);
$result = Database::query($sql);
*/
$ds = ldap_connect($ldap_host, $ldap_port) or die(get_lang('LDAPConnectionError'));
ldap_set_version($ds);
@ -151,7 +151,7 @@ foreach($Sessions as $session){
}
// Une fois les utilisateurs importer dans la base des utilisateurs, on peux les affecter a<EFBFBD> la session
$result=api_sql_query("SELECT course_code FROM $tbl_session_rel_course " .
$result=Database::query("SELECT course_code FROM $tbl_session_rel_course " .
"WHERE id_session='$id_session'",__FILE__,__LINE__);
$CourseList=array();
while($row=Database::fetch_array($result))
@ -163,29 +163,29 @@ foreach($Sessions as $session){
// On ajoute la relation entre l'utilisateur et le cours
foreach($UserList as $enreg_user)
{
api_sql_query("INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')",__FILE__,__LINE__);
Database::query("INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')",__FILE__,__LINE__);
}
$sql = "SELECT COUNT(id_user) as nbUsers " .
"FROM $tbl_session_rel_course_rel_user " .
"WHERE id_session='$id_session' AND course_code='$enreg_course'";
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
list($nbr_users) = Database::fetch_array($rs);
$sql = "UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
// On ajoute la relation entre l'utilisateur et la session
foreach($UserList as $enreg_user){
$sql = "INSERT IGNORE INTO $tbl_session_rel_user(id_session, id_user) " .
"VALUES('$id_session','$enreg_user')";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
$sql = "SELECT COUNT(id_user) as nbUsers " .
"FROM $tbl_session_rel_user " .
"WHERE id_session='$id_session'";
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
list($nbr_users) = Database::fetch_array($rs);
$sql = "UPDATE $tbl_session SET nbr_users=$nbr_users WHERE id='$id_session'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
}
?>

26
main/admin/resume_session.php
Unescape View File

@ -44,7 +44,7 @@ $sql = 'SELECT name, nbr_courses, nbr_users, nbr_classes, DATE_FORMAT(date_start
ON id_coach = user_id
WHERE '.$tbl_session.'.id='.$id_session;
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$session = Database::store_result($rs);
$session = $session[0];
@ -66,32 +66,32 @@ if($_GET['action'] == 'delete')
$idChecked="'".implode("','",$idChecked)."'";
api_sql_query("DELETE FROM $tbl_session_rel_course WHERE id_session='$id_session' AND course_code IN($idChecked)",__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_session_rel_course WHERE id_session='$id_session' AND course_code IN($idChecked)",__FILE__,__LINE__);
$nbr_affected_rows=mysql_affected_rows();
api_sql_query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code IN($idChecked)",__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code IN($idChecked)",__FILE__,__LINE__);
api_sql_query("UPDATE $tbl_session SET nbr_courses=nbr_courses-$nbr_affected_rows WHERE id='$id_session'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_session SET nbr_courses=nbr_courses-$nbr_affected_rows WHERE id='$id_session'",__FILE__,__LINE__);
}
if(!empty($_GET['class'])){
api_sql_query("DELETE FROM $tbl_session_rel_class WHERE session_id='$id_session' AND class_id=".Database::escape_string($_GET['class']),__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_session_rel_class WHERE session_id='$id_session' AND class_id=".Database::escape_string($_GET['class']),__FILE__,__LINE__);
$nbr_affected_rows=mysql_affected_rows();
api_sql_query("UPDATE $tbl_session SET nbr_classes=nbr_classes-$nbr_affected_rows WHERE id='$id_session'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_session SET nbr_classes=nbr_classes-$nbr_affected_rows WHERE id='$id_session'",__FILE__,__LINE__);
}
if(!empty($_GET['user'])){
api_sql_query("DELETE FROM $tbl_session_rel_user WHERE id_session='$id_session' AND id_user=".intval($_GET['user']),__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_session_rel_user WHERE id_session='$id_session' AND id_user=".intval($_GET['user']),__FILE__,__LINE__);
$nbr_affected_rows=mysql_affected_rows();
api_sql_query("UPDATE $tbl_session SET nbr_users=nbr_users-$nbr_affected_rows WHERE id='$id_session'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_session SET nbr_users=nbr_users-$nbr_affected_rows WHERE id='$id_session'",__FILE__,__LINE__);
api_sql_query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND id_user=".intval($_GET['user']),__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND id_user=".intval($_GET['user']),__FILE__,__LINE__);
$nbr_affected_rows=mysql_affected_rows();
api_sql_query("UPDATE $tbl_session_rel_course SET nbr_users=nbr_users-$nbr_affected_rows WHERE id_session='$id_session'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_session_rel_course SET nbr_users=nbr_users-$nbr_affected_rows WHERE id_session='$id_session'",__FILE__,__LINE__);
}
}
@ -184,12 +184,12 @@ else {
WHERE course_code=code
AND id_session='$id_session'
ORDER BY title";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$courses=Database::store_result($result);
foreach($courses as $course){
//select the number of users
$sql = 'SELECT COUNT(id_user) as nb_users FROM '.$tbl_session_rel_course_rel_user.' WHERE course_code="'.Database::escape_string($course['code']).'" AND id_session='.intval($id_session);
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$course['nbr_users'] = mysql_result($rs,0,0);
if (empty($course['username'])) {
$coach = get_lang('None');
@ -242,7 +242,7 @@ else {
ON '.$tbl_user.'.user_id = '.$tbl_session_rel_user.'.id_user
AND '.$tbl_session_rel_user.'.id_session = '.$id_session.$order_clause;
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$users=Database::store_result($result);
$orig_param = '&origin=resume_session&id_session='.$id_session; // change breadcrumb in destination page
foreach($users as $user){

6
main/admin/session_add.php
Unescape View File

@ -80,7 +80,7 @@ function search_coachs($needle)
}
}
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
while ($user = Database :: fetch_array($rs)) {
$return .= '<a href="javascript: void(0);" onclick="javascript: fill_coach_field(\''.$user['username'].'\')">'.api_get_person_name($user['firstname'], $user['lastname']).' ('.$user['username'].')</a><br />';
}
@ -159,7 +159,7 @@ if (!empty($return)) {
<?php
$sql = 'SELECT COUNT(1) FROM '.$tbl_user.' WHERE status=1';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$count_users = Database::result($rs, 0, 0);
if (intval($count_users)<50) {
@ -176,7 +176,7 @@ if (intval($count_users)<50) {
}
}
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$Coaches=Database::store_result($result);
?>
<select name="coach_username" value="true" style="width:250px;">

8
main/admin/session_course_edit.php
Unescape View File

@ -36,7 +36,7 @@ $interbreadcrumb[]=array('url' => "session_list.php","name" => get_lang("Session
$interbreadcrumb[]=array('url' => "../admin/resume_session.php?id_session=".Security::remove_XSS($_REQUEST['id_session']),"name" => get_lang('SessionOverview'));
$interbreadcrumb[]=array('url' => "session_course_list.php?id_session=$id_session","name" =>api_htmlentities($session_name,ENT_QUOTES,$charset));
$result=api_sql_query("SELECT name,title FROM $tbl_session_course,$tbl_session,$tbl_course WHERE id_session=id AND course_code=code AND id_session='$id_session' AND course_code='".addslashes($course_code)."'",__FILE__,__LINE__);
$result=Database::query("SELECT name,title FROM $tbl_session_course,$tbl_session,$tbl_course WHERE id_session=id AND course_code=code AND id_session='$id_session' AND course_code='".addslashes($course_code)."'",__FILE__,__LINE__);
if (!list($session_name,$course_title)=mysql_fetch_row($result)) {
header('Location: session_course_list.php?id_session='.$id_session);
@ -49,14 +49,14 @@ if ($_POST['formSent']) {
$id_coach=intval($_POST['id_coach']);
api_sql_query("UPDATE $tbl_session_course
Database::query("UPDATE $tbl_session_course
SET id_coach='$id_coach'
WHERE id_session='$id_session' AND course_code='$course_code'",__FILE__,__LINE__);
header('Location: '.$_GET['page'].'?id_session='.$id_session);
exit();
}else {
$result=api_sql_query("SELECT id_coach FROM $tbl_session_course WHERE id_session='$id_session' AND course_code='$course_code'",__FILE__,__LINE__);
$result=Database::query("SELECT id_coach FROM $tbl_session_course WHERE id_session='$id_session' AND course_code='$course_code'",__FILE__,__LINE__);
if (!$infos=Database::fetch_array($result)) {
//header('Location: '.$_GET['page'].'?id_session='.$id_session);
@ -67,7 +67,7 @@ if ($_POST['formSent']) {
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username';
$sql="SELECT user_id,lastname,firstname,username FROM $tbl_user WHERE status='1'".$order_clause;
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$coaches=Database::store_result($result);

10
main/admin/session_course_list.php
Unescape View File

@ -28,7 +28,7 @@ $page=intval($_GET['page']);
$action=$_REQUEST['action'];
$sort=in_array($_GET['sort'],array('title','nbr_users'))?$_GET['sort']:'title';
$result=api_sql_query("SELECT name FROM $tbl_session WHERE id='$id_session'",__FILE__,__LINE__);
$result=Database::query("SELECT name FROM $tbl_session WHERE id='$id_session'",__FILE__,__LINE__);
if(!list($session_name)=mysql_fetch_row($result))
{
@ -45,11 +45,11 @@ if($action == 'delete') {
}
$idChecked = $my_temp;
$idChecked="'".implode("','",$idChecked)."'";
api_sql_query("DELETE FROM $tbl_session_rel_course WHERE id_session='$id_session' AND course_code IN($idChecked)",__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_session_rel_course WHERE id_session='$id_session' AND course_code IN($idChecked)",__FILE__,__LINE__);
$nbr_affected_rows=mysql_affected_rows();
api_sql_query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code IN($idChecked)",__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code IN($idChecked)",__FILE__,__LINE__);
api_sql_query("UPDATE $tbl_session SET nbr_courses=nbr_courses-$nbr_affected_rows WHERE id='$id_session'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_session SET nbr_courses=nbr_courses-$nbr_affected_rows WHERE id='$id_session'",__FILE__,__LINE__);
}
header('Location: '.api_get_self().'?id_session='.$id_session.'&sort='.$sort);
@ -59,7 +59,7 @@ if($action == 'delete') {
$limit=20;
$from=$page * $limit;
$result=api_sql_query("SELECT code,title,nbr_users FROM $tbl_session_rel_course,$tbl_course WHERE course_code=code AND id_session='$id_session' ORDER BY $sort LIMIT $from,".($limit+1),__FILE__,__LINE__);
$result=Database::query("SELECT code,title,nbr_users FROM $tbl_session_rel_course,$tbl_course WHERE course_code=code AND id_session='$id_session' ORDER BY $sort LIMIT $from,".($limit+1),__FILE__,__LINE__);
$Courses=Database::store_result($result);
$nbr_results=sizeof($Sessions);
$tool_name = api_htmlentities($session_name,ENT_QUOTES,$charset).' : '.get_lang('CourseListInSession');

8
main/admin/session_course_user_list.php
Unescape View File

@ -29,7 +29,7 @@ if (is_array($idChecked)) {
}
$idChecked = $my_temp;
}
$result=api_sql_query("SELECT name,title FROM $tbl_session,$tbl_course WHERE id='$id_session' AND code='".addslashes($course_code)."'",__FILE__,__LINE__);
$result=Database::query("SELECT name,title FROM $tbl_session,$tbl_course WHERE id='$id_session' AND code='".addslashes($course_code)."'",__FILE__,__LINE__);
if(!list($session_name,$course_title)=mysql_fetch_row($result))
{
@ -40,9 +40,9 @@ if(!list($session_name,$course_title)=mysql_fetch_row($result))
if($action == 'delete') {
if(is_array($idChecked) && count($idChecked)>0 ) {
$idChecked=implode(',',$idChecked);
api_sql_query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code='".addslashes($course_code)."' AND id_user IN($idChecked)",__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code='".addslashes($course_code)."' AND id_user IN($idChecked)",__FILE__,__LINE__);
$nbr_affected_rows=mysql_affected_rows();
api_sql_query("UPDATE $tbl_session_rel_course SET nbr_users=nbr_users-$nbr_affected_rows WHERE id_session='$id_session' AND course_code='".addslashes($course_code)."'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_session_rel_course SET nbr_users=nbr_users-$nbr_affected_rows WHERE id_session='$id_session' AND course_code='".addslashes($course_code)."'",__FILE__,__LINE__);
}
header('Location: '.api_get_self().'?id_session='.$id_session.'&course_code='.urlencode($course_code).'&sort='.$sort);
exit();
@ -52,7 +52,7 @@ $limit=20;
$from=$page * $limit;
$is_western_name_order = api_is_western_name_order();
$result=api_sql_query("SELECT user_id,".($is_western_name_order ? 'firstname,lastname' : 'lastname,firstname').",username FROM $tbl_session_rel_course_rel_user,$tbl_user WHERE user_id=id_user AND id_session='$id_session' AND course_code='".addslashes($course_code)."' ORDER BY $sort LIMIT $from,".($limit+1),__FILE__,__LINE__);
$result=Database::query("SELECT user_id,".($is_western_name_order ? 'firstname,lastname' : 'lastname,firstname').",username FROM $tbl_session_rel_course_rel_user,$tbl_user WHERE user_id=id_user AND id_session='$id_session' AND course_code='".addslashes($course_code)."' ORDER BY $sort LIMIT $from,".($limit+1),__FILE__,__LINE__);
$Users=Database::store_result($result);
$nbr_results=sizeof($Users);

4
main/admin/session_edit.php
Unescape View File

@ -27,7 +27,7 @@ $tool_name = get_lang('EditSession');
$interbreadcrumb[]=array('url' => 'index.php',"name" => get_lang('PlatformAdmin'));
$interbreadcrumb[]=array('url' => "session_list.php","name" => get_lang('SessionList'));
$result=api_sql_query("SELECT name,date_start,date_end,id_coach, session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end FROM $tbl_session WHERE id='$id'",__FILE__,__LINE__);
$result=Database::query("SELECT name,date_start,date_end,id_coach, session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end FROM $tbl_session WHERE id='$id'",__FILE__,__LINE__);
if (!$infos=mysql_fetch_array($result)) {
header('Location: session_list.php');
@ -73,7 +73,7 @@ if ($_configuration['multiple_access_urls']==true){
}
}
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$Coaches=Database::store_result($result);
$thisYear=date('Y');

12
main/admin/session_export.php
Unescape View File

@ -84,7 +84,7 @@ if($_POST['formSent'] )
}
}
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
}
else
{
@ -94,7 +94,7 @@ if($_POST['formSent'] )
ON $tbl_user.user_id = $tbl_session.id_coach
WHERE id='$session_id'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
}
@ -157,7 +157,7 @@ if($_POST['formSent'] )
ON $tbl_user.user_id = $tbl_session_user.id_user
AND $tbl_session_user.id_session = '".$row['id']."'";
$rsUsers = api_sql_query($sql,__FILE__,__LINE__);
$rsUsers = Database::query($sql,__FILE__,__LINE__);
$users = '';
while($rowUsers = Database::fetch_array($rsUsers)){
if($cvs){
@ -182,7 +182,7 @@ if($_POST['formSent'] )
AND $tbl_session_course.id_session = '".$row['id']."'
LEFT JOIN $tbl_user
ON $tbl_user.user_id = $tbl_session_course.id_coach";
$rsCourses = api_sql_query($sql,__FILE__,__LINE__);
$rsCourses = Database::query($sql,__FILE__,__LINE__);
$courses = '';
while($rowCourses = Database::fetch_array($rsCourses)){
@ -205,7 +205,7 @@ if($_POST['formSent'] )
AND $tbl_session_course_user.course_code='".$rowCourses['code']."'
AND id_session='".$row['id']."'";
$rsUsersCourse = api_sql_query($sql,__FILE__,__LINE__);
$rsUsersCourse = Database::query($sql,__FILE__,__LINE__);
while($rowUsersCourse = Database::fetch_array($rsUsersCourse)){
if($cvs){
$userscourse .= str_replace(';',',',$rowUsersCourse['username']).',';
@ -270,7 +270,7 @@ if ($_configuration['multiple_access_urls']==true) {
}
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$Sessions=Database::store_result($result);
?>

6
main/admin/session_list.php
Unescape View File

@ -133,11 +133,11 @@ if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
$result_rows = api_sql_query($query_rows,__FILE__,__LINE__);
$result_rows = Database::query($query_rows,__FILE__,__LINE__);
$recorset = Database::fetch_array($result_rows);
$num = $recorset['total_rows'];
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
$Sessions=Database::store_result($result);
$nbr_results=sizeof($Sessions);
$tool_name = get_lang('SessionList');
@ -214,7 +214,7 @@ if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
}
$sql = 'SELECT COUNT(course_code) FROM '.$tbl_session_rel_course.' WHERE id_session='.intval($enreg['id']);
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
list($nb_courses) = Database::fetch_array($rs);
?>

42
main/admin/settings.php
Unescape View File

@ -89,7 +89,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
$my_category = mysql_real_escape_string($_GET['category']);
$sqlcountsettings = "SELECT COUNT(*) FROM $table_settings_current WHERE category='".$my_category."' AND type<>'checkbox'";
$resultcountsettings = api_sql_query($sqlcountsettings, __FILE__, __LINE__);
$resultcountsettings = Database::query($sqlcountsettings, __FILE__, __LINE__);
$countsetting = mysql_fetch_array($resultcountsettings);
if ($_configuration['access_url']==1)
@ -127,7 +127,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
//print_r($settings_by_access_list);echo '</pre>';
//$sqlsettings = "SELECT DISTINCT * FROM $table_settings_current WHERE category='$my_category' GROUP BY variable ORDER BY id ASC";
//$resultsettings = api_sql_query($sqlsettings, __FILE__, __LINE__);
//$resultsettings = Database::query($sqlsettings, __FILE__, __LINE__);
//while ($row = mysql_fetch_array($resultsettings))
$default_values = array();
foreach($settings as $row) {
@ -242,7 +242,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
//1. we collect all the options of this variable
$sql = "SELECT * FROM settings_current WHERE variable='".$row['variable']."' AND access_url = 1";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$group = array ();
while ($rowkeys = Database::fetch_array($result)) {
if ($rowkeys['variable'] == 'course_create_active_tools' && $rowkeys['subkey'] == 'enable_search') {continue;}
@ -252,7 +252,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
$access_url = $_configuration['access_url'];
if(empty($access_url )) $access_url =1;
$sql = "SELECT selected_value FROM settings_current WHERE variable='".$rowkeys['variable']."' AND subkey='".$rowkeys['subkey']."' AND subkeytext='".$rowkeys['subkeytext']."' AND access_url = $access_url";
$result_access = api_sql_query($sql, __FILE__, __LINE__);
$result_access = Database::query($sql, __FILE__, __LINE__);
$row_access = Database::fetch_array($result_access);
if ($row_access['selected_value'] == 'true' && ! $form->isSubmitted()) {
$element->setChecked(true);
@ -289,7 +289,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
// will be set to false.
$r = api_set_settings_category($my_category,'false',$_configuration['access_url']);
//$sql = "UPDATE $table_settings_current SET selected_value='false' WHERE category='$my_category' AND type='checkbox'";
//$result = api_sql_query($sql, __FILE__, __LINE__);
//$result = Database::query($sql, __FILE__, __LINE__);
// Save the settings
$keys = array();
foreach ($values as $key => $value)
@ -297,7 +297,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
if (!is_array($value))
{
//$sql = "UPDATE $table_settings_current SET selected_value='".mysql_real_escape_string($value)."' WHERE variable='$key'";
//$result = api_sql_query($sql, __FILE__, __LINE__);
//$result = Database::query($sql, __FILE__, __LINE__);
if (api_get_setting($key) != $value) $keys[] = $key;
@ -308,7 +308,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
{
$sql = "SELECT subkey FROM $table_settings_current WHERE variable = '$key'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$subkeys = array();
while ($row_subkeys = Database::fetch_array($res)) {
// if subkey is changed
@ -323,7 +323,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
{
//$sql = "UPDATE $table_settings_current SET selected_value='true' WHERE variable='$key' AND subkey = '$subkey'";
//$result = api_sql_query($sql, __FILE__, __LINE__);
//$result = Database::query($sql, __FILE__, __LINE__);
$result = api_set_setting($key,'true',$subkey,null,$_configuration['access_url']);
@ -378,7 +378,7 @@ $action_images['search'] = 'search.gif';
// grabbing the categories
//$selectcategories = "SELECT DISTINCT category FROM ".$table_settings_current." WHERE category NOT IN ('stylesheets','Plugins')";
//$resultcategories = api_sql_query($selectcategories, __FILE__, __LINE__);
//$resultcategories = Database::query($selectcategories, __FILE__, __LINE__);
$resultcategories = api_get_settings_categories(array('stylesheets','Plugins', 'Templates', 'Search'));
echo "\n<div class=\"actions\">";
//while ($row = mysql_fetch_array($resultcategories))
@ -438,7 +438,7 @@ function get_settings_options($var)
{
$table_settings_options = Database :: get_main_table(TABLE_MAIN_SETTINGS_OPTIONS);
$sql = "SELECT * FROM $table_settings_options WHERE variable='$var'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result))
{
$temp_array = array ('value' => $row['value'], 'display_text' => $row['display_text']);
@ -528,7 +528,7 @@ function handle_plugins()
/* We retrieve all the active plugins. */
//$sql = "SELECT * FROM $table_settings_current WHERE category='Plugins'";
//$result = api_sql_query($sql);
//$result = Database::query($sql);
$result = api_get_settings('Plugins');
//while ($row = mysql_fetch_array($result))
foreach($result as $row)
@ -787,7 +787,7 @@ function store_plugins()
// Step 1 : we remove all the plugins
//$sql = "DELETE FROM $table_settings_current WHERE category='Plugins'";
//api_sql_query($sql, __LINE__, __FILE__);
//Database::query($sql, __LINE__, __FILE__);
$r = api_delete_category_settings('Plugins',$_configuration['access_url']);
// step 2: looping through all the post values we only store these which are really a valid plugin location.
@ -797,7 +797,7 @@ function store_plugins()
if (is_valid_plugin_location($form_name_elements[1]))
{
//$sql = "INSERT into $table_settings_current (variable,category,selected_value) VALUES ('".$form_name_elements['1']."','Plugins','".$form_name_elements['0']."')";
//api_sql_query($sql, __LINE__, __FILE__);
//Database::query($sql, __LINE__, __FILE__);
api_add_setting($form_name_elements['0'],$form_name_elements['1'],$form_name_elements['0'],null,'Plugins',$form_name_elements['0'],null,null,null,$_configuration['access_url'],1);
}
}
@ -841,7 +841,7 @@ function store_stylesheets()
WHERE variable = "stylesheets"
AND category = "stylesheets"';
api_sql_query($sql, __LINE__, __FILE__);
Database::query($sql, __LINE__, __FILE__);
*/
api_set_setting('stylesheets',$style,null,'stylesheets',$_configuration['access_url']);
@ -1009,7 +1009,7 @@ function get_number_of_templates()
// The sql statement
$sql = "SELECT COUNT(id) AS total FROM $table_system_template";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result);
// returning the number of templates
@ -1038,7 +1038,7 @@ function get_template_data($from, $number_of_items, $column, $direction)
$sql = "SELECT image as col0, title as col1, id as col2 FROM $table_system_template";
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result)) {
$row['1'] = get_lang($row['1']);
$return[]=$row;
@ -1125,7 +1125,7 @@ function add_edit_template()
// Database table definition
$table_system_template = Database :: get_main_table('system_template');
$sql = "SELECT * FROM $table_system_template WHERE id = '".Database::escape_string($_GET['id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result);
$defaults['template_id'] = intval($_GET['id']);
@ -1223,7 +1223,7 @@ function add_edit_template()
if ($_GET['action'] == 'add') {
$content_template = '<head>{CSS}<style type="text/css">.text{font-weight: normal;}</style></head><body>'.Database::escape_string($values['template_text']).'</body>';
$sql = "INSERT INTO $table_system_template (title, content, image) VALUES ('".Database::escape_string($values['title'])."','".$content_template."','".Database::escape_string($new_file_name)."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
// display a feedback message
Display::display_confirmation_message(get_lang('TemplateAdded'));
@ -1237,7 +1237,7 @@ function add_edit_template()
$sql .= ", image = '".Database::escape_string($new_file_name)."'";
}
$sql .= " WHERE id='".Database::escape_string($_GET['id'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
// display a feedback message
Display::display_confirmation_message(get_lang('TemplateEdited'));
@ -1274,7 +1274,7 @@ function delete_template($id)
// first we remove the image
$table_system_template = Database :: get_main_table('system_template');
$sql = "SELECT * FROM $table_system_template WHERE id = '".Database::escape_string($id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($result);
if (!empty($row['image']))
{
@ -1283,7 +1283,7 @@ function delete_template($id)
// now we remove it from the database
$sql = "DELETE FROM $table_system_template WHERE id = '".Database::escape_string($id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
// display a feedback message
Display::display_confirmation_message(get_lang('TemplateDeleted'));

26
main/admin/statistics/statistics.lib.php
Unescape View File

@ -53,7 +53,7 @@ class Statistics
{
$sql .= " WHERE category_code = '".Database::escape_string($category_code)."'";
}
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$obj = Database::fetch_object($res);
return $obj->number;
}
@ -76,7 +76,7 @@ class Statistics
{
$sql = "SELECT COUNT(DISTINCT(cu.user_id)) AS number FROM $course_user_table cu, $course_table c WHERE cu.status = ".intval(Database::escape_string($status))." AND c.code = cu.course_code AND c.category_code = '".Database::escape_string($category_code)."'";
}
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$obj = Database::fetch_object($res);
return $obj->number;
}
@ -97,7 +97,7 @@ class Statistics
$sql .= " AND (user.username LIKE '%".$keyword."%' OR default_event_type LIKE '%".$keyword."%' OR default_value_type LIKE '%".$keyword."%' OR default_value LIKE '%".$keyword."%') ";
}
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$obj = Database::fetch_object($res);
return $obj->total_number_of_items;
}
@ -132,7 +132,7 @@ class Statistics
}
$sql .= " LIMIT $from,$number_of_items ";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$activities = array ();
while ($row = Database::fetch_row($res)) {
$row[4] = api_format_date(DATE_TIME_FORMAT_LONG, strtotime($row[4]));
@ -149,7 +149,7 @@ class Statistics
{
$category_table = Database :: get_main_table(TABLE_MAIN_CATEGORY);
$sql = "SELECT * FROM $category_table ORDER BY tree_pos";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$categories = array ();
while ($category = Database::fetch_object($res))
{
@ -263,7 +263,7 @@ class Statistics
$sql = "SELECT DATE_FORMAT( login_date, '%w' ) AS stat_date , count( login_id ) AS number_of_logins FROM ".$table." GROUP BY stat_date ORDER BY DATE_FORMAT( login_date, '%w' ) ";
break;
}
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$result = array();
while($obj = Database::fetch_object($res))
{
@ -296,7 +296,7 @@ class Statistics
$sql[get_lang('Total')] = "SELECT count(login_user_id) AS number FROM $table";
foreach($sql as $index => $query)
{
$res = api_sql_query($query,__FILE__,__LINE__);
$res = Database::query($query,__FILE__,__LINE__);
$obj = Database::fetch_object($res);
$total_logins[$index] = $obj->number;
}
@ -314,7 +314,7 @@ class Statistics
$tool_names[$tool] = get_lang(ucfirst($tool), '');
}
$sql = "SELECT access_tool, count( access_id ) AS number_of_logins FROM $table WHERE access_tool IN ('".implode("','",$tools)."') GROUP BY access_tool ";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$result = array();
while($obj = Database::fetch_object($res))
{
@ -329,7 +329,7 @@ class Statistics
{
$table = Database::get_main_table(TABLE_MAIN_COURSE);
$sql = "SELECT course_language, count( code ) AS number_of_courses FROM $table GROUP BY course_language ";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$result = array();
while($obj = Database::fetch_object($res))
{
@ -344,10 +344,10 @@ class Statistics
{
$user_table = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT COUNT(*) AS n FROM $user_table";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$count1 = Database::fetch_object($res);
$sql = "SELECT COUNT(*) AS n FROM $user_table WHERE LENGTH(picture_uri) > 0";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$count2 = Database::fetch_object($res);
$result[get_lang('No')] = $count1->n - $count2->n; // #users without picture
$result[get_lang('Yes')] = $count2->n; // #users with picture
@ -421,13 +421,13 @@ class Statistics
$date_diff = $values['date_diff'];
$table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LASTACCESS);
$sql = "SELECT * FROM $table GROUP BY access_cours_code HAVING access_cours_code <> '' AND DATEDIFF( NOW() , access_date ) >= ". $date_diff;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$number_of_courses = Database::num_rows($res);
$sql .= ' ORDER BY '.$columns[$column].' '.$sql_order[$direction];
$from = ($page_nr -1) * $per_page;
$sql .= ' LIMIT '.$from.','.$per_page;
echo '<p>'.get_lang('LastAccess').' &gt;= '.$date_diff.' '.get_lang('Days').'</p>';
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($res) > 0)
{
$courses = array ();

4
main/admin/subscribe_class2course.php
Unescape View File

@ -99,10 +99,10 @@ if ($_POST['formSent'])
}
$sql = "SELECT id,name FROM $tbl_class WHERE name LIKE '".$first_letter_class."%' ORDER BY ". (count($classes) > 0 ? "(id IN('".implode("','", $classes)."')) DESC," : "")." name";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$db_classes = Database::store_result($result);
$sql = "SELECT code,visual_code,title FROM $tbl_course WHERE visual_code LIKE '".$first_letter_course."%' ORDER BY ". (count($courses) > 0 ? "(code IN('".implode("','", $courses)."')) DESC," : "")." visual_code";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$db_courses = Database::store_result($result);
if (!empty ($error_message))
{

6
main/admin/subscribe_user2class.php
Unescape View File

@ -53,7 +53,7 @@ $tbl_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$tbl_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT name FROM $tbl_class WHERE id='$class_id'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (!list ($class_name) = mysql_fetch_row($result))
{
@ -115,10 +115,10 @@ Display :: display_header($tool_name);
//api_display_tool_title($tool_name);
$target_name = api_sort_by_first_name() ? 'firstname' : 'lastname';
$sql = "SELECT u.user_id,lastname,firstname,username FROM $tbl_user u LEFT JOIN $tbl_class_user cu ON u.user_id=cu.user_id AND class_id='$class_id' WHERE ".$target_name." LIKE '".$first_letter_left."%' AND class_id IS NULL ORDER BY ". (count($left_user_list) > 0 ? "(user_id IN(".implode(',', $left_user_list).")) DESC," : "")." ".$target_name;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$left_users = Database::store_result($result);
$sql = "SELECT u.user_id,lastname,firstname,username FROM $tbl_user u,$tbl_class_user cu WHERE cu.user_id=u.user_id AND class_id='$class_id' AND ".$target_name." LIKE '".$first_letter_right."%' ORDER BY ". (count($right_user_list) > 0 ? "(user_id IN(".implode(',', $right_user_list).")) DESC," : "")." ".$target_name;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$right_users = Database::store_result($result);
if (!empty ($error_message))
{

6
main/admin/subscribe_user2course.php
Unescape View File

@ -162,7 +162,7 @@ if ($_POST['form_sent']) {
*/
if(empty($first_letter_user)) {
$sql = "SELECT count(*) as nb_users FROM $tbl_user";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$num_row = Database::fetch_array($result);
if($num_row['nb_users']>1000)
{//if there are too much users to gracefully handle with the HTML select list,
@ -238,7 +238,7 @@ if ($_configuration['multiple_access_urls']==true) {
}
}
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$db_users = Database::store_result($result);
unset($result);
@ -256,7 +256,7 @@ if ($_configuration['multiple_access_urls']==true) {
}
}
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$db_courses = Database::store_result($result);
unset($result);

4
main/admin/user_export.php
Unescape View File

@ -67,7 +67,7 @@ if ($_configuration['multiple_access_urls']==true) {
ORDER BY visual_code";
}
}
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($course = mysql_fetch_object($result))
{
$courses[$course->code] = $course->visual_code.' - '.$course->title;
@ -134,7 +134,7 @@ if ($form->validate())
}
}
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
while($user = Database::fetch_array($res,'ASSOC')) {
$student_data= UserManager :: get_extra_user_data($user['UserId'],true,false);
foreach($student_data as $key=>$value) {

16
main/admin/user_fields.php
Unescape View File

@ -337,7 +337,7 @@ function move_user_field($direction,$field_id)
$found = false;
$sql = "SELECT id, field_order FROM $table_user_field ORDER BY field_order $sortdirection";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
while($row = Database::fetch_array($result))
{
if ($found)
@ -357,8 +357,8 @@ function move_user_field($direction,$field_id)
$sql1 = "UPDATE ".$table_user_field." SET field_order = '".Database::escape_string($next_order)."' WHERE id = '".Database::escape_string($this_id)."'";
$sql2 = "UPDATE ".$table_user_field." SET field_order = '".Database::escape_string($this_order)."' WHERE id = '".Database::escape_string($next_id)."'";
api_sql_query($sql1,__FILE__,__LINE__);
api_sql_query($sql2,__FILE__,__LINE__);
Database::query($sql1,__FILE__,__LINE__);
Database::query($sql2,__FILE__,__LINE__);
return true;
}
@ -382,26 +382,26 @@ function delete_user_fields($field_id)
// delete the fields
$sql = "DELETE FROM $table_user_field WHERE id = '".Database::escape_string($field_id)."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::affected_rows() == 1)
{
// delete the field options
$sql = "DELETE FROM $table_user_field_options WHERE field_id = '".Database::escape_string($field_id)."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
// delete the field values
$sql = "DELETE FROM $table_user_field_values WHERE field_id = '".Database::escape_string($field_id)."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
// recalculate the field_order because the value is used to show/hide the up/down icon
// and the field_order value cannot be bigger than the number of fields
$sql = "SELECT * FROM $table_user_field ORDER BY field_order ASC";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$i = 1;
while($row = Database::fetch_array($result))
{
$sql_reorder = "UPDATE $table_user_field SET field_order = '".Database::escape_string($i)."' WHERE id = '".Database::escape_string($row['id'])."'";
$result_reorder = api_sql_query($sql_reorder,__FILE__,__LINE__);
$result_reorder = Database::query($sql_reorder,__FILE__,__LINE__);
$i++;
}

10
main/admin/user_fields_options.php
Unescape View File

@ -132,7 +132,7 @@ function get_options_data($from, $number_of_items, $column, $direction)
id AS col2
FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' ORDER BY option_order ASC";
$sql .= " LIMIT $from,$number_of_items";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$return = array ();
while ($option = Database::fetch_row($res))
{
@ -148,7 +148,7 @@ function get_number_of_options($from=null, $number_of_items=null, $column=null,
// The sql statement
$sql = "SELECT count(id) as total FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' ";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_row($res);
return $row[0];
}
@ -208,7 +208,7 @@ function move_user_field_option($direction,$option_id)
$found = false;
$sql = "SELECT id, option_order FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' ORDER BY option_order $sortdirection";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
while($row = Database::fetch_array($result))
{
if ($found)
@ -228,8 +228,8 @@ function move_user_field_option($direction,$option_id)
$sql1 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($next_order)."' WHERE id = '".Database::escape_string($this_id)."'";
$sql2 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($this_order)."' WHERE id = '".Database::escape_string($next_id)."'";
api_sql_query($sql1,__FILE__,__LINE__);
api_sql_query($sql2,__FILE__,__LINE__);
Database::query($sql1,__FILE__,__LINE__);
Database::query($sql2,__FILE__,__LINE__);
return true;
}

10
main/admin/user_information.php
Unescape View File

@ -109,7 +109,7 @@ $tbl_user = Database :: get_main_table(TABLE_MAIN_USER);
$user_id = $user['user_id'];
$result=api_sql_query("SELECT DISTINCT id, name, date_start, date_end
$result=Database::query("SELECT DISTINCT id, name, date_start, date_end
FROM session_rel_user, session
WHERE id_session=id AND id_user=$user_id
AND (date_start <= NOW() AND date_end >= NOW() OR date_start='0000-00-00')
@ -118,7 +118,7 @@ $result=api_sql_query("SELECT DISTINCT id, name, date_start, date_end
$sessions=Database::store_result($result);
// get the list of sessions where the user is subscribed as coach in a course
$result=api_sql_query("SELECT DISTINCT id, name, date_start, date_end
$result=Database::query("SELECT DISTINCT id, name, date_start, date_end
FROM $tbl_session as session
INNER JOIN $tbl_session_course as session_rel_course
ON session_rel_course.id_coach = $user_id
@ -156,7 +156,7 @@ if(count($sessions)>0){
WHERE session_course.id_session = $id_session
ORDER BY i";
$course_list_sql_result = api_sql_query($personal_course_list_sql, __FILE__, __LINE__);
$course_list_sql_result = Database::query($personal_course_list_sql, __FILE__, __LINE__);
while ($result_row = Database::fetch_array($course_list_sql_result)){
$key = $result_row['id_session'].' - '.$result_row['k'];
@ -204,7 +204,7 @@ echo '</blockquote>';
* Show the courses in which this user is subscribed
*/
$sql = 'SELECT * FROM '.$table_course_user.' cu, '.$table_course.' c WHERE cu.user_id = '.$user['user_id'].' AND cu.course_code = c.code';
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($res) > 0)
{
$header=array();
@ -246,7 +246,7 @@ else
$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = 'SELECT * FROM '.$table_class_user.' cu, '.$table_class.' c WHERE cu.user_id = '.$user['user_id'].' AND cu.class_id = c.id';
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($res) > 0)
{
$header = array();

8
main/admin/user_list.php
Unescape View File

@ -162,7 +162,7 @@ function login_user($user_id) {
}
$sql_query = "SELECT * FROM $main_user_table WHERE user_id='$user_id'";
$sql_result = api_sql_query($sql_query, __FILE__, __LINE__);
$sql_result = Database::query($sql_query, __FILE__, __LINE__);
$result = Database :: fetch_array($sql_result);
// check if the user is allowed to 'login_as'
@ -309,7 +309,7 @@ function get_number_of_users()
$sql.= " AND url_rel_user.access_url_id=".api_get_current_access_url_id();
}
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$obj = Database::fetch_object($res);
return $obj->total_number_of_items;
}
@ -398,7 +398,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$users = array ();
$t = time();
@ -547,7 +547,7 @@ function lock_unlock_user($status,$user_id)
if(($status_db=='1' OR $status_db=='0') AND is_numeric($user_id))
{
$sql="UPDATE $user_table SET active='".Database::escape_string($status_db)."' WHERE user_id='".Database::escape_string($user_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
if ($result)

Write Preview
Loading…
Cancel
Save