From 97edb8a1f2e7bc352fa1c61fbac3dad642ac8755 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Thu, 6 Aug 2015 11:23:08 +0200 Subject: [PATCH] Use Database::insert --- main/admin/settings.lib.php | 8 +- main/exercice/TestCategory.php | 17 ++- main/exercice/exercise_report.php | 32 +++--- main/exercice/question.class.php | 136 ++++++++++-------------- main/exercice/upload_exercise.php | 8 +- main/forum/forumfunction.inc.php | 34 +++--- main/inc/lib/course_description.lib.php | 85 ++++++++------- main/inc/lib/notebook.lib.php | 51 +++++---- main/inc/lib/social.lib.php | 16 ++- main/newscorm/learnpath.class.php | 25 ++++- 10 files changed, 229 insertions(+), 183 deletions(-) diff --git a/main/admin/settings.lib.php b/main/admin/settings.lib.php index baae31ec1f..53cd6eba5b 100755 --- a/main/admin/settings.lib.php +++ b/main/admin/settings.lib.php @@ -1044,8 +1044,12 @@ function add_edit_template() { $table_system_template = Database :: get_main_table('system_template'); if ($_GET['action'] == 'add') { $content_template = '{CSS}'.Database::escape_string($values['template_text']).''; - $sql = "INSERT INTO $table_system_template (title, content, image) VALUES ('".Database::escape_string($values['title'])."','".$content_template."','".Database::escape_string($new_file_name)."')"; - Database::query($sql); + $params = [ + 'title' => $values['title'], + 'content' => $content_template, + 'image' => $new_file_name + ]; + Database::insert($table_system_template, $params); // Display a feedback message. Display::display_confirmation_message(get_lang('TemplateAdded')); diff --git a/main/exercice/TestCategory.php b/main/exercice/TestCategory.php index b3572ecd0c..93cc62836e 100644 --- a/main/exercice/TestCategory.php +++ b/main/exercice/TestCategory.php @@ -75,9 +75,12 @@ class TestCategory // lets add in BDD if not the same name if ($data_verif['nb'] <= 0) { $c_id = api_get_course_int_id(); - $sql = "INSERT INTO $t_cattable (c_id, title, description) VALUES ('$c_id','$v_name', '$v_description')"; - Database::query($sql); - $new_id = Database::insert_id(); + $params = [ + 'c_id' => $c_id, + 'title' => $v_name, + 'description' => $v_description, + ]; + $new_id = Database::insert($t_cattable, $params); if ($new_id) { @@ -663,8 +666,12 @@ class TestCategory $tbl_reltable = Database::get_course_table(TABLE_QUIZ_QUESTION_REL_CATEGORY); // if question doesn't have a category // @todo change for 1.10 when a question can have several categories - if (TestCategory::getCategoryForQuestion($in_question_id, $in_course_c_id) == 0 && $in_question_id > 0 && $in_course_c_id > 0) { - $sql = "INSERT INTO $tbl_reltable VALUES (".intval($in_course_c_id).", ".intval($in_question_id).", ".intval($in_category_id).")"; + if (TestCategory::getCategoryForQuestion($in_question_id, $in_course_c_id) == 0 && + $in_question_id > 0 && + $in_course_c_id > 0 + ) { + $sql = "INSERT INTO $tbl_reltable + VALUES (".intval($in_course_c_id).", ".intval($in_question_id).", ".intval($in_category_id).")"; Database::query($sql); } } diff --git a/main/exercice/exercise_report.php b/main/exercice/exercise_report.php index 0094e14bce..e62985beaa 100755 --- a/main/exercice/exercise_report.php +++ b/main/exercice/exercise_report.php @@ -172,23 +172,30 @@ if (isset($_REQUEST['comments']) && } for ($i = 0; $i < $loop_in_track; $i++) { - $my_marks = Database::escape_string($_POST['marks_'.$array_content_id_exe[$i]]); - $contain_comments = Database::escape_string($_POST['comments_'.$array_content_id_exe[$i]]); + $my_marks = $_POST['marks_'.$array_content_id_exe[$i]]; + $contain_comments = $_POST['comments_'.$array_content_id_exe[$i]]; if (isset($contain_comments)) { - $my_comments = Database::escape_string($_POST['comments_'.$array_content_id_exe[$i]]); + $my_comments = $_POST['comments_'.$array_content_id_exe[$i]]; } else { $my_comments = ''; } $my_questionid = intval($array_content_id_exe[$i]); - $sql = "UPDATE $TBL_TRACK_ATTEMPT SET marks = '$my_marks', teacher_comment = '$my_comments' - WHERE question_id = ".$my_questionid." AND exe_id=".$id; - Database::query($sql); - - //Saving results in the track recording table - $sql = 'INSERT INTO '.$TBL_TRACK_ATTEMPT_RECORDING.' (exe_id, question_id, marks, insert_date, author, teacher_comment) - VALUES ('."'$id','".$my_questionid."','$my_marks','".api_get_utc_datetime()."','".api_get_user_id()."'".',"'.$my_comments.'")'; - Database::query($sql); + $params = [ + 'marks' => $my_marks, + 'teacher_comment' => $my_comments + ]; + Database::update($TBL_TRACK_ATTEMPT, $params, ['question_id = ? AND exe_id = ?' => [$my_questionid, $id]]); + + $params = [ + 'exe_id' => $id, + 'question_id' => $my_questionid, + 'marks' => $my_marks, + 'insert_date' => api_get_utc_datetime(), + 'author' => api_get_user_id(), + 'teacher_comment' => $my_comments + ]; + Database::insert($TBL_TRACK_ATTEMPT_RECORDING, $params); } $qry = 'SELECT DISTINCT question_id, marks @@ -200,7 +207,8 @@ if (isset($_REQUEST['comments']) && $tot += $row['marks']; } - $sql = "UPDATE $TBL_TRACK_EXERCISES SET exe_result = '".floatval($tot)."' + $sql = "UPDATE $TBL_TRACK_EXERCISES + SET exe_result = '".floatval($tot)."' WHERE exe_id = ".$id; Database::query($sql); diff --git a/main/exercice/question.class.php b/main/exercice/question.class.php index d38e1cf888..e7f605a2e7 100755 --- a/main/exercice/question.class.php +++ b/main/exercice/question.class.php @@ -406,20 +406,20 @@ abstract class Question } else { // update or add category for a question - $TBL_QUESTION_REL_CATEGORY = Database::get_course_table(TABLE_QUIZ_QUESTION_REL_CATEGORY); + $table = Database::get_course_table(TABLE_QUIZ_QUESTION_REL_CATEGORY); $category_id = intval($in_category); $question_id = intval($this->id); - $sql = "SELECT count(*) AS nb FROM $TBL_QUESTION_REL_CATEGORY + $sql = "SELECT count(*) AS nb FROM $table WHERE question_id = $question_id AND c_id=" . api_get_course_int_id(); $res = Database::query($sql); $row = Database::fetch_array($res); - if ($row['nb'] > 0){ - $sql = "UPDATE $TBL_QUESTION_REL_CATEGORY SET category_id = $category_id - WHERE question_id = $question_id AND c_id = " . api_get_course_int_id(); + if ($row['nb'] > 0) { + $sql = "UPDATE $table SET category_id = $category_id + WHERE question_id = $question_id AND c_id = " . api_get_course_int_id(); Database::query($sql); } else { - $sql = "INSERT INTO $TBL_QUESTION_REL_CATEGORY - VALUES (" . api_get_course_int_id() . ", $question_id, $category_id)"; + $sql = "INSERT INTO $table + VALUES (" . api_get_course_int_id() . ", $question_id, $category_id)"; Database::query($sql); } } @@ -433,9 +433,9 @@ abstract class Question */ public function deleteCategory() { - $TBL_QUESTION_REL_CATEGORY = Database::get_course_table(TABLE_QUIZ_QUESTION_REL_CATEGORY); + $table = Database::get_course_table(TABLE_QUIZ_QUESTION_REL_CATEGORY); $question_id = intval($this->id); - $sql = "DELETE FROM $TBL_QUESTION_REL_CATEGORY + $sql = "DELETE FROM $table WHERE question_id = $question_id AND c_id = " . api_get_course_int_id(); Database::query($sql); } @@ -822,23 +822,20 @@ abstract class Question $current_position = Database::result($result,0,0); $this->updatePosition($current_position+1); $position = $this->position; - $sql = "INSERT INTO $TBL_QUESTIONS ( - c_id, question, description, ponderation, position, type, picture, extra, level - ) - VALUES ( - $c_id, - '" . Database::escape_string($question) . "', - '" . Database::escape_string($description) . "', - '" . Database::escape_string($weighting) . "', - '" . Database::escape_string($position) . "', - '" . Database::escape_string($type) . "', - '" . Database::escape_string($picture) . "', - '" . Database::escape_string($extra) . "', - '" . Database::escape_string($level) . "' - )"; - Database::query($sql); - $this->id = Database::insert_id(); + $params = [ + 'c_id' => $c_id, + 'question' => $question, + 'description' => $description, + 'ponderation' => $weighting, + 'position' => $position, + 'type' => $type, + 'picture' => $picture, + 'extra' => $extra, + 'level' => $level + ]; + $this->id = Database::insert($TBL_QUESTIONS, $params); + if ($this->id) { $sql = "UPDATE $TBL_QUESTIONS SET id = iid WHERE iid = {$this->id}"; @@ -857,23 +854,18 @@ abstract class Question $TBL_ANSWERS = Database::get_course_table( TABLE_QUIZ_ANSWER ); - $sql = "INSERT INTO $TBL_ANSWERS ( - c_id, question_id , answer, correct, comment, ponderation, position, hotspot_coordinates, - hotspot_type - ) - VALUES ( - $c_id, - " . intval($this->id) . ", - '', - NULL, - '', - '10', - '1', - '0;0|0|0', - 'square' - )"; - Database::query($sql); - $id = Database::insert_id(); + $params = [ + 'c_id' => $c_id, + 'question_id' => $this->id, + 'answer' => '', + 'correct' => '', + 'comment' => '', + 'ponderation' => 10, + 'position' => 1, + 'hotspot_coordinates' => '0;0|0|0', + 'hotspot_type' => 'square', + ]; + $id = Database::insert($TBL_ANSWERS, $params); if ($id) { $sql = "UPDATE $TBL_ANSWERS SET id = id_auto WHERE id_auto = $id"; Database::query($sql); @@ -1087,8 +1079,8 @@ abstract class Question $new_exercise->read($exerciseId); $count = $new_exercise->selectNbrQuestions(); $count++; - $sql="INSERT INTO $exerciseRelQuestionTable (c_id, question_id, exercice_id, question_order) - VALUES ({$this->course['real_id']}, " . intval($id) . ", " . intval($exerciseId) . ", '$count')"; + $sql = "INSERT INTO $exerciseRelQuestionTable (c_id, question_id, exercice_id, question_order) + VALUES ({$this->course['real_id']}, " . intval($id) . ", " . intval($exerciseId) . ", '$count')"; Database::query($sql); // we do not want to reindex if we had just saved adnd indexed the question @@ -1269,23 +1261,19 @@ abstract class Question //Read the source options $options = self::readQuestionOption($this->id, $this->course['real_id']); - //Inserting in the new course db / or the same course db - $sql = "INSERT INTO $TBL_QUESTIONS ( - c_id, question, description, ponderation, position, type, level, extra - ) - VALUES ( - '$course_id', - '" . Database::escape_string($question) . "', - '" . Database::escape_string($description) . "', - '" . Database::escape_string($weighting) . "', - '" . Database::escape_string($position) . "', - '" . Database::escape_string($type) . "', - '" . Database::escape_string($level) . "', - '" . Database::escape_string($extra) . "' - )"; - Database::query($sql); + // Inserting in the new course db / or the same course db + $params = [ + 'c_id' => $course_id, + 'question' => $question, + 'description' => $description, + 'ponderation' => $weighting, + 'position' => $position, + 'type' => $type, + 'level' => $level, + 'extra' => $extra + ]; + $new_question_id = Database::insert($TBL_QUESTIONS, $params); - $new_question_id = Database::insert_id(); if ($new_question_id) { $sql = "UPDATE $TBL_QUESTIONS SET id = iid WHERE iid = $new_question_id"; @@ -1765,23 +1753,17 @@ abstract class Question $row_max = Database::fetch_object($rs_max); $max_position = $row_max->max_position + 1; - // Insert the new question - $sql = "INSERT INTO $tbl_quiz_question ( - c_id, question, description, ponderation, position, type, level - ) - VALUES ( - $course_id, - '" . Database::escape_string($question_name) . "', - '" . Database::escape_string($question_description) . "', - '$max_score', - $max_position, - $type, - $level - )"; - Database::query($sql); + $params = [ + 'c_id' => $course_id, + 'question' => $question_name, + 'description' => $question_description, + 'ponderation' => $max_score, + 'position' => $max_position, + 'type' => $type, + 'level' => $level, + ]; + $question_id = Database::insert($tbl_quiz_question, $params); - // Get the question ID - $question_id = Database::insert_id(); if ($question_id) { $sql = "UPDATE $tbl_quiz_question SET id = iid WHERE iid = $question_id"; @@ -1795,7 +1777,7 @@ abstract class Question $row_max_order = Database::fetch_object($rs_max_order); $max_order = $row_max_order->max_order + 1; // Attach questions to quiz - $sql = "INSERT INTO $tbl_quiz_rel_question (c_id, question_id,exercice_id,question_order) + $sql = "INSERT INTO $tbl_quiz_rel_question (c_id, question_id, exercice_id, question_order) VALUES($course_id, $question_id, $quiz_id, $max_order)"; Database::query($sql); } diff --git a/main/exercice/upload_exercise.php b/main/exercice/upload_exercise.php index 879c1053a9..9091a50cd3 100755 --- a/main/exercice/upload_exercise.php +++ b/main/exercice/upload_exercise.php @@ -265,7 +265,13 @@ function lp_upload_quiz_action_handling() { if ($quiz_id) { // insert into the item_property table - api_item_property_update($_course, TOOL_QUIZ, $quiz_id, 'QuizAdded', api_get_user_id()); + api_item_property_update( + $_course, + TOOL_QUIZ, + $quiz_id, + 'QuizAdded', + api_get_user_id() + ); // Import questions. for ($i = 0; $i < $number_questions; $i++) { diff --git a/main/forum/forumfunction.inc.php b/main/forum/forumfunction.inc.php index ef86833152..be83171fd1 100755 --- a/main/forum/forumfunction.inc.php +++ b/main/forum/forumfunction.inc.php @@ -528,22 +528,22 @@ function store_forumcategory($values, $courseInfo = array(), $showMessage = true $table_categories = Database::get_course_table(TABLE_FORUM_CATEGORY); // Find the max cat_order. The new forum category is added at the end => max cat_order + & - $sql = "SELECT MAX(cat_order) as sort_max FROM ".$table_categories." + $sql = "SELECT MAX(cat_order) as sort_max + FROM $table_categories WHERE c_id = $course_id"; $result = Database::query($sql); $row = Database::fetch_array($result); $new_max = $row['sort_max'] + 1; $session_id = api_get_session_id(); - - $clean_cat_title = Database::escape_string($values['forum_category_title']); + $clean_cat_title = $values['forum_category_title']; if (isset($values['forum_category_id'])) { // Storing after edition. - $sql = "UPDATE ".$table_categories." SET - cat_title='".$clean_cat_title."', - cat_comment='".Database::escape_string($values['forum_category_comment'])."' - WHERE c_id = $course_id AND cat_id= ".intval($values['forum_category_id']).""; - Database::query($sql); + $params = [ + 'cat_title' => $clean_cat_title, + 'cat_comment' => $values['forum_category_comment'], + ]; + Database::update($table_categories, $params, ['c_id = ? AND cat_id = ?' => [$course_id, $values['forum_category_id']]]); api_item_property_update( $courseInfo, @@ -554,15 +554,21 @@ function store_forumcategory($values, $courseInfo = array(), $showMessage = true ); $return_message = get_lang('ForumCategoryEdited'); } else { - $sql = "INSERT INTO ".$table_categories." (c_id, cat_title, cat_comment, cat_order, session_id) - VALUES (".$course_id.", '".$clean_cat_title."','".Database::escape_string($values['forum_category_comment'])."','".Database::escape_string($new_max)."','".Database::escape_string($session_id)."')"; - Database::query($sql); - $last_id = Database::insert_id(); - $sql = "UPDATE $table_categories SET cat_id = $last_id WHERE iid = $last_id"; - Database::query($sql); + $params = [ + 'c_id' => $course_id, + 'cat_title' => $clean_cat_title, + 'cat_comment' => $values['forum_category_comment'], + 'cat_order' => $new_max, + 'session_id' => $session_id + ]; + $last_id = Database::insert($table_categories, $params); if ($last_id > 0) { + + $sql = "UPDATE $table_categories SET cat_id = $last_id WHERE iid = $last_id"; + Database::query($sql); + api_item_property_update( $courseInfo, TOOL_FORUM_CATEGORY, diff --git a/main/inc/lib/course_description.lib.php b/main/inc/lib/course_description.lib.php index 0b12e54e15..85b61fc596 100755 --- a/main/inc/lib/course_description.lib.php +++ b/main/inc/lib/course_description.lib.php @@ -50,7 +50,7 @@ class CourseDescription } $t_course_desc = Database::get_course_table(TABLE_COURSE_DESCRIPTION); $sql = "SELECT * FROM $t_course_desc - WHERE c_id = $course_id AND session_id = '0'"; + WHERE c_id = $course_id AND session_id = '0'"; $sql_result = Database::query($sql); $results = array(); while ($row = Database::fetch_array($sql_result)) { @@ -201,16 +201,17 @@ class CourseDescription $course_id = $this->course_id; } $table = Database::get_course_table(TABLE_COURSE_DESCRIPTION); - $sql = "INSERT IGNORE INTO $table SET - c_id = $course_id, - description_type = '" . intval($this->description_type) . "', - title = '" . Database::escape_string($this->title) . "', - content = '" . Database::escape_string($this->content) . "', - progress = '" . intval($this->progress) . "', - session_id = '" . intval($this->session_id) . "' "; - $result = Database::query($sql); - $last_id = Database::insert_id(); - $affected_rows = Database::affected_rows($result); + + $params = [ + 'c_id' => $course_id, + 'description_type' => $this->description_type, + 'title' => $this->title, + 'content' => $this->content, + 'progress' => $this->progress, + 'session_id' => $this->session_id, + ]; + + $last_id = Database::insert($table, $params); if ($last_id > 0) { $sql = "UPDATE $table SET id = iid WHERE iid = $last_id"; @@ -226,7 +227,7 @@ class CourseDescription ); } - return $affected_rows; + return 1; } /** @@ -247,20 +248,22 @@ class CourseDescription TOOL_COURSE_DESCRIPTION, $description_id ); - $sql = "INSERT IGNORE INTO $tbl_stats_item_property SET - c_id = " . api_get_course_int_id() . ", - course_id = '$course_id', - item_property_id = '$item_property_id', - title = '" . Database::escape_string($this->title) . "', - content = '" . Database::escape_string($this->content) . "', - progress = '" . intval($this->progress) . "', - lastedit_date = '" . api_get_utc_datetime(). "', - lastedit_user_id = '" . api_get_user_id() . "', - session_id = '" . intval($this->session_id) . "'"; - $result = Database::query($sql); - $affected_rows = Database::affected_rows($result); - return $affected_rows; + $params = [ + 'c_id' => api_get_course_int_id(), + 'course_id' => $course_id, + 'item_property_id' => $item_property_id, + 'title' => $this->title, + 'content' => $this->content, + 'progress' => $this->progress, + 'lastedit_date' => api_get_utc_datetime(), + 'lastedit_user_id' => api_get_user_id(), + 'session_id' => $this->session_id, + ]; + + Database::insert($tbl_stats_item_property, $params); + + return 1; } /** @@ -270,17 +273,25 @@ class CourseDescription */ public function update() { - $tbl_course_description = Database::get_course_table(TABLE_COURSE_DESCRIPTION); - $sql = "UPDATE $tbl_course_description SET - title = '" . Database::escape_string($this->title) . "', - content = '" . Database::escape_string($this->content) . "', - progress = '" . $this->progress . "' - WHERE - id = '" . intval($this->id) . "' AND - session_id = '" . $this->session_id . "' AND - c_id = " . api_get_course_int_id(); - $result = Database::query($sql); - $affected_rows = Database::affected_rows($result); + $table = Database::get_course_table(TABLE_COURSE_DESCRIPTION); + + $params = [ + 'title' => $this->title, + 'content' => $this->content, + 'progress' => $this->progress, + ]; + + Database::update( + $table, + $params, + [ + 'id = ? AND session_id = ? AND c_id = ?' => [ + $this->id, + $this->session_id, + api_get_course_int_id(), + ], + ] + ); if ($this->id > 0) { //insert into item_property @@ -293,7 +304,7 @@ class CourseDescription ); } - return $affected_rows; + return 1; } /** diff --git a/main/inc/lib/notebook.lib.php b/main/inc/lib/notebook.lib.php index 703569c9f9..3f33c85c86 100755 --- a/main/inc/lib/notebook.lib.php +++ b/main/inc/lib/notebook.lib.php @@ -51,27 +51,26 @@ class NotebookManager return false; } // Database table definition - $t_notebook = Database :: get_course_table(TABLE_NOTEBOOK); + $table = Database :: get_course_table(TABLE_NOTEBOOK); $course_id = api_get_course_int_id(); $sessionId = api_get_session_id(); - $sql = "INSERT INTO $t_notebook (c_id, user_id, course, session_id, title, description, creation_date,update_date,status) - VALUES( - $course_id, - '" . api_get_user_id() . "', - '" . Database::escape_string(api_get_course_id()) . "', - '" . $sessionId . "', - '" . Database::escape_string($values['note_title']) . "', - '" . Database::escape_string($values['note_comment']) . "', - '" . Database::escape_string(date('Y-m-d H:i:s')) . "', - '" . Database::escape_string(date('Y-m-d H:i:s')) . "', - '0')"; - $result = Database::query($sql); - $affected_rows = Database::affected_rows($result); + $now = api_get_utc_datetime(); + $params = [ + 'c_id' => $course_id, + 'user_id' => api_get_user_id(), + 'course' => api_get_course_id(), + 'session_id' => $sessionId, + 'title' => $values['note_title'], + 'description' => $values['note_comment'], + 'creation_date' => $now, + 'update_date' => $now, + 'status' => 0 + ]; + $id = Database::insert($table, $params); - $id = Database::insert_id(); if ($id > 0) { - $sql = "UPDATE $t_notebook SET notebook_id = $id WHERE iid = $id"; + $sql = "UPDATE $table SET notebook_id = $id WHERE iid = $id"; Database::query($sql); //insert into item_property @@ -82,14 +81,12 @@ class NotebookManager 'NotebookAdded', api_get_user_id() ); - } - - if (!empty($affected_rows)) { return $id; } } - static function get_note_information($notebook_id) { + static function get_note_information($notebook_id) + { if (empty($notebook_id)) { return array(); } @@ -97,16 +94,18 @@ class NotebookManager $t_notebook = Database :: get_course_table(TABLE_NOTEBOOK); $course_id = api_get_course_int_id(); - $sql = "SELECT notebook_id AS notebook_id, - title AS note_title, - description AS note_comment, - session_id AS session_id - FROM $t_notebook - WHERE c_id = $course_id AND notebook_id = '" . Database::escape_string($notebook_id) . "' "; + $sql = "SELECT + notebook_id AS notebook_id, + title AS note_title, + description AS note_comment, + session_id AS session_id + FROM $t_notebook + WHERE c_id = $course_id AND notebook_id = '" . intval($notebook_id) . "' "; $result = Database::query($sql); if (Database::num_rows($result) != 1) { return array(); } + return Database::fetch_array($result); } diff --git a/main/inc/lib/social.lib.php b/main/inc/lib/social.lib.php index bb6cce9e61..d96465f1b7 100755 --- a/main/inc/lib/social.lib.php +++ b/main/inc/lib/social.lib.php @@ -183,7 +183,6 @@ class SocialManager extends UserManager //Just in case we replace the and \n and \n\r while saving in the DB $message_content = str_replace(array("\n", "\n\r"), '
', $message_content); - $clean_message_title = Database::escape_string($message_title); $clean_message_content = Database::escape_string($message_content); $now = api_get_utc_datetime(); @@ -199,9 +198,15 @@ class SocialManager extends UserManager if ($row_exist['count'] == 0) { - $sql = 'INSERT INTO '.$tbl_message.'(user_sender_id,user_receiver_id,msg_status,send_date,title,content) - VALUES('.$user_id.','.$friend_id.','.MESSAGE_STATUS_INVITATION_PENDING.',"'.$now.'","'.$clean_message_title.'","'.$clean_message_content.'") '; - Database::query($sql); + $params = [ + 'user_sender_id' => $user_id, + 'user_receiver_id' => $friend_id, + 'msg_status' => MESSAGE_STATUS_INVITATION_PENDING, + 'send_date' => $now, + 'title' => $message_title, + 'content' => $message_content, + ]; + Database::insert($tbl_message, $params); $sender_info = api_get_user_info($user_id); $notification = new Notification(); @@ -221,7 +226,8 @@ class SocialManager extends UserManager $res_if_exist = Database::query($sql_if_exist); $row_if_exist = Database::fetch_array($res_if_exist, 'ASSOC'); if ($row_if_exist['count'] == 1) { - $sql = 'UPDATE '.$tbl_message.'SET msg_status=5, content = "'.$clean_message_content.'" + $sql = 'UPDATE '.$tbl_message.' SET + msg_status=5, content = "'.$clean_message_content.'" WHERE user_sender_id='.$user_id.' AND user_receiver_id='.$friend_id.' AND msg_status = 7 '; Database::query($sql); return true; diff --git a/main/newscorm/learnpath.class.php b/main/newscorm/learnpath.class.php index 23fd13e2de..4aad5860a8 100755 --- a/main/newscorm/learnpath.class.php +++ b/main/newscorm/learnpath.class.php @@ -792,10 +792,27 @@ class learnpath $dsp = $row[0] + 1; } - $sql = "INSERT INTO $tbl_lp (c_id, lp_type,name,description,path,default_view_mod, default_encoding,display_order,content_maker,content_local,js_lib,session_id, created_on, publicated_on, expired_on, category_id) - VALUES ($course_id, $type,'$name','$description','','embedded','UTF-8','$dsp','Chamilo','local','','".$session_id."', '".api_get_utc_datetime()."' , '".$publicated_on."' , '".$expired_on."', $categoryId)"; - Database::query($sql); - $id = Database :: insert_id(); + $params = [ + 'c_id' => $course_id, + 'lp_type' => $type, + 'name' => $name, + 'description' => $description, + 'path' => '', + 'default_view_mod' => 'embedded', + 'default_encoding' => 'UTF-8', + 'display_order' => $dsp, + 'content_maker' => 'Chamilo', + 'content_local' => 'local', + 'js_lib' => '', + 'session_id' => $session_id, + 'created_on' => api_get_utc_datetime(), + 'publicated_on' => $publicated_on, + 'expired_on' => $expired_on, + 'category_id' => $categoryId + ]; + + $id = Database::insert($tbl_lp, $params); + if ($id > 0) { $sql = "UPDATE $tbl_lp SET id = iid WHERE iid = $id"; Database::query($sql);