Use database::insert/update

10 years ago · c6f1c7ff14
parent b01484e54f
commit c6f1c7ff14
10 changed files with 232 additions and 197 deletions
--- a/main/coursecopy/classes/CourseRestorer.class.php
+++ b/main/coursecopy/classes/CourseRestorer.class.php
@ -1225,6 +1225,7 @@ class CourseRestorer
            $sessionId
        );
 		$this->course->resources[RESOURCE_FORUMPOST][$id]->destination_id = $new_id;
+
 		return $new_id;
 	}

@ -1239,26 +1240,26 @@ class CourseRestorer
 			foreach ($resources[RESOURCE_LINK] as $id => $link) {
 				$cat_id = $this->restore_link_category($link->category_id, $session_id);
 				$sql = "SELECT MAX(display_order) FROM  $link_table
-				        WHERE c_id = ".$this->destination_course_id." AND category_id='" . self::DBUTF8escapestring($cat_id). "'";
+				        WHERE
+				            c_id = ".$this->destination_course_id." AND
+				            category_id='" . intval($cat_id). "'";
 				$result = Database::query($sql);
    			list($max_order) = Database::fetch_array($result);

-    			$condition_session = "";
+                $params = [];
    			if (!empty($session_id)) {
-    				$condition_session = " , session_id = '$session_id' ";
+                    $params['session_id'] = $session_id;
    			}

-				$sql = "INSERT INTO $link_table SET
-                        c_id            = ".$this->destination_course_id." ,
-                        url             = '".self::DBUTF8escapestring($link->url)."',
-                        title           = '".self::DBUTF8escapestring($link->title)."',
-                        description     = '".self::DBUTF8escapestring($link->description)."',
-                        category_id     = '".$cat_id."',
-                        on_homepage     = '".$link->on_homepage."',
-                        display_order   = '".($max_order+1)."' $condition_session";
-				Database::query($sql);
+                $params['c_id'] = $this->destination_course_id;
+                $params['url'] = self::DBUTF8($link->url);
+                $params['title'] = self::DBUTF8($link->title);
+                $params['description'] = self::DBUTF8($link->description);
+                $params['category_id'] = $cat_id;
+                $params['on_homepage'] = $link->on_homepage;
+                $params['display_order'] = $max_order+1;

-                $id = Database::insert_id();
+                $id = Database::insert($link_table, $params);

                if ($id) {
                    $sql = "UPDATE $link_table SET id = iid WHERE iid = $id";
@ -1275,9 +1276,9 @@ class CourseRestorer
     */
    public function restore_link_category($id, $session_id = 0)
    {
-        $condition_session = "";
+        $params = [];
        if (!empty($session_id)) {
-            $condition_session = " , session_id = '$session_id' ";
+            $params['session_id'] = $session_id;
        }

        if ($id == 0) {
@ -1292,21 +1293,19 @@ class CourseRestorer
            $result=Database::query($sql);
            list($orderMax)=Database::fetch_array($result,'NUM');
            $display_order=$orderMax+1;
-            $sql = "INSERT INTO $link_cat_table SET
-			            c_id = ".$this->destination_course_id.",
-			            category_title = '".self::DBUTF8escapestring($link_cat->title)."',
-			            description = '".self::DBUTF8escapestring($link_cat->description)."',
-			            display_order = '".$display_order."'
-			            $condition_session ";
-            Database::query($sql);
-            $new_id = Database::insert_id();
+
+            $params['c_id'] = $this->destination_course_id;
+            $params['category_title'] = self::DBUTF8($link_cat->title);
+            $params['description'] = self::DBUTF8($link_cat->description);
+            $params['display_order'] = $display_order;
+
+            $new_id = Database::insert($link_cat_table, $params);

            if ($new_id) {
                $sql = "UPDATE $link_cat_table SET id = iid WHERE iid = $new_id";
                Database::query($sql);
            }

-
            $this->course->resources[RESOURCE_LINKCATEGORY][$id]->destination_id = $new_id;
            return $new_id;
        }
@ -1324,8 +1323,11 @@ class CourseRestorer
 			$resources = $this->course->resources;
 			foreach ($resources[RESOURCE_TOOL_INTRO] as $id => $tool_intro) {
 				$sql = "DELETE FROM ".$tool_intro_table."
-				        WHERE c_id = ".$this->destination_course_id."  AND id='".self::DBUTF8escapestring($tool_intro->id)."'";
+				        WHERE
+				            c_id = ".$this->destination_course_id." AND
+				            id='".self::DBUTF8escapestring($tool_intro->id)."'";
 				Database::query($sql);
+
                $tool_intro->intro_text = DocumentManager::replace_urls_inside_content_html_from_copy_course(
                    $tool_intro->intro_text,
                    $this->course->code,
@ -1334,14 +1336,14 @@ class CourseRestorer
                    $this->course->info['path']
                );

-				$sql = "INSERT INTO ".$tool_intro_table." SET
-                        c_id = ".$this->destination_course_id.",
-                        id='".self::DBUTF8escapestring($tool_intro->id)."',
-                        intro_text = '".self::DBUTF8escapestring($tool_intro->intro_text)."'
-                        session_id = $sessionId";
-                Database::query($sql);
+                $params = [
+                    'c_id' => $this->destination_course_id,
+                    'id' => self::DBUTF8($tool_intro->id),
+                    'intro_text' => self::DBUTF8($tool_intro->intro_text),
+                    'session_id' => $sessionId
+                ];

-                $id = Database::insert_id();
+                $id = Database::insert($tool_intro_table, $params);
                if ($id) {
                    $sql = "UPDATE $tool_intro_table SET id = iid WHERE iid = $id";
                    Database::query($sql);
@ -1371,17 +1373,16 @@ class CourseRestorer
                    $this->course->info['path']
                );

-				$sql = "INSERT INTO ".$table." SET
-        				c_id = ".$this->destination_course_id." ,
-        				title = '".self::DBUTF8escapestring($event->title)."',
-        				content = '".self::DBUTF8escapestring($event->content)."',
-                        all_day = '".$event->all_day."',
-        				start_date = '".$event->start_date."',
-        				end_date = '".$event->end_date."',
-        				session_id = $sessionId";
-
-				Database::query($sql);
-				$new_event_id = Database::insert_id();
+                $params = [
+                    'c_id' => $this->destination_course_id,
+                    'title' => self::DBUTF8($event->title),
+                    'content' => self::DBUTF8($event->content),
+                    'all_day' => $event->all_day,
+                    'start_date' => $event->start_date,
+                    'end_date' => $event->end_date,
+                    'session_id' => $sessionId
+                ];
+				$new_event_id = Database::insert($table, $params);

                if ($new_event_id) {
                    $sql = "UPDATE $table SET id = iid WHERE iid = $new_event_id";
@ -1404,21 +1405,24 @@ class CourseRestorer
 					$attachment_event = Database::query($sql);
 					$attachment_event = Database::fetch_object($attachment_event);

-					if (file_exists($origin_path.$attachment_event->path) && !is_dir($origin_path.$attachment_event->path) ) {
+					if (file_exists($origin_path.$attachment_event->path) &&
+                        !is_dir($origin_path.$attachment_event->path)
+                    ) {
 						$new_filename = uniqid(''); //ass seen in the add_agenda_attachment_file() function in agenda.inc.php
 						$copy_result = copy($origin_path.$attachment_event->path, $destination_path.$new_filename);
 						//$copy_result = true;
 						if ($copy_result) {
 							$table_attachment = Database :: get_course_table(TABLE_AGENDA_ATTACHMENT);
-							$sql = "INSERT INTO ".$table_attachment." SET
-                                        c_id = ".$this->destination_course_id.",
-                                        path = '".self::DBUTF8escapestring($new_filename)."',
-                                        comment = '".self::DBUTF8escapestring($attachment_event->comment)."',
-                                        size = '".$attachment_event->size."',
-                                        filename = '".$attachment_event->filename."',
-                                        agenda_id = '".$new_event_id."' ";
-							Database::query($sql);
-                            $id = Database::insert_id();
+
+							$params = [
+                                'c_id' => $this->destination_course_id,
+                                'path' => self::DBUTF8($new_filename),
+                                'comment' => self::DBUTF8($attachment_event->comment),
+                                'size' => $attachment_event->size,
+                                'filename' => $attachment_event->filename,
+                                'agenda_id' => $new_event_id
+                            ];
+                            $id = Database::insert($table_attachment, $params);
                            if ($id) {
                                $sql = "UPDATE $table_attachment SET id = iid WHERE iid = $id";
                                Database::query($sql);
@ -1435,16 +1439,17 @@ class CourseRestorer
 						$copy_result = copy($origin_path.$event->attachment_path, $destination_path.$new_filename);
 						if ($copy_result) {
 							$table_attachment = Database :: get_course_table(TABLE_AGENDA_ATTACHMENT);
-							$sql = "INSERT INTO ".$table_attachment." SET
-                                c_id = ".$this->destination_course_id.",
-                                path = '".self::DBUTF8escapestring($new_filename)."',
-                                comment = '".self::DBUTF8escapestring($event->attachment_comment)."',
-                                size = '".$event->attachment_size."',
-                                filename = '".$event->attachment_filename."',
-                                agenda_id = '".$new_event_id."' ";
-							Database::query($sql);

-                            $id = Database::insert_id();
+                            $params = [
+                                'c_id' => $this->destination_course_id,
+                                'path' => self::DBUTF8($new_filename),
+                                'comment' => self::DBUTF8($event->attachment_comment),
+                                'size' => $event->size,
+                                'filename' => $event->filename,
+                                'agenda_id' => $new_event_id
+                            ];
+                            $id = Database::insert($table_attachment, $params);
+
                            if ($id) {
                                $sql = "UPDATE $table_attachment SET id = iid WHERE iid = $id";
                                Database::query($sql);
@ -1474,20 +1479,17 @@ class CourseRestorer
                    $this->course->info['path']
                );

-				$condition_session = "";
+                $params = [];
 				if (!empty($session_id)) {
 					$session_id = intval($session_id);
-					$condition_session = " , session_id = '$session_id' ";
+                    $params['session_id'] = $session_id;
 				}
-				$sql = "INSERT INTO $table SET
-				        c_id = ".$this->destination_course_id." ,
-				        description_type = '".self::DBUTF8escapestring($cd->description_type)."',
-				        title = '".self::DBUTF8escapestring($cd->title)."',
-				        content = '".self::DBUTF8escapestring($description_content)."'
-				        $condition_session";
-				Database::query($sql);
+                $params['c_id'] = $this->destination_course_id;
+                $params['description_type'] = self::DBUTF8($cd->description_type);
+                $params['title'] = self::DBUTF8($cd->title);
+                $params['content'] = self::DBUTF8($description_content);

-                $id = Database::insert_id();
+                $id = Database::insert($table, $params);
                if ($id) {
                    $sql = "UPDATE $table SET id = iid WHERE iid = $id";
                    Database::query($sql);
@ -2419,18 +2421,17 @@ class CourseRestorer
                    Database::query($sql);

                    if ($lp->visibility) {
-                        $sql = "INSERT INTO $table_tool SET
-					            c_id = ".$this->destination_course_id.",
-					            name = '".self::DBUTF8escapestring($lp->name)."',
-					            link = 'newscorm/lp_controller.php?action=view&lp_id=$new_lp_id&id_session=$session_id',
-					            image = 'scormbuilder.gif',
-					            visibility = '0',
-					            admin = '0',
-					            address = 'squaregrey.gif',
-					            session_id = $session_id
-                            ";
-                        Database::query($sql);
-                        $insertId = Database::insert_id();
+                        $params = [
+                            'c_id' => $this->destination_course_id,
+                            'name' => self::DBUTF8($lp->name),
+                            'link' => 'newscorm/lp_controller.php?action=view&lp_id=$new_lp_id&id_session='.$session_id,
+                            'image' => 'scormbuilder.gif',
+                            'visibility' => '0',
+                            'admin' => '0',
+                            'address' => 'squaregrey.gif',
+                            'session_id' => $session_id
+                        ];
+                        $insertId = Database::insert($table_tool, $params);
                        if ($insertId) {
                            $sql = "UPDATE $table_tool SET id = iid WHERE iid = $insertId";
                            Database::query($sql);
--- a/main/gradebook/lib/be/result.class.php
+++ b/main/gradebook/lib/be/result.class.php
@ -131,7 +131,6 @@ class Result
                        Database::query($sql_insert);
                    }
                }
-                $list_user_course_list = array();
            }
        }

--- a/main/inc/lib/agenda.lib.php
+++ b/main/inc/lib/agenda.lib.php
@ -2276,18 +2276,22 @@ class Agenda
                $new_file_name = uniqid('');
                $new_path = $uploadDir.'/'.$new_file_name;
                $result = @move_uploaded_file($fileUserUpload['tmp_name'], $new_path);
-                $comment = Database::escape_string($comment);
-                $file_name = Database::escape_string($file_name);
                $course_id = api_get_course_int_id();
                $size = intval($fileUserUpload['size']);
                // Storing the attachments if any
                if ($result) {
-                    $sql = 'INSERT INTO '.$agenda_table_attachment.'(c_id, filename, comment, path, agenda_id, size) '.
-                        "VALUES ($course_id, '".$file_name."', '".$comment."', '".$new_file_name."' , '".$eventId."', '".$size."' )";
-                    Database::query($sql);
-                    $id = Database::insert_id();
+                    $params = [
+                        'c_id' => $course_id,
+                        'filename' => $file_name,
+                        'comment' => $comment,
+                        'path' => $new_file_name,
+                        'agenda_id' => $eventId,
+                        'size' => $size
+                    ];
+                    $id = Database::insert($agenda_table_attachment, $params);
                    if ($id) {
-                        $sql = "UPDATE $agenda_table_attachment SET id = iid WHERE iid = $id";
+                        $sql = "UPDATE $agenda_table_attachment
+                                SET id = iid WHERE iid = $id";
                        Database::query($sql);

                        api_item_property_update(
--- a/main/inc/lib/api.lib.php
+++ b/main/inc/lib/api.lib.php
@ -4701,16 +4701,16 @@ function copy_folder_course_session(
                mkdir($new_pathname, api_get_permissions_for_new_directories());

                // Insert new folder with destination session_id.
-                $sql = "INSERT INTO ".$table." SET
-                        c_id = $course_id,
-                        path = '$path',
-                        comment = '".Database::escape_string($document->comment)."',
-                        title = '".Database::escape_string(basename($new_pathname))."' ,
-                        filetype='folder',
-                        size= '0',
-                        session_id = '$session_id'";
-                Database::query($sql);
-                $document_id = Database::insert_id();
+                $params = [
+                    'c_id' => $course_id,
+                    'path' => $path,
+                    'comment' => $document->comment,
+                    'title' => basename($new_pathname),
+                    'filetype' => 'folder',
+                    'size' => '0',
+                    'session_id' => $session_id
+                ];
+                $document_id = Database::insert($table, $params);
                if ($document_id) {

                    $sql = "UPDATE $table SET id = iid WHERE iid = $document_id";
--- a/main/inc/lib/course_category.lib.php
+++ b/main/inc/lib/course_category.lib.php
@ -104,13 +104,15 @@ function getCategories($category)
 function addNode($code, $name, $canHaveCourses, $parent_id)
 {
    $tbl_category = Database::get_main_table(TABLE_MAIN_CATEGORY);
-    $code = trim(Database::escape_string($code));
-    $name = trim(Database::escape_string($name));
-    $parent_id = trim(Database::escape_string($parent_id));
-    $canHaveCourses = Database::escape_string($canHaveCourses);
-    $code = CourseManager::generate_course_code($code);
+    $code = trim($code);
+    $name = trim($name);
+    $parent_id = trim($parent_id);
+    $canHaveCourses = $canHaveCourses;

-    $result = Database::query("SELECT 1 FROM $tbl_category WHERE code='$code'");
+    $code = CourseManager::generate_course_code($code);
+    $sql = "SELECT 1 FROM $tbl_category
+            WHERE code = '".Database::escape_string($code)."'";
+    $result = Database::query($sql);
    if (Database::num_rows($result)) {
        return false;
    }
@ -118,10 +120,16 @@ function addNode($code, $name, $canHaveCourses, $parent_id)
    $row = Database::fetch_array($result);
    $tree_pos = $row['maxTreePos'] + 1;

-    $sql = "INSERT INTO $tbl_category(name, code, parent_id, tree_pos, children_count, auth_course_child)
-            VALUES('$name', '$code', " .(empty($parent_id) ? "NULL" : "'$parent_id'") . ", '$tree_pos', '0', '$canHaveCourses')";
-    Database::query($sql);
-    $categoryId = Database::insert_id();
+    $params = [
+        'name' => $name,
+        'code' => $code,
+        'parent_id' => empty($parent_id) ? "NULL" : $parent_id,
+        'tree_pos' => $tree_pos,
+        'children_count' => 0,
+        'auth_course_child' => $canHaveCourses
+    ];
+
+    $categoryId = Database::insert($tbl_category, $params);

    updateParentCategoryChildrenCount($parent_id, 1);

--- a/main/inc/lib/legal.lib.php
+++ b/main/inc/lib/legal.lib.php
@ -23,42 +23,40 @@ class LegalManager
 	 */
 	public static function add($language, $content, $type, $changes)
    {
-		$legal_table = Database::get_main_table(TABLE_MAIN_LEGAL);
-		$last = self::get_last_condition($language);
-		$language = Database::escape_string($language);
-		$content  = Database::escape_string($content);
-		$type     = intval($type);
-		$changes  = Database::escape_string($changes);
-		$time = time();
+        $legal_table = Database::get_main_table(TABLE_MAIN_LEGAL);
+        $last = self::get_last_condition($language);
+        $type     = intval($type);
+        $time = time();

-		if ($last['content'] != $content) {
-			$version = intval(LegalManager::get_last_condition_version($language));
-			$version++;
-			 $sql = "INSERT INTO $legal_table SET
-			            language_id = '".$language."',
-                        content = '".$content."',
-                        changes= '".$changes."',
-                        type = '".$type."',
-                        version = '".intval($version)."',
-                        date = '".$time."'";
-			Database::query($sql);
+        if ($last['content'] != $content) {
+            $version = intval(LegalManager::get_last_condition_version($language));
+            $version++;
+            $params = [
+                'language_id' => $language,
+                'content' => $content,
+                'changes' => $changes,
+                'type' => $type,
+                'version' => intval($version),
+                'date' => $time
+            ];
+            Database::insert($legal_table, $params);

-			return true;
-		} elseif($last['type'] != $type && $language==$last['language_id']) {
-			//update
-			$id = $last['legal_id'];
-			$sql = "UPDATE $legal_table SET
-                        changes= '".$changes."',
-                        type = '".$type."',
-                        date = '".$time."'
-					WHERE legal_id= $id  ";
-			Database::query($sql);
+            return true;
+        } elseif($last['type'] != $type && $language==$last['language_id']) {
+            //update
+            $id = $last['legal_id'];
+            $params = [
+                'changes' => $changes,
+                'type' => $type,
+                'date' => $time
+            ];
+            Database::update($legal_table, $params, ['legal_id => ?' => $id]);

-			return true;
-		} else {
-			return false;
-		}
-	}
+            return true;
+        } else {
+            return false;
+        }
+    }

 	public static function delete($id)
    {
--- a/main/inc/lib/link.lib.php
+++ b/main/inc/lib/link.lib.php
@ -350,20 +350,21 @@ class Link extends Model
                $order = $orderMax + 1;
                $order = intval($order);
                $session_id = api_get_session_id();
-                $sql = "INSERT INTO " . $tbl_categories . " (c_id, category_title, description, display_order, session_id)
-                        VALUES ($course_id,
-                        '" . Database::escape_string($category_title) . "',
-                        '" . Database::escape_string($description) . "',
-                        '$order',
-                        $session_id
-                        )";
-                Database:: query($sql);
-                $linkId = Database:: insert_id();
-                // iid
-                $sql = "UPDATE $tbl_categories SET id = iid WHERE iid = $linkId";
-                Database:: query($sql);
+
+                $params = [
+                    'c_id' => $course_id,
+                    'category_title' => $category_title,
+                    'description' => $description,
+                    'display_order' => $order,
+                    'session_id' => $session_id
+                ];
+                $linkId = Database::insert($tbl_categories, $params);

                if ($linkId) {
+                    // iid
+                    $sql = "UPDATE $tbl_categories SET id = iid WHERE iid = $linkId";
+                    Database:: query($sql);
+
                    // add link_category visibility
                    // course ID is taken from context in api_set_default_visibility
                    api_set_default_visibility($linkId, TOOL_LINK_CATEGORY);
@ -1243,13 +1244,16 @@ class Link extends Model
            "SELECT MAX(display_order) FROM " . $tbl_categories . " WHERE c_id = $course_id "
        );
        list ($max_order) = Database:: fetch_row($result);
-        Database:: query(
-            "INSERT INTO " . $tbl_categories . " (c_id, category_title, description, display_order)
-            VALUES (" . $course_id . ", '" . Database::escape_string(
-                $catname
-            ) . "','','" . ($max_order + 1) . "')"
-        );
-        return Database:: insert_id();
+
+        $params = [
+            'c_id' => $course_id,
+            'category_title' => $catname,
+            'description' => '',
+            'display_order' => $max_order + 1
+        ];
+        $id = Database::insert($tbl_categories, $params);
+
+        return $id;
    }

    /**
--- a/main/inc/lib/plugin.class.php
+++ b/main/inc/lib/plugin.class.php
@ -397,36 +397,53 @@ class Plugin
        // Adding course settings.
        if (!empty($this->course_settings)) {
            foreach ($this->course_settings as $setting) {
-                $variable = Database::escape_string($setting['name']);
+                $variable = $setting['name'];
                $value ='';
-
                if (isset($setting['init_value'])) {
-                    $value = Database::escape_string($setting['init_value']);
+                    $value = ($setting['init_value']);
                }

                $type = 'textfield';
                if (isset($setting['type'])) {
-                    $type = Database::escape_string($setting['type']);
+                    $type = $setting['type'];
                }

                if (isset($setting['group'])) {
-                    $group = Database::escape_string($setting['group']);
-                    $sql = "SELECT value FROM $t_course
-                            WHERE c_id = $courseId AND variable = '$group' AND subkey = '$variable' ";
+                    $group = $setting['group'];
+                    $sql = "SELECT value
+                            FROM $t_course
+                            WHERE
+                                c_id = $courseId AND
+                                variable = '".Database::escape_string($group)."' AND
+                                subkey = '".Database::escape_string($variable)."'
+                            ";
                    $result = Database::query($sql);
                    if (!Database::num_rows($result)) {
-                        $sql = "INSERT INTO $t_course (c_id, variable, subkey, value, category, type) VALUES
-                                ($courseId, '$group', '$variable', '$value', 'plugins', '$type')";
-                        Database::query($sql);
+                        $params = [
+                            'c_id' => $courseId,
+                            'variable' => $group,
+                            'subkey' => $variable,
+                            'value' => $value,
+                            'category' => 'plugins',
+                            'type' => $type
+                        ];
+                        Database::insert($t_course, $params);
                    }
                } else {
                    $sql = "SELECT value FROM $t_course
                            WHERE c_id = $courseId AND variable = '$variable' ";
                    $result = Database::query($sql);
                    if (!Database::num_rows($result)) {
-                        $sql = "INSERT INTO $t_course (c_id, variable, value, category, subkey, type) VALUES
-                                ($courseId, '$variable','$value', 'plugins', '$plugin_name', '$type')";
-                        Database::query($sql);
+
+                        $params = [
+                            'c_id' => $courseId,
+                            'variable' => $variable,
+                            'subkey' => $plugin_name,
+                            'value' => $value,
+                            'category' => 'plugins',
+                            'type' => $type
+                        ];
+                        Database::insert($t_course, $params);
                    }
                }
            }
--- a/main/inc/lib/social.lib.php
+++ b/main/inc/lib/social.lib.php
@ -464,20 +464,20 @@ class SocialManager extends UserManager
        $course_visibility = $course_access_settings['visibility'];

        $user_in_course_status = CourseManager :: get_user_in_course_status(api_get_user_id(), $course_code);
-        
+
        //$valor = api_get_settings_params();
        $course_path = api_get_path(SYS_COURSE_PATH).$course_directory;   // course path
        if (api_get_setting('course_images_in_courses_list') === 'true') {
            if (file_exists($course_path.'/course-pic85x85.png')) {
-                $image = $my_course['course_info']['course_image']; 
+                $image = $my_course['course_info']['course_image'];
                $imageCourse = Display::img($image, $course_title, array('class'=>'img-course'));
            } else {
                $imageCourse = Display::return_icon('session_default_small.png', $course_title, array('class' => 'img-course'));
-            
-            }        
+
+            }
        } else {
                $imageCourse = Display::return_icon('course.png', get_lang('Course'), array('class' => 'img-default'));
-        }       
+        }
        //$imageCourse = Display::return_icon('course.png', get_lang('Course'));

        //display course entry
@ -496,9 +496,9 @@ class SocialManager extends UserManager
        } else {
            $result .= $course_title." "." ".get_lang('CourseClosed')."";
        }
-       
+
        $result .= '</li>';
-        
+

        $session = '';
        $active = false;
@ -614,9 +614,9 @@ class SocialManager extends UserManager
                ]
            );
        }
-        
+
        $skillBlock = $template->get_template('social/avatar_block.tpl');
-        
+

        return $template->fetch($skillBlock);
    }
@ -1189,9 +1189,15 @@ class SocialManager extends UserManager

            // Insert
            $newFileName = $social.$newFileName;
-            $sql = "INSERT INTO $tbl_message_attach(filename, comment, path, message_id, size)
-				  VALUES ( '$safeFileName', '$safeFileComment', '$newFileName' , '$messageId', '".$fileAttach['size']."' )";
-            Database::query($sql);
+
+            $params = [
+                'filename' => $safeFileName,
+                'comment' => $safeFileComment,
+                'path' => $newFileName,
+                'message_id' => $messageId,
+                'size' => $fileAttach['size'],
+            ];
+            Database::insert($tbl_message_attach, $params);
            $flag = true;
        }

@ -1543,7 +1549,7 @@ class SocialManager extends UserManager
        }

        $userInfo = api_get_user_info($userId, true, false, true);
-        
+
        $template->assign('user', $userInfo);
        $template->assign('socialAvatarBlock', $socialAvatarBlock);
        $template->assign('profileEditionLink', $profileEditionLink);
@ -1558,7 +1564,7 @@ class SocialManager extends UserManager
        }
        $chatEnabled = api_is_global_chat_enabled();
        $templateName = $template->assign('chat_enabled', $chatEnabled);
-        
+
        $templateName = $template->get_template('social/user_block.tpl');

        if (in_array($groupBlock, ['groups', 'group_edit', 'member_list'])) {
@ -1667,7 +1673,7 @@ class SocialManager extends UserManager
                        $statusIcon = Display::return_icon('statusoffline.png',get_lang('Offline'));
                        $status=0;
                    }
-                    
+
                    $friendHtml.= '<li class="list-group-item">';
                    $friendAvatarMedium = UserManager::getUserPicture($friend['friend_user_id'], USER_IMAGE_SIZE_MEDIUM);
                    $friendAvatarSmall = UserManager::getUserPicture($friend['friend_user_id'], USER_IMAGE_SIZE_SMALL);
@ -1681,7 +1687,7 @@ class SocialManager extends UserManager
                        $friendHtml .= '<a href="profile.php?' .'u=' . $friend['friend_user_id'] . $link_shared . '">';
                        $friendHtml .=  $friend_avatar.' <span class="username-all">' . $name_user . '</span>';
                    }
-                    
+
                    $friendHtml .= '</a>';
                    $friendHtml.= '</li>';
                }
--- a/main/inc/lib/usermanager.lib.php
+++ b/main/inc/lib/usermanager.lib.php
@ -3051,8 +3051,6 @@ class UserManager
        return $temp;
    }

-
-
    /**
     * @author Isaac flores <isaac.flores@dokeos.com>
     * @param string The email administrator
@ -3079,9 +3077,9 @@ class UserManager
        for ($i = 0; $i < count($array_users_administrator); $i++) {
            $sql_insert_outbox = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content ) ".
                " VALUES (".
-                "'".(int) $user_id."', '".(int) ($array_users_administrator[$i])."', '4', '".date('Y-m-d H:i:s')."','".Database::escape_string($title)."','".Database::escape_string($content)."'".
+                "'".(int) $user_id."', '".(int) ($array_users_administrator[$i])."', '4', '".api_get_utc_datetime()."','".Database::escape_string($title)."','".Database::escape_string($content)."'".
                ")";
-            $rs = Database::query($sql_insert_outbox);
+            Database::query($sql_insert_outbox);
        }
    }