chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use database::insert/update

Browse Source
1.10.x
Julio Montoya 10 years ago
parent b01484e54f
commit c6f1c7ff14
10 changed files with 232 additions and 197 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 169
      main/coursecopy/classes/CourseRestorer.class.php
  2. 1
      main/gradebook/lib/be/result.class.php
  3. 18
      main/inc/lib/agenda.lib.php
  4. 20
      main/inc/lib/api.lib.php
  5. 28
      main/inc/lib/course_category.lib.php
  6. 64
      main/inc/lib/legal.lib.php
  7. 42
      main/inc/lib/link.lib.php
  8. 43
      main/inc/lib/plugin.class.php
  9. 12
      main/inc/lib/social.lib.php
  10. 6
      main/inc/lib/usermanager.lib.php

169
main/coursecopy/classes/CourseRestorer.class.php
Unescape View File

@ -1225,6 +1225,7 @@ class CourseRestorer
$sessionId $sessionId
); );
$this->course->resources[RESOURCE_FORUMPOST][$id]->destination_id = $new_id; $this->course->resources[RESOURCE_FORUMPOST][$id]->destination_id = $new_id;
return $new_id; return $new_id;
} }
@ -1239,26 +1240,26 @@ class CourseRestorer
foreach ($resources[RESOURCE_LINK] as $id => $link) { foreach ($resources[RESOURCE_LINK] as $id => $link) {
$cat_id = $this->restore_link_category($link->category_id, $session_id); $cat_id = $this->restore_link_category($link->category_id, $session_id);
$sql = "SELECT MAX(display_order) FROM $link_table $sql = "SELECT MAX(display_order) FROM $link_table
WHERE c_id = ".$this->destination_course_id." AND category_id='" . self::DBUTF8escapestring($cat_id). "'"; WHERE
c_id = ".$this->destination_course_id." AND
category_id='" . intval($cat_id). "'";
$result = Database::query($sql); $result = Database::query($sql);
list($max_order) = Database::fetch_array($result); list($max_order) = Database::fetch_array($result);
$condition_session = ""; $params = [];
if (!empty($session_id)) { if (!empty($session_id)) {
$condition_session = " , session_id = '$session_id' "; $params['session_id'] = $session_id;
} }
$sql = "INSERT INTO $link_table SET $params['c_id'] = $this->destination_course_id;
c_id = ".$this->destination_course_id." , $params['url'] = self::DBUTF8($link->url);
url = '".self::DBUTF8escapestring($link->url)."', $params['title'] = self::DBUTF8($link->title);
title = '".self::DBUTF8escapestring($link->title)."', $params['description'] = self::DBUTF8($link->description);
description = '".self::DBUTF8escapestring($link->description)."', $params['category_id'] = $cat_id;
category_id = '".$cat_id."', $params['on_homepage'] = $link->on_homepage;
on_homepage = '".$link->on_homepage."', $params['display_order'] = $max_order+1;
display_order = '".($max_order+1)."' $condition_session";
Database::query($sql);
$id = Database::insert_id(); $id = Database::insert($link_table, $params);
if ($id) { if ($id) {
$sql = "UPDATE $link_table SET id = iid WHERE iid = $id"; $sql = "UPDATE $link_table SET id = iid WHERE iid = $id";
@ -1275,9 +1276,9 @@ class CourseRestorer
*/ */
public function restore_link_category($id, $session_id = 0) public function restore_link_category($id, $session_id = 0)
{ {
$condition_session = ""; $params = [];
if (!empty($session_id)) { if (!empty($session_id)) {
$condition_session = " , session_id = '$session_id' "; $params['session_id'] = $session_id;
} }
if ($id == 0) { if ($id == 0) {
@ -1292,21 +1293,19 @@ class CourseRestorer
$result=Database::query($sql); $result=Database::query($sql);
list($orderMax)=Database::fetch_array($result,'NUM'); list($orderMax)=Database::fetch_array($result,'NUM');
$display_order=$orderMax+1; $display_order=$orderMax+1;
$sql = "INSERT INTO $link_cat_table SET
c_id = ".$this->destination_course_id.", $params['c_id'] = $this->destination_course_id;
category_title = '".self::DBUTF8escapestring($link_cat->title)."', $params['category_title'] = self::DBUTF8($link_cat->title);
description = '".self::DBUTF8escapestring($link_cat->description)."', $params['description'] = self::DBUTF8($link_cat->description);
display_order = '".$display_order."' $params['display_order'] = $display_order;
$condition_session ";
Database::query($sql); $new_id = Database::insert($link_cat_table, $params);
$new_id = Database::insert_id();
if ($new_id) { if ($new_id) {
$sql = "UPDATE $link_cat_table SET id = iid WHERE iid = $new_id"; $sql = "UPDATE $link_cat_table SET id = iid WHERE iid = $new_id";
Database::query($sql); Database::query($sql);
} }
$this->course->resources[RESOURCE_LINKCATEGORY][$id]->destination_id = $new_id; $this->course->resources[RESOURCE_LINKCATEGORY][$id]->destination_id = $new_id;
return $new_id; return $new_id;
} }
@ -1324,8 +1323,11 @@ class CourseRestorer
$resources = $this->course->resources; $resources = $this->course->resources;
foreach ($resources[RESOURCE_TOOL_INTRO] as $id => $tool_intro) { foreach ($resources[RESOURCE_TOOL_INTRO] as $id => $tool_intro) {
$sql = "DELETE FROM ".$tool_intro_table." $sql = "DELETE FROM ".$tool_intro_table."
WHERE c_id = ".$this->destination_course_id." AND id='".self::DBUTF8escapestring($tool_intro->id)."'"; WHERE
c_id = ".$this->destination_course_id." AND
id='".self::DBUTF8escapestring($tool_intro->id)."'";
Database::query($sql); Database::query($sql);
$tool_intro->intro_text = DocumentManager::replace_urls_inside_content_html_from_copy_course( $tool_intro->intro_text = DocumentManager::replace_urls_inside_content_html_from_copy_course(
$tool_intro->intro_text, $tool_intro->intro_text,
$this->course->code, $this->course->code,
@ -1334,14 +1336,14 @@ class CourseRestorer
$this->course->info['path'] $this->course->info['path']
); );
$sql = "INSERT INTO ".$tool_intro_table." SET $params = [
c_id = ".$this->destination_course_id.", 'c_id' => $this->destination_course_id,
id='".self::DBUTF8escapestring($tool_intro->id)."', 'id' => self::DBUTF8($tool_intro->id),
intro_text = '".self::DBUTF8escapestring($tool_intro->intro_text)."' 'intro_text' => self::DBUTF8($tool_intro->intro_text),
session_id = $sessionId"; 'session_id' => $sessionId
Database::query($sql); ];
$id = Database::insert_id(); $id = Database::insert($tool_intro_table, $params);
if ($id) { if ($id) {
$sql = "UPDATE $tool_intro_table SET id = iid WHERE iid = $id"; $sql = "UPDATE $tool_intro_table SET id = iid WHERE iid = $id";
Database::query($sql); Database::query($sql);
@ -1371,17 +1373,16 @@ class CourseRestorer
$this->course->info['path'] $this->course->info['path']
); );
$sql = "INSERT INTO ".$table." SET $params = [
c_id = ".$this->destination_course_id." , 'c_id' => $this->destination_course_id,
title = '".self::DBUTF8escapestring($event->title)."', 'title' => self::DBUTF8($event->title),
content = '".self::DBUTF8escapestring($event->content)."', 'content' => self::DBUTF8($event->content),
all_day = '".$event->all_day."', 'all_day' => $event->all_day,
start_date = '".$event->start_date."', 'start_date' => $event->start_date,
end_date = '".$event->end_date."', 'end_date' => $event->end_date,
session_id = $sessionId"; 'session_id' => $sessionId
];
Database::query($sql); $new_event_id = Database::insert($table, $params);
$new_event_id = Database::insert_id();
if ($new_event_id) { if ($new_event_id) {
$sql = "UPDATE $table SET id = iid WHERE iid = $new_event_id"; $sql = "UPDATE $table SET id = iid WHERE iid = $new_event_id";
@ -1404,21 +1405,24 @@ class CourseRestorer
$attachment_event = Database::query($sql); $attachment_event = Database::query($sql);
$attachment_event = Database::fetch_object($attachment_event); $attachment_event = Database::fetch_object($attachment_event);
if (file_exists($origin_path.$attachment_event->path) && !is_dir($origin_path.$attachment_event->path) ) { if (file_exists($origin_path.$attachment_event->path) &&
!is_dir($origin_path.$attachment_event->path)
) {
$new_filename = uniqid(''); //ass seen in the add_agenda_attachment_file() function in agenda.inc.php $new_filename = uniqid(''); //ass seen in the add_agenda_attachment_file() function in agenda.inc.php
$copy_result = copy($origin_path.$attachment_event->path, $destination_path.$new_filename); $copy_result = copy($origin_path.$attachment_event->path, $destination_path.$new_filename);
//$copy_result = true; //$copy_result = true;
if ($copy_result) { if ($copy_result) {
$table_attachment = Database :: get_course_table(TABLE_AGENDA_ATTACHMENT); $table_attachment = Database :: get_course_table(TABLE_AGENDA_ATTACHMENT);
$sql = "INSERT INTO ".$table_attachment." SET
c_id = ".$this->destination_course_id.", $params = [
path = '".self::DBUTF8escapestring($new_filename)."', 'c_id' => $this->destination_course_id,
comment = '".self::DBUTF8escapestring($attachment_event->comment)."', 'path' => self::DBUTF8($new_filename),
size = '".$attachment_event->size."', 'comment' => self::DBUTF8($attachment_event->comment),
filename = '".$attachment_event->filename."', 'size' => $attachment_event->size,
agenda_id = '".$new_event_id."' "; 'filename' => $attachment_event->filename,
Database::query($sql); 'agenda_id' => $new_event_id
$id = Database::insert_id(); ];
$id = Database::insert($table_attachment, $params);
if ($id) { if ($id) {
$sql = "UPDATE $table_attachment SET id = iid WHERE iid = $id"; $sql = "UPDATE $table_attachment SET id = iid WHERE iid = $id";
Database::query($sql); Database::query($sql);
@ -1435,16 +1439,17 @@ class CourseRestorer
$copy_result = copy($origin_path.$event->attachment_path, $destination_path.$new_filename); $copy_result = copy($origin_path.$event->attachment_path, $destination_path.$new_filename);
if ($copy_result) { if ($copy_result) {
$table_attachment = Database :: get_course_table(TABLE_AGENDA_ATTACHMENT); $table_attachment = Database :: get_course_table(TABLE_AGENDA_ATTACHMENT);
$sql = "INSERT INTO ".$table_attachment." SET
c_id = ".$this->destination_course_id.",
path = '".self::DBUTF8escapestring($new_filename)."',
comment = '".self::DBUTF8escapestring($event->attachment_comment)."',
size = '".$event->attachment_size."',
filename = '".$event->attachment_filename."',
agenda_id = '".$new_event_id."' ";
Database::query($sql);
$id = Database::insert_id(); $params = [
'c_id' => $this->destination_course_id,
'path' => self::DBUTF8($new_filename),
'comment' => self::DBUTF8($event->attachment_comment),
'size' => $event->size,
'filename' => $event->filename,
'agenda_id' => $new_event_id
];
$id = Database::insert($table_attachment, $params);
if ($id) { if ($id) {
$sql = "UPDATE $table_attachment SET id = iid WHERE iid = $id"; $sql = "UPDATE $table_attachment SET id = iid WHERE iid = $id";
Database::query($sql); Database::query($sql);
@ -1474,20 +1479,17 @@ class CourseRestorer
$this->course->info['path'] $this->course->info['path']
); );
$condition_session = ""; $params = [];
if (!empty($session_id)) { if (!empty($session_id)) {
$session_id = intval($session_id); $session_id = intval($session_id);
$condition_session = " , session_id = '$session_id' "; $params['session_id'] = $session_id;
} }
$sql = "INSERT INTO $table SET $params['c_id'] = $this->destination_course_id;
c_id = ".$this->destination_course_id." , $params['description_type'] = self::DBUTF8($cd->description_type);
description_type = '".self::DBUTF8escapestring($cd->description_type)."', $params['title'] = self::DBUTF8($cd->title);
title = '".self::DBUTF8escapestring($cd->title)."', $params['content'] = self::DBUTF8($description_content);
content = '".self::DBUTF8escapestring($description_content)."'
$condition_session";
Database::query($sql);
$id = Database::insert_id(); $id = Database::insert($table, $params);
if ($id) { if ($id) {
$sql = "UPDATE $table SET id = iid WHERE iid = $id"; $sql = "UPDATE $table SET id = iid WHERE iid = $id";
Database::query($sql); Database::query($sql);
@ -2419,18 +2421,17 @@ class CourseRestorer
Database::query($sql); Database::query($sql);
if ($lp->visibility) { if ($lp->visibility) {
$sql = "INSERT INTO $table_tool SET $params = [
c_id = ".$this->destination_course_id.", 'c_id' => $this->destination_course_id,
name = '".self::DBUTF8escapestring($lp->name)."', 'name' => self::DBUTF8($lp->name),
link = 'newscorm/lp_controller.php?action=view&lp_id=$new_lp_id&id_session=$session_id', 'link' => 'newscorm/lp_controller.php?action=view&lp_id=$new_lp_id&id_session='.$session_id,
image = 'scormbuilder.gif', 'image' => 'scormbuilder.gif',
visibility = '0', 'visibility' => '0',
admin = '0', 'admin' => '0',
address = 'squaregrey.gif', 'address' => 'squaregrey.gif',
session_id = $session_id 'session_id' => $session_id
"; ];
Database::query($sql); $insertId = Database::insert($table_tool, $params);
$insertId = Database::insert_id();
if ($insertId) { if ($insertId) {
$sql = "UPDATE $table_tool SET id = iid WHERE iid = $insertId"; $sql = "UPDATE $table_tool SET id = iid WHERE iid = $insertId";
Database::query($sql); Database::query($sql);

1
main/gradebook/lib/be/result.class.php
Unescape View File

@ -131,7 +131,6 @@ class Result
Database::query($sql_insert); Database::query($sql_insert);
} }
} }
$list_user_course_list = array();
} }
} }

18
main/inc/lib/agenda.lib.php
Unescape View File

@ -2276,18 +2276,22 @@ class Agenda
$new_file_name = uniqid(''); $new_file_name = uniqid('');
$new_path = $uploadDir.'/'.$new_file_name; $new_path = $uploadDir.'/'.$new_file_name;
$result = @move_uploaded_file($fileUserUpload['tmp_name'], $new_path); $result = @move_uploaded_file($fileUserUpload['tmp_name'], $new_path);
$comment = Database::escape_string($comment);
$file_name = Database::escape_string($file_name);
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$size = intval($fileUserUpload['size']); $size = intval($fileUserUpload['size']);
// Storing the attachments if any // Storing the attachments if any
if ($result) { if ($result) {
$sql = 'INSERT INTO '.$agenda_table_attachment.'(c_id, filename, comment, path, agenda_id, size) '. $params = [
"VALUES ($course_id, '".$file_name."', '".$comment."', '".$new_file_name."' , '".$eventId."', '".$size."' )"; 'c_id' => $course_id,
Database::query($sql); 'filename' => $file_name,
$id = Database::insert_id(); 'comment' => $comment,
'path' => $new_file_name,
'agenda_id' => $eventId,
'size' => $size
];
$id = Database::insert($agenda_table_attachment, $params);
if ($id) { if ($id) {
$sql = "UPDATE $agenda_table_attachment SET id = iid WHERE iid = $id"; $sql = "UPDATE $agenda_table_attachment
SET id = iid WHERE iid = $id";
Database::query($sql); Database::query($sql);
api_item_property_update( api_item_property_update(

20
main/inc/lib/api.lib.php
Unescape View File

@ -4701,16 +4701,16 @@ function copy_folder_course_session(
mkdir($new_pathname, api_get_permissions_for_new_directories()); mkdir($new_pathname, api_get_permissions_for_new_directories());
// Insert new folder with destination session_id. // Insert new folder with destination session_id.
$sql = "INSERT INTO ".$table." SET $params = [
c_id = $course_id, 'c_id' => $course_id,
path = '$path', 'path' => $path,
comment = '".Database::escape_string($document->comment)."', 'comment' => $document->comment,
title = '".Database::escape_string(basename($new_pathname))."' , 'title' => basename($new_pathname),
filetype='folder', 'filetype' => 'folder',
size= '0', 'size' => '0',
session_id = '$session_id'"; 'session_id' => $session_id
Database::query($sql); ];
$document_id = Database::insert_id(); $document_id = Database::insert($table, $params);
if ($document_id) { if ($document_id) {
$sql = "UPDATE $table SET id = iid WHERE iid = $document_id"; $sql = "UPDATE $table SET id = iid WHERE iid = $document_id";

28
main/inc/lib/course_category.lib.php
Unescape View File

@ -104,13 +104,15 @@ function getCategories($category)
function addNode($code, $name, $canHaveCourses, $parent_id) function addNode($code, $name, $canHaveCourses, $parent_id)
{ {
$tbl_category = Database::get_main_table(TABLE_MAIN_CATEGORY); $tbl_category = Database::get_main_table(TABLE_MAIN_CATEGORY);
$code = trim(Database::escape_string($code)); $code = trim($code);
$name = trim(Database::escape_string($name)); $name = trim($name);
$parent_id = trim(Database::escape_string($parent_id)); $parent_id = trim($parent_id);
$canHaveCourses = Database::escape_string($canHaveCourses); $canHaveCourses = $canHaveCourses;
$code = CourseManager::generate_course_code($code);
$result = Database::query("SELECT 1 FROM $tbl_category WHERE code='$code'"); $code = CourseManager::generate_course_code($code);
$sql = "SELECT 1 FROM $tbl_category
WHERE code = '".Database::escape_string($code)."'";
$result = Database::query($sql);
if (Database::num_rows($result)) { if (Database::num_rows($result)) {
return false; return false;
} }
@ -118,10 +120,16 @@ function addNode($code, $name, $canHaveCourses, $parent_id)
$row = Database::fetch_array($result); $row = Database::fetch_array($result);
$tree_pos = $row['maxTreePos'] + 1; $tree_pos = $row['maxTreePos'] + 1;
$sql = "INSERT INTO $tbl_category(name, code, parent_id, tree_pos, children_count, auth_course_child) $params = [
VALUES('$name', '$code', " .(empty($parent_id) ? "NULL" : "'$parent_id'") . ", '$tree_pos', '0', '$canHaveCourses')"; 'name' => $name,
Database::query($sql); 'code' => $code,
$categoryId = Database::insert_id(); 'parent_id' => empty($parent_id) ? "NULL" : $parent_id,
'tree_pos' => $tree_pos,
'children_count' => 0,
'auth_course_child' => $canHaveCourses
];
$categoryId = Database::insert($tbl_category, $params);
updateParentCategoryChildrenCount($parent_id, 1); updateParentCategoryChildrenCount($parent_id, 1);

64
main/inc/lib/legal.lib.php
Unescape View File

@ -23,42 +23,40 @@ class LegalManager
*/ */
public static function add($language, $content, $type, $changes) public static function add($language, $content, $type, $changes)
{ {
$legal_table = Database::get_main_table(TABLE_MAIN_LEGAL); $legal_table = Database::get_main_table(TABLE_MAIN_LEGAL);
$last = self::get_last_condition($language); $last = self::get_last_condition($language);
$language = Database::escape_string($language); $type = intval($type);
$content = Database::escape_string($content); $time = time();
$type = intval($type);
$changes = Database::escape_string($changes);
$time = time();
if ($last['content'] != $content) { if ($last['content'] != $content) {
$version = intval(LegalManager::get_last_condition_version($language)); $version = intval(LegalManager::get_last_condition_version($language));
$version++; $version++;
$sql = "INSERT INTO $legal_table SET $params = [
language_id = '".$language."', 'language_id' => $language,
content = '".$content."', 'content' => $content,
changes= '".$changes."', 'changes' => $changes,
type = '".$type."', 'type' => $type,
version = '".intval($version)."', 'version' => intval($version),
date = '".$time."'"; 'date' => $time
Database::query($sql); ];
Database::insert($legal_table, $params);
return true; return true;
} elseif($last['type'] != $type && $language==$last['language_id']) { } elseif($last['type'] != $type && $language==$last['language_id']) {
//update //update
$id = $last['legal_id']; $id = $last['legal_id'];
$sql = "UPDATE $legal_table SET $params = [
changes= '".$changes."', 'changes' => $changes,
type = '".$type."', 'type' => $type,
date = '".$time."' 'date' => $time
WHERE legal_id= $id "; ];
Database::query($sql); Database::update($legal_table, $params, ['legal_id => ?' => $id]);
return true; return true;
} else { } else {
return false; return false;
} }
} }
public static function delete($id) public static function delete($id)
{ {

42
main/inc/lib/link.lib.php
Unescape View File

@ -350,20 +350,21 @@ class Link extends Model
$order = $orderMax + 1; $order = $orderMax + 1;
$order = intval($order); $order = intval($order);
$session_id = api_get_session_id(); $session_id = api_get_session_id();
$sql = "INSERT INTO " . $tbl_categories . " (c_id, category_title, description, display_order, session_id)
VALUES ($course_id, $params = [
'" . Database::escape_string($category_title) . "', 'c_id' => $course_id,
'" . Database::escape_string($description) . "', 'category_title' => $category_title,
'$order', 'description' => $description,
$session_id 'display_order' => $order,
)"; 'session_id' => $session_id
Database:: query($sql); ];
$linkId = Database:: insert_id(); $linkId = Database::insert($tbl_categories, $params);
// iid
$sql = "UPDATE $tbl_categories SET id = iid WHERE iid = $linkId";
Database:: query($sql);
if ($linkId) { if ($linkId) {
// iid
$sql = "UPDATE $tbl_categories SET id = iid WHERE iid = $linkId";
Database:: query($sql);
// add link_category visibility // add link_category visibility
// course ID is taken from context in api_set_default_visibility // course ID is taken from context in api_set_default_visibility
api_set_default_visibility($linkId, TOOL_LINK_CATEGORY); api_set_default_visibility($linkId, TOOL_LINK_CATEGORY);
@ -1243,13 +1244,16 @@ class Link extends Model
"SELECT MAX(display_order) FROM " . $tbl_categories . " WHERE c_id = $course_id " "SELECT MAX(display_order) FROM " . $tbl_categories . " WHERE c_id = $course_id "
); );
list ($max_order) = Database:: fetch_row($result); list ($max_order) = Database:: fetch_row($result);
Database:: query(
"INSERT INTO " . $tbl_categories . " (c_id, category_title, description, display_order) $params = [
VALUES (" . $course_id . ", '" . Database::escape_string( 'c_id' => $course_id,
$catname 'category_title' => $catname,
) . "','','" . ($max_order + 1) . "')" 'description' => '',
); 'display_order' => $max_order + 1
return Database:: insert_id(); ];
$id = Database::insert($tbl_categories, $params);
return $id;
} }
/** /**

43
main/inc/lib/plugin.class.php
Unescape View File

@ -397,36 +397,53 @@ class Plugin
// Adding course settings. // Adding course settings.
if (!empty($this->course_settings)) { if (!empty($this->course_settings)) {
foreach ($this->course_settings as $setting) { foreach ($this->course_settings as $setting) {
$variable = Database::escape_string($setting['name']); $variable = $setting['name'];
$value =''; $value ='';
if (isset($setting['init_value'])) { if (isset($setting['init_value'])) {
$value = Database::escape_string($setting['init_value']); $value = ($setting['init_value']);
} }
$type = 'textfield'; $type = 'textfield';
if (isset($setting['type'])) { if (isset($setting['type'])) {
$type = Database::escape_string($setting['type']); $type = $setting['type'];
} }
if (isset($setting['group'])) { if (isset($setting['group'])) {
$group = Database::escape_string($setting['group']); $group = $setting['group'];
$sql = "SELECT value FROM $t_course $sql = "SELECT value
WHERE c_id = $courseId AND variable = '$group' AND subkey = '$variable' "; FROM $t_course
WHERE
c_id = $courseId AND
variable = '".Database::escape_string($group)."' AND
subkey = '".Database::escape_string($variable)."'
";
$result = Database::query($sql); $result = Database::query($sql);
if (!Database::num_rows($result)) { if (!Database::num_rows($result)) {
$sql = "INSERT INTO $t_course (c_id, variable, subkey, value, category, type) VALUES $params = [
($courseId, '$group', '$variable', '$value', 'plugins', '$type')"; 'c_id' => $courseId,
Database::query($sql); 'variable' => $group,
'subkey' => $variable,
'value' => $value,
'category' => 'plugins',
'type' => $type
];
Database::insert($t_course, $params);
} }
} else { } else {
$sql = "SELECT value FROM $t_course $sql = "SELECT value FROM $t_course
WHERE c_id = $courseId AND variable = '$variable' "; WHERE c_id = $courseId AND variable = '$variable' ";
$result = Database::query($sql); $result = Database::query($sql);
if (!Database::num_rows($result)) { if (!Database::num_rows($result)) {
$sql = "INSERT INTO $t_course (c_id, variable, value, category, subkey, type) VALUES
($courseId, '$variable','$value', 'plugins', '$plugin_name', '$type')"; $params = [
Database::query($sql); 'c_id' => $courseId,
'variable' => $variable,
'subkey' => $plugin_name,
'value' => $value,
'category' => 'plugins',
'type' => $type
];
Database::insert($t_course, $params);
} }
} }
} }

12
main/inc/lib/social.lib.php
Unescape View File

@ -1189,9 +1189,15 @@ class SocialManager extends UserManager
// Insert // Insert
$newFileName = $social.$newFileName; $newFileName = $social.$newFileName;
$sql = "INSERT INTO $tbl_message_attach(filename, comment, path, message_id, size)
VALUES ( '$safeFileName', '$safeFileComment', '$newFileName' , '$messageId', '".$fileAttach['size']."' )"; $params = [
Database::query($sql); 'filename' => $safeFileName,
'comment' => $safeFileComment,
'path' => $newFileName,
'message_id' => $messageId,
'size' => $fileAttach['size'],
];
Database::insert($tbl_message_attach, $params);
$flag = true; $flag = true;
} }

6
main/inc/lib/usermanager.lib.php
Unescape View File

@ -3051,8 +3051,6 @@ class UserManager
return $temp; return $temp;
} }
/** /**
* @author Isaac flores <isaac.flores@dokeos.com> * @author Isaac flores <isaac.flores@dokeos.com>
* @param string The email administrator * @param string The email administrator
@ -3079,9 +3077,9 @@ class UserManager
for ($i = 0; $i < count($array_users_administrator); $i++) { for ($i = 0; $i < count($array_users_administrator); $i++) {
$sql_insert_outbox = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content ) ". $sql_insert_outbox = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content ) ".
" VALUES (". " VALUES (".
"'".(int) $user_id."', '".(int) ($array_users_administrator[$i])."', '4', '".date('Y-m-d H:i:s')."','".Database::escape_string($title)."','".Database::escape_string($content)."'". "'".(int) $user_id."', '".(int) ($array_users_administrator[$i])."', '4', '".api_get_utc_datetime()."','".Database::escape_string($title)."','".Database::escape_string($content)."'".
")"; ")";
$rs = Database::query($sql_insert_outbox); Database::query($sql_insert_outbox);
} }
} }

Write Preview
Loading…
Cancel
Save