chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #306 - Replacing the function api_sql_query() with Database::query() within all the library files.

Browse Source
skala
Ivan Tcholakov 16 years ago
parent 0e51c62659
commit e1f30c1001
27 changed files with 715 additions and 715 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      main/inc/global.inc.php
  2. 6
      main/inc/introductionSection.inc.php
  3. 366
      main/inc/lib/add_course.lib.inc.php
  4. 174
      main/inc/lib/blog.lib.php
  5. 38
      main/inc/lib/classmanager.lib.php
  6. 48
      main/inc/lib/document.lib.php
  7. 36
      main/inc/lib/events.lib.inc.php
  8. 10
      main/inc/lib/export.lib.inc.php
  9. 4
      main/inc/lib/fckeditor/fcktemplates.xml.php
  10. 2
      main/inc/lib/fileDisplay.lib.php
  11. 8
      main/inc/lib/fileManage.lib.php
  12. 12
      main/inc/lib/fileUpload.lib.php
  13. 2
      main/inc/lib/formvalidator/Rule/UsernameAvailable.php
  14. 96
      main/inc/lib/groupmanager.lib.php
  15. 16
      main/inc/lib/online.inc.php
  16. 4
      main/inc/lib/search/tool_processors/document_processor.class.php
  17. 2
      main/inc/lib/search/tool_processors/learnpath_processor.class.php
  18. 2
      main/inc/lib/search/tool_processors/link_processor.class.php
  19. 4
      main/inc/lib/search/tool_processors/quiz_processor.class.php
  20. 88
      main/inc/lib/sessionmanager.lib.php
  21. 20
      main/inc/lib/specific_fields_manager.lib.php
  22. 270
      main/inc/lib/surveymanager.lib.php
  23. 20
      main/inc/lib/system_announcements.lib.php
  24. 96
      main/inc/lib/tracking.lib.php
  25. 58
      main/inc/lib/urlmanager.lib.php
  26. 36
      main/inc/local.inc.php
  27. 4
      main/inc/tool_navigation_menu.inc.php

8
main/inc/global.inc.php
Unescape View File

@ -103,7 +103,7 @@ if (!$_configuration['db_host']) {
}
// The Dokeos system has not been designed to use special SQL modes that were introduced since MySQL 5.
api_sql_query("set session sql_mode='';", __FILE__, __LINE__);
Database::query("set session sql_mode='';", __FILE__, __LINE__);
if (!mysql_select_db($_configuration['main_database'], $dokeos_database_connection)) {
$global_error_code = 5;
@ -119,7 +119,7 @@ if (!mysql_select_db($_configuration['main_database'], $dokeos_database_connecti
*/
// The platform's character set must be retrieved at this early moment.
$sql = "SELECT selected_value FROM settings_current WHERE variable = 'platform_charset';";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = @mysql_fetch_array($result)) {
$charset = $row[0];
}
@ -486,10 +486,10 @@ if ($_configuration['tracking_enabled'] && !isset($_SESSION['login_as']) && isse
$sql_last_connection = "SELECT login_id, login_date FROM $tbl_track_login WHERE login_user_id='".$_user["user_id"]."' ORDER BY login_date DESC LIMIT 0,1";
$q_last_connection = api_sql_query($sql_last_connection);
$q_last_connection = Database::query($sql_last_connection);
if (Database::num_rows($q_last_connection) > 0) {
$i_id_last_connection = Database::result($q_last_connection, 0, 'login_id');
$s_sql_update_logout_date = "UPDATE $tbl_track_login SET logout_date=NOW() WHERE login_id='$i_id_last_connection'";
api_sql_query($s_sql_update_logout_date);
Database::query($s_sql_update_logout_date);
}
}

6
main/inc/introductionSection.inc.php
Unescape View File

@ -99,7 +99,7 @@ if ($intro_editAllowed) {
if ( ! empty($intro_content) ) {
$sql = "REPLACE $TBL_INTRODUCTION SET id='$moduleId',intro_text='".Database::escape_string($intro_content)."'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
Display::display_confirmation_message(get_lang('IntroductionTextUpdated'),false);
} else {
$intro_cmdDel = true; // got to the delete command
@ -113,7 +113,7 @@ if ($intro_editAllowed) {
/* Delete Command */
if ($intro_cmdDel) {
api_sql_query("DELETE FROM $TBL_INTRODUCTION WHERE id='".$moduleId."'",__FILE__,__LINE__);
Database::query("DELETE FROM $TBL_INTRODUCTION WHERE id='".$moduleId."'",__FILE__,__LINE__);
Display::display_confirmation_message(get_lang('IntroductionTextDeleted'));
}
@ -127,7 +127,7 @@ if ($intro_editAllowed) {
/* Retrieves the module introduction text, if exist */
$sql = "SELECT intro_text FROM $TBL_INTRODUCTION WHERE id='".$moduleId."'";
$intro_dbQuery = api_sql_query($sql,__FILE__,__LINE__);
$intro_dbQuery = Database::query($sql,__FILE__,__LINE__);
$intro_dbResult = mysql_fetch_array($intro_dbQuery);
$intro_content = $intro_dbResult['intro_text'];

366
main/inc/lib/add_course.lib.inc.php
View File

File diff suppressed because it is too large Load Diff

174
main/inc/lib/blog.lib.php
Unescape View File

@ -55,7 +55,7 @@ class Blog {
FROM " . $tbl_blogs . "
WHERE blog_id = " . Database::escape_string((int)$blog_id);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$blog = Database::fetch_array($result);
return stripslashes($blog['blog_name']);
}
@ -74,7 +74,7 @@ class Blog {
// init
$tbl_blogs = Database::get_course_table(TABLE_BLOGS);
$sql = "SELECT blog_subtitle FROM $tbl_blogs WHERE blog_id ='".Database::escape_string((int)$blog_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$blog = Database::fetch_array($result);
return stripslashes($blog['blog_subtitle']);
@ -104,7 +104,7 @@ class Blog {
FROM " . $tbl_blogs_rel_user . " blogs_rel_user
INNER JOIN " . $tbl_users . " user ON blogs_rel_user.user_id = user.user_id
WHERE blogs_rel_user.blog_id = '" . Database::escape_string((int)$blog_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$blog_members = array ();
@ -143,18 +143,18 @@ class Blog {
// Create the blog
$sql = "INSERT INTO $tbl_blogs (blog_name, blog_subtitle, date_creation, visibility )
VALUES ('".Database::escape_string($title)."', '".Database::escape_string($subtitle)."', '".$current_date."', '1');";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$this_blog_id = Database::get_last_insert_id();
// Make first post. :)
$sql = "INSERT INTO $tbl_blogs_posts (title, full_text, date_creation, blog_id, author_id )
VALUES ('".get_lang("Welcome")."', '" . get_lang('FirstPostText')."','".$current_date."', '".Database::escape_string((int)$this_blog_id)."', '".Database::escape_string((int)$_user['user_id'])."');";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// Put it on course homepage
$sql = "INSERT INTO $tbl_tool (name, link, image, visibility, admin, address, added_tool)
VALUES ('".Database::escape_string($title)."','blog/blog.php?blog_id=".(int)$this_blog_id."','blog.gif','1','0','pastillegris.gif',0)";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// Subscribe the teacher to this blog
Blog::set_user_subscribed((int)$this_blog_id,(int)$_user['user_id']);
@ -180,12 +180,12 @@ class Blog {
// Update the blog
$sql = "UPDATE $tbl_blogs SET blog_name = '".Database::escape_string($title)."', blog_subtitle = '".Database::escape_string($subtitle)."' WHERE blog_id ='".Database::escape_string((int)$blog_id)."' LIMIT 1";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$this_blog_id = Database::get_last_insert_id();
// Update course homepage link
$sql = "UPDATE $tbl_tool SET name = '".Database::escape_string($title)."' WHERE link = 'blog/blog.php?blog_id=".Database::escape_string((int)$blog_id)."' LIMIT 1";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/**
@ -211,27 +211,27 @@ class Blog {
//Delete comments
$sql = "DELETE FROM $tbl_blogs_comment WHERE blog_id ='".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// Delete posts
$sql = "DELETE FROM $tbl_blogs_posts WHERE blog_id ='".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// Delete tasks
$sql = "DELETE FROM $tbl_blogs_tasks WHERE blog_id ='".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// Delete ratings
$sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id ='".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// Delete blog
$sql ="DELETE FROM $tbl_blogs WHERE blog_id ='".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// Delete from course homepage
$sql = "DELETE FROM $tbl_tool WHERE link = 'blog/blog.php?blog_id=".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/**
@ -269,7 +269,7 @@ class Blog {
$sql = "INSERT INTO " . $tbl_blogs_posts." (title, full_text, date_creation, blog_id, author_id )
VALUES ('".Database::escape_string($title)."', '".Database::escape_string($full_text)."','".$current_date."', '".(int)$blog_id."', '".(int)$_user['user_id']."');";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$last_post_id=Database::insert_id();
if ($has_attachment)
@ -300,7 +300,7 @@ class Blog {
{
$sql='INSERT INTO '.$blog_table_attachment.'(filename,comment, path, post_id,size, blog_id,comment_id) '.
"VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$last_post_id."', '".$_FILES['user_upload']['size']."', '".$blog_id."', '0' )";
$result=api_sql_query($sql, __LINE__, __FILE__);
$result=Database::query($sql, __LINE__, __FILE__);
$message.=' / '.get_lang('AttachmentUpload');
}
}
@ -329,7 +329,7 @@ class Blog {
// Create the post
$sql = "UPDATE $tbl_blogs_posts SET title = '" . Database::escape_string($title)."', full_text = '" . Database::escape_string($full_text)."' WHERE post_id ='".(int)$post_id."' AND blog_id ='".(int)$blog_id."' LIMIT 1 ;";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/**
@ -349,15 +349,15 @@ class Blog {
// Delete ratings on this comment
$sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$post_id."' AND rating_type = 'post'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// Delete the post
$sql = "DELETE FROM $tbl_blogs_posts WHERE post_id = '".(int)$post_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// Delete the comments
$sql = "DELETE FROM $tbl_blogs_comments WHERE post_id = '".(int)$post_id."' AND blog_id = '".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// Delete posts and attachments
delete_all_blog_attachment($blog_id,$post_id);
@ -399,7 +399,7 @@ class Blog {
// Create the comment
$sql = "INSERT INTO $tbl_blogs_comments (title, comment, author_id, date_creation, blog_id, post_id, parent_comment_id, task_id )
VALUES ('".Database::escape_string($title)."', '".Database::escape_string($full_text)."', '".(int)$_user['user_id']."','".$current_date."', '".(int)$blog_id."', '".(int)$post_id."', '".(int)$parent_id."', '".(int)$task_id."')";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// Empty post values, or they are shown on the page again
$_POST['comment_title'] = "";
@ -435,7 +435,7 @@ class Blog {
{
$sql='INSERT INTO '.$blog_table_attachment.'(filename,comment, path, post_id,size,blog_id,comment_id) '.
"VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$post_id."', '".$_FILES['user_upload']['size']."', '".$blog_id."', '".$last_id."' )";
$result=api_sql_query($sql, __LINE__, __FILE__);
$result=Database::query($sql, __LINE__, __FILE__);
$message.=' / '.get_lang('AttachmentUpload');
}
}
@ -465,11 +465,11 @@ class Blog {
// Delete ratings on this comment
$sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$comment_id."' AND rating_type = 'comment'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// select comments that have the selected comment as their parent
$sql = "SELECT comment_id FROM $tbl_blogs_comments WHERE parent_comment_id = '".(int)$comment_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
// Delete them recursively
while($comment = Database::fetch_array($result)) {
@ -478,7 +478,7 @@ class Blog {
// Finally, delete the selected comment to
$sql = "DELETE FROM $tbl_blogs_comments WHERE comment_id = '".(int)$comment_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/**
@ -500,7 +500,7 @@ class Blog {
// Create the task
$sql = "INSERT INTO $tbl_blogs_tasks (blog_id, title, description, color, system_task )
VALUES ('".(int)$blog_id."', '" . Database::escape_string($title)."', '" . Database::escape_string($description)."', '" . Database::escape_string($color)."', '0');";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$task_id = mysql_insert_id();
$tool = 'BLOG_' . $blog_id;
@ -518,7 +518,7 @@ class Blog {
'article_delete'
)";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
if($articleEdit == 'on')
@ -534,7 +534,7 @@ class Blog {
'article_edit'
)";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
if($commentsDelete == 'on')
@ -550,7 +550,7 @@ class Blog {
'article_comments_delete'
)";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
}
@ -576,7 +576,7 @@ class Blog {
description = '".Database::escape_string($description)."',
color = '".Database::escape_string($color)."'
WHERE task_id ='".(int)$task_id."' LIMIT 1";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$tool = 'BLOG_' . $blog_id;
@ -584,7 +584,7 @@ class Blog {
DELETE FROM " . $tbl_tasks_permissions . "
WHERE task_id = '" . (int)$task_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
if($articleDelete == 'on')
{
@ -599,7 +599,7 @@ class Blog {
'article_delete'
)";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
if($articleEdit == 'on')
@ -615,7 +615,7 @@ class Blog {
'article_edit'
)";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
if($commentsDelete == 'on')
@ -631,7 +631,7 @@ class Blog {
'article_comments_delete'
)";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
}
@ -649,7 +649,7 @@ class Blog {
// Delete posts
$sql = "DELETE FROM $tbl_blogs_tasks WHERE blog_id = '".(int)$blog_id."' AND task_id = '".(int)$task_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/**
@ -665,7 +665,7 @@ class Blog {
$tbl_blogs_tasks_rel_user = Database::get_course_table(TABLE_BLOGS_TASKS_REL_USER);
// Delete posts
$sql = "DELETE FROM $tbl_blogs_tasks_rel_user WHERE blog_id = '".(int)$blog_id."' AND task_id = '".(int)$task_id."' AND user_id = '".(int)$user_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/**
@ -689,7 +689,7 @@ class Blog {
INNER JOIN $tbl_blogs blog ON task_rel_user.blog_id = blog.blog_id
AND blog.blog_id = ".intval($_GET['blog_id'])."
WHERE task_rel_user.user_id = ".(int)$_user['user_id']." ORDER BY target_date ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if(mysql_numrows($result) > 0)
{
@ -727,7 +727,7 @@ class Blog {
// Get blog properties
$sql = "SELECT blog_name, visibility FROM $tbl_blogs WHERE blog_id='".(int)$blog_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$blog = Database::fetch_array($result);
$visibility = $blog['visibility'];
$title = $blog['blog_name'];
@ -736,20 +736,20 @@ class Blog {
{
// Change visibility state, remove from course home.
$sql = "UPDATE $tbl_blogs SET visibility = '0' WHERE blog_id ='".(int)$blog_id."' LIMIT 1";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$sql = "DELETE FROM $tbl_tool WHERE name = '".Database::escape_string($title)."' LIMIT 1";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
else
{
// Change visibility state, add to course home.
$sql = "UPDATE $tbl_blogs SET visibility = '1' WHERE blog_id ='".(int)$blog_id."' LIMIT 1";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$sql = "INSERT INTO $tbl_tool (name, link, image, visibility, admin, address, added_tool, target )
VALUES ('".Database::escape_string($title)."', 'blog/blog.php?blog_id=".(int)$blog_id."', 'blog.gif', '1', '0', 'pastillegris.gif', '0', '_self')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
}
@ -773,7 +773,7 @@ class Blog {
WHERE post.blog_id = '".(int)$blog_id."'
AND $filter
ORDER BY post_id DESC LIMIT 0,".(int)$max_number_of_posts;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
// Display
if(Database::num_rows($result) > 0)
@ -782,7 +782,7 @@ class Blog {
{
// Get number of comments
$sql = "SELECT COUNT(1) as number_of_comments FROM $tbl_blogs_comments WHERE blog_id = '".(int)$blog_id."' AND post_id = '" . (int)$blog_post['post_id']."'";
$tmp = api_sql_query($sql, __FILE__, __LINE__);
$tmp = Database::query($sql, __FILE__, __LINE__);
$blog_post_comments = Database::fetch_array($tmp);
// Prepare data
@ -917,12 +917,12 @@ class Blog {
WHERE post.blog_id = '".(int)$blog_id."'
AND post.post_id = '".(int)$post_id."'
ORDER BY post_id DESC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$blog_post = Database::fetch_array($result);
// Get number of comments
$sql = "SELECT COUNT(1) as number_of_comments FROM $tbl_blogs_comments WHERE blog_id = '".(int)$blog_id."' AND post_id = '".(int)$post_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$blog_post_comments = Database::fetch_array($result);
// Prepare data
@ -1009,13 +1009,13 @@ class Blog {
AND item_id = '".(int)$item_id."'
AND rating_type = '".Database::escape_string($type)."'
AND user_id = '".(int)$_user['user_id']."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if(Database::num_rows($result) == 0) // Add rating
{
$sql = "INSERT INTO $tbl_blogs_rating ( blog_id, rating_type, item_id, user_id, rating )
VALUES ('".(int)$blog_id."', '".Database::escape_string($type)."', '".(int)$item_id."', '".(int)$_user['user_id']."', '".Database::escape_string($rating)."')";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
return true;
}
else // Return
@ -1038,7 +1038,7 @@ class Blog {
// Calculate rating
$sql = "SELECT AVG(rating) as rating FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$item_id."' AND rating_type = '".Database::escape_string($type)."' ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::fetch_array($result);
return round($result['rating'], 2);
}
@ -1067,7 +1067,7 @@ class Blog {
AND item_id = '".(int)$post_id."'
AND rating_type = '".Database::escape_string($type)."'
AND user_id = '".(int)$_user['user_id']."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if(Database::num_rows($result) == 0) // Add rating
{
@ -1086,7 +1086,7 @@ class Blog {
AND item_id = '".(int)$comment_id."'
AND rating_type = '".Database::escape_string($type)."'
AND user_id = '".(int)$_user['user_id']."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if(Database::num_rows($result) == 0) // Add rating
{
@ -1123,7 +1123,7 @@ class Blog {
WHERE parent_comment_id = $current
AND comments.blog_id = '".(int)$blog_id."'
AND comments.post_id = '".(int)$post_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while($comment = Database::fetch_array($result))
{
@ -1133,7 +1133,7 @@ class Blog {
WHERE comment_id = $current
AND blog_id = '".(int)$blog_id."'
AND post_id = '".(int)$post_id."'";
$tmp = api_sql_query($tmp, __FILE__, __LINE__);
$tmp = Database::query($tmp, __FILE__, __LINE__);
$tmp = Database::fetch_array($tmp);
$parent_cat = $tmp['parent_comment_id'];
$border_color = '';
@ -1363,7 +1363,7 @@ class Blog {
WHERE post.blog_id = '".(int)$blog_id ."'
AND post.post_id = '".(int)$post_id."'
ORDER BY post_id DESC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$blog_post = Database::fetch_array($result);
// Prepare data
@ -1472,7 +1472,7 @@ class Blog {
ORDER BY
system_task,
title";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while($task = Database::fetch_array($result))
@ -1532,7 +1532,7 @@ class Blog {
INNER JOIN $tbl_blogs_tasks task ON task_rel_user.task_id = task.task_id
INNER JOIN $tbl_users user ON task_rel_user.user_id = user.user_id
WHERE task_rel_user.blog_id = '".(int)$blog_id."' ORDER BY target_date ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while($assignment = Database::fetch_array($result))
@ -1668,7 +1668,7 @@ class Blog {
$colors = array('FFFFFF','FFFF99','FFCC99','FF9933','FF6699','CCFF99','CC9966','66FF00', '9966FF', 'CF3F3F', '990033','669933','0033FF','003366','000000');
$sql = "SELECT blog_id, task_id, title, description, color FROM $tbl_blogs_tasks WHERE task_id = '".(int)$task_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$task = Database::fetch_array($result);
// Display
@ -1693,7 +1693,7 @@ class Blog {
action
FROM " . $tbl_tasks_permissions . "
WHERE task_id = '" . (int)$task_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$arrPermissions = array();
@ -1768,7 +1768,7 @@ class Blog {
INNER JOIN $tbl_blogs_rel_user blogs_rel_user
ON user.user_id = blogs_rel_user.user_id
WHERE blogs_rel_user.blog_id = '".(int)$blog_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$select_user_list = '<select name="task_user_id">';
while($user = Database::fetch_array($result))
{
@ -1792,7 +1792,7 @@ class Blog {
ORDER BY
system_task,
title";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$select_task_list = '<select name="task_task_id">';
while($task = Database::fetch_array($result))
@ -1918,7 +1918,7 @@ class Blog {
user_id = $user_id AND
blog_id = $blog_id";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$arrUserTasks = array();
@ -1935,7 +1935,7 @@ class Blog {
WHERE blog_id = '".(int)$blog_id."'
AND user_id = '".(int)$user_id."'
AND task_id = '".(int)$task_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result);
$old_date = $row['target_date'];
@ -1947,7 +1947,7 @@ class Blog {
FROM $tbl_users user
INNER JOIN $tbl_blogs_rel_user blogs_rel_user on user.user_id = blogs_rel_user.user_id
WHERE blogs_rel_user.blog_id = '".(int)$blog_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$select_user_list = '<select name="task_user_id">';
@ -1972,7 +1972,7 @@ class Blog {
ORDER BY
system_task,
title";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$select_task_list = '<select name="task_task_id">';
@ -2074,7 +2074,7 @@ class Blog {
AND task_id = " . (int)$task_id . "
";
$result = @api_sql_query($sql, __FILE__, __LINE__);
$result = @Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result);
if($row['number'] == 0)
@ -2092,7 +2092,7 @@ class Blog {
'" . Database::escape_string($target_date) . "'
)";
$result = @api_sql_query($sql, __FILE__, __LINE__);
$result = @Database::query($sql, __FILE__, __LINE__);
}
}
@ -2109,7 +2109,7 @@ class Blog {
task_id = " . (int)$task_id . "
";
$result = @api_sql_query($sql, __FILE__, __LINE__);
$result = @Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result);
if($row['number'] == 0 || ($row['number'] != 0 && $task_id == $old_task_id && $user_id == $old_user_id))
@ -2127,7 +2127,7 @@ class Blog {
target_date = '" . Database::escape_string($old_target_date) . "'
";
$result = @api_sql_query($sql, __FILE__, __LINE__);
$result = @Database::query($sql, __FILE__, __LINE__);
}
}
@ -2147,7 +2147,7 @@ class Blog {
SELECT title, description
FROM $tbl_blogs_tasks
WHERE task_id = '".(int)$task_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result);
// Get posts and authors
$sql = "
@ -2160,7 +2160,7 @@ class Blog {
WHERE post.blog_id = '".(int)$blog_id."'
ORDER BY post_id DESC
LIMIT 0, 100";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
// Display
echo '<span class="blogpost_title">' . get_lang('SelectTaskArticle') . ' "' . stripslashes($row['title']) . '"</span>';
@ -2192,13 +2192,13 @@ class Blog {
// Subscribe the user
$sql = "INSERT INTO $tbl_blogs_rel_user ( blog_id, user_id ) VALUES ('".(int)$blog_id."', '".(int)$user_id."');";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
// Give this user basic rights
$sql="INSERT INTO $tbl_user_permissions (user_id,tool,action) VALUES ('".(int)$user_id."','BLOG_" . (int)$blog_id."','article_add')";
$result = api_sql_query($sql, __LINE__, __FILE__);
$result = Database::query($sql, __LINE__, __FILE__);
$sql="INSERT INTO $tbl_user_permissions (user_id,tool,action) VALUES ('".(int)$user_id."','BLOG_" . (int)$blog_id."','article_comments_add')";
$result = api_sql_query($sql, __LINE__, __FILE__);
$result = Database::query($sql, __LINE__, __FILE__);
}
/**
@ -2215,11 +2215,11 @@ class Blog {
// Unsubscribe the user
$sql = "DELETE FROM $tbl_blogs_rel_user WHERE blog_id = '".(int)$blog_id."' AND user_id = '".(int)$user_id."'";
$result = @api_sql_query($sql, __FILE__, __LINE__);
$result = @Database::query($sql, __FILE__, __LINE__);
// Remove this user's permissions.
$sql = "DELETE FROM $tbl_user_permissions WHERE user_id = '".(int)$user_id."'";
$result = api_sql_query($sql, __LINE__, __FILE__);
$result = Database::query($sql, __LINE__, __FILE__);
}
/**
@ -2249,7 +2249,7 @@ class Blog {
INNER JOIN $tbl_blogs_rel_user blogs_rel_user
ON user.user_id = blogs_rel_user.user_id
WHERE blogs_rel_user.blog_id = '".intval($blog_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$blog_member_ids = array ();
while($user = Database::fetch_array($result))
@ -2372,7 +2372,7 @@ class Blog {
ON user.user_id = blogs_rel_user.user_id
WHERE blogs_rel_user.blog_id = '".(int)$blog_id."'";
//$sql_result = api_sql_query($sql_query, __FILE__, __LINE__);
//$sql_result = Database::query($sql_query, __FILE__, __LINE__);
$sql_result = mysql_query($sql_query) or die(mysql_error());
@ -2593,7 +2593,7 @@ class Blog {
AND MONTH(date_creation) = '".(int)$month."'
AND YEAR(date_creation) = '".(int)$year."'
ORDER BY date_creation";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
// We will create an array of days on which there are posts.
if( Database::num_rows($result) > 0)
@ -2622,7 +2622,7 @@ class Blog {
AND MONTH(target_date) = '".(int)$month."'
AND YEAR(target_date) = '".(int)$year."'
ORDER BY target_date ASC";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if(mysql_numrows($result) > 0)
{
@ -2763,7 +2763,7 @@ class Blog {
$tbl_blogs = Database::get_course_table(TABLE_BLOGS);
$sql = "SELECT blog_id, blog_name, blog_subtitle FROM $tbl_blogs WHERE blog_id = '".(int)$blog_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$blog = Database::fetch_array($result);
// the form contained errors but we do not want to lose the changes the user already did
@ -2822,7 +2822,7 @@ class Blog {
$tbl_blogs = Database::get_course_table(TABLE_BLOGS);
$sql = 'SELECT blog_name,blog_subtitle,visibility,blog_id FROM '.$tbl_blogs.' ORDER BY date_creation DESC ';
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row_project=Database::fetch_row($result)) {
$list_info[]=$row_project;
@ -2873,7 +2873,7 @@ class Blog {
}
/*$sql = "SELECT blog_id, blog_name, blog_subtitle, visibility FROM $tbl_blogs ORDER BY blog_name";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while($blog = Database::fetch_array($result))
{
@ -2945,7 +2945,7 @@ function get_blog_attachment($blog_id, $post_id=null,$comment_id=null)
$sql = 'SELECT path, filename, comment FROM '. $blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'" '.$where;
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result)!=0)
{
$row=Database::fetch_array($result);
@ -2992,7 +2992,7 @@ function delete_all_blog_attachment($blog_id,$post_id=null,$comment_id=null)
$updir = $sys_course_path.$courseDir;
$sql= 'SELECT path FROM '.$blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'" '.$where;
$result=api_sql_query($sql, __FILE__, __LINE__);
$result=Database::query($sql, __FILE__, __LINE__);
while ($row=Database::fetch_row($result))
{
@ -3003,7 +3003,7 @@ function delete_all_blog_attachment($blog_id,$post_id=null,$comment_id=null)
}
}
$sql = 'DELETE FROM '. $blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'" '.$where;
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/**
* Gets all the post from a given user id
@ -3019,7 +3019,7 @@ function get_blog_post_from_user($course_db_name, $user_id) {
ON (blog.blog_id = post.blog_id)
WHERE author_id = $user_id AND visibility = 1
ORDER BY post.date_creation DESC ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$return_data = '';
//$my_course_info=explode('_',$course_db_name);
$my_course_id=CourseManager::get_course_id_by_database_name($course_db_name);
@ -3052,7 +3052,7 @@ function get_blog_comment_from_user($course_db_name, $user_id) {
ON (blog.blog_id = comment.blog_id)
WHERE author_id = $user_id AND visibility = 1
ORDER BY blog_name";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$return_data = '';
$my_course_info=explode('_',$course_db_name);
if (Database::num_rows($result)!=0) {

38
main/inc/lib/classmanager.lib.php
Unescape View File

@ -45,7 +45,7 @@ class ClassManager
{
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "SELECT * FROM $table_class WHERE id='".$class_id."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
return mysql_fetch_array($res, MYSQL_ASSOC);
}
/**
@ -57,7 +57,7 @@ class ClassManager
{
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "UPDATE $table_class SET name='".mysql_real_escape_string($name)."' WHERE id='".$class_id."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
}
/**
* Create a class
@ -67,7 +67,7 @@ class ClassManager
{
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "INSERT INTO $table_class SET name='".mysql_real_escape_string($name)."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
return mysql_affected_rows() == 1;
}
/**
@ -78,7 +78,7 @@ class ClassManager
{
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "SELECT * FROM $table_class WHERE name='".mysql_real_escape_string($name)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
return mysql_num_rows($res) != 0;
}
/**
@ -93,11 +93,11 @@ class ClassManager
$table_class_course = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$sql = "DELETE FROM $table_class_user WHERE class_id = '".$class_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = "DELETE FROM $table_class_course WHERE class_id = '".$class_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = "DELETE FROM $table_class WHERE id = '".$class_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/**
* Get all users from a class
@ -109,7 +109,7 @@ class ClassManager
$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT * FROM $table_class_user cu, $table_user u WHERE cu.class_id = '".$class_id."' AND cu.user_id = u.user_id";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$users = array ();
while ($user = mysql_fetch_array($res, MYSQL_ASSOC))
{
@ -127,7 +127,7 @@ class ClassManager
{
$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$sql = "INSERT IGNORE INTO $table_class_user SET user_id = '".$user_id."', class_id='".$class_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$courses = ClassManager :: get_courses($class_id);
foreach ($courses as $index => $course)
{
@ -152,7 +152,7 @@ class ClassManager
{
$course_codes[] = $course['course_code'];
$sql = "SELECT DISTINCT user_id FROM $table_class_user t1, $table_course_class t2 WHERE t1.class_id=t2.class_id AND course_code = '".$course['course_code']."' AND user_id = $user_id AND t2.class_id<>'$class_id'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
if (mysql_num_rows($res) == 0 && CourseManager :: get_user_in_course_status($user_id, $course['course_code']) == STUDENT)
{
CourseManager :: unsubscribe_user($user_id, $course['course_code']);
@ -160,7 +160,7 @@ class ClassManager
}
}
$sql = "DELETE FROM $table_class_user WHERE user_id='".$user_id."' AND class_id = '".$class_id."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/**
* Get all courses in which a class is subscribed
@ -172,7 +172,7 @@ class ClassManager
$table_class_course = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$sql = "SELECT * FROM $table_class_course cc, $table_course c WHERE cc.class_id = '".$class_id."' AND cc.course_code = c.code";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$courses = array ();
while ($course = mysql_fetch_array($res, MYSQL_ASSOC))
{
@ -191,9 +191,9 @@ class ClassManager
$tbl_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$sql = "INSERT IGNORE INTO $tbl_course_class SET course_code = '".mysql_real_escape_string($course_code)."', class_id = '".mysql_real_escape_string($class_id)."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
$sql = "SELECT user_id FROM $tbl_class_user WHERE class_id = '".mysql_real_escape_string($class_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
while ($user = mysql_fetch_object($res))
{
CourseManager :: subscribe_user($user->user_id, $course_code);
@ -211,11 +211,11 @@ class ClassManager
$tbl_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$tbl_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$sql = "SELECT cu.user_id,COUNT(cc.class_id) FROM $tbl_course_class cc, $tbl_class_user cu WHERE cc.class_id = cu.class_id AND cc.course_code = '".mysql_real_escape_string($course_code)."' GROUP BY cu.user_id HAVING COUNT(cc.class_id) = 1";
$single_class_users = api_sql_query($sql, __FILE__, __LINE__);
$single_class_users = Database::query($sql, __FILE__, __LINE__);
while ($single_class_user = mysql_fetch_object($single_class_users))
{
$sql = "SELECT * FROM $tbl_class_user WHERE class_id = '".mysql_real_escape_string($class_id)."' AND user_id = '".mysql_real_escape_string($single_class_user->user_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
if (mysql_num_rows($res) > 0)
{
if (CourseManager :: get_user_in_course_status($single_class_user->user_id, $course_code) == STUDENT)
@ -225,7 +225,7 @@ class ClassManager
}
}
$sql = "DELETE FROM $tbl_course_class WHERE course_code = '".mysql_real_escape_string($course_code)."' AND class_id = '".mysql_real_escape_string($class_id)."'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/**
@ -237,7 +237,7 @@ class ClassManager
{
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "SELECT * FROM $table_class WHERE name='".$name."'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$obj = mysql_fetch_object($res);
return $obj->id;
}
@ -251,7 +251,7 @@ class ClassManager
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$table_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$sql = "SELECT cl.* FROM $table_class cl, $table_course_class cc WHERE cc.course_code = '".mysql_real_escape_string($course_code)."' AND cc.class_id = cl.id";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$classes = array ();
while ($class = mysql_fetch_array($res, MYSQL_ASSOC))
{

48
main/inc/lib/document.lib.php
Unescape View File

@ -85,7 +85,7 @@ class DocumentManager {
$course_table = Database::get_main_table(TABLE_MAIN_COURSE);
$sql_query = "SELECT ".DISK_QUOTA_FIELD." FROM $course_table WHERE code = '$course_code'";
$sql_result = api_sql_query($sql_query, __FILE__, __LINE__);
$sql_result = Database::query($sql_query, __FILE__, __LINE__);
$result = Database::fetch_array($sql_result);
$course_quota = $result[DISK_QUOTA_FIELD];
@ -320,7 +320,7 @@ class DocumentManager {
$query = "SELECT 1 FROM $tbl_document AS docs,$tbl_item_property AS props
WHERE props.tool = 'document' AND docs.id=props.ref AND props.visibility <> '1' AND docs.path = '$doc_url'";
//echo $query;
$result = api_sql_query($query, __FILE__, __LINE__);
$result = Database::query($query, __FILE__, __LINE__);
return (Database::num_rows($result) == 0);
}
@ -524,7 +524,7 @@ class DocumentManager {
AND ".$to_field." = ".$to_value."
AND last.visibility".$visibility_bit;
$result = api_sql_query($sql);
$result = Database::query($sql);
if ($result && Database::num_rows($result) != 0)
{
@ -540,7 +540,7 @@ class DocumentManager {
WHERE course_code='".$_course['id']."'
AND user_id='".api_get_user_id()."'
AND ref_doc='".$row['id']."'";
$template_result = api_sql_query($sql_is_template);
$template_result = Database::query($sql_is_template);
if(Database::num_rows($template_result)>0){
$row['is_template'] = 1;
}
@ -592,7 +592,7 @@ class DocumentManager {
AND last.to_group_id = ".$to_group_id."
AND last.visibility <> 2";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if ($result && Database::num_rows($result) != 0)
{
@ -623,7 +623,7 @@ class DocumentManager {
AND last.tool = '".TOOL_DOCUMENT."'
AND last.to_group_id = ".$to_group_id."
AND last.visibility = 1";
$visibleresult = api_sql_query($visible_sql, __FILE__, __LINE__);
$visibleresult = Database::query($visible_sql, __FILE__, __LINE__);
while ($all_visible_folders = Database::fetch_array($visibleresult,'ASSOC'))
{
$visiblefolders[] = $all_visible_folders['path'];
@ -637,7 +637,7 @@ class DocumentManager {
AND last.tool = '".TOOL_DOCUMENT."'
AND last.to_group_id = ".$to_group_id."
AND last.visibility = 0";
$invisibleresult = api_sql_query($invisible_sql, __FILE__, __LINE__);
$invisibleresult = Database::query($invisible_sql, __FILE__, __LINE__);
while ($invisible_folders = Database::fetch_array($invisibleresult,'ASSOC'))
{
//get visible folders in the invisible ones -> they are invisible too
@ -650,7 +650,7 @@ class DocumentManager {
AND last.tool = '".TOOL_DOCUMENT."'
AND last.to_group_id = ".$to_group_id."
AND last.visibility = 1";
$folder_in_invisible_result = api_sql_query($folder_in_invisible_sql, __FILE__, __LINE__);
$folder_in_invisible_result = Database::query($folder_in_invisible_sql, __FILE__, __LINE__);
while ($folders_in_invisible_folder = Database::fetch_array($folder_in_invisible_result,'ASSOC'))
{
$invisiblefolders[] = $folders_in_invisible_folder['path'];
@ -711,7 +711,7 @@ class DocumentManager {
$what_to_check_sql = "SELECT td.id, readonly, tp.insert_user_id FROM ".$TABLE_DOCUMENT." td , $TABLE_PROPERTY tp
WHERE tp.ref= td.id and (path='".$path."' OR path LIKE BINARY '".$path."/%' ) ";
//get all id's of documents that are deleted
$what_to_check_result = api_sql_query($what_to_check_sql, __FILE__, __LINE__);
$what_to_check_result = Database::query($what_to_check_sql, __FILE__, __LINE__);
if ($what_to_check_result && Database::num_rows($what_to_check_result) != 0)
{
@ -748,7 +748,7 @@ class DocumentManager {
{
$sql= 'SELECT a.insert_user_id, b.readonly FROM '.$TABLE_PROPERTY.' a,'.$TABLE_DOCUMENT.' b
WHERE a.ref = b.id and a.ref='.$document_id.' LIMIT 1';
$resultans = api_sql_query($sql, __FILE__, __LINE__);
$resultans = Database::query($sql, __FILE__, __LINE__);
$doc_details = Database ::fetch_array($resultans,'ASSOC');
if($doc_details['readonly']==1)
@ -776,7 +776,7 @@ class DocumentManager {
$TABLE_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT, $_course['dbName']);
//if (!empty($document_id))
$document_id = Database::escape_string($document_id);
$resultans = api_sql_query('SELECT filetype FROM '.$TABLE_DOCUMENT.' WHERE id='.$document_id.'', __FILE__, __LINE__);
$resultans = Database::query('SELECT filetype FROM '.$TABLE_DOCUMENT.' WHERE id='.$document_id.'', __FILE__, __LINE__);
$result= Database::fetch_array($resultans,'ASSOC');
if ($result['filetype']=='folder') {
return true;
@ -807,7 +807,7 @@ class DocumentManager {
{
$what_to_delete_sql = "SELECT id FROM ".$TABLE_DOCUMENT." WHERE path='".$path."' OR path LIKE BINARY '".$path."/%'";
//get all id's of documents that are deleted
$what_to_delete_result = api_sql_query($what_to_delete_sql, __FILE__, __LINE__);
$what_to_delete_result = Database::query($what_to_delete_sql, __FILE__, __LINE__);
if ($what_to_delete_result && Database::num_rows($what_to_delete_result) != 0)
{
@ -829,9 +829,9 @@ class DocumentManager {
$remove_from_document_sql = "DELETE FROM ".$TABLE_DOCUMENT." WHERE id = ".$row['id']."";
self::unset_document_as_template($row['id'],$_course, api_get_user_id());
//echo($remove_from_item_property_sql.'<br>');
//api_sql_query($remove_from_item_property_sql, __FILE__, __LINE__);
//Database::query($remove_from_item_property_sql, __FILE__, __LINE__);
//echo($remove_from_document_sql.'<br>');
api_sql_query($remove_from_document_sql, __FILE__, __LINE__);
Database::query($remove_from_document_sql, __FILE__, __LINE__);
//delete metadata
$eid = 'Document'.'.'.$row['id'];
@ -863,11 +863,11 @@ class DocumentManager {
{
self::unset_document_as_template($document_id, api_get_course_id(), api_get_user_id());
$sql = "UPDATE $TABLE_DOCUMENT set path='".$new_path."' WHERE id='".$document_id."'";
if (api_sql_query($sql, __FILE__, __LINE__))
if (Database::query($sql, __FILE__, __LINE__))
{
//if it is a folder it can contain files
$sql = "SELECT id,path FROM ".$TABLE_DOCUMENT." WHERE path LIKE BINARY '".$path."/%'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if ($result && Database::num_rows($result) > 0)
{
while ($deleted_items = Database::fetch_array($result,'ASSOC'))
@ -888,7 +888,7 @@ class DocumentManager {
self::unset_document_as_template($deleted_items['id'], api_get_course_id(), api_get_user_id());
$sql = "UPDATE $TABLE_DOCUMENT set path = '".$new_item_path."' WHERE id = ".$deleted_items['id'];
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
}
@ -943,7 +943,7 @@ class DocumentManager {
$tbl_se_ref = Database::get_main_table(TABLE_MAIN_SEARCH_ENGINE_REF);
$sql = 'SELECT * FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_DOCUMENT, $document_id);
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($res) > 0) {
$row2 = Database::fetch_array($res);
require_once(api_get_path(LIBRARY_PATH) .'search/DokeosIndexer.class.php');
@ -952,7 +952,7 @@ class DocumentManager {
}
$sql = 'DELETE FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_DOCUMENT, $document_id);
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
// remove terms from db
require_once(api_get_path(LIBRARY_PATH) .'specific_fields_manager.lib.php');
@ -971,7 +971,7 @@ class DocumentManager {
$TABLE_DOCUMENT = Database :: get_course_table(TABLE_DOCUMENT, $_course['dbName']);
$path = Database::escape_string($path);
$sql = "SELECT id FROM $TABLE_DOCUMENT WHERE path LIKE BINARY '$path'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if ($result && Database::num_rows($result) == 1) {
$row = Database::fetch_array($result);
return $row[0];
@ -1004,7 +1004,7 @@ class DocumentManager {
'".Database::escape_string($user_id)."',
'".Database::escape_string($document_id_for_template)."',
'".Database::escape_string($image)."')";
api_sql_query($sql);
Database::query($sql);
return true;
}
@ -1025,7 +1025,7 @@ class DocumentManager {
$document_id = Database::escape_string($document_id);
$sql = 'SELECT id FROM '.$table_template.' WHERE course_code="'.$course_code.'" AND user_id="'.$user_id.'" AND ref_doc="'.$document_id.'"';
$result = api_sql_query($sql);
$result = Database::query($sql);
$template_id = Database::result($result,0,0);
include_once(api_get_path(LIBRARY_PATH) . 'fileManage.lib.php');
@ -1033,7 +1033,7 @@ class DocumentManager {
$sql = 'DELETE FROM '.$table_template.' WHERE course_code="'.$course_code.'" AND user_id="'.$user_id.'" AND ref_doc="'.$document_id.'"';
api_sql_query($sql);
Database::query($sql);
}
/**
@ -1052,7 +1052,7 @@ class DocumentManager {
$sql = "SELECT path FROM $docTable d, $propTable ip " .
"where d.id=ip.ref AND ip.tool='".TOOL_DOCUMENT."' AND d.filetype='file' AND visibility=0 AND ".
"locate(concat(path,'/'),'".$doc_path."/')=1";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0){
$row = Database::fetch_array($result);
//echo "$row[0] not visible";

36
main/inc/lib/events.lib.inc.php
Unescape View File

@ -80,7 +80,7 @@ function event_open()
VALUES
('".$remhost."',
'".Database::escape_string($_SERVER['HTTP_USER_AGENT'])."', '".Database::escape_string($referer)."', FROM_UNIXTIME($reallyNow) )";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
}
return 1;
}
@ -109,7 +109,7 @@ function event_login()
('".$_user['user_id']."',
'".Database::escape_string($_SERVER['REMOTE_ADDR'])."',
FROM_UNIXTIME(".$reallyNow."))";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
}
/**
@ -154,19 +154,19 @@ function event_access_course()
(".$user_id.",
'".$_cid."',
FROM_UNIXTIME(".$reallyNow."))";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
// added for "what's new" notification
$sql = " UPDATE $TABLETRACK_LASTACCESS
SET access_date = FROM_UNIXTIME($reallyNow)
WHERE access_user_id = ".$user_id." AND access_cours_code = '".$_cid."' AND access_tool IS NULL AND access_session_id=".$id_session;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if (Database::affected_rows() == 0)
{
$sql = " INSERT INTO $TABLETRACK_LASTACCESS
(access_user_id,access_cours_code,access_date, access_session_id)
VALUES
(".$user_id.", '".$_cid."', FROM_UNIXTIME($reallyNow), ".$id_session.")";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
}
// end "what's new" notification
return 1;
@ -229,20 +229,20 @@ function event_access_tool($tool, $id_session=0)
"'".$_cid."' ,
'".htmlspecialchars($tool, ENT_QUOTES)."',
FROM_UNIXTIME(".$reallyNow."))";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
}
// "what's new" notification
$sql = " UPDATE $TABLETRACK_LASTACCESS
SET access_date = FROM_UNIXTIME($reallyNow)
WHERE access_user_id = ".$user_id." AND access_cours_code = '".$_cid."' AND access_tool = '".htmlspecialchars($tool, ENT_QUOTES)."' AND access_session_id=".$id_session;
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if (Database::affected_rows() == 0)
{
$sql = "INSERT INTO $TABLETRACK_LASTACCESS
(access_user_id,access_cours_code,access_tool, access_date, access_session_id)
VALUES
(".$user_id.", '".$_cid."' , '".htmlspecialchars($tool, ENT_QUOTES)."', FROM_UNIXTIME($reallyNow), $id_session)";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
}
return 1;
}
@ -295,7 +295,7 @@ function event_download($doc_url)
'".htmlspecialchars($doc_url, ENT_QUOTES)."',
FROM_UNIXTIME(".$reallyNow.")
)";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
return 1;
}
@ -335,7 +335,7 @@ function event_upload($doc_id)
'".$doc_id."',
FROM_UNIXTIME(".$reallyNow.")
)";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
return 1;
}
@ -378,7 +378,7 @@ function event_link($link_id)
'".Database::escape_string($link_id)."',
FROM_UNIXTIME(".$reallyNow.")
)";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
return 1;
}
@ -410,7 +410,7 @@ function update_event_exercice($exeid,$exo_id, $score, $weighting,$session_id,$l
exe_duration = '".Database::escape_string($duration)."',
exe_date= FROM_UNIXTIME(".$reallyNow."),status = '', data_tracking='',start_date =FROM_UNIXTIME(".Database::escape_string($_SESSION['exercice_start_date']).")
WHERE exe_id = '".Database::escape_string($exeid)."'";
$res = @api_sql_query($sql,__FILE__,__LINE__);
$res = @Database::query($sql,__FILE__,__LINE__);
return $res;
} else
return false;
@ -442,14 +442,14 @@ function create_event_exercice($exo_id)
'exe_cours_id = '."'".$_cid."'".' AND ' .
'status = '."'incomplete'".' AND '.
'session_id = '."'".api_get_session_id()."'";
$sql = api_sql_query('SELECT exe_id FROM '.$TABLETRACK_EXERCICES.$condition,__FILE__,__LINE__);
$sql = Database::query('SELECT exe_id FROM '.$TABLETRACK_EXERCICES.$condition,__FILE__,__LINE__);
$row = Database::fetch_array($sql);
return $row['exe_id'];
}
$sql = "INSERT INTO $TABLETRACK_EXERCICES ( exe_user_id, exe_cours_id )
VALUES ( ".$user_id.", '".$_cid."' )";
$res = @api_sql_query($sql,__FILE__,__LINE__);
$res = @Database::query($sql,__FILE__,__LINE__);
$id= Database::get_last_insert_id();
return $id;
}
@ -525,10 +525,10 @@ function exercise_attempt($score,$answer,$quesId,$exeId,$j)
author)
VALUES
('."'$exeId','".$quesId."','$score','".date('Y-m-d H:i:s')."',''".')';
api_sql_query($recording_changes,__FILE__,__LINE__);
Database::query($recording_changes,__FILE__,__LINE__);
}
if (isset($quesId) && isset($exeId) && isset($user_id)) {
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
return $res;
} else {
return false;
@ -563,7 +563,7 @@ function exercise_attempt_hotspot($exe_id, $question_id, $answer_id, $correct, $
" '" . Database :: escape_string($answer_id) . "'," .
" '" . Database :: escape_string($correct) . "'," .
" '" . Database :: escape_string($coords) . "')";
return $result = api_sql_query($sql, __FILE__, __LINE__);
return $result = Database::query($sql, __FILE__, __LINE__);
}
/**
@ -623,7 +623,7 @@ function event_system($event_type, $event_value_type, $event_value, $timestamp =
'$event_type',
'$event_value_type',
'$event_value')";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
return true;
}
?>

10
main/inc/lib/export.lib.inc.php
Unescape View File

@ -230,7 +230,7 @@ function backupDatabase($link, $db_name, $structure, $donnees, $format = 'SQL',
fwrite($fp, "\nmysql_query(\"");
// requete de creation de la table
$query = "SHOW CREATE TABLE `".$tablename."`";
$resCreate = api_sql_query($query,__FILE__, __LINE__);
$resCreate = Database::query($query,__FILE__, __LINE__);
$row = Database::fetch_array($resCreate);
$schema = $row[1].";";
if ($format == "PHP" || $format == "SQL")
@ -242,7 +242,7 @@ function backupDatabase($link, $db_name, $structure, $donnees, $format = 'SQL',
{
// les donn<EFBFBD>es de la table
$query = "SELECT * FROM $tablename";
$resData = api_sql_query($query,__FILE__, __LINE__);
$resData = Database::query($query,__FILE__, __LINE__);
if (Database::num_rows($resData) > 0)
{
$sFieldnames = "";
@ -536,7 +536,7 @@ function makeTheBackup($exportedCourseId, $verbose_backup = FALSE, $ignore = "",
$csvInsertCourse = "\n";
$iniCourse = "[".$exportedCourseId."]\n";
$sqlSelectInfoCourse = "Select * from `".$TABLECOURS."` `course` where code = '".$exportedCourseId."' ";
$resInfoCourse = api_sql_query($sqlSelectInfoCourse, __FILE__, __LINE__);
$resInfoCourse = Database::query($sqlSelectInfoCourse, __FILE__, __LINE__);
$infoCourse = Database::fetch_array($resInfoCourse);
for ($noField = 0; $noField < mysql_num_fields($resInfoCourse); $noField ++)
{
@ -596,7 +596,7 @@ function makeTheBackup($exportedCourseId, $verbose_backup = FALSE, $ignore = "",
FROM `".$TABLEUSER."`, `".$TABLECOURSUSER."`
WHERE `user`.`user_id`=`".$TABLECOURSUSER."`.`user_id`
AND `".$TABLECOURSUSER."`.`course_code`='".$exportedCourseId."'";
$resUsers = api_sql_query($sqlUserOfTheCourse, __FILE__, __LINE__);
$resUsers = Database::query($sqlUserOfTheCourse, __FILE__, __LINE__);
$nbUsers = Database::num_rows($resUsers);
if ($nbUsers > 0)
{
@ -688,7 +688,7 @@ function makeTheBackup($exportedCourseId, $verbose_backup = FALSE, $ignore = "",
*
FROM `".$TABLEANNOUNCEMENT."`
WHERE course_code='".$exportedCourseId."'";
$resAnn = api_sql_query($sqlAnnounceOfTheCourse, __FILE__, __LINE__);
$resAnn = Database::query($sqlAnnounceOfTheCourse, __FILE__, __LINE__);
$nbFields = mysql_num_fields($resAnn);
$sqlInsertAnn = "";
$csvInsertAnn = "";

4
main/inc/lib/fckeditor/fcktemplates.xml.php
Unescape View File

@ -102,7 +102,7 @@ function load_platform_templates() {
global $css, $img_dir, $default_course_dir,$js;
$sql = "SELECT title, image, comment, content FROM $table_template";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result)) {
if (!empty($row['image'])) {
$image = api_get_path(WEB_PATH).'home/default_platform_document/template_thumb/'.$row['image'];
@ -162,7 +162,7 @@ function load_personal_templates($user_id=0) {
WHERE user_id='".Database::escape_string($user_id)."'
AND course_code='".Database::escape_string(api_get_course_id())."'
AND document.id = template.ref_doc";
$result_template = api_sql_query($sql,__FILE__,__LINE__);
$result_template = Database::query($sql,__FILE__,__LINE__);
while ($row = Database::fetch_array($result_template))
{
$row['content'] = file_get_contents(api_get_path('SYS_COURSE_PATH').$_course['path'].'/document'.$row['path']);

2
main/inc/lib/fileDisplay.lib.php
Unescape View File

@ -278,7 +278,7 @@ SELECT SUM(size)
AND $visibility_rule
EOQ;
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if($result && mysql_num_rows($result) != 0)
{

8
main/inc/lib/fileManage.lib.php
Unescape View File

@ -59,7 +59,7 @@ function update_db_info($action, $oldPath, $newPath="")
$to_delete = "WHERE path LIKE BINARY '".$oldPath."' OR path LIKE BINARY '".$oldPath."/%'";
$query = "DELETE FROM $dbTable " . $to_delete;
$result = api_sql_query("SELECT id FROM $dbTable " . $to_delete);
$result = Database::query("SELECT id FROM $dbTable " . $to_delete);
if (mysql_num_rows($result))
{
@ -100,7 +100,7 @@ function update_db_info($action, $oldPath, $newPath="")
}
//echo $query;
//error_log($query,0);
api_sql_query($query,__FILE__,__LINE__);
Database::query($query,__FILE__,__LINE__);
//Display::display_normal_message("query = $query");
}
@ -782,7 +782,7 @@ class FileManager
$sql_query = "SELECT count(*) as number_existing FROM $glued_table WHERE path='$full_file_name'";
//api_display_debug_info($sql_query);
$sql_result = api_sql_query($sql_query,__FILE__,__LINE__);
$sql_result = Database::query($sql_query,__FILE__,__LINE__);
$result = mysql_fetch_array($sql_result);
//determine which query to execute
@ -796,7 +796,7 @@ class FileManager
//no entry exists, create new one
$query="INSERT INTO $glued_table (path,visibility,filetype) VALUES('$full_file_name','$default_visibility','$filetype')";
}
api_sql_query($query,__FILE__,__LINE__);
Database::query($query,__FILE__,__LINE__);
}
/**
* Like in Java, creates the directory named by this abstract pathname,

12
main/inc/lib/fileUpload.lib.php
Unescape View File

@ -569,7 +569,7 @@ function documents_total_space($to_group_id='0')
AND props.to_group_id='".$to_group_id."'
AND props.visibility <> 2";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if($result && mysql_num_rows($result)!=0)
{
@ -1162,7 +1162,7 @@ function add_document($_course,$path,$filetype,$filesize,$title,$comment=NULL, $
(`path`,`filetype`,`size`,`title`, `comment`, readonly)
VALUES ('$path','$filetype','$filesize','".
Database::escape_string(htmlspecialchars($title, ENT_QUOTES, $charset))."', '$comment',$readonly)";
if(api_sql_query($sql,__FILE__,__LINE__))
if(Database::query($sql,__FILE__,__LINE__))
{
//display_message("Added to database (id ".mysql_insert_id().")!");
return Database::insert_id();
@ -1196,7 +1196,7 @@ function update_existing_document($_course,$document_id,$filesize,$readonly=0)
{
$document_table = Database::get_course_table(TABLE_DOCUMENT,$_course['dbName']);
$sql="UPDATE $document_table SET size = '$filesize' , readonly = '$readonly' WHERE id='$document_id'";
if(api_sql_query($sql,__FILE__,__LINE__))
if(Database::query($sql,__FILE__,__LINE__))
{
return true;
}
@ -1248,7 +1248,7 @@ function item_property_update_on_folder($_course,$path,$user_id)
if($folder_id)
{
$sql = "UPDATE $TABLE_ITEMPROPERTY SET `lastedit_date`='$time',`lastedit_type`='DocumentInFolderUpdated', `lastedit_user_id`='$user_id' WHERE tool='".TOOL_DOCUMENT."' AND ref='$folder_id'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
}
}
@ -1316,14 +1316,14 @@ function set_default_settings($upload_path,$filename,$filetype="file")
//$dbTable already has `backticks`!
//$query="select count(*) as bestaat from `$dbTable` where path='$upload_path/$filename'";
$query="select count(*) as bestaat from $dbTable where path='$upload_path/$filename'";
$result=api_sql_query($query,__FILE__,__LINE__);
$result=Database::query($query,__FILE__,__LINE__);
$row=mysql_fetch_array($result);
if($row["bestaat"]>0)
//$query="update `$dbTable` set path='$upload_path/$filename',visibility='$default_visibility', filetype='$filetype' where path='$upload_path/$filename'";
$query="update $dbTable set path='$upload_path/$filename',visibility='$default_visibility', filetype='$filetype' where path='$upload_path/$filename'";
else //$query="INSERT INTO `$dbTable` (path,visibility,filetype) VALUES('$upload_path/$filename','$default_visibility','$filetype')";
$query="INSERT INTO $dbTable (path,visibility,filetype) VALUES('$upload_path/$filename','$default_visibility','$filetype')";
api_sql_query($query,__FILE__,__LINE__);
Database::query($query,__FILE__,__LINE__);
}
//------------------------------------------------------------------------------

2
main/inc/lib/formvalidator/Rule/UsernameAvailable.php
Unescape View File

@ -42,7 +42,7 @@ class HTML_QuickForm_Rule_UsernameAvailable extends HTML_QuickForm_Rule
{
$sql .= " AND username != '$current_username'";
}
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$number = mysql_num_rows($res);
return $number == 0;
}

96
main/inc/lib/groupmanager.lib.php
Unescape View File

@ -173,7 +173,7 @@ class GroupManager {
$sql .= 'WHERE '.$session_condition;
$sql .= " GROUP BY g.id ORDER BY UPPER(g.name)";
if (!api_is_anonymous()) {
$groupList = api_sql_query($sql,__FILE__,__LINE__);
$groupList = Database::query($sql,__FILE__,__LINE__);
} else {
return array();
}
@ -184,13 +184,13 @@ class GroupManager {
if ($thisGroup['category_id'] == VIRTUAL_COURSE_CATEGORY)
{
$sql = "SELECT title FROM $table_course WHERE code = '".$thisGroup['name']."'";
$obj = Database::fetch_object(api_sql_query($sql,__FILE__,__LINE__));
$obj = Database::fetch_object(Database::query($sql,__FILE__,__LINE__));
$thisGroup['name'] = $obj->title;
}
if($thisGroup['session_id']!=0)
{
$sql_session = 'SELECT name FROM '.Database::get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$thisGroup['session_id'];
$rs_session = api_sql_query($sql_session,__FILE__,__LINE__);
$rs_session = Database::query($sql_session,__FILE__,__LINE__);
if (Database::num_rows($rs_session)>0) {
$thisGroup['session_name'] = Database::result($rs_session,0,0);
} else {
@ -222,7 +222,7 @@ class GroupManager {
$sql = "INSERT INTO ".$table_group." SET
category_id='".Database::escape_string($category_id)."', max_student = '".$places."', doc_state = '".$category['doc_state']."',
calendar_state = '".$category['calendar_state']."', work_state = '".$category['work_state']."', announcements_state = '".$category['announcements_state']."', forum_state = '".$category['forum_state']."', wiki_state = '".$category['wiki_state']."', self_registration_allowed = '".$category['self_reg_allowed']."', self_unregistration_allowed = '".$category['self_unreg_allowed']."', session_id='".Database::escape_string($my_id_session)."'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
$lastId = Database::insert_id();
/*$secret_directory = uniqid("")."_team_".$lastId;
while (is_dir(api_get_path(SYS_COURSE_PATH).$currentCourseRepository."/group/$secret_directory"))
@ -235,7 +235,7 @@ class GroupManager {
$dir_name = create_unexisting_directory($_course,$_user['user_id'],$lastId,NULL,api_get_path(SYS_COURSE_PATH).$currentCourseRepository.'/document',$desired_dir_name);
/* Stores the directory path into the group table */
$sql = "UPDATE ".$table_group." SET name = '".Database::escape_string($name)."', secret_directory = '".$dir_name."' WHERE id ='".$lastId."'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
// create a forum if needed
if ($category['forum_state'] >= 0) {
@ -300,7 +300,7 @@ class GroupManager {
foreach ($members as $group_id => $places)
{
$sql = "UPDATE $table_group SET max_student = $places WHERE id = $group_id";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
}
/**
@ -311,7 +311,7 @@ class GroupManager {
$id = self :: create_category(get_lang('GroupsFromVirtualCourses'), '', TOOL_NOT_AVAILABLE, TOOL_NOT_AVAILABLE, 0, 0, 1, 1);
$table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY);
$sql = "UPDATE ".$table_group_cat." SET id=".VIRTUAL_COURSE_CATEGORY." WHERE id=$id";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
$course = api_get_course_info();
$course['code'] = $course['sysCode'];
$course['title'] = $course['name'];
@ -417,7 +417,7 @@ class GroupManager {
// Unsubscribe all users
self :: unsubscribe_all_users($group_ids);
$sql = 'SELECT id, secret_directory, session_id FROM '.$group_table.' WHERE id IN ('.implode(' , ', $group_ids).')';
$db_result = api_sql_query($sql,__FILE__,__LINE__);
$db_result = Database::query($sql,__FILE__,__LINE__);
$forum_ids = array ();
while ($group = Database::fetch_object($db_result))
{
@ -432,10 +432,10 @@ class GroupManager {
}
// delete the groups
$sql = "DELETE FROM ".$group_table." WHERE id IN ('".implode("' , '", $group_ids)."')";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
$sql2 = "DELETE FROM ".$forum_table." WHERE forum_of_group IN ('".implode("' , '", $group_ids)."')";
api_sql_query($sql2,__FILE__,__LINE__);
Database::query($sql2,__FILE__,__LINE__);
return Database::affected_rows();
}
@ -451,7 +451,7 @@ class GroupManager {
}
$table_group = Database :: get_course_table(TABLE_GROUP);
$sql = 'SELECT * FROM '.$table_group.' WHERE id = '.Database::escape_string($group_id);
$db_result = api_sql_query($sql,__FILE__,__LINE__);
$db_result = Database::query($sql,__FILE__,__LINE__);
$db_object = Database::fetch_object($db_result);
$result['id'] = $db_object->id;
@ -506,7 +506,7 @@ class GroupManager {
self_registration_allowed='".Database::escape_string($self_registration_allowed)."',
self_unregistration_allowed='".Database::escape_string($self_unregistration_allowed)."'
WHERE id=".$group_id;
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
//Here we are updating a field in the table forum_forum that perhaps duplicates the table group_info.forum_state cvargas
$forum_state = (int) $forum_state;
$sql2 = "UPDATE ".$table_forum." SET ";
@ -518,7 +518,7 @@ class GroupManager {
$sql2 .= " forum_group_public_private='unavailable' ";
}
$sql2 .=" WHERE forum_of_group=".$group_id;
$result2 = api_sql_query($sql2,__FILE__,__LINE__);
$result2 = Database::query($sql2,__FILE__,__LINE__);
return $result;
}
@ -528,7 +528,7 @@ class GroupManager {
*/
public static function get_number_of_groups() {
$table_group = Database :: get_course_table(TABLE_GROUP);
$res = api_sql_query('SELECT COUNT(id) AS number_of_groups FROM '.$table_group);
$res = Database::query('SELECT COUNT(id) AS number_of_groups FROM '.$table_group);
$obj = Database::fetch_object($res);
return $obj->number_of_groups;
}
@ -550,7 +550,7 @@ class GroupManager {
}
$table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY, $course_db);
$sql = "SELECT * FROM $table_group_cat ORDER BY display_order";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$cats = array ();
while ($cat = Database::fetch_array($res))
{
@ -573,7 +573,7 @@ class GroupManager {
$id = Database::escape_string($id);
$table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY, $course_db);
$sql = "SELECT * FROM $table_group_cat WHERE id = $id";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
return Database::fetch_array($res);
}
/**
@ -594,7 +594,7 @@ class GroupManager {
$table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY, $course_db);
$group_id = Database::escape_string($group_id);
$sql = "SELECT gc.* FROM $table_group_cat gc, $table_group g WHERE gc.id = g.category_id AND g.id=$group_id";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$cat = Database::fetch_array($res);
return $cat;
}
@ -615,7 +615,7 @@ class GroupManager {
$table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY, $course_db);
$cat_id = Database::escape_string($cat_id);
$sql = "SELECT id FROM $table_group WHERE category_id='".$cat_id."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($res) > 0)
{
$groups_to_delete = array ();
@ -626,7 +626,7 @@ class GroupManager {
self :: delete_groups($groups_to_delete);
}
$sql = "DELETE FROM $table_group_cat WHERE id='".$cat_id."'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
/**
* Create group category
@ -640,7 +640,7 @@ class GroupManager {
public static function create_category ($title, $description, $doc_state, $work_state, $calendar_state, $announcements_state, $forum_state, $wiki_state, $self_registration_allowed, $self_unregistration_allowed, $maximum_number_of_students, $groups_per_user) {
$table_group_category = Database :: get_course_table(TABLE_GROUP_CATEGORY);
$sql = "SELECT MAX(display_order)+1 as new_order FROM $table_group_category ";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$obj = Database::fetch_object($res);
if (!isset ($obj->new_order))
{
@ -660,12 +660,12 @@ class GroupManager {
self_reg_allowed = '".Database::escape_string($self_registration_allowed)."',
self_unreg_allowed = '".Database::escape_string($self_unregistration_allowed)."',
max_student = '".Database::escape_string($maximum_number_of_students)."' ";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
$id = Database::insert_id();
if ($id == VIRTUAL_COURSE_CATEGORY)
{
$sql = "UPDATE ".$table_group_category." SET id = ". ($id +1)." WHERE id = $id";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
return $id +1;
}
return $id;
@ -698,7 +698,7 @@ class GroupManager {
self_unreg_allowed = '".Database::escape_string($self_unregistration_allowed)."',
max_student = ".Database::escape_string($maximum_number_of_students)."
WHERE id=$id";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
@ -722,7 +722,7 @@ class GroupManager {
$sql .= ' AND g.category_id = '.$category_id;
}
$sql .= ' GROUP BY gu.user_id ORDER BY current_max DESC LIMIT 1';
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$obj = Database::fetch_object($res);
return $obj->current_max;
}
@ -737,13 +737,13 @@ class GroupManager {
$id2 = Database::escape_string($id2);
$sql = "SELECT id,display_order FROM $table_group_cat WHERE id IN ($id1,$id2)";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$cat1 = Database::fetch_object($res);
$cat2 = Database::fetch_object($res);
$sql = "UPDATE $table_group_cat SET display_order=$cat2->display_order WHERE id=$cat1->id";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
$sql = "UPDATE $table_group_cat SET display_order=$cat1->display_order WHERE id=$cat2->id";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
@ -761,7 +761,7 @@ class GroupManager {
$group_user_table = Database :: get_course_table(TABLE_GROUP_USER);
$group_id = Database::escape_string($group_id);
$sql = "SELECT user_id FROM $group_user_table WHERE group_id = $group_id";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$users = array ();
while ($obj = Database::fetch_object($res)) {
$users[] = $obj->user_id;
@ -829,7 +829,7 @@ class GroupManager {
GROUP BY (`g`.`id`)
HAVING (nbPlaces > 0 OR g.max_student = ".MEMBER_PER_GROUP_NO_LIMIT.")
ORDER BY nbPlaces DESC";
$sql_result = api_sql_query($sql,__FILE__,__LINE__);
$sql_result = Database::query($sql,__FILE__,__LINE__);
$group_available_place = array ();
while ($group = Database::fetch_array($sql_result, 'ASSOC'))
{
@ -866,7 +866,7 @@ class GroupManager {
* Retrieve the present state of the users repartion in groups
*/
$sql = "SELECT user_id uid, group_id gid FROM ".$group_user_table;
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
while ($member = Database::fetch_array($result, 'ASSOC'))
{
$groupUser[$member['gid']][] = $member['uid'];
@ -911,7 +911,7 @@ class GroupManager {
public static function number_of_students ($group_id) {
$table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
$group_id = Database::escape_string($group_id);
$db_result = api_sql_query('SELECT COUNT(*) AS number_of_students FROM '.$table_group_user.' WHERE group_id = '.$group_id);
$db_result = Database::query('SELECT COUNT(*) AS number_of_students FROM '.$table_group_user.' WHERE group_id = '.$group_id);
$db_object = Database::fetch_object($db_result);
return $db_object->number_of_students;
}
@ -923,7 +923,7 @@ class GroupManager {
public static function maximum_number_of_students ($group_id) {
$table_group = Database :: get_course_table(TABLE_GROUP);
$group_id = Database::escape_string($group_id);
$db_result = api_sql_query('SELECT max_student FROM '.$table_group.' WHERE id = '.$group_id);
$db_result = Database::query('SELECT max_student FROM '.$table_group.' WHERE id = '.$group_id);
$db_object = Database::fetch_object($db_result);
if ($db_object->max_student == 0)
{
@ -943,7 +943,7 @@ class GroupManager {
$cat_id = Database::escape_string($cat_id);
$sql = 'SELECT COUNT(*) AS number_of_groups FROM '.$table_group_user.' gu, '.$table_group.' g WHERE gu.user_id = \''.$user_id.'\' AND g.id = gu.group_id AND g.category_id= \''.$cat_id.'\'';
$db_result = api_sql_query($sql,__FILE__,__LINE__);
$db_result = Database::query($sql,__FILE__,__LINE__);
$db_object = Database::fetch_object($db_result);
return $db_object->number_of_groups;
}
@ -961,7 +961,7 @@ class GroupManager {
if (isset($group_id)) {
$group_id = Database::escape_string($group_id);
$sql = 'SELECT self_registration_allowed FROM '.$table_group.' WHERE id = "'.$group_id.'" ';
$db_result = api_sql_query($sql,__FILE__,__LINE__);
$db_result = Database::query($sql,__FILE__,__LINE__);
$db_object = Database::fetch_object($db_result);
return $db_object->self_registration_allowed == 1 && self :: can_user_subscribe($user_id, $group_id);
} else {
@ -979,7 +979,7 @@ class GroupManager {
return false;
$table_group = Database :: get_course_table(TABLE_GROUP);
$group_id = Database::escape_string($group_id);
$db_result = api_sql_query('SELECT self_unregistration_allowed FROM '.$table_group.' WHERE id = '.$group_id);
$db_result = Database::query('SELECT self_unregistration_allowed FROM '.$table_group.' WHERE id = '.$group_id);
$db_object = Database::fetch_object($db_result);
return $db_object->self_unregistration_allowed == 1 && self :: can_user_unsubscribe($user_id, $group_id);
}
@ -995,7 +995,7 @@ class GroupManager {
$group_id = Database::escape_string($group_id);
$user_id = Database::escape_string($user_id);
$sql = 'SELECT 1 FROM '.$table_group_user.' WHERE group_id = '.$group_id.' AND user_id = '.$user_id;
$db_result = api_sql_query($sql);
$db_result = Database::query($sql);
return Database::num_rows($db_result) > 0;
}
/**
@ -1045,7 +1045,7 @@ class GroupManager {
FROM ".$table_user." u, ".$table_group_user." ug
WHERE `ug`.`group_id`='".$group_id."'
AND `ug`.`user_id`=`u`.`user_id`". $order_clause;
$db_result = api_sql_query($sql,__FILE__,__LINE__);
$db_result = Database::query($sql,__FILE__,__LINE__);
$users = array ();
while ($user = Database::fetch_object($db_result))
{
@ -1074,7 +1074,7 @@ class GroupManager {
FROM ".$table_user." u, ".$table_group_tutor." tg
WHERE `tg`.`group_id`='".$group_id."'
AND `tg`.`user_id`=`u`.`user_id`".$order_clause;
$db_result = api_sql_query($sql,__FILE__,__LINE__);
$db_result = Database::query($sql,__FILE__,__LINE__);
$users = array ();
while ($user = Database::fetch_object($db_result))
{
@ -1108,7 +1108,7 @@ class GroupManager {
$user_id = Database::escape_string($user_id);
$group_id = Database::escape_string($group_id);
$sql = "INSERT INTO ".$table_group_user." (user_id, group_id) VALUES ('".$user_id."', '".$group_id."')";
$result &= api_sql_query($sql,__FILE__,__LINE__);
$result &= Database::query($sql,__FILE__,__LINE__);
}
return $result;
}
@ -1131,7 +1131,7 @@ class GroupManager {
$group_id = Database::escape_string($group_id);
$sql = "INSERT INTO ".$table_group_tutor." (user_id, group_id) VALUES ('".$user_id."', '".$group_id."')";
$result &= api_sql_query($sql,__FILE__,__LINE__);
$result &= Database::query($sql,__FILE__,__LINE__);
}
return $result;
}
@ -1146,7 +1146,7 @@ class GroupManager {
$user_ids = is_array($user_ids) ? $user_ids : array ($user_ids);
$table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
$group_id = Database::escape_string($group_id);
$result &= api_sql_query('DELETE FROM '.$table_group_user.' WHERE group_id = '.$group_id.' AND user_id IN ('.implode(',', $user_ids).')');
$result &= Database::query('DELETE FROM '.$table_group_user.' WHERE group_id = '.$group_id.' AND user_id IN ('.implode(',', $user_ids).')');
}
/**
* Unsubscribe all users from one or more groups
@ -1176,7 +1176,7 @@ class GroupManager {
$table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
$sql = 'DELETE FROM '.$table_group_user.' WHERE group_id IN ('.implode(',', $group_ids).')';
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
return $result;
}
return true;
@ -1194,7 +1194,7 @@ class GroupManager {
{
$table_group_tutor = Database :: get_course_table(TABLE_GROUP_TUTOR);
$sql = 'DELETE FROM '.$table_group_tutor.' WHERE group_id IN ('.implode(',', $group_ids).')';
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
return $result;
}
return true;
@ -1215,7 +1215,7 @@ class GroupManager {
$group_id = Database::escape_string($group_id);
$sql = "SELECT * FROM ".$table_group_tutor." WHERE user_id='".$user_id."' AND group_id='".$group_id."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result)>0)
{
return true;
@ -1266,7 +1266,7 @@ class GroupManager {
WHERE cu.user_id=user.user_id
AND cu.tutor_id='1'
AND cu.course_code='".$_course['sysCode']."'";
$resultTutor = api_sql_query($sql,__FILE__,__LINE__);
$resultTutor = Database::query($sql,__FILE__,__LINE__);
$tutors = array ();
while ($tutor = Database::fetch_array($resultTutor))
{
@ -1290,7 +1290,7 @@ class GroupManager {
$sql = "SELECT tutor_id FROM ".$course_user_table."
WHERE `user_id`='".$user_id."'
AND `course_code`='".$_course['sysCode']."'"."AND tutor_id=1";
$db_result = api_sql_query($sql,__FILE__,__LINE__);
$db_result = Database::query($sql,__FILE__,__LINE__);
$result = (Database::num_rows($db_result) > 0);
return $result;
}
@ -1308,7 +1308,7 @@ class GroupManager {
$tbl_group = Database::get_course_table(TABLE_GROUP_USER,$course_db);
$user_id = Database::escape_string($user_id);
$sql = "SELECT group_id FROM $tbl_group WHERE user_id = '$user_id'";
$groupres = api_sql_query($sql);
$groupres = Database::query($sql);
// uncommenting causes a bug in Agenda AND announcements because there we check if the return value of this function is an array or not
//$groups=array();
@ -1513,7 +1513,7 @@ class GroupManager {
$table_group=Database::get_course_table(TABLE_GROUP);
$user_id = Database::escape_string($user_id);
$sql_groups = 'SELECT name FROM '.$table_group.' g,'.$table_group_user.' gu WHERE gu.user_id="'.$user_id.'" AND gu.group_id=g.id';
$res = api_sql_query($sql_groups,__FILE__,__LINE__);
$res = Database::query($sql_groups,__FILE__,__LINE__);
$groups=array();
while($group = Database::fetch_array($res))

16
main/inc/lib/online.inc.php
Unescape View File

@ -62,7 +62,7 @@ function LoginCheck($uid)
$query = "REPLACE INTO ".$online_table ." (login_id,login_user_id,login_date,login_ip) VALUES ($uid,$uid,'$login_date','$login_ip')";
}
@api_sql_query($query,__FILE__,__LINE__);
@Database::query($query,__FILE__,__LINE__);
}
}
@ -86,7 +86,7 @@ function online_logout() {
// selecting the last login of the user
$uid = intval($_GET['uid']);
$sql_last_connection="SELECT login_id, login_date FROM $tbl_track_login WHERE login_user_id='$uid' ORDER BY login_date DESC LIMIT 0,1";
$q_last_connection=api_sql_query($sql_last_connection);
$q_last_connection=Database::query($sql_last_connection);
if (Database::num_rows($q_last_connection)>0) {
$i_id_last_connection=Database::result($q_last_connection,0,"login_id");
}
@ -94,7 +94,7 @@ function online_logout() {
if (!isset($_SESSION['login_as'])) {
$current_date=date('Y-m-d H:i:s',time());
$s_sql_update_logout_date="UPDATE $tbl_track_login SET logout_date='".$current_date."' WHERE login_id='$i_id_last_connection'";
api_sql_query($s_sql_update_logout_date);
Database::query($s_sql_update_logout_date);
}
LoginDelete($uid, $_configuration['statistics_database']); //from inc/lib/online.inc.php - removes the "online" status
@ -136,7 +136,7 @@ function LoginDelete($user_id)
$online_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE);
$user_id = (int) $user_id;
$query = "DELETE FROM ".$online_table ." WHERE login_user_id = '".Database::escape_string($user_id)."'";
@api_sql_query($query,__FILE__,__LINE__);
@Database::query($query,__FILE__,__LINE__);
}
/**
@ -166,7 +166,7 @@ function WhoIsOnline($uid=0,$statistics_database='',$valid)
}
}
$result = @api_sql_query($query,__FILE__,__LINE__);
$result = @Database::query($query,__FILE__,__LINE__);
if (count($result)>0)
{
$rtime = time();
@ -214,7 +214,7 @@ function GetFullUserName($uid)
$uid = Database::escape_string($uid);
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$query = "SELECT firstname,lastname FROM ".$user_table." WHERE user_id='$uid'";
$result = @api_sql_query($query,__FILE__,__LINE__);
$result = @Database::query($query,__FILE__,__LINE__);
if (count($result)>0)
{
$str = '';
@ -241,7 +241,7 @@ function chatcall() {
}
$track_user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql="select chatcall_user_id, chatcall_date from $track_user_table where ( user_id = '".$_user['user_id']."' )";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$row=Database::fetch_array($result);
$login_date=$row['chatcall_date'];
@ -295,7 +295,7 @@ function who_is_online_in_this_course($uid, $valid, $coursecode=null)
$valid = Database::escape_string($valid);
$query = "SELECT login_user_id,login_date FROM ".$track_online_table ." WHERE course='".$coursecode."' AND DATE_ADD(login_date,INTERVAL $valid MINUTE) >= NOW() ";
$result = api_sql_query($query,__FILE__,__LINE__);
$result = Database::query($query,__FILE__,__LINE__);
if (count($result)>0)
{
$rtime = time();

4
main/inc/lib/search/tool_processors/document_processor.class.php
Unescape View File

@ -65,7 +65,7 @@ class document_processor extends search_processor {
FROM $doc_table
WHERE $doc_table.id = $doc_id
LIMIT 1";
$dk_result = api_sql_query ($sql);
$dk_result = Database::query ($sql);
$sql = "SELECT insert_user_id
FROM $item_property_table
@ -86,7 +86,7 @@ class document_processor extends search_processor {
//FIXME: use big images
// get author
$author = '';
$item_result = api_sql_query ($sql);
$item_result = Database::query ($sql);
if ($row = Database::fetch_array ($item_result)) {
$user_data = api_get_user_info($row['insert_user_id']);
$author = api_get_person_name($user_data['firstName'], $user_data['lastName']);

2
main/inc/lib/search/tool_processors/learnpath_processor.class.php
Unescape View File

@ -101,7 +101,7 @@ class learnpath_processor extends search_processor {
LIMIT 1";
}
$dk_result = api_sql_query ($sql);
$dk_result = Database::query ($sql);
$path = '';
$name = '';

2
main/inc/lib/search/tool_processors/link_processor.class.php
Unescape View File

@ -100,7 +100,7 @@ class link_processor extends search_processor {
$image = $thumbnail; //FIXME: use big images
// get author
$author = '';
$item_result = api_sql_query ($sql);
$item_result = Database::query ($sql);
if ($row = Database::fetch_array ($item_result)) {
$user_data = api_get_user_info($row['insert_user_id']);
$author = api_get_person_name($user_data['firstName'], $user_data['lastName']);

4
main/inc/lib/search/tool_processors/quiz_processor.class.php
Unescape View File

@ -102,7 +102,7 @@ class quiz_processor extends search_processor {
$sql = "SELECT * FROM $exercise_table
WHERE id = $exercise_id
LIMIT 1";
$dk_result = api_sql_query ($sql);
$dk_result = Database::query ($sql);
//actually author isn't saved on exercise tool, but prepare for when it's ready
$sql = "SELECT insert_user_id
@ -119,7 +119,7 @@ class quiz_processor extends search_processor {
$name = $row['title'];
// get author
$author = '';
$item_result = api_sql_query ($sql);
$item_result = Database::query ($sql);
if ($item_result !== FALSE && $row = Database::fetch_array ($item_result)) {
$user_data = api_get_user_info($row['insert_user_id']);
$author = api_get_person_name($user_data['firstName'], $user_data['lastName']);

88
main/inc/lib/sessionmanager.lib.php
Unescape View File

@ -58,7 +58,7 @@ class SessionManager {
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$sql = 'SELECT user_id FROM '.$tbl_user.' WHERE username="'.Database::escape_string($coach_username).'"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$id_coach = Database::result($rs,0,'user_id');
if (empty($nolimit)) {
@ -84,12 +84,12 @@ class SessionManager {
$msg=get_lang('StartDateShouldBeBeforeEndDate');
return $msg;
} else {
$rs = api_sql_query("SELECT 1 FROM $tbl_session WHERE name='".addslashes($name)."'");
$rs = Database::query("SELECT 1 FROM $tbl_session WHERE name='".addslashes($name)."'");
if(Database::num_rows($rs)) {
$msg=get_lang('SessionNameAlreadyExists');
return $msg;
} else {
api_sql_query("INSERT INTO $tbl_session(name,date_start,date_end,id_coach,session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end) VALUES('".Database::escape_string($name)."','$date_start','$date_end','$id_coach',".intval($_user['user_id']).",".$nb_days_acess_before.", ".$nb_days_acess_after.")",__FILE__,__LINE__);
Database::query("INSERT INTO $tbl_session(name,date_start,date_end,id_coach,session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end) VALUES('".Database::escape_string($name)."','$date_start','$date_end','$id_coach',".intval($_user['user_id']).",".$nb_days_acess_before.", ".$nb_days_acess_after.")",__FILE__,__LINE__);
$id_session=Database::get_last_insert_id();
// add event to system log
@ -160,7 +160,7 @@ class SessionManager {
$msg=get_lang('StartDateShouldBeBeforeEndDate');
return $msg;
} else {
$rs = api_sql_query("SELECT id FROM $tbl_session WHERE name='".Database::escape_string($name)."'");
$rs = Database::query("SELECT id FROM $tbl_session WHERE name='".Database::escape_string($name)."'");
$exists = false;
while ($row = Database::fetch_array($rs)) {
if($row['id']!=$id)
@ -178,11 +178,11 @@ class SessionManager {
nb_days_access_before_beginning = ".$nb_days_acess_before.",
nb_days_access_after_end = ".$nb_days_acess_after."
WHERE id='$id'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
/*$sqlu = "UPDATE $tbl_session_rel_course " .
" SET id_coach='$id_coach'" .
" WHERE id_session='$id'";
api_sql_query($sqlu,__FILE__,__LINE__);*/
Database::query($sqlu,__FILE__,__LINE__);*/
return $id;
}
}
@ -209,22 +209,22 @@ class SessionManager {
if (!api_is_platform_admin()) {
$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_checked;
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
if (Database::result($rs,0,0)!=$_user['user_id']) {
api_not_allowed(true);
}
}
api_sql_query("DELETE FROM $tbl_session WHERE id IN($id_checked)",__FILE__,__LINE__);
api_sql_query("DELETE FROM $tbl_session_rel_course WHERE id_session IN($id_checked)",__FILE__,__LINE__);
api_sql_query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session IN($id_checked)",__FILE__,__LINE__);
api_sql_query("DELETE FROM $tbl_session_rel_user WHERE id_session IN($id_checked)",__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_session WHERE id IN($id_checked)",__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_session_rel_course WHERE id_session IN($id_checked)",__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session IN($id_checked)",__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_session_rel_user WHERE id_session IN($id_checked)",__FILE__,__LINE__);
// delete extra session fields
$t_sf = Database::get_main_table(TABLE_MAIN_SESSION_FIELD);
$t_sfv = Database::get_main_table(TABLE_MAIN_SESSION_FIELD_VALUES);
$sql = "SELECT distinct field_id FROM $t_sfv WHERE session_id = '$id_checked'";
$res_field_ids = @api_sql_query($sql,__FILE__,__LINE__);
$res_field_ids = @Database::query($sql,__FILE__,__LINE__);
while($row_field_id = Database::fetch_row($res_field_ids)){
$field_ids[] = $row_field_id[0];
@ -233,10 +233,10 @@ class SessionManager {
//delete from table_session_field_value from a given session id
$sql_session_field_value = "DELETE FROM $t_sfv WHERE session_id = '$id_checked'";
@api_sql_query($sql_session_field_value,__FILE__,__LINE__);
@Database::query($sql_session_field_value,__FILE__,__LINE__);
$sql = "SELECT distinct field_id FROM $t_sfv";
$res_field_all_ids = @api_sql_query($sql,__FILE__,__LINE__);
$res_field_all_ids = @Database::query($sql,__FILE__,__LINE__);
while($row_field_all_id = Database::fetch_row($res_field_all_ids)){
$field_all_ids[] = $row_field_all_id[0];
@ -249,7 +249,7 @@ class SessionManager {
continue;
} else {
$sql_session_field = "DELETE FROM $t_sf WHERE id = '$field_id'";
api_sql_query($sql_session_field,__FILE__,__LINE__);
Database::query($sql_session_field,__FILE__,__LINE__);
}
}
}
@ -282,13 +282,13 @@ class SessionManager {
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$sql = "SELECT id_user FROM $tbl_session_rel_user WHERE id_session='$id_session'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$existingUsers = array();
while($row = Database::fetch_array($result)){
$existingUsers[] = $row['id_user'];
}
$sql = "SELECT course_code FROM $tbl_session_rel_course WHERE id_session='$id_session'";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$course_list=array();
while($row=Database::fetch_array($result)) {
@ -304,7 +304,7 @@ class SessionManager {
foreach ($existingUsers as $existing_user) {
if(!in_array($existing_user, $user_list)) {
$sql = "DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code='$enreg_course' AND id_user='$existing_user'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
if(Database::affected_rows()) {
$nbr_users--;
@ -317,7 +317,7 @@ class SessionManager {
if(!in_array($enreg_user, $existingUsers)) {
$enreg_user = Database::escape_string($enreg_user);
$insert_sql = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')";
api_sql_query($insert_sql,__FILE__,__LINE__);
Database::query($insert_sql,__FILE__,__LINE__);
if(Database::affected_rows()) {
$nbr_users++;
}
@ -325,15 +325,15 @@ class SessionManager {
}
// count users in this session-course relation
$sql = "SELECT COUNT(id_user) as nbUsers FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code='$enreg_course'";
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
list($nbr_users) = Database::fetch_array($rs);
// update the session-course relation to add the users total
$update_sql = "UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'";
api_sql_query($update_sql,__FILE__,__LINE__);
Database::query($update_sql,__FILE__,__LINE__);
}
// delete users from the session
if ($empty_users===true){
api_sql_query("DELETE FROM $tbl_session_rel_user WHERE id_session = $id_session",__FILE__,__LINE__);
Database::query("DELETE FROM $tbl_session_rel_user WHERE id_session = $id_session",__FILE__,__LINE__);
}
// insert missing users into session
$nbr_users = 0;
@ -341,12 +341,12 @@ class SessionManager {
$enreg_user = Database::escape_string($enreg_user);
$nbr_users++;
$insert_sql = "INSERT IGNORE INTO $tbl_session_rel_user(id_session, id_user) VALUES('$id_session','$enreg_user')";
api_sql_query($insert_sql,__FILE__,__LINE__);
Database::query($insert_sql,__FILE__,__LINE__);
}
// update number of users in the session
$nbr_users = count($user_list);
$update_sql = "UPDATE $tbl_session SET nbr_users= $nbr_users WHERE id='$id_session' ";
api_sql_query($update_sql,__FILE__,__LINE__);
Database::query($update_sql,__FILE__,__LINE__);
}
/** Subscribes courses to the given session and optionally (default) unsubscribes previous users
* @author Carlos Vargas <carlos.vargas@dokeos.com>,from existing code
@ -368,26 +368,26 @@ class SessionManager {
$tbl_session_rel_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
$tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
// get general coach ID
$id_coach = api_sql_query("SELECT id_coach FROM $tbl_session WHERE id=$id_session");
$id_coach = Database::query("SELECT id_coach FROM $tbl_session WHERE id=$id_session");
$id_coach = Database::fetch_array($id_coach);
$id_coach = $id_coach[0];
// get list of courses subscribed to this session
$rs = api_sql_query("SELECT course_code FROM $tbl_session_rel_course WHERE id_session=$id_session");
$rs = Database::query("SELECT course_code FROM $tbl_session_rel_course WHERE id_session=$id_session");
$existingCourses = Database::store_result($rs);
$nbr_courses=count($existingCourses);
// get list of users subscribed to this session
$sql="SELECT id_user
FROM $tbl_session_rel_user
WHERE id_session = $id_session";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$user_list=Database::store_result($result);
// remove existing courses from the session
if ($empty_courses===true) {
foreach ($existingCourses as $existingCourse) {
if (!in_array($existingCourse['course_code'], $course_list)){
api_sql_query("DELETE FROM $tbl_session_rel_course WHERE course_code='".$existingCourse['course_code']."' AND id_session=$id_session");
api_sql_query("DELETE FROM $tbl_session_rel_course_rel_user WHERE course_code='".$existingCourse['course_code']."' AND id_session=$id_session");
Database::query("DELETE FROM $tbl_session_rel_course WHERE course_code='".$existingCourse['course_code']."' AND id_session=$id_session");
Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE course_code='".$existingCourse['course_code']."' AND id_session=$id_session");
}
}
@ -407,7 +407,7 @@ class SessionManager {
if (!$exists) {
//if the course isn't subscribed yet
$sql_insert_rel_course= "INSERT INTO $tbl_session_rel_course (id_session,course_code, id_coach) VALUES ('$id_session','$enreg_course','$id_coach')";
api_sql_query($sql_insert_rel_course ,__FILE__,__LINE__);
Database::query($sql_insert_rel_course ,__FILE__,__LINE__);
//We add the current course in the existing courses array, to avoid adding another time the current course
$existingCourses[]=array('course_code'=>$enreg_course);
$nbr_courses++;
@ -417,15 +417,15 @@ class SessionManager {
foreach ($user_list as $enreg_user) {
$enreg_user_id = Database::escape_string($enreg_user['id_user']);
$sql_insert = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user (id_session,course_code,id_user) VALUES ('$id_session','$enreg_course','$enreg_user_id')";
api_sql_query($sql_insert,__FILE__,__LINE__);
Database::query($sql_insert,__FILE__,__LINE__);
if (Database::affected_rows()) {
$nbr_users++;
}
}
api_sql_query("UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'",__FILE__,__LINE__);
}
}
api_sql_query("UPDATE $tbl_session SET nbr_courses=$nbr_courses WHERE id='$id_session'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_session SET nbr_courses=$nbr_courses WHERE id='$id_session'",__FILE__,__LINE__);
}
/**
@ -443,7 +443,7 @@ class SessionManager {
$fieldtype = (int)$fieldtype;
$time = time();
$sql_field = "SELECT id FROM $t_sf WHERE field_variable = '$fieldvarname'";
$res_field = api_sql_query($sql_field,__FILE__,__LINE__);
$res_field = Database::query($sql_field,__FILE__,__LINE__);
$r_field = Database::fetch_row($res_field);
@ -452,7 +452,7 @@ class SessionManager {
} else {
// save new fieldlabel into course_field table
$sql = "SELECT MAX(field_order) FROM $t_sf";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$order = 0;
if (Database::num_rows($res)>0) {
@ -466,7 +466,7 @@ class SessionManager {
field_display_text = '$fieldtitle',
field_order = '$order',
tms = FROM_UNIXTIME($time)";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$field_id=Database::get_last_insert_id();
}
@ -504,7 +504,7 @@ class SessionManager {
}
$sqlsf = "SELECT * FROM $t_sf WHERE field_variable='$fname'";
$ressf = api_sql_query($sqlsf,__FILE__,__LINE__);
$ressf = Database::query($sqlsf,__FILE__,__LINE__);
if(Database::num_rows($ressf)==1)
{ //ok, the field exists
// Check if enumerated field, if the option is available
@ -512,7 +512,7 @@ class SessionManager {
$tms = time();
$sqlsfv = "SELECT * FROM $t_sfv WHERE session_id = '$session_id' AND field_id = '".$rowsf['id']."' ORDER BY id";
$ressfv = api_sql_query($sqlsfv,__FILE__,__LINE__);
$ressfv = Database::query($sqlsfv,__FILE__,__LINE__);
$n = Database::num_rows($ressfv);
if ($n>1) {
//problem, we already have to values for this field and user combination - keep last one
@ -521,14 +521,14 @@ class SessionManager {
if($n > 1)
{
$sqld = "DELETE FROM $t_sfv WHERE id = ".$rowsfv['id'];
$resd = api_sql_query($sqld,__FILE__,__LINE__);
$resd = Database::query($sqld,__FILE__,__LINE__);
$n--;
}
$rowsfv = Database::fetch_array($ressfv);
if($rowsfv['field_value'] != $fvalues)
{
$sqlu = "UPDATE $t_sfv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowsfv['id'];
$resu = api_sql_query($sqlu,__FILE__,__LINE__);
$resu = Database::query($sqlu,__FILE__,__LINE__);
return($resu?true:false);
}
return true;
@ -540,7 +540,7 @@ class SessionManager {
{
$sqlu = "UPDATE $t_sfv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowsfv['id'];
//error_log('UM::update_extra_field_value: '.$sqlu);
$resu = api_sql_query($sqlu,__FILE__,__LINE__);
$resu = Database::query($sqlu,__FILE__,__LINE__);
return($resu?true:false);
}
return true;
@ -548,7 +548,7 @@ class SessionManager {
$sqli = "INSERT INTO $t_sfv (session_id,field_id,field_value,tms) " .
"VALUES ('$session_id',".$rowsf['id'].",'$fvalues',FROM_UNIXTIME($tms))";
//error_log('UM::update_extra_field_value: '.$sqli);
$resi = api_sql_query($sqli,__FILE__,__LINE__);
$resi = Database::query($sqli,__FILE__,__LINE__);
return($resi?true:false);
}
} else {
@ -566,7 +566,7 @@ class SessionManager {
$tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
$return_value = false;
$sql= "SELECT course_code FROM $tbl_session_course WHERE id_session = ".Database::escape_string($session_id)." AND course_code = '".Database::escape_string($course_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$num = Database::num_rows($result);
if ($num>0) {
$return_value = true;
@ -582,7 +582,7 @@ class SessionManager {
public static function get_session_by_name ($session_name) {
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$sql = 'SELECT id, id_coach, date_start, date_end FROM '.$tbl_session.' WHERE name="'.Database::escape_string($session_name).'"';
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$num = Database::num_rows($result);
if ($num>0){
return Database::fetch_array($result);

20
main/inc/lib/specific_fields_manager.lib.php
Unescape View File

@ -23,7 +23,7 @@ function add_specific_field($name) {
$_safe_code = get_specific_field_code_from_name($_safe_code);
if ($_safe_code === false) { return false; }
$sql = sprintf($sql, $table_sf, $_safe_code, $_safe_name);
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if ($result) {
return Database::get_last_insert_id();
}
@ -44,7 +44,7 @@ function delete_specific_field($id) {
}
$sql = 'DELETE FROM %s WHERE id=%s LIMIT 1';
$sql = sprintf($sql, $table_sf, $id);
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
//TODO also delete the corresponding values
}
@ -61,7 +61,7 @@ function edit_specific_field($id, $name) {
}
$sql = 'UPDATE %s SET name = \'%s\' WHERE id = %s LIMIT 1';
$sql = sprintf($sql, $table_sf, $name, $id);
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
}
/**
@ -84,7 +84,7 @@ function get_specific_field_list($conditions = array(), $order_by = array()) {
if (count($order_by) > 0) {
$sql .= ' ORDER BY '.implode(',',$order_by);
}
$sql_result = api_sql_query($sql,__FILE__,__LINE__);
$sql_result = Database::query($sql,__FILE__,__LINE__);
while ($result = Database::fetch_array($sql_result)) {
$return_array[] = $result;
}
@ -112,7 +112,7 @@ function get_specific_field_values_list($conditions = array(), $order_by = array
if (count($order_by) > 0) {
$sql .= ' ORDER BY '.implode(',',$order_by);
}
$sql_result = api_sql_query($sql,__FILE__,__LINE__);
$sql_result = Database::query($sql,__FILE__,__LINE__);
while ($result = Database::fetch_array($sql_result)) {
$return_array[] = $result;
}
@ -133,7 +133,7 @@ function get_specific_field_values_list_by_prefix($prefix, $course_code, $tool_i
$sql = 'SELECT sfv.value FROM %s sf LEFT JOIN %s sfv ON sf.id = sfv.field_id' .
' WHERE sf.code = \'%s\' AND sfv.course_code = \'%s\' AND tool_id = \'%s\' AND sfv.ref_id = %s';
$sql = sprintf($sql, $table_sf, $table_sfv, $prefix, $course_code, $tool_id, $ref_id);
$sql_result = api_sql_query($sql,__FILE__,__LINE__);
$sql_result = Database::query($sql,__FILE__,__LINE__);
while ($result = Database::fetch_array($sql_result)) {
$return_array[] = $result;
}
@ -156,7 +156,7 @@ function add_specific_field_value($id_specific_field, $course_id, $tool_id, $ref
}
$sql = 'INSERT INTO %s(id, course_code, tool_id, ref_id, field_id, value) VALUES(NULL, \'%s\', \'%s\', %s, %s, \'%s\')';
$sql = sprintf($sql, $table_sf_values, $course_id, $tool_id, $ref_id, $id_specific_field, Database::escape_string($value));
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if ($result) {
return Database::get_last_insert_id();
}
@ -176,7 +176,7 @@ function delete_all_specific_field_value($course_id, $id_specific_field, $tool_i
$table_sf_values = Database :: get_main_table(TABLE_MAIN_SPECIFIC_FIELD_VALUES);
$sql = 'DELETE FROM %s WHERE course_code = \'%s\' AND tool_id = \'%s\' AND ref_id = %s AND field_id = %s';
$sql = sprintf($sql, $table_sf_values, $course_id, $tool_id, $ref_id, $id_specific_field);
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
}
/**
@ -190,7 +190,7 @@ function delete_all_values_for_item($course_id, $tool_id, $ref_id) {
$table_sf_values = Database :: get_main_table(TABLE_MAIN_SPECIFIC_FIELD_VALUES);
$sql = 'DELETE FROM %s WHERE course_code = \'%s\' AND tool_id = \'%s\' AND ref_id = %s';
$sql = sprintf($sql, $table_sf_values, $course_id, $tool_id, $ref_id);
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
}
/**
@ -206,7 +206,7 @@ function get_specific_field_code_from_name($name) {
$list = array('A','B','D','E','F','G','H','I','J','K','L','M','N','P','Q','R','S','T','U','V','W','X','Y');
$table_sf = Database :: get_main_table(TABLE_MAIN_SPECIFIC_FIELD);
$sql = "SELECT code FROM $table_sf ORDER BY code";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$code = strtoupper(substr($name,0,1));
//if no code exists in DB, return current one
if (Database::num_rows($res)<1) { return $code;}

270
main/inc/lib/surveymanager.lib.php
Unescape View File

@ -41,7 +41,7 @@ class SurveyManager {
public static function select_survey_list ($seleced_surveyid='', $extra_script='') {
$survey_table = Database :: get_course_table(TABLE_SURVEY);
$sql = "SELECT * FROM $survey_table";// WHERE is_shared='1'";
$sql_result = api_sql_query($sql,__FILE__,__LINE__);
$sql_result = Database::query($sql,__FILE__,__LINE__);
if(mysql_num_rows($sql_result)>0)
{
$str_survey_list = "";
@ -70,7 +70,7 @@ class SurveyManager {
$survey_table = Database :: get_course_table(TABLE_MAIN_SURVEY);
$sql = "SELECT survey_id FROM $survey_table WHERE title='$existing'" ;
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$i=0;
$survey_id=mysql_result($result,$i,'survey_id');
echo "in getsurveyid".$survey_id;
@ -85,7 +85,7 @@ class SurveyManager {
{
$sql_query = "SELECT * FROM $table_group WHERE groupname='".Database::escape_string($group_title)."' AND survey_id=".Database::escape_string($survey_id);
$res = api_sql_query($sql_query, __FILE__, __LINE__);
$res = Database::query($sql_query, __FILE__, __LINE__);
if(mysql_num_rows($res))
{
return false;
@ -95,11 +95,11 @@ class SurveyManager {
{
$sql = 'SELECT MAX(sortby) FROM '.$table_group.' WHERE survey_id="'.Database::escape_string($survey_id).'"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
list($sortby) = mysql_fetch_array($rs);
$sortby++;
$sql="INSERT INTO $table_group(group_id,survey_id,groupname,introduction, sortby) values('','$survey_id','$group_title','$introduction','$sortby')";
$result=api_sql_query($sql);
$result=Database::query($sql);
return mysql_insert_id();
}
@ -113,7 +113,7 @@ class SurveyManager {
$user_table = Database :: get_main_table(TABLE_MAIN_USER);
$authorid = Database::escape_string($authorid);
$sql_query = "SELECT * FROM $user_table WHERE user_id='$authorid'";
$res = api_sql_query($sql_query, __FILE__, __LINE__);
$res = Database::query($sql_query, __FILE__, __LINE__);
$firstname=@mysql_result($res,0,'firstname');
return $firstname;
}
@ -126,7 +126,7 @@ class SurveyManager {
//$table_survey = Database :: get_course_table(TABLE_SURVEY);
$survey_id = Database::escape_string($survey_id);
$sql = "SELECT author FROM $db_name.survey WHERE survey_id='$survey_id'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$author=@mysql_result($res,0,'author');
return $author;
}
@ -138,7 +138,7 @@ class SurveyManager {
//$group_table = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP);
$group_id = Database::escape_string($group_id);
$sql = "SELECT survey_id FROM $db_name.survey_group WHERE group_id='$group_id'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$surveyid=@mysql_result($res,0,'survey_id');
return $surveyid;
}
@ -147,7 +147,7 @@ class SurveyManager {
//$grouptable = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP);
$gid = Database::escape_string($gid);
$sql = "SELECT * FROM $db_name.survey_group WHERE group_id='$gid'";
$res=api_sql_query($sql);
$res=Database::query($sql);
$code=@Database::result($res,0,'groupname');
return($code);
}
@ -161,7 +161,7 @@ class SurveyManager {
$introduction = Database::escape_string($introduction);
$sql="INSERT INTO $tb (group_id,survey_id,group_title,introduction) values('','$survey_id','$group_title','$introduction')";
$result=api_sql_query($sql);
$result=Database::query($sql);
return mysql_insert_id();
}
/**
@ -173,7 +173,7 @@ class SurveyManager {
$sql="SELECT code FROM $table_survey where code='$survey_code'";
//echo $sql;
//exit;
$result=api_sql_query($sql);
$result=Database::query($sql);
$code=@mysql_result($result,0,'code');
//echo $code;exit;
return($code);
@ -185,7 +185,7 @@ class SurveyManager {
{
$survey_table = Database :: get_course_table(TABLE_SURVEY);
$sql_query = "SELECT survey_id,title FROM $survey_table where title!='' ";
$sql_result = api_sql_query($sql_query,__FILE__,__LINE__);
$sql_result = Database::query($sql_query,__FILE__,__LINE__);
echo "<select name=\"author\">";
echo "<option value=\"\"><--Select Survey--></optional>";
while ($result =@mysql_fetch_array($sql_result))
@ -201,11 +201,11 @@ class SurveyManager {
{
//$table_survey = Database :: get_course_table(TABLE_SURVEY);
$sql = "INSERT INTO $table_survey (code,title, subtitle, author,lang,avail_from,avail_till, is_shared,template,intro,surveythanks,creation_date) values('$surveycode','$surveytitle','$surveysubtitle','$author','$survey_language','$availablefrom','$availabletill','$isshare','$surveytemplate','$surveyintroduction','$surveythanks',curdate())";
$result = api_sql_query($sql, __FILE__, __LINE__);
//$result = api_sql_query($sql);
$result = Database::query($sql, __FILE__, __LINE__);
//$result = Database::query($sql);
$survey_id = mysql_insert_id();
$sql2 = "INSERT INTO $table_group(group_id,survey_id,groupname,introduction) values('','$survey_id','No Group','This is your Default Group')";
$result = api_sql_query($sql2, __FILE__, __LINE__);
$result = Database::query($sql2, __FILE__, __LINE__);
return $survey_id;
}
/**
@ -232,7 +232,7 @@ class SurveyManager {
surveythanks = "'.addslashes($original_survey->surveythanks).'",
creation_date = "NOW()"';
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$new_survey_id = mysql_insert_id();
// copy the groups
@ -250,7 +250,7 @@ class SurveyManager {
{
//$table_survey = Database :: get_course_table(TABLE_SURVEY);
$sql = "INSERT INTO $table_survey (code,title, subtitle, author,lang,avail_from,avail_till, is_shared,template,intro,surveythanks,creation_date) values('$surveycode','$surveytitle','$surveysubtitle','$author','$survey_language','$availablefrom','$availabletill','$isshare','$surveytemplate','$surveyintroduction','$surveythanks',curdate())";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$survey_id = mysql_insert_id();
return $survey_id;
}
@ -260,13 +260,13 @@ class SurveyManager {
function update_survey($surveyid,$surveycode,$surveytitle, $surveysubtitle, $author, $survey_language, $availablefrom, $availabletill,$isshare, $surveytemplate, $surveyintroduction, $surveythanks, $cidReq,$table_course)
{
$sql_course = "SELECT * FROM $table_course WHERE code = '$cidReq'";
$res_course = api_sql_query($sql_course,__FILE__,__LINE__);
$res_course = Database::query($sql_course,__FILE__,__LINE__);
$obj_course=@mysql_fetch_object($res_course);
$curr_dbname = $obj_course->db_name ;
$surveyid = Database::escape_string($surveyid);
$sql = "UPDATE $curr_dbname.survey SET code='$surveycode', title='$surveytitle', subtitle='$surveysubtitle', lang='$survey_language', avail_from='$availablefrom', avail_till='$availabletill', is_shared='$isshare', template='$surveytemplate', intro='$surveyintroduction',surveythanks='$surveythanks'
WHERE survey_id='$surveyid'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
return $curr_dbname;
}
@ -297,7 +297,7 @@ class SurveyManager {
$table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION);
$sql = "INSERT INTO $table_question (gid,type,caption,ans1,ans2,ans3,ans4,ans5,ans6,ans7,ans8,ans9,ans10,open_ans,anst,ansd,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('$gid','$type','$caption',$x'$open_ans','$anst','$ansd',$y)";
$result = api_sql_query($sql);
$result = Database::query($sql);
return mysql_insert_id();
}
@ -305,7 +305,7 @@ class SurveyManager {
{
$table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION);
$sql = "SELECT * FROM $table_question where qid='$questionid'";
$res=api_sql_query($sql);
$res=Database::query($sql);
$code=@mysql_result($res,0,'caption');
return($code);
}
@ -316,7 +316,7 @@ class SurveyManager {
function create_question($gid,$surveyid,$qtype,$caption,$alignment,$answers,$open_ans,$answerT,$answerD,$rating,$curr_dbname)
{
$sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions ";
$res_sort=api_sql_query($sql_sort);
$res_sort=Database::query($sql_sort);
$rs=mysql_fetch_object($res_sort);
$sortby=$rs->sortby;
if(empty($sortby))
@ -353,7 +353,7 @@ class SurveyManager {
$ansd = $answerD;
//}
$sql = "INSERT INTO $curr_dbname.questions (gid,survey_id,qtype,caption,alignment,sortby,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('$gid','$surveyid','$qtype','$caption','$alignment','$sortby',$x'$anst','$ansd',$y)";
$result = api_sql_query($sql);
$result = Database::query($sql);
return mysql_insert_id();
}
@ -371,7 +371,7 @@ class SurveyManager {
$anst = $answerT;
$ansd = $answerD;
$sql = "UPDATE $curr_dbname.questions SET qtype='$qtype',caption='$caption',alignment='$alignment',a1='$answers[0]',a2='$answers[1]',a3='$answers[2]',a4='$answers[3]',a5='$answers[4]',a6='$answers[5]',a7='$answers[6]',a8='$answers[7]',a9='$answers[8]',a10='$answers[9]' WHERE qid='$qid'";
$result = api_sql_query($sql);
$result = Database::query($sql);
return mysql_insert_id();
}
@ -383,7 +383,7 @@ class SurveyManager {
$table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION);
$questionid = Database::escape_string($questionid);
$sql = "SELECT * FROM $table_question WHERE qid='$questionid'";
$res=api_sql_query($sql);
$res=Database::query($sql);
$code=@mysql_result($res,0,'type');
return($code);
}
@ -396,7 +396,7 @@ class SurveyManager {
//$table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION);
$gid = Database::escape_string($gid);
$sql = "SELECT * FROM $db_name.questions WHERE gid='$gid'";
$res=api_sql_query($sql);
$res=Database::query($sql);
$code=@mysql_num_rows($res);
return($code);
}
@ -408,7 +408,7 @@ class SurveyManager {
{
$qid = Database::escape_string($qid);
$sql = "SELECT * FROM $curr_dbname.questions where qid='$qid'";
$res=api_sql_query($sql);
$res=Database::query($sql);
$rs=mysql_fetch_object($res);
$properties = get_object_vars($rs);
foreach ($properties as $property=>$val){
@ -424,7 +424,7 @@ class SurveyManager {
{
global $_course;
$sql='SELECT '.$field.' FROM '.$_course['dbName'].'.survey WHERE survey_id='.intval($id);
$res=api_sql_query($sql);
$res=Database::query($sql);
$code=@mysql_result($res,0);
return($code);
@ -436,7 +436,7 @@ class SurveyManager {
{
global $_course;
$sql='SELECT * FROM '.$_course['dbName'].'.survey WHERE survey_id='.intval($id);
$res=api_sql_query($sql);
$res=Database::query($sql);
return mysql_fetch_object($res);
}
/**
@ -447,7 +447,7 @@ class SurveyManager {
//$surveytable=Database:: get_course_table(TABLE_SURVEY);
$sid = Database::escape_string($sid);
$sql="SELECT * FROM $db_name.survey WHERE survey_id=$sid";
$res=api_sql_query($sql);
$res=Database::query($sql);
$code=@mysql_result($res,0,'title');
return($code);
}
@ -459,7 +459,7 @@ class SurveyManager {
$sid = Database::escape_string($sid);
$surveytable=Database:: get_course_table(TABLE_SURVEY);
$sql="SELECT * FROM $surveytable WHERE survey_id=$sid";
$res=api_sql_query($sql);
$res=Database::query($sql);
$code=@mysql_result($res,0,'title');
return($code);
}
@ -471,7 +471,7 @@ class SurveyManager {
$table_group = Database :: get_course_table(TABLE_MAIN_GROUP);
$table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION);
echo $sql="select t1.title as stitle, t3.type as type, t3.caption as caption, t2.groupname as groupname from $table_survey t1, $table_group t2, $table_question t3 where t1.survey_id=t2.survey_id and t3.gid=t2.group_id and t3.type='$question_type'";
$sql_result = api_sql_query($sql,__FILE__,__LINE__);
$sql_result = Database::query($sql,__FILE__,__LINE__);
$result = mysql_fetch_object($sql_result);
return ($result);
}
@ -502,9 +502,9 @@ class SurveyManager {
if(isset($selected_group)){
if($selected_group!=''){
$sql = "SELECT $table_group('survey_id', 'groupname') values('$sid', '$groupname')";
$res = api_sql_query($sql);
$res = Database::query($sql);
$sql = "INSERT INTO $table_group('survey_id', 'groupname') values('$sid', '$groupname')";
$res = api_sql_query($sql);
$res = Database::query($sql);
$gid_arr[$index]+= mysql_insert_id();
$groupids=implode(",",$gid_arr);
}
@ -532,20 +532,20 @@ class SurveyManager {
// Deleting the survey
$sql = "DELETE FROM $table_survey WHERE survey_id='".$survey_id."'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
// Deleting all the questions of the survey
$sql = "SELECT * FROM $table_group WHERE survey_id='".$survey_id."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
while($obj = mysql_fetch_object($res))
{
$sql = "DELETE FROM $table_question WHERE gid='".$obj->group_id."'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
// Deleting the groups of the survey
$sql = "DELETE FROM $table_group WHERE survey_id='".$survey_id."'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
return true;
}
@ -566,9 +566,9 @@ class SurveyManager {
$table_survey_group = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP);
$sql = "DELETE FROM $table_question WHERE gid='".$group_id."'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
$sql = "DELETE FROM $table_survey_group WHERE group_id='".$group_id."'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
/**
@ -578,7 +578,7 @@ class SurveyManager {
{
$ques_table=Database::get_course_table(TABLE_MAIN_SURVEYQUESTION);
$sql="SELECT gid FROM $ques_table where qid=$qid";
$res=api_sql_query($sql);
$res=Database::query($sql);
$id=@mysql_result($res,0,'gid');
$gname=surveymanager::get_groupname($id);
return($gname);
@ -589,13 +589,13 @@ class SurveyManager {
function insert_questions($sid,$newgid,$gid,$table_group)
{
$sql_select = "SELECT * FROM $table_group WHERE group_id IN (".$gid.")";
$res = api_sql_query($sql_select);
$res = Database::query($sql_select);
$num = mysql_num_rows($res);
$i=0;
while($i<$num)
{
$sql_insert = "INSERT INTO $table_group(group_id, survey_id, groupname) values('', '$sid', 'Imported Group')";
$result = api_sql_query($sql_insert);
$result = Database::query($sql_insert);
$i++;
}
}
@ -606,7 +606,7 @@ class SurveyManager {
{
$group_table = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP);
$sql = "SELECT * FROM $group_table WHERE survey_id='$survey_id'";
$sql_result = api_sql_query($sql,__FILE__,__LINE__);
$sql_result = Database::query($sql,__FILE__,__LINE__);
if(mysql_num_rows($sql_result)>0)
{
$str_group_list = "";
@ -641,7 +641,7 @@ class SurveyManager {
$queryone = "SELECT * FROM $table_question WHERE gid = '$newgid'";
$rs = api_sql_query($queryone);
$rs = Database::query($queryone);
$numrs=mysql_num_rows($rs);
for($k=0;$k<$numrs;$k++)
@ -680,7 +680,7 @@ class SurveyManager {
$temp_gid = $gid_arr[$index];
$sql = "SELECT * FROM $table_question WHERE gid = '$temp_gid'";
$res = api_sql_query($sql);
$res = Database::query($sql);
$num_rows = mysql_num_rows($res);
while($obj = mysql_fetch_object($res))
{
@ -710,7 +710,7 @@ class SurveyManager {
}
$sql_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$newgid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$temp_gid')";
$res2 = api_sql_query($sql_insert);
$res2 = Database::query($sql_insert);
}
}
@ -728,7 +728,7 @@ class SurveyManager {
{
$sql = "SELECT group_id FROM $table_group WHERE survey_id='$sid'";
$res = api_sql_query($sql);
$res = Database::query($sql);
$num = @mysql_num_rows($res);
//echo "ths is num".$num;
$parameters = array();
@ -738,7 +738,7 @@ class SurveyManager {
$groupid = $obj->group_id;
$query = "SELECT * FROM $table_question WHERE gid = '$groupid'";
$result = api_sql_query($query);
$result = Database::query($query);
while($object = @mysql_fetch_object($result))
{
$display = array();
@ -766,16 +766,16 @@ class SurveyManager {
//For attaching the whole survey with its groups and questions
{
$sql = "SELECT * FROM $db_name.survey_group WHERE survey_id = '$surveyid'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
while($obj=@mysql_fetch_object($res))
{
$groupname=addslashes($obj->groupname);
$introduction=addslashes($obj->introduction);
$sql_insert = "INSERT INTO $curr_dbname.survey_group(group_id,survey_id,groupname,introduction) values('','$newsurveyid','$groupname','$introduction')";
$resnext = api_sql_query($sql_insert,__FILE__,__LINE__);
$resnext = Database::query($sql_insert,__FILE__,__LINE__);
$groupid = mysql_insert_id();
$sql_q = "SELECT * FROM $db_name.questions WHERE gid = '$obj->group_id'";
$res_q = api_sql_query($sql_q,__FILE__,__LINE__);
$res_q = Database::query($sql_q,__FILE__,__LINE__);
while($obj_q = mysql_fetch_object($res_q))
{
$caption1=addslashes($obj_q->caption);
@ -802,14 +802,14 @@ class SurveyManager {
$r9=addslashes($obj_q->r9);
$r10=addslashes($obj_q->r10);
$sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions ";
$res_sort=api_sql_query($sql_sort);
$res_sort=Database::query($sql_sort);
$rs=mysql_fetch_object($res_sort);
$sortby=$rs->sortby;
if(empty($sortby))
{$sortby=1;}
else{$sortby=$sortby+1;}
$sql_q_insert = "INSERT INTO $curr_dbname.questions (qid,gid,survey_id,qtype,caption,alignment,sortby,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$groupid','$newsurveyid','$obj_q->qtype','$caption1','$obj_q->alignment','$sortby','$a1','$a2','$a3','$a4','$a5','$a6','$a7','$a8','$a9','$a10','$at','$ad','$r1','$r2','$r3','$r4','$r5','$r6','$r7','$r8','$r9','$r10')";
api_sql_query($sql_q_insert,__FILE__,__LINE__);
Database::query($sql_q_insert,__FILE__,__LINE__);
}
}
}
@ -818,7 +818,7 @@ class SurveyManager {
function update_group($groupid,$surveyid,$groupnamme,$introduction,$curr_dbname)
{
$sql = "UPDATE $curr_dbname.survey_group SET group_id='$groupid', survey_id='$surveyid', groupname='$groupnamme', introduction='$introduction' WHERE group_id='$groupid'";
api_sql_query($sql, __FILE__, __LINE__);
Database::query($sql, __FILE__, __LINE__);
}
/*
@ -830,17 +830,17 @@ function insert_old_groups($sid,$gids,$table_group,$table_question)
for($p=0;$p<$index;$p++)
{
$sql = "SELECT * FROM $table_group WHERE group_id = '$gid_arr[$p]'";
$res = api_sql_query($sql);
$res = Database::query($sql);
$obj = mysql_fetch_object($res);
$gname = $obj->groupname;
if($gname=='Default')
{
$query = "SELECT * FROM $table_group WHERE survey_id = '$sid' AND groupname = 'Default'";
$result = api_sql_query($query);
$result = Database::query($query);
$object = mysql_fetch_object($result);
$gid = $object->group_id;
$sql_def_check = "SELECT * FROM $table_question WHERE gid = '$gid'";
$res_def_check = api_sql_query($sql_def_check);
$res_def_check = Database::query($sql_def_check);
$count_def_check = mysql_num_rows($res_def_check);
for($ctr=0;$ctr<$count_def_check;$ctr++)
{
@ -850,7 +850,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question)
if(!@in_array($gid_arr[$p],$imp))
{
$sql_ques = "SELECT * FROM $table_question WHERE gid= '$gid_arr[$p]'";
$res_ques = api_sql_query($sql_ques);
$res_ques = Database::query($sql_ques);
$num = mysql_num_rows($res_ques);
while($obj_ques = mysql_fetch_object($res_ques))
{
@ -881,7 +881,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question)
}
}
$sql_ques_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')";
$res_ques_insert = api_sql_query($sql_ques_insert);
$res_ques_insert = Database::query($sql_ques_insert);
}
}
else
@ -893,7 +893,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question)
{
$intro = $obj->introduction;
$sql_check = "SELECT * FROM $table_group WHERE survey_id = '$sid'";
$res_check = api_sql_query($sql_check);
$res_check = Database::query($sql_check);
$num_check = mysql_num_rows($res_check);
for($k=0;$k<$num_check;$k++)
{
@ -903,10 +903,10 @@ function insert_old_groups($sid,$gids,$table_group,$table_question)
if(!@in_array($gid_arr[$p],$imp))
{
$sql_insert = "INSERT INTO $table_group(group_id,survey_id,groupname,introduction,imported_group) values('','$sid','$gname','$intro','$gid_arr[$p]')";
$res_insert = api_sql_query($sql_insert);
$res_insert = Database::query($sql_insert);
$new_gid = mysql_insert_id();
$sql_ques = "SELECT * FROM $table_question WHERE gid= '$gid_arr[$p]'";
$res_ques = api_sql_query($sql_ques);
$res_ques = Database::query($sql_ques);
$num = mysql_num_rows($res_ques);
while($obj_ques = mysql_fetch_object($res_ques))
{
@ -937,7 +937,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question)
}
}
$sql_ques_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$new_gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')";
$res_ques_insert = api_sql_query($sql_ques_insert);
$res_ques_insert = Database::query($sql_ques_insert);
}
}
else
@ -956,7 +956,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
{
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$sql = "SELECT * FROM $table_course WHERE code = '$cidReq'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$obj_name=@mysql_fetch_object($res);
$current_db_name = $obj_name->db_name ;
$gid_arr = explode(",",$gids);
@ -965,17 +965,17 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
for($p=0;$p<$index;$p++)
{
$sql = "SELECT * FROM $db_name.survey_group WHERE group_id = '$gid_arr[$p]'";
$res = api_sql_query($sql);
$res = Database::query($sql);
$obj = mysql_fetch_object($res);
$gname = $obj->groupname;
if($gname=='No Group')
{
$query = "SELECT * FROM $db_name.survey_group WHERE survey_id = '$sid' AND groupname = 'No Group'";
$result = api_sql_query($query);
$result = Database::query($query);
$object = mysql_fetch_object($result);
$gid = $object->group_id;
$sql_def_check = "SELECT * FROM $db_name.questions WHERE gid = '$gid'";
$res_def_check = api_sql_query($sql_def_check);
$res_def_check = Database::query($sql_def_check);
$count_def_check = mysql_num_rows($res_def_check);
for($ctr=0;$ctr<$count_def_check;$ctr++)
{
@ -986,7 +986,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
if(!@in_array($gid_arr[$p],$imp))
{
$sql_ques = "SELECT * FROM $db_name.questions WHERE gid= '$gid_arr[$p]'";
$res_ques = api_sql_query($sql_ques);
$res_ques = Database::query($sql_ques);
$num = mysql_num_rows($res_ques);
while($obj_ques = mysql_fetch_object($res_ques))
{
@ -1017,7 +1017,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
}
}
$sql_ques_insert = "INSERT INTO $current_db_name.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')";
$res_ques_insert = api_sql_query($sql_ques_insert);
$res_ques_insert = Database::query($sql_ques_insert);
}
}
else
@ -1029,7 +1029,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
{
$intro = $obj->introduction;
$sql_check = "SELECT * FROM $db_name.survey_group WHERE survey_id = '$sid'";
$res_check = api_sql_query($sql_check);
$res_check = Database::query($sql_check);
$num_check = mysql_num_rows($res_check);
for($k=0;$k<$num_check;$k++)
{
@ -1039,10 +1039,10 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
if(!@in_array($gid_arr[$p],$imp))
{
$sql_insert = "INSERT INTO $current_db_name.survey_group(group_id,survey_id,groupname,introduction,imported_group) values('','$sid','$gname','$intro','$gid_arr[$p]')";
$res_insert = api_sql_query($sql_insert);
$res_insert = Database::query($sql_insert);
$new_gid = mysql_insert_id();
$sql_ques = "SELECT * FROM $db_name.questions WHERE gid= '$gid_arr[$p]'";
$res_ques = api_sql_query($sql_ques);
$res_ques = Database::query($sql_ques);
$num = mysql_num_rows($res_ques);
while($obj_ques = mysql_fetch_object($res_ques))
{
@ -1073,7 +1073,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
}
}
$sql_ques_insert = "INSERT INTO $current_db_name.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$new_gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')";
$res_ques_insert = api_sql_query($sql_ques_insert);
$res_ques_insert = Database::query($sql_ques_insert);
}
}
else
@ -1092,7 +1092,7 @@ function import_question($surveyid,$qids,$table_group,$table_question,$db_name,$
{
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$sql_course = "SELECT * FROM $table_course WHERE code = '$cidReq'";
$res_course = api_sql_query($sql_course,__FILE__,__LINE__);
$res_course = Database::query($sql_course,__FILE__,__LINE__);
$obj_name=@mysql_fetch_object($res_course);
$current_db_name = $obj_name->db_name ;
$qid=explode(",",$qids);
@ -1100,20 +1100,20 @@ function import_question($surveyid,$qids,$table_group,$table_question,$db_name,$
for($i=0; $i<$count; $i++)
{
$sql_q = "SELECT * FROM $table_question WHERE qid = '$qid[$i]'";
$res_q = api_sql_query($sql_q,__FILE__,__LINE__);
$res_q = Database::query($sql_q,__FILE__,__LINE__);
$obj=@mysql_fetch_object($res_q);
$oldgid=$obj->gid;
$sql = "SELECT * FROM $table_group WHERE group_id = '$oldgid'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$obj_gr = @mysql_fetch_object($res);
$gname = $obj_gr->groupname;
$gintro = $obj_gr->introduction;
$sql_gid = "SELECT * FROM $table_group WHERE survey_id = '$surveyid' AND groupname = '$gname'";
$res_gid = api_sql_query($sql_gid,__FILE__,__LINE__);
$res_gid = Database::query($sql_gid,__FILE__,__LINE__);
$num=mysql_num_rows($res_gid);
$obj_gid=@mysql_fetch_object($res_gid);
$sql_quesid = "SELECT * FROM $table_question WHERE gid = '$obj_gid->group_id' AND caption = '$obj->caption'";
$res_quesid = api_sql_query($sql_quesid,__FILE__,__LINE__);
$res_quesid = Database::query($sql_quesid,__FILE__,__LINE__);
$num_ques=mysql_num_rows($res_quesid);
if($num_ques>0)
{
@ -1125,15 +1125,15 @@ function import_question($surveyid,$qids,$table_group,$table_question,$db_name,$
if($num>0 && $yes=="yes")
{
$sql_q_insert = "INSERT INTO $current_db_name.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$obj_gid->group_id','$obj->qtype','$obj->caption','$obj->a1','$obj->a2','$obj->a3','$obj->a4','$obj->a5','$obj->a6','$obj->a7','$obj->a8','$obj->a9','$obj->a10','$obj->at','$obj->ad','$obj->r1','$obj->r2','$obj->r3','$obj->r4','$obj->r5','$obj->r6','$obj->r7','$obj->r8','$obj->r9','$obj->r10')";
api_sql_query($sql_q_insert,__FILE__,__LINE__);
Database::query($sql_q_insert,__FILE__,__LINE__);
}
else
{
$sql_ginsert="INSERT INTO $current_db_name.survey_group(group_id,survey_id,groupname,introduction) values('','$surveyid','$gname','$gintro')";
api_sql_query($sql_ginsert,__FILE__,__LINE__);
Database::query($sql_ginsert,__FILE__,__LINE__);
$new_gid = mysql_insert_id();
$sql_q_insert = "INSERT INTO $current_db_name.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$new_gid','$obj->qtype','$obj->caption','$obj->a1','$obj->a2','$obj->a3','$obj->a4','$obj->a5','$obj->a6','$obj->a7','$obj->a8','$obj->a9','$obj->a10','$obj->at','$obj->ad','$obj->r1','$obj->r2','$obj->r3','$obj->r4','$obj->r5','$obj->r6','$obj->r7','$obj->r8','$obj->r9','$obj->r10')";
api_sql_query($sql_q_insert,__FILE__,__LINE__);
Database::query($sql_q_insert,__FILE__,__LINE__);
}
}
}
@ -1145,12 +1145,12 @@ function import_question($surveyid,$qids,$table_group,$table_question,$db_name,$
function create_course_survey_rel($cidReq,$survey_id,$table_course,$table_course_survey_rel)
{
$sql = "SELECT * FROM $table_course WHERE code = '$cidReq'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$obj=@mysql_fetch_object($res);
$db_name = $obj->db_name ;
$sql="INSERT INTO $table_course_survey_rel(id,course_code,db_name,survey_id) values('','$cidReq','$db_name','$survey_id')";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
return $db_name;
}
/**
@ -1163,20 +1163,20 @@ function import_existing_question($surveyid,$qids,$table_group,$table_question,$
for($i=0; $i<$count; $i++)
{
$sql_q = "SELECT * FROM $table_question WHERE qid = '$qid[$i]'";
$res_q = api_sql_query($sql_q,__FILE__,__LINE__);
$res_q = Database::query($sql_q,__FILE__,__LINE__);
$obj=@mysql_fetch_object($res_q);
$oldgid=$obj->gid;
$sql = "SELECT * FROM $table_group WHERE group_id = '$oldgid'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$obj_gr = @mysql_fetch_object($res);
$gname = $obj_gr->groupname;
$gintro = $obj_gr->introduction;
$sql_gid = "SELECT * FROM $table_group WHERE survey_id = '$surveyid' AND groupname = '$gname'";
$res_gid = api_sql_query($sql_gid,__FILE__,__LINE__);
$res_gid = Database::query($sql_gid,__FILE__,__LINE__);
$num=mysql_num_rows($res_gid);
$obj_gid=@mysql_fetch_object($res_gid);
$sql_quesid = "SELECT * FROM $table_question WHERE gid = '$obj_gid->group_id' AND caption = '$obj->caption'";
$res_quesid = api_sql_query($sql_quesid,__FILE__,__LINE__);
$res_quesid = Database::query($sql_quesid,__FILE__,__LINE__);
$num_ques=mysql_num_rows($res_quesid);
if($num_ques>0)
{
@ -1188,15 +1188,15 @@ function import_existing_question($surveyid,$qids,$table_group,$table_question,$
if($num>0 && $yes=="yes")
{
$sql_q_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$obj_gid->group_id','$obj->qtype','$obj->caption','$obj->a1','$obj->a2','$obj->a3','$obj->a4','$obj->a5','$obj->a6','$obj->a7','$obj->a8','$obj->a9','$obj->a10','$obj->at','$obj->ad','$obj->r1','$obj->r2','$obj->r3','$obj->r4','$obj->r5','$obj->r6','$obj->r7','$obj->r8','$obj->r9','$obj->r10')";
api_sql_query($sql_q_insert,__FILE__,__LINE__);
Database::query($sql_q_insert,__FILE__,__LINE__);
}
else
{
$sql_ginsert="INSERT INTO $table_group(group_id,survey_id,groupname,introduction) values('','$surveyid','$gname','$gintro')";
api_sql_query($sql_ginsert,__FILE__,__LINE__);
Database::query($sql_ginsert,__FILE__,__LINE__);
$new_gid = mysql_insert_id();
$sql_q_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$new_gid','$obj->qtype','$obj->caption','$obj->a1','$obj->a2','$obj->a3','$obj->a4','$obj->a5','$obj->a6','$obj->a7','$obj->a8','$obj->a9','$obj->a10','$obj->at','$obj->ad','$obj->r1','$obj->r2','$obj->r3','$obj->r4','$obj->r5','$obj->r6','$obj->r7','$obj->r8','$obj->r9','$obj->r10')";
api_sql_query($sql_q_insert,__FILE__,__LINE__);
Database::query($sql_q_insert,__FILE__,__LINE__);
}
}
}
@ -1213,17 +1213,17 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
for($p=0;$p<$index;$p++)
{
$sql = "SELECT * FROM $table_group WHERE group_id = '$gid_arr[$p]'";
$res = api_sql_query($sql);
$res = Database::query($sql);
$obj = mysql_fetch_object($res);
$gname = $obj->groupname;
if($gname=='No Group')
{
$query = "SELECT * FROM $table_group WHERE survey_id = '$sid' AND groupname = 'No Group'";
$result = api_sql_query($query);
$result = Database::query($query);
$object = mysql_fetch_object($result);
$gid = $object->group_id;
$sql_def_check = "SELECT * FROM $table_question WHERE gid = '$gid'";
$res_def_check = api_sql_query($sql_def_check);
$res_def_check = Database::query($sql_def_check);
$count_def_check = mysql_num_rows($res_def_check);
for($ctr=0;$ctr<$count_def_check;$ctr++)
{
@ -1233,7 +1233,7 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
if(!@in_array($gid_arr[$p],$imp))
{
$sql_ques = "SELECT * FROM $table_question WHERE gid= '$gid_arr[$p]'";
$res_ques = api_sql_query($sql_ques);
$res_ques = Database::query($sql_ques);
$num = mysql_num_rows($res_ques);
while($obj_ques = mysql_fetch_object($res_ques))
{
@ -1264,7 +1264,7 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
}
}
$sql_ques_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')";
$res_ques_insert = api_sql_query($sql_ques_insert);
$res_ques_insert = Database::query($sql_ques_insert);
}
}
else
@ -1276,7 +1276,7 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
{
$intro = $obj->introduction;
$sql_check = "SELECT * FROM $table_group WHERE survey_id = '$sid'";
$res_check = api_sql_query($sql_check);
$res_check = Database::query($sql_check);
$num_check = mysql_num_rows($res_check);
for($k=0;$k<$num_check;$k++)
{
@ -1286,10 +1286,10 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
if(!@in_array($gid_arr[$p],$imp))
{
$sql_insert = "INSERT INTO $table_group(group_id,survey_id,groupname,introduction,imported_group) values('','$sid','$gname','$intro','$gid_arr[$p]')";
$res_insert = api_sql_query($sql_insert);
$res_insert = Database::query($sql_insert);
$new_gid = mysql_insert_id();
$sql_ques = "SELECT * FROM $table_question WHERE gid= '$gid_arr[$p]'";
$res_ques = api_sql_query($sql_ques);
$res_ques = Database::query($sql_ques);
$num = mysql_num_rows($res_ques);
while($obj_ques = mysql_fetch_object($res_ques))
{
@ -1320,7 +1320,7 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
}
}
$sql_ques_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$new_gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')";
$res_ques_insert = api_sql_query($sql_ques_insert);
$res_ques_insert = Database::query($sql_ques_insert);
}
}
else
@ -1338,7 +1338,7 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
{
$surveytable=Database:: get_course_table(TABLE_SURVEY);
$sql="SELECT * FROM $surveytable WHERE survey_id=$sid";
$res=api_sql_query($sql);
$res=Database::query($sql);
$code=@mysql_result($res,0,'title');
return($code);
}
@ -1349,7 +1349,7 @@ function pick_author($survey_id)
{
$survey_table = Database :: get_course_table(TABLE_SURVEY);
$sql = "SELECT author FROM $survey_table WHERE survey_id='$survey_id'";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$author=@mysql_result($res,0,'author');
return $author;
}
@ -1363,14 +1363,14 @@ function question_import($surveyid,$qids,$db_name,$curr_dbname)
for($i=0; $i<$count; $i++)
{
$sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions ";
$res_sort=api_sql_query($sql_sort);
$res_sort=Database::query($sql_sort);
$rs=mysql_fetch_object($res_sort);
$sortby=$rs->sortby;
if(empty($sortby))
{$sortby=1;}
else{$sortby=$sortby+1;}
$sql_q = "SELECT * FROM $db_name.questions WHERE qid = '$qid[$i]'";
$res_q = api_sql_query($sql_q,__FILE__,__LINE__);
$res_q = Database::query($sql_q,__FILE__,__LINE__);
$obj=@mysql_fetch_object($res_q);
$oldgid=$obj->gid;
$caption1=addslashes($obj->caption);
@ -1397,11 +1397,11 @@ function question_import($surveyid,$qids,$db_name,$curr_dbname)
$r9=addslashes($obj->r9);
$r10=addslashes($obj_q->r10);
//$sql_gr = "SELECT * FROM $db_name.survey_group WHERE group_id = '$oldgid'";
//$res_gr = api_sql_query($sql_gr,__FILE__,__LINE__);
//$res_gr = Database::query($sql_gr,__FILE__,__LINE__);
// $obj_gr=@mysql_fetch_object($res_gr);
//$groupname = $obj_gr->groupname
$sql_quesid = "SELECT * FROM $curr_dbname.questions WHERE survey_id = '$surveyid' AND imported_question = '$qid[$i]' AND db_name = '$db_name'";
$res_quesid = api_sql_query($sql_quesid,__FILE__,__LINE__);
$res_quesid = Database::query($sql_quesid,__FILE__,__LINE__);
$num_ques=mysql_num_rows($res_quesid);
if($num_ques>0)
{
@ -1410,26 +1410,26 @@ function question_import($surveyid,$qids,$db_name,$curr_dbname)
else
{
$sql_group = "SELECT * FROM $db_name.survey_group WHERE group_id = '$oldgid'";
$res_group = api_sql_query($sql_group,__FILE__,__LINE__);
$res_group = Database::query($sql_group,__FILE__,__LINE__);
$obj_group=@mysql_fetch_object($res_group);
$groupname = $obj_group->groupname;
$sql = "SELECT * FROM $curr_dbname.survey_group WHERE groupname = '$groupname' AND survey_id = '$surveyid'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$obj_gro = mysql_fetch_object($res);
$num_group=mysql_num_rows($res);
if($num_group>0)
{
$sql_q_insert = "INSERT INTO $curr_dbname.questions (qid,gid,survey_id,qtype,caption,alignment,sortby,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_question,db_name) values('','$obj_gro->group_id','$surveyid','$obj->qtype','$caption1','$obj->alignment','$sortby','$a1','$a2','$a3','$a4','$a5','$a6','$a7','$a8','$a9','$a10','$at','$ad','$r1','$r2','$r3','$r4','$r5','$r6','$r7','$r8','$r9','$r10','$qid[$i]','$db_name')";
api_sql_query($sql_q_insert,__FILE__,__LINE__);
Database::query($sql_q_insert,__FILE__,__LINE__);
}
else
{
//$num_group;
$sql_ginsert="INSERT INTO $curr_dbname.survey_group(group_id,survey_id,groupname,introduction,imported_group, db_name) values('','$surveyid','$groupname','$obj_group->introduction','$oldgid','$db_name')";
api_sql_query($sql_ginsert,__FILE__,__LINE__);
Database::query($sql_ginsert,__FILE__,__LINE__);
$new_gid = mysql_insert_id();
$sql_q_insert = "INSERT INTO $curr_dbname.questions (qid,gid,survey_id,qtype,caption,alignment,sortby,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_question,db_name) values('','$new_gid','$surveyid','$obj->qtype','$caption1','$obj->alignment','$sortby','$a1','$a2','$a3','$a4','$a5','$a6','$a7','$a8','$a9','$a10','$at','$ad','$r1','$r2','$r3','$r4','$r5','$r6','$r7','$r8','$r9','$r10','$qid[$i]','$db_name')";
api_sql_query($sql_q_insert,__FILE__,__LINE__);
Database::query($sql_q_insert,__FILE__,__LINE__);
}
}
}
@ -1444,19 +1444,19 @@ function import_group($surveyid,$gids,$db_name,$curr_dbname)
for($i=0;$i<$index;$i++)
{
$sql = "SELECT * FROM $db_name.survey_group WHERE group_id = '$gid_arr[$i]'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$obj = mysql_fetch_object($res);
$sql_ques = "SELECT * FROM $db_name.questions WHERE gid = '$gid_arr[$i]'";
$res_ques = api_sql_query($sql_ques,__FILE__,__LINE__);
$res_ques = Database::query($sql_ques,__FILE__,__LINE__);
$obj_ques = mysql_fetch_object($res_ques);
$sql_check = "SELECT * FROM $curr_dbname.survey_group WHERE survey_id = '$surveyid' AND imported_group = '$gid_arr[$i]' AND db_name = '$db_name'";
$res_check = api_sql_query($sql_check);
$res_check = Database::query($sql_check);
$obj_check = mysql_fetch_object($res_check);
$num = mysql_num_rows($res_check);
if($num>0)
{
$sql_question = "SELECT * FROM $curr_dbname.questions WHERE survey_id='$surveyid' AND imported_question = '$obj_ques->qid' AND db_name = '$db_name'";
$res_question = api_sql_query($sql_question,__FILE__,__LINE__);
$res_question = Database::query($sql_question,__FILE__,__LINE__);
$num_ques = mysql_num_rows($res_question);
if($num_ques>0)
{
@ -1465,16 +1465,16 @@ function import_group($surveyid,$gids,$db_name,$curr_dbname)
else
{
$sql_insert_ques = "INSERT INTO $curr_dbname.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_question,db_name) values('','$obj_check->group_id','$surveyid','$obj_ques->qtype','$obj_ques->caption','$obj_ques->a1','$obj_ques->a2','$obj_ques->a3','$obj_ques->a4','$obj_ques->a5','$obj_ques->a6','$obj_ques->a7','$obj_ques->a8','$obj_ques->a9','$obj_ques->a10','$obj_ques->at','$obj_ques->ad','$obj_ques->r1','$obj_ques->r2','$obj_ques->r3','$obj_ques->r4','$obj_ques->r5','$obj_ques->r6','$obj_ques->r7','$obj_ques->r8','$obj_ques->r9','$obj_ques->r10','$obj_ques->qid','$db_name')";
api_sql_query($sql_insert_ques);
Database::query($sql_insert_ques);
}
}
else
{
$insert_group = "INSERT INTO $curr_dbname.survey_group (group_id,survey_id,groupname,introduction,imported_group,db_name) values('','$surveyid','$obj->groupname','$obj->introduction','$obj->group_id','$db_name')";
$res_insert_group=api_sql_query($insert_group);
$res_insert_group=Database::query($insert_group);
$new_gid = mysql_insert_id();
$sql_insert_grp = "INSERT INTO $curr_dbname.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_question,db_name) values('','$new_gid','$surveyid','$obj_ques->qtype','$obj_ques->caption','$obj_ques->a1','$obj_ques->a2','$obj_ques->a3','$obj_ques->a4','$obj_ques->a5','$obj_ques->a6','$obj_ques->a7','$obj_ques->a8','$obj_ques->a9','$obj_ques->a10','$obj_ques->at','$obj_ques->ad','$obj_ques->r1','$obj_ques->r2','$obj_ques->r3','$obj_ques->r4','$obj_ques->r5','$obj_ques->r6','$obj_ques->r7','$obj_ques->r8','$obj_ques->r9','$obj_ques->r10','$obj_ques->qid','$db_name')";
api_sql_query($sql_insert_grp);
Database::query($sql_insert_grp);
}
}
return $message;
@ -1492,13 +1492,13 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
for($i=0;$i<$index;$i++)
{
$sql = "SELECT * FROM $db_name.survey_group WHERE group_id = '$gid_arr[$i]'";
$res = api_sql_query($sql);
$res = Database::query($sql);
$obj = mysql_fetch_object($res);
$groupname=addslashes($obj->groupname);
$introduction=addslashes($obj->introduction);
$g_sortby = intval($obj->sortby);
$sql_curr = "SELECT * FROM $curr_dbname.survey_group WHERE survey_id = '$sid' AND groupname = '$obj->groupname'";
$res_curr = api_sql_query($sql_curr);
$res_curr = Database::query($sql_curr);
$obj_curr = mysql_fetch_object($res_curr);
$gid = $obj_curr->group_id;
$num = mysql_num_rows($res_curr);
@ -1506,7 +1506,7 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
if($num>0) //the group name exists and the questions will be imported in this group.
{
$sql_ques = "SELECT * FROM $curr_dbname.questions WHERE gid = '$gid'";
$res_ques = api_sql_query($sql_ques);
$res_ques = Database::query($sql_ques);
$obj_ques = mysql_fetch_object($res_ques);
$count = mysql_num_rows($res_ques);
for($j=0;$j<$count;$j++)
@ -1517,7 +1517,7 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
$check_qid = @array_unique($check_qid);
$check_db = @array_unique($check_db);
$sql_old = "SELECT * FROM $db_name.questions WHERE gid = '$gid_arr[$i]'";
$res_old = api_sql_query($sql_old);
$res_old = Database::query($sql_old);
while($obj_old = mysql_fetch_object($res_old))
{
$caption1=addslashes($obj_old->caption);
@ -1544,7 +1544,7 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
$r9=addslashes($obj_old->r9);
$r10=addslashes($obj_old->r10);
$sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions ";
$res_sort=api_sql_query($sql_sort);
$res_sort=Database::query($sql_sort);
$rs=mysql_fetch_object($res_sort);
$sortby=$rs->sortby;
if(empty($sortby))
@ -1558,7 +1558,7 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
else
{
$sql_insertq = "INSERT INTO $curr_dbname.questions (qid, gid, survey_id, qtype, caption, alignment, sortby, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, at, ad, alt_text, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, imported_question, db_name) VALUES('', '$gid', '$sid', '$obj_old->qtype', '$caption1', '$obj_old->alignment', '$sortby', '$a1', '$a2', '$a3', '$a4', '$a5', '$a6', '$a7', '$a8', '$a9', '$a10', '$at', '$ad', '$alt_text', '$r1', '$r2', '$r3', '$r4', '$r5', '$r6', '$r7', '$r8', '$r9', '$r10', '$obj_old->qid', '$db_name')";
api_sql_query($sql_insertq);
Database::query($sql_insertq);
}
}
}
@ -1566,10 +1566,10 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
{
$sql_insertg = "INSERT INTO $curr_dbname.survey_group (group_id, survey_id, groupname, introduction, imported_group, db_name, sortby) VALUES ('', '$sid', '$groupname', '$introduction', '$obj->group_id', '$db_name', $g_sortby)";
api_sql_query($sql_insertg);
Database::query($sql_insertg);
$group_id = mysql_insert_id();
$sql_old = "SELECT * FROM $db_name.questions WHERE gid = '$gid_arr[$i]'";
$res_old = api_sql_query($sql_old);
$res_old = Database::query($sql_old);
while($obj_old = mysql_fetch_object($res_old))
{
$caption1=addslashes($obj_old->caption);
@ -1596,14 +1596,14 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
$r9=addslashes($obj_old->r9);
$r10=addslashes($obj_old->r10);
$sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions ";
$res_sort=api_sql_query($sql_sort);
$res_sort=Database::query($sql_sort);
$rs=mysql_fetch_object($res_sort);
$sortby=$rs->sortby;
if(empty($sortby))
{$sortby=1;}
else{$sortby=$sortby+1;}
$sql_insertq = "INSERT INTO $curr_dbname.questions (qid, gid, survey_id, qtype, caption, alignment, sortby, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, at, ad, alt_text, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, imported_question, db_name) VALUES('', '$group_id', '$sid', '$obj_old->qtype', '$caption1', '$obj_old->alignment', '$sortby', '$a1', '$a2', '$a3', '$a4', '$a5', '$a6', '$a7', '$a8', '$a9', '$a10', '$at', '$ad', '$obj_old->alt_text', '$r1', '$r2', '$r3', '$r4', '$r5', '$r6', '$r7', '$r8', '$r9', '$r10', '$obj_old->qid', '$db_name')";
api_sql_query($sql_insertq);
Database::query($sql_insertq);
}
}
}
@ -1626,7 +1626,7 @@ function get_status()
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$sqlm = "SELECT status FROM $table_user WHERE user_id = '".mysql_real_escape_string($_user['user_id'])."'";
$resm = api_sql_query($sqlm,__FILE__,__LINE__);
$resm = Database::query($sqlm,__FILE__,__LINE__);
$objm=@mysql_fetch_object($resm);
$ss = $objm->status ;
return $ss;
@ -1682,7 +1682,7 @@ function listGroups($id_survey, $fields = '*')
$groups_table = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP);
$sql = 'SELECT '.$fields.' FROM '.$groups_table.'
WHERE survey_id='.$id_survey.' ORDER BY sortby';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$groups = array();
while($row = mysql_fetch_array($rs)){
$groups[] = $row;
@ -1705,7 +1705,7 @@ function listQuestions($id_survey, $fields = '*')
WHERE questions.survey_id='.$id_survey.'
ORDER BY groups.sortby, questions.sortby';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$questions = array();
while($row = mysql_fetch_array($rs)){
@ -1725,7 +1725,7 @@ function listAnswers($qid){
$sql = 'SELECT DISTINCT answer FROM '.$answers_table.'
WHERE qid='.$qid;
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$answers = array();
while($row = mysql_fetch_array($rs)){
@ -1745,7 +1745,7 @@ function listUsers($survey_id, $dbname, $fields='id, user_id, firstname, lastnam
WHERE survey_id='.$survey_id.'
AND db_name="'.$dbname.
$order_clause;
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$users = array();
while ($row = mysql_fetch_array($rs)) {
$users[] = $row;
@ -1759,7 +1759,7 @@ function getUserAnswersDetails($id_userAnswers, $params=''){
$table_answers = Database :: get_main_table(TABLE_MAIN_SURVEY_USER);
$sql = 'SELECT * FROM '.$table_answers.' '.$where.' '.$order;
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$answers = array();
while($row = mysql_fetch_array($rs))
$answers[] = $row;
@ -1802,7 +1802,7 @@ class SurveyTree {
WHERE survey.author = user.user_id
GROUP BY survey.survey_id";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$surveys_parents = array ();
$refs = array();
$list = array();

20
main/inc/lib/system_announcements.lib.php
Unescape View File

@ -35,7 +35,7 @@ class SystemAnnouncementManager
break;
}
$sql .= " ORDER BY date_start DESC LIMIT 0,7";
$announcements = api_sql_query($sql,__FILE__,__LINE__);
$announcements = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($announcements))
{
$query_string = ereg_replace('announcement=[1-9]+', '', $_SERVER['QUERY_STRING']);
@ -117,7 +117,7 @@ class SystemAnnouncementManager
} else {
$sql .= " ORDER BY date_start DESC LIMIT ".($start+1).",20";
}
$announcements = api_sql_query($sql,__FILE__,__LINE__);
$announcements = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($announcements)) {
$query_string = ereg_replace('announcement=[1-9]+', '', $_SERVER['QUERY_STRING']);
@ -210,7 +210,7 @@ class SystemAnnouncementManager
}
}
$sql .= 'LIMIT '.$start.',21';
$announcements = api_sql_query($sql,__FILE__,__LINE__);
$announcements = Database::query($sql,__FILE__,__LINE__);
$i = 0;
while($rows = Database::fetch_array($announcements))
{
@ -229,7 +229,7 @@ class SystemAnnouncementManager
$db_table = Database :: get_main_table(TABLE_MAIN_SYSTEM_ANNOUNCEMENTS);
$sql = "SELECT *, IF( NOW() BETWEEN date_start AND date_end, '1', '0') AS visible FROM ".$db_table." ORDER BY date_start ASC";
$announcements = api_sql_query($sql,__FILE__,__LINE__);
$announcements = Database::query($sql,__FILE__,__LINE__);
$all_announcements = array();
while ($announcement = Database::fetch_object($announcements))
{
@ -281,7 +281,7 @@ class SystemAnnouncementManager
if ($send_mail==1) {
SystemAnnouncementManager::send_system_announcement_by_email($title, $content,$visible_teacher, $visible_student);
}
return api_sql_query($sql,__FILE__,__LINE__);
return Database::query($sql,__FILE__,__LINE__);
}
/**
* Updates an announcement to the database
@ -328,7 +328,7 @@ class SystemAnnouncementManager
if ($send_mail==1) {
SystemAnnouncementManager::send_system_announcement_by_email($title, $content,$visible_teacher, $visible_student);
}
return api_sql_query($sql,__FILE__,__LINE__);
return Database::query($sql,__FILE__,__LINE__);
}
/**
* Deletes an announcement
@ -340,7 +340,7 @@ class SystemAnnouncementManager
$db_table = Database :: get_main_table(TABLE_MAIN_SYSTEM_ANNOUNCEMENTS);
$id = intval($id);
$sql = "DELETE FROM ".$db_table." WHERE id='".$id."'";
return api_sql_query($sql,__FILE__,__LINE__);
return Database::query($sql,__FILE__,__LINE__);
}
/**
* Gets an announcement
@ -352,7 +352,7 @@ class SystemAnnouncementManager
$db_table = Database :: get_main_table(TABLE_MAIN_SYSTEM_ANNOUNCEMENTS);
$id = intval($id);
$sql = "SELECT * FROM ".$db_table." WHERE id='".$id."'";
$announcement = Database::fetch_object(api_sql_query($sql,__FILE__,__LINE__));
$announcement = Database::fetch_object(Database::query($sql,__FILE__,__LINE__));
return $announcement;
}
/**
@ -367,7 +367,7 @@ class SystemAnnouncementManager
$announcement_id = intval($announcement_id);
$field = ($user == VISIBLE_TEACHER ? 'visible_teacher' : ($user == VISIBLE_STUDENT ? 'visible_student' : 'visible_guest'));
$sql = "UPDATE ".$db_table." SET ".$field." = '".$visible."' WHERE id='".$announcement_id."'";
return api_sql_query($sql,__FILE__,__LINE__);
return Database::query($sql,__FILE__,__LINE__);
}
function send_system_announcement_by_email($title,$content,$teacher, $student)
@ -389,7 +389,7 @@ class SystemAnnouncementManager
return true;
}
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
while($row = Database::fetch_array($result,'ASSOC'))
{
api_mail_html(api_get_person_name($row['firstname'], $row['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $row['email'], api_html_entity_decode(stripslashes($title), ENT_QUOTES, $charset), api_html_entity_decode(stripslashes($content), ENT_QUOTES, $charset), api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), api_get_setting('emailAdministrator'), api_get_setting('emailAdministrator'));

96
main/inc/lib/tracking.lib.php
Unescape View File

@ -48,7 +48,7 @@ class Tracking {
$sql = 'SELECT login_date, logout_date FROM ' . $tbl_track_login . '
WHERE login_user_id = ' . intval($user_id);
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
$nb_seconds = 0;
@ -100,7 +100,7 @@ class Tracking {
WHERE user_id = ' . $user_id . '
AND course_code="' . $course_code . '"';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
$nb_seconds = 0;
@ -125,7 +125,7 @@ class Tracking {
WHERE login_user_id = ' . intval($student_id) . '
ORDER BY login_date ASC LIMIT 0,1';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($rs)>0)
{
if ($first_login_date = Database::result($rs, 0, 0)) {
@ -141,7 +141,7 @@ class Tracking {
WHERE login_user_id = ' . intval($student_id) . '
ORDER BY login_date DESC LIMIT 0,1';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($rs)>0)
{
if ($last_login_date = Database::result($rs, 0, 0))
@ -185,7 +185,7 @@ class Tracking {
AND course_code = "' . Database::escape_string($course_code) . '"
ORDER BY login_course_date ASC LIMIT 0,1';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($rs)>0)
{
if ($first_login_date = Database::result($rs, 0, 0)) {
@ -202,7 +202,7 @@ class Tracking {
AND course_code = "' . Database::escape_string($course_code) . '"
ORDER BY login_course_date DESC LIMIT 0,1';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($rs)>0)
{
if ($last_login_date = Database::result($rs, 0, 0)) {
@ -229,13 +229,13 @@ class Tracking {
$sql = 'SELECT DISTINCT course_code
FROM ' . $tbl_course_rel_user . '
WHERE user_id = ' . $user_id;
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$nb_courses = Database::num_rows($rs);
$sql = 'SELECT DISTINCT course_code
FROM ' . $tbl_session_course_rel_user . '
WHERE id_user = ' . $user_id;
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$nb_courses += Database::num_rows($rs);
return $nb_courses;
@ -264,7 +264,7 @@ class Tracking {
//get the list of exercises
$sql = "SELECT id, title FROM $tbl_course_quiz WHERE active <> -1";
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$count_exe = Database::num_rows($rs);
if ($count_exe > 0) {
@ -281,7 +281,7 @@ class Tracking {
AND orig_lp_item_id = 0
ORDER BY exe_date DESC';
$rsAttempt = api_sql_query($sql, __FILE__, __LINE__);
$rsAttempt = Database::query($sql, __FILE__, __LINE__);
$nb_attempts = 0;
$quiz_avg_score = 0;
@ -329,7 +329,7 @@ class Tracking {
//get the list of learning paths
$sql = 'SELECT id FROM ' . $tbl_course_lp;
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$nb_lp = Database::num_rows($rs);
$avg_progress = 0;
@ -341,7 +341,7 @@ class Tracking {
WHERE lp_view.user_id = " . $student_id . "
AND lp_view.lp_id = " . $lp['id'] . "
";
$resultItem = api_sql_query($sqlProgress, __FILE__, __LINE__);
$resultItem = Database::query($sqlProgress, __FILE__, __LINE__);
if(Database::num_rows($resultItem)>0)
{
$avg_progress += Database::result($resultItem, 0, 0);
@ -390,7 +390,7 @@ class Tracking {
$sql_course_lp.=' WHERE id IN ('.implode(',',$lp_ids).')';
}
$sql_result_lp = api_sql_query($sql_course_lp, __FILE__, __LINE__);
$sql_result_lp = Database::query($sql_course_lp, __FILE__, __LINE__);
$lp_scorm_score_total = 0;
$lp_scorm_weighting_total = 0;
$lp_scorm_result_score_total = 0;
@ -405,13 +405,13 @@ class Tracking {
//We get the last view id of this LP (with the higher id)
$sql='SELECT max(id) as id FROM '.$lp_view_table.'
WHERE lp_id='.$a_learnpath['id'].' AND user_id="'.intval($student_id).'"';
$rs_last_lp_view_id = api_sql_query($sql, __FILE__, __LINE__);
$rs_last_lp_view_id = Database::query($sql, __FILE__, __LINE__);
$lp_view_id = Database::result($rs_last_lp_view_id,0,'id'); // THE view
if ($lp_view_id != '') {
// we get the progress
$sql='SELECT progress FROM '.$lp_view_table.' WHERE id="'.$lp_view_id.'"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$progress = Database::result($rs,0,'progress');
// item's list of an scorm
@ -422,7 +422,7 @@ class Tracking {
AND lp_i.item_type="sco"
WHERE lp_view_id="'.$lp_view_id.'"';
//$rs = api_sql_query($sql, __FILE__, __LINE__);
//$rs = Database::query($sql, __FILE__, __LINE__);
//$sql_max_score='SELECT max_score FROM '.$lp_item_view_table.' WHERE lp_view_id="'.$lp_view_id.'" ';
$res_max_score=Database::query($sql_max_score,__FILE__,__LINE__);
$count_total_loop=0;
@ -502,12 +502,12 @@ class Tracking {
WHERE lp_id='.$a_learnpath['id'].'
AND item_type="quiz"';
$rsItems = api_sql_query($sql, __FILE__, __LINE__);
$rsItems = Database::query($sql, __FILE__, __LINE__);
//We get the last view id of this LP
$sql = "SELECT id FROM $lp_view_table WHERE user_id = '".intval($student_id)."' and lp_id='".intval($a_learnpath['id'])."'";
//$sql='SELECT max(id) as id FROM '.$lp_view_table.' WHERE lp_id='.$a_learnpath['id'].' AND user_id="'.intval($student_id).'"';
$rs_last_lp_view_id = api_sql_query($sql, __FILE__, __LINE__);
$rs_last_lp_view_id = Database::query($sql, __FILE__, __LINE__);
$lp_view_id = intval(Database::result($rs_last_lp_view_id,0,'id'));
$total_score = $total_weighting = 0;
@ -522,13 +522,13 @@ class Tracking {
FROM '.$lp_item_view_table.' as lp_view_item
WHERE lp_view_item.lp_item_id = '.$item['item_id'].'
AND lp_view_id = "'.$lp_view_id.'" ';*/
$rsScores = api_sql_query($sql, __FILE__, __LINE__);
$rsScores = Database::query($sql, __FILE__, __LINE__);
// Real max score - this was implemented because of the random exercises
$sql_last_attempt = 'SELECT exe_id FROM '. $tbl_stats_exercices. ' ' .
'WHERE exe_exo_id="' .$item['path']. '" AND exe_user_id="' . $student_id . '" AND orig_lp_id = "'.$a_learnpath['id'].'" AND orig_lp_item_id = "'.$item['item_id'].'" AND exe_cours_id="' . $course_code . '" ORDER BY exe_date DESC limit 1';
$resultLastAttempt = api_sql_query($sql_last_attempt, __FILE__, __LINE__);
$resultLastAttempt = Database::query($sql_last_attempt, __FILE__, __LINE__);
$num = Database :: num_rows($resultLastAttempt);
if ($num > 0){
if ($num > 1){
@ -543,7 +543,7 @@ class Tracking {
$sql = "SELECT SUM(t.ponderation) as maxscore from ( SELECT distinct question_id, marks,ponderation FROM $tbl_stats_attempts as at " .
"INNER JOIN $tbl_quiz_questions as q on(q.id = at.question_id) where exe_id ='$id_last_attempt' ) as t";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row_max_score = Database :: fetch_array($result);
$maxscore = $row_max_score['maxscore'];
if ($maxscore=='') {
@ -626,7 +626,7 @@ class Tracking {
}
}
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
while ($a_courses = Database::fetch_array($result)) {
$course_code = $a_courses["course_code"];
@ -636,7 +636,7 @@ class Tracking {
FROM $tbl_session_course_user AS srcru
WHERE course_code='$course_code' AND id_session='$id_session'";
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
while ($row = Database::fetch_array($rs)) {
$a_students[$row['id_user']] = $row['id_user'];
@ -672,7 +672,7 @@ class Tracking {
}
}
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
while ($row = Database::fetch_array($result)) {
$a_students[$row['id_user']] = $row['id_user'];
@ -695,7 +695,7 @@ class Tracking {
//////////////////////////////////////////////////////////////
$sql = 'SELECT course_code FROM ' . $tbl_session_course . ' WHERE id_session="' . $id_session . '" AND id_coach=' . $coach_id;
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
while ($a_courses = Database::fetch_array($result)) {
$course_code = $a_courses["course_code"];
@ -704,7 +704,7 @@ class Tracking {
FROM $tbl_session_course_user AS srcru
WHERE course_code='$course_code' and id_session = '" . $id_session . "'";
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($rs)) {
$a_students[$row['id_user']] = $row['id_user'];
@ -716,11 +716,11 @@ class Tracking {
//////////////////////////////////////////////////////////////
$dsl_session_coach = 'SELECT id_coach FROM ' . $tbl_session . ' WHERE id="' . $id_session . '" AND id_coach="' . $coach_id . '"';
$result = api_sql_query($dsl_session_coach, __FILE__, __LINE__);
$result = Database::query($dsl_session_coach, __FILE__, __LINE__);
//He is the session_coach so we select all the users in the session
if (Database::num_rows($result) > 0) {
$sql = 'SELECT DISTINCT srcru.id_user FROM ' . $tbl_session_course_user . ' AS srcru WHERE id_session="' . $id_session . '"';
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
while ($row = Database::fetch_array($result)) {
$a_students[$row['id_user']] = $row['id_user'];
}
@ -745,7 +745,7 @@ class Tracking {
ON session_course.course_code = session_course_user.course_code
AND id_coach=' . $coach_id . '
WHERE id_user=' . $student_id;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) > 0) {
return true;
}
@ -762,7 +762,7 @@ class Tracking {
ON session.id = session_course.id_session
AND session.id_coach = ' . $coach_id . '
WHERE id_user = ' . $student_id;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) > 0) {
return true;
}
@ -801,7 +801,7 @@ class Tracking {
if (!empty ($id_session))
$sql .= ' AND id_session=' . $id_session;
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result)) {
$a_courses[$row['course_code']] = $row['course_code'];
}
@ -842,7 +842,7 @@ class Tracking {
$sql .= ' WHERE access_url_id = '.$access_url_id;
}
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result)) {
$a_courses[$row['course_code']] = $row['course_code'];
@ -876,7 +876,7 @@ class Tracking {
}
}
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
while ($row = Database::fetch_array($rs))
{
@ -905,7 +905,7 @@ class Tracking {
}
}
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
while ($row = Database::fetch_array($rs))
{
@ -955,7 +955,7 @@ class Tracking {
FROM ' . $tbl_session_course . '
WHERE id_session=' . $session_id;
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$a_courses = array ();
while ($row = Database::fetch_array($rs)) {
$a_courses[$row['course_code']] = $row;
@ -982,7 +982,7 @@ class Tracking {
WHERE insert_user_id=' . $student_id . '
AND tool="work"';
$rs = api_sql_query($sql, __LINE__, __FILE__);
$rs = Database::query($sql, __LINE__, __FILE__);
return Database::num_rows($rs);
}
else
@ -1009,7 +1009,7 @@ class Tracking {
FROM ' . $tbl_messages . '
WHERE poster_id=' . $student_id;
$rs = api_sql_query($sql, __LINE__, __FILE__);
$rs = Database::query($sql, __LINE__, __FILE__);
return Database::num_rows($rs);
}
else
@ -1034,7 +1034,7 @@ class Tracking {
if (!empty($a_course['db_name'])) {
$tbl_posts = Database :: get_course_table(TABLE_FORUM_POST, $a_course['db_name']);
$sql = "SELECT count(*) FROM $tbl_posts";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_row($result);
$count = $row[0];
return $count;
@ -1059,7 +1059,7 @@ class Tracking {
if (!empty($a_course['db_name'])) {
$tbl_threads = Database :: get_course_table(TABLE_FORUM_THREAD, $a_course['db_name']);
$sql = "SELECT count(*) FROM $tbl_threads";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_row($result);
$count = $row[0];
return $count;
@ -1084,7 +1084,7 @@ class Tracking {
if (!empty($a_course['db_name'])) {
$tbl_forums = Database :: get_course_table(TABLE_FORUM, $a_course['db_name']);
$sql = "SELECT count(*) FROM $tbl_forums";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_row($result);
$count = $row[0];
return $count;
@ -1113,7 +1113,7 @@ class Tracking {
$sql = "SELECT count(*) FROM $tbl_stats_access WHERE DATE_SUB(NOW(),INTERVAL $last_days DAY) <= access_date
AND access_cours_code = '$course_code' AND access_tool='".TOOL_CHAT."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_row($result);
$count = $row[0];
return $count;
@ -1147,7 +1147,7 @@ class Tracking {
$sql = "SELECT access_date FROM $tbl_stats_access
WHERE access_tool='".TOOL_CHAT."' AND access_user_id='$student_id' AND access_cours_code = '$course_code' ORDER BY access_date DESC limit 1";
$rs = api_sql_query($sql, __LINE__, __FILE__);
$rs = Database::query($sql, __LINE__, __FILE__);
$row = Database::fetch_array($rs);
$last_connection = $row['access_date'];
if (!empty($last_connection)) {
@ -1175,7 +1175,7 @@ class Tracking {
WHERE links_user_id=' . $student_id . '
AND links_cours_id="' . $course_code . '"';
$rs = api_sql_query($sql, __LINE__, __FILE__);
$rs = Database::query($sql, __LINE__, __FILE__);
return Database::num_rows($rs);
}
@ -1192,7 +1192,7 @@ class Tracking {
WHERE down_user_id=' . $student_id . '
AND down_cours_id="' . $course_code . '"';
$rs = api_sql_query($sql, __LINE__, __FILE__);
$rs = Database::query($sql, __LINE__, __FILE__);
return Database::num_rows($rs);
}
@ -1201,7 +1201,7 @@ class Tracking {
$id_session = intval($id_session);
$tbl_session_course_user = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
$sql = 'SELECT course_code FROM ' . $tbl_session_course_user . ' WHERE id_user="' . $user_id . '" AND id_session="' . $id_session . '"';
$result = api_sql_query($sql, __LINE__, __FILE__);
$result = Database::query($sql, __LINE__, __FILE__);
$a_courses = array ();
while ($row = Database::fetch_array($result)) {
$a_courses[$row['course_code']] = $row['course_code'];
@ -1226,7 +1226,7 @@ class Tracking {
HAVING DATE_SUB( NOW(), INTERVAL '.$since.' DAY) > max_date ';
//HAVING DATE_ADD(max_date, INTERVAL '.$since.' DAY) < NOW() ';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
$inactive_users = array();
while($user = Database::fetch_array($rs))
{
@ -1245,7 +1245,7 @@ class Tracking {
WHERE access_user_id=' . $student_id . '
AND access_cours_code="' . $course_code . '"';
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$nb_login = Database::num_rows($rs);
return $nb_login;
@ -1262,7 +1262,7 @@ class Tracking {
$sql = 'SELECT DISTINCT user_id FROM '.$tbl_user.' as user
WHERE hr_dept_id='.$hr_dept_id;
$rs = api_sql_query($sql, __FILE__, __LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
while($user = Database :: fetch_array($rs))
{

58
main/inc/lib/urlmanager.lib.php
Unescape View File

@ -50,7 +50,7 @@ class UrlManager
active = '".Database::escape_string($active)."',
created_by = '".Database::escape_string(api_get_user_id())."',
tms = FROM_UNIXTIME(".$tms.")";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
return $result;
}
@ -75,7 +75,7 @@ class UrlManager
created_by = '".Database::escape_string(api_get_user_id())."',
tms = FROM_UNIXTIME(".$tms.")
WHERE id = '$url_id'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
return $result;
}
@ -90,7 +90,7 @@ class UrlManager
{
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql= "DELETE FROM $table_access_url WHERE id = ".Database::escape_string($id);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
return $result;
}
@ -101,7 +101,7 @@ class UrlManager
{
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT id FROM $table_access_url WHERE url = '".Database::escape_string($url)."' ";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$num = Database::num_rows($res);
return $num;
}
@ -113,7 +113,7 @@ class UrlManager
{
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT id FROM $table_access_url WHERE id = '".Database::escape_string($url)."' ";
$res = api_sql_query($sql,__FILE__,__LINE__);
$res = Database::query($sql,__FILE__,__LINE__);
$num = Database::num_rows($res);
return $num;
}
@ -127,7 +127,7 @@ class UrlManager
{
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT count(id) as count_result FROM $table_access_url";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$url = Database::fetch_array($res,'ASSOC');
$result = $url['count_result'];
return $result;
@ -142,7 +142,7 @@ class UrlManager
{
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT id, url, description, active FROM $table_access_url";
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$urls = array ();
while ($url = Database::fetch_array($res)) {
$urls[] = $url;
@ -159,7 +159,7 @@ class UrlManager
{
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT id, url, description, active FROM $table_access_url WHERE id = ".Database::escape_string($url_id);
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($res);
return $row;
}
@ -183,7 +183,7 @@ class UrlManager
INNER JOIN $table_url_rel_user
ON $table_url_rel_user.user_id = u.user_id
$where".$order_clause;
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$users=Database::store_result($result);
return $users;
}
@ -210,7 +210,7 @@ class UrlManager
$where
ORDER BY title, code";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$courses=Database::store_result($result);
return $courses;
}
@ -236,7 +236,7 @@ class UrlManager
$where
ORDER BY name, id";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
$sessions=Database::store_result($result);
return $sessions;
}
@ -260,7 +260,7 @@ class UrlManager
}
if(($status_db=='1' OR $status_db=='0') AND is_numeric($url_id)) {
$sql="UPDATE $url_table SET active='".Database::escape_string($status_db)."' WHERE id='".Database::escape_string($url_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
}
@ -275,7 +275,7 @@ class UrlManager
{
$table_url_rel_user= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql= "SELECT user_id FROM $table_url_rel_user WHERE access_url_id = ".Database::escape_string($url_id)." AND user_id = ".Database::escape_string($user_id)." ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$num = Database::num_rows($result);
return $num;
}
@ -291,7 +291,7 @@ class UrlManager
{
$table_url_rel_course= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$sql= "SELECT course_code FROM $table_url_rel_course WHERE access_url_id = ".Database::escape_string($url_id)." AND course_code = '".Database::escape_string($course_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$num = Database::num_rows($result);
return $num;
}
@ -308,7 +308,7 @@ class UrlManager
{
$table_url_rel_session= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
$sql= "SELECT session_id FROM $table_url_rel_session WHERE access_url_id = ".Database::escape_string($url_id)." AND session_id = ".Database::escape_string($session_id);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$num = Database::num_rows($result);
return $num;
}
@ -332,7 +332,7 @@ class UrlManager
if ($count==0) {
$sql = "INSERT INTO $table_url_rel_user
SET user_id = ".Database::escape_string($user_id).", access_url_id = ".Database::escape_string($url_id);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if($result)
$result_array[$url_id][$user_id]=1;
else
@ -363,7 +363,7 @@ class UrlManager
if ($count==0) {
$sql = "INSERT INTO $table_url_rel_course
SET course_code = '".Database::escape_string($course_code)."', access_url_id = ".Database::escape_string($url_id);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if($result)
$result_array[$url_id][$course_code]=1;
else
@ -394,7 +394,7 @@ class UrlManager
if ($count==0) {
$sql = "INSERT INTO $table_url_rel_session
SET session_id = ".Database::escape_string($session_id).", access_url_id = ".Database::escape_string($url_id);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
if($result)
$result_array[$url_id][$session_id]=1;
else
@ -423,7 +423,7 @@ class UrlManager
if (empty($count)) {
$sql = "INSERT INTO $table_url_rel_user
SET user_id = ".Database::escape_string($user_id).", access_url_id = ".Database::escape_string($url_id);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
return $result;
}
@ -436,7 +436,7 @@ class UrlManager
if (empty($count)) {
$sql = "INSERT INTO $table_url_rel_course
SET course_code = '".Database::escape_string($course_code)."', access_url_id = ".Database::escape_string($url_id);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
return $result;
}
@ -450,7 +450,7 @@ class UrlManager
if (empty($count)) {
$sql = "INSERT INTO $table_url_rel_session
SET session_id = ".Database::escape_string($session_id).", access_url_id = ".Database::escape_string($url_id);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
}
return $result;
}
@ -467,7 +467,7 @@ class UrlManager
{
$table_url_rel_user= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql= "DELETE FROM $table_url_rel_user WHERE user_id = ".Database::escape_string($user_id)." AND access_url_id=".Database::escape_string($url_id)." ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
return $result;
}
@ -482,7 +482,7 @@ class UrlManager
{
$table_url_rel_course= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$sql= "DELETE FROM $table_url_rel_course WHERE course_code = '".Database::escape_string($course_code)."' AND access_url_id=".Database::escape_string($url_id)." ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
return $result;
}
@ -497,7 +497,7 @@ class UrlManager
{
$table_url_rel_session = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
$sql= "DELETE FROM $table_url_rel_session WHERE session_id = ".Database::escape_string($session_id)." AND access_url_id=".Database::escape_string($url_id)." ";
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
return $result;
}
@ -514,7 +514,7 @@ class UrlManager
$table_url_rel_user = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql = "SELECT user_id FROM $table_url_rel_user WHERE access_url_id=".Database::escape_string($access_url_id);
$result = api_sql_query($sql,__FILE__,__LINE__ );
$result = Database::query($sql,__FILE__,__LINE__ );
$existingUsers = array();
while($row = Database::fetch_array($result)){
@ -548,7 +548,7 @@ class UrlManager
$table_url_rel_course = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$sql = "SELECT course_code FROM $table_url_rel_course WHERE access_url_id=".Database::escape_string($access_url_id);
$result = api_sql_query($sql,__FILE__,__LINE__ );
$result = Database::query($sql,__FILE__,__LINE__ );
$existing_courses = array();
while($row = Database::fetch_array($result)){
@ -582,7 +582,7 @@ class UrlManager
$table_url_rel_session = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
$sql = "SELECT session_id FROM $table_url_rel_session WHERE access_url_id=".Database::escape_string($access_url_id);
$result = api_sql_query($sql,__FILE__,__LINE__ );
$result = Database::query($sql,__FILE__,__LINE__ );
$existing_sessions = array();
while($row = Database::fetch_array($result)){
@ -611,7 +611,7 @@ class UrlManager
$sql = "SELECT url, access_url_id FROM $table_url_rel_user url_rel_user INNER JOIN $table_url u
ON (url_rel_user.access_url_id = u.id)
WHERE user_id = ".Database::escape_string($user_id);
$result = api_sql_query($sql, __FILE__, __LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
$url_list = Database::store_result($result);
return $url_list;
}
@ -623,7 +623,7 @@ class UrlManager
{
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT id FROM $table_access_url WHERE url = '".Database::escape_string($url)."'";
$result = api_sql_query($sql);
$result = Database::query($sql);
$access_url_id = Database::result($result, 0, 0);
return $access_url_id;
}

36
main/inc/local.inc.php
Unescape View File

@ -255,7 +255,7 @@ if (api_get_setting('allow_terms_conditions')=='true') {
FROM $user_table
WHERE username = '".trim(addslashes($login))."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) {
$uData = Database::fetch_array($result);
@ -472,7 +472,7 @@ if (api_get_setting('allow_terms_conditions')=='true') {
FROM $user_table
WHERE username = '".trim(addslashes($sso['username']))."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) {
$uData = Database::fetch_array($result);
@ -597,7 +597,7 @@ if (api_get_setting('allow_terms_conditions')=='true') {
FROM $user_table
WHERE openid = '$id1'
OR openid = '$id2' ";
$result = api_sql_query($sql);
$result = Database::query($sql);
if ($result !== false) {
if (Database::num_rows($result)>0) {
//$row = Database::fetch_array($res);
@ -718,7 +718,7 @@ if (isset($uidReset) && $uidReset) // session data refresh requested
WHERE user.user_id = '".$_user['user_id']."'";
}
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) {
// Extracting the user data
@ -771,7 +771,7 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
LEFT JOIN $course_cat_table
ON course.category_code = course_category.code
WHERE course.code = '$cidReq'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result)>0) {
$cData = Database::fetch_array($result);
@ -805,7 +805,7 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
$sql="INSERT INTO $course_tracking_table(course_code, user_id, login_course_date, logout_course_date, counter)" .
"VALUES('".$_course['sysCode']."', '".$_user['user_id']."', '$time', '$time', '1')";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
// if a session id has been given in url, we store the session
@ -819,7 +819,7 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
if (!empty($_GET['id_session'])) {
$_SESSION['id_session'] = Database::escape_string($_GET['id_session']);
$sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.$_SESSION['id_session'] . '"';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
list($_SESSION['session_name']) = Database::fetch_array($rs);
} else {
api_session_unregister('session_name');
@ -849,7 +849,7 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$_SESSION['id_session'] = Database::escape_string($_GET['id_session']);
$sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.$_SESSION['id_session'] . '"';
$rs = api_sql_query($sql,__FILE__,__LINE__);
$rs = Database::query($sql,__FILE__,__LINE__);
list($_SESSION['session_name']) = Database::fetch_array($rs);
}
@ -858,7 +858,7 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
$time = api_get_datetime();
//We select the last record for the current course in the course tracking table
$sql="SELECT course_access_id FROM $course_tracking_table WHERE user_id=".intval($_user ['user_id'])." ORDER BY login_course_date DESC LIMIT 0,1";
$result=api_sql_query($sql,__FILE__,__LINE__);
$result=Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result)>0) {
$i_course_access_id = Database::result($result,0,0);
@ -868,11 +868,11 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
"counter = counter+1 " .
"WHERE course_access_id=".intval($i_course_access_id);
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
} else {
$sql="INSERT INTO $course_tracking_table(course_code, user_id, login_course_date, logout_course_date, counter)" .
"VALUES('".$_course['sysCode']."', '".$_user['user_id']."', '$time', '$time', '1')";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}
}
}
@ -891,7 +891,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // ses
WHERE user_id = '".$_user['user_id']."'
AND course_code = '$cidReq'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) { // this user have a recorded state for this course
$cuData = Database::fetch_array($result);
@ -917,7 +917,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // ses
WHERE user_id = '".$_user['user_id']."'
AND course_code = '$cidReq'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) { // this user have a recorded state for this course
$cuData = Database::fetch_array($result);
@ -942,7 +942,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // ses
ON session_rel_course.id_session = session.id
AND session_rel_course.course_code='$_cid'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
$row = Database::store_result($result);
if ($row[0]['id_coach']==$_user['user_id']) {
@ -972,7 +972,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // ses
FROM ".$tbl_session_course."
WHERE session_rel_course.course_code='$_cid'
AND session_rel_course.id_coach = '".$_user['user_id']."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if ($row = Database::fetch_array($result)) {
$_courseUser['role'] = 'Professor';
$is_courseMember = true;
@ -993,7 +993,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // ses
WHERE id_user = '".$_user['user_id']."'
AND course_code = '$cidReq'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) { // this user have a recorded state for this course
while($row = Database::fetch_array($result)){
@ -1069,7 +1069,7 @@ if ((isset($gidReset) && $gidReset) || (isset($cidReset) && $cidReset)) { // ses
if ($gidReq && $_cid ) { // have keys to search data
$group_table = Database::get_course_table(TABLE_GROUP);
$sql = "SELECT * FROM $group_table WHERE id = '$gidReq'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) { // This group has recorded status related to this course
$gpData = Database::fetch_array($result);
$_gid = $gpData ['id' ];
@ -1115,5 +1115,5 @@ if (isset($_cid)) {
$tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
$time = api_get_datetime();
$sql="UPDATE $tbl_course SET last_visit= '$time' WHERE code='$_cid'";
api_sql_query($sql,__FILE__,__LINE__);
Database::query($sql,__FILE__,__LINE__);
}

4
main/inc/tool_navigation_menu.inc.php
Unescape View File

@ -74,7 +74,7 @@ function get_navigation_items($include_admin_tools = false)
*/
$sql_menu_query = "SELECT * FROM $course_tools_table WHERE visibility='1' and admin='0' ORDER BY id ASC";
$sql_result = api_sql_query($sql_menu_query, __FILE__, __LINE__);
$sql_result = Database::query($sql_menu_query, __FILE__, __LINE__);
while ($row = mysql_fetch_array($sql_result))
{
$navigation_items[$row['id']] = $row;
@ -106,7 +106,7 @@ function get_navigation_items($include_admin_tools = false)
$course_settings_sql = " SELECT name,image FROM $course_tools_table
WHERE link='course_info/infocours.php'";
$sql_result = api_sql_query($course_settings_sql);
$sql_result = Database::query($course_settings_sql);
$course_setting_info = mysql_fetch_array($sql_result);
$course_setting_visual_name = get_lang(ucfirst($course_setting_info['name']));
if (api_get_session_id()==0) {

Write Preview
Loading…
Cancel
Save