chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #306 - Replacing the function api_sql_query() with Database::query() within all the library files.

Browse Source
skala
Ivan Tcholakov 16 years ago
parent 0e51c62659
commit e1f30c1001
27 changed files with 715 additions and 715 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      main/inc/global.inc.php
  2. 6
      main/inc/introductionSection.inc.php
  3. 366
      main/inc/lib/add_course.lib.inc.php
  4. 174
      main/inc/lib/blog.lib.php
  5. 38
      main/inc/lib/classmanager.lib.php
  6. 48
      main/inc/lib/document.lib.php
  7. 36
      main/inc/lib/events.lib.inc.php
  8. 10
      main/inc/lib/export.lib.inc.php
  9. 4
      main/inc/lib/fckeditor/fcktemplates.xml.php
  10. 2
      main/inc/lib/fileDisplay.lib.php
  11. 8
      main/inc/lib/fileManage.lib.php
  12. 12
      main/inc/lib/fileUpload.lib.php
  13. 2
      main/inc/lib/formvalidator/Rule/UsernameAvailable.php
  14. 96
      main/inc/lib/groupmanager.lib.php
  15. 16
      main/inc/lib/online.inc.php
  16. 4
      main/inc/lib/search/tool_processors/document_processor.class.php
  17. 2
      main/inc/lib/search/tool_processors/learnpath_processor.class.php
  18. 2
      main/inc/lib/search/tool_processors/link_processor.class.php
  19. 4
      main/inc/lib/search/tool_processors/quiz_processor.class.php
  20. 88
      main/inc/lib/sessionmanager.lib.php
  21. 20
      main/inc/lib/specific_fields_manager.lib.php
  22. 270
      main/inc/lib/surveymanager.lib.php
  23. 20
      main/inc/lib/system_announcements.lib.php
  24. 96
      main/inc/lib/tracking.lib.php
  25. 58
      main/inc/lib/urlmanager.lib.php
  26. 36
      main/inc/local.inc.php
  27. 4
      main/inc/tool_navigation_menu.inc.php

8
main/inc/global.inc.php
Unescape View File

@ -103,7 +103,7 @@ if (!$_configuration['db_host']) {
} }
// The Dokeos system has not been designed to use special SQL modes that were introduced since MySQL 5. // The Dokeos system has not been designed to use special SQL modes that were introduced since MySQL 5.
api_sql_query("set session sql_mode='';", __FILE__, __LINE__); Database::query("set session sql_mode='';", __FILE__, __LINE__);
if (!mysql_select_db($_configuration['main_database'], $dokeos_database_connection)) { if (!mysql_select_db($_configuration['main_database'], $dokeos_database_connection)) {
$global_error_code = 5; $global_error_code = 5;
@ -119,7 +119,7 @@ if (!mysql_select_db($_configuration['main_database'], $dokeos_database_connecti
*/ */
// The platform's character set must be retrieved at this early moment. // The platform's character set must be retrieved at this early moment.
$sql = "SELECT selected_value FROM settings_current WHERE variable = 'platform_charset';"; $sql = "SELECT selected_value FROM settings_current WHERE variable = 'platform_charset';";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
while ($row = @mysql_fetch_array($result)) { while ($row = @mysql_fetch_array($result)) {
$charset = $row[0]; $charset = $row[0];
} }
@ -486,10 +486,10 @@ if ($_configuration['tracking_enabled'] && !isset($_SESSION['login_as']) && isse
$sql_last_connection = "SELECT login_id, login_date FROM $tbl_track_login WHERE login_user_id='".$_user["user_id"]."' ORDER BY login_date DESC LIMIT 0,1"; $sql_last_connection = "SELECT login_id, login_date FROM $tbl_track_login WHERE login_user_id='".$_user["user_id"]."' ORDER BY login_date DESC LIMIT 0,1";
$q_last_connection = api_sql_query($sql_last_connection); $q_last_connection = Database::query($sql_last_connection);
if (Database::num_rows($q_last_connection) > 0) { if (Database::num_rows($q_last_connection) > 0) {
$i_id_last_connection = Database::result($q_last_connection, 0, 'login_id'); $i_id_last_connection = Database::result($q_last_connection, 0, 'login_id');
$s_sql_update_logout_date = "UPDATE $tbl_track_login SET logout_date=NOW() WHERE login_id='$i_id_last_connection'"; $s_sql_update_logout_date = "UPDATE $tbl_track_login SET logout_date=NOW() WHERE login_id='$i_id_last_connection'";
api_sql_query($s_sql_update_logout_date); Database::query($s_sql_update_logout_date);
} }
} }

6
main/inc/introductionSection.inc.php
Unescape View File

@ -99,7 +99,7 @@ if ($intro_editAllowed) {
if ( ! empty($intro_content) ) { if ( ! empty($intro_content) ) {
$sql = "REPLACE $TBL_INTRODUCTION SET id='$moduleId',intro_text='".Database::escape_string($intro_content)."'"; $sql = "REPLACE $TBL_INTRODUCTION SET id='$moduleId',intro_text='".Database::escape_string($intro_content)."'";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
Display::display_confirmation_message(get_lang('IntroductionTextUpdated'),false); Display::display_confirmation_message(get_lang('IntroductionTextUpdated'),false);
} else { } else {
$intro_cmdDel = true; // got to the delete command $intro_cmdDel = true; // got to the delete command
@ -113,7 +113,7 @@ if ($intro_editAllowed) {
/* Delete Command */ /* Delete Command */
if ($intro_cmdDel) { if ($intro_cmdDel) {
api_sql_query("DELETE FROM $TBL_INTRODUCTION WHERE id='".$moduleId."'",__FILE__,__LINE__); Database::query("DELETE FROM $TBL_INTRODUCTION WHERE id='".$moduleId."'",__FILE__,__LINE__);
Display::display_confirmation_message(get_lang('IntroductionTextDeleted')); Display::display_confirmation_message(get_lang('IntroductionTextDeleted'));
} }
@ -127,7 +127,7 @@ if ($intro_editAllowed) {
/* Retrieves the module introduction text, if exist */ /* Retrieves the module introduction text, if exist */
$sql = "SELECT intro_text FROM $TBL_INTRODUCTION WHERE id='".$moduleId."'"; $sql = "SELECT intro_text FROM $TBL_INTRODUCTION WHERE id='".$moduleId."'";
$intro_dbQuery = api_sql_query($sql,__FILE__,__LINE__); $intro_dbQuery = Database::query($sql,__FILE__,__LINE__);
$intro_dbResult = mysql_fetch_array($intro_dbQuery); $intro_dbResult = mysql_fetch_array($intro_dbQuery);
$intro_content = $intro_dbResult['intro_text']; $intro_content = $intro_dbResult['intro_text'];

366
main/inc/lib/add_course.lib.inc.php
View File

File diff suppressed because it is too large Load Diff

174
main/inc/lib/blog.lib.php
Unescape View File

@ -55,7 +55,7 @@ class Blog {
FROM " . $tbl_blogs . " FROM " . $tbl_blogs . "
WHERE blog_id = " . Database::escape_string((int)$blog_id); WHERE blog_id = " . Database::escape_string((int)$blog_id);
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$blog = Database::fetch_array($result); $blog = Database::fetch_array($result);
return stripslashes($blog['blog_name']); return stripslashes($blog['blog_name']);
} }
@ -74,7 +74,7 @@ class Blog {
// init // init
$tbl_blogs = Database::get_course_table(TABLE_BLOGS); $tbl_blogs = Database::get_course_table(TABLE_BLOGS);
$sql = "SELECT blog_subtitle FROM $tbl_blogs WHERE blog_id ='".Database::escape_string((int)$blog_id)."'"; $sql = "SELECT blog_subtitle FROM $tbl_blogs WHERE blog_id ='".Database::escape_string((int)$blog_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$blog = Database::fetch_array($result); $blog = Database::fetch_array($result);
return stripslashes($blog['blog_subtitle']); return stripslashes($blog['blog_subtitle']);
@ -104,7 +104,7 @@ class Blog {
FROM " . $tbl_blogs_rel_user . " blogs_rel_user FROM " . $tbl_blogs_rel_user . " blogs_rel_user
INNER JOIN " . $tbl_users . " user ON blogs_rel_user.user_id = user.user_id INNER JOIN " . $tbl_users . " user ON blogs_rel_user.user_id = user.user_id
WHERE blogs_rel_user.blog_id = '" . Database::escape_string((int)$blog_id)."'"; WHERE blogs_rel_user.blog_id = '" . Database::escape_string((int)$blog_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$blog_members = array (); $blog_members = array ();
@ -143,18 +143,18 @@ class Blog {
// Create the blog // Create the blog
$sql = "INSERT INTO $tbl_blogs (blog_name, blog_subtitle, date_creation, visibility ) $sql = "INSERT INTO $tbl_blogs (blog_name, blog_subtitle, date_creation, visibility )
VALUES ('".Database::escape_string($title)."', '".Database::escape_string($subtitle)."', '".$current_date."', '1');"; VALUES ('".Database::escape_string($title)."', '".Database::escape_string($subtitle)."', '".$current_date."', '1');";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
$this_blog_id = Database::get_last_insert_id(); $this_blog_id = Database::get_last_insert_id();
// Make first post. :) // Make first post. :)
$sql = "INSERT INTO $tbl_blogs_posts (title, full_text, date_creation, blog_id, author_id ) $sql = "INSERT INTO $tbl_blogs_posts (title, full_text, date_creation, blog_id, author_id )
VALUES ('".get_lang("Welcome")."', '" . get_lang('FirstPostText')."','".$current_date."', '".Database::escape_string((int)$this_blog_id)."', '".Database::escape_string((int)$_user['user_id'])."');"; VALUES ('".get_lang("Welcome")."', '" . get_lang('FirstPostText')."','".$current_date."', '".Database::escape_string((int)$this_blog_id)."', '".Database::escape_string((int)$_user['user_id'])."');";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
// Put it on course homepage // Put it on course homepage
$sql = "INSERT INTO $tbl_tool (name, link, image, visibility, admin, address, added_tool) $sql = "INSERT INTO $tbl_tool (name, link, image, visibility, admin, address, added_tool)
VALUES ('".Database::escape_string($title)."','blog/blog.php?blog_id=".(int)$this_blog_id."','blog.gif','1','0','pastillegris.gif',0)"; VALUES ('".Database::escape_string($title)."','blog/blog.php?blog_id=".(int)$this_blog_id."','blog.gif','1','0','pastillegris.gif',0)";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
// Subscribe the teacher to this blog // Subscribe the teacher to this blog
Blog::set_user_subscribed((int)$this_blog_id,(int)$_user['user_id']); Blog::set_user_subscribed((int)$this_blog_id,(int)$_user['user_id']);
@ -180,12 +180,12 @@ class Blog {
// Update the blog // Update the blog
$sql = "UPDATE $tbl_blogs SET blog_name = '".Database::escape_string($title)."', blog_subtitle = '".Database::escape_string($subtitle)."' WHERE blog_id ='".Database::escape_string((int)$blog_id)."' LIMIT 1"; $sql = "UPDATE $tbl_blogs SET blog_name = '".Database::escape_string($title)."', blog_subtitle = '".Database::escape_string($subtitle)."' WHERE blog_id ='".Database::escape_string((int)$blog_id)."' LIMIT 1";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
$this_blog_id = Database::get_last_insert_id(); $this_blog_id = Database::get_last_insert_id();
// Update course homepage link // Update course homepage link
$sql = "UPDATE $tbl_tool SET name = '".Database::escape_string($title)."' WHERE link = 'blog/blog.php?blog_id=".Database::escape_string((int)$blog_id)."' LIMIT 1"; $sql = "UPDATE $tbl_tool SET name = '".Database::escape_string($title)."' WHERE link = 'blog/blog.php?blog_id=".Database::escape_string((int)$blog_id)."' LIMIT 1";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
/** /**
@ -211,27 +211,27 @@ class Blog {
//Delete comments //Delete comments
$sql = "DELETE FROM $tbl_blogs_comment WHERE blog_id ='".(int)$blog_id."'"; $sql = "DELETE FROM $tbl_blogs_comment WHERE blog_id ='".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
// Delete posts // Delete posts
$sql = "DELETE FROM $tbl_blogs_posts WHERE blog_id ='".(int)$blog_id."'"; $sql = "DELETE FROM $tbl_blogs_posts WHERE blog_id ='".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
// Delete tasks // Delete tasks
$sql = "DELETE FROM $tbl_blogs_tasks WHERE blog_id ='".(int)$blog_id."'"; $sql = "DELETE FROM $tbl_blogs_tasks WHERE blog_id ='".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
// Delete ratings // Delete ratings
$sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id ='".(int)$blog_id."'"; $sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id ='".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
// Delete blog // Delete blog
$sql ="DELETE FROM $tbl_blogs WHERE blog_id ='".(int)$blog_id."'"; $sql ="DELETE FROM $tbl_blogs WHERE blog_id ='".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
// Delete from course homepage // Delete from course homepage
$sql = "DELETE FROM $tbl_tool WHERE link = 'blog/blog.php?blog_id=".(int)$blog_id."'"; $sql = "DELETE FROM $tbl_tool WHERE link = 'blog/blog.php?blog_id=".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
/** /**
@ -269,7 +269,7 @@ class Blog {
$sql = "INSERT INTO " . $tbl_blogs_posts." (title, full_text, date_creation, blog_id, author_id ) $sql = "INSERT INTO " . $tbl_blogs_posts." (title, full_text, date_creation, blog_id, author_id )
VALUES ('".Database::escape_string($title)."', '".Database::escape_string($full_text)."','".$current_date."', '".(int)$blog_id."', '".(int)$_user['user_id']."');"; VALUES ('".Database::escape_string($title)."', '".Database::escape_string($full_text)."','".$current_date."', '".(int)$blog_id."', '".(int)$_user['user_id']."');";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
$last_post_id=Database::insert_id(); $last_post_id=Database::insert_id();
if ($has_attachment) if ($has_attachment)
@ -300,7 +300,7 @@ class Blog {
{ {
$sql='INSERT INTO '.$blog_table_attachment.'(filename,comment, path, post_id,size, blog_id,comment_id) '. $sql='INSERT INTO '.$blog_table_attachment.'(filename,comment, path, post_id,size, blog_id,comment_id) '.
"VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$last_post_id."', '".$_FILES['user_upload']['size']."', '".$blog_id."', '0' )"; "VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$last_post_id."', '".$_FILES['user_upload']['size']."', '".$blog_id."', '0' )";
$result=api_sql_query($sql, __LINE__, __FILE__); $result=Database::query($sql, __LINE__, __FILE__);
$message.=' / '.get_lang('AttachmentUpload'); $message.=' / '.get_lang('AttachmentUpload');
} }
} }
@ -329,7 +329,7 @@ class Blog {
// Create the post // Create the post
$sql = "UPDATE $tbl_blogs_posts SET title = '" . Database::escape_string($title)."', full_text = '" . Database::escape_string($full_text)."' WHERE post_id ='".(int)$post_id."' AND blog_id ='".(int)$blog_id."' LIMIT 1 ;"; $sql = "UPDATE $tbl_blogs_posts SET title = '" . Database::escape_string($title)."', full_text = '" . Database::escape_string($full_text)."' WHERE post_id ='".(int)$post_id."' AND blog_id ='".(int)$blog_id."' LIMIT 1 ;";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
/** /**
@ -349,15 +349,15 @@ class Blog {
// Delete ratings on this comment // Delete ratings on this comment
$sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$post_id."' AND rating_type = 'post'"; $sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$post_id."' AND rating_type = 'post'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
// Delete the post // Delete the post
$sql = "DELETE FROM $tbl_blogs_posts WHERE post_id = '".(int)$post_id."'"; $sql = "DELETE FROM $tbl_blogs_posts WHERE post_id = '".(int)$post_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
// Delete the comments // Delete the comments
$sql = "DELETE FROM $tbl_blogs_comments WHERE post_id = '".(int)$post_id."' AND blog_id = '".(int)$blog_id."'"; $sql = "DELETE FROM $tbl_blogs_comments WHERE post_id = '".(int)$post_id."' AND blog_id = '".(int)$blog_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
// Delete posts and attachments // Delete posts and attachments
delete_all_blog_attachment($blog_id,$post_id); delete_all_blog_attachment($blog_id,$post_id);
@ -399,7 +399,7 @@ class Blog {
// Create the comment // Create the comment
$sql = "INSERT INTO $tbl_blogs_comments (title, comment, author_id, date_creation, blog_id, post_id, parent_comment_id, task_id ) $sql = "INSERT INTO $tbl_blogs_comments (title, comment, author_id, date_creation, blog_id, post_id, parent_comment_id, task_id )
VALUES ('".Database::escape_string($title)."', '".Database::escape_string($full_text)."', '".(int)$_user['user_id']."','".$current_date."', '".(int)$blog_id."', '".(int)$post_id."', '".(int)$parent_id."', '".(int)$task_id."')"; VALUES ('".Database::escape_string($title)."', '".Database::escape_string($full_text)."', '".(int)$_user['user_id']."','".$current_date."', '".(int)$blog_id."', '".(int)$post_id."', '".(int)$parent_id."', '".(int)$task_id."')";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
// Empty post values, or they are shown on the page again // Empty post values, or they are shown on the page again
$_POST['comment_title'] = ""; $_POST['comment_title'] = "";
@ -435,7 +435,7 @@ class Blog {
{ {
$sql='INSERT INTO '.$blog_table_attachment.'(filename,comment, path, post_id,size,blog_id,comment_id) '. $sql='INSERT INTO '.$blog_table_attachment.'(filename,comment, path, post_id,size,blog_id,comment_id) '.
"VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$post_id."', '".$_FILES['user_upload']['size']."', '".$blog_id."', '".$last_id."' )"; "VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$post_id."', '".$_FILES['user_upload']['size']."', '".$blog_id."', '".$last_id."' )";
$result=api_sql_query($sql, __LINE__, __FILE__); $result=Database::query($sql, __LINE__, __FILE__);
$message.=' / '.get_lang('AttachmentUpload'); $message.=' / '.get_lang('AttachmentUpload');
} }
} }
@ -465,11 +465,11 @@ class Blog {
// Delete ratings on this comment // Delete ratings on this comment
$sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$comment_id."' AND rating_type = 'comment'"; $sql = "DELETE FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$comment_id."' AND rating_type = 'comment'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
// select comments that have the selected comment as their parent // select comments that have the selected comment as their parent
$sql = "SELECT comment_id FROM $tbl_blogs_comments WHERE parent_comment_id = '".(int)$comment_id."'"; $sql = "SELECT comment_id FROM $tbl_blogs_comments WHERE parent_comment_id = '".(int)$comment_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
// Delete them recursively // Delete them recursively
while($comment = Database::fetch_array($result)) { while($comment = Database::fetch_array($result)) {
@ -478,7 +478,7 @@ class Blog {
// Finally, delete the selected comment to // Finally, delete the selected comment to
$sql = "DELETE FROM $tbl_blogs_comments WHERE comment_id = '".(int)$comment_id."'"; $sql = "DELETE FROM $tbl_blogs_comments WHERE comment_id = '".(int)$comment_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
/** /**
@ -500,7 +500,7 @@ class Blog {
// Create the task // Create the task
$sql = "INSERT INTO $tbl_blogs_tasks (blog_id, title, description, color, system_task ) $sql = "INSERT INTO $tbl_blogs_tasks (blog_id, title, description, color, system_task )
VALUES ('".(int)$blog_id."', '" . Database::escape_string($title)."', '" . Database::escape_string($description)."', '" . Database::escape_string($color)."', '0');"; VALUES ('".(int)$blog_id."', '" . Database::escape_string($title)."', '" . Database::escape_string($description)."', '" . Database::escape_string($color)."', '0');";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
$task_id = mysql_insert_id(); $task_id = mysql_insert_id();
$tool = 'BLOG_' . $blog_id; $tool = 'BLOG_' . $blog_id;
@ -518,7 +518,7 @@ class Blog {
'article_delete' 'article_delete'
)"; )";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
if($articleEdit == 'on') if($articleEdit == 'on')
@ -534,7 +534,7 @@ class Blog {
'article_edit' 'article_edit'
)"; )";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
if($commentsDelete == 'on') if($commentsDelete == 'on')
@ -550,7 +550,7 @@ class Blog {
'article_comments_delete' 'article_comments_delete'
)"; )";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
} }
@ -576,7 +576,7 @@ class Blog {
description = '".Database::escape_string($description)."', description = '".Database::escape_string($description)."',
color = '".Database::escape_string($color)."' color = '".Database::escape_string($color)."'
WHERE task_id ='".(int)$task_id."' LIMIT 1"; WHERE task_id ='".(int)$task_id."' LIMIT 1";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
$tool = 'BLOG_' . $blog_id; $tool = 'BLOG_' . $blog_id;
@ -584,7 +584,7 @@ class Blog {
DELETE FROM " . $tbl_tasks_permissions . " DELETE FROM " . $tbl_tasks_permissions . "
WHERE task_id = '" . (int)$task_id."'"; WHERE task_id = '" . (int)$task_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
if($articleDelete == 'on') if($articleDelete == 'on')
{ {
@ -599,7 +599,7 @@ class Blog {
'article_delete' 'article_delete'
)"; )";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
if($articleEdit == 'on') if($articleEdit == 'on')
@ -615,7 +615,7 @@ class Blog {
'article_edit' 'article_edit'
)"; )";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
if($commentsDelete == 'on') if($commentsDelete == 'on')
@ -631,7 +631,7 @@ class Blog {
'article_comments_delete' 'article_comments_delete'
)"; )";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
} }
@ -649,7 +649,7 @@ class Blog {
// Delete posts // Delete posts
$sql = "DELETE FROM $tbl_blogs_tasks WHERE blog_id = '".(int)$blog_id."' AND task_id = '".(int)$task_id."'"; $sql = "DELETE FROM $tbl_blogs_tasks WHERE blog_id = '".(int)$blog_id."' AND task_id = '".(int)$task_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
/** /**
@ -665,7 +665,7 @@ class Blog {
$tbl_blogs_tasks_rel_user = Database::get_course_table(TABLE_BLOGS_TASKS_REL_USER); $tbl_blogs_tasks_rel_user = Database::get_course_table(TABLE_BLOGS_TASKS_REL_USER);
// Delete posts // Delete posts
$sql = "DELETE FROM $tbl_blogs_tasks_rel_user WHERE blog_id = '".(int)$blog_id."' AND task_id = '".(int)$task_id."' AND user_id = '".(int)$user_id."'"; $sql = "DELETE FROM $tbl_blogs_tasks_rel_user WHERE blog_id = '".(int)$blog_id."' AND task_id = '".(int)$task_id."' AND user_id = '".(int)$user_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
/** /**
@ -689,7 +689,7 @@ class Blog {
INNER JOIN $tbl_blogs blog ON task_rel_user.blog_id = blog.blog_id INNER JOIN $tbl_blogs blog ON task_rel_user.blog_id = blog.blog_id
AND blog.blog_id = ".intval($_GET['blog_id'])." AND blog.blog_id = ".intval($_GET['blog_id'])."
WHERE task_rel_user.user_id = ".(int)$_user['user_id']." ORDER BY target_date ASC"; WHERE task_rel_user.user_id = ".(int)$_user['user_id']." ORDER BY target_date ASC";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
if(mysql_numrows($result) > 0) if(mysql_numrows($result) > 0)
{ {
@ -727,7 +727,7 @@ class Blog {
// Get blog properties // Get blog properties
$sql = "SELECT blog_name, visibility FROM $tbl_blogs WHERE blog_id='".(int)$blog_id."'"; $sql = "SELECT blog_name, visibility FROM $tbl_blogs WHERE blog_id='".(int)$blog_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$blog = Database::fetch_array($result); $blog = Database::fetch_array($result);
$visibility = $blog['visibility']; $visibility = $blog['visibility'];
$title = $blog['blog_name']; $title = $blog['blog_name'];
@ -736,20 +736,20 @@ class Blog {
{ {
// Change visibility state, remove from course home. // Change visibility state, remove from course home.
$sql = "UPDATE $tbl_blogs SET visibility = '0' WHERE blog_id ='".(int)$blog_id."' LIMIT 1"; $sql = "UPDATE $tbl_blogs SET visibility = '0' WHERE blog_id ='".(int)$blog_id."' LIMIT 1";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$sql = "DELETE FROM $tbl_tool WHERE name = '".Database::escape_string($title)."' LIMIT 1"; $sql = "DELETE FROM $tbl_tool WHERE name = '".Database::escape_string($title)."' LIMIT 1";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
} }
else else
{ {
// Change visibility state, add to course home. // Change visibility state, add to course home.
$sql = "UPDATE $tbl_blogs SET visibility = '1' WHERE blog_id ='".(int)$blog_id."' LIMIT 1"; $sql = "UPDATE $tbl_blogs SET visibility = '1' WHERE blog_id ='".(int)$blog_id."' LIMIT 1";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$sql = "INSERT INTO $tbl_tool (name, link, image, visibility, admin, address, added_tool, target ) $sql = "INSERT INTO $tbl_tool (name, link, image, visibility, admin, address, added_tool, target )
VALUES ('".Database::escape_string($title)."', 'blog/blog.php?blog_id=".(int)$blog_id."', 'blog.gif', '1', '0', 'pastillegris.gif', '0', '_self')"; VALUES ('".Database::escape_string($title)."', 'blog/blog.php?blog_id=".(int)$blog_id."', 'blog.gif', '1', '0', 'pastillegris.gif', '0', '_self')";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
} }
} }
@ -773,7 +773,7 @@ class Blog {
WHERE post.blog_id = '".(int)$blog_id."' WHERE post.blog_id = '".(int)$blog_id."'
AND $filter AND $filter
ORDER BY post_id DESC LIMIT 0,".(int)$max_number_of_posts; ORDER BY post_id DESC LIMIT 0,".(int)$max_number_of_posts;
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
// Display // Display
if(Database::num_rows($result) > 0) if(Database::num_rows($result) > 0)
@ -782,7 +782,7 @@ class Blog {
{ {
// Get number of comments // Get number of comments
$sql = "SELECT COUNT(1) as number_of_comments FROM $tbl_blogs_comments WHERE blog_id = '".(int)$blog_id."' AND post_id = '" . (int)$blog_post['post_id']."'"; $sql = "SELECT COUNT(1) as number_of_comments FROM $tbl_blogs_comments WHERE blog_id = '".(int)$blog_id."' AND post_id = '" . (int)$blog_post['post_id']."'";
$tmp = api_sql_query($sql, __FILE__, __LINE__); $tmp = Database::query($sql, __FILE__, __LINE__);
$blog_post_comments = Database::fetch_array($tmp); $blog_post_comments = Database::fetch_array($tmp);
// Prepare data // Prepare data
@ -917,12 +917,12 @@ class Blog {
WHERE post.blog_id = '".(int)$blog_id."' WHERE post.blog_id = '".(int)$blog_id."'
AND post.post_id = '".(int)$post_id."' AND post.post_id = '".(int)$post_id."'
ORDER BY post_id DESC"; ORDER BY post_id DESC";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$blog_post = Database::fetch_array($result); $blog_post = Database::fetch_array($result);
// Get number of comments // Get number of comments
$sql = "SELECT COUNT(1) as number_of_comments FROM $tbl_blogs_comments WHERE blog_id = '".(int)$blog_id."' AND post_id = '".(int)$post_id."'"; $sql = "SELECT COUNT(1) as number_of_comments FROM $tbl_blogs_comments WHERE blog_id = '".(int)$blog_id."' AND post_id = '".(int)$post_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$blog_post_comments = Database::fetch_array($result); $blog_post_comments = Database::fetch_array($result);
// Prepare data // Prepare data
@ -1009,13 +1009,13 @@ class Blog {
AND item_id = '".(int)$item_id."' AND item_id = '".(int)$item_id."'
AND rating_type = '".Database::escape_string($type)."' AND rating_type = '".Database::escape_string($type)."'
AND user_id = '".(int)$_user['user_id']."'"; AND user_id = '".(int)$_user['user_id']."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
if(Database::num_rows($result) == 0) // Add rating if(Database::num_rows($result) == 0) // Add rating
{ {
$sql = "INSERT INTO $tbl_blogs_rating ( blog_id, rating_type, item_id, user_id, rating ) $sql = "INSERT INTO $tbl_blogs_rating ( blog_id, rating_type, item_id, user_id, rating )
VALUES ('".(int)$blog_id."', '".Database::escape_string($type)."', '".(int)$item_id."', '".(int)$_user['user_id']."', '".Database::escape_string($rating)."')"; VALUES ('".(int)$blog_id."', '".Database::escape_string($type)."', '".(int)$item_id."', '".(int)$_user['user_id']."', '".Database::escape_string($rating)."')";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
return true; return true;
} }
else // Return else // Return
@ -1038,7 +1038,7 @@ class Blog {
// Calculate rating // Calculate rating
$sql = "SELECT AVG(rating) as rating FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$item_id."' AND rating_type = '".Database::escape_string($type)."' "; $sql = "SELECT AVG(rating) as rating FROM $tbl_blogs_rating WHERE blog_id = '".(int)$blog_id."' AND item_id = '".(int)$item_id."' AND rating_type = '".Database::escape_string($type)."' ";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$result = Database::fetch_array($result); $result = Database::fetch_array($result);
return round($result['rating'], 2); return round($result['rating'], 2);
} }
@ -1067,7 +1067,7 @@ class Blog {
AND item_id = '".(int)$post_id."' AND item_id = '".(int)$post_id."'
AND rating_type = '".Database::escape_string($type)."' AND rating_type = '".Database::escape_string($type)."'
AND user_id = '".(int)$_user['user_id']."'"; AND user_id = '".(int)$_user['user_id']."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
if(Database::num_rows($result) == 0) // Add rating if(Database::num_rows($result) == 0) // Add rating
{ {
@ -1086,7 +1086,7 @@ class Blog {
AND item_id = '".(int)$comment_id."' AND item_id = '".(int)$comment_id."'
AND rating_type = '".Database::escape_string($type)."' AND rating_type = '".Database::escape_string($type)."'
AND user_id = '".(int)$_user['user_id']."'"; AND user_id = '".(int)$_user['user_id']."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
if(Database::num_rows($result) == 0) // Add rating if(Database::num_rows($result) == 0) // Add rating
{ {
@ -1123,7 +1123,7 @@ class Blog {
WHERE parent_comment_id = $current WHERE parent_comment_id = $current
AND comments.blog_id = '".(int)$blog_id."' AND comments.blog_id = '".(int)$blog_id."'
AND comments.post_id = '".(int)$post_id."'"; AND comments.post_id = '".(int)$post_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
while($comment = Database::fetch_array($result)) while($comment = Database::fetch_array($result))
{ {
@ -1133,7 +1133,7 @@ class Blog {
WHERE comment_id = $current WHERE comment_id = $current
AND blog_id = '".(int)$blog_id."' AND blog_id = '".(int)$blog_id."'
AND post_id = '".(int)$post_id."'"; AND post_id = '".(int)$post_id."'";
$tmp = api_sql_query($tmp, __FILE__, __LINE__); $tmp = Database::query($tmp, __FILE__, __LINE__);
$tmp = Database::fetch_array($tmp); $tmp = Database::fetch_array($tmp);
$parent_cat = $tmp['parent_comment_id']; $parent_cat = $tmp['parent_comment_id'];
$border_color = ''; $border_color = '';
@ -1363,7 +1363,7 @@ class Blog {
WHERE post.blog_id = '".(int)$blog_id ."' WHERE post.blog_id = '".(int)$blog_id ."'
AND post.post_id = '".(int)$post_id."' AND post.post_id = '".(int)$post_id."'
ORDER BY post_id DESC"; ORDER BY post_id DESC";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$blog_post = Database::fetch_array($result); $blog_post = Database::fetch_array($result);
// Prepare data // Prepare data
@ -1472,7 +1472,7 @@ class Blog {
ORDER BY ORDER BY
system_task, system_task,
title"; title";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
while($task = Database::fetch_array($result)) while($task = Database::fetch_array($result))
@ -1532,7 +1532,7 @@ class Blog {
INNER JOIN $tbl_blogs_tasks task ON task_rel_user.task_id = task.task_id INNER JOIN $tbl_blogs_tasks task ON task_rel_user.task_id = task.task_id
INNER JOIN $tbl_users user ON task_rel_user.user_id = user.user_id INNER JOIN $tbl_users user ON task_rel_user.user_id = user.user_id
WHERE task_rel_user.blog_id = '".(int)$blog_id."' ORDER BY target_date ASC"; WHERE task_rel_user.blog_id = '".(int)$blog_id."' ORDER BY target_date ASC";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
while($assignment = Database::fetch_array($result)) while($assignment = Database::fetch_array($result))
@ -1668,7 +1668,7 @@ class Blog {
$colors = array('FFFFFF','FFFF99','FFCC99','FF9933','FF6699','CCFF99','CC9966','66FF00', '9966FF', 'CF3F3F', '990033','669933','0033FF','003366','000000'); $colors = array('FFFFFF','FFFF99','FFCC99','FF9933','FF6699','CCFF99','CC9966','66FF00', '9966FF', 'CF3F3F', '990033','669933','0033FF','003366','000000');
$sql = "SELECT blog_id, task_id, title, description, color FROM $tbl_blogs_tasks WHERE task_id = '".(int)$task_id."'"; $sql = "SELECT blog_id, task_id, title, description, color FROM $tbl_blogs_tasks WHERE task_id = '".(int)$task_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$task = Database::fetch_array($result); $task = Database::fetch_array($result);
// Display // Display
@ -1693,7 +1693,7 @@ class Blog {
action action
FROM " . $tbl_tasks_permissions . " FROM " . $tbl_tasks_permissions . "
WHERE task_id = '" . (int)$task_id."'"; WHERE task_id = '" . (int)$task_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$arrPermissions = array(); $arrPermissions = array();
@ -1768,7 +1768,7 @@ class Blog {
INNER JOIN $tbl_blogs_rel_user blogs_rel_user INNER JOIN $tbl_blogs_rel_user blogs_rel_user
ON user.user_id = blogs_rel_user.user_id ON user.user_id = blogs_rel_user.user_id
WHERE blogs_rel_user.blog_id = '".(int)$blog_id."'"; WHERE blogs_rel_user.blog_id = '".(int)$blog_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$select_user_list = '<select name="task_user_id">'; $select_user_list = '<select name="task_user_id">';
while($user = Database::fetch_array($result)) while($user = Database::fetch_array($result))
{ {
@ -1792,7 +1792,7 @@ class Blog {
ORDER BY ORDER BY
system_task, system_task,
title"; title";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$select_task_list = '<select name="task_task_id">'; $select_task_list = '<select name="task_task_id">';
while($task = Database::fetch_array($result)) while($task = Database::fetch_array($result))
@ -1918,7 +1918,7 @@ class Blog {
user_id = $user_id AND user_id = $user_id AND
blog_id = $blog_id"; blog_id = $blog_id";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$arrUserTasks = array(); $arrUserTasks = array();
@ -1935,7 +1935,7 @@ class Blog {
WHERE blog_id = '".(int)$blog_id."' WHERE blog_id = '".(int)$blog_id."'
AND user_id = '".(int)$user_id."' AND user_id = '".(int)$user_id."'
AND task_id = '".(int)$task_id."'"; AND task_id = '".(int)$task_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result); $row = mysql_fetch_assoc($result);
$old_date = $row['target_date']; $old_date = $row['target_date'];
@ -1947,7 +1947,7 @@ class Blog {
FROM $tbl_users user FROM $tbl_users user
INNER JOIN $tbl_blogs_rel_user blogs_rel_user on user.user_id = blogs_rel_user.user_id INNER JOIN $tbl_blogs_rel_user blogs_rel_user on user.user_id = blogs_rel_user.user_id
WHERE blogs_rel_user.blog_id = '".(int)$blog_id."'"; WHERE blogs_rel_user.blog_id = '".(int)$blog_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$select_user_list = '<select name="task_user_id">'; $select_user_list = '<select name="task_user_id">';
@ -1972,7 +1972,7 @@ class Blog {
ORDER BY ORDER BY
system_task, system_task,
title"; title";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$select_task_list = '<select name="task_task_id">'; $select_task_list = '<select name="task_task_id">';
@ -2074,7 +2074,7 @@ class Blog {
AND task_id = " . (int)$task_id . " AND task_id = " . (int)$task_id . "
"; ";
$result = @api_sql_query($sql, __FILE__, __LINE__); $result = @Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result); $row = mysql_fetch_assoc($result);
if($row['number'] == 0) if($row['number'] == 0)
@ -2092,7 +2092,7 @@ class Blog {
'" . Database::escape_string($target_date) . "' '" . Database::escape_string($target_date) . "'
)"; )";
$result = @api_sql_query($sql, __FILE__, __LINE__); $result = @Database::query($sql, __FILE__, __LINE__);
} }
} }
@ -2109,7 +2109,7 @@ class Blog {
task_id = " . (int)$task_id . " task_id = " . (int)$task_id . "
"; ";
$result = @api_sql_query($sql, __FILE__, __LINE__); $result = @Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result); $row = mysql_fetch_assoc($result);
if($row['number'] == 0 || ($row['number'] != 0 && $task_id == $old_task_id && $user_id == $old_user_id)) if($row['number'] == 0 || ($row['number'] != 0 && $task_id == $old_task_id && $user_id == $old_user_id))
@ -2127,7 +2127,7 @@ class Blog {
target_date = '" . Database::escape_string($old_target_date) . "' target_date = '" . Database::escape_string($old_target_date) . "'
"; ";
$result = @api_sql_query($sql, __FILE__, __LINE__); $result = @Database::query($sql, __FILE__, __LINE__);
} }
} }
@ -2147,7 +2147,7 @@ class Blog {
SELECT title, description SELECT title, description
FROM $tbl_blogs_tasks FROM $tbl_blogs_tasks
WHERE task_id = '".(int)$task_id."'"; WHERE task_id = '".(int)$task_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$row = mysql_fetch_assoc($result); $row = mysql_fetch_assoc($result);
// Get posts and authors // Get posts and authors
$sql = " $sql = "
@ -2160,7 +2160,7 @@ class Blog {
WHERE post.blog_id = '".(int)$blog_id."' WHERE post.blog_id = '".(int)$blog_id."'
ORDER BY post_id DESC ORDER BY post_id DESC
LIMIT 0, 100"; LIMIT 0, 100";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
// Display // Display
echo '<span class="blogpost_title">' . get_lang('SelectTaskArticle') . ' "' . stripslashes($row['title']) . '"</span>'; echo '<span class="blogpost_title">' . get_lang('SelectTaskArticle') . ' "' . stripslashes($row['title']) . '"</span>';
@ -2192,13 +2192,13 @@ class Blog {
// Subscribe the user // Subscribe the user
$sql = "INSERT INTO $tbl_blogs_rel_user ( blog_id, user_id ) VALUES ('".(int)$blog_id."', '".(int)$user_id."');"; $sql = "INSERT INTO $tbl_blogs_rel_user ( blog_id, user_id ) VALUES ('".(int)$blog_id."', '".(int)$user_id."');";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
// Give this user basic rights // Give this user basic rights
$sql="INSERT INTO $tbl_user_permissions (user_id,tool,action) VALUES ('".(int)$user_id."','BLOG_" . (int)$blog_id."','article_add')"; $sql="INSERT INTO $tbl_user_permissions (user_id,tool,action) VALUES ('".(int)$user_id."','BLOG_" . (int)$blog_id."','article_add')";
$result = api_sql_query($sql, __LINE__, __FILE__); $result = Database::query($sql, __LINE__, __FILE__);
$sql="INSERT INTO $tbl_user_permissions (user_id,tool,action) VALUES ('".(int)$user_id."','BLOG_" . (int)$blog_id."','article_comments_add')"; $sql="INSERT INTO $tbl_user_permissions (user_id,tool,action) VALUES ('".(int)$user_id."','BLOG_" . (int)$blog_id."','article_comments_add')";
$result = api_sql_query($sql, __LINE__, __FILE__); $result = Database::query($sql, __LINE__, __FILE__);
} }
/** /**
@ -2215,11 +2215,11 @@ class Blog {
// Unsubscribe the user // Unsubscribe the user
$sql = "DELETE FROM $tbl_blogs_rel_user WHERE blog_id = '".(int)$blog_id."' AND user_id = '".(int)$user_id."'"; $sql = "DELETE FROM $tbl_blogs_rel_user WHERE blog_id = '".(int)$blog_id."' AND user_id = '".(int)$user_id."'";
$result = @api_sql_query($sql, __FILE__, __LINE__); $result = @Database::query($sql, __FILE__, __LINE__);
// Remove this user's permissions. // Remove this user's permissions.
$sql = "DELETE FROM $tbl_user_permissions WHERE user_id = '".(int)$user_id."'"; $sql = "DELETE FROM $tbl_user_permissions WHERE user_id = '".(int)$user_id."'";
$result = api_sql_query($sql, __LINE__, __FILE__); $result = Database::query($sql, __LINE__, __FILE__);
} }
/** /**
@ -2249,7 +2249,7 @@ class Blog {
INNER JOIN $tbl_blogs_rel_user blogs_rel_user INNER JOIN $tbl_blogs_rel_user blogs_rel_user
ON user.user_id = blogs_rel_user.user_id ON user.user_id = blogs_rel_user.user_id
WHERE blogs_rel_user.blog_id = '".intval($blog_id)."'"; WHERE blogs_rel_user.blog_id = '".intval($blog_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$blog_member_ids = array (); $blog_member_ids = array ();
while($user = Database::fetch_array($result)) while($user = Database::fetch_array($result))
@ -2372,7 +2372,7 @@ class Blog {
ON user.user_id = blogs_rel_user.user_id ON user.user_id = blogs_rel_user.user_id
WHERE blogs_rel_user.blog_id = '".(int)$blog_id."'"; WHERE blogs_rel_user.blog_id = '".(int)$blog_id."'";
//$sql_result = api_sql_query($sql_query, __FILE__, __LINE__); //$sql_result = Database::query($sql_query, __FILE__, __LINE__);
$sql_result = mysql_query($sql_query) or die(mysql_error()); $sql_result = mysql_query($sql_query) or die(mysql_error());
@ -2593,7 +2593,7 @@ class Blog {
AND MONTH(date_creation) = '".(int)$month."' AND MONTH(date_creation) = '".(int)$month."'
AND YEAR(date_creation) = '".(int)$year."' AND YEAR(date_creation) = '".(int)$year."'
ORDER BY date_creation"; ORDER BY date_creation";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
// We will create an array of days on which there are posts. // We will create an array of days on which there are posts.
if( Database::num_rows($result) > 0) if( Database::num_rows($result) > 0)
@ -2622,7 +2622,7 @@ class Blog {
AND MONTH(target_date) = '".(int)$month."' AND MONTH(target_date) = '".(int)$month."'
AND YEAR(target_date) = '".(int)$year."' AND YEAR(target_date) = '".(int)$year."'
ORDER BY target_date ASC"; ORDER BY target_date ASC";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
if(mysql_numrows($result) > 0) if(mysql_numrows($result) > 0)
{ {
@ -2763,7 +2763,7 @@ class Blog {
$tbl_blogs = Database::get_course_table(TABLE_BLOGS); $tbl_blogs = Database::get_course_table(TABLE_BLOGS);
$sql = "SELECT blog_id, blog_name, blog_subtitle FROM $tbl_blogs WHERE blog_id = '".(int)$blog_id."'"; $sql = "SELECT blog_id, blog_name, blog_subtitle FROM $tbl_blogs WHERE blog_id = '".(int)$blog_id."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$blog = Database::fetch_array($result); $blog = Database::fetch_array($result);
// the form contained errors but we do not want to lose the changes the user already did // the form contained errors but we do not want to lose the changes the user already did
@ -2822,7 +2822,7 @@ class Blog {
$tbl_blogs = Database::get_course_table(TABLE_BLOGS); $tbl_blogs = Database::get_course_table(TABLE_BLOGS);
$sql = 'SELECT blog_name,blog_subtitle,visibility,blog_id FROM '.$tbl_blogs.' ORDER BY date_creation DESC '; $sql = 'SELECT blog_name,blog_subtitle,visibility,blog_id FROM '.$tbl_blogs.' ORDER BY date_creation DESC ';
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
while ($row_project=Database::fetch_row($result)) { while ($row_project=Database::fetch_row($result)) {
$list_info[]=$row_project; $list_info[]=$row_project;
@ -2873,7 +2873,7 @@ class Blog {
} }
/*$sql = "SELECT blog_id, blog_name, blog_subtitle, visibility FROM $tbl_blogs ORDER BY blog_name"; /*$sql = "SELECT blog_id, blog_name, blog_subtitle, visibility FROM $tbl_blogs ORDER BY blog_name";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
while($blog = Database::fetch_array($result)) while($blog = Database::fetch_array($result))
{ {
@ -2945,7 +2945,7 @@ function get_blog_attachment($blog_id, $post_id=null,$comment_id=null)
$sql = 'SELECT path, filename, comment FROM '. $blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'" '.$where; $sql = 'SELECT path, filename, comment FROM '. $blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'" '.$where;
$result=api_sql_query($sql, __FILE__, __LINE__); $result=Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result)!=0) if (Database::num_rows($result)!=0)
{ {
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
@ -2992,7 +2992,7 @@ function delete_all_blog_attachment($blog_id,$post_id=null,$comment_id=null)
$updir = $sys_course_path.$courseDir; $updir = $sys_course_path.$courseDir;
$sql= 'SELECT path FROM '.$blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'" '.$where; $sql= 'SELECT path FROM '.$blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'" '.$where;
$result=api_sql_query($sql, __FILE__, __LINE__); $result=Database::query($sql, __FILE__, __LINE__);
while ($row=Database::fetch_row($result)) while ($row=Database::fetch_row($result))
{ {
@ -3003,7 +3003,7 @@ function delete_all_blog_attachment($blog_id,$post_id=null,$comment_id=null)
} }
} }
$sql = 'DELETE FROM '. $blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'" '.$where; $sql = 'DELETE FROM '. $blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'" '.$where;
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
/** /**
* Gets all the post from a given user id * Gets all the post from a given user id
@ -3019,7 +3019,7 @@ function get_blog_post_from_user($course_db_name, $user_id) {
ON (blog.blog_id = post.blog_id) ON (blog.blog_id = post.blog_id)
WHERE author_id = $user_id AND visibility = 1 WHERE author_id = $user_id AND visibility = 1
ORDER BY post.date_creation DESC "; ORDER BY post.date_creation DESC ";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$return_data = ''; $return_data = '';
//$my_course_info=explode('_',$course_db_name); //$my_course_info=explode('_',$course_db_name);
$my_course_id=CourseManager::get_course_id_by_database_name($course_db_name); $my_course_id=CourseManager::get_course_id_by_database_name($course_db_name);
@ -3052,7 +3052,7 @@ function get_blog_comment_from_user($course_db_name, $user_id) {
ON (blog.blog_id = comment.blog_id) ON (blog.blog_id = comment.blog_id)
WHERE author_id = $user_id AND visibility = 1 WHERE author_id = $user_id AND visibility = 1
ORDER BY blog_name"; ORDER BY blog_name";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$return_data = ''; $return_data = '';
$my_course_info=explode('_',$course_db_name); $my_course_info=explode('_',$course_db_name);
if (Database::num_rows($result)!=0) { if (Database::num_rows($result)!=0) {

38
main/inc/lib/classmanager.lib.php
Unescape View File

@ -45,7 +45,7 @@ class ClassManager
{ {
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS); $table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "SELECT * FROM $table_class WHERE id='".$class_id."'"; $sql = "SELECT * FROM $table_class WHERE id='".$class_id."'";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
return mysql_fetch_array($res, MYSQL_ASSOC); return mysql_fetch_array($res, MYSQL_ASSOC);
} }
/** /**
@ -57,7 +57,7 @@ class ClassManager
{ {
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS); $table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "UPDATE $table_class SET name='".mysql_real_escape_string($name)."' WHERE id='".$class_id."'"; $sql = "UPDATE $table_class SET name='".mysql_real_escape_string($name)."' WHERE id='".$class_id."'";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
} }
/** /**
* Create a class * Create a class
@ -67,7 +67,7 @@ class ClassManager
{ {
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS); $table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "INSERT INTO $table_class SET name='".mysql_real_escape_string($name)."'"; $sql = "INSERT INTO $table_class SET name='".mysql_real_escape_string($name)."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
return mysql_affected_rows() == 1; return mysql_affected_rows() == 1;
} }
/** /**
@ -78,7 +78,7 @@ class ClassManager
{ {
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS); $table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "SELECT * FROM $table_class WHERE name='".mysql_real_escape_string($name)."'"; $sql = "SELECT * FROM $table_class WHERE name='".mysql_real_escape_string($name)."'";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
return mysql_num_rows($res) != 0; return mysql_num_rows($res) != 0;
} }
/** /**
@ -93,11 +93,11 @@ class ClassManager
$table_class_course = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS); $table_class_course = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER); $table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$sql = "DELETE FROM $table_class_user WHERE class_id = '".$class_id."'"; $sql = "DELETE FROM $table_class_user WHERE class_id = '".$class_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
$sql = "DELETE FROM $table_class_course WHERE class_id = '".$class_id."'"; $sql = "DELETE FROM $table_class_course WHERE class_id = '".$class_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
$sql = "DELETE FROM $table_class WHERE id = '".$class_id."'"; $sql = "DELETE FROM $table_class WHERE id = '".$class_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
/** /**
* Get all users from a class * Get all users from a class
@ -109,7 +109,7 @@ class ClassManager
$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER); $table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$table_user = Database :: get_main_table(TABLE_MAIN_USER); $table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT * FROM $table_class_user cu, $table_user u WHERE cu.class_id = '".$class_id."' AND cu.user_id = u.user_id"; $sql = "SELECT * FROM $table_class_user cu, $table_user u WHERE cu.class_id = '".$class_id."' AND cu.user_id = u.user_id";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
$users = array (); $users = array ();
while ($user = mysql_fetch_array($res, MYSQL_ASSOC)) while ($user = mysql_fetch_array($res, MYSQL_ASSOC))
{ {
@ -127,7 +127,7 @@ class ClassManager
{ {
$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER); $table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$sql = "INSERT IGNORE INTO $table_class_user SET user_id = '".$user_id."', class_id='".$class_id."'"; $sql = "INSERT IGNORE INTO $table_class_user SET user_id = '".$user_id."', class_id='".$class_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
$courses = ClassManager :: get_courses($class_id); $courses = ClassManager :: get_courses($class_id);
foreach ($courses as $index => $course) foreach ($courses as $index => $course)
{ {
@ -152,7 +152,7 @@ class ClassManager
{ {
$course_codes[] = $course['course_code']; $course_codes[] = $course['course_code'];
$sql = "SELECT DISTINCT user_id FROM $table_class_user t1, $table_course_class t2 WHERE t1.class_id=t2.class_id AND course_code = '".$course['course_code']."' AND user_id = $user_id AND t2.class_id<>'$class_id'"; $sql = "SELECT DISTINCT user_id FROM $table_class_user t1, $table_course_class t2 WHERE t1.class_id=t2.class_id AND course_code = '".$course['course_code']."' AND user_id = $user_id AND t2.class_id<>'$class_id'";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
if (mysql_num_rows($res) == 0 && CourseManager :: get_user_in_course_status($user_id, $course['course_code']) == STUDENT) if (mysql_num_rows($res) == 0 && CourseManager :: get_user_in_course_status($user_id, $course['course_code']) == STUDENT)
{ {
CourseManager :: unsubscribe_user($user_id, $course['course_code']); CourseManager :: unsubscribe_user($user_id, $course['course_code']);
@ -160,7 +160,7 @@ class ClassManager
} }
} }
$sql = "DELETE FROM $table_class_user WHERE user_id='".$user_id."' AND class_id = '".$class_id."'"; $sql = "DELETE FROM $table_class_user WHERE user_id='".$user_id."' AND class_id = '".$class_id."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
/** /**
* Get all courses in which a class is subscribed * Get all courses in which a class is subscribed
@ -172,7 +172,7 @@ class ClassManager
$table_class_course = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS); $table_class_course = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE); $table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$sql = "SELECT * FROM $table_class_course cc, $table_course c WHERE cc.class_id = '".$class_id."' AND cc.course_code = c.code"; $sql = "SELECT * FROM $table_class_course cc, $table_course c WHERE cc.class_id = '".$class_id."' AND cc.course_code = c.code";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
$courses = array (); $courses = array ();
while ($course = mysql_fetch_array($res, MYSQL_ASSOC)) while ($course = mysql_fetch_array($res, MYSQL_ASSOC))
{ {
@ -191,9 +191,9 @@ class ClassManager
$tbl_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER); $tbl_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER); $tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$sql = "INSERT IGNORE INTO $tbl_course_class SET course_code = '".mysql_real_escape_string($course_code)."', class_id = '".mysql_real_escape_string($class_id)."'"; $sql = "INSERT IGNORE INTO $tbl_course_class SET course_code = '".mysql_real_escape_string($course_code)."', class_id = '".mysql_real_escape_string($class_id)."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
$sql = "SELECT user_id FROM $tbl_class_user WHERE class_id = '".mysql_real_escape_string($class_id)."'"; $sql = "SELECT user_id FROM $tbl_class_user WHERE class_id = '".mysql_real_escape_string($class_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
while ($user = mysql_fetch_object($res)) while ($user = mysql_fetch_object($res))
{ {
CourseManager :: subscribe_user($user->user_id, $course_code); CourseManager :: subscribe_user($user->user_id, $course_code);
@ -211,11 +211,11 @@ class ClassManager
$tbl_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS); $tbl_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$tbl_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER); $tbl_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$sql = "SELECT cu.user_id,COUNT(cc.class_id) FROM $tbl_course_class cc, $tbl_class_user cu WHERE cc.class_id = cu.class_id AND cc.course_code = '".mysql_real_escape_string($course_code)."' GROUP BY cu.user_id HAVING COUNT(cc.class_id) = 1"; $sql = "SELECT cu.user_id,COUNT(cc.class_id) FROM $tbl_course_class cc, $tbl_class_user cu WHERE cc.class_id = cu.class_id AND cc.course_code = '".mysql_real_escape_string($course_code)."' GROUP BY cu.user_id HAVING COUNT(cc.class_id) = 1";
$single_class_users = api_sql_query($sql, __FILE__, __LINE__); $single_class_users = Database::query($sql, __FILE__, __LINE__);
while ($single_class_user = mysql_fetch_object($single_class_users)) while ($single_class_user = mysql_fetch_object($single_class_users))
{ {
$sql = "SELECT * FROM $tbl_class_user WHERE class_id = '".mysql_real_escape_string($class_id)."' AND user_id = '".mysql_real_escape_string($single_class_user->user_id)."'"; $sql = "SELECT * FROM $tbl_class_user WHERE class_id = '".mysql_real_escape_string($class_id)."' AND user_id = '".mysql_real_escape_string($single_class_user->user_id)."'";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
if (mysql_num_rows($res) > 0) if (mysql_num_rows($res) > 0)
{ {
if (CourseManager :: get_user_in_course_status($single_class_user->user_id, $course_code) == STUDENT) if (CourseManager :: get_user_in_course_status($single_class_user->user_id, $course_code) == STUDENT)
@ -225,7 +225,7 @@ class ClassManager
} }
} }
$sql = "DELETE FROM $tbl_course_class WHERE course_code = '".mysql_real_escape_string($course_code)."' AND class_id = '".mysql_real_escape_string($class_id)."'"; $sql = "DELETE FROM $tbl_course_class WHERE course_code = '".mysql_real_escape_string($course_code)."' AND class_id = '".mysql_real_escape_string($class_id)."'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
/** /**
@ -237,7 +237,7 @@ class ClassManager
{ {
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS); $table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "SELECT * FROM $table_class WHERE name='".$name."'"; $sql = "SELECT * FROM $table_class WHERE name='".$name."'";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
$obj = mysql_fetch_object($res); $obj = mysql_fetch_object($res);
return $obj->id; return $obj->id;
} }
@ -251,7 +251,7 @@ class ClassManager
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS); $table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$table_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS); $table_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$sql = "SELECT cl.* FROM $table_class cl, $table_course_class cc WHERE cc.course_code = '".mysql_real_escape_string($course_code)."' AND cc.class_id = cl.id"; $sql = "SELECT cl.* FROM $table_class cl, $table_course_class cc WHERE cc.course_code = '".mysql_real_escape_string($course_code)."' AND cc.class_id = cl.id";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
$classes = array (); $classes = array ();
while ($class = mysql_fetch_array($res, MYSQL_ASSOC)) while ($class = mysql_fetch_array($res, MYSQL_ASSOC))
{ {

48
main/inc/lib/document.lib.php
Unescape View File

@ -85,7 +85,7 @@ class DocumentManager {
$course_table = Database::get_main_table(TABLE_MAIN_COURSE); $course_table = Database::get_main_table(TABLE_MAIN_COURSE);
$sql_query = "SELECT ".DISK_QUOTA_FIELD." FROM $course_table WHERE code = '$course_code'"; $sql_query = "SELECT ".DISK_QUOTA_FIELD." FROM $course_table WHERE code = '$course_code'";
$sql_result = api_sql_query($sql_query, __FILE__, __LINE__); $sql_result = Database::query($sql_query, __FILE__, __LINE__);
$result = Database::fetch_array($sql_result); $result = Database::fetch_array($sql_result);
$course_quota = $result[DISK_QUOTA_FIELD]; $course_quota = $result[DISK_QUOTA_FIELD];
@ -320,7 +320,7 @@ class DocumentManager {
$query = "SELECT 1 FROM $tbl_document AS docs,$tbl_item_property AS props $query = "SELECT 1 FROM $tbl_document AS docs,$tbl_item_property AS props
WHERE props.tool = 'document' AND docs.id=props.ref AND props.visibility <> '1' AND docs.path = '$doc_url'"; WHERE props.tool = 'document' AND docs.id=props.ref AND props.visibility <> '1' AND docs.path = '$doc_url'";
//echo $query; //echo $query;
$result = api_sql_query($query, __FILE__, __LINE__); $result = Database::query($query, __FILE__, __LINE__);
return (Database::num_rows($result) == 0); return (Database::num_rows($result) == 0);
} }
@ -524,7 +524,7 @@ class DocumentManager {
AND ".$to_field." = ".$to_value." AND ".$to_field." = ".$to_value."
AND last.visibility".$visibility_bit; AND last.visibility".$visibility_bit;
$result = api_sql_query($sql); $result = Database::query($sql);
if ($result && Database::num_rows($result) != 0) if ($result && Database::num_rows($result) != 0)
{ {
@ -540,7 +540,7 @@ class DocumentManager {
WHERE course_code='".$_course['id']."' WHERE course_code='".$_course['id']."'
AND user_id='".api_get_user_id()."' AND user_id='".api_get_user_id()."'
AND ref_doc='".$row['id']."'"; AND ref_doc='".$row['id']."'";
$template_result = api_sql_query($sql_is_template); $template_result = Database::query($sql_is_template);
if(Database::num_rows($template_result)>0){ if(Database::num_rows($template_result)>0){
$row['is_template'] = 1; $row['is_template'] = 1;
} }
@ -592,7 +592,7 @@ class DocumentManager {
AND last.to_group_id = ".$to_group_id." AND last.to_group_id = ".$to_group_id."
AND last.visibility <> 2"; AND last.visibility <> 2";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
if ($result && Database::num_rows($result) != 0) if ($result && Database::num_rows($result) != 0)
{ {
@ -623,7 +623,7 @@ class DocumentManager {
AND last.tool = '".TOOL_DOCUMENT."' AND last.tool = '".TOOL_DOCUMENT."'
AND last.to_group_id = ".$to_group_id." AND last.to_group_id = ".$to_group_id."
AND last.visibility = 1"; AND last.visibility = 1";
$visibleresult = api_sql_query($visible_sql, __FILE__, __LINE__); $visibleresult = Database::query($visible_sql, __FILE__, __LINE__);
while ($all_visible_folders = Database::fetch_array($visibleresult,'ASSOC')) while ($all_visible_folders = Database::fetch_array($visibleresult,'ASSOC'))
{ {
$visiblefolders[] = $all_visible_folders['path']; $visiblefolders[] = $all_visible_folders['path'];
@ -637,7 +637,7 @@ class DocumentManager {
AND last.tool = '".TOOL_DOCUMENT."' AND last.tool = '".TOOL_DOCUMENT."'
AND last.to_group_id = ".$to_group_id." AND last.to_group_id = ".$to_group_id."
AND last.visibility = 0"; AND last.visibility = 0";
$invisibleresult = api_sql_query($invisible_sql, __FILE__, __LINE__); $invisibleresult = Database::query($invisible_sql, __FILE__, __LINE__);
while ($invisible_folders = Database::fetch_array($invisibleresult,'ASSOC')) while ($invisible_folders = Database::fetch_array($invisibleresult,'ASSOC'))
{ {
//get visible folders in the invisible ones -> they are invisible too //get visible folders in the invisible ones -> they are invisible too
@ -650,7 +650,7 @@ class DocumentManager {
AND last.tool = '".TOOL_DOCUMENT."' AND last.tool = '".TOOL_DOCUMENT."'
AND last.to_group_id = ".$to_group_id." AND last.to_group_id = ".$to_group_id."
AND last.visibility = 1"; AND last.visibility = 1";
$folder_in_invisible_result = api_sql_query($folder_in_invisible_sql, __FILE__, __LINE__); $folder_in_invisible_result = Database::query($folder_in_invisible_sql, __FILE__, __LINE__);
while ($folders_in_invisible_folder = Database::fetch_array($folder_in_invisible_result,'ASSOC')) while ($folders_in_invisible_folder = Database::fetch_array($folder_in_invisible_result,'ASSOC'))
{ {
$invisiblefolders[] = $folders_in_invisible_folder['path']; $invisiblefolders[] = $folders_in_invisible_folder['path'];
@ -711,7 +711,7 @@ class DocumentManager {
$what_to_check_sql = "SELECT td.id, readonly, tp.insert_user_id FROM ".$TABLE_DOCUMENT." td , $TABLE_PROPERTY tp $what_to_check_sql = "SELECT td.id, readonly, tp.insert_user_id FROM ".$TABLE_DOCUMENT." td , $TABLE_PROPERTY tp
WHERE tp.ref= td.id and (path='".$path."' OR path LIKE BINARY '".$path."/%' ) "; WHERE tp.ref= td.id and (path='".$path."' OR path LIKE BINARY '".$path."/%' ) ";
//get all id's of documents that are deleted //get all id's of documents that are deleted
$what_to_check_result = api_sql_query($what_to_check_sql, __FILE__, __LINE__); $what_to_check_result = Database::query($what_to_check_sql, __FILE__, __LINE__);
if ($what_to_check_result && Database::num_rows($what_to_check_result) != 0) if ($what_to_check_result && Database::num_rows($what_to_check_result) != 0)
{ {
@ -748,7 +748,7 @@ class DocumentManager {
{ {
$sql= 'SELECT a.insert_user_id, b.readonly FROM '.$TABLE_PROPERTY.' a,'.$TABLE_DOCUMENT.' b $sql= 'SELECT a.insert_user_id, b.readonly FROM '.$TABLE_PROPERTY.' a,'.$TABLE_DOCUMENT.' b
WHERE a.ref = b.id and a.ref='.$document_id.' LIMIT 1'; WHERE a.ref = b.id and a.ref='.$document_id.' LIMIT 1';
$resultans = api_sql_query($sql, __FILE__, __LINE__); $resultans = Database::query($sql, __FILE__, __LINE__);
$doc_details = Database ::fetch_array($resultans,'ASSOC'); $doc_details = Database ::fetch_array($resultans,'ASSOC');
if($doc_details['readonly']==1) if($doc_details['readonly']==1)
@ -776,7 +776,7 @@ class DocumentManager {
$TABLE_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT, $_course['dbName']); $TABLE_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT, $_course['dbName']);
//if (!empty($document_id)) //if (!empty($document_id))
$document_id = Database::escape_string($document_id); $document_id = Database::escape_string($document_id);
$resultans = api_sql_query('SELECT filetype FROM '.$TABLE_DOCUMENT.' WHERE id='.$document_id.'', __FILE__, __LINE__); $resultans = Database::query('SELECT filetype FROM '.$TABLE_DOCUMENT.' WHERE id='.$document_id.'', __FILE__, __LINE__);
$result= Database::fetch_array($resultans,'ASSOC'); $result= Database::fetch_array($resultans,'ASSOC');
if ($result['filetype']=='folder') { if ($result['filetype']=='folder') {
return true; return true;
@ -807,7 +807,7 @@ class DocumentManager {
{ {
$what_to_delete_sql = "SELECT id FROM ".$TABLE_DOCUMENT." WHERE path='".$path."' OR path LIKE BINARY '".$path."/%'"; $what_to_delete_sql = "SELECT id FROM ".$TABLE_DOCUMENT." WHERE path='".$path."' OR path LIKE BINARY '".$path."/%'";
//get all id's of documents that are deleted //get all id's of documents that are deleted
$what_to_delete_result = api_sql_query($what_to_delete_sql, __FILE__, __LINE__); $what_to_delete_result = Database::query($what_to_delete_sql, __FILE__, __LINE__);
if ($what_to_delete_result && Database::num_rows($what_to_delete_result) != 0) if ($what_to_delete_result && Database::num_rows($what_to_delete_result) != 0)
{ {
@ -829,9 +829,9 @@ class DocumentManager {
$remove_from_document_sql = "DELETE FROM ".$TABLE_DOCUMENT." WHERE id = ".$row['id'].""; $remove_from_document_sql = "DELETE FROM ".$TABLE_DOCUMENT." WHERE id = ".$row['id']."";
self::unset_document_as_template($row['id'],$_course, api_get_user_id()); self::unset_document_as_template($row['id'],$_course, api_get_user_id());
//echo($remove_from_item_property_sql.'<br>'); //echo($remove_from_item_property_sql.'<br>');
//api_sql_query($remove_from_item_property_sql, __FILE__, __LINE__); //Database::query($remove_from_item_property_sql, __FILE__, __LINE__);
//echo($remove_from_document_sql.'<br>'); //echo($remove_from_document_sql.'<br>');
api_sql_query($remove_from_document_sql, __FILE__, __LINE__); Database::query($remove_from_document_sql, __FILE__, __LINE__);
//delete metadata //delete metadata
$eid = 'Document'.'.'.$row['id']; $eid = 'Document'.'.'.$row['id'];
@ -863,11 +863,11 @@ class DocumentManager {
{ {
self::unset_document_as_template($document_id, api_get_course_id(), api_get_user_id()); self::unset_document_as_template($document_id, api_get_course_id(), api_get_user_id());
$sql = "UPDATE $TABLE_DOCUMENT set path='".$new_path."' WHERE id='".$document_id."'"; $sql = "UPDATE $TABLE_DOCUMENT set path='".$new_path."' WHERE id='".$document_id."'";
if (api_sql_query($sql, __FILE__, __LINE__)) if (Database::query($sql, __FILE__, __LINE__))
{ {
//if it is a folder it can contain files //if it is a folder it can contain files
$sql = "SELECT id,path FROM ".$TABLE_DOCUMENT." WHERE path LIKE BINARY '".$path."/%'"; $sql = "SELECT id,path FROM ".$TABLE_DOCUMENT." WHERE path LIKE BINARY '".$path."/%'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
if ($result && Database::num_rows($result) > 0) if ($result && Database::num_rows($result) > 0)
{ {
while ($deleted_items = Database::fetch_array($result,'ASSOC')) while ($deleted_items = Database::fetch_array($result,'ASSOC'))
@ -888,7 +888,7 @@ class DocumentManager {
self::unset_document_as_template($deleted_items['id'], api_get_course_id(), api_get_user_id()); self::unset_document_as_template($deleted_items['id'], api_get_course_id(), api_get_user_id());
$sql = "UPDATE $TABLE_DOCUMENT set path = '".$new_item_path."' WHERE id = ".$deleted_items['id']; $sql = "UPDATE $TABLE_DOCUMENT set path = '".$new_item_path."' WHERE id = ".$deleted_items['id'];
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
} }
@ -943,7 +943,7 @@ class DocumentManager {
$tbl_se_ref = Database::get_main_table(TABLE_MAIN_SEARCH_ENGINE_REF); $tbl_se_ref = Database::get_main_table(TABLE_MAIN_SEARCH_ENGINE_REF);
$sql = 'SELECT * FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1'; $sql = 'SELECT * FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_DOCUMENT, $document_id); $sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_DOCUMENT, $document_id);
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($res) > 0) { if (Database::num_rows($res) > 0) {
$row2 = Database::fetch_array($res); $row2 = Database::fetch_array($res);
require_once(api_get_path(LIBRARY_PATH) .'search/DokeosIndexer.class.php'); require_once(api_get_path(LIBRARY_PATH) .'search/DokeosIndexer.class.php');
@ -952,7 +952,7 @@ class DocumentManager {
} }
$sql = 'DELETE FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1'; $sql = 'DELETE FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_DOCUMENT, $document_id); $sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_DOCUMENT, $document_id);
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
// remove terms from db // remove terms from db
require_once(api_get_path(LIBRARY_PATH) .'specific_fields_manager.lib.php'); require_once(api_get_path(LIBRARY_PATH) .'specific_fields_manager.lib.php');
@ -971,7 +971,7 @@ class DocumentManager {
$TABLE_DOCUMENT = Database :: get_course_table(TABLE_DOCUMENT, $_course['dbName']); $TABLE_DOCUMENT = Database :: get_course_table(TABLE_DOCUMENT, $_course['dbName']);
$path = Database::escape_string($path); $path = Database::escape_string($path);
$sql = "SELECT id FROM $TABLE_DOCUMENT WHERE path LIKE BINARY '$path'"; $sql = "SELECT id FROM $TABLE_DOCUMENT WHERE path LIKE BINARY '$path'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
if ($result && Database::num_rows($result) == 1) { if ($result && Database::num_rows($result) == 1) {
$row = Database::fetch_array($result); $row = Database::fetch_array($result);
return $row[0]; return $row[0];
@ -1004,7 +1004,7 @@ class DocumentManager {
'".Database::escape_string($user_id)."', '".Database::escape_string($user_id)."',
'".Database::escape_string($document_id_for_template)."', '".Database::escape_string($document_id_for_template)."',
'".Database::escape_string($image)."')"; '".Database::escape_string($image)."')";
api_sql_query($sql); Database::query($sql);
return true; return true;
} }
@ -1025,7 +1025,7 @@ class DocumentManager {
$document_id = Database::escape_string($document_id); $document_id = Database::escape_string($document_id);
$sql = 'SELECT id FROM '.$table_template.' WHERE course_code="'.$course_code.'" AND user_id="'.$user_id.'" AND ref_doc="'.$document_id.'"'; $sql = 'SELECT id FROM '.$table_template.' WHERE course_code="'.$course_code.'" AND user_id="'.$user_id.'" AND ref_doc="'.$document_id.'"';
$result = api_sql_query($sql); $result = Database::query($sql);
$template_id = Database::result($result,0,0); $template_id = Database::result($result,0,0);
include_once(api_get_path(LIBRARY_PATH) . 'fileManage.lib.php'); include_once(api_get_path(LIBRARY_PATH) . 'fileManage.lib.php');
@ -1033,7 +1033,7 @@ class DocumentManager {
$sql = 'DELETE FROM '.$table_template.' WHERE course_code="'.$course_code.'" AND user_id="'.$user_id.'" AND ref_doc="'.$document_id.'"'; $sql = 'DELETE FROM '.$table_template.' WHERE course_code="'.$course_code.'" AND user_id="'.$user_id.'" AND ref_doc="'.$document_id.'"';
api_sql_query($sql); Database::query($sql);
} }
/** /**
@ -1052,7 +1052,7 @@ class DocumentManager {
$sql = "SELECT path FROM $docTable d, $propTable ip " . $sql = "SELECT path FROM $docTable d, $propTable ip " .
"where d.id=ip.ref AND ip.tool='".TOOL_DOCUMENT."' AND d.filetype='file' AND visibility=0 AND ". "where d.id=ip.ref AND ip.tool='".TOOL_DOCUMENT."' AND d.filetype='file' AND visibility=0 AND ".
"locate(concat(path,'/'),'".$doc_path."/')=1"; "locate(concat(path,'/'),'".$doc_path."/')=1";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0){ if (Database::num_rows($result) > 0){
$row = Database::fetch_array($result); $row = Database::fetch_array($result);
//echo "$row[0] not visible"; //echo "$row[0] not visible";

36
main/inc/lib/events.lib.inc.php
Unescape View File

@ -80,7 +80,7 @@ function event_open()
VALUES VALUES
('".$remhost."', ('".$remhost."',
'".Database::escape_string($_SERVER['HTTP_USER_AGENT'])."', '".Database::escape_string($referer)."', FROM_UNIXTIME($reallyNow) )"; '".Database::escape_string($_SERVER['HTTP_USER_AGENT'])."', '".Database::escape_string($referer)."', FROM_UNIXTIME($reallyNow) )";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
} }
return 1; return 1;
} }
@ -109,7 +109,7 @@ function event_login()
('".$_user['user_id']."', ('".$_user['user_id']."',
'".Database::escape_string($_SERVER['REMOTE_ADDR'])."', '".Database::escape_string($_SERVER['REMOTE_ADDR'])."',
FROM_UNIXTIME(".$reallyNow."))"; FROM_UNIXTIME(".$reallyNow."))";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
} }
/** /**
@ -154,19 +154,19 @@ function event_access_course()
(".$user_id.", (".$user_id.",
'".$_cid."', '".$_cid."',
FROM_UNIXTIME(".$reallyNow."))"; FROM_UNIXTIME(".$reallyNow."))";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
// added for "what's new" notification // added for "what's new" notification
$sql = " UPDATE $TABLETRACK_LASTACCESS $sql = " UPDATE $TABLETRACK_LASTACCESS
SET access_date = FROM_UNIXTIME($reallyNow) SET access_date = FROM_UNIXTIME($reallyNow)
WHERE access_user_id = ".$user_id." AND access_cours_code = '".$_cid."' AND access_tool IS NULL AND access_session_id=".$id_session; WHERE access_user_id = ".$user_id." AND access_cours_code = '".$_cid."' AND access_tool IS NULL AND access_session_id=".$id_session;
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
if (Database::affected_rows() == 0) if (Database::affected_rows() == 0)
{ {
$sql = " INSERT INTO $TABLETRACK_LASTACCESS $sql = " INSERT INTO $TABLETRACK_LASTACCESS
(access_user_id,access_cours_code,access_date, access_session_id) (access_user_id,access_cours_code,access_date, access_session_id)
VALUES VALUES
(".$user_id.", '".$_cid."', FROM_UNIXTIME($reallyNow), ".$id_session.")"; (".$user_id.", '".$_cid."', FROM_UNIXTIME($reallyNow), ".$id_session.")";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
} }
// end "what's new" notification // end "what's new" notification
return 1; return 1;
@ -229,20 +229,20 @@ function event_access_tool($tool, $id_session=0)
"'".$_cid."' , "'".$_cid."' ,
'".htmlspecialchars($tool, ENT_QUOTES)."', '".htmlspecialchars($tool, ENT_QUOTES)."',
FROM_UNIXTIME(".$reallyNow."))"; FROM_UNIXTIME(".$reallyNow."))";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
} }
// "what's new" notification // "what's new" notification
$sql = " UPDATE $TABLETRACK_LASTACCESS $sql = " UPDATE $TABLETRACK_LASTACCESS
SET access_date = FROM_UNIXTIME($reallyNow) SET access_date = FROM_UNIXTIME($reallyNow)
WHERE access_user_id = ".$user_id." AND access_cours_code = '".$_cid."' AND access_tool = '".htmlspecialchars($tool, ENT_QUOTES)."' AND access_session_id=".$id_session; WHERE access_user_id = ".$user_id." AND access_cours_code = '".$_cid."' AND access_tool = '".htmlspecialchars($tool, ENT_QUOTES)."' AND access_session_id=".$id_session;
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
if (Database::affected_rows() == 0) if (Database::affected_rows() == 0)
{ {
$sql = "INSERT INTO $TABLETRACK_LASTACCESS $sql = "INSERT INTO $TABLETRACK_LASTACCESS
(access_user_id,access_cours_code,access_tool, access_date, access_session_id) (access_user_id,access_cours_code,access_tool, access_date, access_session_id)
VALUES VALUES
(".$user_id.", '".$_cid."' , '".htmlspecialchars($tool, ENT_QUOTES)."', FROM_UNIXTIME($reallyNow), $id_session)"; (".$user_id.", '".$_cid."' , '".htmlspecialchars($tool, ENT_QUOTES)."', FROM_UNIXTIME($reallyNow), $id_session)";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
} }
return 1; return 1;
} }
@ -295,7 +295,7 @@ function event_download($doc_url)
'".htmlspecialchars($doc_url, ENT_QUOTES)."', '".htmlspecialchars($doc_url, ENT_QUOTES)."',
FROM_UNIXTIME(".$reallyNow.") FROM_UNIXTIME(".$reallyNow.")
)"; )";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
return 1; return 1;
} }
@ -335,7 +335,7 @@ function event_upload($doc_id)
'".$doc_id."', '".$doc_id."',
FROM_UNIXTIME(".$reallyNow.") FROM_UNIXTIME(".$reallyNow.")
)"; )";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
return 1; return 1;
} }
@ -378,7 +378,7 @@ function event_link($link_id)
'".Database::escape_string($link_id)."', '".Database::escape_string($link_id)."',
FROM_UNIXTIME(".$reallyNow.") FROM_UNIXTIME(".$reallyNow.")
)"; )";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
return 1; return 1;
} }
@ -410,7 +410,7 @@ function update_event_exercice($exeid,$exo_id, $score, $weighting,$session_id,$l
exe_duration = '".Database::escape_string($duration)."', exe_duration = '".Database::escape_string($duration)."',
exe_date= FROM_UNIXTIME(".$reallyNow."),status = '', data_tracking='',start_date =FROM_UNIXTIME(".Database::escape_string($_SESSION['exercice_start_date']).") exe_date= FROM_UNIXTIME(".$reallyNow."),status = '', data_tracking='',start_date =FROM_UNIXTIME(".Database::escape_string($_SESSION['exercice_start_date']).")
WHERE exe_id = '".Database::escape_string($exeid)."'"; WHERE exe_id = '".Database::escape_string($exeid)."'";
$res = @api_sql_query($sql,__FILE__,__LINE__); $res = @Database::query($sql,__FILE__,__LINE__);
return $res; return $res;
} else } else
return false; return false;
@ -442,14 +442,14 @@ function create_event_exercice($exo_id)
'exe_cours_id = '."'".$_cid."'".' AND ' . 'exe_cours_id = '."'".$_cid."'".' AND ' .
'status = '."'incomplete'".' AND '. 'status = '."'incomplete'".' AND '.
'session_id = '."'".api_get_session_id()."'"; 'session_id = '."'".api_get_session_id()."'";
$sql = api_sql_query('SELECT exe_id FROM '.$TABLETRACK_EXERCICES.$condition,__FILE__,__LINE__); $sql = Database::query('SELECT exe_id FROM '.$TABLETRACK_EXERCICES.$condition,__FILE__,__LINE__);
$row = Database::fetch_array($sql); $row = Database::fetch_array($sql);
return $row['exe_id']; return $row['exe_id'];
} }
$sql = "INSERT INTO $TABLETRACK_EXERCICES ( exe_user_id, exe_cours_id ) $sql = "INSERT INTO $TABLETRACK_EXERCICES ( exe_user_id, exe_cours_id )
VALUES ( ".$user_id.", '".$_cid."' )"; VALUES ( ".$user_id.", '".$_cid."' )";
$res = @api_sql_query($sql,__FILE__,__LINE__); $res = @Database::query($sql,__FILE__,__LINE__);
$id= Database::get_last_insert_id(); $id= Database::get_last_insert_id();
return $id; return $id;
} }
@ -525,10 +525,10 @@ function exercise_attempt($score,$answer,$quesId,$exeId,$j)
author) author)
VALUES VALUES
('."'$exeId','".$quesId."','$score','".date('Y-m-d H:i:s')."',''".')'; ('."'$exeId','".$quesId."','$score','".date('Y-m-d H:i:s')."',''".')';
api_sql_query($recording_changes,__FILE__,__LINE__); Database::query($recording_changes,__FILE__,__LINE__);
} }
if (isset($quesId) && isset($exeId) && isset($user_id)) { if (isset($quesId) && isset($exeId) && isset($user_id)) {
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
return $res; return $res;
} else { } else {
return false; return false;
@ -563,7 +563,7 @@ function exercise_attempt_hotspot($exe_id, $question_id, $answer_id, $correct, $
" '" . Database :: escape_string($answer_id) . "'," . " '" . Database :: escape_string($answer_id) . "'," .
" '" . Database :: escape_string($correct) . "'," . " '" . Database :: escape_string($correct) . "'," .
" '" . Database :: escape_string($coords) . "')"; " '" . Database :: escape_string($coords) . "')";
return $result = api_sql_query($sql, __FILE__, __LINE__); return $result = Database::query($sql, __FILE__, __LINE__);
} }
/** /**
@ -623,7 +623,7 @@ function event_system($event_type, $event_value_type, $event_value, $timestamp =
'$event_type', '$event_type',
'$event_value_type', '$event_value_type',
'$event_value')"; '$event_value')";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
return true; return true;
} }
?> ?>

10
main/inc/lib/export.lib.inc.php
Unescape View File

@ -230,7 +230,7 @@ function backupDatabase($link, $db_name, $structure, $donnees, $format = 'SQL',
fwrite($fp, "\nmysql_query(\""); fwrite($fp, "\nmysql_query(\"");
// requete de creation de la table // requete de creation de la table
$query = "SHOW CREATE TABLE `".$tablename."`"; $query = "SHOW CREATE TABLE `".$tablename."`";
$resCreate = api_sql_query($query,__FILE__, __LINE__); $resCreate = Database::query($query,__FILE__, __LINE__);
$row = Database::fetch_array($resCreate); $row = Database::fetch_array($resCreate);
$schema = $row[1].";"; $schema = $row[1].";";
if ($format == "PHP" || $format == "SQL") if ($format == "PHP" || $format == "SQL")
@ -242,7 +242,7 @@ function backupDatabase($link, $db_name, $structure, $donnees, $format = 'SQL',
{ {
// les donn<EFBFBD>es de la table // les donn<EFBFBD>es de la table
$query = "SELECT * FROM $tablename"; $query = "SELECT * FROM $tablename";
$resData = api_sql_query($query,__FILE__, __LINE__); $resData = Database::query($query,__FILE__, __LINE__);
if (Database::num_rows($resData) > 0) if (Database::num_rows($resData) > 0)
{ {
$sFieldnames = ""; $sFieldnames = "";
@ -536,7 +536,7 @@ function makeTheBackup($exportedCourseId, $verbose_backup = FALSE, $ignore = "",
$csvInsertCourse = "\n"; $csvInsertCourse = "\n";
$iniCourse = "[".$exportedCourseId."]\n"; $iniCourse = "[".$exportedCourseId."]\n";
$sqlSelectInfoCourse = "Select * from `".$TABLECOURS."` `course` where code = '".$exportedCourseId."' "; $sqlSelectInfoCourse = "Select * from `".$TABLECOURS."` `course` where code = '".$exportedCourseId."' ";
$resInfoCourse = api_sql_query($sqlSelectInfoCourse, __FILE__, __LINE__); $resInfoCourse = Database::query($sqlSelectInfoCourse, __FILE__, __LINE__);
$infoCourse = Database::fetch_array($resInfoCourse); $infoCourse = Database::fetch_array($resInfoCourse);
for ($noField = 0; $noField < mysql_num_fields($resInfoCourse); $noField ++) for ($noField = 0; $noField < mysql_num_fields($resInfoCourse); $noField ++)
{ {
@ -596,7 +596,7 @@ function makeTheBackup($exportedCourseId, $verbose_backup = FALSE, $ignore = "",
FROM `".$TABLEUSER."`, `".$TABLECOURSUSER."` FROM `".$TABLEUSER."`, `".$TABLECOURSUSER."`
WHERE `user`.`user_id`=`".$TABLECOURSUSER."`.`user_id` WHERE `user`.`user_id`=`".$TABLECOURSUSER."`.`user_id`
AND `".$TABLECOURSUSER."`.`course_code`='".$exportedCourseId."'"; AND `".$TABLECOURSUSER."`.`course_code`='".$exportedCourseId."'";
$resUsers = api_sql_query($sqlUserOfTheCourse, __FILE__, __LINE__); $resUsers = Database::query($sqlUserOfTheCourse, __FILE__, __LINE__);
$nbUsers = Database::num_rows($resUsers); $nbUsers = Database::num_rows($resUsers);
if ($nbUsers > 0) if ($nbUsers > 0)
{ {
@ -688,7 +688,7 @@ function makeTheBackup($exportedCourseId, $verbose_backup = FALSE, $ignore = "",
* *
FROM `".$TABLEANNOUNCEMENT."` FROM `".$TABLEANNOUNCEMENT."`
WHERE course_code='".$exportedCourseId."'"; WHERE course_code='".$exportedCourseId."'";
$resAnn = api_sql_query($sqlAnnounceOfTheCourse, __FILE__, __LINE__); $resAnn = Database::query($sqlAnnounceOfTheCourse, __FILE__, __LINE__);
$nbFields = mysql_num_fields($resAnn); $nbFields = mysql_num_fields($resAnn);
$sqlInsertAnn = ""; $sqlInsertAnn = "";
$csvInsertAnn = ""; $csvInsertAnn = "";

4
main/inc/lib/fckeditor/fcktemplates.xml.php
Unescape View File

@ -102,7 +102,7 @@ function load_platform_templates() {
global $css, $img_dir, $default_course_dir,$js; global $css, $img_dir, $default_course_dir,$js;
$sql = "SELECT title, image, comment, content FROM $table_template"; $sql = "SELECT title, image, comment, content FROM $table_template";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result)) { while ($row = Database::fetch_array($result)) {
if (!empty($row['image'])) { if (!empty($row['image'])) {
$image = api_get_path(WEB_PATH).'home/default_platform_document/template_thumb/'.$row['image']; $image = api_get_path(WEB_PATH).'home/default_platform_document/template_thumb/'.$row['image'];
@ -162,7 +162,7 @@ function load_personal_templates($user_id=0) {
WHERE user_id='".Database::escape_string($user_id)."' WHERE user_id='".Database::escape_string($user_id)."'
AND course_code='".Database::escape_string(api_get_course_id())."' AND course_code='".Database::escape_string(api_get_course_id())."'
AND document.id = template.ref_doc"; AND document.id = template.ref_doc";
$result_template = api_sql_query($sql,__FILE__,__LINE__); $result_template = Database::query($sql,__FILE__,__LINE__);
while ($row = Database::fetch_array($result_template)) while ($row = Database::fetch_array($result_template))
{ {
$row['content'] = file_get_contents(api_get_path('SYS_COURSE_PATH').$_course['path'].'/document'.$row['path']); $row['content'] = file_get_contents(api_get_path('SYS_COURSE_PATH').$_course['path'].'/document'.$row['path']);

2
main/inc/lib/fileDisplay.lib.php
Unescape View File

@ -278,7 +278,7 @@ SELECT SUM(size)
AND $visibility_rule AND $visibility_rule
EOQ; EOQ;
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if($result && mysql_num_rows($result) != 0) if($result && mysql_num_rows($result) != 0)
{ {

8
main/inc/lib/fileManage.lib.php
Unescape View File

@ -59,7 +59,7 @@ function update_db_info($action, $oldPath, $newPath="")
$to_delete = "WHERE path LIKE BINARY '".$oldPath."' OR path LIKE BINARY '".$oldPath."/%'"; $to_delete = "WHERE path LIKE BINARY '".$oldPath."' OR path LIKE BINARY '".$oldPath."/%'";
$query = "DELETE FROM $dbTable " . $to_delete; $query = "DELETE FROM $dbTable " . $to_delete;
$result = api_sql_query("SELECT id FROM $dbTable " . $to_delete); $result = Database::query("SELECT id FROM $dbTable " . $to_delete);
if (mysql_num_rows($result)) if (mysql_num_rows($result))
{ {
@ -100,7 +100,7 @@ function update_db_info($action, $oldPath, $newPath="")
} }
//echo $query; //echo $query;
//error_log($query,0); //error_log($query,0);
api_sql_query($query,__FILE__,__LINE__); Database::query($query,__FILE__,__LINE__);
//Display::display_normal_message("query = $query"); //Display::display_normal_message("query = $query");
} }
@ -782,7 +782,7 @@ class FileManager
$sql_query = "SELECT count(*) as number_existing FROM $glued_table WHERE path='$full_file_name'"; $sql_query = "SELECT count(*) as number_existing FROM $glued_table WHERE path='$full_file_name'";
//api_display_debug_info($sql_query); //api_display_debug_info($sql_query);
$sql_result = api_sql_query($sql_query,__FILE__,__LINE__); $sql_result = Database::query($sql_query,__FILE__,__LINE__);
$result = mysql_fetch_array($sql_result); $result = mysql_fetch_array($sql_result);
//determine which query to execute //determine which query to execute
@ -796,7 +796,7 @@ class FileManager
//no entry exists, create new one //no entry exists, create new one
$query="INSERT INTO $glued_table (path,visibility,filetype) VALUES('$full_file_name','$default_visibility','$filetype')"; $query="INSERT INTO $glued_table (path,visibility,filetype) VALUES('$full_file_name','$default_visibility','$filetype')";
} }
api_sql_query($query,__FILE__,__LINE__); Database::query($query,__FILE__,__LINE__);
} }
/** /**
* Like in Java, creates the directory named by this abstract pathname, * Like in Java, creates the directory named by this abstract pathname,

12
main/inc/lib/fileUpload.lib.php
Unescape View File

@ -569,7 +569,7 @@ function documents_total_space($to_group_id='0')
AND props.to_group_id='".$to_group_id."' AND props.to_group_id='".$to_group_id."'
AND props.visibility <> 2"; AND props.visibility <> 2";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if($result && mysql_num_rows($result)!=0) if($result && mysql_num_rows($result)!=0)
{ {
@ -1162,7 +1162,7 @@ function add_document($_course,$path,$filetype,$filesize,$title,$comment=NULL, $
(`path`,`filetype`,`size`,`title`, `comment`, readonly) (`path`,`filetype`,`size`,`title`, `comment`, readonly)
VALUES ('$path','$filetype','$filesize','". VALUES ('$path','$filetype','$filesize','".
Database::escape_string(htmlspecialchars($title, ENT_QUOTES, $charset))."', '$comment',$readonly)"; Database::escape_string(htmlspecialchars($title, ENT_QUOTES, $charset))."', '$comment',$readonly)";
if(api_sql_query($sql,__FILE__,__LINE__)) if(Database::query($sql,__FILE__,__LINE__))
{ {
//display_message("Added to database (id ".mysql_insert_id().")!"); //display_message("Added to database (id ".mysql_insert_id().")!");
return Database::insert_id(); return Database::insert_id();
@ -1196,7 +1196,7 @@ function update_existing_document($_course,$document_id,$filesize,$readonly=0)
{ {
$document_table = Database::get_course_table(TABLE_DOCUMENT,$_course['dbName']); $document_table = Database::get_course_table(TABLE_DOCUMENT,$_course['dbName']);
$sql="UPDATE $document_table SET size = '$filesize' , readonly = '$readonly' WHERE id='$document_id'"; $sql="UPDATE $document_table SET size = '$filesize' , readonly = '$readonly' WHERE id='$document_id'";
if(api_sql_query($sql,__FILE__,__LINE__)) if(Database::query($sql,__FILE__,__LINE__))
{ {
return true; return true;
} }
@ -1248,7 +1248,7 @@ function item_property_update_on_folder($_course,$path,$user_id)
if($folder_id) if($folder_id)
{ {
$sql = "UPDATE $TABLE_ITEMPROPERTY SET `lastedit_date`='$time',`lastedit_type`='DocumentInFolderUpdated', `lastedit_user_id`='$user_id' WHERE tool='".TOOL_DOCUMENT."' AND ref='$folder_id'"; $sql = "UPDATE $TABLE_ITEMPROPERTY SET `lastedit_date`='$time',`lastedit_type`='DocumentInFolderUpdated', `lastedit_user_id`='$user_id' WHERE tool='".TOOL_DOCUMENT."' AND ref='$folder_id'";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }
} }
} }
@ -1316,14 +1316,14 @@ function set_default_settings($upload_path,$filename,$filetype="file")
//$dbTable already has `backticks`! //$dbTable already has `backticks`!
//$query="select count(*) as bestaat from `$dbTable` where path='$upload_path/$filename'"; //$query="select count(*) as bestaat from `$dbTable` where path='$upload_path/$filename'";
$query="select count(*) as bestaat from $dbTable where path='$upload_path/$filename'"; $query="select count(*) as bestaat from $dbTable where path='$upload_path/$filename'";
$result=api_sql_query($query,__FILE__,__LINE__); $result=Database::query($query,__FILE__,__LINE__);
$row=mysql_fetch_array($result); $row=mysql_fetch_array($result);
if($row["bestaat"]>0) if($row["bestaat"]>0)
//$query="update `$dbTable` set path='$upload_path/$filename',visibility='$default_visibility', filetype='$filetype' where path='$upload_path/$filename'"; //$query="update `$dbTable` set path='$upload_path/$filename',visibility='$default_visibility', filetype='$filetype' where path='$upload_path/$filename'";
$query="update $dbTable set path='$upload_path/$filename',visibility='$default_visibility', filetype='$filetype' where path='$upload_path/$filename'"; $query="update $dbTable set path='$upload_path/$filename',visibility='$default_visibility', filetype='$filetype' where path='$upload_path/$filename'";
else //$query="INSERT INTO `$dbTable` (path,visibility,filetype) VALUES('$upload_path/$filename','$default_visibility','$filetype')"; else //$query="INSERT INTO `$dbTable` (path,visibility,filetype) VALUES('$upload_path/$filename','$default_visibility','$filetype')";
$query="INSERT INTO $dbTable (path,visibility,filetype) VALUES('$upload_path/$filename','$default_visibility','$filetype')"; $query="INSERT INTO $dbTable (path,visibility,filetype) VALUES('$upload_path/$filename','$default_visibility','$filetype')";
api_sql_query($query,__FILE__,__LINE__); Database::query($query,__FILE__,__LINE__);
} }
//------------------------------------------------------------------------------ //------------------------------------------------------------------------------

2
main/inc/lib/formvalidator/Rule/UsernameAvailable.php
Unescape View File

@ -42,7 +42,7 @@ class HTML_QuickForm_Rule_UsernameAvailable extends HTML_QuickForm_Rule
{ {
$sql .= " AND username != '$current_username'"; $sql .= " AND username != '$current_username'";
} }
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$number = mysql_num_rows($res); $number = mysql_num_rows($res);
return $number == 0; return $number == 0;
} }

96
main/inc/lib/groupmanager.lib.php
Unescape View File

@ -173,7 +173,7 @@ class GroupManager {
$sql .= 'WHERE '.$session_condition; $sql .= 'WHERE '.$session_condition;
$sql .= " GROUP BY g.id ORDER BY UPPER(g.name)"; $sql .= " GROUP BY g.id ORDER BY UPPER(g.name)";
if (!api_is_anonymous()) { if (!api_is_anonymous()) {
$groupList = api_sql_query($sql,__FILE__,__LINE__); $groupList = Database::query($sql,__FILE__,__LINE__);
} else { } else {
return array(); return array();
} }
@ -184,13 +184,13 @@ class GroupManager {
if ($thisGroup['category_id'] == VIRTUAL_COURSE_CATEGORY) if ($thisGroup['category_id'] == VIRTUAL_COURSE_CATEGORY)
{ {
$sql = "SELECT title FROM $table_course WHERE code = '".$thisGroup['name']."'"; $sql = "SELECT title FROM $table_course WHERE code = '".$thisGroup['name']."'";
$obj = Database::fetch_object(api_sql_query($sql,__FILE__,__LINE__)); $obj = Database::fetch_object(Database::query($sql,__FILE__,__LINE__));
$thisGroup['name'] = $obj->title; $thisGroup['name'] = $obj->title;
} }
if($thisGroup['session_id']!=0) if($thisGroup['session_id']!=0)
{ {
$sql_session = 'SELECT name FROM '.Database::get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$thisGroup['session_id']; $sql_session = 'SELECT name FROM '.Database::get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$thisGroup['session_id'];
$rs_session = api_sql_query($sql_session,__FILE__,__LINE__); $rs_session = Database::query($sql_session,__FILE__,__LINE__);
if (Database::num_rows($rs_session)>0) { if (Database::num_rows($rs_session)>0) {
$thisGroup['session_name'] = Database::result($rs_session,0,0); $thisGroup['session_name'] = Database::result($rs_session,0,0);
} else { } else {
@ -222,7 +222,7 @@ class GroupManager {
$sql = "INSERT INTO ".$table_group." SET $sql = "INSERT INTO ".$table_group." SET
category_id='".Database::escape_string($category_id)."', max_student = '".$places."', doc_state = '".$category['doc_state']."', category_id='".Database::escape_string($category_id)."', max_student = '".$places."', doc_state = '".$category['doc_state']."',
calendar_state = '".$category['calendar_state']."', work_state = '".$category['work_state']."', announcements_state = '".$category['announcements_state']."', forum_state = '".$category['forum_state']."', wiki_state = '".$category['wiki_state']."', self_registration_allowed = '".$category['self_reg_allowed']."', self_unregistration_allowed = '".$category['self_unreg_allowed']."', session_id='".Database::escape_string($my_id_session)."'"; calendar_state = '".$category['calendar_state']."', work_state = '".$category['work_state']."', announcements_state = '".$category['announcements_state']."', forum_state = '".$category['forum_state']."', wiki_state = '".$category['wiki_state']."', self_registration_allowed = '".$category['self_reg_allowed']."', self_unregistration_allowed = '".$category['self_unreg_allowed']."', session_id='".Database::escape_string($my_id_session)."'";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$lastId = Database::insert_id(); $lastId = Database::insert_id();
/*$secret_directory = uniqid("")."_team_".$lastId; /*$secret_directory = uniqid("")."_team_".$lastId;
while (is_dir(api_get_path(SYS_COURSE_PATH).$currentCourseRepository."/group/$secret_directory")) while (is_dir(api_get_path(SYS_COURSE_PATH).$currentCourseRepository."/group/$secret_directory"))
@ -235,7 +235,7 @@ class GroupManager {
$dir_name = create_unexisting_directory($_course,$_user['user_id'],$lastId,NULL,api_get_path(SYS_COURSE_PATH).$currentCourseRepository.'/document',$desired_dir_name); $dir_name = create_unexisting_directory($_course,$_user['user_id'],$lastId,NULL,api_get_path(SYS_COURSE_PATH).$currentCourseRepository.'/document',$desired_dir_name);
/* Stores the directory path into the group table */ /* Stores the directory path into the group table */
$sql = "UPDATE ".$table_group." SET name = '".Database::escape_string($name)."', secret_directory = '".$dir_name."' WHERE id ='".$lastId."'"; $sql = "UPDATE ".$table_group." SET name = '".Database::escape_string($name)."', secret_directory = '".$dir_name."' WHERE id ='".$lastId."'";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
// create a forum if needed // create a forum if needed
if ($category['forum_state'] >= 0) { if ($category['forum_state'] >= 0) {
@ -300,7 +300,7 @@ class GroupManager {
foreach ($members as $group_id => $places) foreach ($members as $group_id => $places)
{ {
$sql = "UPDATE $table_group SET max_student = $places WHERE id = $group_id"; $sql = "UPDATE $table_group SET max_student = $places WHERE id = $group_id";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }
} }
/** /**
@ -311,7 +311,7 @@ class GroupManager {
$id = self :: create_category(get_lang('GroupsFromVirtualCourses'), '', TOOL_NOT_AVAILABLE, TOOL_NOT_AVAILABLE, 0, 0, 1, 1); $id = self :: create_category(get_lang('GroupsFromVirtualCourses'), '', TOOL_NOT_AVAILABLE, TOOL_NOT_AVAILABLE, 0, 0, 1, 1);
$table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY); $table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY);
$sql = "UPDATE ".$table_group_cat." SET id=".VIRTUAL_COURSE_CATEGORY." WHERE id=$id"; $sql = "UPDATE ".$table_group_cat." SET id=".VIRTUAL_COURSE_CATEGORY." WHERE id=$id";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$course = api_get_course_info(); $course = api_get_course_info();
$course['code'] = $course['sysCode']; $course['code'] = $course['sysCode'];
$course['title'] = $course['name']; $course['title'] = $course['name'];
@ -417,7 +417,7 @@ class GroupManager {
// Unsubscribe all users // Unsubscribe all users
self :: unsubscribe_all_users($group_ids); self :: unsubscribe_all_users($group_ids);
$sql = 'SELECT id, secret_directory, session_id FROM '.$group_table.' WHERE id IN ('.implode(' , ', $group_ids).')'; $sql = 'SELECT id, secret_directory, session_id FROM '.$group_table.' WHERE id IN ('.implode(' , ', $group_ids).')';
$db_result = api_sql_query($sql,__FILE__,__LINE__); $db_result = Database::query($sql,__FILE__,__LINE__);
$forum_ids = array (); $forum_ids = array ();
while ($group = Database::fetch_object($db_result)) while ($group = Database::fetch_object($db_result))
{ {
@ -432,10 +432,10 @@ class GroupManager {
} }
// delete the groups // delete the groups
$sql = "DELETE FROM ".$group_table." WHERE id IN ('".implode("' , '", $group_ids)."')"; $sql = "DELETE FROM ".$group_table." WHERE id IN ('".implode("' , '", $group_ids)."')";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$sql2 = "DELETE FROM ".$forum_table." WHERE forum_of_group IN ('".implode("' , '", $group_ids)."')"; $sql2 = "DELETE FROM ".$forum_table." WHERE forum_of_group IN ('".implode("' , '", $group_ids)."')";
api_sql_query($sql2,__FILE__,__LINE__); Database::query($sql2,__FILE__,__LINE__);
return Database::affected_rows(); return Database::affected_rows();
} }
@ -451,7 +451,7 @@ class GroupManager {
} }
$table_group = Database :: get_course_table(TABLE_GROUP); $table_group = Database :: get_course_table(TABLE_GROUP);
$sql = 'SELECT * FROM '.$table_group.' WHERE id = '.Database::escape_string($group_id); $sql = 'SELECT * FROM '.$table_group.' WHERE id = '.Database::escape_string($group_id);
$db_result = api_sql_query($sql,__FILE__,__LINE__); $db_result = Database::query($sql,__FILE__,__LINE__);
$db_object = Database::fetch_object($db_result); $db_object = Database::fetch_object($db_result);
$result['id'] = $db_object->id; $result['id'] = $db_object->id;
@ -506,7 +506,7 @@ class GroupManager {
self_registration_allowed='".Database::escape_string($self_registration_allowed)."', self_registration_allowed='".Database::escape_string($self_registration_allowed)."',
self_unregistration_allowed='".Database::escape_string($self_unregistration_allowed)."' self_unregistration_allowed='".Database::escape_string($self_unregistration_allowed)."'
WHERE id=".$group_id; WHERE id=".$group_id;
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
//Here we are updating a field in the table forum_forum that perhaps duplicates the table group_info.forum_state cvargas //Here we are updating a field in the table forum_forum that perhaps duplicates the table group_info.forum_state cvargas
$forum_state = (int) $forum_state; $forum_state = (int) $forum_state;
$sql2 = "UPDATE ".$table_forum." SET "; $sql2 = "UPDATE ".$table_forum." SET ";
@ -518,7 +518,7 @@ class GroupManager {
$sql2 .= " forum_group_public_private='unavailable' "; $sql2 .= " forum_group_public_private='unavailable' ";
} }
$sql2 .=" WHERE forum_of_group=".$group_id; $sql2 .=" WHERE forum_of_group=".$group_id;
$result2 = api_sql_query($sql2,__FILE__,__LINE__); $result2 = Database::query($sql2,__FILE__,__LINE__);
return $result; return $result;
} }
@ -528,7 +528,7 @@ class GroupManager {
*/ */
public static function get_number_of_groups() { public static function get_number_of_groups() {
$table_group = Database :: get_course_table(TABLE_GROUP); $table_group = Database :: get_course_table(TABLE_GROUP);
$res = api_sql_query('SELECT COUNT(id) AS number_of_groups FROM '.$table_group); $res = Database::query('SELECT COUNT(id) AS number_of_groups FROM '.$table_group);
$obj = Database::fetch_object($res); $obj = Database::fetch_object($res);
return $obj->number_of_groups; return $obj->number_of_groups;
} }
@ -550,7 +550,7 @@ class GroupManager {
} }
$table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY, $course_db); $table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY, $course_db);
$sql = "SELECT * FROM $table_group_cat ORDER BY display_order"; $sql = "SELECT * FROM $table_group_cat ORDER BY display_order";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$cats = array (); $cats = array ();
while ($cat = Database::fetch_array($res)) while ($cat = Database::fetch_array($res))
{ {
@ -573,7 +573,7 @@ class GroupManager {
$id = Database::escape_string($id); $id = Database::escape_string($id);
$table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY, $course_db); $table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY, $course_db);
$sql = "SELECT * FROM $table_group_cat WHERE id = $id"; $sql = "SELECT * FROM $table_group_cat WHERE id = $id";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
return Database::fetch_array($res); return Database::fetch_array($res);
} }
/** /**
@ -594,7 +594,7 @@ class GroupManager {
$table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY, $course_db); $table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY, $course_db);
$group_id = Database::escape_string($group_id); $group_id = Database::escape_string($group_id);
$sql = "SELECT gc.* FROM $table_group_cat gc, $table_group g WHERE gc.id = g.category_id AND g.id=$group_id"; $sql = "SELECT gc.* FROM $table_group_cat gc, $table_group g WHERE gc.id = g.category_id AND g.id=$group_id";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$cat = Database::fetch_array($res); $cat = Database::fetch_array($res);
return $cat; return $cat;
} }
@ -615,7 +615,7 @@ class GroupManager {
$table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY, $course_db); $table_group_cat = Database :: get_course_table(TABLE_GROUP_CATEGORY, $course_db);
$cat_id = Database::escape_string($cat_id); $cat_id = Database::escape_string($cat_id);
$sql = "SELECT id FROM $table_group WHERE category_id='".$cat_id."'"; $sql = "SELECT id FROM $table_group WHERE category_id='".$cat_id."'";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($res) > 0) if (Database::num_rows($res) > 0)
{ {
$groups_to_delete = array (); $groups_to_delete = array ();
@ -626,7 +626,7 @@ class GroupManager {
self :: delete_groups($groups_to_delete); self :: delete_groups($groups_to_delete);
} }
$sql = "DELETE FROM $table_group_cat WHERE id='".$cat_id."'"; $sql = "DELETE FROM $table_group_cat WHERE id='".$cat_id."'";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }
/** /**
* Create group category * Create group category
@ -640,7 +640,7 @@ class GroupManager {
public static function create_category ($title, $description, $doc_state, $work_state, $calendar_state, $announcements_state, $forum_state, $wiki_state, $self_registration_allowed, $self_unregistration_allowed, $maximum_number_of_students, $groups_per_user) { public static function create_category ($title, $description, $doc_state, $work_state, $calendar_state, $announcements_state, $forum_state, $wiki_state, $self_registration_allowed, $self_unregistration_allowed, $maximum_number_of_students, $groups_per_user) {
$table_group_category = Database :: get_course_table(TABLE_GROUP_CATEGORY); $table_group_category = Database :: get_course_table(TABLE_GROUP_CATEGORY);
$sql = "SELECT MAX(display_order)+1 as new_order FROM $table_group_category "; $sql = "SELECT MAX(display_order)+1 as new_order FROM $table_group_category ";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$obj = Database::fetch_object($res); $obj = Database::fetch_object($res);
if (!isset ($obj->new_order)) if (!isset ($obj->new_order))
{ {
@ -660,12 +660,12 @@ class GroupManager {
self_reg_allowed = '".Database::escape_string($self_registration_allowed)."', self_reg_allowed = '".Database::escape_string($self_registration_allowed)."',
self_unreg_allowed = '".Database::escape_string($self_unregistration_allowed)."', self_unreg_allowed = '".Database::escape_string($self_unregistration_allowed)."',
max_student = '".Database::escape_string($maximum_number_of_students)."' "; max_student = '".Database::escape_string($maximum_number_of_students)."' ";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$id = Database::insert_id(); $id = Database::insert_id();
if ($id == VIRTUAL_COURSE_CATEGORY) if ($id == VIRTUAL_COURSE_CATEGORY)
{ {
$sql = "UPDATE ".$table_group_category." SET id = ". ($id +1)." WHERE id = $id"; $sql = "UPDATE ".$table_group_category." SET id = ". ($id +1)." WHERE id = $id";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
return $id +1; return $id +1;
} }
return $id; return $id;
@ -698,7 +698,7 @@ class GroupManager {
self_unreg_allowed = '".Database::escape_string($self_unregistration_allowed)."', self_unreg_allowed = '".Database::escape_string($self_unregistration_allowed)."',
max_student = ".Database::escape_string($maximum_number_of_students)." max_student = ".Database::escape_string($maximum_number_of_students)."
WHERE id=$id"; WHERE id=$id";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }
@ -722,7 +722,7 @@ class GroupManager {
$sql .= ' AND g.category_id = '.$category_id; $sql .= ' AND g.category_id = '.$category_id;
} }
$sql .= ' GROUP BY gu.user_id ORDER BY current_max DESC LIMIT 1'; $sql .= ' GROUP BY gu.user_id ORDER BY current_max DESC LIMIT 1';
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$obj = Database::fetch_object($res); $obj = Database::fetch_object($res);
return $obj->current_max; return $obj->current_max;
} }
@ -737,13 +737,13 @@ class GroupManager {
$id2 = Database::escape_string($id2); $id2 = Database::escape_string($id2);
$sql = "SELECT id,display_order FROM $table_group_cat WHERE id IN ($id1,$id2)"; $sql = "SELECT id,display_order FROM $table_group_cat WHERE id IN ($id1,$id2)";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$cat1 = Database::fetch_object($res); $cat1 = Database::fetch_object($res);
$cat2 = Database::fetch_object($res); $cat2 = Database::fetch_object($res);
$sql = "UPDATE $table_group_cat SET display_order=$cat2->display_order WHERE id=$cat1->id"; $sql = "UPDATE $table_group_cat SET display_order=$cat2->display_order WHERE id=$cat1->id";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$sql = "UPDATE $table_group_cat SET display_order=$cat1->display_order WHERE id=$cat2->id"; $sql = "UPDATE $table_group_cat SET display_order=$cat1->display_order WHERE id=$cat2->id";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }
@ -761,7 +761,7 @@ class GroupManager {
$group_user_table = Database :: get_course_table(TABLE_GROUP_USER); $group_user_table = Database :: get_course_table(TABLE_GROUP_USER);
$group_id = Database::escape_string($group_id); $group_id = Database::escape_string($group_id);
$sql = "SELECT user_id FROM $group_user_table WHERE group_id = $group_id"; $sql = "SELECT user_id FROM $group_user_table WHERE group_id = $group_id";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$users = array (); $users = array ();
while ($obj = Database::fetch_object($res)) { while ($obj = Database::fetch_object($res)) {
$users[] = $obj->user_id; $users[] = $obj->user_id;
@ -829,7 +829,7 @@ class GroupManager {
GROUP BY (`g`.`id`) GROUP BY (`g`.`id`)
HAVING (nbPlaces > 0 OR g.max_student = ".MEMBER_PER_GROUP_NO_LIMIT.") HAVING (nbPlaces > 0 OR g.max_student = ".MEMBER_PER_GROUP_NO_LIMIT.")
ORDER BY nbPlaces DESC"; ORDER BY nbPlaces DESC";
$sql_result = api_sql_query($sql,__FILE__,__LINE__); $sql_result = Database::query($sql,__FILE__,__LINE__);
$group_available_place = array (); $group_available_place = array ();
while ($group = Database::fetch_array($sql_result, 'ASSOC')) while ($group = Database::fetch_array($sql_result, 'ASSOC'))
{ {
@ -866,7 +866,7 @@ class GroupManager {
* Retrieve the present state of the users repartion in groups * Retrieve the present state of the users repartion in groups
*/ */
$sql = "SELECT user_id uid, group_id gid FROM ".$group_user_table; $sql = "SELECT user_id uid, group_id gid FROM ".$group_user_table;
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
while ($member = Database::fetch_array($result, 'ASSOC')) while ($member = Database::fetch_array($result, 'ASSOC'))
{ {
$groupUser[$member['gid']][] = $member['uid']; $groupUser[$member['gid']][] = $member['uid'];
@ -911,7 +911,7 @@ class GroupManager {
public static function number_of_students ($group_id) { public static function number_of_students ($group_id) {
$table_group_user = Database :: get_course_table(TABLE_GROUP_USER); $table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
$group_id = Database::escape_string($group_id); $group_id = Database::escape_string($group_id);
$db_result = api_sql_query('SELECT COUNT(*) AS number_of_students FROM '.$table_group_user.' WHERE group_id = '.$group_id); $db_result = Database::query('SELECT COUNT(*) AS number_of_students FROM '.$table_group_user.' WHERE group_id = '.$group_id);
$db_object = Database::fetch_object($db_result); $db_object = Database::fetch_object($db_result);
return $db_object->number_of_students; return $db_object->number_of_students;
} }
@ -923,7 +923,7 @@ class GroupManager {
public static function maximum_number_of_students ($group_id) { public static function maximum_number_of_students ($group_id) {
$table_group = Database :: get_course_table(TABLE_GROUP); $table_group = Database :: get_course_table(TABLE_GROUP);
$group_id = Database::escape_string($group_id); $group_id = Database::escape_string($group_id);
$db_result = api_sql_query('SELECT max_student FROM '.$table_group.' WHERE id = '.$group_id); $db_result = Database::query('SELECT max_student FROM '.$table_group.' WHERE id = '.$group_id);
$db_object = Database::fetch_object($db_result); $db_object = Database::fetch_object($db_result);
if ($db_object->max_student == 0) if ($db_object->max_student == 0)
{ {
@ -943,7 +943,7 @@ class GroupManager {
$cat_id = Database::escape_string($cat_id); $cat_id = Database::escape_string($cat_id);
$sql = 'SELECT COUNT(*) AS number_of_groups FROM '.$table_group_user.' gu, '.$table_group.' g WHERE gu.user_id = \''.$user_id.'\' AND g.id = gu.group_id AND g.category_id= \''.$cat_id.'\''; $sql = 'SELECT COUNT(*) AS number_of_groups FROM '.$table_group_user.' gu, '.$table_group.' g WHERE gu.user_id = \''.$user_id.'\' AND g.id = gu.group_id AND g.category_id= \''.$cat_id.'\'';
$db_result = api_sql_query($sql,__FILE__,__LINE__); $db_result = Database::query($sql,__FILE__,__LINE__);
$db_object = Database::fetch_object($db_result); $db_object = Database::fetch_object($db_result);
return $db_object->number_of_groups; return $db_object->number_of_groups;
} }
@ -961,7 +961,7 @@ class GroupManager {
if (isset($group_id)) { if (isset($group_id)) {
$group_id = Database::escape_string($group_id); $group_id = Database::escape_string($group_id);
$sql = 'SELECT self_registration_allowed FROM '.$table_group.' WHERE id = "'.$group_id.'" '; $sql = 'SELECT self_registration_allowed FROM '.$table_group.' WHERE id = "'.$group_id.'" ';
$db_result = api_sql_query($sql,__FILE__,__LINE__); $db_result = Database::query($sql,__FILE__,__LINE__);
$db_object = Database::fetch_object($db_result); $db_object = Database::fetch_object($db_result);
return $db_object->self_registration_allowed == 1 && self :: can_user_subscribe($user_id, $group_id); return $db_object->self_registration_allowed == 1 && self :: can_user_subscribe($user_id, $group_id);
} else { } else {
@ -979,7 +979,7 @@ class GroupManager {
return false; return false;
$table_group = Database :: get_course_table(TABLE_GROUP); $table_group = Database :: get_course_table(TABLE_GROUP);
$group_id = Database::escape_string($group_id); $group_id = Database::escape_string($group_id);
$db_result = api_sql_query('SELECT self_unregistration_allowed FROM '.$table_group.' WHERE id = '.$group_id); $db_result = Database::query('SELECT self_unregistration_allowed FROM '.$table_group.' WHERE id = '.$group_id);
$db_object = Database::fetch_object($db_result); $db_object = Database::fetch_object($db_result);
return $db_object->self_unregistration_allowed == 1 && self :: can_user_unsubscribe($user_id, $group_id); return $db_object->self_unregistration_allowed == 1 && self :: can_user_unsubscribe($user_id, $group_id);
} }
@ -995,7 +995,7 @@ class GroupManager {
$group_id = Database::escape_string($group_id); $group_id = Database::escape_string($group_id);
$user_id = Database::escape_string($user_id); $user_id = Database::escape_string($user_id);
$sql = 'SELECT 1 FROM '.$table_group_user.' WHERE group_id = '.$group_id.' AND user_id = '.$user_id; $sql = 'SELECT 1 FROM '.$table_group_user.' WHERE group_id = '.$group_id.' AND user_id = '.$user_id;
$db_result = api_sql_query($sql); $db_result = Database::query($sql);
return Database::num_rows($db_result) > 0; return Database::num_rows($db_result) > 0;
} }
/** /**
@ -1045,7 +1045,7 @@ class GroupManager {
FROM ".$table_user." u, ".$table_group_user." ug FROM ".$table_user." u, ".$table_group_user." ug
WHERE `ug`.`group_id`='".$group_id."' WHERE `ug`.`group_id`='".$group_id."'
AND `ug`.`user_id`=`u`.`user_id`". $order_clause; AND `ug`.`user_id`=`u`.`user_id`". $order_clause;
$db_result = api_sql_query($sql,__FILE__,__LINE__); $db_result = Database::query($sql,__FILE__,__LINE__);
$users = array (); $users = array ();
while ($user = Database::fetch_object($db_result)) while ($user = Database::fetch_object($db_result))
{ {
@ -1074,7 +1074,7 @@ class GroupManager {
FROM ".$table_user." u, ".$table_group_tutor." tg FROM ".$table_user." u, ".$table_group_tutor." tg
WHERE `tg`.`group_id`='".$group_id."' WHERE `tg`.`group_id`='".$group_id."'
AND `tg`.`user_id`=`u`.`user_id`".$order_clause; AND `tg`.`user_id`=`u`.`user_id`".$order_clause;
$db_result = api_sql_query($sql,__FILE__,__LINE__); $db_result = Database::query($sql,__FILE__,__LINE__);
$users = array (); $users = array ();
while ($user = Database::fetch_object($db_result)) while ($user = Database::fetch_object($db_result))
{ {
@ -1108,7 +1108,7 @@ class GroupManager {
$user_id = Database::escape_string($user_id); $user_id = Database::escape_string($user_id);
$group_id = Database::escape_string($group_id); $group_id = Database::escape_string($group_id);
$sql = "INSERT INTO ".$table_group_user." (user_id, group_id) VALUES ('".$user_id."', '".$group_id."')"; $sql = "INSERT INTO ".$table_group_user." (user_id, group_id) VALUES ('".$user_id."', '".$group_id."')";
$result &= api_sql_query($sql,__FILE__,__LINE__); $result &= Database::query($sql,__FILE__,__LINE__);
} }
return $result; return $result;
} }
@ -1131,7 +1131,7 @@ class GroupManager {
$group_id = Database::escape_string($group_id); $group_id = Database::escape_string($group_id);
$sql = "INSERT INTO ".$table_group_tutor." (user_id, group_id) VALUES ('".$user_id."', '".$group_id."')"; $sql = "INSERT INTO ".$table_group_tutor." (user_id, group_id) VALUES ('".$user_id."', '".$group_id."')";
$result &= api_sql_query($sql,__FILE__,__LINE__); $result &= Database::query($sql,__FILE__,__LINE__);
} }
return $result; return $result;
} }
@ -1146,7 +1146,7 @@ class GroupManager {
$user_ids = is_array($user_ids) ? $user_ids : array ($user_ids); $user_ids = is_array($user_ids) ? $user_ids : array ($user_ids);
$table_group_user = Database :: get_course_table(TABLE_GROUP_USER); $table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
$group_id = Database::escape_string($group_id); $group_id = Database::escape_string($group_id);
$result &= api_sql_query('DELETE FROM '.$table_group_user.' WHERE group_id = '.$group_id.' AND user_id IN ('.implode(',', $user_ids).')'); $result &= Database::query('DELETE FROM '.$table_group_user.' WHERE group_id = '.$group_id.' AND user_id IN ('.implode(',', $user_ids).')');
} }
/** /**
* Unsubscribe all users from one or more groups * Unsubscribe all users from one or more groups
@ -1176,7 +1176,7 @@ class GroupManager {
$table_group_user = Database :: get_course_table(TABLE_GROUP_USER); $table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
$sql = 'DELETE FROM '.$table_group_user.' WHERE group_id IN ('.implode(',', $group_ids).')'; $sql = 'DELETE FROM '.$table_group_user.' WHERE group_id IN ('.implode(',', $group_ids).')';
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
return $result; return $result;
} }
return true; return true;
@ -1194,7 +1194,7 @@ class GroupManager {
{ {
$table_group_tutor = Database :: get_course_table(TABLE_GROUP_TUTOR); $table_group_tutor = Database :: get_course_table(TABLE_GROUP_TUTOR);
$sql = 'DELETE FROM '.$table_group_tutor.' WHERE group_id IN ('.implode(',', $group_ids).')'; $sql = 'DELETE FROM '.$table_group_tutor.' WHERE group_id IN ('.implode(',', $group_ids).')';
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
return $result; return $result;
} }
return true; return true;
@ -1215,7 +1215,7 @@ class GroupManager {
$group_id = Database::escape_string($group_id); $group_id = Database::escape_string($group_id);
$sql = "SELECT * FROM ".$table_group_tutor." WHERE user_id='".$user_id."' AND group_id='".$group_id."'"; $sql = "SELECT * FROM ".$table_group_tutor." WHERE user_id='".$user_id."' AND group_id='".$group_id."'";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result)>0) if (Database::num_rows($result)>0)
{ {
return true; return true;
@ -1266,7 +1266,7 @@ class GroupManager {
WHERE cu.user_id=user.user_id WHERE cu.user_id=user.user_id
AND cu.tutor_id='1' AND cu.tutor_id='1'
AND cu.course_code='".$_course['sysCode']."'"; AND cu.course_code='".$_course['sysCode']."'";
$resultTutor = api_sql_query($sql,__FILE__,__LINE__); $resultTutor = Database::query($sql,__FILE__,__LINE__);
$tutors = array (); $tutors = array ();
while ($tutor = Database::fetch_array($resultTutor)) while ($tutor = Database::fetch_array($resultTutor))
{ {
@ -1290,7 +1290,7 @@ class GroupManager {
$sql = "SELECT tutor_id FROM ".$course_user_table." $sql = "SELECT tutor_id FROM ".$course_user_table."
WHERE `user_id`='".$user_id."' WHERE `user_id`='".$user_id."'
AND `course_code`='".$_course['sysCode']."'"."AND tutor_id=1"; AND `course_code`='".$_course['sysCode']."'"."AND tutor_id=1";
$db_result = api_sql_query($sql,__FILE__,__LINE__); $db_result = Database::query($sql,__FILE__,__LINE__);
$result = (Database::num_rows($db_result) > 0); $result = (Database::num_rows($db_result) > 0);
return $result; return $result;
} }
@ -1308,7 +1308,7 @@ class GroupManager {
$tbl_group = Database::get_course_table(TABLE_GROUP_USER,$course_db); $tbl_group = Database::get_course_table(TABLE_GROUP_USER,$course_db);
$user_id = Database::escape_string($user_id); $user_id = Database::escape_string($user_id);
$sql = "SELECT group_id FROM $tbl_group WHERE user_id = '$user_id'"; $sql = "SELECT group_id FROM $tbl_group WHERE user_id = '$user_id'";
$groupres = api_sql_query($sql); $groupres = Database::query($sql);
// uncommenting causes a bug in Agenda AND announcements because there we check if the return value of this function is an array or not // uncommenting causes a bug in Agenda AND announcements because there we check if the return value of this function is an array or not
//$groups=array(); //$groups=array();
@ -1513,7 +1513,7 @@ class GroupManager {
$table_group=Database::get_course_table(TABLE_GROUP); $table_group=Database::get_course_table(TABLE_GROUP);
$user_id = Database::escape_string($user_id); $user_id = Database::escape_string($user_id);
$sql_groups = 'SELECT name FROM '.$table_group.' g,'.$table_group_user.' gu WHERE gu.user_id="'.$user_id.'" AND gu.group_id=g.id'; $sql_groups = 'SELECT name FROM '.$table_group.' g,'.$table_group_user.' gu WHERE gu.user_id="'.$user_id.'" AND gu.group_id=g.id';
$res = api_sql_query($sql_groups,__FILE__,__LINE__); $res = Database::query($sql_groups,__FILE__,__LINE__);
$groups=array(); $groups=array();
while($group = Database::fetch_array($res)) while($group = Database::fetch_array($res))

16
main/inc/lib/online.inc.php
Unescape View File

@ -62,7 +62,7 @@ function LoginCheck($uid)
$query = "REPLACE INTO ".$online_table ." (login_id,login_user_id,login_date,login_ip) VALUES ($uid,$uid,'$login_date','$login_ip')"; $query = "REPLACE INTO ".$online_table ." (login_id,login_user_id,login_date,login_ip) VALUES ($uid,$uid,'$login_date','$login_ip')";
} }
@api_sql_query($query,__FILE__,__LINE__); @Database::query($query,__FILE__,__LINE__);
} }
} }
@ -86,7 +86,7 @@ function online_logout() {
// selecting the last login of the user // selecting the last login of the user
$uid = intval($_GET['uid']); $uid = intval($_GET['uid']);
$sql_last_connection="SELECT login_id, login_date FROM $tbl_track_login WHERE login_user_id='$uid' ORDER BY login_date DESC LIMIT 0,1"; $sql_last_connection="SELECT login_id, login_date FROM $tbl_track_login WHERE login_user_id='$uid' ORDER BY login_date DESC LIMIT 0,1";
$q_last_connection=api_sql_query($sql_last_connection); $q_last_connection=Database::query($sql_last_connection);
if (Database::num_rows($q_last_connection)>0) { if (Database::num_rows($q_last_connection)>0) {
$i_id_last_connection=Database::result($q_last_connection,0,"login_id"); $i_id_last_connection=Database::result($q_last_connection,0,"login_id");
} }
@ -94,7 +94,7 @@ function online_logout() {
if (!isset($_SESSION['login_as'])) { if (!isset($_SESSION['login_as'])) {
$current_date=date('Y-m-d H:i:s',time()); $current_date=date('Y-m-d H:i:s',time());
$s_sql_update_logout_date="UPDATE $tbl_track_login SET logout_date='".$current_date."' WHERE login_id='$i_id_last_connection'"; $s_sql_update_logout_date="UPDATE $tbl_track_login SET logout_date='".$current_date."' WHERE login_id='$i_id_last_connection'";
api_sql_query($s_sql_update_logout_date); Database::query($s_sql_update_logout_date);
} }
LoginDelete($uid, $_configuration['statistics_database']); //from inc/lib/online.inc.php - removes the "online" status LoginDelete($uid, $_configuration['statistics_database']); //from inc/lib/online.inc.php - removes the "online" status
@ -136,7 +136,7 @@ function LoginDelete($user_id)
$online_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE); $online_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE);
$user_id = (int) $user_id; $user_id = (int) $user_id;
$query = "DELETE FROM ".$online_table ." WHERE login_user_id = '".Database::escape_string($user_id)."'"; $query = "DELETE FROM ".$online_table ." WHERE login_user_id = '".Database::escape_string($user_id)."'";
@api_sql_query($query,__FILE__,__LINE__); @Database::query($query,__FILE__,__LINE__);
} }
/** /**
@ -166,7 +166,7 @@ function WhoIsOnline($uid=0,$statistics_database='',$valid)
} }
} }
$result = @api_sql_query($query,__FILE__,__LINE__); $result = @Database::query($query,__FILE__,__LINE__);
if (count($result)>0) if (count($result)>0)
{ {
$rtime = time(); $rtime = time();
@ -214,7 +214,7 @@ function GetFullUserName($uid)
$uid = Database::escape_string($uid); $uid = Database::escape_string($uid);
$user_table = Database::get_main_table(TABLE_MAIN_USER); $user_table = Database::get_main_table(TABLE_MAIN_USER);
$query = "SELECT firstname,lastname FROM ".$user_table." WHERE user_id='$uid'"; $query = "SELECT firstname,lastname FROM ".$user_table." WHERE user_id='$uid'";
$result = @api_sql_query($query,__FILE__,__LINE__); $result = @Database::query($query,__FILE__,__LINE__);
if (count($result)>0) if (count($result)>0)
{ {
$str = ''; $str = '';
@ -241,7 +241,7 @@ function chatcall() {
} }
$track_user_table = Database::get_main_table(TABLE_MAIN_USER); $track_user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql="select chatcall_user_id, chatcall_date from $track_user_table where ( user_id = '".$_user['user_id']."' )"; $sql="select chatcall_user_id, chatcall_date from $track_user_table where ( user_id = '".$_user['user_id']."' )";
$result=api_sql_query($sql,__FILE__,__LINE__); $result=Database::query($sql,__FILE__,__LINE__);
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$login_date=$row['chatcall_date']; $login_date=$row['chatcall_date'];
@ -295,7 +295,7 @@ function who_is_online_in_this_course($uid, $valid, $coursecode=null)
$valid = Database::escape_string($valid); $valid = Database::escape_string($valid);
$query = "SELECT login_user_id,login_date FROM ".$track_online_table ." WHERE course='".$coursecode."' AND DATE_ADD(login_date,INTERVAL $valid MINUTE) >= NOW() "; $query = "SELECT login_user_id,login_date FROM ".$track_online_table ." WHERE course='".$coursecode."' AND DATE_ADD(login_date,INTERVAL $valid MINUTE) >= NOW() ";
$result = api_sql_query($query,__FILE__,__LINE__); $result = Database::query($query,__FILE__,__LINE__);
if (count($result)>0) if (count($result)>0)
{ {
$rtime = time(); $rtime = time();

4
main/inc/lib/search/tool_processors/document_processor.class.php
Unescape View File

@ -65,7 +65,7 @@ class document_processor extends search_processor {
FROM $doc_table FROM $doc_table
WHERE $doc_table.id = $doc_id WHERE $doc_table.id = $doc_id
LIMIT 1"; LIMIT 1";
$dk_result = api_sql_query ($sql); $dk_result = Database::query ($sql);
$sql = "SELECT insert_user_id $sql = "SELECT insert_user_id
FROM $item_property_table FROM $item_property_table
@ -86,7 +86,7 @@ class document_processor extends search_processor {
//FIXME: use big images //FIXME: use big images
// get author // get author
$author = ''; $author = '';
$item_result = api_sql_query ($sql); $item_result = Database::query ($sql);
if ($row = Database::fetch_array ($item_result)) { if ($row = Database::fetch_array ($item_result)) {
$user_data = api_get_user_info($row['insert_user_id']); $user_data = api_get_user_info($row['insert_user_id']);
$author = api_get_person_name($user_data['firstName'], $user_data['lastName']); $author = api_get_person_name($user_data['firstName'], $user_data['lastName']);

2
main/inc/lib/search/tool_processors/learnpath_processor.class.php
Unescape View File

@ -101,7 +101,7 @@ class learnpath_processor extends search_processor {
LIMIT 1"; LIMIT 1";
} }
$dk_result = api_sql_query ($sql); $dk_result = Database::query ($sql);
$path = ''; $path = '';
$name = ''; $name = '';

2
main/inc/lib/search/tool_processors/link_processor.class.php
Unescape View File

@ -100,7 +100,7 @@ class link_processor extends search_processor {
$image = $thumbnail; //FIXME: use big images $image = $thumbnail; //FIXME: use big images
// get author // get author
$author = ''; $author = '';
$item_result = api_sql_query ($sql); $item_result = Database::query ($sql);
if ($row = Database::fetch_array ($item_result)) { if ($row = Database::fetch_array ($item_result)) {
$user_data = api_get_user_info($row['insert_user_id']); $user_data = api_get_user_info($row['insert_user_id']);
$author = api_get_person_name($user_data['firstName'], $user_data['lastName']); $author = api_get_person_name($user_data['firstName'], $user_data['lastName']);

4
main/inc/lib/search/tool_processors/quiz_processor.class.php
Unescape View File

@ -102,7 +102,7 @@ class quiz_processor extends search_processor {
$sql = "SELECT * FROM $exercise_table $sql = "SELECT * FROM $exercise_table
WHERE id = $exercise_id WHERE id = $exercise_id
LIMIT 1"; LIMIT 1";
$dk_result = api_sql_query ($sql); $dk_result = Database::query ($sql);
//actually author isn't saved on exercise tool, but prepare for when it's ready //actually author isn't saved on exercise tool, but prepare for when it's ready
$sql = "SELECT insert_user_id $sql = "SELECT insert_user_id
@ -119,7 +119,7 @@ class quiz_processor extends search_processor {
$name = $row['title']; $name = $row['title'];
// get author // get author
$author = ''; $author = '';
$item_result = api_sql_query ($sql); $item_result = Database::query ($sql);
if ($item_result !== FALSE && $row = Database::fetch_array ($item_result)) { if ($item_result !== FALSE && $row = Database::fetch_array ($item_result)) {
$user_data = api_get_user_info($row['insert_user_id']); $user_data = api_get_user_info($row['insert_user_id']);
$author = api_get_person_name($user_data['firstName'], $user_data['lastName']); $author = api_get_person_name($user_data['firstName'], $user_data['lastName']);

88
main/inc/lib/sessionmanager.lib.php
Unescape View File

@ -58,7 +58,7 @@ class SessionManager {
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$sql = 'SELECT user_id FROM '.$tbl_user.' WHERE username="'.Database::escape_string($coach_username).'"'; $sql = 'SELECT user_id FROM '.$tbl_user.' WHERE username="'.Database::escape_string($coach_username).'"';
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$id_coach = Database::result($rs,0,'user_id'); $id_coach = Database::result($rs,0,'user_id');
if (empty($nolimit)) { if (empty($nolimit)) {
@ -84,12 +84,12 @@ class SessionManager {
$msg=get_lang('StartDateShouldBeBeforeEndDate'); $msg=get_lang('StartDateShouldBeBeforeEndDate');
return $msg; return $msg;
} else { } else {
$rs = api_sql_query("SELECT 1 FROM $tbl_session WHERE name='".addslashes($name)."'"); $rs = Database::query("SELECT 1 FROM $tbl_session WHERE name='".addslashes($name)."'");
if(Database::num_rows($rs)) { if(Database::num_rows($rs)) {
$msg=get_lang('SessionNameAlreadyExists'); $msg=get_lang('SessionNameAlreadyExists');
return $msg; return $msg;
} else { } else {
api_sql_query("INSERT INTO $tbl_session(name,date_start,date_end,id_coach,session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end) VALUES('".Database::escape_string($name)."','$date_start','$date_end','$id_coach',".intval($_user['user_id']).",".$nb_days_acess_before.", ".$nb_days_acess_after.")",__FILE__,__LINE__); Database::query("INSERT INTO $tbl_session(name,date_start,date_end,id_coach,session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end) VALUES('".Database::escape_string($name)."','$date_start','$date_end','$id_coach',".intval($_user['user_id']).",".$nb_days_acess_before.", ".$nb_days_acess_after.")",__FILE__,__LINE__);
$id_session=Database::get_last_insert_id(); $id_session=Database::get_last_insert_id();
// add event to system log // add event to system log
@ -160,7 +160,7 @@ class SessionManager {
$msg=get_lang('StartDateShouldBeBeforeEndDate'); $msg=get_lang('StartDateShouldBeBeforeEndDate');
return $msg; return $msg;
} else { } else {
$rs = api_sql_query("SELECT id FROM $tbl_session WHERE name='".Database::escape_string($name)."'"); $rs = Database::query("SELECT id FROM $tbl_session WHERE name='".Database::escape_string($name)."'");
$exists = false; $exists = false;
while ($row = Database::fetch_array($rs)) { while ($row = Database::fetch_array($rs)) {
if($row['id']!=$id) if($row['id']!=$id)
@ -178,11 +178,11 @@ class SessionManager {
nb_days_access_before_beginning = ".$nb_days_acess_before.", nb_days_access_before_beginning = ".$nb_days_acess_before.",
nb_days_access_after_end = ".$nb_days_acess_after." nb_days_access_after_end = ".$nb_days_acess_after."
WHERE id='$id'"; WHERE id='$id'";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
/*$sqlu = "UPDATE $tbl_session_rel_course " . /*$sqlu = "UPDATE $tbl_session_rel_course " .
" SET id_coach='$id_coach'" . " SET id_coach='$id_coach'" .
" WHERE id_session='$id'"; " WHERE id_session='$id'";
api_sql_query($sqlu,__FILE__,__LINE__);*/ Database::query($sqlu,__FILE__,__LINE__);*/
return $id; return $id;
} }
} }
@ -209,22 +209,22 @@ class SessionManager {
if (!api_is_platform_admin()) { if (!api_is_platform_admin()) {
$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_checked; $sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_checked;
$rs = api_sql_query($sql,__FILE__,__LINE__); $rs = Database::query($sql,__FILE__,__LINE__);
if (Database::result($rs,0,0)!=$_user['user_id']) { if (Database::result($rs,0,0)!=$_user['user_id']) {
api_not_allowed(true); api_not_allowed(true);
} }
} }
api_sql_query("DELETE FROM $tbl_session WHERE id IN($id_checked)",__FILE__,__LINE__); Database::query("DELETE FROM $tbl_session WHERE id IN($id_checked)",__FILE__,__LINE__);
api_sql_query("DELETE FROM $tbl_session_rel_course WHERE id_session IN($id_checked)",__FILE__,__LINE__); Database::query("DELETE FROM $tbl_session_rel_course WHERE id_session IN($id_checked)",__FILE__,__LINE__);
api_sql_query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session IN($id_checked)",__FILE__,__LINE__); Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session IN($id_checked)",__FILE__,__LINE__);
api_sql_query("DELETE FROM $tbl_session_rel_user WHERE id_session IN($id_checked)",__FILE__,__LINE__); Database::query("DELETE FROM $tbl_session_rel_user WHERE id_session IN($id_checked)",__FILE__,__LINE__);
// delete extra session fields // delete extra session fields
$t_sf = Database::get_main_table(TABLE_MAIN_SESSION_FIELD); $t_sf = Database::get_main_table(TABLE_MAIN_SESSION_FIELD);
$t_sfv = Database::get_main_table(TABLE_MAIN_SESSION_FIELD_VALUES); $t_sfv = Database::get_main_table(TABLE_MAIN_SESSION_FIELD_VALUES);
$sql = "SELECT distinct field_id FROM $t_sfv WHERE session_id = '$id_checked'"; $sql = "SELECT distinct field_id FROM $t_sfv WHERE session_id = '$id_checked'";
$res_field_ids = @api_sql_query($sql,__FILE__,__LINE__); $res_field_ids = @Database::query($sql,__FILE__,__LINE__);
while($row_field_id = Database::fetch_row($res_field_ids)){ while($row_field_id = Database::fetch_row($res_field_ids)){
$field_ids[] = $row_field_id[0]; $field_ids[] = $row_field_id[0];
@ -233,10 +233,10 @@ class SessionManager {
//delete from table_session_field_value from a given session id //delete from table_session_field_value from a given session id
$sql_session_field_value = "DELETE FROM $t_sfv WHERE session_id = '$id_checked'"; $sql_session_field_value = "DELETE FROM $t_sfv WHERE session_id = '$id_checked'";
@api_sql_query($sql_session_field_value,__FILE__,__LINE__); @Database::query($sql_session_field_value,__FILE__,__LINE__);
$sql = "SELECT distinct field_id FROM $t_sfv"; $sql = "SELECT distinct field_id FROM $t_sfv";
$res_field_all_ids = @api_sql_query($sql,__FILE__,__LINE__); $res_field_all_ids = @Database::query($sql,__FILE__,__LINE__);
while($row_field_all_id = Database::fetch_row($res_field_all_ids)){ while($row_field_all_id = Database::fetch_row($res_field_all_ids)){
$field_all_ids[] = $row_field_all_id[0]; $field_all_ids[] = $row_field_all_id[0];
@ -249,7 +249,7 @@ class SessionManager {
continue; continue;
} else { } else {
$sql_session_field = "DELETE FROM $t_sf WHERE id = '$field_id'"; $sql_session_field = "DELETE FROM $t_sf WHERE id = '$field_id'";
api_sql_query($sql_session_field,__FILE__,__LINE__); Database::query($sql_session_field,__FILE__,__LINE__);
} }
} }
} }
@ -282,13 +282,13 @@ class SessionManager {
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$sql = "SELECT id_user FROM $tbl_session_rel_user WHERE id_session='$id_session'"; $sql = "SELECT id_user FROM $tbl_session_rel_user WHERE id_session='$id_session'";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
$existingUsers = array(); $existingUsers = array();
while($row = Database::fetch_array($result)){ while($row = Database::fetch_array($result)){
$existingUsers[] = $row['id_user']; $existingUsers[] = $row['id_user'];
} }
$sql = "SELECT course_code FROM $tbl_session_rel_course WHERE id_session='$id_session'"; $sql = "SELECT course_code FROM $tbl_session_rel_course WHERE id_session='$id_session'";
$result=api_sql_query($sql,__FILE__,__LINE__); $result=Database::query($sql,__FILE__,__LINE__);
$course_list=array(); $course_list=array();
while($row=Database::fetch_array($result)) { while($row=Database::fetch_array($result)) {
@ -304,7 +304,7 @@ class SessionManager {
foreach ($existingUsers as $existing_user) { foreach ($existingUsers as $existing_user) {
if(!in_array($existing_user, $user_list)) { if(!in_array($existing_user, $user_list)) {
$sql = "DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code='$enreg_course' AND id_user='$existing_user'"; $sql = "DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code='$enreg_course' AND id_user='$existing_user'";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
if(Database::affected_rows()) { if(Database::affected_rows()) {
$nbr_users--; $nbr_users--;
@ -317,7 +317,7 @@ class SessionManager {
if(!in_array($enreg_user, $existingUsers)) { if(!in_array($enreg_user, $existingUsers)) {
$enreg_user = Database::escape_string($enreg_user); $enreg_user = Database::escape_string($enreg_user);
$insert_sql = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')"; $insert_sql = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')";
api_sql_query($insert_sql,__FILE__,__LINE__); Database::query($insert_sql,__FILE__,__LINE__);
if(Database::affected_rows()) { if(Database::affected_rows()) {
$nbr_users++; $nbr_users++;
} }
@ -325,15 +325,15 @@ class SessionManager {
} }
// count users in this session-course relation // count users in this session-course relation
$sql = "SELECT COUNT(id_user) as nbUsers FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code='$enreg_course'"; $sql = "SELECT COUNT(id_user) as nbUsers FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code='$enreg_course'";
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
list($nbr_users) = Database::fetch_array($rs); list($nbr_users) = Database::fetch_array($rs);
// update the session-course relation to add the users total // update the session-course relation to add the users total
$update_sql = "UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'"; $update_sql = "UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'";
api_sql_query($update_sql,__FILE__,__LINE__); Database::query($update_sql,__FILE__,__LINE__);
} }
// delete users from the session // delete users from the session
if ($empty_users===true){ if ($empty_users===true){
api_sql_query("DELETE FROM $tbl_session_rel_user WHERE id_session = $id_session",__FILE__,__LINE__); Database::query("DELETE FROM $tbl_session_rel_user WHERE id_session = $id_session",__FILE__,__LINE__);
} }
// insert missing users into session // insert missing users into session
$nbr_users = 0; $nbr_users = 0;
@ -341,12 +341,12 @@ class SessionManager {
$enreg_user = Database::escape_string($enreg_user); $enreg_user = Database::escape_string($enreg_user);
$nbr_users++; $nbr_users++;
$insert_sql = "INSERT IGNORE INTO $tbl_session_rel_user(id_session, id_user) VALUES('$id_session','$enreg_user')"; $insert_sql = "INSERT IGNORE INTO $tbl_session_rel_user(id_session, id_user) VALUES('$id_session','$enreg_user')";
api_sql_query($insert_sql,__FILE__,__LINE__); Database::query($insert_sql,__FILE__,__LINE__);
} }
// update number of users in the session // update number of users in the session
$nbr_users = count($user_list); $nbr_users = count($user_list);
$update_sql = "UPDATE $tbl_session SET nbr_users= $nbr_users WHERE id='$id_session' "; $update_sql = "UPDATE $tbl_session SET nbr_users= $nbr_users WHERE id='$id_session' ";
api_sql_query($update_sql,__FILE__,__LINE__); Database::query($update_sql,__FILE__,__LINE__);
} }
/** Subscribes courses to the given session and optionally (default) unsubscribes previous users /** Subscribes courses to the given session and optionally (default) unsubscribes previous users
* @author Carlos Vargas <carlos.vargas@dokeos.com>,from existing code * @author Carlos Vargas <carlos.vargas@dokeos.com>,from existing code
@ -368,26 +368,26 @@ class SessionManager {
$tbl_session_rel_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); $tbl_session_rel_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
$tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
// get general coach ID // get general coach ID
$id_coach = api_sql_query("SELECT id_coach FROM $tbl_session WHERE id=$id_session"); $id_coach = Database::query("SELECT id_coach FROM $tbl_session WHERE id=$id_session");
$id_coach = Database::fetch_array($id_coach); $id_coach = Database::fetch_array($id_coach);
$id_coach = $id_coach[0]; $id_coach = $id_coach[0];
// get list of courses subscribed to this session // get list of courses subscribed to this session
$rs = api_sql_query("SELECT course_code FROM $tbl_session_rel_course WHERE id_session=$id_session"); $rs = Database::query("SELECT course_code FROM $tbl_session_rel_course WHERE id_session=$id_session");
$existingCourses = Database::store_result($rs); $existingCourses = Database::store_result($rs);
$nbr_courses=count($existingCourses); $nbr_courses=count($existingCourses);
// get list of users subscribed to this session // get list of users subscribed to this session
$sql="SELECT id_user $sql="SELECT id_user
FROM $tbl_session_rel_user FROM $tbl_session_rel_user
WHERE id_session = $id_session"; WHERE id_session = $id_session";
$result=api_sql_query($sql,__FILE__,__LINE__); $result=Database::query($sql,__FILE__,__LINE__);
$user_list=Database::store_result($result); $user_list=Database::store_result($result);
// remove existing courses from the session // remove existing courses from the session
if ($empty_courses===true) { if ($empty_courses===true) {
foreach ($existingCourses as $existingCourse) { foreach ($existingCourses as $existingCourse) {
if (!in_array($existingCourse['course_code'], $course_list)){ if (!in_array($existingCourse['course_code'], $course_list)){
api_sql_query("DELETE FROM $tbl_session_rel_course WHERE course_code='".$existingCourse['course_code']."' AND id_session=$id_session"); Database::query("DELETE FROM $tbl_session_rel_course WHERE course_code='".$existingCourse['course_code']."' AND id_session=$id_session");
api_sql_query("DELETE FROM $tbl_session_rel_course_rel_user WHERE course_code='".$existingCourse['course_code']."' AND id_session=$id_session"); Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE course_code='".$existingCourse['course_code']."' AND id_session=$id_session");
} }
} }
@ -407,7 +407,7 @@ class SessionManager {
if (!$exists) { if (!$exists) {
//if the course isn't subscribed yet //if the course isn't subscribed yet
$sql_insert_rel_course= "INSERT INTO $tbl_session_rel_course (id_session,course_code, id_coach) VALUES ('$id_session','$enreg_course','$id_coach')"; $sql_insert_rel_course= "INSERT INTO $tbl_session_rel_course (id_session,course_code, id_coach) VALUES ('$id_session','$enreg_course','$id_coach')";
api_sql_query($sql_insert_rel_course ,__FILE__,__LINE__); Database::query($sql_insert_rel_course ,__FILE__,__LINE__);
//We add the current course in the existing courses array, to avoid adding another time the current course //We add the current course in the existing courses array, to avoid adding another time the current course
$existingCourses[]=array('course_code'=>$enreg_course); $existingCourses[]=array('course_code'=>$enreg_course);
$nbr_courses++; $nbr_courses++;
@ -417,15 +417,15 @@ class SessionManager {
foreach ($user_list as $enreg_user) { foreach ($user_list as $enreg_user) {
$enreg_user_id = Database::escape_string($enreg_user['id_user']); $enreg_user_id = Database::escape_string($enreg_user['id_user']);
$sql_insert = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user (id_session,course_code,id_user) VALUES ('$id_session','$enreg_course','$enreg_user_id')"; $sql_insert = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user (id_session,course_code,id_user) VALUES ('$id_session','$enreg_course','$enreg_user_id')";
api_sql_query($sql_insert,__FILE__,__LINE__); Database::query($sql_insert,__FILE__,__LINE__);
if (Database::affected_rows()) { if (Database::affected_rows()) {
$nbr_users++; $nbr_users++;
} }
} }
api_sql_query("UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'",__FILE__,__LINE__); Database::query("UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'",__FILE__,__LINE__);
} }
} }
api_sql_query("UPDATE $tbl_session SET nbr_courses=$nbr_courses WHERE id='$id_session'",__FILE__,__LINE__); Database::query("UPDATE $tbl_session SET nbr_courses=$nbr_courses WHERE id='$id_session'",__FILE__,__LINE__);
} }
/** /**
@ -443,7 +443,7 @@ class SessionManager {
$fieldtype = (int)$fieldtype; $fieldtype = (int)$fieldtype;
$time = time(); $time = time();
$sql_field = "SELECT id FROM $t_sf WHERE field_variable = '$fieldvarname'"; $sql_field = "SELECT id FROM $t_sf WHERE field_variable = '$fieldvarname'";
$res_field = api_sql_query($sql_field,__FILE__,__LINE__); $res_field = Database::query($sql_field,__FILE__,__LINE__);
$r_field = Database::fetch_row($res_field); $r_field = Database::fetch_row($res_field);
@ -452,7 +452,7 @@ class SessionManager {
} else { } else {
// save new fieldlabel into course_field table // save new fieldlabel into course_field table
$sql = "SELECT MAX(field_order) FROM $t_sf"; $sql = "SELECT MAX(field_order) FROM $t_sf";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$order = 0; $order = 0;
if (Database::num_rows($res)>0) { if (Database::num_rows($res)>0) {
@ -466,7 +466,7 @@ class SessionManager {
field_display_text = '$fieldtitle', field_display_text = '$fieldtitle',
field_order = '$order', field_order = '$order',
tms = FROM_UNIXTIME($time)"; tms = FROM_UNIXTIME($time)";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
$field_id=Database::get_last_insert_id(); $field_id=Database::get_last_insert_id();
} }
@ -504,7 +504,7 @@ class SessionManager {
} }
$sqlsf = "SELECT * FROM $t_sf WHERE field_variable='$fname'"; $sqlsf = "SELECT * FROM $t_sf WHERE field_variable='$fname'";
$ressf = api_sql_query($sqlsf,__FILE__,__LINE__); $ressf = Database::query($sqlsf,__FILE__,__LINE__);
if(Database::num_rows($ressf)==1) if(Database::num_rows($ressf)==1)
{ //ok, the field exists { //ok, the field exists
// Check if enumerated field, if the option is available // Check if enumerated field, if the option is available
@ -512,7 +512,7 @@ class SessionManager {
$tms = time(); $tms = time();
$sqlsfv = "SELECT * FROM $t_sfv WHERE session_id = '$session_id' AND field_id = '".$rowsf['id']."' ORDER BY id"; $sqlsfv = "SELECT * FROM $t_sfv WHERE session_id = '$session_id' AND field_id = '".$rowsf['id']."' ORDER BY id";
$ressfv = api_sql_query($sqlsfv,__FILE__,__LINE__); $ressfv = Database::query($sqlsfv,__FILE__,__LINE__);
$n = Database::num_rows($ressfv); $n = Database::num_rows($ressfv);
if ($n>1) { if ($n>1) {
//problem, we already have to values for this field and user combination - keep last one //problem, we already have to values for this field and user combination - keep last one
@ -521,14 +521,14 @@ class SessionManager {
if($n > 1) if($n > 1)
{ {
$sqld = "DELETE FROM $t_sfv WHERE id = ".$rowsfv['id']; $sqld = "DELETE FROM $t_sfv WHERE id = ".$rowsfv['id'];
$resd = api_sql_query($sqld,__FILE__,__LINE__); $resd = Database::query($sqld,__FILE__,__LINE__);
$n--; $n--;
} }
$rowsfv = Database::fetch_array($ressfv); $rowsfv = Database::fetch_array($ressfv);
if($rowsfv['field_value'] != $fvalues) if($rowsfv['field_value'] != $fvalues)
{ {
$sqlu = "UPDATE $t_sfv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowsfv['id']; $sqlu = "UPDATE $t_sfv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowsfv['id'];
$resu = api_sql_query($sqlu,__FILE__,__LINE__); $resu = Database::query($sqlu,__FILE__,__LINE__);
return($resu?true:false); return($resu?true:false);
} }
return true; return true;
@ -540,7 +540,7 @@ class SessionManager {
{ {
$sqlu = "UPDATE $t_sfv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowsfv['id']; $sqlu = "UPDATE $t_sfv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowsfv['id'];
//error_log('UM::update_extra_field_value: '.$sqlu); //error_log('UM::update_extra_field_value: '.$sqlu);
$resu = api_sql_query($sqlu,__FILE__,__LINE__); $resu = Database::query($sqlu,__FILE__,__LINE__);
return($resu?true:false); return($resu?true:false);
} }
return true; return true;
@ -548,7 +548,7 @@ class SessionManager {
$sqli = "INSERT INTO $t_sfv (session_id,field_id,field_value,tms) " . $sqli = "INSERT INTO $t_sfv (session_id,field_id,field_value,tms) " .
"VALUES ('$session_id',".$rowsf['id'].",'$fvalues',FROM_UNIXTIME($tms))"; "VALUES ('$session_id',".$rowsf['id'].",'$fvalues',FROM_UNIXTIME($tms))";
//error_log('UM::update_extra_field_value: '.$sqli); //error_log('UM::update_extra_field_value: '.$sqli);
$resi = api_sql_query($sqli,__FILE__,__LINE__); $resi = Database::query($sqli,__FILE__,__LINE__);
return($resi?true:false); return($resi?true:false);
} }
} else { } else {
@ -566,7 +566,7 @@ class SessionManager {
$tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); $tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
$return_value = false; $return_value = false;
$sql= "SELECT course_code FROM $tbl_session_course WHERE id_session = ".Database::escape_string($session_id)." AND course_code = '".Database::escape_string($course_id)."'"; $sql= "SELECT course_code FROM $tbl_session_course WHERE id_session = ".Database::escape_string($session_id)." AND course_code = '".Database::escape_string($course_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$num = Database::num_rows($result); $num = Database::num_rows($result);
if ($num>0) { if ($num>0) {
$return_value = true; $return_value = true;
@ -582,7 +582,7 @@ class SessionManager {
public static function get_session_by_name ($session_name) { public static function get_session_by_name ($session_name) {
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$sql = 'SELECT id, id_coach, date_start, date_end FROM '.$tbl_session.' WHERE name="'.Database::escape_string($session_name).'"'; $sql = 'SELECT id, id_coach, date_start, date_end FROM '.$tbl_session.' WHERE name="'.Database::escape_string($session_name).'"';
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$num = Database::num_rows($result); $num = Database::num_rows($result);
if ($num>0){ if ($num>0){
return Database::fetch_array($result); return Database::fetch_array($result);

20
main/inc/lib/specific_fields_manager.lib.php
Unescape View File

@ -23,7 +23,7 @@ function add_specific_field($name) {
$_safe_code = get_specific_field_code_from_name($_safe_code); $_safe_code = get_specific_field_code_from_name($_safe_code);
if ($_safe_code === false) { return false; } if ($_safe_code === false) { return false; }
$sql = sprintf($sql, $table_sf, $_safe_code, $_safe_name); $sql = sprintf($sql, $table_sf, $_safe_code, $_safe_name);
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if ($result) { if ($result) {
return Database::get_last_insert_id(); return Database::get_last_insert_id();
} }
@ -44,7 +44,7 @@ function delete_specific_field($id) {
} }
$sql = 'DELETE FROM %s WHERE id=%s LIMIT 1'; $sql = 'DELETE FROM %s WHERE id=%s LIMIT 1';
$sql = sprintf($sql, $table_sf, $id); $sql = sprintf($sql, $table_sf, $id);
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
//TODO also delete the corresponding values //TODO also delete the corresponding values
} }
@ -61,7 +61,7 @@ function edit_specific_field($id, $name) {
} }
$sql = 'UPDATE %s SET name = \'%s\' WHERE id = %s LIMIT 1'; $sql = 'UPDATE %s SET name = \'%s\' WHERE id = %s LIMIT 1';
$sql = sprintf($sql, $table_sf, $name, $id); $sql = sprintf($sql, $table_sf, $name, $id);
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
} }
/** /**
@ -84,7 +84,7 @@ function get_specific_field_list($conditions = array(), $order_by = array()) {
if (count($order_by) > 0) { if (count($order_by) > 0) {
$sql .= ' ORDER BY '.implode(',',$order_by); $sql .= ' ORDER BY '.implode(',',$order_by);
} }
$sql_result = api_sql_query($sql,__FILE__,__LINE__); $sql_result = Database::query($sql,__FILE__,__LINE__);
while ($result = Database::fetch_array($sql_result)) { while ($result = Database::fetch_array($sql_result)) {
$return_array[] = $result; $return_array[] = $result;
} }
@ -112,7 +112,7 @@ function get_specific_field_values_list($conditions = array(), $order_by = array
if (count($order_by) > 0) { if (count($order_by) > 0) {
$sql .= ' ORDER BY '.implode(',',$order_by); $sql .= ' ORDER BY '.implode(',',$order_by);
} }
$sql_result = api_sql_query($sql,__FILE__,__LINE__); $sql_result = Database::query($sql,__FILE__,__LINE__);
while ($result = Database::fetch_array($sql_result)) { while ($result = Database::fetch_array($sql_result)) {
$return_array[] = $result; $return_array[] = $result;
} }
@ -133,7 +133,7 @@ function get_specific_field_values_list_by_prefix($prefix, $course_code, $tool_i
$sql = 'SELECT sfv.value FROM %s sf LEFT JOIN %s sfv ON sf.id = sfv.field_id' . $sql = 'SELECT sfv.value FROM %s sf LEFT JOIN %s sfv ON sf.id = sfv.field_id' .
' WHERE sf.code = \'%s\' AND sfv.course_code = \'%s\' AND tool_id = \'%s\' AND sfv.ref_id = %s'; ' WHERE sf.code = \'%s\' AND sfv.course_code = \'%s\' AND tool_id = \'%s\' AND sfv.ref_id = %s';
$sql = sprintf($sql, $table_sf, $table_sfv, $prefix, $course_code, $tool_id, $ref_id); $sql = sprintf($sql, $table_sf, $table_sfv, $prefix, $course_code, $tool_id, $ref_id);
$sql_result = api_sql_query($sql,__FILE__,__LINE__); $sql_result = Database::query($sql,__FILE__,__LINE__);
while ($result = Database::fetch_array($sql_result)) { while ($result = Database::fetch_array($sql_result)) {
$return_array[] = $result; $return_array[] = $result;
} }
@ -156,7 +156,7 @@ function add_specific_field_value($id_specific_field, $course_id, $tool_id, $ref
} }
$sql = 'INSERT INTO %s(id, course_code, tool_id, ref_id, field_id, value) VALUES(NULL, \'%s\', \'%s\', %s, %s, \'%s\')'; $sql = 'INSERT INTO %s(id, course_code, tool_id, ref_id, field_id, value) VALUES(NULL, \'%s\', \'%s\', %s, %s, \'%s\')';
$sql = sprintf($sql, $table_sf_values, $course_id, $tool_id, $ref_id, $id_specific_field, Database::escape_string($value)); $sql = sprintf($sql, $table_sf_values, $course_id, $tool_id, $ref_id, $id_specific_field, Database::escape_string($value));
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if ($result) { if ($result) {
return Database::get_last_insert_id(); return Database::get_last_insert_id();
} }
@ -176,7 +176,7 @@ function delete_all_specific_field_value($course_id, $id_specific_field, $tool_i
$table_sf_values = Database :: get_main_table(TABLE_MAIN_SPECIFIC_FIELD_VALUES); $table_sf_values = Database :: get_main_table(TABLE_MAIN_SPECIFIC_FIELD_VALUES);
$sql = 'DELETE FROM %s WHERE course_code = \'%s\' AND tool_id = \'%s\' AND ref_id = %s AND field_id = %s'; $sql = 'DELETE FROM %s WHERE course_code = \'%s\' AND tool_id = \'%s\' AND ref_id = %s AND field_id = %s';
$sql = sprintf($sql, $table_sf_values, $course_id, $tool_id, $ref_id, $id_specific_field); $sql = sprintf($sql, $table_sf_values, $course_id, $tool_id, $ref_id, $id_specific_field);
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
} }
/** /**
@ -190,7 +190,7 @@ function delete_all_values_for_item($course_id, $tool_id, $ref_id) {
$table_sf_values = Database :: get_main_table(TABLE_MAIN_SPECIFIC_FIELD_VALUES); $table_sf_values = Database :: get_main_table(TABLE_MAIN_SPECIFIC_FIELD_VALUES);
$sql = 'DELETE FROM %s WHERE course_code = \'%s\' AND tool_id = \'%s\' AND ref_id = %s'; $sql = 'DELETE FROM %s WHERE course_code = \'%s\' AND tool_id = \'%s\' AND ref_id = %s';
$sql = sprintf($sql, $table_sf_values, $course_id, $tool_id, $ref_id); $sql = sprintf($sql, $table_sf_values, $course_id, $tool_id, $ref_id);
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
} }
/** /**
@ -206,7 +206,7 @@ function get_specific_field_code_from_name($name) {
$list = array('A','B','D','E','F','G','H','I','J','K','L','M','N','P','Q','R','S','T','U','V','W','X','Y'); $list = array('A','B','D','E','F','G','H','I','J','K','L','M','N','P','Q','R','S','T','U','V','W','X','Y');
$table_sf = Database :: get_main_table(TABLE_MAIN_SPECIFIC_FIELD); $table_sf = Database :: get_main_table(TABLE_MAIN_SPECIFIC_FIELD);
$sql = "SELECT code FROM $table_sf ORDER BY code"; $sql = "SELECT code FROM $table_sf ORDER BY code";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$code = strtoupper(substr($name,0,1)); $code = strtoupper(substr($name,0,1));
//if no code exists in DB, return current one //if no code exists in DB, return current one
if (Database::num_rows($res)<1) { return $code;} if (Database::num_rows($res)<1) { return $code;}

270
main/inc/lib/surveymanager.lib.php
Unescape View File

@ -41,7 +41,7 @@ class SurveyManager {
public static function select_survey_list ($seleced_surveyid='', $extra_script='') { public static function select_survey_list ($seleced_surveyid='', $extra_script='') {
$survey_table = Database :: get_course_table(TABLE_SURVEY); $survey_table = Database :: get_course_table(TABLE_SURVEY);
$sql = "SELECT * FROM $survey_table";// WHERE is_shared='1'"; $sql = "SELECT * FROM $survey_table";// WHERE is_shared='1'";
$sql_result = api_sql_query($sql,__FILE__,__LINE__); $sql_result = Database::query($sql,__FILE__,__LINE__);
if(mysql_num_rows($sql_result)>0) if(mysql_num_rows($sql_result)>0)
{ {
$str_survey_list = ""; $str_survey_list = "";
@ -70,7 +70,7 @@ class SurveyManager {
$survey_table = Database :: get_course_table(TABLE_MAIN_SURVEY); $survey_table = Database :: get_course_table(TABLE_MAIN_SURVEY);
$sql = "SELECT survey_id FROM $survey_table WHERE title='$existing'" ; $sql = "SELECT survey_id FROM $survey_table WHERE title='$existing'" ;
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
$i=0; $i=0;
$survey_id=mysql_result($result,$i,'survey_id'); $survey_id=mysql_result($result,$i,'survey_id');
echo "in getsurveyid".$survey_id; echo "in getsurveyid".$survey_id;
@ -85,7 +85,7 @@ class SurveyManager {
{ {
$sql_query = "SELECT * FROM $table_group WHERE groupname='".Database::escape_string($group_title)."' AND survey_id=".Database::escape_string($survey_id); $sql_query = "SELECT * FROM $table_group WHERE groupname='".Database::escape_string($group_title)."' AND survey_id=".Database::escape_string($survey_id);
$res = api_sql_query($sql_query, __FILE__, __LINE__); $res = Database::query($sql_query, __FILE__, __LINE__);
if(mysql_num_rows($res)) if(mysql_num_rows($res))
{ {
return false; return false;
@ -95,11 +95,11 @@ class SurveyManager {
{ {
$sql = 'SELECT MAX(sortby) FROM '.$table_group.' WHERE survey_id="'.Database::escape_string($survey_id).'"'; $sql = 'SELECT MAX(sortby) FROM '.$table_group.' WHERE survey_id="'.Database::escape_string($survey_id).'"';
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
list($sortby) = mysql_fetch_array($rs); list($sortby) = mysql_fetch_array($rs);
$sortby++; $sortby++;
$sql="INSERT INTO $table_group(group_id,survey_id,groupname,introduction, sortby) values('','$survey_id','$group_title','$introduction','$sortby')"; $sql="INSERT INTO $table_group(group_id,survey_id,groupname,introduction, sortby) values('','$survey_id','$group_title','$introduction','$sortby')";
$result=api_sql_query($sql); $result=Database::query($sql);
return mysql_insert_id(); return mysql_insert_id();
} }
@ -113,7 +113,7 @@ class SurveyManager {
$user_table = Database :: get_main_table(TABLE_MAIN_USER); $user_table = Database :: get_main_table(TABLE_MAIN_USER);
$authorid = Database::escape_string($authorid); $authorid = Database::escape_string($authorid);
$sql_query = "SELECT * FROM $user_table WHERE user_id='$authorid'"; $sql_query = "SELECT * FROM $user_table WHERE user_id='$authorid'";
$res = api_sql_query($sql_query, __FILE__, __LINE__); $res = Database::query($sql_query, __FILE__, __LINE__);
$firstname=@mysql_result($res,0,'firstname'); $firstname=@mysql_result($res,0,'firstname');
return $firstname; return $firstname;
} }
@ -126,7 +126,7 @@ class SurveyManager {
//$table_survey = Database :: get_course_table(TABLE_SURVEY); //$table_survey = Database :: get_course_table(TABLE_SURVEY);
$survey_id = Database::escape_string($survey_id); $survey_id = Database::escape_string($survey_id);
$sql = "SELECT author FROM $db_name.survey WHERE survey_id='$survey_id'"; $sql = "SELECT author FROM $db_name.survey WHERE survey_id='$survey_id'";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
$author=@mysql_result($res,0,'author'); $author=@mysql_result($res,0,'author');
return $author; return $author;
} }
@ -138,7 +138,7 @@ class SurveyManager {
//$group_table = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP); //$group_table = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP);
$group_id = Database::escape_string($group_id); $group_id = Database::escape_string($group_id);
$sql = "SELECT survey_id FROM $db_name.survey_group WHERE group_id='$group_id'"; $sql = "SELECT survey_id FROM $db_name.survey_group WHERE group_id='$group_id'";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
$surveyid=@mysql_result($res,0,'survey_id'); $surveyid=@mysql_result($res,0,'survey_id');
return $surveyid; return $surveyid;
} }
@ -147,7 +147,7 @@ class SurveyManager {
//$grouptable = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP); //$grouptable = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP);
$gid = Database::escape_string($gid); $gid = Database::escape_string($gid);
$sql = "SELECT * FROM $db_name.survey_group WHERE group_id='$gid'"; $sql = "SELECT * FROM $db_name.survey_group WHERE group_id='$gid'";
$res=api_sql_query($sql); $res=Database::query($sql);
$code=@Database::result($res,0,'groupname'); $code=@Database::result($res,0,'groupname');
return($code); return($code);
} }
@ -161,7 +161,7 @@ class SurveyManager {
$introduction = Database::escape_string($introduction); $introduction = Database::escape_string($introduction);
$sql="INSERT INTO $tb (group_id,survey_id,group_title,introduction) values('','$survey_id','$group_title','$introduction')"; $sql="INSERT INTO $tb (group_id,survey_id,group_title,introduction) values('','$survey_id','$group_title','$introduction')";
$result=api_sql_query($sql); $result=Database::query($sql);
return mysql_insert_id(); return mysql_insert_id();
} }
/** /**
@ -173,7 +173,7 @@ class SurveyManager {
$sql="SELECT code FROM $table_survey where code='$survey_code'"; $sql="SELECT code FROM $table_survey where code='$survey_code'";
//echo $sql; //echo $sql;
//exit; //exit;
$result=api_sql_query($sql); $result=Database::query($sql);
$code=@mysql_result($result,0,'code'); $code=@mysql_result($result,0,'code');
//echo $code;exit; //echo $code;exit;
return($code); return($code);
@ -185,7 +185,7 @@ class SurveyManager {
{ {
$survey_table = Database :: get_course_table(TABLE_SURVEY); $survey_table = Database :: get_course_table(TABLE_SURVEY);
$sql_query = "SELECT survey_id,title FROM $survey_table where title!='' "; $sql_query = "SELECT survey_id,title FROM $survey_table where title!='' ";
$sql_result = api_sql_query($sql_query,__FILE__,__LINE__); $sql_result = Database::query($sql_query,__FILE__,__LINE__);
echo "<select name=\"author\">"; echo "<select name=\"author\">";
echo "<option value=\"\"><--Select Survey--></optional>"; echo "<option value=\"\"><--Select Survey--></optional>";
while ($result =@mysql_fetch_array($sql_result)) while ($result =@mysql_fetch_array($sql_result))
@ -201,11 +201,11 @@ class SurveyManager {
{ {
//$table_survey = Database :: get_course_table(TABLE_SURVEY); //$table_survey = Database :: get_course_table(TABLE_SURVEY);
$sql = "INSERT INTO $table_survey (code,title, subtitle, author,lang,avail_from,avail_till, is_shared,template,intro,surveythanks,creation_date) values('$surveycode','$surveytitle','$surveysubtitle','$author','$survey_language','$availablefrom','$availabletill','$isshare','$surveytemplate','$surveyintroduction','$surveythanks',curdate())"; $sql = "INSERT INTO $table_survey (code,title, subtitle, author,lang,avail_from,avail_till, is_shared,template,intro,surveythanks,creation_date) values('$surveycode','$surveytitle','$surveysubtitle','$author','$survey_language','$availablefrom','$availabletill','$isshare','$surveytemplate','$surveyintroduction','$surveythanks',curdate())";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
//$result = api_sql_query($sql); //$result = Database::query($sql);
$survey_id = mysql_insert_id(); $survey_id = mysql_insert_id();
$sql2 = "INSERT INTO $table_group(group_id,survey_id,groupname,introduction) values('','$survey_id','No Group','This is your Default Group')"; $sql2 = "INSERT INTO $table_group(group_id,survey_id,groupname,introduction) values('','$survey_id','No Group','This is your Default Group')";
$result = api_sql_query($sql2, __FILE__, __LINE__); $result = Database::query($sql2, __FILE__, __LINE__);
return $survey_id; return $survey_id;
} }
/** /**
@ -232,7 +232,7 @@ class SurveyManager {
surveythanks = "'.addslashes($original_survey->surveythanks).'", surveythanks = "'.addslashes($original_survey->surveythanks).'",
creation_date = "NOW()"'; creation_date = "NOW()"';
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$new_survey_id = mysql_insert_id(); $new_survey_id = mysql_insert_id();
// copy the groups // copy the groups
@ -250,7 +250,7 @@ class SurveyManager {
{ {
//$table_survey = Database :: get_course_table(TABLE_SURVEY); //$table_survey = Database :: get_course_table(TABLE_SURVEY);
$sql = "INSERT INTO $table_survey (code,title, subtitle, author,lang,avail_from,avail_till, is_shared,template,intro,surveythanks,creation_date) values('$surveycode','$surveytitle','$surveysubtitle','$author','$survey_language','$availablefrom','$availabletill','$isshare','$surveytemplate','$surveyintroduction','$surveythanks',curdate())"; $sql = "INSERT INTO $table_survey (code,title, subtitle, author,lang,avail_from,avail_till, is_shared,template,intro,surveythanks,creation_date) values('$surveycode','$surveytitle','$surveysubtitle','$author','$survey_language','$availablefrom','$availabletill','$isshare','$surveytemplate','$surveyintroduction','$surveythanks',curdate())";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$survey_id = mysql_insert_id(); $survey_id = mysql_insert_id();
return $survey_id; return $survey_id;
} }
@ -260,13 +260,13 @@ class SurveyManager {
function update_survey($surveyid,$surveycode,$surveytitle, $surveysubtitle, $author, $survey_language, $availablefrom, $availabletill,$isshare, $surveytemplate, $surveyintroduction, $surveythanks, $cidReq,$table_course) function update_survey($surveyid,$surveycode,$surveytitle, $surveysubtitle, $author, $survey_language, $availablefrom, $availabletill,$isshare, $surveytemplate, $surveyintroduction, $surveythanks, $cidReq,$table_course)
{ {
$sql_course = "SELECT * FROM $table_course WHERE code = '$cidReq'"; $sql_course = "SELECT * FROM $table_course WHERE code = '$cidReq'";
$res_course = api_sql_query($sql_course,__FILE__,__LINE__); $res_course = Database::query($sql_course,__FILE__,__LINE__);
$obj_course=@mysql_fetch_object($res_course); $obj_course=@mysql_fetch_object($res_course);
$curr_dbname = $obj_course->db_name ; $curr_dbname = $obj_course->db_name ;
$surveyid = Database::escape_string($surveyid); $surveyid = Database::escape_string($surveyid);
$sql = "UPDATE $curr_dbname.survey SET code='$surveycode', title='$surveytitle', subtitle='$surveysubtitle', lang='$survey_language', avail_from='$availablefrom', avail_till='$availabletill', is_shared='$isshare', template='$surveytemplate', intro='$surveyintroduction',surveythanks='$surveythanks' $sql = "UPDATE $curr_dbname.survey SET code='$surveycode', title='$surveytitle', subtitle='$surveysubtitle', lang='$survey_language', avail_from='$availablefrom', avail_till='$availabletill', is_shared='$isshare', template='$surveytemplate', intro='$surveyintroduction',surveythanks='$surveythanks'
WHERE survey_id='$surveyid'"; WHERE survey_id='$surveyid'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
return $curr_dbname; return $curr_dbname;
} }
@ -297,7 +297,7 @@ class SurveyManager {
$table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION); $table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION);
$sql = "INSERT INTO $table_question (gid,type,caption,ans1,ans2,ans3,ans4,ans5,ans6,ans7,ans8,ans9,ans10,open_ans,anst,ansd,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('$gid','$type','$caption',$x'$open_ans','$anst','$ansd',$y)"; $sql = "INSERT INTO $table_question (gid,type,caption,ans1,ans2,ans3,ans4,ans5,ans6,ans7,ans8,ans9,ans10,open_ans,anst,ansd,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('$gid','$type','$caption',$x'$open_ans','$anst','$ansd',$y)";
$result = api_sql_query($sql); $result = Database::query($sql);
return mysql_insert_id(); return mysql_insert_id();
} }
@ -305,7 +305,7 @@ class SurveyManager {
{ {
$table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION); $table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION);
$sql = "SELECT * FROM $table_question where qid='$questionid'"; $sql = "SELECT * FROM $table_question where qid='$questionid'";
$res=api_sql_query($sql); $res=Database::query($sql);
$code=@mysql_result($res,0,'caption'); $code=@mysql_result($res,0,'caption');
return($code); return($code);
} }
@ -316,7 +316,7 @@ class SurveyManager {
function create_question($gid,$surveyid,$qtype,$caption,$alignment,$answers,$open_ans,$answerT,$answerD,$rating,$curr_dbname) function create_question($gid,$surveyid,$qtype,$caption,$alignment,$answers,$open_ans,$answerT,$answerD,$rating,$curr_dbname)
{ {
$sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions "; $sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions ";
$res_sort=api_sql_query($sql_sort); $res_sort=Database::query($sql_sort);
$rs=mysql_fetch_object($res_sort); $rs=mysql_fetch_object($res_sort);
$sortby=$rs->sortby; $sortby=$rs->sortby;
if(empty($sortby)) if(empty($sortby))
@ -353,7 +353,7 @@ class SurveyManager {
$ansd = $answerD; $ansd = $answerD;
//} //}
$sql = "INSERT INTO $curr_dbname.questions (gid,survey_id,qtype,caption,alignment,sortby,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('$gid','$surveyid','$qtype','$caption','$alignment','$sortby',$x'$anst','$ansd',$y)"; $sql = "INSERT INTO $curr_dbname.questions (gid,survey_id,qtype,caption,alignment,sortby,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('$gid','$surveyid','$qtype','$caption','$alignment','$sortby',$x'$anst','$ansd',$y)";
$result = api_sql_query($sql); $result = Database::query($sql);
return mysql_insert_id(); return mysql_insert_id();
} }
@ -371,7 +371,7 @@ class SurveyManager {
$anst = $answerT; $anst = $answerT;
$ansd = $answerD; $ansd = $answerD;
$sql = "UPDATE $curr_dbname.questions SET qtype='$qtype',caption='$caption',alignment='$alignment',a1='$answers[0]',a2='$answers[1]',a3='$answers[2]',a4='$answers[3]',a5='$answers[4]',a6='$answers[5]',a7='$answers[6]',a8='$answers[7]',a9='$answers[8]',a10='$answers[9]' WHERE qid='$qid'"; $sql = "UPDATE $curr_dbname.questions SET qtype='$qtype',caption='$caption',alignment='$alignment',a1='$answers[0]',a2='$answers[1]',a3='$answers[2]',a4='$answers[3]',a5='$answers[4]',a6='$answers[5]',a7='$answers[6]',a8='$answers[7]',a9='$answers[8]',a10='$answers[9]' WHERE qid='$qid'";
$result = api_sql_query($sql); $result = Database::query($sql);
return mysql_insert_id(); return mysql_insert_id();
} }
@ -383,7 +383,7 @@ class SurveyManager {
$table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION); $table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION);
$questionid = Database::escape_string($questionid); $questionid = Database::escape_string($questionid);
$sql = "SELECT * FROM $table_question WHERE qid='$questionid'"; $sql = "SELECT * FROM $table_question WHERE qid='$questionid'";
$res=api_sql_query($sql); $res=Database::query($sql);
$code=@mysql_result($res,0,'type'); $code=@mysql_result($res,0,'type');
return($code); return($code);
} }
@ -396,7 +396,7 @@ class SurveyManager {
//$table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION); //$table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION);
$gid = Database::escape_string($gid); $gid = Database::escape_string($gid);
$sql = "SELECT * FROM $db_name.questions WHERE gid='$gid'"; $sql = "SELECT * FROM $db_name.questions WHERE gid='$gid'";
$res=api_sql_query($sql); $res=Database::query($sql);
$code=@mysql_num_rows($res); $code=@mysql_num_rows($res);
return($code); return($code);
} }
@ -408,7 +408,7 @@ class SurveyManager {
{ {
$qid = Database::escape_string($qid); $qid = Database::escape_string($qid);
$sql = "SELECT * FROM $curr_dbname.questions where qid='$qid'"; $sql = "SELECT * FROM $curr_dbname.questions where qid='$qid'";
$res=api_sql_query($sql); $res=Database::query($sql);
$rs=mysql_fetch_object($res); $rs=mysql_fetch_object($res);
$properties = get_object_vars($rs); $properties = get_object_vars($rs);
foreach ($properties as $property=>$val){ foreach ($properties as $property=>$val){
@ -424,7 +424,7 @@ class SurveyManager {
{ {
global $_course; global $_course;
$sql='SELECT '.$field.' FROM '.$_course['dbName'].'.survey WHERE survey_id='.intval($id); $sql='SELECT '.$field.' FROM '.$_course['dbName'].'.survey WHERE survey_id='.intval($id);
$res=api_sql_query($sql); $res=Database::query($sql);
$code=@mysql_result($res,0); $code=@mysql_result($res,0);
return($code); return($code);
@ -436,7 +436,7 @@ class SurveyManager {
{ {
global $_course; global $_course;
$sql='SELECT * FROM '.$_course['dbName'].'.survey WHERE survey_id='.intval($id); $sql='SELECT * FROM '.$_course['dbName'].'.survey WHERE survey_id='.intval($id);
$res=api_sql_query($sql); $res=Database::query($sql);
return mysql_fetch_object($res); return mysql_fetch_object($res);
} }
/** /**
@ -447,7 +447,7 @@ class SurveyManager {
//$surveytable=Database:: get_course_table(TABLE_SURVEY); //$surveytable=Database:: get_course_table(TABLE_SURVEY);
$sid = Database::escape_string($sid); $sid = Database::escape_string($sid);
$sql="SELECT * FROM $db_name.survey WHERE survey_id=$sid"; $sql="SELECT * FROM $db_name.survey WHERE survey_id=$sid";
$res=api_sql_query($sql); $res=Database::query($sql);
$code=@mysql_result($res,0,'title'); $code=@mysql_result($res,0,'title');
return($code); return($code);
} }
@ -459,7 +459,7 @@ class SurveyManager {
$sid = Database::escape_string($sid); $sid = Database::escape_string($sid);
$surveytable=Database:: get_course_table(TABLE_SURVEY); $surveytable=Database:: get_course_table(TABLE_SURVEY);
$sql="SELECT * FROM $surveytable WHERE survey_id=$sid"; $sql="SELECT * FROM $surveytable WHERE survey_id=$sid";
$res=api_sql_query($sql); $res=Database::query($sql);
$code=@mysql_result($res,0,'title'); $code=@mysql_result($res,0,'title');
return($code); return($code);
} }
@ -471,7 +471,7 @@ class SurveyManager {
$table_group = Database :: get_course_table(TABLE_MAIN_GROUP); $table_group = Database :: get_course_table(TABLE_MAIN_GROUP);
$table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION); $table_question = Database :: get_course_table(TABLE_MAIN_SURVEYQUESTION);
echo $sql="select t1.title as stitle, t3.type as type, t3.caption as caption, t2.groupname as groupname from $table_survey t1, $table_group t2, $table_question t3 where t1.survey_id=t2.survey_id and t3.gid=t2.group_id and t3.type='$question_type'"; echo $sql="select t1.title as stitle, t3.type as type, t3.caption as caption, t2.groupname as groupname from $table_survey t1, $table_group t2, $table_question t3 where t1.survey_id=t2.survey_id and t3.gid=t2.group_id and t3.type='$question_type'";
$sql_result = api_sql_query($sql,__FILE__,__LINE__); $sql_result = Database::query($sql,__FILE__,__LINE__);
$result = mysql_fetch_object($sql_result); $result = mysql_fetch_object($sql_result);
return ($result); return ($result);
} }
@ -502,9 +502,9 @@ class SurveyManager {
if(isset($selected_group)){ if(isset($selected_group)){
if($selected_group!=''){ if($selected_group!=''){
$sql = "SELECT $table_group('survey_id', 'groupname') values('$sid', '$groupname')"; $sql = "SELECT $table_group('survey_id', 'groupname') values('$sid', '$groupname')";
$res = api_sql_query($sql); $res = Database::query($sql);
$sql = "INSERT INTO $table_group('survey_id', 'groupname') values('$sid', '$groupname')"; $sql = "INSERT INTO $table_group('survey_id', 'groupname') values('$sid', '$groupname')";
$res = api_sql_query($sql); $res = Database::query($sql);
$gid_arr[$index]+= mysql_insert_id(); $gid_arr[$index]+= mysql_insert_id();
$groupids=implode(",",$gid_arr); $groupids=implode(",",$gid_arr);
} }
@ -532,20 +532,20 @@ class SurveyManager {
// Deleting the survey // Deleting the survey
$sql = "DELETE FROM $table_survey WHERE survey_id='".$survey_id."'"; $sql = "DELETE FROM $table_survey WHERE survey_id='".$survey_id."'";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
// Deleting all the questions of the survey // Deleting all the questions of the survey
$sql = "SELECT * FROM $table_group WHERE survey_id='".$survey_id."'"; $sql = "SELECT * FROM $table_group WHERE survey_id='".$survey_id."'";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
while($obj = mysql_fetch_object($res)) while($obj = mysql_fetch_object($res))
{ {
$sql = "DELETE FROM $table_question WHERE gid='".$obj->group_id."'"; $sql = "DELETE FROM $table_question WHERE gid='".$obj->group_id."'";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }
// Deleting the groups of the survey // Deleting the groups of the survey
$sql = "DELETE FROM $table_group WHERE survey_id='".$survey_id."'"; $sql = "DELETE FROM $table_group WHERE survey_id='".$survey_id."'";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
return true; return true;
} }
@ -566,9 +566,9 @@ class SurveyManager {
$table_survey_group = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP); $table_survey_group = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP);
$sql = "DELETE FROM $table_question WHERE gid='".$group_id."'"; $sql = "DELETE FROM $table_question WHERE gid='".$group_id."'";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
$sql = "DELETE FROM $table_survey_group WHERE group_id='".$group_id."'"; $sql = "DELETE FROM $table_survey_group WHERE group_id='".$group_id."'";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }
/** /**
@ -578,7 +578,7 @@ class SurveyManager {
{ {
$ques_table=Database::get_course_table(TABLE_MAIN_SURVEYQUESTION); $ques_table=Database::get_course_table(TABLE_MAIN_SURVEYQUESTION);
$sql="SELECT gid FROM $ques_table where qid=$qid"; $sql="SELECT gid FROM $ques_table where qid=$qid";
$res=api_sql_query($sql); $res=Database::query($sql);
$id=@mysql_result($res,0,'gid'); $id=@mysql_result($res,0,'gid');
$gname=surveymanager::get_groupname($id); $gname=surveymanager::get_groupname($id);
return($gname); return($gname);
@ -589,13 +589,13 @@ class SurveyManager {
function insert_questions($sid,$newgid,$gid,$table_group) function insert_questions($sid,$newgid,$gid,$table_group)
{ {
$sql_select = "SELECT * FROM $table_group WHERE group_id IN (".$gid.")"; $sql_select = "SELECT * FROM $table_group WHERE group_id IN (".$gid.")";
$res = api_sql_query($sql_select); $res = Database::query($sql_select);
$num = mysql_num_rows($res); $num = mysql_num_rows($res);
$i=0; $i=0;
while($i<$num) while($i<$num)
{ {
$sql_insert = "INSERT INTO $table_group(group_id, survey_id, groupname) values('', '$sid', 'Imported Group')"; $sql_insert = "INSERT INTO $table_group(group_id, survey_id, groupname) values('', '$sid', 'Imported Group')";
$result = api_sql_query($sql_insert); $result = Database::query($sql_insert);
$i++; $i++;
} }
} }
@ -606,7 +606,7 @@ class SurveyManager {
{ {
$group_table = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP); $group_table = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP);
$sql = "SELECT * FROM $group_table WHERE survey_id='$survey_id'"; $sql = "SELECT * FROM $group_table WHERE survey_id='$survey_id'";
$sql_result = api_sql_query($sql,__FILE__,__LINE__); $sql_result = Database::query($sql,__FILE__,__LINE__);
if(mysql_num_rows($sql_result)>0) if(mysql_num_rows($sql_result)>0)
{ {
$str_group_list = ""; $str_group_list = "";
@ -641,7 +641,7 @@ class SurveyManager {
$queryone = "SELECT * FROM $table_question WHERE gid = '$newgid'"; $queryone = "SELECT * FROM $table_question WHERE gid = '$newgid'";
$rs = api_sql_query($queryone); $rs = Database::query($queryone);
$numrs=mysql_num_rows($rs); $numrs=mysql_num_rows($rs);
for($k=0;$k<$numrs;$k++) for($k=0;$k<$numrs;$k++)
@ -680,7 +680,7 @@ class SurveyManager {
$temp_gid = $gid_arr[$index]; $temp_gid = $gid_arr[$index];
$sql = "SELECT * FROM $table_question WHERE gid = '$temp_gid'"; $sql = "SELECT * FROM $table_question WHERE gid = '$temp_gid'";
$res = api_sql_query($sql); $res = Database::query($sql);
$num_rows = mysql_num_rows($res); $num_rows = mysql_num_rows($res);
while($obj = mysql_fetch_object($res)) while($obj = mysql_fetch_object($res))
{ {
@ -710,7 +710,7 @@ class SurveyManager {
} }
$sql_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$newgid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$temp_gid')"; $sql_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$newgid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$temp_gid')";
$res2 = api_sql_query($sql_insert); $res2 = Database::query($sql_insert);
} }
} }
@ -728,7 +728,7 @@ class SurveyManager {
{ {
$sql = "SELECT group_id FROM $table_group WHERE survey_id='$sid'"; $sql = "SELECT group_id FROM $table_group WHERE survey_id='$sid'";
$res = api_sql_query($sql); $res = Database::query($sql);
$num = @mysql_num_rows($res); $num = @mysql_num_rows($res);
//echo "ths is num".$num; //echo "ths is num".$num;
$parameters = array(); $parameters = array();
@ -738,7 +738,7 @@ class SurveyManager {
$groupid = $obj->group_id; $groupid = $obj->group_id;
$query = "SELECT * FROM $table_question WHERE gid = '$groupid'"; $query = "SELECT * FROM $table_question WHERE gid = '$groupid'";
$result = api_sql_query($query); $result = Database::query($query);
while($object = @mysql_fetch_object($result)) while($object = @mysql_fetch_object($result))
{ {
$display = array(); $display = array();
@ -766,16 +766,16 @@ class SurveyManager {
//For attaching the whole survey with its groups and questions //For attaching the whole survey with its groups and questions
{ {
$sql = "SELECT * FROM $db_name.survey_group WHERE survey_id = '$surveyid'"; $sql = "SELECT * FROM $db_name.survey_group WHERE survey_id = '$surveyid'";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
while($obj=@mysql_fetch_object($res)) while($obj=@mysql_fetch_object($res))
{ {
$groupname=addslashes($obj->groupname); $groupname=addslashes($obj->groupname);
$introduction=addslashes($obj->introduction); $introduction=addslashes($obj->introduction);
$sql_insert = "INSERT INTO $curr_dbname.survey_group(group_id,survey_id,groupname,introduction) values('','$newsurveyid','$groupname','$introduction')"; $sql_insert = "INSERT INTO $curr_dbname.survey_group(group_id,survey_id,groupname,introduction) values('','$newsurveyid','$groupname','$introduction')";
$resnext = api_sql_query($sql_insert,__FILE__,__LINE__); $resnext = Database::query($sql_insert,__FILE__,__LINE__);
$groupid = mysql_insert_id(); $groupid = mysql_insert_id();
$sql_q = "SELECT * FROM $db_name.questions WHERE gid = '$obj->group_id'"; $sql_q = "SELECT * FROM $db_name.questions WHERE gid = '$obj->group_id'";
$res_q = api_sql_query($sql_q,__FILE__,__LINE__); $res_q = Database::query($sql_q,__FILE__,__LINE__);
while($obj_q = mysql_fetch_object($res_q)) while($obj_q = mysql_fetch_object($res_q))
{ {
$caption1=addslashes($obj_q->caption); $caption1=addslashes($obj_q->caption);
@ -802,14 +802,14 @@ class SurveyManager {
$r9=addslashes($obj_q->r9); $r9=addslashes($obj_q->r9);
$r10=addslashes($obj_q->r10); $r10=addslashes($obj_q->r10);
$sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions "; $sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions ";
$res_sort=api_sql_query($sql_sort); $res_sort=Database::query($sql_sort);
$rs=mysql_fetch_object($res_sort); $rs=mysql_fetch_object($res_sort);
$sortby=$rs->sortby; $sortby=$rs->sortby;
if(empty($sortby)) if(empty($sortby))
{$sortby=1;} {$sortby=1;}
else{$sortby=$sortby+1;} else{$sortby=$sortby+1;}
$sql_q_insert = "INSERT INTO $curr_dbname.questions (qid,gid,survey_id,qtype,caption,alignment,sortby,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$groupid','$newsurveyid','$obj_q->qtype','$caption1','$obj_q->alignment','$sortby','$a1','$a2','$a3','$a4','$a5','$a6','$a7','$a8','$a9','$a10','$at','$ad','$r1','$r2','$r3','$r4','$r5','$r6','$r7','$r8','$r9','$r10')"; $sql_q_insert = "INSERT INTO $curr_dbname.questions (qid,gid,survey_id,qtype,caption,alignment,sortby,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$groupid','$newsurveyid','$obj_q->qtype','$caption1','$obj_q->alignment','$sortby','$a1','$a2','$a3','$a4','$a5','$a6','$a7','$a8','$a9','$a10','$at','$ad','$r1','$r2','$r3','$r4','$r5','$r6','$r7','$r8','$r9','$r10')";
api_sql_query($sql_q_insert,__FILE__,__LINE__); Database::query($sql_q_insert,__FILE__,__LINE__);
} }
} }
} }
@ -818,7 +818,7 @@ class SurveyManager {
function update_group($groupid,$surveyid,$groupnamme,$introduction,$curr_dbname) function update_group($groupid,$surveyid,$groupnamme,$introduction,$curr_dbname)
{ {
$sql = "UPDATE $curr_dbname.survey_group SET group_id='$groupid', survey_id='$surveyid', groupname='$groupnamme', introduction='$introduction' WHERE group_id='$groupid'"; $sql = "UPDATE $curr_dbname.survey_group SET group_id='$groupid', survey_id='$surveyid', groupname='$groupnamme', introduction='$introduction' WHERE group_id='$groupid'";
api_sql_query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
} }
/* /*
@ -830,17 +830,17 @@ function insert_old_groups($sid,$gids,$table_group,$table_question)
for($p=0;$p<$index;$p++) for($p=0;$p<$index;$p++)
{ {
$sql = "SELECT * FROM $table_group WHERE group_id = '$gid_arr[$p]'"; $sql = "SELECT * FROM $table_group WHERE group_id = '$gid_arr[$p]'";
$res = api_sql_query($sql); $res = Database::query($sql);
$obj = mysql_fetch_object($res); $obj = mysql_fetch_object($res);
$gname = $obj->groupname; $gname = $obj->groupname;
if($gname=='Default') if($gname=='Default')
{ {
$query = "SELECT * FROM $table_group WHERE survey_id = '$sid' AND groupname = 'Default'"; $query = "SELECT * FROM $table_group WHERE survey_id = '$sid' AND groupname = 'Default'";
$result = api_sql_query($query); $result = Database::query($query);
$object = mysql_fetch_object($result); $object = mysql_fetch_object($result);
$gid = $object->group_id; $gid = $object->group_id;
$sql_def_check = "SELECT * FROM $table_question WHERE gid = '$gid'"; $sql_def_check = "SELECT * FROM $table_question WHERE gid = '$gid'";
$res_def_check = api_sql_query($sql_def_check); $res_def_check = Database::query($sql_def_check);
$count_def_check = mysql_num_rows($res_def_check); $count_def_check = mysql_num_rows($res_def_check);
for($ctr=0;$ctr<$count_def_check;$ctr++) for($ctr=0;$ctr<$count_def_check;$ctr++)
{ {
@ -850,7 +850,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question)
if(!@in_array($gid_arr[$p],$imp)) if(!@in_array($gid_arr[$p],$imp))
{ {
$sql_ques = "SELECT * FROM $table_question WHERE gid= '$gid_arr[$p]'"; $sql_ques = "SELECT * FROM $table_question WHERE gid= '$gid_arr[$p]'";
$res_ques = api_sql_query($sql_ques); $res_ques = Database::query($sql_ques);
$num = mysql_num_rows($res_ques); $num = mysql_num_rows($res_ques);
while($obj_ques = mysql_fetch_object($res_ques)) while($obj_ques = mysql_fetch_object($res_ques))
{ {
@ -881,7 +881,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question)
} }
} }
$sql_ques_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')"; $sql_ques_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')";
$res_ques_insert = api_sql_query($sql_ques_insert); $res_ques_insert = Database::query($sql_ques_insert);
} }
} }
else else
@ -893,7 +893,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question)
{ {
$intro = $obj->introduction; $intro = $obj->introduction;
$sql_check = "SELECT * FROM $table_group WHERE survey_id = '$sid'"; $sql_check = "SELECT * FROM $table_group WHERE survey_id = '$sid'";
$res_check = api_sql_query($sql_check); $res_check = Database::query($sql_check);
$num_check = mysql_num_rows($res_check); $num_check = mysql_num_rows($res_check);
for($k=0;$k<$num_check;$k++) for($k=0;$k<$num_check;$k++)
{ {
@ -903,10 +903,10 @@ function insert_old_groups($sid,$gids,$table_group,$table_question)
if(!@in_array($gid_arr[$p],$imp)) if(!@in_array($gid_arr[$p],$imp))
{ {
$sql_insert = "INSERT INTO $table_group(group_id,survey_id,groupname,introduction,imported_group) values('','$sid','$gname','$intro','$gid_arr[$p]')"; $sql_insert = "INSERT INTO $table_group(group_id,survey_id,groupname,introduction,imported_group) values('','$sid','$gname','$intro','$gid_arr[$p]')";
$res_insert = api_sql_query($sql_insert); $res_insert = Database::query($sql_insert);
$new_gid = mysql_insert_id(); $new_gid = mysql_insert_id();
$sql_ques = "SELECT * FROM $table_question WHERE gid= '$gid_arr[$p]'"; $sql_ques = "SELECT * FROM $table_question WHERE gid= '$gid_arr[$p]'";
$res_ques = api_sql_query($sql_ques); $res_ques = Database::query($sql_ques);
$num = mysql_num_rows($res_ques); $num = mysql_num_rows($res_ques);
while($obj_ques = mysql_fetch_object($res_ques)) while($obj_ques = mysql_fetch_object($res_ques))
{ {
@ -937,7 +937,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question)
} }
} }
$sql_ques_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$new_gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')"; $sql_ques_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$new_gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')";
$res_ques_insert = api_sql_query($sql_ques_insert); $res_ques_insert = Database::query($sql_ques_insert);
} }
} }
else else
@ -956,7 +956,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
{ {
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE); $table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$sql = "SELECT * FROM $table_course WHERE code = '$cidReq'"; $sql = "SELECT * FROM $table_course WHERE code = '$cidReq'";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$obj_name=@mysql_fetch_object($res); $obj_name=@mysql_fetch_object($res);
$current_db_name = $obj_name->db_name ; $current_db_name = $obj_name->db_name ;
$gid_arr = explode(",",$gids); $gid_arr = explode(",",$gids);
@ -965,17 +965,17 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
for($p=0;$p<$index;$p++) for($p=0;$p<$index;$p++)
{ {
$sql = "SELECT * FROM $db_name.survey_group WHERE group_id = '$gid_arr[$p]'"; $sql = "SELECT * FROM $db_name.survey_group WHERE group_id = '$gid_arr[$p]'";
$res = api_sql_query($sql); $res = Database::query($sql);
$obj = mysql_fetch_object($res); $obj = mysql_fetch_object($res);
$gname = $obj->groupname; $gname = $obj->groupname;
if($gname=='No Group') if($gname=='No Group')
{ {
$query = "SELECT * FROM $db_name.survey_group WHERE survey_id = '$sid' AND groupname = 'No Group'"; $query = "SELECT * FROM $db_name.survey_group WHERE survey_id = '$sid' AND groupname = 'No Group'";
$result = api_sql_query($query); $result = Database::query($query);
$object = mysql_fetch_object($result); $object = mysql_fetch_object($result);
$gid = $object->group_id; $gid = $object->group_id;
$sql_def_check = "SELECT * FROM $db_name.questions WHERE gid = '$gid'"; $sql_def_check = "SELECT * FROM $db_name.questions WHERE gid = '$gid'";
$res_def_check = api_sql_query($sql_def_check); $res_def_check = Database::query($sql_def_check);
$count_def_check = mysql_num_rows($res_def_check); $count_def_check = mysql_num_rows($res_def_check);
for($ctr=0;$ctr<$count_def_check;$ctr++) for($ctr=0;$ctr<$count_def_check;$ctr++)
{ {
@ -986,7 +986,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
if(!@in_array($gid_arr[$p],$imp)) if(!@in_array($gid_arr[$p],$imp))
{ {
$sql_ques = "SELECT * FROM $db_name.questions WHERE gid= '$gid_arr[$p]'"; $sql_ques = "SELECT * FROM $db_name.questions WHERE gid= '$gid_arr[$p]'";
$res_ques = api_sql_query($sql_ques); $res_ques = Database::query($sql_ques);
$num = mysql_num_rows($res_ques); $num = mysql_num_rows($res_ques);
while($obj_ques = mysql_fetch_object($res_ques)) while($obj_ques = mysql_fetch_object($res_ques))
{ {
@ -1017,7 +1017,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
} }
} }
$sql_ques_insert = "INSERT INTO $current_db_name.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')"; $sql_ques_insert = "INSERT INTO $current_db_name.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')";
$res_ques_insert = api_sql_query($sql_ques_insert); $res_ques_insert = Database::query($sql_ques_insert);
} }
} }
else else
@ -1029,7 +1029,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
{ {
$intro = $obj->introduction; $intro = $obj->introduction;
$sql_check = "SELECT * FROM $db_name.survey_group WHERE survey_id = '$sid'"; $sql_check = "SELECT * FROM $db_name.survey_group WHERE survey_id = '$sid'";
$res_check = api_sql_query($sql_check); $res_check = Database::query($sql_check);
$num_check = mysql_num_rows($res_check); $num_check = mysql_num_rows($res_check);
for($k=0;$k<$num_check;$k++) for($k=0;$k<$num_check;$k++)
{ {
@ -1039,10 +1039,10 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
if(!@in_array($gid_arr[$p],$imp)) if(!@in_array($gid_arr[$p],$imp))
{ {
$sql_insert = "INSERT INTO $current_db_name.survey_group(group_id,survey_id,groupname,introduction,imported_group) values('','$sid','$gname','$intro','$gid_arr[$p]')"; $sql_insert = "INSERT INTO $current_db_name.survey_group(group_id,survey_id,groupname,introduction,imported_group) values('','$sid','$gname','$intro','$gid_arr[$p]')";
$res_insert = api_sql_query($sql_insert); $res_insert = Database::query($sql_insert);
$new_gid = mysql_insert_id(); $new_gid = mysql_insert_id();
$sql_ques = "SELECT * FROM $db_name.questions WHERE gid= '$gid_arr[$p]'"; $sql_ques = "SELECT * FROM $db_name.questions WHERE gid= '$gid_arr[$p]'";
$res_ques = api_sql_query($sql_ques); $res_ques = Database::query($sql_ques);
$num = mysql_num_rows($res_ques); $num = mysql_num_rows($res_ques);
while($obj_ques = mysql_fetch_object($res_ques)) while($obj_ques = mysql_fetch_object($res_ques))
{ {
@ -1073,7 +1073,7 @@ function insert_old_groups($sid,$gids,$table_group,$table_question,$db_name,$cid
} }
} }
$sql_ques_insert = "INSERT INTO $current_db_name.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$new_gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')"; $sql_ques_insert = "INSERT INTO $current_db_name.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$new_gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')";
$res_ques_insert = api_sql_query($sql_ques_insert); $res_ques_insert = Database::query($sql_ques_insert);
} }
} }
else else
@ -1092,7 +1092,7 @@ function import_question($surveyid,$qids,$table_group,$table_question,$db_name,$
{ {
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE); $table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$sql_course = "SELECT * FROM $table_course WHERE code = '$cidReq'"; $sql_course = "SELECT * FROM $table_course WHERE code = '$cidReq'";
$res_course = api_sql_query($sql_course,__FILE__,__LINE__); $res_course = Database::query($sql_course,__FILE__,__LINE__);
$obj_name=@mysql_fetch_object($res_course); $obj_name=@mysql_fetch_object($res_course);
$current_db_name = $obj_name->db_name ; $current_db_name = $obj_name->db_name ;
$qid=explode(",",$qids); $qid=explode(",",$qids);
@ -1100,20 +1100,20 @@ function import_question($surveyid,$qids,$table_group,$table_question,$db_name,$
for($i=0; $i<$count; $i++) for($i=0; $i<$count; $i++)
{ {
$sql_q = "SELECT * FROM $table_question WHERE qid = '$qid[$i]'"; $sql_q = "SELECT * FROM $table_question WHERE qid = '$qid[$i]'";
$res_q = api_sql_query($sql_q,__FILE__,__LINE__); $res_q = Database::query($sql_q,__FILE__,__LINE__);
$obj=@mysql_fetch_object($res_q); $obj=@mysql_fetch_object($res_q);
$oldgid=$obj->gid; $oldgid=$obj->gid;
$sql = "SELECT * FROM $table_group WHERE group_id = '$oldgid'"; $sql = "SELECT * FROM $table_group WHERE group_id = '$oldgid'";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$obj_gr = @mysql_fetch_object($res); $obj_gr = @mysql_fetch_object($res);
$gname = $obj_gr->groupname; $gname = $obj_gr->groupname;
$gintro = $obj_gr->introduction; $gintro = $obj_gr->introduction;
$sql_gid = "SELECT * FROM $table_group WHERE survey_id = '$surveyid' AND groupname = '$gname'"; $sql_gid = "SELECT * FROM $table_group WHERE survey_id = '$surveyid' AND groupname = '$gname'";
$res_gid = api_sql_query($sql_gid,__FILE__,__LINE__); $res_gid = Database::query($sql_gid,__FILE__,__LINE__);
$num=mysql_num_rows($res_gid); $num=mysql_num_rows($res_gid);
$obj_gid=@mysql_fetch_object($res_gid); $obj_gid=@mysql_fetch_object($res_gid);
$sql_quesid = "SELECT * FROM $table_question WHERE gid = '$obj_gid->group_id' AND caption = '$obj->caption'"; $sql_quesid = "SELECT * FROM $table_question WHERE gid = '$obj_gid->group_id' AND caption = '$obj->caption'";
$res_quesid = api_sql_query($sql_quesid,__FILE__,__LINE__); $res_quesid = Database::query($sql_quesid,__FILE__,__LINE__);
$num_ques=mysql_num_rows($res_quesid); $num_ques=mysql_num_rows($res_quesid);
if($num_ques>0) if($num_ques>0)
{ {
@ -1125,15 +1125,15 @@ function import_question($surveyid,$qids,$table_group,$table_question,$db_name,$
if($num>0 && $yes=="yes") if($num>0 && $yes=="yes")
{ {
$sql_q_insert = "INSERT INTO $current_db_name.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$obj_gid->group_id','$obj->qtype','$obj->caption','$obj->a1','$obj->a2','$obj->a3','$obj->a4','$obj->a5','$obj->a6','$obj->a7','$obj->a8','$obj->a9','$obj->a10','$obj->at','$obj->ad','$obj->r1','$obj->r2','$obj->r3','$obj->r4','$obj->r5','$obj->r6','$obj->r7','$obj->r8','$obj->r9','$obj->r10')"; $sql_q_insert = "INSERT INTO $current_db_name.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$obj_gid->group_id','$obj->qtype','$obj->caption','$obj->a1','$obj->a2','$obj->a3','$obj->a4','$obj->a5','$obj->a6','$obj->a7','$obj->a8','$obj->a9','$obj->a10','$obj->at','$obj->ad','$obj->r1','$obj->r2','$obj->r3','$obj->r4','$obj->r5','$obj->r6','$obj->r7','$obj->r8','$obj->r9','$obj->r10')";
api_sql_query($sql_q_insert,__FILE__,__LINE__); Database::query($sql_q_insert,__FILE__,__LINE__);
} }
else else
{ {
$sql_ginsert="INSERT INTO $current_db_name.survey_group(group_id,survey_id,groupname,introduction) values('','$surveyid','$gname','$gintro')"; $sql_ginsert="INSERT INTO $current_db_name.survey_group(group_id,survey_id,groupname,introduction) values('','$surveyid','$gname','$gintro')";
api_sql_query($sql_ginsert,__FILE__,__LINE__); Database::query($sql_ginsert,__FILE__,__LINE__);
$new_gid = mysql_insert_id(); $new_gid = mysql_insert_id();
$sql_q_insert = "INSERT INTO $current_db_name.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$new_gid','$obj->qtype','$obj->caption','$obj->a1','$obj->a2','$obj->a3','$obj->a4','$obj->a5','$obj->a6','$obj->a7','$obj->a8','$obj->a9','$obj->a10','$obj->at','$obj->ad','$obj->r1','$obj->r2','$obj->r3','$obj->r4','$obj->r5','$obj->r6','$obj->r7','$obj->r8','$obj->r9','$obj->r10')"; $sql_q_insert = "INSERT INTO $current_db_name.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$new_gid','$obj->qtype','$obj->caption','$obj->a1','$obj->a2','$obj->a3','$obj->a4','$obj->a5','$obj->a6','$obj->a7','$obj->a8','$obj->a9','$obj->a10','$obj->at','$obj->ad','$obj->r1','$obj->r2','$obj->r3','$obj->r4','$obj->r5','$obj->r6','$obj->r7','$obj->r8','$obj->r9','$obj->r10')";
api_sql_query($sql_q_insert,__FILE__,__LINE__); Database::query($sql_q_insert,__FILE__,__LINE__);
} }
} }
} }
@ -1145,12 +1145,12 @@ function import_question($surveyid,$qids,$table_group,$table_question,$db_name,$
function create_course_survey_rel($cidReq,$survey_id,$table_course,$table_course_survey_rel) function create_course_survey_rel($cidReq,$survey_id,$table_course,$table_course_survey_rel)
{ {
$sql = "SELECT * FROM $table_course WHERE code = '$cidReq'"; $sql = "SELECT * FROM $table_course WHERE code = '$cidReq'";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$obj=@mysql_fetch_object($res); $obj=@mysql_fetch_object($res);
$db_name = $obj->db_name ; $db_name = $obj->db_name ;
$sql="INSERT INTO $table_course_survey_rel(id,course_code,db_name,survey_id) values('','$cidReq','$db_name','$survey_id')"; $sql="INSERT INTO $table_course_survey_rel(id,course_code,db_name,survey_id) values('','$cidReq','$db_name','$survey_id')";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
return $db_name; return $db_name;
} }
/** /**
@ -1163,20 +1163,20 @@ function import_existing_question($surveyid,$qids,$table_group,$table_question,$
for($i=0; $i<$count; $i++) for($i=0; $i<$count; $i++)
{ {
$sql_q = "SELECT * FROM $table_question WHERE qid = '$qid[$i]'"; $sql_q = "SELECT * FROM $table_question WHERE qid = '$qid[$i]'";
$res_q = api_sql_query($sql_q,__FILE__,__LINE__); $res_q = Database::query($sql_q,__FILE__,__LINE__);
$obj=@mysql_fetch_object($res_q); $obj=@mysql_fetch_object($res_q);
$oldgid=$obj->gid; $oldgid=$obj->gid;
$sql = "SELECT * FROM $table_group WHERE group_id = '$oldgid'"; $sql = "SELECT * FROM $table_group WHERE group_id = '$oldgid'";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$obj_gr = @mysql_fetch_object($res); $obj_gr = @mysql_fetch_object($res);
$gname = $obj_gr->groupname; $gname = $obj_gr->groupname;
$gintro = $obj_gr->introduction; $gintro = $obj_gr->introduction;
$sql_gid = "SELECT * FROM $table_group WHERE survey_id = '$surveyid' AND groupname = '$gname'"; $sql_gid = "SELECT * FROM $table_group WHERE survey_id = '$surveyid' AND groupname = '$gname'";
$res_gid = api_sql_query($sql_gid,__FILE__,__LINE__); $res_gid = Database::query($sql_gid,__FILE__,__LINE__);
$num=mysql_num_rows($res_gid); $num=mysql_num_rows($res_gid);
$obj_gid=@mysql_fetch_object($res_gid); $obj_gid=@mysql_fetch_object($res_gid);
$sql_quesid = "SELECT * FROM $table_question WHERE gid = '$obj_gid->group_id' AND caption = '$obj->caption'"; $sql_quesid = "SELECT * FROM $table_question WHERE gid = '$obj_gid->group_id' AND caption = '$obj->caption'";
$res_quesid = api_sql_query($sql_quesid,__FILE__,__LINE__); $res_quesid = Database::query($sql_quesid,__FILE__,__LINE__);
$num_ques=mysql_num_rows($res_quesid); $num_ques=mysql_num_rows($res_quesid);
if($num_ques>0) if($num_ques>0)
{ {
@ -1188,15 +1188,15 @@ function import_existing_question($surveyid,$qids,$table_group,$table_question,$
if($num>0 && $yes=="yes") if($num>0 && $yes=="yes")
{ {
$sql_q_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$obj_gid->group_id','$obj->qtype','$obj->caption','$obj->a1','$obj->a2','$obj->a3','$obj->a4','$obj->a5','$obj->a6','$obj->a7','$obj->a8','$obj->a9','$obj->a10','$obj->at','$obj->ad','$obj->r1','$obj->r2','$obj->r3','$obj->r4','$obj->r5','$obj->r6','$obj->r7','$obj->r8','$obj->r9','$obj->r10')"; $sql_q_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$obj_gid->group_id','$obj->qtype','$obj->caption','$obj->a1','$obj->a2','$obj->a3','$obj->a4','$obj->a5','$obj->a6','$obj->a7','$obj->a8','$obj->a9','$obj->a10','$obj->at','$obj->ad','$obj->r1','$obj->r2','$obj->r3','$obj->r4','$obj->r5','$obj->r6','$obj->r7','$obj->r8','$obj->r9','$obj->r10')";
api_sql_query($sql_q_insert,__FILE__,__LINE__); Database::query($sql_q_insert,__FILE__,__LINE__);
} }
else else
{ {
$sql_ginsert="INSERT INTO $table_group(group_id,survey_id,groupname,introduction) values('','$surveyid','$gname','$gintro')"; $sql_ginsert="INSERT INTO $table_group(group_id,survey_id,groupname,introduction) values('','$surveyid','$gname','$gintro')";
api_sql_query($sql_ginsert,__FILE__,__LINE__); Database::query($sql_ginsert,__FILE__,__LINE__);
$new_gid = mysql_insert_id(); $new_gid = mysql_insert_id();
$sql_q_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$new_gid','$obj->qtype','$obj->caption','$obj->a1','$obj->a2','$obj->a3','$obj->a4','$obj->a5','$obj->a6','$obj->a7','$obj->a8','$obj->a9','$obj->a10','$obj->at','$obj->ad','$obj->r1','$obj->r2','$obj->r3','$obj->r4','$obj->r5','$obj->r6','$obj->r7','$obj->r8','$obj->r9','$obj->r10')"; $sql_q_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10) values('','$new_gid','$obj->qtype','$obj->caption','$obj->a1','$obj->a2','$obj->a3','$obj->a4','$obj->a5','$obj->a6','$obj->a7','$obj->a8','$obj->a9','$obj->a10','$obj->at','$obj->ad','$obj->r1','$obj->r2','$obj->r3','$obj->r4','$obj->r5','$obj->r6','$obj->r7','$obj->r8','$obj->r9','$obj->r10')";
api_sql_query($sql_q_insert,__FILE__,__LINE__); Database::query($sql_q_insert,__FILE__,__LINE__);
} }
} }
} }
@ -1213,17 +1213,17 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
for($p=0;$p<$index;$p++) for($p=0;$p<$index;$p++)
{ {
$sql = "SELECT * FROM $table_group WHERE group_id = '$gid_arr[$p]'"; $sql = "SELECT * FROM $table_group WHERE group_id = '$gid_arr[$p]'";
$res = api_sql_query($sql); $res = Database::query($sql);
$obj = mysql_fetch_object($res); $obj = mysql_fetch_object($res);
$gname = $obj->groupname; $gname = $obj->groupname;
if($gname=='No Group') if($gname=='No Group')
{ {
$query = "SELECT * FROM $table_group WHERE survey_id = '$sid' AND groupname = 'No Group'"; $query = "SELECT * FROM $table_group WHERE survey_id = '$sid' AND groupname = 'No Group'";
$result = api_sql_query($query); $result = Database::query($query);
$object = mysql_fetch_object($result); $object = mysql_fetch_object($result);
$gid = $object->group_id; $gid = $object->group_id;
$sql_def_check = "SELECT * FROM $table_question WHERE gid = '$gid'"; $sql_def_check = "SELECT * FROM $table_question WHERE gid = '$gid'";
$res_def_check = api_sql_query($sql_def_check); $res_def_check = Database::query($sql_def_check);
$count_def_check = mysql_num_rows($res_def_check); $count_def_check = mysql_num_rows($res_def_check);
for($ctr=0;$ctr<$count_def_check;$ctr++) for($ctr=0;$ctr<$count_def_check;$ctr++)
{ {
@ -1233,7 +1233,7 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
if(!@in_array($gid_arr[$p],$imp)) if(!@in_array($gid_arr[$p],$imp))
{ {
$sql_ques = "SELECT * FROM $table_question WHERE gid= '$gid_arr[$p]'"; $sql_ques = "SELECT * FROM $table_question WHERE gid= '$gid_arr[$p]'";
$res_ques = api_sql_query($sql_ques); $res_ques = Database::query($sql_ques);
$num = mysql_num_rows($res_ques); $num = mysql_num_rows($res_ques);
while($obj_ques = mysql_fetch_object($res_ques)) while($obj_ques = mysql_fetch_object($res_ques))
{ {
@ -1264,7 +1264,7 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
} }
} }
$sql_ques_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')"; $sql_ques_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')";
$res_ques_insert = api_sql_query($sql_ques_insert); $res_ques_insert = Database::query($sql_ques_insert);
} }
} }
else else
@ -1276,7 +1276,7 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
{ {
$intro = $obj->introduction; $intro = $obj->introduction;
$sql_check = "SELECT * FROM $table_group WHERE survey_id = '$sid'"; $sql_check = "SELECT * FROM $table_group WHERE survey_id = '$sid'";
$res_check = api_sql_query($sql_check); $res_check = Database::query($sql_check);
$num_check = mysql_num_rows($res_check); $num_check = mysql_num_rows($res_check);
for($k=0;$k<$num_check;$k++) for($k=0;$k<$num_check;$k++)
{ {
@ -1286,10 +1286,10 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
if(!@in_array($gid_arr[$p],$imp)) if(!@in_array($gid_arr[$p],$imp))
{ {
$sql_insert = "INSERT INTO $table_group(group_id,survey_id,groupname,introduction,imported_group) values('','$sid','$gname','$intro','$gid_arr[$p]')"; $sql_insert = "INSERT INTO $table_group(group_id,survey_id,groupname,introduction,imported_group) values('','$sid','$gname','$intro','$gid_arr[$p]')";
$res_insert = api_sql_query($sql_insert); $res_insert = Database::query($sql_insert);
$new_gid = mysql_insert_id(); $new_gid = mysql_insert_id();
$sql_ques = "SELECT * FROM $table_question WHERE gid= '$gid_arr[$p]'"; $sql_ques = "SELECT * FROM $table_question WHERE gid= '$gid_arr[$p]'";
$res_ques = api_sql_query($sql_ques); $res_ques = Database::query($sql_ques);
$num = mysql_num_rows($res_ques); $num = mysql_num_rows($res_ques);
while($obj_ques = mysql_fetch_object($res_ques)) while($obj_ques = mysql_fetch_object($res_ques))
{ {
@ -1320,7 +1320,7 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
} }
} }
$sql_ques_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$new_gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')"; $sql_ques_insert = "INSERT INTO $table_question (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_group) values('','$new_gid','$temp_qtype','$temp_caption',$x'$anst','$ansd',$y,'$gid_arr[$p]')";
$res_ques_insert = api_sql_query($sql_ques_insert); $res_ques_insert = Database::query($sql_ques_insert);
} }
} }
else else
@ -1338,7 +1338,7 @@ function insert_existing_groups ($sid,$gids,$table_group,$table_question)
{ {
$surveytable=Database:: get_course_table(TABLE_SURVEY); $surveytable=Database:: get_course_table(TABLE_SURVEY);
$sql="SELECT * FROM $surveytable WHERE survey_id=$sid"; $sql="SELECT * FROM $surveytable WHERE survey_id=$sid";
$res=api_sql_query($sql); $res=Database::query($sql);
$code=@mysql_result($res,0,'title'); $code=@mysql_result($res,0,'title');
return($code); return($code);
} }
@ -1349,7 +1349,7 @@ function pick_author($survey_id)
{ {
$survey_table = Database :: get_course_table(TABLE_SURVEY); $survey_table = Database :: get_course_table(TABLE_SURVEY);
$sql = "SELECT author FROM $survey_table WHERE survey_id='$survey_id'"; $sql = "SELECT author FROM $survey_table WHERE survey_id='$survey_id'";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
$author=@mysql_result($res,0,'author'); $author=@mysql_result($res,0,'author');
return $author; return $author;
} }
@ -1363,14 +1363,14 @@ function question_import($surveyid,$qids,$db_name,$curr_dbname)
for($i=0; $i<$count; $i++) for($i=0; $i<$count; $i++)
{ {
$sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions "; $sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions ";
$res_sort=api_sql_query($sql_sort); $res_sort=Database::query($sql_sort);
$rs=mysql_fetch_object($res_sort); $rs=mysql_fetch_object($res_sort);
$sortby=$rs->sortby; $sortby=$rs->sortby;
if(empty($sortby)) if(empty($sortby))
{$sortby=1;} {$sortby=1;}
else{$sortby=$sortby+1;} else{$sortby=$sortby+1;}
$sql_q = "SELECT * FROM $db_name.questions WHERE qid = '$qid[$i]'"; $sql_q = "SELECT * FROM $db_name.questions WHERE qid = '$qid[$i]'";
$res_q = api_sql_query($sql_q,__FILE__,__LINE__); $res_q = Database::query($sql_q,__FILE__,__LINE__);
$obj=@mysql_fetch_object($res_q); $obj=@mysql_fetch_object($res_q);
$oldgid=$obj->gid; $oldgid=$obj->gid;
$caption1=addslashes($obj->caption); $caption1=addslashes($obj->caption);
@ -1397,11 +1397,11 @@ function question_import($surveyid,$qids,$db_name,$curr_dbname)
$r9=addslashes($obj->r9); $r9=addslashes($obj->r9);
$r10=addslashes($obj_q->r10); $r10=addslashes($obj_q->r10);
//$sql_gr = "SELECT * FROM $db_name.survey_group WHERE group_id = '$oldgid'"; //$sql_gr = "SELECT * FROM $db_name.survey_group WHERE group_id = '$oldgid'";
//$res_gr = api_sql_query($sql_gr,__FILE__,__LINE__); //$res_gr = Database::query($sql_gr,__FILE__,__LINE__);
// $obj_gr=@mysql_fetch_object($res_gr); // $obj_gr=@mysql_fetch_object($res_gr);
//$groupname = $obj_gr->groupname //$groupname = $obj_gr->groupname
$sql_quesid = "SELECT * FROM $curr_dbname.questions WHERE survey_id = '$surveyid' AND imported_question = '$qid[$i]' AND db_name = '$db_name'"; $sql_quesid = "SELECT * FROM $curr_dbname.questions WHERE survey_id = '$surveyid' AND imported_question = '$qid[$i]' AND db_name = '$db_name'";
$res_quesid = api_sql_query($sql_quesid,__FILE__,__LINE__); $res_quesid = Database::query($sql_quesid,__FILE__,__LINE__);
$num_ques=mysql_num_rows($res_quesid); $num_ques=mysql_num_rows($res_quesid);
if($num_ques>0) if($num_ques>0)
{ {
@ -1410,26 +1410,26 @@ function question_import($surveyid,$qids,$db_name,$curr_dbname)
else else
{ {
$sql_group = "SELECT * FROM $db_name.survey_group WHERE group_id = '$oldgid'"; $sql_group = "SELECT * FROM $db_name.survey_group WHERE group_id = '$oldgid'";
$res_group = api_sql_query($sql_group,__FILE__,__LINE__); $res_group = Database::query($sql_group,__FILE__,__LINE__);
$obj_group=@mysql_fetch_object($res_group); $obj_group=@mysql_fetch_object($res_group);
$groupname = $obj_group->groupname; $groupname = $obj_group->groupname;
$sql = "SELECT * FROM $curr_dbname.survey_group WHERE groupname = '$groupname' AND survey_id = '$surveyid'"; $sql = "SELECT * FROM $curr_dbname.survey_group WHERE groupname = '$groupname' AND survey_id = '$surveyid'";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$obj_gro = mysql_fetch_object($res); $obj_gro = mysql_fetch_object($res);
$num_group=mysql_num_rows($res); $num_group=mysql_num_rows($res);
if($num_group>0) if($num_group>0)
{ {
$sql_q_insert = "INSERT INTO $curr_dbname.questions (qid,gid,survey_id,qtype,caption,alignment,sortby,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_question,db_name) values('','$obj_gro->group_id','$surveyid','$obj->qtype','$caption1','$obj->alignment','$sortby','$a1','$a2','$a3','$a4','$a5','$a6','$a7','$a8','$a9','$a10','$at','$ad','$r1','$r2','$r3','$r4','$r5','$r6','$r7','$r8','$r9','$r10','$qid[$i]','$db_name')"; $sql_q_insert = "INSERT INTO $curr_dbname.questions (qid,gid,survey_id,qtype,caption,alignment,sortby,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_question,db_name) values('','$obj_gro->group_id','$surveyid','$obj->qtype','$caption1','$obj->alignment','$sortby','$a1','$a2','$a3','$a4','$a5','$a6','$a7','$a8','$a9','$a10','$at','$ad','$r1','$r2','$r3','$r4','$r5','$r6','$r7','$r8','$r9','$r10','$qid[$i]','$db_name')";
api_sql_query($sql_q_insert,__FILE__,__LINE__); Database::query($sql_q_insert,__FILE__,__LINE__);
} }
else else
{ {
//$num_group; //$num_group;
$sql_ginsert="INSERT INTO $curr_dbname.survey_group(group_id,survey_id,groupname,introduction,imported_group, db_name) values('','$surveyid','$groupname','$obj_group->introduction','$oldgid','$db_name')"; $sql_ginsert="INSERT INTO $curr_dbname.survey_group(group_id,survey_id,groupname,introduction,imported_group, db_name) values('','$surveyid','$groupname','$obj_group->introduction','$oldgid','$db_name')";
api_sql_query($sql_ginsert,__FILE__,__LINE__); Database::query($sql_ginsert,__FILE__,__LINE__);
$new_gid = mysql_insert_id(); $new_gid = mysql_insert_id();
$sql_q_insert = "INSERT INTO $curr_dbname.questions (qid,gid,survey_id,qtype,caption,alignment,sortby,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_question,db_name) values('','$new_gid','$surveyid','$obj->qtype','$caption1','$obj->alignment','$sortby','$a1','$a2','$a3','$a4','$a5','$a6','$a7','$a8','$a9','$a10','$at','$ad','$r1','$r2','$r3','$r4','$r5','$r6','$r7','$r8','$r9','$r10','$qid[$i]','$db_name')"; $sql_q_insert = "INSERT INTO $curr_dbname.questions (qid,gid,survey_id,qtype,caption,alignment,sortby,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_question,db_name) values('','$new_gid','$surveyid','$obj->qtype','$caption1','$obj->alignment','$sortby','$a1','$a2','$a3','$a4','$a5','$a6','$a7','$a8','$a9','$a10','$at','$ad','$r1','$r2','$r3','$r4','$r5','$r6','$r7','$r8','$r9','$r10','$qid[$i]','$db_name')";
api_sql_query($sql_q_insert,__FILE__,__LINE__); Database::query($sql_q_insert,__FILE__,__LINE__);
} }
} }
} }
@ -1444,19 +1444,19 @@ function import_group($surveyid,$gids,$db_name,$curr_dbname)
for($i=0;$i<$index;$i++) for($i=0;$i<$index;$i++)
{ {
$sql = "SELECT * FROM $db_name.survey_group WHERE group_id = '$gid_arr[$i]'"; $sql = "SELECT * FROM $db_name.survey_group WHERE group_id = '$gid_arr[$i]'";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$obj = mysql_fetch_object($res); $obj = mysql_fetch_object($res);
$sql_ques = "SELECT * FROM $db_name.questions WHERE gid = '$gid_arr[$i]'"; $sql_ques = "SELECT * FROM $db_name.questions WHERE gid = '$gid_arr[$i]'";
$res_ques = api_sql_query($sql_ques,__FILE__,__LINE__); $res_ques = Database::query($sql_ques,__FILE__,__LINE__);
$obj_ques = mysql_fetch_object($res_ques); $obj_ques = mysql_fetch_object($res_ques);
$sql_check = "SELECT * FROM $curr_dbname.survey_group WHERE survey_id = '$surveyid' AND imported_group = '$gid_arr[$i]' AND db_name = '$db_name'"; $sql_check = "SELECT * FROM $curr_dbname.survey_group WHERE survey_id = '$surveyid' AND imported_group = '$gid_arr[$i]' AND db_name = '$db_name'";
$res_check = api_sql_query($sql_check); $res_check = Database::query($sql_check);
$obj_check = mysql_fetch_object($res_check); $obj_check = mysql_fetch_object($res_check);
$num = mysql_num_rows($res_check); $num = mysql_num_rows($res_check);
if($num>0) if($num>0)
{ {
$sql_question = "SELECT * FROM $curr_dbname.questions WHERE survey_id='$surveyid' AND imported_question = '$obj_ques->qid' AND db_name = '$db_name'"; $sql_question = "SELECT * FROM $curr_dbname.questions WHERE survey_id='$surveyid' AND imported_question = '$obj_ques->qid' AND db_name = '$db_name'";
$res_question = api_sql_query($sql_question,__FILE__,__LINE__); $res_question = Database::query($sql_question,__FILE__,__LINE__);
$num_ques = mysql_num_rows($res_question); $num_ques = mysql_num_rows($res_question);
if($num_ques>0) if($num_ques>0)
{ {
@ -1465,16 +1465,16 @@ function import_group($surveyid,$gids,$db_name,$curr_dbname)
else else
{ {
$sql_insert_ques = "INSERT INTO $curr_dbname.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_question,db_name) values('','$obj_check->group_id','$surveyid','$obj_ques->qtype','$obj_ques->caption','$obj_ques->a1','$obj_ques->a2','$obj_ques->a3','$obj_ques->a4','$obj_ques->a5','$obj_ques->a6','$obj_ques->a7','$obj_ques->a8','$obj_ques->a9','$obj_ques->a10','$obj_ques->at','$obj_ques->ad','$obj_ques->r1','$obj_ques->r2','$obj_ques->r3','$obj_ques->r4','$obj_ques->r5','$obj_ques->r6','$obj_ques->r7','$obj_ques->r8','$obj_ques->r9','$obj_ques->r10','$obj_ques->qid','$db_name')"; $sql_insert_ques = "INSERT INTO $curr_dbname.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_question,db_name) values('','$obj_check->group_id','$surveyid','$obj_ques->qtype','$obj_ques->caption','$obj_ques->a1','$obj_ques->a2','$obj_ques->a3','$obj_ques->a4','$obj_ques->a5','$obj_ques->a6','$obj_ques->a7','$obj_ques->a8','$obj_ques->a9','$obj_ques->a10','$obj_ques->at','$obj_ques->ad','$obj_ques->r1','$obj_ques->r2','$obj_ques->r3','$obj_ques->r4','$obj_ques->r5','$obj_ques->r6','$obj_ques->r7','$obj_ques->r8','$obj_ques->r9','$obj_ques->r10','$obj_ques->qid','$db_name')";
api_sql_query($sql_insert_ques); Database::query($sql_insert_ques);
} }
} }
else else
{ {
$insert_group = "INSERT INTO $curr_dbname.survey_group (group_id,survey_id,groupname,introduction,imported_group,db_name) values('','$surveyid','$obj->groupname','$obj->introduction','$obj->group_id','$db_name')"; $insert_group = "INSERT INTO $curr_dbname.survey_group (group_id,survey_id,groupname,introduction,imported_group,db_name) values('','$surveyid','$obj->groupname','$obj->introduction','$obj->group_id','$db_name')";
$res_insert_group=api_sql_query($insert_group); $res_insert_group=Database::query($insert_group);
$new_gid = mysql_insert_id(); $new_gid = mysql_insert_id();
$sql_insert_grp = "INSERT INTO $curr_dbname.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_question,db_name) values('','$new_gid','$surveyid','$obj_ques->qtype','$obj_ques->caption','$obj_ques->a1','$obj_ques->a2','$obj_ques->a3','$obj_ques->a4','$obj_ques->a5','$obj_ques->a6','$obj_ques->a7','$obj_ques->a8','$obj_ques->a9','$obj_ques->a10','$obj_ques->at','$obj_ques->ad','$obj_ques->r1','$obj_ques->r2','$obj_ques->r3','$obj_ques->r4','$obj_ques->r5','$obj_ques->r6','$obj_ques->r7','$obj_ques->r8','$obj_ques->r9','$obj_ques->r10','$obj_ques->qid','$db_name')"; $sql_insert_grp = "INSERT INTO $curr_dbname.questions (qid,gid,qtype,caption,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,at,ad,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,imported_question,db_name) values('','$new_gid','$surveyid','$obj_ques->qtype','$obj_ques->caption','$obj_ques->a1','$obj_ques->a2','$obj_ques->a3','$obj_ques->a4','$obj_ques->a5','$obj_ques->a6','$obj_ques->a7','$obj_ques->a8','$obj_ques->a9','$obj_ques->a10','$obj_ques->at','$obj_ques->ad','$obj_ques->r1','$obj_ques->r2','$obj_ques->r3','$obj_ques->r4','$obj_ques->r5','$obj_ques->r6','$obj_ques->r7','$obj_ques->r8','$obj_ques->r9','$obj_ques->r10','$obj_ques->qid','$db_name')";
api_sql_query($sql_insert_grp); Database::query($sql_insert_grp);
} }
} }
return $message; return $message;
@ -1492,13 +1492,13 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
for($i=0;$i<$index;$i++) for($i=0;$i<$index;$i++)
{ {
$sql = "SELECT * FROM $db_name.survey_group WHERE group_id = '$gid_arr[$i]'"; $sql = "SELECT * FROM $db_name.survey_group WHERE group_id = '$gid_arr[$i]'";
$res = api_sql_query($sql); $res = Database::query($sql);
$obj = mysql_fetch_object($res); $obj = mysql_fetch_object($res);
$groupname=addslashes($obj->groupname); $groupname=addslashes($obj->groupname);
$introduction=addslashes($obj->introduction); $introduction=addslashes($obj->introduction);
$g_sortby = intval($obj->sortby); $g_sortby = intval($obj->sortby);
$sql_curr = "SELECT * FROM $curr_dbname.survey_group WHERE survey_id = '$sid' AND groupname = '$obj->groupname'"; $sql_curr = "SELECT * FROM $curr_dbname.survey_group WHERE survey_id = '$sid' AND groupname = '$obj->groupname'";
$res_curr = api_sql_query($sql_curr); $res_curr = Database::query($sql_curr);
$obj_curr = mysql_fetch_object($res_curr); $obj_curr = mysql_fetch_object($res_curr);
$gid = $obj_curr->group_id; $gid = $obj_curr->group_id;
$num = mysql_num_rows($res_curr); $num = mysql_num_rows($res_curr);
@ -1506,7 +1506,7 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
if($num>0) //the group name exists and the questions will be imported in this group. if($num>0) //the group name exists and the questions will be imported in this group.
{ {
$sql_ques = "SELECT * FROM $curr_dbname.questions WHERE gid = '$gid'"; $sql_ques = "SELECT * FROM $curr_dbname.questions WHERE gid = '$gid'";
$res_ques = api_sql_query($sql_ques); $res_ques = Database::query($sql_ques);
$obj_ques = mysql_fetch_object($res_ques); $obj_ques = mysql_fetch_object($res_ques);
$count = mysql_num_rows($res_ques); $count = mysql_num_rows($res_ques);
for($j=0;$j<$count;$j++) for($j=0;$j<$count;$j++)
@ -1517,7 +1517,7 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
$check_qid = @array_unique($check_qid); $check_qid = @array_unique($check_qid);
$check_db = @array_unique($check_db); $check_db = @array_unique($check_db);
$sql_old = "SELECT * FROM $db_name.questions WHERE gid = '$gid_arr[$i]'"; $sql_old = "SELECT * FROM $db_name.questions WHERE gid = '$gid_arr[$i]'";
$res_old = api_sql_query($sql_old); $res_old = Database::query($sql_old);
while($obj_old = mysql_fetch_object($res_old)) while($obj_old = mysql_fetch_object($res_old))
{ {
$caption1=addslashes($obj_old->caption); $caption1=addslashes($obj_old->caption);
@ -1544,7 +1544,7 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
$r9=addslashes($obj_old->r9); $r9=addslashes($obj_old->r9);
$r10=addslashes($obj_old->r10); $r10=addslashes($obj_old->r10);
$sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions "; $sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions ";
$res_sort=api_sql_query($sql_sort); $res_sort=Database::query($sql_sort);
$rs=mysql_fetch_object($res_sort); $rs=mysql_fetch_object($res_sort);
$sortby=$rs->sortby; $sortby=$rs->sortby;
if(empty($sortby)) if(empty($sortby))
@ -1558,7 +1558,7 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
else else
{ {
$sql_insertq = "INSERT INTO $curr_dbname.questions (qid, gid, survey_id, qtype, caption, alignment, sortby, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, at, ad, alt_text, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, imported_question, db_name) VALUES('', '$gid', '$sid', '$obj_old->qtype', '$caption1', '$obj_old->alignment', '$sortby', '$a1', '$a2', '$a3', '$a4', '$a5', '$a6', '$a7', '$a8', '$a9', '$a10', '$at', '$ad', '$alt_text', '$r1', '$r2', '$r3', '$r4', '$r5', '$r6', '$r7', '$r8', '$r9', '$r10', '$obj_old->qid', '$db_name')"; $sql_insertq = "INSERT INTO $curr_dbname.questions (qid, gid, survey_id, qtype, caption, alignment, sortby, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, at, ad, alt_text, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, imported_question, db_name) VALUES('', '$gid', '$sid', '$obj_old->qtype', '$caption1', '$obj_old->alignment', '$sortby', '$a1', '$a2', '$a3', '$a4', '$a5', '$a6', '$a7', '$a8', '$a9', '$a10', '$at', '$ad', '$alt_text', '$r1', '$r2', '$r3', '$r4', '$r5', '$r6', '$r7', '$r8', '$r9', '$r10', '$obj_old->qid', '$db_name')";
api_sql_query($sql_insertq); Database::query($sql_insertq);
} }
} }
} }
@ -1566,10 +1566,10 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
{ {
$sql_insertg = "INSERT INTO $curr_dbname.survey_group (group_id, survey_id, groupname, introduction, imported_group, db_name, sortby) VALUES ('', '$sid', '$groupname', '$introduction', '$obj->group_id', '$db_name', $g_sortby)"; $sql_insertg = "INSERT INTO $curr_dbname.survey_group (group_id, survey_id, groupname, introduction, imported_group, db_name, sortby) VALUES ('', '$sid', '$groupname', '$introduction', '$obj->group_id', '$db_name', $g_sortby)";
api_sql_query($sql_insertg); Database::query($sql_insertg);
$group_id = mysql_insert_id(); $group_id = mysql_insert_id();
$sql_old = "SELECT * FROM $db_name.questions WHERE gid = '$gid_arr[$i]'"; $sql_old = "SELECT * FROM $db_name.questions WHERE gid = '$gid_arr[$i]'";
$res_old = api_sql_query($sql_old); $res_old = Database::query($sql_old);
while($obj_old = mysql_fetch_object($res_old)) while($obj_old = mysql_fetch_object($res_old))
{ {
$caption1=addslashes($obj_old->caption); $caption1=addslashes($obj_old->caption);
@ -1596,14 +1596,14 @@ function import_group($sid,$gids,$db_name,$curr_dbname)
$r9=addslashes($obj_old->r9); $r9=addslashes($obj_old->r9);
$r10=addslashes($obj_old->r10); $r10=addslashes($obj_old->r10);
$sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions "; $sql_sort = "SELECT max(sortby) AS sortby FROM $curr_dbname.questions ";
$res_sort=api_sql_query($sql_sort); $res_sort=Database::query($sql_sort);
$rs=mysql_fetch_object($res_sort); $rs=mysql_fetch_object($res_sort);
$sortby=$rs->sortby; $sortby=$rs->sortby;
if(empty($sortby)) if(empty($sortby))
{$sortby=1;} {$sortby=1;}
else{$sortby=$sortby+1;} else{$sortby=$sortby+1;}
$sql_insertq = "INSERT INTO $curr_dbname.questions (qid, gid, survey_id, qtype, caption, alignment, sortby, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, at, ad, alt_text, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, imported_question, db_name) VALUES('', '$group_id', '$sid', '$obj_old->qtype', '$caption1', '$obj_old->alignment', '$sortby', '$a1', '$a2', '$a3', '$a4', '$a5', '$a6', '$a7', '$a8', '$a9', '$a10', '$at', '$ad', '$obj_old->alt_text', '$r1', '$r2', '$r3', '$r4', '$r5', '$r6', '$r7', '$r8', '$r9', '$r10', '$obj_old->qid', '$db_name')"; $sql_insertq = "INSERT INTO $curr_dbname.questions (qid, gid, survey_id, qtype, caption, alignment, sortby, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, at, ad, alt_text, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, imported_question, db_name) VALUES('', '$group_id', '$sid', '$obj_old->qtype', '$caption1', '$obj_old->alignment', '$sortby', '$a1', '$a2', '$a3', '$a4', '$a5', '$a6', '$a7', '$a8', '$a9', '$a10', '$at', '$ad', '$obj_old->alt_text', '$r1', '$r2', '$r3', '$r4', '$r5', '$r6', '$r7', '$r8', '$r9', '$r10', '$obj_old->qid', '$db_name')";
api_sql_query($sql_insertq); Database::query($sql_insertq);
} }
} }
} }
@ -1626,7 +1626,7 @@ function get_status()
$table_user = Database::get_main_table(TABLE_MAIN_USER); $table_user = Database::get_main_table(TABLE_MAIN_USER);
$sqlm = "SELECT status FROM $table_user WHERE user_id = '".mysql_real_escape_string($_user['user_id'])."'"; $sqlm = "SELECT status FROM $table_user WHERE user_id = '".mysql_real_escape_string($_user['user_id'])."'";
$resm = api_sql_query($sqlm,__FILE__,__LINE__); $resm = Database::query($sqlm,__FILE__,__LINE__);
$objm=@mysql_fetch_object($resm); $objm=@mysql_fetch_object($resm);
$ss = $objm->status ; $ss = $objm->status ;
return $ss; return $ss;
@ -1682,7 +1682,7 @@ function listGroups($id_survey, $fields = '*')
$groups_table = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP); $groups_table = Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP);
$sql = 'SELECT '.$fields.' FROM '.$groups_table.' $sql = 'SELECT '.$fields.' FROM '.$groups_table.'
WHERE survey_id='.$id_survey.' ORDER BY sortby'; WHERE survey_id='.$id_survey.' ORDER BY sortby';
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$groups = array(); $groups = array();
while($row = mysql_fetch_array($rs)){ while($row = mysql_fetch_array($rs)){
$groups[] = $row; $groups[] = $row;
@ -1705,7 +1705,7 @@ function listQuestions($id_survey, $fields = '*')
WHERE questions.survey_id='.$id_survey.' WHERE questions.survey_id='.$id_survey.'
ORDER BY groups.sortby, questions.sortby'; ORDER BY groups.sortby, questions.sortby';
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$questions = array(); $questions = array();
while($row = mysql_fetch_array($rs)){ while($row = mysql_fetch_array($rs)){
@ -1725,7 +1725,7 @@ function listAnswers($qid){
$sql = 'SELECT DISTINCT answer FROM '.$answers_table.' $sql = 'SELECT DISTINCT answer FROM '.$answers_table.'
WHERE qid='.$qid; WHERE qid='.$qid;
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$answers = array(); $answers = array();
while($row = mysql_fetch_array($rs)){ while($row = mysql_fetch_array($rs)){
@ -1745,7 +1745,7 @@ function listUsers($survey_id, $dbname, $fields='id, user_id, firstname, lastnam
WHERE survey_id='.$survey_id.' WHERE survey_id='.$survey_id.'
AND db_name="'.$dbname. AND db_name="'.$dbname.
$order_clause; $order_clause;
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$users = array(); $users = array();
while ($row = mysql_fetch_array($rs)) { while ($row = mysql_fetch_array($rs)) {
$users[] = $row; $users[] = $row;
@ -1759,7 +1759,7 @@ function getUserAnswersDetails($id_userAnswers, $params=''){
$table_answers = Database :: get_main_table(TABLE_MAIN_SURVEY_USER); $table_answers = Database :: get_main_table(TABLE_MAIN_SURVEY_USER);
$sql = 'SELECT * FROM '.$table_answers.' '.$where.' '.$order; $sql = 'SELECT * FROM '.$table_answers.' '.$where.' '.$order;
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$answers = array(); $answers = array();
while($row = mysql_fetch_array($rs)) while($row = mysql_fetch_array($rs))
$answers[] = $row; $answers[] = $row;
@ -1802,7 +1802,7 @@ class SurveyTree {
WHERE survey.author = user.user_id WHERE survey.author = user.user_id
GROUP BY survey.survey_id"; GROUP BY survey.survey_id";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
$surveys_parents = array (); $surveys_parents = array ();
$refs = array(); $refs = array();
$list = array(); $list = array();

20
main/inc/lib/system_announcements.lib.php
Unescape View File

@ -35,7 +35,7 @@ class SystemAnnouncementManager
break; break;
} }
$sql .= " ORDER BY date_start DESC LIMIT 0,7"; $sql .= " ORDER BY date_start DESC LIMIT 0,7";
$announcements = api_sql_query($sql,__FILE__,__LINE__); $announcements = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($announcements)) if (Database::num_rows($announcements))
{ {
$query_string = ereg_replace('announcement=[1-9]+', '', $_SERVER['QUERY_STRING']); $query_string = ereg_replace('announcement=[1-9]+', '', $_SERVER['QUERY_STRING']);
@ -117,7 +117,7 @@ class SystemAnnouncementManager
} else { } else {
$sql .= " ORDER BY date_start DESC LIMIT ".($start+1).",20"; $sql .= " ORDER BY date_start DESC LIMIT ".($start+1).",20";
} }
$announcements = api_sql_query($sql,__FILE__,__LINE__); $announcements = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($announcements)) { if (Database::num_rows($announcements)) {
$query_string = ereg_replace('announcement=[1-9]+', '', $_SERVER['QUERY_STRING']); $query_string = ereg_replace('announcement=[1-9]+', '', $_SERVER['QUERY_STRING']);
@ -210,7 +210,7 @@ class SystemAnnouncementManager
} }
} }
$sql .= 'LIMIT '.$start.',21'; $sql .= 'LIMIT '.$start.',21';
$announcements = api_sql_query($sql,__FILE__,__LINE__); $announcements = Database::query($sql,__FILE__,__LINE__);
$i = 0; $i = 0;
while($rows = Database::fetch_array($announcements)) while($rows = Database::fetch_array($announcements))
{ {
@ -229,7 +229,7 @@ class SystemAnnouncementManager
$db_table = Database :: get_main_table(TABLE_MAIN_SYSTEM_ANNOUNCEMENTS); $db_table = Database :: get_main_table(TABLE_MAIN_SYSTEM_ANNOUNCEMENTS);
$sql = "SELECT *, IF( NOW() BETWEEN date_start AND date_end, '1', '0') AS visible FROM ".$db_table." ORDER BY date_start ASC"; $sql = "SELECT *, IF( NOW() BETWEEN date_start AND date_end, '1', '0') AS visible FROM ".$db_table." ORDER BY date_start ASC";
$announcements = api_sql_query($sql,__FILE__,__LINE__); $announcements = Database::query($sql,__FILE__,__LINE__);
$all_announcements = array(); $all_announcements = array();
while ($announcement = Database::fetch_object($announcements)) while ($announcement = Database::fetch_object($announcements))
{ {
@ -281,7 +281,7 @@ class SystemAnnouncementManager
if ($send_mail==1) { if ($send_mail==1) {
SystemAnnouncementManager::send_system_announcement_by_email($title, $content,$visible_teacher, $visible_student); SystemAnnouncementManager::send_system_announcement_by_email($title, $content,$visible_teacher, $visible_student);
} }
return api_sql_query($sql,__FILE__,__LINE__); return Database::query($sql,__FILE__,__LINE__);
} }
/** /**
* Updates an announcement to the database * Updates an announcement to the database
@ -328,7 +328,7 @@ class SystemAnnouncementManager
if ($send_mail==1) { if ($send_mail==1) {
SystemAnnouncementManager::send_system_announcement_by_email($title, $content,$visible_teacher, $visible_student); SystemAnnouncementManager::send_system_announcement_by_email($title, $content,$visible_teacher, $visible_student);
} }
return api_sql_query($sql,__FILE__,__LINE__); return Database::query($sql,__FILE__,__LINE__);
} }
/** /**
* Deletes an announcement * Deletes an announcement
@ -340,7 +340,7 @@ class SystemAnnouncementManager
$db_table = Database :: get_main_table(TABLE_MAIN_SYSTEM_ANNOUNCEMENTS); $db_table = Database :: get_main_table(TABLE_MAIN_SYSTEM_ANNOUNCEMENTS);
$id = intval($id); $id = intval($id);
$sql = "DELETE FROM ".$db_table." WHERE id='".$id."'"; $sql = "DELETE FROM ".$db_table." WHERE id='".$id."'";
return api_sql_query($sql,__FILE__,__LINE__); return Database::query($sql,__FILE__,__LINE__);
} }
/** /**
* Gets an announcement * Gets an announcement
@ -352,7 +352,7 @@ class SystemAnnouncementManager
$db_table = Database :: get_main_table(TABLE_MAIN_SYSTEM_ANNOUNCEMENTS); $db_table = Database :: get_main_table(TABLE_MAIN_SYSTEM_ANNOUNCEMENTS);
$id = intval($id); $id = intval($id);
$sql = "SELECT * FROM ".$db_table." WHERE id='".$id."'"; $sql = "SELECT * FROM ".$db_table." WHERE id='".$id."'";
$announcement = Database::fetch_object(api_sql_query($sql,__FILE__,__LINE__)); $announcement = Database::fetch_object(Database::query($sql,__FILE__,__LINE__));
return $announcement; return $announcement;
} }
/** /**
@ -367,7 +367,7 @@ class SystemAnnouncementManager
$announcement_id = intval($announcement_id); $announcement_id = intval($announcement_id);
$field = ($user == VISIBLE_TEACHER ? 'visible_teacher' : ($user == VISIBLE_STUDENT ? 'visible_student' : 'visible_guest')); $field = ($user == VISIBLE_TEACHER ? 'visible_teacher' : ($user == VISIBLE_STUDENT ? 'visible_student' : 'visible_guest'));
$sql = "UPDATE ".$db_table." SET ".$field." = '".$visible."' WHERE id='".$announcement_id."'"; $sql = "UPDATE ".$db_table." SET ".$field." = '".$visible."' WHERE id='".$announcement_id."'";
return api_sql_query($sql,__FILE__,__LINE__); return Database::query($sql,__FILE__,__LINE__);
} }
function send_system_announcement_by_email($title,$content,$teacher, $student) function send_system_announcement_by_email($title,$content,$teacher, $student)
@ -389,7 +389,7 @@ class SystemAnnouncementManager
return true; return true;
} }
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
while($row = Database::fetch_array($result,'ASSOC')) while($row = Database::fetch_array($result,'ASSOC'))
{ {
api_mail_html(api_get_person_name($row['firstname'], $row['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $row['email'], api_html_entity_decode(stripslashes($title), ENT_QUOTES, $charset), api_html_entity_decode(stripslashes($content), ENT_QUOTES, $charset), api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), api_get_setting('emailAdministrator'), api_get_setting('emailAdministrator')); api_mail_html(api_get_person_name($row['firstname'], $row['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $row['email'], api_html_entity_decode(stripslashes($title), ENT_QUOTES, $charset), api_html_entity_decode(stripslashes($content), ENT_QUOTES, $charset), api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), api_get_setting('emailAdministrator'), api_get_setting('emailAdministrator'));

96
main/inc/lib/tracking.lib.php
Unescape View File

@ -48,7 +48,7 @@ class Tracking {
$sql = 'SELECT login_date, logout_date FROM ' . $tbl_track_login . ' $sql = 'SELECT login_date, logout_date FROM ' . $tbl_track_login . '
WHERE login_user_id = ' . intval($user_id); WHERE login_user_id = ' . intval($user_id);
$rs = api_sql_query($sql,__FILE__,__LINE__); $rs = Database::query($sql,__FILE__,__LINE__);
$nb_seconds = 0; $nb_seconds = 0;
@ -100,7 +100,7 @@ class Tracking {
WHERE user_id = ' . $user_id . ' WHERE user_id = ' . $user_id . '
AND course_code="' . $course_code . '"'; AND course_code="' . $course_code . '"';
$rs = api_sql_query($sql,__FILE__,__LINE__); $rs = Database::query($sql,__FILE__,__LINE__);
$nb_seconds = 0; $nb_seconds = 0;
@ -125,7 +125,7 @@ class Tracking {
WHERE login_user_id = ' . intval($student_id) . ' WHERE login_user_id = ' . intval($student_id) . '
ORDER BY login_date ASC LIMIT 0,1'; ORDER BY login_date ASC LIMIT 0,1';
$rs = api_sql_query($sql,__FILE__,__LINE__); $rs = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($rs)>0) if(Database::num_rows($rs)>0)
{ {
if ($first_login_date = Database::result($rs, 0, 0)) { if ($first_login_date = Database::result($rs, 0, 0)) {
@ -141,7 +141,7 @@ class Tracking {
WHERE login_user_id = ' . intval($student_id) . ' WHERE login_user_id = ' . intval($student_id) . '
ORDER BY login_date DESC LIMIT 0,1'; ORDER BY login_date DESC LIMIT 0,1';
$rs = api_sql_query($sql,__FILE__,__LINE__); $rs = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($rs)>0) if(Database::num_rows($rs)>0)
{ {
if ($last_login_date = Database::result($rs, 0, 0)) if ($last_login_date = Database::result($rs, 0, 0))
@ -185,7 +185,7 @@ class Tracking {
AND course_code = "' . Database::escape_string($course_code) . '" AND course_code = "' . Database::escape_string($course_code) . '"
ORDER BY login_course_date ASC LIMIT 0,1'; ORDER BY login_course_date ASC LIMIT 0,1';
$rs = api_sql_query($sql,__FILE__,__LINE__); $rs = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($rs)>0) if(Database::num_rows($rs)>0)
{ {
if ($first_login_date = Database::result($rs, 0, 0)) { if ($first_login_date = Database::result($rs, 0, 0)) {
@ -202,7 +202,7 @@ class Tracking {
AND course_code = "' . Database::escape_string($course_code) . '" AND course_code = "' . Database::escape_string($course_code) . '"
ORDER BY login_course_date DESC LIMIT 0,1'; ORDER BY login_course_date DESC LIMIT 0,1';
$rs = api_sql_query($sql,__FILE__,__LINE__); $rs = Database::query($sql,__FILE__,__LINE__);
if(Database::num_rows($rs)>0) if(Database::num_rows($rs)>0)
{ {
if ($last_login_date = Database::result($rs, 0, 0)) { if ($last_login_date = Database::result($rs, 0, 0)) {
@ -229,13 +229,13 @@ class Tracking {
$sql = 'SELECT DISTINCT course_code $sql = 'SELECT DISTINCT course_code
FROM ' . $tbl_course_rel_user . ' FROM ' . $tbl_course_rel_user . '
WHERE user_id = ' . $user_id; WHERE user_id = ' . $user_id;
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$nb_courses = Database::num_rows($rs); $nb_courses = Database::num_rows($rs);
$sql = 'SELECT DISTINCT course_code $sql = 'SELECT DISTINCT course_code
FROM ' . $tbl_session_course_rel_user . ' FROM ' . $tbl_session_course_rel_user . '
WHERE id_user = ' . $user_id; WHERE id_user = ' . $user_id;
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$nb_courses += Database::num_rows($rs); $nb_courses += Database::num_rows($rs);
return $nb_courses; return $nb_courses;
@ -264,7 +264,7 @@ class Tracking {
//get the list of exercises //get the list of exercises
$sql = "SELECT id, title FROM $tbl_course_quiz WHERE active <> -1"; $sql = "SELECT id, title FROM $tbl_course_quiz WHERE active <> -1";
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$count_exe = Database::num_rows($rs); $count_exe = Database::num_rows($rs);
if ($count_exe > 0) { if ($count_exe > 0) {
@ -281,7 +281,7 @@ class Tracking {
AND orig_lp_item_id = 0 AND orig_lp_item_id = 0
ORDER BY exe_date DESC'; ORDER BY exe_date DESC';
$rsAttempt = api_sql_query($sql, __FILE__, __LINE__); $rsAttempt = Database::query($sql, __FILE__, __LINE__);
$nb_attempts = 0; $nb_attempts = 0;
$quiz_avg_score = 0; $quiz_avg_score = 0;
@ -329,7 +329,7 @@ class Tracking {
//get the list of learning paths //get the list of learning paths
$sql = 'SELECT id FROM ' . $tbl_course_lp; $sql = 'SELECT id FROM ' . $tbl_course_lp;
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$nb_lp = Database::num_rows($rs); $nb_lp = Database::num_rows($rs);
$avg_progress = 0; $avg_progress = 0;
@ -341,7 +341,7 @@ class Tracking {
WHERE lp_view.user_id = " . $student_id . " WHERE lp_view.user_id = " . $student_id . "
AND lp_view.lp_id = " . $lp['id'] . " AND lp_view.lp_id = " . $lp['id'] . "
"; ";
$resultItem = api_sql_query($sqlProgress, __FILE__, __LINE__); $resultItem = Database::query($sqlProgress, __FILE__, __LINE__);
if(Database::num_rows($resultItem)>0) if(Database::num_rows($resultItem)>0)
{ {
$avg_progress += Database::result($resultItem, 0, 0); $avg_progress += Database::result($resultItem, 0, 0);
@ -390,7 +390,7 @@ class Tracking {
$sql_course_lp.=' WHERE id IN ('.implode(',',$lp_ids).')'; $sql_course_lp.=' WHERE id IN ('.implode(',',$lp_ids).')';
} }
$sql_result_lp = api_sql_query($sql_course_lp, __FILE__, __LINE__); $sql_result_lp = Database::query($sql_course_lp, __FILE__, __LINE__);
$lp_scorm_score_total = 0; $lp_scorm_score_total = 0;
$lp_scorm_weighting_total = 0; $lp_scorm_weighting_total = 0;
$lp_scorm_result_score_total = 0; $lp_scorm_result_score_total = 0;
@ -405,13 +405,13 @@ class Tracking {
//We get the last view id of this LP (with the higher id) //We get the last view id of this LP (with the higher id)
$sql='SELECT max(id) as id FROM '.$lp_view_table.' $sql='SELECT max(id) as id FROM '.$lp_view_table.'
WHERE lp_id='.$a_learnpath['id'].' AND user_id="'.intval($student_id).'"'; WHERE lp_id='.$a_learnpath['id'].' AND user_id="'.intval($student_id).'"';
$rs_last_lp_view_id = api_sql_query($sql, __FILE__, __LINE__); $rs_last_lp_view_id = Database::query($sql, __FILE__, __LINE__);
$lp_view_id = Database::result($rs_last_lp_view_id,0,'id'); // THE view $lp_view_id = Database::result($rs_last_lp_view_id,0,'id'); // THE view
if ($lp_view_id != '') { if ($lp_view_id != '') {
// we get the progress // we get the progress
$sql='SELECT progress FROM '.$lp_view_table.' WHERE id="'.$lp_view_id.'"'; $sql='SELECT progress FROM '.$lp_view_table.' WHERE id="'.$lp_view_id.'"';
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$progress = Database::result($rs,0,'progress'); $progress = Database::result($rs,0,'progress');
// item's list of an scorm // item's list of an scorm
@ -422,7 +422,7 @@ class Tracking {
AND lp_i.item_type="sco" AND lp_i.item_type="sco"
WHERE lp_view_id="'.$lp_view_id.'"'; WHERE lp_view_id="'.$lp_view_id.'"';
//$rs = api_sql_query($sql, __FILE__, __LINE__); //$rs = Database::query($sql, __FILE__, __LINE__);
//$sql_max_score='SELECT max_score FROM '.$lp_item_view_table.' WHERE lp_view_id="'.$lp_view_id.'" '; //$sql_max_score='SELECT max_score FROM '.$lp_item_view_table.' WHERE lp_view_id="'.$lp_view_id.'" ';
$res_max_score=Database::query($sql_max_score,__FILE__,__LINE__); $res_max_score=Database::query($sql_max_score,__FILE__,__LINE__);
$count_total_loop=0; $count_total_loop=0;
@ -502,12 +502,12 @@ class Tracking {
WHERE lp_id='.$a_learnpath['id'].' WHERE lp_id='.$a_learnpath['id'].'
AND item_type="quiz"'; AND item_type="quiz"';
$rsItems = api_sql_query($sql, __FILE__, __LINE__); $rsItems = Database::query($sql, __FILE__, __LINE__);
//We get the last view id of this LP //We get the last view id of this LP
$sql = "SELECT id FROM $lp_view_table WHERE user_id = '".intval($student_id)."' and lp_id='".intval($a_learnpath['id'])."'"; $sql = "SELECT id FROM $lp_view_table WHERE user_id = '".intval($student_id)."' and lp_id='".intval($a_learnpath['id'])."'";
//$sql='SELECT max(id) as id FROM '.$lp_view_table.' WHERE lp_id='.$a_learnpath['id'].' AND user_id="'.intval($student_id).'"'; //$sql='SELECT max(id) as id FROM '.$lp_view_table.' WHERE lp_id='.$a_learnpath['id'].' AND user_id="'.intval($student_id).'"';
$rs_last_lp_view_id = api_sql_query($sql, __FILE__, __LINE__); $rs_last_lp_view_id = Database::query($sql, __FILE__, __LINE__);
$lp_view_id = intval(Database::result($rs_last_lp_view_id,0,'id')); $lp_view_id = intval(Database::result($rs_last_lp_view_id,0,'id'));
$total_score = $total_weighting = 0; $total_score = $total_weighting = 0;
@ -522,13 +522,13 @@ class Tracking {
FROM '.$lp_item_view_table.' as lp_view_item FROM '.$lp_item_view_table.' as lp_view_item
WHERE lp_view_item.lp_item_id = '.$item['item_id'].' WHERE lp_view_item.lp_item_id = '.$item['item_id'].'
AND lp_view_id = "'.$lp_view_id.'" ';*/ AND lp_view_id = "'.$lp_view_id.'" ';*/
$rsScores = api_sql_query($sql, __FILE__, __LINE__); $rsScores = Database::query($sql, __FILE__, __LINE__);
// Real max score - this was implemented because of the random exercises // Real max score - this was implemented because of the random exercises
$sql_last_attempt = 'SELECT exe_id FROM '. $tbl_stats_exercices. ' ' . $sql_last_attempt = 'SELECT exe_id FROM '. $tbl_stats_exercices. ' ' .
'WHERE exe_exo_id="' .$item['path']. '" AND exe_user_id="' . $student_id . '" AND orig_lp_id = "'.$a_learnpath['id'].'" AND orig_lp_item_id = "'.$item['item_id'].'" AND exe_cours_id="' . $course_code . '" ORDER BY exe_date DESC limit 1'; 'WHERE exe_exo_id="' .$item['path']. '" AND exe_user_id="' . $student_id . '" AND orig_lp_id = "'.$a_learnpath['id'].'" AND orig_lp_item_id = "'.$item['item_id'].'" AND exe_cours_id="' . $course_code . '" ORDER BY exe_date DESC limit 1';
$resultLastAttempt = api_sql_query($sql_last_attempt, __FILE__, __LINE__); $resultLastAttempt = Database::query($sql_last_attempt, __FILE__, __LINE__);
$num = Database :: num_rows($resultLastAttempt); $num = Database :: num_rows($resultLastAttempt);
if ($num > 0){ if ($num > 0){
if ($num > 1){ if ($num > 1){
@ -543,7 +543,7 @@ class Tracking {
$sql = "SELECT SUM(t.ponderation) as maxscore from ( SELECT distinct question_id, marks,ponderation FROM $tbl_stats_attempts as at " . $sql = "SELECT SUM(t.ponderation) as maxscore from ( SELECT distinct question_id, marks,ponderation FROM $tbl_stats_attempts as at " .
"INNER JOIN $tbl_quiz_questions as q on(q.id = at.question_id) where exe_id ='$id_last_attempt' ) as t"; "INNER JOIN $tbl_quiz_questions as q on(q.id = at.question_id) where exe_id ='$id_last_attempt' ) as t";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$row_max_score = Database :: fetch_array($result); $row_max_score = Database :: fetch_array($result);
$maxscore = $row_max_score['maxscore']; $maxscore = $row_max_score['maxscore'];
if ($maxscore=='') { if ($maxscore=='') {
@ -626,7 +626,7 @@ class Tracking {
} }
} }
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
while ($a_courses = Database::fetch_array($result)) { while ($a_courses = Database::fetch_array($result)) {
$course_code = $a_courses["course_code"]; $course_code = $a_courses["course_code"];
@ -636,7 +636,7 @@ class Tracking {
FROM $tbl_session_course_user AS srcru FROM $tbl_session_course_user AS srcru
WHERE course_code='$course_code' AND id_session='$id_session'"; WHERE course_code='$course_code' AND id_session='$id_session'";
$rs = api_sql_query($sql,__FILE__,__LINE__); $rs = Database::query($sql,__FILE__,__LINE__);
while ($row = Database::fetch_array($rs)) { while ($row = Database::fetch_array($rs)) {
$a_students[$row['id_user']] = $row['id_user']; $a_students[$row['id_user']] = $row['id_user'];
@ -672,7 +672,7 @@ class Tracking {
} }
} }
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
while ($row = Database::fetch_array($result)) { while ($row = Database::fetch_array($result)) {
$a_students[$row['id_user']] = $row['id_user']; $a_students[$row['id_user']] = $row['id_user'];
@ -695,7 +695,7 @@ class Tracking {
////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////
$sql = 'SELECT course_code FROM ' . $tbl_session_course . ' WHERE id_session="' . $id_session . '" AND id_coach=' . $coach_id; $sql = 'SELECT course_code FROM ' . $tbl_session_course . ' WHERE id_session="' . $id_session . '" AND id_coach=' . $coach_id;
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
while ($a_courses = Database::fetch_array($result)) { while ($a_courses = Database::fetch_array($result)) {
$course_code = $a_courses["course_code"]; $course_code = $a_courses["course_code"];
@ -704,7 +704,7 @@ class Tracking {
FROM $tbl_session_course_user AS srcru FROM $tbl_session_course_user AS srcru
WHERE course_code='$course_code' and id_session = '" . $id_session . "'"; WHERE course_code='$course_code' and id_session = '" . $id_session . "'";
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($rs)) { while ($row = Database::fetch_array($rs)) {
$a_students[$row['id_user']] = $row['id_user']; $a_students[$row['id_user']] = $row['id_user'];
@ -716,11 +716,11 @@ class Tracking {
////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////
$dsl_session_coach = 'SELECT id_coach FROM ' . $tbl_session . ' WHERE id="' . $id_session . '" AND id_coach="' . $coach_id . '"'; $dsl_session_coach = 'SELECT id_coach FROM ' . $tbl_session . ' WHERE id="' . $id_session . '" AND id_coach="' . $coach_id . '"';
$result = api_sql_query($dsl_session_coach, __FILE__, __LINE__); $result = Database::query($dsl_session_coach, __FILE__, __LINE__);
//He is the session_coach so we select all the users in the session //He is the session_coach so we select all the users in the session
if (Database::num_rows($result) > 0) { if (Database::num_rows($result) > 0) {
$sql = 'SELECT DISTINCT srcru.id_user FROM ' . $tbl_session_course_user . ' AS srcru WHERE id_session="' . $id_session . '"'; $sql = 'SELECT DISTINCT srcru.id_user FROM ' . $tbl_session_course_user . ' AS srcru WHERE id_session="' . $id_session . '"';
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
while ($row = Database::fetch_array($result)) { while ($row = Database::fetch_array($result)) {
$a_students[$row['id_user']] = $row['id_user']; $a_students[$row['id_user']] = $row['id_user'];
} }
@ -745,7 +745,7 @@ class Tracking {
ON session_course.course_code = session_course_user.course_code ON session_course.course_code = session_course_user.course_code
AND id_coach=' . $coach_id . ' AND id_coach=' . $coach_id . '
WHERE id_user=' . $student_id; WHERE id_user=' . $student_id;
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) > 0) { if (Database::num_rows($result) > 0) {
return true; return true;
} }
@ -762,7 +762,7 @@ class Tracking {
ON session.id = session_course.id_session ON session.id = session_course.id_session
AND session.id_coach = ' . $coach_id . ' AND session.id_coach = ' . $coach_id . '
WHERE id_user = ' . $student_id; WHERE id_user = ' . $student_id;
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
if (Database::num_rows($result) > 0) { if (Database::num_rows($result) > 0) {
return true; return true;
} }
@ -801,7 +801,7 @@ class Tracking {
if (!empty ($id_session)) if (!empty ($id_session))
$sql .= ' AND id_session=' . $id_session; $sql .= ' AND id_session=' . $id_session;
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result)) { while ($row = Database::fetch_array($result)) {
$a_courses[$row['course_code']] = $row['course_code']; $a_courses[$row['course_code']] = $row['course_code'];
} }
@ -842,7 +842,7 @@ class Tracking {
$sql .= ' WHERE access_url_id = '.$access_url_id; $sql .= ' WHERE access_url_id = '.$access_url_id;
} }
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result)) { while ($row = Database::fetch_array($result)) {
$a_courses[$row['course_code']] = $row['course_code']; $a_courses[$row['course_code']] = $row['course_code'];
@ -876,7 +876,7 @@ class Tracking {
} }
} }
$rs = api_sql_query($sql,__FILE__,__LINE__); $rs = Database::query($sql,__FILE__,__LINE__);
while ($row = Database::fetch_array($rs)) while ($row = Database::fetch_array($rs))
{ {
@ -905,7 +905,7 @@ class Tracking {
} }
} }
$rs = api_sql_query($sql,__FILE__,__LINE__); $rs = Database::query($sql,__FILE__,__LINE__);
while ($row = Database::fetch_array($rs)) while ($row = Database::fetch_array($rs))
{ {
@ -955,7 +955,7 @@ class Tracking {
FROM ' . $tbl_session_course . ' FROM ' . $tbl_session_course . '
WHERE id_session=' . $session_id; WHERE id_session=' . $session_id;
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$a_courses = array (); $a_courses = array ();
while ($row = Database::fetch_array($rs)) { while ($row = Database::fetch_array($rs)) {
$a_courses[$row['course_code']] = $row; $a_courses[$row['course_code']] = $row;
@ -982,7 +982,7 @@ class Tracking {
WHERE insert_user_id=' . $student_id . ' WHERE insert_user_id=' . $student_id . '
AND tool="work"'; AND tool="work"';
$rs = api_sql_query($sql, __LINE__, __FILE__); $rs = Database::query($sql, __LINE__, __FILE__);
return Database::num_rows($rs); return Database::num_rows($rs);
} }
else else
@ -1009,7 +1009,7 @@ class Tracking {
FROM ' . $tbl_messages . ' FROM ' . $tbl_messages . '
WHERE poster_id=' . $student_id; WHERE poster_id=' . $student_id;
$rs = api_sql_query($sql, __LINE__, __FILE__); $rs = Database::query($sql, __LINE__, __FILE__);
return Database::num_rows($rs); return Database::num_rows($rs);
} }
else else
@ -1034,7 +1034,7 @@ class Tracking {
if (!empty($a_course['db_name'])) { if (!empty($a_course['db_name'])) {
$tbl_posts = Database :: get_course_table(TABLE_FORUM_POST, $a_course['db_name']); $tbl_posts = Database :: get_course_table(TABLE_FORUM_POST, $a_course['db_name']);
$sql = "SELECT count(*) FROM $tbl_posts"; $sql = "SELECT count(*) FROM $tbl_posts";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_row($result); $row = Database::fetch_row($result);
$count = $row[0]; $count = $row[0];
return $count; return $count;
@ -1059,7 +1059,7 @@ class Tracking {
if (!empty($a_course['db_name'])) { if (!empty($a_course['db_name'])) {
$tbl_threads = Database :: get_course_table(TABLE_FORUM_THREAD, $a_course['db_name']); $tbl_threads = Database :: get_course_table(TABLE_FORUM_THREAD, $a_course['db_name']);
$sql = "SELECT count(*) FROM $tbl_threads"; $sql = "SELECT count(*) FROM $tbl_threads";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_row($result); $row = Database::fetch_row($result);
$count = $row[0]; $count = $row[0];
return $count; return $count;
@ -1084,7 +1084,7 @@ class Tracking {
if (!empty($a_course['db_name'])) { if (!empty($a_course['db_name'])) {
$tbl_forums = Database :: get_course_table(TABLE_FORUM, $a_course['db_name']); $tbl_forums = Database :: get_course_table(TABLE_FORUM, $a_course['db_name']);
$sql = "SELECT count(*) FROM $tbl_forums"; $sql = "SELECT count(*) FROM $tbl_forums";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_row($result); $row = Database::fetch_row($result);
$count = $row[0]; $count = $row[0];
return $count; return $count;
@ -1113,7 +1113,7 @@ class Tracking {
$sql = "SELECT count(*) FROM $tbl_stats_access WHERE DATE_SUB(NOW(),INTERVAL $last_days DAY) <= access_date $sql = "SELECT count(*) FROM $tbl_stats_access WHERE DATE_SUB(NOW(),INTERVAL $last_days DAY) <= access_date
AND access_cours_code = '$course_code' AND access_tool='".TOOL_CHAT."'"; AND access_cours_code = '$course_code' AND access_tool='".TOOL_CHAT."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_row($result); $row = Database::fetch_row($result);
$count = $row[0]; $count = $row[0];
return $count; return $count;
@ -1147,7 +1147,7 @@ class Tracking {
$sql = "SELECT access_date FROM $tbl_stats_access $sql = "SELECT access_date FROM $tbl_stats_access
WHERE access_tool='".TOOL_CHAT."' AND access_user_id='$student_id' AND access_cours_code = '$course_code' ORDER BY access_date DESC limit 1"; WHERE access_tool='".TOOL_CHAT."' AND access_user_id='$student_id' AND access_cours_code = '$course_code' ORDER BY access_date DESC limit 1";
$rs = api_sql_query($sql, __LINE__, __FILE__); $rs = Database::query($sql, __LINE__, __FILE__);
$row = Database::fetch_array($rs); $row = Database::fetch_array($rs);
$last_connection = $row['access_date']; $last_connection = $row['access_date'];
if (!empty($last_connection)) { if (!empty($last_connection)) {
@ -1175,7 +1175,7 @@ class Tracking {
WHERE links_user_id=' . $student_id . ' WHERE links_user_id=' . $student_id . '
AND links_cours_id="' . $course_code . '"'; AND links_cours_id="' . $course_code . '"';
$rs = api_sql_query($sql, __LINE__, __FILE__); $rs = Database::query($sql, __LINE__, __FILE__);
return Database::num_rows($rs); return Database::num_rows($rs);
} }
@ -1192,7 +1192,7 @@ class Tracking {
WHERE down_user_id=' . $student_id . ' WHERE down_user_id=' . $student_id . '
AND down_cours_id="' . $course_code . '"'; AND down_cours_id="' . $course_code . '"';
$rs = api_sql_query($sql, __LINE__, __FILE__); $rs = Database::query($sql, __LINE__, __FILE__);
return Database::num_rows($rs); return Database::num_rows($rs);
} }
@ -1201,7 +1201,7 @@ class Tracking {
$id_session = intval($id_session); $id_session = intval($id_session);
$tbl_session_course_user = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER); $tbl_session_course_user = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
$sql = 'SELECT course_code FROM ' . $tbl_session_course_user . ' WHERE id_user="' . $user_id . '" AND id_session="' . $id_session . '"'; $sql = 'SELECT course_code FROM ' . $tbl_session_course_user . ' WHERE id_user="' . $user_id . '" AND id_session="' . $id_session . '"';
$result = api_sql_query($sql, __LINE__, __FILE__); $result = Database::query($sql, __LINE__, __FILE__);
$a_courses = array (); $a_courses = array ();
while ($row = Database::fetch_array($result)) { while ($row = Database::fetch_array($result)) {
$a_courses[$row['course_code']] = $row['course_code']; $a_courses[$row['course_code']] = $row['course_code'];
@ -1226,7 +1226,7 @@ class Tracking {
HAVING DATE_SUB( NOW(), INTERVAL '.$since.' DAY) > max_date '; HAVING DATE_SUB( NOW(), INTERVAL '.$since.' DAY) > max_date ';
//HAVING DATE_ADD(max_date, INTERVAL '.$since.' DAY) < NOW() '; //HAVING DATE_ADD(max_date, INTERVAL '.$since.' DAY) < NOW() ';
$rs = api_sql_query($sql,__FILE__,__LINE__); $rs = Database::query($sql,__FILE__,__LINE__);
$inactive_users = array(); $inactive_users = array();
while($user = Database::fetch_array($rs)) while($user = Database::fetch_array($rs))
{ {
@ -1245,7 +1245,7 @@ class Tracking {
WHERE access_user_id=' . $student_id . ' WHERE access_user_id=' . $student_id . '
AND access_cours_code="' . $course_code . '"'; AND access_cours_code="' . $course_code . '"';
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$nb_login = Database::num_rows($rs); $nb_login = Database::num_rows($rs);
return $nb_login; return $nb_login;
@ -1262,7 +1262,7 @@ class Tracking {
$sql = 'SELECT DISTINCT user_id FROM '.$tbl_user.' as user $sql = 'SELECT DISTINCT user_id FROM '.$tbl_user.' as user
WHERE hr_dept_id='.$hr_dept_id; WHERE hr_dept_id='.$hr_dept_id;
$rs = api_sql_query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
while($user = Database :: fetch_array($rs)) while($user = Database :: fetch_array($rs))
{ {

58
main/inc/lib/urlmanager.lib.php
Unescape View File

@ -50,7 +50,7 @@ class UrlManager
active = '".Database::escape_string($active)."', active = '".Database::escape_string($active)."',
created_by = '".Database::escape_string(api_get_user_id())."', created_by = '".Database::escape_string(api_get_user_id())."',
tms = FROM_UNIXTIME(".$tms.")"; tms = FROM_UNIXTIME(".$tms.")";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
return $result; return $result;
} }
@ -75,7 +75,7 @@ class UrlManager
created_by = '".Database::escape_string(api_get_user_id())."', created_by = '".Database::escape_string(api_get_user_id())."',
tms = FROM_UNIXTIME(".$tms.") tms = FROM_UNIXTIME(".$tms.")
WHERE id = '$url_id'"; WHERE id = '$url_id'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
return $result; return $result;
} }
@ -90,7 +90,7 @@ class UrlManager
{ {
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL); $table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql= "DELETE FROM $table_access_url WHERE id = ".Database::escape_string($id); $sql= "DELETE FROM $table_access_url WHERE id = ".Database::escape_string($id);
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
return $result; return $result;
} }
@ -101,7 +101,7 @@ class UrlManager
{ {
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL); $table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT id FROM $table_access_url WHERE url = '".Database::escape_string($url)."' "; $sql = "SELECT id FROM $table_access_url WHERE url = '".Database::escape_string($url)."' ";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$num = Database::num_rows($res); $num = Database::num_rows($res);
return $num; return $num;
} }
@ -113,7 +113,7 @@ class UrlManager
{ {
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL); $table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT id FROM $table_access_url WHERE id = '".Database::escape_string($url)."' "; $sql = "SELECT id FROM $table_access_url WHERE id = '".Database::escape_string($url)."' ";
$res = api_sql_query($sql,__FILE__,__LINE__); $res = Database::query($sql,__FILE__,__LINE__);
$num = Database::num_rows($res); $num = Database::num_rows($res);
return $num; return $num;
} }
@ -127,7 +127,7 @@ class UrlManager
{ {
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL); $table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT count(id) as count_result FROM $table_access_url"; $sql = "SELECT count(id) as count_result FROM $table_access_url";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
$url = Database::fetch_array($res,'ASSOC'); $url = Database::fetch_array($res,'ASSOC');
$result = $url['count_result']; $result = $url['count_result'];
return $result; return $result;
@ -142,7 +142,7 @@ class UrlManager
{ {
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL); $table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT id, url, description, active FROM $table_access_url"; $sql = "SELECT id, url, description, active FROM $table_access_url";
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
$urls = array (); $urls = array ();
while ($url = Database::fetch_array($res)) { while ($url = Database::fetch_array($res)) {
$urls[] = $url; $urls[] = $url;
@ -159,7 +159,7 @@ class UrlManager
{ {
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL); $table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT id, url, description, active FROM $table_access_url WHERE id = ".Database::escape_string($url_id); $sql = "SELECT id, url, description, active FROM $table_access_url WHERE id = ".Database::escape_string($url_id);
$res = api_sql_query($sql, __FILE__, __LINE__); $res = Database::query($sql, __FILE__, __LINE__);
$row = Database::fetch_array($res); $row = Database::fetch_array($res);
return $row; return $row;
} }
@ -183,7 +183,7 @@ class UrlManager
INNER JOIN $table_url_rel_user INNER JOIN $table_url_rel_user
ON $table_url_rel_user.user_id = u.user_id ON $table_url_rel_user.user_id = u.user_id
$where".$order_clause; $where".$order_clause;
$result=api_sql_query($sql,__FILE__,__LINE__); $result=Database::query($sql,__FILE__,__LINE__);
$users=Database::store_result($result); $users=Database::store_result($result);
return $users; return $users;
} }
@ -210,7 +210,7 @@ class UrlManager
$where $where
ORDER BY title, code"; ORDER BY title, code";
$result=api_sql_query($sql,__FILE__,__LINE__); $result=Database::query($sql,__FILE__,__LINE__);
$courses=Database::store_result($result); $courses=Database::store_result($result);
return $courses; return $courses;
} }
@ -236,7 +236,7 @@ class UrlManager
$where $where
ORDER BY name, id"; ORDER BY name, id";
$result=api_sql_query($sql,__FILE__,__LINE__); $result=Database::query($sql,__FILE__,__LINE__);
$sessions=Database::store_result($result); $sessions=Database::store_result($result);
return $sessions; return $sessions;
} }
@ -260,7 +260,7 @@ class UrlManager
} }
if(($status_db=='1' OR $status_db=='0') AND is_numeric($url_id)) { if(($status_db=='1' OR $status_db=='0') AND is_numeric($url_id)) {
$sql="UPDATE $url_table SET active='".Database::escape_string($status_db)."' WHERE id='".Database::escape_string($url_id)."'"; $sql="UPDATE $url_table SET active='".Database::escape_string($status_db)."' WHERE id='".Database::escape_string($url_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
} }
} }
@ -275,7 +275,7 @@ class UrlManager
{ {
$table_url_rel_user= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); $table_url_rel_user= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql= "SELECT user_id FROM $table_url_rel_user WHERE access_url_id = ".Database::escape_string($url_id)." AND user_id = ".Database::escape_string($user_id)." "; $sql= "SELECT user_id FROM $table_url_rel_user WHERE access_url_id = ".Database::escape_string($url_id)." AND user_id = ".Database::escape_string($user_id)." ";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$num = Database::num_rows($result); $num = Database::num_rows($result);
return $num; return $num;
} }
@ -291,7 +291,7 @@ class UrlManager
{ {
$table_url_rel_course= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE); $table_url_rel_course= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$sql= "SELECT course_code FROM $table_url_rel_course WHERE access_url_id = ".Database::escape_string($url_id)." AND course_code = '".Database::escape_string($course_id)."'"; $sql= "SELECT course_code FROM $table_url_rel_course WHERE access_url_id = ".Database::escape_string($url_id)." AND course_code = '".Database::escape_string($course_id)."'";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$num = Database::num_rows($result); $num = Database::num_rows($result);
return $num; return $num;
} }
@ -308,7 +308,7 @@ class UrlManager
{ {
$table_url_rel_session= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION); $table_url_rel_session= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
$sql= "SELECT session_id FROM $table_url_rel_session WHERE access_url_id = ".Database::escape_string($url_id)." AND session_id = ".Database::escape_string($session_id); $sql= "SELECT session_id FROM $table_url_rel_session WHERE access_url_id = ".Database::escape_string($url_id)." AND session_id = ".Database::escape_string($session_id);
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$num = Database::num_rows($result); $num = Database::num_rows($result);
return $num; return $num;
} }
@ -332,7 +332,7 @@ class UrlManager
if ($count==0) { if ($count==0) {
$sql = "INSERT INTO $table_url_rel_user $sql = "INSERT INTO $table_url_rel_user
SET user_id = ".Database::escape_string($user_id).", access_url_id = ".Database::escape_string($url_id); SET user_id = ".Database::escape_string($user_id).", access_url_id = ".Database::escape_string($url_id);
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
if($result) if($result)
$result_array[$url_id][$user_id]=1; $result_array[$url_id][$user_id]=1;
else else
@ -363,7 +363,7 @@ class UrlManager
if ($count==0) { if ($count==0) {
$sql = "INSERT INTO $table_url_rel_course $sql = "INSERT INTO $table_url_rel_course
SET course_code = '".Database::escape_string($course_code)."', access_url_id = ".Database::escape_string($url_id); SET course_code = '".Database::escape_string($course_code)."', access_url_id = ".Database::escape_string($url_id);
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
if($result) if($result)
$result_array[$url_id][$course_code]=1; $result_array[$url_id][$course_code]=1;
else else
@ -394,7 +394,7 @@ class UrlManager
if ($count==0) { if ($count==0) {
$sql = "INSERT INTO $table_url_rel_session $sql = "INSERT INTO $table_url_rel_session
SET session_id = ".Database::escape_string($session_id).", access_url_id = ".Database::escape_string($url_id); SET session_id = ".Database::escape_string($session_id).", access_url_id = ".Database::escape_string($url_id);
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
if($result) if($result)
$result_array[$url_id][$session_id]=1; $result_array[$url_id][$session_id]=1;
else else
@ -423,7 +423,7 @@ class UrlManager
if (empty($count)) { if (empty($count)) {
$sql = "INSERT INTO $table_url_rel_user $sql = "INSERT INTO $table_url_rel_user
SET user_id = ".Database::escape_string($user_id).", access_url_id = ".Database::escape_string($url_id); SET user_id = ".Database::escape_string($user_id).", access_url_id = ".Database::escape_string($url_id);
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
} }
return $result; return $result;
} }
@ -436,7 +436,7 @@ class UrlManager
if (empty($count)) { if (empty($count)) {
$sql = "INSERT INTO $table_url_rel_course $sql = "INSERT INTO $table_url_rel_course
SET course_code = '".Database::escape_string($course_code)."', access_url_id = ".Database::escape_string($url_id); SET course_code = '".Database::escape_string($course_code)."', access_url_id = ".Database::escape_string($url_id);
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
} }
return $result; return $result;
} }
@ -450,7 +450,7 @@ class UrlManager
if (empty($count)) { if (empty($count)) {
$sql = "INSERT INTO $table_url_rel_session $sql = "INSERT INTO $table_url_rel_session
SET session_id = ".Database::escape_string($session_id).", access_url_id = ".Database::escape_string($url_id); SET session_id = ".Database::escape_string($session_id).", access_url_id = ".Database::escape_string($url_id);
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
} }
return $result; return $result;
} }
@ -467,7 +467,7 @@ class UrlManager
{ {
$table_url_rel_user= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); $table_url_rel_user= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql= "DELETE FROM $table_url_rel_user WHERE user_id = ".Database::escape_string($user_id)." AND access_url_id=".Database::escape_string($url_id)." "; $sql= "DELETE FROM $table_url_rel_user WHERE user_id = ".Database::escape_string($user_id)." AND access_url_id=".Database::escape_string($url_id)." ";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
return $result; return $result;
} }
@ -482,7 +482,7 @@ class UrlManager
{ {
$table_url_rel_course= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE); $table_url_rel_course= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$sql= "DELETE FROM $table_url_rel_course WHERE course_code = '".Database::escape_string($course_code)."' AND access_url_id=".Database::escape_string($url_id)." "; $sql= "DELETE FROM $table_url_rel_course WHERE course_code = '".Database::escape_string($course_code)."' AND access_url_id=".Database::escape_string($url_id)." ";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
return $result; return $result;
} }
@ -497,7 +497,7 @@ class UrlManager
{ {
$table_url_rel_session = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION); $table_url_rel_session = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
$sql= "DELETE FROM $table_url_rel_session WHERE session_id = ".Database::escape_string($session_id)." AND access_url_id=".Database::escape_string($url_id)." "; $sql= "DELETE FROM $table_url_rel_session WHERE session_id = ".Database::escape_string($session_id)." AND access_url_id=".Database::escape_string($url_id)." ";
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
return $result; return $result;
} }
@ -514,7 +514,7 @@ class UrlManager
$table_url_rel_user = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); $table_url_rel_user = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql = "SELECT user_id FROM $table_url_rel_user WHERE access_url_id=".Database::escape_string($access_url_id); $sql = "SELECT user_id FROM $table_url_rel_user WHERE access_url_id=".Database::escape_string($access_url_id);
$result = api_sql_query($sql,__FILE__,__LINE__ ); $result = Database::query($sql,__FILE__,__LINE__ );
$existingUsers = array(); $existingUsers = array();
while($row = Database::fetch_array($result)){ while($row = Database::fetch_array($result)){
@ -548,7 +548,7 @@ class UrlManager
$table_url_rel_course = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE); $table_url_rel_course = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$sql = "SELECT course_code FROM $table_url_rel_course WHERE access_url_id=".Database::escape_string($access_url_id); $sql = "SELECT course_code FROM $table_url_rel_course WHERE access_url_id=".Database::escape_string($access_url_id);
$result = api_sql_query($sql,__FILE__,__LINE__ ); $result = Database::query($sql,__FILE__,__LINE__ );
$existing_courses = array(); $existing_courses = array();
while($row = Database::fetch_array($result)){ while($row = Database::fetch_array($result)){
@ -582,7 +582,7 @@ class UrlManager
$table_url_rel_session = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION); $table_url_rel_session = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
$sql = "SELECT session_id FROM $table_url_rel_session WHERE access_url_id=".Database::escape_string($access_url_id); $sql = "SELECT session_id FROM $table_url_rel_session WHERE access_url_id=".Database::escape_string($access_url_id);
$result = api_sql_query($sql,__FILE__,__LINE__ ); $result = Database::query($sql,__FILE__,__LINE__ );
$existing_sessions = array(); $existing_sessions = array();
while($row = Database::fetch_array($result)){ while($row = Database::fetch_array($result)){
@ -611,7 +611,7 @@ class UrlManager
$sql = "SELECT url, access_url_id FROM $table_url_rel_user url_rel_user INNER JOIN $table_url u $sql = "SELECT url, access_url_id FROM $table_url_rel_user url_rel_user INNER JOIN $table_url u
ON (url_rel_user.access_url_id = u.id) ON (url_rel_user.access_url_id = u.id)
WHERE user_id = ".Database::escape_string($user_id); WHERE user_id = ".Database::escape_string($user_id);
$result = api_sql_query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
$url_list = Database::store_result($result); $url_list = Database::store_result($result);
return $url_list; return $url_list;
} }
@ -623,7 +623,7 @@ class UrlManager
{ {
$table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL); $table_access_url= Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT id FROM $table_access_url WHERE url = '".Database::escape_string($url)."'"; $sql = "SELECT id FROM $table_access_url WHERE url = '".Database::escape_string($url)."'";
$result = api_sql_query($sql); $result = Database::query($sql);
$access_url_id = Database::result($result, 0, 0); $access_url_id = Database::result($result, 0, 0);
return $access_url_id; return $access_url_id;
} }

36
main/inc/local.inc.php
Unescape View File

@ -255,7 +255,7 @@ if (api_get_setting('allow_terms_conditions')=='true') {
FROM $user_table FROM $user_table
WHERE username = '".trim(addslashes($login))."'"; WHERE username = '".trim(addslashes($login))."'";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) { if (Database::num_rows($result) > 0) {
$uData = Database::fetch_array($result); $uData = Database::fetch_array($result);
@ -472,7 +472,7 @@ if (api_get_setting('allow_terms_conditions')=='true') {
FROM $user_table FROM $user_table
WHERE username = '".trim(addslashes($sso['username']))."'"; WHERE username = '".trim(addslashes($sso['username']))."'";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) { if (Database::num_rows($result) > 0) {
$uData = Database::fetch_array($result); $uData = Database::fetch_array($result);
@ -597,7 +597,7 @@ if (api_get_setting('allow_terms_conditions')=='true') {
FROM $user_table FROM $user_table
WHERE openid = '$id1' WHERE openid = '$id1'
OR openid = '$id2' "; OR openid = '$id2' ";
$result = api_sql_query($sql); $result = Database::query($sql);
if ($result !== false) { if ($result !== false) {
if (Database::num_rows($result)>0) { if (Database::num_rows($result)>0) {
//$row = Database::fetch_array($res); //$row = Database::fetch_array($res);
@ -718,7 +718,7 @@ if (isset($uidReset) && $uidReset) // session data refresh requested
WHERE user.user_id = '".$_user['user_id']."'"; WHERE user.user_id = '".$_user['user_id']."'";
} }
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) { if (Database::num_rows($result) > 0) {
// Extracting the user data // Extracting the user data
@ -771,7 +771,7 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
LEFT JOIN $course_cat_table LEFT JOIN $course_cat_table
ON course.category_code = course_category.code ON course.category_code = course_category.code
WHERE course.code = '$cidReq'"; WHERE course.code = '$cidReq'";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result)>0) { if (Database::num_rows($result)>0) {
$cData = Database::fetch_array($result); $cData = Database::fetch_array($result);
@ -805,7 +805,7 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
$sql="INSERT INTO $course_tracking_table(course_code, user_id, login_course_date, logout_course_date, counter)" . $sql="INSERT INTO $course_tracking_table(course_code, user_id, login_course_date, logout_course_date, counter)" .
"VALUES('".$_course['sysCode']."', '".$_user['user_id']."', '$time', '$time', '1')"; "VALUES('".$_course['sysCode']."', '".$_user['user_id']."', '$time', '$time', '1')";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }
// if a session id has been given in url, we store the session // if a session id has been given in url, we store the session
@ -819,7 +819,7 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
if (!empty($_GET['id_session'])) { if (!empty($_GET['id_session'])) {
$_SESSION['id_session'] = Database::escape_string($_GET['id_session']); $_SESSION['id_session'] = Database::escape_string($_GET['id_session']);
$sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.$_SESSION['id_session'] . '"'; $sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.$_SESSION['id_session'] . '"';
$rs = api_sql_query($sql,__FILE__,__LINE__); $rs = Database::query($sql,__FILE__,__LINE__);
list($_SESSION['session_name']) = Database::fetch_array($rs); list($_SESSION['session_name']) = Database::fetch_array($rs);
} else { } else {
api_session_unregister('session_name'); api_session_unregister('session_name');
@ -849,7 +849,7 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$_SESSION['id_session'] = Database::escape_string($_GET['id_session']); $_SESSION['id_session'] = Database::escape_string($_GET['id_session']);
$sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.$_SESSION['id_session'] . '"'; $sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.$_SESSION['id_session'] . '"';
$rs = api_sql_query($sql,__FILE__,__LINE__); $rs = Database::query($sql,__FILE__,__LINE__);
list($_SESSION['session_name']) = Database::fetch_array($rs); list($_SESSION['session_name']) = Database::fetch_array($rs);
} }
@ -858,7 +858,7 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
$time = api_get_datetime(); $time = api_get_datetime();
//We select the last record for the current course in the course tracking table //We select the last record for the current course in the course tracking table
$sql="SELECT course_access_id FROM $course_tracking_table WHERE user_id=".intval($_user ['user_id'])." ORDER BY login_course_date DESC LIMIT 0,1"; $sql="SELECT course_access_id FROM $course_tracking_table WHERE user_id=".intval($_user ['user_id'])." ORDER BY login_course_date DESC LIMIT 0,1";
$result=api_sql_query($sql,__FILE__,__LINE__); $result=Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result)>0) { if (Database::num_rows($result)>0) {
$i_course_access_id = Database::result($result,0,0); $i_course_access_id = Database::result($result,0,0);
@ -868,11 +868,11 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or
"counter = counter+1 " . "counter = counter+1 " .
"WHERE course_access_id=".intval($i_course_access_id); "WHERE course_access_id=".intval($i_course_access_id);
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} else { } else {
$sql="INSERT INTO $course_tracking_table(course_code, user_id, login_course_date, logout_course_date, counter)" . $sql="INSERT INTO $course_tracking_table(course_code, user_id, login_course_date, logout_course_date, counter)" .
"VALUES('".$_course['sysCode']."', '".$_user['user_id']."', '$time', '$time', '1')"; "VALUES('".$_course['sysCode']."', '".$_user['user_id']."', '$time', '$time', '1')";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }
} }
} }
@ -891,7 +891,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // ses
WHERE user_id = '".$_user['user_id']."' WHERE user_id = '".$_user['user_id']."'
AND course_code = '$cidReq'"; AND course_code = '$cidReq'";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) { // this user have a recorded state for this course if (Database::num_rows($result) > 0) { // this user have a recorded state for this course
$cuData = Database::fetch_array($result); $cuData = Database::fetch_array($result);
@ -917,7 +917,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // ses
WHERE user_id = '".$_user['user_id']."' WHERE user_id = '".$_user['user_id']."'
AND course_code = '$cidReq'"; AND course_code = '$cidReq'";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) { // this user have a recorded state for this course if (Database::num_rows($result) > 0) { // this user have a recorded state for this course
$cuData = Database::fetch_array($result); $cuData = Database::fetch_array($result);
@ -942,7 +942,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // ses
ON session_rel_course.id_session = session.id ON session_rel_course.id_session = session.id
AND session_rel_course.course_code='$_cid'"; AND session_rel_course.course_code='$_cid'";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
$row = Database::store_result($result); $row = Database::store_result($result);
if ($row[0]['id_coach']==$_user['user_id']) { if ($row[0]['id_coach']==$_user['user_id']) {
@ -972,7 +972,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // ses
FROM ".$tbl_session_course." FROM ".$tbl_session_course."
WHERE session_rel_course.course_code='$_cid' WHERE session_rel_course.course_code='$_cid'
AND session_rel_course.id_coach = '".$_user['user_id']."'"; AND session_rel_course.id_coach = '".$_user['user_id']."'";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if ($row = Database::fetch_array($result)) { if ($row = Database::fetch_array($result)) {
$_courseUser['role'] = 'Professor'; $_courseUser['role'] = 'Professor';
$is_courseMember = true; $is_courseMember = true;
@ -993,7 +993,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // ses
WHERE id_user = '".$_user['user_id']."' WHERE id_user = '".$_user['user_id']."'
AND course_code = '$cidReq'"; AND course_code = '$cidReq'";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) { // this user have a recorded state for this course if (Database::num_rows($result) > 0) { // this user have a recorded state for this course
while($row = Database::fetch_array($result)){ while($row = Database::fetch_array($result)){
@ -1069,7 +1069,7 @@ if ((isset($gidReset) && $gidReset) || (isset($cidReset) && $cidReset)) { // ses
if ($gidReq && $_cid ) { // have keys to search data if ($gidReq && $_cid ) { // have keys to search data
$group_table = Database::get_course_table(TABLE_GROUP); $group_table = Database::get_course_table(TABLE_GROUP);
$sql = "SELECT * FROM $group_table WHERE id = '$gidReq'"; $sql = "SELECT * FROM $group_table WHERE id = '$gidReq'";
$result = api_sql_query($sql,__FILE__,__LINE__); $result = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($result) > 0) { // This group has recorded status related to this course if (Database::num_rows($result) > 0) { // This group has recorded status related to this course
$gpData = Database::fetch_array($result); $gpData = Database::fetch_array($result);
$_gid = $gpData ['id' ]; $_gid = $gpData ['id' ];
@ -1115,5 +1115,5 @@ if (isset($_cid)) {
$tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
$time = api_get_datetime(); $time = api_get_datetime();
$sql="UPDATE $tbl_course SET last_visit= '$time' WHERE code='$_cid'"; $sql="UPDATE $tbl_course SET last_visit= '$time' WHERE code='$_cid'";
api_sql_query($sql,__FILE__,__LINE__); Database::query($sql,__FILE__,__LINE__);
} }

4
main/inc/tool_navigation_menu.inc.php
Unescape View File

@ -74,7 +74,7 @@ function get_navigation_items($include_admin_tools = false)
*/ */
$sql_menu_query = "SELECT * FROM $course_tools_table WHERE visibility='1' and admin='0' ORDER BY id ASC"; $sql_menu_query = "SELECT * FROM $course_tools_table WHERE visibility='1' and admin='0' ORDER BY id ASC";
$sql_result = api_sql_query($sql_menu_query, __FILE__, __LINE__); $sql_result = Database::query($sql_menu_query, __FILE__, __LINE__);
while ($row = mysql_fetch_array($sql_result)) while ($row = mysql_fetch_array($sql_result))
{ {
$navigation_items[$row['id']] = $row; $navigation_items[$row['id']] = $row;
@ -106,7 +106,7 @@ function get_navigation_items($include_admin_tools = false)
$course_settings_sql = " SELECT name,image FROM $course_tools_table $course_settings_sql = " SELECT name,image FROM $course_tools_table
WHERE link='course_info/infocours.php'"; WHERE link='course_info/infocours.php'";
$sql_result = api_sql_query($course_settings_sql); $sql_result = Database::query($course_settings_sql);
$course_setting_info = mysql_fetch_array($sql_result); $course_setting_info = mysql_fetch_array($sql_result);
$course_setting_visual_name = get_lang(ucfirst($course_setting_info['name'])); $course_setting_visual_name = get_lang(ucfirst($course_setting_info['name']));
if (api_get_session_id()==0) { if (api_get_session_id()==0) {

Write Preview
Loading…
Cancel
Save