[evolvis-commits] r13239: Merged from 4.8: db_query_params transition work
mirabilos at evolvis.org
mirabilos at evolvis.org
Mon Feb 28 02:24:19 CET 2011
Author: mirabilos
Date: 2011-02-28 02:24:19 +0100 (Mon, 28 Feb 2011)
New Revision: 13239
Modified:
trunk/gforge_base/evolvisforge-5.1/Makefile
trunk/gforge_base/evolvisforge-5.1/gforge/common/forum/Forum.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/forum/ForumFactory.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/frs/FRSFile.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/frs/FRSPackage.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/frs/FRSRelease.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/include/User.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/include/database-mysql.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/include/forms.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/include/system/UNIX.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/include/system/pgsql.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/include/tag_cloud.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/mail/MailingList.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/mail/MailingListFactory.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectCategory.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectGroup.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectGroupFactory.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectTask.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectTaskFactory.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectTasksForUser.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/Validator.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/Artifact.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactBoxOptions.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactCanned.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactExtraField.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactExtraFieldElement.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactFile.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactFromID.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactHistory.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactMessage.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactQuery.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactQueryFactory.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactType.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactTypeFactory.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactTypes.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/Artifacts.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactsForUser.class.php
trunk/gforge_base/evolvisforge-5.1/gforge/www/softwaremap/full_list.php
Log:
Merged from 4.8: db_query_params transition work
Modified: trunk/gforge_base/evolvisforge-5.1/Makefile
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/Makefile 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/Makefile 2011-02-28 01:24:19 UTC (rev 13239)
@@ -7,7 +7,7 @@
BUILDRESULT=$(CURDIR)/result
VER=$(shell LANG=C grep '>software_version' gforge/common/include/FusionForge.class.php | cut -d\' -f2)
-TAG=$(shell LANG=C svn log -r HEAD -l 1 | awk '{ if ($$1=="Tag-Release") print $$2}')
+TAG=$(shell LANG=C svn log -r HEAD -l 1 2>/dev/null | awk '{ if ($$1=="Tag-Release") print $$2}')
ifeq ($(TAG),)
VERSION=fusionforge-$(VER)-$(shell LANG=C svn info | grep Revision | cut -d: -f2| sed 's/ //g')
else
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/forum/Forum.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/forum/Forum.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/forum/Forum.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -219,7 +219,7 @@
) AS threads
FROM forum_group_list_vw AS fgl
WHERE group_forum_id='$group_forum_id'";
- $res = db_query ($sql);
+ $res = db_query_mysql ($sql);
} else {
$res = db_query_params ('SELECT * FROM forum_group_list_vw WHERE group_forum_id=$1',
array ($group_forum_id)) ;
@@ -267,7 +267,7 @@
return false;
}
$sql="select @res";
- $result = db_query ($sql);
+ $result = db_query_mysql ($sql);
} else {
$result = db_query_params ('SELECT nextval($1)',
array ('forum_thread_seq')) ;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/forum/ForumFactory.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/forum/ForumFactory.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/forum/ForumFactory.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -124,7 +124,7 @@
$exists
ORDER BY group_forum_id;";
- $result = db_query ($sql);
+ $result = db_query_mysql ($sql);
$rows = db_numrows($result);
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/include/User.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/include/User.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/include/User.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -776,7 +776,8 @@
}
if ($GLOBALS['sys_require_unique_email']) {
- if (db_numrows(db_query("SELECT user_id FROM users WHERE email ILIKE '$email' OR email_new ILIKE '$email'")) > 0) {
+ if (db_numrows(db_query_params('SELECT user_id FROM users WHERE email ILIKE $1 OR email_new ILIKE $2',
+ array ($email, $email))) > 0) {
$this->setError(_('User with this email already exists.'));
return false;
}
@@ -1420,8 +1421,9 @@
$this->setError('User::getRole : Unable to get group object');
return false;
}
- $sql = "SELECT role_id FROM user_group WHERE user_id=".$this->getID()." AND group_id = ".$group->getID();
- $res = db_query($sql);
+ $res = db_query_params ('SELECT role_id FROM user_group WHERE user_id=$1 AND group_id=$2',
+ array ($this->getID(),
+ $group->getID())) ;
if (!$res) {
$this->setError('User::getRole::DB - Could Not get role_id '.db_error());
return false;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/include/database-mysql.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/include/database-mysql.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/include/database-mysql.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -61,7 +61,7 @@
* @param int How many rows do you want returned
* @param int Of matching rows, return only rows starting here
*/
-function db_query($qstring, $limit = '-1', $offset = 0) {
+function db_query_mysql($qstring, $limit = '-1', $offset = 0) {
global $sys_dbname, $gfconn;
db_log_entry('db_query',"$qstring, $limit, $offset");
@@ -189,7 +189,7 @@
* may cause unexpected behavior in databases that don't
*/
function db_begin() {
- return db_query("BEGIN WORK");
+ return db_query_mysql("BEGIN WORK");
}
/**
@@ -199,7 +199,7 @@
* may cause unexpected behavior in databases that don't
*/
function db_commit() {
- return db_query("COMMIT");
+ return db_query_mysql("COMMIT");
}
/**
@@ -209,7 +209,7 @@
* may cause unexpected behavior in databases that don't
*/
function db_rollback() {
- return db_query("ROLLBACK");
+ return db_query_mysql("ROLLBACK");
}
/**
@@ -355,13 +355,13 @@
global $_sys_db_transaction_level;
if ($_sys_db_transaction_level > 0) {
echo "Open transaction detected!!!";
- db_query("ROLLBACK");
+ db_query_mysql("ROLLBACK");
}
}
function db_drop_table_if_exists ($tn) {
$sql = "DROP TABLE IF EXISTS $tn;";
- $rel = db_query ($sql);
+ $rel = db_query_mysql ($sql);
echo db_error();
}
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/include/forms.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/include/forms.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/include/forms.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -39,7 +39,7 @@
$key = md5(microtime() + rand() + $_SERVER["REMOTE_ADDR"]);
if ( $sys_database_type == "mysql" ) {
$sql = "SELECT * FROM form_keys WHERE `key`='".$key."'";
- $res=db_query($sql);
+ $res=db_query_mysql($sql);
} else {
$res = db_query_params ('SELECT * FROM form_keys WHERE key=$1', array ($key));
}
@@ -48,7 +48,7 @@
}
}
if ( $sys_database_type == "mysql" ) {
- $res = db_query("INSERT INTO form_keys (`key`,is_used,creation_date) VALUES ('".$key."',0,".time().")");
+ $res = db_query_mysql("INSERT INTO form_keys (`key`,is_used,creation_date) VALUES ('".$key."',0,".time().")");
} else {
$res = db_query_params('INSERT INTO form_keys (key,is_used,creation_date) VALUES ($1, 0, $2)', array ($key,time()));
}
@@ -80,7 +80,7 @@
db_begin();
if ( $sys_database_type == "mysql" ) {
$sql = "SELECT * FROM form_keys WHERE `key`='$key' and is_used=0 FOR UPDATE";
- $res=db_query($sql);
+ $res=db_query_mysql($sql);
} else {
$res = db_query_params ('SELECT * FROM form_keys WHERE key=$1 and is_used=0 FOR UPDATE', array ($key));
}
@@ -90,7 +90,7 @@
}
if ( $sys_database_type == "mysql" ) {
$sql = "UPDATE form_keys SET is_used=1 WHERE `key`='$key'";
- $res=db_query($sql);
+ $res=db_query_mysql($sql);
} else {
$res = db_query_params ('UPDATE form_keys SET is_used=1 WHERE key=$1', array ($key));
}
@@ -115,7 +115,7 @@
db_begin();
if ( $sys_database_type == "mysql" ) {
$sql = "SELECT * FROM form_keys WHERE `key`='$key' FOR UPDATE";
- $res=db_query($sql);
+ $res=db_query_mysql($sql);
} else {
$res = db_query_params ('SELECT * FROM form_keys WHERE key=$1 FOR UPDATE', array ($key));
}
@@ -125,7 +125,7 @@
}
if ( $sys_database_type == "mysql" ) {
$sql = "UPDATE form_keys SET is_used=0 WHERE `key`='$key'";
- $res=db_query($sql);
+ $res=db_query_mysql($sql);
} else {
$res = db_query_params ('UPDATE form_keys SET is_used=0 WHERE key=$1', array ($key));
}
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/include/system/UNIX.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/include/system/UNIX.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/include/system/UNIX.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -52,11 +52,15 @@
if (!$user) {
return false;
} else {
- $res=db_query("UPDATE users SET
- unix_uid=user_id+".$this->UID_ADD.",
- unix_gid=user_id+".$this->UID_ADD.",
- unix_status='A'
- WHERE user_id=$user_id");
+ $res = db_query_params ('UPDATE users SET
+ unix_uid=user_id+$1,
+ unix_gid=user_id+$2,
+ unix_status=$3
+ WHERE user_id=$4',
+ array ($this->UID_ADD,
+ $this->UID_ADD,
+ 'A',
+ $user_id)) ;
if (!$res) {
$this->setError('ERROR - Could Not Update User UID/GID: '.db_error());
return false;
@@ -73,7 +77,9 @@
*
*/
function sysRemoveUser($user_id) {
- $res=db_query("UPDATE users SET unix_status='N' WHERE user_id=$user_id");
+ $res = db_query_params ('UPDATE users SET unix_status=$1 WHERE user_id=$2',
+ array ('N',
+ $user_id));
if (!$res) {
$this->setError('ERROR - Could Not Update User Unix Status: '.db_error());
return false;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/include/system/pgsql.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/include/system/pgsql.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/include/system/pgsql.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -90,42 +90,46 @@
if (!$user) {
return false;
} else {
- $res=db_query("UPDATE users SET
- unix_uid=user_id+".$this->UID_ADD.",
- unix_gid=user_id+".$this->UID_ADD.",
- unix_status='A'
- WHERE user_id=$user_id");
+ $res = db_query_params ('UPDATE users SET
+ unix_uid=user_id+$1,
+ unix_gid=user_id+$2,
+ unix_status=$3
+ WHERE user_id=$4',
+ array ($this->UID_ADD,
+ $this->UID_ADD,
+ 'A',
+ $user_id)) ;
if (!$res) {
$this->setError('ERROR - Could Not Update User UID/GID: '.db_error());
return false;
} else {
- $query="DELETE FROM nss_usergroups WHERE user_id=$user_id";
- $res1=db_query($query);
+ $res1 = db_query_params ('DELETE FROM nss_usergroups WHERE user_id=$1',
+ array ($user_id)) ;
if (!$res1) {
$this->setError('ERROR - Could Not Delete Group Member(s): '.db_error());
return false;
}
// This is group used for user, not a real project
- $query="DELETE FROM nss_groups WHERE name IN
- (SELECT user_name FROM users WHERE user_id=$user_id)";
- $res2=db_query($query);
+ $res2 = db_query_params ('DELETE FROM nss_groups WHERE name IN
+ (SELECT user_name FROM users WHERE user_id=$1)',
+ array ($user_id));
if (!$res2) {
$this->setError('ERROR - Could Not Delete Group GID: '.db_error());
return false;
}
- $query="INSERT INTO nss_groups
+ $res3 = db_query_params ('INSERT INTO nss_groups
(user_id, group_id,name, gid)
SELECT user_id, 0, user_name, unix_gid
- FROM users WHERE user_id=$user_id";
- $res3=db_query($query);
+ FROM users WHERE user_id=$1',
+ array ($user_id));
if (!$res3) {
$this->setError('ERROR - Could Not Update Group GID: '.db_error());
return false;
}
- $query="INSERT INTO nss_usergroups (
+ $res4 = db_query_params ('INSERT INTO nss_usergroups (
SELECT
users.unix_uid AS uid,
- groups.group_id + ".$this->GID_ADD." AS gid,
+ groups.group_id + $1 AS gid,
users.user_id AS user_id,
groups.group_id AS group_id,
users.user_name AS user_name,
@@ -136,38 +140,44 @@
AND
groups.group_id=user_group.group_id
AND
- users.user_id=$user_id
+ users.user_id=$2
AND
- groups.status = 'A'
+ groups.status=$3
AND
- users.unix_status='A'
+ users.unix_status=$4
AND
- users.status = 'A'
+ users.status=$5
UNION
SELECT
users.unix_uid AS uid,
- groups.group_id + ".$this->SCM_UID_ADD." AS gid,
+ groups.group_id + $6 AS gid,
users.user_id AS user_id,
groups.group_id AS group_id,
users.user_name AS user_name,
- 'scm_' || groups.unix_group_name AS unix_group_name
+ $7 || groups.unix_group_name AS unix_group_name
FROM users,groups,user_group
WHERE
users.user_id=user_group.user_id
AND
groups.group_id=user_group.group_id
AND
- users.user_id=$user_id
+ users.user_id=$8
AND
- groups.status = 'A'
+ groups.status=$9
AND
- users.unix_status='A'
+ users.unix_status=$10
AND
- users.status = 'A'
+ users.status=$11
AND
user_group.cvs_flags > 0)
- ";
- $res4=db_query($query);
+ ',
+ array ($this->GID_ADD,
+ $user_id,
+ 'A', 'A', 'A',
+ $this->SCM_UID_ADD,
+ 'scm_',
+ $user_id,
+ 'A', 'A', 'A')) ;
if (!$res4) {
$this->setError('ERROR - Could Not Update Group Member(s): '.db_error());
return false;
@@ -207,21 +217,23 @@
*
*/
function sysRemoveUser($user_id) {
- $res=db_query("UPDATE users SET unix_status='N' WHERE user_id=$user_id");
+ $res = db_query_params ('UPDATE users SET unix_status=$1 WHERE user_id=$2',
+ array ('N',
+ $user_id)) ;
if (!$res) {
$this->setError('ERROR - Could Not Update User Unix Status: '.db_error());
return false;
} else {
- $query="DELETE FROM nss_usergroups WHERE user_id=$user_id";
- $res1=db_query($query);
+ $res1 = db_query_params ('DELETE FROM nss_usergroups WHERE user_id=$1',
+ array ($user_id));
if (!$res1) {
$this->setError('ERROR - Could Not Delete Group Member(s): '.db_error());
return false;
}
// This is group used for user, not a real project
- $query="DELETE FROM nss_groups WHERE name IN
- (SELECT user_name FROM users WHERE user_id=$user_id)";
- $res2=db_query($query);
+ $res2 = db_query_params ('DELETE FROM nss_groups WHERE name IN
+ (SELECT user_name FROM users WHERE user_id=$1)',
+ array ($user_id)) ;
if (!$res2) {
$this->setError('ERROR - Could Not Delete Group GID: '.db_error());
return false;
@@ -259,8 +271,8 @@
if (!$group){
return false;
} else {
- $query="SELECT group_id FROM nss_groups WHERE group_id=$group_id";
- $res=db_query($query);
+ $res = db_query_params ('SELECT group_id FROM nss_groups WHERE group_id=$1',
+ aarray ($group_id));
if (db_numrows($res) == 0){
return false;
} else {
@@ -281,44 +293,46 @@
if (!$group) {
return false;
} else {
- $query="DELETE FROM nss_usergroups WHERE group_id=$group_id";
- $res1=db_query($query);
+ $res1 = db_query_params ('DELETE FROM nss_usergroups WHERE group_id=$1',
+ array ($group_id));
if (!$res1) {
$this->setError('ERROR - Could Not Delete Group Member(s): '.db_error());
return false;
}
- $query="DELETE FROM nss_groups WHERE group_id=$group_id";
- $res3=db_query($query);
+ $res3 = db_query_params ('DELETE FROM nss_groups WHERE group_id=$1',
+ array ($group_id)) ;
if (!$res3) {
$this->setError('ERROR - Could Not Delete Group GID: '.db_error());
return false;
}
- $query="INSERT INTO nss_groups
+ $res4 = db_query_params ('INSERT INTO nss_groups
(user_id, group_id, name, gid)
- SELECT 0, group_id, unix_group_name, group_id +".$this->GID_ADD."
+ SELECT 0, group_id, unix_group_name, group_id + $1
FROM groups
- WHERE group_id=$group_id
- ";
- $res4=db_query($query);
+ WHERE group_id=$2',
+ array ($this->GID_ADD,
+ $group_id)) ;
if (!$res4) {
$this->setError('ERROR - Could Not Insert Group GID: '.db_error());
return false;
}
- $query="INSERT INTO nss_groups
+ $res5 = db_query_params ('INSERT INTO nss_groups
(user_id, group_id, name, gid)
- SELECT 0, group_id, 'scm_' || unix_group_name, group_id +".$this->SCM_UID_ADD."
+ SELECT 0, group_id, $1 || unix_group_name, group_id + $2
FROM groups
- WHERE group_id=$group_id
- ";
- $res5=db_query($query);
+ WHERE group_id=$3',
+ array ('scm_',
+ $this->SCM_UID_ADD,
+ $group_id)) ;
+
if (!$res5) {
$this->setError('ERROR - Could Not Insert SCM Group GID: '.db_error());
return false;
}
- $query="INSERT INTO nss_usergroups (
+ $res6 = db_query_params ('INSERT INTO nss_usergroups (
SELECT
users.unix_uid AS uid,
- groups.group_id + ".$this->GID_ADD." AS gid,
+ groups.group_id + $1 AS gid,
users.user_id AS user_id,
groups.group_id AS group_id,
users.user_name AS user_name,
@@ -329,38 +343,45 @@
AND
groups.group_id=user_group.group_id
AND
- groups.group_id=$group_id
+ groups.group_id=$2
AND
- groups.status = 'A'
+ groups.status=$3
AND
- users.unix_status='A'
+ users.unix_status=$4
AND
- users.status = 'A'
+ users.status=$5
UNION
SELECT
users.unix_uid AS uid,
- groups.group_id + ".$this->SCM_UID_ADD." AS gid,
+ groups.group_id + $6 AS gid,
users.user_id AS user_id,
groups.group_id AS group_id,
users.user_name AS user_name,
- 'scm_' || groups.unix_group_name AS unix_group_name
+ $7 || groups.unix_group_name AS unix_group_name
FROM users,groups,user_group
WHERE
groups.group_id=user_group.group_id
AND
users.user_id=user_group.user_id
AND
- groups.group_id=$group_id
+ groups.group_id=$8
AND
- groups.status = 'A'
+ groups.status=$9
AND
- users.unix_status='A'
+ users.unix_status=$10
AND
- users.status = 'A'
+ users.status=$11
AND
- user_group.cvs_flags > 0);
- ";
- $res6=db_query($query);
+ user_group.cvs_flags > 0)',
+ array ($this->GID_ADD,
+ $group_id,
+ 'A', 'A', 'A',
+ $this->SCM_UID_ADD,
+ 'scm_',
+ $group_id,
+ 'A', 'A', 'A',
+
+)) ;;
if (!$res6) {
$this->setError('ERROR - Could Not Update Group Member(s): '.db_error());
return false;
@@ -377,19 +398,17 @@
*
*/
function sysRemoveGroup($group_id) {
- $query="DELETE FROM nss_usergroups WHERE group_id=$group_id";
-//echo "<h2>SYS::sysRemoveGroup: $query</h2>";
- $res1=db_query($query);
+ $res1 = db_query_params ('DELETE FROM nss_usergroups WHERE group_id=$1',
+ array ($group_id)) ;
if (!$res1) {
$this->setError('ERROR - Could Not Delete Group Member(s): '.db_error());
return false;
}
- $query="DELETE FROM nss_groups WHERE group_id=$group_id ";
-//echo "<h2>SYS::sysRemoveGroup: $query</h2>";
- $res3=db_query($query);
- if (!$res3) {
- $this->setError('ERROR - Could Not Delete Group GID: '.db_error());
- return false;
+ $res3 = db_query_params ('DELETE FROM nss_groups WHERE group_id=$1',
+ array ($group_id)) ;
+ if (!$res3) {
+ $this->setError('ERROR - Could Not Delete Group GID: '.db_error());
+ return false;
}
return true;
}
@@ -404,45 +423,38 @@
*
*/
function sysGroupAddUser($group_id,$user_id,$cvs_only=0) {
- if ($cvs_only) {
- $query="DELETE FROM nss_usergroups WHERE user_id=$user_id AND group_id=$group_id
- AND unix_group_name LIKE 'scm_%'";
- } else {
- $query="DELETE FROM nss_usergroups WHERE user_id=$user_id AND group_id=$group_id";
- }
-//echo "<h2>SYS::sysGroupAddUser DELETE: $query</h2>";
- $res0=db_query($query);
- if (!$res0) {
- $this->setError('ERROR - Could Not Delete Group Member(s): '.db_error());
+ if (! sysGroupRemoveUser($group_id,$user_id,$cvs_only))
return false;
- }
- $query="INSERT INTO nss_usergroups (
+ $res1 = db_query_params ('INSERT INTO nss_usergroups (
SELECT
users.unix_uid AS uid,
- groups.group_id + ".$this->SCM_UID_ADD." AS gid,
+ groups.group_id + $1 AS gid,
users.user_id AS user_id,
groups.group_id AS group_id,
users.user_name AS user_name,
- 'scm_' || groups.unix_group_name AS unix_group_name
+ $2 || groups.unix_group_name AS unix_group_name
FROM users,groups,user_group
WHERE
users.user_id=user_group.user_id
AND
groups.group_id=user_group.group_id
AND
- users.user_id=$user_id
+ users.user_id=$3
AND
- groups.group_id=$group_id
+ groups.group_id=$4
AND
- groups.status = 'A'
+ groups.status$5
AND
- users.unix_status='A'
+ users.unix_status=$6
AND
- users.status = 'A'
+ users.status=$7
AND
- user_group.cvs_flags > 0) ";
-//echo "<h2>SYS::sysGroupAddUser ADDCVS: $query</h2>";
- $res1=db_query($query);
+ user_group.cvs_flags > 0)',
+ array ($this->SCM_UID_ADD,
+ 'scm_',
+ $user_id,
+ $group_id,
+ 'A', 'A', 'A')) ;
if (!$res1) {
$this->setError('ERROR - Could Not Add SCM Member(s): '.db_error());
return false;
@@ -452,10 +464,10 @@
return true;
}
- $query="INSERT INTO nss_usergroups (
+ $res2 = db_query_params ('INSERT INTO nss_usergroups (
SELECT
users.unix_uid AS uid,
- groups.group_id + ".$this->GID_ADD." AS gid,
+ groups.group_id + $1 AS gid,
users.user_id AS user_id,
groups.group_id AS group_id,
users.user_name AS user_name,
@@ -466,17 +478,19 @@
AND
groups.group_id=user_group.group_id
AND
- users.user_id=$user_id
+ users.user_id=$2
AND
- groups.group_id=$group_id
+ groups.group_id=$3
AND
- groups.status = 'A'
+ groups.status=$4
AND
- users.unix_status='A'
+ users.unix_status=$5
AND
- users.status = 'A') ";
-//echo "<h2>SYS::sysGroupAddUser ADDSYS: $query</h2>";
- $res2=db_query($query);
+ users.status=$6)',
+ array ($this->GID_ADD,
+ $user_id,
+ $group_id,
+ 'A', 'A', 'A'));
if (!$res2) {
$this->setError('ERROR - Could Not Add Shell Group Member(s): '.db_error());
return false;
@@ -496,13 +510,15 @@
*/
function sysGroupRemoveUser($group_id,$user_id,$cvs_only=0) {
if ($cvs_only) {
- $query="DELETE FROM nss_usergroups WHERE group_id=$group_id AND user_id=$user_id
- AND unix_group_name LIKE 'scm_%'";
+ $res1 = db_query_params ('DELETE FROM nss_usergroups WHERE user_id=$1 AND group_id=$2 AND unix_group_name LIKE $3',
+ array ($user_id,
+ $group_id,
+ 'scm_%')) ;
} else {
- $query="DELETE FROM nss_usergroups WHERE group_id=$group_id AND user_id=$user_id";
+ $res1 = db_query_params ('DELETE FROM nss_usergroups WHERE user_id=$1 AND group_id=$2',
+ array ($user_id,
+ $group_id)) ;
}
-//echo "<h2>SYS::sysGroupRemoveUser REM: $query</h2>";
- $res1=db_query($query);
if (!$res1) {
$this->setError('ERROR - Could Not Delete Group Member(s): '.db_error());
return false;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/include/tag_cloud.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/include/tag_cloud.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/include/tag_cloud.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -98,11 +98,12 @@
$return = '';
- $res = db_query("SELECT name,count(*) AS count
+ $res = db_query_params ('SELECT name,count(*) AS count
FROM project_tags, groups
WHERE project_tags.group_id = groups.group_id
- AND status = 'A' AND is_public=1 AND type_id=1 AND register_time > 0
- GROUP BY name ORDER BY count DESC");
+ AND status = $1 AND is_public=1 AND type_id=1 AND register_time > 0
+ GROUP BY name ORDER BY count DESC',
+ array ('A')) ;
if (db_numrows($res) > 0) {
$count_min = 0;
$count_max = 0;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectCategory.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectCategory.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectCategory.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2000, Tim Perdue/Sourceforge
* Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -100,11 +101,10 @@
$this->setPermissionDeniedError();
return false;
}
- $sql="INSERT INTO project_category (group_project_id,category_name)
- VALUES ('".$this->ProjectGroup->getID()."','".htmlspecialchars($name)."')";
+ $result = db_query_params ('INSERT INTO project_category (group_project_id,category_name) VALUES ($1,$2)',
+ array ($this->ProjectGroup->getID(),
+ htmlspecialchars($name))) ;
- $result=db_query($sql);
-
if ($result && db_affected_rows($result) > 0) {
$this->clearError();
return true;
@@ -130,7 +130,8 @@
* @return boolean success.
*/
function fetchData($id) {
- $res=db_query("SELECT * FROM project_category WHERE category_id='$id'");
+ $res = db_query_params ('SELECT * FROM project_category WHERE category_id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ProjectCategory: Invalid ProjectCategory ID');
return false;
@@ -187,7 +188,11 @@
SET category_name='".htmlspecialchars($name)."'
WHERE category_id='". $this->getID() ."'
AND group_project_id='".$this->ProjectGroup->getID()."'";
- $result=db_query($sql);
+ $result = db_query_params ('UPDATE project_category SET category_name=$1
+ WHERE category_id=$2 AND group_project_id=$3',
+ array (htmlspecialchars($name),
+ $this->getID(),
+ $this->ProjectGroup->getID())) ;
if ($result && db_affected_rows($result) > 0) {
return true;
} else {
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectGroup.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectGroup.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectGroup.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2000, Tim Perdue/Sourceforge
* Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -38,8 +39,8 @@
if ($data) {
//the db result handle was passed in
} else {
- $res=db_query("SELECT * FROM project_group_list_vw
- WHERE group_project_id='$group_project_id'");
+ $res = db_query_params ('SELECT * FROM project_group_list_vw WHERE group_project_id=$1',
+ array ($group_project_id)) ;
if (db_numrows($res) <1 ) {
$PROJECTGROUP_OBJ["_".$group_project_id."_"]=false;
return false;
@@ -150,13 +151,13 @@
return false;
}
- $sql="INSERT INTO project_group_list (group_id,project_name,is_public,
- description,send_all_posts_to)
- VALUES ('".$this->Group->getId()."','". htmlspecialchars($project_name) ."','$is_public',
- '". htmlspecialchars($description) ."','$send_all_posts_to')";
-
db_begin();
- $result=db_query($sql);
+ $result = db_query_params ('INSERT INTO project_group_list (group_id,project_name,is_public,description,send_all_posts_to) VALUES ($1,$2,$3,$4,$5)',
+ array ($this->Group->getId(),
+ htmlspecialchars($project_name),
+ $is_public,
+ htmlspecialchars($description),
+ $send_all_posts_to)) ;
if (!$result) {
db_rollback();
$this->setError('Error Adding ProjectGroup: '.db_error());
@@ -176,9 +177,9 @@
* @return boolean success.
*/
function fetchData($group_project_id) {
- $res=db_query("SELECT * FROM project_group_list_vw
- WHERE group_project_id='$group_project_id'
- AND group_id='". $this->Group->getID() ."'");
+ $res = db_query_params ('SELECT * FROM project_group_list_vw WHERE group_project_id=$1 AND group_id=$2',
+ array ($group_project_id,
+ $this->Group->getID())) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ProjectGroup:: Invalid group_project_id');
return false;
@@ -267,8 +268,8 @@
*/
function getStatuses () {
if (!$this->statuses) {
- $sql='SELECT * FROM project_status';
- $this->statuses=db_query($sql);
+ $this->statuses = db_query_params ('SELECT * FROM project_status',
+ array());
}
return $this->statuses;
}
@@ -280,10 +281,8 @@
*/
function getCategories () {
if (!$this->categories) {
- $sql="SELECT category_id,category_name
- FROM project_category
- WHERE group_project_id='".$this->getID()."'";
- $this->categories=db_query($sql);
+ $this->categories = db_query_params ('SELECT category_id,category_name FROM project_category WHERE group_project_id=$1',
+ array ($this->getID()));
}
return $this->categories;
}
@@ -309,15 +308,17 @@
*/
function getTechnicians () {
if (!$this->technicians) {
- $sql="SELECT users.user_id, users.realname
+ $sql="";
+ $this->technicians = db_query_params ('SELECT users.user_id, users.realname
FROM users, role_setting, user_group
WHERE users.user_id=user_group.user_id
AND role_setting.role_id=user_group.role_id
- AND role_setting.ref_id='". $this->getID() ."'
+ AND role_setting.ref_id=$1
AND role_setting.value::integer IN (1,2)
- AND role_setting.section_name='pm'
- ORDER BY users.realname";
- $this->technicians=db_query($sql);
+ AND role_setting.section_name=$2
+ ORDER BY users.realname',
+ array ($this->getID(),
+ 'pm')) ;
}
return $this->technicians;
}
@@ -365,13 +366,14 @@
return false;
}
- $sql="UPDATE project_group_list SET
- project_name='". htmlspecialchars($project_name) ."',
- description='". htmlspecialchars($description) ."',
- send_all_posts_to='$send_all_posts_to'
- WHERE group_id='".$this->Group->getID()."'
- AND group_project_id='".$this->getID()."'";
- $res=db_query($sql);
+ $res = db_query_params ('UPDATE project_group_list SET project_name=$1,
+ description=$2, send_all_posts_to=$3
+ WHERE group_id=$4 AND group_project_id=$5',
+ array (htmlspecialchars($project_name),
+ htmlspecialchars($description),
+ $send_all_posts_to,
+ $this->Group->getID(),
+ $this->getID())) ;
if (!$res || db_affected_rows($res) < 1) {
$this->setError('Error On Update: '.db_error().$sql);
@@ -399,114 +401,112 @@
db_begin();
- $sql = "DELETE FROM project_assigned_to
+ $res = db_query_params ('DELETE FROM project_assigned_to
WHERE EXISTS (SELECT project_task_id FROM project_task
- WHERE group_project_id='".$this->getID()."'
- AND project_task.project_task_id=project_assigned_to.project_task_id)";
- $res = db_query($sql);
+ WHERE group_project_id=$1
+ AND project_task.project_task_id=project_assigned_to.project_task_id)',
+ array ($this->getID())) ;
if (!$res)
{
- $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+ $this->setError('DATABASE '.db_error());
return false;
}
- $sql = "DELETE FROM project_dependencies
+ $res = db_query_params ('DELETE FROM project_dependencies
WHERE EXISTS (SELECT project_task_id FROM project_task
- WHERE group_project_id='".$this->getID()."'
- AND project_task.project_task_id=project_dependencies.project_task_id)";
- $res = db_query($sql);
+ WHERE group_project_id=$1
+ AND project_task.project_task_id=project_dependencies.project_task_id)',
+ array ($this->getID())) ;
if (!$res)
{
- $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+ $this->setError('DATABASE '.db_error());
return false;
}
- $sql = "DELETE FROM project_history
+ $res = db_query_params ('DELETE FROM project_history
WHERE EXISTS (SELECT project_task_id FROM project_task
- WHERE group_project_id='".$this->getID()."'
- AND project_task.project_task_id=project_history.project_task_id)";
- $res = db_query($sql);
+ WHERE group_project_id=$1
+ AND project_task.project_task_id=project_history.project_task_id)',
+ array ($this->getID())) ;
if (!$res)
{
- $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+ $this->setError('DATABASE '.db_error());
return false;
}
- $sql = "DELETE FROM project_messages
+ $res = db_query_params ('DELETE FROM project_messages
WHERE EXISTS (SELECT project_task_id FROM project_task
- WHERE group_project_id='".$this->getID()."'
- AND project_task.project_task_id=project_messages.project_task_id)";
- $res = db_query($sql);
+ WHERE group_project_id=$1
+ AND project_task.project_task_id=project_messages.project_task_id)',
+ array ($this->getID())) ;
if (!$res)
{
- $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+ $this->setError('DATABASE '.db_error());
return false;
}
- $sql = "DELETE FROM project_task_artifact
+ $res = db_query_params ('DELETE FROM project_task_artifact
WHERE EXISTS (SELECT project_task_id FROM project_task
- WHERE group_project_id='".$this->getID()."'
- AND project_task.project_task_id=project_task_artifact.project_task_id)";
- $res = db_query($sql);
+ WHERE group_project_id=$1
+ AND project_task.project_task_id=project_task_artifact.project_task_id)',
+ array ($this->getID())) ;
if (!$res)
{
- $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+ $this->setError('DATABASE '.db_error());
return false;
}
- $sql = "DELETE FROM rep_time_tracking
+ $res = db_query_params ('DELETE FROM rep_time_tracking
WHERE EXISTS (SELECT project_task_id FROM project_task
- WHERE group_project_id='".$this->getID()."'
- AND project_task.project_task_id=rep_time_tracking.project_task_id)";
- $res = db_query($sql);
+ WHERE group_project_id=$1
+ AND project_task.project_task_id=rep_time_tracking.project_task_id)',
+ array ($this->getID())) ;
if (!$res)
{
- $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+ $this->setError('DATABASE '.db_error());
return false;
}
- $sql = "DELETE FROM project_task
- WHERE group_project_id='".$this->getID()."'";
- $res = db_query($sql);
+ $res = db_query_params ('DELETE FROM project_task
+ WHERE group_project_id=$1',
+ array ($this->getID())) ;
if (!$res)
{
- $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+ $this->setError('DATABASE '.db_error());
return false;
}
- $sql = "DELETE FROM project_category WHERE group_project_id='".$this->getID()."'";
- $res = db_query($sql);
+ $res = db_query_params ('DELETE FROM project_category WHERE group_project_id=$1',
+ array ($this->getID())) ;
if (!$res)
{
- $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+ $this->setError('DATABASE '.db_error());
return false;
}
- $sql = "DELETE FROM project_group_list
- WHERE group_project_id='".$this->getID()."'";
- $res = db_query($sql);
+ $res = db_query_params ('DELETE FROM project_group_list WHERE group_project_id=$1',
+ array ($this->getID())) ;
if (!$res)
{
- $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+ $this->setError('DATABASE '.db_error());
return false;
}
- $sql = "DELETE FROM project_counts_agg
- WHERE group_project_id='".$this->getID()."'";
- $res = db_query($sql);
+ $res = db_query_params ('DELETE FROM project_counts_agg WHERE group_project_id=$1',
+ array ($this->getID())) ;
if (!$res)
{
- $this->setError('DATABASE '.db_error().' QUERY='.$sql);
+ $this->setError('DATABASE '.db_error());
return false;
}
@@ -593,13 +593,16 @@
return -1;
} else {
if (!isset($this->current_user_perm)) {
- $sql="SELECT role_setting.value::integer
+ $res = db_query_params ('SELECT role_setting.value::integer
FROM role_setting, user_group
- WHERE role_setting.ref_id='". $this->getID() ."'
+ WHERE role_setting.ref_id=$1
AND user_group.role_id = role_setting.role_id
- AND user_group.user_id='".user_getid()."'
- AND role_setting.section_name='pm'";
- $this->current_user_perm=db_result(db_query($sql),0,0);
+ AND user_group.user_id=$2
+ AND role_setting.section_name=$3',
+ array ($this->getID(),
+ user_getid(),
+ 'pm')) ;
+ $this->current_user_perm=db_result($res,0,0);
}
return $this->current_user_perm;
}
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectGroupFactory.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectGroupFactory.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectGroupFactory.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2000, Tim Perdue/Sourceforge
* Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -84,36 +85,32 @@
if (session_loggedin()) {
$perm =& $this->Group->getPermission( session_get_user() );
if (!$perm || !is_object($perm) || !$perm->isMember()) {
- $public_flag='=1';
- $exists = '';
+ $result = db_query_params ('SELECT * FROM project_group_list_vw WHERE group_id=$1 AND is_public=1 ORDER BY group_project_id',
+ array ($this->Group->getID())) ;
} else {
- $public_flag='<3';
if ($perm->isPMAdmin()) {
- $exists='';
+ $result = db_query_params ('SELECT * FROM project_group_list_vw WHERE group_id=$1 AND is_public<3 ORDER BY group_project_id',
+ array ($this->Group->getID())) ;
} else {
- $exists=" AND group_project_id IN (SELECT role_setting.ref_id
- FROM role_setting, user_group
- WHERE role_setting.value::integer >= 0
- AND role_setting.section_name = 'pm'
- AND role_setting.ref_id=project_group_list_vw.group_project_id
-
- AND user_group.role_id = role_setting.role_id
- AND user_group.user_id='".user_getid()."') ";
+ $result = db_query_params ('SELECT * FROM project_group_list_vw
+ WHERE group_id=$1 AND is_public<3
+ AND group_project_id IN (SELECT role_setting.ref_id
+ FROM role_setting, user_group
+ WHERE role_setting.value::integer >= 0
+ AND role_setting.section_name = $2
+ AND role_setting.ref_id=project_group_list_vw.group_project_id
+ AND user_group.role_id = role_setting.role_id
+ AND user_group.user_id=$3
+ ORDER BY group_project_id',
+ array ($this->Group->getID(),
+ 'pm',
+ user_getid())) ;
}
}
} else {
- $public_flag='=1';
- $exists = '';
+ $result = db_query_params ('SELECT * FROM project_group_list_vw WHERE group_id=$1 AND is_public=1 ORDER BY group_project_id',
+ array ($this->Group->getID())) ;
}
-
- $sql="SELECT *
- FROM project_group_list_vw
- WHERE group_id='". $this->Group->getID() ."'
- AND is_public $public_flag $exists
- ORDER BY group_project_id;";
-
- $result = db_query ($sql);
-
$rows = db_numrows($result);
if (!$result || $rows < 1) {
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectTask.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectTask.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectTask.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2000, Tim Perdue/Sourceforge
* Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -32,8 +33,8 @@
if ($data) {
//the db result handle was passed in
} else {
- $res=db_query("SELECT * FROM project_task_vw
- WHERE project_task_id='$project_task_id'");
+ $res = db_query_params ('SELECT * FROM project_task_vw WHERE project_task_id=$1',
+ array ($project_task_id)) ;
if (db_numrows($res) <1 ) {
$PROJECTTASK_OBJ["_".$project_task_id."_"]=false;
@@ -193,7 +194,8 @@
$this->data_array['project_task_id']=$project_task_id;
} else {
- $res=db_query("SELECT nextval('project_task_pk_seq') AS id");
+ $res = db_query_params ('SELECT nextval($1) AS id',
+ aarray ('project_task_pk_seq'));
if (!$project_task_id=db_result($res,0,'id')) {
$this->setError( 'Could Not Get Next Project Task ID' );
db_rollback();
@@ -202,12 +204,22 @@
$this->data_array['project_task_id']=$project_task_id;
- $sql="INSERT INTO project_task (project_task_id,group_project_id,created_by,summary,
- details,start_date,end_date,status_id,category_id,priority,percent_complete,hours,duration,parent_id)
- VALUES ('$project_task_id','". $this->ProjectGroup->getID() ."', '".user_getid()."', '". htmlspecialchars($summary) ."',
- '". htmlspecialchars($details) ."','$start_date','$end_date','1','$category_id','$priority','$percent_complete','$hours','$duration','$parent_id')";
+ $result = db_query_params ('INSERT INTO project_task (project_task_id,group_project_id,created_by,summary,details,start_date,end_date,status_id,category_id,priority,percent_complete,hours,duration,parent_id) VALUES ($1,$2,$3,$4,$5,$6,$7,8,$9,$10,$11,$12,$13,$14)',
+ array ($project_task_id,
+ $this->ProjectGroup->getID(),
+ user_getid(),
+ htmlspecialchars($summary),
+ htmlspecialchars($details),
+ $start_date,
+ $end_date,
+ 1,
+ $category_id,
+ $priority,
+ $percent_complete,
+ $hours,
+ $duration,
+ $parent_id)) ;
- $result=db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$this->setError('ProjectTask::create() Posting Failed '.db_error().$sql);
db_rollback();
@@ -239,9 +251,11 @@
* @return boolean success.
*/
function fetchData($project_task_id) {
- $res=db_query("SELECT * FROM project_task_vw
- WHERE project_task_id='$project_task_id'
- AND group_project_id='". $this->ProjectGroup->getID() ."'");
+ $res = db_query_params ('SELECT * FROM project_task_vw
+ WHERE project_task_id=$1
+ AND group_project_id=$2',
+ array ($project_task_id,
+ $this->ProjectGroup->getID())) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ProjectTask::fetchData() Invalid Task ID'.db_error());
return false;
@@ -418,11 +432,14 @@
* an id, for example an ID generated by MS Project, which needs to be restored later
*/
function setExternalID($id) {
- $res=db_query("UPDATE project_task_external_order SET external_id='$id'
- WHERE project_task_id='".$this->getID()."'");
+ $res = db_query_params ('UPDATE project_task_external_order SET external_id=$1
+ WHERE project_task_id=$2',
+ array ($id,
+ $this->getID())) ;
if (db_affected_rows($res) < 1) {
- $res=db_query("INSERT INTO project_task_external_order (project_task_id,external_id)
- VALUES ('".$this->getID()."','$id')");
+ $res = db_query_params ('INSERT INTO project_task_external_order (project_task_id,external_id) VALUES ($1, $2)',
+ array ($this->getID(),
+ $id)) ;
}
}
@@ -443,12 +460,13 @@
function getRelatedArtifacts() {
if (!$this->relatedartifacts) {
$this->relatedartifacts=
- db_query("SELECT agl.group_id,agl.name,agl.group_artifact_id,a.artifact_id,a.open_date,a.summary
+ db_query_params ('SELECT agl.group_id,agl.name,agl.group_artifact_id,a.artifact_id,a.open_date,a.summary
FROM artifact_group_list agl, artifact a
WHERE a.group_artifact_id=agl.group_artifact_id
AND EXISTS (SELECT artifact_id FROM project_task_artifact
WHERE artifact_id=a.artifact_id
- AND project_task_id='". $this->getID() ."')");
+ AND project_task_id=$1',
+ array ($this->getID())) ;
}
return $this->relatedartifacts;
}
@@ -473,8 +491,9 @@
if ($art_array[$i] < 1) {
continue;
}
- $res=db_query("INSERT INTO project_task_artifact (project_task_id,artifact_id)
- VALUES ('".$this->getID()."','".$art_array[$i]."')");
+ $res = db_query_params ('INSERT INTO project_task_artifact (project_task_id,artifact_id) VALUES ($1,$2)',
+ array ($this->getID(),
+ $art_array[$i])) ;
if (!$res) {
$this->setError('Error inserting artifact relationship: '.db_error());
return false;
@@ -496,9 +515,11 @@
}
for ($i=0; $i<count($art_array); $i++) {
- $res=db_query("DELETE FROM project_task_artifact
- WHERE project_task_id='".$this->getID()."'
- AND artifact_id='".$art_array[$i]."'");
+ $res = db_query_params ('DELETE FROM project_task_artifact
+ WHERE project_task_id=$1
+ AND artifact_id=$2',
+ array ($this->getID(),
+ $art_array[$i])) ;
if (!$res) {
$this->setError('Error deleting artifact relationship: '.db_error());
return false;
@@ -524,43 +545,50 @@
}
db_begin();
- $res = db_query("DELETE FROM project_assigned_to WHERE project_task_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM project_assigned_to WHERE project_task_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error deleting assigned users relationship: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM project_dependencies WHERE project_task_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM project_dependencies WHERE project_task_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error deleting dependencies: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM project_history WHERE project_task_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM project_history WHERE project_task_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error deleting history: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM project_messages WHERE project_task_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM project_messages WHERE project_task_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error deleting messages: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM project_task_artifact WHERE project_task_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM project_task_artifact WHERE project_task_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error deleting artifacts: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM rep_time_tracking WHERE project_task_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM rep_time_trackingWHERE project_task_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error deleting time tracking report: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM project_task WHERE project_task_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM project_task WHERE project_task_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error deleting task: '.db_error());
db_rollback();
@@ -582,15 +610,21 @@
// May not yet have an ID, if we are creating a NEW task
//
if ($this->getID()) {
- $addstr=" AND project_task_id <> '". $this->getID() ."' ";
+ return db_query_params ('SELECT project_task_id,summary
+ FROM project_task
+ WHERE group_project_id=$1
+ AND project_task_id <> $2
+ ORDER BY project_task_id DESC',
+ array ($this->ProjectGroup->getID(),
+ $this->getID())) ;
} else {
- $addstr='';
+ return db_query_params ('SELECT project_task_id,summary
+ FROM project_task
+ WHERE group_project_id=$1
+ ORDER BY project_task_id DESC',
+ array ($this->ProjectGroup->getID(),
+ $this->getID())) ;
}
- $sql="SELECT project_task_id,summary
- FROM project_task
- WHERE group_project_id='". $this->ProjectGroup->getID() ."'
- $addstr ORDER BY project_task_id DESC";
- return db_query($sql);
}
/**
@@ -599,11 +633,12 @@
* @return database result set.
*/
function getHistory() {
- $sql="SELECT *
+ $sql="";
+ return db_query_params ('SELECT *
FROM project_history_user_vw
- WHERE project_task_id='". $this->getID() ."'
- ORDER BY mod_date DESC";
- return db_query($sql);
+ WHERE project_task_id=$1
+ ORDER BY mod_date DESC',
+ array ($this->getID())) ;
}
/**
@@ -612,10 +647,11 @@
* @return database result set.
*/
function getMessages() {
- $sql="select *
- FROM project_message_user_vw
- WHERE project_task_id='". $this->getID() ."' ORDER BY postdate DESC";
- return db_query($sql);
+ return db_query_params ('SELECT *
+ FROM project_message_user_vw
+ WHERE project_task_id=$1
+ ORDER BY postdate DESC',
+ array ($this->getID())) ;
}
/**
@@ -629,13 +665,17 @@
if ($this->getDetails() == htmlspecialchars($message)) {
return true;
}
- $res=db_query("SELECT * FROM project_messages
- WHERE project_task_id='".$this->getID()."'
- AND body='". htmlspecialchars($message) ."'");
+ $res = db_query_params ('SELECT * FROM project_messages
+ WHERE project_task_id=$1
+ AND body=$2',
+ array ($this->getID(),
+ htmlspecialchars($message))) ;
if (!$res || db_numrows($res) < 1) {
- $sql="INSERT INTO project_messages (project_task_id,body,posted_by,postdate)
- VALUES ('". $this->getID() ."','". htmlspecialchars($message) ."','".user_getid()."','". time() ."')";
- $res=db_query($sql);
+ $res = db_query_params ('INSERT INTO project_messages (project_task_id,body,posted_by,postdate) VALUES ($1,$2,$3,$4)',
+ array ($this->getID(),
+ htmlspecialchars($message),
+ user_getid(),
+ time())) ;
if (!$res || db_affected_rows($res) < 1) {
$this->setError('AddMessage():: '.db_error());
return false;
@@ -657,7 +697,12 @@
function addHistory ($field_name,$old_value) {
$sql="insert into project_history(project_task_id,field_name,old_value,mod_by,mod_date)
VALUES ('". $this->getID() ."','$field_name','$old_value','".user_getid()."','".time()."')";
- $result=db_query($sql);
+ $result = db_query_params ('INSERT INTO project_history (project_task_id,field_name,old_value,mod_by,mod_date) VALUES ($1,$2,$3,$4,$5)',
+ array ($this->getID(),
+ $field_name,
+ $old_value,
+ user_getid(),
+ time())) ;
if (!$result) {
$this->setError('ERROR IN AUDIT TRAIL - '.db_error());
return false;
@@ -682,9 +727,10 @@
return false;
}
- $res=db_query("SELECT is_dependent_on_task_id AS id
+ $res = db_query_params ('SELECT is_dependent_on_task_id AS id
FROM project_dependencies
- WHERE project_task_id='$depend_on_id'");
+ WHERE project_task_id=$1',
+ array ($depend_on_id)) ;
$rows=db_numrows($res);
for ($i=0; $i<$rows; $i++) {
@@ -719,9 +765,11 @@
$del_arr = array_values (array_diff ($arr2, $arr));
//echo "del arr: ".print_r($del_arr);
for ($i=0; $i<count($del_arr); $i++) {
- db_query("DELETE FROM project_dependencies
- WHERE project_task_id='".$this->getID()."'
- AND is_dependent_on_task_id='". $del_arr[$i] ."'");
+ db_query_params ('DELETE FROM project_dependencies
+ WHERE project_task_id=$1
+ AND is_dependent_on_task_id=$2',
+ array ($this->getID(),
+ $del_arr[$i])) ;
if (db_error()) {
$this->setError('setDependentOn()-1:: '.db_error());
return false;
@@ -738,9 +786,10 @@
if (!$lnk) {
$lnk=PM_LINK_DEFAULT;
}
- $sql="INSERT INTO project_dependencies (project_task_id,is_dependent_on_task_id,link_type)
- VALUES ('".$this->getID()."','". $add_arr[$i] ."','$lnk')";
- db_query($sql);
+ db_query_params ('INSERT INTO project_dependencies (project_task_id,is_dependent_on_task_id,link_type) VALUES ($1,$2,$3)',
+ array ($this->getID(),
+ $add_arr[$i],
+ $lnk)) ;
if (db_error()) {
$this->setError('setDependentOn()-2:: '.db_error().$sql);
return false;
@@ -786,9 +835,10 @@
return $this->dependon;
}
if (!$this->dependon) {
- $res=db_query("SELECT is_dependent_on_task_id,link_type
+ $res = db_query_params ('SELECT is_dependent_on_task_id,link_type
FROM project_dependencies
- WHERE project_task_id='".$this->getID()."'");
+ WHERE project_task_id=$1',
+ array ($this->getID())) ;
for ($i=0; $i<db_numrows($res); $i++) {
$this->dependon[db_result($res,$i,'is_dependent_on_task_id')] = db_result($res,$i,'link_type');
}
@@ -818,17 +868,20 @@
$add_arr = array_values(array_diff ($arr, $arr2));
$del_arr = array_values(array_diff ($arr2, $arr));
for ($i=0; $i<count($del_arr); $i++) {
- db_query("DELETE FROM project_assigned_to
- WHERE project_task_id='".$this->getID()."'
- AND assigned_to_id='". $del_arr[$i] ."'");
+ db_query_params ('DELETE FROM project_assigned_to
+ WHERE project_task_id=$1
+ AND assigned_to_id=$2',
+ array ($this->getID(),
+ $del_arr[$i])) ;
if (db_error()) {
$this->setError('setAssignedTo()-1:: '.db_error());
return false;
}
}
for ($i=0; $i<count($add_arr); $i++) {
- db_query("INSERT INTO project_assigned_to (project_task_id,assigned_to_id)
- VALUES ('".$this->getID()."','". $add_arr[$i] ."')");
+ db_query_params ('INSERT INTO project_assigned_to (project_task_id,assigned_to_id) VALUES ($1,$2)',
+ array ($this->getID(),
+ $add_arr[$i])) ;
if (db_error()) {
$this->setError('setAssignedTo()-2:: '.db_error());
return false;
@@ -851,9 +904,8 @@
return $this->assignedto;
}
if (!$this->assignedto) {
- $this->assignedto =& util_result_column_to_array(db_query("SELECT assigned_to_id
- FROM project_assigned_to
- WHERE project_task_id='".$this->getID()."'"));
+ $this->assignedto =& util_result_column_to_array(db_query_params('SELECT assigned_to_id FROM project_assigned_to WHERE project_task_id=$1',
+ array ($this->getID()))) ;
}
return $this->assignedto;
}
@@ -1025,22 +1077,33 @@
db_rollback();
return false;
} else {
- $sql="UPDATE project_task SET
- summary='".htmlspecialchars($summary)."',
- priority='$priority',
- hours='$hours',
- start_date='$start_date',
- end_date='$end_date',
- status_id='$status_id',
- percent_complete='$percent_complete',
- category_id='$category_id',
- group_project_id='$new_group_project_id',
- duration='$duration',
- parent_id='$parent_id'
- WHERE group_project_id='$group_project_id'
- AND project_task_id='".$this->getID()."'";
-
- $res=db_query($sql);
+ $res = db_query_params ('UPDATE project_task SET
+ summary=$1,
+ priority=$2,
+ hours=$3,
+ start_date=$4,
+ end_date=$5,
+ status_id=$6,
+ percent_complete=$7,
+ category_id=$8,
+ group_project_id=$9,
+ duration=$10,
+ parent_id=$11
+ WHERE group_project_id=$12
+ AND project_task_id=$13',
+ array (htmlspecialchars($summary),
+ $priority,
+ $hours,
+ $start_date,
+ $end_date,
+ $status_id,
+ $percent_complete,
+ $category_id,
+ $new_group_project_id,
+ $duration,
+ $parent_id,
+ $group_project_id,
+ $this->getID())) ;
if (!$res) {
$this->setError('Error On ProjectTask::update-5: '.db_error().$sql);
db_rollback();
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectTaskFactory.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectTaskFactory.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectTaskFactory.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2000, Tim Perdue/Sourceforge
* Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -145,7 +146,7 @@
}
$this->max_rows=$max_rows;
}
-
+
/**
* getTasks - get an array of ProjectTask objects.
*
@@ -156,62 +157,35 @@
return $this->project_tasks;
}
- //if status selected, and more to where clause
- if ($this->status && ($this->status != 100)) {
- //for open tasks, add status=100 to make sure we show all
- $status_str="AND project_task_vw.status_id IN (".$this->status.(($this->status==1)?',100':'').")";
+ if ($this->order=='priority') {
+ $order = 'ORDER BY priority DESC' ;
} else {
- //no status was chosen, so don't add it to where clause
- $status_str='';
+ $order = "ORDER BY $this->order ASC" ;
}
- //if assigned to selected, and more to where clause
if ($this->assigned_to) {
- if (is_array ($this->assigned_to)) {
- $assigned_str="AND project_assigned_to.assigned_to_id IN (".join ($this->assigned_to,', ').")";
- } else {
- $assigned_str="AND project_assigned_to.assigned_to_id='".$this->assigned_to."'";
- }
- $assigned_str2=',project_assigned_to';
- $assigned_str3='project_task_vw.project_task_id=project_assigned_to.project_task_id AND';
-
+ $tat = $this->assigned_to ;
+ if (! is_array ($tat))
+ $tat = array ($tat) ;
+
+ $result = db_query_params ('SELECT project_task_vw.*, project_task_external_order.external_id
+ FROM project_task_vw natural left join project_task_external_order, project_assigned_to
+ WHERE project_task_vw.project_task_id=project_assigned_to.project_task_id
+ AND project_task_vw.group_project_id = $1
+ AND project_assigned_to.assigned_to_id = ANY ($2)' . $order,
+ array ($this->ProjectGroup->getID(),
+ db_int_array_to_any_clause ($tat)),
+ $this->max_rows,
+ $this->offset) ;
} else {
- //no assigned to was chosen, so don't add it to where clause
- $assigned_str='';
- $assigned_str2='';
- $assigned_str3='';
+ $result = db_query_params ('SELECT project_task_vw.*, project_task_external_order.external_id
+ FROM project_task_vw natural left join project_task_external_order
+ WHERE project_task_vw.group_project_id = $1' . $order,
+ array ($this->ProjectGroup->getID()),
+ $this->max_rows,
+ $this->offset) ;
}
- if ($this->category) {
- $cat_str="AND project_task_vw.category_id='".$this->category."'";
- } else {
- $cat_str='';
- }
-
- //
- // sort using an external ID useful only to something like MS Project
- //
- if ($this->order=='external_id') {
- $ext_str='natural left join project_task_external_order';
- $ext_fld_str=',project_task_external_order.external_id';
- } else {
- $ext_str='';
- $ext_fld_str='';
- }
-
-/*
-select project_task_vw.*,project_assigned_to.* FROM project_task_vw,project_assigned_to
-WHERE project_assigned_to.project_task_id=project_task_vw.project_task_id;
-*/
- $sql="SELECT project_task_vw.* $ext_fld_str
- FROM project_task_vw $ext_str $assigned_str2
- WHERE $assigned_str3 project_task_vw.group_project_id='". $this->ProjectGroup->getID() ."'
- $assigned_str $status_str $cat_str
- ORDER BY ".$this->order.(($this->order=='priority') ? ' DESC ':' ');
-
-//echo $sql;
-
- $result=db_query($sql,($this->max_rows),$this->offset);
$rows = db_numrows($result);
$this->fetched_rows=$rows;
if (db_error()) {
@@ -221,6 +195,21 @@
$this->project_tasks = array();
while ($arr =& db_fetch_array($result)) {
+ if ($this->status && ($this->status != 100)) {
+ if ($this->status == 1) {
+ if ($arr['status_id'] != 1 && $arr['status_id'] != 100)
+ continue ;
+ } else {
+ if ($arr['status_id'] != $this->status)
+ continue ;
+ }
+ }
+
+ if ($this->category) {
+ if ($arr['category_id'] != $this->category_id)
+ continue ;
+ }
+
$this->project_tasks[] = new ProjectTask($this->ProjectGroup, $arr['project_task_id'], $arr);
}
return $this->project_tasks;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectTasksForUser.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectTasksForUser.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/ProjectTasksForUser.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2000, Tim Perdue/Sourceforge
* Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -54,9 +55,9 @@
* @param the SQL query to use to fetch the tasks
* @return an array of ProjectTask objects
*/
- function &getTasksFromSQL ($sql) {
+ function &getTasksFromSQLwithParams ($sql, $params) {
$tasks = array();
- $result=db_query($sql);
+ $result = db_query_params ($sql, $params);
$rows=db_numrows($result);
for ($i=0; $i < $rows; $i++) {
$project_task_id = db_result($result,$i,'project_task_id');
@@ -73,7 +74,7 @@
* @return an array of ProjectTask objects
*/
function &getTasksByGroupProjectName () {
- $sql = "SELECT ptv.*,g.group_name,pgl.project_name
+ return $this->getTasksFromSQLwithParams ('SELECT ptv.*,g.group_name,pgl.project_name
FROM project_task_vw ptv,
project_assigned_to pat,
groups g,
@@ -82,16 +83,16 @@
AND pgl.group_id=g.group_id
AND pgl.group_project_id=ptv.group_project_id
AND ptv.status_id=1
- AND pat.assigned_to_id='".$this->User->getID()."'
- ORDER BY group_name,project_name";
- return $this->getTasksFromSQL($sql);
+ AND pat.assigned_to_id=$1
+ ORDER BY group_name,project_name',
+ array ($this->User->getID())) ;
}
function &getTasksForToday() {
$now = getdate();
$today = mktime (18, 00, 00, $now['mon'], $now['mday'], $now['year']);
- $sql = "SELECT ptv.*,g.group_name,pgl.project_name
+ return $this->getTasksFromSQLwithParams ('SELECT ptv.*,g.group_name,pgl.project_name
FROM project_task_vw ptv,
project_assigned_to pat,
groups g,
@@ -99,11 +100,12 @@
WHERE ptv.project_task_id=pat.project_task_id
AND pgl.group_id=g.group_id
AND pgl.group_project_id=ptv.group_project_id
- AND ptv.start_date < '$today'
+ AND ptv.start_date < $1
AND ptv.status_id=1
- AND pat.assigned_to_id='".$this->User->getID()."'
- ORDER BY group_name,project_name";
- return $this->getTasksFromSQL($sql);
+ AND pat.assigned_to_id=$2
+ ORDER BY group_name,project_name',
+ array ($today,
+ $this->User->getID())) ;
}
}
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/Validator.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/Validator.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/pm/Validator.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2000, Tim Perdue/Sourceforge
* Copyright 2002, Tim Perdue/GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/Artifact.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/Artifact.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/Artifact.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2001, VA Linux Systems, Inc.
* Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -44,7 +45,8 @@
if ($data) {
//the db result handle was passed in
} else {
- $res=db_query("SELECT * FROM artifact_vw WHERE artifact_id='$artifact_id'");
+ $res = db_query_params ('SELECT * FROM artifact_vw WHERE artifact_id=$1',
+ array ($artifact_id)) ;
if (db_numrows($res) <1 ) {
$ARTIFACT_OBJ["_".$artifact_id."_"]=false;
return false;
@@ -226,13 +228,18 @@
db_begin();
- $sql="INSERT INTO artifact
+ $res = db_query_params ('INSERT INTO artifact
(group_artifact_id,status_id,priority,
submitted_by,assigned_to,open_date,summary,details)
- VALUES
- ('".$this->ArtifactType->getID()."','$status_id','$priority',
- '$user','$assigned_to','". time() ."','". htmlspecialchars($summary)."','". htmlspecialchars($details)."')";
- $res=db_query($sql);
+ VALUES ($1,$2,$3,$4,$5,$6,$7,$8)',
+ array ($this->ArtifactType->getID(),
+ $status_id,
+ $priority,
+ $user,
+ $assigned_to,
+ time(),
+ htmlspecialchars($summary),
+ htmlspecialchars($details))) ;
if (!$res) {
$this->setError('Artifact: '.db_error());
db_rollback();
@@ -278,8 +285,9 @@
* @return boolean success.
*/
function fetchData($artifact_id) {
- $res=db_query("SELECT * FROM artifact_vw
- WHERE artifact_id='$artifact_id' AND group_artifact_id='".$this->ArtifactType->getID()."'");
+ $res = db_query_params ('SELECT * FROM artifact_vw WHERE artifact_id=$1 AND group_artifact_id=$2',
+ array ($artifact_id,
+ $this->ArtifactType->getID())) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('Artifact: Invalid ArtifactID');
return false;
@@ -467,37 +475,43 @@
return false;
}
db_begin();
- $res = db_query("DELETE FROM artifact_extra_field_data WHERE artifact_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM artifact_extra_field_data WHERE artifact_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error deleting extra field data: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM artifact_file WHERE artifact_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM artifact_file WHERE artifact_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error deleting file from db: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM artifact_message WHERE artifact_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM artifact_message WHERE artifact_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error deleting message: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM artifact_history WHERE artifact_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM artifact_history WHERE artifact_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error deleting history: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM artifact_monitor WHERE artifact_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM artifact_monitor WHERE artifact_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error deleting monitor: '.db_error());
db_rollback();
return false;
}
- $res = db_query("DELETE FROM artifact WHERE artifact_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM artifact WHERE artifact_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error deleting artifact: '.db_error());
db_rollback();
@@ -505,16 +519,18 @@
}
if ($this->getStatusID() == 1) {
- $res = db_query("UPDATE artifact_counts_agg SET count=count-1,open_count=open_count-1
- WHERE group_artifact_id='".$this->getID()."'");
+ $res = db_query_params ('UPDATE artifact_counts_agg SET count=count-1,open_count=open_count-1
+ WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error updating artifact_counts_agg (1): '.db_error());
db_rollback();
return false;
}
} elseif ($this->getStatusID() == 2) {
- $res = db_query("UPDATE artifact_counts_agg SET count=count-1
- WHERE group_artifact_id='".$this->getID()."'");
+ $res = db_query_params ('UPDATE artifact_counts_agg SET count=count-1
+ WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
if (!$res) {
$this->setError('Error updating artifact_counts_agg (2): '.db_error());
db_rollback();
@@ -549,14 +565,15 @@
}
- $res=db_query("SELECT * FROM artifact_monitor
- WHERE artifact_id='". $this->getID() ."'
- AND user_id='$user_id'");
+ $res = db_query_params ('SELECT * FROM artifact_monitor WHERE artifact_id=$1 AND user_id=$2',
+ array ($this->getID(),
+ $user_id)) ;
if (!$res || db_numrows($res) < 1) {
//not yet monitoring
- $res=db_query("INSERT INTO artifact_monitor (artifact_id,user_id)
- VALUES ('". $this->getID() ."','$user_id')");
+ $res = db_query_params ('INSERT INTO artifact_monitor (artifact_id,user_id) VALUES ($1,$2)',
+ array ($this->getID(),
+ $user_id)) ;
if (!$res) {
$this->setError(db_error());
return false;
@@ -566,9 +583,11 @@
}
} else {
//already monitoring - remove their monitor
- db_query("DELETE FROM artifact_monitor
- WHERE artifact_id='". $this->getID() ."'
- AND user_id='$user_id'");
+ db_query_params ('DELETE FROM artifact_monitor
+ WHERE artifact_id=$1
+ AND user_id=$2',
+ array ($this->getID(),
+ $user_id)) ;
$this->setError(_('Artifact Monitoring Deactivated'));
return false;
}
@@ -578,8 +597,9 @@
if (!session_loggedin()) {
return false;
}
- $sql="SELECT count(*) AS count FROM artifact_monitor WHERE user_id='".user_getid()."' AND artifact_id='".$this->getID()."';";
- $result = db_query($sql);
+ $result = db_query_params ('SELECT count(*) AS count FROM artifact_monitor WHERE user_id=$1 AND artifact_id=$2',
+ array (user_getid(),
+ $this->getID())) ;
$row_count = db_fetch_array($result);
return $result && $row_count['count'] > 0;
}
@@ -590,9 +610,8 @@
* @return array of email addresses monitoring this Artifact.
*/
function getMonitorIds() {
- $res=db_query("SELECT user_id
- FROM artifact_monitor
- WHERE artifact_id='". $this->getID() ."'");
+ $res = db_query_params ('SELECT user_id FROM artifact_monitor WHERE artifact_id=$1',
+ array ($this->getID())) ;
return array_unique(array_merge($this->ArtifactType->getMonitorIds(),util_result_column_to_array($res)));
}
@@ -602,11 +621,8 @@
* @return database result set.
*/
function getHistory() {
- $sql="SELECT * ".
- "FROM artifact_history_user_vw ".
- "WHERE artifact_id='". $this->getID() ."' ".
- "ORDER BY entrydate DESC";
- return db_query($sql);
+ return db_query_params ('SELECT * FROM artifact_history_user_vw WHERE artifact_id=$1 ORDER BY entrydate DESC',
+ array ($this->getID())) ;
}
/**
@@ -615,10 +631,8 @@
* @return database result set.
*/
function getMessages() {
- $sql="select * ".
- "FROM artifact_message_user_vw ".
- "WHERE artifact_id='". $this->getID() ."' ORDER BY adddate DESC";
- return db_query($sql);
+ return db_query_params ('SELECT * FROM artifact_message_user_vw WHERE artifact_id=$1 ORDER BY adddate DESC',
+ array ($this->getID())) ;
}
/**
@@ -643,10 +657,8 @@
*/
function &getFiles() {
if (!isset($this->files)) {
- $sql="select * ".
- "FROM artifact_file_user_vw ".
- "WHERE artifact_id='". $this->getID() ."'";
- $res=db_query($sql);
+ $res = db_query_params ('SELECT * FROM artifact_file_user_vw WHERE artifact_id=$1',
+ array ($this->getID())) ;
$rows=db_numrows($res);
if ($rows > 0) {
for ($i=0; $i < $rows; $i++) {
@@ -666,13 +678,13 @@
*/
function getRelatedTasks() {
if (!$this->relatedtasks) {
- $this->relatedtasks=
- db_query("SELECT pt.group_project_id,pt.project_task_id,pt.summary,pt.start_date,pt.end_date,pgl.group_id
+ $this->relatedtasks = db_query_params ('SELECT pt.group_project_id,pt.project_task_id,pt.summary,pt.start_date,pt.end_date,pgl.group_id
FROM project_task pt, project_group_list pgl
WHERE pt.group_project_id = pgl.group_project_id AND
EXISTS (SELECT project_task_id FROM project_task_artifact
WHERE project_task_id=pt.project_task_id
- AND artifact_id = ". $this->getID() . ")");
+ AND artifact_id = $1',
+ array ($this->getID())) ;
}
return $this->relatedtasks;
}
@@ -712,9 +724,12 @@
}
}
- $sql="insert into artifact_message (artifact_id,submitted_by,from_email,adddate,body) ".
- "VALUES ('". $this->getID() ."','$user_id','$by','". time() ."','". htmlspecialchars($body). "')";
- $res = db_query($sql);
+ $res = db_query_params ('INSERT INTO artifact_message (artifact_id,submitted_by,from_email,adddate,body) VALUES ($1,$2,$3,$4,$5)',
+ array ($this->getID(),
+ $user_id,
+ $by,
+ time(),
+ htmlspecialchars($body))) ;
if ($send_followup) {
$this->mailFollowup(2,false);
}
@@ -735,9 +750,12 @@
} else {
$user=user_getid();
}
- $sql="insert into artifact_history(artifact_id,field_name,old_value,mod_by,entrydate)
- VALUES ('". $this->getID() ."','$field_name','".addslashes($old_value)."','$user','". time() ."')";
- return db_query($sql);
+ return db_query_params ('INSERT INTO artifact_history(artifact_id,field_name,old_value,mod_by,entrydate) VALUES ($1,$2,$3,$4,$5)',
+ array ($this->getID(),
+ $field_name,
+ addslashes($old_value),
+ $user,
+ time())) ;
}
/**
@@ -806,7 +824,8 @@
//
// Get a lock on this row in the database
//
- $lock=db_query("SELECT * FROM artifact WHERE artifact_id='".$this->getID()."' FOR UPDATE");
+ $lock = db_query_params ('SELECT * FROM artifact WHERE artifact_id=$1 FOR UPDATE',
+ array ($this->getID())) ;
$artifact_type_id = $this->ArtifactType->getID();
//
// Attempt to move this Artifact to a new ArtifactType
@@ -842,7 +861,8 @@
// exist in the new tracker. All extra_fields will be deleted and
// then set to 100 in the new tracker.
//
- $res=db_query("DELETE FROM artifact_extra_field_data WHERE artifact_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM artifact_extra_field_data WHERE artifact_id=$1',
+ array ($this->getID())) ;
$extra_fields=array();
}
@@ -1028,20 +1048,18 @@
} elseif (($type == ARTIFACT_EXTRAFIELDTYPE_MULTISELECT) || ($type == ARTIFACT_EXTRAFIELDTYPE_CHECKBOX)) {
$extra_fields[$efid]=array('100');
} else {
- $resdel=db_query("DELETE FROM artifact_extra_field_data
- WHERE
- artifact_id='".$this->getID()."'
- AND extra_field_id='".$efid."'");
+ $resdel = db_query_params ('DELETE FROM artifact_extra_field_data WHERE artifact_id=$1 AND extra_field_id=$2',
+ array ($this->getID(),
+ $efid)) ;
continue;
}
}
//
// get the old rows of data
//
- $resd=db_query("SELECT * FROM artifact_extra_field_data
- WHERE
- artifact_id='".$this->getID()."'
- AND extra_field_id='".$efid."'");
+ $resd = db_query_params ('SELECT * FROM artifact_extra_field_data WHERE artifact_id=$1 AND extra_field_id=$2',
+ array ($this->getID(),
+ $efid)) ;
$rows=db_numrows($resd);
if ($resd && $rows) {
//
@@ -1069,11 +1087,10 @@
$this->addHistory($field_name, $this->ArtifactType->getElementName($deleted_values));
}
-
- $resdel=db_query("DELETE FROM artifact_extra_field_data
- WHERE
- artifact_id='".$this->getID()."'
- AND extra_field_id='".$efid."'");
+
+ $resdel = db_query_params ('DELETE FROM artifact_extra_field_data WHERE artifact_id=$1 AND extra_field_id=$2',
+ array ($this->getID(),
+ $efid)) ;
} else {
continue;
}
@@ -1084,10 +1101,9 @@
//element DID change - do a history entry
$field_name = $ef[$efid]['field_name'];
$changes["extra_fields"][$efid] = 1;
- $resdel=db_query("DELETE FROM artifact_extra_field_data
- WHERE
- artifact_id='".$this->getID()."'
- AND extra_field_id='".$efid."'");
+ $resdel = db_query_params ('DELETE FROM artifact_extra_field_data WHERE artifact_id=$1 AND extra_field_id=$2',
+ array ($this->getID(),
+ $efid)) ;
if (($type == ARTIFACT_EXTRAFIELDTYPE_SELECT) || ($type == ARTIFACT_EXTRAFIELDTYPE_RADIO) || ($type == ARTIFACT_EXTRAFIELDTYPE_STATUS)) {
//don't add history for text fields
$this->addHistory($field_name,$this->ArtifactType->getElementName(db_result($resd,0,'field_data')));
@@ -1110,10 +1126,10 @@
$multi_rows=true;
$count=count($extra_fields[$efid]);
for ($fin=0; $fin<$count; $fin++) {
- $sql="INSERT INTO artifact_extra_field_data (artifact_id,extra_field_id,field_data)
- values ('".$this->getID()."','".$efid."',
- '".$extra_fields[$efid][$fin]."')";
- $res=db_query($sql);
+ $res = db_query_params ('INSERT INTO artifact_extra_field_data (artifact_id,extra_field_id,field_data) VALUES ($1,$2,$3)',
+ array ($this->getID(),
+ $efid,
+ $extra_fields[$efid][$fin])) ;
if (!$res) {
$this->setError('Artifact::updateExtraFields:: '.$sql.db_error());
return false;
@@ -1122,9 +1138,10 @@
} else {
$multi_rows=false;
$count=1;
- $res=db_query("INSERT INTO artifact_extra_field_data (artifact_id,extra_field_id,field_data)
- values ('".$this->getID()."','".$efid."',
- '".htmlspecialchars($extra_fields[$efid])."')");
+ $res = db_query_params ('INSERT INTO artifact_extra_field_data (artifact_id,extra_field_id,field_data) VALUES ($1,$2,$3)',
+ array ($this->getID(),
+ $efid,
+ htmlspecialchars($extra_fields[$efid]))) ;
if (!$res) {
$this->setError('Artifact::updateExtraFields:: '.db_error());
return false;
@@ -1144,8 +1161,8 @@
function &getExtraFieldData() {
if (!isset($this->extra_field_data)) {
$this->extra_field_data = array();
- $res=db_query("SELECT * FROM artifact_extra_field_data
- WHERE artifact_id='".$this->getID()."' ORDER BY extra_field_id");
+ $res = db_query_params ('SELECT * FROM artifact_extra_field_data WHERE artifact_id=$1 ORDER BY extra_field_id',
+ array ($this->getID())) ;
$ef = $this->ArtifactType->getExtraFields();
while ($arr = db_fetch_array($res)) {
$type=$ef[$arr['extra_field_id']]['field_type'];
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactBoxOptions.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactBoxOptions.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactBoxOptions.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2004, Anthony J. Pugliese
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -97,10 +98,10 @@
$this->setPermissionDeniedError();
return false;
}
- $sql="INSERT INTO artifact_group_selection_box_options (artifact_box_id,box_options_name)
- VALUES ('$id','".htmlspecialchars($name)."')";
+ $result = db_query_params ('INSERT INTO artifact_group_selection_box_options (artifact_box_id,box_options_name) VALUES ($1,$2)',
+ array ($id,
+ htmlspecialchars($name))) ;
- $result=db_query($sql);
if ($result && db_affected_rows($result) > 0) {
$this->clearError();
return true;
@@ -127,7 +128,8 @@
* @return boolean success.
*/
function fetchData($id) {
- $res=db_query("SELECT * FROM artifact_group_selection_box_options WHERE id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_group_selection_box_options WHERE id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactSelectionBox: Invalid Artifact ID');
return false;
@@ -193,11 +195,11 @@
$this->setMissingParamsError();
return false;
}
- $sql="UPDATE artifact_group_selection_box_options
- SET box_options_name='".htmlspecialchars($name)."'
- WHERE id='$id'";
-// AND artifact_box_id='$boxid'";
- $result=db_query($sql);
+ $result = db_query_params ('UPDATE artifact_group_selection_box_options
+ SET box_options_name=$1
+ WHERE id=$2',
+ array (htmlspecialchars($name),
+ $id)) ;
if ($result && db_affected_rows($result) > 0) {
return true;
} else {
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactCanned.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactCanned.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactCanned.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2001, VA Linux Systems, Inc.
* Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -96,13 +97,11 @@
$this->setPermissionDeniedError();
return false;
}
+ $result = db_query_params ('INSERT INTO artifact_canned_responses (group_artifact_id,title,body) VALUES ($1,$2,$3)',
+ array ($this->ArtifactType->getID(),
+ htmlspecialchars($title),
+ htmlspecialchars($body))) ;
- $sql="INSERT INTO artifact_canned_responses (group_artifact_id,title,body)
- VALUES ('".$this->ArtifactType->getID()."',
- '". htmlspecialchars($title) ."','". htmlspecialchars($body) ."')";
-
- $result=db_query($sql);
-
if ($result && db_affected_rows($result) > 0) {
$this->clearError();
return true;
@@ -128,7 +127,8 @@
* @return boolean success.
*/
function fetchData($id) {
- $res=db_query("SELECT * FROM artifact_canned_responses WHERE id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_canned_responses WHERE id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactCanned: Invalid ArtifactCanned ID');
return false;
@@ -195,7 +195,13 @@
SET title='". htmlspecialchars($title) ."',body='". htmlspecialchars($body) ."'
WHERE group_artifact_id='". $this->ArtifactType->getID() ."' AND id='". $this->getID() ."'";
- $result=db_query($sql);
+ $result = db_query_params ('UPDATE artifact_canned_responses
+ SET title=$1,body=$2,
+ WHERE group_artifact_id=$3 AND id=$4',
+ array (htmlspecialchars($title),
+ htmlspecialchars($body),
+ $this->ArtifactType->getID(),
+ $this->getID())) ;
if ($result && db_affected_rows($result) > 0) {
return true;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactExtraField.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactExtraField.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactExtraField.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2004, Anthony J. Pugliese
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -121,13 +122,16 @@
return false;
}
- $sql="INSERT INTO artifact_extra_field_list (group_artifact_id,field_name,
- field_type,attribute1,attribute2,is_required,alias)
- VALUES ('".$this->ArtifactType->getID()."','".htmlspecialchars($name)."',
- '$field_type','$attribute1','$attribute2','$is_required','$alias')";
-
db_begin();
- $result=db_query($sql);
+ $result = db_query_params ('INSERT INTO artifact_extra_field_list (group_artifact_id,field_name,field_type,attribute1,attribute2,is_required,alias)
+ VALUES ($1,$2,$3,$4,$5,$6,$7)',
+ array ($this->ArtifactType->getID(),
+ htmlspecialchars($name),
+ $field_type,
+ $attribute1,
+ $attribute2,
+ $is_required,
+ $alias));
if ($result && db_affected_rows($result) > 0) {
$this->clearError();
@@ -147,35 +151,47 @@
//
// Must insert some default statuses for each artifact
//
- $reso=db_query("INSERT INTO artifact_extra_field_elements(extra_field_id,element_name,status_id)
- values ('$id','Open','1')");
+ $reso = db_query_params ('INSERT INTO artifact_extra_field_elements(extra_field_id,element_name,status_id) VALUES ($1,$2,$3)',
+ array ($id,
+ 'Open',
+ 1)) ;
if (!$reso) {
echo db_error();
} else {
$resoid=db_insertid($reso,'artifact_extra_field_elements','element_id');
- db_query("INSERT INTO artifact_extra_field_data(artifact_id,field_data,extra_field_id)
- SELECT artifact_id,$resoid,$id FROM artifact
- WHERE group_artifact_id='".$this->ArtifactType->getID()."'
- AND status_id=1");
+ db_query_params ('INSERT INTO artifact_extra_field_data(artifact_id,field_data,extra_field_id)
+ SELECT artifact_id,$1,$2 FROM artifact
+ WHERE group_artifact_id=$3
+ AND status_id=1',
+ array ($resoid,
+ $id,
+ $this->ArtifactType->getID())) ;
}
- $resc=db_query("INSERT INTO artifact_extra_field_elements(extra_field_id,element_name,status_id)
- values ('$id','Closed','2')");
+ $resc = db_query_params ('INSERT INTO artifact_extra_field_elements(extra_field_id,element_name,status_id) VALUES ($1,$2,$3)',
+ array ($id,
+ 'Closed',
+ 2)) ;
if (!$resc) {
echo db_error();
} else {
$rescid=db_insertid($resc,'artifact_extra_field_elements','element_id');
- db_query("INSERT INTO artifact_extra_field_data(artifact_id,field_data,extra_field_id)
- SELECT artifact_id,$rescid,$id FROM artifact
- WHERE group_artifact_id='".$this->ArtifactType->getID()."'
- AND status_id != 1");
+ db_query_params ('INSERT INTO artifact_extra_field_data(artifact_id,field_data,extra_field_id)
+ SELECT artifact_id,$1,$2 FROM artifact
+ WHERE group_artifact_id=$3
+ AND status_id != 1',
+ array ($rescid,
+ $id,
+ $this->ArtifactType->getID())) ;
}
}
} elseif (strstr(ARTIFACT_EXTRAFIELD_FILTER_INT,$field_type) !== false) {
//
// Must insert some default 100 rows for the data table so None queries will work right
//
- $resdefault=db_query("INSERT INTO artifact_extra_field_data(artifact_id,field_data,extra_field_id)
- SELECT artifact_id,100,$id FROM artifact WHERE group_artifact_id='".$this->ArtifactType->getID()."'");
+ $resdefault = db_query_params ('INSERT INTO artifact_extra_field_data(artifact_id,field_data,extra_field_id)
+ SELECT artifact_id,100,$1 FROM artifact WHERE group_artifact_id=$2',
+ array ($id,
+ $this->ArtifactType->getID())) ;
if (!$resdefault) {
echo db_error();
}
@@ -197,7 +213,8 @@
*/
function fetchData($id) {
$this->id=$id;
- $res=db_query("SELECT * FROM artifact_extra_field_list WHERE extra_field_id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_extra_field_list WHERE extra_field_id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactExtraField: Invalid ArtifactExtraField ID');
@@ -313,9 +330,8 @@
* @return array
*/
function getAvailableValues() {
- $sql = "SELECT * FROM artifact_extra_field_elements WHERE extra_field_id=".$this->getID();
- $res = db_query($sql);
-
+ $res = db_query_params ('SELECT * FROM artifact_extra_field_elements WHERE extra_field_id=$1',
+ array ($this->getID()));
$return = array();
while ($row = db_fetch_array($res)) {
$return[] = $row;
@@ -358,16 +374,21 @@
return false;
}
- $sql="UPDATE artifact_extra_field_list
- SET
- field_name='".htmlspecialchars($name)."',
- attribute1='$attribute1',
- attribute2='$attribute2',
- is_required='$is_required',
- alias='$alias'
- WHERE extra_field_id='". $this->getID() ."'
- AND group_artifact_id='".$this->ArtifactType->getID()."'";
- $result=db_query($sql);
+ $result = db_query_params ('UPDATE artifact_extra_field_list
+ SET field_name=$1,
+ attribute1=$2,
+ attribute2=$3,
+ is_required=$4,
+ alias=$5
+ WHERE extra_field_id=$6
+ AND group_artifact_id=$7',
+ array (htmlspecialchars($name),
+ $attribute1,
+ $attribute2,
+ $is_required,
+ $alias,
+ $this->getID(),
+ $this->ArtifactType->getID())) ;
if ($result && db_affected_rows($result) > 0) {
return true;
} else {
@@ -390,17 +411,14 @@
return false;
}
db_begin();
- $sql="DELETE FROM artifact_extra_field_data
- WHERE extra_field_id='".$this->getID()."'";
- $result=db_query($sql);
+ $result = db_query_params ('DELETE FROM artifact_extra_field_data WHERE extra_field_id=$1',
+ array ($this->getID())) ;
if ($result) {
- $sql="DELETE FROM artifact_extra_field_elements
- WHERE extra_field_id='".$this->getID()."'";
- $result=db_query($sql);
+ $result = db_query_params ('DELETE FROM artifact_extra_field_elements WHERE extra_field_id=$1',
+ array ($this->getID())) ;
if ($result) {
- $sql="DELETE FROM artifact_extra_field_list
- WHERE extra_field_id='".$this->getID()."'";
- $result=db_query($sql);
+ $result = db_query_params ('DELETE FROM artifact_extra_field_list WHERE extra_field_id=$1',
+ array ($this->getID())) ;
if ($result) {
if ($this->getType() == ARTIFACT_EXTRAFIELDTYPE_STATUS) {
if (!$this->ArtifactType->setCustomStatusField(0)) {
@@ -485,14 +503,19 @@
$serial = 1;
$conflict = false;
do {
- $sql = "SELECT * FROM artifact_extra_field_list ".
- "WHERE LOWER(alias)='".$alias."' AND ".
- "group_artifact_id=".$this->ArtifactType->getID();
if ($this->data_array['extra_field_id']) {
- $sql .= " AND extra_field_id <> ".$this->data_array['extra_field_id'];
+ $res = db_query_params ('SELECT * FROM artifact_extra_field_list
+ WHERE LOWER (alias)=$1
+ AND group_artifact_id=$2
+ AND extra_field_id <> $3',
+ array ($alias,
+ $this->ArtifactType->getID(),
+ $this->data_array['extra_field_id'])) ;
+ } else {
+ $res = db_query_params ('SELECT * FROM artifact_extra_field_list WHERE LOWER (alias)=$1 AND group_artifact_id=$2',
+ array ($alias,
+ $this->ArtifactType->getID()));
}
- $res = db_query($sql);
-
if (!$res) {
$this->setError(db_error());
return false;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactExtraFieldElement.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactExtraFieldElement.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactExtraFieldElement.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2004, Anthony J. Pugliese
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -106,16 +107,18 @@
$this->setPermissionDeniedError();
return false;
}
- $sql = "SELECT element_name FROM artifact_extra_field_elements WHERE element_name='$name' AND extra_field_id=".$this->ArtifactExtraField->getID();
- $res = db_query($sql);
+ $res = db_query_params ('SELECT element_name FROM artifact_extra_field_elements WHERE element_name=$1 AND extra_field_id=$2',
+ array (htmlspecialchars ($name),
+ $this->ArtifactExtraField->getID())) ;
if (db_numrows($res) > 0) {
$this->setError(_('Element name already exists'));
return false;
}
- $sql="INSERT INTO artifact_extra_field_elements (extra_field_id,element_name,status_id)
- VALUES ('".$this->ArtifactExtraField->getID()."','".htmlspecialchars($name)."','$status_id')";
db_begin();
- $result=db_query($sql);
+ $result = db_query_params ('INSERT INTO artifact_extra_field_elements (extra_field_id,element_name,status_id) VALUES ($1,$2,$3)',
+ array ($this->ArtifactExtraField->getID(),
+ htmlspecialchars($name),
+ $status_id)) ;
if ($result && db_affected_rows($result) > 0) {
$this->clearError();
$id=db_insertid($result,'artifact_extra_field_elements','element_id');
@@ -144,7 +147,8 @@
* @return boolean success.
*/
function fetchData($id) {
- $res=db_query("SELECT * FROM artifact_extra_field_elements WHERE element_id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_extra_field_elements WHERE element_id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactExtraField: Invalid ArtifactExtraFieldElement ID');
return false;
@@ -231,11 +235,12 @@
} else {
$status_id=0;
}
- $sql="UPDATE artifact_extra_field_elements
- SET element_name='".htmlspecialchars($name)."',
- status_id='$status_id'
- WHERE element_id='".$this->getID()."'";
- $result=db_query($sql);
+ $result = db_query_params ('UPDATE artifact_extra_field_elements
+ SET element_name=$1, status_id=$2
+ WHERE element_id=$3',
+ array (htmlspecialchars($name),
+ $status_id,
+ $this->getID())) ;
if ($result && db_affected_rows($result) > 0) {
return true;
} else {
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactFile.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactFile.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactFile.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 1999-2001, VA Linux Systems, Inc.
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -35,9 +36,10 @@
global $ARTIFACTFILE_OBJ;
if (!isset($ARTIFACTFILE_OBJ["_".$artifact_file_id."_"])) {
if ($data) {
- //the db result handle was passed in
+ //the db result handle was passed in
} else {
- $res=db_query("SELECT * FROM artifact_file_user_vw WHERE id='$artifact_file_id'");
+ $res = db_query_params ('SELECT * FROM artifact_file_user_vw WHERE id=$1',
+ array ($artifact_file_id)) ;
if (db_numrows($res) <1 ) {
$ARTIFACTFILE_OBJ["_".$artifact_file_id."_"]=false;
return false;
@@ -145,11 +147,17 @@
db_begin();
- $res=db_query("INSERT INTO artifact_file
+ $res = db_query_params ('INSERT INTO artifact_file
(artifact_id,description,bin_data,filename,filesize,filetype,adddate,submitted_by)
- VALUES
- ('".$this->Artifact->getID()."','$description','". base64_encode($bin_data) ."','$filename',
- '$filesize','$filetype','". time() ."','$userid')");
+ VALUES ($1,$2,$3,$4,$5,$6,$7,$8)',
+ array ($this->Artifact->getID(),
+ $description,
+ base64_encode($bin_data),
+ $filename,
+ $filesize,
+ $filetype,
+ time(),
+ $userid)) ;
$id=db_insertid($res,'artifact_file','id');
@@ -187,7 +195,8 @@
$this->setPermissionDeniedError();
return false;
}
- $res=db_query("DELETE FROM artifact_file WHERE id='". $this->getID() ."'");
+ $res = db_query_params ('DELETE FROM artifact_file WHERE id=$1',
+ array ($this->getID())) ;
if (!$res || db_affected_rows($res) < 1) {
$this->setError('ArtifactFile: Unable to Delete');
return false;
@@ -204,7 +213,8 @@
* @return boolean success.
*/
function fetchData($id) {
- $res=db_query("SELECT * FROM artifact_file_user_vw WHERE id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_file_user_vw WHERE id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactFile: Invalid ArtifactFile ID');
return false;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactFromID.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactFromID.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactFromID.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -26,8 +27,6 @@
class ArtifactFromID extends Error {
-//artifact_vw
-
var $Group;
var $ArtifactType;
var $Artifact;
@@ -36,7 +35,8 @@
if ($data) {
$art_arr =& $data;
} else {
- $res=db_query("SELECT * FROM artifact_vw WHERE artifact_id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_vw WHERE artifact_id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError("Invalid Artifact ID");
return false;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactHistory.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactHistory.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactHistory.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -95,10 +96,12 @@
$this->setPermissionDeniedError();
return false;
}
- $sql="INSERT INTO artifact_category (group_artifact_id,category_name,auto_assign_to)
- VALUES ('".$this->Artifact->getID()."','".htmlspecialchars($name)."','$auto_assign_to')";
+ $result = db_query_params ('INSERT INTO artifact_category (group_artifact_id,category_name,auto_assign_to)
+ VALUES ($1,$2,$3)',
+ array ($this->Artifact->getID(),
+ htmlspecialchars($name),
+ $auto_assign_to)) ;
- $result=db_query($sql);
if ($result && db_affected_rows($result) > 0) {
$this->clearError();
@@ -121,7 +124,8 @@
* @return boolean success.
*/
function fetchData($id) {
- $res=db_query("SELECT * FROM artifact_category WHERE id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_category WHERE id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactHistory: Invalid ArtifactHistory ID');
return false;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactMessage.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactMessage.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactMessage.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -110,10 +111,13 @@
}
}
- $sql="insert into artifact_message (artifact_id,submitted_by,from_email,adddate,body)
- VALUES ('". $this->Artifact->getID() ."','$user_id','$by','". time() ."','". htmlspecialchars($body). "')";
- $res = db_query($sql);
-
+ $res = db_query_params ('INSERT INTO artifact_message (artifact_id,submitted_by,from_email,adddate,body)
+ VALUES ($1,$2,$3,$4,$5)',
+ array ($this->Artifact->getID(),
+ $user_id,
+ $by,
+ time(),
+ htmlspecialchars($body))) ;
if (!$res) {
$this->setError(db_error());
return false;
@@ -137,7 +141,8 @@
* @return boolean success.
*/
function fetchData($id) {
- $res=db_query("SELECT * FROM artifact_message_user_vw WHERE id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_message_user_vw WHERE id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactMessage: Invalid ArtifactMessage ID');
return false;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactQuery.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactQuery.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactQuery.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -4,6 +4,7 @@
*
* Copyright 2005, Anthony J. Pugliese
* Copyright 2005, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -111,11 +112,11 @@
return false;
}
- $sql="INSERT INTO artifact_query (group_artifact_id,query_name,user_id)
- VALUES ('".$this->ArtifactType->getID()."','".htmlspecialchars($name)."','".user_getid()."')";
-
db_begin();
- $result=db_query($sql);
+ $result = db_query_params ('INSERT INTO artifact_query (group_artifact_id,query_name,user_id) VALUES ($1,$2,$3)',
+ array ($this->ArtifactType->getID(),
+ htmlspecialchars($name),
+ user_getid())) ;
if ($result && db_affected_rows($result) > 0) {
$this->clearError();
$id=db_insertid($result,'artifact_query','artifact_query_id');
@@ -153,7 +154,8 @@
* @return boolean success.
*/
function fetchData($id) {
- $res=db_query("SELECT * FROM artifact_query WHERE artifact_query_id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_query WHERE artifact_query_id=$1',
+ array ($id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactQuery: Invalid ArtifactQuery ID'.db_error());
@@ -161,7 +163,8 @@
}
$this->data_array =& db_fetch_array($res);
db_free_result($res);
- $res=db_query("SELECT * FROM artifact_query_fields WHERE artifact_query_id='$id'");
+ $res = db_query_params ('SELECT * FROM artifact_query_fields WHERE artifact_query_id=$1',
+ array ($id)) ;
unset($this->element_array);
while ($arr = db_fetch_array($res)) {
//
@@ -189,15 +192,19 @@
*
*/
function insertElements($id,$status,$assignee,$moddaterange,$sort_col,$sort_ord,$extra_fields,$opendaterange,$closedaterange) {
- $res=db_query("DELETE FROM artifact_query_fields WHERE artifact_query_id='$id'");
+ $res = db_query_params ('DELETE FROM artifact_query_fields WHERE artifact_query_id=$1',
+ array ($id)) ;
if (!$res) {
$this->setError('Deleting Old Elements: '.db_error());
return false;
}
$id = intval($id);
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_STATE."','0','".intval($status)."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_STATE,
+ intval($status))) ;
if (!$res) {
$this->setError('Setting Status: '.db_error());
return false;
@@ -223,9 +230,12 @@
}
//CSV LIST OF ASSIGNEES
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_ASSIGNEE."','0','".$assignee."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_ASSIGNEE,
+ $assignee)) ;
if (!$res) {
$this->setError('Setting Assignee: '.db_error());
return false;
@@ -236,9 +246,12 @@
$this->setError('Invalid Mod Date Range');
return false;
}
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_MODDATE."','0','".$moddaterange."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_MODDATE,
+ $moddaterange)) ;
if (!$res) {
$this->setError('Setting Last Modified Date Range: '.db_error());
return false;
@@ -249,9 +262,12 @@
$this->setError('Invalid Open Date Range');
return false;
}
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_OPENDATE."','0','".$opendaterange."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_OPENDATE,
+ $opendaterange)) ;
if (!$res) {
$this->setError('Setting Open Date Range: '.db_error());
return false;
@@ -262,25 +278,34 @@
$this->setError('Invalid Close Date Range');
return false;
}
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_CLOSEDATE."','0','".$closedaterange."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_CLOSEDATE,
+ $closedaterange)) ;
if (!$res) {
$this->setError('Setting Close Date Range: '.db_error());
return false;
}
// SORT COLUMN
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_SORTCOL."','0','".$sort_col."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_SORTCOL,
+ $sort_col)) ;
if (!$res) {
$this->setError('Setting Sort Col: '.db_error());
return false;
}
- $res=db_query("INSERT INTO artifact_query_fields
+ $res = db_query_params ('INSERT INTO artifact_query_fields
(artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_SORTORD."','0','".$sort_ord."')");
+ VALUES ($1,$2,0,$3)',
+ array ($id,
+ ARTIFACT_QUERY_SORTORD,
+ $sort_ord)) ;
if (!$res) {
$this->setError('Setting Sort Order: '.db_error());
return false;
@@ -307,9 +332,13 @@
} else {
$vals[$i] = intval($vals[$i]);
}
- $res=db_query("INSERT INTO artifact_query_fields
- (artifact_query_id,query_field_type,query_field_id,query_field_values)
- VALUES ('$id','".ARTIFACT_QUERY_EXTRAFIELD."','".((int)$keys[$i]) ."','". $vals[$i] ."')");
+ $res = db_query_params ('INSERT INTO artifact_query_fields
+ (artifact_query_id,query_field_type,query_field_id,query_field_values)
+ VALUES ($1,$2,$3,$4)',
+ array ($id,
+ ARTIFACT_QUERY_EXTRAFIELD,
+ intval ($keys[$i]),
+ $vals[$i])) ;
if (!$res) {
$this->setError('Setting values: '.db_error());
return false;
@@ -450,13 +479,14 @@
$this->setError(_('Query does not exist'));
return false;
}
- $sql="UPDATE artifact_query
- SET
- query_name='".htmlspecialchars($name)."'
- WHERE artifact_query_id='".$this->getID()."'
- AND user_id='".user_getid()."'";
db_begin();
- $result=db_query($sql);
+ $result = db_query_params ('UPDATE artifact_query
+ SET query_name=$1
+ WHERE artifact_query_id=$2
+ AND user_id=$3',
+ array (htmlspecialchars($name),
+ $this->getID(),
+ user_getid())) ;
if ($result && db_affected_rows($result) > 0) {
if (!$this->insertElements($this->getID(),$status,$assignee,$moddaterange,$sort_col,$sort_ord,$extra_fields,$opendaterange,$closedaterange)) {
db_rollback();
@@ -488,10 +518,12 @@
}
function delete() {
- $res=db_query("DELETE FROM artifact_query WHERE artifact_query_id='".$this->getID()."'
- AND user_id='".user_getid()."'");
- $res=db_query("DELETE FROM user_preferences WHERE preference_value='".$this->getID()."'
- AND preference_name 'art_query".$this->ArtifactType->getID()."'");
+ $res = db_query_params ('DELETE FROM artifact_query WHERE artifact_query_id=$1 AND user_id=$2',
+ array ($this->getID(),
+ user_getid())) ;
+ $res = db_query_params ('DELETE FROM user_preferences WHERE preference_value=$1 AND preference_name =$2',
+ array ($this->getID(),
+ 'art_query'.$this->ArtifactType->getID())) ;
unset($this->data_array);
unset($this->element_array);
}
@@ -504,8 +536,10 @@
function Exist($name) {
$user_id = user_getid();
$art_id = $this->ArtifactType->getID();
- $sql = "SELECT * FROM artifact_query WHERE group_artifact_id = '$art_id' AND query_name = '$name' AND user_id = '$user_id'";
- $res = db_query($sql);
+ $res = db_query_params ('SELECT * FROM artifact_query WHERE group_artifact_id = $1 AND query_name = $2 AND user_id = $3',
+ array ($art_id,
+ $name,
+ $user_id)) ;
if (db_numrows($res)>0) {
return true;
} else {
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactQueryFactory.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactQueryFactory.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactQueryFactory.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -62,15 +63,17 @@
return true;
}
- function& getArtifactQueries() {
+ function &getArtifactQueries() {
if (!is_null($this->ArtifactQueries)) {
return $this->ArtifactQueries;
}
$this->ArtifactQueries = array();
- $res = db_query("SELECT * FROM artifact_query WHERE user_id='".user_getid()."' ".
- "AND group_artifact_id='".$this->ArtifactType->getID()."'");
+ $res = db_query_params ('SELECT * FROM artifact_query WHERE user_id=$1
+ AND group_artifact_id=$2',
+ array (user_getid(),
+ $this->ArtifactType->getID())) ;
if (!$res) {
$this->setError("ArtifactQueryFactory:: Database error");
}
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactType.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactType.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactType.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2001, VA Linux Systems, Inc.
* Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -38,8 +39,8 @@
if ($res) {
//the db result handle was passed in
} else {
- $res=db_query("SELECT * FROM artifact_group_list_vw
- WHERE group_artifact_id='$artType_id'");
+ $res = db_query_params ('SELECT * FROM artifact_group_list_vw WHERE group_artifact_id=$1',
+ array ($artType_id)) ;
}
if (!$res || db_numrows($res) < 1 ){
$ARTIFACTTYPE_OBJ["_".$artType_id."_"]=false;
@@ -225,8 +226,9 @@
$allow_anon = ((!$allow_anon) ? 0 : $allow_anon);
$email_all = ((!$email_all) ? 0 : $email_all);
-
- $sql="INSERT INTO
+ db_begin();
+
+ $res = db_query_params ('INSERT INTO
artifact_group_list
(group_id,
name,
@@ -241,22 +243,19 @@
browse_instructions,
datatype)
VALUES
- ('". $this->Group->getID() ."',
- '". htmlspecialchars($name) ."',
- '". htmlspecialchars($description) ."',
- '$is_public',
- '$allow_anon',
- '$email_all',
- '$email_address',
- '". ($due_period*(60*60*24)) ."',
- '1209600',
- '".htmlspecialchars($submit_instructions)."',
- '".htmlspecialchars($browse_instructions)."',
- '$datatype')";
-
- db_begin();
-
- $res = db_query($sql);
+ ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12)',
+ array ($this->Group->getID(),
+ htmlspecialchars($name),
+ htmlspecialchars($description),
+ $is_public,
+ $allow_anon,
+ $email_all,
+ $email_address,
+ $due_period*(60*60*24),
+ 1209600,
+ htmlspecialchars($submit_instructions),
+ htmlspecialchars($browse_instructions),
+ $datatype)) ;
$id = db_insertid($res,'artifact_group_list','group_artifact_id');
@@ -282,9 +281,11 @@
* @return boolean success.
*/
function fetchData($artifact_type_id) {
- $res=db_query("SELECT * FROM artifact_group_list_vw
- WHERE group_artifact_id='$artifact_type_id'
- AND group_id='". $this->Group->getID() ."'");
+ $res = db_query_params ('SELECT * FROM artifact_group_list_vw
+ WHERE group_artifact_id=$1
+ AND group_id=$2',
+ array ($artifact_type_id,
+ $this->Group->getID())) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('ArtifactType: Invalid ArtifactTypeID');
return false;
@@ -472,8 +473,10 @@
* @return boolean success.
*/
function setCustomStatusField($extra_field_id) {
- $res=db_query("UPDATE artifact_group_list SET custom_status_field='$extra_field_id'
- WHERE group_artifact_id='".$this->getID()."'");
+ $res = db_query_params ('UPDATE artifact_group_list SET custom_status_field=$1
+ WHERE group_artifact_id=$2',
+ array ($extra_field_id,
+ $this->getID())) ;
return $res;
}
@@ -500,7 +503,8 @@
$element_id=$extra_fields[$csfield];
//convert that element_id into the status_id
- $res=db_query("SELECT status_id FROM artifact_extra_field_elements WHERE element_id='$element_id'");
+ $res = db_query_params ('SELECT status_id FROM artifact_extra_field_elements WHERE element_id=$1',
+ array ($element_id)) ;
if (!$res) {
$this->setError('Error Remapping Status: '.db_error());
return false;
@@ -508,7 +512,8 @@
$status_id=db_result($res,0,'status_id');
} else {
// custom status was not passed... use the first status from the database
- $res = db_query("SELECT status_id FROM artifact_extra_field_elements WHERE extra_field_id='".$csfield."' ORDER BY element_id ASC LIMIT 1 OFFSET 0");
+ $res = db_query_prams ('SELECT status_id FROM artifact_extra_field_elements WHERE extra_field_id=$1 ORDER BY element_id ASC LIMIT 1 OFFSET 0',
+ array ($csfield)) ;
if (db_numrows($res) == 0) { // No values available
$this->setError('Error Remapping Status');
return false;
@@ -553,14 +558,15 @@
}
- $res=db_query("SELECT * FROM artifact_type_monitor
- WHERE group_artifact_id='". $this->getID() ."'
- AND user_id='$user_id'");
+ $res = db_query_params ('SELECT * FROM artifact_type_monitor WHERE group_artifact_id=$1 AND user_id=$2',
+ array ($this->getID(),
+ $user_id)) ;
if (!$res || db_numrows($res) < 1) {
//not yet monitoring
- $res=db_query("INSERT INTO artifact_type_monitor (group_artifact_id,user_id)
- VALUES ('". $this->getID() ."','$user_id')");
+ $res = db_query_params ('INSERT INTO artifact_type_monitor (group_artifact_id,user_id) VALUES ($1,$2)',
+ array ($this->getID(),
+ $user_id)) ;
if (!$res) {
$this->setError(db_error());
return false;
@@ -570,9 +576,11 @@
}
} else {
//already monitoring - remove their monitor
- db_query("DELETE FROM artifact_type_monitor
- WHERE group_artifact_id='". $this->getID() ."'
- AND user_id='$user_id'");
+ db_query_params ('DELETE FROM artifact_type_monitor
+ WHERE group_artifact_id=$1
+ AND user_id=$2',
+ array ($this->getID(),
+ $user_id)) ;
$this->setError(_('Tracker Monitoring Deactivated'));
return false;
}
@@ -582,9 +590,10 @@
if (!session_loggedin()) {
return false;
}
- $sql="SELECT count(*) AS count FROM artifact_type_monitor
- WHERE user_id='".user_getid()."' AND group_artifact_id='".$this->getID()."';";
- $result = db_query($sql);
+ $result = db_query_params ('SELECT count(*) AS count FROM artifact_type_monitor
+ WHERE user_id=$1 AND group_artifact_id=$2',
+ array (user_getid(),
+ $this->getID())) ;
$row_count = db_fetch_array($result);
return $result && $row_count['count'] > 0;
}
@@ -595,9 +604,8 @@
* @return array of email addresses monitoring this Artifact.
*/
function &getMonitorIds() {
- $res=db_query("SELECT user_id
- FROM artifact_type_monitor
- WHERE group_artifact_id='". $this->getID() ."'");
+ $res = db_query_params ('SELECT user_id FROM artifact_type_monitor WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
return util_result_column_to_array($res);
}
@@ -611,16 +619,20 @@
if (!isset($this->extra_fields["$filter"])) {
$this->extra_fields["$filter"] = array();
if ($filter) {
- $filter_str=" AND field_type IN ($filter) ";
+ $res = db_query_params ('SELECT *
+ FROM artifact_extra_field_list
+ WHERE group_artifact_id=$1
+ AND field_type = ANY ($2)
+ ORDER BY field_type ASC',
+ array ($this->getID(),
+ db_int_array_to_any_clause (explode (',', $filter)))) ;
} else {
- $filter_str="";
+ $res = db_query_params ('SELECT *
+ FROM artifact_extra_field_list
+ WHERE group_artifact_id=$1
+ ORDER BY field_type ASC',
+ array ($this->getID())) ;
}
- $sql="select *
- FROM artifact_extra_field_list
- WHERE group_artifact_id='".$this->getID() ."'
- $filter_str
- ORDER BY field_type ASC";
- $res=db_query($sql);
while($arr = db_fetch_array($res)) {
$this->extra_fields["$filter"][$arr['extra_field_id']] = $arr;
}
@@ -670,7 +682,8 @@
//
// Iterate the elements
//
- $resel=db_query("SELECT * FROM artifact_extra_field_elements WHERE extra_field_id='".$ef['extra_field_id']."'");
+ $resel = db_query_params ('SELECT * FROM artifact_extra_field_elements WHERE extra_field_id=$1',
+ array ($ef['extra_field_id'])) ;
while ($el =& db_fetch_array($resel)) {
//new element
$nel = new ArtifactExtraFieldElement($nef);
@@ -712,12 +725,11 @@
}
if (!isset($this->extra_field[$id])) {
$this->extra_field[$id] = array();
- $sql="select element_id,element_name,status_id
+ $res = db_query_params ('SELECT element_id,element_name,status_id
FROM artifact_extra_field_elements
- WHERE extra_field_id ='".$id."'
- ORDER BY element_id ASC";
-
- $res=db_query($sql);
+ WHERE extra_field_id = $1
+ ORDER BY element_id ASC',
+ array ($id)) ;
$i=0;
while($arr =& db_fetch_array($res)) {
$this->extra_field[$id][$i++] = $arr;
@@ -748,10 +760,10 @@
return 'None';
}
if (!isset($this->element_name["$choiceid"])) {
- $sql="select element_id,extra_field_id,element_name
+ $res = db_query_params ('SELECT element_id,extra_field_id,element_name
FROM artifact_extra_field_elements
- WHERE element_id IN ($choiceid)";
- $res=db_query($sql);
+ WHERE element_id = ANY ($1)',
+ array (db_int_array_to_any_clause (explode (',', $choiceid)))) ;
if (db_numrows($res) > 1) {
$arr=util_result_column_to_array($res,2);
$this->element_name["$choiceid"]=implode(',',$arr);
@@ -778,10 +790,10 @@
return 0;
}
if (!$this->element_status["$choiceid"]) {
- $sql="select element_id,extra_field_id,status_id
+ $res = db_query_params ('SELECT element_id,extra_field_id,status_id
FROM artifact_extra_field_elements
- WHERE element_id IN ($choiceid)";
- $res=db_query($sql);
+ WHERE element_id = ANY ($1)',
+ array (db_int_array_to_any_clause (explode (',', $choiceid)))) ;
if (db_numrows($res) > 1) {
$arr=util_result_column_to_array($res,2);
$this->element_status["$choiceid"]=implode(',',$arr);
@@ -810,50 +822,61 @@
return false;
}
db_begin();
- db_query("DELETE FROM artifact_extra_field_data
+ db_query_params ('DELETE FROM artifact_extra_field_data
WHERE EXISTS (SELECT artifact_id FROM artifact
- WHERE group_artifact_id='".$this->getID()."'
- AND artifact.artifact_id=artifact_extra_field_data.artifact_id)");
+ WHERE group_artifact_id=$1
+ AND artifact.artifact_id=artifact_extra_field_data.artifact_id)',
+ array ($this->getID())) ;
//echo '0.1'.db_error();
- db_query("DELETE FROM artifact_extra_field_elements
+ db_query_params ('DELETE FROM artifact_extra_field_elements
WHERE EXISTS (SELECT extra_field_id FROM artifact_extra_field_list
- WHERE group_artifact_id='".$this->getID()."'
- AND artifact_extra_field_list.extra_field_id = artifact_extra_field_elements.extra_field_id)");
+ WHERE group_artifact_id=$1
+ AND artifact_extra_field_list.extra_field_id = artifact_extra_field_elements.extra_field_id)',
+ array ($this->getID())) ;
//echo '0.2'.db_error();
- db_query ("DELETE FROM artifact_extra_field_list
- WHERE group_artifact_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM artifact_extra_field_list
+ WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
//echo '0.3'.db_error();
- db_query("DELETE FROM artifact_canned_responses
- WHERE group_artifact_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM artifact_canned_responses
+ WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
//echo '1'.db_error();
- db_query("DELETE FROM artifact_counts_agg
- WHERE group_artifact_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM artifact_counts_agg
+ WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
//echo '5'.db_error();
- db_query("DELETE FROM artifact_file
+ db_query_params ('DELETE FROM artifact_file
WHERE EXISTS (SELECT artifact_id FROM artifact
- WHERE group_artifact_id='".$this->getID()."'
- AND artifact.artifact_id=artifact_file.artifact_id)");
+ WHERE group_artifact_id=$1
+ AND artifact.artifact_id=artifact_file.artifact_id)',
+ array ($this->getID())) ;
//echo '6'.db_error();
- db_query("DELETE FROM artifact_message
+ db_query_params ('DELETE FROM artifact_message
WHERE EXISTS (SELECT artifact_id FROM artifact
- WHERE group_artifact_id='".$this->getID()."'
- AND artifact.artifact_id=artifact_message.artifact_id)");
+ WHERE group_artifact_id=$1
+ AND artifact.artifact_id=artifact_message.artifact_id)',
+ array ($this->getID())) ;
//echo '7'.db_error();
- db_query("DELETE FROM artifact_history
+ db_query_params ('DELETE FROM artifact_history
WHERE EXISTS (SELECT artifact_id FROM artifact
- WHERE group_artifact_id='".$this->getID()."'
- AND artifact.artifact_id=artifact_history.artifact_id)");
+ WHERE group_artifact_id=$1
+ AND artifact.artifact_id=artifact_history.artifact_id)',
+ array ($this->getID())) ;
//echo '8'.db_error();
- db_query("DELETE FROM artifact_monitor
+ db_query_params ('DELETE FROM artifact_monitor
WHERE EXISTS (SELECT artifact_id FROM artifact
- WHERE group_artifact_id='".$this->getID()."'
- AND artifact.artifact_id=artifact_monitor.artifact_id)");
+ WHERE group_artifact_id=$1
+ AND artifact.artifact_id=artifact_monitor.artifact_id)',
+ array ($this->getID())) ;
//echo '9'.db_error();
- db_query("DELETE FROM artifact
- WHERE group_artifact_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM artifact
+ WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
//echo '4'.db_error();
- db_query("DELETE FROM artifact_group_list
- WHERE group_artifact_id='".$this->getID()."'");
+ db_query_params ('DELETE FROM artifact_group_list
+ WHERE group_artifact_id=$1',
+ array ($this->getID())) ;
//echo '11'.db_error();
db_commit();
@@ -867,12 +890,13 @@
*/
function getTechnicians() {
if (!isset($this->technicians_res)) {
- $sql="SELECT user_id,realname
+ $this->technicians_res = db_query_params ('SELECT user_id,realname
FROM artifactperm_user_vw
- WHERE group_artifact_id='". $this->getID() ."'
+ WHERE group_artifact_id=$1
AND perm_level in (1,2)
- ORDER BY realname";
- $this->technicians_res = db_query($sql);
+ ORDER BY realname',
+ array ($this->getID())) ;
+ ($sql);
}
return $this->technicians_res;
}
@@ -895,10 +919,10 @@
*/
function getCannedResponses() {
if (!isset($this->cannedresponses_res)) {
- $sql="SELECT id,title
+ $this->cannedresponses_res = db_query_params ('SELECT id,title
FROM artifact_canned_responses
- WHERE group_artifact_id='". $this->getID() ."'";
- $this->cannedresponses_res = db_query($sql);
+ WHERE group_artifact_id=$1',
+ array ($this->getID()));
}
return $this->cannedresponses_res;
}
@@ -916,8 +940,7 @@
*/
function getStatuses() {
if (!isset($this->status_res)) {
- $sql="select * from artifact_status";
- $this->status_res=db_query($sql);
+ $this->status_res = db_query_params ('SELECT * FROM artifact_status');
}
return $this->status_res;
}
@@ -929,8 +952,8 @@
* @return string name.
*/
function getStatusName($id) {
- $sql="select status_name from artifact_status WHERE id='$id'";
- $result=db_query($sql);
+ $result = db_query_params ('select status_name from artifact_status WHERE id=$1',
+ array ($id)) ;
if ($result && db_numrows($result) > 0) {
return db_result($result,0,'status_name');
} else {
@@ -1016,13 +1039,15 @@
return 0;
} else {
if (!isset($this->current_user_perm)) {
- $sql="SELECT role_setting.value::integer
+ $this->current_user_perm=db_result(db_query_params ('SELECT role_setting.value::integer
FROM role_setting, user_group
- WHERE role_setting.ref_id='". $this->getID() ."'
- AND user_group.role_id = role_setting.role_id
- AND user_group.user_id='".user_getid()."'
- AND role_setting.section_name='tracker'";
- $this->current_user_perm=db_result(db_query($sql),0,0);
+ WHERE role_setting.ref_id=$1
+ AND user_group.role_id=role_setting.role_id
+ AND user_group.user_id=$2
+ AND role_setting.section_name=$3',
+ array ($this->getID(),
+ user_getid(),
+ 'tracker'))) ;
}
return $this->current_user_perm;
}
@@ -1071,20 +1096,29 @@
$email_all = ((!$email_all) ? 0 : $email_all);
$use_resolution = ((!$use_resolution) ? 0 : $use_resolution);
- $sql="UPDATE artifact_group_list SET
- name='". htmlspecialchars($name). "',
- description='". htmlspecialchars($description) ."',
- email_all_updates='$email_all',
- email_address='$email_address',
- due_period='". ($due_period * (60*60*24)) ."',
- status_timeout='". ($status_timeout * (60*60*24)) . "',
- submit_instructions='". htmlspecialchars($submit_instructions)."',
- browse_instructions='" .htmlspecialchars($browse_instructions)."'
- WHERE
- group_artifact_id='". $this->getID() ."'
- AND group_id='". $this->Group->getID() ."'";
+ $res = db_query_params ('UPDATE artifact_group_list SET
+ name=$1,
+ description=$2,
+ email_all_updates=$3,
+ email_address=$4,
+ due_period=$5,
+ status_timeout=$6,
+ submit_instructions=$7,
+ browse_instructions=$8
+ WHERE group_artifact_id=$9 AND group_id=$10',
+ array (
+ htmlspecialchars($name),
+ htmlspecialchars($description),
+ $email_all,
+ $email_address,
+ $due_period * (60*60*24),
+ $status_timeout * (60*60*24),
+ htmlspecialchars($submit_instructions),
+ htmlspecialchars($browse_instructions),
+ $this->getID(),
+ $this->Group->getID())) ;
- $res=db_query($sql);
+ ($sql);
if (!$res || db_affected_rows($res) < 1) {
$this->setError('ArtifactType::Update(): '.db_error());
return false;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactTypeFactory.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactTypeFactory.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactTypeFactory.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -90,36 +91,44 @@
if (session_loggedin()) {
$perm =& $this->Group->getPermission( session_get_user() );
if (!$perm || !is_object($perm) || !$perm->isMember()) {
- $public_flag='=1';
- $exists = '';
+ $result = db_query_params ('SELECT * FROM artifact_group_list_vw
+ WHERE group_id=$1
+ AND is_public=1
+ ORDER BY group_artifact_id ASC',
+ array ($this->Group->getID())) ;
} else {
- $public_flag='<3';
if ($perm->isArtifactAdmin()) {
- $exists='';
+ $result = db_query_params ('SELECT * FROM artifact_group_list_vw
+ WHERE group_id=$1
+ AND is_public<3
+ ORDER BY group_artifact_id ASC',
+ array ($this->Group->getID())) ;
} else {
- $exists=" AND group_artifact_id IN (SELECT role_setting.ref_id
+ $result = db_query_params ('SELECT * FROM artifact_group_list_vw
+ WHERE group_id=$1
+ AND is_public<3
+ AND group_artifact_id IN (SELECT role_setting.ref_id
FROM role_setting, user_group
WHERE role_setting.value::integer >= 0
- AND role_setting.section_name = 'tracker'
+ AND role_setting.section_name = $2
AND role_setting.ref_id=artifact_group_list_vw.group_artifact_id
AND user_group.role_id = role_setting.role_id
- AND user_group.user_id='".user_getid()."') ";
+ AND user_group.user_id = $3
+ ORDER BY group_artifact_id ASC',
+ array ($this->Group->getID(),
+ 'tracker',
+ user_getid ())) ;
}
}
} else {
- $public_flag='=1';
- $exists = '';
+ $result = db_query_params ('SELECT * FROM artifact_group_list_vw
+ WHERE group_id=$1
+ AND is_public=1
+ ORDER BY group_artifact_id ASC',
+ array ($this->Group->getID())) ;
}
- $sql="SELECT * FROM artifact_group_list_vw
- WHERE group_id='". $this->Group->getID() ."'
- AND is_public $public_flag
- $exists
- ORDER BY group_artifact_id ASC";
-
- $result = db_query ($sql);
-
$rows = db_numrows($result);
if (!$result || $rows < 1) {
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactTypes.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactTypes.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactTypes.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2001, VA Linux Systems, Inc.
* Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -71,8 +72,9 @@
function createTrackers() {
// first, check if trackers already exist
- $res=db_query("SELECT * FROM artifact_group_list
- WHERE group_id='".$this->Group->getID()."' AND datatype > 0");
+ $res = db_query_params ('SELECT * FROM artifact_group_list
+ WHERE group_id=$1 AND datatype > 0',
+ array ($this->Group->getID()));
if (db_numrows($res) > 0) {
return true;
}
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/Artifacts.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/Artifacts.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/Artifacts.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2001, VA Linux Systems, Inc.
* Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -88,16 +89,11 @@
if (!$offset) {
$offset = 0;
}
+ $res = db_query_params ('SELECT * FROM artifact_vw WHERE group_artifact_id=$1',
+ array ($this->ArtifactType->getID()),
+ 500,
+ $offset) ;
- $sql = "SELECT
- *
- FROM
- artifact_vw
- WHERE
- group_artifact_id='". $this->ArtifactType->getID() ."'";
-
- $res = db_query($sql,500,$offset);
-
if (!$res) {
$this->setError('Could not get artifacts: ' . db_error());
return false;
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactsForUser.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactsForUser.class.php 2011-02-28 01:24:15 UTC (rev 13238)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/tracker/ArtifactsForUser.class.php 2011-02-28 01:24:19 UTC (rev 13239)
@@ -3,6 +3,7 @@
* FusionForge trackers
*
* Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -50,9 +51,9 @@
* @param sql The sql that returns artifact_id
* @return Artifact[] The array of Artifacts
*/
- function & getArtifactsFromSQL($sql) {
+ function &getArtifactsFromSQLwithParams ($sql, $params) {
$artifacts = array();
- $result=db_query($sql);
+ $result = db_query_params ($sql, $params);
$rows=db_numrows($result);
if ($rows<=0) {
return $artifacts;
@@ -74,10 +75,10 @@
* getAssignedArtifacts - Get the users's assigned artifacts
* @return Artifact[] The array of Artifacts
*/
- function & getAssignedArtifactsByGroup() {
- $sql="SELECT * FROM artifact_vw av WHERE av.assigned_to=".$this->User->getID()."
- AND av.status_id='1' ORDER BY av.group_artifact_id, av.artifact_id DESC";
- return $this->getArtifactsFromSQL($sql);
+ function &getAssignedArtifactsByGroup() {
+ return $this->getArtifactsFromSQLwithParams('SELECT * FROM artifact_vw av WHERE av.assigned_to=$1 AND av.status_id=1 ORDER BY av.group_artifact_id, av.artifact_id DESC',
+ array($this->User->getID())) ;
+
}
/**
@@ -85,13 +86,9 @@
*
* @return Artifact[] The array of Artifacts
*/
- function & getSubmittedArtifactsByGroup() {
- $sql="SELECT *
- FROM artifact_vw av
- WHERE av.submitted_by=".$this->User->getID()."
- AND av.status_id='1'
- ORDER BY av.group_artifact_id, av.artifact_id DESC";
- return $this->getArtifactsFromSQL($sql);
+ function &getSubmittedArtifactsByGroup() {
+ return $this->getArtifactsFromSQLwithParams('SELECT * FROM artifact_vw av WHERE av.submitted_by=$1 AND av.status_id=1 ORDER BY av.group_artifact_id, av.artifact_id DESC',
+ array($this->User->getID())) ;
}
}
More information about the evolvis-commits
mailing list