[evolvis-commits] r13680: Ongoing migration to db_query_params()

mirabilos at evolvis.org mirabilos at evolvis.org
Mon Feb 28 02:54:00 CET 2011


Author: mirabilos
Date: 2011-02-28 02:54:00 +0100 (Mon, 28 Feb 2011)
New Revision: 13680

Modified:
   trunk/gforge_base/evolvisforge-5.1/gforge/www/my/diary.php
Log:
Ongoing migration to db_query_params()

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/www/my/diary.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/www/my/diary.php	2011-02-28 01:53:58 UTC (rev 13679)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/www/my/diary.php	2011-02-28 01:54:00 UTC (rev 13680)
@@ -52,8 +52,13 @@
 		//make changes to the database
 		if (getStringFromRequest('update')) {
 			//updating an existing diary entry
-			$res=db_query("UPDATE user_diary SET summary='". htmlspecialchars($summary) ."',details='". htmlspecialchars($details) ."',is_public='$is_public' ".
-			"WHERE user_id='". user_getid() ."' AND id='$diary_id'");
+			$res=db_query_params ('UPDATE user_diary SET summary=$1,details=$2,is_public=$3 
+WHERE user_id=$4 AND id=$5',
+			array(htmlspecialchars($summary) ,
+				htmlspecialchars($details) ,
+				$is_public,
+				user_getid() ,
+				$diary_id));
 			if ($res && db_affected_rows($res) > 0) {
 				$feedback .= _('Diary Updated');
 			} else {
@@ -64,19 +69,25 @@
 		} else if (getStringFromRequest('add')) {
 			//inserting a new diary entry
 
-			$sql="INSERT INTO user_diary (user_id,date_posted,summary,details,is_public) VALUES 
-('". user_getid() ."','". time() ."','". htmlspecialchars($summary) ."','". htmlspecialchars($details) ."','$is_public')";
-			$res=db_query($sql);
+
+			$res=db_query_params ('INSERT INTO user_diary (user_id,date_posted,summary,details,is_public) VALUES 
+($1,$2,$3,$4,$5)',
+			array(user_getid() ,
+				time() ,
+				htmlspecialchars($summary) ,
+				htmlspecialchars($details) ,
+				$is_public));
 			if ($res && db_affected_rows($res) > 0) {
 				$feedback .= _('Item Added');
 				if ($is_public) {
 
 					//send an email if users are monitoring
-					$sql="SELECT users.email from user_diary_monitor,users 
+
+
+					$result=db_query_params ('SELECT users.email from user_diary_monitor,users 
 WHERE user_diary_monitor.user_id=users.user_id 
-AND user_diary_monitor.monitored_user='". user_getid() ."'";
-
-					$result=db_query($sql);
+AND user_diary_monitor.monitored_user=$1',
+			array(user_getid() ));
 					$rows=db_numrows($result);
 
 					if ($result) {
@@ -131,8 +142,10 @@
 	$_is_public = '';
 
 	if ($diary_id) {
-		$sql="SELECT * FROM user_diary WHERE user_id='". user_getid() ."' AND id='$diary_id'";
-		$res=db_query($sql);
+
+		$res=db_query_params ('SELECT * FROM user_diary WHERE user_id=$1 AND id=$2',
+			array(user_getid() ,
+				$diary_id));
 		if (!$res || db_numrows($res) < 1) {
 			$feedback .= _('Entry not found or does not belong to you');
 			$proc_str='add';
@@ -184,9 +197,10 @@
 
 	echo $HTML->boxTop(_('Existing Diary And Note Entries'));
 
-	$sql="SELECT * FROM user_diary WHERE user_id='". user_getid() ."' ORDER BY id DESC";
 
-	$result=db_query($sql);
+
+	$result=db_query_params ('SELECT * FROM user_diary WHERE user_id=$1 ORDER BY id DESC',
+			array(user_getid() ));
 	$rows=db_numrows($result);
 	if (!$result || $rows < 1) {
 		echo '



More information about the evolvis-commits mailing list