From 405da3e224d2023ae472f23414d7013373aaa611 Mon Sep 17 00:00:00 2001 From: "Pierre Habouzit (MadCoder" Date: Tue, 28 Dec 2004 17:31:13 +0000 Subject: [PATCH] move include/* to new DB API -- except for the profil part git-archimport-id: opensource@polytechnique.org--2005/platal--mainline--0.9--patch-161 --- htdocs/emails/redirect.php | 2 +- include/applis.func.inc.php | 18 ++--- include/emails.inc.php | 66 ++++++++-------- include/fonction.emploi.inc.php | 5 +- include/geoloc.inc.php | 21 +++-- include/identification.inc.php | 63 +++++++-------- include/lists.inc.php | 11 ++- include/money.inc.php | 13 ++- include/money/trezo.inc.php | 13 +-- include/newsletter.inc.php | 94 +++++++++------------- include/notifs.inc.php | 152 ++++++++++++++++++------------------ include/secteur.emploi.inc.php | 16 ++-- include/validations/aliases.inc.php | 28 +++---- include/validations/epouses.inc.php | 25 +++--- include/validations/evts.inc.php | 42 +++++----- include/validations/listes.inc.php | 29 +++---- include/validations/photos.inc.php | 13 ++- include/xorg/database.inc.php | 38 ++++----- 18 files changed, 307 insertions(+), 342 deletions(-) diff --git a/htdocs/emails/redirect.php b/htdocs/emails/redirect.php index a7b6b2d..3cd0968 100644 --- a/htdocs/emails/redirect.php +++ b/htdocs/emails/redirect.php @@ -33,7 +33,7 @@ if (Env::has('emailop')) { if (Env::get('emailop') == "retirer" && Env::has('email')) { $page->assign('retour', $redirect->delete_email(Env::get('email'))); } elseif (Env::get('emailop') == "ajouter" && Env::has('email')) { - $page->assign('retour', $redirect->add_email(trim(Env::get('email')))); + $page->assign('retour', $redirect->add_email(Env::get('email'))); } elseif (empty($actifs)) { $page->assign('retour', ERROR_INACTIVE_REDIRECTION); } elseif (is_array($actifs)) { diff --git a/include/applis.func.inc.php b/include/applis.func.inc.php index ab25449..65f11f2 100644 --- a/include/applis.func.inc.php +++ b/include/applis.func.inc.php @@ -24,8 +24,8 @@ global $page; function applis_options($current=0) { global $globals; $html = ''; - $res=$globals->db->query("select * from applis_def order by text"); - while ($arr_appli=mysql_fetch_array($res)) { + $res = $globals->xdb->iterator("select * from applis_def order by text"); + while ($arr_appli = $res->next()) { $html .= '\n"; - $res = $globals->db->query("SELECT id, fonction_fr, FIND_IN_SET('titre', flags) from fonctions_def ORDER BY id"); - while(list($fid, $flabel, $ftitre) = mysql_fetch_row($res)){ + $res = $globals->xdb->iterRow("SELECT id, fonction_fr, FIND_IN_SET('titre', flags) from fonctions_def ORDER BY id"); + while(list($fid, $flabel, $ftitre) = $res->next()){ if($ftitre) $html.= "\n"; else $html .= "\n"; } - mysql_free_result($res); return $html; } diff --git a/include/geoloc.inc.php b/include/geoloc.inc.php index f11e039..8b77bd5 100644 --- a/include/geoloc.inc.php +++ b/include/geoloc.inc.php @@ -25,13 +25,12 @@ */ function geoloc_pays($current) { global $globals; - $sql = "SELECT a2,pays FROM geoloc_pays ORDER BY pays"; - - $result = $globals->db->query($sql); + $res = $globals->xdb->iterRow('SELECT a2,pays FROM geoloc_pays ORDER BY pays'); $html = ""; - while (list($my_id,$my_pays) = mysql_fetch_row($result)) - $html .= sprintf("\n",$my_id,($current==$my_id?"selected='selected'":""),$my_pays); - + while (list($my_id, $my_pays) = $res->next()) { + $html .= sprintf("\n", + $my_id, ($current==$my_id?"selected='selected'":""), $my_pays); + } return $html; } @@ -48,12 +47,12 @@ $page->register_function('geoloc_pays', '_geoloc_pays_smarty'); */ function geoloc_region($pays,$current) { global $globals; - $sql = "SELECT region,name FROM geoloc_region where a2='".$pays."' ORDER BY name"; - $result = $globals->db->query($sql); - + $res = $globals->xdb->iterRow('SELECT region,name FROM geoloc_region where a2={?} ORDER BY name', $pays); $html = ""; - while (list($regid,$regname) = mysql_fetch_row($result)) - $html .= sprintf("\n",$regid,($current==$regid?"selected='selected'":""),$regname); + while (list($regid, $regname) = $res->next()) { + $html .= sprintf("\n", + $regid, ($current==$regid?"selected='selected'":""), $regname); + } return $html; } diff --git a/include/identification.inc.php b/include/identification.inc.php index 4f07c1d..d41ad53 100644 --- a/include/identification.inc.php +++ b/include/identification.inc.php @@ -84,8 +84,8 @@ if ($promo > 1995) { // sinon le même X pourrait s'inscrire deux fois avec le même matricule // exemple yann.buril et yann.buril-dupont seraient acceptés ! alors que // le matricule est unique - $result=$globals->db->query("SELECT user_id FROM auth_user_md5 WHERE matricule=$matricule AND perms IN('admin','user')"); - if (mysql_num_rows($result)) { + $res = $globals->xdb->query('SELECT user_id FROM auth_user_md5 WHERE matricule={?} AND perms IN("admin","user")', $matricule); + if ($res->numRows()) { $str="Matricule déjà existant. Causes possibles\n" ."- tu t'es trompé de matricule\n" ."- tu t'es déjà inscrit une fois"; @@ -93,12 +93,11 @@ if ($promo > 1995) { } // promotion jeune - $result=$globals->db->query("SELECT nom, prenom - FROM auth_user_md5 - WHERE matricule='$matricule' AND promo='$promo' AND deces=0"); - list($mynom, $myprenom) = mysql_fetch_row($result); - $mynomup=strtoupper(replace_accent($mynom)); - $myprenomup=strtoupper(replace_accent($myprenom)); + $res = $globals->xdb->query('SELECT nom, prenom FROM auth_user_md5 + WHERE matricule={?} AND promo={?} AND deces=0', $matricule, $promo); + list($mynom, $myprenom) = $res->fetchOneRow(); + $mynomup = strtoupper(replace_accent($mynom)); + $myprenomup = strtoupper(replace_accent($myprenom)); $autorisation = FALSE; if (strlen($chaine2)>0) { // il existe au moins 2 chaines @@ -116,45 +115,42 @@ if ($promo > 1995) { } else { // CODE SPECIAL POUR LES X DES PROMOTIONS AVANT 1996 - $sql = "SELECT nom,prenom,matricule FROM auth_user_md5 WHERE promo='$promo' AND deces=0"; - $result = $globals->db->query($sql); - $autorisation = FALSE; + $res = $globals->xdb->iterRow('SELECT nom,prenom,matricule FROM auth_user_md5 WHERE promo={?} AND deces=0', $promo); + $autorisation = false; if (strlen($chaine2)>0) { // il existe au moins 2 chaines - while (list($mynom,$myprenom,$mymat) = mysql_fetch_array($result)) { + while (list($mynom,$myprenom,$mymat) = $res->next()) { // verification de toute la promo ! - $mynomup=strtoupper(replace_accent($mynom)); - $myprenomup=strtoupper(replace_accent($myprenom)); + $mynomup = strtoupper(replace_accent($mynom)); + $myprenomup = strtoupper(replace_accent($myprenom)); if ( strstr($mynomup,$chaine1) && strstr($mynomup,$chaine2) && ($myprenomup==$prenomup) ) { - $autorisation = TRUE; - $matricule=$mymat; + $autorisation = true; + $matricule = $mymat; break; } } } else { // une seule chaine - while (list($mynom,$myprenom,$mymat) = mysql_fetch_array($result)) { + while (list($mynom,$myprenom,$mymat) = $res->next()) { // verification de toute la promo ! - $mynomup=strtoupper(replace_accent($mynom)); - $myprenomup=strtoupper(replace_accent($myprenom)); + $mynomup = strtoupper(replace_accent($mynom)); + $myprenomup = strtoupper(replace_accent($myprenom)); if ( strstr($mynomup,$chaine) && ($myprenomup==$prenomup) ) { - $autorisation = TRUE; - $matricule=$mymat; + $autorisation = true; + $matricule = $mymat; break; } } } - mysql_free_result($result); - // on vérifie que le matricule n'est pas déjà dans auth_user_md5 // sinon le même X pourrait s'inscrire deux fois avec le même matricule // exemple yann.buril et yan.buril seraient acceptés ! alors que le matricule // est unique if (! empty($matricule)) { - $result=$globals->db->query("SELECT * FROM auth_user_md5 WHERE matricule='".$matricule."' AND perms IN ('admin','user')"); - if ($myrow = mysql_fetch_array($result)) { + $res = $globals->xdb->query('SELECT * FROM auth_user_md5 WHERE matricule={?} AND perms IN ("admin","user")', $matricule); + if ($res->numRows()) { $str="Tu t'es déjà inscrit une fois.\n" ."Ecris à support@polytechnique.org pour tout problème."; sortie_id($str); @@ -172,25 +168,24 @@ if ($promo > 1995) { /***************************** IDENTIFICATION OK *****************************/ /*****************************************************************************/ -$result = $globals->db->query("SELECT id,type,expire FROM aliases WHERE alias='$mailorg'"); -$homonyme = mysql_num_rows($result) > 0; +$res = $globals->xdb->query('SELECT id,type,expire FROM aliases WHERE alias={?}', $mailorg); +$homonyme = $res->numRows() > 0; if ( $homonyme ) { $newbestalias = $mailorg . "." . sprintf("%02u",($promo%100)); - list($h_id,$h_type,$expire) = mysql_fetch_row($result); - mysql_free_result($result); + list($h_id, $h_type, $expire) = $res->fetchOneRow(); - $result = $globals->db->query("SELECT alias FROM aliases WHERE alias='$forlife'"); - if ( mysql_num_rows($result) > 0 ) { + $res = $globals->xdb->query('SELECT alias FROM aliases WHERE alias={?}', $forlife); + if ( $res->numRows() > 0 ) { sortie_id("Tu as un homonyme dans ta promo, il faut traiter ce cas manuellement.\n". "envoie un mail à support@polytechnique.org"); } - mysql_free_result($result); + $res->free(); if ( $h_type != 'homonyme' and empty($expire) ) { - $globals->db->query("UPDATE aliases SET expire=ADDDATE(NOW(),INTERVAL 1 MONTH) WHERE alias='$mailorg'"); - $globals->db->query("REPLACE INTO homonymes (homonyme_id,user_id) VALUES ($h_id,$h_id)"); + $globals->xdb->execute('UPDATE aliases SET expire=ADDDATE(NOW(),INTERVAL 1 MONTH) WHERE alias={?}', $mailorg); + $globals->xdb->execute('REPLACE INTO homonymes (homonyme_id,user_id) VALUES ({?},{?})', $h_id, $h_id); require_once('diogenes.hermes.inc.php'); $mailer = new HermesMailer(); $mailer->setFrom('"Support Polytechnique.org" '); diff --git a/include/lists.inc.php b/include/lists.inc.php index 75d3b4a..689774f 100644 --- a/include/lists.inc.php +++ b/include/lists.inc.php @@ -47,17 +47,16 @@ function list_sort_owners(&$members, $tri_promo = true) { foreach($members as $mem) { list($m, $dom) = split('@',$mem); if ($dom == $globals->mail->domain || $dom == $globals->mail->domain2) { - $res = $globals->db->query("SELECT prenom,IF(epouse='', nom, epouse), promo - FROM auth_user_md5 AS u - INNER JOIN aliases AS a ON u.user_id = a.id - WHERE a.alias = '$m'"); - if(list($prenom, $nom, $promo) = mysql_fetch_row($res)) { + $res = $globals->xdb->query('SELECT prenom,IF(epouse="", nom, epouse), promo + FROM auth_user_md5 AS u + INNER JOIN aliases AS a ON u.user_id = a.id + WHERE a.alias = {?}', $m); + if(list($prenom, $nom, $promo) = $res->fetchOneRow()) { $key = $tri_promo ? $promo : strtoupper($nom{0}); $membres[$key][$nom.$m] = Array('n' => "$prenom $nom", 'l' => $m); } else { $membres[0][] = Array('l' => $mem); } - mysql_free_result($res); } else { $membres[0][] = Array('l' => $mem); } diff --git a/include/money.inc.php b/include/money.inc.php index e289853..ce39294 100644 --- a/include/money.inc.php +++ b/include/money.inc.php @@ -43,12 +43,10 @@ class Payment { global $globals; $r = $ref==-1 ? $globals->money->mpay_def_id : $ref; - $res = $globals->db->query("SELECT id, text, url, flags, mail, montant_min, montant_max, montant_def - FROM {$globals->money->mpay_tprefix}paiements WHERE id='$r'"); + $res = $globals->xdb->query("SELECT id, text, url, flags, mail, montant_min, montant_max, montant_def + FROM {$globals->money->mpay_tprefix}paiements WHERE id={?}", $r); list($this->id, $this->text, $this->url, $flags, $this->mail, - $this->montant_min, $this->montant_max, $this->montant_def) - = mysql_fetch_row($res); - mysql_free_result($res); + $this->montant_min, $this->montant_max, $this->montant_def) = $res->fetchOneRow(); $this->montant_min = (float)$this->montant_min; $this->montant_max = (float)$this->montant_max; @@ -106,9 +104,8 @@ class PayMethod { global $globals; $i = $id==-1 ? $globals->money->mpay_def_meth : $id; - $res = $globals->db->query("SELECT id,text,include FROM {$globals->money->mpay_tprefix}methodes WHERE id='$i'"); - list($this->id, $this->text, $this->inc) = mysql_fetch_row($res); - mysql_free_result($res); + $res = $globals->xdb->query("SELECT id,text,include FROM {$globals->money->mpay_tprefix}methodes WHERE id={?}", $i); + list($this->id, $this->text, $this->inc) = $res->fetchOneRow(); } // }}} diff --git a/include/money/trezo.inc.php b/include/money/trezo.inc.php index 8d13d98..62b142b 100644 --- a/include/money/trezo.inc.php +++ b/include/money/trezo.inc.php @@ -55,12 +55,13 @@ function isDate($date) function solde_until($date='') { global $globals; - $sql = "select sum(credit)-sum(debit) from money_trezo"; - if(!empty($date)) - $sql .= " where date <= '$date'"; - $res = $globals->db->query($sql); - list($mysolde) = mysql_fetch_row($res); - return $mysolde; + $sql = "SELECT SUM(credit)-SUM(debit) FROM money_trezo"; + if (empty($date)) { + $res = $globals->xdb->query($sql); + } else { + $res = $globals->xdb->query($sql." WHERE date <= {?}", $date); + } + return $res->fetchOneCell(); } ?> diff --git a/include/newsletter.inc.php b/include/newsletter.inc.php index ab35a13..04a48a4 100644 --- a/include/newsletter.inc.php +++ b/include/newsletter.inc.php @@ -50,37 +50,35 @@ class NewsLetter if (isset($id)) { if ($id == 'last') { - $res = $globals->db->query("SELECT MAX(id) FROM newsletter WHERE bits!='new'"); - list($id) = mysql_fetch_row($res); + $res = $globals->xdb->query("SELECT MAX(id) FROM newsletter WHERE bits!='new'"); + $id = $res->fetchOneCell(); } - $res = $globals->db->query("SELECT * FROM newsletter WHERE id='$id'"); + $res = $globals->xdb->query("SELECT * FROM newsletter WHERE id={?}", $id); } else { - $res = $globals->db->query("SELECT * FROM newsletter WHERE bits='new'"); + $res = $globals->xdb->query("SELECT * FROM newsletter WHERE bits='new'"); } - $nl = mysql_fetch_assoc($res); - mysql_free_result($res); + $nl = $res->fetchOneAssoc(); $this->_id = $nl['id']; $this->_date = $nl['date']; $this->_title = $nl['titre']; $this->_head = $nl['head']; - $res = $globals->db->query("SELECT cid,titre FROM newsletter_cat ORDER BY pos"); - while (list($cid, $title) = mysql_fetch_row($res)) { + $res = $globals->xdb->iterRow("SELECT cid,titre FROM newsletter_cat ORDER BY pos"); + while (list($cid, $title) = $res->next()) { $this->_cats[$cid] = $title; } - mysql_free_result($res); - $res = $globals->db->query("SELECT a.title,a.body,a.append,a.aid,a.cid,a.pos - FROM newsletter_art AS a - INNER JOIN newsletter AS n USING(id) - LEFT JOIN newsletter_cat AS c ON(a.cid=c.cid) - WHERE a.id={$this->_id} - ORDER BY c.pos,a.pos"); - while( list($title,$body,$append,$aid,$cid,$pos) = mysql_fetch_row($res)) { + $res = $globals->xdb->iterRow( + "SELECT a.title,a.body,a.append,a.aid,a.cid,a.pos + FROM newsletter_art AS a + INNER JOIN newsletter AS n USING(id) + LEFT JOIN newsletter_cat AS c ON(a.cid=c.cid) + WHERE a.id={?} + ORDER BY c.pos,a.pos", $this->_id); + while (list($title, $body, $append, $aid, $cid, $pos) = $res->next()) { $this->_arts[$cid]["a$aid"] = new NLArticle($title, $body, $append, $aid, $cid, $pos); } - mysql_free_result($res); } // }}} @@ -89,7 +87,7 @@ class NewsLetter function setSent() { global $globals; - $globals->db->query("UPDATE newsletter SET bits='sent' WHERE id='{$this->_id}'"); + $globals->xdb->execute("UPDATE newsletter SET bits='sent' WHERE id={?}", $this->_id); } // }}} @@ -98,9 +96,8 @@ class NewsLetter function save() { global $globals; - $globals->db->query("UPDATE newsletter - SET date='{$this->_date}',titre='{$this->_title}',head='{$this->_head}' - WHERE id='{$this->_id}'"); + $globals->xdb->execute('UPDATE newsletter SET date={?},titre={?},head={?} WHERE id={?}', + $this->_date, $this->_title, $this->_head, $this->_id); } // }}} @@ -135,18 +132,18 @@ class NewsLetter { global $globals; if ($a->_aid>=0) { - $globals->db->query("REPLACE INTO newsletter_art (id,aid,cid,pos,title,body,append) - VALUES({$this->_id},{$a->_aid},{$a->_cid},{$a->_pos}, - '{$a->_title}','{$a->_body}','{$a->_append}')"); + $globals->xdb->execute('REPLACE INTO newsletter_art (id,aid,cid,pos,title,body,append) + VALUES ({?},{?},{?},{?},{?},{?},{?})', + $this->_id, $a->_aid, $a->_cid, $a->_pos, + $a->_title, $a->_body, $a->_append); $this->_arts['a'.$a->_aid] = $a; } else { - $globals->db->query( - "INSERT INTO newsletter_art - SELECT {$this->_id},MAX(aid)+1,{$a->_cid}, - ".($a->_pos ? $a->_pos : "MAX(pos)+1").", - '{$a->_title}','{$a->_body}','{$a->_append}' + $globals->xdb->executey( + 'INSERT INTO newsletter_art + SELECT {?},MAX(aid)+1,{?},'.($a->_pos ? intval($a->_pos) : 'MAX(pos)+1').',{?},{?},{?} FROM newsletter_art AS a - WHERE a.id={$this->_id}"); + WHERE a.id={?}', + $this->_id, $a->_cid, $a->_title, $a->_body, $a->_append, $this->_id); $this->_arts['a'.$a->_aid] = $a; } } @@ -157,7 +154,7 @@ class NewsLetter function delArticle($aid) { global $globals; - $globals->db->query("DELETE FROM newsletter_art WHERE id='{$this->_id}' AND aid='$aid'"); + $globals->xdb->execute('DELETE FROM newsletter_art WHERE id={?} AND aid={?}', $this->_id, $aid); foreach ($this->_arts as $key=>$art) { unset($this->_arts[$key]["a$aid"]); } @@ -437,48 +434,34 @@ class NLArticle function insert_new_nl() { global $globals; - $globals->db->query("INSERT INTO newsletter SET bits='new',date=NOW(),titre='to be continued'"); + $globals->xdb->execute("INSERT INTO newsletter SET bits='new',date=NOW(),titre='to be continued'"); } function get_nl_slist() { global $globals; - $res = $globals->db->query("SELECT id,date,titre FROM newsletter ORDER BY date DESC"); - $ans = Array(); - while ($tmp = mysql_fetch_assoc($res)) { - $ans[] = $tmp; - } - mysql_free_result($res); - return $ans; + $res = $globals->xdb->query("SELECT id,date,titre FROM newsletter ORDER BY date DESC"); + return $res->fetchAllAssoc(); } function get_nl_list() { global $globals; - $res = $globals->db->query("SELECT id,date,titre FROM newsletter WHERE bits!='new' ORDER BY date DESC"); - $ans = Array(); - while ($tmp = mysql_fetch_assoc($res)) { - $ans[] = $tmp; - } - mysql_free_result($res); - return $ans; + $res = $globals->xdb->query("SELECT id,date,titre FROM newsletter WHERE bits!='new' ORDER BY date DESC"); + return $res->fetchAllAssoc(); } function get_nl_state() { global $globals; - $res = $globals->db->query("SELECT pref FROM newsletter_ins WHERE user_id=".Session::getInt('uid')); - if (!(list($st) = mysql_fetch_row($res))) { - $st = false; - } - mysql_free_result($res); - return $st; + $res = $globals->xdb->query('SELECT pref FROM newsletter_ins WHERE user_id={?}', Session::getInt('uid')); + return $res->fetchOneCell(); } function unsubscribe_nl() { global $globals; - $globals->db->query("DELETE FROM newsletter_ins WHERE user_id=".Session::getInt('uid')); + $globals->xdb->execute('DELETE FROM newsletter_ins WHERE user_id={?}', Session::getInt('uid')); } function subscribe_nl($html=true, $uid=-1) @@ -486,9 +469,8 @@ function subscribe_nl($html=true, $uid=-1) global $globals; $user = ($uid == -1) ? Session::getInt('uid') : $uid; $format = $html ? 'html' : 'text'; - $globals->db->query("REPLACE INTO newsletter_ins (user_id,last,pref) - SELECT '$user', MAX(id), '$format' - FROM newsletter WHERE bits!='new'"); + $globals->xdb->execute('REPLACE INTO newsletter_ins (user_id,last,pref) + SELECT {?}, MAX(id), {?} FROM newsletter WHERE bits!="new"', $user, $format); } function justify($text,$n) diff --git a/include/notifs.inc.php b/include/notifs.inc.php index 0457461..cb7e9fe 100644 --- a/include/notifs.inc.php +++ b/include/notifs.inc.php @@ -25,23 +25,22 @@ define("WATCH_DEATH", 3); function inscription_notifs_base($uid) { global $globals; - $globals->db->query("REPLACE INTO watch_sub (uid,cid) - SELECT '$uid',id - FROM watch_cat"); + $globals->xdb->execute('REPLACE INTO watch_sub (uid,cid) SELECT {?},id FROM watch_cat', $uid); } function register_watch_op($uid,$cid,$date='',$info='') { global $globals; $date = empty($date) ? 'NOW()' : "'$date'"; - $globals->db->query("REPLACE INTO watch_ops (uid,cid,known,date,info) VALUES('$uid','$cid',NOW(),$date,'$info')"); + $globals->xdb->execute('REPLACE INTO watch_ops (uid,cid,known,date,info) VALUES({?},{?},NOW(),{?},{?})', + $uid, $cid, $date, $info); if($cid == WATCH_FICHE) { - $globals->db->query("UPDATE auth_user_md5 SET DATE=NOW() WHERE user_id='$uid'"); + $globals->xdb->execute('UPDATE auth_user_md5 SET DATE=NOW() WHERE user_id={?}', $uid); } elseif($cid == WATCH_INSCR) { - $globals->db->query("REPLACE INTO contacts (uid,contact) - SELECT uid,ni_id - FROM watch_nonins - WHERE ni_id='$uid'"); - $globals->db->query("DELETE FROM watch_nonins WHERE ni_id='$uid'"); + $globals->xdb->execute('REPLACE INTO contacts (uid,contact) + SELECT uid,ni_id + FROM watch_nonins + WHERE ni_id={?}', $uid); + $globals->xdb->execute('DELETE FROM watch_nonins WHERE ni_id={?}', $uid); } } @@ -53,7 +52,7 @@ function getNbNotifs() { $uid = Session::getInt('uid', -1); $watchlast = Session::get('watch_last'); - $res = $globals->db->query(" + $res = $globals->xdb->query(" ( SELECT u.promo, u.prenom, IF(u.epouse='',u.nom,u.epouse) AS nom, a.alias AS bestalias, wo.*, 1 AS contact, (u.perms IN ('admin','user')) AS inscrit @@ -63,7 +62,7 @@ function getNbNotifs() { INNER JOIN watch_sub AS ws ON(wo.cid=ws.cid AND ws.uid=c.uid) INNER JOIN auth_user_md5 AS u ON(u.user_id = wo.uid) LEFT JOIN aliases AS a ON(u.user_id = a.id AND FIND_IN_SET('bestalias',a.flags)) - WHERE q.user_id = '$uid' AND FIND_IN_SET('contacts',q.watch_flags) AND wo.known > $watchlast + WHERE q.user_id = {?} AND FIND_IN_SET('contacts',q.watch_flags) AND wo.known > {?} ) UNION DISTINCT ( SELECT u.promo, u.prenom, IF(u.epouse='',u.nom,u.epouse) AS nom, a.alias AS bestalias, wo.*, NOT (c.contact IS NULL) AS contact, (u.perms IN ('admin','user')) AS inscrit @@ -75,7 +74,7 @@ function getNbNotifs() { INNER JOIN watch_sub AS ws ON(wo.cid=ws.cid AND ws.uid=w.uid) INNER JOIN watch_cat AS wc ON(wc.id=wo.cid AND wc.frequent=0) LEFT JOIN aliases AS a ON(u.user_id = a.id AND FIND_IN_SET('bestalias',a.flags)) - WHERE w.uid = '$uid' AND wo.known > $watchlast + WHERE w.uid = {?} AND wo.known > {?} ) UNION DISTINCT ( SELECT u.promo, u.prenom, IF(u.epouse='',u.nom,u.epouse) AS nom, a.alias AS bestalias, wo.*, 0 AS contact, (u.perms IN ('admin','user')) AS inscrit @@ -86,17 +85,13 @@ function getNbNotifs() { INNER JOIN watch_sub AS ws ON(wo.cid=ws.cid AND ws.uid=w.uid) INNER JOIN watch_cat AS wc ON(wc.id=wo.cid) LEFT JOIN aliases AS a ON(u.user_id = a.id AND FIND_IN_SET('bestalias',a.flags)) - WHERE w.uid = '$uid' AND wo.known > $watchlast - )"); - $n = mysql_num_rows($res); - mysql_free_result($res); + WHERE w.uid = {?} AND wo.known > {?} + )", $uid, $watchlast, $uid, $watchlast, $uid, $watchlast); + $n = $res->numRows(); + $res->free(); $url = smarty_modifier_url('carnet/panel.php'); - if($n==0) { - return; - } - if($n==1) { - return "1 évènement !"; - } + if($n==0) { return; } + if($n==1) { return "1 évènement !"; } return "$n évènements !"; } @@ -107,11 +102,12 @@ class AllNotifs { function AllNotifs() { global $globals; - $res = $globals->db->query("SELECT * FROM watch_cat"); - while($tmp = mysql_fetch_assoc($res)) $this->_cats[$tmp['id']] = $tmp; - mysql_free_result($res); + $res = $globals->xdb->iterator("SELECT * FROM watch_cat"); + while($tmp = $res->next()) { + $this->_cats[$tmp['id']] = $tmp; + } - $res = $globals->db->query(" + $res = $globals->xdb->iterator(" ( SELECT q.user_id AS aid, v.prenom AS aprenom, IF(v.epouse='',v.nom,v.prenom) AS anom, b.alias AS abestalias, (v.flags='femme') AS sexe, @@ -160,7 +156,7 @@ class AllNotifs { ) ORDER BY cid,promo,nom"); - while($tmp = mysql_fetch_assoc($res)) { + while($tmp = $res->next()) { $aid = $tmp['aid']; $this->_data[$aid] = Array("prenom" => $tmp['aprenom'], 'nom' => $tmp['anom'], 'bestalias'=>$tmp['abestalias'], 'sexe' => $tmp['sexe']); @@ -179,13 +175,14 @@ class Notifs { global $globals; $this->_uid = $uid; - $res = $globals->db->query("SELECT * FROM watch_cat"); - while($tmp = mysql_fetch_assoc($res)) $this->_cats[$tmp['id']] = $tmp; - mysql_free_result($res); + $res = $globals->xdb->iterator("SELECT * FROM watch_cat"); + while($tmp = $res->next()) { + $this->_cats[$tmp['id']] = $tmp; + } $lastweek = date('YmdHis',mktime() - 7*24*60*60); - $res = $globals->db->query(" + $res = $globals->xdb->iterator(" ( SELECT u.promo, u.prenom, IF(u.epouse='',u.nom,u.epouse) AS nom, a.alias AS bestalias, wo.*, 1 AS contact, (u.perms IN ('admin','user')) AS inscrit @@ -195,7 +192,7 @@ class Notifs { INNER JOIN watch_sub AS ws ON(wo.cid=ws.cid AND ws.uid=q.user_id) INNER JOIN auth_user_md5 AS u ON(u.user_id = wo.uid) LEFT JOIN aliases AS a ON(u.user_id = a.id AND FIND_IN_SET('bestalias',a.flags)) - WHERE q.user_id = '$uid' AND FIND_IN_SET('contacts',q.watch_flags) AND wo.known > $lastweek + WHERE q.user_id = {?} AND FIND_IN_SET('contacts',q.watch_flags) AND wo.known > $lastweek ) UNION DISTINCT ( SELECT u.promo, u.prenom, IF(u.epouse='',u.nom,u.epouse) AS nom, a.alias AS bestalias, wo.*, NOT (c.contact IS NULL) AS contact, (u.perms IN ('admin','user')) AS inscrit @@ -206,7 +203,7 @@ class Notifs { INNER JOIN watch_sub AS ws ON(wo.cid=ws.cid AND ws.uid=w.uid) INNER JOIN watch_cat AS wc ON(wc.id=wo.cid AND wc.frequent=0) LEFT JOIN aliases AS a ON(u.user_id = a.id AND FIND_IN_SET('bestalias',a.flags)) - WHERE w.uid = '$uid' AND wo.known > $lastweek + WHERE w.uid = {?} AND wo.known > $lastweek ) UNION DISTINCT ( SELECT u.promo, u.prenom, IF(u.epouse='',u.nom,u.epouse) AS nom, a.alias AS bestalias, wo.*, 0 AS contact, (u.perms IN ('admin','user')) AS inscrit @@ -216,15 +213,15 @@ class Notifs { INNER JOIN watch_sub AS ws ON(wo.cid=ws.cid AND ws.uid=w.uid) INNER JOIN watch_cat AS wc ON(wc.id=wo.cid) LEFT JOIN aliases AS a ON(u.user_id = a.id AND FIND_IN_SET('bestalias',a.flags)) - WHERE w.uid = '$uid' AND wo.known > $lastweek + WHERE w.uid = {?} AND wo.known > $lastweek ) - ORDER BY cid,promo,nom"); - while($tmp = mysql_fetch_assoc($res)) { + ORDER BY cid,promo,nom", $uid, $uid, $uid); + while($tmp = $res->next()) { $this->_data[$tmp['cid']][$tmp['promo']][] = $tmp; } if($up) { - $globals->db->query("UPDATE auth_user_quick SET watch_last=NOW() WHERE user_id='$uid'"); + $globals->xdb->execute('UPDATE auth_user_quick SET watch_last=NOW() WHERE user_id={?}', $uid); } } } @@ -244,15 +241,15 @@ class Watch { $this->_promos = new PromoNotifs($uid); $this->_nonins = new NoninsNotifs($uid); $this->_subs = new WatchSub($uid); - $res = $globals->db->query("SELECT FIND_IN_SET('contacts',watch_flags),FIND_IN_SET('mail',watch_flags) - FROM auth_user_quick - WHERE user_id='$uid'"); - list($this->watch_contacts,$this->watch_mail) = mysql_fetch_row($res); - mysql_free_result($res); + $res = $globals->xdb->query("SELECT FIND_IN_SET('contacts',watch_flags),FIND_IN_SET('mail',watch_flags) + FROM auth_user_quick + WHERE user_id={?}", $uid); + list($this->watch_contacts,$this->watch_mail) = $res->fetchOneRow(); - $res = $globals->db->query("SELECT * FROM watch_cat"); - while($tmp = mysql_fetch_assoc($res)) $this->_cats[$tmp['id']] = $tmp; - mysql_free_result($res); + $res = $globals->xdb->iterator("SELECT * FROM watch_cat"); + while($tmp = $res->next()) { + $this->_cats[$tmp['id']] = $tmp; + } } function saveFlags() { @@ -260,7 +257,7 @@ class Watch { $flags = ""; if($this->watch_contacts) $flags = "contacts"; if($this->watch_mail) $flags .= ($flags ? ',' : '')."mail"; - $globals->db->query("UPDATE auth_user_quick SET watch_flags='$flags' WHERE user_id='{$this->_uid}'"); + $globals->xdb->execute('UPDATE auth_user_quick SET watch_flags={?} WHERE user_id={?}', $flags, $this->_uid); } @@ -288,21 +285,21 @@ class WatchSub { function WatchSub($uid) { $this->_uid = $uid; global $globals; - $res = $globals->db->query("SELECT cid FROM watch_sub WHERE uid='$uid'"); - while(list($c) = mysql_fetch_row($res)) $this->_data[$c] = $c; - mysql_free_result($res); + $res = $globals->xdb->iterRow('SELECT cid FROM watch_sub WHERE uid={?}', $uid); + while(list($c) = $res->next()) { + $this->_data[$c] = $c; + } } function update($ind) { global $globals; $this->_data = Array(); - $globals->db->query("DELETE FROM watch_sub WHERE uid='{$this->_uid}'"); + $globals->xdb->execute('DELETE FROM watch_sub WHERE uid={?}', $this->_uid); foreach(Env::getMixed($ind) as $key=>$val) { - $globals->db->query("INSERT INTO watch_sub - SELECT '{$this->_uid}',id - FROM watch_cat - WHERE id='$key'"); - if(mysql_affected_rows()) $this->_data[$key] = $key; + $globals->xdb->query('INSERT INTO watch_sub SELECT {?},id FROM watch_cat WHERE id={?}', $this->_uid, $key); + if(mysql_affected_rows()) { + $this->_data[$key] = $key; + } } } } @@ -314,15 +311,16 @@ class PromoNotifs { function PromoNotifs($uid) { $this->_uid = $uid; global $globals; - $res = $globals->db->query("SELECT promo FROM watch_promo WHERE uid='$uid' ORDER BY promo"); - while(list($p) = mysql_fetch_row($res)) $this->_data[intval($p)] = intval($p); - mysql_free_result($res); + $res = $globals->xdb->iterRow('SELECT promo FROM watch_promo WHERE uid={?} ORDER BY promo', $uid); + while (list($p) = $res->next()) { + $this->_data[intval($p)] = intval($p); + } } function add($p) { global $globals; $promo = intval($p); - $globals->db->query("REPLACE INTO watch_promo (uid,promo) VALUES('{$this->_uid}',$promo)"); + $globals->xdb->execute('REPLACE INTO watch_promo (uid,promo) VALUES({?},{?})', $this->_uid, $promo); $this->_data[$promo] = $promo; asort($this->_data); } @@ -330,7 +328,7 @@ class PromoNotifs { function del($p) { global $globals; $promo = intval($p); - $globals->db->query("DELETE FROM watch_promo WHERE uid='{$this->_uid}' AND promo=$promo"); + $globals->xdb->execute('DELETE FROM watch_promo WHERE uid={?} AND promo={?}', $this->_uid, $promo); unset($this->_data[$promo]); } @@ -343,7 +341,7 @@ class PromoNotifs { $values[] = "('{$this->_uid}',$i)"; $this->_data[$i] = $i; } - $globals->db->query("REPLACE INTO watch_promo (uid,promo) VALUES ".join(',',$values)); + $globals->xdb->execute('REPLACE INTO watch_promo (uid,promo) VALUES '.join(',',$values)); asort($this->_data); } @@ -356,7 +354,7 @@ class PromoNotifs { $where[] = "promo=$i"; unset($this->_data[$i]); } - $globals->db->query("DELETE FROM watch_promo WHERE uid='{$this->_uid}' AND (".join(' OR ',$where).')'); + $globals->xdb->execute('DELETE FROM watch_promo WHERE uid={?} AND ('.join(' OR ',$where).')', $this->_uid); } function toRanges() { @@ -387,29 +385,29 @@ class NoninsNotifs { function NoninsNotifs($uid) { global $globals; $this->_uid = $uid; - $res = $globals->db->query("SELECT u.prenom,IF(u.epouse='',u.nom,u.epouse) AS nom, u.promo, u.user_id - FROM watch_nonins AS w - INNER JOIN auth_user_md5 AS u ON (u.user_id = w.ni_id) - WHERE w.uid = '$uid' - ORDER BY promo,nom"); - while($tmp = mysql_fetch_assoc($res)) $this->_data[$tmp['user_id']] = $tmp; - mysql_free_result($res); + $res = $globals->xdb->iterator("SELECT u.prenom,IF(u.epouse='',u.nom,u.epouse) AS nom, u.promo, u.user_id + FROM watch_nonins AS w + INNER JOIN auth_user_md5 AS u ON (u.user_id = w.ni_id) + WHERE w.uid = {?} + ORDER BY promo,nom", $uid); + while($tmp = $res->next()) { + $this->_data[$tmp['user_id']] = $tmp; + } } function del($p) { global $globals; unset($this->_data["$p"]); - $globals->db->query("DELETE FROM watch_nonins WHERE uid='{$this->_uid}' AND ni_id='$p'"); + $globals->xdb->execute('DELETE FROM watch_nonins WHERE uid={?} AND ni_id={?}', $this->_uid, $p); } function add($p) { global $globals; - $globals->db->query("INSERT INTO watch_nonins (uid,ni_id) VALUES('{$this->_uid}','$p')"); - $res = $globals->db->query("SELECT prenom,IF(epouse='',nom,epouse) AS nom,promo,user_id - FROM auth_user_md5 - WHERE user_id='$p'"); - $this->_data["$p"] = mysql_fetch_assoc($res); - mysql_free_result($res); + $globals->xdb->execute('INSERT INTO watch_nonins (uid,ni_id) VALUES({?},{?})', $this->_uid, $p); + $res = $globals->xdb->query('SELECT prenom,IF(epouse="",nom,epouse) AS nom,promo,user_id + FROM auth_user_md5 + WHERE user_id={?}', $p); + $this->_data["$p"] = $res->fetchOneAssoc(); } } diff --git a/include/secteur.emploi.inc.php b/include/secteur.emploi.inc.php index e6c0cc5..8adc9c9 100644 --- a/include/secteur.emploi.inc.php +++ b/include/secteur.emploi.inc.php @@ -22,25 +22,25 @@ function select_secteur($secteur){ global $globals; - if($secteur == '') $secteur = -1; + if ($secteur == '') { + $secteur = -1; + } $html = "\n"; - $res = $globals->db->query("SELECT id, label FROM emploi_secteur"); - while(list($tmp_id, $tmp_label) = mysql_fetch_row($res)){ + $res = $globals->xdb->iterRow("SELECT id, label FROM emploi_secteur"); + while (list($tmp_id, $tmp_label) = $res->next()) { $html .= "\n"; } - mysql_free_result($res); return $html; } function select_ss_secteur($secteur,$ss_secteur){ global $globals; - if($secteur != ''){ + if ($secteur) { $html = "\n"; - $res = $globals->db->query("SELECT id, label FROM emploi_ss_secteur WHERE secteur = '$secteur'"); - while(list($tmp_id, $tmp_label) = mysql_fetch_row($res)){ + $res = $globals->xdb->iterRow("SELECT id, label FROM emploi_ss_secteur WHERE secteur = {?}", $secteur); + while (list($tmp_id, $tmp_label) = $res->next()){ $html .= "\n"; } - mysql_free_result($res); return $html; } else{ diff --git a/include/validations/aliases.inc.php b/include/validations/aliases.inc.php index 7b4a944..dd250ab 100644 --- a/include/validations/aliases.inc.php +++ b/include/validations/aliases.inc.php @@ -44,25 +44,22 @@ class AliasReq extends Validate $this->alias = $_alias; $this->raison = $_raison; - $sql = $globals->db->query(" + $res = $globals->xdb->query(" SELECT l.alias,m.alias,prenom,nom FROM auth_user_md5 AS u INNER JOIN aliases AS l ON (u.user_id=l.id AND l.type='a_vie') INNER JOIN aliases AS m ON (u.user_id=m.id AND FIND_IN_SET('bestalias',m.flags)) - WHERE user_id='".$this->uid."'"); - list($this->forlife,$this->bestalias,$this->prenom,$this->nom) = mysql_fetch_row($sql); - mysql_free_result($sql); + WHERE user_id={?}", $this->uid); + list($this->forlife,$this->bestalias,$this->prenom,$this->nom) = $res->fetchOneRow(); - $sql = $globals->db->query(" + $res = $globals->xdb->query(" SELECT v.alias FROM virtual_redirect AS vr INNER JOIN virtual AS v ON (v.vid=vr.vid AND v.alias LIKE '%@{$globals->mail->alias_dom}') - WHERE vr.redirect='{$this->forlife}@{$globals->mail->domain}' - OR vr.redirect='{$this->forlife}@{$globals->mail->domain2}'"); - if (mysql_num_rows($sql)) { - list($this->old) = mysql_fetch_row($sql); - } - mysql_free_result($sql); + WHERE vr.redirect={?} OR vr.redirect={?}", + "{$this->forlife}@{$globals->mail->domain}", "{$this->forlife}@{$globals->mail->domain2}"); + $this->old = $res->fetchOneCell(); + if (empty($this->old)) { unset($this->old); } } // }}} @@ -114,14 +111,15 @@ class AliasReq extends Validate global $globals; if ($this->old) { - $globals->db->query("UPDATE virtual SET alias='{$this->alias}@{$globals->mail->alias_dom}' WHERE alias='{$this->old}'"); - + $globals->xdb->execute('UPDATE virtual SET alias={?} WHERE alias={?}', + $this->alias.'@'.$globals->mail->alias_dom, $this->old); } else { - $globals->db->query("INSERT INTO virtual SET alias='{$this->alias}@{$globals->mail->alias_dom}',type='user'"); + $globals->xdb->execute('INSERT INTO virtual SET alias={?},type="user"', + $this->alias.'@'.$globals->mail->alias_dom); $vid = mysql_insert_id(); require_once('emails.inc.php'); $dom = $globals->mail->shorter_domain(); - $globals->db->query("INSERT INTO virtual_redirect (vid,redirect) VALUES ($vid,'{$this->forlife}@$dom')"); + $globals->xdb->query('INSERT INTO virtual_redirect (vid,redirect) VALUES ({?}, {?})', $vid, $this->forlife.'@'.$dom); } } diff --git a/include/validations/epouses.inc.php b/include/validations/epouses.inc.php index 4793f3e..9662196 100644 --- a/include/validations/epouses.inc.php +++ b/include/validations/epouses.inc.php @@ -43,20 +43,18 @@ class EpouseReq extends Validate { global $globals; $this->Validate($_uid, true, 'epouse', $_stamp); - $this->epouse = $_epouse; + $this->epouse = $_epouse; $this->forlife = $_forlife; + list($prenom) = explode('.',$_forlife); + $this->alias = make_username($prenom,$this->epouse); - list($prenom) = explode('.',$_forlife); - $this->alias = make_username($prenom,$this->epouse); - - $sql = $globals->db->query(" + $sql = $globals->xdb->query(" SELECT e.alias, u.epouse, u.prenom, u.nom, a.id FROM auth_user_md5 as u LEFT JOIN aliases as e ON(e.type='alias' AND FIND_IN_SET('epouse',e.flags) AND e.id = u.user_id) - LEFT JOIN aliases as a ON(a.alias = '{$this->alias}' AND a.id != u.user_id) - WHERE u.user_id = ".$this->uid); - list($this->oldalias, $this->oldepouse, $this->prenom, $this->nom, $this->homonyme) = mysql_fetch_row($sql); - mysql_free_result($sql); + LEFT JOIN aliases as a ON(a.alias = {?} AND a.id != u.user_id) + WHERE u.user_id = {?}", $this->alias, $this->uid); + list($this->oldalias, $this->oldepouse, $this->prenom, $this->nom, $this->homonyme) = $res->fetchOneRow(); } // }}} @@ -110,10 +108,11 @@ class EpouseReq extends Validate { global $globals; - $globals->db->query("UPDATE auth_user_md5 set epouse='".$this->epouse."' WHERE user_id=".$this->uid); - $globals->db->query("DELETE FROM aliases WHERE FIND_IN_SET('epouse',flags) AND id=".$this->uid); - $globals->db->query("UPDATE aliases SET flags='' WHERE flags='bestalias' AND id=".$this->uid); - $globals->db->query("INSERT INTO aliases VALUES('".$this->alias."', 'alias', 'epouse,bestalias', ".$this->uid.", null)"); + $globals->xdb->execute("UPDATE auth_user_md5 set epouse={?} WHERE user_id={?}",$this->epouse ,$this->uid); + $globals->xdb->execute("DELETE FROM aliases WHERE FIND_IN_SET('epouse',flags) AND id={?}", $this->uid); + $globals->xdb->execute("UPDATE aliases SET flags='' WHERE flags='bestalias' AND id={?}", $this->uid); + $globals->xdb->execute("INSERT INTO aliases VALUES({?}, 'alias', 'epouse,bestalias', {?}, null)", + $this->alias, $this->uid); $f = fopen("/tmp/flag_recherche","w"); fputs($f,"1"); fclose($f); diff --git a/include/validations/evts.inc.php b/include/validations/evts.inc.php index d6e1c95..5c239a0 100644 --- a/include/validations/evts.inc.php +++ b/include/validations/evts.inc.php @@ -45,21 +45,19 @@ class EvtReq extends Validate $_comment,$_uid,$_stamp=0) { global $globals; $this->Validate($_uid, false, 'evts', $_stamp); - $this->evtid = $_evtid; - $this->titre = $_titre; - $this->texte = $_texte; - $this->pmin = $_pmin; - $this->pmax = $_pmax; + $this->evtid = $_evtid; + $this->titre = $_titre; + $this->texte = $_texte; + $this->pmin = $_pmin; + $this->pmax = $_pmax; $this->peremption = $_peremption; - $this->comment = $_comment; - $req = $globals->db->query(" + $this->comment = $_comment; + $res = $globals->xdb->query(" SELECT a.alias,promo,nom,prenom FROM auth_user_md5 AS u INNER JOIN aliases AS a ON ( u.user_id=a.id AND FIND_IN_SET('bestalias',a.flags)) - WHERE user_id='$_uid'"); - list($this->bestalias,$this->promo,$this->nom,$this->prenom) - = mysql_fetch_row($req); - mysql_free_result($req); + WHERE user_id={?}", $_uid); + list($this->bestalias,$this->promo,$this->nom,$this->prenom) = $res->fetchOneRow(); } // }}} @@ -91,21 +89,25 @@ class EvtReq extends Validate $uid = Session::getInt('uid'); if (Env::get('action') == "Valider") { - $globals->db->query("UPDATE evenements - SET creation_date = creation_date, validation_user_id = $uid, - validation_date = NULL, flags = CONCAT(flags,',valide') - WHERE id='{$this->evtid}' LIMIT 1"); + $globals->xdb->execute( + "UPDATE evenements + SET creation_date = creation_date, validation_user_id = {?}, + validation_date = NULL, flags = CONCAT(flags,',valide') + WHERE id={?} + LIMIT 1", $uid, $this->evtid); $mymail->assign('answer','yes'); $mymail->send(); } elseif (Env::get('action') == "Invalider") { - $globals->db->query("UPDATE evenements - SET creation_date = creation_date, validation_user_id = $uid, - validation_date = NULL, flags = REPLACE(flags,'valide','') - WHERE id='{$this->evtid}' LIMIT 1"); + $globals->xdb->execute( + "UPDATE evenements + SET creation_date = creation_date, validation_user_id = {?}, + validation_date = NULL, flags = REPLACE(flags,'valide','') + WHERE id='{?}' + LIMIT 1", $uid, $this->evtid); $mymail->assign('answer', 'no'); $mymail->send(); } elseif (Env::get('action') == "Supprimer") { - $globals->db->query("DELETE from evenements WHERE id='{$this->evtid}' LIMIT 1"); + $globals->xdb->execute("DELETE FROM evenements WHERE id={?} LIMIT 1", $this->evtid); } $this->clean(); diff --git a/include/validations/listes.inc.php b/include/validations/listes.inc.php index cf60730..8eabc06 100644 --- a/include/validations/listes.inc.php +++ b/include/validations/listes.inc.php @@ -43,23 +43,21 @@ class ListeReq extends Validate { global $globals; $this->Validate($_uid, true, 'liste', $_stamp); - $this->liste = $_liste; - $this->desc = $_desc; - - $this->advertise = $_advertise; - $this->modlevel = $_modlevel; - $this->inslevel = $_inslevel; - $this->owners = $_owners; - $this->members = $_members; + $this->liste = $_liste; + $this->desc = $_desc; + $this->advertise = $_advertise; + $this->modlevel = $_modlevel; + $this->inslevel = $_inslevel; + $this->owners = $_owners; + $this->members = $_members; - $sql = $globals->db->query(" + $res = $globals->xdb->query(" SELECT l.alias FROM auth_user_md5 AS u INNER JOIN aliases AS l ON (u.user_id=l.id AND FIND_IN_SET('bestalias',l.flags)) - WHERE user_id='".$this->uid."'"); - list($this->bestalias) = mysql_fetch_row($sql); - mysql_free_result($sql); + WHERE user_id={?}", $this->uid); + $this->bestalias = $res->fetchOneCell(); } // }}} @@ -121,10 +119,9 @@ class ListeReq extends Validate $this->owners, $this->members); $liste = strtolower($this->liste); if ($ret) { - $globals->db->query("INSERT INTO aliases (alias,type) VALUES('{$liste}', 'liste')"); - $globals->db->query("INSERT INTO aliases (alias,type) VALUES('{$liste}-owner', 'liste')"); - $globals->db->query("INSERT INTO aliases (alias,type) VALUES('{$liste}-admin', 'liste')"); - $globals->db->query("INSERT INTO aliases (alias,type) VALUES('{$liste}-bounces', 'liste')"); + foreach(Array($liste, $liste."-owner", $liste."-admin", $liste."-bounces") as $l) { + $globals->xdb->execute("INSERT INTO aliases (alias,type) VALUES({?}, 'liste')", $l); + } } return $ret; } diff --git a/include/validations/photos.inc.php b/include/validations/photos.inc.php index a9e641e..6db3533 100644 --- a/include/validations/photos.inc.php +++ b/include/validations/photos.inc.php @@ -42,13 +42,12 @@ class PhotoReq extends Validate global $erreur, $globals; $this->Validate($_uid, true, 'photo', $_stamp); - $sql = $globals->db->query(" + $res = $globals->xdb->query(" SELECT a.alias, prenom, nom FROM auth_user_md5 AS u INNER JOIN aliases AS a ON ( a.id=u.user_id AND FIND_IN_SET('bestalias',a.flags) ) - WHERE user_id=".$this->uid); - list($this->bestalias,$this->prenom,$this->nom) = mysql_fetch_row($sql); - mysql_free_result($sql); + WHERE user_id={?}", $this->uid); + list($this->bestalias,$this->prenom,$this->nom) = $res->fetchOneRow(); if (!file_exists($_file)) { $erreur = "Fichier inexistant"; @@ -139,9 +138,9 @@ class PhotoReq extends Validate { global $globals; - $globals->db->query("REPLACE INTO photo (uid, attachmime, attach, x, y) - VALUES ('{$this->uid}', '{$this->mimetype}', '" - .addslashes($this->data)."', '{$this->x}', '{$this->y}')"); + $globals->xdb->execute('REPLACE INTO photo (uid, attachmime, attach, x, y) + VALUES ({?},{?},{?},{?},{?})', + $this->uid, $this->mimetype, $this->data, $this->x, $this->y); require_once('notifs.inc.php'); register_watch_op($this->uid,WATCH_FICHE); } diff --git a/include/xorg/database.inc.php b/include/xorg/database.inc.php index 6acb89f..3f4e3fe 100644 --- a/include/xorg/database.inc.php +++ b/include/xorg/database.inc.php @@ -30,14 +30,22 @@ class XOrgDB } // }}} + // {{{ function _prepare + + function _prepare($args) { + $query = array_map(Array($this, '_db_escape'), $args); + $query[0] = str_replace('%', '%%', $args[0]); + $query[0] = str_replace('{?}', '%s', $query[0]); + return call_user_func_array('sprintf', $query); + } + + // }}} // {{{ function query function &query() { - $args = func_get_args(); - $query = array_map(Array($this, '_db_escape'), $args); - $query[0] = str_replace('{?}', '%s', $args[0]); - return new XOrgDBResult(call_user_func_array('sprintf', $query)); + $query = $this->_prepare(func_get_args()); + return new XOrgDBResult($query); } // }}} @@ -45,10 +53,8 @@ class XOrgDB function execute() { global $globals; - $args = func_get_args(); - $query = array_map(Array($this, '_db_escape'), $args); - $query[0] = str_replace('{?}', '%s', $args[0]); - return $globals->db->query(call_user_func_array('sprintf', $query)); + $query = $this->_prepare(func_get_args()); + return $globals->db->query($query); } // }}} @@ -56,21 +62,17 @@ class XOrgDB function &iterator() { - $args = func_get_args(); - $query = array_map(Array($this, '_db_escape'), $args); - $query[0] = str_replace('{?}', '%s', $args[0]); - return new XOrgDBIterator(call_user_func_array('sprintf', $query)); + $query = $this->_prepare(func_get_args()); + return new XOrgDBIterator($query); } // }}} - // {{{ function iterator() + // {{{ function iterRow() function &iterRow() { - $args = func_get_args(); - $query = array_map(Array($this, '_db_escape'), $args); - $query[0] = str_replace('{?}', '%s', $args[0]); - return new XOrgDBIterator(call_user_func_array('sprintf', $query), MYSQL_NUM); + $query = $this->_prepare(func_get_args()); + return new XOrgDBIterator($query, MYSQL_NUM); } // }}} @@ -207,7 +209,7 @@ class XOrgDBResult } // }}} - // {{{ function fetchOneCell() + // {{{ function fetchColumn() function fetchColumn($key = 0) { -- 2.1.4