diff --git a/lib/archiving/ArchiveRestorationRequest.inc b/lib/archiving/ArchiveRestorationRequest.inc index 64be05d..4a14360 100644 --- a/lib/archiving/ArchiveRestorationRequest.inc +++ b/lib/archiving/ArchiveRestorationRequest.inc @@ -199,7 +199,7 @@ class ArchiveRestorationRequest extends KTEntity { global $default; $aArchiveRestorationRequestArray = array(); $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->archive_restoration_table " . (isset($sWhereClause) ? " WHERE " . $sWhereClause : "")); + $result = $sql->query("SELECT * FROM $default->archive_restoration_table " . (isset($sWhereClause) ? " WHERE " . $sWhereClause : ""));/*wc*/ if ($result) { while ($sql->next_record()) { $aArchiveRestorationRequestArray[] = & ArchiveRestorationRequest::get($sql->f("id")); diff --git a/lib/archiving/ArchivingSettings.inc b/lib/archiving/ArchivingSettings.inc index b582415..ec4f778 100644 --- a/lib/archiving/ArchivingSettings.inc +++ b/lib/archiving/ArchivingSettings.inc @@ -191,7 +191,7 @@ class ArchivingSettings extends KTEntity { global $default; $aArchivingSettings = array(); $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->archiving_settings_table " . (isset($sWhereClause) ? " WHERE " . $sWhereClause : "")); + $result = $sql->query("SELECT * FROM $default->archiving_settings_table " . (isset($sWhereClause) ? " WHERE " . $sWhereClause : ""));/*wc*/ if ($result) { while ($sql->next_record()) { $oArchivingSettings = & ArchivingSettings::get($sql->f("id")); diff --git a/lib/archiving/ArchivingType.inc b/lib/archiving/ArchivingType.inc index 464ea23..f96991e 100644 --- a/lib/archiving/ArchivingType.inc +++ b/lib/archiving/ArchivingType.inc @@ -113,7 +113,7 @@ class ArchivingType extends KTEntity { global $default; $aArchivingTypeArray = array(); $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->archiving_type_lookup_table " . (isset($sWhereClause) ? " WHERE " . $sWhereClause : "")); + $result = $sql->query("SELECT * FROM $default->archiving_type_lookup_table " . (isset($sWhereClause) ? " WHERE " . $sWhereClause : ""));/*wc*/ if ($result) { $iCount = 0; while ($sql->next_record()) { diff --git a/lib/archiving/DocumentArchiving.inc b/lib/archiving/DocumentArchiving.inc index 6a1a2a9..4d67791 100644 --- a/lib/archiving/DocumentArchiving.inc +++ b/lib/archiving/DocumentArchiving.inc @@ -156,7 +156,7 @@ class DocumentArchiving extends KTEntity { global $default; $aDocumentArchivingArray = array(); $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->document_archiving_table " . (isset($sWhereClause) ? " WHERE " . $sWhereClause : "")); + $result = $sql->query("SELECT * FROM $default->document_archiving_table " . (isset($sWhereClause) ? " WHERE " . $sWhereClause : ""));/*wc*/ if ($result) { $iCount = 0; while ($sql->next_record()) { diff --git a/lib/archiving/TimePeriod.inc b/lib/archiving/TimePeriod.inc index c05bf00..f69a02e 100644 --- a/lib/archiving/TimePeriod.inc +++ b/lib/archiving/TimePeriod.inc @@ -135,7 +135,7 @@ class TimePeriod extends KTEntity { global $default; $aTimePeriodArray = array(); $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->time_period_table " . (isset($sWhereClause) ? " WHERE " . $sWhereClause : "")); + $result = $sql->query("SELECT * FROM $default->time_period_table " . (isset($sWhereClause) ? " WHERE " . $sWhereClause : ""));/*wc*/ if ($result) { $iCount = 0; while ($sql->next_record()) { diff --git a/lib/archiving/TimeUnit.inc b/lib/archiving/TimeUnit.inc index 0896d0d..e059fcd 100644 --- a/lib/archiving/TimeUnit.inc +++ b/lib/archiving/TimeUnit.inc @@ -112,7 +112,7 @@ class TimeUnit extends KTEntity { global $default; $aTimeUnitArray = array(); $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->time_unit_lookup_table " . (isset($sWhereClause) ? " WHERE " . $sWhereClause : "")); + $result = $sql->query("SELECT * FROM $default->time_unit_lookup_table " . (isset($sWhereClause) ? " WHERE " . $sWhereClause : ""));/*wc*/ if ($result) { $iCount = 0; while ($sql->next_record()) { diff --git a/lib/authentication/DBAuthenticator.inc b/lib/authentication/DBAuthenticator.inc index d76ef29..41789a5 100644 --- a/lib/authentication/DBAuthenticator.inc +++ b/lib/authentication/DBAuthenticator.inc @@ -62,14 +62,15 @@ class DBAuthenticator extends Authenticator { global $default; $sql = $default->db; - $sQuery = "SELECT "; + $sQuery = "SELECT ";/*ok*/ // build select for ($i=0; $iquery($sQuery)) { + if ($sql->query(array($sQuery, $aParams))) { $aUserResults = array(); while ($sql->next_record()) { for ($i=0; $idb; - $sQuery = "SELECT "; + $sQuery = "SELECT ";/*ok*/ // build select for ($i=0; $iquery($sQuery)) { $aUserResults = array(); diff --git a/lib/browse/DocumentTypeBrowser.inc b/lib/browse/DocumentTypeBrowser.inc index 87774f1..95d68da 100644 --- a/lib/browse/DocumentTypeBrowser.inc +++ b/lib/browse/DocumentTypeBrowser.inc @@ -79,7 +79,7 @@ class DocumentTypeBrowser extends Browser { $results["documentTypes"][] = array("id" => $iDocumentTypeID, "name" => $documentTypeName); // create query to retrieve documents with this document type - $documentQuery = "SELECT d.id as id FROM $default->documents_table d "; + $documentQuery = "SELECT d.id as id FROM $default->documents_table d ";/*wc*/ if ( isset($aLookupCriteria) ) { //$documentQuery .= "INNER JOIN " . $aLookupCriteria["table"] . " lt ON d.$this->sSortField=lt.id "; $documentQuery .= "INNER JOIN " . $aLookupCriteria["table"] . " lt ON "; diff --git a/lib/browse/FolderBrowser.inc b/lib/browse/FolderBrowser.inc index 0477cbf..48dcdf2 100644 --- a/lib/browse/FolderBrowser.inc +++ b/lib/browse/FolderBrowser.inc @@ -119,7 +119,7 @@ class FolderBrowser extends Browser { // if we're sorting by name or creator_id then sort folders in the appropriate direction $aParams = array(); - $sFolderQuery = "SELECT f.id FROM $default->folders_table AS f "; + $sFolderQuery = "SELECT f.id FROM $default->folders_table AS f ";/*ok*/ if (in_array($this->sSortField, array("name", "creator_id"))) { if (isset($aLookupCriteria)) { $sFolderQuery .= "INNER JOIN " . $aLookupCriteria["table"] . " lt ON f.$this->sSortField=lt.id WHERE parent_id = ?"; @@ -154,7 +154,7 @@ class FolderBrowser extends Browser { $default->log->debug("Going on to document checking"); // create query to retrieve documents in this folder - $documentQuery = "SELECT d.id as id FROM $default->documents_table AS d "; + $documentQuery = "SELECT d.id as id FROM $default->documents_table AS d ";/*wc*/ if (isset($aLookupCriteria)) { $documentQuery .= "INNER JOIN " . $aLookupCriteria["table"] . " lt ON "; $documentQuery .= "d.$this->sSortField" . "=lt." . (isset($aLookupCriteria["joinColumn"]) ? $aLookupCriteria["joinColumn"] : "id"); diff --git a/lib/dashboard/Dashboard.inc b/lib/dashboard/Dashboard.inc index fb88990..b3438bb 100644 --- a/lib/dashboard/Dashboard.inc +++ b/lib/dashboard/Dashboard.inc @@ -49,12 +49,13 @@ class Dashboard { */ function getPendingWebDocuments(){ global $default; - $sQuery = "SELECT wd.id FROM web_documents wd " . + $sQuery = "SELECT wd.id FROM web_documents wd " . /*ok*/ "INNER JOIN web_sites ws ON wd.web_site_id = ws.id " . - "WHERE ws.web_master_id=" . $this->iUserID . " AND wd.status_id=1"; + "WHERE ws.web_master_id = ? AND wd.status_id = 1"; + $aParams = array($this->iUserID); $aDocumentList = array(); $sql = $default->db; - if ($sql->query($sQuery)) { + if ($sql->query(array($sQuery, $aParams))) { while ($sql->next_record()) { $aDocumentList[] = & WebDocument::get($sql->f("id")); } @@ -77,7 +78,7 @@ class Dashboard { function getPendingCollaborationDocuments(){ global $default; - $sQuery = "SELECT document_id FROM $default->folders_user_roles_table WHERE active=1 AND user_id=" . $this->iUserID; + $sQuery = array("SELECT document_id FROM $default->folders_user_roles_table WHERE active=1 AND user_id = ?", $this->iUserID);/*ok*/ $aDocumentList = array(); $sql = $default->db; if ($sql->query($sQuery)) { @@ -120,7 +121,7 @@ class Dashboard { */ function getDependantDocuments() { global $default; - $sQuery = "SELECT id FROM $default->dependant_document_instance_table WHERE user_id = " . $this->iUserID; + $sQuery = array("SELECT id FROM $default->dependant_document_instance_table WHERE user_id = ?", $this->iUserID);/*ok*/ $aDocumentList = array(); $sql = $default->db; $sql->query($sQuery); @@ -129,4 +130,4 @@ class Dashboard { } return $aDocumentList; } -} \ No newline at end of file +} diff --git a/lib/dashboard/DashboardNews.inc b/lib/dashboard/DashboardNews.inc index 4a6e95c..a709227 100644 --- a/lib/dashboard/DashboardNews.inc +++ b/lib/dashboard/DashboardNews.inc @@ -322,7 +322,7 @@ class DashboardNews extends KTEntity { function & get($iNewsID) { global $default; $sql = $default->db; - $sql->query("SELECT * FROM $default->news_table WHERE id = $iNewsID"); + $sql->query(array("SELECT * FROM $default->news_table WHERE id = ?", $iNewsID));/*ok*/ if ($sql->next_record()) { $aImage = array( "image" => $sql->f("image"), "filesize" => $sql->f("image_size"), @@ -346,7 +346,7 @@ class DashboardNews extends KTEntity { global $default; $aDashboardNewsArray = array(); $sql = $default->db; - $result = $sql->query("SELECT * FROM " . $default->news_table . (isset($sWhereClause) ? " WHERE " . $sWhereClause : "") . " ORDER BY rank ASC"); + $result = $sql->query("SELECT * FROM " . $default->news_table . (isset($sWhereClause) ? " WHERE " . $sWhereClause : "") . " ORDER BY rank ASC");/*wc*/ if ($result) { $iCount = 0; while ($sql->next_record()) { diff --git a/lib/discussions/DiscussionComment.inc b/lib/discussions/DiscussionComment.inc index f5fbdf8..66224ae 100644 --- a/lib/discussions/DiscussionComment.inc +++ b/lib/discussions/DiscussionComment.inc @@ -155,7 +155,7 @@ class DiscussionComment extends KTEntity { function & get($iNewCommentID) { global $default; $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->discussion_comments_table WHERE id = $iNewCommentID"); + $result = $sql->query(array("SELECT * FROM $default->discussion_comments_table WHERE id = ?", $iNewCommentID));/*ok*/ if ($result) { if ($sql->next_record()) { $oDiscussionComment = & new DiscussionComment($sql->f("body"),$sql->f("subject"),$sql->f("user_id"),$sql->f("thread_id"),$sql->f("in_reply_to")); @@ -180,7 +180,7 @@ class DiscussionComment extends KTEntity { global $default; $aDiscussionComments = array(); $sql = $default->db; - $result = $sql->query("SELECT * FROM " . $default->discussion_comments_table . (isset($sWhereClause) ? " WHERE " . $sWhereClause : "")); + $result = $sql->query("SELECT * FROM " . $default->discussion_comments_table . (isset($sWhereClause) ? " WHERE " . $sWhereClause : ""));/*wc*/ if ($result) { while ($sql->next_record()) { $aDiscussionComments[] = & DiscussionComment::get($sql->f("id")); @@ -212,7 +212,7 @@ class DiscussionComment extends KTEntity { if ($this->iId > 0) { //check to see if group is linked to a unit $sql = $default->db; - $query = "SELECT * FROM ". $default->discussion_comments_table . " WHERE id = " . $this->iId ; + $query = array("SELECT * FROM ". $default->discussion_comments_table . " WHERE id = ?", $this->iId);/*ok*/ $sql->query($query); $rows = $sql->num_rows($sql); diff --git a/lib/discussions/DiscussionThread.inc b/lib/discussions/DiscussionThread.inc index 0226bce..50964d1 100644 --- a/lib/discussions/DiscussionThread.inc +++ b/lib/discussions/DiscussionThread.inc @@ -142,12 +142,16 @@ class DiscussionThread extends KTEntity{ global $default; $sql = $default->db; - $result = $sql->query("SELECT id FROM $default->discussion_threads_table WHERE document_id = $this->iDocumentID ORDER BY id"); + $aQuery = array("SELECT id FROM $default->discussion_threads_table WHERE document_id = ? ORDER BY id",/*ok*/ + $this->iDocumentID); + $result = $sql->query($aQuery); if ($result) { $sql->next_record(); $iThreadID = $sql->f("id"); - $result = $sql->query("SELECT id FROM $default->discussion_comments_table WHERE thread_id = $iThreadID ORDER BY date Desc"); + $aQuery = array("SELECT id FROM $default->discussion_comments_table WHERE thread_id = ? ORDER BY date DESC",/*ok*/ + $iThreadID); + $result = $sql->query($aQuery); if ($result) { while ($sql->next_record()) { @@ -178,7 +182,7 @@ class DiscussionThread extends KTEntity{ global $default; $aDiscussionThreads = array(); $sql = $default->db; - $result = $sql->query("SELECT * FROM " . $default->discussion_threads_table . (isset($sWhereClause) ? " WHERE " . $sWhereClause : "")); + $result = $sql->query("SELECT * FROM " . $default->discussion_threads_table . (isset($sWhereClause) ? " WHERE " . $sWhereClause : ""));/*wc*/ if ($result) { while ($sql->next_record()) { $aDiscussionThreads[] = & DiscussionThread::get($sql->f("id")); @@ -191,7 +195,7 @@ class DiscussionThread extends KTEntity{ function getThreadIDforDoc($iDocumentID){ global $default; $sql = $default->db; - $result = $sql->query("SELECT id FROM $default->discussion_threads_table WHERE document_id = $iDocumentID"); + $result = $sql->query(array("SELECT id FROM $default->discussion_threads_table WHERE document_id = ?", $iDocumentID));/*ok*/ if ($result) { if ($sql->next_record()) { if ($sql->f("id") > 0) { @@ -217,7 +221,7 @@ class DiscussionThread extends KTEntity{ function & get($iNewThreadID) { global $default; $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->discussion_threads_table WHERE id = $iNewThreadID"); + $result = $sql->query(array("SELECT * FROM $default->discussion_threads_table WHERE id = ?", $iNewThreadID));/*ok*/ if ($result) { if ($sql->next_record()) { @@ -262,7 +266,7 @@ class DiscussionThread extends KTEntity{ if ($this->iId > 0) { //check to see if group is linked to a unit $sql = $default->db; - $query = "SELECT * FROM ". $default->discussion_threads_table ." WHERE id = " . $this->iId ; + $query = array("SELECT * FROM ". $default->discussion_threads_table ." WHERE id = ?", $this->iId);/*ok*/ $sql->query($query); $rows = $sql->num_rows($sql); diff --git a/lib/documentmanagement/DependantDocumentInstance.inc b/lib/documentmanagement/DependantDocumentInstance.inc index 16d8300..da637ec 100644 --- a/lib/documentmanagement/DependantDocumentInstance.inc +++ b/lib/documentmanagement/DependantDocumentInstance.inc @@ -141,7 +141,7 @@ class DependantDocumentInstance extends KTEntity { function & get($iDependantDocumentID) { global $default; $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->dependant_document_instance_table WHERE id = $iDependantDocumentID"); + $result = $sql->query(array("SELECT * FROM $default->dependant_document_instance_table WHERE id = ?", $iDependantDocumentID));/*ok*/ if ($result) { if ($sql->next_record()) { $oDependantDocument = & new DependantDocumentInstance($sql->f("document_title"), $sql->f("user_id"), $sql->f("template_document_id"), $sql->f("parent_document_id")); diff --git a/lib/documentmanagement/DependantDocumentTemplate.inc b/lib/documentmanagement/DependantDocumentTemplate.inc index 60fa5fb..29791e9 100644 --- a/lib/documentmanagement/DependantDocumentTemplate.inc +++ b/lib/documentmanagement/DependantDocumentTemplate.inc @@ -149,7 +149,7 @@ class DependantDocumentTemplate extends KTEntity { function & get($iDependantDocumentID) { global $default; $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->dependant_document_template_table WHERE id = $iDependantDocumentID"); + $result = $sql->query(array("SELECT * FROM $default->dependant_document_template_table WHERE id = ?", $iDependantDocumentID));/*ok*/ if ($result) { if ($sql->next_record()) { $DependantDocumentTemplate = & new DependantDocumentTemplate($sql->f("document_title"), $sql->f("default_user_id"), $sql->f("group_folder_approval_link_id"), $sql->f("template_document_id")); @@ -177,7 +177,7 @@ class DependantDocumentTemplate extends KTEntity { $aDependantDocumentTemplateArray = array(); $sql = $default->db; // TODO: join on sys_deleted - $result = $sql->query("SELECT * FROM " . $default->dependant_document_template_table . (isset($sWhereClause) ? " WHERE " . $sWhereClause : "")); + $result = $sql->query("SELECT * FROM " . $default->dependant_document_template_table . (isset($sWhereClause) ? " WHERE " . $sWhereClause : ""));/*wc*/ if ($result) { $iCount = 0; while ($sql->next_record()) { diff --git a/lib/documentmanagement/Document.inc b/lib/documentmanagement/Document.inc index 2d1a408..95a70e5 100644 --- a/lib/documentmanagement/Document.inc +++ b/lib/documentmanagement/Document.inc @@ -286,7 +286,7 @@ class Document extends KTEntity { //if the folder is not the root folder if ($iFolderID != 0) { $sql = $default->db; - $sql->query("SELECT parent_id FROM $default->folders_table WHERE ID = " . quote($iFolderID)); + $sql->query(array("SELECT parent_id FROM $default->folders_table WHERE ID = ?", $iFolderID));/*ok*/ $sql->next_record(); return $this->generateParentFolderIDS($sql->f("parent_id")) . ",$iFolderID"; } @@ -314,7 +314,7 @@ class Document extends KTEntity { //if the folder is not the root folder if ($iFolderID != 0) { $sql = $default->db; - $sql->query("SELECT name, parent_id FROM $default->folders_table WHERE ID = " . quote($iFolderID)); + $sql->query(array("SELECT name, parent_id FROM $default->folders_table WHERE ID = ?", $iFolderID));/*ok*/ $sql->next_record(); return $this->generateFullFolderPath($sql->f("parent_id")) . "/" . $sql->f("name"); } @@ -382,12 +382,12 @@ class Document extends KTEntity { $sql = $default->db; // group permissions - $sGroupPerms = "INSERT INTO $default->search_permissions_table (user_id, document_id) " . - "SELECT UGL.user_id AS user_id, D.id AS document_id " . + $sGroupPerms = array("INSERT INTO $default->search_permissions_table (user_id, document_id) " . + "SELECT UGL.user_id AS user_id, D.id AS document_id " ./*ok*/ "FROM $default->documents_table AS D INNER JOIN folders AS F ON D.folder_id = F.id " . "INNER JOIN $default->groups_folders_table AS GFL ON GFL.folder_id = F.id " . "INNER JOIN $default->users_groups_table AS UGL ON UGL.group_id = GFL.group_id " . - "WHERE D.id=" . quote($this->iId); + "WHERE D.id = ?", $this->iId); $default->log->debug("addDocument groupPerms=$sGroupPerms"); if ($sql->query($sGroupPerms)) { $default->log->debug("groupPerms succeeded"); @@ -395,10 +395,10 @@ class Document extends KTEntity { $default->log->error("groupPerms failed"); } // role permissions - $sRolePerms = "INSERT INTO $default->search_permissions_table (user_id, document_id) " . - "SELECT user_id, document_id " . + $sRolePerms = array("INSERT INTO $default->search_permissions_table (user_id, document_id) " . + "SELECT user_id, document_id " ./*ok*/ "FROM $default->folders_user_roles_table " . - "WHERE document_id=" . quote($this->iId); + "WHERE document_id = ?", $this->iId); $default->log->info("addDocument rolePerms=$sRolePerms"); if ($sql->query($sRolePerms)) { $default->log->debug("rolePerms succeeded"); @@ -407,11 +407,11 @@ class Document extends KTEntity { } // public folders - $sPublicFolderPerms = "INSERT INTO $default->search_permissions_table (user_id, document_id) " . - "SELECT U.id, D.id " . + $sPublicFolderPerms = array("INSERT INTO $default->search_permissions_table (user_id, document_id) " . + "SELECT U.id, D.id " . /*ok*/ "FROM $default->users_table AS U, $default->documents_table AS D INNER JOIN $default->folders_table AS F ON D.folder_id = F.id " . "WHERE F.is_public = 1 " . - "AND D.id=" . quote($this->iId); + "AND D.id = ?", $this->iId); $default->log->debug("addDocument publicFolder=$sPublicFolderPerms"); if ($sql->query($sPublicFolderPerms)) { $default->log->debug("publicFolder succeeded"); @@ -420,10 +420,10 @@ class Document extends KTEntity { } // creator permissions - $sCreatorPerms = "INSERT INTO $default->search_permissions_table (user_id, document_id) " . - "SELECT creator_id, id " . + $sCreatorPerms = array("INSERT INTO $default->search_permissions_table (user_id, document_id) " . + "SELECT creator_id, id " ./*ok*/ "FROM $default->documents_table " . - "WHERE id=" . quote($this->iId); + "WHERE id = ?", $this->iId); $default->log->debug("addDocument creatorPerms=$sCreatorPerms"); if ($sql->query($sCreatorPerms)) { $default->log->debug("creatorPerms succeeded"); @@ -439,11 +439,11 @@ class Document extends KTEntity { function beginCollaborationProcess() { global $default; //get the steps in this document's collaboration process - $sQuery = "SELECT FURL.id, GFAL.precedence " . + $sQuery = array("SELECT FURL.id, GFAL.precedence " ./*ok*/ "FROM $default->folders_user_roles_table AS FURL " . "INNER JOIN $default->groups_folders_approval_table AS GFAL ON FURL.group_folder_approval_id = GFAL.id " . - "WHERE document_id = " . quote($this->iId) . " " . - "ORDER BY GFAL.precedence ASC"; + "WHERE document_id = ? " . + "ORDER BY GFAL.precedence ASC", $this->iId); $sql = $default->db; $sql->query($sQuery); if ($sql->next_record()) { @@ -498,12 +498,12 @@ class Document extends KTEntity { //get the current step //if the user is assinged to two or more roles, make sure we get the current //one by ordering by precedence - $sql->query("SELECT FURL.id AS id, GFAT.precedence " . + $sql->query(array("SELECT FURL.id AS id, GFAT.precedence " ./*ok*/ "FROM $default->groups_folders_approval_table AS GFAT " . "INNER JOIN $default->folders_user_roles_table AS FURL ON GFAT.id = FURL.group_folder_approval_id " . - "WHERE document_id = $this->iId AND FURL.user_id = " . quote($_SESSION["userID"]) . " " . + "WHERE document_id = ? AND FURL.user_id = ? " . "AND done = 0 " . - "ORDER BY precedence ASC"); + "ORDER BY precedence ASC", array($this->iId, $_SESSION["userID"]))); if ($sql->next_record()) { //set it as done $oFolderUserRole = FolderUserRole::get($sql->f("id")); @@ -527,7 +527,7 @@ class Document extends KTEntity { global $default, $lang_err_doc_not_exist; if (strlen($iDocumentID) > 0) { $sql = $default->db; - $sql->query("SELECT * FROM $default->documents_table WHERE id = " . quote($iDocumentID)); + $sql->query(array("SELECT * FROM $default->documents_table WHERE id = ?", $iDocumentID));/*ok*/ if ($sql->next_record()) { $oDocument = & new Document($sql->f("name"), $sql->f("filename"), $sql->f("size"), $sql->f("creator_id"), $sql->f("mime_id"), $sql->f("folder_id"), $sql->f("description")); $oDocument->setDocumentTypeID($sql->f("document_type_id")); @@ -562,7 +562,7 @@ class Document extends KTEntity { $aDocumentArray; settype($aDocumentArray, "array"); $sql = $default->db; - $result = $sql->query("SELECT * FROM " . $default->documents_table . + $result = $sql->query("SELECT * FROM " . $default->documents_table . /*wc*/ (isset($sWhereClause) ? " WHERE " . $sWhereClause : "")); if ($result) { $iCount = 0; @@ -589,11 +589,11 @@ class Document extends KTEntity { $aDocumentFieldArray; settype($aDocumentFieldArray,"array"); $sql = $default->db; - $result = $sql->query("SELECT DF.id AS id, DF.name AS name, DF.data_type AS data_type " . + $result = $sql->query(array("SELECT DF.id AS id, DF.name AS name, DF.data_type AS data_type " ./*ok*/ "FROM $default->document_fields_table AS DF " . "INNER JOIN $default->document_type_fields_table AS DTFL ON DF.id = DTFL.field_id " . - "WHERE DTFL.document_type_id = " . quote($iDocumentTypeID) . ($bMandatoryOnly ? "AND DFTL.is_mandatory = 1 " : " ") . - "ORDER BY DF.name ASC"); + "WHERE DTFL.document_type_id = ? " . ($bMandatoryOnly ? "AND DFTL.is_mandatory = 1 " : " ") . + "ORDER BY DF.name ASC", $iDocumentTypeID)); if ($result) { $iCount = 0; while ($sql->next_record()) { @@ -619,9 +619,9 @@ class Document extends KTEntity { global $default, $lang_err_database; $aDocumentHistory = array(); $sql = $default->db; - $result = $sql->query("SELECT * FROM " . $default->document_transactions_table . " " . - "WHERE document_id = " . quote($this->iId) . " " . - "ORDER BY datetime DESC"); + $result = $sql->query(array("SELECT * FROM " . $default->document_transactions_table . " " ./*ok*/ + "WHERE document_id = ? " . + "ORDER BY datetime DESC", $this->iId)); if ($result) { $iCount = 0; while($sql->next_record()) { @@ -695,10 +695,11 @@ class Document extends KTEntity { function documentExists($sFileName, $iFolderID) { global $default; $sql = $default->db; - $sQuery = "SELECT * FROM $default->documents_table " . - "WHERE filename = " . quote($sFileName) . - " AND folder_id = " . quote($iFolderID) . - " AND status_id = " . LIVE; + $sQuery = "SELECT * FROM $default->documents_table " ./*ok*/ + "WHERE filename = ? " . + " AND folder_id = ?" . + " AND status_id = ?"; + $aParams = array($sFileName, $iFolderID, LIVE); $sql->query($sQuery); if ($sql->next_record()) { return true; @@ -716,8 +717,8 @@ class Document extends KTEntity { global $default, $lang_err_database, $lang_err_doc_not_exist; $sql = $default->db; - if ($sql->query("SELECT name FROM $default->documents_table " . - "WHERE id = " . quote($iDocumentID))) { + if ($sql->query(array("SELECT name FROM $default->documents_table " ./*ok*/ + "WHERE id = ?", $iDocumentID))) { if ($sql->next_record()) { return $sql->f("name"); } @@ -746,11 +747,11 @@ class Document extends KTEntity { function documentIsAssignedDocTypeInFolder($iFolderID, $iFolderDocTypeID) { global $default; $sql = $default->db; - $sql->query("SELECT * " . + $sql->query(array("SELECT * " . /*ok*/ "FROM $default->folder_doctypes_table AS FDL " . "INNER JOIN $default->documents_table AS D ON D.document_type_id = FDL.document_type_id " . - "WHERE FDL.id = " . quote($iFolderDocTypeID) . " " . - "AND D.folder_id = " . quote($iFolderID)); + "WHERE FDL.id = ? " . + "AND D.folder_id = ?", array($iFolderDocTypeID, $iFolderID))); if ($sql->next_record()) { return true; } @@ -763,10 +764,10 @@ class Document extends KTEntity { */ function removeInvalidDocumentTypeEntries() { global $default; - $sQuery = "SELECT field_id FROM $default->document_type_fields_table DTFL " . + $sQuery = array("SELECT field_id FROM $default->document_type_fields_table DTFL " . /*ok*/ "INNER JOIN $default->document_fields_table AS DF ON DF.id = DTFL.field_id " . - "WHERE DTFL.document_type_id = " . quote($this->iDocumentTypeID) . " " . - "AND DF.is_generic = 0"; + "WHERE DTFL.document_type_id = ? " . + "AND DF.is_generic = 0", $this->iDocumentTypeID); $sql = $default->db; $sql->query($sQuery); $aFieldIDs = array(); @@ -798,7 +799,7 @@ class Document extends KTEntity { function hasCollaboration() { global $default; $sql = $default->db; - $sql->query("SELECT id AS count from $default->groups_folders_approval_table WHERE folder_id = $this->iFolderID"); + $sql->query(array("SELECT id AS count from $default->groups_folders_approval_table WHERE folder_id = ?", $this->iFolderID));/*ok*/ if ($sql->next_record()) { return true; } diff --git a/lib/documentmanagement/DocumentCollaboration.inc b/lib/documentmanagement/DocumentCollaboration.inc index 9ddf4eb..05177a2 100644 --- a/lib/documentmanagement/DocumentCollaboration.inc +++ b/lib/documentmanagement/DocumentCollaboration.inc @@ -34,7 +34,9 @@ class DocumentCollaboration { function documentCollaborationStarted($iDocumentID) { global $default; $sql = $default->db; - $sql->query("SELECT id FROM $default->folders_user_roles_table WHERE document_id = $iDocumentID AND (active = 1 OR done = 1)"); + $sQuery = "SELECT id FROM $default->folders_user_roles_table WHERE document_id = ? AND (active = 1 OR done = 1)";/*ok*/ + $aParams = array($iDocumentID); + $sql->query(array($sQuery, $aParams)); if ($sql->next_record()) { return true; } @@ -44,7 +46,9 @@ class DocumentCollaboration { function documentCollaborationDone($iDocumentID) { global $default; $sql = $default->db; - $sql->query("SELECT id FROM $default->folders_user_roles_table WHERE document_id = $iDocumentID AND done = 0"); + $sQuery = "SELECT id FROM $default->folders_user_roles_table WHERE document_id = ? AND done = 0";/*ok*/ + $aParams = array($iDocumentID); + $sql->query(array($sQuery, $aParams)); if ($sql->num_rows() > 0) { return false; } else { @@ -60,7 +64,9 @@ class DocumentCollaboration { function userIsPerformingCurrentCollaborationStep($iDocumentID) { global $default; $sql = $default->db; - $sql->query("SELECT id FROM $default->folders_user_roles_table WHERE document_id = $iDocumentID AND active = 1 AND user_id = " . $_SESSION["userID"]); + $sQuery = "SELECT id FROM $default->folders_user_roles_table WHERE document_id = ? AND active = 1 AND user_id = ?";/*ok*/ + $aParams = array($iDocumentID, $_SESSION["userID"]); + $sql->query(array($sQuery, $aParams)); if ($sql->next_record()) { return true; } @@ -98,7 +104,7 @@ class DocumentCollaboration { function isLastStepInCollaborationProcess($iDocumentID) { global $default; $sql = $default->db; - $sQuery = "SELECT id FROM $default->folders_user_roles_table WHERE document_id = $iDocumentID AND done = 0"; + $sQuery = "SELECT id FROM $default->folders_user_roles_table WHERE document_id = $iDocumentID AND done = 0";/*ok*/ $sql->query($sQuery); $default->log->info("lastCollabStep:$sQuery"); if ($sql->num_rows() > 1) { @@ -116,11 +122,12 @@ class DocumentCollaboration { global $default; $sql = $default->db; // returns all users, the sequence of their collaboration and the time of completion - $sQuery = "SELECT FURL.user_id, FURL.datetime, GFAL.precedence FROM $default->folders_user_roles_table FURL " . + $sQuery = "SELECT FURL.user_id, FURL.datetime, GFAL.precedence FROM $default->folders_user_roles_table FURL " ./*ok*/ "INNER JOIN $default->groups_folders_approval_table GFAL ON FURL.group_folder_approval_id = GFAL.id " . - "WHERE FURL.document_id = $iDocumentID " . + "WHERE FURL.document_id = ? " . "ORDER BY GFAL.precedence"; - $sql->query($sQuery); + $aParams = array($iDocumentID); + $sql->query(array($sQuery, $aParams)); $iPrecedence = -1; $iDateTime = 0; $iUserID = -1; @@ -148,11 +155,13 @@ class DocumentCollaboration { //get the current step //if the user is assigned to two or more roles, make sure we get the current //one by ordering by precedence - $sql->query("SELECT FURL.id AS id, GFAT.precedence " . + $sQuery = "SELECT FURL.id AS id, GFAT.precedence " ./*ok*/ "FROM $default->groups_folders_approval_table AS GFAT " . "INNER JOIN $default->folders_user_roles_table AS FURL ON GFAT.id = FURL.group_folder_approval_id " . - "WHERE document_id = $iDocumentID AND FURL.user_id = " . $_SESSION["userID"] . " AND done=0 " . - "ORDER BY precedence ASC"); + "WHERE document_id = ? AND FURL.user_id = ? AND done=0 " . + "ORDER BY precedence ASC"; + $aParams = array($iDocumentID, $_SESSION["userID"]); + $sql->query(array($sQuery, $aParams)); if ($sql->next_record()) { //set it as done $oFolderUserRole = FolderUserRole::get($sql->f("id")); @@ -162,18 +171,22 @@ class DocumentCollaboration { $oFolderUserRole->update(); //get it's sequence number $iCurrentSequenceNumber = $sql->f("precedence"); - $sql->query("SELECT MIN(precedence) AS precedence " . + $sQuery = "SELECT MIN(precedence) AS precedence " . /*ok*/ "FROM $default->groups_folders_approval_table AS GFAT " . "INNER JOIN $default->folders_user_roles_table AS FURL ON GFAT.id = FURL.group_folder_approval_id " . - "WHERE document_id = $iDocumentID AND done = 0"); + "WHERE document_id = ? AND done = 0"; + $aParams = array($iDocumentID); + $sql->query(array($sQuery, $aParams)); if ($sql->next_record()) { if ($sql->f("precedence") != $iCurrentSequenceNumber) { //if there are no concurrent steps outstanding $iNextSequenceNumber = $sql->f("precedence"); - $sql->query("SELECT FURL.id " . + $sQuery = "SELECT FURL.id " ./*ok*/ "FROM $default->groups_folders_approval_table AS GFAT " . "INNER JOIN $default->folders_user_roles_table AS FURL ON GFAT.id = FURL.group_folder_approval_id " . - "WHERE document_id = $iDocumentID AND precedence = $iNextSequenceNumber"); + "WHERE document_id = ? AND precedence = ?"; + $aParams = array($iDocumentID, $iNextSequenceNumber); + $sql->query(array($sQuery, $aParams)); while ($sql->next_record()) { $oFolderUserRole = FolderUserRole::get($sql->f("id")); $oFolderUserRole->setActive(true); @@ -212,9 +225,10 @@ class DocumentCollaboration { global $default; //only create the documents if they haven't been created if ($oFolderUserRole->getDependantDocumentsCreated() == false) { - $sQuery = "SELECT * FROM $default->dependant_document_template_table WHERE group_folder_approval_link_id = " . $oFolderUserRole->getGroupFolderApprovalID(); + $sQuery = "SELECT * FROM $default->dependant_document_template_table WHERE group_folder_approval_link_id = ?";/*ok*/ + $aParams = array($oFolderUserRole->getGroupFolderApprovalID()); $sql = $default->db; - $sql->query($sQuery); + $sql->query(array($sQuery, $aParams)); while ($sql->next_record()) { $oDependantDocumentInstance = & new DependantDocumentInstance($sql->f("document_title"), $sql->f("default_user_id"), $sql->f("template_document_id"), $oFolderUserRole->getDocumentID()); if ($oDependantDocumentInstance->create()) { @@ -255,16 +269,17 @@ class DocumentCollaboration { function rollbackCollaborationStep($iDocumentID, $sComment = "") { global $default; //get the current sequence number - $sQuery = "SELECT GFAT.precedence, GFAT.folder_id, FURL.id AS furl_id, FURL.document_id AS document_id " . + $sQuery = "SELECT GFAT.precedence, GFAT.folder_id, FURL.id AS furl_id, FURL.document_id AS document_id " . /*ok*/ "FROM $default->folders_user_roles_table AS FURL " . "INNER JOIN $default->groups_folders_approval_table AS GFAT ON FURL.group_folder_approval_id = GFAT.id " . - "WHERE FURL.document_id = $iDocumentID " . - "AND FURL.user_id = " . $_SESSION["userID"] . " " . + "WHERE FURL.document_id = ? " . + "AND FURL.user_id = ? " . "AND FURL.active = 1 " . "ORDER BY GFAT.precedence ASC"; + $aParams = array($iDocumentID, $_SESSION["userID"]); $sql = $default->db; - $sql->query($sQuery); + $sql->query(array($sQuery, $aParams)); if ($sql->next_record()) { $iCurrentSequenceNumber = $sql->f("precedence"); $iFolderID = $sql->f("folder_id"); @@ -275,11 +290,12 @@ class DocumentCollaboration { //if there are concurrent collaboration steps and one is rejected, then all //must be rolled back, whether they were accepted or not - $sQuery = "SELECT FURL.id, FURL.user_id " . + $sQuery = "SELECT FURL.id, FURL.user_id " ./*ok*/ "FROM $default->folders_user_roles_table AS FURL " . "INNER JOIN $default->groups_folders_approval_table AS GFAT ON FURL.group_folder_approval_id = GFAT.id " . - "WHERE FURL.document_id = $iDocumentID AND GFAT.precedence = $iCurrentSequenceNumber"; - $sql->query($sQuery); + "WHERE FURL.document_id = ? AND GFAT.precedence = ?"; + $aParams = array($iDocumentID, $iCurrentSequenceNumber); + $sql->query(array($sQuery, $aParams)); while ($sql->next_record()) { //roll back each user's step and then email them to inform them @@ -311,11 +327,12 @@ class DocumentCollaboration { } //get the previous sequence number - $sQuery = "SELECT COALESCE(MAX(precedence), -1) AS precedence " . + $sQuery = "SELECT COALESCE(MAX(precedence), -1) AS precedence " ./*ok*/ "FROM $default->groups_folders_approval_table AS GFAT " . - "WHERE precedence < $iCurrentSequenceNumber"; - "AND folder_id = $iFolderID"; - $sql->query($sQuery); + "WHERE precedence < ?"; + "AND folder_id = ?"; + $aParams = array($iCurrentSequenceNumber, $iFolderID); + $sql->query(array($sQuery, $aParams)); //there will always be a result in the result set $sql->next_record(); if ($sql->f("precedence") == -1) { @@ -336,12 +353,13 @@ class DocumentCollaboration { } } else { //there are steps prior to this step - $sQuery = "SELECT FURL.id AS furl_id " . + $sQuery = "SELECT FURL.id AS furl_id " . /*ok*/ "FROM $default->folders_user_roles_table AS FURL INNER JOIN $default->groups_folders_approval_table AS GFAT ON FURL.group_folder_approval_id = GFAT.id " . - "WHERE FURL.document_id = $iDocumentID " . - "AND GFAT.precedence = " . $sql->f("precedence"); + "WHERE FURL.document_id = ? " . + "AND GFAT.precedence = ?"; + $aParams = array($iDocumentID, $sql->f("precedence")); - $sql->query($sQuery); + $sql->query(array($sQuery, $aParams)); while ($sql->next_record()) { //reset all the previous steps and email the users //to tell them to re-reperform their steps @@ -379,9 +397,10 @@ class DocumentCollaboration { */ function documentIsPendingWebPublishing($iDocumentID) { global $default; - $sQuery = "SELECT id FROM $default->web_documents_table WHERE document_id = $iDocumentID AND status_id = 1"; + $sQuery = "SELECT id FROM $default->web_documents_table WHERE document_id = ? AND status_id = 1";/*ok*/ + $aParams = array($iDocumentID); $sql = $default->db; - $sql->query($sQuery); + $sql->query(array($sQuery, $aParams)); if ($sql->next_record()) { return true;; } @@ -393,9 +412,10 @@ class DocumentCollaboration { */ function documentIsPublished($iDocumentID) { global $default; - $sQuery = "SELECT id FROM $default->web_documents_table WHERE document_id = $iDocumentID AND status_id = 2"; + $sQuery = "SELECT id FROM $default->web_documents_table WHERE document_id = ? AND status_id = 2";/*ok*/ + $aParams = array($iDocumentID); $sql = $default->db; - $sql->query($sQuery); + $sql->query(array($sQuery, $aParams)); if ($sql->next_record()) { return true;; } @@ -410,13 +430,13 @@ class DocumentCollaboration { */ function notifyWebMaster($iDocumentID, $sComment) { global $default; - $sQuery = "SELECT WS.web_master_id, WS.web_site_name, WS.web_site_url " . + $sQuery = "SELECT WS.web_master_id, WS.web_site_name, WS.web_site_url " ./*ok*/ "FROM $default->web_sites_table AS WS " . "INNER JOIN $default->web_documents_table AS WD ON WS.id = WD.web_site_id " . - "WHERE WD.document_id = $iDocumentID"; - + "WHERE WD.document_id = ?"; + $aParams = array($iDocumentID); $sql = $default->db; - $sql->query($sQuery); + $sql->query(array($sQuery, $aParams)); if ($sql->next_record()) { $oUser = User::get($sql->f("web_master_id")); if (!($oUser === false)) { diff --git a/lib/subscriptions/SubscriptionManager.inc b/lib/subscriptions/SubscriptionManager.inc index 67d1ee5..9b8f09b 100644 --- a/lib/subscriptions/SubscriptionManager.inc +++ b/lib/subscriptions/SubscriptionManager.inc @@ -88,8 +88,8 @@ class SubscriptionManager { global $default; $sql = $default->db; - if ($sql->query("SELECT id FROM " . Subscription::getTableName($iSubscriptionType) . " " . - "WHERE " . Subscription::getIdFieldName($iSubscriptionType) . " = $iExternalID")) { + if ($sql->query(array("SELECT id FROM " . Subscription::getTableName($iSubscriptionType) . " " ./*ok*/ + "WHERE " . Subscription::getIdFieldName($iSubscriptionType) . " = ?", $iExternalID))) { $aSubscriptions = array(); while ($sql->next_record()) { $aSubscriptions[] = & Subscription::get($sql->f("id"), $iSubscriptionType); @@ -150,8 +150,8 @@ class SubscriptionManager { global $default; $sql = $default->db; - if ($sql->query("SELECT id FROM " . Subscription::getTableName($iSubscriptionType) . " " . - "WHERE user_id = $iUserID")) { + if ($sql->query(array("SELECT id FROM " . Subscription::getTableName($iSubscriptionType) . " " ./*ok*/ + "WHERE user_id = ?", $iUserID))) { $aSubscriptions = array(); while ($sql->next_record()) { $aSubscriptions[] = & Subscription::get($sql->f("id"), $iSubscriptionType); @@ -184,9 +184,9 @@ class SubscriptionManager { global $default; $sql = $default->db; - if ($sql->query("SELECT id FROM " . Subscription::getTableName($iSubscriptionType) . " " . - "WHERE user_id = $iUserID " . - "AND is_alerted = 1")) { + if ($sql->query(array("SELECT id FROM " . Subscription::getTableName($iSubscriptionType) . " " ./*ok*/ + "WHERE user_id = ? " . + "AND is_alerted = 1", $iUserID))) { $aSubscriptions = array(); while ($sql->next_record()) { $aSubscriptions[] = & Subscription::get($sql->f("id"), $iSubscriptionType); diff --git a/lib/unitmanagement/Unit.inc b/lib/unitmanagement/Unit.inc index 1c0c952..cd8ac8b 100644 --- a/lib/unitmanagement/Unit.inc +++ b/lib/unitmanagement/Unit.inc @@ -192,7 +192,7 @@ class Unit extends KTEntity { function & get($iUnitID) { global $default; $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->units_table WHERE id = $iUnitID"); + $result = $sql->query(array("SELECT * FROM $default->units_table WHERE id = ?", $iUnitID));/*ok*/ if ($result) { if ($sql->next_record()) { $oUnit = & new Unit($sql->f("name")); @@ -213,7 +213,7 @@ class Unit extends KTEntity { global $default; // check to see if group is linked to a unit $sql = $default->db; - $query = "SELECT unit_id FROM ". $default->groups_units_table ." WHERE unit_id = " . $this->iId; + $query = array("SELECT unit_id FROM ". $default->groups_units_table ." WHERE unit_id = ?", $this->iId);/*ok*/ $sql->query($query); if ($sql->num_rows($sql) > 0) { return true; @@ -262,7 +262,7 @@ class Unit extends KTEntity { $aUnitArray; settype($aUnitArray, "array"); $sql = $default->db; - $result = $sql->query("SELECT * FROM " . $default->units_table . (isset($sWhereClause) ? " " . $sWhereClause : "")); + $result = $sql->query("SELECT * FROM " . $default->units_table . (isset($sWhereClause) ? " " . $sWhereClause : ""));/*wc*/ if ($result) { $iCount = 0; while ($sql->next_record()) { diff --git a/lib/unitmanagement/UnitOrganisationLink.inc b/lib/unitmanagement/UnitOrganisationLink.inc index 0698520..434cce0 100644 --- a/lib/unitmanagement/UnitOrganisationLink.inc +++ b/lib/unitmanagement/UnitOrganisationLink.inc @@ -115,8 +115,9 @@ class UnitOrganisationLink extends KTEntity { if ($this->iId < 0) { $sql = $default->db; - $query = "SELECT unit_id FROM $default->units_organisations_table WHERE unit_id = $this->iUnitID AND organisation_id = $this->iOrgID"; - $sql->query($query); + $query = "SELECT unit_id FROM $default->units_organisations_table WHERE unit_id = ? AND organisation_id = ?";/*ok*/ + $params = array($this->iUnitID, $this->iOrgID); + $sql->query(array($query, $params)); $rows = $sql->num_rows($sql); if ($rows > 0) { @@ -138,7 +139,7 @@ class UnitOrganisationLink extends KTEntity { function & get($iUnitOrganisationLinkID) { global $default; $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->units_organisations_table WHERE id = $iUnitOrganisationLinkID"); + $result = $sql->query(array("SELECT * FROM $default->units_organisations_table WHERE id = ?", $iUnitOrganisationLinkID));/*ok*/ if ($result) { if ($sql->next_record()) { $oUnitOrganisationLink = & new UnitOrganisationLink($sql->f("unit_id"),$sql->f("organisation_id") ); @@ -164,7 +165,7 @@ class UnitOrganisationLink extends KTEntity { $aUnitOrganisationLink; settype($aUnitOrganisationLink, "array"); $sql = $default->db; - $result = $sql->query("SELECT * FROM " . $default->units_organisations_table . (isset($sWhereClause) ? " " . $sWhereClause : "")); + $result = $sql->query("SELECT * FROM " . $default->units_organisations_table . (isset($sWhereClause) ? " " . $sWhereClause : ""));/*wc*/ if ($result) { $iCount = 0; while ($sql->next_record()) { @@ -208,7 +209,7 @@ class UnitOrganisationLink extends KTEntity { function getByUnitID($unitId) { global $default; $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->units_organisations_table WHERE unit_id = $unitId"); + $result = $sql->query(array("SELECT * FROM $default->units_organisations_table WHERE unit_id = ?", $unitId));/*ok*/ if ($result) { if ($sql->next_record()) { $oUnitOrganisationLink = & UnitOrganisationLink::get($sql->f("id")); diff --git a/lib/users/User.inc b/lib/users/User.inc index 3440a13..907ebf1 100644 --- a/lib/users/User.inc +++ b/lib/users/User.inc @@ -353,7 +353,7 @@ class User extends KTEntity { function & get($iUserID) { global $default; $sql = $default->db; - $result = $sql->query("SELECT * FROM $default->users_table WHERE id = $iUserID"); + $result = $sql->query(array("SELECT * FROM $default->users_table WHERE id = ?", $iUserID));/*ok*/ if ($result) { if ($sql->next_record()) { $oUser = & new User($sql->f("username"), $sql->f("name"), $sql->f("password"), $sql->f("quota_max"), $sql->f("email"), $sql->f("mobile"), $sql->f("email_notification"), $sql->f("sms_notification"), $sql->f("ldap_dn"), $sql->f("max_sessions"), $sql->f("language_id")); @@ -380,7 +380,7 @@ class User extends KTEntity { $aUserArray; settype($aUserArray, "array"); $sql = $default->db; - $result = $sql->query("SELECT * FROM " . $default->users_table . (isset($sWhereClause) ? " " . $sWhereClause : "")); + $result = $sql->query("SELECT * FROM " . $default->users_table . (isset($sWhereClause) ? " " . $sWhereClause : ""));/*wc*/ if ($result) { $iCount = 0; while ($sql->next_record()) { @@ -406,9 +406,9 @@ class User extends KTEntity { global $default, $lang_err_database; $sql = $default->db; - $result = $sql->query("SELECT DISTINCT gul.unit_id FROM $default->users_groups_table ugl " . + /*ok*/$result = $sql->query(array("SELECT DISTINCT gul.unit_id FROM $default->users_groups_table ugl " . "INNER JOIN $default->groups_units_table gul ON ugl.group_id = gul.group_id ". - "WHERE ugl.user_id=$userID"); + "WHERE ugl.user_id = ?", $userID)); if ($result) { $aUnitIDs = array(); while ($sql->next_record()) { @@ -430,9 +430,9 @@ class User extends KTEntity { global $default, $lang_err_database; $sql = $default->db; - $result = $sql->query("SELECT DISTINCT gul.unit_id FROM $default->users_groups_table ugl " . + /*ok*/$result = $sql->query(array("SELECT DISTINCT gul.unit_id FROM $default->users_groups_table ugl " . "INNER JOIN $default->groups_units_table gul ON ugl.group_id = gul.group_id ". - "WHERE ugl.user_id=$userID"); + "WHERE ugl.user_id = ?", $userID)); if ($result) { if ($sql->next_record()) { return $sql->f("unit_id"); @@ -503,17 +503,17 @@ class User extends KTEntity { // then find the group that is unit_admin $sql = $default->db; $sEmail = ""; - if ($sql->query("SELECT group_id FROM $default->groups_units_table GUL " . + if ($sql->query(array("SELECT group_id FROM $default->groups_units_table GUL " . /*ok*/ "INNER JOIN $default->groups_table GL on GUL.group_id=GL.id " . "WHERE GL.is_unit_admin=1 " . - "AND unit_id=$iUnitID")) { + "AND unit_id = ?", $iUnitID))) { // get the first record if ($sql->next_record()) { $iGroupID = $sql->f("group_id"); // then find the first user in this group that has an email address - if ($sql->query("SELECT U.id, U.email FROM $default->users_table U " . + if ($sql->query(array("SELECT U.id, U.email FROM $default->users_table U " . /*ok*/ "INNER JOIN $default->users_groups_table UGL on UGL.user_id=U.id " . - "WHERE group_id=$iGroupID")) { + "WHERE group_id = ?", $iGroupID))) { while ($sql->next_record()) { if (strlen($sql->f("email")) > 0) { return User::get($sql->f("id")); diff --git a/lib/web/WebDocument.inc b/lib/web/WebDocument.inc index caf3fe8..7b7f55b 100644 --- a/lib/web/WebDocument.inc +++ b/lib/web/WebDocument.inc @@ -151,7 +151,7 @@ class WebDocument extends KTEntity { global $default, $lang_err_database; $aWebDocumentArray = array(); $sql = $default->db; - $sQuery = "SELECT * FROM " . $default->web_documents_table; + $sQuery = "SELECT * FROM " . $default->web_documents_table;/*wc*/ if (isset($sWhereClause)) { $sQuery .= " WHERE " . $sWhereClause; }