consistently use colon parameters

This commit is contained in:
Shish 2019-11-27 11:22:46 +00:00
parent 861def1aa3
commit 95ef5940fc
21 changed files with 258 additions and 316 deletions

View file

@ -144,8 +144,8 @@ class Artists extends Extension
}
$database->execute(
"UPDATE images SET author = ? WHERE id = ?",
[$artistName, $event->image->id]
"UPDATE images SET author = :author WHERE id = :id",
['author'=>$artistName, 'id'=>$event->image->id]
);
}
@ -414,21 +414,21 @@ class Artists extends Extension
private function get_artistName_by_imageID(int $imageID): string
{
global $database;
$result = $database->get_row("SELECT author FROM images WHERE id = ?", [$imageID]);
$result = $database->get_row("SELECT author FROM images WHERE id = :id", ['id'=>$imageID]);
return stripslashes($result['author']);
}
private function url_exists_by_url(string $url): bool
{
global $database;
$result = $database->get_one("SELECT COUNT(1) FROM artist_urls WHERE url = ?", [$url]);
$result = $database->get_one("SELECT COUNT(1) FROM artist_urls WHERE url = :url", ['url'=>$url]);
return ($result != 0);
}
private function member_exists_by_name(string $member): bool
{
global $database;
$result = $database->get_one("SELECT COUNT(1) FROM artist_members WHERE name = ?", [$member]);
$result = $database->get_one("SELECT COUNT(1) FROM artist_members WHERE name = :name", ['name'=>$member]);
return ($result != 0);
}
@ -436,7 +436,7 @@ class Artists extends Extension
{
global $database;
$result = $database->get_one("SELECT COUNT(1) FROM artist_alias WHERE alias = ?", [$alias]);
$result = $database->get_one("SELECT COUNT(1) FROM artist_alias WHERE alias = :alias", ['alias'=>$alias]);
return ($result != 0);
}
@ -444,8 +444,8 @@ class Artists extends Extension
{
global $database;
$result = $database->get_one(
"SELECT COUNT(1) FROM artist_alias WHERE artist_id = ? AND alias = ?",
[$artistID, $alias]
"SELECT COUNT(1) FROM artist_alias WHERE artist_id = :artist_id AND alias = :alias",
['artist_id'=>$artistID, 'alias'=>$alias]
);
return ($result != 0);
}
@ -453,61 +453,61 @@ class Artists extends Extension
private function get_artistID_by_url(string $url): int
{
global $database;
return $database->get_one("SELECT artist_id FROM artist_urls WHERE url = ?", [$url]);
return $database->get_one("SELECT artist_id FROM artist_urls WHERE url = :url", ['url'=>$url]);
}
private function get_artistID_by_memberName(string $member): int
{
global $database;
return $database->get_one("SELECT artist_id FROM artist_members WHERE name = ?", [$member]);
return $database->get_one("SELECT artist_id FROM artist_members WHERE name = :name", ['name'=>$member]);
}
private function get_artistName_by_artistID(int $artistID): string
{
global $database;
return $database->get_one("SELECT name FROM artists WHERE id = ?", [$artistID]);
return $database->get_one("SELECT name FROM artists WHERE id = :id", ['id'=>$artistID]);
}
private function get_artistID_by_aliasID(int $aliasID): int
{
global $database;
return $database->get_one("SELECT artist_id FROM artist_alias WHERE id = ?", [$aliasID]);
return $database->get_one("SELECT artist_id FROM artist_alias WHERE id = :id", ['id'=>$aliasID]);
}
private function get_artistID_by_memberID(int $memberID): int
{
global $database;
return $database->get_one("SELECT artist_id FROM artist_members WHERE id = ?", [$memberID]);
return $database->get_one("SELECT artist_id FROM artist_members WHERE id = :id", ['id'=>$memberID]);
}
private function get_artistID_by_urlID(int $urlID): int
{
global $database;
return $database->get_one("SELECT artist_id FROM artist_urls WHERE id = ?", [$urlID]);
return $database->get_one("SELECT artist_id FROM artist_urls WHERE id = :id", ['id'=>$urlID]);
}
private function delete_alias(int $aliasID)
{
global $database;
$database->execute("DELETE FROM artist_alias WHERE id = ?", [$aliasID]);
$database->execute("DELETE FROM artist_alias WHERE id = :id", ['id'=>$aliasID]);
}
private function delete_url(int $urlID)
{
global $database;
$database->execute("DELETE FROM artist_urls WHERE id = ?", [$urlID]);
$database->execute("DELETE FROM artist_urls WHERE id = :id", ['id'=>$urlID]);
}
private function delete_member(int $memberID)
{
global $database;
$database->execute("DELETE FROM artist_members WHERE id = ?", [$memberID]);
$database->execute("DELETE FROM artist_members WHERE id = :id", ['id'=>$memberID]);
}
private function get_alias_by_id(int $aliasID): array
{
global $database;
$result = $database->get_row("SELECT * FROM artist_alias WHERE id = ?", [$aliasID]);
$result = $database->get_row("SELECT * FROM artist_alias WHERE id = :id", ['id'=>$aliasID]);
$result["alias"] = stripslashes($result["alias"]);
return $result;
}
@ -515,7 +515,7 @@ class Artists extends Extension
private function get_url_by_id(int $urlID): array
{
global $database;
$result = $database->get_row("SELECT * FROM artist_urls WHERE id = ?", [$urlID]);
$result = $database->get_row("SELECT * FROM artist_urls WHERE id = :id", ['id'=>$urlID]);
$result["url"] = stripslashes($result["url"]);
return $result;
}
@ -523,7 +523,7 @@ class Artists extends Extension
private function get_member_by_id(int $memberID): array
{
global $database;
$result = $database->get_row("SELECT * FROM artist_members WHERE id = ?", [$memberID]);
$result = $database->get_row("SELECT * FROM artist_members WHERE id = :id", ['id'=>$memberID]);
$result["name"] = stripslashes($result["name"]);
return $result;
}
@ -559,8 +559,8 @@ class Artists extends Extension
global $database;
$database->execute(
"UPDATE artists SET name = ?, notes = ?, updated = now(), user_id = ? WHERE id = ? ",
[$name, $notes, $userID, $artistID]
"UPDATE artists SET name = :name, notes = :notes, updated = now(), user_id = :user_id WHERE id = :id",
['name'=>$name, 'notes'=>$notes, 'user_id'=>$userID, 'id'=>$artistID]
);
// ALIAS MATCHING SECTION
@ -640,8 +640,8 @@ class Artists extends Extension
{
global $database;
$database->execute(
"UPDATE artist_alias SET alias = ?, updated = now(), user_id = ? WHERE id = ? ",
[$alias, $userID, $aliasID]
"UPDATE artist_alias SET alias = :alias, updated = now(), user_id = :user_id WHERE id = :id",
['alias'=>$alias, 'user_id'=>$userID, 'id'=>$aliasID]
);
}
@ -659,8 +659,8 @@ class Artists extends Extension
{
global $database;
$database->execute(
"UPDATE artist_urls SET url = ?, updated = now(), user_id = ? WHERE id = ?",
[$url, $userID, $urlID]
"UPDATE artist_urls SET url = :url, updated = now(), user_id = :user_id WHERE id = :id",
['url'=>$url, 'user_id'=>$userID, 'id'=>$urlID]
);
}
@ -678,8 +678,8 @@ class Artists extends Extension
{
global $database;
$database->execute(
"UPDATE artist_members SET name = ?, updated = now(), user_id = ? WHERE id = ?",
[$memberName, $userID, $memberID]
"UPDATE artist_members SET name = :name, updated = now(), user_id = :user_id WHERE id = :id",
['name'=>$memberName, 'user_id'=>$userID, 'id'=>$memberID]
);
}
@ -754,8 +754,8 @@ class Artists extends Extension
global $database, $user;
$database->execute("
INSERT INTO artists (user_id, name, notes, created, updated)
VALUES (?, ?, ?, now(), now())
", [$user->id, $name, $notes]);
VALUES (:user_id, :name, :notes, now(), now())
", ['user_id'=>$user->id, 'name'=>$name, 'notes'=>$notes]);
return $database->get_last_insert_id('artists_id_seq');
}
@ -763,8 +763,8 @@ class Artists extends Extension
{
global $database;
$result = $database->get_one(
"SELECT COUNT(1) FROM artists WHERE name = ?",
[$name]
"SELECT COUNT(1) FROM artists WHERE name = :name",
['name'=>$name]
);
return ($result != 0);
}
@ -773,8 +773,8 @@ class Artists extends Extension
{
global $database;
$result = $database->get_row(
"SELECT * FROM artists WHERE id = ?",
[$artistID]
"SELECT * FROM artists WHERE id = :id",
['id'=>$artistID]
);
$result["name"] = stripslashes($result["name"]);
@ -787,8 +787,8 @@ class Artists extends Extension
{
global $database;
$result = $database->get_all(
"SELECT * FROM artist_members WHERE artist_id = ?",
[$artistID]
"SELECT * FROM artist_members WHERE artist_id = :artist_id",
['artist_id'=>$artistID]
);
$num = count($result);
@ -803,8 +803,8 @@ class Artists extends Extension
{
global $database;
$result = $database->get_all(
"SELECT id, url FROM artist_urls WHERE artist_id = ?",
[$artistID]
"SELECT id, url FROM artist_urls WHERE artist_id = :artist_id",
['artist_id'=>$artistID]
);
$num = count($result);
@ -819,8 +819,8 @@ class Artists extends Extension
{
global $database;
return (int)$database->get_one(
"SELECT id FROM artists WHERE name = ?",
[$name]
"SELECT id FROM artists WHERE name = :name",
['name'=>$name]
);
}
@ -829,8 +829,8 @@ class Artists extends Extension
global $database;
return (int)$database->get_one(
"SELECT artist_id FROM artist_alias WHERE alias = ?",
[$alias]
"SELECT artist_id FROM artist_alias WHERE alias = :alias",
['alias'=>$alias]
);
}
@ -838,8 +838,8 @@ class Artists extends Extension
{
global $database;
$database->execute(
"DELETE FROM artists WHERE id = ? ",
[$artistID]
"DELETE FROM artists WHERE id = :id",
['id'=>$artistID]
);
}
@ -899,12 +899,12 @@ class Artists extends Extension
ORDER BY m.updated DESC
)
ORDER BY updated DESC
LIMIT ?, ?
LIMIT :offset, :limit
",
[
$pageNumber * $artistsPerPage
, $artistsPerPage
]
"offset"=>$pageNumber * $artistsPerPage,
"limit"=>$artistsPerPage
]
);
$number_of_listings = count($listing);
@ -954,8 +954,8 @@ class Artists extends Extension
global $database;
$database->execute(
"INSERT INTO artist_urls (artist_id, created, updated, url, user_id) VALUES (?, now(), now(), ?, ?)",
[$artistID, $url, $userID]
"INSERT INTO artist_urls (artist_id, created, updated, url, user_id) VALUES (:artist_id, now(), now(), :url, :user_id)",
['artist'=>$artistID, 'url'=>$url, 'user_id'=>$userID]
);
}
@ -981,8 +981,8 @@ class Artists extends Extension
global $database;
$database->execute(
"INSERT INTO artist_alias (artist_id, created, updated, alias, user_id) VALUES (?, now(), now(), ?, ?)",
[$artistID, $alias, $userID]
"INSERT INTO artist_alias (artist_id, created, updated, alias, user_id) VALUES (:artist_id, now(), now(), :alias, :user_id)",
['artist_id'=>$artistID, 'alias'=>$alias, 'user_id'=>$userID]
);
}
@ -1008,8 +1008,8 @@ class Artists extends Extension
global $database;
$database->execute(
"INSERT INTO artist_members (artist_id, name, created, updated, user_id) VALUES (?, ?, now(), now(), ?)",
[$artistID, $member, $userID]
"INSERT INTO artist_members (artist_id, name, created, updated, user_id) VALUES (:artist_id, :name, now(), now(), :user_id)",
['artist'=>$artistID, 'name'=>$member, 'user_id'=>$userID]
);
}
@ -1018,8 +1018,8 @@ class Artists extends Extension
global $database;
$result = $database->get_one(
"SELECT COUNT(1) FROM artist_members WHERE artist_id = ? AND name = ?",
[$artistID, $member]
"SELECT COUNT(1) FROM artist_members WHERE artist_id = :artist_id AND name = :name",
['artist_id'=>$artistID, 'name'=>$member]
);
return ($result != 0);
}
@ -1029,8 +1029,8 @@ class Artists extends Extension
global $database;
$result = $database->get_one(
"SELECT COUNT(1) FROM artist_urls WHERE artist_id = ? AND url = ?",
[$artistID, $url]
"SELECT COUNT(1) FROM artist_urls WHERE artist_id = :artist_id AND url = :url",
['artist_id'=>$artistID, 'url'=>$url]
);
return ($result != 0);
}
@ -1045,9 +1045,9 @@ class Artists extends Extension
$result = $database->get_all("
SELECT id AS alias_id, alias AS alias_name
FROM artist_alias
WHERE artist_id = ?
WHERE artist_id = :artist_id
ORDER BY alias ASC
", [$artistID]);
", ['artist_id'=>$artistID]);
for ($i = 0 ; $i < count($result) ; $i++) {
$result[$i]["alias_name"] = stripslashes($result[$i]["alias_name"]);

View file

@ -60,8 +60,8 @@ class Blocks extends Extension
if ($user->check_auth_token()) {
$database->execute("
INSERT INTO blocks (pages, title, area, priority, content)
VALUES (?, ?, ?, ?, ?)
", [$_POST['pages'], $_POST['title'], $_POST['area'], (int)$_POST['priority'], $_POST['content']]);
VALUES (:pages, :title, :area, :priority, :content)
", ['pages'=>$_POST['pages'], 'title'=>$_POST['title'], 'area'=>$_POST['area'], 'priority'=>(int)$_POST['priority'], 'content'=>$_POST['content']]);
log_info("blocks", "Added Block #".($database->get_last_insert_id('blocks_id_seq'))." (".$_POST['title'].")");
$cache->delete("blocks");
$page->set_mode(PageMode::REDIRECT);
@ -73,14 +73,14 @@ class Blocks extends Extension
if (!empty($_POST['delete'])) {
$database->execute("
DELETE FROM blocks
WHERE id=?
", [$_POST['id']]);
WHERE id=:id
", ['id'=>$_POST['id']]);
log_info("blocks", "Deleted Block #".$_POST['id']);
} else {
$database->execute("
UPDATE blocks SET pages=?, title=?, area=?, priority=?, content=?
WHERE id=?
", [$_POST['pages'], $_POST['title'], $_POST['area'], (int)$_POST['priority'], $_POST['content'], $_POST['id']]);
UPDATE blocks SET pages=:pages, title=:title, area=:area, priority=:priority, content=:content
WHERE id=:id
", ['pages'=>$_POST['pages'], 'title'=>$_POST['title'], 'area'=>$_POST['area'], 'priority'=>(int)$_POST['priority'], 'content'=>$_POST['content'], 'id'=>$_POST['id']]);
log_info("blocks", "Updated Block #".$_POST['id']." (".$_POST['title'].")");
}
$cache->delete("blocks");

View file

@ -32,8 +32,8 @@ class Blotter extends Extension
");
// Insert sample data:
$database->execute(
"INSERT INTO blotter (entry_date, entry_text, important) VALUES (now(), ?, ?)",
["Installed the blotter extension!", "Y"]
"INSERT INTO blotter (entry_date, entry_text, important) VALUES (now(), :text, :important)",
["text"=>"Installed the blotter extension!", "important"=>"Y"]
);
log_info("blotter", "Installed tables for blotter extension.");
$config->set_int("blotter_version", 1);
@ -102,8 +102,8 @@ class Blotter extends Extension
}
// Now insert into db:
$database->execute(
"INSERT INTO blotter (entry_date, entry_text, important) VALUES (now(), ?, ?)",
[$entry_text, $important]
"INSERT INTO blotter (entry_date, entry_text, important) VALUES (now(), :text, :important)",
["text"=>$entry_text, "important"=>$important]
);
log_info("blotter", "Added Message: $entry_text");
$page->set_mode(PageMode::REDIRECT);

View file

@ -53,9 +53,9 @@ class BrowserSearch extends Extension
// Now to get DB results
if ($config->get_string("search_suggestions_results_order") == "a") {
$tags = $database->execute("SELECT tag FROM tags WHERE tag LIKE ? AND count > 0 ORDER BY tag ASC LIMIT 30", [$tag_search."%"]);
$tags = $database->execute("SELECT tag FROM tags WHERE tag LIKE :tag AND count > 0 ORDER BY tag ASC LIMIT 30", ['tag'=>$tag_search."%"]);
} else {
$tags = $database->execute("SELECT tag FROM tags WHERE tag LIKE ? AND count > 0 ORDER BY count DESC LIMIT 30", [$tag_search."%"]);
$tags = $database->execute("SELECT tag FROM tags WHERE tag LIKE :tag AND count > 0 ORDER BY count DESC LIMIT 30", ['tag'=>$tag_search."%"]);
}

View file

@ -74,8 +74,8 @@ class DanbooruApi extends Extension
$idlist = explode(",", $_GET['id']);
foreach ($idlist as $id) {
$sqlresult = $database->get_all(
"SELECT id,tag,count FROM tags WHERE id = ?",
[$id]
"SELECT id,tag,count FROM tags WHERE id = :id",
['id'=>$id]
);
foreach ($sqlresult as $row) {
$results[] = [$row['count'], $row['tag'], $row['id']];
@ -86,9 +86,9 @@ class DanbooruApi extends Extension
foreach ($namelist as $name) {
$sqlresult = $database->get_all(
$database->scoreql_to_sql(
"SELECT id,tag,count FROM tags WHERE SCORE_STRNORM(tag) = SCORE_STRNORM(?)"
"SELECT id,tag,count FROM tags WHERE SCORE_STRNORM(tag) = SCORE_STRNORM(:tag)"
),
[$name]
['tag'=>$name]
);
foreach ($sqlresult as $row) {
$results[] = [$row['count'], $row['tag'], $row['id']];
@ -102,8 +102,8 @@ class DanbooruApi extends Extension
} else {
$start = isset($_GET['after_id']) ? int_escape($_GET['offset']) : 0;
$sqlresult = $database->get_all(
"SELECT id,tag,count FROM tags WHERE count > 0 AND id >= ? ORDER BY id DESC",
[$start]
"SELECT id,tag,count FROM tags WHERE count > 0 AND id >= :id ORDER BY id DESC",
['id'=>$start]
);
foreach ($sqlresult as $row) {
$results[] = [$row['count'], $row['tag'], $row['id']];

View file

@ -69,8 +69,8 @@ class Forum extends Extension
{
global $database;
$threads_count = $database->get_one("SELECT COUNT(*) FROM forum_threads WHERE user_id=?", [$event->display_user->id]);
$posts_count = $database->get_one("SELECT COUNT(*) FROM forum_posts WHERE user_id=?", [$event->display_user->id]);
$threads_count = $database->get_one("SELECT COUNT(*) FROM forum_threads WHERE user_id=:user_id", ['user_id'=>$event->display_user->id]);
$posts_count = $database->get_one("SELECT COUNT(*) FROM forum_posts WHERE user_id=:user_id", ['user_id'=>$event->display_user->id]);
$days_old = ((time() - strtotime($event->display_user->join_date)) / 86400) + 1;
@ -183,7 +183,7 @@ class Forum extends Extension
private function get_total_pages_for_thread(int $threadID)
{
global $database, $config;
$result = $database->get_row("SELECT COUNT(1) AS count FROM forum_posts WHERE thread_id = ?", [$threadID]);
$result = $database->get_row("SELECT COUNT(1) AS count FROM forum_posts WHERE thread_id = :thread_id", ['thread_id'=>$threadID]);
return ceil($result["count"] / $config->get_int("forumPostsPerPage"));
}
@ -238,7 +238,7 @@ class Forum extends Extension
private function get_thread_title(int $threadID)
{
global $database;
$result = $database->get_row("SELECT t.title FROM forum_threads AS t WHERE t.id = ? ", [$threadID]);
$result = $database->get_row("SELECT t.title FROM forum_threads AS t WHERE t.id = :id ", ['id'=>$threadID]);
return $result["title"];
}
@ -283,7 +283,7 @@ class Forum extends Extension
global $config, $database;
$threadID = $event->get_arg(1);
$postsPerPage = $config->get_int('forumPostsPerPage', 15);
$totalPages = ceil($database->get_one("SELECT COUNT(*) FROM forum_posts WHERE thread_id = ?", [$threadID]) / $postsPerPage);
$totalPages = ceil($database->get_one("SELECT COUNT(*) FROM forum_posts WHERE thread_id = :id", ['id'=>$threadID]) / $postsPerPage);
$threadTitle = $this->get_thread_title($threadID);
if ($event->count_args() >= 3) {
@ -329,8 +329,8 @@ class Forum extends Extension
INSERT INTO forum_threads
(title, sticky, user_id, date, uptodate)
VALUES
(?, ?, ?, now(), now())",
[$title, $sticky, $user->id]
(:title, :sticky, :user_id, now(), now())",
['title'=>$title, 'sticky'=>$sticky, 'user_id'=>$user->id]
);
$threadID = $database->get_last_insert_id("forum_threads_id_seq");
@ -350,16 +350,16 @@ class Forum extends Extension
$message = substr($message, 0, $max_characters);
global $database;
$database->execute("INSERT INTO forum_posts
(thread_id, user_id, date, message)
VALUES
(?, ?, now(), ?)", [$threadID, $userID, $message]);
$database->execute("
INSERT INTO forum_posts (thread_id, user_id, date, message)
VALUES (:thread_id, :user_id, now(), :message)
", ['thread_id'=>$threadID, 'user_id'=>$userID, 'message'=>$message]);
$postID = $database->get_last_insert_id("forum_posts_id_seq");
log_info("forum", "Post {$postID} created by {$user->name}");
$database->execute("UPDATE forum_threads SET uptodate=now() WHERE id=?", [$threadID]);
$database->execute("UPDATE forum_threads SET uptodate=now() WHERE id=:id", ['id'=>$threadID]);
}
private function retrieve_posts(int $threadID, int $pageNumber)
@ -382,24 +382,20 @@ class Forum extends Extension
private function delete_thread(int $threadID)
{
global $database;
$database->execute("DELETE FROM forum_threads WHERE id = ?", [$threadID]);
$database->execute("DELETE FROM forum_posts WHERE thread_id = ?", [$threadID]);
$database->execute("DELETE FROM forum_threads WHERE id = :id", ['id'=>$threadID]);
$database->execute("DELETE FROM forum_posts WHERE thread_id = :thread_id", ['thread_id'=>$threadID]);
}
private function delete_post(int $postID)
{
global $database;
$database->execute("DELETE FROM forum_posts WHERE id = ?", [$postID]);
$database->execute("DELETE FROM forum_posts WHERE id = :id", ['id'=>$postID]);
}
private function threadExists(int $threadID)
{
global $database;
$result=$database->get_one("SELECT EXISTS (SELECT * FROM forum_threads WHERE id= ?)", [$threadID]);
if ($result==1) {
return true;
} else {
return false;
}
$result=$database->get_one("SELECT EXISTS (SELECT * FROM forum_threads WHERE id=:id)", ['id'=>$threadID]);
return $result == 1;
}
}

View file

@ -115,8 +115,8 @@ class ImageBan extends Extension
{
global $database;
$database->Execute(
"INSERT INTO image_bans (hash, reason, date) VALUES (?, ?, now())",
[$event->hash, $event->reason]
"INSERT INTO image_bans (hash, reason, date) VALUES (:hash, :reason, now())",
["hash"=>$event->hash, "reason"=>$event->reason]
);
log_info("image_hash_ban", "Banned hash {$event->hash} because '{$event->reason}'");
}
@ -124,7 +124,7 @@ class ImageBan extends Extension
public function onRemoveImageHashBan(RemoveImageHashBanEvent $event)
{
global $database;
$database->Execute("DELETE FROM image_bans WHERE hash = ?", [$event->hash]);
$database->Execute("DELETE FROM image_bans WHERE hash = :hash", ["hash"=>$event->hash]);
}
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
@ -147,12 +147,12 @@ class ImageBan extends Extension
$where = ["(1=1)"];
$args = [];
if (!empty($_GET['hash'])) {
$where[] = 'hash = ?';
$args[] = $_GET['hash'];
$where[] = 'hash = :hash';
$args['hash'] = $_GET['hash'];
}
if (!empty($_GET['reason'])) {
$where[] = 'reason SCORE_ILIKE ?';
$args[] = "%".$_GET['reason']."%";
$where[] = 'reason SCORE_ILIKE :reason';
$args['reason'] = "%".$_GET['reason']."%";
}
$where = implode(" AND ", $where);
$bans = $database->get_all($database->scoreql_to_sql("

View file

@ -81,15 +81,15 @@ class NotATag extends Extension
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : "DNP";
$database->Execute(
"INSERT INTO untags(tag, redirect) VALUES (?, ?)",
[$tag, $redirect]
"INSERT INTO untags(tag, redirect) VALUES (:tag, :redirect)",
["tag"=>$tag, "redirect"=>$redirect]
);
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect($_SERVER['HTTP_REFERER']);
} elseif ($event->get_arg(0) == "remove") {
if (isset($_POST['tag'])) {
$database->Execute($database->scoreql_to_sql("DELETE FROM untags WHERE SCORE_STRNORM(tag) = SCORE_STRNORM(?)"), [$_POST['tag']]);
$database->Execute($database->scoreql_to_sql("DELETE FROM untags WHERE SCORE_STRNORM(tag) = SCORE_STRNORM(:tag)"), ["tag"=>$_POST['tag']]);
flash_message("Image ban removed");
$page->set_mode(PageMode::REDIRECT);
@ -113,17 +113,15 @@ class NotATag extends Extension
global $database;
// FIXME: many
$size_i = int_escape($size);
$offset_i = int_escape($page-1)*$size_i;
$where = ["(1=1)"];
$args = [];
$args = ["limit"=>$size, "offset"=>($page-1)*$size];
if (!empty($_GET['tag'])) {
$where[] = 'tag SCORE_ILIKE ?';
$args[] = "%".$_GET['tag']."%";
$where[] = 'tag SCORE_ILIKE :tag';
$args["tag"] = "%".$_GET['tag']."%";
}
if (!empty($_GET['redirect'])) {
$where[] = 'redirect SCORE_ILIKE ?';
$args[] = "%".$_GET['redirect']."%";
$where[] = 'redirect SCORE_ILIKE :redirect';
$args["redirect"] = "%".$_GET['redirect']."%";
}
$where = implode(" AND ", $where);
$bans = $database->get_all($database->scoreql_to_sql("
@ -131,13 +129,9 @@ class NotATag extends Extension
FROM untags
WHERE $where
ORDER BY tag
LIMIT $size_i
OFFSET $offset_i
LIMIT :limit
OFFSET :offset
"), $args);
if ($bans) {
return $bans;
} else {
return [];
}
return $bans;
}
}

View file

@ -220,13 +220,12 @@ class Notes extends Extension
{
global $database;
return $database->get_all(
"SELECT * ".
"FROM notes ".
"WHERE enable = ? AND image_id = ? ".
"ORDER BY date ASC",
['1', $imageID]
);
return $database->get_all("
SELECT *
FROM notes
WHERE enable = :enable AND image_id = :image_id
ORDER BY date ASC
", ['enable'=>'1', 'image_id'=>$imageID]);
}
@ -248,24 +247,19 @@ class Notes extends Extension
$database->execute(
"
INSERT INTO notes (enable, image_id, user_id, user_ip, date, x1, y1, height, width, note)
VALUES (?, ?, ?, ?, now(), ?, ?, ?, ?, ?)",
[1, $imageID, $user_id, $_SERVER['REMOTE_ADDR'], $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText]
VALUES (:enable, :image_id, :user_id, :user_ip, now(), :x1, :y1, :height, :width, :note)",
['enable'=>1, 'image_id'=>$imageID, 'user_id'=>$user_id, 'user_ip'=>$_SERVER['REMOTE_ADDR'], 'x1'=>$noteX1, 'y1'=>$noteY1, 'height'=>$noteHeight, 'width'=>$noteWidth, 'note'=>$noteText]
);
$noteID = $database->get_last_insert_id('notes_id_seq');
log_info("notes", "Note added {$noteID} by {$user->name}");
$database->execute("UPDATE images SET notes=(SELECT COUNT(*) FROM notes WHERE image_id=?) WHERE id=?", [$imageID, $imageID]);
$database->execute("UPDATE images SET notes=(SELECT COUNT(*) FROM notes WHERE image_id=:id1) WHERE id=:id2", ['id1'=>$imageID, 'id2'=>$imageID]);
$this->add_history(1, $noteID, $imageID, $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText);
}
/*
* HERE WE ADD A REQUEST TO DATABASE
*/
private function add_note_request()
{
global $database, $user;
@ -276,8 +270,8 @@ class Notes extends Extension
$database->execute(
"
INSERT INTO note_request (image_id, user_id, date)
VALUES (?, ?, now())",
[$image_id, $user_id]
VALUES (:image_id, :user_id, now())",
['image_id'=>$image_id, 'user_id'=>$user_id]
);
$resultID = $database->get_last_insert_id('note_request_id_seq');
@ -285,23 +279,18 @@ class Notes extends Extension
log_info("notes", "Note requested {$resultID} by {$user->name}");
}
/*
* HERE WE EDIT THE NOTE
*/
private function update_note()
{
global $database;
$note = [
"noteX1" => int_escape($_POST["note_x1"]),
"noteY1" => int_escape($_POST["note_y1"]),
"noteHeight" => int_escape($_POST["note_height"]),
"noteWidth" => int_escape($_POST["note_width"]),
"noteText" => sql_escape(html_escape($_POST["note_text"])),
"imageID" => int_escape($_POST["image_id"]),
"noteID" => int_escape($_POST["note_id"])
"x1" => int_escape($_POST["note_x1"]),
"y1" => int_escape($_POST["note_y1"]),
"height" => int_escape($_POST["note_height"]),
"width" => int_escape($_POST["note_width"]),
"note" => sql_escape(html_escape($_POST["note_text"])),
"image_id" => int_escape($_POST["image_id"]),
"id" => int_escape($_POST["note_id"])
];
// validate parameters
@ -309,21 +298,14 @@ class Notes extends Extension
return;
}
$database->execute("UPDATE notes ".
"SET x1 = ?, ".
"y1 = ?, ".
"height = ?, ".
"width = ?,".
"note = ? ".
"WHERE image_id = ? AND id = ?", array_values($note));
$database->execute("
UPDATE notes
SET x1 = :x1, y1 = :y1, height = :height, width = :width, note = :note
WHERE image_id = :image_id AND id = :id", $note);
$this->add_history(1, $note['noteID'], $note['imageID'], $note['noteX1'], $note['noteY1'], $note['noteHeight'], $note['noteWidth'], $note['noteText']);
$this->add_history(1, $note['id'], $note['image_id'], $note['x1'], $note['y1'], $note['height'], $note['width'], $note['note']);
}
/*
* HERE WE DELETE THE NOTE
*/
private function delete_note()
{
global $user, $database;
@ -336,44 +318,32 @@ class Notes extends Extension
return;
}
$database->execute("UPDATE notes ".
"SET enable = ? ".
"WHERE image_id = ? AND id = ?", [0, $imageID, $noteID]);
$database->execute("
UPDATE notes SET enable = :enable
WHERE image_id = :image_id AND id = :id
", ['enable'=>0, 'image_id'=>$imageID, 'id'=>$noteID]);
log_info("notes", "Note deleted {$noteID} by {$user->name}");
}
/*
* HERE WE DELETE ALL NOTES FROM IMAGE
*/
private function nuke_notes()
{
global $database, $user;
$image_id = int_escape($_POST["image_id"]);
$database->execute("DELETE FROM notes WHERE image_id = ?", [$image_id]);
$database->execute("DELETE FROM notes WHERE image_id = :image_id", ['image_id'=>$image_id]);
log_info("notes", "Notes deleted from {$image_id} by {$user->name}");
}
/*
* HERE WE DELETE ALL REQUESTS FOR IMAGE
*/
private function nuke_requests()
{
global $database, $user;
$image_id = int_escape($_POST["image_id"]);
$database->execute("DELETE FROM note_request WHERE image_id = ?", [$image_id]);
$database->execute("DELETE FROM note_request WHERE image_id = :image_id", ['image_id'=>$image_id]);
log_info("notes", "Requests deleted from {$image_id} by {$user->name}");
}
/**
* HERE WE ALL IMAGES THAT HAVE NOTES
*/
private function get_notes_list(PageRequestEvent $event)
{
global $database, $config;
@ -382,13 +352,13 @@ class Notes extends Extension
$notesPerPage = $config->get_int('notesNotesPerPage');
//$result = $database->get_all("SELECT * FROM pool_images WHERE pool_id=?", array($poolID));
$result = $database->execute(
"SELECT DISTINCT image_id".
"FROM notes ".
"WHERE enable = ? ".
"ORDER BY date DESC LIMIT ?, ?",
[1, $pageNumber * $notesPerPage, $notesPerPage]
//$result = $database->get_all("SELECT * FROM pool_images WHERE pool_id=:pool_id", ['pool_id'=>$poolID]);
$result = $database->execute("
SELECT DISTINCT image_id
FROM notes
WHERE enable = :enable
ORDER BY date DESC LIMIT :limit OFFSET :offset",
['enable'=>1, 'offset'=>$pageNumber * $notesPerPage, 'limit'=>$notesPerPage]
);
$totalPages = ceil($database->get_one("SELECT COUNT(DISTINCT image_id) FROM notes") / $notesPerPage);
@ -401,9 +371,6 @@ class Notes extends Extension
$this->theme->display_note_list($images, $pageNumber + 1, $totalPages);
}
/**
* HERE WE GET ALL NOTE REQUESTS
*/
private function get_notes_requests(PageRequestEvent $event)
{
global $config, $database;
@ -413,15 +380,15 @@ class Notes extends Extension
$requestsPerPage = $config->get_int('notesRequestsPerPage');
//$result = $database->get_all("SELECT * FROM pool_images WHERE pool_id=?", array($poolID));
//$result = $database->get_all("SELECT * FROM pool_images WHERE pool_id=:pool_id", ['pool_id'=>$poolID]);
$result = $database->execute(
"
SELECT DISTINCT image_id
FROM note_request
ORDER BY date DESC LIMIT ?, ?",
[$pageNumber * $requestsPerPage, $requestsPerPage]
SELECT DISTINCT image_id
FROM note_request
ORDER BY date DESC LIMIT :limit OFFSET :offset",
["offset"=>$pageNumber * $requestsPerPage, "limit"=>$requestsPerPage]
);
$totalPages = ceil($database->get_one("SELECT COUNT(*) FROM note_request") / $requestsPerPage);
@ -434,30 +401,23 @@ class Notes extends Extension
$this->theme->display_note_requests($images, $pageNumber + 1, $totalPages);
}
/*
* HERE WE ADD HISTORY TO TRACK THE CHANGES OF THE NOTES FOR THE IMAGES.
*/
private function add_history($noteEnable, $noteID, $imageID, $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText)
{
global $user, $database;
$reviewID = $database->get_one("SELECT COUNT(*) FROM note_histories WHERE note_id = ?", [$noteID]);
$reviewID = $database->get_one("SELECT COUNT(*) FROM note_histories WHERE note_id = :note_id", ['note_id'=>$noteID]);
$reviewID = $reviewID + 1;
$database->execute(
"
INSERT INTO note_histories (note_enable, note_id, review_id, image_id, user_id, user_ip, date, x1, y1, height, width, note)
VALUES (?, ?, ?, ?, ?, ?, now(), ?, ?, ?, ?, ?)",
[$noteEnable, $noteID, $reviewID, $imageID, $user->id, $_SERVER['REMOTE_ADDR'], $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText]
VALUES (:note_enable, :note_id, :review_id, :image_id, :user_id, :user_ip, now(), :x1, :y1, :height, :width, :note)
",
['note_enable'=>$noteEnable, 'note_id'=>$noteID, 'review_id'=>$reviewID, 'image_id'=>$imageID, 'user_id'=>$user->id, 'user_ip'=>$_SERVER['REMOTE_ADDR'],
'x1'=>$noteX1, 'y1'=>$noteY1, 'height'=>$noteHeight, 'width'=>$noteWidth, 'note'=>$noteText]
);
}
/**
* HERE WE GET ALL HISTORIES.
*/
private function get_histories(PageRequestEvent $event)
{
global $config, $database;
@ -472,8 +432,8 @@ class Notes extends Extension
"FROM note_histories AS h ".
"INNER JOIN users AS u ".
"ON u.id = h.user_id ".
"ORDER BY date DESC LIMIT ?, ?",
[$pageNumber * $historiesPerPage, $historiesPerPage]
"ORDER BY date DESC LIMIT :limit OFFSET :offset",
['offset'=>$pageNumber * $historiesPerPage, 'limit'=>$historiesPerPage]
);
$totalPages = ceil($database->get_one("SELECT COUNT(*) FROM note_histories") / $historiesPerPage);
@ -481,10 +441,6 @@ class Notes extends Extension
$this->theme->display_histories($histories, $pageNumber + 1, $totalPages);
}
/**
* HERE WE THE HISTORY FOR A SPECIFIC NOTE.
*/
private function get_history(PageRequestEvent $event)
{
global $config, $database;
@ -499,12 +455,12 @@ class Notes extends Extension
"FROM note_histories AS h ".
"INNER JOIN users AS u ".
"ON u.id = h.user_id ".
"WHERE note_id = ? ".
"ORDER BY date DESC LIMIT ?, ?",
[$noteID, $pageNumber * $historiesPerPage, $historiesPerPage]
"WHERE note_id = :note_id ".
"ORDER BY date DESC LIMIT :limit OFFSET :offset",
['note_id'=>$noteID, 'offset'=>$pageNumber * $historiesPerPage, 'limit'=>$historiesPerPage]
);
$totalPages = ceil($database->get_one("SELECT COUNT(*) FROM note_histories WHERE note_id = ?", [$noteID]) / $historiesPerPage);
$totalPages = ceil($database->get_one("SELECT COUNT(*) FROM note_histories WHERE note_id = :note_id", ['note_id'=>$noteID]) / $historiesPerPage);
$this->theme->display_history($histories, $pageNumber + 1, $totalPages);
}
@ -516,7 +472,7 @@ class Notes extends Extension
{
global $database;
$history = $database->get_row("SELECT * FROM note_histories WHERE note_id = ? AND review_id = ?", [$noteID, $reviewID]);
$history = $database->get_row("SELECT * FROM note_histories WHERE note_id = :note_id AND review_id = :review_id", ['note_id'=>$noteID, 'review_id'=>$reviewID]);
$noteEnable = $history['note_enable'];
$noteID = $history['note_id'];
@ -527,12 +483,11 @@ class Notes extends Extension
$noteWidth = $history['width'];
$noteText = $history['note'];
$database->execute(
"UPDATE notes ".
"SET enable = ?, x1 = ?, y1 = ?, height = ?, width = ?, note = ? ".
"WHERE image_id = ? AND id = ?",
[1, $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText, $imageID, $noteID]
);
$database->execute("
UPDATE notes
SET enable = :enable, x1 = :x1, y1 = :y1, height = :height, width = :width, note = :note
WHERE image_id = :image_id AND id = :id
", ['enable'=>1, 'x1'=>$noteX1, 'y1'=>$noteY1, 'height'=>$noteHeight, 'width'=>$noteWidth, 'note'=>$noteText, 'image_id'=>$imageID, 'id'=>$noteID]);
$this->add_history($noteEnable, $noteID, $imageID, $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText);
}

View file

@ -49,8 +49,8 @@ class NumericScore extends Extension
"SELECT users.name as username, user_id, score
FROM numeric_score_votes
JOIN users ON numeric_score_votes.user_id=users.id
WHERE image_id=?",
[$image_id]
WHERE image_id=:image_id",
['image_id'=>$image_id]
);
$html = "<table style='width: 100%;'>";
foreach ($x as $vote) {
@ -83,12 +83,12 @@ class NumericScore extends Extension
if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
$image_id = int_escape($_POST['image_id']);
$database->execute(
"DELETE FROM numeric_score_votes WHERE image_id=?",
[$image_id]
"DELETE FROM numeric_score_votes WHERE image_id=:image_id",
['image_id'=>$image_id]
);
$database->execute(
"UPDATE images SET numeric_score=0 WHERE id=?",
[$image_id]
"UPDATE images SET numeric_score=0 WHERE id=:id",
['id'=>$image_id]
);
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("post/view/$image_id"));
@ -177,7 +177,7 @@ class NumericScore extends Extension
{
global $database;
$image_ids = $database->get_col("SELECT image_id FROM numeric_score_votes WHERE user_id=?", [$user_id]);
$image_ids = $database->get_col("SELECT image_id FROM numeric_score_votes WHERE user_id=:user_id", ['user_id'=>$user_id]);
if (count($image_ids) == 0) {
return;
@ -188,8 +188,8 @@ class NumericScore extends Extension
foreach (array_chunk($image_ids, 20) as $chunk) {
$id_list = implode(",", $chunk);
$database->execute(
"DELETE FROM numeric_score_votes WHERE user_id=? AND image_id IN (".$id_list.")",
[$user_id]
"DELETE FROM numeric_score_votes WHERE user_id=:user_id AND image_id IN (".$id_list.")",
['user_id'=>$user_id]
);
$database->execute("
UPDATE images

View file

@ -75,7 +75,7 @@ class PostTitles extends Extension
private function set_title(int $image_id, string $title)
{
global $database;
$database->Execute("UPDATE images SET title=? WHERE id=?", [$title, $image_id]);
$database->Execute("UPDATE images SET title=:title WHERE id=:id", ['title'=>$title, 'id'=>$image_id]);
log_info("post_titles", "Title for Image #{$image_id} set to: ".$title);
}

View file

@ -400,10 +400,10 @@ class Ratings extends Extension
$n += 100;
}
#$database->execute("
# update images set rating=? where images.id in (
# update images set rating=:rating where images.id in (
# select image_id from image_tags join tags
# on image_tags.tag_id = tags.id where tags.tag = ?);
# ", array($_POST["rating"], $_POST["tag"]));
# on image_tags.tag_id = tags.id where tags.tag = :tag);
# ", ['rating'=>$_POST["rating"], 'tag'=>$_POST["tag"]]);
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("post/list"));
}
@ -586,7 +586,7 @@ class Ratings extends Extension
{
global $database;
if ($old_rating != $rating) {
$database->Execute("UPDATE images SET rating=? WHERE id=?", [$rating, $image_id]);
$database->Execute("UPDATE images SET rating=:rating WHERE id=:id", ['rating'=>$rating, 'id'=>$image_id]);
log_info("rating", "Rating for Image #{$image_id} set to: ".$this->rating_to_human($rating));
}
}

View file

@ -84,8 +84,8 @@ class ReportImage extends Extension
log_info("report_image", "Adding report of Image #{$event->report->image_id} with reason '{$event->report->reason}'", null, ["image_id" => $event->report->image_id]);
$database->Execute(
"INSERT INTO image_reports(image_id, reporter_id, reason)
VALUES (?, ?, ?)",
[$event->report->image_id, $event->report->user_id, $event->report->reason]
VALUES (:image_id, :reporter_id, :reason)",
['image_id'=>$event->report->image_id, 'reporter_id'=>$event->report->user_id, 'reason'=>$event->report->reason]
);
$cache->delete("image-report-count");
}
@ -93,7 +93,7 @@ class ReportImage extends Extension
public function onRemoveReportedImage(RemoveReportedImageEvent $event)
{
global $cache, $database;
$database->Execute("DELETE FROM image_reports WHERE id = ?", [$event->id]);
$database->Execute("DELETE FROM image_reports WHERE id = :id", ["id"=>$event->id]);
$cache->delete("image-report-count");
}
@ -141,7 +141,7 @@ class ReportImage extends Extension
public function onImageDeletion(ImageDeletionEvent $event)
{
global $cache, $database;
$database->Execute("DELETE FROM image_reports WHERE image_id = ?", [$event->image->id]);
$database->Execute("DELETE FROM image_reports WHERE image_id = :image_id", ["image_id"=>$event->image->id]);
$cache->delete("image-report-count");
}
@ -168,7 +168,7 @@ class ReportImage extends Extension
public function delete_reports_by(int $user_id)
{
global $cache, $database;
$database->execute("DELETE FROM image_reports WHERE reporter_id=?", [$user_id]);
$database->execute("DELETE FROM image_reports WHERE reporter_id=:reporter_id", ['reporter_id'=>$user_id]);
$cache->delete("image-report-count");
}

View file

@ -39,7 +39,7 @@ class Rule34 extends Extension
{
global $database, $user, $config;
if ($user->can(Permissions::CHANGE_SETTING) && $config->get_bool('r34_comic_integration')) {
$current_state = bool_escape($database->get_one("SELECT comic_admin FROM users WHERE id=?", [$event->display_user->id]));
$current_state = bool_escape($database->get_one("SELECT comic_admin FROM users WHERE id=:id", ['id'=>$event->display_user->id]));
$this->theme->show_comic_changer($event->display_user, $current_state);
}
}
@ -84,8 +84,8 @@ class Rule34 extends Extension
'is_admin' => 'bool',
]);
$database->execute(
'UPDATE users SET comic_admin=? WHERE id=?',
[$input['is_admin'] ? 't' : 'f', $input['user_id']]
'UPDATE users SET comic_admin=:is_admin WHERE id=:id',
['is_admin'=>$input['is_admin'] ? 't' : 'f', 'id'=>$input['user_id']]
);
$page->set_mode(PageMode::REDIRECT);
$page->set_redirect(@$_SERVER['HTTP_REFERER']);

View file

@ -98,7 +98,7 @@ class ShimmieApi extends Extension
{
global $database;
if (!empty($arg)) {
$all = $database->get_all("SELECT tag FROM tags WHERE tag LIKE ?", [$arg . "%"]);
$all = $database->get_all("SELECT tag FROM tags WHERE tag LIKE :tag", ['tag'=>$arg . "%"]);
} else {
$all = $database->get_all("SELECT tag FROM tags");
}
@ -113,8 +113,8 @@ class ShimmieApi extends Extension
{
global $database;
$all = $database->get_row(
"SELECT id, name, joindate, class FROM users WHERE $type=?",
[$query]
"SELECT id, name, joindate, class FROM users WHERE $type=:query",
['query'=>$query]
);
if (!empty($all)) {
@ -131,8 +131,8 @@ class ShimmieApi extends Extension
if (isset($_GET['recent'])) {
$recent = $database->get_all(
"SELECT * FROM images WHERE owner_id=? ORDER BY id DESC LIMIT 0, 5",
[$all['id']]
"SELECT * FROM images WHERE owner_id=:owner_id ORDER BY id DESC LIMIT 0, 5",
['owner_id'=>$all['id']]
);
$i = 0;

View file

@ -215,36 +215,34 @@ class SourceHistory extends Extension
SELECT source_histories.*, users.name
FROM source_histories
JOIN users ON source_histories.user_id = users.id
WHERE source_histories.id = ?", [$revert_id]);
WHERE source_histories.id = :id", ["id"=>$revert_id]);
return ($row ? $row : null);
}
public function get_source_history_from_id(int $image_id): array
{
global $database;
$row = $database->get_all(
return $database->get_all(
"
SELECT source_histories.*, users.name
FROM source_histories
JOIN users ON source_histories.user_id = users.id
WHERE image_id = ?
WHERE image_id = :image_id
ORDER BY source_histories.id DESC",
[$image_id]
["image_id"=>$image_id]
);
return ($row ? $row : []);
}
public function get_global_source_history(int $page_id): array
{
global $database;
$row = $database->get_all("
return $database->get_all("
SELECT source_histories.*, users.name
FROM source_histories
JOIN users ON source_histories.user_id = users.id
ORDER BY source_histories.id DESC
LIMIT 100 OFFSET :offset
", ["offset" => ($page_id-1)*100]);
return ($row ? $row : []);
}
/**
@ -263,19 +261,19 @@ class SourceHistory extends Extension
$this->theme->add_status($name, "user not found");
return;
} else {
$select_code[] = 'user_id = ?';
$select_args[] = $duser->id;
$select_code[] = 'user_id = :user_id';
$select_args['user_id'] = $duser->id;
}
}
if (!is_null($ip)) {
$select_code[] = 'user_ip = ?';
$select_args[] = $ip;
$select_code[] = 'user_ip = :user_ip';
$select_args['user_ip'] = $ip;
}
if (!is_null($date)) {
$select_code[] = 'date_set >= ?';
$select_args[] = $date;
$select_code[] = 'date_set >= :date_set';
$select_args['date_set'] = $date;
}
if (count($select_code) == 0) {
@ -369,13 +367,13 @@ class SourceHistory extends Extension
}
// if the image has no history, make one with the old source
$entries = $database->get_one("SELECT COUNT(*) FROM source_histories WHERE image_id = ?", [$image->id]);
$entries = $database->get_one("SELECT COUNT(*) FROM source_histories WHERE image_id = :image_id", ['image_id'=>$image->id]);
if ($entries == 0 && !empty($old_source)) {
$database->execute(
"
INSERT INTO source_histories(image_id, source, user_id, user_ip, date_set)
VALUES (?, ?, ?, ?, now())",
[$image->id, $old_source, $config->get_int('anon_id'), '127.0.0.1']
VALUES (:image_id, :source, :user_id, :user_ip, now())",
["image_id"=>$image->id, "source"=>$old_tags, "user_id"=>$config->get_int('anon_id'), "user_ip"=>'127.0.0.1']
);
$entries++;
}
@ -384,8 +382,8 @@ class SourceHistory extends Extension
$database->execute(
"
INSERT INTO source_histories(image_id, source, user_id, user_ip, date_set)
VALUES (?, ?, ?, ?, now())",
[$image->id, $new_source, $user->id, $_SERVER['REMOTE_ADDR']]
VALUES (:image_id, :source, :user_id, :user_ip, now())",
["image_id"=>$image->id, "source"=>$new_source, "user_id"=>$user->id, "user_ip"=>$_SERVER['REMOTE_ADDR']]
);
$entries++;
@ -402,8 +400,8 @@ class SourceHistory extends Extension
http://dev.mysql.com/doc/refman/5.1/en/subquery-restrictions.html
http://stackoverflow.com/questions/45494/mysql-error-1093-cant-specify-target-table-for-update-in-from-clause
*/
$min_id = $database->get_one("SELECT MIN(id) FROM source_histories WHERE image_id = ?", [$image->id]);
$database->execute("DELETE FROM source_histories WHERE id = ?", [$min_id]);
$min_id = $database->get_one("SELECT MIN(id) FROM source_histories WHERE image_id = :image_id", ["image_id"=>$image->id]);
$database->execute("DELETE FROM source_histories WHERE id = :id", ["id"=>$min_id]);
}
}
}

View file

@ -38,16 +38,16 @@ class TagCategories extends Extension
if ($number_of_db_rows == 0) {
$database->execute(
'INSERT INTO image_tag_categories VALUES (?, ?, ?, ?)',
["artist", "Artist", "Artists", "#BB6666"]
'INSERT INTO image_tag_categories VALUES (:category, :single, :multiple, :color)',
["category"=>"artist", "single"=>"Artist", "multiple"=>"Artists", "color"=>"#BB6666"]
);
$database->execute(
'INSERT INTO image_tag_categories VALUES (?, ?, ?, ?)',
["series", "Series", "Series", "#AA00AA"]
'INSERT INTO image_tag_categories VALUES (:category, :single, :multiple, :color)',
["category"=>"series", "single"=>"Series", "multiple"=>"Series", "color"=>"#AA00AA"]
);
$database->execute(
'INSERT INTO image_tag_categories VALUES (?, ?, ?, ?)',
["character", "Character", "Characters", "#66BB66"]
'INSERT INTO image_tag_categories VALUES (:category, :single, :multiple, :color)',
["category"=>"character", "single"=>"Character", "multiple"=>"Characters", "color"=>"#66BB66"]
);
}
}

View file

@ -213,36 +213,34 @@ class TagHistory extends Extension
SELECT tag_histories.*, users.name
FROM tag_histories
JOIN users ON tag_histories.user_id = users.id
WHERE tag_histories.id = ?", [$revert_id]);
WHERE tag_histories.id = :id", ["id"=>$revert_id]);
return ($row ? $row : null);
}
public function get_tag_history_from_id(int $image_id): array
{
global $database;
$row = $database->get_all(
return $database->get_all(
"
SELECT tag_histories.*, users.name
FROM tag_histories
JOIN users ON tag_histories.user_id = users.id
WHERE image_id = ?
WHERE image_id = :id
ORDER BY tag_histories.id DESC",
[$image_id]
["id"=>$image_id]
);
return ($row ? $row : []);
}
public function get_global_tag_history(int $page_id): array
{
global $database;
$row = $database->get_all("
return $database->get_all("
SELECT tag_histories.*, users.name
FROM tag_histories
JOIN users ON tag_histories.user_id = users.id
ORDER BY tag_histories.id DESC
LIMIT 100 OFFSET :offset
", ["offset" => ($page_id-1)*100]);
return ($row ? $row : []);
}
/**
@ -261,19 +259,19 @@ class TagHistory extends Extension
$this->theme->add_status($name, "user not found");
return;
} else {
$select_code[] = 'user_id = ?';
$select_args[] = $duser->id;
$select_code[] = 'user_id = :user_id';
$select_args['user_id'] = $duser->id;
}
}
if (!is_null($ip)) {
$select_code[] = 'user_ip = ?';
$select_args[] = $ip;
$select_code[] = 'user_ip = :user_ip';
$select_args['user_ip'] = $ip;
}
if (!is_null($date)) {
$select_code[] = 'date_set >= ?';
$select_args[] = $date;
$select_code[] = 'date_set >= :date_set';
$select_args['date_set'] = $date;
}
if (count($select_code) == 0) {
@ -368,13 +366,13 @@ class TagHistory extends Extension
}
// if the image has no history, make one with the old tags
$entries = $database->get_one("SELECT COUNT(*) FROM tag_histories WHERE image_id = ?", [$image->id]);
$entries = $database->get_one("SELECT COUNT(*) FROM tag_histories WHERE image_id = :id", ["id"=>$image->id]);
if ($entries == 0 && !empty($old_tags)) {
$database->execute(
"
INSERT INTO tag_histories(image_id, tags, user_id, user_ip, date_set)
VALUES (?, ?, ?, ?, now())",
[$image->id, $old_tags, $config->get_int('anon_id'), '127.0.0.1']
VALUES (:image_id, :tags, :user_id, :user_ip, now())",
["image_id"=>$image->id, "tags"=>$old_tags, "user_id"=>$config->get_int('anon_id'), "user_ip"=>'127.0.0.1']
);
$entries++;
}
@ -383,8 +381,8 @@ class TagHistory extends Extension
$database->execute(
"
INSERT INTO tag_histories(image_id, tags, user_id, user_ip, date_set)
VALUES (?, ?, ?, ?, now())",
[$image->id, $new_tags, $user->id, $_SERVER['REMOTE_ADDR']]
VALUES (:image_id, :tags, :user_id, :user_ip, now())",
["image_id"=>$image->id, "tags"=>$new_tags, "user_id"=>$user->id, "user_ip"=>$_SERVER['REMOTE_ADDR']]
);
$entries++;
@ -401,8 +399,8 @@ class TagHistory extends Extension
http://dev.mysql.com/doc/refman/5.1/en/subquery-restrictions.html
http://stackoverflow.com/questions/45494/mysql-error-1093-cant-specify-target-table-for-update-in-from-clause
*/
$min_id = $database->get_one("SELECT MIN(id) FROM tag_histories WHERE image_id = ?", [$image->id]);
$database->execute("DELETE FROM tag_histories WHERE id = ?", [$min_id]);
$min_id = $database->get_one("SELECT MIN(id) FROM tag_histories WHERE image_id = :image_id", ["image_id"=>$image->id]);
$database->execute("DELETE FROM tag_histories WHERE id = :id", ["id"=>$min_id]);
}
}
}

View file

@ -42,13 +42,13 @@ class TaggerXML extends Extension
$max_rows = $config->get_int("ext_tagger_tag_max", 30);
$limit_rows = $config->get_int("ext_tagger_limit", 30);
$values = [];
$values = [
'p' => strlen($s) == 1 ? " " : "\_",
'sq' => "%".$p.sql_escape($s)."%"
];
// Match
$p = strlen($s) == 1? " ":"\_";
$sq = "%".$p.sql_escape($s)."%";
$match = "concat(?,tag) LIKE ?";
array_push($values, $p, $sq);
$match = "concat(:p, tag) LIKE :sq";
// Exclude
// $exclude = $event->get_arg(1)? "AND NOT IN ".$this->image_tags($event->get_arg(1)) : null;
@ -62,7 +62,7 @@ class TaggerXML extends Extension
$count = $this->count($q_where, $values);
if ($count > $max_rows) {
$q_from = "FROM (SELECT * FROM `tags` {$q_where} ".
"ORDER BY count DESC LIMIT 0, {$limit_rows}) AS `c_tags`";
"ORDER BY count DESC LIMIT {$limit_rows} OFFSET 0) AS `c_tags`";
$q_where = null;
$count = ["max"=>$count];
} else {
@ -88,7 +88,7 @@ class TaggerXML extends Extension
$tags = $database->Execute("
SELECT tags.*
FROM image_tags JOIN tags ON image_tags.tag_id = tags.id
WHERE image_id=? ORDER BY tag", [$image_id]);
WHERE image_id=:image_id ORDER BY tag", ['image_id'=>$image_id]);
return $this->list_to_xml($tags, "image", $image_id);
}

View file

@ -17,8 +17,8 @@ class Tips extends Extension
$database->execute(
"
INSERT INTO tips (enable, image, text)
VALUES (?, ?, ?)",
["Y", "coins.png", "Do you like this extension? Please support us for developing new ones. <a href=\"https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=8235933\" target=\"_blank\">Donate through paypal</a>."]
VALUES (:enable, :image, :text)",
["enable"=>"Y", "image"=>"coins.png", "text"=>"Do you like this extension? Please support us for developing new ones. <a href=\"https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=8235933\" target=\"_blank\">Donate through paypal</a>."]
);
$this->set_version("ext_tips_version", 1);
@ -109,8 +109,8 @@ class Tips extends Extension
$database->execute(
"
INSERT INTO tips (enable, image, text)
VALUES (?, ?, ?)",
[$enable, $image, $text]
VALUES (:enable, :image, :text)",
["enable"=>$enable, "image"=>$image, "text"=>$text]
);
}
@ -148,7 +148,7 @@ class Tips extends Extension
{
global $database;
$tip = $database->get_row("SELECT * FROM tips WHERE id = ? ", [int_escape($tipID)]);
$tip = $database->get_row("SELECT * FROM tips WHERE id = :id ", ["id"=>int_escape($tipID)]);
if (bool_escape($tip['enable'])) {
$enable = "N";
@ -156,12 +156,12 @@ class Tips extends Extension
$enable = "Y";
}
$database->execute("UPDATE tips SET enable = ? WHERE id = ?", [$enable, int_escape($tipID)]);
$database->execute("UPDATE tips SET enable = :enable WHERE id = :id", ["enable"=>$enable, "id"=>int_escape($tipID)]);
}
private function deleteTip(int $tipID)
{
global $database;
$database->execute("DELETE FROM tips WHERE id = ?", [int_escape($tipID)]);
$database->execute("DELETE FROM tips WHERE id = :id", ["id"=>int_escape($tipID)]);
}
}

View file

@ -190,8 +190,9 @@ class Wiki extends Extension
try {
$database->Execute("
INSERT INTO wiki_pages(owner_id, owner_ip, date, title, revision, locked, body)
VALUES (?, ?, now(), ?, ?, ?, ?)", [$event->user->id, $_SERVER['REMOTE_ADDR'],
$wpage->title, $wpage->revision, $wpage->locked?'Y':'N', $wpage->body]);
VALUES (:owner_id, :owner_ip, now(), :title, :revision, :locked, :body)",
["owner_id"=>$event->user->id, "owner_ip"=>$_SERVER['REMOTE_ADDR'],
"title"=>$wpage->title, "revision"=>$wpage->revision, "locked"=>$wpage->locked?'Y':'N', "body"=>$wpage->body]);
} catch (Exception $e) {
throw new WikiUpdateException("Somebody else edited that page at the same time :-(");
}