consistently use colon parameters

This commit is contained in:
Shish 2019-11-27 11:22:46 +00:00
parent 861def1aa3
commit 95ef5940fc
21 changed files with 258 additions and 316 deletions

View file

@ -144,8 +144,8 @@ class Artists extends Extension
} }
$database->execute( $database->execute(
"UPDATE images SET author = ? WHERE id = ?", "UPDATE images SET author = :author WHERE id = :id",
[$artistName, $event->image->id] ['author'=>$artistName, 'id'=>$event->image->id]
); );
} }
@ -414,21 +414,21 @@ class Artists extends Extension
private function get_artistName_by_imageID(int $imageID): string private function get_artistName_by_imageID(int $imageID): string
{ {
global $database; global $database;
$result = $database->get_row("SELECT author FROM images WHERE id = ?", [$imageID]); $result = $database->get_row("SELECT author FROM images WHERE id = :id", ['id'=>$imageID]);
return stripslashes($result['author']); return stripslashes($result['author']);
} }
private function url_exists_by_url(string $url): bool private function url_exists_by_url(string $url): bool
{ {
global $database; global $database;
$result = $database->get_one("SELECT COUNT(1) FROM artist_urls WHERE url = ?", [$url]); $result = $database->get_one("SELECT COUNT(1) FROM artist_urls WHERE url = :url", ['url'=>$url]);
return ($result != 0); return ($result != 0);
} }
private function member_exists_by_name(string $member): bool private function member_exists_by_name(string $member): bool
{ {
global $database; global $database;
$result = $database->get_one("SELECT COUNT(1) FROM artist_members WHERE name = ?", [$member]); $result = $database->get_one("SELECT COUNT(1) FROM artist_members WHERE name = :name", ['name'=>$member]);
return ($result != 0); return ($result != 0);
} }
@ -436,7 +436,7 @@ class Artists extends Extension
{ {
global $database; global $database;
$result = $database->get_one("SELECT COUNT(1) FROM artist_alias WHERE alias = ?", [$alias]); $result = $database->get_one("SELECT COUNT(1) FROM artist_alias WHERE alias = :alias", ['alias'=>$alias]);
return ($result != 0); return ($result != 0);
} }
@ -444,8 +444,8 @@ class Artists extends Extension
{ {
global $database; global $database;
$result = $database->get_one( $result = $database->get_one(
"SELECT COUNT(1) FROM artist_alias WHERE artist_id = ? AND alias = ?", "SELECT COUNT(1) FROM artist_alias WHERE artist_id = :artist_id AND alias = :alias",
[$artistID, $alias] ['artist_id'=>$artistID, 'alias'=>$alias]
); );
return ($result != 0); return ($result != 0);
} }
@ -453,61 +453,61 @@ class Artists extends Extension
private function get_artistID_by_url(string $url): int private function get_artistID_by_url(string $url): int
{ {
global $database; global $database;
return $database->get_one("SELECT artist_id FROM artist_urls WHERE url = ?", [$url]); return $database->get_one("SELECT artist_id FROM artist_urls WHERE url = :url", ['url'=>$url]);
} }
private function get_artistID_by_memberName(string $member): int private function get_artistID_by_memberName(string $member): int
{ {
global $database; global $database;
return $database->get_one("SELECT artist_id FROM artist_members WHERE name = ?", [$member]); return $database->get_one("SELECT artist_id FROM artist_members WHERE name = :name", ['name'=>$member]);
} }
private function get_artistName_by_artistID(int $artistID): string private function get_artistName_by_artistID(int $artistID): string
{ {
global $database; global $database;
return $database->get_one("SELECT name FROM artists WHERE id = ?", [$artistID]); return $database->get_one("SELECT name FROM artists WHERE id = :id", ['id'=>$artistID]);
} }
private function get_artistID_by_aliasID(int $aliasID): int private function get_artistID_by_aliasID(int $aliasID): int
{ {
global $database; global $database;
return $database->get_one("SELECT artist_id FROM artist_alias WHERE id = ?", [$aliasID]); return $database->get_one("SELECT artist_id FROM artist_alias WHERE id = :id", ['id'=>$aliasID]);
} }
private function get_artistID_by_memberID(int $memberID): int private function get_artistID_by_memberID(int $memberID): int
{ {
global $database; global $database;
return $database->get_one("SELECT artist_id FROM artist_members WHERE id = ?", [$memberID]); return $database->get_one("SELECT artist_id FROM artist_members WHERE id = :id", ['id'=>$memberID]);
} }
private function get_artistID_by_urlID(int $urlID): int private function get_artistID_by_urlID(int $urlID): int
{ {
global $database; global $database;
return $database->get_one("SELECT artist_id FROM artist_urls WHERE id = ?", [$urlID]); return $database->get_one("SELECT artist_id FROM artist_urls WHERE id = :id", ['id'=>$urlID]);
} }
private function delete_alias(int $aliasID) private function delete_alias(int $aliasID)
{ {
global $database; global $database;
$database->execute("DELETE FROM artist_alias WHERE id = ?", [$aliasID]); $database->execute("DELETE FROM artist_alias WHERE id = :id", ['id'=>$aliasID]);
} }
private function delete_url(int $urlID) private function delete_url(int $urlID)
{ {
global $database; global $database;
$database->execute("DELETE FROM artist_urls WHERE id = ?", [$urlID]); $database->execute("DELETE FROM artist_urls WHERE id = :id", ['id'=>$urlID]);
} }
private function delete_member(int $memberID) private function delete_member(int $memberID)
{ {
global $database; global $database;
$database->execute("DELETE FROM artist_members WHERE id = ?", [$memberID]); $database->execute("DELETE FROM artist_members WHERE id = :id", ['id'=>$memberID]);
} }
private function get_alias_by_id(int $aliasID): array private function get_alias_by_id(int $aliasID): array
{ {
global $database; global $database;
$result = $database->get_row("SELECT * FROM artist_alias WHERE id = ?", [$aliasID]); $result = $database->get_row("SELECT * FROM artist_alias WHERE id = :id", ['id'=>$aliasID]);
$result["alias"] = stripslashes($result["alias"]); $result["alias"] = stripslashes($result["alias"]);
return $result; return $result;
} }
@ -515,7 +515,7 @@ class Artists extends Extension
private function get_url_by_id(int $urlID): array private function get_url_by_id(int $urlID): array
{ {
global $database; global $database;
$result = $database->get_row("SELECT * FROM artist_urls WHERE id = ?", [$urlID]); $result = $database->get_row("SELECT * FROM artist_urls WHERE id = :id", ['id'=>$urlID]);
$result["url"] = stripslashes($result["url"]); $result["url"] = stripslashes($result["url"]);
return $result; return $result;
} }
@ -523,7 +523,7 @@ class Artists extends Extension
private function get_member_by_id(int $memberID): array private function get_member_by_id(int $memberID): array
{ {
global $database; global $database;
$result = $database->get_row("SELECT * FROM artist_members WHERE id = ?", [$memberID]); $result = $database->get_row("SELECT * FROM artist_members WHERE id = :id", ['id'=>$memberID]);
$result["name"] = stripslashes($result["name"]); $result["name"] = stripslashes($result["name"]);
return $result; return $result;
} }
@ -559,8 +559,8 @@ class Artists extends Extension
global $database; global $database;
$database->execute( $database->execute(
"UPDATE artists SET name = ?, notes = ?, updated = now(), user_id = ? WHERE id = ? ", "UPDATE artists SET name = :name, notes = :notes, updated = now(), user_id = :user_id WHERE id = :id",
[$name, $notes, $userID, $artistID] ['name'=>$name, 'notes'=>$notes, 'user_id'=>$userID, 'id'=>$artistID]
); );
// ALIAS MATCHING SECTION // ALIAS MATCHING SECTION
@ -640,8 +640,8 @@ class Artists extends Extension
{ {
global $database; global $database;
$database->execute( $database->execute(
"UPDATE artist_alias SET alias = ?, updated = now(), user_id = ? WHERE id = ? ", "UPDATE artist_alias SET alias = :alias, updated = now(), user_id = :user_id WHERE id = :id",
[$alias, $userID, $aliasID] ['alias'=>$alias, 'user_id'=>$userID, 'id'=>$aliasID]
); );
} }
@ -659,8 +659,8 @@ class Artists extends Extension
{ {
global $database; global $database;
$database->execute( $database->execute(
"UPDATE artist_urls SET url = ?, updated = now(), user_id = ? WHERE id = ?", "UPDATE artist_urls SET url = :url, updated = now(), user_id = :user_id WHERE id = :id",
[$url, $userID, $urlID] ['url'=>$url, 'user_id'=>$userID, 'id'=>$urlID]
); );
} }
@ -678,8 +678,8 @@ class Artists extends Extension
{ {
global $database; global $database;
$database->execute( $database->execute(
"UPDATE artist_members SET name = ?, updated = now(), user_id = ? WHERE id = ?", "UPDATE artist_members SET name = :name, updated = now(), user_id = :user_id WHERE id = :id",
[$memberName, $userID, $memberID] ['name'=>$memberName, 'user_id'=>$userID, 'id'=>$memberID]
); );
} }
@ -754,8 +754,8 @@ class Artists extends Extension
global $database, $user; global $database, $user;
$database->execute(" $database->execute("
INSERT INTO artists (user_id, name, notes, created, updated) INSERT INTO artists (user_id, name, notes, created, updated)
VALUES (?, ?, ?, now(), now()) VALUES (:user_id, :name, :notes, now(), now())
", [$user->id, $name, $notes]); ", ['user_id'=>$user->id, 'name'=>$name, 'notes'=>$notes]);
return $database->get_last_insert_id('artists_id_seq'); return $database->get_last_insert_id('artists_id_seq');
} }
@ -763,8 +763,8 @@ class Artists extends Extension
{ {
global $database; global $database;
$result = $database->get_one( $result = $database->get_one(
"SELECT COUNT(1) FROM artists WHERE name = ?", "SELECT COUNT(1) FROM artists WHERE name = :name",
[$name] ['name'=>$name]
); );
return ($result != 0); return ($result != 0);
} }
@ -773,8 +773,8 @@ class Artists extends Extension
{ {
global $database; global $database;
$result = $database->get_row( $result = $database->get_row(
"SELECT * FROM artists WHERE id = ?", "SELECT * FROM artists WHERE id = :id",
[$artistID] ['id'=>$artistID]
); );
$result["name"] = stripslashes($result["name"]); $result["name"] = stripslashes($result["name"]);
@ -787,8 +787,8 @@ class Artists extends Extension
{ {
global $database; global $database;
$result = $database->get_all( $result = $database->get_all(
"SELECT * FROM artist_members WHERE artist_id = ?", "SELECT * FROM artist_members WHERE artist_id = :artist_id",
[$artistID] ['artist_id'=>$artistID]
); );
$num = count($result); $num = count($result);
@ -803,8 +803,8 @@ class Artists extends Extension
{ {
global $database; global $database;
$result = $database->get_all( $result = $database->get_all(
"SELECT id, url FROM artist_urls WHERE artist_id = ?", "SELECT id, url FROM artist_urls WHERE artist_id = :artist_id",
[$artistID] ['artist_id'=>$artistID]
); );
$num = count($result); $num = count($result);
@ -819,8 +819,8 @@ class Artists extends Extension
{ {
global $database; global $database;
return (int)$database->get_one( return (int)$database->get_one(
"SELECT id FROM artists WHERE name = ?", "SELECT id FROM artists WHERE name = :name",
[$name] ['name'=>$name]
); );
} }
@ -829,8 +829,8 @@ class Artists extends Extension
global $database; global $database;
return (int)$database->get_one( return (int)$database->get_one(
"SELECT artist_id FROM artist_alias WHERE alias = ?", "SELECT artist_id FROM artist_alias WHERE alias = :alias",
[$alias] ['alias'=>$alias]
); );
} }
@ -838,8 +838,8 @@ class Artists extends Extension
{ {
global $database; global $database;
$database->execute( $database->execute(
"DELETE FROM artists WHERE id = ? ", "DELETE FROM artists WHERE id = :id",
[$artistID] ['id'=>$artistID]
); );
} }
@ -899,12 +899,12 @@ class Artists extends Extension
ORDER BY m.updated DESC ORDER BY m.updated DESC
) )
ORDER BY updated DESC ORDER BY updated DESC
LIMIT ?, ? LIMIT :offset, :limit
", ",
[ [
$pageNumber * $artistsPerPage "offset"=>$pageNumber * $artistsPerPage,
, $artistsPerPage "limit"=>$artistsPerPage
] ]
); );
$number_of_listings = count($listing); $number_of_listings = count($listing);
@ -954,8 +954,8 @@ class Artists extends Extension
global $database; global $database;
$database->execute( $database->execute(
"INSERT INTO artist_urls (artist_id, created, updated, url, user_id) VALUES (?, now(), now(), ?, ?)", "INSERT INTO artist_urls (artist_id, created, updated, url, user_id) VALUES (:artist_id, now(), now(), :url, :user_id)",
[$artistID, $url, $userID] ['artist'=>$artistID, 'url'=>$url, 'user_id'=>$userID]
); );
} }
@ -981,8 +981,8 @@ class Artists extends Extension
global $database; global $database;
$database->execute( $database->execute(
"INSERT INTO artist_alias (artist_id, created, updated, alias, user_id) VALUES (?, now(), now(), ?, ?)", "INSERT INTO artist_alias (artist_id, created, updated, alias, user_id) VALUES (:artist_id, now(), now(), :alias, :user_id)",
[$artistID, $alias, $userID] ['artist_id'=>$artistID, 'alias'=>$alias, 'user_id'=>$userID]
); );
} }
@ -1008,8 +1008,8 @@ class Artists extends Extension
global $database; global $database;
$database->execute( $database->execute(
"INSERT INTO artist_members (artist_id, name, created, updated, user_id) VALUES (?, ?, now(), now(), ?)", "INSERT INTO artist_members (artist_id, name, created, updated, user_id) VALUES (:artist_id, :name, now(), now(), :user_id)",
[$artistID, $member, $userID] ['artist'=>$artistID, 'name'=>$member, 'user_id'=>$userID]
); );
} }
@ -1018,8 +1018,8 @@ class Artists extends Extension
global $database; global $database;
$result = $database->get_one( $result = $database->get_one(
"SELECT COUNT(1) FROM artist_members WHERE artist_id = ? AND name = ?", "SELECT COUNT(1) FROM artist_members WHERE artist_id = :artist_id AND name = :name",
[$artistID, $member] ['artist_id'=>$artistID, 'name'=>$member]
); );
return ($result != 0); return ($result != 0);
} }
@ -1029,8 +1029,8 @@ class Artists extends Extension
global $database; global $database;
$result = $database->get_one( $result = $database->get_one(
"SELECT COUNT(1) FROM artist_urls WHERE artist_id = ? AND url = ?", "SELECT COUNT(1) FROM artist_urls WHERE artist_id = :artist_id AND url = :url",
[$artistID, $url] ['artist_id'=>$artistID, 'url'=>$url]
); );
return ($result != 0); return ($result != 0);
} }
@ -1045,9 +1045,9 @@ class Artists extends Extension
$result = $database->get_all(" $result = $database->get_all("
SELECT id AS alias_id, alias AS alias_name SELECT id AS alias_id, alias AS alias_name
FROM artist_alias FROM artist_alias
WHERE artist_id = ? WHERE artist_id = :artist_id
ORDER BY alias ASC ORDER BY alias ASC
", [$artistID]); ", ['artist_id'=>$artistID]);
for ($i = 0 ; $i < count($result) ; $i++) { for ($i = 0 ; $i < count($result) ; $i++) {
$result[$i]["alias_name"] = stripslashes($result[$i]["alias_name"]); $result[$i]["alias_name"] = stripslashes($result[$i]["alias_name"]);

View file

@ -60,8 +60,8 @@ class Blocks extends Extension
if ($user->check_auth_token()) { if ($user->check_auth_token()) {
$database->execute(" $database->execute("
INSERT INTO blocks (pages, title, area, priority, content) INSERT INTO blocks (pages, title, area, priority, content)
VALUES (?, ?, ?, ?, ?) VALUES (:pages, :title, :area, :priority, :content)
", [$_POST['pages'], $_POST['title'], $_POST['area'], (int)$_POST['priority'], $_POST['content']]); ", ['pages'=>$_POST['pages'], 'title'=>$_POST['title'], 'area'=>$_POST['area'], 'priority'=>(int)$_POST['priority'], 'content'=>$_POST['content']]);
log_info("blocks", "Added Block #".($database->get_last_insert_id('blocks_id_seq'))." (".$_POST['title'].")"); log_info("blocks", "Added Block #".($database->get_last_insert_id('blocks_id_seq'))." (".$_POST['title'].")");
$cache->delete("blocks"); $cache->delete("blocks");
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
@ -73,14 +73,14 @@ class Blocks extends Extension
if (!empty($_POST['delete'])) { if (!empty($_POST['delete'])) {
$database->execute(" $database->execute("
DELETE FROM blocks DELETE FROM blocks
WHERE id=? WHERE id=:id
", [$_POST['id']]); ", ['id'=>$_POST['id']]);
log_info("blocks", "Deleted Block #".$_POST['id']); log_info("blocks", "Deleted Block #".$_POST['id']);
} else { } else {
$database->execute(" $database->execute("
UPDATE blocks SET pages=?, title=?, area=?, priority=?, content=? UPDATE blocks SET pages=:pages, title=:title, area=:area, priority=:priority, content=:content
WHERE id=? WHERE id=:id
", [$_POST['pages'], $_POST['title'], $_POST['area'], (int)$_POST['priority'], $_POST['content'], $_POST['id']]); ", ['pages'=>$_POST['pages'], 'title'=>$_POST['title'], 'area'=>$_POST['area'], 'priority'=>(int)$_POST['priority'], 'content'=>$_POST['content'], 'id'=>$_POST['id']]);
log_info("blocks", "Updated Block #".$_POST['id']." (".$_POST['title'].")"); log_info("blocks", "Updated Block #".$_POST['id']." (".$_POST['title'].")");
} }
$cache->delete("blocks"); $cache->delete("blocks");

View file

@ -32,8 +32,8 @@ class Blotter extends Extension
"); ");
// Insert sample data: // Insert sample data:
$database->execute( $database->execute(
"INSERT INTO blotter (entry_date, entry_text, important) VALUES (now(), ?, ?)", "INSERT INTO blotter (entry_date, entry_text, important) VALUES (now(), :text, :important)",
["Installed the blotter extension!", "Y"] ["text"=>"Installed the blotter extension!", "important"=>"Y"]
); );
log_info("blotter", "Installed tables for blotter extension."); log_info("blotter", "Installed tables for blotter extension.");
$config->set_int("blotter_version", 1); $config->set_int("blotter_version", 1);
@ -102,8 +102,8 @@ class Blotter extends Extension
} }
// Now insert into db: // Now insert into db:
$database->execute( $database->execute(
"INSERT INTO blotter (entry_date, entry_text, important) VALUES (now(), ?, ?)", "INSERT INTO blotter (entry_date, entry_text, important) VALUES (now(), :text, :important)",
[$entry_text, $important] ["text"=>$entry_text, "important"=>$important]
); );
log_info("blotter", "Added Message: $entry_text"); log_info("blotter", "Added Message: $entry_text");
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);

View file

@ -53,9 +53,9 @@ class BrowserSearch extends Extension
// Now to get DB results // Now to get DB results
if ($config->get_string("search_suggestions_results_order") == "a") { if ($config->get_string("search_suggestions_results_order") == "a") {
$tags = $database->execute("SELECT tag FROM tags WHERE tag LIKE ? AND count > 0 ORDER BY tag ASC LIMIT 30", [$tag_search."%"]); $tags = $database->execute("SELECT tag FROM tags WHERE tag LIKE :tag AND count > 0 ORDER BY tag ASC LIMIT 30", ['tag'=>$tag_search."%"]);
} else { } else {
$tags = $database->execute("SELECT tag FROM tags WHERE tag LIKE ? AND count > 0 ORDER BY count DESC LIMIT 30", [$tag_search."%"]); $tags = $database->execute("SELECT tag FROM tags WHERE tag LIKE :tag AND count > 0 ORDER BY count DESC LIMIT 30", ['tag'=>$tag_search."%"]);
} }

View file

@ -74,8 +74,8 @@ class DanbooruApi extends Extension
$idlist = explode(",", $_GET['id']); $idlist = explode(",", $_GET['id']);
foreach ($idlist as $id) { foreach ($idlist as $id) {
$sqlresult = $database->get_all( $sqlresult = $database->get_all(
"SELECT id,tag,count FROM tags WHERE id = ?", "SELECT id,tag,count FROM tags WHERE id = :id",
[$id] ['id'=>$id]
); );
foreach ($sqlresult as $row) { foreach ($sqlresult as $row) {
$results[] = [$row['count'], $row['tag'], $row['id']]; $results[] = [$row['count'], $row['tag'], $row['id']];
@ -86,9 +86,9 @@ class DanbooruApi extends Extension
foreach ($namelist as $name) { foreach ($namelist as $name) {
$sqlresult = $database->get_all( $sqlresult = $database->get_all(
$database->scoreql_to_sql( $database->scoreql_to_sql(
"SELECT id,tag,count FROM tags WHERE SCORE_STRNORM(tag) = SCORE_STRNORM(?)" "SELECT id,tag,count FROM tags WHERE SCORE_STRNORM(tag) = SCORE_STRNORM(:tag)"
), ),
[$name] ['tag'=>$name]
); );
foreach ($sqlresult as $row) { foreach ($sqlresult as $row) {
$results[] = [$row['count'], $row['tag'], $row['id']]; $results[] = [$row['count'], $row['tag'], $row['id']];
@ -102,8 +102,8 @@ class DanbooruApi extends Extension
} else { } else {
$start = isset($_GET['after_id']) ? int_escape($_GET['offset']) : 0; $start = isset($_GET['after_id']) ? int_escape($_GET['offset']) : 0;
$sqlresult = $database->get_all( $sqlresult = $database->get_all(
"SELECT id,tag,count FROM tags WHERE count > 0 AND id >= ? ORDER BY id DESC", "SELECT id,tag,count FROM tags WHERE count > 0 AND id >= :id ORDER BY id DESC",
[$start] ['id'=>$start]
); );
foreach ($sqlresult as $row) { foreach ($sqlresult as $row) {
$results[] = [$row['count'], $row['tag'], $row['id']]; $results[] = [$row['count'], $row['tag'], $row['id']];

View file

@ -69,8 +69,8 @@ class Forum extends Extension
{ {
global $database; global $database;
$threads_count = $database->get_one("SELECT COUNT(*) FROM forum_threads WHERE user_id=?", [$event->display_user->id]); $threads_count = $database->get_one("SELECT COUNT(*) FROM forum_threads WHERE user_id=:user_id", ['user_id'=>$event->display_user->id]);
$posts_count = $database->get_one("SELECT COUNT(*) FROM forum_posts WHERE user_id=?", [$event->display_user->id]); $posts_count = $database->get_one("SELECT COUNT(*) FROM forum_posts WHERE user_id=:user_id", ['user_id'=>$event->display_user->id]);
$days_old = ((time() - strtotime($event->display_user->join_date)) / 86400) + 1; $days_old = ((time() - strtotime($event->display_user->join_date)) / 86400) + 1;
@ -183,7 +183,7 @@ class Forum extends Extension
private function get_total_pages_for_thread(int $threadID) private function get_total_pages_for_thread(int $threadID)
{ {
global $database, $config; global $database, $config;
$result = $database->get_row("SELECT COUNT(1) AS count FROM forum_posts WHERE thread_id = ?", [$threadID]); $result = $database->get_row("SELECT COUNT(1) AS count FROM forum_posts WHERE thread_id = :thread_id", ['thread_id'=>$threadID]);
return ceil($result["count"] / $config->get_int("forumPostsPerPage")); return ceil($result["count"] / $config->get_int("forumPostsPerPage"));
} }
@ -238,7 +238,7 @@ class Forum extends Extension
private function get_thread_title(int $threadID) private function get_thread_title(int $threadID)
{ {
global $database; global $database;
$result = $database->get_row("SELECT t.title FROM forum_threads AS t WHERE t.id = ? ", [$threadID]); $result = $database->get_row("SELECT t.title FROM forum_threads AS t WHERE t.id = :id ", ['id'=>$threadID]);
return $result["title"]; return $result["title"];
} }
@ -283,7 +283,7 @@ class Forum extends Extension
global $config, $database; global $config, $database;
$threadID = $event->get_arg(1); $threadID = $event->get_arg(1);
$postsPerPage = $config->get_int('forumPostsPerPage', 15); $postsPerPage = $config->get_int('forumPostsPerPage', 15);
$totalPages = ceil($database->get_one("SELECT COUNT(*) FROM forum_posts WHERE thread_id = ?", [$threadID]) / $postsPerPage); $totalPages = ceil($database->get_one("SELECT COUNT(*) FROM forum_posts WHERE thread_id = :id", ['id'=>$threadID]) / $postsPerPage);
$threadTitle = $this->get_thread_title($threadID); $threadTitle = $this->get_thread_title($threadID);
if ($event->count_args() >= 3) { if ($event->count_args() >= 3) {
@ -329,8 +329,8 @@ class Forum extends Extension
INSERT INTO forum_threads INSERT INTO forum_threads
(title, sticky, user_id, date, uptodate) (title, sticky, user_id, date, uptodate)
VALUES VALUES
(?, ?, ?, now(), now())", (:title, :sticky, :user_id, now(), now())",
[$title, $sticky, $user->id] ['title'=>$title, 'sticky'=>$sticky, 'user_id'=>$user->id]
); );
$threadID = $database->get_last_insert_id("forum_threads_id_seq"); $threadID = $database->get_last_insert_id("forum_threads_id_seq");
@ -350,16 +350,16 @@ class Forum extends Extension
$message = substr($message, 0, $max_characters); $message = substr($message, 0, $max_characters);
global $database; global $database;
$database->execute("INSERT INTO forum_posts $database->execute("
(thread_id, user_id, date, message) INSERT INTO forum_posts (thread_id, user_id, date, message)
VALUES VALUES (:thread_id, :user_id, now(), :message)
(?, ?, now(), ?)", [$threadID, $userID, $message]); ", ['thread_id'=>$threadID, 'user_id'=>$userID, 'message'=>$message]);
$postID = $database->get_last_insert_id("forum_posts_id_seq"); $postID = $database->get_last_insert_id("forum_posts_id_seq");
log_info("forum", "Post {$postID} created by {$user->name}"); log_info("forum", "Post {$postID} created by {$user->name}");
$database->execute("UPDATE forum_threads SET uptodate=now() WHERE id=?", [$threadID]); $database->execute("UPDATE forum_threads SET uptodate=now() WHERE id=:id", ['id'=>$threadID]);
} }
private function retrieve_posts(int $threadID, int $pageNumber) private function retrieve_posts(int $threadID, int $pageNumber)
@ -382,24 +382,20 @@ class Forum extends Extension
private function delete_thread(int $threadID) private function delete_thread(int $threadID)
{ {
global $database; global $database;
$database->execute("DELETE FROM forum_threads WHERE id = ?", [$threadID]); $database->execute("DELETE FROM forum_threads WHERE id = :id", ['id'=>$threadID]);
$database->execute("DELETE FROM forum_posts WHERE thread_id = ?", [$threadID]); $database->execute("DELETE FROM forum_posts WHERE thread_id = :thread_id", ['thread_id'=>$threadID]);
} }
private function delete_post(int $postID) private function delete_post(int $postID)
{ {
global $database; global $database;
$database->execute("DELETE FROM forum_posts WHERE id = ?", [$postID]); $database->execute("DELETE FROM forum_posts WHERE id = :id", ['id'=>$postID]);
} }
private function threadExists(int $threadID) private function threadExists(int $threadID)
{ {
global $database; global $database;
$result=$database->get_one("SELECT EXISTS (SELECT * FROM forum_threads WHERE id= ?)", [$threadID]); $result=$database->get_one("SELECT EXISTS (SELECT * FROM forum_threads WHERE id=:id)", ['id'=>$threadID]);
if ($result==1) { return $result == 1;
return true;
} else {
return false;
}
} }
} }

View file

@ -115,8 +115,8 @@ class ImageBan extends Extension
{ {
global $database; global $database;
$database->Execute( $database->Execute(
"INSERT INTO image_bans (hash, reason, date) VALUES (?, ?, now())", "INSERT INTO image_bans (hash, reason, date) VALUES (:hash, :reason, now())",
[$event->hash, $event->reason] ["hash"=>$event->hash, "reason"=>$event->reason]
); );
log_info("image_hash_ban", "Banned hash {$event->hash} because '{$event->reason}'"); log_info("image_hash_ban", "Banned hash {$event->hash} because '{$event->reason}'");
} }
@ -124,7 +124,7 @@ class ImageBan extends Extension
public function onRemoveImageHashBan(RemoveImageHashBanEvent $event) public function onRemoveImageHashBan(RemoveImageHashBanEvent $event)
{ {
global $database; global $database;
$database->Execute("DELETE FROM image_bans WHERE hash = ?", [$event->hash]); $database->Execute("DELETE FROM image_bans WHERE hash = :hash", ["hash"=>$event->hash]);
} }
public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event) public function onImageAdminBlockBuilding(ImageAdminBlockBuildingEvent $event)
@ -147,12 +147,12 @@ class ImageBan extends Extension
$where = ["(1=1)"]; $where = ["(1=1)"];
$args = []; $args = [];
if (!empty($_GET['hash'])) { if (!empty($_GET['hash'])) {
$where[] = 'hash = ?'; $where[] = 'hash = :hash';
$args[] = $_GET['hash']; $args['hash'] = $_GET['hash'];
} }
if (!empty($_GET['reason'])) { if (!empty($_GET['reason'])) {
$where[] = 'reason SCORE_ILIKE ?'; $where[] = 'reason SCORE_ILIKE :reason';
$args[] = "%".$_GET['reason']."%"; $args['reason'] = "%".$_GET['reason']."%";
} }
$where = implode(" AND ", $where); $where = implode(" AND ", $where);
$bans = $database->get_all($database->scoreql_to_sql(" $bans = $database->get_all($database->scoreql_to_sql("

View file

@ -81,15 +81,15 @@ class NotATag extends Extension
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : "DNP"; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : "DNP";
$database->Execute( $database->Execute(
"INSERT INTO untags(tag, redirect) VALUES (?, ?)", "INSERT INTO untags(tag, redirect) VALUES (:tag, :redirect)",
[$tag, $redirect] ["tag"=>$tag, "redirect"=>$redirect]
); );
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect($_SERVER['HTTP_REFERER']); $page->set_redirect($_SERVER['HTTP_REFERER']);
} elseif ($event->get_arg(0) == "remove") { } elseif ($event->get_arg(0) == "remove") {
if (isset($_POST['tag'])) { if (isset($_POST['tag'])) {
$database->Execute($database->scoreql_to_sql("DELETE FROM untags WHERE SCORE_STRNORM(tag) = SCORE_STRNORM(?)"), [$_POST['tag']]); $database->Execute($database->scoreql_to_sql("DELETE FROM untags WHERE SCORE_STRNORM(tag) = SCORE_STRNORM(:tag)"), ["tag"=>$_POST['tag']]);
flash_message("Image ban removed"); flash_message("Image ban removed");
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
@ -113,17 +113,15 @@ class NotATag extends Extension
global $database; global $database;
// FIXME: many // FIXME: many
$size_i = int_escape($size);
$offset_i = int_escape($page-1)*$size_i;
$where = ["(1=1)"]; $where = ["(1=1)"];
$args = []; $args = ["limit"=>$size, "offset"=>($page-1)*$size];
if (!empty($_GET['tag'])) { if (!empty($_GET['tag'])) {
$where[] = 'tag SCORE_ILIKE ?'; $where[] = 'tag SCORE_ILIKE :tag';
$args[] = "%".$_GET['tag']."%"; $args["tag"] = "%".$_GET['tag']."%";
} }
if (!empty($_GET['redirect'])) { if (!empty($_GET['redirect'])) {
$where[] = 'redirect SCORE_ILIKE ?'; $where[] = 'redirect SCORE_ILIKE :redirect';
$args[] = "%".$_GET['redirect']."%"; $args["redirect"] = "%".$_GET['redirect']."%";
} }
$where = implode(" AND ", $where); $where = implode(" AND ", $where);
$bans = $database->get_all($database->scoreql_to_sql(" $bans = $database->get_all($database->scoreql_to_sql("
@ -131,13 +129,9 @@ class NotATag extends Extension
FROM untags FROM untags
WHERE $where WHERE $where
ORDER BY tag ORDER BY tag
LIMIT $size_i LIMIT :limit
OFFSET $offset_i OFFSET :offset
"), $args); "), $args);
if ($bans) { return $bans;
return $bans;
} else {
return [];
}
} }
} }

View file

@ -220,13 +220,12 @@ class Notes extends Extension
{ {
global $database; global $database;
return $database->get_all( return $database->get_all("
"SELECT * ". SELECT *
"FROM notes ". FROM notes
"WHERE enable = ? AND image_id = ? ". WHERE enable = :enable AND image_id = :image_id
"ORDER BY date ASC", ORDER BY date ASC
['1', $imageID] ", ['enable'=>'1', 'image_id'=>$imageID]);
);
} }
@ -248,24 +247,19 @@ class Notes extends Extension
$database->execute( $database->execute(
" "
INSERT INTO notes (enable, image_id, user_id, user_ip, date, x1, y1, height, width, note) INSERT INTO notes (enable, image_id, user_id, user_ip, date, x1, y1, height, width, note)
VALUES (?, ?, ?, ?, now(), ?, ?, ?, ?, ?)", VALUES (:enable, :image_id, :user_id, :user_ip, now(), :x1, :y1, :height, :width, :note)",
[1, $imageID, $user_id, $_SERVER['REMOTE_ADDR'], $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText] ['enable'=>1, 'image_id'=>$imageID, 'user_id'=>$user_id, 'user_ip'=>$_SERVER['REMOTE_ADDR'], 'x1'=>$noteX1, 'y1'=>$noteY1, 'height'=>$noteHeight, 'width'=>$noteWidth, 'note'=>$noteText]
); );
$noteID = $database->get_last_insert_id('notes_id_seq'); $noteID = $database->get_last_insert_id('notes_id_seq');
log_info("notes", "Note added {$noteID} by {$user->name}"); log_info("notes", "Note added {$noteID} by {$user->name}");
$database->execute("UPDATE images SET notes=(SELECT COUNT(*) FROM notes WHERE image_id=?) WHERE id=?", [$imageID, $imageID]); $database->execute("UPDATE images SET notes=(SELECT COUNT(*) FROM notes WHERE image_id=:id1) WHERE id=:id2", ['id1'=>$imageID, 'id2'=>$imageID]);
$this->add_history(1, $noteID, $imageID, $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText); $this->add_history(1, $noteID, $imageID, $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText);
} }
/*
* HERE WE ADD A REQUEST TO DATABASE
*/
private function add_note_request() private function add_note_request()
{ {
global $database, $user; global $database, $user;
@ -276,8 +270,8 @@ class Notes extends Extension
$database->execute( $database->execute(
" "
INSERT INTO note_request (image_id, user_id, date) INSERT INTO note_request (image_id, user_id, date)
VALUES (?, ?, now())", VALUES (:image_id, :user_id, now())",
[$image_id, $user_id] ['image_id'=>$image_id, 'user_id'=>$user_id]
); );
$resultID = $database->get_last_insert_id('note_request_id_seq'); $resultID = $database->get_last_insert_id('note_request_id_seq');
@ -285,23 +279,18 @@ class Notes extends Extension
log_info("notes", "Note requested {$resultID} by {$user->name}"); log_info("notes", "Note requested {$resultID} by {$user->name}");
} }
/*
* HERE WE EDIT THE NOTE
*/
private function update_note() private function update_note()
{ {
global $database; global $database;
$note = [ $note = [
"noteX1" => int_escape($_POST["note_x1"]), "x1" => int_escape($_POST["note_x1"]),
"noteY1" => int_escape($_POST["note_y1"]), "y1" => int_escape($_POST["note_y1"]),
"noteHeight" => int_escape($_POST["note_height"]), "height" => int_escape($_POST["note_height"]),
"noteWidth" => int_escape($_POST["note_width"]), "width" => int_escape($_POST["note_width"]),
"noteText" => sql_escape(html_escape($_POST["note_text"])), "note" => sql_escape(html_escape($_POST["note_text"])),
"imageID" => int_escape($_POST["image_id"]), "image_id" => int_escape($_POST["image_id"]),
"noteID" => int_escape($_POST["note_id"]) "id" => int_escape($_POST["note_id"])
]; ];
// validate parameters // validate parameters
@ -309,21 +298,14 @@ class Notes extends Extension
return; return;
} }
$database->execute("UPDATE notes ". $database->execute("
"SET x1 = ?, ". UPDATE notes
"y1 = ?, ". SET x1 = :x1, y1 = :y1, height = :height, width = :width, note = :note
"height = ?, ". WHERE image_id = :image_id AND id = :id", $note);
"width = ?,".
"note = ? ".
"WHERE image_id = ? AND id = ?", array_values($note));
$this->add_history(1, $note['noteID'], $note['imageID'], $note['noteX1'], $note['noteY1'], $note['noteHeight'], $note['noteWidth'], $note['noteText']); $this->add_history(1, $note['id'], $note['image_id'], $note['x1'], $note['y1'], $note['height'], $note['width'], $note['note']);
} }
/*
* HERE WE DELETE THE NOTE
*/
private function delete_note() private function delete_note()
{ {
global $user, $database; global $user, $database;
@ -336,44 +318,32 @@ class Notes extends Extension
return; return;
} }
$database->execute("UPDATE notes ". $database->execute("
"SET enable = ? ". UPDATE notes SET enable = :enable
"WHERE image_id = ? AND id = ?", [0, $imageID, $noteID]); WHERE image_id = :image_id AND id = :id
", ['enable'=>0, 'image_id'=>$imageID, 'id'=>$noteID]);
log_info("notes", "Note deleted {$noteID} by {$user->name}"); log_info("notes", "Note deleted {$noteID} by {$user->name}");
} }
/*
* HERE WE DELETE ALL NOTES FROM IMAGE
*/
private function nuke_notes() private function nuke_notes()
{ {
global $database, $user; global $database, $user;
$image_id = int_escape($_POST["image_id"]); $image_id = int_escape($_POST["image_id"]);
$database->execute("DELETE FROM notes WHERE image_id = ?", [$image_id]); $database->execute("DELETE FROM notes WHERE image_id = :image_id", ['image_id'=>$image_id]);
log_info("notes", "Notes deleted from {$image_id} by {$user->name}"); log_info("notes", "Notes deleted from {$image_id} by {$user->name}");
} }
/*
* HERE WE DELETE ALL REQUESTS FOR IMAGE
*/
private function nuke_requests() private function nuke_requests()
{ {
global $database, $user; global $database, $user;
$image_id = int_escape($_POST["image_id"]); $image_id = int_escape($_POST["image_id"]);
$database->execute("DELETE FROM note_request WHERE image_id = ?", [$image_id]); $database->execute("DELETE FROM note_request WHERE image_id = :image_id", ['image_id'=>$image_id]);
log_info("notes", "Requests deleted from {$image_id} by {$user->name}"); log_info("notes", "Requests deleted from {$image_id} by {$user->name}");
} }
/**
* HERE WE ALL IMAGES THAT HAVE NOTES
*/
private function get_notes_list(PageRequestEvent $event) private function get_notes_list(PageRequestEvent $event)
{ {
global $database, $config; global $database, $config;
@ -382,13 +352,13 @@ class Notes extends Extension
$notesPerPage = $config->get_int('notesNotesPerPage'); $notesPerPage = $config->get_int('notesNotesPerPage');
//$result = $database->get_all("SELECT * FROM pool_images WHERE pool_id=?", array($poolID)); //$result = $database->get_all("SELECT * FROM pool_images WHERE pool_id=:pool_id", ['pool_id'=>$poolID]);
$result = $database->execute( $result = $database->execute("
"SELECT DISTINCT image_id". SELECT DISTINCT image_id
"FROM notes ". FROM notes
"WHERE enable = ? ". WHERE enable = :enable
"ORDER BY date DESC LIMIT ?, ?", ORDER BY date DESC LIMIT :limit OFFSET :offset",
[1, $pageNumber * $notesPerPage, $notesPerPage] ['enable'=>1, 'offset'=>$pageNumber * $notesPerPage, 'limit'=>$notesPerPage]
); );
$totalPages = ceil($database->get_one("SELECT COUNT(DISTINCT image_id) FROM notes") / $notesPerPage); $totalPages = ceil($database->get_one("SELECT COUNT(DISTINCT image_id) FROM notes") / $notesPerPage);
@ -401,9 +371,6 @@ class Notes extends Extension
$this->theme->display_note_list($images, $pageNumber + 1, $totalPages); $this->theme->display_note_list($images, $pageNumber + 1, $totalPages);
} }
/**
* HERE WE GET ALL NOTE REQUESTS
*/
private function get_notes_requests(PageRequestEvent $event) private function get_notes_requests(PageRequestEvent $event)
{ {
global $config, $database; global $config, $database;
@ -413,15 +380,15 @@ class Notes extends Extension
$requestsPerPage = $config->get_int('notesRequestsPerPage'); $requestsPerPage = $config->get_int('notesRequestsPerPage');
//$result = $database->get_all("SELECT * FROM pool_images WHERE pool_id=?", array($poolID)); //$result = $database->get_all("SELECT * FROM pool_images WHERE pool_id=:pool_id", ['pool_id'=>$poolID]);
$result = $database->execute( $result = $database->execute(
" "
SELECT DISTINCT image_id SELECT DISTINCT image_id
FROM note_request FROM note_request
ORDER BY date DESC LIMIT ?, ?", ORDER BY date DESC LIMIT :limit OFFSET :offset",
[$pageNumber * $requestsPerPage, $requestsPerPage] ["offset"=>$pageNumber * $requestsPerPage, "limit"=>$requestsPerPage]
); );
$totalPages = ceil($database->get_one("SELECT COUNT(*) FROM note_request") / $requestsPerPage); $totalPages = ceil($database->get_one("SELECT COUNT(*) FROM note_request") / $requestsPerPage);
@ -434,30 +401,23 @@ class Notes extends Extension
$this->theme->display_note_requests($images, $pageNumber + 1, $totalPages); $this->theme->display_note_requests($images, $pageNumber + 1, $totalPages);
} }
/*
* HERE WE ADD HISTORY TO TRACK THE CHANGES OF THE NOTES FOR THE IMAGES.
*/
private function add_history($noteEnable, $noteID, $imageID, $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText) private function add_history($noteEnable, $noteID, $imageID, $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText)
{ {
global $user, $database; global $user, $database;
$reviewID = $database->get_one("SELECT COUNT(*) FROM note_histories WHERE note_id = ?", [$noteID]); $reviewID = $database->get_one("SELECT COUNT(*) FROM note_histories WHERE note_id = :note_id", ['note_id'=>$noteID]);
$reviewID = $reviewID + 1; $reviewID = $reviewID + 1;
$database->execute( $database->execute(
" "
INSERT INTO note_histories (note_enable, note_id, review_id, image_id, user_id, user_ip, date, x1, y1, height, width, note) INSERT INTO note_histories (note_enable, note_id, review_id, image_id, user_id, user_ip, date, x1, y1, height, width, note)
VALUES (?, ?, ?, ?, ?, ?, now(), ?, ?, ?, ?, ?)", VALUES (:note_enable, :note_id, :review_id, :image_id, :user_id, :user_ip, now(), :x1, :y1, :height, :width, :note)
[$noteEnable, $noteID, $reviewID, $imageID, $user->id, $_SERVER['REMOTE_ADDR'], $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText] ",
['note_enable'=>$noteEnable, 'note_id'=>$noteID, 'review_id'=>$reviewID, 'image_id'=>$imageID, 'user_id'=>$user->id, 'user_ip'=>$_SERVER['REMOTE_ADDR'],
'x1'=>$noteX1, 'y1'=>$noteY1, 'height'=>$noteHeight, 'width'=>$noteWidth, 'note'=>$noteText]
); );
} }
/**
* HERE WE GET ALL HISTORIES.
*/
private function get_histories(PageRequestEvent $event) private function get_histories(PageRequestEvent $event)
{ {
global $config, $database; global $config, $database;
@ -472,8 +432,8 @@ class Notes extends Extension
"FROM note_histories AS h ". "FROM note_histories AS h ".
"INNER JOIN users AS u ". "INNER JOIN users AS u ".
"ON u.id = h.user_id ". "ON u.id = h.user_id ".
"ORDER BY date DESC LIMIT ?, ?", "ORDER BY date DESC LIMIT :limit OFFSET :offset",
[$pageNumber * $historiesPerPage, $historiesPerPage] ['offset'=>$pageNumber * $historiesPerPage, 'limit'=>$historiesPerPage]
); );
$totalPages = ceil($database->get_one("SELECT COUNT(*) FROM note_histories") / $historiesPerPage); $totalPages = ceil($database->get_one("SELECT COUNT(*) FROM note_histories") / $historiesPerPage);
@ -481,10 +441,6 @@ class Notes extends Extension
$this->theme->display_histories($histories, $pageNumber + 1, $totalPages); $this->theme->display_histories($histories, $pageNumber + 1, $totalPages);
} }
/**
* HERE WE THE HISTORY FOR A SPECIFIC NOTE.
*/
private function get_history(PageRequestEvent $event) private function get_history(PageRequestEvent $event)
{ {
global $config, $database; global $config, $database;
@ -499,12 +455,12 @@ class Notes extends Extension
"FROM note_histories AS h ". "FROM note_histories AS h ".
"INNER JOIN users AS u ". "INNER JOIN users AS u ".
"ON u.id = h.user_id ". "ON u.id = h.user_id ".
"WHERE note_id = ? ". "WHERE note_id = :note_id ".
"ORDER BY date DESC LIMIT ?, ?", "ORDER BY date DESC LIMIT :limit OFFSET :offset",
[$noteID, $pageNumber * $historiesPerPage, $historiesPerPage] ['note_id'=>$noteID, 'offset'=>$pageNumber * $historiesPerPage, 'limit'=>$historiesPerPage]
); );
$totalPages = ceil($database->get_one("SELECT COUNT(*) FROM note_histories WHERE note_id = ?", [$noteID]) / $historiesPerPage); $totalPages = ceil($database->get_one("SELECT COUNT(*) FROM note_histories WHERE note_id = :note_id", ['note_id'=>$noteID]) / $historiesPerPage);
$this->theme->display_history($histories, $pageNumber + 1, $totalPages); $this->theme->display_history($histories, $pageNumber + 1, $totalPages);
} }
@ -516,7 +472,7 @@ class Notes extends Extension
{ {
global $database; global $database;
$history = $database->get_row("SELECT * FROM note_histories WHERE note_id = ? AND review_id = ?", [$noteID, $reviewID]); $history = $database->get_row("SELECT * FROM note_histories WHERE note_id = :note_id AND review_id = :review_id", ['note_id'=>$noteID, 'review_id'=>$reviewID]);
$noteEnable = $history['note_enable']; $noteEnable = $history['note_enable'];
$noteID = $history['note_id']; $noteID = $history['note_id'];
@ -527,12 +483,11 @@ class Notes extends Extension
$noteWidth = $history['width']; $noteWidth = $history['width'];
$noteText = $history['note']; $noteText = $history['note'];
$database->execute( $database->execute("
"UPDATE notes ". UPDATE notes
"SET enable = ?, x1 = ?, y1 = ?, height = ?, width = ?, note = ? ". SET enable = :enable, x1 = :x1, y1 = :y1, height = :height, width = :width, note = :note
"WHERE image_id = ? AND id = ?", WHERE image_id = :image_id AND id = :id
[1, $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText, $imageID, $noteID] ", ['enable'=>1, 'x1'=>$noteX1, 'y1'=>$noteY1, 'height'=>$noteHeight, 'width'=>$noteWidth, 'note'=>$noteText, 'image_id'=>$imageID, 'id'=>$noteID]);
);
$this->add_history($noteEnable, $noteID, $imageID, $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText); $this->add_history($noteEnable, $noteID, $imageID, $noteX1, $noteY1, $noteHeight, $noteWidth, $noteText);
} }

View file

@ -49,8 +49,8 @@ class NumericScore extends Extension
"SELECT users.name as username, user_id, score "SELECT users.name as username, user_id, score
FROM numeric_score_votes FROM numeric_score_votes
JOIN users ON numeric_score_votes.user_id=users.id JOIN users ON numeric_score_votes.user_id=users.id
WHERE image_id=?", WHERE image_id=:image_id",
[$image_id] ['image_id'=>$image_id]
); );
$html = "<table style='width: 100%;'>"; $html = "<table style='width: 100%;'>";
foreach ($x as $vote) { foreach ($x as $vote) {
@ -83,12 +83,12 @@ class NumericScore extends Extension
if ($user->can(Permissions::EDIT_OTHER_VOTE)) { if ($user->can(Permissions::EDIT_OTHER_VOTE)) {
$image_id = int_escape($_POST['image_id']); $image_id = int_escape($_POST['image_id']);
$database->execute( $database->execute(
"DELETE FROM numeric_score_votes WHERE image_id=?", "DELETE FROM numeric_score_votes WHERE image_id=:image_id",
[$image_id] ['image_id'=>$image_id]
); );
$database->execute( $database->execute(
"UPDATE images SET numeric_score=0 WHERE id=?", "UPDATE images SET numeric_score=0 WHERE id=:id",
[$image_id] ['id'=>$image_id]
); );
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("post/view/$image_id")); $page->set_redirect(make_link("post/view/$image_id"));
@ -177,7 +177,7 @@ class NumericScore extends Extension
{ {
global $database; global $database;
$image_ids = $database->get_col("SELECT image_id FROM numeric_score_votes WHERE user_id=?", [$user_id]); $image_ids = $database->get_col("SELECT image_id FROM numeric_score_votes WHERE user_id=:user_id", ['user_id'=>$user_id]);
if (count($image_ids) == 0) { if (count($image_ids) == 0) {
return; return;
@ -188,8 +188,8 @@ class NumericScore extends Extension
foreach (array_chunk($image_ids, 20) as $chunk) { foreach (array_chunk($image_ids, 20) as $chunk) {
$id_list = implode(",", $chunk); $id_list = implode(",", $chunk);
$database->execute( $database->execute(
"DELETE FROM numeric_score_votes WHERE user_id=? AND image_id IN (".$id_list.")", "DELETE FROM numeric_score_votes WHERE user_id=:user_id AND image_id IN (".$id_list.")",
[$user_id] ['user_id'=>$user_id]
); );
$database->execute(" $database->execute("
UPDATE images UPDATE images

View file

@ -75,7 +75,7 @@ class PostTitles extends Extension
private function set_title(int $image_id, string $title) private function set_title(int $image_id, string $title)
{ {
global $database; global $database;
$database->Execute("UPDATE images SET title=? WHERE id=?", [$title, $image_id]); $database->Execute("UPDATE images SET title=:title WHERE id=:id", ['title'=>$title, 'id'=>$image_id]);
log_info("post_titles", "Title for Image #{$image_id} set to: ".$title); log_info("post_titles", "Title for Image #{$image_id} set to: ".$title);
} }

View file

@ -400,10 +400,10 @@ class Ratings extends Extension
$n += 100; $n += 100;
} }
#$database->execute(" #$database->execute("
# update images set rating=? where images.id in ( # update images set rating=:rating where images.id in (
# select image_id from image_tags join tags # select image_id from image_tags join tags
# on image_tags.tag_id = tags.id where tags.tag = ?); # on image_tags.tag_id = tags.id where tags.tag = :tag);
# ", array($_POST["rating"], $_POST["tag"])); # ", ['rating'=>$_POST["rating"], 'tag'=>$_POST["tag"]]);
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(make_link("post/list")); $page->set_redirect(make_link("post/list"));
} }
@ -586,7 +586,7 @@ class Ratings extends Extension
{ {
global $database; global $database;
if ($old_rating != $rating) { if ($old_rating != $rating) {
$database->Execute("UPDATE images SET rating=? WHERE id=?", [$rating, $image_id]); $database->Execute("UPDATE images SET rating=:rating WHERE id=:id", ['rating'=>$rating, 'id'=>$image_id]);
log_info("rating", "Rating for Image #{$image_id} set to: ".$this->rating_to_human($rating)); log_info("rating", "Rating for Image #{$image_id} set to: ".$this->rating_to_human($rating));
} }
} }

View file

@ -84,8 +84,8 @@ class ReportImage extends Extension
log_info("report_image", "Adding report of Image #{$event->report->image_id} with reason '{$event->report->reason}'", null, ["image_id" => $event->report->image_id]); log_info("report_image", "Adding report of Image #{$event->report->image_id} with reason '{$event->report->reason}'", null, ["image_id" => $event->report->image_id]);
$database->Execute( $database->Execute(
"INSERT INTO image_reports(image_id, reporter_id, reason) "INSERT INTO image_reports(image_id, reporter_id, reason)
VALUES (?, ?, ?)", VALUES (:image_id, :reporter_id, :reason)",
[$event->report->image_id, $event->report->user_id, $event->report->reason] ['image_id'=>$event->report->image_id, 'reporter_id'=>$event->report->user_id, 'reason'=>$event->report->reason]
); );
$cache->delete("image-report-count"); $cache->delete("image-report-count");
} }
@ -93,7 +93,7 @@ class ReportImage extends Extension
public function onRemoveReportedImage(RemoveReportedImageEvent $event) public function onRemoveReportedImage(RemoveReportedImageEvent $event)
{ {
global $cache, $database; global $cache, $database;
$database->Execute("DELETE FROM image_reports WHERE id = ?", [$event->id]); $database->Execute("DELETE FROM image_reports WHERE id = :id", ["id"=>$event->id]);
$cache->delete("image-report-count"); $cache->delete("image-report-count");
} }
@ -141,7 +141,7 @@ class ReportImage extends Extension
public function onImageDeletion(ImageDeletionEvent $event) public function onImageDeletion(ImageDeletionEvent $event)
{ {
global $cache, $database; global $cache, $database;
$database->Execute("DELETE FROM image_reports WHERE image_id = ?", [$event->image->id]); $database->Execute("DELETE FROM image_reports WHERE image_id = :image_id", ["image_id"=>$event->image->id]);
$cache->delete("image-report-count"); $cache->delete("image-report-count");
} }
@ -168,7 +168,7 @@ class ReportImage extends Extension
public function delete_reports_by(int $user_id) public function delete_reports_by(int $user_id)
{ {
global $cache, $database; global $cache, $database;
$database->execute("DELETE FROM image_reports WHERE reporter_id=?", [$user_id]); $database->execute("DELETE FROM image_reports WHERE reporter_id=:reporter_id", ['reporter_id'=>$user_id]);
$cache->delete("image-report-count"); $cache->delete("image-report-count");
} }

View file

@ -39,7 +39,7 @@ class Rule34 extends Extension
{ {
global $database, $user, $config; global $database, $user, $config;
if ($user->can(Permissions::CHANGE_SETTING) && $config->get_bool('r34_comic_integration')) { if ($user->can(Permissions::CHANGE_SETTING) && $config->get_bool('r34_comic_integration')) {
$current_state = bool_escape($database->get_one("SELECT comic_admin FROM users WHERE id=?", [$event->display_user->id])); $current_state = bool_escape($database->get_one("SELECT comic_admin FROM users WHERE id=:id", ['id'=>$event->display_user->id]));
$this->theme->show_comic_changer($event->display_user, $current_state); $this->theme->show_comic_changer($event->display_user, $current_state);
} }
} }
@ -84,8 +84,8 @@ class Rule34 extends Extension
'is_admin' => 'bool', 'is_admin' => 'bool',
]); ]);
$database->execute( $database->execute(
'UPDATE users SET comic_admin=? WHERE id=?', 'UPDATE users SET comic_admin=:is_admin WHERE id=:id',
[$input['is_admin'] ? 't' : 'f', $input['user_id']] ['is_admin'=>$input['is_admin'] ? 't' : 'f', 'id'=>$input['user_id']]
); );
$page->set_mode(PageMode::REDIRECT); $page->set_mode(PageMode::REDIRECT);
$page->set_redirect(@$_SERVER['HTTP_REFERER']); $page->set_redirect(@$_SERVER['HTTP_REFERER']);

View file

@ -98,7 +98,7 @@ class ShimmieApi extends Extension
{ {
global $database; global $database;
if (!empty($arg)) { if (!empty($arg)) {
$all = $database->get_all("SELECT tag FROM tags WHERE tag LIKE ?", [$arg . "%"]); $all = $database->get_all("SELECT tag FROM tags WHERE tag LIKE :tag", ['tag'=>$arg . "%"]);
} else { } else {
$all = $database->get_all("SELECT tag FROM tags"); $all = $database->get_all("SELECT tag FROM tags");
} }
@ -113,8 +113,8 @@ class ShimmieApi extends Extension
{ {
global $database; global $database;
$all = $database->get_row( $all = $database->get_row(
"SELECT id, name, joindate, class FROM users WHERE $type=?", "SELECT id, name, joindate, class FROM users WHERE $type=:query",
[$query] ['query'=>$query]
); );
if (!empty($all)) { if (!empty($all)) {
@ -131,8 +131,8 @@ class ShimmieApi extends Extension
if (isset($_GET['recent'])) { if (isset($_GET['recent'])) {
$recent = $database->get_all( $recent = $database->get_all(
"SELECT * FROM images WHERE owner_id=? ORDER BY id DESC LIMIT 0, 5", "SELECT * FROM images WHERE owner_id=:owner_id ORDER BY id DESC LIMIT 0, 5",
[$all['id']] ['owner_id'=>$all['id']]
); );
$i = 0; $i = 0;

View file

@ -215,36 +215,34 @@ class SourceHistory extends Extension
SELECT source_histories.*, users.name SELECT source_histories.*, users.name
FROM source_histories FROM source_histories
JOIN users ON source_histories.user_id = users.id JOIN users ON source_histories.user_id = users.id
WHERE source_histories.id = ?", [$revert_id]); WHERE source_histories.id = :id", ["id"=>$revert_id]);
return ($row ? $row : null); return ($row ? $row : null);
} }
public function get_source_history_from_id(int $image_id): array public function get_source_history_from_id(int $image_id): array
{ {
global $database; global $database;
$row = $database->get_all( return $database->get_all(
" "
SELECT source_histories.*, users.name SELECT source_histories.*, users.name
FROM source_histories FROM source_histories
JOIN users ON source_histories.user_id = users.id JOIN users ON source_histories.user_id = users.id
WHERE image_id = ? WHERE image_id = :image_id
ORDER BY source_histories.id DESC", ORDER BY source_histories.id DESC",
[$image_id] ["image_id"=>$image_id]
); );
return ($row ? $row : []);
} }
public function get_global_source_history(int $page_id): array public function get_global_source_history(int $page_id): array
{ {
global $database; global $database;
$row = $database->get_all(" return $database->get_all("
SELECT source_histories.*, users.name SELECT source_histories.*, users.name
FROM source_histories FROM source_histories
JOIN users ON source_histories.user_id = users.id JOIN users ON source_histories.user_id = users.id
ORDER BY source_histories.id DESC ORDER BY source_histories.id DESC
LIMIT 100 OFFSET :offset LIMIT 100 OFFSET :offset
", ["offset" => ($page_id-1)*100]); ", ["offset" => ($page_id-1)*100]);
return ($row ? $row : []);
} }
/** /**
@ -263,19 +261,19 @@ class SourceHistory extends Extension
$this->theme->add_status($name, "user not found"); $this->theme->add_status($name, "user not found");
return; return;
} else { } else {
$select_code[] = 'user_id = ?'; $select_code[] = 'user_id = :user_id';
$select_args[] = $duser->id; $select_args['user_id'] = $duser->id;
} }
} }
if (!is_null($ip)) { if (!is_null($ip)) {
$select_code[] = 'user_ip = ?'; $select_code[] = 'user_ip = :user_ip';
$select_args[] = $ip; $select_args['user_ip'] = $ip;
} }
if (!is_null($date)) { if (!is_null($date)) {
$select_code[] = 'date_set >= ?'; $select_code[] = 'date_set >= :date_set';
$select_args[] = $date; $select_args['date_set'] = $date;
} }
if (count($select_code) == 0) { if (count($select_code) == 0) {
@ -369,13 +367,13 @@ class SourceHistory extends Extension
} }
// if the image has no history, make one with the old source // if the image has no history, make one with the old source
$entries = $database->get_one("SELECT COUNT(*) FROM source_histories WHERE image_id = ?", [$image->id]); $entries = $database->get_one("SELECT COUNT(*) FROM source_histories WHERE image_id = :image_id", ['image_id'=>$image->id]);
if ($entries == 0 && !empty($old_source)) { if ($entries == 0 && !empty($old_source)) {
$database->execute( $database->execute(
" "
INSERT INTO source_histories(image_id, source, user_id, user_ip, date_set) INSERT INTO source_histories(image_id, source, user_id, user_ip, date_set)
VALUES (?, ?, ?, ?, now())", VALUES (:image_id, :source, :user_id, :user_ip, now())",
[$image->id, $old_source, $config->get_int('anon_id'), '127.0.0.1'] ["image_id"=>$image->id, "source"=>$old_tags, "user_id"=>$config->get_int('anon_id'), "user_ip"=>'127.0.0.1']
); );
$entries++; $entries++;
} }
@ -384,8 +382,8 @@ class SourceHistory extends Extension
$database->execute( $database->execute(
" "
INSERT INTO source_histories(image_id, source, user_id, user_ip, date_set) INSERT INTO source_histories(image_id, source, user_id, user_ip, date_set)
VALUES (?, ?, ?, ?, now())", VALUES (:image_id, :source, :user_id, :user_ip, now())",
[$image->id, $new_source, $user->id, $_SERVER['REMOTE_ADDR']] ["image_id"=>$image->id, "source"=>$new_source, "user_id"=>$user->id, "user_ip"=>$_SERVER['REMOTE_ADDR']]
); );
$entries++; $entries++;
@ -402,8 +400,8 @@ class SourceHistory extends Extension
http://dev.mysql.com/doc/refman/5.1/en/subquery-restrictions.html http://dev.mysql.com/doc/refman/5.1/en/subquery-restrictions.html
http://stackoverflow.com/questions/45494/mysql-error-1093-cant-specify-target-table-for-update-in-from-clause http://stackoverflow.com/questions/45494/mysql-error-1093-cant-specify-target-table-for-update-in-from-clause
*/ */
$min_id = $database->get_one("SELECT MIN(id) FROM source_histories WHERE image_id = ?", [$image->id]); $min_id = $database->get_one("SELECT MIN(id) FROM source_histories WHERE image_id = :image_id", ["image_id"=>$image->id]);
$database->execute("DELETE FROM source_histories WHERE id = ?", [$min_id]); $database->execute("DELETE FROM source_histories WHERE id = :id", ["id"=>$min_id]);
} }
} }
} }

View file

@ -38,16 +38,16 @@ class TagCategories extends Extension
if ($number_of_db_rows == 0) { if ($number_of_db_rows == 0) {
$database->execute( $database->execute(
'INSERT INTO image_tag_categories VALUES (?, ?, ?, ?)', 'INSERT INTO image_tag_categories VALUES (:category, :single, :multiple, :color)',
["artist", "Artist", "Artists", "#BB6666"] ["category"=>"artist", "single"=>"Artist", "multiple"=>"Artists", "color"=>"#BB6666"]
); );
$database->execute( $database->execute(
'INSERT INTO image_tag_categories VALUES (?, ?, ?, ?)', 'INSERT INTO image_tag_categories VALUES (:category, :single, :multiple, :color)',
["series", "Series", "Series", "#AA00AA"] ["category"=>"series", "single"=>"Series", "multiple"=>"Series", "color"=>"#AA00AA"]
); );
$database->execute( $database->execute(
'INSERT INTO image_tag_categories VALUES (?, ?, ?, ?)', 'INSERT INTO image_tag_categories VALUES (:category, :single, :multiple, :color)',
["character", "Character", "Characters", "#66BB66"] ["category"=>"character", "single"=>"Character", "multiple"=>"Characters", "color"=>"#66BB66"]
); );
} }
} }

View file

@ -213,36 +213,34 @@ class TagHistory extends Extension
SELECT tag_histories.*, users.name SELECT tag_histories.*, users.name
FROM tag_histories FROM tag_histories
JOIN users ON tag_histories.user_id = users.id JOIN users ON tag_histories.user_id = users.id
WHERE tag_histories.id = ?", [$revert_id]); WHERE tag_histories.id = :id", ["id"=>$revert_id]);
return ($row ? $row : null); return ($row ? $row : null);
} }
public function get_tag_history_from_id(int $image_id): array public function get_tag_history_from_id(int $image_id): array
{ {
global $database; global $database;
$row = $database->get_all( return $database->get_all(
" "
SELECT tag_histories.*, users.name SELECT tag_histories.*, users.name
FROM tag_histories FROM tag_histories
JOIN users ON tag_histories.user_id = users.id JOIN users ON tag_histories.user_id = users.id
WHERE image_id = ? WHERE image_id = :id
ORDER BY tag_histories.id DESC", ORDER BY tag_histories.id DESC",
[$image_id] ["id"=>$image_id]
); );
return ($row ? $row : []);
} }
public function get_global_tag_history(int $page_id): array public function get_global_tag_history(int $page_id): array
{ {
global $database; global $database;
$row = $database->get_all(" return $database->get_all("
SELECT tag_histories.*, users.name SELECT tag_histories.*, users.name
FROM tag_histories FROM tag_histories
JOIN users ON tag_histories.user_id = users.id JOIN users ON tag_histories.user_id = users.id
ORDER BY tag_histories.id DESC ORDER BY tag_histories.id DESC
LIMIT 100 OFFSET :offset LIMIT 100 OFFSET :offset
", ["offset" => ($page_id-1)*100]); ", ["offset" => ($page_id-1)*100]);
return ($row ? $row : []);
} }
/** /**
@ -261,19 +259,19 @@ class TagHistory extends Extension
$this->theme->add_status($name, "user not found"); $this->theme->add_status($name, "user not found");
return; return;
} else { } else {
$select_code[] = 'user_id = ?'; $select_code[] = 'user_id = :user_id';
$select_args[] = $duser->id; $select_args['user_id'] = $duser->id;
} }
} }
if (!is_null($ip)) { if (!is_null($ip)) {
$select_code[] = 'user_ip = ?'; $select_code[] = 'user_ip = :user_ip';
$select_args[] = $ip; $select_args['user_ip'] = $ip;
} }
if (!is_null($date)) { if (!is_null($date)) {
$select_code[] = 'date_set >= ?'; $select_code[] = 'date_set >= :date_set';
$select_args[] = $date; $select_args['date_set'] = $date;
} }
if (count($select_code) == 0) { if (count($select_code) == 0) {
@ -368,13 +366,13 @@ class TagHistory extends Extension
} }
// if the image has no history, make one with the old tags // if the image has no history, make one with the old tags
$entries = $database->get_one("SELECT COUNT(*) FROM tag_histories WHERE image_id = ?", [$image->id]); $entries = $database->get_one("SELECT COUNT(*) FROM tag_histories WHERE image_id = :id", ["id"=>$image->id]);
if ($entries == 0 && !empty($old_tags)) { if ($entries == 0 && !empty($old_tags)) {
$database->execute( $database->execute(
" "
INSERT INTO tag_histories(image_id, tags, user_id, user_ip, date_set) INSERT INTO tag_histories(image_id, tags, user_id, user_ip, date_set)
VALUES (?, ?, ?, ?, now())", VALUES (:image_id, :tags, :user_id, :user_ip, now())",
[$image->id, $old_tags, $config->get_int('anon_id'), '127.0.0.1'] ["image_id"=>$image->id, "tags"=>$old_tags, "user_id"=>$config->get_int('anon_id'), "user_ip"=>'127.0.0.1']
); );
$entries++; $entries++;
} }
@ -383,8 +381,8 @@ class TagHistory extends Extension
$database->execute( $database->execute(
" "
INSERT INTO tag_histories(image_id, tags, user_id, user_ip, date_set) INSERT INTO tag_histories(image_id, tags, user_id, user_ip, date_set)
VALUES (?, ?, ?, ?, now())", VALUES (:image_id, :tags, :user_id, :user_ip, now())",
[$image->id, $new_tags, $user->id, $_SERVER['REMOTE_ADDR']] ["image_id"=>$image->id, "tags"=>$new_tags, "user_id"=>$user->id, "user_ip"=>$_SERVER['REMOTE_ADDR']]
); );
$entries++; $entries++;
@ -401,8 +399,8 @@ class TagHistory extends Extension
http://dev.mysql.com/doc/refman/5.1/en/subquery-restrictions.html http://dev.mysql.com/doc/refman/5.1/en/subquery-restrictions.html
http://stackoverflow.com/questions/45494/mysql-error-1093-cant-specify-target-table-for-update-in-from-clause http://stackoverflow.com/questions/45494/mysql-error-1093-cant-specify-target-table-for-update-in-from-clause
*/ */
$min_id = $database->get_one("SELECT MIN(id) FROM tag_histories WHERE image_id = ?", [$image->id]); $min_id = $database->get_one("SELECT MIN(id) FROM tag_histories WHERE image_id = :image_id", ["image_id"=>$image->id]);
$database->execute("DELETE FROM tag_histories WHERE id = ?", [$min_id]); $database->execute("DELETE FROM tag_histories WHERE id = :id", ["id"=>$min_id]);
} }
} }
} }

View file

@ -42,13 +42,13 @@ class TaggerXML extends Extension
$max_rows = $config->get_int("ext_tagger_tag_max", 30); $max_rows = $config->get_int("ext_tagger_tag_max", 30);
$limit_rows = $config->get_int("ext_tagger_limit", 30); $limit_rows = $config->get_int("ext_tagger_limit", 30);
$values = []; $values = [
'p' => strlen($s) == 1 ? " " : "\_",
'sq' => "%".$p.sql_escape($s)."%"
];
// Match // Match
$p = strlen($s) == 1? " ":"\_"; $match = "concat(:p, tag) LIKE :sq";
$sq = "%".$p.sql_escape($s)."%";
$match = "concat(?,tag) LIKE ?";
array_push($values, $p, $sq);
// Exclude // Exclude
// $exclude = $event->get_arg(1)? "AND NOT IN ".$this->image_tags($event->get_arg(1)) : null; // $exclude = $event->get_arg(1)? "AND NOT IN ".$this->image_tags($event->get_arg(1)) : null;
@ -62,7 +62,7 @@ class TaggerXML extends Extension
$count = $this->count($q_where, $values); $count = $this->count($q_where, $values);
if ($count > $max_rows) { if ($count > $max_rows) {
$q_from = "FROM (SELECT * FROM `tags` {$q_where} ". $q_from = "FROM (SELECT * FROM `tags` {$q_where} ".
"ORDER BY count DESC LIMIT 0, {$limit_rows}) AS `c_tags`"; "ORDER BY count DESC LIMIT {$limit_rows} OFFSET 0) AS `c_tags`";
$q_where = null; $q_where = null;
$count = ["max"=>$count]; $count = ["max"=>$count];
} else { } else {
@ -88,7 +88,7 @@ class TaggerXML extends Extension
$tags = $database->Execute(" $tags = $database->Execute("
SELECT tags.* SELECT tags.*
FROM image_tags JOIN tags ON image_tags.tag_id = tags.id FROM image_tags JOIN tags ON image_tags.tag_id = tags.id
WHERE image_id=? ORDER BY tag", [$image_id]); WHERE image_id=:image_id ORDER BY tag", ['image_id'=>$image_id]);
return $this->list_to_xml($tags, "image", $image_id); return $this->list_to_xml($tags, "image", $image_id);
} }

View file

@ -17,8 +17,8 @@ class Tips extends Extension
$database->execute( $database->execute(
" "
INSERT INTO tips (enable, image, text) INSERT INTO tips (enable, image, text)
VALUES (?, ?, ?)", VALUES (:enable, :image, :text)",
["Y", "coins.png", "Do you like this extension? Please support us for developing new ones. <a href=\"https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=8235933\" target=\"_blank\">Donate through paypal</a>."] ["enable"=>"Y", "image"=>"coins.png", "text"=>"Do you like this extension? Please support us for developing new ones. <a href=\"https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=8235933\" target=\"_blank\">Donate through paypal</a>."]
); );
$this->set_version("ext_tips_version", 1); $this->set_version("ext_tips_version", 1);
@ -109,8 +109,8 @@ class Tips extends Extension
$database->execute( $database->execute(
" "
INSERT INTO tips (enable, image, text) INSERT INTO tips (enable, image, text)
VALUES (?, ?, ?)", VALUES (:enable, :image, :text)",
[$enable, $image, $text] ["enable"=>$enable, "image"=>$image, "text"=>$text]
); );
} }
@ -148,7 +148,7 @@ class Tips extends Extension
{ {
global $database; global $database;
$tip = $database->get_row("SELECT * FROM tips WHERE id = ? ", [int_escape($tipID)]); $tip = $database->get_row("SELECT * FROM tips WHERE id = :id ", ["id"=>int_escape($tipID)]);
if (bool_escape($tip['enable'])) { if (bool_escape($tip['enable'])) {
$enable = "N"; $enable = "N";
@ -156,12 +156,12 @@ class Tips extends Extension
$enable = "Y"; $enable = "Y";
} }
$database->execute("UPDATE tips SET enable = ? WHERE id = ?", [$enable, int_escape($tipID)]); $database->execute("UPDATE tips SET enable = :enable WHERE id = :id", ["enable"=>$enable, "id"=>int_escape($tipID)]);
} }
private function deleteTip(int $tipID) private function deleteTip(int $tipID)
{ {
global $database; global $database;
$database->execute("DELETE FROM tips WHERE id = ?", [int_escape($tipID)]); $database->execute("DELETE FROM tips WHERE id = :id", ["id"=>int_escape($tipID)]);
} }
} }

View file

@ -190,8 +190,9 @@ class Wiki extends Extension
try { try {
$database->Execute(" $database->Execute("
INSERT INTO wiki_pages(owner_id, owner_ip, date, title, revision, locked, body) INSERT INTO wiki_pages(owner_id, owner_ip, date, title, revision, locked, body)
VALUES (?, ?, now(), ?, ?, ?, ?)", [$event->user->id, $_SERVER['REMOTE_ADDR'], VALUES (:owner_id, :owner_ip, now(), :title, :revision, :locked, :body)",
$wpage->title, $wpage->revision, $wpage->locked?'Y':'N', $wpage->body]); ["owner_id"=>$event->user->id, "owner_ip"=>$_SERVER['REMOTE_ADDR'],
"title"=>$wpage->title, "revision"=>$wpage->revision, "locked"=>$wpage->locked?'Y':'N', "body"=>$wpage->body]);
} catch (Exception $e) { } catch (Exception $e) {
throw new WikiUpdateException("Somebody else edited that page at the same time :-("); throw new WikiUpdateException("Somebody else edited that page at the same time :-(");
} }