From: <re...@us...> - 2003-08-28 12:31:32
|
Update of /cvsroot/tikiwiki/tiki/lib/filegals In directory sc8-pr-cvs1:/tmp/cvs-serv20293/lib/filegals Modified Files: filegallib.php Log Message: db abstraction Index: filegallib.php =================================================================== RCS file: /cvsroot/tikiwiki/tiki/lib/filegals/filegallib.php,v retrieving revision 1.13 retrieving revision 1.14 diff -u -d -r1.13 -r1.14 --- filegallib.php 7 Aug 2003 04:34:04 -0000 1.13 +++ filegallib.php 28 Aug 2003 12:31:27 -0000 1.14 @@ -13,21 +13,21 @@ function remove_file($id) { global $fgal_use_dir; - $path = $this->getOne("select `path` from `tiki_files` where `fileId`=$id"); + $path = $this->getOne("select `path` from `tiki_files` where `fileId`=?",array($id)); if ($path) { unlink ($fgal_use_dir . $path); } - $query = "delete from `tiki_files` where `fileId`=$id"; - $result = $this->query($query); + $query = "delete from `tiki_files` where `fileId`=?"; + $result = $this->query($query,array($id)); return true; } function insert_file($galleryId, $name, $description, $filename, $data, $size, $type, $user, $path) { global $fgal_use_db, $fgal_use_dir; - $name = addslashes(strip_tags($name)); + $name = strip_tags($name); if ($fgal_use_db == 'n') { $checksum = md5(implode('', file($fgal_use_dir . $path))); @@ -35,21 +35,19 @@ $checksum = md5($data); } - $path = addslashes($path); - $description = addslashes(strip_tags($description)); - $data = addslashes($data); + $description = strip_tags($description); $now = date("U"); - if ($this->getOne("select count(*) from `tiki_files` where `hash`='$checksum'")) + if ($this->getOne("select count(*) from `tiki_files` where `hash`=?",array($checksum))) return false; $query = "insert into `tiki_files`(`galleryId`,`name`,`description`,`filename`,`filesize`,`filetype`,`data`,`user`,`created`,`downloads`,`path`,`hash`) - values($galleryId,'$name','$description','$filename',$size,'$type','$data','$user',$now,0,'$path','$checksum')"; - $result = $this->query($query); - $query = "update `tiki_file_galleries` set `lastModif`=$now where `galleryId`=$galleryId"; - $result = $this->query($query); - $query = "select max(`fileId`) from `tiki_files` where `created`=$now"; - $fileId = $this->getOne($query); + values(?,?,?,?,?,?,?,?,?,?,?,?)"; + $result = $this->query($query,array($galleryId,$name,$description,$filename,$size,$type,$data,$user,(int) $now,0,$path,$checksum)); + $query = "update `tiki_file_galleries` set `lastModif`=? where `galleryId`=?"; + $result = $this->query($query,array((int) $now,$galleryId)); + $query = "select max(`fileId`) from `tiki_files` where `created`=?"; + $fileId = $this->getOne($query,array((int) $now)); return $fileId; } @@ -57,7 +55,6 @@ global $tiki_p_admin_file_galleries; // If $user is admin then get ALL galleries, if not only user galleries are shown - $sort_mode = str_replace("_", " ", $sort_mode); $old_sort_mode = ''; if (in_array($sort_mode, array( @@ -68,7 +65,7 @@ $old_maxRecords = $maxRecords; $old_sort_mode = $sort_mode; - $sort_mode = 'user desc'; + $sort_mode = 'user_desc'; $offset = 0; $maxRecords = -1; } @@ -76,27 +73,32 @@ // If the user is not admin then select it's own galleries or public galleries if (($tiki_p_admin_file_galleries == 'y') or ($user == 'admin')) { $whuser = ""; + $bindvars=array(); } else { - $whuser = "where user='$user' or public='y'"; + $whuser = "where `user`=? or `public`=?"; + $bindvars=array($user,'y'); } if ($find) { - $find = $this->qstr('%' . $find . '%'); + $find = '%' . $find . '%'; if (empty($whuser)) { - $whuser = "where `name` like $find or `description` like $find"; + $whuser = "where `name` like ? or `description` like ?"; + $bindvars=array($find,$find); } else { - $whuser .= " and `name` like $find or `description` like $find"; + $whuser .= " and `name` like ? or `description` like ?"; + $bindvars[]=$find; + $bindvars[]=$find; } } - $query = "select * from `tiki_file_galleries` $whuser order by $sort_mode limit $offset,$maxRecords"; + $query = "select * from `tiki_file_galleries` $whuser order by ".$this->convert_sortmode($sort_mode); $query_cant = "select count(*) from `tiki_file_galleries` $whuser"; - $result = $this->query($query); - $cant = $this->getOne($query_cant); + $result = $this->query($query,$bindvars,$maxRecords,$offset); + $cant = $this->getOne($query_cant,$bindvars); $ret = array(); - while ($res = $result->fetchRow(DB_FETCHMODE_ASSOC)) { + while ($res = $result->fetchRow()) { $aux = array(); $aux["name"] = $res["name"]; @@ -110,21 +112,21 @@ $aux["user"] = $res["user"]; $aux["hits"] = $res["hits"]; $aux["public"] = $res["public"]; - $aux["files"] = $this->getOne("select count(*) from `tiki_files` where `galleryId`='$gid'"); + $aux["files"] = $this->getOne("select count(*) from `tiki_files` where `galleryId`=?",array($gid)); $ret[] = $aux; } - if ($old_sort_mode == 'files asc') { + if ($old_sort_mode == 'files_asc') { usort($ret, 'compare_files'); } - if ($old_sort_mode == 'files desc') { + if ($old_sort_mode == 'files_desc') { usort($ret, 'r_compare_files'); } if (in_array($old_sort_mode, array( - 'files desc', - 'files asc' + 'files_desc', + 'files_asc' ))) { $ret = array_slice($ret, $old_offset, $old_maxRecords); } @@ -136,18 +138,18 @@ } function set_file_gallery($file, $gallery) { - $query = "update `tiki_files` set `galleryId`=$gallery where `fileId`=$file"; + $query = "update `tiki_files` set `galleryId`=? where `fileId`=?"; - $this->query($query); + $this->query($query,array($gallery,$file)); } function remove_file_gallery($id) { global $fgal_use_dir; - $query = "select `path` from `tiki_files` where `galleryId`='$id'"; - $result = $this->query($query); + $query = "select `path` from `tiki_files` where `galleryId`=?"; + $result = $this->query($query,array($id)); - while ($res = $result->fetchRow(DB_FETCHMODE_ASSOC)) { + while ($res = $result->fetchRow()) { $path = $res["path"]; if ($path) { @@ -155,19 +157,19 @@ } } - $query = "delete from `tiki_file_galleries` where `galleryId`='$id'"; - $result = $this->query($query); - $query = "delete from `tiki_files` where `galleryId`='$id'"; - $result = $this->query($query); + $query = "delete from `tiki_file_galleries` where `galleryId`=?"; + $result = $this->query($query,array($id)); + $query = "delete from `tiki_files` where `galleryId`=?"; + $result = $this->query($query,array($id)); $this->remove_object('file gallery', $id); return true; } function get_file_gallery_info($id) { - $query = "select * from `tiki_file_galleries` where `galleryId`='$id'"; + $query = "select * from `tiki_file_galleries` where `galleryId`=?"; - $result = $this->query($query); - $res = $result->fetchRow(DB_FETCHMODE_ASSOC); + $result = $this->query($query,array($id)); + $res = $result->fetchRow(); return $res; } @@ -175,24 +177,27 @@ $show_name, $show_size, $show_description, $show_created, $show_dl, $max_desc) { // if the user is admin or the user is the same user and the gallery exists then replace if not then // create the gallary if the name is unused. - $name = addslashes(strip_tags($name)); + $name = strip_tags($name); - $description = addslashes(strip_tags($description)); + $description = strip_tags($description); $now = date("U"); if ($galleryId > 0) { - $query = "update `tiki_file_galleries` set `name`='$name', `maxRows`=$maxRows, `description`='$description',`lastModif`=$now, `public`='$public', `visible`='$visible',`show_icon`='$show_icon',`show_id`='$show_id',`show_name`='$show_name',`show_description`='$show_description',`show_size`='$show_size',`show_created`='$show_created',`show_dl`='$show_dl',`max_desc`=$max_desc where `galleryId`=$galleryId"; + $query = "update `tiki_file_galleries` set `name`=?, `maxRows`=?, `description`=?,`lastModif`=?, `public`=?, `visible`=?,`show_icon`=?,`show_id`=?,`show_name`=?,`show_description`=?,`show_size`=?,`show_created`=?,`show_dl`=?,`max_desc`=? where `galleryId`=?"; + $bindvars=array($name,$maxRows,$description,$now,$public,$visible,$show_icon,$show_id,$show_name,$show_description,$show_size,$show_created,$show_dl,$max_desc,$galleryId); - $result = $this->query($query); + $result = $this->query($query,$bindvars); } else { // Create a new record $query = "insert into `tiki_file_galleries`(`name`,`description`,`created`,`user`,`lastModif`,`maxRows`,`public`,`hits`,`visible`,`show_id`,`show_icon`,`show_name`,`show_description`,`show_created`,`show_dl`,`max_desc`) - values ('$name','$description',$now,'$user',$now,$maxRows,'$public',0,'$visible', - '$show_id','$show_icon','$show_name','$show_description','$show_created','$show_dl',$max_desc)"; + values (?,?,?,?,?,?,?,?,?, + ?,?,?,?,?,?,?)"; + $bindvars=array($name,$description,$now,$user,$now,$maxRows,$public,0,$visible, + $show_id,$show_icon,$show_name,$show_description,$show_created,$show_dl,$max_desc); - $result = $this->query($query); + $result = $this->query($query,$bindvars); $galleryId - = $this->getOne("select max(`galleryId`) from `tiki_file_galleries` where `name`='$name' and `lastModif`=$now"); + = $this->getOne("select max(`galleryId`) from `tiki_file_galleries` where `name`=? and `lastModif`=?",array($name,$now)); } return $galleryId; @@ -204,7 +209,6 @@ global $fgal_nmatch_regex; global $fgal_use_db; global $fgal_use_dir; - $description = addslashes($description); include_once ('lib/pclzip.lib.php'); include_once ('lib/mime/mimelib.php'); $archive = new PclZip($file); @@ -278,30 +282,30 @@ // Added by LeChuck, May 2, 2003 function get_file_info($id) { - $query = "select * from `tiki_files` where `fileId`='$id'"; + $query = "select * from `tiki_files` where `fileId`=?"; - $result = $this->query($query); - $res = $result->fetchRow(DB_FETCHMODE_ASSOC); + $result = $this->query($queryi,array($id)); + $res = $result->fetchRow(); return $res; } function replace_file($id, $name, $description) { // Update the fields in the database - $name = addslashes(strip_tags($name)); + $name = strip_tags($name); - $description = addslashes(strip_tags($description)); - $query = "update `tiki_files` set `name`='$name', `description`='$description' where `fileId`=$id"; - $result = $this->query($query); + $description = strip_tags($description); + $query = "update `tiki_files` set `name`=?, `description`=? where `fileId`=?"; + $result = $this->query($query,array($name,$description,$id)); // Get the gallery id for the file and update the last modified field $now = date("U"); - $galleryId = $this->getOne("select `galleryId` from `tiki_files` where `fileId`='$id'"); + $galleryId = $this->getOne("select `galleryId` from `tiki_files` where `fileId`=?",array($id)); if ($galleryId) { - $query = "update `tiki_file_galleries` set `lastModif`=$now where `galleryId`=$galleryId"; + $query = "update `tiki_file_galleries` set `lastModif`=? where `galleryId`=?"; - $this->query($query); + $this->query($query,array($now,$galleryId)); } return $result; @@ -310,4 +314,4 @@ $filegallib = new FileGalLib($dbTiki); -?> \ No newline at end of file +?> |