From 339014f8d60d2fa1b541e6c1013a43cd3fff188f Mon Sep 17 00:00:00 2001
From: Florian Azizian <florian.azizian@maarch.org>
Date: Tue, 14 Jul 2015 13:12:55 +0000
Subject: [PATCH] FEAT #2684 use PDO
---
notifications/trunk/batch/batch_tools.php | 47 ++++----
.../trunk/batch/load_process_email_stack.php | 5 +-
.../trunk/batch/load_process_event_stack.php | 5 +-
.../batch/load_stack_letterbox_alerts.php | 6 +-
.../trunk/batch/process_email_stack.php | 15 ++-
.../trunk/batch/process_event_stack.php | 78 ++++++--------
.../trunk/batch/stack_letterbox_alerts.php | 18 ++--
.../class/class_schedule_notifications.php | 8 +-
.../trunk/class/events_controler.php | 24 ++---
.../trunk/class/notifications_controler.php | 22 ++--
.../trunk/diffusion_types/contact.php | 38 +++++--
.../trunk/diffusion_types/copy_list.php | 64 +++++++----
.../diffusion_types/copy_list_sample.php | 64 +++++++----
.../trunk/diffusion_types/dest_user.php | 101 +++++++++++++-----
.../diffusion_types/dest_user_sample.php | 51 ++++++---
.../trunk/diffusion_types/entity.php | 36 +++++--
notifications/trunk/diffusion_types/group.php | 36 +++++--
.../trunk/diffusion_types/note_copy_list.php | 29 +++--
.../trunk/diffusion_types/note_dest_user.php | 30 ++++--
notifications/trunk/diffusion_types/user.php | 33 ++++--
.../trunk/load_attachfortype_formcontent.php | 1 -
.../trunk/load_diffusiontype_formcontent.php | 1 -
.../trunk/manage_notifications_controler.php | 17 ++-
.../trunk/manage_notifs_list_by_name.php | 16 ++-
24 files changed, 461 insertions(+), 284 deletions(-)
diff --git a/notifications/trunk/batch/batch_tools.php b/notifications/trunk/batch/batch_tools.php
index 732caa3757d..29cd172aa8a 100755
--- a/notifications/trunk/batch/batch_tools.php
+++ b/notifications/trunk/batch/batch_tools.php
@@ -1,7 +1,7 @@
<?php
/*
- * Copyright 2008-2011 Maarch
+ * Copyright 2008-2015 Maarch
*
* This file is part of Maarch Framework.
*
@@ -37,20 +37,25 @@
* @param boolean $transaction for rollback if error
* @return true if ok, exit if ko and rollback if necessary
*/
-function Bt_doQuery($dbConn, $queryTxt, $transaction=false)
+function Bt_doQuery($dbConn, $queryTxt, $param=array(), $transaction=false)
{
- $res = $dbConn->query($queryTxt, true);
- if (!$res) {
+ if (count($param) > 0) {
+ $stmt = $dbConn->query($queryTxt, $param);
+ } else {
+ $stmt = $dbConn->query($queryTxt);
+ }
+
+ if (!$stmt) {
if ($transaction) {
$GLOBALS['logger']->write('ROLLBACK', 'INFO');
- $dbConn->query('ROLLBACK', true);
+ $dbConn->query('ROLLBACK');
}
Bt_exitBatch(
104, 'SQL Query error:' . $queryTxt
);
}
$GLOBALS['logger']->write('SQL query:' . $queryTxt, 'DEBUG');
- return true;
+ return $stmt;
}
/**
@@ -98,16 +103,9 @@ function Bt_exitBatch($returnCode, $message='')
*/
function Bt_logInDataBase($totalProcessed=0, $totalErrors=0, $info='')
{
- $query = "insert into history_batch (module_name, batch_id, event_date, "
- . "total_processed, total_errors, info) values('"
- . $GLOBALS['batchName'] . "', " . $GLOBALS['wb'] . ", "
- . $GLOBALS['db']->current_datetime() . ", " . $totalProcessed . ", " . $totalErrors . ", '"
- . $GLOBALS['func']->protect_string_db(substr(str_replace('\\', '\\\\', str_replace("'", "`", $info)), 0, 999)) . "')";
- //. $GLOBALS['func']->protect_string_db(substr($info, 0, 999)) . "')";
- /*$dbLog = new dbquery();
- $dbLog->connect();
- $dbLog->query($query);*/
- //Bt_doQuery($GLOBALS['db'], $query);
+ $query = "INSERT INTO history_batch (module_name, batch_id, event_date, "
+ . "total_processed, total_errors, info) values(?, ?, CURRENT_TIMESTAMP, ?, ?, ?)";
+ $arrayPDO = array($GLOBALS['batchName'], $GLOBALS['wb'], $totalProcessed, $totalErrors, substr(str_replace('\\', '\\\\', str_replace("'", "`", $info)), 0, 999));
}
/**
@@ -117,16 +115,14 @@ function Bt_logInDataBase($totalProcessed=0, $totalErrors=0, $info='')
*/
function Bt_getWorkBatch()
{
- $req = "select param_value_int from parameters where id = "
- . "'". $GLOBALS['batchName'] . "_id'";
- $GLOBALS['db']->query($req);
- while ($reqResult = $GLOBALS['db']->fetch_array()) {
+ $req = "SELECT param_value_int FROM parameters WHERE id = ? ";
+ $stmt = $GLOBALS['db']->query($req, array($GLOBALS['batchName']."_id"));
+ while ($reqResult = $stmt->fetch(PDO::FETCH_ASSOC)) {
$GLOBALS['wb'] = $reqResult[0] + 1;
}
if ($GLOBALS['wb'] == '') {
- $req = "insert into parameters(id, param_value_int) values "
- . "('" . $GLOBALS['batchName'] . "_id', 1)";
- $GLOBALS['db']->query($req);
+ $req = "INSERT INTO parameters(id, param_value_int) VALUES (?, 1)";
+ $GLOBALS['db']->query($req, array($GLOBALS['batchName']."_id"));
$GLOBALS['wb'] = 1;
}
}
@@ -138,9 +134,8 @@ function Bt_getWorkBatch()
*/
function Bt_updateWorkBatch()
{
- $req = "update parameters set param_value_int = " . $GLOBALS['wb'] . " "
- . "where id = '" . $GLOBALS['batchName'] . "_id'";
- $GLOBALS['db']->query($req);
+ $req = "UPDATE parameters SET param_value_int = ? WHERE id = ?";
+ $GLOBALS['db']->query($req, array($GLOBALS['wb'], $GLOBALS['batchName']."_id"));
}
/**
diff --git a/notifications/trunk/batch/load_process_email_stack.php b/notifications/trunk/batch/load_process_email_stack.php
index 5eeea688726..c80b89fa967 100755
--- a/notifications/trunk/batch/load_process_email_stack.php
+++ b/notifications/trunk/batch/load_process_email_stack.php
@@ -170,7 +170,7 @@ try {
);
Bt_myInclude(
$GLOBALS['maarchDirectory'] . 'core' . DIRECTORY_SEPARATOR . 'class'
- . DIRECTORY_SEPARATOR . 'class_db.php'
+ . DIRECTORY_SEPARATOR . 'class_db_pdo.php'
);
Bt_myInclude(
$GLOBALS['maarchDirectory'] . 'core' . DIRECTORY_SEPARATOR . 'class'
@@ -198,8 +198,7 @@ $coreTools->load_lang($lang, $GLOBALS['maarchDirectory'], $maarchApps);
$GLOBALS['func'] = new functions();
-$GLOBALS['db'] = new dbquery($GLOBALS['configFile']);
-$GLOBALS['db']->connect();
+$GLOBALS['db'] = new Database($GLOBALS['configFile']);
$GLOBALS['errorLckFile'] = $GLOBALS['batchDirectory'] . DIRECTORY_SEPARATOR
. $GLOBALS['batchName'] . '_error.lck';
diff --git a/notifications/trunk/batch/load_process_event_stack.php b/notifications/trunk/batch/load_process_event_stack.php
index 6fe7c9ad1d1..af2b82f01c6 100755
--- a/notifications/trunk/batch/load_process_event_stack.php
+++ b/notifications/trunk/batch/load_process_event_stack.php
@@ -198,7 +198,7 @@ try {
);
Bt_myInclude(
'core' . DIRECTORY_SEPARATOR . 'class'
- . DIRECTORY_SEPARATOR . 'class_db.php'
+ . DIRECTORY_SEPARATOR . 'class_db_pdo.php'
);
Bt_myInclude(
'core' . DIRECTORY_SEPARATOR . 'class'
@@ -257,8 +257,7 @@ $diffusion_type_controler = new diffusion_type_controler();
$events_controler = new events_controler();
$templates_controler = new templates_controler();
-$db = new dbquery();
-$db->connect();
+$db = new Database();
$databasetype = (string)$xmlconfig->CONFIG_BASE->databasetype;
diff --git a/notifications/trunk/batch/load_stack_letterbox_alerts.php b/notifications/trunk/batch/load_stack_letterbox_alerts.php
index dd7a70ad70f..320d61e021f 100644
--- a/notifications/trunk/batch/load_stack_letterbox_alerts.php
+++ b/notifications/trunk/batch/load_stack_letterbox_alerts.php
@@ -179,7 +179,7 @@ try {
);
Bt_myInclude(
$maarchDirectory . 'core' . DIRECTORY_SEPARATOR . 'class'
- . DIRECTORY_SEPARATOR . 'class_db.php'
+ . DIRECTORY_SEPARATOR . 'class_db_pdo.php'
);
Bt_myInclude(
$maarchDirectory . 'core' . DIRECTORY_SEPARATOR . 'class'
@@ -208,8 +208,8 @@ $coreTools->load_lang($lang, $maarchDirectory, $maarchApps);
$func = new functions();
-$db = new dbquery($GLOBALS['configFile']);
-$db->connect();
+$db = new Database($GLOBALS['configFile']);
+
$databasetype = (string)$xmlconfig->CONFIG_BASE->databasetype;
$alert_engine = new alert_engine($GLOBALS['configFile']);
diff --git a/notifications/trunk/batch/process_email_stack.php b/notifications/trunk/batch/process_email_stack.php
index bc63bc4b7c4..e4544074414 100755
--- a/notifications/trunk/batch/process_email_stack.php
+++ b/notifications/trunk/batch/process_email_stack.php
@@ -18,15 +18,15 @@ while ($state <> 'END') {
case 'LOAD_EMAILS' :
$query = "SELECT * FROM " . _NOTIF_EMAIL_STACK_TABLE_NAME
. " WHERE exec_date is NULL";
- Bt_doQuery($GLOBALS['db'], $query);
- $totalEmailsToProcess = $GLOBALS['db']->nb_result();
+ $stmt = Bt_doQuery($GLOBALS['db'], $query, array());
+ $totalEmailsToProcess = $stmt->rowCount();
$currentEmail = 0;
if ($totalEmailsToProcess === 0) {
Bt_exitBatch(0, 'No e-mail to process');
}
$GLOBALS['logger']->write($totalEmailsToProcess . ' e-mails to proceed.', 'INFO');
$GLOBALS['emails'] = array();
- while ($emailRecordset = $GLOBALS['db']->fetch_object()) {
+ while ($emailRecordset = $stmt->fetchObject()) {
$GLOBALS['emails'][] = $emailRecordset;
}
$state = 'SEND_AN_EMAIL';
@@ -87,10 +87,9 @@ while ($state <> 'END') {
$GLOBALS['exitCode'] = 108;
}
$query = "UPDATE " . _NOTIF_EMAIL_STACK_TABLE_NAME
- . " SET exec_date = " . $GLOBALS['db']->current_datetime()
- . ", exec_result = '".$exec_result."' "
- . " WHERE email_stack_sid = ".$email->email_stack_sid;
- Bt_doQuery($GLOBALS['db'], $query);
+ . " SET exec_date = CURRENT_TIMESTAMP, exec_result = ? "
+ . " WHERE email_stack_sid = ?";
+ Bt_doQuery($GLOBALS['db'], $query, array($exec_result, $email->email_stack_sid));
$currentEmail++;
$state = 'SEND_AN_EMAIL';
} else {
@@ -104,7 +103,7 @@ $GLOBALS['logger']->write('End of process', 'INFO');
Bt_logInDataBase(
$totalEmailsToProcess, 0, 'process without error'
);
-$GLOBALS['db']->disconnect();
+
//unlink($GLOBALS['lckFile']);
exit($GLOBALS['exitCode']);
?>
diff --git a/notifications/trunk/batch/process_event_stack.php b/notifications/trunk/batch/process_event_stack.php
index dd942b6ccf5..34c1528578a 100755
--- a/notifications/trunk/batch/process_event_stack.php
+++ b/notifications/trunk/batch/process_event_stack.php
@@ -94,14 +94,13 @@ while ($state <> 'END') {
if($recipient->status == 'ABS') {
$logger->write($user_id .' is absent, routing to replacent', 'INFO');
unset($recipients[$i]);
- $query = "select us.* FROM users us"
+ $query = "SELECT us.* FROM users us"
. " JOIN user_abs abs ON us.user_id = abs.new_user "
- . " WHERE abs.user_abs = '".$user_id."' AND us.enabled='Y'";
- $dbAbs = new dbquery();
- $dbAbs->connect();
- $dbAbs->query($query);
- if($dbAbs->nb_result() > 0) {
- $recipient = $dbAbs->fetch_object();
+ . " WHERE abs.user_abs = ? AND us.enabled='Y'";
+ $dbAbs = new Database();
+ $stmt = $dbAbs->query($query, array($user_id));
+ if($stmt->rowCount() > 0) {
+ $recipient = $dbAbs->fetchObject($user_id);
$user_id = $recipient->user_id;
$logger->write($user_id .' is the replacent', 'INFO');
$recipients[] = $recipient;
@@ -165,9 +164,9 @@ while ($state <> 'END') {
}
// Prepare e-mail for stack
- $sender = $func->protect_string_db((string)$mailerParams->mailfrom);
+ $sender = (string)$mailerParams->mailfrom;
$recipient_mail = $tmpNotif['recipient']->mail;
- $subject = $func->protect_string_db($notification->description);
+ $subject = $notification->description;
$html = $func->protect_string_db($html, '', 'no');
$html = str_replace('&', '&', $html);
$html = str_replace('&', '#and#', $html);
@@ -184,9 +183,9 @@ while ($state <> 'END') {
. "mlb.path, "
. "mlb.filename "
. "FROM ".$coll_view." mlb LEFT JOIN docservers ds ON mlb.docserver_id = ds.docserver_id "
- . "WHERE mlb.res_id = " . $event->res_id;
- Bt_doQuery($db, $query);
- $path_parts = $db->fetch_object();
+ . "WHERE mlb.res_id = ?";
+ $stmt = Bt_doQuery($db, $query, array($event->res_id));
+ $path_parts = $stmt->fetchObject();
$path = $path_parts->path_template . str_replace('#', '/', $path_parts->path) . $path_parts->filename;
$path = str_replace('//', '/', $path);
$path = str_replace('\\', '/', $path);
@@ -199,34 +198,31 @@ while ($state <> 'END') {
$logger->write('Adding e-mail to email stack', 'INFO');
if ($_SESSION['config']['databasetype'] == 'ORACLE') {
$query = "DECLARE
- vString notif_email_stack.html_body%type;
-BEGIN
- vString := '" . $html ."';
- INSERT INTO " . _NOTIF_EMAIL_STACK_TABLE_NAME . "
- (sender, recipient, subject, html_body, charset, attachments, module)
- VALUES ('".$sender."',
- '".$recipient_mail."',
- '".$subject."',
- vString,
- '".(string)$mailerParams->charset."',
- '".implode(',', $attachments)."',
- 'notifications');
-END;";
+ vString notif_email_stack.html_body%type;
+ BEGIN
+ vString := '" . $html ."';
+ INSERT INTO " . _NOTIF_EMAIL_STACK_TABLE_NAME . "
+ (sender, recipient, subject, html_body, charset, attachments, module)
+ VALUES (?, ?, ?, vString, ?, '".implode(',', $attachments)."', 'notifications');
+ END;";
+ $arrayPDO = array($sender, $recipient_mail, $subject, $mailerParams->charset);
} else {
- $query = "INSERT INTO " . _NOTIF_EMAIL_STACK_TABLE_NAME
+
+ if(count($attachments) > 0) {
+ $query = "INSERT INTO " . _NOTIF_EMAIL_STACK_TABLE_NAME
. " (sender, recipient, subject, html_body, charset, attachments, module) "
- . "VALUES ('".$sender."', "
- . "'".$recipient_mail."', "
- . "'".$subject."', "
- . "'" . $html . "', "
- . "'".(string)$mailerParams->charset."', "
- . "'".implode(',', $attachments)."', "
- . "'notifications')";
+ . "VALUES (?, ?, ?, ?, ?, '".implode(',', $attachments)."', 'notifications')";
+ } else {
+ $query = "INSERT INTO " . _NOTIF_EMAIL_STACK_TABLE_NAME
+ . " (sender, recipient, subject, html_body, charset, module) "
+ . "VALUES (?, ?, ?, ?, ?, 'notifications')";
+ }
+ $arrayPDO = array($sender, $recipient_mail, $subject, $html, $mailerParams->charset);
+
}
//$logger->write('SQL query:' . $query, 'DEBUG');
- $db2 = new dbquery();
- $db2->connect();
- $db2->query($query, false, true);
+ $db2 = new Database();
+ $db2->query($query, $arrayPDO);
foreach($tmpNotif['events'] as $event) {
$events_controler->commitEvent($event->event_stack_sid, "SUCCESS");
@@ -251,13 +247,10 @@ END;";
// Inser into stack
$query = "INSERT INTO " . _NOTIF_RSS_STACK_TABLE_NAME
. " (rss_user_id, rss_event_stack_sid, rss_event_url) "
- . "VALUES ('".$user_id."', "
- . "".$event->event_stack_sid.", "
- . "'".$url."')";
+ . "VALUES (?, ?, ?)";
//$logger->write('SQL query:' . $query, 'DEBUG');
- $db2 = new dbquery();
- $db2->connect();
- $db2->query($query, false, true);
+ $db2 = new Database();
+ $db2->query($query, array($user_id, $event->event_stack_sid, $url));
$events_controler->commitEvent($event->event_stack_sid, "SUCCESS");
}
@@ -273,7 +266,6 @@ $logger->write('End of process', 'INFO');
Bt_logInDataBase(
$totalEventsToProcess, 0, 'process without error'
);
-//$db->disconnect();
//unlink($GLOBALS['lckFile']);
exit($GLOBALS['exitCode']);
?>
diff --git a/notifications/trunk/batch/stack_letterbox_alerts.php b/notifications/trunk/batch/stack_letterbox_alerts.php
index a6ba2ff6b6f..448ea9f11b3 100644
--- a/notifications/trunk/batch/stack_letterbox_alerts.php
+++ b/notifications/trunk/batch/stack_letterbox_alerts.php
@@ -19,14 +19,14 @@ while ($state <> 'END') {
$query = "SELECT notification_sid, event_id FROM "
. _NOTIFICATIONS_TABLE_NAME
. " WHERE event_id IN ('alert1', 'alert2') ";
- Bt_doQuery($db, $query);
- $totalAlertsToProcess = $GLOBALS['db']->nb_result();
+ $stmt = Bt_doQuery($db, $query);
+ $totalAlertsToProcess = $stmt->rowCount();
if ($totalAlertsToProcess === 0) {
Bt_exitBatch(0, 'No alert parametered');
}
$logger->write($totalAlertsToProcess . " notifications parametered for mail alerts", 'INFO');
$GLOBALS['alert_notifs'] = array();
- while ($alertRecordset = $GLOBALS['db']->fetch_object()) {
+ while ($alertRecordset = $stmt->fetchObject()) {
$GLOBALS['alert_notifs'][$alertRecordset->event_id][] = $alertRecordset->notification_sid;
}
@@ -39,10 +39,10 @@ while ($state <> 'END') {
/**********************************************************************/
case 'LOAD_DOCTYPES' :
$query = "SELECT * FROM " . $collDoctypeExt;
- Bt_doQuery($db, $query);
- $totalDocTypes = $GLOBALS['db']->nb_result();
+ $stmt = Bt_doQuery($db, $query);
+ $totalDocTypes = $stmt->rowCount();
$GLOBALS['doctypes'] = array();
- while ($doctypeRecordset = $GLOBALS['db']->fetch_object()) {
+ while ($doctypeRecordset = $stmt->fetchObject()) {
$GLOBALS['doctypes'][$doctypeRecordset->type_id] = $doctypeRecordset;
}
$logger->write($totalDocTypes . " document types parametered", 'INFO');
@@ -59,15 +59,15 @@ while ($state <> 'END') {
. " AND status NOT IN ('CLO', 'DEL', 'END')"
. " AND (flag_alarm1 = 'N' OR flag_alarm2 = 'N')"
. " AND process_limit_date IS NOT NULL";
- Bt_doQuery($GLOBALS['db'], $query);
- $totalDocsToProcess = $GLOBALS['db']->nb_result();
+ $stmt = Bt_doQuery($GLOBALS['db'], $query);
+ $totalDocsToProcess = $stmt->rowCount();
$currentDoc = 0;
if ($totalDocsToProcess === 0) {
Bt_exitBatch(0, 'No document to process');
}
$logger->write($totalDocsToProcess . " documents to process (i.e. not closed, at least one alert to send)", 'INFO');
$GLOBALS['docs'] = array();
- while ($DocRecordset = $GLOBALS['db']->fetch_object()) {
+ while ($DocRecordset = $stmt->fetchObject()) {
$GLOBALS['docs'][] = $DocRecordset;
}
$state = 'A_DOC';
diff --git a/notifications/trunk/class/class_schedule_notifications.php b/notifications/trunk/class/class_schedule_notifications.php
index f37d59c9010..bad36dc3684 100644
--- a/notifications/trunk/class/class_schedule_notifications.php
+++ b/notifications/trunk/class/class_schedule_notifications.php
@@ -86,13 +86,11 @@ class ScheduleNotifications{
function getAuthorizedNotifications (){
require_once ("core/class/class_request.php");
- $db = new dbquery();
- $db->connect();
- $db->query("SELECT notification_sid, description FROM notifications WHERE is_enabled = 'Y'");
+ $db = new Database();
+ $stmt = $db->query("SELECT notification_sid, description FROM notifications WHERE is_enabled = 'Y'");
$notificationsArray = array();
-
- while($result = $db->fetch_object()){
+ while($result = $stmt->fetchObject()){
$filename = "notification";
if (isset($_SESSION['custom_override_id']) && $_SESSION['custom_override_id']<>"") {
$filename.="_".str_replace(" ", "", $_SESSION['custom_override_id']);
diff --git a/notifications/trunk/class/events_controler.php b/notifications/trunk/class/events_controler.php
index 6350f89ca14..94e44f78abc 100644
--- a/notifications/trunk/class/events_controler.php
+++ b/notifications/trunk/class/events_controler.php
@@ -50,12 +50,11 @@ class events_controler
{
$query = "SELECT * FROM " . _NOTIF_EVENT_STACK_TABLE_NAME
. " WHERE exec_date is NULL "
- . " AND notification_sid = " . $notification_sid ;
- $dbConn = new dbquery();
- $dbConn->connect();
- $dbConn->query($query);
+ . " AND notification_sid = ?";
+ $dbConn = new Database();
+ $stmt = $dbConn->query($query, array($notification_sid));
$events = array();
- while ($eventRecordset = $dbConn->fetch_object()) {
+ while ($eventRecordset = $stmt->fetchObject()) {
$events[] = $eventRecordset;
}
return $events;
@@ -105,9 +104,7 @@ class events_controler
."?, "
."?, "
."?, "
- ."?, "
- .$dbConn->current_datetime()
- .")",
+ ."?, CURRENT_TIMESTAMP)",
array(
$notification->notification_sid,
$table_name,
@@ -120,15 +117,12 @@ class events_controler
}
public function commitEvent($eventId, $result) {
- $dbConn = new dbquery();
- $dbConn->connect();
+ $dbConn = new Database();
$query = "UPDATE " . _NOTIF_EVENT_STACK_TABLE_NAME
- . " SET exec_date = ".$dbConn->current_datetime().", exec_result = '".$result."'"
- . " WHERE event_stack_sid = ".$eventId;
- $dbConn->query($query);
+ . " SET exec_date = CURRENT_TIMESTAMP, exec_result = ?"
+ . " WHERE event_stack_sid = ?";
+ $dbConn->query($query, array($result, $eventId));
}
-
}
-
diff --git a/notifications/trunk/class/notifications_controler.php b/notifications/trunk/class/notifications_controler.php
index 9bf746bcf04..013125e473b 100644
--- a/notifications/trunk/class/notifications_controler.php
+++ b/notifications/trunk/class/notifications_controler.php
@@ -72,12 +72,10 @@ class notifications_controler extends ObjectControler implements ObjectControler
}
public function getByNotificationId($notificationId) {
- $query = "select * from " . _NOTIFICATIONS_TABLE_NAME
- . " where notification_id = '".$notificationId."'";
- $dbConn = new dbquery();
- $dbConn->connect();
- $dbConn->query($query);
- $notifObj = $dbConn->fetch_object();
+ $query = "SELECT * FROM " . _NOTIFICATIONS_TABLE_NAME . " WHERE notification_id = ?";
+ $dbConn = new Database();
+ $stmt = $dbConn->query($query, array($notificationId));
+ $notifObj = $stmt->fetchObject();
return $notifObj;
}
@@ -195,10 +193,9 @@ class notifications_controler extends ObjectControler implements ObjectControler
}
} else { //mode == add
if ($this->insert($notification)) {
- $dbConn = new dbquery();
- $dbConn->connect();
- $dbConn->query("SELECT notification_sid FROM notifications ORDER BY notification_sid DESC limit 1");
- $result_sid = $dbConn->fetch_object();
+ $dbConn = new Database();
+ $stmt = $dbConn->query("SELECT notification_sid FROM notifications ORDER BY notification_sid DESC limit 1");
+ $result_sid = $stmt->fetchObject();
$control = array('status' => 'ok',
'value' => $result_sid->notification_sid);
//log
@@ -249,9 +246,8 @@ class notifications_controler extends ObjectControler implements ObjectControler
$notification->notification_id = $f->protect_string_db(
$f->wash($notification->notification_id, 'no', _ID, 'yes', 0, 50)
);
- $notification->description = $f->protect_string_db(
- $f->wash($notification->description, 'no', _DESC, 'yes', 0, 255)
- );
+ $notification->description = $f->wash($notification->description, 'no', _DESC, 'yes', 0, 255);
+
if ($notification->is_enabled == 'false') {
$notification->is_enabled = false;
} else {
diff --git a/notifications/trunk/diffusion_types/contact.php b/notifications/trunk/diffusion_types/contact.php
index 7c10bc5771a..1beb1f12bf6 100644
--- a/notifications/trunk/diffusion_types/contact.php
+++ b/notifications/trunk/diffusion_types/contact.php
@@ -1,4 +1,24 @@
<?php
+
+/*
+* Copyright 2008-2015 Maarch
+*
+* This file is part of Maarch Framework.
+*
+* Maarch Framework is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* Maarch Framework is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with Maarch Framework. If not, see <http://www.gnu.org/licenses/>.
+*/
+
switch ($request) {
case 'form_content':
$form_content .= '<p class="sstit">' . _NOTIFICATIONS_CONTACT_DIFF_TYPE . '</p>';
@@ -8,12 +28,11 @@ case 'form_content':
case 'recipients':
$query = "SELECT contact_id as user_id, contact_email as mail"
. " FROM res_view_letterbox "
- . " WHERE (contact_email is not null or contact_email <> '') and res_id = ".$event->record_id;
- $dbRecipients = new dbquery();
- $dbRecipients->query($query);
- $dbRecipients->connect();
+ . " WHERE (contact_email is not null or contact_email <> '') and res_id = ?";
+ $dbRecipients = new Database();
+ $stmt = $dbRecipients->query($query, array($event->record_id));
$recipients = array();
- while($recipient = $dbRecipients->fetch_object()) {
+ while($recipient = $stmt->fetchObject()) {
$recipients[] = $recipient;
}
break;
@@ -21,12 +40,11 @@ case 'recipients':
case 'attach':
$query = "SELECT contact_id as user_id, contact_email as mail"
. " FROM res_view_letterbox "
- . " WHERE (contact_email is not null or contact_email <> '') and res_id = ".$event->record_id;
+ . " WHERE (contact_email is not null or contact_email <> '') and res_id = ?";
$attach = false;
- $dbAttach = new dbquery();
- $dbAttach->connect();
- $dbAttach->query($query);
- if($dbAttach->nb_result() > 0) {
+ $dbAttach = new Database();
+ $stmt = $dbAttach->query($query, array($event->record_id));
+ if($stmt->rowCount() > 0) {
$attach = true;
}
break;
diff --git a/notifications/trunk/diffusion_types/copy_list.php b/notifications/trunk/diffusion_types/copy_list.php
index 9c9ca32f077..5676e44671f 100644
--- a/notifications/trunk/diffusion_types/copy_list.php
+++ b/notifications/trunk/diffusion_types/copy_list.php
@@ -1,5 +1,24 @@
<?php
+/*
+* Copyright 2008-2015 Maarch
+*
+* This file is part of Maarch Framework.
+*
+* Maarch Framework is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* Maarch Framework is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with Maarch Framework. If not, see <http://www.gnu.org/licenses/>.
+*/
+
switch ($request) {
case 'form_content':
//Affichage du formulaire/interface dans l'administration des notification => Envoi Ajax
@@ -8,8 +27,7 @@ case 'form_content':
case 'recipients':
$recipients = array();
- $dbRecipients = new dbquery();
- $dbRecipients->connect();
+ $dbRecipients = new Database();
// Copy to users
$select = "SELECT distinct us.*";
@@ -18,13 +36,15 @@ case 'recipients':
$where = " WHERE li.coll_id = 'letterbox_coll' AND li.item_mode = 'cc'"
. " AND item_type='user_id'";
+ $arrayPDO = array(":recordid" => $event->record_id);
+
switch($event->table_name) {
case 'notes':
$from .= " JOIN notes ON notes.coll_id = li.coll_id AND notes.identifier = li.res_id";
- $where .= " AND notes.id = " . $event->record_id . " AND li.item_id != notes.user_id"
+ $where .= " AND notes.id = :recordid AND li.item_id != notes.user_id"
. " AND ("
. " notes.id not in (SELECT DISTINCT note_id FROM note_entities) "
- . " OR us.user_id IN (SELECT ue.user_id FROM note_entities ne JOIN users_entities ue ON ne.item_id = ue.entity_id WHERE ne.note_id = " . $event->record_id . ")"
+ . " OR us.user_id IN (SELECT ue.user_id FROM note_entities ne JOIN users_entities ue ON ne.item_id = ue.entity_id WHERE ne.note_id = :recordid)"
. ")"
;
break;
@@ -32,13 +52,14 @@ case 'recipients':
case 'res_letterbox':
case 'res_view_letterbox':
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND lb.res_id = " . $event->record_id;
+ $where .= " AND lb.res_id = :recordid";
break;
case 'listinstance':
default:
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND listinstance_id = " . $event->record_id . " AND lb.status not in ('INIT', 'AVAL') AND li.item_id <> '". $event->user_id ."'";
+ $where .= " AND listinstance_id = :recordid AND lb.status not in ('INIT', 'AVAL') AND li.item_id <> :userid";
+ $arrayPDO = array_merge($arrayPDO, array(":userid" => $event->user_id));
}
$query = $select . $from . $where;
@@ -47,12 +68,13 @@ case 'recipients':
$GLOBALS['logger']->write($query , 'DEBUG');
}
- $dbRecipients->query($query);
+ $stmt = $dbRecipients->query($query, $arrayPDO);
- while($recipient = $dbRecipients->fetch_object()) {
+ while($recipient = $stmt->fetchObject()) {
$recipients[] = $recipient;
}
+ $arrayPDO = array(":recordid" => $event->record_id);
// Copy to entities
$select = "SELECT distinct us.*";
$from = " FROM listinstance li "
@@ -64,10 +86,10 @@ case 'recipients':
switch($event->table_name) {
case 'notes':
$from .= " JOIN notes ON notes.coll_id = li.coll_id AND notes.identifier = li.res_id";
- $where .= " AND notes.id = " . $event->record_id . " AND li.item_id != notes.user_id"
+ $where .= " AND notes.id = :recordid AND li.item_id != notes.user_id"
. " AND ("
. " notes.id not in (SELECT DISTINCT note_id FROM note_entities) "
- . " OR us.user_id IN (SELECT ue.user_id FROM note_entities ne JOIN users_entities ue ON ne.item_id = ue.entity_id WHERE ne.note_id = " . $event->record_id . ")"
+ . " OR us.user_id IN (SELECT ue.user_id FROM note_entities ne JOIN users_entities ue ON ne.item_id = ue.entity_id WHERE ne.note_id = :recordid)"
. ")"
;
break;
@@ -75,12 +97,12 @@ case 'recipients':
case 'res_letterbox':
case 'res_view_letterbox':
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND lb.res_id = " . $event->record_id;
+ $where .= " AND lb.res_id = :recordid";
break;
case 'listinstance':
default:
- $where .= " AND listinstance_id = " . $event->record_id;
+ $where .= " AND listinstance_id = :recordid";
}
$query = $select . $from . $where;
@@ -89,9 +111,9 @@ case 'recipients':
$GLOBALS['logger']->write($query , 'DEBUG');
}
- $dbRecipients->query($query);
+ $stmt = $dbRecipients->query($query, $arrayPDO);
- while($recipient = $dbRecipients->fetch_object()) {
+ while($recipient = $stmt->fetchObject()) {
$recipients[] = $recipient;
}
break;
@@ -101,6 +123,7 @@ case 'attach':
break;
case 'res_id':
+ $arrayPDO = array(":recordid" => $event->record_id);
$select = "SELECT li.res_id";
$from = " FROM listinstance li";
$where = " WHERE li.coll_id = 'letterbox_coll' ";
@@ -108,18 +131,18 @@ case 'res_id':
switch($event->table_name) {
case 'notes':
$from .= " JOIN notes ON notes.coll_id = li.coll_id AND notes.identifier = li.res_id";
- $where .= " AND notes.id = " . $event->record_id . " AND li.item_id != notes.user_id";
+ $where .= " AND notes.id = :recordid AND li.item_id != notes.user_id";
break;
case 'res_letterbox':
case 'res_view_letterbox':
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND lb.res_id = " . $event->record_id;
+ $where .= " AND lb.res_id = :recordid";
break;
case 'listinstance':
default:
- $where .= " AND listinstance_id = " . $event->record_id;
+ $where .= " AND listinstance_id = :recordid";
}
$query = $query = $select . $from . $where;
@@ -128,10 +151,9 @@ case 'res_id':
$GLOBALS['logger']->write($query , 'DEBUG');
}
- $dbResId = new dbquery();
- $dbResId->connect();
- $dbResId->query($query);
- $res_id_record = $dbResId->fetch_object();
+ $dbResId = new Database();
+ $stmt = $dbResId->query($query, $arrayPDO);
+ $res_id_record = $stmt->fetchObject();
$res_id = $res_id_record->res_id;
break;
diff --git a/notifications/trunk/diffusion_types/copy_list_sample.php b/notifications/trunk/diffusion_types/copy_list_sample.php
index 54af67ee6fe..84e7d0f47fc 100644
--- a/notifications/trunk/diffusion_types/copy_list_sample.php
+++ b/notifications/trunk/diffusion_types/copy_list_sample.php
@@ -1,5 +1,24 @@
<?php
+/*
+* Copyright 2008-2015 Maarch
+*
+* This file is part of Maarch Framework.
+*
+* Maarch Framework is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* Maarch Framework is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with Maarch Framework. If not, see <http://www.gnu.org/licenses/>.
+*/
+
switch ($request) {
case 'form_content':
//Affichage du formulaire/interface dans l'administration des notification => Envoi Ajax
@@ -8,8 +27,8 @@ case 'form_content':
case 'recipients':
$recipients = array();
- $dbRecipients = new dbquery();
- $dbRecipients->connect();
+ $dbRecipients = new Database();
+ $arrayPDO = array(":recordid" => $event->record_id);
// Copy to users
$select = "SELECT distinct us.*";
@@ -22,10 +41,10 @@ case 'recipients':
case 'notes':
$from .= " JOIN notes ON notes.coll_id = li.coll_id AND notes.identifier = li.res_id";
$from .= " JOIN res_letterbox lb ON lb.res_id = notes.identifier";
- $where .= " AND notes.id = " . $event->record_id . " AND li.item_id != notes.user_id"
+ $where .= " AND notes.id = :recordid AND li.item_id != notes.user_id"
. " AND ("
. " notes.id not in (SELECT DISTINCT note_id FROM note_entities) "
- . " OR us.user_id IN (SELECT ue.user_id FROM note_entities ne JOIN users_entities ue ON ne.item_id = ue.entity_id WHERE ne.note_id = " . $event->record_id . ")"
+ . " OR us.user_id IN (SELECT ue.user_id FROM note_entities ne JOIN users_entities ue ON ne.item_id = ue.entity_id WHERE ne.note_id = :recordid)"
. ")";
$where .= " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
break;
@@ -33,13 +52,13 @@ case 'recipients':
case 'res_letterbox':
case 'res_view_letterbox':
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND lb.res_id = " . $event->record_id . " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
+ $where .= " AND lb.res_id = :recordid AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
break;
case 'listinstance':
default:
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND listinstance_id = " . $event->record_id . " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
+ $where .= " AND listinstance_id = :recordid AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
}
$query = $select . $from . $where;
@@ -48,12 +67,13 @@ case 'recipients':
$GLOBALS['logger']->write($query , 'DEBUG');
}
- $dbRecipients->query($query);
+ $stmt = $dbRecipients->query($query, $arrayPDO);
- while($recipient = $dbRecipients->fetch_object()) {
+ while($recipient = $stmt->fetchObject()) {
$recipients[] = $recipient;
}
+ $arrayPDO = array(":recordid" => $event->record_id);
// Copy to entities
$select = "SELECT distinct us.*";
$from = " FROM listinstance li "
@@ -66,10 +86,10 @@ case 'recipients':
case 'notes':
$from .= " JOIN notes ON notes.coll_id = li.coll_id AND notes.identifier = li.res_id";
$from .= " JOIN res_letterbox lb ON lb.res_id = notes.identifier";
- $where .= " AND notes.id = " . $event->record_id . " AND li.item_id != notes.user_id"
+ $where .= " AND notes.id = :recordid AND li.item_id != notes.user_id"
. " AND ("
. " notes.id not in (SELECT DISTINCT note_id FROM note_entities) "
- . " OR us.user_id IN (SELECT ue.user_id FROM note_entities ne JOIN users_entities ue ON ne.item_id = ue.entity_id WHERE ne.note_id = " . $event->record_id . ")"
+ . " OR us.user_id IN (SELECT ue.user_id FROM note_entities ne JOIN users_entities ue ON ne.item_id = ue.entity_id WHERE ne.note_id = :recordid)"
. ")";
$where .= " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
break;
@@ -77,14 +97,13 @@ case 'recipients':
case 'res_letterbox':
case 'res_view_letterbox':
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND lb.res_id = " . $event->record_id . " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
+ $where .= " AND lb.res_id = :recordid AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
break;
case 'listinstance':
default:
- //$where .= " AND listinstance_id = " . $event->record_id;
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND listinstance_id = " . $event->record_id . " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
+ $where .= " AND listinstance_id = :recordid AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
}
$query = $select . $from . $where;
@@ -93,9 +112,9 @@ case 'recipients':
$GLOBALS['logger']->write($query , 'DEBUG');
}
- $dbRecipients->query($query);
+ $stmt = $dbRecipients->query($query, $arrayPDO);
- while($recipient = $dbRecipients->fetch_object()) {
+ while($recipient = $stmt->fetchObject()) {
$recipients[] = $recipient;
}
break;
@@ -105,6 +124,7 @@ case 'attach':
break;
case 'res_id':
+ $arrayPDO = array(":recordid" => $event->record_id);
$select = "SELECT li.res_id";
$from = " FROM listinstance li";
$where = " WHERE li.coll_id = 'letterbox_coll' ";
@@ -113,21 +133,20 @@ case 'res_id':
case 'notes':
$from .= " JOIN notes ON notes.coll_id = li.coll_id AND notes.identifier = li.res_id";
$from .= " JOIN res_letterbox lb ON lb.res_id = notes.identifier";
- $where .= " AND notes.id = " . $event->record_id . " AND li.item_id != notes.user_id";
+ $where .= " AND notes.id = :recordid AND li.item_id != notes.user_id";
$where .= " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
break;
case 'res_letterbox':
case 'res_view_letterbox':
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND lb.res_id = " . $event->record_id . " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
+ $where .= " AND lb.res_id = :recordid AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
break;
case 'listinstance':
default:
- //$where .= " AND listinstance_id = " . $event->record_id;
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND listinstance_id = " . $event->record_id. " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
+ $where .= " AND listinstance_id = :recordid AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
}
$query = $query = $select . $from . $where;
@@ -136,10 +155,9 @@ case 'res_id':
$GLOBALS['logger']->write($query , 'DEBUG');
}
- $dbResId = new dbquery();
- $dbResId->connect();
- $dbResId->query($query);
- $res_id_record = $dbResId->fetch_object();
+ $dbResId = new Database();
+ $stmt = $dbResId->query($query, $arrayPDO);
+ $res_id_record = $stmt->fetchObject();
$res_id = $res_id_record->res_id;
break;
diff --git a/notifications/trunk/diffusion_types/dest_user.php b/notifications/trunk/diffusion_types/dest_user.php
index 356e6a304c6..f6320486bf7 100755
--- a/notifications/trunk/diffusion_types/dest_user.php
+++ b/notifications/trunk/diffusion_types/dest_user.php
@@ -1,4 +1,24 @@
<?php
+
+/*
+* Copyright 2008-2015 Maarch
+*
+* This file is part of Maarch Framework.
+*
+* Maarch Framework is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* Maarch Framework is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with Maarch Framework. If not, see <http://www.gnu.org/licenses/>.
+*/
+
switch ($request) {
case 'form_content':
require_once 'core/class/class_request.php' ;
@@ -13,10 +33,10 @@ case 'form_content':
$select["status"] = array();
array_push($select["status"], 'id', 'label_status');
$request = new request();
- $where = 'id NOT IN ('.$choosen_status_sring.')';
+ $where = 'id NOT IN (?)';
$what = '';
- $tab = $request->select(
- $select, $where, $orderstr, $_SESSION['config']['databasetype']
+ $tab = $request->PDOselect(
+ $select, $where, array($choosen_status_tab), $orderstr, $_SESSION['config']['databasetype']
);
$status_list = $tab;
@@ -55,38 +75,53 @@ case 'form_content':
case 'recipients':
$recipients = array();
- $dbRecipients = new dbquery();
- $dbRecipients->connect();
+ $dbRecipients = new Database();
$select = "SELECT distinct us.*";
$from = " FROM listinstance li JOIN users us ON li.item_id = us.user_id";
$where = " WHERE li.coll_id = 'letterbox_coll' AND li.item_mode = 'dest'";
+ $arrayPDO = array(":recordid" => $event->record_id);
switch($event->table_name) {
case 'notes':
$from .= " JOIN notes ON notes.coll_id = li.coll_id AND notes.identifier = li.res_id";
$from .= " JOIN res_letterbox lb ON lb.res_id = notes.identifier";
- $where .= " AND notes.id = " . $event->record_id . " AND li.item_id != notes.user_id"
+ $where .= " AND notes.id = :recordid AND li.item_id != notes.user_id"
. " AND ("
. " notes.id not in (SELECT DISTINCT note_id FROM note_entities) "
- . " OR us.user_id IN (SELECT ue.user_id FROM note_entities ne JOIN users_entities ue ON ne.item_id = ue.entity_id WHERE ne.note_id = " . $event->record_id . ")"
+ . " OR us.user_id IN (SELECT ue.user_id FROM note_entities ne JOIN users_entities ue ON ne.item_id = ue.entity_id WHERE ne.note_id = :recordid)"
. ")";
- if($notification->diffusion_properties!=''){$status_tab=explode(",",$notification->diffusion_properties);$status_str=implode("','",$status_tab); $where .= " AND lb.status in ('".$status_str."')";}
+ if($notification->diffusion_properties!=''){
+ $status_tab=explode(",",$notification->diffusion_properties);
+ // $status_str=implode("','",$status_tab);
+ $where .= " AND lb.status in (:statustab)";
+ $arrayPDO = array_merge($arrayPDO, array(":statustab" => $status_tab));
+ }
+
break;
case 'res_letterbox':
case 'res_view_letterbox':
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND lb.res_id = " . $event->record_id ;
- if($notification->diffusion_properties!=''){$status_tab=explode(",",$notification->diffusion_properties);$status_str=implode("','",$status_tab); $where .= " AND lb.status in ('".$status_str."')";}
+ $where .= " AND lb.res_id = :recordid";
+ if($notification->diffusion_properties!=''){
+ $status_tab=explode(",",$notification->diffusion_properties);
+ // $status_str=implode("','",$status_tab);
+ $where .= " AND lb.status in (:statustab)";
+ $arrayPDO = array_merge($arrayPDO, array(":statustab" => $status_tab));
+ }
break;
case 'listinstance':
default:
- //$where .= " AND listinstance_id = " . $event->record_id;
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND listinstance_id = " . $event->record_id;
- if($notification->diffusion_properties!=''){$status_tab=explode(",",$notification->diffusion_properties);$status_str=implode("','",$status_tab); $where .= " AND lb.status in ('".$status_str."')";}
+ $where .= " AND listinstance_id = :recordid";
+ if($notification->diffusion_properties!=''){
+ $status_tab=explode(",",$notification->diffusion_properties);
+ // $status_str=implode("','",$status_tab);
+ $where .= " AND lb.status in (:statustab)";
+ $arrayPDO = array_merge($arrayPDO, array(":statustab" => $status_tab));
+ }
}
$query = $select . $from . $where;
@@ -94,9 +129,9 @@ case 'recipients':
if($GLOBALS['logger']) {
$GLOBALS['logger']->write($query , 'DEBUG');
}
- $dbRecipients->query($query);
+ $stmt = $dbRecipients->query($query, $arrayPDO);
- while($recipient = $dbRecipients->fetch_object()) {
+ while($recipient = $stmt->fetchObject()) {
$recipients[] = $recipient;
}
break;
@@ -111,27 +146,42 @@ case 'res_id':
$from = " FROM listinstance li";
$where = " WHERE li.coll_id = 'letterbox_coll' ";
+ $arrayPDO = array(":recordid" => $event->record_id);
switch($event->table_name) {
case 'notes':
$from .= " JOIN notes ON notes.coll_id = li.coll_id AND notes.identifier = li.res_id";
$from .= " JOIN res_letterbox lb ON lb.res_id = notes.identifier";
- $where .= " AND notes.id = " . $event->record_id . " AND li.item_id != notes.user_id";
- if($notification->diffusion_properties!=''){$status_tab=explode(",",$notification->diffusion_properties);$status_str=implode("','",$status_tab); $where .= " AND lb.status in ('".$status_str."')";}
+ $where .= " AND notes.id = :recordid AND li.item_id != notes.user_id";
+ if($notification->diffusion_properties!=''){
+ $status_tab=explode(",",$notification->diffusion_properties);
+ // $status_str=implode("','",$status_tab);
+ $where .= " AND lb.status in (:statustab)";
+ $arrayPDO = array_merge($arrayPDO, array(":statustab" => $status_tab));
+ }
break;
case 'res_letterbox':
case 'res_view_letterbox':
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND lb.res_id = " . $event->record_id;
- if($notification->diffusion_properties!=''){$status_tab=explode(",",$notification->diffusion_properties);$status_str=implode("','",$status_tab); $where .= " AND lb.status in ('".$status_str."')";}
+ $where .= " AND lb.res_id = :recordid";
+ if($notification->diffusion_properties!=''){
+ $status_tab=explode(",",$notification->diffusion_properties);
+ // $status_str=implode("','",$status_tab);
+ $where .= " AND lb.status in (:statustab)";
+ $arrayPDO = array_merge($arrayPDO, array(":statustab" => $status_tab));
+ }
break;
case 'listinstance':
default:
- //$where .= " AND listinstance_id = " . $event->record_id;
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND listinstance_id = " . $event->record_id;
- if($notification->diffusion_properties!=''){$status_tab=explode(",",$notification->diffusion_properties);$status_str=implode("','",$status_tab); $where .= " AND lb.status in ('".$status_str."')";}
+ $where .= " AND listinstance_id = :recordid";
+ if($notification->diffusion_properties!=''){
+ $status_tab=explode(",",$notification->diffusion_properties);
+ // $status_str=implode("','",$status_tab);
+ $where .= " AND lb.status in (:statustab)";
+ $arrayPDO = array_merge($arrayPDO, array(":statustab" => $status_tab));
+ }
}
$query = $query = $select . $from . $where;
@@ -139,10 +189,9 @@ case 'res_id':
if($GLOBALS['logger']) {
$GLOBALS['logger']->write($query , 'DEBUG');
}
- $dbResId = new dbquery();
- $dbResId->connect();
- $dbResId->query($query);
- $res_id_record = $dbResId->fetch_object();
+ $dbResId = new Database();
+ $stmt = $dbResId->query($query, $arrayPDO);
+ $res_id_record = $stmt->fetchObject();
$res_id = $res_id_record->res_id;
break;
diff --git a/notifications/trunk/diffusion_types/dest_user_sample.php b/notifications/trunk/diffusion_types/dest_user_sample.php
index 19be02e2507..966dcadb632 100644
--- a/notifications/trunk/diffusion_types/dest_user_sample.php
+++ b/notifications/trunk/diffusion_types/dest_user_sample.php
@@ -1,4 +1,24 @@
<?php
+
+/*
+* Copyright 2008-2015 Maarch
+*
+* This file is part of Maarch Framework.
+*
+* Maarch Framework is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* Maarch Framework is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with Maarch Framework. If not, see <http://www.gnu.org/licenses/>.
+*/
+
switch ($request) {
case 'form_content':
$form_content .= '<p class="sstit">' . _NOTIFICATIONS_DEST_USER_DIFF_TYPE . '</p>';
@@ -6,21 +26,21 @@ case 'form_content':
case 'recipients':
$recipients = array();
- $dbRecipients = new dbquery();
- $dbRecipients->connect();
+ $dbRecipients = new Database();
$select = "SELECT distinct us.*";
$from = " FROM listinstance li JOIN users us ON li.item_id = us.user_id";
$where = " WHERE li.coll_id = 'letterbox_coll' AND li.item_mode = 'dest'";
+ $arrayPDO = array(":recordid" => $event->record_id);
switch($event->table_name) {
case 'notes':
$from .= " JOIN notes ON notes.coll_id = li.coll_id AND notes.identifier = li.res_id";
$from .= " JOIN res_letterbox lb ON lb.res_id = notes.identifier";
- $where .= " AND notes.id = " . $event->record_id . " AND li.item_id != notes.user_id"
+ $where .= " AND notes.id = :recordid AND li.item_id != notes.user_id"
. " AND ("
. " notes.id not in (SELECT DISTINCT note_id FROM note_entities) "
- . " OR us.user_id IN (SELECT ue.user_id FROM note_entities ne JOIN users_entities ue ON ne.item_id = ue.entity_id WHERE ne.note_id = " . $event->record_id . ")"
+ . " OR us.user_id IN (SELECT ue.user_id FROM note_entities ne JOIN users_entities ue ON ne.item_id = ue.entity_id WHERE ne.note_id = :recordid)"
. ")";
$where .= " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
break;
@@ -28,14 +48,14 @@ case 'recipients':
case 'res_letterbox':
case 'res_view_letterbox':
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND lb.res_id = " . $event->record_id . " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
+ $where .= " AND lb.res_id = :recordid AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
break;
case 'listinstance':
default:
//$where .= " AND listinstance_id = " . $event->record_id;
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND listinstance_id = " . $event->record_id. " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
+ $where .= " AND listinstance_id = :recordid AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
}
$query = $select . $from . $where;
@@ -43,9 +63,9 @@ case 'recipients':
if($GLOBALS['logger']) {
$GLOBALS['logger']->write($query , 'DEBUG');
}
- $dbRecipients->query($query);
+ $stmt = $dbRecipients->query($query, $arrayPDO);
- while($recipient = $dbRecipients->fetch_object()) {
+ while($recipient = $stmt->fetchObject()) {
$recipients[] = $recipient;
}
break;
@@ -59,25 +79,25 @@ case 'res_id':
$from = " FROM listinstance li";
$where = " WHERE li.coll_id = 'letterbox_coll' ";
+ $arrayPDO = array(":recordid" => $event->record_id);
switch($event->table_name) {
case 'notes':
$from .= " JOIN notes ON notes.coll_id = li.coll_id AND notes.identifier = li.res_id";
$from .= " JOIN res_letterbox lb ON lb.res_id = notes.identifier";
- $where .= " AND notes.id = " . $event->record_id . " AND li.item_id != notes.user_id";
+ $where .= " AND notes.id = :recordid AND li.item_id != notes.user_id";
$where .= " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
break;
case 'res_letterbox':
case 'res_view_letterbox':
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND lb.res_id = " . $event->record_id . " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
+ $where .= " AND lb.res_id = :recordid AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
break;
case 'listinstance':
default:
- //$where .= " AND listinstance_id = " . $event->record_id;
$from .= " JOIN res_letterbox lb ON lb.res_id = li.res_id";
- $where .= " AND listinstance_id = " . $event->record_id. " AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
+ $where .= " AND listinstance_id = :recordid AND lb.status not in ('VAL', 'VAL1', 'VAL2', 'QUAL', 'INIT', 'RET', 'DEL', 'END')";
}
$query = $query = $select . $from . $where;
@@ -85,10 +105,9 @@ case 'res_id':
if($GLOBALS['logger']) {
$GLOBALS['logger']->write($query , 'DEBUG');
}
- $dbResId = new dbquery();
- $dbResId->connect();
- $dbResId->query($query);
- $res_id_record = $dbResId->fetch_object();
+ $dbResId = new Database();
+ $stmt = $dbResId->query($query, $arrayPDO);
+ $res_id_record = $stmt->fetchObject();
$res_id = $res_id_record->res_id;
break;
diff --git a/notifications/trunk/diffusion_types/entity.php b/notifications/trunk/diffusion_types/entity.php
index 4796d9c8dcc..07e2f36245c 100755
--- a/notifications/trunk/diffusion_types/entity.php
+++ b/notifications/trunk/diffusion_types/entity.php
@@ -1,5 +1,24 @@
<?php
+/*
+* Copyright 2008-2015 Maarch
+*
+* This file is part of Maarch Framework.
+*
+* Maarch Framework is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* Maarch Framework is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with Maarch Framework. If not, see <http://www.gnu.org/licenses/>.
+*/
+
require_once 'core/core_tables.php';
require_once 'core/class/class_request.php';
require_once 'modules/entities/class/EntityControler.php';
@@ -7,7 +26,6 @@ require_once 'modules/entities/class/EntityControler.php';
switch($request) {
case 'form_content':
$entities = new EntityControler();
- $entities->connect();
$entitylist = $entities->getAllEntities();
$form_content .= '<input type="hidden" name="'.$formId.'" id="'.$formId.'" value="entity">';
@@ -44,11 +62,10 @@ case 'recipients':
. " FROM users_entities ue "
. " LEFT JOIN users us ON us.user_id = ue.user_id "
. " WHERE ue.entity_id in (".$entities.")";
- $dbRecipients = new dbquery();
- $dbRecipients->connect();
- $dbRecipients->query($query);
+ $dbRecipients = new Database();
+ $stmt = $dbRecipients->query($query);
$recipients = array();
- while($recipient = $dbRecipients->fetch_object()) {
+ while($recipient = $stmt->fetchObject()) {
$recipients[] = $recipient;
}
break;
@@ -58,12 +75,11 @@ case 'attach':
$query = "SELECT user_id"
. " FROM users_entities"
. " WHERE entity_id in (".$entities.")"
- . " AND user_id = '".$user_id."'";
+ . " AND user_id = ?";
$attach = false;
- $dbAttach = new dbquery();
- $dbAttach->connect();
- $dbAttach->query($query);
- if($dbAttach->nb_result() > 0) {
+ $dbAttach = new Database();
+ $stmt = $dbAttach->query($query, array($user_id));
+ if($stmt->rowCount() > 0) {
$attach = true;
}
break;
diff --git a/notifications/trunk/diffusion_types/group.php b/notifications/trunk/diffusion_types/group.php
index cc24ad7ebcb..3b4d4e4472e 100755
--- a/notifications/trunk/diffusion_types/group.php
+++ b/notifications/trunk/diffusion_types/group.php
@@ -1,4 +1,24 @@
<?php
+
+/*
+* Copyright 2008-2015 Maarch
+*
+* This file is part of Maarch Framework.
+*
+* Maarch Framework is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* Maarch Framework is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with Maarch Framework. If not, see <http://www.gnu.org/licenses/>.
+*/
+
require_once 'core/core_tables.php';
require_once 'core/class/class_request.php';
require_once 'core/class/usergroups_controler.php';
@@ -42,11 +62,10 @@ case 'recipients':
. " FROM usergroup_content ug "
. " LEFT JOIN users us ON us.user_id = ug.user_id"
. " WHERE ug.group_id in (".$groups.")";
- $dbRecipients = new dbquery();
- $dbRecipients->connect();
- $dbRecipients->query($query);
+ $dbRecipients = new Database();
+ $stmt = $dbRecipients->query($query);
$recipients = array();
- while($recipient = $dbRecipients->fetch_object()) {
+ while($recipient = $stmt->fetchObject()) {
$recipients[] = $recipient;
}
break;
@@ -56,12 +75,11 @@ case 'attach':
$query = "SELECT user_id"
. " FROM usergroup_content"
. " WHERE group_id in (".$groups.")"
- . " AND user_id = '".$user_id."'";
+ . " AND user_id = ?";
$attach = false;
- $dbAttach = new dbquery();
- $dbAttach->connect();
- $dbAttach->query($query);
- if($dbAttach->nb_result() > 0) {
+ $dbAttach = new Database();
+ $stmt = $dbAttach->query($query, array($user_id));
+ if($stmt->rowCount() > 0) {
$attach = true;
}
break;
diff --git a/notifications/trunk/diffusion_types/note_copy_list.php b/notifications/trunk/diffusion_types/note_copy_list.php
index 83c3715a144..4751fb31094 100644
--- a/notifications/trunk/diffusion_types/note_copy_list.php
+++ b/notifications/trunk/diffusion_types/note_copy_list.php
@@ -1,5 +1,24 @@
<?php
+/*
+* Copyright 2008-2015 Maarch
+*
+* This file is part of Maarch Framework.
+*
+* Maarch Framework is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* Maarch Framework is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with Maarch Framework. If not, see <http://www.gnu.org/licenses/>.
+*/
+
switch ($request) {
case 'form_content':
//Affichage du formulaire/interface dans l'administration des notification => Envoi Ajax
@@ -10,15 +29,13 @@ case 'recipients':
$query = "SELECT distinct us.* "
. " FROM listinstance li JOIN users us ON li.item_id = us.user_id "
. " JOIN notes ON notes.coll_id = li.coll_id AND notes.identifier = li.res_id "
- . " WHERE notes.coll_id = 'letterbox_coll' AND notes.id = ".$event->record_id
- . " AND item_type='user_id' AND item_mode = 'cc'"
+ . " WHERE notes.coll_id = 'letterbox_coll' AND notes.id = ? AND item_type='user_id' AND item_mode = 'cc'"
. " AND li.item_id != notes.user_id";
- $dbRecipients = new dbquery();
- $dbRecipients->query($query);
- $dbRecipients->connect();
+ $dbRecipients = new Database();
+ $stmt = $dbRecipients->query($query, array($event->record_id));
$recipients = array();
- while($recipient = $dbRecipients->fetch_object()) {
+ while($recipient = $stmt->fetchObject()) {
$recipients[] = $recipient;
}
break;
diff --git a/notifications/trunk/diffusion_types/note_dest_user.php b/notifications/trunk/diffusion_types/note_dest_user.php
index b8d284851e7..d8340f5088d 100644
--- a/notifications/trunk/diffusion_types/note_dest_user.php
+++ b/notifications/trunk/diffusion_types/note_dest_user.php
@@ -1,4 +1,24 @@
<?php
+
+/*
+* Copyright 2008-2015 Maarch
+*
+* This file is part of Maarch Framework.
+*
+* Maarch Framework is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* Maarch Framework is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with Maarch Framework. If not, see <http://www.gnu.org/licenses/>.
+*/
+
switch ($request) {
case 'form_content':
$form_content .= '<p class="sstit">' . _NOTIFICATIONS_DEST_USER_DIFF_TYPE . '</p>';
@@ -8,14 +28,12 @@ case 'recipients':
$query = "SELECT distinct us.* "
. " FROM listinstance li JOIN users us ON li.item_id = us.user_id "
. " JOIN notes ON notes.coll_id = li.coll_id AND notes.identifier = li.res_id "
- . " WHERE notes.coll_id = 'letterbox_coll' AND notes.id = ".$event->record_id
- . " AND li.item_mode = 'dest'"
+ . " WHERE notes.coll_id = 'letterbox_coll' AND notes.id = ? AND li.item_mode = 'dest'"
. " AND li.item_id != notes.user_id";
- $dbRecipients = new dbquery();
- $dbRecipients->query($query);
- $dbRecipients->connect();
+ $dbRecipients = new Database();
+ $stmt = $dbRecipients->query($query, array($event->record_id));
$recipients = array();
- while($recipient = $dbRecipients->fetch_object()) {
+ while($recipient = $stmt->fetchObject()) {
$recipients[] = $recipient;
}
break;
diff --git a/notifications/trunk/diffusion_types/user.php b/notifications/trunk/diffusion_types/user.php
index 0404682e195..d66e0574a9e 100755
--- a/notifications/trunk/diffusion_types/user.php
+++ b/notifications/trunk/diffusion_types/user.php
@@ -1,6 +1,23 @@
<?php
-
+/*
+* Copyright 2008-2015 Maarch
+*
+* This file is part of Maarch Framework.
+*
+* Maarch Framework is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* Maarch Framework is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with Maarch Framework. If not, see <http://www.gnu.org/licenses/>.
+*/
require_once 'core/core_tables.php';
require_once 'core/class/class_request.php';
@@ -46,11 +63,10 @@ case 'recipients':
$query = "SELECT us.*"
. " FROM users us"
. " WHERE us.user_id in (".$users.")";
- $dbRecipients = new dbquery();
- $dbRecipients->connect();
- $dbRecipients->query($query);
+ $dbRecipients = new Database();
+ $stmt = $dbRecipients->query($query);
$recipients = array();
- while($recipient = $dbRecipients->fetch_object()) {
+ while($recipient = $stmt->fetchObject()) {
$recipients[] = $recipient;
}
break;
@@ -61,10 +77,9 @@ case 'attach':
. " FROM users"
. " WHERE '".$user_id."' in (".$users.")";
$attach = false;
- $dbAttach = new dbquery();
- $dbAttach->connect();
- $dbAttach->query($query);
- if($dbAttach->nb_result() > 0) {
+ $dbAttach = new Database();
+ $stmt = $dbAttach->query($query);
+ if($stmt->rowCount() > 0) {
$attach = true;
}
break;
diff --git a/notifications/trunk/load_attachfortype_formcontent.php b/notifications/trunk/load_attachfortype_formcontent.php
index d35d4afcbd1..fb1ca15627c 100644
--- a/notifications/trunk/load_attachfortype_formcontent.php
+++ b/notifications/trunk/load_attachfortype_formcontent.php
@@ -28,7 +28,6 @@ if (empty($_REQUEST['origin'])) {
}
//--------------------------------------------------
-$db = new dbquery();
$core = new core_tools();
$core->load_lang();
$dType = new diffusion_type_controler();
diff --git a/notifications/trunk/load_diffusiontype_formcontent.php b/notifications/trunk/load_diffusiontype_formcontent.php
index 63a6364850a..3734145285a 100755
--- a/notifications/trunk/load_diffusiontype_formcontent.php
+++ b/notifications/trunk/load_diffusiontype_formcontent.php
@@ -28,7 +28,6 @@ if (empty($_REQUEST['origin'])) {
}
//--------------------------------------------------
-$db = new dbquery();
$core = new core_tools();
$core->load_lang();
$dType = new diffusion_type_controler();
diff --git a/notifications/trunk/manage_notifications_controler.php b/notifications/trunk/manage_notifications_controler.php
index d13478eb4ce..7fefb50d23e 100644
--- a/notifications/trunk/manage_notifications_controler.php
+++ b/notifications/trunk/manage_notifications_controler.php
@@ -42,8 +42,8 @@ $select[STATUS_TABLE] = array();
$request = new request();
$where = '';
$what = '';
- $tab = $request->select(
- $select, $where, $orderstr, $_SESSION['config']['databasetype']
+ $tab = $request->PDOselect(
+ $select, $where, array(), $orderstr, $_SESSION['config']['databasetype']
);
$status_list = $tab;
@@ -189,15 +189,14 @@ function display_list() {
);
$where = '';
$what = '';
+ $arrayPDO = array();
+
if (isset($_REQUEST['what'])) {
//$what = $func->protect_string_db($_REQUEST['what']);
$what = $_REQUEST['what'];
}
- $where .= " (lower(description) like lower('"
- . $func->protect_string_db($what, $_SESSION['config']['databasetype'])
- . "%') or lower(notification_id) like lower('"
- . $func->protect_string_db($what, $_SESSION['config']['databasetype'])
- . "%')) ";
+ $where .= " (lower(description) like lower(:what) or lower(notification_id) like lower(:what)) ";
+ $arrayPDO = array(":what" => $what."%");
// Checking order and order_field values
$order = 'asc';
@@ -212,8 +211,8 @@ function display_list() {
$orderstr = $list->define_order($order, $field);
$request = new request();
- $tab = $request->select(
- $select, $where, $orderstr, $_SESSION['config']['databasetype']
+ $tab = $request->PDOselect(
+ $select, $where, $arrayPDO, $orderstr, $_SESSION['config']['databasetype']
);
//$request->show();
diff --git a/notifications/trunk/manage_notifs_list_by_name.php b/notifications/trunk/manage_notifs_list_by_name.php
index a362081a886..6df51b575cb 100644
--- a/notifications/trunk/manage_notifs_list_by_name.php
+++ b/notifications/trunk/manage_notifs_list_by_name.php
@@ -31,17 +31,15 @@
require_once('core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR
. 'class_request.php');
-$db = new dbquery();
-$db->connect();
-$db->query(
- 'select description as tag from notifications' .
- " where lower(description) like lower('"
- . $db->protect_string_db($_REQUEST['what'])."%') or lower(notification_id) like lower('"
- . $db->protect_string_db($_REQUEST['what'])."%') order by description"
- );
+$db = new Database();
+$stmt = $db->query(
+ 'SELECT description as tag FROM notifications' .
+ " WHERE lower(description) like lower(:what) or lower(notification_id) like lower(:what) order by description",
+ array(":what" => $_REQUEST['what'] . "%")
+ );
$listArray = array();
-while ($line = $db->fetch_object()) {
+while ($line = $stmt->fetchObject()) {
array_push($listArray, $line->tag);
}
echo '<ul>';
--
GitLab