diff --git a/maarch_entreprise/trunk/admin/contacts/contacts_v2/contacts_v2_confirm.php b/maarch_entreprise/trunk/admin/contacts/contacts_v2/contacts_v2_confirm.php
index 7202f2e446abe022a25cb070fa549deaefe80bbd..6f5bd4bf119dcf9e2aa59fe15563ae81803d783e 100644
--- a/maarch_entreprise/trunk/admin/contacts/contacts_v2/contacts_v2_confirm.php
+++ b/maarch_entreprise/trunk/admin/contacts/contacts_v2/contacts_v2_confirm.php
@@ -110,7 +110,7 @@ $admin->manage_location_bar($page_path, $page_label, $page_id, $init, $level);
<?php
$query = $contact->query_contact_exists($_GET['mode']);
-$stmt = $db->query($query);
+$stmt = $db->query($query['query'], $query['params']);
$tab = array();
while ($res = $stmt->fetch(PDO::FETCH_ASSOC)){
$temp= array();
diff --git a/maarch_entreprise/trunk/class/class_business_app_tools.php b/maarch_entreprise/trunk/class/class_business_app_tools.php
index e89098926818dc8368a6b4602e470f75d4b48f93..013b5eee8209ad5a9845968bf4a6b0b2b42900b2 100644
--- a/maarch_entreprise/trunk/class/class_business_app_tools.php
+++ b/maarch_entreprise/trunk/class/class_business_app_tools.php
@@ -507,16 +507,15 @@ class business_app_tools extends dbquery
} else {
$_SESSION['maarch_entreprise']['xml_versionbase'] = 'none';
}
- $checkBase = new dbquery();
- $checkBase->connect();
- $query = "select param_value_int from " . PARAM_TABLE
- . " where id = 'database_version'";
+ $checkBase = new Database();
+ $query = "SELECT param_value_int FROM " . PARAM_TABLE
+ . " WHERE id = 'database_version'";
- $checkBase->query($query); //Find value in parameters table on database
- if ($checkBase->nb_result() == 0) {
+ $stmt = $checkBase->query($query); //Find value in parameters table on database
+ if ($stmt->rowCount() == 0) {
$_SESSION['maarch_entreprise']['database_version'] = "none";
} else {
- $vbg = $checkBase->fetch_object();
+ $vbg = $stmt->fetchObject();
$_SESSION['maarch_entreprise']
['database_version'] = $vbg->param_value_int;
}
@@ -569,12 +568,12 @@ class business_app_tools extends dbquery
private function _loadCurrentFolder($userId)
{
if (isset($userId)) {
- $this->connect();
- $this->query(
- "select custom_t1 from " . USERS_TABLE . " where user_id = '"
- . $userId . "'"
+ $db = new Database();
+ $stmt = $db->query(
+ "SELECT custom_t1 FROM " . USERS_TABLE . " WHERE user_id = ?",
+ array($userId)
);
- $res = $this->fetch_object();
+ $res = $stmt->fetchObject();
$_SESSION['current_folder_id'] = $res->custom_t1;
}
diff --git a/maarch_entreprise/trunk/class/class_chrono.php b/maarch_entreprise/trunk/class/class_chrono.php
index 9ed44a23b263d785791d6926db5150119d03784b..d665f98e39b3b2ea2c6c0ab940a4db7916e1865e 100644
--- a/maarch_entreprise/trunk/class/class_chrono.php
+++ b/maarch_entreprise/trunk/class/class_chrono.php
@@ -19,13 +19,12 @@ class chrono
{
public function get_chrono_number($resId, $view)
{
- $db = new dbquery();
- $db->connect();
- $db->query(
- "select alt_identifier from " . $view . " where res_id = "
- . $resId . " "
+ $db = new Database();
+ $stmt = $db->query(
+ "SELECT alt_identifier FROM " . $view . " where res_id = ?",
+ array($resId)
);
- $res = $db->fetch_object();
+ $res = $stmt->fetchObject();
return $res->alt_identifier;
}
/**
@@ -190,17 +189,16 @@ class chrono
public function execute_chrono_for_this_year()
{
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
//Get the crono key for this year
- $db->query(
- "SELECT param_value_int from " . PARAM_TABLE
- . " where id = 'chrono_global_" . date('Y') . "' "
+ $stmt = $db->query(
+ "SELECT param_value_int FROM " . PARAM_TABLE
+ . " WHERE id = 'chrono_global_" . date('Y') . "' "
);
- if ($db->nb_result() == 0) {
+ if ($stmt->rowCount() == 0) {
$chrono = $this->_createNewChronoGlobal($db);
} else {
- $fetch = $db->fetch_object();
+ $fetch = $stmt->fetchObject();
$chrono = $fetch->param_value_int;
}
$this->_updateChronoForThisYear($chrono, $db);
@@ -209,20 +207,20 @@ class chrono
public function execute_chrono_by_res_id($res_id)
{
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
//Get res_id of document
if($res_id==''){
- $db->query(
- "SELECT res_id from res_letterbox ORDER BY res_id DESC LIMIT 1"
+ $stmt = $db->query(
+ "SELECT res_id FROM res_letterbox ORDER BY res_id DESC LIMIT 1"
);
}else{
- $db->query(
- "SELECT res_id from res_letterbox WHERE res_id='".$res_id."'"
+ $stmt = $db->query(
+ "SELECT res_id FROM res_letterbox WHERE res_id=?",
+ array($res_id)
);
}
- $fetch = $db->fetch_object();
+ $fetch = $stmt->fetchObject();
$chrono = $fetch->res_id;
return $chrono;
}
@@ -230,17 +228,17 @@ class chrono
public function execute_chrono_by_entity($entity)
{
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
//Get the crono key for this year
- $db->query(
- "SELECT param_value_int from " . PARAM_TABLE
- . " where id = 'chrono_" . $entity . "_" . date('Y') . "' "
+ $stmt = $db->query(
+ "SELECT param_value_int FROM " . PARAM_TABLE
+ . " WHERE id = ?",
+ array('chrono_' . $entity . '_' . date('Y'))
);
- if ($db->nb_result() == 0) {
+ if ($stmt->rowCount() == 0) {
$chrono = $this->_createNewChronoForEntity($db, $entity);
} else {
- $fetch = $db->fetch_object();
+ $fetch = $stmt->fetchObject();
$chrono = $fetch->param_value_int;
}
$this->_updateChronoForEntity($chrono, $db, $entity);
@@ -250,17 +248,17 @@ class chrono
public function execute_chrono_by_category($category)
{
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
//Get the crono key for this year
- $db->query(
- "SELECT param_value_int from " . PARAM_TABLE
- . " where id = 'chrono_" . $category . "_" . date('Y') . "' "
+ $stmt = $db->query(
+ "SELECT param_value_int FROM " . PARAM_TABLE
+ . " WHERE id = ?",
+ array('chrono_' . $category . '_' . date('Y'))
);
- if ($db->nb_result() == 0) {
+ if ($stmt->rowCount() == 0) {
$chrono = $this->_createNewChronoForCategory($db, $category);
} else {
- $fetch = $db->fetch_object();
+ $fetch = $stmt->fetchObject();
$chrono = $fetch->param_value_int;
}
$this->_updateChronoForCategory($chrono, $db, $category);
@@ -271,18 +269,18 @@ class chrono
public function execute_chrono_by_folder($folder)
{
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
$folders_system_id = $_SESSION['folderId'];
//Get the crono key for this folder
- $db->query(
- "SELECT param_value_int from " . PARAM_TABLE
- . " where id = 'chrono_folder_" . $folders_system_id . "' "
+ $stmt = $db->query(
+ "SELECT param_value_int FROM " . PARAM_TABLE
+ . " WHERE id = ? ",
+ array('chrono_folder_' . $folders_system_id)
);
- if ($db->nb_result() == 0) {
+ if ($stmt->rowCount() == 0) {
$chrono = $this->_createNewChronoForFolder($db, $folder);
} else {
- $fetch = $db->fetch_object();
+ $fetch = $stmt->fetchObject();
$chrono = $fetch->param_value_int;
}
$this->_updateChronoForFolder($chrono, $db, $folder);
@@ -309,8 +307,8 @@ class chrono
{
$actualChrono++;
$db->query(
- "UPDATE " . PARAM_TABLE . " SET param_value_int = '" . $actualChrono
- . "' WHERE id = 'chrono_global_" . date('Y') . "' "
+ "UPDATE " . PARAM_TABLE . " SET param_value_int = ? WHERE id = 'chrono_global_" . date('Y') . "' ",
+ array($actualChrono)
);
}
@@ -329,8 +327,8 @@ class chrono
{
$actualChrono++;
$db->query(
- "UPDATE " . PARAM_TABLE . " SET param_value_int = '" . $actualChrono
- . "' WHERE id = 'chrono_" . $category . "_" . date('Y') . "' "
+ "UPDATE " . PARAM_TABLE . " SET param_value_int = ? WHERE id = ? ",
+ array($actualChrono, 'chrono_' . $category . '_' . date('Y'))
);
}
@@ -338,7 +336,8 @@ class chrono
{
$db->query(
"INSERT INTO " . PARAM_TABLE . " (id, param_value_int) VALUES "
- . "('chrono_" . $category . "_" . date('Y') . "', '1')"
+ . "(?, '1')",
+ array('chrono_' . $category . '_' . date('Y'))
);
return 1;
}
@@ -349,8 +348,8 @@ class chrono
{
$actualChrono++;
$db->query(
- "UPDATE " . PARAM_TABLE . " SET param_value_int = '" . $actualChrono
- . "' WHERE id = 'chrono_" . $entity . "_" . date('Y') . "' "
+ "UPDATE " . PARAM_TABLE . " SET param_value_int = ? WHERE id = ? ",
+ array($actualChrono, 'chrono_' . $entity . '_' . date('Y'))
);
}
@@ -358,7 +357,8 @@ class chrono
{
$db->query(
"INSERT INTO " . PARAM_TABLE . " (id, param_value_int) VALUES "
- . "('chrono_" . $entity . "_" . date('Y') . "', '1')"
+ . "(?, '1')",
+ array('chrono_' . $entity . '_' . date('Y'))
);
return 1;
}
@@ -368,8 +368,8 @@ class chrono
{
$actualChrono++;
$db->query(
- "UPDATE " . PARAM_TABLE . " SET param_value_int = '" . $actualChrono
- . "' WHERE id = 'chrono_folder_" . $folder . "' "
+ "UPDATE " . PARAM_TABLE . " SET param_value_int = ? WHERE id = ? ",
+ array($actualChrono, 'chrono_folder_' . $folder)
);
}
@@ -377,7 +377,8 @@ class chrono
{
$db->query(
"INSERT INTO " . PARAM_TABLE . " (id, param_value_int) VALUES "
- . "('chrono_folder_" . $folder . "', '1')"
+ . "(?, '1')",
+ array('chrono_folder_' . $folder)
);
return 1;
}
diff --git a/maarch_entreprise/trunk/class/class_contacts_v2.php b/maarch_entreprise/trunk/class/class_contacts_v2.php
index 73ae209bcbbfaab782cf6f61c776bd9e2a876bf4..3d2f8e473cf5ee04a9fd368519422254476236ad 100644
--- a/maarch_entreprise/trunk/class/class_contacts_v2.php
+++ b/maarch_entreprise/trunk/class/class_contacts_v2.php
@@ -116,8 +116,9 @@ class contacts_v2 extends dbquery
public function is_exists($mode, $mycontact){
$query = $this->query_contact_exists($mode);
- $this->query($query);
- if($this->nb_result() > 0){
+ $db = new Database();
+ $stmt = $db->query($query['query'], $query['params']);
+ if($stmt->rowCount() > 0){
if($mode <> 'up'){
$_SESSION['error'] = _THE_CONTACT.' '._ALREADY_EXISTS;
}
@@ -135,22 +136,24 @@ class contacts_v2 extends dbquery
}
public function query_contact_exists($mode){
- $this->connect();
+
$query = '';
if($_SESSION['m_admin']['contact']['IS_CORPORATE_PERSON'] == 'N'){
$query = "SELECT contact_id, contact_type, society, contact_firstname, contact_lastname, contact_enabled FROM view_contacts
- WHERE lower(contact_firstname) = lower('".$this->protect_string_db($_SESSION['m_admin']['contact']['FIRSTNAME'])."')
- and lower(contact_lastname) = lower('".$this->protect_string_db($_SESSION['m_admin']['contact']['LASTNAME'])."')";
+ WHERE lower(contact_firstname) = lower(?)
+ and lower(contact_lastname) = lower(?)";
+ $arrayPDO = array($_SESSION['m_admin']['contact']['FIRSTNAME'], $_SESSION['m_admin']['contact']['LASTNAME']);
} else if ($_SESSION['m_admin']['contact']['IS_CORPORATE_PERSON'] == 'Y'){
$query = "SELECT contact_id, contact_type, society, contact_firstname, contact_lastname, contact_enabled FROM view_contacts
- WHERE lower(society) = lower('".$this->protect_string_db($_SESSION['m_admin']['contact']['SOCIETY'])."')";
-
+ WHERE lower(society) = lower(?)";
+ $arrayPDO = array($_SESSION['m_admin']['contact']['SOCIETY']);
}
if ($mode == 'up'){
- $query .= " and contact_id <> " . $_SESSION['m_admin']['contact']['ID'];
+ $query .= " and contact_id <> ?";
+ $arrayPDO = array_merge($arrayPDO, array($_SESSION['m_admin']['contact']['ID']));
}
- return $query;
+ return array("query" => $query, "params" => $arrayPDO);
}
@@ -161,6 +164,7 @@ class contacts_v2 extends dbquery
*/
public function addupcontact($mode, $admin = true, $confirm = 'N', $mycontact = 'N')
{
+ $db = new Database();
// add ou modify users in the database
if($confirm == 'N'){
$this->contactinfo($mode);
@@ -240,7 +244,6 @@ class contacts_v2 extends dbquery
exit;
}
} else {
- $this->connect();
if ($mode == 'add') {
if($_SESSION['user']['UserId'] == 'superadmin'){
$entity_id = 'SUPERADMIN';
@@ -250,40 +253,18 @@ class contacts_v2 extends dbquery
$query = 'INSERT INTO ' . $_SESSION['tablename']['contacts_v2']
. ' ( contact_type, lastname , firstname , society , society_short, function , '
. 'other_data,'
- . " title, is_corporate_person, user_id, entity_id, creation_date) VALUES ( "
- . $_SESSION['m_admin']['contact']['CONTACT_TYPE']
- . ", '" . $this->protect_string_db(
- $_SESSION['m_admin']['contact']['LASTNAME']
- ) . "', '" . $this->protect_string_db(
- $_SESSION['m_admin']['contact']['FIRSTNAME']
- ) . "', '" . $this->protect_string_db(
- $_SESSION['m_admin']['contact']['SOCIETY']
- ) . "', '" . $this->protect_string_db(
- $_SESSION['m_admin']['contact']['SOCIETY_SHORT']
- ) . "', '" . $this->protect_string_db(
- $_SESSION['m_admin']['contact']['FUNCTION']
- ) . "','" . $this->protect_string_db(
- $_SESSION['m_admin']['contact']['OTHER_DATA']
- ) . "','" . $this->protect_string_db(
- $_SESSION['m_admin']['contact']['TITLE']
- ) . "','" . $this->protect_string_db(
- $_SESSION['m_admin']['contact']['IS_CORPORATE_PERSON']
- ) . "','" . $this->protect_string_db(
- $_SESSION['user']['UserId']
- ) . "','" . $this->protect_string_db(
- $entity_id
- ) . "', current_timestamp)";
- $this->query($query);
+ . " title, is_corporate_person, user_id, entity_id, creation_date) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, current_timestamp)";
+
+ $db->query($query, array($_SESSION['m_admin']['contact']['CONTACT_TYPE'], $_SESSION['m_admin']['contact']['LASTNAME'], $_SESSION['m_admin']['contact']['FIRSTNAME']
+ , $_SESSION['m_admin']['contact']['SOCIETY'], $_SESSION['m_admin']['contact']['SOCIETY_SHORT'], $_SESSION['m_admin']['contact']['FUNCTION'], $_SESSION['m_admin']['contact']['OTHER_DATA']
+ , $_SESSION['m_admin']['contact']['TITLE'], $_SESSION['m_admin']['contact']['IS_CORPORATE_PERSON'], $_SESSION['user']['UserId'], $entity_id));
if($_SESSION['history']['contactadd'])
{
- $this->query("select contact_id, creation_date from ".$_SESSION['tablename']['contacts_v2']
- ." where lastname = '".$this->protect_string_db($_SESSION['m_admin']['contact']['LASTNAME'])
- ."' and firstname = '".$this->protect_string_db($_SESSION['m_admin']['contact']['FIRSTNAME'])
- ."' and society = '".$this->protect_string_db($_SESSION['m_admin']['contact']['SOCIETY'])
- ."' and function = '".$this->protect_string_db($_SESSION['m_admin']['contact']['FUNCTION'])
- ."' and is_corporate_person = '".$this->protect_string_db($_SESSION['m_admin']['contact']['IS_CORPORATE_PERSON'])
- ."' order by creation_date desc");
- $res = $this->fetch_object();
+ $stmt = $db->query("SELECT contact_id, creation_date FROM ".$_SESSION['tablename']['contacts_v2']
+ ." WHERE lastname = ? and firstname = ? and society = ? and function = ? and is_corporate_person = ? order by creation_date desc"
+ , array($_SESSION['m_admin']['contact']['LASTNAME'], $_SESSION['m_admin']['contact']['FIRSTNAME'], $_SESSION['m_admin']['contact']['SOCIETY']
+ , $_SESSION['m_admin']['contact']['FUNCTION'], $_SESSION['m_admin']['contact']['IS_CORPORATE_PERSON']));
+ $res = $stmt->fetchObject();
$id = $res->contact_id;
if($_SESSION['m_admin']['contact']['IS_CORPORATE_PERSON'] == 'Y')
{
@@ -297,20 +278,13 @@ class contacts_v2 extends dbquery
$hist = new history();
$hist->add($_SESSION['tablename']['contacts_v2'], $id,"ADD",'contacts_v2_add',$msg, $_SESSION['config']['databasetype']);
}
- // if($mycontact = 'iframe'){
- $this->query("select contact_id, creation_date from ".$_SESSION['tablename']['contacts_v2']
- ." where lastname = '".$this->protect_string_db($_SESSION['m_admin']['contact']['LASTNAME'])
- ."' and firstname = '".$this->protect_string_db($_SESSION['m_admin']['contact']['FIRSTNAME'])
- ."' and society = '".$this->protect_string_db($_SESSION['m_admin']['contact']['SOCIETY'])
- ."' and function = '".$this->protect_string_db($_SESSION['m_admin']['contact']['FUNCTION'])
- ."' and is_corporate_person = '".$this->protect_string_db($_SESSION['m_admin']['contact']['IS_CORPORATE_PERSON'])
- ."' order by creation_date desc");
- $res = $this->fetch_object();
+ $stmt = $db->query("SELECT contact_id, creation_date FROM ".$_SESSION['tablename']['contacts_v2']
+ ." WHERE lastname = ? and firstname = ? and society = ? and function = ? and is_corporate_person = ? order by creation_date desc"
+ , array($_SESSION['m_admin']['contact']['LASTNAME'], $_SESSION['m_admin']['contact']['FIRSTNAME'], $_SESSION['m_admin']['contact']['SOCIETY']
+ , $_SESSION['m_admin']['contact']['FUNCTION'], $_SESSION['m_admin']['contact']['IS_CORPORATE_PERSON']));
+ $res = $stmt->fetchObject();
$id = $res->contact_id;
$_SESSION['contact']['current_contact_id'] = $id;
- // } else {
- // $this->clearcontactinfos();
- // }
$_SESSION['info'] = _CONTACT_ADDED;
header("location: ".$path_contacts);
@@ -318,17 +292,14 @@ class contacts_v2 extends dbquery
}
elseif($mode == "up")
{
- $query = "update ".$_SESSION['tablename']['contacts_v2']." set update_date = current_timestamp, contact_type = ".$_SESSION['m_admin']['contact']['CONTACT_TYPE'].", lastname = '".$this->protect_string_db($_SESSION['m_admin']['contact']['LASTNAME'])."', firstname = '".$this->protect_string_db($_SESSION['m_admin']['contact']['FIRSTNAME'])."',society = '".$this->protect_string_db($_SESSION['m_admin']['contact']['SOCIETY'])."',society_short = '".$this->protect_string_db($_SESSION['m_admin']['contact']['SOCIETY_SHORT'])."',function = '".$this->protect_string_db($_SESSION['m_admin']['contact']['FUNCTION'])."', other_data = '".$this->protect_string_db($_SESSION['m_admin']['contact']['OTHER_DATA'])."', title = '".$this->protect_string_db($_SESSION['m_admin']['contact']['TITLE'])."', is_corporate_person = '".$this->protect_string_db($_SESSION['m_admin']['contact']['IS_CORPORATE_PERSON'])."'";
- // if($admin)
- // {
- // $query .= ", user_id = '".$this->protect_string_db($_SESSION['m_admin']['contact']['OWNER'])."'";
- // }
- $query .=" where contact_id = '".$_SESSION['m_admin']['contact']['ID']."'";
- if(!$admin)
- {
- //$query .= " and user_id = '".$this->protect_string_db($_SESSION['user']['UserId'])."'";
- }
- $this->query($query);
+ $query = "UPDATE ".$_SESSION['tablename']['contacts_v2']
+ ." SET update_date = current_timestamp, contact_type = ?, lastname = ?, firstname = ?,society = ?,society_short = ?,function = ?, other_data = ?, title = ?, is_corporate_person = ?";
+ $query .= " WHERE contact_id = ?";
+ $arrayPDO = array($_SESSION['m_admin']['contact']['CONTACT_TYPE'], $_SESSION['m_admin']['contact']['LASTNAME'], $_SESSION['m_admin']['contact']['FIRSTNAME']
+ , $_SESSION['m_admin']['contact']['SOCIETY'], $_SESSION['m_admin']['contact']['SOCIETY_SHORT'], $_SESSION['m_admin']['contact']['FUNCTION']
+ , $_SESSION['m_admin']['contact']['OTHER_DATA'], $_SESSION['m_admin']['contact']['TITLE'], $_SESSION['m_admin']['contact']['IS_CORPORATE_PERSON'], $_SESSION['m_admin']['contact']['ID']);
+
+ $db->query($query, $arrayPDO);
if($_SESSION['history']['contactup'])
{
if($_SESSION['m_admin']['contact']['IS_CORPORATE_PERSON'] == 'Y')
@@ -365,6 +336,7 @@ class contacts_v2 extends dbquery
*/
public function formcontact($mode,$id = "", $admin = true, $iframe = false)
{
+ $db = new Database();
if (preg_match("/MSIE 6.0/", $_SERVER["HTTP_USER_AGENT"]))
{
$browser_ie = true;
@@ -388,15 +360,12 @@ class contacts_v2 extends dbquery
}
if( $mode <> "add")
{
- $this->connect();
- $query = "select * from ".$_SESSION['tablename']['contacts_v2']." where contact_id = ".$id;
- if(!$admin)
- {
- //$query .= " and user_id = '".$this->protect_string_db($_SESSION['user']['UserId'])."'";
- }
- $this->query($query);
- if($this->nb_result() == 0)
+ $query = "SELECT * FROM ".$_SESSION['tablename']['contacts_v2']." WHERE contact_id = ?";
+
+ $stmt = $db->query($query, array($id));
+
+ if($stmt->rowCount() == 0)
{
$_SESSION['error'] = _THE_CONTACT.' '._ALREADY_EXISTS;
$state = false;
@@ -404,7 +373,7 @@ class contacts_v2 extends dbquery
else
{
$_SESSION['m_admin']['contact'] = array();
- $line = $this->fetch_object();
+ $line = $stmt->fetchObject();
$_SESSION['m_admin']['contact']['ID'] = $line->contact_id;
$_SESSION['m_admin']['contact']['TITLE'] = $this->show_string($line->title);
$_SESSION['m_admin']['contact']['LASTNAME'] = $this->show_string($line->lastname);
@@ -418,8 +387,9 @@ class contacts_v2 extends dbquery
$_SESSION['m_admin']['contact']['OWNER'] = $line->user_id;
if($admin && !empty($_SESSION['m_admin']['contact']['OWNER']))
{
- $this->query("select lastname, firstname from ".$_SESSION['tablename']['users']." where user_id = '".$_SESSION['m_admin']['contact']['OWNER']."'");
- $res = $this->fetch_object();
+ $stmt = $db->query("SELECT lastname, firstname FROM ".$_SESSION['tablename']['users']." WHERE user_id = ?",
+ array($_SESSION['m_admin']['contact']['OWNER']));
+ $res = $stmt->fetchObject();
$_SESSION['m_admin']['contact']['OWNER'] = $res->lastname.', '.$res->firstname.' ('.$_SESSION['m_admin']['contact']['OWNER'].')';
}
}
@@ -434,9 +404,9 @@ class contacts_v2 extends dbquery
$titles = $tmp['titles'];
$contact_types = array();
- $this->connect();
- $this->query("SELECT id, label FROM ".$_SESSION['tablename']['contact_types']." ORDER BY label");
- while($res = $this->fetch_object()){
+
+ $stmt = $db->query("SELECT id, label FROM ".$_SESSION['tablename']['contact_types']." ORDER BY label");
+ while($res = $stmt->fetchObject()){
$contact_types[$res->id] = $this->show_string($res->label);
}
@@ -487,9 +457,7 @@ class contacts_v2 extends dbquery
<input type="hidden" name="admin" value="contacts_v2" />
<input type="hidden" name="page" value="contacts_v2_up_db" />
<?php
-/* if (isset($_REQUEST['fromContactTree'])){
- ?><input type="hidden" name="fromContactTree" value="yes" /><?php
- }*/
+
}?>
<input type="hidden" name="order" id="order" value="<?php if(isset($_REQUEST['order'])) {functions::xecho($_REQUEST['order']);}?>" />
<input type="hidden" name="order_field" id="order_field" value="<?php if(isset($_REQUEST['order_field'])) { functions::xecho($_REQUEST['order_field']);}?>" />
@@ -685,7 +653,8 @@ class contacts_v2 extends dbquery
}
public function chooseContact(){
- $this->connect();
+
+ $db = new Database();
$this->clearcontactinfos();
?>
<h1><i class="fa fa-plus fa-2x"></i>
@@ -707,8 +676,8 @@ class contacts_v2 extends dbquery
<select id="contact_type_selected" onchange="getContacts('<?php echo $_SESSION['config']['businessappurl'];?>index.php?display=true&dir=my_contacts&page=getContacts', this.options[this.selectedIndex].value, 'set');">
<option value="all"><?php echo _ALL;?></option>
<?php
- $this->query("SELECT id, label FROM contact_types ORDER BY label");
- while ($res_label = $this->fetch_object()){
+ $stmt = $db->query("SELECT id, label FROM contact_types ORDER BY label");
+ while ($res_label = $stmt->fetchObject()){
?><option value="<?php functions::xecho($res_label->id);?>"><?php functions::xecho($res_label->label);?></option>
<?php
}
@@ -722,8 +691,8 @@ class contacts_v2 extends dbquery
<select id="contactSelect">
<option value=""><?php echo _CHOOSE_A_CONTACT;?></option>
<?php
- $this->query("SELECT contact_id, society, firstname, lastname, is_corporate_person FROM contacts_v2 WHERE enabled = 'Y' ORDER BY is_corporate_person desc, society, lastname");
- while ($res_contact = $this->fetch_object()){
+ $stmt = $db->query("SELECT contact_id, society, firstname, lastname, is_corporate_person FROM contacts_v2 WHERE enabled = 'Y' ORDER BY is_corporate_person desc, society, lastname");
+ while ($res_contact = $stmt->fetchObject()){
?><option value="<?php functions::xecho($res_contact->contact_id);?>"><?php
if ($res_contact->is_corporate_person == "Y") {
functions::xecho($res_contact->society);
@@ -774,6 +743,7 @@ class contacts_v2 extends dbquery
*/
public function delcontact($id, $admin = true)
{
+ $db = new Database();
$element_found = false;
$nb_docs = 0;
$tables = array();
@@ -791,40 +761,33 @@ class contacts_v2 extends dbquery
if(!empty($id))
{
- $this->query("select res_id from ".$_SESSION['collections'][0]['view']
- . " where exp_contact_id = '".$this->protect_string_db($id)
- . "' or dest_contact_id = '".$this->protect_string_db($id) . "'");
- // $this->show();
- if($this->nb_result() > 0)$nb_docs = $nb_docs + $this->nb_result();
-
- $this->query("select contact_id from contacts_res where contact_id = '". $this->protect_string_db($id)."'");
- if($this->nb_result() > 0)$nb_docs = $nb_docs + $this->nb_result();
-/* $this->query("select res_id from mlb_coll_ext
- where address_id in
- (select distinct id from ".$_SESSION['tablename']['contact_addresses']
- . " where contact_id = '".$this->protect_string_db($id)."')"
- );
- // $this->show();
- if($this->nb_result() > 0)$nb_docs_address = $nb_docs_address + $this->nb_result();*/
+ $stmt = $db->query("SELECT res_id FROM ".$_SESSION['collections'][0]['view']
+ . " WHERE exp_contact_id = ? or dest_contact_id = ?",
+ array($id, $id));
+ if($stmt->rowCount() > 0)$nb_docs = $nb_docs + $stmt->rowCount();
+
+ $stmt = $db->query("SELECT contact_id FROM contacts_res WHERE contact_id = ?", array($id));
+ if($stmt->rowCount() > 0)$nb_docs = $nb_docs + $stmt->rowCount();
if ($nb_docs == 0)
{
- $this->connect();
- $query = "select contact_id from ".$_SESSION['tablename']['contacts_v2']." where contact_id = ".$id;
+ $query = "SELECT contact_id FROM ".$_SESSION['tablename']['contacts_v2']." WHERE contact_id = ? ";
+ $arrayPDO = array($id);
if(!$admin)
{
- $query .= " and user_id = '".$this->protect_string_db($_SESSION['user']['UserId'])."'";
+ $query .= " and user_id = ?";
+ $arrayPDO = array_merge($arrayPDO, array($_SESSION['user']['UserId']));
}
- $this->query($query);
- if($this->nb_result() == 0)
+ $stmt = $db->query($query, $arrayPDO);
+ if($stmt->rowCount() == 0)
{
$_SESSION['error'] = _CONTACT.' '._UNKNOWN;
}
else
{
- $res = $this->fetch_object();
- $this->query("delete from " . $_SESSION['tablename']['contacts_v2'] . " where contact_id = " . $id);
- $this->query("delete from " . $_SESSION['tablename']['contact_addresses'] . " where contact_id = " . $id);
+ $res = $stmt->fetchObject();
+ $db->query("DELETE FROM " . $_SESSION['tablename']['contacts_v2'] . " WHERE contact_id = ?", array($id));
+ $db->query("DELETE FROM " . $_SESSION['tablename']['contact_addresses'] . " WHERE contact_id = ?", array($id));
if($_SESSION['history']['contactdel'])
{
require_once('core'.DIRECTORY_SEPARATOR.'class'.DIRECTORY_SEPARATOR.'class_history.php');
@@ -964,6 +927,7 @@ class contacts_v2 extends dbquery
*/
public function formaddress($mode,$id = "", $admin = true, $iframe = "")
{
+ $db = new Database();
if (preg_match("/MSIE 6.0/", $_SERVER["HTTP_USER_AGENT"]))
{
$browser_ie = true;
@@ -987,16 +951,17 @@ class contacts_v2 extends dbquery
}
if( $mode <> "add")
{
- $this->connect();
- $query = "select * from ".$_SESSION['tablename']['contact_addresses']." where id = ".$id;
+ $query = "SELECT * FROM ".$_SESSION['tablename']['contact_addresses']." WHERE id = ?";
+ $arrayPDO = array($id);
$core_tools = new core_tools();
if(!$admin && !$core_tools->test_service('update_contacts', 'apps', false))
{
- $query .= " and user_id = '".$this->protect_string_db($_SESSION['user']['UserId'])."'";
+ $query .= " and user_id = ?";
+ $arrayPDO = array_merge($arrayPDO, array($_SESSION['user']['UserId']));
}
- $this->query($query);
+ $stmt = $db->query($query, $arrayPDO);
- if($this->nb_result() == 0)
+ if($stmt->rowCount() == 0)
{
$_SESSION['error'] = _THE_ADDRESS.' '._ALREADY_EXISTS;
$state = false;
@@ -1005,7 +970,7 @@ class contacts_v2 extends dbquery
{
if (!isset($_SESSION['address_up_error'])) {
$_SESSION['m_admin']['address'] = array();
- $line = $this->fetch_object();
+ $line = $stmt->fetchObject();
$_SESSION['m_admin']['address']['ID'] = $line->id;
$_SESSION['m_admin']['address']['CONTACT_ID'] = $line->contact_id;
$_SESSION['m_admin']['address']['TITLE'] = $this->show_string($line->title);
@@ -1034,8 +999,8 @@ class contacts_v2 extends dbquery
}
if($admin && !empty($_SESSION['m_admin']['address']['OWNER']))
{
- $this->query("select lastname, firstname from ".$_SESSION['tablename']['users']." where user_id = '".$_SESSION['m_admin']['address']['OWNER']."'");
- $res = $this->fetch_object();
+ $stmt = $db->query("SELECT lastname, firstname FROM ".$_SESSION['tablename']['users']." WHERE user_id = ?", array($_SESSION['m_admin']['address']['OWNER']));
+ $res = $stmt->fetchObject();
$_SESSION['m_admin']['address']['OWNER'] = $res->lastname.', '.$res->firstname.' ('.$_SESSION['m_admin']['address']['OWNER'].')';
}
}
@@ -1050,9 +1015,9 @@ class contacts_v2 extends dbquery
$titles = $tmp['titles'];
$contact_purposes = array();
- $this->connect();
- $this->query("SELECT id, label FROM ".$_SESSION['tablename']['contact_purposes']);
- while($res = $this->fetch_object()){
+
+ $stmt = $db->query("SELECT id, label FROM ".$_SESSION['tablename']['contact_purposes']);
+ while($res = $stmt->fetchObject()){
$contact_purposes[$res->id] = $this->show_string($res->label);
}
@@ -1124,27 +1089,11 @@ class contacts_v2 extends dbquery
<table width="65%" id="frmaddress_table1">
<tr id="contact_purposes_tr" >
<td><label for="contact_purposes"><?php echo _CONTACT_PURPOSE;?> : </label>
-<!-- <a href="#" id="create_contact" title="<?php echo _NEW_CONTACT_PURPOSE_ADDED;?>"
- onclick="javascript:window.open('<?php echo $_SESSION['config']['businessappurl'];?>index.php?display=false&page=contact_purposes_up&mode=popup','', 'scrollbars=yes,menubar=no,toolbar=no,resizable=yes,status=no,width=550,height=250');" style="display:inline;" >
- <img src="<?php echo $_SESSION['config']['businessappurl'];?>static.php?filename=modif_liste.png" alt="<?php echo _NEW_CONTACT_PURPOSE_ADDED;?>"/>
- </a> -->
+
</td>
<td> </td>
<td class="indexing_field">
- <!-- <select name="contact_purposes" id="contact_purposes" >
- <option value=""><?php echo _CHOOSE_CONTACT_PURPOSES;?></option>
- <?php
- foreach(array_keys($contact_purposes) as $key)
- {
- ?><option value="<?php functions::xecho($key);?>" <?php
-
- if(isset($_SESSION['m_admin']['address']['CONTACT_PURPOSE_ID']) && $key == $_SESSION['m_admin']['address']['CONTACT_PURPOSE_ID'] )
- {
- echo 'selected="selected"';
- }
- ?>><?php functions::xecho($contact_purposes[$key]);?></option><?php
- }?>
- </select> -->
+
<input name="new_id" id="new_id" onfocus="$('rule_purpose').style.display='table-row'" onblur="purposeCheck();$('rule_purpose').style.display='none'";
<?php if(isset($_SESSION['m_admin']['address']['CONTACT_PURPOSE_ID']) && $_SESSION['m_admin']['address']['CONTACT_PURPOSE_ID'] <> '')
{
@@ -1257,12 +1206,7 @@ class contacts_v2 extends dbquery
<td class="indexing_field"><input name="add_comp" type="text" id="add_comp" value="<?php if(isset($_SESSION['m_admin']['address']['ADD_COMP'])){ functions::xecho($func->show_str($_SESSION['m_admin']['address']['ADD_COMP'])); }?>"/></td>
<td class="indexing_field"><span class="blue_asterisk" style="visibility:visible;">*</span></td>
</tr>
- <!--tr>
- <td><?php echo _POSTAL_CODE;?> :</td>
- <td> </td>
- <td class="indexing_field"><input name="cp" type="text" id="cp" onkeyup="showVille('<?php echo $_SESSION['config']['businessappurl'];?>index.php?display=true&dir=indexing_searching&page=ajaxShowVille',this.value);" value="<?php if(isset($_SESSION['m_admin']['address']['ADD_CP'])){functions::xecho($func->show_str($_SESSION['m_admin']['address']['ADD_CP'])); }?>"/></td>
- <td class="indexing_field"><span class="blue_asterisk" style="visibility:visible;">*</span></td>
- </tr-->
+
<tr>
<td><?php echo _POSTAL_CODE;?> :</td>
<td> </td>
@@ -1434,6 +1378,7 @@ class contacts_v2 extends dbquery
*/
public function addupaddress($mode, $admin = true, $iframe = false)
{
+ $db = new Database();
// add ou modify users in the database
$this->addressinfo($mode);
$order = $_SESSION['m_admin']['address']['order'];
@@ -1518,21 +1463,21 @@ class contacts_v2 extends dbquery
$this->connect();
if ($_SESSION['m_admin']['address']['CONTACT_PURPOSE_ID'] == "") {
- $this->query("SELECT id FROM contact_purposes WHERE label = '".$this->protect_string_db($_SESSION['m_admin']['address']['CONTACT_PURPOSE_NAME'])."'");
- if ($this->nb_result() == 0) {
- $this->query("INSERT INTO contact_purposes (label) VALUES ('".$this->protect_string_db($_SESSION['m_admin']['address']['CONTACT_PURPOSE_NAME'])."')");
- $this->query("SELECT id FROM contact_purposes WHERE label = '".$this->protect_string_db($_SESSION['m_admin']['address']['CONTACT_PURPOSE_NAME'])."'");
+ $stmt = $db->query("SELECT id FROM contact_purposes WHERE label = ?", array($_SESSION['m_admin']['address']['CONTACT_PURPOSE_NAME']));
+ if ($stmt->rowCount() == 0) {
+ $db->query("INSERT INTO contact_purposes (label) VALUES (?)", array($_SESSION['m_admin']['address']['CONTACT_PURPOSE_NAME']));
+ $stmt = $db->query("SELECT id FROM contact_purposes WHERE label = ?", array($_SESSION['m_admin']['address']['CONTACT_PURPOSE_NAME']));
}
- $res_purpose = $this->fetch_object();
+ $res_purpose = $stmt->fetchObject();
$_SESSION['m_admin']['address']['CONTACT_PURPOSE_ID'] = $res_purpose->id;
} else if($_SESSION['m_admin']['address']['CONTACT_PURPOSE_ID'] <> "" && $_SESSION['m_admin']['address']['CONTACT_PURPOSE_NAME'] <> ""){
- $this->query("SELECT id FROM contact_purposes WHERE label = '".$this->protect_string_db($_SESSION['m_admin']['address']['CONTACT_PURPOSE_NAME'])."'");
- $res_purpose = $this->fetch_object();
+ $stmt = $db->query("SELECT id FROM contact_purposes WHERE label = ?", array($_SESSION['m_admin']['address']['CONTACT_PURPOSE_NAME']));
+ $res_purpose = $stmt->fetchObject();
if ($res_purpose->id != $_SESSION['m_admin']['address']['CONTACT_PURPOSE_ID']) {
- $this->query("INSERT INTO contact_purposes (label) VALUES ('".$this->protect_string_db($_SESSION['m_admin']['address']['CONTACT_PURPOSE_NAME'])."')");
- $this->query("SELECT id FROM contact_purposes WHERE label = '".$this->protect_string_db($_SESSION['m_admin']['address']['CONTACT_PURPOSE_NAME'])."'");
- $res_purpose = $this->fetch_object();
+ $db->query("INSERT INTO contact_purposes (label) VALUES (?)", array($_SESSION['m_admin']['address']['CONTACT_PURPOSE_NAME']));
+ $stmt = $db->query("SELECT id FROM contact_purposes WHERE label = ?", array($_SESSION['m_admin']['address']['CONTACT_PURPOSE_NAME']));
+ $res_purpose = $stmt->fetchObject();
$_SESSION['m_admin']['address']['CONTACT_PURPOSE_ID'] = $res_purpose->id;
}
}
@@ -1547,58 +1492,23 @@ class contacts_v2 extends dbquery
. 'phone , email , address_num, address_street, '
. 'address_complement, address_town, '
. 'address_postal_code, address_country, other_data,'
- . " title, is_private, website, occupancy, user_id, entity_id, salutation_header, salutation_footer) VALUES ( "
- . $_SESSION['contact']['current_contact_id']
- . ", " . $_SESSION['m_admin']['address']['CONTACT_PURPOSE_ID']
- . ", '" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['DEPARTEMENT']
- ) . "', '" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['LASTNAME']
- ) . "', '" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['FIRSTNAME']
- ) . "', '" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['FUNCTION']
- ) . "', '" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['PHONE']
- ) . "', '" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['MAIL']
- ) . "', '" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['ADD_NUM']
- ) . "','" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['ADD_STREET']
- ) . "', '" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['ADD_COMP']
- ) . "', '" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['ADD_TOWN']
- ) . "', '" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['ADD_CP']
- ) . "','" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['ADD_COUNTRY']
- ) . "','" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['OTHER_DATA']
- ) . "','" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['TITLE']
- ) . "','" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['IS_PRIVATE']
- ) . "','" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['WEBSITE']
- ) . "','" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['OCCUPANCY']
- ) . "','" . $this->protect_string_db(
- $_SESSION['user']['UserId']
- ) . "','" . $this->protect_string_db(
- $entity_id
- ) . "','" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['SALUTATION_HEADER']
- ) . "','" . $this->protect_string_db(
- $_SESSION['m_admin']['address']['SALUTATION_FOOTER']
- ) . "' )";
-
- $this->query($query);
+ . " title, is_private, website, occupancy, user_id, entity_id, salutation_header, salutation_footer) VALUES (?, ?,
+ ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+
+ $arrayPDO = array($_SESSION['contact']['current_contact_id'], $_SESSION['m_admin']['address']['CONTACT_PURPOSE_ID'], $_SESSION['m_admin']['address']['DEPARTEMENT'],
+ $_SESSION['m_admin']['address']['LASTNAME'], $_SESSION['m_admin']['address']['FIRSTNAME'], $_SESSION['m_admin']['address']['FUNCTION'], $_SESSION['m_admin']['address']['PHONE'],
+ $_SESSION['m_admin']['address']['MAIL'], $_SESSION['m_admin']['address']['ADD_NUM'], $_SESSION['m_admin']['address']['ADD_STREET'], $_SESSION['m_admin']['address']['ADD_COMP'],
+ $_SESSION['m_admin']['address']['ADD_TOWN'], $_SESSION['m_admin']['address']['ADD_CP'], $_SESSION['m_admin']['address']['ADD_COUNTRY'], $_SESSION['m_admin']['address']['OTHER_DATA'],
+ $_SESSION['m_admin']['address']['TITLE'], $_SESSION['m_admin']['address']['IS_PRIVATE'], $_SESSION['m_admin']['address']['WEBSITE'], $_SESSION['m_admin']['address']['OCCUPANCY'],
+ $_SESSION['user']['UserId'], $entity_id, $_SESSION['m_admin']['address']['SALUTATION_HEADER'], $_SESSION['m_admin']['address']['SALUTATION_FOOTER']);
+
+ $db->query($query, $arrayPDO);
if($_SESSION['history']['addressadd'])
{
- $this->query("select id from ".$_SESSION['tablename']['contact_addresses']." where lastname = '".$this->protect_string_db($_SESSION['m_admin']['address']['LASTNAME'])."' and firstname = '".$this->protect_string_db($_SESSION['m_admin']['address']['FIRSTNAME'])."' and society = '".$this->protect_string_db($_SESSION['m_admin']['address']['SOCIETY'])."' and function = '".$this->protect_string_db($_SESSION['m_admin']['address']['FUNCTION'])."' and is_corporate_person = '".$this->protect_string_db($_SESSION['m_admin']['address']['IS_CORPORATE_PERSON'])."'");
- $res = $this->fetch_object();
+ $stmt = $db->query("SELECT id FROM ".$_SESSION['tablename']['contact_addresses']." WHERE
+ lastname = ? and firstname = ? and society = ? and function = ? and is_corporate_person = ?",
+ array($_SESSION['m_admin']['address']['LASTNAME'], $_SESSION['m_admin']['address']['FIRSTNAME'], $_SESSION['m_admin']['address']['SOCIETY'], $_SESSION['m_admin']['address']['FUNCTION'], $_SESSION['m_admin']['address']['IS_CORPORATE_PERSON']));
+ $res = $stmt->fetchObject();
$id = $res->contact_id;
if($_SESSION['m_admin']['address']['IS_CORPORATE_PERSON'] == 'Y')
{
@@ -1624,31 +1534,39 @@ class contacts_v2 extends dbquery
}
elseif($mode == "up")
{
- $query = "update ".$_SESSION['tablename']['contact_addresses']."
- set contact_purpose_id = '".$_SESSION['m_admin']['address']['CONTACT_PURPOSE_ID']."'
- , departement = '".$this->protect_string_db($_SESSION['m_admin']['address']['DEPARTEMENT'])."'
- , firstname = '".$this->protect_string_db($_SESSION['m_admin']['address']['FIRSTNAME'])."'
- , lastname = '".$this->protect_string_db($_SESSION['m_admin']['address']['LASTNAME'])."'
- , title = '".$this->protect_string_db($_SESSION['m_admin']['address']['TITLE'])."'
- , function = '".$this->protect_string_db($_SESSION['m_admin']['address']['FUNCTION'])."'
- , phone = '".$this->protect_string_db($_SESSION['m_admin']['address']['PHONE'])."'
- , email = '".$this->protect_string_db($_SESSION['m_admin']['address']['MAIL'])."'
- , occupancy = '".$this->protect_string_db($_SESSION['m_admin']['address']['OCCUPANCY'])."'
- , address_num = '".$this->protect_string_db($_SESSION['m_admin']['address']['ADD_NUM'])."'
- , address_street = '".$this->protect_string_db($_SESSION['m_admin']['address']['ADD_STREET'])."'
- , address_complement = '".$this->protect_string_db($_SESSION['m_admin']['address']['ADD_COMP'])."'
- , address_town = '".$this->protect_string_db($_SESSION['m_admin']['address']['ADD_TOWN'])."'
- , address_postal_code = '".$this->protect_string_db($_SESSION['m_admin']['address']['ADD_CP'])."'
- , address_country = '".$this->protect_string_db($_SESSION['m_admin']['address']['ADD_COUNTRY'])."'
- , website = '".$this->protect_string_db($_SESSION['m_admin']['address']['WEBSITE'])."'
- , other_data = '".$this->protect_string_db($_SESSION['m_admin']['address']['OTHER_DATA'])."'
- , is_private = '".$this->protect_string_db($_SESSION['m_admin']['address']['IS_PRIVATE'])."'
- , salutation_header = '".$this->protect_string_db($_SESSION['m_admin']['address']['SALUTATION_HEADER'])."'
- , salutation_footer = '".$this->protect_string_db($_SESSION['m_admin']['address']['SALUTATION_FOOTER'])."'";
-
- $query .=" where id = ".$_SESSION['m_admin']['address']['ID'];
-
- $this->query($query);
+ $query = "UPDATE ".$_SESSION['tablename']['contact_addresses']."
+ SET contact_purpose_id = ?
+ , departement = ?
+ , firstname = ?
+ , lastname = ?
+ , title = ?
+ , function = ?
+ , phone = ?
+ , email = ?
+ , occupancy = ?
+ , address_num = ?
+ , address_street = ?
+ , address_complement = ?
+ , address_town = ?
+ , address_postal_code = ?
+ , address_country = ?
+ , website = ?
+ , other_data = ?
+ , is_private = ?
+ , salutation_header = ?
+ , salutation_footer = ?";
+
+ $query .=" WHERE id = ?";
+
+ $arrayPDO = array($_SESSION['m_admin']['address']['CONTACT_PURPOSE_ID'], $_SESSION['m_admin']['address']['DEPARTEMENT'], $_SESSION['m_admin']['address']['FIRSTNAME'],
+ $_SESSION['m_admin']['address']['LASTNAME'], $_SESSION['m_admin']['address']['TITLE'], $_SESSION['m_admin']['address']['FUNCTION'], $_SESSION['m_admin']['address']['PHONE'],
+ $_SESSION['m_admin']['address']['MAIL'], $_SESSION['m_admin']['address']['OCCUPANCY'], $_SESSION['m_admin']['address']['ADD_NUM'], $_SESSION['m_admin']['address']['ADD_STREET'], $_SESSION['m_admin']['address']['ADD_COMP'],
+ $_SESSION['m_admin']['address']['ADD_TOWN'], $_SESSION['m_admin']['address']['ADD_CP'], $_SESSION['m_admin']['address']['ADD_COUNTRY'], $_SESSION['m_admin']['address']['WEBSITE'],
+ $_SESSION['m_admin']['address']['OTHER_DATA'], $_SESSION['m_admin']['address']['IS_PRIVATE'], $_SESSION['m_admin']['address']['SALUTATION_HEADER'], $_SESSION['m_admin']['address']['SALUTATION_FOOTER'],
+ $_SESSION['m_admin']['address']['ID']);
+
+
+ $db->query($query, $arrayPDO);
if($_SESSION['history']['contactup'])
{
$msg = _ADDRESS_EDITED.' : '.$this->protect_string_db($_SESSION['m_admin']['address']['SOCIETY']).' '.$this->protect_string_db($_SESSION['m_admin']['address']['LASTNAME'].' '.$_SESSION['m_admin']['address']['FIRSTNAME']);
@@ -1854,9 +1772,9 @@ class contacts_v2 extends dbquery
* @param string $table
*/
public function get_label_contact($contact_type_id, $table){
- $this->connect();
- $this->query('select label from '.$table . ' where id = '.$contact_type_id);
- $res = $this->fetch_object();
+ $db = new Database();
+ $stmt = $db->query('SELECT label FROM '.$table . ' WHERE id = ?',array($contact_type_id));
+ $res = $stmt->fetchObject();
return $this->show_string($res->label);
}
@@ -1897,7 +1815,7 @@ class contacts_v2 extends dbquery
public function type_purpose_address_del($id, $admin = true, $tablename, $mode='contact_type', $deleted_sentence, $warning_sentence, $title, $reaffect_sentence, $new_sentence, $choose_sentence, $page_return, $page_del, $name){
$nb_elements = 0;
- $this->connect();
+ $db = new Database();
$order = $_REQUEST['order'];
$order_field = $_REQUEST['order_field'];
$start = $_REQUEST['start'];
@@ -1914,20 +1832,20 @@ class contacts_v2 extends dbquery
if(!empty($id))
{
if ($mode == 'contact_type') {
- $this->query("select contact_id from ".$_SESSION['tablename']['contacts_v2']
- . " where contact_type = ". $id );
+ $stmt = $db->query("SELECT contact_id FROM ".$_SESSION['tablename']['contacts_v2']
+ . " WHERE contact_type = ?", array($id));
} else if ($mode == 'contact_purpose'){
- $this->query("select id from ".$_SESSION['tablename']['contact_addresses']
- . " where contact_purpose_id = ". $id );
+ $stmt = $db->query("SELECT id FROM ".$_SESSION['tablename']['contact_addresses']
+ . " WHERE contact_purpose_id = ?", array($id));
} else if ($mode == 'contact_address'){
- $this->query("select address_id from mlb_coll_ext where address_id = ". $id );
+ $stmt = $db->query("SELECT address_id FROM mlb_coll_ext WHERE address_id = ?", array($id));
}
- if($this->nb_result() > 0)$nb_elements = $nb_elements + $this->nb_result();
+ if($stmt->rowCount() > 0)$nb_elements = $nb_elements + $stmt->rowCount();
// $this->show();
if ($mode == 'contact_address'){
- $this->query("select address_id from contacts_res where address_id = ". $id );
- if($this->nb_result() > 0)$nb_elements = $nb_elements + $this->nb_result();
+ $stmt = $db->query("SELECT address_id FROM contacts_res WHERE address_id = ?", array($id));
+ if($stmt->rowCount() > 0)$nb_elements = $nb_elements + $stmt->rowCount();
}
?>
@@ -1947,7 +1865,7 @@ class contacts_v2 extends dbquery
if ($nb_elements == 0 && $mode != "contact_address" )
{
- $this->query("DELETE FROM ".$tablename." WHERE id = ".$id);
+ $db->query("DELETE FROM ".$tablename." WHERE id = ?", array($id));
if($_SESSION['history'][$page_del] == "true")
{
@@ -1995,9 +1913,9 @@ class contacts_v2 extends dbquery
<?php
if($mode == 'contact_address'){
- $this->query("SELECT * FROM ".$_SESSION['tablename']['contacts_v2']
- . " WHERE contact_id = ". $_SESSION['contact']['current_contact_id'] );
- while($line = $this->fetch_object())
+ $stmt = $db->query("SELECT * FROM ".$_SESSION['tablename']['contacts_v2']
+ . " WHERE contact_id = ?", array($_SESSION['contact']['current_contact_id']));
+ while($line = $stmt->fetchObject())
{
$CurrentContact = $this->get_label_contact($line->contact_type, $_SESSION['tablename']['contact_types']) . ' : ';
if($line->is_corporate_person == 'N'){
@@ -2059,9 +1977,9 @@ class contacts_v2 extends dbquery
<input type="hidden" id="new" name="new" />
<?php
}else{
- $this->query("select id, label from ".$tablename." where id <> ".$id);
+ $stmt = $db->query("SELECT id, label FROM ".$tablename." WHERE id <> ?", array($id));
- while ($res = $this->fetch_object()) {
+ while ($res = $stmt->fetchObject()) {
$array[$res->id] = $this->protect_string_db($res->label);
}
?>
@@ -2386,14 +2304,14 @@ class contacts_v2 extends dbquery
}
function contactEnabled($userId, $mode) {
- $this->connect();
- $this->query("UPDATE contacts_v2 SET enabled = '".$mode."' WHERE contact_id = '".$userId."'");
- $this->query("UPDATE contact_addresses SET enabled = '".$mode."' WHERE contact_id = '".$userId."'");
+ $db = new Database();
+ $db->query("UPDATE contacts_v2 SET enabled = ? WHERE contact_id = ?", array($mode, $userId));
+ $db->query("UPDATE contact_addresses SET enabled = ? WHERE contact_id = ?", array($mode, $userId));
}
function addressEnabled($addressId, $mode) {
- $this->connect();
- $this->query("UPDATE contact_addresses SET enabled = '".$mode."' WHERE id = '".$addressId."'");
+ $db = new Database();
+ $db->query("UPDATE contact_addresses SET enabled = ? WHERE id = ?", array($mode, $addressId));
}
}
diff --git a/maarch_entreprise/trunk/class/class_indexing_searching_app.php b/maarch_entreprise/trunk/class/class_indexing_searching_app.php
index 55e17a6ca5788ca01d0f81ca199a85f8ccd01351..12f19f114792b04eba1a34a2fe6a8ef1c6396385 100644
--- a/maarch_entreprise/trunk/class/class_indexing_searching_app.php
+++ b/maarch_entreprise/trunk/class/class_indexing_searching_app.php
@@ -173,6 +173,7 @@ class indexing_searching_app extends dbquery
$data_ext = array();
$request = new request();
$core = new core_tools();
+ $db = new Database();
$table = $sec->retrieve_table_from_coll($coll_id);
$view = $sec->retrieve_view_from_coll_id($coll_id);
@@ -199,10 +200,11 @@ class indexing_searching_app extends dbquery
<?php
exit();
}
- $where = "res_id = ".$id_to_update;
- $request->connect();
- $request->query("select category_id from ".$view." where ".$where);
- $res = $request->fetch_object();
+ $where = "res_id = ? ";
+ $arrayPDO = array($id_to_update);
+
+ $stmt = $db->query("SELECT category_id FROM ".$view." WHERE res_id = ?", array($id_to_update));
+ $res = $stmt->fetchObject();
$cat_id = $res->category_id;
if (empty($cat_id) || !isset($cat_id))
{
@@ -303,9 +305,9 @@ class indexing_searching_app extends dbquery
if ($core->is_module_loaded('folder'))
{
- $request->connect();
- $request->query("select folders_system_id from ".$table." where res_id = ".$id_to_update);
- $res = $request->fetch_object();
+
+ $stmt = $db->query("SELECT folders_system_id FROM ".$table." WHERE res_id = ?", array($id_to_update));
+ $res = $stmt->fetchObject();
$old_folder_id = $res->folders_system_id;
$market = '';
if (isset($post['folder']))
@@ -328,8 +330,8 @@ class indexing_searching_app extends dbquery
$_SESSION['error'] .= $_ENV['categories'][$cat_id]['other_cases']['market']['label']." "._WRONG_FORMAT." <br/>";
}
$market_id = str_replace(')', '', substr($market, strrpos($market,'(')+1));
- $request->query("select folders_system_id from ".$_SESSION['tablename']['fold_folders']." where folders_system_id = ".$market_id);
- if ($request->nb_result() == 0)
+ $stmt = $db->query("SELECT folders_system_id FROM ".$_SESSION['tablename']['fold_folders']." WHERE folders_system_id = ?", array($market_id));
+ if ($stmt->rowCount() == 0)
{
$_SESSION['error'] .= _MARKET.' '.$market_id.' '._UNKNOWN.'<br/>';
}
@@ -353,16 +355,16 @@ class indexing_searching_app extends dbquery
$_SESSION['error'] .= $_ENV['categories'][$cat_id]['other_cases']['project']['label']." "._WRONG_FORMAT." <br/>";
}
$project_id = str_replace(')', '', substr($project, strrpos($project,'(')+1));
- $request->query("select folders_system_id from ".$_SESSION['tablename']['fold_folders']." where folders_system_id = ".$project_id);
- if ($request->nb_result() == 0)
+ $stmt = $db->query("SELECT folders_system_id FROM ".$_SESSION['tablename']['fold_folders']." WHERE folders_system_id = ?", array($project_id));
+ if ($stmt->rowCount() == 0)
{
$_SESSION['error'] .= _MARKET.' '.$project_id.' '._UNKNOWN.'<br/>';
}
}
if (!empty($project_id) && !empty($market_id))
{
- $request->query("select folders_system_id from ".$_SESSION['tablename']['fold_folders']." where folders_system_id = ".$market_id." and parent_id = ".$project_id);
- if ($request->nb_result() == 0)
+ $stmt = $db->query("SELECT folders_system_id FROM ".$_SESSION['tablename']['fold_folders']." WHERE folders_system_id = ? and parent_id = ?", array($market_id, $project_id));
+ if ($stmt->rowCount() == 0)
{
$_SESSION['error'] .= _INCOMPATIBILITY_MARKET_PROJECT.'<br/>';
}
@@ -417,10 +419,10 @@ class indexing_searching_app extends dbquery
$type->inits_opt_indexes($coll_id, $id_to_update);
//$request->show_array($data_res);
//exit();
- $request->update($table, $data_res, $where, $_SESSION['config']['databasetype']);
+ $request->PDOupdate($table, $data_res, $where, $arrayPDO, $_SESSION['config']['databasetype']);
if (count($data_ext) > 0)
{
- $request->update($table_ext, $data_ext, $where, $_SESSION['config']['databasetype']);
+ $request->PDOupdate($table_ext, $data_ext, $where, $arrayPDO, $_SESSION['config']['databasetype']);
}
$_SESSION['info'] = _INDEX_UPDATED." (".strtolower(_NUM).$id_to_update.")";
@@ -478,8 +480,9 @@ class indexing_searching_app extends dbquery
$request = new request();
$data = array();
array_push($data, array('column' => 'status', 'value' => 'DEL', 'type' => 'string'));
- $where = "res_id = ".$id_to_delete;
- $request->update($table, $data, $where, $_SESSION['config']['databasetype']);
+ $where = "res_id = ? ";
+ $arrayPDO = array($id_to_delete);
+ $request->PDOupdate($table, $data, $where, $arrayPDO, $_SESSION['config']['databasetype']);
$_SESSION['error'] = _DOC_DELETED." ("._NUM." : ".$id_to_delete.")";
if ($_SESSION['history']['resdel'])
{
@@ -513,8 +516,9 @@ class indexing_searching_app extends dbquery
$request = new request();
$data = array();
array_push($data, array('column' => 'status', 'value' => $status, 'type' => 'string'));
- $where = "res_id = ".$idDoc;
- $request->update($table, $data, $where, $_SESSION['config']['databasetype']);
+ $where = "res_id = ?";
+ $arrayPDO = array($idDoc);
+ $request->PDOupdate($table, $data, $where, $arrayPDO, $_SESSION['config']['databasetype']);
$_SESSION['error'] = _UPDATE_DOC_STATUS." ("._NUM." : ".$idDoc.") "._TO." ".$status;
require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_history.php");
$hist = new history();
@@ -806,13 +810,12 @@ class indexing_searching_app extends dbquery
{
$view = $sec->retrieve_table_from_coll($coll_id);
}
- $db = new dbquery();
- $db->connect();
- $db->query("select answer_type_bitmask, process_notes, other_answer_desc from ".$view." where res_id = ".$res_id);
- $res = $db->fetch_object();
+ $db = new Database();
+ $stmt = $db->query("SELECT answer_type_bitmask, process_notes, other_answer_desc FROM ".$view." WHERE res_id = ?", array($res_id));
+ $res = $stmt->fetchObject();
$bitmask = $res->answer_type_bitmask;
- $process_notes = $db->show_string($res->process_notes);
- $other_answer_desc = $db->show_string($res->other_answer_desc);
+ $process_notes = functions::show_string($res->process_notes);
+ $other_answer_desc = functions::show_string($res->other_answer_desc);
$contact = false;
$mail = false;
$AR = false;
diff --git a/maarch_entreprise/trunk/class/class_lists.php b/maarch_entreprise/trunk/class/class_lists.php
index e82ea5bb4651206acc4705026105e27a878e2a27..49bc3e5a160f361d47ab795088450515549494a0 100644
--- a/maarch_entreprise/trunk/class/class_lists.php
+++ b/maarch_entreprise/trunk/class/class_lists.php
@@ -162,17 +162,16 @@ class lists extends dbquery
$filters = $filtersClause = $where = $options = '';
//Db query
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
//Load filter's data
switch ($filter) {
case 'status':
- $db->query(
- "select * from " . STATUS_TABLE . " where can_be_searched = 'Y' order by label_status"
+ $stmt = $db->query(
+ "SELECT * FROM " . STATUS_TABLE . " WHERE can_be_searched = 'Y' order by label_status"
);
- while ($res = $db->fetch_object()) {
+ while ($res = $stmt->fetchObject()) {
if (isset($_SESSION['filters']['status']['VALUE'])
&& $_SESSION['filters']['status']['VALUE'] == $res->id
) $selected = 'selected="selected"'; else $selected = '';
@@ -205,14 +204,14 @@ class lists extends dbquery
$where = 'where ' . $this->params['basketClause'];
}
- $db->query(
- "select distinct(r.destination) as entity_id, count(distinct r.res_id)"
- . " as total, e.entity_label , e.short_label from "
+ $stmt = $db->query(
+ "SELECT distinct(r.destination) as entity_id, count(distinct r.res_id)"
+ . " as total, e.entity_label , e.short_label FROM "
. $view. " r left join " . ENT_ENTITIES
. " e on e.entity_id = r.destination " .$where
. " group by e.entity_label, e.short_label, r.destination order by e.entity_label"
);
- while ($res = $db->fetch_object()) {
+ while ($res = $stmt->fetchObject()) {
if (isset($_SESSION['filters']['entity']['VALUE'])
&& $_SESSION['filters']['entity']['VALUE'] == $res->entity_id
@@ -238,9 +237,6 @@ class lists extends dbquery
$ent = new entity();
$sec = new security();
-
- $db2 = new dbquery();
- $db2->connect();
$view = $sec->retrieve_view_from_table($this->params['tableName']);
if (empty($view)) {
@@ -252,14 +248,14 @@ class lists extends dbquery
$where = 'where ' . $this->params['basketClause'];
}
- $db->query(
- "select distinct(r.destination) as entity_id, count(distinct r.res_id)"
- . " as total, e.entity_label , e.short_label from "
+ $stmt = $db->query(
+ "SELECT distinct(r.destination) as entity_id, count(distinct r.res_id)"
+ . " as total, e.entity_label , e.short_label FROM "
. $view. " r left join " . ENT_ENTITIES
. " e on e.entity_id = r.destination " .$where
. " group by e.entity_label, e.short_label, r.destination order by e.entity_label"
);
- while ($res = $db->fetch_object()) {
+ while ($res = $stmt->fetchObject()) {
if (isset($_SESSION['filters']['entity_subentities']['VALUE'])
&& $_SESSION['filters']['entity_subentities']['VALUE'] == $res->entity_id
@@ -281,8 +277,8 @@ class lists extends dbquery
}
$this->params['basketClause'] = str_replace('r.', 'res_view_letterbox.', $this->params['basketClause']);
- $db2->query("SELECT count(res_id) as total FROM ".$view." WHERE (".$this->params['basketClause'].") and destination in (" . implode(",",$subEntities) . ")");
- $res2 = $db2->fetch_object();
+ $stmt2 = $db->query("SELECT count(res_id) as total FROM ".$view." WHERE (".$this->params['basketClause'].") and destination in (" . implode(",",$subEntities) . ")");
+ $res2 = $stmt2->fetchObject();
$options .='<option value="'.$res->entity_id.'" '.$selected.' '.$style.'>'.$res->short_label.' ('.$res2->total.')</option>';
}
@@ -304,13 +300,13 @@ class lists extends dbquery
if (!empty($view)) {
if (! empty($this->params['basketClause'])) $where = 'where '.$this->params['basketClause'];
- $db->query(
- "select distinct(typist) as typist, count(distinct r.res_id)"
- . " as total from "
+ $stmt = $db->query(
+ "SELECT distinct(typist) as typist, count(distinct r.res_id)"
+ . " as total FROM "
. $view. " r " .$where
. " group by typist order by typist"
);
- while ($res = $db->fetch_object()) {
+ while ($res = $stmt->fetchObject()) {
if (isset($_SESSION['filters']['typist']['VALUE'])
&& $_SESSION['filters']['typist']['VALUE'] == $res->typist
@@ -381,18 +377,16 @@ class lists extends dbquery
if(isset($_SESSION['filters']['contact']['VALUE']) && !empty($_SESSION['filters']['contact']['VALUE'])) {
require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_request.php");
- $db = new dbquery();
- $db->connect();
if (is_numeric($_SESSION['filters']['contact']['VALUE'])) {
$query = "SELECT society, lastname, firstname, is_corporate_person, society_short FROM "
- . $_SESSION['tablename']['contacts_v2'] . " WHERE contact_id = ".$_SESSION['filters']['contact']['VALUE'];
+ . $_SESSION['tablename']['contacts_v2'] . " WHERE contact_id = ?";
- $db->query($query);
- $line = $db->fetch_object();
+ $stmt = $db->query($query, array($_SESSION['filters']['contact']['VALUE']));
+ $line = $stmt->fetchObject();
if($line->is_corporate_person == 'N'){
- $contact = $db->show_string($line->lastname)." ".$db->show_string($line->firstname);
+ $contact = functions::show_string($line->lastname)." ".functions::show_string($line->firstname);
if($line->society <> ''){
$contact .= ' ('.$line->society.')';
}
@@ -403,12 +397,12 @@ class lists extends dbquery
}
}
} else {
- $query = "SELECT lastname, firstname FROM users WHERE user_id = '".$_SESSION['filters']['contact']['VALUE']."'";
+ $query = "SELECT lastname, firstname FROM users WHERE user_id = ?";
- $db->query($query);
- $line = $db->fetch_object();
+ $stmt = $db->query($query, array($_SESSION['filters']['contact']['VALUE']));
+ $line = $stmt->fetchObject();
- $contact .= $db->show_string($line->firstname) . " " . $db->show_string($line->lastname);
+ $contact .= functions::show_string($line->firstname) . " " . functions::show_string($line->lastname);
}
} else {
@@ -436,13 +430,13 @@ class lists extends dbquery
if (! empty($this->params['basketClause'])) $where = 'where '.$this->params['basketClause'];
- $db->query(
- "select distinct(r.type_id), t.description from "
+ $stmt = $db->query(
+ "SELECT distinct(r.type_id), t.description FROM "
.$this->params['tableName']. " r left join " . DOCTYPES_TABLE
. " t on t.type_id = r.type_id " .$where
. " group by t.description, r.type_id order by t.description"
);
- while ($res = $db->fetch_object()) {
+ while ($res = $stmt->fetchObject()) {
if (isset($_SESSION['filters']['type']['VALUE'])
&& $_SESSION['filters']['type']['VALUE'] == $res->type_id
) $selected = 'selected="selected"'; else $selected = '';
@@ -474,12 +468,12 @@ class lists extends dbquery
break;
case 'action':
- $db->query(
- "select id, label_action from "
+ $stmt = $db->query(
+ "SELECT id, label_action FROM "
. $_SESSION['tablename']['actions']
- . " where origin = 'folder' and enabled = 'Y' and history = 'Y'"
+ . " WHERE origin = 'folder' and enabled = 'Y' and history = 'Y'"
);
- while ($res = $db->fetch_object()) {
+ while ($res = $stmt->fetchObject()) {
$id = 'ACTION#' . $res->id;
if (isset($_SESSION['filters']['action']['VALUE'])
&& $_SESSION['filters']['action']['VALUE'] == $id
@@ -680,18 +674,6 @@ class lists extends dbquery
} else if ($_REQUEST['filter'] == 'contact') {
-/* $contactTmp = str_replace(')', '',
- substr($_SESSION['filters']['contact']['VALUE'],
- strrpos($_SESSION['filters']['contact']['VALUE'],'(')+1));
- $find1 = strpos($contactTmp, ':');
- $find2 = $find1 + 1;
- $contactType = substr($contactTmp, 0, $find1);
- $contactId = $this->protect_string_db(substr($contactTmp, $find2, strlen($contactTmp)));
- if($contactType == "user") {
- $_SESSION['filters']['contact']['CLAUSE'] = "(exp_user_id = '".$contactId."' or dest_user_id = '".$contactId."')";
- } else if($contactType == "contact") {
- $_SESSION['filters']['contact']['CLAUSE'] = "(exp_contact_id = '".$contactId."' or dest_contact_id = '".$contactId."')";
- }*/
if(is_numeric($_SESSION['filters']['contact']['VALUE'])){
$_SESSION['filters']['contact']['CLAUSE'] = "(exp_contact_id = '".$_SESSION['filters']['contact']['VALUE']."' or dest_contact_id = '".$_SESSION['filters']['contact']['VALUE']."')";
} else {
@@ -1460,15 +1442,13 @@ class lists extends dbquery
public function tmplt_showDefaultAction($parameter)
{
- //Db query
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
//Load action name
- $db->query(
- "select label_action from actions where id = ".$_SESSION['current_basket']['default_action']
+ $stmt = $db->query(
+ "SELECT label_action FROM actions WHERE id = ?", array($_SESSION['current_basket']['default_action'])
);
- $res = $db->fetch_object();
+ $res = $stmt->fetchObject();
return $res->label_action;
}
diff --git a/maarch_entreprise/trunk/class/class_reopen_mail.php b/maarch_entreprise/trunk/class/class_reopen_mail.php
index 58cce16a53df0f779f3057dbcbb76eda7772927d..14ae77fd7c0d4672f4a6c1bcdb91e63d0a6152a2 100644
--- a/maarch_entreprise/trunk/class/class_reopen_mail.php
+++ b/maarch_entreprise/trunk/class/class_reopen_mail.php
@@ -64,6 +64,7 @@ class ReopenMail extends dbquery
*/
public function update_db()
{
+ $db = new Database();
// add ou modify users in the database
$this->reopen_mail_check();
if (! empty($_SESSION['error'])) {
@@ -81,25 +82,23 @@ class ReopenMail extends dbquery
$sec = new security();
$ind_coll = $sec->get_ind_collection('letterbox_coll');
$table = $_SESSION['collections'][$ind_coll]['table'];
- $this->connect();
+
if (!empty($_SESSION['m_admin']['reopen_mail']['REF_ID'])) {
- $this->query(
- "select res_id, alt_identifier, status from res_view_letterbox where alt_identifier = '"
- . $_SESSION['m_admin']['reopen_mail']['REF_ID'] . "'"
+ $stmt = $db->query(
+ "SELECT res_id, alt_identifier, status FROM res_view_letterbox WHERE alt_identifier = ?", array($_SESSION['m_admin']['reopen_mail']['REF_ID'])
);
- $result_object=$this->fetch_object();
+ $result_object=$stmt->fetchObject();
$res_id = $result_object->res_id;
$_SESSION['m_admin']['reopen_mail']['ID'] = $res_id;
$errorMsg = _REF_ID . ' ' . _UNKNOWN;
} elseif (!empty($_SESSION['m_admin']['reopen_mail']['ID'])) {
- $this->query(
- 'select res_id, alt_identifier, status from res_view_letterbox where res_id = '
- . $_SESSION['m_admin']['reopen_mail']['ID']
+ $stmt = $db->query(
+ 'SELECT res_id, alt_identifier, status FROM res_view_letterbox WHERE res_id = ?', array($_SESSION['m_admin']['reopen_mail']['ID'])
);
$errorMsg = _GED_ID . ' ' . _UNKNOWN;
}
- if ($this->nb_result() == 0) {
+ if ($stmt->rowCount() == 0) {
$_SESSION['error'] = $errorMsg;
header(
'location: ' . $_SESSION['config']['businessappurl']
@@ -108,30 +107,15 @@ class ReopenMail extends dbquery
. '&admin=reopen_mail'
);
exit();
- } /*else {
- $resultRes = $this->fetch_object();
-
- if ($resultRes->status <> "END" && $resultRes->status <> "CLO" && $resultRes->status <> "CLOS" && $resultRes->status <> "VAL" && $resultRes->status <> "NEW" && $resultRes->status <> "DEL" && $resultRes->status <> "COU") {
- $_SESSION['error'] = _DOC_NOT_CLOSED;
- header(
- 'location: ' . $_SESSION['config']['businessappurl']
- . 'index.php?page=reopen_mail&id='
- . $_SESSION['m_admin']['reopen_mail']['ID']
- . '&admin=reopen_mail'
- );
- exit();
- }
- }*/
+ }
- $this->query(
- 'update ' . $table . " set status = '".$_REQUEST['status_id']."' where res_id = "
- . $_SESSION['m_admin']['reopen_mail']['ID']
+ $db->query(
+ 'UPDATE ' . $table . " SET status = ? where res_id = ?"
+ , array($_REQUEST['status_id'], $_SESSION['m_admin']['reopen_mail']['ID'])
);
- $db = new dbquery();
- $db->connect();
- $db->query("SELECT id, label_status from status where id = '".$_REQUEST['status_id']."'");
- while ( $line = $db->fetch_object()) {$label_status = $line->label_status;}
+ $stmt = $db->query("SELECT id, label_status FROM status WHERE id = ?", array($_REQUEST['status_id']));
+ while ( $line = $stmt->fetchObject()) {$label_status = $line->label_status;}
$historyMsg = _MODIFICATION_OF_THE_STATUS_FROM_THIS_MAIL .$label_status. ' du courrier ';
if ($resultRes->alt_identifier <> '') {
@@ -167,15 +151,14 @@ class ReopenMail extends dbquery
*/
public function formreopenmail()
{
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
- $db->query(
- "SELECT id, label_status from status where is_folder_status = 'N' ");
+ $stmt = $db->query(
+ "SELECT id, label_status FROM status WHERE is_folder_status = 'N' ");
$notesList = '';
- if ($db->nb_result() < 1) {
- $notesList = 'no contact or error query';
+ if ($stmt->rowCount() < 1) {
+ $notesList = 'No contact or error query';
}
?>
@@ -196,7 +179,7 @@ class ReopenMail extends dbquery
<?php echo _CHOOSE_STATUS;?> :
<SELECT NAME='status_id'>
<?php
- while ( $line = $db->fetch_object()) {
+ while ( $line = $stmt->fetchObject()) {
echo "<OPTION VALUE='".$line->id."'>".$line->label_status."</OPTION>";
}
?>
diff --git a/maarch_entreprise/trunk/class/class_types.php b/maarch_entreprise/trunk/class/class_types.php
index cb8a4aa95b334f1d4e5d4248692c12ed6f4ccd61..52838acf994251d24ec062d42546bdd16d1e8de6 100644
--- a/maarch_entreprise/trunk/class/class_types.php
+++ b/maarch_entreprise/trunk/class/class_types.php
@@ -40,21 +40,21 @@ class types extends dbquery
$func = new functions();
$core = new core_tools();
$sec = new security();
+ $db = new Database();
$state = true;
if (! isset($_SESSION['m_admin']['doctypes'])) {
$this->cleartypeinfos();
}
if ($mode <> "prop" && $mode <> "add") {
- $this->connect();
- $this->query(
- "select * from " . DOCTYPES_TABLE . " where type_id = " . $id
+ $stmt = $db->query(
+ "SELECT * FROM " . DOCTYPES_TABLE . " WHERE type_id = ?", array($id)
);
- if ($this->nb_result() == 0) {
+ if ($stmt->rowCount() == 0) {
$_SESSION['error'] = _DOCTYPE . ' ' . _ALREADY_EXISTS;
$state = false;
} else {
$_SESSION['m_admin']['doctypes'] = array();
- $line = $this->fetch_object();
+ $line = $stmt->fetchObject();
$_SESSION['m_admin']['doctypes']['TYPE_ID'] = $line->type_id;
$_SESSION['m_admin']['doctypes']['COLL_ID'] = $line->coll_id;
$_SESSION['m_admin']['doctypes']['COLL_LABEL'] = $_SESSION['m_admin']['doctypes']['COLL_ID'];
@@ -260,6 +260,7 @@ class types extends dbquery
*/
private function typesinfo()
{
+ $db = new Database();
$core = new core_tools();
$func = new functions();
if (! isset($_REQUEST['mode'])) {
@@ -320,14 +321,14 @@ class types extends dbquery
$_SESSION['m_admin']['doctypes']['SUB_FOLDER'] = $func->wash(
$_REQUEST['sous_dossier'], "no", _THE_SUBFOLDER
);
- $this->connect();
- $this->query(
- "select doctypes_first_level_id as id from "
+
+ $stmt = $db->query(
+ "SELECT doctypes_first_level_id as id FROM "
. $_SESSION['tablename']['doctypes_second_level']
- . " where doctypes_second_level_id = "
- . $_REQUEST['sous_dossier']
+ . " WHERE doctypes_second_level_id = ?",
+ array($_REQUEST['sous_dossier'])
);
- $res = $this->fetch_object();
+ $res = $stmt->fetchObject();
$_SESSION['m_admin']['doctypes']['STRUCTURE'] = $res->id;
}
$_SESSION['m_admin']['doctypes']['order'] = $_REQUEST['order'];
@@ -341,6 +342,7 @@ class types extends dbquery
*/
public function uptypes()
{
+ $db = new Database();
// modify, add or validate a doctype
$core = new core_tools();
$this->typesinfo();
@@ -381,29 +383,17 @@ class types extends dbquery
} else {
$this->connect();
if ($_REQUEST['mode'] <> "prop" && $_REQUEST['mode'] <> "add") {
- $this->query(
- "update " . DOCTYPES_TABLE . " set description = '"
- . $this->protect_string_db(
- $_SESSION['m_admin']['doctypes']['LABEL']
- ) . "' , doctypes_first_level_id = "
- . $_SESSION['m_admin']['doctypes']['STRUCTURE']
- . ", doctypes_second_level_id = "
- . $_SESSION['m_admin']['doctypes']['SUB_FOLDER']
- . ", enabled = 'Y', coll_id = '"
- . $this->protect_string_db(
- $_SESSION['m_admin']['doctypes']['COLL_ID']
- ) . "' where type_id = "
- . $_SESSION['m_admin']['doctypes']['TYPE_ID'] . ""
+ $db->query(
+ "UPDATE " . DOCTYPES_TABLE . " SET description = ? , doctypes_first_level_id = ?, doctypes_second_level_id = ?, enabled = 'Y', coll_id = ?
+ WHERE type_id = ?",
+ array($_SESSION['m_admin']['doctypes']['LABEL'], $_SESSION['m_admin']['doctypes']['STRUCTURE'], $_SESSION['m_admin']['doctypes']['SUB_FOLDER'],
+ $_SESSION['m_admin']['doctypes']['COLL_ID'], $_SESSION['m_admin']['doctypes']['TYPE_ID'])
);
- $this->query(
- "delete from " . DOCTYPES_INDEXES_TABLE . " where coll_id = '"
- . $this->protect_string_db(
- $_SESSION['m_admin']['doctypes']['COLL_ID']
- ) . "' and type_id = "
- . $_SESSION['m_admin']['doctypes']['TYPE_ID']
+ $db->query(
+ "DELETE FROM " . DOCTYPES_INDEXES_TABLE . " WHERE coll_id = ? and type_id = ?",
+ array($_SESSION['m_admin']['doctypes']['COLL_ID'], $_SESSION['m_admin']['doctypes']['TYPE_ID'])
);
- //$this->show();
for ($i = 0; $i < count(
$_SESSION['m_admin']['doctypes']['indexes']
@@ -417,14 +407,11 @@ class types extends dbquery
) {
$mandatory = 'Y';
}
- $this->query(
- "insert into " . DOCTYPES_INDEXES_TABLE
- . " (coll_id, type_id, field_name, mandatory) values('"
- . $this->protect_string_db(
- $_SESSION['m_admin']['doctypes']['COLL_ID']
- ) . "', " . $_SESSION['m_admin']['doctypes']['TYPE_ID']
- . ", '" . $_SESSION['m_admin']['doctypes']['indexes'][$i]
- . "', '" . $mandatory . "')"
+ $db->query(
+ "INSERT INTO " . DOCTYPES_INDEXES_TABLE
+ . " (coll_id, type_id, field_name, mandatory) values(?, ?, ?, ?)",
+ array($_SESSION['m_admin']['doctypes']['COLL_ID'], $_SESSION['m_admin']['doctypes']['TYPE_ID'],
+ $_SESSION['m_admin']['doctypes']['indexes'][$i], $mandatory)
);
}
$_SESSION['service_tag'] = "doctype_updatedb";
@@ -463,29 +450,21 @@ class types extends dbquery
$tmp = $this->protect_string_db(
$_SESSION['m_admin']['doctypes']['LABEL']
);
- $this->query(
- "insert into " . DOCTYPES_TABLE . " (coll_id, "
+ $db->query(
+ "INSERT INTO " . DOCTYPES_TABLE . " (coll_id, "
." description, doctypes_first_level_id, "
- . "doctypes_second_level_id, enabled ) VALUES ('"
- . $_SESSION['m_admin']['doctypes']['COLL_ID'] . "', '"
- . $tmp . "',"
- . $_SESSION['m_admin']['doctypes']['STRUCTURE'] . ","
- . $_SESSION['m_admin']['doctypes']['SUB_FOLDER']
- . ", 'Y' )"
+ . "doctypes_second_level_id, enabled ) VALUES (?, ?, ?, ?, 'Y' )",
+ array($_SESSION['m_admin']['doctypes']['COLL_ID'], $tmp, $_SESSION['m_admin']['doctypes']['STRUCTURE'], $_SESSION['m_admin']['doctypes']['SUB_FOLDER'])
);
//$this->show();
- $this->query(
- "select type_id from " . DOCTYPES_TABLE
- . " where coll_id = '"
- . $_SESSION['m_admin']['doctypes']['COLL_ID']
- . "' and description = '" . $tmp
- . "' and doctypes_first_level_id = "
- . $_SESSION['m_admin']['doctypes']['STRUCTURE']
- . " and doctypes_second_level_id = "
- . $_SESSION['m_admin']['doctypes']['SUB_FOLDER']
+ $stmt = $db->query(
+ "SELECT type_id FROM " . DOCTYPES_TABLE
+ . " WHERE coll_id = ? and description = ? and doctypes_first_level_id = ? and doctypes_second_level_id = ?",
+ array($_SESSION['m_admin']['doctypes']['COLL_ID'], $tmp, $_SESSION['m_admin']['doctypes']['STRUCTURE']
+ , $_SESSION['m_admin']['doctypes']['SUB_FOLDER'])
);
//$this->show();
- $res = $this->fetch_object();
+ $res = $stmt->fetchObject();
$_SESSION['m_admin']['doctypes']['TYPE_ID'] = $res->type_id;
for ($i = 0; $i < count(
$_SESSION['m_admin']['doctypes']['indexes']
@@ -499,14 +478,12 @@ class types extends dbquery
) {
$mandatory = 'Y';
}
- $this->query(
- "insert into " . DOCTYPES_INDEXES_TABLE
+ $db->query(
+ "INSERT INTO " . DOCTYPES_INDEXES_TABLE
. " (coll_id, type_id, field_name, mandatory) "
- . "values('" . $this->protect_string_db(
- $_SESSION['m_admin']['doctypes']['COLL_ID']
- ) . "', " . $_SESSION['m_admin']['doctypes']['TYPE_ID']
- . ", '" . $_SESSION['m_admin']['doctypes']['indexes'][$i]
- . "', '" . $mandatory . "')"
+ . "values(?, ?, ?, ?)",
+ array($_SESSION['m_admin']['doctypes']['COLL_ID'], $_SESSION['m_admin']['doctypes']['TYPE_ID']
+ , $_SESSION['m_admin']['doctypes']['indexes'][$i], $mandatory)
);
}
@@ -562,13 +539,14 @@ class types extends dbquery
return $types;
}
- $this->connect();
- $this->query(
- "select type_id, description from " . DOCTYPES_TABLE
- . " where coll_id = '" . $collId . "' and enabled = 'Y' "
- . "order by description"
+ $db = new Database();
+ $stmt = $db->query(
+ "SELECT type_id, description FROM " . DOCTYPES_TABLE
+ . " WHERE coll_id = ? and enabled = 'Y' "
+ . "order by description",
+ array($collId)
);
- while ($res = $this->fetch_object()) {
+ while ($res = $stmt->fetchObject()) {
array_push(
$types,
array(
@@ -588,14 +566,15 @@ class types extends dbquery
*/
public function GetFullStructure($doctype)
{
+ $db = new Database();
$structure = array();
- $levelQuery = "select doctypes_first_level_id, "
- . "doctypes_second_level_id from " . DOCTYPES_TABLE
- . " where type_id = '" . $doctype . "'";
- $this->connect();
- $this->query($levelQuery);
- $result = $this->fetch_object();
- if ($this->nb_result() == 0) {
+ $levelQuery = "SELECT doctypes_first_level_id, "
+ . "doctypes_second_level_id FROM " . DOCTYPES_TABLE
+ . " WHERE type_id = ?";
+
+ $stmt = $db->query($levelQuery, array($doctype));
+ $result = $stmt->fetchObject();
+ if ($stmt->rowCount() == 0) {
return false;
} else {
array_push(
@@ -618,14 +597,14 @@ class types extends dbquery
public function getArrayDoctypesSecondLevel()
{
$secondLevel = array();
- $this->connect();
- $this->query(
- "select doctypes_second_level_id, doctypes_second_level_label, "
- . "css_style from "
+ $db = new Database();
+ $stmt = $this->query(
+ "SELECT doctypes_second_level_id, doctypes_second_level_label, "
+ . "css_style FROM "
. $_SESSION['tablename']['doctypes_second_level']
- . " where enabled = 'Y' order by doctypes_second_level_label"
+ . " WHERE enabled = 'Y' order by doctypes_second_level_label"
);
- while ($res = $this->fetch_object()) {
+ while ($res = $stmt->fetchObject()) {
array_push(
$secondLevel,
array(
@@ -645,27 +624,28 @@ class types extends dbquery
*/
public function getArrayStructTypes($collId)
{
- $this->connect();
+ $db = new Database();
$level1 = array();
- $this->query(
- "select d.type_id, d.description, d.doctypes_first_level_id, "
+ $stmt = $db->query(
+ "SELECT d.type_id, d.description, d.doctypes_first_level_id, "
. "d.doctypes_second_level_id, dsl.doctypes_second_level_label, "
. "dfl.doctypes_first_level_label, dfl.css_style as style_level1, "
- . " dsl.css_style as style_level2 from " . DOCTYPES_TABLE . " d, "
+ . " dsl.css_style as style_level2 FROM " . DOCTYPES_TABLE . " d, "
. $_SESSION['tablename']['doctypes_second_level'] . " dsl, "
. $_SESSION['tablename']['doctypes_first_level']
- . " dfl where coll_id = '" . $collId . "' and d.enabled = 'Y' "
+ . " dfl WHERE coll_id = ? and d.enabled = 'Y' "
. "and d.doctypes_second_level_id = dsl.doctypes_second_level_id "
. "and d.doctypes_first_level_id = dfl.doctypes_first_level_id "
. "and dsl.enabled = 'Y' and dfl.enabled = 'Y' "
. "order by dfl.doctypes_first_level_label,"
- . "dsl.doctypes_second_level_label, d.description "
+ . "dsl.doctypes_second_level_label, d.description ",
+ array($collId)
);
$lastLevel1 = '';
$nbLevel1 = 0;
$lastLevel2 = '';
$nbLevel2 = 0;
- while ($res = $this->fetch_object()) {
+ while ($res = $stmt->fetchObject()) {
//var_dump($res);
if ($lastLevel1 <> $res->doctypes_first_level_id) {
array_push(
@@ -737,6 +717,7 @@ class types extends dbquery
public function get_all_indexes($collId)
{
$sec = new security();
+ $db = new Database();
$indColl = $sec->get_ind_collection($collId);
if (file_exists(
$_SESSION['config']['corepath'] . 'custom' . DIRECTORY_SEPARATOR
@@ -825,9 +806,9 @@ class types extends dbquery
if (isset($order) && ! empty($order)) {
$query .= ' '.$order;
}
- $this->connect();
- $this->query($query);
- while ($res = $this->fetch_array()) {
+
+ $stmt = $db->query($query);
+ while ($res = $stmt->fetch(PDO::FETCH_ASSOC)) {
array_push(
$values,
array(
@@ -877,14 +858,14 @@ class types extends dbquery
public function get_indexes($typeId, $collId, $mode='full')
{
$fields = array();
- $this->connect();
- $this->query(
- "select field_name from " . DOCTYPES_INDEXES_TABLE
- . " where coll_id = '" . $collId . "' and type_id = " . $typeId
+ $db = new Database();
+ $stmt = $db->query(
+ "SELECT field_name FROM " . DOCTYPES_INDEXES_TABLE
+ . " WHERE coll_id = ? and type_id = ?",
+ array($collId, $typeId)
);
- //$this->show();
- while ($res = $this->fetch_object()) {
+ while ($res = $stmt->fetchObject()) {
array_push($fields, $res->field_name);
}
if ($mode == 'minimal') {
@@ -984,9 +965,9 @@ class types extends dbquery
if (isset($order) && ! empty($order)) {
$query .= ' '.$order;
}
- $this->connect();
- $this->query($query);
- while ($res = $this->fetch_object()) {
+
+ $stmt = $db->query($query);
+ while ($res = $stmt->fetchObject()) {
array_push(
$values,
array(
@@ -1050,14 +1031,14 @@ class types extends dbquery
public function get_mandatory_indexes($typeId, $collId)
{
$fields = array();
- $this->connect();
- $this->query(
- "select field_name from " . DOCTYPES_INDEXES_TABLE
- . " where coll_id = '" . $collId . "' and type_id = " . $typeId
- . " and mandatory = 'Y'"
+ $db = new Database();
+ $stmt = $db->query(
+ "SELECT field_name FROM " . DOCTYPES_INDEXES_TABLE
+ . " WHERE coll_id = ? and type_id = ? and mandatory = 'Y'",
+ array($collId, $typeId)
);
- while ($res = $this->fetch_object()) {
+ while ($res = $stmt->fetchObject()) {
array_push($fields, $res->field_name);
}
return $fields;
@@ -1252,16 +1233,16 @@ class types extends dbquery
{
$sec = new security();
$table = $sec->retrieve_table_from_coll($collId);
+ $db = new Database();
$indexes = $this->get_all_indexes($collId);
if (count($indexes) > 0) {
- $query = "update " . $table . " set ";
+ $query = "UPDATE " . $table . " set ";
for ($i = 0; $i < count($indexes); $i ++) {
$query .= $indexes[$i]['column'] . " = NULL, ";
}
$query = preg_replace('/, $/', ' where res_id = ' . $resId, $query);
- $this->connect();
- $this->query($query);
+ $db->query($query);
}
}
diff --git a/maarch_entreprise/trunk/class/class_users.php b/maarch_entreprise/trunk/class/class_users.php
index 4df5852ba75419b2f81c1d674770bc941854a0f8..18da9bba7a063f053d2f0019c9079fabbb81e410 100644
--- a/maarch_entreprise/trunk/class/class_users.php
+++ b/maarch_entreprise/trunk/class/class_users.php
@@ -41,6 +41,7 @@ class class_users extends dbquery
*/
public function user_modif()
{
+ $db = new Database();
$_SESSION['user']['FirstName'] = $this->wash(
$_POST['FirstName'], 'no', _FIRSTNAME
);
@@ -59,7 +60,6 @@ class class_users extends dbquery
$_POST['Phone'], 'phone', _PHONE, "no", "",32
);
}
-
if ($_SESSION['config']['ldap'] != "true") {
$_SESSION['user']['pass2'] = $this->wash(
@@ -151,31 +151,23 @@ class class_users extends dbquery
}
if (empty($_SESSION['error'])) {
- $firstname = $this->protect_string_db(
- $_SESSION['user']['FirstName']
- );
- $lastname = $this->protect_string_db($_SESSION['user']['LastName']);
- $department = $this->protect_string_db(
- $_SESSION['user']['department']
- );
- $this->connect();
+ $firstname = $_SESSION['user']['FirstName'];
+ $lastname = $_SESSION['user']['LastName'];
+ $department = $_SESSION['user']['department'];
- $query = "update " . USERS_TABLE . " set";
+ $query = "UPDATE " . USERS_TABLE . " SET";
+ $arrayPDO = array();
if ($_SESSION['config']['ldap'] != "true") {
- $query .= " password = '" . md5($_SESSION['user']['pass1']) . "',";
+ $query .= " password = ?,";
+ $arrayPDO = array_merge($arrayPDO, array(md5($_SESSION['user']['pass1'])));
}
- $query .= " firstname = '"
- . $firstname . "', lastname = '" . $lastname . "', phone = '"
- . $_SESSION['user']['Phone'] . "', mail = '"
- . $_SESSION['user']['Mail'] . "' , department = '" . $department
- . "', thumbprint = '" . $_SESSION['user']['thumbprint']
- . "', signature_path = '" . $_SESSION['user']['signature_path']
- . "', signature_file_name = '" . $_SESSION['user']['signature_file_name']
- . "' where user_id = '" . $_SESSION['user']['UserId'] . "'";
+ $query .= " firstname = ?, lastname = ?, phone = ?, mail = ? , department = ?, thumbprint = ?, signature_path = ?, signature_file_name = ? WHERE user_id = ?";
- $this->query($query);
+ $arrayPDO = array_merge($arrayPDO, array($firstname, $lastname, $_SESSION['user']['Phone'], $_SESSION['user']['Mail'], $department, $_SESSION['user']['thumbprint'],
+ $_SESSION['user']['signature_path'], $_SESSION['user']['signature_file_name'], $_SESSION['user']['UserId']));
+ $db->query($query, $arrayPDO);
if ($_SESSION['history']['usersup'] == 'true') {
require_once 'core' . DIRECTORY_SEPARATOR . 'class'
@@ -211,6 +203,7 @@ class class_users extends dbquery
public function change_info_user()
{
$core = new core_tools();
+ $db = new Database();
?>
<h1><i class="fa fa-user fa-2x" title=""></i> <?php echo _MY_INFO;?></h1>
@@ -222,15 +215,16 @@ class class_users extends dbquery
<h2 class="tit"><?php echo _USER_ENTITIES_TITLE;?> : </h2>
<ul id="my_profil" style="height:280px;overflow:auto;">
<?php
- $this->query("SELECT e.entity_label, ue.primary_entity FROM ".$_SESSION['tablename']['ent_users_entities']." ue, ".$_SESSION['tablename']['ent_entities']." e
- where ue.user_id ='".$_SESSION['user']['UserId']."' and ue.entity_id = e.entity_id order by e.entity_label");
- if($this->nb_result() < 1)
+ $stmt = $db->query("SELECT e.entity_label, ue.primary_entity FROM ".$_SESSION['tablename']['ent_users_entities']." ue, ".$_SESSION['tablename']['ent_entities']." e
+ WHERE ue.user_id = ? and ue.entity_id = e.entity_id order by e.entity_label",
+ array($_SESSION['user']['UserId']));
+ if($stmt->rowCount() < 1)
{
echo _USER_BELONGS_NO_ENTITY.".";
}
else
{
- while($line = $this->fetch_object())
+ while($line = $stmt->fetchObject())
{
if($line->primary_entity == 'Y'){
echo "<li style='list-style-position:inside;padding:5px;'><i class=\"fa fa-arrow-right\"></i> ".$line->entity_label." </li>";
@@ -250,18 +244,18 @@ class class_users extends dbquery
<h2 class="tit"><?php echo _USER_GROUPS_TITLE;?> : </h2>
<ul id="my_profil" style="height:280px;overflow:auto;">
<?php
- $this->connect();
- $this->query(
+
+ $stmt = $db->query(
"SELECT u.group_desc, uc.primary_group FROM " . USERGROUP_CONTENT_TABLE . " uc, "
- . USERGROUPS_TABLE ." u where uc.user_id ='"
- . $_SESSION['user']['UserId'] . "' and uc.group_id = u.group_id"
- . " order by u.group_desc"
+ . USERGROUPS_TABLE ." u WHERE uc.user_id = ? and uc.group_id = u.group_id"
+ . " order by u.group_desc",
+ array($_SESSION['user']['UserId'])
);
- if ($this->nb_result() < 1) {
+ if ($stmt->rowCount() < 1) {
echo _USER_BELONGS_NO_GROUP . ".";
} else {
- while ($line = $this->fetch_object()) {
+ while ($line = $stmt->fetchObject()) {
if($line->primary_group == 'Y'){
echo "<li style='list-style-position:inside;padding:5px;'><i class=\"fa fa-arrow-right\"></i> ".$line->group_desc." </li>";
}else{
@@ -399,23 +393,23 @@ class class_users extends dbquery
*/
public function get_user($user_id) {
if (!empty($user_id)) {
- $this->connect();
- $this->query(
- "select user_id, firstname, lastname, mail, phone, status, thumbprint, signature_path, signature_file_name from "
- . USERS_TABLE . " where user_id = '" . $user_id . "'"
+ $db = new Database();
+ $stmt = $db->query(
+ "SELECT user_id, firstname, lastname, mail, phone, status, thumbprint, signature_path, signature_file_name FROM "
+ . USERS_TABLE . " WHERE user_id = ?",
+ array($user_id)
);
- if ($this->nb_result() >0) {
- $line = $this->fetch_object();
+ if ($stmt->rowCount() >0) {
+ $line = $stmt->fetchObject();
if ($line->signature_path <> ''
&& $line->signature_file_name <> ''
) {
- $db = new dbquery();
- $db->connect();
- $query = "select path_template from "
+
+ $query = "SELECT path_template FROM "
. _DOCSERVERS_TABLE_NAME
- . " where docserver_id = 'TEMPLATES'";
- $db->query($query);
- $resDs = $db->fetch_object();
+ . " WHERE docserver_id = 'TEMPLATES'";
+ $stmt = $db->query($query);
+ $resDs = $stmt->fetchObject();
$pathToDs = $resDs->path_template;
$pathToSignature = $pathToDs . str_replace(
"#",