extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-13 17:38:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup select and insert from integer fields which had quotes around them.

Browse Source
This commit is contained in:
Miles Lott 2004-02-09 20:18:21 +00:00
parent ca65786ae9
commit 50586e085c
2 changed files with 49 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
phpgwapi/inc/class.contacts_ldap.inc.php
View File

@ -3,7 +3,7 @@
* phpGroupWare API - Accounts manager for LDAP * * phpGroupWare API - Accounts manager for LDAP *
* This file written by Miles Lott <milosch@phpgroupware.org> * * This file written by Miles Lott <milosch@phpgroupware.org> *
* View and manipulate contact records using LDAP * * View and manipulate contact records using LDAP *
* -------------------------------------------------------------------------* * ------------------------------------------------------------------------ *
* This library is part of the phpGroupWare API * * This library is part of the phpGroupWare API *
* http://www.phpgroupware.org/api * * http://www.phpgroupware.org/api *
* ------------------------------------------------------------------------ * * ------------------------------------------------------------------------ *
@ -185,7 +185,7 @@
} }
} }
$sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], 'uidnumber='.$id); $sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], 'uidnumber=' . (int)$id);
$ldap_fields = ldap_get_entries($this->ldap, $sri); $ldap_fields = ldap_get_entries($this->ldap, $sri);
$return_fields[0]['id'] = $ldap_fields[0]['uidnumber'][0]; $return_fields[0]['id'] = $ldap_fields[0]['uidnumber'][0];
@ -221,7 +221,8 @@
} }
} }
$this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id='" . $id . "'",__LINE__,__FILE__); $this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id='"
. (int)$id . "'",__LINE__,__FILE__);
while($this->db->next_record()) while($this->db->next_record())
{ {
if($extra_fields[$this->db->f('contact_name')]) if($extra_fields[$this->db->f('contact_name')])
@ -250,9 +251,12 @@
} }
$id = $this->nextid; $id = $this->nextid;
if ($id == -1) { $id = 1; } if($id == -1)
{
$id = 1;
}
$sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], 'uidnumber='.$id); $sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], 'uidnumber=' . (int)$id);
$ldap_fields = ldap_get_entries($this->ldap, $sri); $ldap_fields = ldap_get_entries($this->ldap, $sri);
$return_fields[0]['id'] = $ldap_fields[0]['uidnumber'][0]; $return_fields[0]['id'] = $ldap_fields[0]['uidnumber'][0];
@ -289,7 +293,7 @@
} }
} }
$this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id='" . $id . "'",__LINE__,__FILE__); $this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id='" . (int)$id . "'",__LINE__,__FILE__);
while($this->db->next_record()) while($this->db->next_record())
{ {
if($extra_fields[$this->db->f('contact_name')]) if($extra_fields[$this->db->f('contact_name')])
@ -758,7 +762,7 @@
function field_exists($id,$field_name) function field_exists($id,$field_name)
{ {
$this->db->query("select count(*) from $this->ext_table where contact_id='$id' and contact_name='" $this->db->query("SELECT COUNT(*) FROM $this->ext_table where contact_id='" . (int)$id . "' AND contact_name='"
. addslashes($field_name) . "'",__LINE__,__FILE__); . addslashes($field_name) . "'",__LINE__,__FILE__);
$this->db->next_record(); $this->db->next_record();
return $this->db->f(0); return $this->db->f(0);
@ -766,14 +770,14 @@
function add_single_extra_field($id,$owner,$field_name,$field_value) function add_single_extra_field($id,$owner,$field_name,$field_value)
{ {
$this->db->query("insert into $this->ext_table values ($id,'$owner','" . addslashes($field_name) $this->db->query("INSERT INTO $this->ext_table VALUES (" . (int)$id . ",'$owner','" . addslashes($field_name)
. "','" . addslashes($field_value) . "')",__LINE__,__FILE__); . "','" . addslashes($field_value) . "')",__LINE__,__FILE__);
} }
function delete_single_extra_field($id,$field_name) function delete_single_extra_field($id,$field_name)
{ {
$this->db->query("delete from $this->ext_table where contact_id='$id' and contact_name='" $this->db->query("DELETE FROM $this->ext_table WHERE contact_id='" . (int)$id . "' AND contact_name='"
. addslashes($field_name) . "'",__LINE__,__FILE__); . addslashes($field_name) . "'",__LINE__,__FILE__);
} }
function update($id,$owner,$fields,$access='private',$cat_id='0',$tid='n') function update($id,$owner,$fields,$access='private',$cat_id='0',$tid='n')
@ -786,7 +790,7 @@
} }
/* First make sure that id number exists */ /* First make sure that id number exists */
$sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], 'uidnumber='.$id); $sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], 'uidnumber=' . (int)$id);
$ldap_fields = ldap_get_entries($this->ldap, $sri); $ldap_fields = ldap_get_entries($this->ldap, $sri);
if ($ldap_fields[0]['dn']) if ($ldap_fields[0]['dn'])
@ -927,7 +931,7 @@
{ {
$this->db->query("UPDATE $this->ext_table SET contact_value='" . addslashes($x_value) $this->db->query("UPDATE $this->ext_table SET contact_value='" . addslashes($x_value)
. "',contact_owner='$owner' WHERE contact_name='" . addslashes($x_name) . "',contact_owner='$owner' WHERE contact_name='" . addslashes($x_name)
. "' AND contact_id='$id'",__LINE__,__FILE__); . "' AND contact_id='" . (int)$id . "'",__LINE__,__FILE__);
} }
} }
else else
@ -978,7 +982,7 @@
{ {
$err = ldap_delete($this->ldap,$ldap_fields[0]['dn']); $err = ldap_delete($this->ldap,$ldap_fields[0]['dn']);
$this->db->query("DELETE FROM $this->ext_table WHERE contact_id='$id' AND contact_owner='" $this->db->query("DELETE FROM $this->ext_table WHERE contact_id='" . (int)$id . "' AND contact_owner='"
. $this->account_id . "'",__LINE__,__FILE__); . $this->account_id . "'",__LINE__,__FILE__);
} }
else else

28
phpgwapi/inc/class.contacts_sql.inc.php
View File

@ -5,7 +5,7 @@
* and Miles Lott <milosch@phpgroupware.org> * * and Miles Lott <milosch@phpgroupware.org> *
* View and manipulate contact records using SQL * * View and manipulate contact records using SQL *
* Copyright (C) 2001 Joseph Engo * * Copyright (C) 2001 Joseph Engo *
* -------------------------------------------------------------------------* * ------------------------------------------------------------------------ *
* This library is part of the phpGroupWare API * * This library is part of the phpGroupWare API *
* http://www.phpgroupware.org/api * * http://www.phpgroupware.org/api *
* ------------------------------------------------------------------------ * * ------------------------------------------------------------------------ *
@ -179,7 +179,7 @@
} }
} }
$this->db->query("SELECT id,lid,tid,owner,access,cat_id $t_fields FROM $this->std_table WHERE id='". (int)$id . "'"); $this->db->query("SELECT id,lid,tid,owner,access,cat_id $t_fields FROM $this->std_table WHERE id=" . (int)$id);
$this->db->next_record(); $this->db->next_record();
$return_fields[0]['id'] = $this->db->f('id'); $return_fields[0]['id'] = $this->db->f('id');
@ -216,7 +216,7 @@
} }
} }
$this->db->query("SELECT contact_name,contact_value FROM $this->ext_table where contact_id='" . (int)$this->db->f('id') . "'",__LINE__,__FILE__); $this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id=" . (int)$this->db->f('id'),__LINE__,__FILE__);
while ($this->db->next_record()) while ($this->db->next_record())
{ {
if ($extra_fields[$this->db->f('contact_name')]) if ($extra_fields[$this->db->f('contact_name')])
@ -247,7 +247,7 @@
$id = $this->db->f(0); $id = $this->db->f(0);
$this->db->query("SELECT id,lid,tid,owner,access,cat_id $t_fields FROM $this->std_table WHERE id='" . (int)$id . "'",__LINE__,__FILE__); $this->db->query("SELECT id,lid,tid,owner,access,cat_id $t_fields FROM $this->std_table WHERE id=" . (int)$id,__LINE__,__FILE__);
$this->db->next_record(); $this->db->next_record();
$return_fields[0]['id'] = $this->db->f('id'); $return_fields[0]['id'] = $this->db->f('id');
@ -284,7 +284,7 @@
} }
} }
$this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id='" . $this->db->f('id') . "'",__LINE__,__FILE__); $this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id=" . (int)$this->db->f('id'),__LINE__,__FILE__);
while ($this->db->next_record()) while ($this->db->next_record())
{ {
if ($extra_fields[$this->db->f('contact_name')]) if ($extra_fields[$this->db->f('contact_name')])
@ -583,8 +583,8 @@
} }
reset($stock_fieldnames); reset($stock_fieldnames);
} }
$db2->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id='" $db2->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id="
. $this->db->f('id') . "'" .$filterextra,__LINE__,__FILE__); . (int)$this->db->f('id') . $filterextra,__LINE__,__FILE__);
while($db2->next_record()) while($db2->next_record())
{ {
if($extra_fields[$db2->f('contact_name')]) if($extra_fields[$db2->f('contact_name')])
@ -638,7 +638,7 @@
{ {
foreach($extra_fields as $name => $value) foreach($extra_fields as $name => $value)
{ {
$this->db->query("INSERT INTO $this->ext_table VALUES ('$id','" . $owner . "','" $this->db->query("INSERT INTO $this->ext_table VALUES (" . (int)$id . ",'" . $owner . "','"
. $this->db->db_addslashes($name) . "','" . $this->db->db_addslashes($value) . "')",__LINE__,__FILE__); . $this->db->db_addslashes($name) . "','" . $this->db->db_addslashes($value) . "')",__LINE__,__FILE__);
} }
} }
@ -647,7 +647,7 @@
function field_exists($id,$field_name) function field_exists($id,$field_name)
{ {
$this->db->query("SELECT COUNT(*) FROM $this->ext_table WHERE contact_id='$id' AND contact_name='" $this->db->query("SELECT COUNT(*) FROM $this->ext_table WHERE contact_id=" . (int)$id . " AND contact_name='"
. $this->db->db_addslashes($field_name) . "'",__LINE__,__FILE__); . $this->db->db_addslashes($field_name) . "'",__LINE__,__FILE__);
$this->db->next_record(); $this->db->next_record();
return $this->db->f(0); return $this->db->f(0);
@ -655,13 +655,13 @@
function add_single_extra_field($id,$owner,$field_name,$field_value) function add_single_extra_field($id,$owner,$field_name,$field_value)
{ {
$this->db->query("INSERT INTO $this->ext_table VALUES ($id,'$owner','" . $this->db->db_addslashes($field_name) $this->db->query("INSERT INTO $this->ext_table VALUES (" . (int)$id . ",'$owner','" . $this->db->db_addslashes($field_name)
. "','" . $this->db->db_addslashes($field_value) . "')",__LINE__,__FILE__); . "','" . $this->db->db_addslashes($field_value) . "')",__LINE__,__FILE__);
} }
function delete_single_extra_field($id,$field_name) function delete_single_extra_field($id,$field_name)
{ {
$this->db->query("DELETE FROM $this->ext_table WHERE contact_id='$id' AND contact_name='" $this->db->query("DELETE FROM $this->ext_table WHERE contact_id=" . (int)$id . " AND contact_name='"
. $this->db->db_addslashes($field_name) . "'",__LINE__,__FILE__); . $this->db->db_addslashes($field_name) . "'",__LINE__,__FILE__);
} }
@ -718,7 +718,7 @@
{ {
$this->db->query("UPDATE $this->ext_table SET contact_value='" . $this->db->db_addslashes($x_value) $this->db->query("UPDATE $this->ext_table SET contact_value='" . $this->db->db_addslashes($x_value)
. "',contact_owner=$owner WHERE contact_name='" . $this->db->db_addslashes($x_name) . "',contact_owner=$owner WHERE contact_name='" . $this->db->db_addslashes($x_name)
. "' AND contact_id=$id",__LINE__,__FILE__); . "' AND contact_id=" . (int)$id,__LINE__,__FILE__);
} }
} }
elseif($x_value) // dont write emtpy extra-fields elseif($x_value) // dont write emtpy extra-fields
@ -745,8 +745,8 @@
/* This is where the real work of delete() is done, shared class file contains calling function */ /* This is where the real work of delete() is done, shared class file contains calling function */
function delete_($id) function delete_($id)
{ {
$this->db->query("DELETE FROM $this->std_table WHERE id='$id'",__LINE__,__FILE__); $this->db->query("DELETE FROM $this->std_table WHERE id=" . (int)$id,__LINE__,__FILE__);
$this->db->query("DELETE FROM $this->ext_table WHERE contact_id='$id'",__LINE__,__FILE__); $this->db->query("DELETE FROM $this->ext_table WHERE contact_id=" . (int)$id,__LINE__,__FILE__);
} }
/* This is for the admin script deleteaccount.php */ /* This is for the admin script deleteaccount.php */