Cleanup select and insert from integer fields which had quotes around them.

phpgwapi/inc/class.contacts_ldap.inc.php

@@ -3,7 +3,7 @@
   * phpGroupWare API - Accounts manager for LDAP                             *
   * This file written by Miles Lott <milosch@phpgroupware.org>               *
   * View and manipulate contact records using LDAP                           *
-  * -------------------------------------------------------------------------*
+  * ------------------------------------------------------------------------ *
   * This library is part of the phpGroupWare API                             *
   * http://www.phpgroupware.org/api                                          *
   * ------------------------------------------------------------------------ *
@@ -185,7 +185,7 @@
 				}
 			}
 
-			$sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], 'uidnumber='.$id);
+			$sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], 'uidnumber=' . (int)$id);
 			$ldap_fields = ldap_get_entries($this->ldap, $sri);
 
 			$return_fields[0]['id']     = $ldap_fields[0]['uidnumber'][0];
@@ -221,7 +221,8 @@
 				}
 			}
 
-			$this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id='" . $id . "'",__LINE__,__FILE__);
+			$this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id='"
+				. (int)$id . "'",__LINE__,__FILE__);
 			while($this->db->next_record())
 			{
 				if($extra_fields[$this->db->f('contact_name')])
@@ -250,9 +251,12 @@
 			}
 
 			$id = $this->nextid;
-			if ($id == -1) { $id = 1; }
+			if($id == -1)
+			{
+				$id = 1;
+			}
 
-			$sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], 'uidnumber='.$id);
+			$sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], 'uidnumber=' . (int)$id);
 			$ldap_fields = ldap_get_entries($this->ldap, $sri);
 
 			$return_fields[0]['id']     = $ldap_fields[0]['uidnumber'][0];
@@ -289,7 +293,7 @@
 				}
 			}
 
-			$this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id='" . $id . "'",__LINE__,__FILE__);
+			$this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id='" . (int)$id . "'",__LINE__,__FILE__);
 			while($this->db->next_record())
 			{
 				if($extra_fields[$this->db->f('contact_name')])
@@ -758,7 +762,7 @@
 
 		function field_exists($id,$field_name)
 		{
-			$this->db->query("select count(*) from $this->ext_table where contact_id='$id' and contact_name='"
+			$this->db->query("SELECT COUNT(*) FROM $this->ext_table where contact_id='" . (int)$id . "' AND contact_name='"
 			. addslashes($field_name) . "'",__LINE__,__FILE__);
 			$this->db->next_record();
 			return $this->db->f(0);
@@ -766,13 +770,13 @@
 
 		function add_single_extra_field($id,$owner,$field_name,$field_value)
 		{
-			$this->db->query("insert into $this->ext_table values ($id,'$owner','" . addslashes($field_name)
+			$this->db->query("INSERT INTO $this->ext_table VALUES (" . (int)$id . ",'$owner','" . addslashes($field_name)
 				. "','" . addslashes($field_value) . "')",__LINE__,__FILE__);
 		}
 
 		function delete_single_extra_field($id,$field_name)
 		{
-			$this->db->query("delete from $this->ext_table where contact_id='$id' and contact_name='"
+			$this->db->query("DELETE FROM $this->ext_table WHERE contact_id='" . (int)$id . "' AND contact_name='"
 				. addslashes($field_name) . "'",__LINE__,__FILE__);
 		}
 
@@ -786,7 +790,7 @@
 			}
 
 			/* First make sure that id number exists */
-			$sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], 'uidnumber='.$id);
+			$sri = ldap_search($this->ldap, $GLOBALS['phpgw_info']['server']['ldap_contact_context'], 'uidnumber=' . (int)$id);
 			$ldap_fields = ldap_get_entries($this->ldap, $sri);
 
 			if ($ldap_fields[0]['dn'])
@@ -927,7 +931,7 @@
 						{
 							$this->db->query("UPDATE $this->ext_table SET contact_value='" . addslashes($x_value)
 								. "',contact_owner='$owner' WHERE contact_name='" . addslashes($x_name)
-								. "' AND contact_id='$id'",__LINE__,__FILE__);
+								. "' AND contact_id='" . (int)$id . "'",__LINE__,__FILE__);
 						}
 					}
 					else
@@ -978,7 +982,7 @@
 			{
 				$err = ldap_delete($this->ldap,$ldap_fields[0]['dn']);
 
-				$this->db->query("DELETE FROM $this->ext_table WHERE contact_id='$id' AND contact_owner='"
+				$this->db->query("DELETE FROM $this->ext_table WHERE contact_id='" . (int)$id . "' AND contact_owner='"
 					. $this->account_id . "'",__LINE__,__FILE__);
 			}
 			else

phpgwapi/inc/class.contacts_sql.inc.php

@@ -5,7 +5,7 @@
   *   and Miles Lott <milosch@phpgroupware.org>                              *
   * View and manipulate contact records using SQL                            *
   * Copyright (C) 2001 Joseph Engo                                           *
-  * -------------------------------------------------------------------------*
+  * ------------------------------------------------------------------------ *
   * This library is part of the phpGroupWare API                             *
   * http://www.phpgroupware.org/api                                          *
   * ------------------------------------------------------------------------ *
@@ -179,7 +179,7 @@
 				}
 			}
 
-			$this->db->query("SELECT id,lid,tid,owner,access,cat_id $t_fields FROM $this->std_table WHERE id='". (int)$id . "'");
+			$this->db->query("SELECT id,lid,tid,owner,access,cat_id $t_fields FROM $this->std_table WHERE id=" . (int)$id);
 			$this->db->next_record();
 
 			$return_fields[0]['id']     = $this->db->f('id');
@@ -216,7 +216,7 @@
 				}
 			}
 
-			$this->db->query("SELECT contact_name,contact_value FROM $this->ext_table where contact_id='" . (int)$this->db->f('id') . "'",__LINE__,__FILE__);
+			$this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id=" . (int)$this->db->f('id'),__LINE__,__FILE__);
 			while ($this->db->next_record())
 			{
 				if ($extra_fields[$this->db->f('contact_name')])
@@ -247,7 +247,7 @@
 
 			$id = $this->db->f(0);
 
-			$this->db->query("SELECT id,lid,tid,owner,access,cat_id $t_fields FROM $this->std_table WHERE id='" . (int)$id . "'",__LINE__,__FILE__);
+			$this->db->query("SELECT id,lid,tid,owner,access,cat_id $t_fields FROM $this->std_table WHERE id=" . (int)$id,__LINE__,__FILE__);
 			$this->db->next_record();
 
 			$return_fields[0]['id']     = $this->db->f('id');
@@ -284,7 +284,7 @@
 				}
 			}
 
-			$this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id='" . $this->db->f('id') . "'",__LINE__,__FILE__);
+			$this->db->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id=" . (int)$this->db->f('id'),__LINE__,__FILE__);
 			while ($this->db->next_record())
 			{
 				if ($extra_fields[$this->db->f('contact_name')])
@@ -583,8 +583,8 @@
 					}
 					reset($stock_fieldnames);
 				}
-				$db2->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id='"
-					. $this->db->f('id') . "'" .$filterextra,__LINE__,__FILE__);
+				$db2->query("SELECT contact_name,contact_value FROM $this->ext_table WHERE contact_id="
+					. (int)$this->db->f('id') . $filterextra,__LINE__,__FILE__);
 				while($db2->next_record())
 				{
 					if($extra_fields[$db2->f('contact_name')])
@@ -638,7 +638,7 @@
 			{
 				foreach($extra_fields as $name => $value)
 				{
-					$this->db->query("INSERT INTO $this->ext_table VALUES ('$id','" . $owner . "','"
+					$this->db->query("INSERT INTO $this->ext_table VALUES (" . (int)$id . ",'" . $owner . "','"
 						. $this->db->db_addslashes($name) . "','" . $this->db->db_addslashes($value) . "')",__LINE__,__FILE__);
 				}
 			}
@@ -647,7 +647,7 @@
 
 		function field_exists($id,$field_name)
 		{
-			$this->db->query("SELECT COUNT(*) FROM $this->ext_table WHERE contact_id='$id' AND contact_name='"
+			$this->db->query("SELECT COUNT(*) FROM $this->ext_table WHERE contact_id=" . (int)$id . " AND contact_name='"
 				. $this->db->db_addslashes($field_name) . "'",__LINE__,__FILE__);
 			$this->db->next_record();
 			return $this->db->f(0);
@@ -655,13 +655,13 @@
 
 		function add_single_extra_field($id,$owner,$field_name,$field_value)
 		{
-			$this->db->query("INSERT INTO $this->ext_table VALUES ($id,'$owner','" . $this->db->db_addslashes($field_name)
+			$this->db->query("INSERT INTO $this->ext_table VALUES (" . (int)$id . ",'$owner','" . $this->db->db_addslashes($field_name)
 				. "','" . $this->db->db_addslashes($field_value) . "')",__LINE__,__FILE__);
 		}
 
 		function delete_single_extra_field($id,$field_name)
 		{
-			$this->db->query("DELETE FROM $this->ext_table WHERE contact_id='$id' AND contact_name='"
+			$this->db->query("DELETE FROM $this->ext_table WHERE contact_id=" . (int)$id . " AND contact_name='"
 				. $this->db->db_addslashes($field_name) . "'",__LINE__,__FILE__);
 		}
 
@@ -718,7 +718,7 @@
 					{
 						$this->db->query("UPDATE $this->ext_table SET contact_value='" . $this->db->db_addslashes($x_value)
 							. "',contact_owner=$owner WHERE contact_name='" . $this->db->db_addslashes($x_name)
-							. "' AND contact_id=$id",__LINE__,__FILE__);
+							. "' AND contact_id=" . (int)$id,__LINE__,__FILE__);
 					}
 				}
 				elseif($x_value)	// dont write emtpy extra-fields
@@ -745,8 +745,8 @@
 		/* This is where the real work of delete() is done, shared class file contains calling function */
 		function delete_($id)
 		{
-			$this->db->query("DELETE FROM $this->std_table WHERE id='$id'",__LINE__,__FILE__);
-			$this->db->query("DELETE FROM $this->ext_table WHERE contact_id='$id'",__LINE__,__FILE__);
+			$this->db->query("DELETE FROM $this->std_table WHERE id=" . (int)$id,__LINE__,__FILE__);
+			$this->db->query("DELETE FROM $this->ext_table WHERE contact_id=" . (int)$id,__LINE__,__FILE__);
 		}
 
 		/* This is for the admin script deleteaccount.php */