Changeset d7cb774 in github
- Timestamp:
- Oct 25, 2005 11:04:17 AM (8 years ago)
- Branches:
- master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8
- Children:
- d13c369
- Parents:
- e0ed972
- Files:
-
- 21 edited
-
SQL/postgres.initial.sql (modified) (1 diff)
-
index.php (modified) (1 diff)
-
program/include/cache.inc (modified) (4 diffs)
-
program/include/main.inc (modified) (4 diffs)
-
program/include/rcube_db.inc (modified) (4 diffs)
-
program/include/rcube_mdb2.inc (modified) (2 diffs)
-
program/include/session.inc (modified) (5 diffs)
-
program/steps/addressbook/delete.inc (modified) (3 diffs)
-
program/steps/addressbook/edit.inc (modified) (1 diff)
-
program/steps/addressbook/func.inc (modified) (3 diffs)
-
program/steps/addressbook/list.inc (modified) (2 diffs)
-
program/steps/addressbook/save.inc (modified) (4 diffs)
-
program/steps/addressbook/show.inc (modified) (1 diff)
-
program/steps/mail/addcontact.inc (modified) (2 diffs)
-
program/steps/mail/compose.inc (modified) (3 diffs)
-
program/steps/mail/sendmail.inc (modified) (1 diff)
-
program/steps/settings/delete_identity.inc (modified) (1 diff)
-
program/steps/settings/edit_identity.inc (modified) (1 diff)
-
program/steps/settings/func.inc (modified) (2 diffs)
-
program/steps/settings/save_identity.inc (modified) (4 diffs)
-
program/steps/settings/save_prefs.inc (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
SQL/postgres.initial.sql
r49afbf5 rd7cb774 118 118 "default" boolean DEFAULT false NOT NULL, 119 119 name character varying(128) NOT NULL, 120 organization character varying(128) NOT NULL,120 organization character varying(128), 121 121 email character varying(128) NOT NULL, 122 "reply-to" character varying(128) NOT NULL,123 bcc character varying(128) NOT NULL,124 signature text NOT NULL122 "reply-to" character varying(128), 123 bcc character varying(128), 124 signature text 125 125 ); 126 126 -
index.php
rf3b6599 rd7cb774 52 52 53 53 // set environment first 54 ini_set('include_path', ini_get('include_path').PATH_SEPARATOR.$INSTALL_PATH.PATH_SEPARATOR.$CURRENT_PATH.'program'.PATH_SEPARATOR.$CURRENT_PATH.'program/lib'); 54 // RC include folders MUST be included FIRST to avoid other 55 // possible not compatible libraries (i.e PEAR) to be included 56 // instead the ones provided by RC 57 ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$CURRENT_PATH.'program'.PATH_SEPARATOR.$CURRENT_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path')); 58 55 59 ini_set('session.name', 'sessid'); 56 60 ini_set('session.use_cookies', 1); 57 61 ini_set('error_reporting', E_ALL&~E_NOTICE); 58 62 59 60 63 // increase maximum execution time for php scripts 61 64 // (does not work in safe mode) 62 65 @set_time_limit('120'); 63 64 66 65 67 // include base files -
program/include/cache.inc
r30233b8 rd7cb774 26 26 27 27 // query db 28 $sql_result = $DB->query(sprintf("SELECT cache_id, data 29 FROM %s 30 WHERE user_id=%d 31 AND cache_key='%s'", 32 get_table_name('cache'), 33 $_SESSION['user_id'], 34 $key)); 28 $sql_result = $DB->query("SELECT cache_id, data 29 FROM ".get_table_name('cache')." 30 WHERE user_id=? 31 AND cache_key=?", 32 $_SESSION['user_id'], 33 $key); 35 34 36 35 // get cached data … … 54 53 if (!isset($CACHE_KEYS[$key])) 55 54 { 56 $sql_result = $DB->query(sprintf("SELECT cache_id 57 FROM %s 58 WHERE user_id=%d 59 AND cache_key='%s'", 60 get_table_name('cache'), 61 $_SESSION['user_id'], 62 $key)); 55 $sql_result = $DB->query("SELECT cache_id 56 FROM ".get_table_name('cache')." 57 WHERE user_id=? 58 AND cache_key=?", 59 $_SESSION['user_id'], 60 $key); 63 61 64 62 if ($sql_arr = $DB->fetch_assoc($sql_result)) … … 71 69 if ($CACHE_KEYS[$key]) 72 70 { 73 $DB->query(sprintf("UPDATE %s 74 SET created=NOW(), 75 data='%s' 76 WHERE user_id=%d 77 AND cache_key='%s'", 78 get_table_name('cache'), 79 addslashes($data), 80 $_SESSION['user_id'], 81 $key)); 71 $DB->query("UPDATE ".get_table_name('cache')." 72 SET created=NOW(), 73 data=? 74 WHERE user_id=? 75 AND cache_key=?", 76 $data, 77 $_SESSION['user_id'], 78 $key); 82 79 } 83 80 // add new cache record 84 81 else 85 82 { 86 $DB->query(sprintf("INSERT INTO %s 87 (created, user_id, session_id, cache_key, data) 88 VALUES (NOW(), %d, %s, '%s', '%s')", 89 get_table_name('cache'), 90 $_SESSION['user_id'], 91 $session_cache ? "'$sess_id'" : 'NULL', 92 $key, 93 addslashes($data))); 83 $DB->query("INSERT INTO ".get_table_name('cache')." 84 (created, user_id, session_id, cache_key, data) 85 VALUES (NOW(), ?, ?, ?', ?)", 86 $_SESSION['user_id'], 87 $session_cache ? $sess_id : 'NULL', 88 $key, 89 $data); 94 90 } 95 91 } … … 101 97 global $DB; 102 98 103 $DB->query(sprintf("DELETE FROM %s 104 WHERE user_id=%d 105 AND cache_key='%s'", 106 get_table_name('cache'), 107 $_SESSION['user_id'], 108 $key)); 99 $DB->query("DELETE FROM ".get_table_name('cache')." 100 WHERE user_id=? 101 AND cache_key=?", 102 $_SESSION['user_id'], 103 $key); 109 104 } 110 105 -
program/include/main.inc
rf3b6599 rd7cb774 264 264 265 265 // query if user already registered 266 $sql_result = $DB->query(sprintf("SELECT user_id, username, language, preferences 267 FROM %s 268 WHERE mail_host='%s' AND (username='%s' OR alias='%s')", 269 get_table_name('users'), 270 addslashes($host), 271 addslashes($user), 272 addslashes($user))); 266 $sql_result = $DB->query("SELECT user_id, username, language, preferences 267 FROM ".get_table_name('users')." 268 WHERE mail_host=? AND (username=? OR alias=?)", 269 $host, 270 $user, 271 $user); 273 272 274 273 // user already registered -> overwrite username … … 300 299 301 300 // update user's record 302 $DB->query(sprintf("UPDATE %s 303 SET last_login=NOW() 304 WHERE user_id=%d", 305 get_table_name('users'), 306 $user_id)); 301 $DB->query("UPDATE ".get_table_name('users')." 302 SET last_login=NOW() 303 WHERE user_id=?", 304 $user_id); 307 305 } 308 306 // create new system user … … 337 335 global $DB, $CONFIG, $IMAP; 338 336 339 $DB->query(sprintf("INSERT INTO %s 340 (created, last_login, username, mail_host, language) 341 VALUES (NOW(), NOW(), '%s', '%s', '%s')", 342 get_table_name('users'), 343 addslashes($user), 344 addslashes($host), 345 $_SESSION['user_lang'])); 346 347 if ($user_id = $DB->insert_id()) 337 $DB->query("INSERT INTO ".get_table_name('users')." 338 (created, last_login, username, mail_host, language) 339 VALUES (NOW(), NOW(), ?, ?, ?)", 340 $user, 341 $host, 342 $_SESSION['user_lang']); 343 344 if ($user_id = $DB->insert_id('user_ids')) 348 345 { 349 346 $user_email = strstr($user, '@') ? $user : sprintf('%s@%s', $user, $host); … … 351 348 352 349 // also create a new identity record 353 $DB->query(sprintf("INSERT INTO %s 354 (user_id, `default`, name, email) 355 VALUES (%d, '1', '%s', '%s')", 356 get_table_name('identities'), 357 $user_id, 358 addslashes($user_name), 359 addslashes($user_email))); 350 $DB->query("INSERT INTO ".get_table_name('identities')." 351 (user_id, `default`, name, email) 352 VALUES (?, '1', ?, ?)", 353 $user_id, 354 $user_name, 355 $user_email); 360 356 361 357 // get existing mailboxes -
program/include/rcube_db.inc
r53560c5 rd7cb774 102 102 } 103 103 104 // Query database (read operations) 105 106 function query($query, $offset=0, $numrows=0) 104 // Query database 105 106 function query() 107 { 108 $params = func_get_args(); 109 $query = array_shift($params); 110 111 return $this->_query($query, 0, 0, $params); 112 } 113 114 function limitquery() 115 { 116 $params = func_get_args(); 117 $query = array_shift($params); 118 $offset = array_shift($params); 119 $numrows = array_shift($params); 120 121 return $this->_query($query, $offset, $numrows, $params); 122 } 123 124 function _query($query, $offset, $numrows, $params) 107 125 { 108 126 // Read or write ? … … 119 137 if ($numrows || $offset) 120 138 { 121 $result = $this->db_handle->limitQuery($query,$offset,$numrows );139 $result = $this->db_handle->limitQuery($query,$offset,$numrows,$params); 122 140 } 123 141 else 124 $result = $this->db_handle->query($query );125 142 $result = $this->db_handle->query($query,$params); 143 126 144 if (DB::isError($result)) 145 { 127 146 raise_error(array('code' => 500, 128 147 'type' => 'db', … … 130 149 'file' => __FILE__, 131 150 'message' => $result->getMessage()), TRUE, FALSE); 132 151 return false; 152 } 153 133 154 return $this->_add_result($result, $query); 134 155 } … … 197 218 } 198 219 220 function quoteIdentifier ( $str ) 221 { 222 if (!$this->db_handle) 223 $this->db_connect('r'); 224 225 return $this->db_handle->quoteIdentifier($str); 226 } 227 228 function unixtimestamp($field) 229 { 230 switch($this->db_provider) 231 { 232 case 'pgsql': 233 return "EXTRACT (EPOCH FROM $field)"; 234 break; 235 default: 236 return "UNIX_TIMESTAMP($field)"; 237 } 238 } 239 199 240 function _add_result($res, $query) 200 241 { -
program/include/rcube_mdb2.inc
r53560c5 rd7cb774 102 102 } 103 103 104 // Query database (read operations) 105 106 function query($query, $offset=0, $numrows=0) 104 // Query database 105 106 function query() 107 { 108 $params = func_get_args(); 109 $query = array_shift($params); 110 111 return $this->_query($query, 0, 0, $params); 112 } 113 114 function limitquery() 115 { 116 $params = func_get_args(); 117 $query = array_shift($params); 118 $offset = array_shift($params); 119 $numrows = array_shift($params); 120 121 return $this->_query($query, $offset, $numrows, $params); 122 } 123 124 function _query($query, $offset, $numrows, $params) 107 125 { 108 126 // Read or write ? … … 176 194 } 177 195 196 function quoteIdentifier ( $str ) 197 { 198 if (!$this->db_handle) 199 $this->db_connect('r'); 200 201 return $this->db_handle->quoteIdentifier($str); 202 } 203 204 function unixtimestamp($field) 205 { 206 switch($this->db_provider) 207 { 208 case 'pgsql': 209 return "EXTRACT (EPOCH FROM $field)"; 210 break; 211 default: 212 return "UNIX_TIMESTAMP($field)"; 213 } 214 } 215 178 216 function _add_result($res, $query) 179 217 { -
program/include/session.inc
r42b1135 rd7cb774 39 39 global $DB, $SESS_CHANGED; 40 40 41 $sql_result = $DB->query(sprintf("SELECT vars, ip, UNIX_TIMESTAMP(changed) AS changed 42 FROM %s 43 WHERE sess_id='%s'", 44 get_table_name('session'), 45 $key)); 41 $sql_result = $DB->query("SELECT vars, ip, ".$DB->unixtimestamp('changed')." AS changed 42 FROM ".get_table_name('session')." 43 WHERE sess_id=?", 44 $key); 46 45 47 46 if ($sql_arr = $DB->fetch_assoc($sql_result)) … … 62 61 global $DB; 63 62 64 $sql_result = $DB->query(sprintf("SELECT 1 65 FROM %s 66 WHERE sess_id='%s'", 67 get_table_name('session'), 68 $key)); 63 $sql_result = $DB->query("SELECT 1 64 FROM ".get_table_name('session')." 65 WHERE sess_id=?", 66 $key); 69 67 70 68 if ($DB->num_rows($sql_result)) 71 69 { 72 70 session_decode($vars); 73 $DB->query(sprintf("UPDATE %s 74 SET vars='%s', 75 changed=NOW() 76 WHERE sess_id='%s'", 77 get_table_name('session'), 78 $vars, 79 $key)); 71 $DB->query("UPDATE ".get_table_name('session')." 72 SET vars=?, 73 changed=NOW() 74 WHERE sess_id=?", 75 $vars, 76 $key); 80 77 } 81 78 else 82 79 { 83 $DB->query(sprintf("INSERT INTO %s 84 (sess_id, vars, ip, created, changed) 85 VALUES ('%s', '%s', '%s', NOW(), NOW())", 86 get_table_name('session'), 87 $key, 88 $vars, 89 $_SERVER['REMOTE_ADDR'])); 80 $DB->query("INSERT INTO ".get_table_name('session')." 81 (sess_id, vars, ip, created, changed) 82 VALUES (?, ?, ?, NOW(), NOW())", 83 $key, 84 $vars, 85 $_SERVER['REMOTE_ADDR']); 90 86 } 91 87 … … 99 95 global $DB; 100 96 101 $DB->query(sprintf("DELETE FROM %s 102 WHERE sess_id='%s'", 103 get_table_name('session'), 104 $key)); 105 106 // also delete session entries in cache table 107 $DB->query(sprintf("DELETE FROM %s 108 WHERE session_id='%s'", 109 get_table_name('cache'), 110 $key)); 97 // delete session entries in cache table 98 $DB->query("DELETE FROM ".get_table_name('cache')." 99 WHERE session_id=?", 100 $key); 101 102 $DB->query("DELETE FROM ".get_table_name('session')." 103 WHERE sess_id=?", 104 $key); 111 105 112 106 return TRUE; … … 120 114 121 115 // get all expired sessions 122 $sql_result = $DB->query(sprintf("SELECT sess_id 123 FROM %s 124 WHERE UNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(created) > %d", 125 get_table_name('session'), 126 $maxlifetime)); 116 $sql_result = $DB->query("SELECT sess_id 117 FROM ".get_table_name('session')." 118 WHERE ".$DB->unixtimestamp('NOW()')."-".$DB->unixtimestamp('created')." > ?", 119 $maxlifetime); 127 120 128 121 $a_exp_sessions = array(); … … 133 126 if (sizeof($a_exp_sessions)) 134 127 { 128 // delete session cache records 129 $DB->query("DELETE FROM ".get_table_name('cache')." 130 WHERE session_id IN ('".join("','", $a_exp_sessions)."')"); 131 135 132 // delete session records 136 $DB->query(sprintf("DELETE FROM %s 137 WHERE sess_id IN ('%s')", 138 get_table_name('session'), 139 join("','", $a_exp_sessions))); 140 141 // also delete session cache records 142 $DB->query(sprintf("DELETE FROM %s 143 WHERE session_id IN ('%s')", 144 get_table_name('cache'), 145 join("','", $a_exp_sessions))); 133 $DB->query("DELETE FROM ".get_table_name('session')." 134 WHERE sess_id IN ('".join("','", $a_exp_sessions)."')"); 146 135 } 147 136 -
program/steps/addressbook/delete.inc
r53560c5 rd7cb774 24 24 if ($_GET['_cid']) 25 25 { 26 $DB->query(sprintf("UPDATE %s 27 SET del='1' 28 WHERE user_id=%d 29 AND contact_id IN (%s)", 30 get_table_name('contacts'), 31 $_SESSION['user_id'], 32 $_GET['_cid'])); 26 $DB->query("UPDATE ".get_table_name('contacts')." 27 SET del='1' 28 WHERE user_id=? 29 AND contact_id IN (".$_GET['_cid'].")", 30 $_SESSION['user_id']); 33 31 34 32 $count = $DB->affected_rows(); … … 41 39 42 40 // count contacts for this user 43 $sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows 44 FROM %s 45 WHERE del!='1' 46 AND user_id=%d", 47 get_table_name('contacts'), 48 $_SESSION['user_id'])); 41 $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows 42 FROM ".get_table_name('contacts')." 43 WHERE del<>'1' 44 AND user_id=?", 45 $_SESSION['user_id']); 49 46 50 47 $sql_arr = $DB->fetch_assoc($sql_result); … … 63 60 64 61 // get contacts from DB 65 $sql_result = $DB->query(sprintf("SELECT * FROM %s 66 WHERE del!='1' 67 AND user_id=%d 68 ORDER BY name", 69 get_table_name('contacts'), 70 $_SESSION['user_id']), 71 $start_row, 72 $count); 62 $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')." 63 WHERE del<>'1' 64 AND user_id=? 65 ORDER BY name", 66 $start_row, 67 $count, 68 $_SESSION['user_id']); 73 69 74 70 $commands .= rcmail_js_contacts_list($sql_result); -
program/steps/addressbook/edit.inc
r30233b8 rd7cb774 24 24 { 25 25 $cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid']; 26 $DB->query(sprintf("SELECT * FROM %s 27 WHERE contact_id=%d 28 AND user_id=%d 29 AND del!='1'", 30 get_table_name('contacts'), 31 $cid, 32 $_SESSION['user_id'])); 26 $DB->query("SELECT * FROM ".get_table_name('contacts')." 27 WHERE contact_id=? 28 AND user_id=? 29 AND del<>'1'", 30 $cid, 31 $_SESSION['user_id']); 33 32 34 33 $CONTACT_RECORD = $DB->fetch_assoc(); -
program/steps/addressbook/func.inc
r53560c5 rd7cb774 42 42 43 43 // count contacts for this user 44 $sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows 45 FROM %s 46 WHERE del!='1' 47 AND user_id=%d", 48 get_table_name('contacts'), 49 $_SESSION['user_id'])); 44 $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows 45 FROM ".get_table_name('contacts')." 46 WHERE del<>'1' 47 AND user_id=?", 48 $_SESSION['user_id']); 50 49 51 50 $sql_arr = $DB->fetch_assoc($sql_result); … … 57 56 58 57 // get contacts from DB 59 $sql_result = $DB->query(sprintf("SELECT * FROM %s 60 WHERE del!='1' 61 AND user_id=%d 62 ORDER BY name", 63 get_table_name('contacts'), 64 $_SESSION['user_id']), 65 $start_row, 66 $CONFIG['pagesize']); 58 $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')." 59 WHERE del<>'1' 60 AND user_id= ? 61 ORDER BY name", 62 $start_row, 63 $CONFIG['pagesize'], 64 $_SESSION['user_id']); 67 65 } 68 66 else … … 175 173 if ($max===NULL) 176 174 { 177 $sql_result = $DB->query(sprintf("SELECT 1 FROM %s 178 WHERE del!='1' 179 AND user_id=%d", 180 get_table_name('contacts'), 181 $_SESSION['user_id'])); 175 $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')." 176 WHERE del<>'1' 177 AND user_id=?", 178 $_SESSION['user_id']); 182 179 183 180 $max = $DB->num_rows($sql_result); -
program/steps/addressbook/list.inc
r53560c5 rd7cb774 23 23 24 24 // count contacts for this user 25 $sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows 26 FROM %s 27 WHERE del!='1' 28 AND user_id=%d", 29 get_table_name('contacts'), 30 $_SESSION['user_id'])); 25 $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows 26 FROM ".get_table_name('contacts')." 27 WHERE del<>'1' 28 AND user_id=?", 29 $_SESSION['user_id']); 31 30 32 31 $sql_arr = $DB->fetch_assoc($sql_result); … … 41 40 42 41 // get contacts from DB 43 $sql_result = $DB->query(sprintf("SELECT * FROM %s 44 WHERE del!='1' 45 AND user_id=%d 46 ORDER BY name", 47 get_table_name('contacts'), 48 $_SESSION['user_id']), 49 $start_row, 50 $CONFIG['pagesize']); 42 $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')." 43 WHERE del<>'1' 44 AND user_id=? 45 ORDER BY name", 46 $start_row, 47 $CONFIG['pagesize'], 48 $_SESSION['user_id']); 51 49 52 50 $commands .= rcmail_js_contacts_list($sql_result); -
program/steps/addressbook/save.inc
r30233b8 rd7cb774 40 40 if (sizeof($a_write_sql)) 41 41 { 42 $DB->query(sprintf("UPDATE %s 43 SET %s 44 WHERE contact_id=%d 45 AND user_id=%d 46 AND del!='1'", 47 get_table_name('contacts'), 48 join(', ', $a_write_sql), 49 $_POST['_cid'], 50 $_SESSION['user_id'])); 42 $DB->query("UPDATE ".get_table_name('contacts')." 43 SET ".join(', ', $a_write_sql)." 44 WHERE contact_id=? 45 AND user_id=? 46 AND del<>'1'", 47 $_POST['_cid'], 48 $_SESSION['user_id']); 51 49 52 50 $updated = $DB->affected_rows(); … … 64 62 $a_js_cols = array(); 65 63 66 $sql_result = $DB->query(sprintf("SELECT * FROM %s 67 WHERE contact_id=%d 68 AND user_id=%d 69 AND del!='1'", 70 get_table_name('contacts'), 64 $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')." 65 WHERE contact_id=? 66 AND user_id=? 67 AND del<>'1'", 71 68 $_POST['_cid'], 72 $_SESSION['user_id']) );69 $_SESSION['user_id']); 73 70 74 71 $sql_arr = $DB->fetch_assoc($sql_result); … … 112 109 if (sizeof($a_insert_cols)) 113 110 { 114 $DB->query(sprintf("INSERT INTO %s 115 (user_id, %s) 116 VALUES (%d, %s)", 117 get_table_name('contacts'), 118 join(', ', $a_insert_cols), 119 $_SESSION['user_id'], 120 join(', ', $a_insert_values))); 111 $DB->query("INSERT INTO ".get_table_name('contacts')." 112 (user_id, ".join(', ', $a_insert_cols).") 113 VALUES (?, ".join(', ', $a_insert_values).")", 114 $_SESSION['user_id']); 121 115 122 116 $insert_id = $DB->insert_id(); … … 132 126 // add contact row or jump to the page where it should appear 133 127 $commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME); 134 $sql_result = $DB->query(sprintf("SELECT * FROM %s 135 WHERE contact_id=%d 136 AND user_id=%d", 137 get_table_name('contacts'), 138 $insert_id, 139 $_SESSION['user_id'])); 128 $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')." 129 WHERE contact_id=? 130 AND user_id=?", 131 $insert_id, 132 $_SESSION['user_id']); 140 133 $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME); 141 134 -
program/steps/addressbook/show.inc
r30233b8 rd7cb774 24 24 { 25 25 $cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid']; 26 $DB->query(sprintf("SELECT * FROM %s 27 WHERE contact_id=%d 28 AND user_id=%d 29 AND del!='1'", 30 get_table_name('contacts'), 31 $cid, 32 $_SESSION['user_id'])); 26 $DB->query("SELECT * FROM ".get_table_name('contacts')." 27 WHERE contact_id=? 28 AND user_id=? 29 AND del<>'1'", 30 $cid, 31 $_SESSION['user_id']); 33 32 34 33 $CONTACT_RECORD = $DB->fetch_assoc(); -
program/steps/mail/addcontact.inc
r30233b8 rd7cb774 30 30 31 31 if ($contact['mailto']) 32 $sql_result = $DB->query(sprintf("SELECT 1 FROM %s 33 WHERE user_id=%d 34 AND email='%s' 35 AND del!='1'", 36 get_table_name('contacts'), 37 $_SESSION['user_id'], 38 $contact['mailto'])); 32 $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')." 33 WHERE user_id=? 34 AND email=? 35 AND del<>'1'", 36 $_SESSION['user_id'],$contact['mailto']); 39 37 40 38 // contact entry with this mail address exists … … 44 42 else if ($contact['mailto']) 45 43 { 46 $DB->query(sprintf("INSERT INTO %s 47 (user_id, name, email) 48 VALUES (%d, '%s', '%s')", 49 get_table_name('contacts'), 50 $_SESSION['user_id'], 51 $contact['name'], 52 $contact['mailto'])); 44 $DB->query("INSERT INTO ".get_table_name('contacts')." 45 (user_id, name, email) 46 VALUES (?, ?, ?)", 47 $_SESSION['user_id'], 48 $contact['name'], 49 $contact['mailto']); 53 50 54 51 $added = $DB->insert_id(); -
program/steps/mail/compose.inc
r7902df4 rd7cb774 88 88 89 89 // get this user's identities 90 $sql_result = $DB->query(sprintf("SELECT identity_id, name, email 91 FROM %s 92 WHERE user_id=%d 93 AND del!='1' 94 ORDER BY `default` DESC, name ASC", 95 get_table_name('identities'), 96 $_SESSION['user_id'])); 90 $sql_result = $DB->query("SELECT identity_id, name, email 91 FROM ".get_table_name('identities')." WHERE user_id=? 92 AND del<>'1' 93 ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC", 94 $_SESSION['user_id']); 97 95 98 96 if ($DB->num_rows($sql_result)) … … 124 122 { 125 123 $a_recipients = array(); 126 $sql_result = $DB->query(sprintf("SELECT name, email 127 FROM %s 128 WHERE user_id=%d 129 AND del!='1' 130 AND contact_id IN (%s)", 131 get_table_name('contacts'), 132 $_SESSION['user_id'], 133 $_GET['_to'])); 124 $sql_result = $DB->query("SELECT name, email 125 FROM ".get_table_name('contacts')." WHERE user_id=? 126 AND del<>'1' 127 AND contact_id IN (".$_GET['_to'].")", 128 $_SESSION['user_id']); 134 129 135 130 while ($sql_arr = $DB->fetch_assoc($sql_result)) … … 560 555 /****** get contacts for this user and add them to client scripts ********/ 561 556 562 $sql_result = $DB->query(sprintf("SELECT name, email 563 FROM %s 564 WHERE user_id=%d 565 AND del!='1'", 566 get_table_name('contacts'), 567 $_SESSION['user_id'])); 557 $sql_result = $DB->query("SELECT name, email 558 FROM ".get_table_name('contacts')." WHERE user_id=? 559 AND del<>'1'",$_SESSION['user_id']); 568 560 569 561 if ($DB->num_rows($sql_result)) -
program/steps/mail/sendmail.inc
rf3b6599 rd7cb774 43 43 44 44 // get identity record 45 $sql_result = $DB->query(sprintf("SELECT *, email AS mailto 46 FROM %s 47 WHERE identity_id=%d 48 AND user_id=%d 49 AND del!='1'", 50 get_table_name('identities'), 51 $id, 52 $_SESSION['user_id'])); 45 $sql_result = $DB->query("SELECT *, email AS mailto 46 FROM ".get_table_name('identities')." 47 WHERE identity_id=? 48 AND user_id=? 49 AND del<>'1'", 50 $id,$_SESSION['user_id']); 53 51 54 52 if ($DB->num_rows($sql_result)) -
program/steps/settings/delete_identity.inc
r30233b8 rd7cb774 24 24 if ($_GET['_iid']) 25 25 { 26 $DB->query(sprintf("UPDATE %s 27 SET del='1' 28 WHERE user_id=%d 29 AND identity_id IN (%s)", 30 get_table_name('identities'), 31 $_SESSION['user_id'], 32 $_GET['_iid'])); 26 $DB->query("UPDATE ".get_table_name('identities')." 27 SET del='1' 28 WHERE user_id=? 29 AND identity_id IN (".$_GET['_iid'].")", 30 $_SESSION['user_id']); 33 31 34 32 $count = $DB->affected_rows(); -
program/steps/settings/edit_identity.inc
r1038d554 rd7cb774 23 23 { 24 24 $id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid']; 25 $DB->query(sprintf("SELECT * FROM %s 26 WHERE identity_id=%d 27 AND user_id=%d 28 AND del!='1'", 29 get_table_name('identities'), 30 $id, 31 $_SESSION['user_id'])); 25 $DB->query("SELECT * FROM ".get_table_name('identities')." 26 WHERE identity_id=? 27 AND user_id=? 28 AND del<>'1'", 29 $id, 30 $_SESSION['user_id']); 32 31 33 32 $IDENTITY_RECORD = $DB->fetch_assoc(); -
program/steps/settings/func.inc
rcd900dd rd7cb774 22 22 23 23 // get user record 24 $sql_result = $DB->query(sprintf("SELECT username, mail_host FROM %s 25 WHERE user_id=%d", 26 get_table_name('users'), 27 $_SESSION['user_id'])); 24 $sql_result = $DB->query("SELECT username, mail_host FROM ".get_table_name('users')." 25 WHERE user_id=?", 26 $_SESSION['user_id']); 28 27 29 28 if ($USER_DATA = $DB->fetch_assoc($sql_result)) … … 144 143 145 144 // get contacts from DB 146 $sql_result = $DB->query(sprintf("SELECT * FROM %s 147 WHERE del!='1' 148 AND user_id=%d 149 ORDER BY `default` DESC, name ASC", 150 get_table_name('identities'), 151 $_SESSION['user_id'])); 145 $sql_result = $DB->query("SELECT * FROM ".get_table_name('identities')." 146 WHERE del<>'1' 147 AND user_id=? 148 ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC", 149 $_SESSION['user_id']); 152 150 153 151 -
program/steps/settings/save_identity.inc
r30233b8 rd7cb774 39 39 if (sizeof($a_write_sql)) 40 40 { 41 $DB->query(sprintf("UPDATE %s 42 SET %s 43 WHERE identity_id=%d 44 AND user_id=%d 45 AND del!='1'", 46 get_table_name('identities'), 47 join(', ', $a_write_sql), 48 $_POST['_iid'], 49 $_SESSION['user_id'])); 41 $DB->query("UPDATE ".get_table_name('identities')." 42 SET ".join(', ', $a_write_sql)." 43 WHERE identity_id=? 44 AND user_id=? 45 AND del<>'1'", 46 $_POST['_iid'], 47 $_SESSION['user_id']); 50 48 51 49 $updated = $DB->affected_rows(); … … 57 55 58 56 // mark all other identities as 'not-default' 59 $DB->query(sprintf("UPDATE %s 60 SET `default`='0' 61 WHERE identity_id!=%d 62 AND user_id=%d 63 AND del!='1'", 64 get_table_name('identities'), 65 $_POST['_iid'], 66 $_SESSION['user_id'])); 57 $DB->query("UPDATE ".get_table_name('identities')." 58 SET ".$DB->quoteIdentifier('default')."='0' 59 WHERE identity_id!=? 60 AND user_id=? 61 AND del<>'1'", 62 $_POST['_iid'], 63 $_SESSION['user_id']); 67 64 68 65 if ($_POST['_framed']) … … 90 87 continue; 91 88 92 $a_insert_cols[] = "`$col`";89 $a_insert_cols[] = $DB->quoteIdentifier($col); 93 90 $a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname])); 94 91 } … … 96 93 if (sizeof($a_insert_cols)) 97 94 { 98 $DB->query(sprintf("INSERT INTO %s 99 (user_id, %s) 100 VALUES (%d, %s)", 101 get_table_name('identities'), 102 join(', ', $a_insert_cols), 103 $_SESSION['user_id'], 104 join(', ', $a_insert_values))); 95 $DB->query("INSERT INTO ".get_table_name('identities')." 96 (user_id, ".join(', ', $a_insert_cols).") 97 VALUES (?, ".join(', ', $a_insert_values).")", 98 $_SESSION['user_id']); 105 99 106 100 $insert_id = $DB->insert_id(); -
program/steps/settings/save_prefs.inc
r30233b8 rd7cb774 36 36 37 37 38 $DB->query(sprintf("UPDATE %s 39 SET preferences='%s', 40 language='%s' 41 WHERE user_id=%d", 42 get_table_name('users'), 43 addslashes(serialize($a_user_prefs)), 44 $sess_user_lang, 45 $_SESSION['user_id'])); 38 $DB->query("UPDATE ".get_table_name('users')." 39 SET preferences=?, 40 language=? 41 WHERE user_id=?", 42 serialize($a_user_prefs), 43 $sess_user_lang, 44 $_SESSION['user_id']); 46 45 47 46 if ($DB->affected_rows())
Note: See TracChangeset
for help on using the changeset viewer.
