summaryrefslogtreecommitdiff
path: root/program/steps
diff options
context:
space:
mode:
authorsvncommit <devs@roundcube.net>2005-10-25 15:04:17 +0000
committersvncommit <devs@roundcube.net>2005-10-25 15:04:17 +0000
commitd7cb77414c4cf074269b6812c3dd3571ee29afca (patch)
tree8c29185f134c6c5135746bcda47459e4e1879850 /program/steps
parente0ed972884aff33465ac551c8ef06febb57e4c54 (diff)
more pear/mdb2 integration
Diffstat (limited to 'program/steps')
-rw-r--r--program/steps/addressbook/delete.inc38
-rw-r--r--program/steps/addressbook/edit.inc13
-rw-r--r--program/steps/addressbook/func.inc35
-rw-r--r--program/steps/addressbook/list.inc26
-rw-r--r--program/steps/addressbook/save.inc49
-rw-r--r--program/steps/addressbook/show.inc13
-rw-r--r--program/steps/mail/addcontact.inc25
-rw-r--r--program/steps/mail/compose.inc34
-rw-r--r--program/steps/mail/sendmail.inc14
-rw-r--r--program/steps/settings/delete_identity.inc12
-rw-r--r--program/steps/settings/edit_identity.inc13
-rw-r--r--program/steps/settings/func.inc18
-rw-r--r--program/steps/settings/save_identity.inc44
-rw-r--r--program/steps/settings/save_prefs.inc15
14 files changed, 153 insertions, 196 deletions
diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc
index e988f5569..a3fcefbf7 100644
--- a/program/steps/addressbook/delete.inc
+++ b/program/steps/addressbook/delete.inc
@@ -23,13 +23,11 @@ $REMOTE_REQUEST = TRUE;
if ($_GET['_cid'])
{
- $DB->query(sprintf("UPDATE %s
- SET del='1'
- WHERE user_id=%d
- AND contact_id IN (%s)",
- get_table_name('contacts'),
- $_SESSION['user_id'],
- $_GET['_cid']));
+ $DB->query("UPDATE ".get_table_name('contacts')."
+ SET del='1'
+ WHERE user_id=?
+ AND contact_id IN (".$_GET['_cid'].")",
+ $_SESSION['user_id']);
$count = $DB->affected_rows();
if (!$count)
@@ -40,12 +38,11 @@ if ($_GET['_cid'])
// count contacts for this user
- $sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
- FROM %s
- WHERE del!='1'
- AND user_id=%d",
- get_table_name('contacts'),
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
+ FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id=?",
+ $_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows'];
@@ -62,14 +59,13 @@ if ($_GET['_cid'])
$start_row = ($_SESSION['page'] * $CONFIG['pagesize']) - $count;
// get contacts from DB
- $sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE del!='1'
- AND user_id=%d
- ORDER BY name",
- get_table_name('contacts'),
- $_SESSION['user_id']),
- $start_row,
- $count);
+ $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id=?
+ ORDER BY name",
+ $start_row,
+ $count,
+ $_SESSION['user_id']);
$commands .= rcmail_js_contacts_list($sql_result);
diff --git a/program/steps/addressbook/edit.inc b/program/steps/addressbook/edit.inc
index 3c5a544d3..24300bfce 100644
--- a/program/steps/addressbook/edit.inc
+++ b/program/steps/addressbook/edit.inc
@@ -23,13 +23,12 @@
if (($_GET['_cid'] || $_POST['_cid']) && $_action=='edit')
{
$cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
- $DB->query(sprintf("SELECT * FROM %s
- WHERE contact_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('contacts'),
- $cid,
- $_SESSION['user_id']));
+ $DB->query("SELECT * FROM ".get_table_name('contacts')."
+ WHERE contact_id=?
+ AND user_id=?
+ AND del<>'1'",
+ $cid,
+ $_SESSION['user_id']);
$CONTACT_RECORD = $DB->fetch_assoc();
diff --git a/program/steps/addressbook/func.inc b/program/steps/addressbook/func.inc
index 53628162b..4cc79bad6 100644
--- a/program/steps/addressbook/func.inc
+++ b/program/steps/addressbook/func.inc
@@ -41,12 +41,11 @@ function rcmail_contacts_list($attrib)
//$image_tag = '<img src="%s%s" alt="%s" border="0" />';
// count contacts for this user
- $sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
- FROM %s
- WHERE del!='1'
- AND user_id=%d",
- get_table_name('contacts'),
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
+ FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id=?",
+ $_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows'];
@@ -56,14 +55,13 @@ function rcmail_contacts_list($attrib)
$start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];
// get contacts from DB
- $sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE del!='1'
- AND user_id=%d
- ORDER BY name",
- get_table_name('contacts'),
- $_SESSION['user_id']),
- $start_row,
- $CONFIG['pagesize']);
+ $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id= ?
+ ORDER BY name",
+ $start_row,
+ $CONFIG['pagesize'],
+ $_SESSION['user_id']);
}
else
$sql_result = NULL;
@@ -174,11 +172,10 @@ function rcmail_get_rowcount_text($max=NULL)
// get nr of contacts
if ($max===NULL)
{
- $sql_result = $DB->query(sprintf("SELECT 1 FROM %s
- WHERE del!='1'
- AND user_id=%d",
- get_table_name('contacts'),
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id=?",
+ $_SESSION['user_id']);
$max = $DB->num_rows($sql_result);
}
diff --git a/program/steps/addressbook/list.inc b/program/steps/addressbook/list.inc
index 4ed092541..ecb634b6f 100644
--- a/program/steps/addressbook/list.inc
+++ b/program/steps/addressbook/list.inc
@@ -22,12 +22,11 @@
$REMOTE_REQUEST = TRUE;
// count contacts for this user
-$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
- FROM %s
- WHERE del!='1'
- AND user_id=%d",
- get_table_name('contacts'),
- $_SESSION['user_id']));
+$sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
+ FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id=?",
+ $_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows'];
@@ -40,14 +39,13 @@ $commands .= sprintf("this.set_env('pagecount', %d);\n", $pages);
$start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];
// get contacts from DB
-$sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE del!='1'
- AND user_id=%d
- ORDER BY name",
- get_table_name('contacts'),
- $_SESSION['user_id']),
- $start_row,
- $CONFIG['pagesize']);
+$sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id=?
+ ORDER BY name",
+ $start_row,
+ $CONFIG['pagesize'],
+ $_SESSION['user_id']);
$commands .= rcmail_js_contacts_list($sql_result);
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index 62cc5d8a6..814f50a34 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -39,15 +39,13 @@ if ($_POST['_cid'])
if (sizeof($a_write_sql))
{
- $DB->query(sprintf("UPDATE %s
- SET %s
- WHERE contact_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('contacts'),
- join(', ', $a_write_sql),
- $_POST['_cid'],
- $_SESSION['user_id']));
+ $DB->query("UPDATE ".get_table_name('contacts')."
+ SET ".join(', ', $a_write_sql)."
+ WHERE contact_id=?
+ AND user_id=?
+ AND del<>'1'",
+ $_POST['_cid'],
+ $_SESSION['user_id']);
$updated = $DB->affected_rows();
}
@@ -63,13 +61,12 @@ if ($_POST['_cid'])
$a_show_cols = array('name', 'email');
$a_js_cols = array();
- $sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE contact_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('contacts'),
+ $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
+ WHERE contact_id=?
+ AND user_id=?
+ AND del<>'1'",
$_POST['_cid'],
- $_SESSION['user_id']));
+ $_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result);
foreach ($a_show_cols as $col)
@@ -111,13 +108,10 @@ else
if (sizeof($a_insert_cols))
{
- $DB->query(sprintf("INSERT INTO %s
- (user_id, %s)
- VALUES (%d, %s)",
- get_table_name('contacts'),
- join(', ', $a_insert_cols),
- $_SESSION['user_id'],
- join(', ', $a_insert_values)));
+ $DB->query("INSERT INTO ".get_table_name('contacts')."
+ (user_id, ".join(', ', $a_insert_cols).")
+ VALUES (?, ".join(', ', $a_insert_values).")",
+ $_SESSION['user_id']);
$insert_id = $DB->insert_id();
}
@@ -131,12 +125,11 @@ else
{
// add contact row or jump to the page where it should appear
$commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
- $sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE contact_id=%d
- AND user_id=%d",
- get_table_name('contacts'),
- $insert_id,
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
+ WHERE contact_id=?
+ AND user_id=?",
+ $insert_id,
+ $_SESSION['user_id']);
$commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
$commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",
diff --git a/program/steps/addressbook/show.inc b/program/steps/addressbook/show.inc
index 4129cd27f..83db486cc 100644
--- a/program/steps/addressbook/show.inc
+++ b/program/steps/addressbook/show.inc
@@ -23,13 +23,12 @@
if ($_GET['_cid'] || $_POST['_cid'])
{
$cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
- $DB->query(sprintf("SELECT * FROM %s
- WHERE contact_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('contacts'),
- $cid,
- $_SESSION['user_id']));
+ $DB->query("SELECT * FROM ".get_table_name('contacts')."
+ WHERE contact_id=?
+ AND user_id=?
+ AND del<>'1'",
+ $cid,
+ $_SESSION['user_id']);
$CONTACT_RECORD = $DB->fetch_assoc();
diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc
index 465ed3125..6ead67812 100644
--- a/program/steps/mail/addcontact.inc
+++ b/program/steps/mail/addcontact.inc
@@ -29,13 +29,11 @@ if ($_GET['_address'])
$contact = $contact_arr[1];
if ($contact['mailto'])
- $sql_result = $DB->query(sprintf("SELECT 1 FROM %s
- WHERE user_id=%d
- AND email='%s'
- AND del!='1'",
- get_table_name('contacts'),
- $_SESSION['user_id'],
- $contact['mailto']));
+ $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
+ WHERE user_id=?
+ AND email=?
+ AND del<>'1'",
+ $_SESSION['user_id'],$contact['mailto']);
// contact entry with this mail address exists
if ($sql_result && $DB->num_rows($sql_result))
@@ -43,13 +41,12 @@ if ($_GET['_address'])
else if ($contact['mailto'])
{
- $DB->query(sprintf("INSERT INTO %s
- (user_id, name, email)
- VALUES (%d, '%s', '%s')",
- get_table_name('contacts'),
- $_SESSION['user_id'],
- $contact['name'],
- $contact['mailto']));
+ $DB->query("INSERT INTO ".get_table_name('contacts')."
+ (user_id, name, email)
+ VALUES (?, ?, ?)",
+ $_SESSION['user_id'],
+ $contact['name'],
+ $contact['mailto']);
$added = $DB->insert_id();
}
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index f7e094aa0..f70759914 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -87,13 +87,11 @@ function rcmail_compose_headers($attrib)
$field_attrib[$attr] = $value;
// get this user's identities
- $sql_result = $DB->query(sprintf("SELECT identity_id, name, email
- FROM %s
- WHERE user_id=%d
- AND del!='1'
- ORDER BY `default` DESC, name ASC",
- get_table_name('identities'),
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT identity_id, name, email
+ FROM ".get_table_name('identities')." WHERE user_id=?
+ AND del<>'1'
+ ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
+ $_SESSION['user_id']);
if ($DB->num_rows($sql_result))
{
@@ -123,14 +121,11 @@ function rcmail_compose_headers($attrib)
if (!empty($_GET['_to']) && preg_match('/[0-9]+,?/', $_GET['_to']))
{
$a_recipients = array();
- $sql_result = $DB->query(sprintf("SELECT name, email
- FROM %s
- WHERE user_id=%d
- AND del!='1'
- AND contact_id IN (%s)",
- get_table_name('contacts'),
- $_SESSION['user_id'],
- $_GET['_to']));
+ $sql_result = $DB->query("SELECT name, email
+ FROM ".get_table_name('contacts')." WHERE user_id=?
+ AND del<>'1'
+ AND contact_id IN (".$_GET['_to'].")",
+ $_SESSION['user_id']);
while ($sql_arr = $DB->fetch_assoc($sql_result))
$a_recipients[] = format_email_recipient($sql_arr['email'], $sql_arr['name']);
@@ -559,12 +554,9 @@ function format_email_recipient($email, $name='')
/****** get contacts for this user and add them to client scripts ********/
-$sql_result = $DB->query(sprintf("SELECT name, email
- FROM %s
- WHERE user_id=%d
- AND del!='1'",
- get_table_name('contacts'),
- $_SESSION['user_id']));
+$sql_result = $DB->query("SELECT name, email
+ FROM ".get_table_name('contacts')." WHERE user_id=?
+ AND del<>'1'",$_SESSION['user_id']);
if ($DB->num_rows($sql_result))
{
diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc
index bacb1b1e8..ddd08f11e 100644
--- a/program/steps/mail/sendmail.inc
+++ b/program/steps/mail/sendmail.inc
@@ -42,14 +42,12 @@ function rcmail_get_identity($id)
global $DB;
// get identity record
- $sql_result = $DB->query(sprintf("SELECT *, email AS mailto
- FROM %s
- WHERE identity_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('identities'),
- $id,
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT *, email AS mailto
+ FROM ".get_table_name('identities')."
+ WHERE identity_id=?
+ AND user_id=?
+ AND del<>'1'",
+ $id,$_SESSION['user_id']);
if ($DB->num_rows($sql_result))
{
diff --git a/program/steps/settings/delete_identity.inc b/program/steps/settings/delete_identity.inc
index 58fda4970..3bca860b3 100644
--- a/program/steps/settings/delete_identity.inc
+++ b/program/steps/settings/delete_identity.inc
@@ -23,13 +23,11 @@ $REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE;
if ($_GET['_iid'])
{
- $DB->query(sprintf("UPDATE %s
- SET del='1'
- WHERE user_id=%d
- AND identity_id IN (%s)",
- get_table_name('identities'),
- $_SESSION['user_id'],
- $_GET['_iid']));
+ $DB->query("UPDATE ".get_table_name('identities')."
+ SET del='1'
+ WHERE user_id=?
+ AND identity_id IN (".$_GET['_iid'].")",
+ $_SESSION['user_id']);
$count = $DB->affected_rows();
if ($count)
diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc
index e0f649cdc..dc2f14990 100644
--- a/program/steps/settings/edit_identity.inc
+++ b/program/steps/settings/edit_identity.inc
@@ -22,13 +22,12 @@
if (($_GET['_iid'] || $_POST['_iid']) && $_action=='edit-identity')
{
$id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid'];
- $DB->query(sprintf("SELECT * FROM %s
- WHERE identity_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('identities'),
- $id,
- $_SESSION['user_id']));
+ $DB->query("SELECT * FROM ".get_table_name('identities')."
+ WHERE identity_id=?
+ AND user_id=?
+ AND del<>'1'",
+ $id,
+ $_SESSION['user_id']);
$IDENTITY_RECORD = $DB->fetch_assoc();
diff --git a/program/steps/settings/func.inc b/program/steps/settings/func.inc
index 621acd96c..9b7ef002b 100644
--- a/program/steps/settings/func.inc
+++ b/program/steps/settings/func.inc
@@ -21,10 +21,9 @@
// get user record
-$sql_result = $DB->query(sprintf("SELECT username, mail_host FROM %s
- WHERE user_id=%d",
- get_table_name('users'),
- $_SESSION['user_id']));
+$sql_result = $DB->query("SELECT username, mail_host FROM ".get_table_name('users')."
+ WHERE user_id=?",
+ $_SESSION['user_id']);
if ($USER_DATA = $DB->fetch_assoc($sql_result))
$PAGE_TITLE = sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username'], $USER_DATA['mail_host']);
@@ -143,12 +142,11 @@ function rcmail_identities_list($attrib)
// get contacts from DB
- $sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE del!='1'
- AND user_id=%d
- ORDER BY `default` DESC, name ASC",
- get_table_name('identities'),
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT * FROM ".get_table_name('identities')."
+ WHERE del<>'1'
+ AND user_id=?
+ ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
+ $_SESSION['user_id']);
// add id to message list table if not specified
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index 39bf8fa84..680833d7c 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -38,15 +38,13 @@ if ($_POST['_iid'])
if (sizeof($a_write_sql))
{
- $DB->query(sprintf("UPDATE %s
- SET %s
- WHERE identity_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('identities'),
- join(', ', $a_write_sql),
- $_POST['_iid'],
- $_SESSION['user_id']));
+ $DB->query("UPDATE ".get_table_name('identities')."
+ SET ".join(', ', $a_write_sql)."
+ WHERE identity_id=?
+ AND user_id=?
+ AND del<>'1'",
+ $_POST['_iid'],
+ $_SESSION['user_id']);
$updated = $DB->affected_rows();
}
@@ -56,14 +54,13 @@ if ($_POST['_iid'])
show_message('successfullysaved', 'confirmation');
// mark all other identities as 'not-default'
- $DB->query(sprintf("UPDATE %s
- SET `default`='0'
- WHERE identity_id!=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('identities'),
- $_POST['_iid'],
- $_SESSION['user_id']));
+ $DB->query("UPDATE ".get_table_name('identities')."
+ SET ".$DB->quoteIdentifier('default')."='0'
+ WHERE identity_id!=?
+ AND user_id=?
+ AND del<>'1'",
+ $_POST['_iid'],
+ $_SESSION['user_id']);
if ($_POST['_framed'])
{
@@ -89,19 +86,16 @@ else
if (!isset($_POST[$fname]))
continue;
- $a_insert_cols[] = "`$col`";
+ $a_insert_cols[] = $DB->quoteIdentifier($col);
$a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname]));
}
if (sizeof($a_insert_cols))
{
- $DB->query(sprintf("INSERT INTO %s
- (user_id, %s)
- VALUES (%d, %s)",
- get_table_name('identities'),
- join(', ', $a_insert_cols),
- $_SESSION['user_id'],
- join(', ', $a_insert_values)));
+ $DB->query("INSERT INTO ".get_table_name('identities')."
+ (user_id, ".join(', ', $a_insert_cols).")
+ VALUES (?, ".join(', ', $a_insert_values).")",
+ $_SESSION['user_id']);
$insert_id = $DB->insert_id();
}
diff --git a/program/steps/settings/save_prefs.inc b/program/steps/settings/save_prefs.inc
index 7cc327028..1322acaf7 100644
--- a/program/steps/settings/save_prefs.inc
+++ b/program/steps/settings/save_prefs.inc
@@ -35,14 +35,13 @@ if (isset($_POST['_language']))
$sess_user_lang = $_SESSION['user_lang'] = $_POST['_language'];
-$DB->query(sprintf("UPDATE %s
- SET preferences='%s',
- language='%s'
- WHERE user_id=%d",
- get_table_name('users'),
- addslashes(serialize($a_user_prefs)),
- $sess_user_lang,
- $_SESSION['user_id']));
+$DB->query("UPDATE ".get_table_name('users')."
+ SET preferences=?,
+ language=?
+ WHERE user_id=?",
+ serialize($a_user_prefs),
+ $sess_user_lang,
+ $_SESSION['user_id']);
if ($DB->affected_rows())
{
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-04 07:31:36 +0000