diff options
Diffstat (limited to 'program/steps/addressbook')
-rw-r--r-- | program/steps/addressbook/delete.inc | 38 | ||||
-rw-r--r-- | program/steps/addressbook/edit.inc | 13 | ||||
-rw-r--r-- | program/steps/addressbook/func.inc | 35 | ||||
-rw-r--r-- | program/steps/addressbook/list.inc | 26 | ||||
-rw-r--r-- | program/steps/addressbook/save.inc | 49 | ||||
-rw-r--r-- | program/steps/addressbook/show.inc | 13 |
6 files changed, 78 insertions, 96 deletions
diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc index e988f5569..a3fcefbf7 100644 --- a/program/steps/addressbook/delete.inc +++ b/program/steps/addressbook/delete.inc @@ -23,13 +23,11 @@ $REMOTE_REQUEST = TRUE; if ($_GET['_cid']) { - $DB->query(sprintf("UPDATE %s - SET del='1' - WHERE user_id=%d - AND contact_id IN (%s)", - get_table_name('contacts'), - $_SESSION['user_id'], - $_GET['_cid'])); + $DB->query("UPDATE ".get_table_name('contacts')." + SET del='1' + WHERE user_id=? + AND contact_id IN (".$_GET['_cid'].")", + $_SESSION['user_id']); $count = $DB->affected_rows(); if (!$count) @@ -40,12 +38,11 @@ if ($_GET['_cid']) // count contacts for this user - $sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows - FROM %s - WHERE del!='1' - AND user_id=%d", - get_table_name('contacts'), - $_SESSION['user_id'])); + $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows + FROM ".get_table_name('contacts')." + WHERE del<>'1' + AND user_id=?", + $_SESSION['user_id']); $sql_arr = $DB->fetch_assoc($sql_result); $rowcount = $sql_arr['rows']; @@ -62,14 +59,13 @@ if ($_GET['_cid']) $start_row = ($_SESSION['page'] * $CONFIG['pagesize']) - $count; // get contacts from DB - $sql_result = $DB->query(sprintf("SELECT * FROM %s - WHERE del!='1' - AND user_id=%d - ORDER BY name", - get_table_name('contacts'), - $_SESSION['user_id']), - $start_row, - $count); + $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')." + WHERE del<>'1' + AND user_id=? + ORDER BY name", + $start_row, + $count, + $_SESSION['user_id']); $commands .= rcmail_js_contacts_list($sql_result); diff --git a/program/steps/addressbook/edit.inc b/program/steps/addressbook/edit.inc index 3c5a544d3..24300bfce 100644 --- a/program/steps/addressbook/edit.inc +++ b/program/steps/addressbook/edit.inc @@ -23,13 +23,12 @@ if (($_GET['_cid'] || $_POST['_cid']) && $_action=='edit') { $cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid']; - $DB->query(sprintf("SELECT * FROM %s - WHERE contact_id=%d - AND user_id=%d - AND del!='1'", - get_table_name('contacts'), - $cid, - $_SESSION['user_id'])); + $DB->query("SELECT * FROM ".get_table_name('contacts')." + WHERE contact_id=? + AND user_id=? + AND del<>'1'", + $cid, + $_SESSION['user_id']); $CONTACT_RECORD = $DB->fetch_assoc(); diff --git a/program/steps/addressbook/func.inc b/program/steps/addressbook/func.inc index 53628162b..4cc79bad6 100644 --- a/program/steps/addressbook/func.inc +++ b/program/steps/addressbook/func.inc @@ -41,12 +41,11 @@ function rcmail_contacts_list($attrib) //$image_tag = '<img src="%s%s" alt="%s" border="0" />'; // count contacts for this user - $sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows - FROM %s - WHERE del!='1' - AND user_id=%d", - get_table_name('contacts'), - $_SESSION['user_id'])); + $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows + FROM ".get_table_name('contacts')." + WHERE del<>'1' + AND user_id=?", + $_SESSION['user_id']); $sql_arr = $DB->fetch_assoc($sql_result); $rowcount = $sql_arr['rows']; @@ -56,14 +55,13 @@ function rcmail_contacts_list($attrib) $start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize']; // get contacts from DB - $sql_result = $DB->query(sprintf("SELECT * FROM %s - WHERE del!='1' - AND user_id=%d - ORDER BY name", - get_table_name('contacts'), - $_SESSION['user_id']), - $start_row, - $CONFIG['pagesize']); + $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')." + WHERE del<>'1' + AND user_id= ? + ORDER BY name", + $start_row, + $CONFIG['pagesize'], + $_SESSION['user_id']); } else $sql_result = NULL; @@ -174,11 +172,10 @@ function rcmail_get_rowcount_text($max=NULL) // get nr of contacts if ($max===NULL) { - $sql_result = $DB->query(sprintf("SELECT 1 FROM %s - WHERE del!='1' - AND user_id=%d", - get_table_name('contacts'), - $_SESSION['user_id'])); + $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')." + WHERE del<>'1' + AND user_id=?", + $_SESSION['user_id']); $max = $DB->num_rows($sql_result); } diff --git a/program/steps/addressbook/list.inc b/program/steps/addressbook/list.inc index 4ed092541..ecb634b6f 100644 --- a/program/steps/addressbook/list.inc +++ b/program/steps/addressbook/list.inc @@ -22,12 +22,11 @@ $REMOTE_REQUEST = TRUE; // count contacts for this user -$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows - FROM %s - WHERE del!='1' - AND user_id=%d", - get_table_name('contacts'), - $_SESSION['user_id'])); +$sql_result = $DB->query("SELECT COUNT(contact_id) AS rows + FROM ".get_table_name('contacts')." + WHERE del<>'1' + AND user_id=?", + $_SESSION['user_id']); $sql_arr = $DB->fetch_assoc($sql_result); $rowcount = $sql_arr['rows']; @@ -40,14 +39,13 @@ $commands .= sprintf("this.set_env('pagecount', %d);\n", $pages); $start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize']; // get contacts from DB -$sql_result = $DB->query(sprintf("SELECT * FROM %s - WHERE del!='1' - AND user_id=%d - ORDER BY name", - get_table_name('contacts'), - $_SESSION['user_id']), - $start_row, - $CONFIG['pagesize']); +$sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')." + WHERE del<>'1' + AND user_id=? + ORDER BY name", + $start_row, + $CONFIG['pagesize'], + $_SESSION['user_id']); $commands .= rcmail_js_contacts_list($sql_result); diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc index 62cc5d8a6..814f50a34 100644 --- a/program/steps/addressbook/save.inc +++ b/program/steps/addressbook/save.inc @@ -39,15 +39,13 @@ if ($_POST['_cid']) if (sizeof($a_write_sql)) { - $DB->query(sprintf("UPDATE %s - SET %s - WHERE contact_id=%d - AND user_id=%d - AND del!='1'", - get_table_name('contacts'), - join(', ', $a_write_sql), - $_POST['_cid'], - $_SESSION['user_id'])); + $DB->query("UPDATE ".get_table_name('contacts')." + SET ".join(', ', $a_write_sql)." + WHERE contact_id=? + AND user_id=? + AND del<>'1'", + $_POST['_cid'], + $_SESSION['user_id']); $updated = $DB->affected_rows(); } @@ -63,13 +61,12 @@ if ($_POST['_cid']) $a_show_cols = array('name', 'email'); $a_js_cols = array(); - $sql_result = $DB->query(sprintf("SELECT * FROM %s - WHERE contact_id=%d - AND user_id=%d - AND del!='1'", - get_table_name('contacts'), + $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')." + WHERE contact_id=? + AND user_id=? + AND del<>'1'", $_POST['_cid'], - $_SESSION['user_id'])); + $_SESSION['user_id']); $sql_arr = $DB->fetch_assoc($sql_result); foreach ($a_show_cols as $col) @@ -111,13 +108,10 @@ else if (sizeof($a_insert_cols)) { - $DB->query(sprintf("INSERT INTO %s - (user_id, %s) - VALUES (%d, %s)", - get_table_name('contacts'), - join(', ', $a_insert_cols), - $_SESSION['user_id'], - join(', ', $a_insert_values))); + $DB->query("INSERT INTO ".get_table_name('contacts')." + (user_id, ".join(', ', $a_insert_cols).") + VALUES (?, ".join(', ', $a_insert_values).")", + $_SESSION['user_id']); $insert_id = $DB->insert_id(); } @@ -131,12 +125,11 @@ else { // add contact row or jump to the page where it should appear $commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME); - $sql_result = $DB->query(sprintf("SELECT * FROM %s - WHERE contact_id=%d - AND user_id=%d", - get_table_name('contacts'), - $insert_id, - $_SESSION['user_id'])); + $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')." + WHERE contact_id=? + AND user_id=?", + $insert_id, + $_SESSION['user_id']); $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME); $commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n", diff --git a/program/steps/addressbook/show.inc b/program/steps/addressbook/show.inc index 4129cd27f..83db486cc 100644 --- a/program/steps/addressbook/show.inc +++ b/program/steps/addressbook/show.inc @@ -23,13 +23,12 @@ if ($_GET['_cid'] || $_POST['_cid']) { $cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid']; - $DB->query(sprintf("SELECT * FROM %s - WHERE contact_id=%d - AND user_id=%d - AND del!='1'", - get_table_name('contacts'), - $cid, - $_SESSION['user_id'])); + $DB->query("SELECT * FROM ".get_table_name('contacts')." + WHERE contact_id=? + AND user_id=? + AND del<>'1'", + $cid, + $_SESSION['user_id']); $CONTACT_RECORD = $DB->fetch_assoc(); |