summaryrefslogtreecommitdiff
path: root/program/steps/addressbook
diff options
context:
space:
mode:
Diffstat (limited to 'program/steps/addressbook')
-rw-r--r--program/steps/addressbook/delete.inc38
-rw-r--r--program/steps/addressbook/edit.inc13
-rw-r--r--program/steps/addressbook/func.inc35
-rw-r--r--program/steps/addressbook/list.inc26
-rw-r--r--program/steps/addressbook/save.inc49
-rw-r--r--program/steps/addressbook/show.inc13
6 files changed, 78 insertions, 96 deletions
diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc
index e988f5569..a3fcefbf7 100644
--- a/program/steps/addressbook/delete.inc
+++ b/program/steps/addressbook/delete.inc
@@ -23,13 +23,11 @@ $REMOTE_REQUEST = TRUE;
if ($_GET['_cid'])
{
- $DB->query(sprintf("UPDATE %s
- SET del='1'
- WHERE user_id=%d
- AND contact_id IN (%s)",
- get_table_name('contacts'),
- $_SESSION['user_id'],
- $_GET['_cid']));
+ $DB->query("UPDATE ".get_table_name('contacts')."
+ SET del='1'
+ WHERE user_id=?
+ AND contact_id IN (".$_GET['_cid'].")",
+ $_SESSION['user_id']);
$count = $DB->affected_rows();
if (!$count)
@@ -40,12 +38,11 @@ if ($_GET['_cid'])
// count contacts for this user
- $sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
- FROM %s
- WHERE del!='1'
- AND user_id=%d",
- get_table_name('contacts'),
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
+ FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id=?",
+ $_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows'];
@@ -62,14 +59,13 @@ if ($_GET['_cid'])
$start_row = ($_SESSION['page'] * $CONFIG['pagesize']) - $count;
// get contacts from DB
- $sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE del!='1'
- AND user_id=%d
- ORDER BY name",
- get_table_name('contacts'),
- $_SESSION['user_id']),
- $start_row,
- $count);
+ $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id=?
+ ORDER BY name",
+ $start_row,
+ $count,
+ $_SESSION['user_id']);
$commands .= rcmail_js_contacts_list($sql_result);
diff --git a/program/steps/addressbook/edit.inc b/program/steps/addressbook/edit.inc
index 3c5a544d3..24300bfce 100644
--- a/program/steps/addressbook/edit.inc
+++ b/program/steps/addressbook/edit.inc
@@ -23,13 +23,12 @@
if (($_GET['_cid'] || $_POST['_cid']) && $_action=='edit')
{
$cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
- $DB->query(sprintf("SELECT * FROM %s
- WHERE contact_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('contacts'),
- $cid,
- $_SESSION['user_id']));
+ $DB->query("SELECT * FROM ".get_table_name('contacts')."
+ WHERE contact_id=?
+ AND user_id=?
+ AND del<>'1'",
+ $cid,
+ $_SESSION['user_id']);
$CONTACT_RECORD = $DB->fetch_assoc();
diff --git a/program/steps/addressbook/func.inc b/program/steps/addressbook/func.inc
index 53628162b..4cc79bad6 100644
--- a/program/steps/addressbook/func.inc
+++ b/program/steps/addressbook/func.inc
@@ -41,12 +41,11 @@ function rcmail_contacts_list($attrib)
//$image_tag = '<img src="%s%s" alt="%s" border="0" />';
// count contacts for this user
- $sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
- FROM %s
- WHERE del!='1'
- AND user_id=%d",
- get_table_name('contacts'),
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
+ FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id=?",
+ $_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows'];
@@ -56,14 +55,13 @@ function rcmail_contacts_list($attrib)
$start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];
// get contacts from DB
- $sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE del!='1'
- AND user_id=%d
- ORDER BY name",
- get_table_name('contacts'),
- $_SESSION['user_id']),
- $start_row,
- $CONFIG['pagesize']);
+ $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id= ?
+ ORDER BY name",
+ $start_row,
+ $CONFIG['pagesize'],
+ $_SESSION['user_id']);
}
else
$sql_result = NULL;
@@ -174,11 +172,10 @@ function rcmail_get_rowcount_text($max=NULL)
// get nr of contacts
if ($max===NULL)
{
- $sql_result = $DB->query(sprintf("SELECT 1 FROM %s
- WHERE del!='1'
- AND user_id=%d",
- get_table_name('contacts'),
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id=?",
+ $_SESSION['user_id']);
$max = $DB->num_rows($sql_result);
}
diff --git a/program/steps/addressbook/list.inc b/program/steps/addressbook/list.inc
index 4ed092541..ecb634b6f 100644
--- a/program/steps/addressbook/list.inc
+++ b/program/steps/addressbook/list.inc
@@ -22,12 +22,11 @@
$REMOTE_REQUEST = TRUE;
// count contacts for this user
-$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows
- FROM %s
- WHERE del!='1'
- AND user_id=%d",
- get_table_name('contacts'),
- $_SESSION['user_id']));
+$sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
+ FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id=?",
+ $_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows'];
@@ -40,14 +39,13 @@ $commands .= sprintf("this.set_env('pagecount', %d);\n", $pages);
$start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];
// get contacts from DB
-$sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE del!='1'
- AND user_id=%d
- ORDER BY name",
- get_table_name('contacts'),
- $_SESSION['user_id']),
- $start_row,
- $CONFIG['pagesize']);
+$sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
+ WHERE del<>'1'
+ AND user_id=?
+ ORDER BY name",
+ $start_row,
+ $CONFIG['pagesize'],
+ $_SESSION['user_id']);
$commands .= rcmail_js_contacts_list($sql_result);
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index 62cc5d8a6..814f50a34 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -39,15 +39,13 @@ if ($_POST['_cid'])
if (sizeof($a_write_sql))
{
- $DB->query(sprintf("UPDATE %s
- SET %s
- WHERE contact_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('contacts'),
- join(', ', $a_write_sql),
- $_POST['_cid'],
- $_SESSION['user_id']));
+ $DB->query("UPDATE ".get_table_name('contacts')."
+ SET ".join(', ', $a_write_sql)."
+ WHERE contact_id=?
+ AND user_id=?
+ AND del<>'1'",
+ $_POST['_cid'],
+ $_SESSION['user_id']);
$updated = $DB->affected_rows();
}
@@ -63,13 +61,12 @@ if ($_POST['_cid'])
$a_show_cols = array('name', 'email');
$a_js_cols = array();
- $sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE contact_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('contacts'),
+ $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
+ WHERE contact_id=?
+ AND user_id=?
+ AND del<>'1'",
$_POST['_cid'],
- $_SESSION['user_id']));
+ $_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result);
foreach ($a_show_cols as $col)
@@ -111,13 +108,10 @@ else
if (sizeof($a_insert_cols))
{
- $DB->query(sprintf("INSERT INTO %s
- (user_id, %s)
- VALUES (%d, %s)",
- get_table_name('contacts'),
- join(', ', $a_insert_cols),
- $_SESSION['user_id'],
- join(', ', $a_insert_values)));
+ $DB->query("INSERT INTO ".get_table_name('contacts')."
+ (user_id, ".join(', ', $a_insert_cols).")
+ VALUES (?, ".join(', ', $a_insert_values).")",
+ $_SESSION['user_id']);
$insert_id = $DB->insert_id();
}
@@ -131,12 +125,11 @@ else
{
// add contact row or jump to the page where it should appear
$commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
- $sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE contact_id=%d
- AND user_id=%d",
- get_table_name('contacts'),
- $insert_id,
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
+ WHERE contact_id=?
+ AND user_id=?",
+ $insert_id,
+ $_SESSION['user_id']);
$commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
$commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",
diff --git a/program/steps/addressbook/show.inc b/program/steps/addressbook/show.inc
index 4129cd27f..83db486cc 100644
--- a/program/steps/addressbook/show.inc
+++ b/program/steps/addressbook/show.inc
@@ -23,13 +23,12 @@
if ($_GET['_cid'] || $_POST['_cid'])
{
$cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
- $DB->query(sprintf("SELECT * FROM %s
- WHERE contact_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('contacts'),
- $cid,
- $_SESSION['user_id']));
+ $DB->query("SELECT * FROM ".get_table_name('contacts')."
+ WHERE contact_id=?
+ AND user_id=?
+ AND del<>'1'",
+ $cid,
+ $_SESSION['user_id']);
$CONTACT_RECORD = $DB->fetch_assoc();