summaryrefslogtreecommitdiff
path: root/program/steps/settings
diff options
context:
space:
mode:
Diffstat (limited to 'program/steps/settings')
-rw-r--r--program/steps/settings/delete_identity.inc12
-rw-r--r--program/steps/settings/edit_identity.inc13
-rw-r--r--program/steps/settings/func.inc18
-rw-r--r--program/steps/settings/save_identity.inc44
-rw-r--r--program/steps/settings/save_prefs.inc15
5 files changed, 45 insertions, 57 deletions
diff --git a/program/steps/settings/delete_identity.inc b/program/steps/settings/delete_identity.inc
index 58fda4970..3bca860b3 100644
--- a/program/steps/settings/delete_identity.inc
+++ b/program/steps/settings/delete_identity.inc
@@ -23,13 +23,11 @@ $REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE;
if ($_GET['_iid'])
{
- $DB->query(sprintf("UPDATE %s
- SET del='1'
- WHERE user_id=%d
- AND identity_id IN (%s)",
- get_table_name('identities'),
- $_SESSION['user_id'],
- $_GET['_iid']));
+ $DB->query("UPDATE ".get_table_name('identities')."
+ SET del='1'
+ WHERE user_id=?
+ AND identity_id IN (".$_GET['_iid'].")",
+ $_SESSION['user_id']);
$count = $DB->affected_rows();
if ($count)
diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc
index e0f649cdc..dc2f14990 100644
--- a/program/steps/settings/edit_identity.inc
+++ b/program/steps/settings/edit_identity.inc
@@ -22,13 +22,12 @@
if (($_GET['_iid'] || $_POST['_iid']) && $_action=='edit-identity')
{
$id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid'];
- $DB->query(sprintf("SELECT * FROM %s
- WHERE identity_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('identities'),
- $id,
- $_SESSION['user_id']));
+ $DB->query("SELECT * FROM ".get_table_name('identities')."
+ WHERE identity_id=?
+ AND user_id=?
+ AND del<>'1'",
+ $id,
+ $_SESSION['user_id']);
$IDENTITY_RECORD = $DB->fetch_assoc();
diff --git a/program/steps/settings/func.inc b/program/steps/settings/func.inc
index 621acd96c..9b7ef002b 100644
--- a/program/steps/settings/func.inc
+++ b/program/steps/settings/func.inc
@@ -21,10 +21,9 @@
// get user record
-$sql_result = $DB->query(sprintf("SELECT username, mail_host FROM %s
- WHERE user_id=%d",
- get_table_name('users'),
- $_SESSION['user_id']));
+$sql_result = $DB->query("SELECT username, mail_host FROM ".get_table_name('users')."
+ WHERE user_id=?",
+ $_SESSION['user_id']);
if ($USER_DATA = $DB->fetch_assoc($sql_result))
$PAGE_TITLE = sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username'], $USER_DATA['mail_host']);
@@ -143,12 +142,11 @@ function rcmail_identities_list($attrib)
// get contacts from DB
- $sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE del!='1'
- AND user_id=%d
- ORDER BY `default` DESC, name ASC",
- get_table_name('identities'),
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT * FROM ".get_table_name('identities')."
+ WHERE del<>'1'
+ AND user_id=?
+ ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
+ $_SESSION['user_id']);
// add id to message list table if not specified
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index 39bf8fa84..680833d7c 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -38,15 +38,13 @@ if ($_POST['_iid'])
if (sizeof($a_write_sql))
{
- $DB->query(sprintf("UPDATE %s
- SET %s
- WHERE identity_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('identities'),
- join(', ', $a_write_sql),
- $_POST['_iid'],
- $_SESSION['user_id']));
+ $DB->query("UPDATE ".get_table_name('identities')."
+ SET ".join(', ', $a_write_sql)."
+ WHERE identity_id=?
+ AND user_id=?
+ AND del<>'1'",
+ $_POST['_iid'],
+ $_SESSION['user_id']);
$updated = $DB->affected_rows();
}
@@ -56,14 +54,13 @@ if ($_POST['_iid'])
show_message('successfullysaved', 'confirmation');
// mark all other identities as 'not-default'
- $DB->query(sprintf("UPDATE %s
- SET `default`='0'
- WHERE identity_id!=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('identities'),
- $_POST['_iid'],
- $_SESSION['user_id']));
+ $DB->query("UPDATE ".get_table_name('identities')."
+ SET ".$DB->quoteIdentifier('default')."='0'
+ WHERE identity_id!=?
+ AND user_id=?
+ AND del<>'1'",
+ $_POST['_iid'],
+ $_SESSION['user_id']);
if ($_POST['_framed'])
{
@@ -89,19 +86,16 @@ else
if (!isset($_POST[$fname]))
continue;
- $a_insert_cols[] = "`$col`";
+ $a_insert_cols[] = $DB->quoteIdentifier($col);
$a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname]));
}
if (sizeof($a_insert_cols))
{
- $DB->query(sprintf("INSERT INTO %s
- (user_id, %s)
- VALUES (%d, %s)",
- get_table_name('identities'),
- join(', ', $a_insert_cols),
- $_SESSION['user_id'],
- join(', ', $a_insert_values)));
+ $DB->query("INSERT INTO ".get_table_name('identities')."
+ (user_id, ".join(', ', $a_insert_cols).")
+ VALUES (?, ".join(', ', $a_insert_values).")",
+ $_SESSION['user_id']);
$insert_id = $DB->insert_id();
}
diff --git a/program/steps/settings/save_prefs.inc b/program/steps/settings/save_prefs.inc
index 7cc327028..1322acaf7 100644
--- a/program/steps/settings/save_prefs.inc
+++ b/program/steps/settings/save_prefs.inc
@@ -35,14 +35,13 @@ if (isset($_POST['_language']))
$sess_user_lang = $_SESSION['user_lang'] = $_POST['_language'];
-$DB->query(sprintf("UPDATE %s
- SET preferences='%s',
- language='%s'
- WHERE user_id=%d",
- get_table_name('users'),
- addslashes(serialize($a_user_prefs)),
- $sess_user_lang,
- $_SESSION['user_id']));
+$DB->query("UPDATE ".get_table_name('users')."
+ SET preferences=?,
+ language=?
+ WHERE user_id=?",
+ serialize($a_user_prefs),
+ $sess_user_lang,
+ $_SESSION['user_id']);
if ($DB->affected_rows())
{