From d7cb77414c4cf074269b6812c3dd3571ee29afca Mon Sep 17 00:00:00 2001
From: svncommit <devs@roundcube.net>
Date: Tue, 25 Oct 2005 15:04:17 +0000
Subject: more pear/mdb2 integration

---
 program/steps/mail/addcontact.inc | 25 +++++++++++--------------
 program/steps/mail/compose.inc    | 34 +++++++++++++---------------------
 program/steps/mail/sendmail.inc   | 14 ++++++--------
 3 files changed, 30 insertions(+), 43 deletions(-)

(limited to 'program/steps/mail')

diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc
index 465ed3125..6ead67812 100644
--- a/program/steps/mail/addcontact.inc
+++ b/program/steps/mail/addcontact.inc
@@ -29,13 +29,11 @@ if ($_GET['_address'])
     $contact = $contact_arr[1];
 
     if ($contact['mailto'])
-      $sql_result = $DB->query(sprintf("SELECT 1 FROM %s
-                                        WHERE  user_id=%d
-                                        AND    email='%s'
-                                        AND    del!='1'",
-                                       get_table_name('contacts'),
-                                       $_SESSION['user_id'],
-                                       $contact['mailto']));
+      $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
+                                WHERE  user_id=?
+                                AND    email=?
+                                AND    del<>'1'",
+                                $_SESSION['user_id'],$contact['mailto']);
 
     // contact entry with this mail address exists
     if ($sql_result && $DB->num_rows($sql_result))
@@ -43,13 +41,12 @@ if ($_GET['_address'])
 
     else if ($contact['mailto'])
       {
-      $DB->query(sprintf("INSERT INTO %s
-                          (user_id, name, email)
-                          VALUES (%d, '%s', '%s')",
-                         get_table_name('contacts'),
-                         $_SESSION['user_id'],
-                         $contact['name'],
-                         $contact['mailto']));
+      $DB->query("INSERT INTO ".get_table_name('contacts')."
+                  (user_id, name, email)
+                  VALUES (?, ?, ?)",
+                  $_SESSION['user_id'],
+                  $contact['name'],
+                  $contact['mailto']);
 
       $added = $DB->insert_id();
       }
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index f7e094aa0..f70759914 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -87,13 +87,11 @@ function rcmail_compose_headers($attrib)
           $field_attrib[$attr] = $value;
     
       // get this user's identities
-      $sql_result = $DB->query(sprintf("SELECT identity_id, name, email
-                                        FROM   %s
-                                        WHERE  user_id=%d
-                                        AND    del!='1'
-                                        ORDER BY `default` DESC, name ASC",
-                                       get_table_name('identities'),
-                                       $_SESSION['user_id']));
+      $sql_result = $DB->query("SELECT identity_id, name, email
+                                FROM   ".get_table_name('identities')." WHERE  user_id=?
+                                AND    del<>'1'
+                                ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
+                                $_SESSION['user_id']);
                                    
       if ($DB->num_rows($sql_result))
         {        
@@ -123,14 +121,11 @@ function rcmail_compose_headers($attrib)
       if (!empty($_GET['_to']) && preg_match('/[0-9]+,?/', $_GET['_to']))
         {
         $a_recipients = array();
-        $sql_result = $DB->query(sprintf("SELECT name, email
-                                          FROM   %s
-                                          WHERE  user_id=%d
-                                          AND    del!='1'
-                                          AND    contact_id IN (%s)",
-                                         get_table_name('contacts'),
-                                         $_SESSION['user_id'],
-                                         $_GET['_to']));
+        $sql_result = $DB->query("SELECT name, email
+                                  FROM ".get_table_name('contacts')." WHERE user_id=?
+                                  AND    del<>'1'
+                                  AND    contact_id IN (".$_GET['_to'].")",
+                                  $_SESSION['user_id']);
                                          
         while ($sql_arr = $DB->fetch_assoc($sql_result))
           $a_recipients[] = format_email_recipient($sql_arr['email'], $sql_arr['name']);
@@ -559,12 +554,9 @@ function format_email_recipient($email, $name='')
 
 /****** get contacts for this user and add them to client scripts ********/
 
-$sql_result = $DB->query(sprintf("SELECT name, email
-                                  FROM   %s
-                                  WHERE  user_id=%d
-                                  AND    del!='1'",
-                                 get_table_name('contacts'),
-                                 $_SESSION['user_id']));
+$sql_result = $DB->query("SELECT name, email
+                          FROM ".get_table_name('contacts')." WHERE  user_id=?
+                          AND  del<>'1'",$_SESSION['user_id']);
                                    
 if ($DB->num_rows($sql_result))
   {        
diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc
index bacb1b1e8..ddd08f11e 100644
--- a/program/steps/mail/sendmail.inc
+++ b/program/steps/mail/sendmail.inc
@@ -42,14 +42,12 @@ function rcmail_get_identity($id)
   global $DB;
   
   // get identity record
-  $sql_result = $DB->query(sprintf("SELECT *, email AS mailto
-                                    FROM   %s
-                                    WHERE  identity_id=%d
-                                    AND    user_id=%d
-                                    AND    del!='1'",
-                                   get_table_name('identities'),
-                                   $id,
-                                   $_SESSION['user_id']));
+  $sql_result = $DB->query("SELECT *, email AS mailto
+                            FROM ".get_table_name('identities')."
+                            WHERE  identity_id=?
+                            AND    user_id=?
+                            AND    del<>'1'",
+                            $id,$_SESSION['user_id']);
                                    
   if ($DB->num_rows($sql_result))
     {
-- 
cgit v1.2.3