switch($what) {
// ----------------------------------------------------------------------------------------
case 'NucleusMemberOptions':
- $res = sql_query('SELECT mname as text, mnumber as value FROM '.sql_table('member'));
- while ($o = mysql_fetch_object($res)) {
- echo '<option value="'.Entity::hsc($o->value).'">'.Entity::hsc($o->text).'</option>';
+ $res = DB::getResult('SELECT mname as text, mnumber as value FROM '.sql_table('member'));
+ foreach ( $res as $row )
+ {
+ echo '<option value="'.Entity::hsc($row['value']).'">'.Entity::hsc($row['text']).'</option>';
}
break;
// ----------------------------------------------------------------------------------------
}
function sql_addToItem($title, $body, $more, $blogid, $authorid, $timestamp, $closed, $category, $karmapos, $karmaneg) {
- $title = trim(addslashes($title));
- $body = trim(addslashes($body));
- $more = trim(addslashes($more));
- $timestamp = date("Y-m-d H:i:s", $timestamp);
+ $title = DB::quoteValue(trim($title));
+ $body = DB::quoteValue(trim($body));
+ $more = DB::quoteValue(trim($more));
+ $timestamp = DB::formatDateTime($timestamp);
$query = 'INSERT INTO '.sql_table('item').' (ITITLE, IBODY, IMORE, IBLOG, IAUTHOR, ITIME, ICLOSED, IKARMAPOS, IKARMANEG, ICAT) '
- . "VALUES ('$title', '$body', '$more', $blogid, $authorid, '$timestamp', $closed, $karmapos, $karmaneg, $category)";
+ . "VALUES ($title, $body, $more, $blogid, $authorid, $timestamp, $closed, $karmapos, $karmaneg, $category)";
- mysql_query($query) or die("Error while executing query: " . $query);
+ if ( DB::execute($query) === FALSE )
+ {
+ die('Error while executing query: ' . $query);
+ }
- return mysql_insert_id();
+ return DB::getInsertId();
}
function sql_addToBlog($name, $shortname, $ownerid) {
- $name = addslashes($name);
- $shortname = addslashes($shortname);
+ $name = DB::quoteValue($name);
+ $shortname = DB::quoteValue($shortname);
// create new category first
- mysql_query('INSERT INTO '.sql_table('category')." (CNAME, CDESC) VALUES ('General','Items that do not fit in another category')");
- $defcat = mysql_insert_id();
+ DB::execute('INSERT INTO '.sql_table('category')." (CNAME, CDESC) VALUES ('General','Items that do not fit in another category')");
+ $defcat = DB::getInsertId();
- $query = 'INSERT INTO '.sql_table('blog')." (BNAME, BSHORTNAME, BCOMMENTS, BMAXCOMMENTS, BDEFCAT) VALUES ('$name','$shortname',1 ,0, $defcat)";
- mysql_query($query) or die("Error while executing query: " . $query);
- $id = mysql_insert_id();
+ $query = 'INSERT INTO '.sql_table('blog')." (BNAME, BSHORTNAME, BCOMMENTS, BMAXCOMMENTS, BDEFCAT) VALUES ($name, $shortname, 1, 0, $defcat)";
+ if ( DB::execute($query) === FALSE )
+ {
+ die('Error while executing query: ' . $query);
+ }
+ $id = DB::getInsertId();
// update category row so it links to blog
- mysql_query('UPDATE ' . sql_table('category') . ' SET cblog=' . intval($id). ' WHERE catid=' . intval($defcat));
+ DB::execute('UPDATE ' . sql_table('category') . ' SET cblog=' . intval($id). ' WHERE catid=' . intval($defcat));
BlogImport::sql_addToTeam($id,$ownerid,1);
}
function sql_addToComments($name, $url, $body, $blogid, $itemid, $memberid, $timestamp, $host, $ip='') {
- $name = addslashes($name);
- $url = addslashes($url);
- $body = trim(addslashes($body));
- $host = addslashes($host);
- $ip = addslashes($ip);
- $timestamp = date("Y-m-d H:i:s", $timestamp);
+ $name = DB::quoteValue($name);
+ $url = DB::quoteValue($url);
+ $body = DB::quoteValue(trim($body));
+ $host = DB::quoteValue($host);
+ $ip = DB::quoteValue($ip);
+ $timestamp = DB::formatDateTime($timestamp);
$query = 'INSERT INTO '.sql_table('comment')
. ' (CUSER, CMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CBLOG, CIP) '
- . "VALUES ('$name', '$url', $memberid, '$body', $itemid, '$timestamp', '$host', $blogid, '$ip')";
+ . "VALUES ($name, $url, $memberid, $body, $itemid, $timestamp, $host, $blogid, $ip)";
- mysql_query($query) or die("Error while executing query: " . $query);
+ if ( DB::execute($query) === FALSE )
+ {
+ die('Error while executing query: ' . $query);
+ }
- return mysql_insert_id();
+ return DB::getInsertId();
}
function sql_addToTeam($blogid, $memberid, $admin) {
$query = 'INSERT INTO '.sql_table('team').' (TMEMBER, TBLOG, TADMIN) '
. "VALUES ($memberid, $blogid, $admin)";
- mysql_query($query) or die("Error while executing query: " . $query);
+ if ( DB::execute($query) === FALSE )
+ {
+ die('Error while executing query: ' . $query);
+ }
- return mysql_insert_id();
+ return DB::getInsertId();
}
-
-
}
// some sort of version checking
// TODO: remove this function (replaced by BlogImport::sql_addToItem)
function convert_addToItem($title, $body, $more, $blogid, $authorid, $timestamp, $closed, $category, $karmapos, $karmaneg) {
- $title = trim(addslashes($title));
- $body = trim(addslashes($body));
- $more = trim(addslashes($more));
+ $title = DB::quoteValue(trim($title));
+ $body = DB::quoteValue(trim($body));
+ $more = DB::quoteValue(trim($more));
$query = 'INSERT INTO '.sql_table('item').' (ITITLE, IBODY, IMORE, IBLOG, IAUTHOR, ITIME, ICLOSED, IKARMAPOS, IKARMANEG, ICAT) '
- . "VALUES ('$title', '$body', '$more', $blogid, $authorid, '$timestamp', $closed, $karmapos, $karmaneg, $category)";
+ . "VALUES ($title, $body, $more, $blogid, $authorid, '$timestamp', $closed, $karmapos, $karmaneg, $category)";
- mysql_query($query) or die("Error while executing query: " . $query);
+ if ( DB::execute($query) === FALSE )
+ {
+ die('Error while executing query: ' . $query);
+ }
- return mysql_insert_id();
+ return DB::getInsertId();
}
// TODO: remove this function (replaced by BlogImport::sql_addToBlog)
function convert_addToBlog($name, $shortname, $ownerid) {
- $name = addslashes($name);
- $shortname = addslashes($shortname);
+ $name = DB::quoteValue($name);
+ $shortname = DB::quoteValue($shortname);
// create new category first
- mysql_query('INSERT INTO '.sql_table('category')." (CNAME, CDESC) VALUES ('General','Items that do not fit in another categort')");
- $defcat = mysql_insert_id();
+ DB::execute('INSERT INTO '.sql_table('category')." (CNAME, CDESC) VALUES ('General','Items that do not fit in another categort')");
+ $defcat = DB::getInsertId();
- $query = 'INSERT INTO '.sql_table('blog')." (BNAME, BSHORTNAME, BCOMMENTS, BMAXCOMMENTS, BDEFCAT) VALUES ('$name','$shortname',1 ,0, $defcat)";
- mysql_query($query) or die("Error while executing query: " . $query);
- $id = mysql_insert_id();
+ $query = 'INSERT INTO '.sql_table('blog')." (BNAME, BSHORTNAME, BCOMMENTS, BMAXCOMMENTS, BDEFCAT) VALUES ($name, $shortname, 1, 0, $defcat)";
+ if ( DB::execute($query) === FALSE )
+ {
+ die('Error while executing query: ' . $query);
+ }
+ $id = DB::getInsertId();
convert_addToTeam($id,$ownerid,1);
-
return $id;
}
// TODO: remove this function (replaced by BlogImport::sql_addToComments)
function convert_addToComments($name, $url, $body, $blogid, $itemid, $memberid, $timestamp, $host, $ip='') {
- $name = addslashes($name);
- $url = addslashes($url);
- $body = trim(addslashes($body));
- $host = addslashes($host);
- $ip = addslashes($ip);
+ $name = DB::quoteValue($name);
+ $url = DB::quoteValue($url);
+ $body = DB::quoteValue(trim($body));
+ $host = DB::quoteValue($host);
+ $ip = DB::quoteValue($ip);
$query = 'INSERT INTO '.sql_table('comment')
. ' (CUSER, CMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CBLOG, CIP) '
- . "VALUES ('$name', '$url', $memberid, '$body', $itemid, '$timestamp', '$host', $blogid, '$ip')";
+ . "VALUES ($name, $url, $memberid, $body, $itemid, '$timestamp', $host, $blogid, $ip)";
- mysql_query($query) or die("Error while executing query: " . $query);
+ if ( DB::execute($query) === FALSE )
+ {
+ die("Error while executing query: " . $query);
+ }
- return mysql_insert_id();
+ return DB::getInsertId();
}
// TODO: remove this function (replaced by BlogImport::sql_addToTeam)
$query = 'INSERT INTO '.sql_table('team').' (TMEMBER, TBLOG, TADMIN) '
. "VALUES ($memberid, $blogid, $admin)";
- mysql_query($query) or die("Error while executing query: " . $query);
-
- return mysql_insert_id();
+ if ( DB::execute($query) === FALSE )
+ {
+ die("Error while executing query: " . $query);
+ }
+
+ return DB::getInsertId();
}
function convert_showLogin($type) {