$actions->setShowComments($comments);\r
\r
// execute query\r
- $items = sql_query($query);\r
+ $items = DB::getResult($query);\r
\r
// loop over all items\r
$old_date = 0;\r
- while ( $item = sql_fetch_object($items) )\r
+ foreach ( $items as $item )\r
{\r
- $item->timestamp = strtotime($item->itime); // string timestamp -> unix timestamp\r
+ $item['timestamp'] = strtotime($item['itime']); // string timestamp -> unix timestamp\r
\r
// action handler needs to know the item we're handling\r
$actions->setCurrentItem($item);\r
// add date header if needed\r
if ( $dateheads )\r
{\r
- $new_date = date('dFY',$item->timestamp);\r
+ $new_date = date('dFY', $item['timestamp']);\r
if ( $new_date != $old_date )\r
{\r
// unless this is the first time, write date footer\r
- $timestamp = $item->timestamp;\r
+ $timestamp = $item['timestamp'];\r
if ( $old_date != 0 )\r
{\r
$oldTS = strtotime($old_date);\r
$parser->parse($template['ITEM_FOOTER']);\r
}\r
\r
- $numrows = sql_num_rows($items);\r
+ $numrows = $items->rowCount();\r
\r
// add another date footer if there was at least one item\r
if ( ($numrows > 0) && $dateheads )\r
$manager->notify('PostDateFoot',array('blog' => &$this, 'timestamp' => strtotime($old_date)));\r
}\r
\r
- sql_free_result($items);\r
+ $items->closeCursor();\r
return $numrows;\r
}\r
\r
\r
$manager->notify('PreAddItem',array('title' => &$title, 'body' => &$body, 'more' => &$more, 'blog' => &$this, 'authorid' => &$authorid, 'timestamp' => &$timestamp, 'closed' => &$closed, 'draft' => &$draft, 'catid' => &$catid));\r
\r
- $ititle = sql_real_escape_string($title);\r
- $ibody = sql_real_escape_string($body);\r
- $imore = sql_real_escape_string($more);\r
+ $ititle = DB::quoteValue($title);\r
+ $ibody = DB::quoteValue($body);\r
+ $imore = DB::quoteValue($more);\r
\r
- $query = "INSERT INTO %s (ITITLE, IBODY, IMORE, IBLOG, IAUTHOR, ITIME, ICLOSED, IDRAFT, ICAT, IPOSTED) VALUES ('%s', '%s', '%s', %d, %d, '%s', %s, %s, %s, %s)";\r
+ $query = "INSERT INTO %s (ITITLE, IBODY, IMORE, IBLOG, IAUTHOR, ITIME, ICLOSED, IDRAFT, ICAT, IPOSTED) VALUES (%s, %s, %s, %d, %d, '%s', %s, %s, %s, %s)";\r
$query = sprintf($query, sql_table('item'), $ititle, $ibody, $imore, $blogid, $authorid, $timestamp, $closed, $draft, $catid, $posted);\r
- sql_query($query);\r
- $itemid = sql_insert_id();\r
+ DB::execute($query);\r
+ $itemid = DB::getInsertId();\r
\r
$manager->notify('PostAddItem',array('itemid' => $itemid));\r
\r
$catName = _CREATED_NEW_CATEGORY_NAME;\r
$i = 1;\r
\r
- $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cname='".$catName.$i."' and cblog=".$this->getID());\r
- while ( sql_num_rows($res) > 0 )\r
+ $res = DB::getResult('SELECT * FROM '.sql_table('category')." WHERE cname='".$catName.$i."' and cblog=".$this->getID());\r
+ while ( $res->rowCount() > 0 )\r
{\r
$i++;\r
- $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cname='".$catName.$i."' and cblog=".$this->getID());\r
+ $res = DB::getResult('SELECT * FROM '.sql_table('category')." WHERE cname='".$catName.$i."' and cblog=".$this->getID());\r
}\r
\r
$catName = $catName . $i;\r
);\r
\r
$query = "INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, '%s', '%s')";\r
- $query = sprintf($query, sql_table('category'), (integer) $this->getID(), sql_real_escape_string($catName), sql_real_escape_string($catDescription));\r
- sql_query($query);\r
- $catid = sql_insert_id();\r
+ $query = sprintf($query, sql_table('category'), (integer) $this->getID(), DB::quoteValue($catName), DB::quoteValue($catDescription));\r
+ DB::execute($query);\r
+ $catid = DB::getInsertId();\r
\r
$manager->notify(\r
'PostAddCategory',\r
$query .= ' LIMIT ' . intval($limit);\r
}\r
\r
- $res = sql_query($query);\r
- while ( $current = sql_fetch_object($res) )\r
+ $res = DB::getResult($query);\r
+ foreach ( $res as $current )\r
{\r
/* string time -> unix timestamp */\r
- $current->itime = strtotime($current->itime);\r
+ $current['itime'] = strtotime($current['itime']);\r
\r
if ( $mode == 'day' )\r
{\r
- $archivedate = date('Y-m-d',$current->itime);\r
- $archive['day'] = date('d',$current->itime);\r
- $data['day'] = date('d',$current->itime);\r
- $data['month'] = date('m',$current->itime);\r
+ $archivedate = date('Y-m-d',$current['itime']);\r
+ $archive['day'] = date('d',$current['itime']);\r
+ $data['day'] = date('d',$current['itime']);\r
+ $data['month'] = date('m',$current['itime']);\r
$archive['month'] = $data['month'];\r
}\r
elseif ( $mode == 'year' )\r
{\r
- $archivedate = date('Y',$current->itime);\r
+ $archivedate = date('Y',$current['itime']);\r
$data['day'] = '';\r
$data['month'] = '';\r
$archive['day'] = '';\r
}\r
else\r
{\r
- $archivedate = date('Y-m',$current->itime);\r
- $data['month'] = date('m',$current->itime);\r
+ $archivedate = date('Y-m',$current['itime']);\r
+ $data['month'] = date('m',$current['itime']);\r
$archive['month'] = $data['month'];\r
$data['day'] = '';\r
$archive['day'] = '';\r
}\r
\r
- $data['year'] = date('Y',$current->itime);\r
+ $data['year'] = date('Y',$current['itime']);\r
$archive['year'] = $data['year'];\r
$data['archivelink'] = Link::create_archive_link($this->getID(),$archivedate,$linkparams);\r
\r
);\r
\r
$temp = Template::fill($template['ARCHIVELIST_LISTITEM'],$data);\r
- echo i18n::formatted_datetime($temp, $current->itime);\r
+ echo i18n::formatted_datetime($temp, $current['itime']);\r
return;\r
}\r
\r
- sql_free_result($res);\r
+ $res->closeCursor();\r
\r
if ( !array_key_exists('ARCHIVELIST_FOOTER', $template) || !$template['ARCHIVELIST_FOOTER'] )\r
{\r
\r
$query = "SELECT catid, cdesc as catdesc, cname as catname FROM %s WHERE cblog=%d ORDER BY cname ASC;";\r
$query = sprintf($query, sql_table('category'), (integer) $this->getID());\r
- $res = sql_query($query);\r
+ $res = DB::getResult($query);\r
\r
- while ( $data = sql_fetch_assoc($res) )\r
+ foreach ( $res as $data )\r
{\r
$args = array(\r
'catid' => $data['catid'],\r
}\r
}\r
\r
- sql_free_result($res);\r
+ $res->closeCursor();\r
\r
$args = array(\r
'blogid' => $this->getID(),\r
);\r
\r
$query = 'SELECT bnumber, bname, bshortname, bdesc, burl FROM '.sql_table('blog').' ORDER BY '.$orderby.' '.$direction;\r
- $res = sql_query($query);\r
+ $res = DB::getResult($query);\r
\r
- while ( $data = sql_fetch_assoc($res) )\r
+ foreach ( $res as $data )\r
{\r
$list = array();\r
$list['bloglink'] = Link::create_blogid_link($data['bnumber']);\r
echo Template::fill((isset($template['BLOGLIST_LISTITEM']) ? $template['BLOGLIST_LISTITEM'] : null), $list);\r
}\r
\r
- sql_free_result($res);\r
+ $res->closeCursor();\r
\r
echo Template::fill((isset($template['BLOGLIST_FOOTER']) ? $template['BLOGLIST_FOOTER'] : null),\r
array(\r
$query = 'SELECT *'\r
. ' FROM '.sql_table('blog')\r
. ' WHERE bnumber=' . $this->blogid;\r
- $res = sql_query($query);\r
+ $res = DB::getResult($query);\r
\r
- $this->isValid = (sql_num_rows($res) > 0);\r
+ $this->isValid = ($res->rowCount() > 0);\r
if (!$this->isValid)\r
return;\r
\r
- $this->settings = sql_fetch_assoc($res);\r
+ $this->settings = $res->fetch(PDO::FETCH_ASSOC);\r
}\r
\r
/**\r
$offset = intval($offset);\r
\r
$query = 'UPDATE '.sql_table('blog')\r
- . " SET bname='" . sql_real_escape_string($this->getName()) . "',"\r
- . " bshortname='". sql_real_escape_string($this->getShortName()) . "',"\r
+ . " SET bname='" . DB::quoteValue($this->getName()) . "',"\r
+ . " bshortname='". DB::quoteValue($this->getShortName()) . "',"\r
. " bcomments=". intval($this->commentsEnabled()) . ","\r
. " bmaxcomments=" . intval($this->getMaxComments()) . ","\r
. " btimeoffset=" . $offset . ","\r
. " breqemail=" . intval($this->emailRequired()) . ","\r
. " bconvertbreaks=" . intval($this->convertBreaks()) . ","\r
. " ballowpast=" . intval($this->allowPastPosting()) . ","\r
- . " bnotify='" . sql_real_escape_string($this->getNotifyAddress()) . "',"\r
+ . " bnotify='" . DB::quoteValue($this->getNotifyAddress()) . "',"\r
. " bnotifytype=" . intval($this->getNotifyType()) . ","\r
- . " burl='" . sql_real_escape_string($this->getURL()) . "',"\r
- . " bupdate='" . sql_real_escape_string($this->getUpdateFile()) . "',"\r
- . " bdesc='" . sql_real_escape_string($this->getDescription()) . "',"\r
+ . " burl='" . DB::quoteValue($this->getURL()) . "',"\r
+ . " bupdate='" . DB::quoteValue($this->getUpdateFile()) . "',"\r
+ . " bdesc='" . DB::quoteValue($this->getDescription()) . "',"\r
. " bdefcat=" . intval($this->getDefaultCategory()) . ","\r
. " bdefskin=" . intval($this->getDefaultSkin()) . ","\r
. " bincludesearch=" . intval($this->getSearchable())\r
. " WHERE bnumber=" . intval($this->getID());\r
- sql_query($query);\r
+ DB::execute($query);\r
\r
}\r
\r
*/\r
function isValidCategory($catid) {\r
$query = 'SELECT * FROM '.sql_table('category').' WHERE cblog=' . $this->getID() . ' and catid=' . intval($catid);\r
- $res = sql_query($query);\r
- return (sql_num_rows($res) != 0);\r
+ $res = DB::getResult($query);\r
+ return ($res->rowCount() != 0);\r
}\r
\r
/**\r
* category id\r
*/\r
function getCategoryName($catid) {\r
- $res = sql_query('SELECT cname FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and catid=' . intval($catid));\r
- $o = sql_fetch_object($res);\r
- return $o->cname;\r
+ $res = DB::getValue('SELECT cname FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and catid=' . intval($catid));\r
+ return $res;\r
}\r
\r
/**\r
* category id\r
*/\r
function getCategoryDesc($catid) {\r
- $res = sql_query('SELECT cdesc FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and catid=' . intval($catid));\r
- $o = sql_fetch_object($res);\r
- return $o->cdesc;\r
+ $res = DB::getValue('SELECT cdesc FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and catid=' . intval($catid));\r
+ return $res;\r
}\r
\r
/**\r
* category name\r
*/\r
function getCategoryIdFromName($name) {\r
- $res = sql_query('SELECT catid FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and cname="' . sql_real_escape_string($name) . '"');\r
- if (sql_num_rows($res) > 0) {\r
- $o = sql_fetch_object($res);\r
- return $o->catid;\r
+ $res = DB::getValue('SELECT catid FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and cname="' . DB::quoteValue($name) . '"');\r
+ if ( $res ) {\r
+ return $res;\r
} else {\r
return $this->getDefaultCategory();\r
}\r
// add to team\r
$query = "INSERT INTO %s (TMEMBER, TBLOG, TADMIN) ' . 'VALUES (%d, %d, %d)";\r
$query = sprintf($query, sql_table('team'), $memberid, $this->getID(), $admin);\r
- sql_query($query);\r
+ DB::execute($query);\r
\r
$manager->notify(\r
'PostAddTeamMember',\r
* blog shortname\r
*/\r
function exists($name) {\r
- $r = sql_query('select * FROM '.sql_table('blog').' WHERE bshortname="'.sql_real_escape_string($name).'"');\r
- return (sql_num_rows($r) != 0);\r
+ $r = DB::getResult('SELECT * FROM '.sql_table('blog').' WHERE bshortname='. DB::quoteValue($name));\r
+ return ($r->rowCount() != 0);\r
}\r
\r
/**\r
* blog id\r
*/\r
function existsID($id) {\r
- $r = sql_query('select * FROM '.sql_table('blog').' WHERE bnumber='.intval($id));\r
- return (sql_num_rows($r) != 0);\r
+ $r = DB::getResult('SELECT * FROM '.sql_table('blog').' WHERE bnumber='.intval($id));\r
+ return ($r->rowCount() != 0);\r
}\r
\r
/**\r
function setFuturePost() {\r
$query = 'UPDATE '.sql_table('blog')\r
. " SET bfuturepost='1' WHERE bnumber=" . $this->getID();\r
- sql_query($query);\r
+ DB::execute($query);\r
}\r
\r
/**\r
function clearFuturePost() {\r
$query = 'UPDATE '.sql_table('blog')\r
. " SET bfuturepost='0' WHERE bnumber=" . $this->getID();\r
- sql_query($query);\r
+ DB::execute($query);\r
}\r
\r
/**\r
\r
if ($this->settings['bfuturepost'] == 1) {\r
$blogid = $this->getID();\r
- $result = sql_query("SELECT * FROM " . sql_table('item')\r
+ $result = DB::getResult("SELECT * FROM " . sql_table('item')\r
. " WHERE iposted=0 AND iblog=" . $blogid . " AND itime<NOW()");\r
- if (sql_num_rows($result) > 0) {\r
+ if ( $result->rowCount() > 0 ) {\r
// This $pinged is allow a plugin to tell other hook to the event that a ping is sent already\r
// Note that the plugins's calling order is subject to thri order in the plugin list\r
$pinged = false;\r
);\r
\r
// clear all expired future posts\r
- sql_query("UPDATE " . sql_table('item') . " SET iposted='1' WHERE iblog=" . $blogid . " AND itime<NOW()");\r
+ DB::execute("UPDATE " . sql_table('item') . " SET iposted='1' WHERE iblog=" . $blogid . " AND itime<NOW()");\r
\r
// check to see any pending future post, clear the flag is none\r
- $result = sql_query("SELECT * FROM " . sql_table('item')\r
+ $result = DB::getResult("SELECT * FROM " . sql_table('item')\r
. " WHERE iposted=0 AND iblog=" . $blogid);\r
- if (sql_num_rows($result) == 0) {\r
+ if ( $result->rowCount() == 0 ) {\r
$this->clearFuturePost();\r
}\r
}\r