. ' WHERE c.citem=' . $this->itemid\r
. ' ORDER BY c.ctime';\r
\r
- $comments = sql_query($query);\r
- $this->commentcount = sql_num_rows($comments);\r
+ $comments = DB::getResult($query);\r
+ $this->commentcount = $comments->rowCount();\r
}\r
\r
// if no result was found\r
\r
$parser->parse($template['COMMENTS_HEADER']);\r
\r
- while ( $comment = sql_fetch_assoc($comments) ) {\r
+ foreach ( $comments as $comment ) {\r
$comment['timestamp'] = strtotime($comment['ctime']);\r
$handler->setCurrentComment($comment);\r
$handler->setHighlight($highlight);\r
\r
$parser->parse($template['COMMENTS_FOOTER']);\r
\r
- sql_free_result($comments);\r
+ $comments->closeCursor();\r
\r
return $this->commentcount;\r
}\r
$query = 'SELECT COUNT(*)'\r
. ' FROM '.sql_table('comment').' as c'\r
. ' WHERE c.citem='. $this->itemid;\r
- $res = sql_query($query);\r
- $arr = sql_fetch_row($res);\r
+ $res = DB::getValue($query);\r
\r
- return $arr[0];\r
+ return $res;\r
}\r
\r
/**\r
\r
$manager->notify('PreAddComment', array('comment' => &$comment, 'spamcheck' => &$spamcheck) );\r
\r
- $name = sql_real_escape_string($comment['user']);\r
- $url = sql_real_escape_string($comment['userid']);\r
- $email = sql_real_escape_string($comment['email']);\r
- $body = sql_real_escape_string($comment['body']);\r
- $host = sql_real_escape_string($comment['host']);\r
- $ip = sql_real_escape_string($comment['ip']);\r
+ $name = DB::quoteValue($comment['user']);\r
+ $url = DB::quoteValue($comment['userid']);\r
+ $email = DB::quoteValue($comment['email']);\r
+ $body = DB::quoteValue($comment['body']);\r
+ $host = DB::quoteValue($comment['host']);\r
+ $ip = DB::quoteValue($comment['ip']);\r
$memberid = intval($comment['memberid']);\r
$timestamp = date('Y-m-d H:i:s', $comment['timestamp']);\r
$itemid = $this->itemid;\r
$qSql = 'SELECT COUNT(*) AS result '\r
. 'FROM ' . sql_table('comment')\r
. ' WHERE '\r
- . 'cmail = "' . $url . '"'\r
- . ' AND cmember = "' . $memberid . '"'\r
- . ' AND cbody = "' . $body . '"'\r
- . ' AND citem = "' . $itemid . '"'\r
- . ' AND cblog = "' . $blogid . '"';\r
- $result = (integer) quickQuery($qSql);\r
+ . 'cmail = ' . $url\r
+ . ' AND cmember = ' . $memberid\r
+ . ' AND cbody = ' . $body\r
+ . ' AND citem = ' . $itemid\r
+ . ' AND cblog = ' . $blogid;\r
+ $result = (integer) DB::getValue($qSql);\r
\r
if ( $result > 0 )\r
{\r
}\r
\r
$query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) '\r
- . "VALUES ('$name', '$url', '$email', $memberid, '$body', $itemid, '$timestamp', '$host', '$ip', '$blogid')";\r
+ . "VALUES ($name, $url, $email, $memberid, $body, $itemid, '$timestamp', $host, $ip, '$blogid')";\r
\r
- sql_query($query);\r
+ DB::execute($query);\r
\r
// post add comment\r
- $commentid = sql_insert_id();\r
+ $commentid = DB::getInsertId();\r
$manager->notify('PostAddComment', array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck) );\r
\r
// succeeded !\r