<?php\r
/*\r
* Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/)\r
- * Copyright (C) 2002-2009 The Nucleus Group\r
+ * Copyright (C) 2002-2012 The Nucleus Group\r
*\r
* This program is free software; you can redistribute it and/or\r
* modify it under the terms of the GNU General Public License\r
* Class representing the karma votes for a certain item\r
*\r
* @license http://nucleuscms.org/license.txt GNU General Public License\r
- * @copyright Copyright (C) 2002-2009 The Nucleus Group\r
+ * @copyright Copyright (C) 2002-2012 The Nucleus Group\r
* @version $Id: KARMA.php 1470 2010-11-29 22:10:16Z ftruscot $\r
*/\r
class Karma\r
// these methods shouldn't be called directly\r
function readFromDatabase() {\r
$query = 'SELECT ikarmapos, ikarmaneg FROM '.sql_table('item').' WHERE inumber=' . $this->itemid;\r
- $res = sql_query($query);\r
- $obj = sql_fetch_object($res);\r
+ $res = DB::getRow($query);\r
\r
- $this->karmapos = $obj->ikarmapos;\r
- $this->karmaneg = $obj->ikarmaneg;\r
+ $this->karmapos = $res['ikarmapos'];\r
+ $this->karmaneg = $res['ikarmaneg'];\r
$this->inforead = 1;\r
}\r
\r
\r
function writeToDatabase() {\r
$query = 'UPDATE '.sql_table('item').' SET ikarmapos=' . $this->karmapos . ', ikarmaneg='.$this->karmaneg.' WHERE inumber=' . $this->itemid;\r
- sql_query($query);\r
+ DB::execute($query);\r
}\r
\r
// checks if a vote is still allowed for an IP\r
function isVoteAllowed($ip) {\r
- $query = 'SELECT * FROM '.sql_table('karma')." WHERE itemid=$this->itemid and ip='".sql_real_escape_string($ip)."'";\r
- $res = sql_query($query);\r
- return (sql_num_rows($res) == 0);\r
+ $query = 'SELECT * FROM '.sql_table('karma')." WHERE itemid={$this->itemid} and ip=". DB::quoteValue($ip);\r
+ $res = DB::getResult($query);\r
+ return ($res->rowCount() == 0);\r
}\r
\r
// save IP in database so no multiple votes are possible\r
function saveIP() {\r
- $query = 'INSERT INTO '.sql_table('karma').' (itemid, ip) VALUES ('.$this->itemid.",'".sql_real_escape_string(serverVar('REMOTE_ADDR'))."')";\r
- sql_query($query);\r
+ $query = 'INSERT INTO ' . sql_table('karma') .' (itemid, ip) VALUES (' . $this->itemid . ','. DB::quoteValue(serverVar('REMOTE_ADDR')) .')';\r
+ DB::execute($query);\r
}\r
}\r
\r