*\r
* @license http://nucleuscms.org/license.txt GNU General Public License\r
* @copyright Copyright (C) 2002-2009 The Nucleus Group\r
- * @version $Id: SKIN.php 1813 2012-05-02 14:41:57Z sakamocchi $\r
+ * @version $Id: SKIN.php 1816 2012-05-03 01:40:10Z sakamocchi $\r
*/\r
\r
if ( !function_exists('requestVar') )\r
// read skin name/description/content type\r
$query = "SELECT * FROM %s WHERE sdnumber=%d;";\r
$query = sprintf($query, sql_table('skin_desc'), $this->id);\r
- $res = sql_query($query);\r
- $obj = sql_fetch_object($res);\r
- \r
- $this->valid = (sql_num_rows($res) > 0);\r
- if ( !$this->valid )\r
- {\r
- return;\r
+ $res = DB::getRow($query);\r
+ \r
+ $this->valid = !empty($res);\r
+ if ( $this->valid )\r
+ { $this->name = $res['sdname'];\r
+ $this->description = $res['sddesc'];\r
+ $this->contentType = $res['sdtype'];\r
+ $this->includeMode = $res['sdincmode'];\r
+ $this->includePrefix = $res['sdincpref'];\r
}\r
\r
- $this->name = $obj->sdname;\r
- $this->description = $obj->sddesc;\r
- $this->contentType = $obj->sdtype;\r
- $this->includeMode = $obj->sdincmode;\r
- $this->includePrefix = $obj->sdincpref;\r
\r
return;\r
}\r
*/\r
static public function exists($name)\r
{\r
- $query = "SELECT COUNT(*) AS result FROM %s WHERE sdname='%s';";\r
- $query = sprintf($query, sql_table('skin_desc'), sql_real_escape_string($name));\r
- return (quickQuery($query) > 0);\r
+ $query = "SELECT COUNT(*) AS result FROM %s WHERE sdname=%s;";\r
+ $query = sprintf($query, sql_table('skin_desc'), DB::quoteValue($name));\r
+ return (DB::getValue($query) > 0);\r
}\r
\r
/**\r
{\r
$query = "SELECT COUNT(*) AS result FROM %s WHERE sdnumber=%d;";\r
$query = sprintf($query, sql_table('skin_desc'), (integer) $id);\r
- return (quickQuery($query) > 0);\r
+ return (DB::getValue($query) > 0);\r
}\r
\r
/**\r
*/\r
static public function getIdFromName($name)\r
{\r
- $query = "SELECT sdnumber FROM %s WHERE sdname='%s';";\r
- $query = sprintf($query, sql_table('skin_desc'), sql_real_escape_string($name));\r
- $res = sql_query($query);\r
- $obj = sql_fetch_object($res);\r
- return $obj->sdnumber;\r
+ $query = "SELECT sdnumber FROM %s WHERE sdname=%s;";\r
+ $query = sprintf($query, sql_table('skin_desc'), DB::quoteValue($name));\r
+ return DB::getValue($query);\r
}\r
\r
/**\r
{\r
$query = "SELECT sdname AS result FROM %s WHERE sdnumber=%d;";\r
$query = sprintf($query, sql_table('skin_desc'), (integer) $id);\r
- return quickQuery($query);\r
+ return DB::getValue($query);\r
}\r
\r
/**\r
{\r
global $manager;\r
\r
- $data = array(
- 'name' => &$name,\r
- 'description' => &$desc,\r
- 'type' => &$type,\r
- 'includeMode' => &$includeMode,\r
- 'includePrefix' => &$includePrefix\r
+ $data = array(\r
+ 'name' => &$name,\r
+ 'description' => &$desc,\r
+ 'type' => &$type,\r
+ 'includeMode' => &$includeMode,\r
+ 'includePrefix' => &$includePrefix\r
);\r
$manager->notify('PreAddSkin', $data);
\r
- $query = "INSERT INTO %s (sdname, sddesc, sdtype, sdincmode, sdincpref) VALUES ('%s', '%s', '%s', '%s', '%s');";\r
- $sdname = sql_real_escape_string($name);\r
- $sddesc = sql_real_escape_string($desc);\r
- $sdtype = sql_real_escape_string($type);\r
- $sdincmode = sql_real_escape_string($includeMode);\r
- $sdincpref = sql_real_escape_string($includePrefix);\r
+ $query = "INSERT INTO %s (sdname, sddesc, sdtype, sdincmode, sdincpref) VALUES (%s, %s, %s, %s, %s);";\r
+ $sdname = DB::quoteValue($name);\r
+ $sddesc = DB::quoteValue($desc);\r
+ $sdtype = DB::quoteValue($type);\r
+ $sdincmode = DB::quoteValue($includeMode);\r
+ $sdincpref = DB::quoteValue($includePrefix);\r
$query = sprintf($query, sql_table('skin_desc'), $sdname, $sddesc, $sdtype, $sdincmode, $sdincpref);\r
- sql_query($query);\r
- $newid = sql_insert_id();\r
- \r
- $data = array(
- 'skinid' => $newid,\r
- 'name' => $name,\r
- 'description' => $desc,\r
- 'type' => $type,\r
- 'includeMode' => $includeMode,\r
- 'includePrefix' => $includePrefix\r
+ DB::execute($query);\r
+ $newid = DB::getInsertId();\r
+ \r
+ $data = array(\r
+ 'skinid' => $newid,\r
+ 'name' => $name,\r
+ 'description' => $desc,\r
+ 'type' => $type,\r
+ 'includeMode' => $includeMode,\r
+ 'includePrefix' => $includePrefix\r
);\r
$manager->notify('PostAddSkin', $data);
*/\r
public function getContentFromDB($skintype)\r
{\r
- $query = "SELECT scontent FROM %s WHERE sdesc=%d and stype='%s';";\r
- $query = sprintf($query, sql_table('skin'), (integer) $this->id, sql_real_escape_string($skintype));\r
- $res = sql_query($query);\r
+ $query = "SELECT scontent FROM %s WHERE sdesc=%d and stype=%s;";\r
+ $query = sprintf($query, sql_table('skin'), (integer) $this->id, DB::quoteValue($skintype));\r
+ $res = DB::getValue($query);\r
\r
- if ( sql_num_rows($res) == 0 )\r
- {\r
- return FALSE;\r
- }\r
- \r
- return sql_result($res, 0, 0);\r
+ return $res ? $res : '';\r
}\r
\r
/**\r
{\r
global $manager;\r
\r
- $query = "SELECT sdesc FROM %s WHERE stype='%s' and sdesc=%d;";\r
- $query = sprintf($query, sql_table('skin'), sql_real_escape_string($type), (integer) $this->id);\r
- $res = sql_query($query);\r
+ $query = "SELECT sdesc FROM %s WHERE stype=%s and sdesc=%d;";\r
+ $query = sprintf($query, sql_table('skin'), DB::quoteValue($type), (integer) $this->id);\r
+ $res = DB::getValue($query);\r
\r
- $skintypeexists = sql_fetch_object($res);\r
+ $skintypeexists = !empty($res);\r
$skintypevalue = ($content == true);\r
\r
if( $skintypevalue && $skintypeexists )\r
else if( $skintypevalue && !$skintypeexists )\r
{\r
$data = array(\r
- 'skinid' => $this->id,\r
- 'type' => $type,\r
- 'content' => &$content\r
+ 'skinid' => $this->id,\r
+ 'type' => $type,\r
+ 'content' => &$content\r
);\r
\r
$manager->notify("PreAdd{$this->event_identifier}Part", $data);\r
else if( !$skintypevalue && $skintypeexists )\r
{\r
$data = array(\r
- 'skinid' => $this->id,\r
- 'type' => $type\r
+ 'skinid' => $this->id,\r
+ 'type' => $type\r
);\r
\r
$manager->notify("PreDelete{$this->event_identifier}Part", $data);\r
}\r
\r
// delete old thingie\r
- $query = "DELETE FROM %s WHERE stype='%s' and sdesc=%d";\r
- $query = sprintf($query, sql_table('skin'), sql_real_escape_string($type), (integer) $this->id);\r
- sql_query($query);\r
+ $query = "DELETE FROM %s WHERE stype=%s and sdesc=%d";\r
+ $query = sprintf($query, sql_table('skin'), DB::quoteValue($type), (integer) $this->id);\r
+ DB::execute($query);\r
\r
// write new thingie\r
if ( $content )\r
{\r
- $query = "INSERT INTO %s (scontent, stype, sdesc) VALUE ('%s', '%s', %d)";\r
- $query = sprintf($query, sql_table('skin'), sql_real_escape_string($content), sql_real_escape_string($type), (integer) $this->id);\r
- sql_query($query);\r
+ $query = "INSERT INTO %s (scontent, stype, sdesc) VALUE (%s, %s, %d)";\r
+ $query = sprintf($query, sql_table('skin'), DB::quoteValue($content), DB::quoteValue($type), (integer) $this->id);\r
+ DB::execute($query);\r
}\r
\r
if( $skintypevalue && $skintypeexists )\r
{\r
$query = "DELETE FROM %s WHERE sdesc=%d;";\r
$query = sprintf($query, sql_table('skin'), (integer) $this->id);\r
- sql_query($query);\r
+ DB::execute($query);\r
}\r
\r
/**\r
*/\r
public function updateGeneralInfo($name, $desc, $type = 'text/html', $includeMode = 'normal', $includePrefix = '')\r
{\r
- $name = sql_real_escape_string($name);\r
- $desc = sql_real_escape_string($desc);\r
- $type = sql_real_escape_string($type);\r
- $includeMode = sql_real_escape_string($includeMode);\r
- $includePrefix = sql_real_escape_string($includePrefix);\r
+ $name = DB::quoteValue($name);\r
+ $desc = DB::quoteValue($desc);\r
+ $type = DB::quoteValue($type);\r
+ $includeMode = DB::quoteValue($includeMode);\r
+ $includePrefix = DB::quoteValue($includePrefix);\r
\r
- $query ="UPDATE %s SET sdname='%s', sddesc='%s', sdtype='%s', sdincmode='%s', sdincpref='%s' WHERE sdnumber=%d";\r
+ $query ="UPDATE %s SET sdname=%s, sddesc=%s, sdtype=%s, sdincmode=%s, sdincpref=%s WHERE sdnumber=%d";\r
$query = sprintf($query, sql_table('skin_desc'), $name, $desc, $type, $includeMode, $includePrefix, (integer) $this->id);\r
\r
- sql_query($query);\r
+ DB::execute($query);\r
return;\r
}\r
\r
$in_default = array();\r
$no_default = array();\r
\r
- $res = sql_query($query);\r
- while ( $row = sql_fetch_array($res) )\r
+ $res = DB::getResult($query);\r
+ foreach ( $res as $row )\r
{\r
if ( !array_key_exists($row['stype'], $default_skintypes) )\r
{\r
* Skin::getAllowedActionsForType()\r
* Get the allowed actions for a skin type\r
* returns an array with the allowed actions\r
- * \r
+ * @return array allowed action types\r
* @param string $skintype type of the skin\r
* @return array allowed action types\r
*/\r