*/
public function getContentFromDB($skintype)
{
- $query = "SELECT scontent FROM %s WHERE sdesc=%d and stype=%s;";
+ $query = "SELECT scontent FROM %s WHERE sdesc=%d and stype='%s';";
- $query = sprintf($query, sql_table('skin'), (integer) $this->id, sql_real_escape_string($skintype));
- $res = sql_query($query);
-
- if ( sql_num_rows($res) == 0 )
- {
- return FALSE;
- }
+ $query = sprintf($query, sql_table('skin'), (integer) $this->id, DB::quoteValue($skintype));
+ $res = DB::getValue($query);
- return sql_result($res, 0, 0);
+ return $res ? $res : '';
}
/**
}
// in templates: add 'comments'-templatevar to all non-empty ITEM templates
- $res = sql_query('SELECT * FROM '.sql_table('template').' WHERE tpartname=\'ITEM\'');
- while ($o = mysql_fetch_object($res)) {
- if ( i18n::strpos($o->tcontent,'<%comments%>') === FALSE)
+ $res = DB::getResult('SELECT * FROM '.sql_table('template').' WHERE tpartname=\'ITEM\'');
- foreach ( $res as $row ) {
- if ( i18n::strpos($o->tcontent,'<%comments%>') === FALSE ) {
- $newval = $row['tcontent'] . '<%comments%>';
++ foreach ( $res as $row )
++ {
++ if ( i18n::strpos($o->tcontent,'<%comments%>') === FALSE )
+ {
- $newval = $o->tcontent . '<%comments%>';
- $query = 'UPDATE '.sql_table('template').' SET tcontent=\''. addslashes($newval).'\' WHERE tdesc=' . $o->tdesc . ' AND tpartname=\'ITEM\'';
- upgrade_query('Updating ITEM part in template ' . $o->tdesc, $query);
++ $newval = $row['tcontent'] . '<%comments%>';
+ $query = 'UPDATE '.sql_table('template').' SET tcontent=\''. addslashes($newval).'\' WHERE tdesc=' . $row['tdesc'] . ' AND tpartname=\'ITEM\'';
+ upgrade_query('Updating ITEM part in template ' . $row['tdesc'], $query);
}
}