$ititle = DB::quoteValue($title);\r
$ibody = DB::quoteValue($body);\r
$imore = DB::quoteValue($more);\r
+ $timestamp = DB::formatDateTime(strtotime($timestamp));\r
\r
- $query = "INSERT INTO %s (ITITLE, IBODY, IMORE, IBLOG, IAUTHOR, ITIME, ICLOSED, IDRAFT, ICAT, IPOSTED) VALUES (%s, %s, %s, %d, %d, '%s', %s, %s, %s, %s)";\r
+ $query = "INSERT INTO %s (ITITLE, IBODY, IMORE, IBLOG, IAUTHOR, ITIME, ICLOSED, IDRAFT, ICAT, IPOSTED) VALUES (%s, %s, %s, %d, %d, %s, %s, %s, %s, %s)";\r
$query = sprintf($query, sql_table('item'), $ititle, $ibody, $imore, $blogid, $authorid, $timestamp, $closed, $draft, $catid, $posted);\r
DB::execute($query);\r
$itemid = DB::getInsertId();\r
$host = DB::quoteValue($comment['host']);\r
$ip = DB::quoteValue($comment['ip']);\r
$memberid = intval($comment['memberid']);\r
- $timestamp = date('Y-m-d H:i:s', $comment['timestamp']);\r
+ $timestamp = DB::formatDateTime($comment['timestamp']);\r
$itemid = $this->itemid;\r
\r
$qSql = 'SELECT COUNT(*) AS result '\r
return _ERROR_BADACTION;\r
}\r
\r
- $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) '\r
- . "VALUES ($name, $url, $email, $memberid, $body, $itemid, '$timestamp', $host, $ip, '$blogid')";\r
+ $query = sprintf('INSERT INTO %s (cuser, cmail, cemail, cmember, cbody, citem, ctime, chost, cip, cblog) '\r
+ . 'VALUES (%s, %s, %s, %d, %s, %d, %s, %s, %s, %d)'\r
+ , sql_table('comment'), $name, $url, $email, $memberid, $body, $itemid, $timestamp, $host, $ip, $blogid);\r
\r
DB::execute($query);\r
\r
{\r
// remove tickets older than 1 hour\r
$oldTime = time() - 60 * 60;\r
- $query = "DELETE FROM %s WHERE ctime < '%s';";\r
- $query = sprintf($query, sql_table('tickets'), date('Y-m-d H:i:s',$oldTime));\r
+ $query = 'DELETE FROM %s WHERE ctime < %s';\r
+ $query = sprintf($query, sql_table('tickets'), DB::formatDateTime($oldTime));\r
DB::execute($query);\r
return;\r
}\r
$ticket = md5(uniqid(rand(), true));\r
\r
// add in database as non-active\r
- $query = "INSERT INTO %s (ticket, member, ctime)"\r
- . " VALUES (%s, %d, '%s');";\r
- $query = sprintf($query, sql_table('tickets'), DB::quoteValue($ticket), (integer) $memberId, date('Y-m-d H:i:s',time()));\r
+ $query = 'INSERT INTO %s (ticket, member, ctime) VALUES (%s, %d, %s)';\r
+ $query = sprintf($query, sql_table('tickets'), DB::quoteValue($ticket), (integer) $memberId, DB::formatDateTime());\r
\r
if ( DB::execute($query) !== FALSE )\r
{\r
\r
// attempt to add entry in database\r
// add in database as non-active\r
- $query = 'INSERT INTO ' . sql_table('activation'). ' (vkey, vtime, vmember, vtype, vextra) ';\r
- $query .= 'VALUES (' . DB::quoteValue($key). ', \'' . date('Y-m-d H:i:s',time()) . '\', ' . intval($this->getID()). ', ' . DB::quoteValue($type). ', ' . DB::quoteValue($extra). ')';\r
+ $query = 'INSERT INTO %s (vkey, vtime, vmember, vtype, vextra) VALUES (%s, %s, %d, %s, %s)';\r
+ $query = sprintf($query\r
+ , sql_table('activation')\r
+ , DB::quoteValue($key)\r
+ , DB::formatDateTime()\r
+ , intval($this->getID())\r
+ , DB::quoteValue($type)\r
+ , DB::quoteValue($extra)\r
+ );\r
if ( DB::execute($query) !== FALSE )\r
$ok = true;\r
}\r
$boundary = time() - (60 * 60 * 24 * $actdays);\r
\r
// 1. walk over all entries, and see if special actions need to be performed\r
- $res = DB::getResult('SELECT * FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\'');\r
+ $query = sprintf('SELECT * FROM %s WHERE vtime < %s', sql_table('activation'), DB::formatDateTime($boundary));\r
+ $res = DB::getResult($query);\r
\r
foreach ( $res as $row )\r
{\r
}\r
\r
// 2. delete activation entries for real\r
- DB::execute('DELETE FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\'');\r
+ $query = sprintf('DELETE FROM %s WHERE vtime < %s', sql_table('activation'), DB::formatDateTime($boundary));\r
+ DB::execute($query);\r
return;\r
}\r
\r