{\r
$alias = array(\r
'login' => 'overview',\r
- '' => 'overview'\r
+ '' => 'overview',\r
+ 'admntemplateoverview' => 'admintemplateoverview'\r
);\r
}\r
if ( array_key_exists($action, $alias) && isset($alias[$action]) )\r
*/\r
static private function action_admintemplateoverview()\r
{\r
- global $member, $manager;\r
+ global $member;\r
$member->isAdmin() or self::disallow();\r
self::$skin->parse('admntemplateoverview');\r
return;\r
{
if ( !in_array($matches[1], $installed) )
{
- $candidates[] = $matches[1];
+ $candidates[] = preg_replace("#^NP_#", "", $matches[1]);
}
}
}
$ititle = DB::quoteValue($title);\r
$ibody = DB::quoteValue($body);\r
$imore = DB::quoteValue($more);\r
+ $timestamp = DB::formatDateTime(strtotime($timestamp));\r
\r
- $query = "INSERT INTO %s (ITITLE, IBODY, IMORE, IBLOG, IAUTHOR, ITIME, ICLOSED, IDRAFT, ICAT, IPOSTED) VALUES (%s, %s, %s, %d, %d, '%s', %s, %s, %s, %s)";\r
+ $query = "INSERT INTO %s (ITITLE, IBODY, IMORE, IBLOG, IAUTHOR, ITIME, ICLOSED, IDRAFT, ICAT, IPOSTED) VALUES (%s, %s, %s, %d, %d, %s, %s, %s, %s, %s)";\r
$query = sprintf($query, sql_table('item'), $ititle, $ibody, $imore, $blogid, $authorid, $timestamp, $closed, $draft, $catid, $posted);\r
DB::execute($query);\r
$itemid = DB::getInsertId();\r
$host = DB::quoteValue($comment['host']);\r
$ip = DB::quoteValue($comment['ip']);\r
$memberid = intval($comment['memberid']);\r
- $timestamp = date('Y-m-d H:i:s', $comment['timestamp']);\r
+ $timestamp = DB::formatDateTime($comment['timestamp']);\r
$itemid = $this->itemid;\r
\r
$qSql = 'SELECT COUNT(*) AS result '\r
return _ERROR_BADACTION;\r
}\r
\r
- $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) '\r
- . "VALUES ($name, $url, $email, $memberid, $body, $itemid, '$timestamp', $host, $ip, '$blogid')";\r
+ $query = sprintf('INSERT INTO %s (cuser, cmail, cemail, cmember, cbody, citem, ctime, chost, cip, cblog) '\r
+ . 'VALUES (%s, %s, %s, %d, %s, %d, %s, %s, %s, %d)'\r
+ , sql_table('comment'), $name, $url, $email, $memberid, $body, $itemid, $timestamp, $host, $ip, $blogid);\r
\r
DB::execute($query);\r
\r
{\r
// remove tickets older than 1 hour\r
$oldTime = time() - 60 * 60;\r
- $query = "DELETE FROM %s WHERE ctime < '%s';";\r
- $query = sprintf($query, sql_table('tickets'), date('Y-m-d H:i:s',$oldTime));\r
+ $query = 'DELETE FROM %s WHERE ctime < %s';\r
+ $query = sprintf($query, sql_table('tickets'), DB::formatDateTime($oldTime));\r
DB::execute($query);\r
return;\r
}\r
$ticket = md5(uniqid(rand(), true));\r
\r
// add in database as non-active\r
- $query = "INSERT INTO %s (ticket, member, ctime)"\r
- . " VALUES (%s, %d, '%s');";\r
- $query = sprintf($query, sql_table('tickets'), DB::quoteValue($ticket), (integer) $memberId, date('Y-m-d H:i:s',time()));\r
+ $query = 'INSERT INTO %s (ticket, member, ctime) VALUES (%s, %d, %s)';\r
+ $query = sprintf($query, sql_table('tickets'), DB::quoteValue($ticket), (integer) $memberId, DB::formatDateTime());\r
\r
if ( DB::execute($query) !== FALSE )\r
{\r
\r
// attempt to add entry in database\r
// add in database as non-active\r
- $query = 'INSERT INTO ' . sql_table('activation'). ' (vkey, vtime, vmember, vtype, vextra) ';\r
- $query .= 'VALUES (' . DB::quoteValue($key). ', \'' . date('Y-m-d H:i:s',time()) . '\', ' . intval($this->getID()). ', ' . DB::quoteValue($type). ', ' . DB::quoteValue($extra). ')';\r
+ $query = 'INSERT INTO %s (vkey, vtime, vmember, vtype, vextra) VALUES (%s, %s, %d, %s, %s)';\r
+ $query = sprintf($query\r
+ , sql_table('activation')\r
+ , DB::quoteValue($key)\r
+ , DB::formatDateTime()\r
+ , intval($this->getID())\r
+ , DB::quoteValue($type)\r
+ , DB::quoteValue($extra)\r
+ );\r
if ( DB::execute($query) !== FALSE )\r
$ok = true;\r
}\r
$boundary = time() - (60 * 60 * 24 * $actdays);\r
\r
// 1. walk over all entries, and see if special actions need to be performed\r
- $res = DB::getResult('SELECT * FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\'');\r
+ $query = sprintf('SELECT * FROM %s WHERE vtime < %s', sql_table('activation'), DB::formatDateTime($boundary));\r
+ $res = DB::getResult($query);\r
\r
foreach ( $res as $row )\r
{\r
}\r
\r
// 2. delete activation entries for real\r
- DB::execute('DELETE FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\'');\r
+ $query = sprintf('DELETE FROM %s WHERE vtime < %s', sql_table('activation'), DB::formatDateTime($boundary));\r
+ DB::execute($query);\r
return;\r
}\r
\r
{
if ( self::$dbh == null ) return FALSE;
self::$execCount++;
- $result = self::showErrorDisplay(self::$dbh->query($statement));
+ $result = self::callQuery($statement);
if ( $row = $result->fetch(PDO::FETCH_NUM) )
{
return $row[0];
{
if ( self::$dbh == null ) return FALSE;
self::$execCount++;
- $result = self::showErrorDisplay(self::$dbh->query($statement));
+ $result = self::callQuery($statement);
return $result->fetch(PDO::FETCH_BOTH);
}
{
if ( self::$dbh == null ) return FALSE;
self::$execCount++;
- return self::showErrorDisplay(self::$dbh->query($statement));
+ return self::callQuery($statement);
}
/**
* DB::execute()
* Execute an SQL statement and return the number of affected rows.
* @param string $statement SQL Statement
- * @return int number of rows that were modified or deleted by the SQL statement you issued.
+ * @return int number of rows that were modified or deleted by the SQL statement you issued. If the call fails, it will return FALSE.
*/
public static function execute($statement)
{
if ( self::$dbh == null ) return FALSE;
self::$execCount++;
- return self::showErrorDisplay(self::$dbh->exec($statement));
+ return self::callExec($statement);
}
/**
+ * DB::callQuery()
+ * Run the query to retrieve the result set.
+ * @param string $statement query to be executed
+ * @return PDOStatement Result set object. If the call fails, it will return FALSE.
+ */
+ private static function callQuery($statement)
+ {
+ $result = self::$dbh->query($statement);
+ if ( $result === FALSE )
+ {
+ self::showErrorDisplay($statement);
+ }
+ return $result;
+ }
+
+ /**
+ * DB::callExec()
+ * Run the query and returns the number of rows affected.
+ * @param string $statement query to be executed
+ * @return int number of rows that were modified or deleted by the SQL statement you issued. If the call fails, it will return FALSE.
+ */
+ private static function callExec($statement)
+ {
+ $result = self::$dbh->exec($statement);
+ if ( $result === FALSE )
+ {
+ self::showErrorDisplay($statement);
+ }
+ return $result;
+ }
+
+ /**
* DB::showErrorDisplay()
- * On the display query execution result query has an error in the case of FALSE.
- * @param mixed $result Query execution result
- * @return mixes Query execution result
+ * The error message is output to the screen of the query.
+ * @param string $statement query output to the screen
*/
- private static function showErrorDisplay($result)
+ private static function showErrorDisplay($statement)
{
global $CONF;
if ( array_key_exists('debug', $CONF) && $CONF['debug'] )
{
- if ( $result === FALSE )
- {
- $err = self::getError();
- print('mySQL error with query $query: ' . $err[2]);
- }
+ $err = self::getError();
+ print("mySQL error with query '{$statement}' : " . $err[2]);
}
- return $result;
+ return;
}
/**
]]></part>
<part name="SHOWLIST_LISTPLUG_TABLE_POPTLIST_FOOT"><![CDATA[<tr>
<th colspan="2"><%savetext%></th>
-</tr><tr>\n<td><%savetext%></td>
+</tr><tr>
+<td><%savetext%></td>
<td><input type="submit" value="<%savetext%>" /></td>
</tr>
]]></part>