Your maintainer request has been submitted for review. You should hear back\n"; echo "soon about the status of your submission
\n"; Index: admin/adminAppDataQueue.php =================================================================== RCS file: /opt/cvs-commit/appdb/admin/adminAppDataQueue.php,v retrieving revision 1.19 diff -u -r1.19 adminAppDataQueue.php --- admin/adminAppDataQueue.php 17 Jun 2006 06:10:10 -0000 1.19 +++ admin/adminAppDataQueue.php 23 Jun 2006 06:15:03 -0000 @@ -168,10 +168,12 @@ $oScreenshot->unQueue(); } elseif ($obj_row->type == "url") - { // FIXME: use Link class - $query = "INSERT INTO appData VALUES (null, ".$obj_row->versionId.", 'url', ". - "'".$aClean['description']."', '".$obj_row->url."')"; - if (query_appdb($sQuery)) + { + $hResult = query_parameters("INSERT INTO appData (id, appId, versionId, type, ". + "description, url) VALUES (?, '?', '?', '?', '?', '?')", + "null", $obj_row->appId, $obj_row->versionId, + "url", $aClean['description'], $obj_row->url); + if($hResult) { $statusMessage = "The application data was successfully added into the database
\n"; Index: admin/editBundle.php =================================================================== RCS file: /opt/cvs-commit/appdb/admin/editBundle.php,v retrieving revision 1.8 diff -u -r1.8 editBundle.php --- admin/editBundle.php 23 Jun 2006 03:42:08 -0000 1.8 +++ admin/editBundle.php 23 Jun 2006 06:15:03 -0000 @@ -33,7 +33,10 @@ } if($_REQUEST['cmd'] == "add") { - $hResult = query_appdb("INSERT INTO appBundle VALUES (".$_REQUEST['bundleId'].", ".$_REQUEST['appId'].")"); + $hResult = query_parameters("INSERT INTO appBundle (bundleId, appId) VALUES". + "('?', '?')", + $_REQUEST['bundleId'], + $_REQUEST['appId']); if($hResult) addmsg("App $appId added to Bundle".$_REQUEST['bundleId'], "green"); } Index: include/appdb.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/appdb.php,v retrieving revision 1.4 diff -u -r1.4 appdb.php --- include/appdb.php 11 Jan 2005 00:26:05 -0000 1.4 +++ include/appdb.php 23 Jun 2006 06:15:03 -0000 @@ -11,7 +11,9 @@ query_appdb("UPDATE catHitStats SET count = count + 1 WHERE catHitId = $stats->catHitId"); } else { - query_appdb("INSERT INTO catHitStats VALUES(null, null, '$REMOTE_ADDR', $catId, 1)"); + query_parameters("INSERT INTO catHitStats (appHitId, time, ip, catId, count) ". + "VALUES (?, ?, '?', '?', '?')", + "null", "null", $REMOTE_ADDR, $catId, "1"); } } @@ -26,7 +28,9 @@ query_appdb("UPDATE appHitStats SET count = count + 1 WHERE appHitId = $stats->appHitId"); } else { - query_appdb("INSERT INTO appHitStats VALUES(null, null, '$REMOTE_ADDR', $appId, 1)"); + query_parameters("INSERT INTO appHitStats (appHitId, time, ip, appId, count) ". + "VALUES (?, ?, '?', '?', '?')", + "null", "null", $REMOTE_ADDR, $appId, "1"); } } Index: include/application.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/application.php,v retrieving revision 1.46 diff -u -r1.46 application.php --- include/application.php 17 Jun 2006 06:10:10 -0000 1.46 +++ include/application.php 23 Jun 2006 06:15:03 -0000 @@ -111,18 +111,13 @@ else $this->sQueued = 'false'; - $aInsert = compile_insert_string(array( 'appName' => $this->sName, - 'description'=> $this->sDescription, - 'keywords' => $this->sKeywords, - 'webPage' => $this->sWebpage, - 'vendorId' => $this->iVendorId, - 'catId' => $this->iCatId, - 'submitterId'=> $_SESSION['current']->iUserId, - 'queued' => $this->sQueued)); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO appFamily $sFields VALUES $sValues", "Error while creating a new application.")) + $hResult = query_parameters("INSERT INTO appFamily (appName, description, keywords, ". + "webPage, vendorId, catId, submitterId, queued) VALUES (". + "'?', '?', '?', '?', '?', '?', '?', '?')", + $this->sName, $this->sDescription, $this->sKeywords, + $this->sWebpage, $this->iVendorId, $this->iCatId, + $_SESSION['current']->iUserId, $this->sQueued); + if($hResult) { $this->iAppId = mysql_insert_id(); $this->application($this->iAppId); @@ -130,6 +125,7 @@ return true; } else { + addmsg("Error while creating a new application.", "red"); return false; } } Index: include/bugs.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/bugs.php,v retrieving revision 1.7 diff -u -r1.7 bugs.php --- include/bugs.php 17 Jun 2006 06:10:10 -0000 1.7 +++ include/bugs.php 23 Jun 2006 06:15:03 -0000 @@ -113,13 +113,11 @@ /* passed the checks so lets insert the puppy! */ - $aInsert = compile_insert_string(array( 'versionId' => $iVersionId, - 'bug_id' => $iBug_id, - 'queued' => $this->bQueued?"true":"false", - 'submitterId' => $_SESSION['current']->iUserId )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - if(query_appdb("INSERT INTO buglinks $sFields VALUES $sValues", "Error while creating a new Bug link.")) + $hResult = query_parameters("INSERT INTO buglinks (versionId, bug_id, queued, submitterId) ". + "VALUES('?', '?', '?', '?')", + $iVersionId, $iBug_id, $this->bQueued?"true":"false", + $_SESSION['current']->iUserId); + if($hResult) { /* The following should work but it does not! */ $this->iLinkId = mysql_insert_id(); @@ -141,6 +139,7 @@ return true; }else { + addmsg("Error while creating a new Bug link.", "red"); return false; } } Index: include/category.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/category.php,v retrieving revision 1.16 diff -u -r1.16 category.php --- include/category.php 26 Oct 2005 02:09:49 -0000 1.16 +++ include/category.php 23 Jun 2006 06:15:04 -0000 @@ -76,20 +76,20 @@ */ function create($sName=null, $sDescription=null, $iParentId=null) { - $aInsert = compile_insert_string(array( 'catName'=> $sName, - 'catDescription' => $sDescription, - 'catParent' => $iParentId )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO appCategory $sFields VALUES $sValues", "Error while creating a new vendor.")) + $hResult = query_parameters("INSERT INTO appCategory (catName, catDescription, catParent) ". + "VALUES('?', '?', '?')", + $sName, $sDescription, $iParentId); + if($hResult) { $this->iCatId = mysql_insert_id(); $this->category($this->iCatId); return true; } else + { + addmsg("Error while creating a new vendor.", "red"); return false; + } } Index: include/comment.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/comment.php,v retrieving revision 1.18 diff -u -r1.18 comment.php --- include/comment.php 21 Jun 2006 01:04:12 -0000 1.18 +++ include/comment.php 23 Jun 2006 06:15:04 -0000 @@ -53,15 +53,12 @@ */ function create($sSubject, $sBody, $iParentId=null, $iVersionId) { - $aInsert = compile_insert_string(array( 'parentId' => $iParentId, - 'versionId' => $iVersionId, - 'subject' => $sSubject, - 'body' => $sBody )); + $hResult = query_parameters("INSERT INTO appComments (parentId, versionId, subject, ". + "body, userId, time, hostname) VALUES ('?', '?', '?', '?', '?', ?, '?')", + $iParentId, $iVersionId, $sSubject, $sBody, $_SESSION['current']->iUserId, + "NOW()", get_remote()); - $sFields = "({$aInsert['FIELDS']}, `userId`, `time`, `hostname`)"; - $sValues = "({$aInsert['VALUES']}, ".$_SESSION['current']->iUserId.", NOW(), '".get_remote()."')"; - - if(query_appdb("INSERT INTO appComments $sFields VALUES $sValues", "Error while creating a new comment.")) + if($hResult) { $this->comment(mysql_insert_id()); $sEmail = get_notify_email_address_list($this->iAppId, $this->iVersionId); @@ -101,7 +98,10 @@ return true; } else + { + addmsg("Error while creating a new comment", "red"); return false; + } } Index: include/db.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/db.php,v retrieving revision 1.13 diff -u -r1.13 db.php --- include/db.php 1 Aug 2005 20:53:44 -0000 1.13 +++ include/db.php 23 Jun 2006 06:15:04 -0000 @@ -18,6 +18,68 @@ return $hResult; } +/* + * Wildcard Rules + * SCALAR (?) => 'original string quoted' + * OPAQUE (&) => 'string from file quoted' + * MISC (~) => original string (left 'as-is') + * + * NOTE: These rules convienently match those for Pear DB + * + * MySQL Prepare Function + * By: Kage (Alex) + * KageKonjou@GMail.com + * http://us3.php.net/manual/en/function.mysql-query.php#53400 + * + * Modified by CMM 20060622 + * + * Values are mysql_real_escape_string()'d to prevent against injection attacks + * See http://php.net/mysql_real_escape_string for more information about why this is the case + * + */ +function query_parameters() +{ + global $hAppdbLink; + + if(!is_resource($hAppdbLink)) + { + // The last argument makes sure we are really opening a new connection + $hAppdbLink = mysql_connect(APPS_DBHOST, APPS_DBUSER, APPS_DBPASS,true); + mysql_select_db(APPS_DB, $hAppdbLink); + } + + $data = func_get_args(); + $query = $data[0]; + $tokens = split("[\&\?\~]", $query); + $preparedquery = $tokens[0]; + $count = strlen($tokens[0]); + + for ($i=1; $i < count($tokens); $i++) + { + $char = substr($query, $count, 1); + $count += (strlen($tokens[$i])+1); + if ($char == "&") + { + $fp = @fopen($data[$i], 'r'); + $pdata = ""; + if ($fp) + { + while (($buf = fread($fp, 4096)) != false) + { + $pdata .= $buf; + } + fclose($fp); + } + } else + { + $pdata = &$data[$i]; + } + $preparedquery .= ($char != "~" ? mysql_real_escape_string($pdata) : $pdata); + $preparedquery .= $tokens[$i]; + } + + return query_appdb($preparedquery); +} function query_bugzilladb($sQuery,$sComment="") { @@ -50,31 +112,6 @@ * Expects an array in this form: * $aFoo['field'] = 'value'; * -* Returns an array ready to be put in a query like this -* $sQuery = "INSERT INTO `foo` {$aReturn['FIELDS']} VALUES {$aReturn['VALUES']}"; -* -* Values are addslashes()'d. -*/ - -function compile_insert_string($aData) -{ - foreach ($aData as $k => $v) - { - $field_names .= "`$k`,"; - $field_values .= "'".addslashes($v)."',"; - } - - // Get rid of the end , - $field_names = preg_replace( "/,$/" , "" , $field_names ); - $field_values = preg_replace( "/,$/" , "" , $field_values ); - - return array('FIELDS' => $field_names, 'VALUES' => $field_values); -} - -/** -* Expects an array in this form: -* $aFoo['field'] = 'value'; -* * Returns a string ready to be put in a query like this * $sQuery = "UPDATE `foo` $sReturn"; * Index: include/distributions.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/distributions.php,v retrieving revision 1.4 diff -u -r1.4 distributions.php --- include/distributions.php 21 Jun 2006 01:04:13 -0000 1.4 +++ include/distributions.php 23 Jun 2006 06:15:04 -0000 @@ -96,14 +96,11 @@ else $this->sQueued = 'false'; - $aInsert = compile_insert_string(array( 'name' => $this->sName, - 'url' => $this->sUrl, - 'submitterId' => $_SESSION['current']->iUserId, - 'queued' => $this->sQueued )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO distributions $sFields VALUES $sValues", "Error while creating Distribution.")) + $hResult = query_parameters("INSERT INTO distributions (name, url, submitterId, queued) ". + "VALUES ('?', '?', '?', '?')", + $this->sName, $this->sUrl, $_SESSION['current']->iUserId, + $this->sQueued); + if($hResult) { $this->iDistributionId = mysql_insert_id(); $this->distribution($this->iDistributionId); @@ -111,7 +108,10 @@ return true; } else + { + addmsg("Error while creating Distribution.", "red"); return false; + } } // Update Distribution. Index: include/monitor.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/monitor.php,v retrieving revision 1.2 diff -u -r1.2 monitor.php --- include/monitor.php 29 Oct 2005 04:41:10 -0000 1.2 +++ include/monitor.php 23 Jun 2006 06:15:04 -0000 @@ -61,21 +61,21 @@ */ function create($iUserId, $iAppId=0, $iVersionId=0) { - $aInsert = compile_insert_string(array( 'versionId' => $iVersionId, - 'appId' => $iAppId, - 'userId' => $iUserId )); + $hResult = query_parameters("INSERT INTO appMonitors (versionId, appId, userId) ". + "VALUES ('?', '?', '?')", + $iVersionId, $iAppId, $iUserId); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - if(query_appdb("INSERT INTO appMonitors $sFields VALUES $sValues", "Error while creating a new Monitor.")) + if($hResult) { $this->Monitor(mysql_insert_id()); $sWhatChanged = "New monitor\n\n"; $this->SendNotificationMail("add", $sWhatChanged); return true; - } - else + } else + { + addmsg("Error while creating a new Monitor.", "red"); return false; + } } Index: include/note.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/note.php,v retrieving revision 1.7 diff -u -r1.7 note.php --- include/note.php 17 Jun 2006 06:10:10 -0000 1.7 +++ include/note.php 23 Jun 2006 06:15:04 -0000 @@ -49,14 +49,11 @@ */ function create($sTitle, $sDescription, $iVersionId) { - $aInsert = compile_insert_string(array( 'versionId' => $iVersionId, - 'noteTitle' => $sTitle, - 'noteDesc' => $sDescription )); + $hResult = query_parameters("INSERT INTO appNotes (versionId, noteTitle, noteDesc) ". + "VALUES('?', '?', '?')", + $iVersionId, $sTitle, $sDescription); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO appNotes $sFields VALUES $sValues", "Error while creating a new note.")) + if($hResult) { $this->note(mysql_insert_id()); $sWhatChanged = "Description is:\n".$sDescription.".\n\n"; @@ -64,7 +61,10 @@ return true; } else + { + addmsg("Error while creating a new note.", "red"); return false; + } } Index: include/screenshot.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/screenshot.php,v retrieving revision 1.36 diff -u -r1.36 screenshot.php --- include/screenshot.php 22 Jun 2006 21:41:41 -0000 1.36 +++ include/screenshot.php 23 Jun 2006 06:15:05 -0000 @@ -70,15 +70,11 @@ $this->bQueued = false; } - $aInsert = compile_insert_string(array( 'versionId' => $iVersionId, - 'type' => "image", - 'description' => $sDescription, - 'queued' => $this->bQueued?"true":"false", - 'submitterId' => $_SESSION['current']->iUserId )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO appData $sFields VALUES $sValues", "Error while creating a new screenshot.")) + $hResult = query_parameters("INSERT INTO appData (versionId, type, description, queued, submitterId) ". + "VALUES('?', '?', '?', '?', '?')", + $iVersionId, "image", $sDescription, $this->bQueued?"true":"false", + $_SESSION['current']->iUserId); + if($hResult) { $this->iScreenshotId = mysql_insert_id(); @@ -120,7 +116,10 @@ return true; } else + { + addmsg("Error while creating a new screenshot.", "red"); return false; + } } Index: include/testResults.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/testResults.php,v retrieving revision 1.17 diff -u -r1.17 testResults.php --- include/testResults.php 17 Jun 2006 06:12:28 -0000 1.17 +++ include/testResults.php 23 Jun 2006 06:15:05 -0000 @@ -69,23 +69,18 @@ else $this->sQueued = 'false'; - $aInsert = compile_insert_string(array( 'versionId' => $this->iVersionId, - 'whatWorks' => $this->sWhatWorks, - 'whatDoesnt' => $this->sWhatDoesnt, - 'whatNotTested' => $this->sWhatNotTested, - 'testedDate' => $this->sTestedDate, - 'distributionId' => $this->iDistributionId, - 'testedRelease' => $this->sTestedRelease, - 'installs' => $this->sInstalls, - 'runs' => $this->sRuns, - 'testedRating' => $this->sTestedRating, - 'comments' => $this->sComments, - 'submitterId' => $_SESSION['current']->iUserId, - 'queued' => $this->sQueued )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - if(query_appdb("INSERT INTO testResults $sFields VALUES $sValues", "Error while creating test results.")) + $hResult = query_parameters("INSERT INTO testResults (versionId, whatWorks, whatDoesnt,". + "whatNotTested, testedDate, distributionId, testedRelease,". + "installs, runs, testedRating, comments, submitterId, queued)". + " VALUES('?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?',". + "'?', '?')", + $this->iVersionId, $this->sWhatWorks, $this->sWhatDoesnt, + $this->sWhatNotTested, $this->sTestedDate, $this->iDistributionId, + $this->sTestedRelease, $this->sInstalls, $this->sRuns, + $this->sTestedRating, $this->sComments, $_SESSION['current']->iUserId, + $this->sQueued); + if($hResult) { $this->iTestingId = mysql_insert_id(); $this->testData($this->iTestingId); @@ -93,7 +88,10 @@ return true; } else + { + addmsg("Error while creating test results.", "red"); return false; + } } // Update Test Results. Index: include/url.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/url.php,v retrieving revision 1.3 diff -u -r1.3 url.php --- include/url.php 17 Jun 2006 06:10:10 -0000 1.3 +++ include/url.php 23 Jun 2006 06:15:05 -0000 @@ -62,16 +62,11 @@ $this->bQueued = true; } - $aInsert = compile_insert_string(array( 'appId' => $iAppId, - 'versionId' => $iVersionId, - 'type' => "url", - 'description' => $sDescription, - 'queued' => $this->bQueued, - 'submitterId' => $_SESSION['current']->iUserId )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO appData $sFields VALUES $sValues", "Error while creating a new url.")) + $hResult = query_parameters("INSERT INTO appData (appId, versionId, type, description,". + "queued, submitterId) VALUES ('?', '?', '?', '?', '?', '?')", + $iAppId, $iVersionId, "url", $sDescription, $this->bQueued, + $_SESSION['current']->iUserId); + if($hResult) { $this->iUrlId = mysql_insert_id(); $this->url($this->iUrlId,$this->bQueued); @@ -79,7 +74,10 @@ return true; } else + { + addmsg("Error while creating a new url.", "red"); return false; + } } Index: include/user.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/user.php,v retrieving revision 1.67 diff -u -r1.67 user.php --- include/user.php 21 Jun 2006 01:04:13 -0000 1.67 +++ include/user.php 23 Jun 2006 06:15:06 -0000 @@ -83,14 +83,11 @@ return false; } else { - $aInsert = compile_insert_string(array( 'realname' => $sRealname, - 'email' => $sEmail, - 'CVSrelease' => $sWineRelease )); + $hResult = query_parameters("INSERT INTO user_list (realname, email, CVSrelease, password, stamp,". + "created) VALUES ('?', '?', '?', password('?'), ?, ?)", + $sRealname, $sEmail, $sWineRelease, $sPassword, "NOW()", "NOW()"); - $sFields = "({$aInsert['FIELDS']}, `password`, `stamp`, `created`)"; - $sValues = "({$aInsert['VALUES']}, password('".$sPassword."'), NOW(), NOW() )"; - - query_appdb("INSERT INTO user_list $sFields VALUES $sValues", "Error while creating a new user."); + if(!$hResult) addMsg("Error while creating a new user.", "red"); $retval = $this->login($sEmail, $sPassword); $this->setPref("comments:mode", "threaded"); /* set the users default comments:mode to threaded */ @@ -183,7 +180,8 @@ return false; $hResult = query_appdb("DELETE FROM user_prefs WHERE userid = ".$this->iUserId." AND name = '$sKey'"); - $hResult = query_appdb("INSERT INTO user_prefs VALUES(".$this->iUserId.", '$sKey', '$sValue')"); + $hResult = query_parameters("INSERT INTO user_prefs (userid, name, value) VALUES". + "('?', '?', '?')", $this->iUserId, $sKey, $sValue); return $hResult; } @@ -278,15 +276,13 @@ if(!$this->isSuperMaintainer($iAppId) && ((!$bSuperMaintainer && !$this->isMaintainer($iVersionId)) | $bSuperMaintainer)) { - // insert the new entry into the maintainers list - $sQuery = "INSERT into appMaintainers VALUES(null,". - "$iAppId,". - "$iVersionId,". - "$this->iUserId,". - "$bSuperMaintainer,". - "NOW());"; - - if (query_appdb($sQuery)) + // insert the new entry into the maintainers list + $hResult = query_parameters("INSERT INTO appMaintainers (maintainerId, appId,". + "versionId, userId, superMaintainer, submitTime) ". + "VALUES (?, '?', '?', '?', '?', ?)", + "null", $iAppId, $iVersionId, $this->iUserId, + $bSuperMaintainer, "NOW()"); + if($hResult) { $statusMessage = "The maintainer was successfully added into the database
\n"; @@ -400,7 +396,8 @@ if($this->hasPriv($sPriv)) return true; - $hResult = query_appdb("INSERT INTO user_privs VALUES ($this->iUserId, '$sPriv')"); + $hResult = query_parameters("INSERT INTO user_privs (userid, priv) VALUES". + " ('?', '?')", $this->iUserId, $sPriv); return $hResult; } Index: include/util.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/util.php,v retrieving revision 1.58 diff -u -r1.58 util.php --- include/util.php 23 Jun 2006 04:11:50 -0000 1.58 +++ include/util.php 23 Jun 2006 06:15:07 -0000 @@ -580,24 +580,20 @@ if($isVersion) { - $aInsert = compile_insert_string( array('versionId' => $_REQUEST['versionId'], - 'type' => 'url', - 'description' => $_REQUEST['url_desc'], - 'url' => $_REQUEST['url'])); + $hResult = query_parameters("INSERT INTO appData (versionId, type, description, url) ". + "VALUES ('?', '?', '?', '?')", + $_REQUEST['versionId'], "url", $_REQUEST['url_desc'], + $_REQUEST['url']); } else { - $aInsert = compile_insert_string( array( 'appId' => $_REQUEST['appId'], - 'type' => 'url', - 'description' => $_REQUEST['url_desc'], - 'url' => $_REQUEST['url'])); + $hResult = query_parameters("INSERT INTO appData (appId, type, description, url) ". + "VALUES ('?', '?', '?', '?')", + $_REQUEST['appId'], "url", $_REQUEST['url_desc'], + $_REQUEST['url']); } - $sQuery = "INSERT INTO appData ({$aInsert['FIELDS']}) VALUES ({$aInsert['VALUES']})"; - - if($_SESSION['current']->showDebuggingInfos()) { echo "query: $sQuery
"; } - - if (query_appdb($sQuery)) + if ($hResult) { addmsg("The URL was successfully added into the database", "green"); $sWhatChanged .= " Added Url: Description: ".stripslashes($_REQUEST['url_desc'])."\n"; Index: include/vendor.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/vendor.php,v retrieving revision 1.6 diff -u -r1.6 vendor.php --- include/vendor.php 21 Jun 2006 01:04:13 -0000 1.6 +++ include/vendor.php 23 Jun 2006 06:15:07 -0000 @@ -56,19 +56,19 @@ */ function create($sName=null, $sWebpage=null) { - $aInsert = compile_insert_string(array( 'vendorName'=> $sName, - 'vendorURL' => $sWebpage )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO vendor $sFields VALUES $sValues", "Error while creating a new vendor.")) + $hResult = query_parameters("INSERT INTO vendor (vendorName, vendorURL) ". + "VALUES ('?', '?')", $sName, $sWebpage); + if($hResult) { $this->iVendorId = mysql_insert_id(); $this->vendor($this->iVendorId); return true; } else + { + addmsg("Error while creating a new vendor.", "red"); return false; + } } Index: include/version.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/version.php,v retrieving revision 1.54 diff -u -r1.54 version.php --- include/version.php 20 Jun 2006 22:58:58 -0000 1.54 +++ include/version.php 23 Jun 2006 06:15:07 -0000 @@ -182,17 +182,14 @@ else $this->sQueued = 'false'; - $aInsert = compile_insert_string(array( 'versionName' => $this->sName, - 'description' => $this->sDescription, - 'maintainer_release'=> $this->sTestedRelease, - 'maintainer_rating' => $this->sTestedRating, - 'appId' => $this->iAppId, - 'submitterId' => $_SESSION['current']->iUserId, - 'queued' => $this->sQueued )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; + $hResult = query_parameters("INSERT INTO appVersion (versionName, description, maintainer_release,". + "maintainer_rating, appId, submitterId, queued) VALUES ". + "('?', '?', '?', '?', '?', '?', '?')", + $this->sName, $this->sDescription, $this->sTestedRelease, + $this->sTestedRating, $this->iAppId, $_SESSION['current']->iUserId, + $this->sQueued); - if(query_appdb("INSERT INTO appVersion $sFields VALUES $sValues", "Error while creating a new version.")) + if($hResult) { $this->iVersionId = mysql_insert_id(); $this->Version($this->iVersionId); @@ -201,6 +198,7 @@ } else { + addmsg("Error while creating a new version", "red"); return false; } } Index: include/vote.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/vote.php,v retrieving revision 1.14 diff -u -r1.14 vote.php --- include/vote.php 21 Jun 2006 01:04:13 -0000 1.14 +++ include/vote.php 23 Jun 2006 06:15:07 -0000 @@ -66,7 +66,9 @@ return; vote_remove($slot, $userId); - query_appdb("INSERT INTO appVotes VALUES (null, null, $appId, $userId, $slot)"); + + query_parameters("INSERT INTO appVotes (id, time, appId, userId, slot) + VALUES (?, ?, '?', '?', '?')", "null", "null", $appId, $userId, $slot); }