put backticks around identifier in sql statements

This commit is contained in:
Uwe Steinmann 2017-02-12 08:07:14 +01:00
parent 290ab91fc7
commit a3a80f0a6b
3 changed files with 28 additions and 28 deletions

View File

@ -28,7 +28,7 @@ function getEvents($day, $month, $year){
$date = mktime(12,0,0, $month, $day, $year);
$queryStr = "SELECT * FROM tblEvents WHERE start <= " . $date . " AND stop >= " . $date;
$queryStr = "SELECT * FROM `tblEvents` WHERE `start` <= " . $date . " AND `stop` >= " . $date;
$ret = $db->getResultArray($queryStr);
return $ret;
}
@ -37,9 +37,9 @@ function getEventsInInterval($start, $stop){
global $db;
$queryStr = "SELECT * FROM tblEvents WHERE ( start <= " . (int) $start . " AND stop >= " . (int) $start . " ) ".
"OR ( start <= " . (int) $stop . " AND stop >= " . (int) $stop . " ) ".
"OR ( start >= " . (int) $start . " AND stop <= " . (int) $stop . " )";
$queryStr = "SELECT * FROM `tblEvents` WHERE ( `start` <= " . (int) $start . " AND `stop` >= " . (int) $start . " ) ".
"OR ( `start` <= " . (int) $stop . " AND `stop` >= " . (int) $stop . " ) ".
"OR ( `start` >= " . (int) $start . " AND `stop` <= " . (int) $stop . " )";
$ret = $db->getResultArray($queryStr);
return $ret;
}
@ -48,7 +48,7 @@ function addEvent($from, $to, $name, $comment ){
global $db,$user;
$queryStr = "INSERT INTO tblEvents (name, comment, start, stop, date, userID) VALUES ".
$queryStr = "INSERT INTO `tblEvents` (`name`, `comment`, `start`, `stop`, `date`, `userID`) VALUES ".
"(".$db->qstr($name).", ".$db->qstr($comment).", ".(int) $from.", ".(int) $to.", ".$db->getCurrentTimestamp().", ".$user->getID().")";
$ret = $db->getResult($queryStr);
@ -61,7 +61,7 @@ function getEvent($id){
global $db;
$queryStr = "SELECT * FROM tblEvents WHERE id = " . (int) $id;
$queryStr = "SELECT * FROM `tblEvents` WHERE `id` = " . (int) $id;
$ret = $db->getResultArray($queryStr);
if (is_bool($ret) && $ret == false) return false;
@ -76,7 +76,7 @@ function editEvent($id, $from, $to, $name, $comment ){
global $db;
$queryStr = "UPDATE tblEvents SET start = " . (int) $from . ", stop = " . (int) $to . ", name = " . $db->qstr($name) . ", comment = " . $db->qstr($comment) . ", date = " . $db->getCurrentTimestamp() . " WHERE id = ". (int) $id;
$queryStr = "UPDATE `tblEvents` SET `start` = " . (int) $from . ", `stop` = " . (int) $to . ", `name` = " . $db->qstr($name) . ", `comment` = " . $db->qstr($comment) . ", `date` = " . $db->getCurrentTimestamp() . " WHERE `id` = ". (int) $id;
$ret = $db->getResult($queryStr);
return $ret;
}
@ -87,7 +87,7 @@ function delEvent($id){
global $db;
$queryStr = "DELETE FROM tblEvents WHERE id = " . (int) $id;
$queryStr = "DELETE FROM `tblEvents` WHERE `id` = " . (int) $id;
$ret = $db->getResult($queryStr);
return $ret;
}

View File

@ -47,7 +47,7 @@ class SeedDMS_PasswordHistoryManager {
} /* }}} */
function add($user, $pwd) { /* {{{ */
$queryStr = "INSERT INTO tblUserPasswordHistory (userID, pwd, `date`) ".
$queryStr = "INSERT INTO `tblUserPasswordHistory` (`userID`, `pwd`, `date`) ".
"VALUES (".$this->db->qstr($user->getId()).", ".$this->db->qstr($pwd).", ".$this->db->getCurrentDatetime().")";
if (!$this->db->getResult($queryStr)) {
return false;
@ -55,7 +55,7 @@ class SeedDMS_PasswordHistoryManager {
} /* }}} */
function search($user, $pwd) { /* {{{ */
$queryStr = "SELECT * FROM tblUserPasswordHistory WHERE userID = ".$this->db->qstr($user->getId())." AND pwd=".$this->db->qstr($pwd);
$queryStr = "SELECT * FROM `tblUserPasswordHistory` WHERE `userID` = ".$this->db->qstr($user->getId())." AND `pwd`=".$this->db->qstr($pwd);
$resArr = $this->db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false)

View File

@ -67,7 +67,7 @@ class SeedDMS_Session {
* @return boolean true if successful otherwise false
*/
function load($id) { /* {{{ */
$queryStr = "SELECT * FROM tblSessions WHERE id = ".$this->db->qstr($id);
$queryStr = "SELECT * FROM `tblSessions` WHERE `id` = ".$this->db->qstr($id);
$resArr = $this->db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false)
return false;
@ -97,7 +97,7 @@ class SeedDMS_Session {
$id = "" . rand() . time() . rand() . "";
$id = md5($id);
$lastaccess = time();
$queryStr = "INSERT INTO tblSessions (id, userID, lastAccess, theme, language, su) ".
$queryStr = "INSERT INTO `tblSessions` (`id`, `userID`, `lastAccess`, `theme`, `language`, `su`) ".
"VALUES ('".$id."', ".$data['userid'].", ".$lastaccess.", '".$data['theme']."', '".$data['lang']."', 0)";
if (!$this->db->getResult($queryStr)) {
return false;
@ -126,7 +126,7 @@ class SeedDMS_Session {
* @return boolean true if successful otherwise false
*/
function updateAccess($id) { /* {{{ */
$queryStr = "UPDATE tblSessions SET lastAccess = " . time() . " WHERE id = " . $this->db->qstr($id);
$queryStr = "UPDATE `tblSessions` SET `lastAccess` = " . time() . " WHERE `id` = " . $this->db->qstr($id);
if (!$this->db->getResult($queryStr))
return false;
return true;
@ -139,7 +139,7 @@ class SeedDMS_Session {
* @return boolean true if successful otherwise false
*/
function deleteByTime($sec) { /* {{{ */
$queryStr = "DELETE FROM tblSessions WHERE " . time() . " - lastAccess > ".$sec;
$queryStr = "DELETE FROM `tblSessions` WHERE " . time() . " - `lastAccess` > ".$sec;
if (!$this->db->getResult($queryStr)) {
return false;
}
@ -153,7 +153,7 @@ class SeedDMS_Session {
* @return boolean true if successful otherwise false
*/
function delete($id) { /* {{{ */
$queryStr = "DELETE FROM tblSessions WHERE id = " . $this->db->qstr($id);
$queryStr = "DELETE FROM `tblSessions` WHERE `id` = " . $this->db->qstr($id);
if (!$this->db->getResult($queryStr)) {
return false;
}
@ -178,7 +178,7 @@ class SeedDMS_Session {
function setUser($userid) { /* {{{ */
/* id is only set if load() was called before */
if($this->id) {
$queryStr = "UPDATE tblSessions SET userID = " . $this->db->qstr($userid) . " WHERE id = " . $this->db->qstr($this->id);
$queryStr = "UPDATE `tblSessions` SET `userID` = " . $this->db->qstr($userid) . " WHERE `id` = " . $this->db->qstr($this->id);
if (!$this->db->getResult($queryStr))
return false;
$this->data['userid'] = $userid;
@ -194,7 +194,7 @@ class SeedDMS_Session {
function setLanguage($lang) { /* {{{ */
/* id is only set if load() was called before */
if($this->id) {
$queryStr = "UPDATE tblSessions SET language = " . $this->db->qstr($lang) . " WHERE id = " . $this->db->qstr($this->id);
$queryStr = "UPDATE `tblSessions` SET `language` = " . $this->db->qstr($lang) . " WHERE `id` = " . $this->db->qstr($this->id);
if (!$this->db->getResult($queryStr))
return false;
$this->data['lang'] = $lang;
@ -219,7 +219,7 @@ class SeedDMS_Session {
function setSu($su) { /* {{{ */
/* id is only set if load() was called before */
if($this->id) {
$queryStr = "UPDATE tblSessions SET su = " . (int) $su . " WHERE id = " . $this->db->qstr($this->id);
$queryStr = "UPDATE `tblSessions` SET `su` = " . (int) $su . " WHERE `id` = " . $this->db->qstr($this->id);
if (!$this->db->getResult($queryStr))
return false;
$this->data['su'] = (int) $su;
@ -235,7 +235,7 @@ class SeedDMS_Session {
function resetSu() { /* {{{ */
/* id is only set if load() was called before */
if($this->id) {
$queryStr = "UPDATE tblSessions SET su = 0 WHERE id = " . $this->db->qstr($this->id);
$queryStr = "UPDATE `tblSessions` SET `su` = 0 WHERE `id` = " . $this->db->qstr($this->id);
if (!$this->db->getResult($queryStr))
return false;
$this->data['su'] = 0;
@ -260,7 +260,7 @@ class SeedDMS_Session {
function setClipboard($clipboard) { /* {{{ */
/* id is only set if load() was called before */
if($this->id) {
$queryStr = "UPDATE tblSessions SET clipboard = " . $this->db->qstr(json_encode($clipboard)) . " WHERE id = " . $this->db->qstr($this->id);
$queryStr = "UPDATE `tblSessions` SET `clipboard` = " . $this->db->qstr(json_encode($clipboard)) . " WHERE `id` = " . $this->db->qstr($this->id);
if (!$this->db->getResult($queryStr))
return false;
$this->data['clipboard'] = $clipboard;
@ -292,7 +292,7 @@ class SeedDMS_Session {
if(!in_array($object->getID(), $this->data['clipboard']['folders']))
array_push($this->data['clipboard']['folders'], $object->getID());
}
$queryStr = "UPDATE tblSessions SET clipboard = " . $this->db->qstr(json_encode($this->data['clipboard'])) . " WHERE id = " . $this->db->qstr($this->id);
$queryStr = "UPDATE `tblSessions` SET `clipboard` = " . $this->db->qstr(json_encode($this->data['clipboard'])) . " WHERE `id` = " . $this->db->qstr($this->id);
if (!$this->db->getResult($queryStr))
return false;
}
@ -316,7 +316,7 @@ class SeedDMS_Session {
if($key !== false)
unset($this->data['clipboard']['folders'][$key]);
}
$queryStr = "UPDATE tblSessions SET clipboard = " . $this->db->qstr(json_encode($this->data['clipboard'])) . " WHERE id = " . $this->db->qstr($this->id);
$queryStr = "UPDATE `tblSessions` SET `clipboard` = " . $this->db->qstr(json_encode($this->data['clipboard'])) . " WHERE `id` = " . $this->db->qstr($this->id);
if (!$this->db->getResult($queryStr))
return false;
}
@ -330,7 +330,7 @@ class SeedDMS_Session {
function clearClipboard() { /* {{{ */
$this->data['clipboard']['docs'] = array();
$this->data['clipboard']['folders'] = array();
$queryStr = "UPDATE tblSessions SET clipboard = " . $this->db->qstr(json_encode($this->data['clipboard'])) . " WHERE id = " . $this->db->qstr($this->id);
$queryStr = "UPDATE `tblSessions` SET `clipboard` = " . $this->db->qstr(json_encode($this->data['clipboard'])) . " WHERE `id` = " . $this->db->qstr($this->id);
if (!$this->db->getResult($queryStr))
return false;
return true;
@ -344,7 +344,7 @@ class SeedDMS_Session {
function setSplashMsg($msg) { /* {{{ */
/* id is only set if load() was called before */
if($this->id) {
$queryStr = "UPDATE tblSessions SET splashmsg = " . $this->db->qstr(json_encode($msg)) . " WHERE id = " . $this->db->qstr($this->id);
$queryStr = "UPDATE `tblSessions` SET `splashmsg` = " . $this->db->qstr(json_encode($msg)) . " WHERE `id` = " . $this->db->qstr($this->id);
if (!$this->db->getResult($queryStr))
return false;
$this->data['splashmsg'] = $msg;
@ -360,7 +360,7 @@ class SeedDMS_Session {
function clearSplashMsg() { /* {{{ */
/* id is only set if load() was called before */
if($this->id) {
$queryStr = "UPDATE tblSessions SET splashmsg = '' WHERE id = " . $this->db->qstr($this->id);
$queryStr = "UPDATE `tblSessions` SET `splashmsg` = '' WHERE `id` = " . $this->db->qstr($this->id);
if (!$this->db->getResult($queryStr))
return false;
$this->data['splashmsg'] = '';
@ -428,7 +428,7 @@ class SeedDMS_SessionMgr {
$id = "" . rand() . time() . rand() . "";
$id = md5($id);
$lastaccess = time();
$queryStr = "INSERT INTO tblSessions (id, userID, lastAccess, theme, language, su) ".
$queryStr = "INSERT INTO `tblSessions` (`id`, `userID`, `lastAccess`, `theme`, `language`, `su`) ".
"VALUES ('".$id."', ".$data['userid'].", ".$lastaccess.", '".$data['theme']."', '".$data['lang']."', 0)";
if (!$this->db->getResult($queryStr)) {
return false;
@ -443,7 +443,7 @@ class SeedDMS_SessionMgr {
* @return array list of sessions
*/
function getAllSessions() { /* {{{ */
$queryStr = "SELECT * FROM tblSessions";
$queryStr = "SELECT * FROM `tblSessions`";
$resArr = $this->db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false)
return false;
@ -463,7 +463,7 @@ class SeedDMS_SessionMgr {
* @return array list of sessions
*/
function getUserSessions($user) { /* {{{ */
$queryStr = "SELECT * FROM tblSessions WHERE userID=".$user->getID();
$queryStr = "SELECT * FROM `tblSessions` WHERE `userID`=".$user->getID();
$resArr = $this->db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false)
return false;