fix wrong sql statement in getInstance()

2025-03-12 00:45:34 +00:00 · 2015-04-16 14:11:14 +02:00 · 2015-04-16 14:11:14 +02:00 · ba5185eec8
commit ba5185eec8
parent fc7772f7d9
2 changed files with 26 additions and 4 deletions
--- a/SeedDMS_Core/Core/inc.ClassGroup.php
+++ b/SeedDMS_Core/Core/inc.ClassGroup.php
@ -50,12 +50,22 @@ class SeedDMS_Core_Group {
 		$this->_dms = null;
 	} /* }}} */

+	/**
+	 * Create an instance of a group object
+	 *
+	 * @param string|integer $id Id, name of group, depending
+	 * on the 3rd parameter.
+	 * @param object $dms instance of dms
+	 * @param string $by search by group name if set to 'name'. 
+	 * Search by Id of group if left empty.
+	 * @return object instance of class SeedDMS_Core_Group
+	 */
 	public static function getInstance($id, $dms, $by='') { /* {{{ */
 		$db = $dms->getDB();

 		switch($by) {
 		case 'name':
-			$queryStr = "SELECT * FROM `tblGroups` WHERE `name` = ".$this->db->qstr($name);
+			$queryStr = "SELECT * FROM `tblGroups` WHERE `name` = ".$db->qstr($id);
 			break;
 		default:
 			$queryStr = "SELECT * FROM `tblGroups` WHERE id = " . (int) $id;
--- a/SeedDMS_Core/Core/inc.ClassUser.php
+++ b/SeedDMS_Core/Core/inc.ClassUser.php
@ -155,17 +155,29 @@ class SeedDMS_Core_User {
 		$this->_dms = null;
 	}

+	/**
+	 * Create an instance of a user object
+	 *
+	 * @param string|integer $id Id, login name, or email of user, depending
+	 * on the 3rd parameter.
+	 * @param object $dms instance of dms
+	 * @param string $by search by [name|email]. If 'name' is passed, the method
+	 * will check for the 4th paramater and also filter by email. If this
+	 * parameter is left empty, the user will be search by its Id.
+	 * @param string $email optional email address if searching for name
+	 * @return object instance of class SeedDMS_Core_User
+	 */
 	public static function getInstance($id, $dms, $by='', $email='') { /* {{{ */
 		$db = $dms->getDB();

 		switch($by) {
 		case 'name':
-			$queryStr = "SELECT * FROM tblUsers WHERE login = ".$this->db->qstr($login);
+			$queryStr = "SELECT * FROM tblUsers WHERE login = ".$db->qstr($id);
 			if($email)
-				$queryStr .= " AND email=".$this->db->qstr($email);
+				$queryStr .= " AND email=".$db->qstr($email);
 			break;
 		case 'email':
-			$queryStr = "SELECT * FROM tblUsers WHERE email = ".$this->db->qstr($email);
+			$queryStr = "SELECT * FROM tblUsers WHERE email = ".$db->qstr($id);
 			break;
 		default:
 			$queryStr = "SELECT * FROM tblUsers WHERE id = " . (int) $id;