put backticks around identifiers in sql statements

This commit is contained in:
Uwe Steinmann 2017-02-13 12:37:26 +01:00
parent 7d82b73208
commit f6aded2428
6 changed files with 44 additions and 44 deletions

View File

@ -2003,11 +2003,11 @@ class SeedDMS_Core_DMS {
return false;
}
$queryStr = "INSERT INTO tblRoles (name, role) VALUES (".$this->db->qstr($name).", ".$role.")";
$queryStr = "INSERT INTO `tblRoles` (`name`, `role`) VALUES (".$this->db->qstr($name).", ".$role.")";
if (!$this->db->getResult($queryStr))
return false;
return $this->getRole($this->db->getInsertID());
return $this->getRole($this->db->getInsertID('tblRoles'));
} /* }}} */
/**
@ -2056,11 +2056,11 @@ class SeedDMS_Core_DMS {
return false;
}
$queryStr = "INSERT INTO tblTransmittals (name, comment, userID) VALUES (".$this->db->qstr($name).", ".$this->db->qstr($comment).", ".$user->getID().")";
$queryStr = "INSERT INTO `tblTransmittals` (`name`, `comment`, `userID`) VALUES (".$this->db->qstr($name).", ".$this->db->qstr($comment).", ".$user->getID().")";
if (!$this->db->getResult($queryStr))
return false;
return $this->getTransmittal($this->db->getInsertID());
return $this->getTransmittal($this->db->getInsertID('tblTransmittals'));
} /* }}} */
function getKeywordCategory($id) { /* {{{ */

View File

@ -758,7 +758,7 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
function isCheckedOut() { /* {{{ */
$db = $this->_dms->getDB();
$queryStr = "SELECT * FROM tblDocumentCheckOuts WHERE document = " . (int) $this->_id;
$queryStr = "SELECT * FROM `tblDocumentCheckOuts` WHERE `document` = " . (int) $this->_id;
$resArr = $db->getResultArray($queryStr);
if ((is_bool($resArr) && $resArr==false) || (count($resArr)==0)) {
// Could not find a check out for the selected document.
@ -778,7 +778,7 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
function getCheckOutInfo() { /* {{{ */
$db = $this->_dms->getDB();
$queryStr = "SELECT * FROM tblDocumentCheckOuts WHERE document = " . (int) $this->_id;
$queryStr = "SELECT * FROM `tblDocumentCheckOuts` WHERE `document` = " . (int) $this->_id;
$resArr = $db->getResultArray($queryStr);
if ((is_bool($resArr) && $resArr==false) || (count($resArr)==0)) {
// Could not find a check out for the selected document.
@ -823,7 +823,7 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
$filename = preg_replace('/[^A-Za-z0-9_-]/', '_', $this->getName()).'.'.$oext;
}
$filename = $checkoutdir.$this->getID().'-'.$lc->getVersion().'-'.$filename; //$lc->getOriginalFileName();
$queryStr = "INSERT INTO tblDocumentCheckOuts (document, version, userID, date, filename) VALUES (".$this->_id.", ".$lc->getVersion().", ".$user->getID().", ".$db->getCurrentDatetime().", ".$db->qstr($filename).")";
$queryStr = "INSERT INTO `tblDocumentCheckOuts` (`document`, `version`, `userID`, `date`, `filename`) VALUES (".$this->_id.", ".$lc->getVersion().", ".$user->getID().", ".$db->getCurrentDatetime().", ".$db->qstr($filename).")";
if (!$db->getResult($queryStr))
return false;
@ -871,7 +871,7 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
/* If file doesn't exist anymore, then just remove the record from the db */
if(!file_exists($info['filename'])) {
$queryStr = "DELETE FROM tblDocumentCheckOuts WHERE document = ".$this->_id;
$queryStr = "DELETE FROM `tblDocumentCheckOuts` WHERE `document` = ".$this->_id;
$db->getResult($queryStr);
return true;
}
@ -894,7 +894,7 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
if(!$this->_dms->forceRename) {
SeedDMS_Core_File::removeFile($info['filename']);
}
$queryStr = "DELETE FROM tblDocumentCheckOuts WHERE document = ".$this->_id;
$queryStr = "DELETE FROM `tblDocumentCheckOuts` WHERE `document` = ".$this->_id;
$db->getResult($queryStr);
return $content;
} else {
@ -902,7 +902,7 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
}
} else {
SeedDMS_Core_File::removeFile($info['filename']);
$queryStr = "DELETE FROM tblDocumentCheckOuts WHERE document = ".$this->_id;
$queryStr = "DELETE FROM `tblDocumentCheckOuts` WHERE `document` = ".$this->_id;
$db->getResult($queryStr);
return true;
}
@ -924,7 +924,7 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
if($info) {
SeedDMS_Core_File::removeFile($info['filename']);
$queryStr = "DELETE FROM tblDocumentCheckOuts WHERE document = ".$this->_id;
$queryStr = "DELETE FROM `tblDocumentCheckOuts` WHERE `document` = ".$this->_id;
$db->getResult($queryStr);
}
@ -1864,7 +1864,7 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
function getLatestContent() { /* {{{ */
if (!$this->_latestContent) {
$db = $this->_dms->getDB();
$queryStr = "SELECT * FROM tblDocumentContent WHERE document = ".$this->_id." ORDER BY version DESC";
$queryStr = "SELECT * FROM `tblDocumentContent` WHERE `document` = ".$this->_id." ORDER BY `version` DESC";
$resArr = $db->getResultArray($queryStr);
if (is_bool($resArr) && !$res)
return false;
@ -2001,7 +2001,7 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
* This implmentation is different from the above for removing approvals
* and reviews. It doesn't use getReceiptStatus() but reads the database
*/
$queryStr = "SELECT * FROM tblDocumentRecipients WHERE documentID = '". $this->getID() ."' AND `version` = '" . $version->_version."'";
$queryStr = "SELECT * FROM `tblDocumentRecipients` WHERE `documentID` = '". $this->getID() ."' AND `version` = '" . $version->_version."'";
$resArr = $db->getResultArray($queryStr);
if ((is_bool($resArr) && !$resArr)) {
$db->rollbackTransaction();
@ -2030,7 +2030,7 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
* This implmentation is different from the above for removing approvals
* and reviews. It doesn't use getRevisionStatus() but reads the database
*/
$queryStr = "SELECT * FROM tblDocumentRevisors WHERE documentID = '". $this->getID() ."' AND `version` = '" . $version->_version."'";
$queryStr = "SELECT * FROM `tblDocumentRevisors` WHERE `documentID` = '". $this->getID() ."' AND `version` = '" . $version->_version."'";
$resArr = $db->getResultArray($queryStr);
if ((is_bool($resArr) && !$resArr)) {
$db->rollbackTransaction();
@ -2810,11 +2810,11 @@ class SeedDMS_Core_DocumentContent extends SeedDMS_Core_Object { /* {{{ */
$db = $this->_document->_dms->getDB();
if(!$date)
$queryStr = "UPDATE tblDocumentContent SET revisiondate = null WHERE `document` = " . $this->_document->getID() . " AND `version` = " . $this->_version;
$queryStr = "UPDATE `tblDocumentContent` SET `revisiondate` = null WHERE `document` = " . $this->_document->getID() . " AND `version` = " . $this->_version;
elseif($date == 'now')
$queryStr = "UPDATE tblDocumentContent SET revisiondate = ".$db->getCurrentDatetime()." WHERE `document` = " . $this->_document->getID() . " AND `version` = " . $this->_version;
$queryStr = "UPDATE `tblDocumentContent` SET `revisiondate` = ".$db->getCurrentDatetime()." WHERE `document` = " . $this->_document->getID() . " AND `version` = " . $this->_version;
else
$queryStr = "UPDATE tblDocumentContent SET revisiondate = ".$db->qstr($date)." WHERE `document` = " . $this->_document->getID() . " AND `version` = " . $this->_version;
$queryStr = "UPDATE `tblDocumentContent` SET `revisiondate` = ".$db->qstr($date)." WHERE `document` = " . $this->_document->getID() . " AND `version` = " . $this->_version;
if (!$db->getResult($queryStr))
return false;
@ -3264,7 +3264,7 @@ class SeedDMS_Core_DocumentContent extends SeedDMS_Core_Object { /* {{{ */
if (1 || !isset($this->_reviewStatus)) {
/* First get a list of all reviews for this document content */
$queryStr=
"SELECT reviewID FROM tblDocumentReviewers WHERE `version`='".$this->_version
"SELECT `reviewID` FROM `tblDocumentReviewers` WHERE `version`='".$this->_version
."' AND `documentID` = '". $this->_document->getID() ."' ";
$recs = $db->getResultArray($queryStr);
if (is_bool($recs) && !$recs)
@ -3520,7 +3520,7 @@ class SeedDMS_Core_DocumentContent extends SeedDMS_Core_Object { /* {{{ */
if (1 || !isset($this->_receiptStatus)) {
/* First get a list of all receipts for this document content */
$queryStr=
"SELECT receiptID FROM tblDocumentRecipients WHERE `version`='".$this->_version
"SELECT `receiptID` FROM `tblDocumentRecipients` WHERE `version`='".$this->_version
."' AND `documentID` = '". $this->_document->getID() ."' ";
$recs = $db->getResultArray($queryStr);
if (is_bool($recs) && !$recs)
@ -3572,7 +3572,7 @@ class SeedDMS_Core_DocumentContent extends SeedDMS_Core_Object { /* {{{ */
if (1 || !isset($this->_revisionStatus)) {
/* First get a list of all revisions for this document content */
$queryStr=
"SELECT revisionID FROM tblDocumentRevisors WHERE `version`='".$this->_version
"SELECT `revisionID` FROM `tblDocumentRevisors` WHERE `version`='".$this->_version
."' AND `documentID` = '". $this->_document->getID() ."' ";
$recs = $db->getResultArray($queryStr);
if (is_bool($recs) && !$recs)
@ -4681,7 +4681,7 @@ class SeedDMS_Core_DocumentContent extends SeedDMS_Core_Object { /* {{{ */
* user/group from the list of revisors. The first case should not happen.
*/
if(count($revisionStatus[$field]) == 0) {
$queryStr = "DELETE from tblDocumentRevisors WHERE `documentID` = ". $this->_document->getID() ." AND `version` = ".$this->_version." AND `type` = ". $type ." AND `required` = ".$object->getID();
$queryStr = "DELETE from `tblDocumentRevisors` WHERE `documentID` = ". $this->_document->getID() ." AND `version` = ".$this->_version." AND `type` = ". $type ." AND `required` = ".$object->getID();
echo $queryStr;
if (!$db->getResult($queryStr)) {
return -1;

View File

@ -175,7 +175,7 @@ class SeedDMS_Core_Group { /* {{{ */
$queryStr = "SELECT `tblUsers`.* FROM `tblUsers` ".
"LEFT JOIN `tblGroupMembers` ON `tblGroupMembers`.`userID`=`tblUsers`.`id` ".
"WHERE `tblGroupMembers`.`groupID` = '". $this->_id ."' AND tblGroupMembers.manager = 1";
"WHERE `tblGroupMembers`.`groupID` = '". $this->_id ."' AND `tblGroupMembers`.`manager` = 1";
$resArr = $db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false)
return false;

View File

@ -171,7 +171,7 @@ class SeedDMS_Core_Transmittal {
function setName($newName) { /* {{{ */
$db = $this->_dms->getDB();
$queryStr = "UPDATE tblTransmittals SET name =".$db->qstr($newName)." WHERE id = " . $this->_id;
$queryStr = "UPDATE `tblTransmittals` SET `name` =".$db->qstr($newName)." WHERE `id` = " . $this->_id;
$res = $db->getResult($queryStr);
if (!$res)
return false;
@ -185,7 +185,7 @@ class SeedDMS_Core_Transmittal {
function setComment($newComment) { /* {{{ */
$db = $this->_dms->getDB();
$queryStr = "UPDATE tblTransmittals SET comment =".$db->qstr($newComment)." WHERE id = " . $this->_id;
$queryStr = "UPDATE `tblTransmittals` SET `comment` =".$db->qstr($newComment)." WHERE `id` = " . $this->_id;
$res = $db->getResult($queryStr);
if (!$res)
return false;
@ -263,7 +263,7 @@ class SeedDMS_Core_Transmittal {
function remove() { /* {{{ */
$db = $this->_dms->getDB();
$queryStr = "DELETE FROM tblTransmittals WHERE id = " . $this->_id;
$queryStr = "DELETE FROM `tblTransmittals` WHERE `id` = " . $this->_id;
if (!$db->getResult($queryStr)) {
return false;
}
@ -326,7 +326,7 @@ class SeedDMS_Core_TransmittalItem {
$db = $dms->getDB();
$queryStr = "SELECT * FROM tblTransmittalItems WHERE id = " . (int) $id;
$queryStr = "SELECT * FROM `tblTransmittalItems` WHERE `id` = " . (int) $id;
$resArr = $db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false)
return false;
@ -360,7 +360,7 @@ class SeedDMS_Core_TransmittalItem {
$db = $this->_dms->getDB();
$transmittal = $this->_transmittal;
$queryStr = "DELETE FROM tblTransmittalItems WHERE id = " . $this->_id;
$queryStr = "DELETE FROM `tblTransmittalItems` WHERE `id` = " . $this->_id;
if (!$db->getResult($queryStr)) {
return false;
}
@ -386,7 +386,7 @@ class SeedDMS_Core_TransmittalItem {
$document = $this->_content->getDocument();
$latestcontent = $document->getLatestContent();
if($latestcontent->getVersion() != $this->_content->getVersion()) {
$queryStr = "UPDATE tblTransmittalItems set version = ".$latestcontent->getVersion()." WHERE id = " . $this->_id;
$queryStr = "UPDATE `tblTransmittalItems` set `version` = ".$latestcontent->getVersion()." WHERE `id` = " . $this->_id;
if (!$db->getResult($queryStr)) {
return false;
}

View File

@ -108,9 +108,9 @@ class SeedDMS_Core_Role { /* {{{ */
$db = $dms->getDB();
if($orderby == 'ame')
$queryStr = "SELECT * FROM tblRoles ORDER BY name";
$queryStr = "SELECT * FROM `tblRoles` ORDER BY `name`";
else
$queryStr = "SELECT * FROM tblRoles ORDER BY id";
$queryStr = "SELECT * FROM `tblRoles` ORDER BY `id`";
$resArr = $db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false)
@ -138,7 +138,7 @@ class SeedDMS_Core_Role { /* {{{ */
function setName($newName) { /* {{{ */
$db = $this->_dms->getDB();
$queryStr = "UPDATE tblRoles SET name =".$db->qstr($newName)." WHERE id = " . $this->_id;
$queryStr = "UPDATE `tblRoles` SET `name` =".$db->qstr($newName)." WHERE `id` = " . $this->_id;
$res = $db->getResult($queryStr);
if (!$res)
return false;
@ -156,7 +156,7 @@ class SeedDMS_Core_Role { /* {{{ */
function setRole($newrole) { /* {{{ */
$db = $this->_dms->getDB();
$queryStr = "UPDATE tblRoles SET role = " . $newrole . " WHERE id = " . $this->_id;
$queryStr = "UPDATE `tblRoles` SET `role` = " . $newrole . " WHERE `id` = " . $this->_id;
if (!$db->getResult($queryStr))
return false;
@ -169,7 +169,7 @@ class SeedDMS_Core_Role { /* {{{ */
function setNoAccess($noaccess) { /* {{{ */
$db = $this->_dms->getDB();
$queryStr = "UPDATE tblRoles SET noaccess = " . $db->qstr($noaccess ? implode(',',$noaccess) : '') . " WHERE id = " . $this->_id;
$queryStr = "UPDATE `tblRoles` SET `noaccess` = " . $db->qstr($noaccess ? implode(',',$noaccess) : '') . " WHERE `id` = " . $this->_id;
if (!$db->getResult($queryStr))
return false;
@ -185,7 +185,7 @@ class SeedDMS_Core_Role { /* {{{ */
function remove($user) { /* {{{ */
$db = $this->_dms->getDB();
$queryStr = "DELETE FROM tblRoles WHERE id = " . $this->_id;
$queryStr = "DELETE FROM `tblRoles` WHERE `id` = " . $this->_id;
if (!$db->getResult($queryStr)) {
return false;
}
@ -196,7 +196,7 @@ class SeedDMS_Core_Role { /* {{{ */
function isUsed() { /* {{{ */
$db = $this->_dms->getDB();
$queryStr = "SELECT * FROM tblUsers WHERE role=".$this->_id;
$queryStr = "SELECT * FROM `tblUsers` WHERE `role`=".$this->_id;
$resArr = $db->getResultArray($queryStr);
if (is_array($resArr) && count($resArr) == 0)
return false;
@ -207,7 +207,7 @@ class SeedDMS_Core_Role { /* {{{ */
$db = $this->_dms->getDB();
if (!isset($this->_users)) {
$queryStr = "SELECT * FROM tblUsers WHERE role=".$this->_id;
$queryStr = "SELECT * FROM `tblUsers` WHERE `role`=".$this->_id;
$resArr = $db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false)
return false;
@ -514,7 +514,7 @@ class SeedDMS_Core_User { /* {{{ */
function setSecret($newSecret) { /* {{{ */
$db = $this->_dms->getDB();
$queryStr = "UPDATE tblUsers SET secret =".$db->qstr($newSecret)." WHERE id = " . $this->_id;
$queryStr = "UPDATE `tblUsers` SET `secret` =".$db->qstr($newSecret)." WHERE `id` = " . $this->_id;
$res = $db->getResult($queryStr);
if (!$res)
return false;
@ -1907,12 +1907,12 @@ class SeedDMS_Core_User { /* {{{ */
if(get_class($substitute) != $this->_dms->getClassname('user'))
return false;
$queryStr = "SELECT * FROM tblUserSubstitutes WHERE user=" . $this->_id . " AND substitute=".$substitute->getID();
$queryStr = "SELECT * FROM `tblUserSubstitutes` WHERE `user`=" . $this->_id . " AND `substitute`=".$substitute->getID();
$resArr = $db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false) return false;
if (count($resArr) == 1) return true;
$queryStr = "INSERT INTO tblUserSubstitutes (user, substitute) VALUES (" . $this->_id . ", ".$substitute->getID().")";
$queryStr = "INSERT INTO `tblUserSubstitutes` (`user`, `substitute`) VALUES (" . $this->_id . ", ".$substitute->getID().")";
if (!$db->getResult($queryStr))
return false;
@ -1931,12 +1931,12 @@ class SeedDMS_Core_User { /* {{{ */
if(get_class($substitute) != $this->_dms->getClassname('user'))
return false;
$queryStr = "SELECT * FROM tblUserSubstitutes WHERE user=" . $this->_id . " AND substitute=".$substitute->getID();
$queryStr = "SELECT * FROM `tblUserSubstitutes` WHERE `user`=" . $this->_id . " AND `substitute`=".$substitute->getID();
$resArr = $db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false) return false;
if (count($resArr) == 0) return true;
$queryStr = "DELETE FROM tblUserSubstitutes WHERE user=" . $this->_id . " AND substitute=".$substitute->getID();
$queryStr = "DELETE FROM `tblUserSubstitutes` WHERE `user`=" . $this->_id . " AND `substitute`=".$substitute->getID();
if (!$db->getResult($queryStr))
return false;
@ -1955,7 +1955,7 @@ class SeedDMS_Core_User { /* {{{ */
if(get_class($substitute) != $this->_dms->getClassname('user'))
return false;
$queryStr = "SELECT * FROM tblUserSubstitutes WHERE user=" . $this->_id . " AND substitute=".$substitute->getID();
$queryStr = "SELECT * FROM `tblUserSubstitutes` WHERE `user`=" . $this->_id . " AND `substitute`=".$substitute->getID();
$resArr = $db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false) return false;
if (count($resArr) == 1) return true;
@ -1983,7 +1983,7 @@ class SeedDMS_Core_User { /* {{{ */
if(!$this->isAdmin() && $touser->isAdmin())
return false;
$queryStr = "SELECT * FROM tblUserSubstitutes WHERE substitute=" . $this->_id . " AND user=".$touser->getID();
$queryStr = "SELECT * FROM `tblUserSubstitutes` WHERE `substitute`=" . $this->_id . " AND `user`=".$touser->getID();
$resArr = $db->getResultArray($queryStr);
if (is_bool($resArr) && $resArr == false) return false;
if (count($resArr) == 1) return true;

View File

@ -111,7 +111,7 @@ class SeedDMS_Core_Workflow { /* {{{ */
function setLayoutData($newdata) { /* {{{ */
$db = $this->_dms->getDB();
$queryStr = "UPDATE tblWorkflows SET layoutdata = ".$db->qstr($newdata)." WHERE id = " . $this->_id;
$queryStr = "UPDATE `tblWorkflows` SET `layoutdata` = ".$db->qstr($newdata)." WHERE `id` = " . $this->_id;
$res = $db->getResult($queryStr);
if (!$res)
return false;