diff --git a/admin/adminAppDataQueue.php b/admin/adminAppDataQueue.php index b933925..ada8db2 100644 --- a/admin/adminAppDataQueue.php +++ b/admin/adminAppDataQueue.php @@ -168,10 +168,12 @@ if (!$aClean['id']) $oScreenshot->unQueue(); } elseif ($obj_row->type == "url") - { // FIXME: use Link class - $query = "INSERT INTO appData VALUES (null, ".$obj_row->versionId.", 'url', ". - "'".$aClean['description']."', '".$obj_row->url."')"; - if (query_appdb($sQuery)) + { + $hResult = query_parameters("INSERT INTO appData (id, appId, versionId, type, ". + "description, url) VALUES (?, '?', '?', '?', '?', '?')", + "null", $obj_row->appId, $obj_row->versionId, + "url", $aClean['description'], $obj_row->url); + if($hResult) { $statusMessage = "

The application data was successfully added into the database

\n"; diff --git a/admin/editBundle.php b/admin/editBundle.php index 7a7895d..5806d10 100644 --- a/admin/editBundle.php +++ b/admin/editBundle.php @@ -33,7 +33,10 @@ if($_REQUEST['cmd']) } if($_REQUEST['cmd'] == "add") { - $hResult = query_appdb("INSERT INTO appBundle VALUES (".$_REQUEST['bundleId'].", ".$_REQUEST['appId'].")"); + $hResult = query_parameters("INSERT INTO appBundle (bundleId, appId) VALUES". + "('?', '?')", + $_REQUEST['bundleId'], + $_REQUEST['appId']); if($hResult) addmsg("App $appId added to Bundle".$_REQUEST['bundleId'], "green"); } diff --git a/include/appdb.php b/include/appdb.php index ec689db..57371ad 100644 --- a/include/appdb.php +++ b/include/appdb.php @@ -11,7 +11,9 @@ function log_category_visit($catId) query_appdb("UPDATE catHitStats SET count = count + 1 WHERE catHitId = $stats->catHitId"); } else { - query_appdb("INSERT INTO catHitStats VALUES(null, null, '$REMOTE_ADDR', $catId, 1)"); + query_parameters("INSERT INTO catHitStats (appHitId, time, ip, catId, count) ". + "VALUES (?, ?, '?', '?', '?')", + "null", "null", $REMOTE_ADDR, $catId, "1"); } } @@ -26,7 +28,9 @@ function log_application_visit($appId) query_appdb("UPDATE appHitStats SET count = count + 1 WHERE appHitId = $stats->appHitId"); } else { - query_appdb("INSERT INTO appHitStats VALUES(null, null, '$REMOTE_ADDR', $appId, 1)"); + query_parameters("INSERT INTO appHitStats (appHitId, time, ip, appId, count) ". + "VALUES (?, ?, '?', '?', '?')", + "null", "null", $REMOTE_ADDR, $appId, "1"); } } diff --git a/include/application.php b/include/application.php index 6900d76..ff66bca 100644 --- a/include/application.php +++ b/include/application.php @@ -111,18 +111,13 @@ class Application { else $this->sQueued = 'false'; - $aInsert = compile_insert_string(array( 'appName' => $this->sName, - 'description'=> $this->sDescription, - 'keywords' => $this->sKeywords, - 'webPage' => $this->sWebpage, - 'vendorId' => $this->iVendorId, - 'catId' => $this->iCatId, - 'submitterId'=> $_SESSION['current']->iUserId, - 'queued' => $this->sQueued)); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO appFamily $sFields VALUES $sValues", "Error while creating a new application.")) + $hResult = query_parameters("INSERT INTO appFamily (appName, description, keywords, ". + "webPage, vendorId, catId, submitterId, queued) VALUES (". + "'?', '?', '?', '?', '?', '?', '?', '?')", + $this->sName, $this->sDescription, $this->sKeywords, + $this->sWebpage, $this->iVendorId, $this->iCatId, + $_SESSION['current']->iUserId, $this->sQueued); + if($hResult) { $this->iAppId = mysql_insert_id(); $this->application($this->iAppId); @@ -130,6 +125,7 @@ class Application { return true; } else { + addmsg("Error while creating a new application.", "red"); return false; } } diff --git a/include/bugs.php b/include/bugs.php index 7c2ae73..002a762 100644 --- a/include/bugs.php +++ b/include/bugs.php @@ -113,13 +113,11 @@ class Bug { /* passed the checks so lets insert the puppy! */ - $aInsert = compile_insert_string(array( 'versionId' => $iVersionId, - 'bug_id' => $iBug_id, - 'queued' => $this->bQueued?"true":"false", - 'submitterId' => $_SESSION['current']->iUserId )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - if(query_appdb("INSERT INTO buglinks $sFields VALUES $sValues", "Error while creating a new Bug link.")) + $hResult = query_parameters("INSERT INTO buglinks (versionId, bug_id, queued, submitterId) ". + "VALUES('?', '?', '?', '?')", + $iVersionId, $iBug_id, $this->bQueued?"true":"false", + $_SESSION['current']->iUserId); + if($hResult) { /* The following should work but it does not! */ $this->iLinkId = mysql_insert_id(); @@ -141,6 +139,7 @@ class Bug { return true; }else { + addmsg("Error while creating a new Bug link.", "red"); return false; } } diff --git a/include/category.php b/include/category.php index f728edb..327f8a3 100644 --- a/include/category.php +++ b/include/category.php @@ -76,20 +76,20 @@ class Category { */ function create($sName=null, $sDescription=null, $iParentId=null) { - $aInsert = compile_insert_string(array( 'catName'=> $sName, - 'catDescription' => $sDescription, - 'catParent' => $iParentId )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO appCategory $sFields VALUES $sValues", "Error while creating a new vendor.")) + $hResult = query_parameters("INSERT INTO appCategory (catName, catDescription, catParent) ". + "VALUES('?', '?', '?')", + $sName, $sDescription, $iParentId); + if($hResult) { $this->iCatId = mysql_insert_id(); $this->category($this->iCatId); return true; } else + { + addmsg("Error while creating a new vendor.", "red"); return false; + } } diff --git a/include/comment.php b/include/comment.php index e4fc4c2..802e32d 100644 --- a/include/comment.php +++ b/include/comment.php @@ -53,15 +53,12 @@ class Comment { */ function create($sSubject, $sBody, $iParentId=null, $iVersionId) { - $aInsert = compile_insert_string(array( 'parentId' => $iParentId, - 'versionId' => $iVersionId, - 'subject' => $sSubject, - 'body' => $sBody )); + $hResult = query_parameters("INSERT INTO appComments (parentId, versionId, subject, ". + "body, userId, time, hostname) VALUES ('?', '?', '?', '?', '?', ?, '?')", + $iParentId, $iVersionId, $sSubject, $sBody, $_SESSION['current']->iUserId, + "NOW()", get_remote()); - $sFields = "({$aInsert['FIELDS']}, `userId`, `time`, `hostname`)"; - $sValues = "({$aInsert['VALUES']}, ".$_SESSION['current']->iUserId.", NOW(), '".get_remote()."')"; - - if(query_appdb("INSERT INTO appComments $sFields VALUES $sValues", "Error while creating a new comment.")) + if($hResult) { $this->comment(mysql_insert_id()); $sEmail = get_notify_email_address_list($this->iAppId, $this->iVersionId); @@ -101,7 +98,10 @@ class Comment { return true; } else + { + addmsg("Error while creating a new comment", "red"); return false; + } } diff --git a/include/db.php b/include/db.php index 4de3d2d..a3c2997 100644 --- a/include/db.php +++ b/include/db.php @@ -18,6 +18,68 @@ function query_appdb($sQuery,$sComment="") return $hResult; } +/* + * Wildcard Rules + * SCALAR (?) => 'original string quoted' + * OPAQUE (&) => 'string from file quoted' + * MISC (~) => original string (left 'as-is') + * + * NOTE: These rules convienently match those for Pear DB + * + * MySQL Prepare Function + * By: Kage (Alex) + * KageKonjou@GMail.com + * http://us3.php.net/manual/en/function.mysql-query.php#53400 + * + * Modified by CMM 20060622 + * + * Values are mysql_real_escape_string()'d to prevent against injection attacks + * See http://php.net/mysql_real_escape_string for more information about why this is the case + * + */ +function query_parameters() +{ + global $hAppdbLink; + + if(!is_resource($hAppdbLink)) + { + // The last argument makes sure we are really opening a new connection + $hAppdbLink = mysql_connect(APPS_DBHOST, APPS_DBUSER, APPS_DBPASS,true); + mysql_select_db(APPS_DB, $hAppdbLink); + } + + $data = func_get_args(); + $query = $data[0]; + $tokens = split("[\&\?\~]", $query); + $preparedquery = $tokens[0]; + $count = strlen($tokens[0]); + + for ($i=1; $i < count($tokens); $i++) + { + $char = substr($query, $count, 1); + $count += (strlen($tokens[$i])+1); + if ($char == "&") + { + $fp = @fopen($data[$i], 'r'); + $pdata = ""; + if ($fp) + { + while (($buf = fread($fp, 4096)) != false) + { + $pdata .= $buf; + } + fclose($fp); + } + } else + { + $pdata = &$data[$i]; + } + $preparedquery .= ($char != "~" ? mysql_real_escape_string($pdata) : $pdata); + $preparedquery .= $tokens[$i]; + } + + return query_appdb($preparedquery); +} function query_bugzilladb($sQuery,$sComment="") { @@ -46,31 +108,6 @@ function query_error($sQuery, $sComment="") addmsg($sStatusMessage, "red"); } -/** -* Expects an array in this form: -* $aFoo['field'] = 'value'; -* -* Returns an array ready to be put in a query like this -* $sQuery = "INSERT INTO `foo` {$aReturn['FIELDS']} VALUES {$aReturn['VALUES']}"; -* -* Values are addslashes()'d. -*/ - -function compile_insert_string($aData) -{ - foreach ($aData as $k => $v) - { - $field_names .= "`$k`,"; - $field_values .= "'".addslashes($v)."',"; - } - - // Get rid of the end , - $field_names = preg_replace( "/,$/" , "" , $field_names ); - $field_values = preg_replace( "/,$/" , "" , $field_values ); - - return array('FIELDS' => $field_names, 'VALUES' => $field_values); -} - /** * Expects an array in this form: * $aFoo['field'] = 'value'; diff --git a/include/distributions.php b/include/distributions.php index 13cef4b..cb4fdc7 100644 --- a/include/distributions.php +++ b/include/distributions.php @@ -96,14 +96,11 @@ class distribution{ else $this->sQueued = 'false'; - $aInsert = compile_insert_string(array( 'name' => $this->sName, - 'url' => $this->sUrl, - 'submitterId' => $_SESSION['current']->iUserId, - 'queued' => $this->sQueued )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO distributions $sFields VALUES $sValues", "Error while creating Distribution.")) + $hResult = query_parameters("INSERT INTO distributions (name, url, submitterId, queued) ". + "VALUES ('?', '?', '?', '?')", + $this->sName, $this->sUrl, $_SESSION['current']->iUserId, + $this->sQueued); + if($hResult) { $this->iDistributionId = mysql_insert_id(); $this->distribution($this->iDistributionId); @@ -111,7 +108,10 @@ class distribution{ return true; } else + { + addmsg("Error while creating Distribution.", "red"); return false; + } } // Update Distribution. diff --git a/include/monitor.php b/include/monitor.php index a1ffa44..2cc2e9c 100644 --- a/include/monitor.php +++ b/include/monitor.php @@ -61,21 +61,21 @@ class Monitor { */ function create($iUserId, $iAppId=0, $iVersionId=0) { - $aInsert = compile_insert_string(array( 'versionId' => $iVersionId, - 'appId' => $iAppId, - 'userId' => $iUserId )); + $hResult = query_parameters("INSERT INTO appMonitors (versionId, appId, userId) ". + "VALUES ('?', '?', '?')", + $iVersionId, $iAppId, $iUserId); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - if(query_appdb("INSERT INTO appMonitors $sFields VALUES $sValues", "Error while creating a new Monitor.")) + if($hResult) { $this->Monitor(mysql_insert_id()); $sWhatChanged = "New monitor\n\n"; $this->SendNotificationMail("add", $sWhatChanged); return true; - } - else + } else + { + addmsg("Error while creating a new Monitor.", "red"); return false; + } } diff --git a/include/note.php b/include/note.php index 3485e9e..d1b867b 100644 --- a/include/note.php +++ b/include/note.php @@ -49,14 +49,11 @@ class Note { */ function create($sTitle, $sDescription, $iVersionId) { - $aInsert = compile_insert_string(array( 'versionId' => $iVersionId, - 'noteTitle' => $sTitle, - 'noteDesc' => $sDescription )); + $hResult = query_parameters("INSERT INTO appNotes (versionId, noteTitle, noteDesc) ". + "VALUES('?', '?', '?')", + $iVersionId, $sTitle, $sDescription); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO appNotes $sFields VALUES $sValues", "Error while creating a new note.")) + if($hResult) { $this->note(mysql_insert_id()); $sWhatChanged = "Description is:\n".$sDescription.".\n\n"; @@ -64,7 +61,10 @@ class Note { return true; } else + { + addmsg("Error while creating a new note.", "red"); return false; + } } diff --git a/include/screenshot.php b/include/screenshot.php index 9322078..6f4c998 100644 --- a/include/screenshot.php +++ b/include/screenshot.php @@ -70,15 +70,11 @@ class Screenshot { $this->bQueued = false; } - $aInsert = compile_insert_string(array( 'versionId' => $iVersionId, - 'type' => "image", - 'description' => $sDescription, - 'queued' => $this->bQueued?"true":"false", - 'submitterId' => $_SESSION['current']->iUserId )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO appData $sFields VALUES $sValues", "Error while creating a new screenshot.")) + $hResult = query_parameters("INSERT INTO appData (versionId, type, description, queued, submitterId) ". + "VALUES('?', '?', '?', '?', '?')", + $iVersionId, "image", $sDescription, $this->bQueued?"true":"false", + $_SESSION['current']->iUserId); + if($hResult) { $this->iScreenshotId = mysql_insert_id(); @@ -120,7 +116,10 @@ class Screenshot { return true; } else + { + addmsg("Error while creating a new screenshot.", "red"); return false; + } } diff --git a/include/testResults.php b/include/testResults.php index 10189d5..4550c8c 100644 --- a/include/testResults.php +++ b/include/testResults.php @@ -69,23 +69,18 @@ class testData{ else $this->sQueued = 'false'; - $aInsert = compile_insert_string(array( 'versionId' => $this->iVersionId, - 'whatWorks' => $this->sWhatWorks, - 'whatDoesnt' => $this->sWhatDoesnt, - 'whatNotTested' => $this->sWhatNotTested, - 'testedDate' => $this->sTestedDate, - 'distributionId' => $this->iDistributionId, - 'testedRelease' => $this->sTestedRelease, - 'installs' => $this->sInstalls, - 'runs' => $this->sRuns, - 'testedRating' => $this->sTestedRating, - 'comments' => $this->sComments, - 'submitterId' => $_SESSION['current']->iUserId, - 'queued' => $this->sQueued )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - if(query_appdb("INSERT INTO testResults $sFields VALUES $sValues", "Error while creating test results.")) + $hResult = query_parameters("INSERT INTO testResults (versionId, whatWorks, whatDoesnt,". + "whatNotTested, testedDate, distributionId, testedRelease,". + "installs, runs, testedRating, comments, submitterId, queued)". + " VALUES('?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?',". + "'?', '?')", + $this->iVersionId, $this->sWhatWorks, $this->sWhatDoesnt, + $this->sWhatNotTested, $this->sTestedDate, $this->iDistributionId, + $this->sTestedRelease, $this->sInstalls, $this->sRuns, + $this->sTestedRating, $this->sComments, $_SESSION['current']->iUserId, + $this->sQueued); + if($hResult) { $this->iTestingId = mysql_insert_id(); $this->testData($this->iTestingId); @@ -93,7 +88,10 @@ class testData{ return true; } else + { + addmsg("Error while creating test results.", "red"); return false; + } } // Update Test Results. diff --git a/include/url.php b/include/url.php index 4b5f4a3..b6530d3 100644 --- a/include/url.php +++ b/include/url.php @@ -62,16 +62,11 @@ class Url { $this->bQueued = true; } - $aInsert = compile_insert_string(array( 'appId' => $iAppId, - 'versionId' => $iVersionId, - 'type' => "url", - 'description' => $sDescription, - 'queued' => $this->bQueued, - 'submitterId' => $_SESSION['current']->iUserId )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO appData $sFields VALUES $sValues", "Error while creating a new url.")) + $hResult = query_parameters("INSERT INTO appData (appId, versionId, type, description,". + "queued, submitterId) VALUES ('?', '?', '?', '?', '?', '?')", + $iAppId, $iVersionId, "url", $sDescription, $this->bQueued, + $_SESSION['current']->iUserId); + if($hResult) { $this->iUrlId = mysql_insert_id(); $this->url($this->iUrlId,$this->bQueued); @@ -79,7 +74,10 @@ class Url { return true; } else + { + addmsg("Error while creating a new url.", "red"); return false; + } } diff --git a/include/user.php b/include/user.php index 9dc084e..7fb5580 100644 --- a/include/user.php +++ b/include/user.php @@ -83,14 +83,11 @@ class User { return false; } else { - $aInsert = compile_insert_string(array( 'realname' => $sRealname, - 'email' => $sEmail, - 'CVSrelease' => $sWineRelease )); + $hResult = query_parameters("INSERT INTO user_list (realname, email, CVSrelease, password, stamp,". + "created) VALUES ('?', '?', '?', password('?'), ?, ?)", + $sRealname, $sEmail, $sWineRelease, $sPassword, "NOW()", "NOW()"); - $sFields = "({$aInsert['FIELDS']}, `password`, `stamp`, `created`)"; - $sValues = "({$aInsert['VALUES']}, password('".$sPassword."'), NOW(), NOW() )"; - - query_appdb("INSERT INTO user_list $sFields VALUES $sValues", "Error while creating a new user."); + if(!$hResult) addMsg("Error while creating a new user.", "red"); $retval = $this->login($sEmail, $sPassword); $this->setPref("comments:mode", "threaded"); /* set the users default comments:mode to threaded */ @@ -183,7 +180,8 @@ class User { return false; $hResult = query_appdb("DELETE FROM user_prefs WHERE userid = ".$this->iUserId." AND name = '$sKey'"); - $hResult = query_appdb("INSERT INTO user_prefs VALUES(".$this->iUserId.", '$sKey', '$sValue')"); + $hResult = query_parameters("INSERT INTO user_prefs (userid, name, value) VALUES". + "('?', '?', '?')", $this->iUserId, $sKey, $sValue); return $hResult; } @@ -278,15 +276,13 @@ class User { if(!$this->isSuperMaintainer($iAppId) && ((!$bSuperMaintainer && !$this->isMaintainer($iVersionId)) | $bSuperMaintainer)) { - // insert the new entry into the maintainers list - $sQuery = "INSERT into appMaintainers VALUES(null,". - "$iAppId,". - "$iVersionId,". - "$this->iUserId,". - "$bSuperMaintainer,". - "NOW());"; - - if (query_appdb($sQuery)) + // insert the new entry into the maintainers list + $hResult = query_parameters("INSERT INTO appMaintainers (maintainerId, appId,". + "versionId, userId, superMaintainer, submitTime) ". + "VALUES (?, '?', '?', '?', '?', ?)", + "null", $iAppId, $iVersionId, $this->iUserId, + $bSuperMaintainer, "NOW()"); + if($hResult) { $statusMessage = "

The maintainer was successfully added into the database

\n"; @@ -400,7 +396,8 @@ class User { if($this->hasPriv($sPriv)) return true; - $hResult = query_appdb("INSERT INTO user_privs VALUES ($this->iUserId, '$sPriv')"); + $hResult = query_parameters("INSERT INTO user_privs (userid, priv) VALUES". + " ('?', '?')", $this->iUserId, $sPriv); return $hResult; } diff --git a/include/util.php b/include/util.php index 0178e2d..2844b6d 100644 --- a/include/util.php +++ b/include/util.php @@ -580,24 +580,20 @@ function process_app_version_changes($isVersion) if($isVersion) { - $aInsert = compile_insert_string( array('versionId' => $_REQUEST['versionId'], - 'type' => 'url', - 'description' => $_REQUEST['url_desc'], - 'url' => $_REQUEST['url'])); + $hResult = query_parameters("INSERT INTO appData (versionId, type, description, url) ". + "VALUES ('?', '?', '?', '?')", + $_REQUEST['versionId'], "url", $_REQUEST['url_desc'], + $_REQUEST['url']); } else { - $aInsert = compile_insert_string( array( 'appId' => $_REQUEST['appId'], - 'type' => 'url', - 'description' => $_REQUEST['url_desc'], - 'url' => $_REQUEST['url'])); + $hResult = query_parameters("INSERT INTO appData (appId, type, description, url) ". + "VALUES ('?', '?', '?', '?')", + $_REQUEST['appId'], "url", $_REQUEST['url_desc'], + $_REQUEST['url']); } - $sQuery = "INSERT INTO appData ({$aInsert['FIELDS']}) VALUES ({$aInsert['VALUES']})"; - - if($_SESSION['current']->showDebuggingInfos()) { echo "

query: $sQuery

"; } - - if (query_appdb($sQuery)) + if ($hResult) { addmsg("The URL was successfully added into the database", "green"); $sWhatChanged .= " Added Url: Description: ".stripslashes($_REQUEST['url_desc'])."\n"; diff --git a/include/vendor.php b/include/vendor.php index 12e92b6..63b8214 100644 --- a/include/vendor.php +++ b/include/vendor.php @@ -56,19 +56,19 @@ class Vendor { */ function create($sName=null, $sWebpage=null) { - $aInsert = compile_insert_string(array( 'vendorName'=> $sName, - 'vendorURL' => $sWebpage )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; - - if(query_appdb("INSERT INTO vendor $sFields VALUES $sValues", "Error while creating a new vendor.")) + $hResult = query_parameters("INSERT INTO vendor (vendorName, vendorURL) ". + "VALUES ('?', '?')", $sName, $sWebpage); + if($hResult) { $this->iVendorId = mysql_insert_id(); $this->vendor($this->iVendorId); return true; } else + { + addmsg("Error while creating a new vendor.", "red"); return false; + } } diff --git a/include/version.php b/include/version.php index 11242ff..30bf6bc 100644 --- a/include/version.php +++ b/include/version.php @@ -182,17 +182,14 @@ class Version { else $this->sQueued = 'false'; - $aInsert = compile_insert_string(array( 'versionName' => $this->sName, - 'description' => $this->sDescription, - 'maintainer_release'=> $this->sTestedRelease, - 'maintainer_rating' => $this->sTestedRating, - 'appId' => $this->iAppId, - 'submitterId' => $_SESSION['current']->iUserId, - 'queued' => $this->sQueued )); - $sFields = "({$aInsert['FIELDS']})"; - $sValues = "({$aInsert['VALUES']})"; + $hResult = query_parameters("INSERT INTO appVersion (versionName, description, maintainer_release,". + "maintainer_rating, appId, submitterId, queued) VALUES ". + "('?', '?', '?', '?', '?', '?', '?')", + $this->sName, $this->sDescription, $this->sTestedRelease, + $this->sTestedRating, $this->iAppId, $_SESSION['current']->iUserId, + $this->sQueued); - if(query_appdb("INSERT INTO appVersion $sFields VALUES $sValues", "Error while creating a new version.")) + if($hResult) { $this->iVersionId = mysql_insert_id(); $this->Version($this->iVersionId); @@ -201,6 +198,7 @@ class Version { } else { + addmsg("Error while creating a new version", "red"); return false; } } diff --git a/include/vote.php b/include/vote.php index 8d0f383..429466f 100644 --- a/include/vote.php +++ b/include/vote.php @@ -66,7 +66,9 @@ function vote_add($appId, $slot, $userId = null) return; vote_remove($slot, $userId); - query_appdb("INSERT INTO appVotes VALUES (null, null, $appId, $userId, $slot)"); + + query_parameters("INSERT INTO appVotes (id, time, appId, userId, slot) + VALUES (?, ?, '?', '?', '?')", "null", "null", $appId, $userId, $slot); } diff --git a/maintainersubmit.php b/maintainersubmit.php index 4b50d11..b2abf1d 100644 --- a/maintainersubmit.php +++ b/maintainersubmit.php @@ -82,15 +82,14 @@ if( $aClean['maintainReason'] ) apidb_header("Submit Maintainer Request"); // add to queue - $query = "INSERT INTO appMaintainerQueue VALUES (null, '". - $aClean['appId']."', '". - $aClean['versionId']."', '". - addslashes($_SESSION['current']->iUserId)."', '". - $aClean['maintainReason']."', '". - $aClean['superMaintainer']."',". - "NOW()".");"; + $hResult = query_parameters("INSERT INTO appMaintainerQueue (queueId, appId, versionId, ". + "userId, maintainReason, superMaintainer, submitTime) ". + "VALUES (?, '?', '?', '?', '?', '?', ?)", + "null", $aClean['appId'], $aClean['versionId'], + $_SESSION['current']->iUserId, $aClean['maintainReason'], + $aClean['superMaintainer'], "NOW()"); - if (query_appdb($query)) + if ($hResult) { echo "

Your maintainer request has been submitted for review. You should hear back\n"; echo "soon about the status of your submission

\n";