Skip to content

Commit

Permalink
Use prepared statement rather than direct SQL
Browse files Browse the repository at this point in the history
  • Loading branch information
@trasher
trasher committed Nov 9, 2021
1 parent 1599b2a commit 8e94064
Show file tree
Hide file tree
Showing 20 changed files with 88 additions and 122 deletions.
10 changes: 5 additions & 5 deletions galette/lib/Galette/Core/Db.php
View file
Expand Up @@ -7,7 +7,7 @@
*
* PHP version 5
*
* Copyright © 2011-2014 The Galette Team
* Copyright © 2011-2021 The Galette Team
*
* This file is part of Galette (http://galette.tuxfamily.org).
*
Expand All @@ -28,7 +28,7 @@
* @package Galette
*
* @author Johan Cwiklinski <johan@x-tnd.be>
* @copyright 2011-2014 The Galette Team
* @copyright 2011-2021 The Galette Team
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
* @link http://galette.tuxfamily.org
* @since Available since 0.7dev - 2011-07-27
Expand Down Expand Up @@ -58,7 +58,7 @@
* @name Db
* @package Galette
* @author Johan Cwiklinski <johan@x-tnd.be>
* @copyright 2011-2014 The Galette Team
* @copyright 2011-2021 The Galette Team
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
* @link http://framework.zend.com/apidoc/2.2/namespaces/Zend.Db.html
* @since Available since 0.7dev - 2011-07-27
Expand Down Expand Up @@ -453,7 +453,7 @@ public function grantCheck($mode = 'i')
//can Galette SELECT records ?
try {
$select = $this->sql->select('galette_test');
$select->where('test_id = 1');
$select->where(['test_id' => 1]);
$res = $this->execute($select);
$pass = $res->count() === 1;

Expand Down Expand Up @@ -673,7 +673,7 @@ private function convertContentToUTF($prefix, $table)

//build where
foreach ($pkeys as $k) {
$where[] = $k . ' = "' . $row->$k . '"';
$where[$k] = $row->$k;
}

//build data
Expand Down
8 changes: 4 additions & 4 deletions galette/lib/Galette/Core/Logo.php
View file
Expand Up @@ -7,7 +7,7 @@
*
* PHP version 5
*
* Copyright © 2009-2014 The Galette Team
* Copyright © 2009-2021 The Galette Team
*
* This file is part of Galette (http://galette.tuxfamily.org).
*
Expand All @@ -28,7 +28,7 @@
* @package Galette
*
* @author Johan Cwiklinski <johan@x-tnd.be>
* @copyright 2009-2014 The Galette Team
* @copyright 2009-2021 The Galette Team
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
* @link http://galette.tuxfamily.org
* @since Available since 0.7dev - 2009-09-13
Expand All @@ -46,7 +46,7 @@
* @name Logo
* @package Galette
* @author Johan Cwiklinski <johan@x-tnd.be>
* @copyright 2009-2014 The Galette Team
* @copyright 2009-2021 The Galette Team
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
* @link http://galette.tuxfamily.org
* @since Available since 0.7dev - 2009-09-13
Expand Down Expand Up @@ -100,7 +100,7 @@ protected function getCheckFileQuery()
'format'
)
);
$select->where(self::PK . ' = ' . $this->db_id);
$select->where([self::PK => $this->db_id]);
return $select;
}

Expand Down
4 changes: 2 additions & 2 deletions galette/lib/Galette/Core/MailingHistory.php
View file
Expand Up @@ -356,7 +356,7 @@ public static function loadFrom(Db $zdb, $id, $mailing, $new = true)
{
try {
$select = $zdb->select(self::TABLE);
$select->where('mailing_id = ' . $id);
$select->where(['mailing_id' => $id]);

$results = $zdb->execute($select);
$result = $results->current();
Expand Down Expand Up @@ -450,7 +450,7 @@ public function update()

$update = $this->zdb->update(self::TABLE);
$update->set($values);
$update->where(self::PK . ' = ' . $this->mailing->history_id);
$update->where([self::PK => $this->mailing->history_id]);
$this->zdb->execute($update);
return true;
} catch (Throwable $e) {
Expand Down
8 changes: 4 additions & 4 deletions galette/lib/Galette/Core/Password.php
View file
Expand Up @@ -8,7 +8,7 @@
*
* PHP version 5
*
* Copyright © 2003-2020 The Galette Team
* Copyright © 2003-2021 The Galette Team
*
* This file is part of Galette (http://galette.tuxfamily.org).
*
Expand All @@ -31,7 +31,7 @@
* @author Frédéric Jacquot <unknown@unknow.com>
* @author Georges Khaznadar (password encryption, images) <unknown@unknow.com>
* @author Johan Cwiklinski <johan@x-tnd.be>
* @copyright 2003-2014 The Galette Team
* @copyright 2003-2021 The Galette Team
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
* @link http://galette.tuxfamily.org
* @since Available since 0.7dev - 2009-02-28
Expand All @@ -52,7 +52,7 @@
* @author Frédéric Jacquot <unknown@unknow.com>
* @author Georges Khaznadar (password encryption, images) <unknown@unknow.com>
* @author Johan Cwiklinski <johan@x-tnd.be>
* @copyright 2009-2020 The Galette Team
* @copyright 2009-2021 The Galette Team
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
* @link http://galette.tuxfamily.org
* @since Available since 0.7dev - 2011-06-16
Expand Down Expand Up @@ -95,7 +95,7 @@ private function removeOldEntries(int $id_adh): bool
{
try {
$delete = $this->zdb->delete(self::TABLE);
$delete->where(self::PK . ' = ' . $id_adh);
$delete->where([self::PK => $id_adh]);

$del = $this->zdb->execute($delete);
if ($del) {
Expand Down
10 changes: 4 additions & 6 deletions galette/lib/Galette/Core/Picture.php
View file
Expand Up @@ -7,7 +7,7 @@
*
* PHP version 5
*
* Copyright © 2006-2014 The Galette Team
* Copyright © 2006-2021 The Galette Team
*
* This file is part of Galette (http://galette.tuxfamily.org).
*
Expand All @@ -29,7 +29,7 @@
*
* @author Frédéric Jacquot <unknown@unknow.com>
* @author Johan Cwiklinski <johan@x-tnd.be>
* @copyright 2006-2014 The Galette Team
* @copyright 2006-2021 The Galette Team
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
* @link http://galette.tuxfamily.org
*/
Expand All @@ -51,7 +51,7 @@
* @package Galette
* @author Frédéric Jacquot <unknown@unknow.com>
* @author Johan Cwiklinski <johan@x-tnd.be>
* @copyright 2006-2014 The Galette Team
* @copyright 2006-2021 The Galette Team
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version
* @link http://galette.tuxfamily.org
*/
Expand Down Expand Up @@ -339,9 +339,7 @@ public function delete($transaction = true)
}

$delete = $zdb->delete($this->tbl_prefix . $class::TABLE);
$delete->where(
$class::PK . ' = ' . $this->db_id
);
$delete->where([$class::PK => $this->db_id]);
$del = $zdb->execute($delete);

if (!$del->count() > 0) {
Expand Down
8 changes: 3 additions & 5 deletions galette/lib/Galette/DynamicFields/DynamicField.php
View file
Expand Up @@ -143,7 +143,7 @@ public static function loadFieldType(Db $zdb, $id)
{
try {
$select = $zdb->select(self::TABLE);
$select->where('field_id = ' . $id);
$select->where(['field_id' => $id]);

$results = $zdb->execute($select);
$result = $results->current();
Expand Down Expand Up @@ -216,7 +216,7 @@ public function load($id)
{
try {
$select = $this->zdb->select(self::TABLE);
$select->where(self::PK . ' = ' . $id);
$select->where([self::PK => $id]);

$results = $this->zdb->execute($select);
$result = $results->current();
Expand Down Expand Up @@ -716,9 +716,7 @@ public function store($values)

if (!$isnew) {
$update = $this->zdb->update(self::TABLE);
$update->set($values)->where(
self::PK . ' = ' . $this->id
);
$update->set($values)->where([self::PK => $this->id]);
$this->zdb->execute($update);
} else {
$values['field_type'] = $this->getType();
Expand Down
26 changes: 12 additions & 14 deletions galette/lib/Galette/Entity/Adherent.php
View file
Expand Up @@ -473,9 +473,7 @@ private function loadChildren()
$select = $this->zdb->select(self::TABLE);
$select->columns(
array($id)
)->where(
'parent_id = ' . $this->_id
);
)->where(['parent_id' => $this->_id]);

$results = $this->zdb->execute($select);

Expand Down Expand Up @@ -847,7 +845,7 @@ public static function getSName($zdb, $id, $wid = false, $wnick = false)
{
try {
$select = $zdb->select(self::TABLE);
$select->where(self::PK . ' = ' . $id);
$select->where([self::PK => $id]);

$results = $zdb->execute($select);
$row = $results->current();
Expand Down Expand Up @@ -925,7 +923,7 @@ public static function updatePassword(Db $zdb, $id_adh, $pass)
$update = $zdb->update(self::TABLE);
$update->set(
array('mdp_adh' => $cpass)
)->where(self::PK . ' = ' . $id_adh);
)->where([self::PK => $id_adh]);
$zdb->execute($update);
Analog::log(
'Password for `' . $id_adh . '` has been updated.',
Expand Down Expand Up @@ -1307,8 +1305,9 @@ public function validate($field, $value, $values)
array(self::PK)
)->where(array('email_adh' => $value));
if (!empty($this->_id)) {
$select->where(
self::PK . ' != ' . $this->_id
$select->where->notEqualTo(
self::PK,
$this->_id
);
}

Expand Down Expand Up @@ -1345,8 +1344,9 @@ public function validate($field, $value, $values)
array(self::PK)
)->where(array('login_adh' => $value));
if (!empty($this->_id)) {
$select->where(
self::PK . ' != ' . $this->_id
$select->where->notEqualTo(
self::PK,
$this->_id
);
}

Expand Down Expand Up @@ -1404,7 +1404,7 @@ public function validate($field, $value, $values)
$this->$prop = (int)$value;
//check if status exists
$select = $this->zdb->select(Status::TABLE);
$select->where(Status::PK . '= ' . $value);
$select->where([Status::PK => $value]);

$results = $this->zdb->execute($select);
$result = $results->current();
Expand Down Expand Up @@ -1577,9 +1577,7 @@ public function store()

$update = $this->zdb->update(self::TABLE);
$update->set($values);
$update->where(
self::PK . '=' . $this->_id
);
$update->where([self::PK => $this->_id]);

$edit = $this->zdb->execute($update);

Expand Down Expand Up @@ -1629,7 +1627,7 @@ private function updateModificationDate()
$update = $this->zdb->update(self::TABLE);
$update->set(
array('date_modif_adh' => $modif_date)
)->where(self::PK . '=' . $this->_id);
)->where([self::PK => $this->_id]);

$edit = $this->zdb->execute($update);
$this->_modification_date = $modif_date;
Expand Down
18 changes: 8 additions & 10 deletions galette/lib/Galette/Entity/Contribution.php
View file
Expand Up @@ -579,7 +579,7 @@ public function checkOverlap()
array('ct' => PREFIX_DB . ContributionsTypes::TABLE),
'c.' . ContributionsTypes::PK . '=ct.' . ContributionsTypes::PK,
array()
)->where(Adherent::PK . ' = ' . $this->_member)
)->where([Adherent::PK => $this->_member])
->where(array('cotis_extension' => new Expression('true')))
->where->nest->nest
->greaterThanOrEqualTo('date_debut_cotis', $this->_begin_date)
Expand All @@ -590,7 +590,7 @@ public function checkOverlap()
->lessThanOrEqualTo('date_fin_cotis', $this->_end_date);

if ($this->id != '') {
$select->where(self::PK . ' != ' . $this->id);
$select->where->notEqualTo(self::PK, $this->id);
}

$results = $this->zdb->execute($select);
Expand Down Expand Up @@ -681,9 +681,7 @@ public function store()
} else {
//we're editing an existing contribution
$update = $this->zdb->update(self::TABLE);
$update->set($values)->where(
self::PK . '=' . $this->_id
);
$update->set($values)->where([self::PK => $this->_id]);
$edit = $this->zdb->execute($update);

//edit == 0 does not mean there were an error, but that there
Expand Down Expand Up @@ -750,7 +748,7 @@ private function updateDeadline()
$update->set(
array('date_echeance' => $date_fin_update)
)->where(
Adherent::PK . '=' . $this->_member
[Adherent::PK => $this->_member]
);
$this->zdb->execute($update);
return true;
Expand Down Expand Up @@ -782,7 +780,7 @@ public function remove($transaction = true)
}

$delete = $this->zdb->delete(self::TABLE);
$delete->where(self::PK . ' = ' . $this->_id);
$delete->where([self::PK => $this->_id]);
$del = $this->zdb->execute($delete);
if ($del->count() > 0) {
$this->updateDeadline();
Expand Down Expand Up @@ -884,7 +882,7 @@ public static function getDueDate(Db $zdb, $member_id)
'c.' . ContributionsTypes::PK . '=ct.' . ContributionsTypes::PK,
array()
)->where(
Adherent::PK . ' = ' . $member_id
[Adherent::PK => $member_id]
)->where(
array('cotis_extension' => new Expression('true'))
);
Expand Down Expand Up @@ -927,7 +925,7 @@ public static function unsetTransactionPart(Db $zdb, Login $login, $trans_id, $c
$update->set(
array(Transaction::PK => null)
)->where(
self::PK . ' = ' . $contrib_id
[self::PK => $contrib_id]
);
$zdb->execute($update);
return true;
Expand Down Expand Up @@ -964,7 +962,7 @@ public static function setTransactionPart(Db $zdb, $trans_id, $contrib_id)
$update = $zdb->update(self::TABLE);
$update->set(
array(Transaction::PK => $trans_id)
)->where(self::PK . ' = ' . $contrib_id);
)->where([self::PK => $contrib_id]);

$zdb->execute($update);
return true;
Expand Down

0 comments on commit 8e94064

Please sign in to comment.