From 8e940641b5ed46c3f471332827df388ea00a85d3 Mon Sep 17 00:00:00 2001 From: Johan Cwiklinski Date: Tue, 9 Nov 2021 18:55:23 +0100 Subject: [PATCH] Use prepared statement rather than direct SQL --- galette/lib/Galette/Core/Db.php | 10 +++--- galette/lib/Galette/Core/Logo.php | 8 ++--- galette/lib/Galette/Core/MailingHistory.php | 4 +-- galette/lib/Galette/Core/Password.php | 8 ++--- galette/lib/Galette/Core/Picture.php | 10 +++--- .../Galette/DynamicFields/DynamicField.php | 8 ++--- galette/lib/Galette/Entity/Adherent.php | 26 +++++++------- galette/lib/Galette/Entity/Contribution.php | 18 +++++----- galette/lib/Galette/Entity/Entitled.php | 10 +++--- galette/lib/Galette/Entity/Group.php | 34 +++++++------------ galette/lib/Galette/Entity/ImportModel.php | 2 +- galette/lib/Galette/Entity/PaymentType.php | 10 ++---- galette/lib/Galette/Entity/PdfModel.php | 4 +-- galette/lib/Galette/Entity/Reminder.php | 2 +- galette/lib/Galette/Entity/SavedSearch.php | 8 ++--- galette/lib/Galette/Entity/Social.php | 4 +-- galette/lib/Galette/Entity/Title.php | 10 ++---- galette/lib/Galette/Entity/Transaction.php | 14 +++----- galette/lib/Galette/Repository/Groups.php | 12 +++---- galette/lib/Galette/Repository/Members.php | 8 ++--- 20 files changed, 88 insertions(+), 122 deletions(-) diff --git a/galette/lib/Galette/Core/Db.php b/galette/lib/Galette/Core/Db.php index ef45d7b750..1fc4d5a76e 100644 --- a/galette/lib/Galette/Core/Db.php +++ b/galette/lib/Galette/Core/Db.php @@ -7,7 +7,7 @@ * * PHP version 5 * - * Copyright © 2011-2014 The Galette Team + * Copyright © 2011-2021 The Galette Team * * This file is part of Galette (http://galette.tuxfamily.org). * @@ -28,7 +28,7 @@ * @package Galette * * @author Johan Cwiklinski - * @copyright 2011-2014 The Galette Team + * @copyright 2011-2021 The Galette Team * @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version * @link http://galette.tuxfamily.org * @since Available since 0.7dev - 2011-07-27 @@ -58,7 +58,7 @@ * @name Db * @package Galette * @author Johan Cwiklinski - * @copyright 2011-2014 The Galette Team + * @copyright 2011-2021 The Galette Team * @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version * @link http://framework.zend.com/apidoc/2.2/namespaces/Zend.Db.html * @since Available since 0.7dev - 2011-07-27 @@ -453,7 +453,7 @@ public function grantCheck($mode = 'i') //can Galette SELECT records ? try { $select = $this->sql->select('galette_test'); - $select->where('test_id = 1'); + $select->where(['test_id' => 1]); $res = $this->execute($select); $pass = $res->count() === 1; @@ -673,7 +673,7 @@ private function convertContentToUTF($prefix, $table) //build where foreach ($pkeys as $k) { - $where[] = $k . ' = "' . $row->$k . '"'; + $where[$k] = $row->$k; } //build data diff --git a/galette/lib/Galette/Core/Logo.php b/galette/lib/Galette/Core/Logo.php index c03e8dd625..a6e2241770 100644 --- a/galette/lib/Galette/Core/Logo.php +++ b/galette/lib/Galette/Core/Logo.php @@ -7,7 +7,7 @@ * * PHP version 5 * - * Copyright © 2009-2014 The Galette Team + * Copyright © 2009-2021 The Galette Team * * This file is part of Galette (http://galette.tuxfamily.org). * @@ -28,7 +28,7 @@ * @package Galette * * @author Johan Cwiklinski - * @copyright 2009-2014 The Galette Team + * @copyright 2009-2021 The Galette Team * @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version * @link http://galette.tuxfamily.org * @since Available since 0.7dev - 2009-09-13 @@ -46,7 +46,7 @@ * @name Logo * @package Galette * @author Johan Cwiklinski - * @copyright 2009-2014 The Galette Team + * @copyright 2009-2021 The Galette Team * @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version * @link http://galette.tuxfamily.org * @since Available since 0.7dev - 2009-09-13 @@ -100,7 +100,7 @@ protected function getCheckFileQuery() 'format' ) ); - $select->where(self::PK . ' = ' . $this->db_id); + $select->where([self::PK => $this->db_id]); return $select; } diff --git a/galette/lib/Galette/Core/MailingHistory.php b/galette/lib/Galette/Core/MailingHistory.php index 34e2bd3fa7..9a3e8d45ff 100644 --- a/galette/lib/Galette/Core/MailingHistory.php +++ b/galette/lib/Galette/Core/MailingHistory.php @@ -356,7 +356,7 @@ public static function loadFrom(Db $zdb, $id, $mailing, $new = true) { try { $select = $zdb->select(self::TABLE); - $select->where('mailing_id = ' . $id); + $select->where(['mailing_id' => $id]); $results = $zdb->execute($select); $result = $results->current(); @@ -450,7 +450,7 @@ public function update() $update = $this->zdb->update(self::TABLE); $update->set($values); - $update->where(self::PK . ' = ' . $this->mailing->history_id); + $update->where([self::PK => $this->mailing->history_id]); $this->zdb->execute($update); return true; } catch (Throwable $e) { diff --git a/galette/lib/Galette/Core/Password.php b/galette/lib/Galette/Core/Password.php index 1832e37bdd..728669dd17 100644 --- a/galette/lib/Galette/Core/Password.php +++ b/galette/lib/Galette/Core/Password.php @@ -8,7 +8,7 @@ * * PHP version 5 * - * Copyright © 2003-2020 The Galette Team + * Copyright © 2003-2021 The Galette Team * * This file is part of Galette (http://galette.tuxfamily.org). * @@ -31,7 +31,7 @@ * @author Frédéric Jacquot * @author Georges Khaznadar (password encryption, images) * @author Johan Cwiklinski - * @copyright 2003-2014 The Galette Team + * @copyright 2003-2021 The Galette Team * @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version * @link http://galette.tuxfamily.org * @since Available since 0.7dev - 2009-02-28 @@ -52,7 +52,7 @@ * @author Frédéric Jacquot * @author Georges Khaznadar (password encryption, images) * @author Johan Cwiklinski - * @copyright 2009-2020 The Galette Team + * @copyright 2009-2021 The Galette Team * @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version * @link http://galette.tuxfamily.org * @since Available since 0.7dev - 2011-06-16 @@ -95,7 +95,7 @@ private function removeOldEntries(int $id_adh): bool { try { $delete = $this->zdb->delete(self::TABLE); - $delete->where(self::PK . ' = ' . $id_adh); + $delete->where([self::PK => $id_adh]); $del = $this->zdb->execute($delete); if ($del) { diff --git a/galette/lib/Galette/Core/Picture.php b/galette/lib/Galette/Core/Picture.php index 37091d462c..4ae2eafee3 100644 --- a/galette/lib/Galette/Core/Picture.php +++ b/galette/lib/Galette/Core/Picture.php @@ -7,7 +7,7 @@ * * PHP version 5 * - * Copyright © 2006-2014 The Galette Team + * Copyright © 2006-2021 The Galette Team * * This file is part of Galette (http://galette.tuxfamily.org). * @@ -29,7 +29,7 @@ * * @author Frédéric Jacquot * @author Johan Cwiklinski - * @copyright 2006-2014 The Galette Team + * @copyright 2006-2021 The Galette Team * @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version * @link http://galette.tuxfamily.org */ @@ -51,7 +51,7 @@ * @package Galette * @author Frédéric Jacquot * @author Johan Cwiklinski - * @copyright 2006-2014 The Galette Team + * @copyright 2006-2021 The Galette Team * @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version * @link http://galette.tuxfamily.org */ @@ -339,9 +339,7 @@ public function delete($transaction = true) } $delete = $zdb->delete($this->tbl_prefix . $class::TABLE); - $delete->where( - $class::PK . ' = ' . $this->db_id - ); + $delete->where([$class::PK => $this->db_id]); $del = $zdb->execute($delete); if (!$del->count() > 0) { diff --git a/galette/lib/Galette/DynamicFields/DynamicField.php b/galette/lib/Galette/DynamicFields/DynamicField.php index 775ed2c534..d87aba0ce2 100644 --- a/galette/lib/Galette/DynamicFields/DynamicField.php +++ b/galette/lib/Galette/DynamicFields/DynamicField.php @@ -143,7 +143,7 @@ public static function loadFieldType(Db $zdb, $id) { try { $select = $zdb->select(self::TABLE); - $select->where('field_id = ' . $id); + $select->where(['field_id' => $id]); $results = $zdb->execute($select); $result = $results->current(); @@ -216,7 +216,7 @@ public function load($id) { try { $select = $this->zdb->select(self::TABLE); - $select->where(self::PK . ' = ' . $id); + $select->where([self::PK => $id]); $results = $this->zdb->execute($select); $result = $results->current(); @@ -716,9 +716,7 @@ public function store($values) if (!$isnew) { $update = $this->zdb->update(self::TABLE); - $update->set($values)->where( - self::PK . ' = ' . $this->id - ); + $update->set($values)->where([self::PK => $this->id]); $this->zdb->execute($update); } else { $values['field_type'] = $this->getType(); diff --git a/galette/lib/Galette/Entity/Adherent.php b/galette/lib/Galette/Entity/Adherent.php index c0344ad00c..2113b6a55f 100644 --- a/galette/lib/Galette/Entity/Adherent.php +++ b/galette/lib/Galette/Entity/Adherent.php @@ -473,9 +473,7 @@ private function loadChildren() $select = $this->zdb->select(self::TABLE); $select->columns( array($id) - )->where( - 'parent_id = ' . $this->_id - ); + )->where(['parent_id' => $this->_id]); $results = $this->zdb->execute($select); @@ -847,7 +845,7 @@ public static function getSName($zdb, $id, $wid = false, $wnick = false) { try { $select = $zdb->select(self::TABLE); - $select->where(self::PK . ' = ' . $id); + $select->where([self::PK => $id]); $results = $zdb->execute($select); $row = $results->current(); @@ -925,7 +923,7 @@ public static function updatePassword(Db $zdb, $id_adh, $pass) $update = $zdb->update(self::TABLE); $update->set( array('mdp_adh' => $cpass) - )->where(self::PK . ' = ' . $id_adh); + )->where([self::PK => $id_adh]); $zdb->execute($update); Analog::log( 'Password for `' . $id_adh . '` has been updated.', @@ -1307,8 +1305,9 @@ public function validate($field, $value, $values) array(self::PK) )->where(array('email_adh' => $value)); if (!empty($this->_id)) { - $select->where( - self::PK . ' != ' . $this->_id + $select->where->notEqualTo( + self::PK, + $this->_id ); } @@ -1345,8 +1344,9 @@ public function validate($field, $value, $values) array(self::PK) )->where(array('login_adh' => $value)); if (!empty($this->_id)) { - $select->where( - self::PK . ' != ' . $this->_id + $select->where->notEqualTo( + self::PK, + $this->_id ); } @@ -1404,7 +1404,7 @@ public function validate($field, $value, $values) $this->$prop = (int)$value; //check if status exists $select = $this->zdb->select(Status::TABLE); - $select->where(Status::PK . '= ' . $value); + $select->where([Status::PK => $value]); $results = $this->zdb->execute($select); $result = $results->current(); @@ -1577,9 +1577,7 @@ public function store() $update = $this->zdb->update(self::TABLE); $update->set($values); - $update->where( - self::PK . '=' . $this->_id - ); + $update->where([self::PK => $this->_id]); $edit = $this->zdb->execute($update); @@ -1629,7 +1627,7 @@ private function updateModificationDate() $update = $this->zdb->update(self::TABLE); $update->set( array('date_modif_adh' => $modif_date) - )->where(self::PK . '=' . $this->_id); + )->where([self::PK => $this->_id]); $edit = $this->zdb->execute($update); $this->_modification_date = $modif_date; diff --git a/galette/lib/Galette/Entity/Contribution.php b/galette/lib/Galette/Entity/Contribution.php index 9c088519ad..c1fb4de13e 100644 --- a/galette/lib/Galette/Entity/Contribution.php +++ b/galette/lib/Galette/Entity/Contribution.php @@ -579,7 +579,7 @@ public function checkOverlap() array('ct' => PREFIX_DB . ContributionsTypes::TABLE), 'c.' . ContributionsTypes::PK . '=ct.' . ContributionsTypes::PK, array() - )->where(Adherent::PK . ' = ' . $this->_member) + )->where([Adherent::PK => $this->_member]) ->where(array('cotis_extension' => new Expression('true'))) ->where->nest->nest ->greaterThanOrEqualTo('date_debut_cotis', $this->_begin_date) @@ -590,7 +590,7 @@ public function checkOverlap() ->lessThanOrEqualTo('date_fin_cotis', $this->_end_date); if ($this->id != '') { - $select->where(self::PK . ' != ' . $this->id); + $select->where->notEqualTo(self::PK, $this->id); } $results = $this->zdb->execute($select); @@ -681,9 +681,7 @@ public function store() } else { //we're editing an existing contribution $update = $this->zdb->update(self::TABLE); - $update->set($values)->where( - self::PK . '=' . $this->_id - ); + $update->set($values)->where([self::PK => $this->_id]); $edit = $this->zdb->execute($update); //edit == 0 does not mean there were an error, but that there @@ -750,7 +748,7 @@ private function updateDeadline() $update->set( array('date_echeance' => $date_fin_update) )->where( - Adherent::PK . '=' . $this->_member + [Adherent::PK => $this->_member] ); $this->zdb->execute($update); return true; @@ -782,7 +780,7 @@ public function remove($transaction = true) } $delete = $this->zdb->delete(self::TABLE); - $delete->where(self::PK . ' = ' . $this->_id); + $delete->where([self::PK => $this->_id]); $del = $this->zdb->execute($delete); if ($del->count() > 0) { $this->updateDeadline(); @@ -884,7 +882,7 @@ public static function getDueDate(Db $zdb, $member_id) 'c.' . ContributionsTypes::PK . '=ct.' . ContributionsTypes::PK, array() )->where( - Adherent::PK . ' = ' . $member_id + [Adherent::PK => $member_id] )->where( array('cotis_extension' => new Expression('true')) ); @@ -927,7 +925,7 @@ public static function unsetTransactionPart(Db $zdb, Login $login, $trans_id, $c $update->set( array(Transaction::PK => null) )->where( - self::PK . ' = ' . $contrib_id + [self::PK => $contrib_id] ); $zdb->execute($update); return true; @@ -964,7 +962,7 @@ public static function setTransactionPart(Db $zdb, $trans_id, $contrib_id) $update = $zdb->update(self::TABLE); $update->set( array(Transaction::PK => $trans_id) - )->where(self::PK . ' = ' . $contrib_id); + )->where([self::PK => $contrib_id]); $zdb->execute($update); return true; diff --git a/galette/lib/Galette/Entity/Entitled.php b/galette/lib/Galette/Entity/Entitled.php index f59a1f88b7..20e71edbb5 100644 --- a/galette/lib/Galette/Entity/Entitled.php +++ b/galette/lib/Galette/Entity/Entitled.php @@ -126,7 +126,7 @@ public function load($id) { try { $select = $this->zdb->select($this->table); - $select->where($this->fpk . ' = ' . $id); + $select->where([$this->fpk => $id]); $results = $this->zdb->execute($select); if ($results->count() > 0) { @@ -345,7 +345,7 @@ public function get($id) try { $select = $this->zdb->select($this->table); - $select->where($this->fpk . '=' . $id); + $select->where([$this->fpk => $id]); $results = $this->zdb->execute($select); $result = $results->current(); @@ -507,7 +507,7 @@ public function update($id, $label, $extra) $update = $this->zdb->update($this->table); $update->set($values); - $update->where($this->fpk . ' = ' . $id); + $update->where([$this->fpk => $id]); $ret = $this->zdb->execute($update); @@ -556,7 +556,7 @@ public function delete($id) try { $this->zdb->connection->beginTransaction(); $delete = $this->zdb->delete($this->table); - $delete->where($this->fpk . ' = ' . $id); + $delete->where([$this->fpk => $id]); $this->zdb->execute($delete); $this->deleteTranslation($ret->{$this->flabel}); @@ -590,7 +590,7 @@ public function isUsed($id) { try { $select = $this->zdb->select($this->used); - $select->where($this->fpk . ' = ' . $id); + $select->where([$this->fpk => $id]); $results = $this->zdb->execute($select); $result = $results->current(); diff --git a/galette/lib/Galette/Entity/Group.php b/galette/lib/Galette/Entity/Group.php index 088a5f29cb..8603ad8fb3 100644 --- a/galette/lib/Galette/Entity/Group.php +++ b/galette/lib/Galette/Entity/Group.php @@ -179,9 +179,9 @@ private function loadPersons($type) array('g' => $join), 'g.' . Adherent::PK . '=a.' . Adherent::PK, array() - )->where( - 'g.' . self::PK . ' = ' . $this->id - )->order( + )->where([ + 'g.' . self::PK => $this->id + ])->order( 'nom_adh ASC', 'prenom_adh ASC' ); @@ -231,10 +231,10 @@ private function loadSubGroups() array('b' => PREFIX_DB . self::GROUPSMANAGERS_TABLE), 'a.' . self::PK . '=b.' . self::PK, array() - )->where('b.' . Adherent::PK . ' = ' . $this->login->id); + )->where(['b.' . Adherent::PK => $this->login->id]); } - $select->where('parent_group = ' . $this->id) + $select->where(['parent_group' => $this->id]) ->order('group_name ASC'); $results = $zdb->execute($select); @@ -295,24 +295,18 @@ public function remove($cascade = false) //delete members $delete = $zdb->delete(self::GROUPSUSERS_TABLE); - $delete->where( - self::PK . ' = ' . $this->id - ); + $delete->where([self::PK => $this->id]); $zdb->execute($delete); //delete managers $delete = $zdb->delete(self::GROUPSMANAGERS_TABLE); - $delete->where( - self::PK . ' = ' . $this->id - ); + $delete->where([self::PK => $this->id]); $zdb->execute($delete); } //delete group itself $delete = $zdb->delete(self::TABLE); - $delete->where( - self::PK . ' = ' . $this->id - ); + $delete->where([self::PK => $this->id]); $zdb->execute($delete); //commit all changes @@ -371,7 +365,7 @@ public function detach() $update->set( array('parent_group' => new Expression('NULL')) )->where( - self::PK . ' = ' . $this->id + [self::PK => $this->id] ); $edit = $zdb->execute($update); @@ -447,7 +441,7 @@ public function store() $update = $zdb->update(self::TABLE); $update ->set($values) - ->where(self::PK . '=' . $this->id); + ->where([self::PK => $this->id]); $edit = $zdb->execute($update); @@ -728,9 +722,7 @@ public function setMembers($members) //first, remove current groups members $delete = $zdb->delete(self::GROUPSUSERS_TABLE); - $delete->where( - self::PK . ' = ' . $this->id - ); + $delete->where([self::PK => $this->id]); $zdb->execute($delete); Analog::log( @@ -818,9 +810,7 @@ public function setManagers($members) //first, remove current groups managers $delete = $zdb->delete(self::GROUPSMANAGERS_TABLE); - $delete->where( - self::PK . ' = ' . $this->id - ); + $delete->where([self::PK => $this->id]); $zdb->execute($delete); Analog::log( diff --git a/galette/lib/Galette/Entity/ImportModel.php b/galette/lib/Galette/Entity/ImportModel.php index 1c79023c1a..4b7f1d6b8c 100644 --- a/galette/lib/Galette/Entity/ImportModel.php +++ b/galette/lib/Galette/Entity/ImportModel.php @@ -175,7 +175,7 @@ public function store($zdb) //we're editing an existing model $update = $zdb->update(self::TABLE); $update->set($values); - $update->where(self::PK . '=' . $this->id); + $update->where([self::PK => $this->id]); $zdb->execute($update); return true; } diff --git a/galette/lib/Galette/Entity/PaymentType.php b/galette/lib/Galette/Entity/PaymentType.php index 5d0d728643..d5a1117768 100644 --- a/galette/lib/Galette/Entity/PaymentType.php +++ b/galette/lib/Galette/Entity/PaymentType.php @@ -100,7 +100,7 @@ private function load($id) { try { $select = $this->zdb->select(self::TABLE); - $select->limit(1)->where(self::PK . ' = ' . $id); + $select->limit(1)->where([self::PK => $id]); $results = $this->zdb->execute($select); $res = $results->current(); @@ -149,9 +149,7 @@ public function store() } $update = $this->zdb->update(self::TABLE); - $update->set($data)->where( - self::PK . '=' . $this->id - ); + $update->set($data)->where([self::PK => $this->id]); $this->zdb->execute($update); } else { $insert = $this->zdb->insert(self::TABLE); @@ -191,9 +189,7 @@ public function remove() try { $delete = $this->zdb->delete(self::TABLE); - $delete->where( - self::PK . ' = ' . $id - ); + $delete->where([self::PK => $id]); $this->zdb->execute($delete); $this->deleteTranslation($this->name); Analog::log( diff --git a/galette/lib/Galette/Entity/PdfModel.php b/galette/lib/Galette/Entity/PdfModel.php index 4921964198..ba559f82b1 100644 --- a/galette/lib/Galette/Entity/PdfModel.php +++ b/galette/lib/Galette/Entity/PdfModel.php @@ -136,7 +136,7 @@ protected function load($id, $init = true) try { $select = $this->zdb->select(self::TABLE); $select->limit(1) - ->where(self::PK . ' = ' . $id); + ->where([self::PK => $id]); $results = $this->zdb->execute($select); @@ -231,7 +231,7 @@ public function store() if ($this->id !== null) { $update = $this->zdb->update(self::TABLE); $update->set($data)->where( - self::PK . '=' . $this->id + [self::PK => $this->id] ); $this->zdb->execute($update); } else { diff --git a/galette/lib/Galette/Entity/Reminder.php b/galette/lib/Galette/Entity/Reminder.php index c949aef84a..e7443c6150 100644 --- a/galette/lib/Galette/Entity/Reminder.php +++ b/galette/lib/Galette/Entity/Reminder.php @@ -111,7 +111,7 @@ private function load($id) try { $select = $zdb->select(self::TABLE); $select->limit(1) - ->where(self::PK . ' = ' . $id); + ->where([self::PK => $id]); $results = $zdb->execute($select); $this->loadFromRs($results->current()); diff --git a/galette/lib/Galette/Entity/SavedSearch.php b/galette/lib/Galette/Entity/SavedSearch.php index 2452a3e9a2..3dba26aa8f 100644 --- a/galette/lib/Galette/Entity/SavedSearch.php +++ b/galette/lib/Galette/Entity/SavedSearch.php @@ -102,11 +102,11 @@ private function load($id) { try { $select = $this->zdb->select(self::TABLE); - $select->limit(1)->where(self::PK . ' = ' . $id); + $select->limit(1)->where([self::PK => $id]); if ($this->login->isSuperAdmin()) { $select->where(Adherent::PK . ' IS NULL'); } else { - $select->where(Adherent::PK . ' = ' . (int)$this->login->id); + $select->where([Adherent::PK => $this->login->id]); } $results = $this->zdb->execute($select); @@ -223,9 +223,7 @@ public function remove() $id = (int)$this->id; try { $delete = $this->zdb->delete(self::TABLE); - $delete->where( - self::PK . ' = ' . $id - ); + $delete->where([self::PK => $id]); $this->zdb->execute($delete); Analog::log( 'Saved search #' . $id . ' (' . $this->name diff --git a/galette/lib/Galette/Entity/Social.php b/galette/lib/Galette/Entity/Social.php index 1084bb3e17..1c4bceedaf 100644 --- a/galette/lib/Galette/Entity/Social.php +++ b/galette/lib/Galette/Entity/Social.php @@ -114,7 +114,7 @@ private function load(int $id): void { try { $select = $this->zdb->select(self::TABLE); - $select->limit(1)->where(self::PK . ' = ' . $id); + $select->limit(1)->where([self::PK => $id]); $results = $this->zdb->execute($select); $res = $results->current(); @@ -199,7 +199,7 @@ public function store(): bool if ($this->id !== null && $this->id > 0) { $update = $this->zdb->update(self::TABLE); $update->set(['url' => $this->url])->where( - self::PK . '=' . $this->id + [self::PK => $this->id] ); $this->zdb->execute($update); } else { diff --git a/galette/lib/Galette/Entity/Title.php b/galette/lib/Galette/Entity/Title.php index 1fb7a41adb..3218522f09 100644 --- a/galette/lib/Galette/Entity/Title.php +++ b/galette/lib/Galette/Entity/Title.php @@ -91,7 +91,7 @@ private function load($id) global $zdb; try { $select = $zdb->select(self::TABLE); - $select->limit(1)->where(self::PK . ' = ' . $id); + $select->limit(1)->where([self::PK => $id]); $results = $zdb->execute($select); $res = $results->current(); @@ -145,9 +145,7 @@ public function store($zdb) try { if ($this->id !== null && $this->id > 0) { $update = $zdb->update(self::TABLE); - $update->set($data)->where( - self::PK . '=' . $this->id - ); + $update->set($data)->where([self::PK => $this->id]); $zdb->execute($update); } else { $insert = $zdb->insert(self::TABLE); @@ -187,9 +185,7 @@ public function remove($zdb) try { $delete = $zdb->delete(self::TABLE); - $delete->where( - self::PK . ' = ' . $id - ); + $delete->where([self::PK => $id]); $zdb->execute($delete); Analog::log( 'Title #' . $id . ' (' . $this->short diff --git a/galette/lib/Galette/Entity/Transaction.php b/galette/lib/Galette/Entity/Transaction.php index 321db6e385..08caee36c5 100644 --- a/galette/lib/Galette/Entity/Transaction.php +++ b/galette/lib/Galette/Entity/Transaction.php @@ -154,7 +154,7 @@ public function load($id) { try { $select = $this->zdb->select(self::TABLE, 't'); - $select->where(self::PK . ' = ' . $id); + $select->where([self::PK => $id]); $select->join( array('a' => PREFIX_DB . Adherent::TABLE), 't.' . Adherent::PK . '=a.' . Adherent::PK, @@ -235,9 +235,7 @@ public function remove(History $hist, $transaction = true) //remove transaction itself $delete = $this->zdb->delete(self::TABLE); - $delete->where( - self::PK . ' = ' . $this->_id - ); + $delete->where([self::PK => $this->_id]); $del = $this->zdb->execute($delete); if ($del->count() > 0) { $this->dynamicsRemove(true); @@ -457,9 +455,7 @@ public function store(History $hist) } else { //we're editing an existing transaction $update = $this->zdb->update(self::TABLE); - $update->set($values)->where( - self::PK . '=' . $this->_id - ); + $update->set($values)->where([self::PK => $this->_id]); $edit = $this->zdb->execute($update); //edit == 0 does not mean there were an error, but that there //were nothing to change @@ -514,7 +510,7 @@ public function getDispatchedAmount(): float array( 'sum' => new Expression('SUM(montant_cotis)') ) - )->where(self::PK . ' = ' . $this->_id); + )->where([self::PK => $this->_id]); $results = $this->zdb->execute($select); $result = $results->current(); @@ -547,7 +543,7 @@ public function getMissingAmount() array( 'sum' => new Expression('SUM(montant_cotis)') ) - )->where(self::PK . ' = ' . $this->_id); + )->where([self::PK => $this->_id]); $results = $this->zdb->execute($select); $result = $results->current(); diff --git a/galette/lib/Galette/Repository/Groups.php b/galette/lib/Galette/Repository/Groups.php index 5fa8cf987a..9839f6db86 100644 --- a/galette/lib/Galette/Repository/Groups.php +++ b/galette/lib/Galette/Repository/Groups.php @@ -7,7 +7,7 @@ * * PHP version 5 * - * Copyright © 2011-2014 The Galette Team + * Copyright © 2011-2021 The Galette Team * * This file is part of Galette (http://galette.tuxfamily.org). * @@ -28,7 +28,7 @@ * @package Galette * * @author Johan Cwiklinski - * @copyright 2011-2014 The Galette Team + * @copyright 2011-2021 The Galette Team * @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version * @link http://galette.tuxfamily.org * @since Available since 0.7dev - 2011-10-25 @@ -52,7 +52,7 @@ * @name Groups * @package Galette * @author Johan Cwiklinski - * @copyright 2011-2014 The Galette Team + * @copyright 2011-2021 The Galette Team * @license http://www.gnu.org/licenses/gpl-3.0.html GPL License 3.0 or (at your option) any later version * @link http://galette.tuxfamily.org * @since Available since 0.7dev - 2011-10-25 @@ -136,7 +136,7 @@ public function getList($full = true, $id = null) array('c' => PREFIX_DB . Group::GROUPSMANAGERS_TABLE), 'a.' . Group::PK . '=c.' . Group::PK, array() - )->where('c.' . Adherent::PK . ' = ' . $this->login->id); + )->where(['c.' . Adherent::PK => $this->login->id]); } if ($full !== true) { @@ -275,9 +275,7 @@ public static function addMemberToGroups($adh, $groups, $manager = false, $trans //first, remove current groups members $delete = $zdb->delete($table); - $delete->where( - Adherent::PK . ' = ' . $adh->id - ); + $delete->where([Adherent::PK => $adh->id]); $zdb->execute($delete); $msg = null; diff --git a/galette/lib/Galette/Repository/Members.php b/galette/lib/Galette/Repository/Members.php index 424fea671a..235cabe668 100644 --- a/galette/lib/Galette/Repository/Members.php +++ b/galette/lib/Galette/Repository/Members.php @@ -641,7 +641,7 @@ private function buildSelect($mode, $fields, $photos, $count = false): Select array('m' => PREFIX_DB . Group::GROUPSMANAGERS_TABLE), 'gr.' . Group::PK . '=m.' . Group::PK, array() - )->where('m.' . Adherent::PK . ' = ' . $login->id); + )->where(['m.' . Adherent::PK => $login->id]); break; case self::SHOW_PUBLIC_LIST: if ($photos) { @@ -731,8 +731,8 @@ private function buildSelect($mode, $fields, $photos, $count = false): Select 'val' => 'field_val' ] ); - $subselect->where('df.field_form = \'adh\''); - $subselect->where('df.field_id = ' . $df); + $subselect->where(['df.field_form' => 'adh']); + $subselect->where(['df.field_id' => $df]); $select->join( array('df' . $df => $subselect), 'a.id_adh = df' . $df . '.item_id', @@ -1155,7 +1155,7 @@ private function buildWhereClause(Select $select) array(), $select::JOIN_LEFT )->where( - '(g.' . Group::PK . ' = ' . $this->filters->group_filter . + '(g.' . Group::PK . ' = ' . $zdb->platform->quoteValue($this->filters->group_filter) . ' OR gs.parent_group = NULL OR gs.parent_group = ' . $this->filters->group_filter . ')' );