Commit a8129be9 authored by Francois Marier's avatar Francois Marier
Browse files

Convert inline parameters to a placeholders



These parameters were already sanitised.
Signed-off-by: default avatarFrancois Marier <francois@catalyst.net.nz>
parent 5295e94a
......@@ -42,8 +42,8 @@ $menuitems = get_records_sql_array('
FROM {site_menu} s
LEFT OUTER JOIN {artefact} a ON s.file = a.id
WHERE
s.public = ' . $public . '
ORDER BY s.displayorder', null);
s.public = ?
ORDER BY s.displayorder', array($public));
$rows = array();
if ($menuitems) {
foreach ($menuitems as $i) {
......
......@@ -44,8 +44,8 @@ if ($a->get('owner') != $USER->get('id')) {
$table = $a->get_other_table_name();
$ids = get_column_sql('
SELECT id FROM {'.$table.'}
WHERE artefact = '.$artefact.'
ORDER BY displayorder');
WHERE artefact = ?
ORDER BY displayorder', array($artefact));
foreach ($ids as $k => $v) {
if ($v == $id) {
......
......@@ -246,8 +246,8 @@ class User {
{usr}
WHERE
LOWER(username) = ? AND
authinstance = ' . db_quote($instanceid);
$user = get_record_sql($sql, array($username));
authinstance = ?';
$user = get_record_sql($sql, array($username, $instanceid));
}
if (false == $user) {
......
......@@ -621,8 +621,8 @@ class View {
$userids = implode(',', $userids);
execute_sql('DELETE FROM {usr_watchlist_view}
WHERE view = ' . $this->get('id') . '
AND usr IN (' . $userids . ')');
WHERE view = ?
AND usr IN (' . $userids . ')', array($this->get('id')));
}
$beforeusers = activity_get_viewaccess_users($this->get('id'), $USER->get('id'), 'viewaccess');
......@@ -2011,8 +2011,8 @@ class View {
$count = count_records('view', 'group', $groupid);
$viewdata = get_records_sql_array('SELECT v.id,v.title,v.startdate,v.stopdate,v.description, v.template, v.type
FROM {view} v
WHERE v.group = ' . $groupid . '
ORDER BY v.title, v.id', '', $offset, $limit);
WHERE v.group = ?
ORDER BY v.title, v.id', array($groupid), $offset, $limit);
}
else if ($institution) {
$count = count_records('view', 'institution', $institution);
......@@ -2028,8 +2028,8 @@ class View {
FROM {view} v
LEFT OUTER JOIN {group} g ON (v.submittedgroup = g.id AND g.deleted = 0)
LEFT OUTER JOIN {host} h ON (v.submittedhost = h.wwwroot)
WHERE v.owner = ' . $userid . "
ORDER BY v.type = 'portfolio', v.type, v.title, v.id", '', $offset, $limit);
WHERE v.owner = ?
ORDER BY v.type = \'portfolio\', v.type, v.title, v.id', array($userid), $offset, $limit);
$owner = $userid;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment