Commit a8129be9 authored by Francois Marier's avatar Francois Marier
Browse files

Convert inline parameters to a placeholders



These parameters were already sanitised.
Signed-off-by: default avatarFrancois Marier <francois@catalyst.net.nz>
parent 5295e94a
...@@ -42,8 +42,8 @@ $menuitems = get_records_sql_array(' ...@@ -42,8 +42,8 @@ $menuitems = get_records_sql_array('
FROM {site_menu} s FROM {site_menu} s
LEFT OUTER JOIN {artefact} a ON s.file = a.id LEFT OUTER JOIN {artefact} a ON s.file = a.id
WHERE WHERE
s.public = ' . $public . ' s.public = ?
ORDER BY s.displayorder', null); ORDER BY s.displayorder', array($public));
$rows = array(); $rows = array();
if ($menuitems) { if ($menuitems) {
foreach ($menuitems as $i) { foreach ($menuitems as $i) {
......
...@@ -44,8 +44,8 @@ if ($a->get('owner') != $USER->get('id')) { ...@@ -44,8 +44,8 @@ if ($a->get('owner') != $USER->get('id')) {
$table = $a->get_other_table_name(); $table = $a->get_other_table_name();
$ids = get_column_sql(' $ids = get_column_sql('
SELECT id FROM {'.$table.'} SELECT id FROM {'.$table.'}
WHERE artefact = '.$artefact.' WHERE artefact = ?
ORDER BY displayorder'); ORDER BY displayorder', array($artefact));
foreach ($ids as $k => $v) { foreach ($ids as $k => $v) {
if ($v == $id) { if ($v == $id) {
......
...@@ -246,8 +246,8 @@ class User { ...@@ -246,8 +246,8 @@ class User {
{usr} {usr}
WHERE WHERE
LOWER(username) = ? AND LOWER(username) = ? AND
authinstance = ' . db_quote($instanceid); authinstance = ?';
$user = get_record_sql($sql, array($username)); $user = get_record_sql($sql, array($username, $instanceid));
} }
if (false == $user) { if (false == $user) {
......
...@@ -621,8 +621,8 @@ class View { ...@@ -621,8 +621,8 @@ class View {
$userids = implode(',', $userids); $userids = implode(',', $userids);
execute_sql('DELETE FROM {usr_watchlist_view} execute_sql('DELETE FROM {usr_watchlist_view}
WHERE view = ' . $this->get('id') . ' WHERE view = ?
AND usr IN (' . $userids . ')'); AND usr IN (' . $userids . ')', array($this->get('id')));
} }
$beforeusers = activity_get_viewaccess_users($this->get('id'), $USER->get('id'), 'viewaccess'); $beforeusers = activity_get_viewaccess_users($this->get('id'), $USER->get('id'), 'viewaccess');
...@@ -2011,8 +2011,8 @@ class View { ...@@ -2011,8 +2011,8 @@ class View {
$count = count_records('view', 'group', $groupid); $count = count_records('view', 'group', $groupid);
$viewdata = get_records_sql_array('SELECT v.id,v.title,v.startdate,v.stopdate,v.description, v.template, v.type $viewdata = get_records_sql_array('SELECT v.id,v.title,v.startdate,v.stopdate,v.description, v.template, v.type
FROM {view} v FROM {view} v
WHERE v.group = ' . $groupid . ' WHERE v.group = ?
ORDER BY v.title, v.id', '', $offset, $limit); ORDER BY v.title, v.id', array($groupid), $offset, $limit);
} }
else if ($institution) { else if ($institution) {
$count = count_records('view', 'institution', $institution); $count = count_records('view', 'institution', $institution);
...@@ -2028,8 +2028,8 @@ class View { ...@@ -2028,8 +2028,8 @@ class View {
FROM {view} v FROM {view} v
LEFT OUTER JOIN {group} g ON (v.submittedgroup = g.id AND g.deleted = 0) LEFT OUTER JOIN {group} g ON (v.submittedgroup = g.id AND g.deleted = 0)
LEFT OUTER JOIN {host} h ON (v.submittedhost = h.wwwroot) LEFT OUTER JOIN {host} h ON (v.submittedhost = h.wwwroot)
WHERE v.owner = ' . $userid . " WHERE v.owner = ?
ORDER BY v.type = 'portfolio', v.type, v.title, v.id", '', $offset, $limit); ORDER BY v.type = \'portfolio\', v.type, v.title, v.id', array($userid), $offset, $limit);
$owner = $userid; $owner = $userid;
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment