fix queries for global and prepared

2017-01-20 12:58:34 +01:00
parent daff2f41fa
commit 0f02859124
3 changed files with 52 additions and 36 deletions
--- a/website/queries/group_page.php
+++ b/website/queries/group_page.php
@@ -1,7 +1,7 @@
 <?php

 function selectGroupById($groupID) {
-    return $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
    SELECT
        `group_page`.`name`,
        `group_page`.`picture`,
@@ -11,12 +11,16 @@ function selectGroupById($groupID) {
    FROM
        `group_page`
    WHERE
-        `group_page`.`groupID` = $groupID
+        `group_page`.`groupID` = :groupID
    ");
+
+    $q->bindParam(':groupID', $groupID);
+    $q->execute();
+    return $q;
 }

 function select20GroupsFromN($n) {
-    return $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
    SELECT
        `group_page`.`groupID`,
        `group_page`.`name`,
@@ -29,12 +33,16 @@ function select20GroupsFromN($n) {
    ORDER BY
        `group_page`.`name` ASC
    LIMIT
-        $n, 20
+        :n, 20
    ");
+
+    $q->bindParam(':n', $n);
+    $q->execute();
+    return $q;
 }

 function select20GroupsByStatusFromN($n, $status) {
-    return $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
    SELECT
        `group_page`.`groupID`,
        `group_page`.`name`,
@@ -45,12 +53,17 @@ function select20GroupsByStatusFromN($n, $status) {
    FROM
        `group_page`
    WHERE
-    	`group_page`.`status` = $status
+    	`group_page`.`status` = :status
    ORDER BY
        `group_page`.`name` ASC
    LIMIT
-        $n, 20
+        :n, 20
    ");
+
+    $q->bindParam(':status', $status);
+    $q->bindParam(':n', $n);
+    $q->execute();
+    return $q;
 }

 function search20GroupsFromNByStatus($n, $keyword, $status) {
@@ -80,8 +93,8 @@ function search20GroupsFromNByStatus($n, $keyword, $status) {
    return $q;
 }

-function searchSomeGroupsByStatus($db, $n, $m, $keyword, $status) {
-    $q = $db->prepare("
+function searchSomeGroupsByStatus($n, $m, $keyword, $status) {
+    $q = $GLOBALS['db']->prepare("
    SELECT
        `groupID`,
        `name`,
@@ -108,8 +121,8 @@ function searchSomeGroupsByStatus($db, $n, $m, $keyword, $status) {
    return $q;
 }

-function countSomeGroupsByStatus($db, $keyword, $status) {
-    $q = $db->prepare("
+function countSomeGroupsByStatus($keyword, $status) {
+    $q = $GLOBALS['db']->prepare("
    SELECT
        COUNT(*)
    FROM
@@ -141,11 +154,9 @@ function changeGroupStatusByID($id, $status) {

    return $q;
 }
-<<<<<<< HEAD

-
-function changeMultipleGroupStatusByID($db, $ids, $status) {
-    $q = $db->prepare("
+function changeMultipleGroupStatusByID($ids, $status) {
+    $q = $GLOBALS['db']->prepare("
    UPDATE
        `group_page`
    SET
@@ -163,5 +174,3 @@ function changeMultipleGroupStatusByID($db, $ids, $status) {


 ?>
-=======
->>>>>>> master
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -87,7 +87,7 @@ function selectAllUserPosts($userID) {
 }

 function select20UsersFromN($n) {
-    return $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
    SELECT
        `userID`,
        `username`,
@@ -99,8 +99,12 @@ function select20UsersFromN($n) {
        `role`,
        `username`
    LIMIT
-        $n, 20
+        :n, 20
    ");
+
+    $q->bindParam(':n', $n);
+    $q->execute();
+    return $q;
 }

 function search20UsersFromN($n, $keyword) {
@@ -155,8 +159,8 @@ function search20UsersFromNByStatus($n, $keyword, $status) {
    return $q;
 }

-function searchSomeUsersByStatus($db, $n, $m, $keyword, $status) {
-    $q = $db->prepare("
+function searchSomeUsersByStatus($n, $m, $keyword, $status) {
+    $q = $GLOBALS["db"]->prepare("
    SELECT
        `userID`,
        `username`,
@@ -184,8 +188,8 @@ function searchSomeUsersByStatus($db, $n, $m, $keyword, $status) {
    return $q;
 }

-function countSomeUsersByStatus($db, $keyword, $status) {
-    $q = $db->prepare("
+function countSomeUsersByStatus($keyword, $status) {
+    $q = $GLOBALS["db"]->prepare("
    SELECT
        COUNT(*)
    FROM
@@ -208,20 +212,23 @@ function countSomeUsersByStatus($db, $keyword, $status) {


 function changeUserStatusByID($id, $status) {
-    $q = $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
    UPDATE
        `user`
    SET
-        `role` = $status
+        `role` = :status
    WHERE
-        `userID` = $id
+        `userID` = :id
    ");

+    $q->bindParam(':status', $status);
+    $q->bindParam(':id', $id);
+    $q->execute();
    return $q;
 }

-function changeMultipleUserStatusByID($db, $ids, $status) {
-    $q = $db->prepare("
+function changeMultipleUserStatusByID($ids, $status) {
+    $q = $GLOBALS["db"]->prepare("
    UPDATE
        `user`
    SET
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -84,19 +84,19 @@ if (isset($_GET["groupstatus"])) {

 if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (isset($_POST["actions"]) && isset($_POST["userID"])) {
-        changeUserStatusByID($db, $_POST["userID"], $_POST["actions"]);
+        changeUserStatusByID($_POST["userID"], $_POST["actions"]);
    }

    if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
-        changeGroupStatusByID($db, $_POST["groupID"], $_POST["actions"]);
+        changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
    }

    if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
-        changeMultipleUserStatusByID($db, $_POST["checkbox-user"], $_POST["batchactions"]);
+        changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
    }

    if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
-        changeMultipleGroupStatusByID($db, $_POST["checkbox-group"], $_POST["groupbatchactions"]);
+        changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
    }

    if (isset($_POST["pageselect"])) {
@@ -226,9 +226,9 @@ function test_input($data) {
                    <div class="admin-pageui">
                        <?php
                        if ($pagetype == "user") {
-                            $pages = countSomeUsersByStatus($db, $search, $status);
+                            $pages = countSomeUsersByStatus($search, $status);
                        } else {
-                            $pages = countSomeGroupsByStatus($db, $search, $status);
+                            $pages = countSomeGroupsByStatus($search, $status);
                        }
                        $countresults = $pages->fetchColumn();
                        $mincount = min($listm, $countresults);
@@ -277,7 +277,7 @@ function test_input($data) {
                    $listm = $currentpage * $perpage;

                    if ($pagetype == 'user') {
-                        $q = searchSomeUsersByStatus($db, $listn, $listm, $search, $status);
+                        $q = searchSomeUsersByStatus($listn, $listm, $search, $status);

                        while($user = $q->fetch(PDO::FETCH_ASSOC)) {
                            $userID = $user['userID'];
@@ -316,7 +316,7 @@ function test_input($data) {
                            ");
                        }
                    } else {
-                        $q = searchSomeGroupsByStatus($db, $listn, $listm, $search, $groupstatus);
+                        $q = searchSomeGroupsByStatus($listn, $listm, $search, $groupstatus);

                        while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
                            $groupID = $group['groupID'];