Here is a patch that does all instances and removes compile_update_string() as well.
Chris On Monday 03 July 2006 10:52 pm, Tony Lambregts wrote: > Chris Morgan wrote: > > We'll want to remove ALL uses of compile_update_string() and > > compile_insert_string(). I'll take care of this since there are 9 or 10 > > other instances of it. > > Yes we will have to I did some experimenting and any field that has a & > in it will bomb out not just xinha fields. If you want to do this that > is fine with me. > > -- > > Tony Lambregts
? FixCommentDisplay.diff ? compile_update_remove.patch ? hits_table_alter ? limittestresults.patch4 ? note_edit_cleanup.patch ? vote_table_alter ? data/screenshots Index: include/application.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/application.php,v retrieving revision 1.54 diff -u -r1.54 application.php --- include/application.php 4 Jul 2006 02:24:56 -0000 1.54 +++ include/application.php 4 Jul 2006 03:06:52 -0000 @@ -148,45 +148,40 @@ if ($this->sName && ($this->sName!=$oApp->sName)) { - $sUpdate = compile_update_string(array('appName' => $this->sName)); - if (!query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", - $this->iAppId)) + if (!query_parameters("UPDATE appFamily SET appName = '?' WHERE appId = '?'", + $this->sName, $this->iAppId)) return false; $sWhatChanged .= "Name was changed from ".$oApp->sName." to ".$this->sName.".\n\n"; } if ($this->sDescription && ($this->sDescription!=$oApp->sDescription)) { - $sUpdate = compile_update_string(array('description' => $this->sDescription)); - if (!query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", - $this->iAppId)) + if (!query_parameters("UPDATE appFamily SET description = '?' WHERE appId = '?'", + $this->sDescription, $this->iAppId)) return false; $sWhatChanged .= "Description was changed from\n ".$oApp->sDescription."\n to \n".$this->sDescription.".\n\n"; } if ($this->sKeywords && ($this->sKeywords!=$oApp->sKeywords)) { - $sUpdate = compile_update_string(array('keywords' => $this->sKeywords)); - if (!query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", - $this->iAppId)) + if (!query_parameters("UPDATE appFamily SET keywords = '?' WHERE appId = '?'", + $this->sKeywords, $this->iAppId)) return false; $sWhatChanged .= "Keywords were changed from\n ".$oApp->sKeywords."\n to \n".$this->sKeywords.".\n\n"; } if ($this->sWebpage && ($this->sWebpage!=$oApp->sWebpage)) { - $sUpdate = compile_update_string(array('webPage' => $this->sWebpage)); - if (!query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", - $this->iAppId)) + if (!query_parameters("UPDATE appFamily SET webPage = '?' WHERE appId = '?'", + $this->sWebPage, $this->iAppId)) return false; $sWhatChanged .= "Web page was changed from ".$oApp->sWebpage." to ".$this->sWebpage.".\n\n"; } if ($this->iVendorId && ($this->iVendorId!=$oApp->iVendorId)) { - $sUpdate = compile_update_string(array('vendorId' => $this->iVendorId)); - if (!query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", - $this->iAppId)) + if (!query_parameters("UPDATE appFamily SET vendorId = '?' WHERE appId = '?'", + $this->iVendorId, $this->iAppId)) return false; $oVendorBefore = new Vendor($oApp->iVendorId); $oVendorAfter = new Vendor($this->iVendorId); @@ -195,9 +190,8 @@ if ($this->iCatId && ($this->iCatId!=$oApp->iCatId)) { - $sUpdate = compile_update_string(array('catId' => $this->iCatId)); - if (!query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", - $this->iAppId)) + if (!query_parameters("UPDATE appFamily SET catId = '?' WHERE appId = '?'", + $this->iCatId, $this->iAppId)) return false; $oCatBefore = new Category($oApp->iCatId); $oCatAfter = new Category($this->iCatId); @@ -260,10 +254,8 @@ if(!$_SESSION['current']->canUnQueueApplication()) return; - $sUpdate = compile_update_string(array('queued' => "false", - 'keywords'=> str_replace(" *** ","",$this->sKeywords) )); - if(query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", - $this->iAppId)) + if(query_parameters("UPDATE appFamily SET queued = '?', keywords = '?' WHERE appId = '?'", + "false", str_replace(" *** ","",$this->sKeywords), $this->iAppId)) { $this->sQueued = 'false'; // we send an e-mail to intersted people @@ -281,9 +273,8 @@ if(!$this->sQueued == 'true') return false; - $sUpdate = compile_update_string(array('queued' => "rejected")); - if(query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", - $this->iAppId)) + if(query_parameters("UPDATE appFamily SET queued = '?' WHERE appId = '?'", + "rejected", $this->iAppId)) { $this->sQueued = 'rejected'; // we send an e-mail to intersted people @@ -299,9 +290,8 @@ if(!$_SESSION['current']->canRequeueApplication($this)) return false; - $sUpdate = compile_update_string(array('queued' => "true")); - if(query_parameters("UPDATE appFamily SET ".$sUpdate." WHERE appId = '?'", - $this->iAppId)) + if(query_parameters("UPDATE appFamily SET queued = '?' WHERE appId = '?'", + "true", $this->iAppId)) { $this->sQueued = 'true'; // we send an e-mail to intersted people Index: include/bugs.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/bugs.php,v retrieving revision 1.11 diff -u -r1.11 bugs.php --- include/bugs.php 29 Jun 2006 16:07:19 -0000 1.11 +++ include/bugs.php 4 Jul 2006 03:06:52 -0000 @@ -175,9 +175,8 @@ if(!$this->bQueued) return false; - $sUpdate = compile_update_string(array('queued' => "false")); - if(query_parameters("UPDATE buglinks SET ".$sUpdate." WHERE linkId='?'", - $this->iLinkId)) + if(query_parameters("UPDATE buglinks SET queued = '?' WHERE linkId='?'", + "false", $this->iLinkId)) { $this->bQueued = false; // we send an e-mail to intersted people Index: include/db.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/db.php,v retrieving revision 1.16 diff -u -r1.16 db.php --- include/db.php 27 Jun 2006 19:16:28 -0000 1.16 +++ include/db.php 4 Jul 2006 03:06:52 -0000 @@ -112,33 +112,4 @@ addmsg($sStatusMessage, "red"); } -/** -* Expects an array in this form: -* $aFoo['field'] = 'value'; -* -* Returns a string ready to be put in a query like this -* $sQuery = "UPDATE `foo` $sReturn"; -* -* Values are mysql_real_escape_string()'ed. -*/ -function compile_update_string($aData) -{ - global $hAppdbLink; - - if(!is_resource($hAppdbLink)) - { - // The last argument makes sure we are really opening a new connection - $hAppdbLink = mysql_connect(APPS_DBHOST, APPS_DBUSER, APPS_DBPASS,true); - mysql_select_db(APPS_DB, $hAppdbLink); - } - - foreach ($aData as $k => $v) - { - $return .= "`$k`='".mysql_real_escape_string($v)."',"; - } - - $return = preg_replace( "/,$/" , "" , $return ); - - return $return; -} ?> Index: include/distributions.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/distributions.php,v retrieving revision 1.8 diff -u -r1.8 distributions.php --- include/distributions.php 29 Jun 2006 15:54:29 -0000 1.8 +++ include/distributions.php 4 Jul 2006 03:06:52 -0000 @@ -123,10 +123,8 @@ { return; } - $sUpdate = compile_update_string(array( 'name' => $this->sName, - 'url' => $this->sUrl )); - if(query_parameters("UPDATE distributions SET ".$sUpdate." WHERE distributionId = '?'", - $this->iDistributionId)) + if(query_parameters("UPDATE distributions SET name = '?', url = '?' WHERE distributionId = '?'", + $this->sName, $this->sUrl, $this->iDistributionId)) { $this->SendNotificationMail("edit"); return true; Index: include/testResults.php =================================================================== RCS file: /opt/cvs-commit/appdb/include/testResults.php,v retrieving revision 1.27 diff -u -r1.27 testResults.php --- include/testResults.php 4 Jul 2006 02:52:39 -0000 1.27 +++ include/testResults.php 4 Jul 2006 03:06:53 -0000 @@ -106,19 +106,30 @@ return; } - $sUpdate = compile_update_string(array( 'versionId' => $this->iVersionId, - 'whatWorks' => $this->sWhatWorks, - 'whatDoesnt' => $this->sWhatDoesnt, - 'whatNotTested' => $this->sWhatNotTested, - 'testedDate' => $this->sTestedDate, - 'distributionId' => $this->iDistributionId, - 'testedRelease' => $this->sTestedRelease, - 'installs' => $this->sInstalls, - 'runs' => $this->sRuns, - 'testedRating' => $this->sTestedRating, - 'comments' => $this->sComments)); - - if(query_parameters("UPDATE testResults SET ".$sUpdate." WHERE testingId = '?'", + if(query_parameters("UPDATE testResults SET + versionId = '?', + whatWorks = '?', + whatDoesnt = '?', + whatNotTested = '?', + testedDate = '?', + distributionId = '?', + testedRelease = '?', + installs = '?', + runs = '?', + testedRating = '?', + comments = '?' + WHERE testingId = '?'", + $this->iVersionId, + $this->sWhatWorks, + $this->sWhatDoesnt, + $this->sWhatNotTested, + $this->sTestedDate, + $this->iDistributionId, + $this->sTestedRelease, + $this->sInstalls, + $this->sRuns, + $this->sTestedRating, + $this->sComments, $this->iTestingId)) { if(!$bSilent)