Changeset 175 for trunk/admin

Timestamp:

06/25/06 13:24:49 (2 years ago)

Author:

michiel

Message:

add mysql support

Files:

• trunk/admin/index.php (modified) (9 diffs)

trunk/admin/index.php

@@ -62 +62 @@
                 $timestamp_start = mktime(0,0,0,$options["month"],1,$options["year"]);
                 $timestamp_stop  = mktime(0,0,0,$options["month"]+1,1,$options["year"]);
-                $q1 = sprintf("WHERE date BETWEEN %d AND %d", $timestamp_start, $timestamp_stop);
+                $q1 = sprintf("WHERE %s BETWEEN %d AND %d", db_quote("date"), $timestamp_start, $timestamp_stop);
         } else {
                 $options["month"] = 0;
                 $options["year"]  = 0;
         }
+
         $res_count =& $db->query("SELECT COUNT(*) FROM articles $q1");
         $res_count->fetchInto($counter_r, DB_FETCHMODE_NUM);
         $counter = $counter_r[0];
-        $res =& $db->limitQuery("SELECT * FROM articles $q1 ORDER BY date DESC", (int)$options["top"], $options["limit"]);
+        $res =& $db->limitQuery(sprintf("SELECT * FROM articles $q1 ORDER BY %s DESC", db_quote("date")), (int)$options["top"], $options["limit"]);
         if (PEAR::isError($res)) {
-                die($res->getMessage());
+                die($res->getDebugInfo());
         }
         ?>
@@ -92 +93 @@
                         <?
                         /* find the first post we made so we know the start year */
-                        $sql1 = "SELECT date FROM articles ORDER BY date ASC";
+                        $sql1 = sprintf("SELECT %s FROM articles ORDER BY date ASC", db_quote("date"));
                         $res1 =& $db->limitQuery($sql1, 0, 1);
                         $res1->fetchInto($row1);
@@ -292 +293 @@
                 $r =& $db->query($sql);
                 $r->fetchInto($orig_post, DB_FETCHMODE_ASSOC);
-                $query  = sprintf("UPDATE articles SET title = '%s', body = '%s', categories_id = %d, active = %d, public = %d, aside = %d, mail_comments = %d, allowanoncomments = %d",
-                        preg_quote(strip_tags($post["title"]), "'"),
-                        preg_quote(_strip_tags($post["body"]), "'"),
-                        $post["categories_id"],
-                        $post["active"],
-                        $post["public"],
-                        $post["aside"],
-                        $post["mail_comments"],
-                        $post["allowanoncomments"]
+                $query  = sprintf("UPDATE articles SET %s = '%s', %s = '%s', %s = %d, %s = %d, %s = %d, %s = %d, %s = %d, %s = %d",
+                        db_quote("title"), preg_quote(strip_tags($post["title"]), "'"),
+                        db_quote("body"),  preg_quote(_strip_tags($post["body"]), "'"),
+                        db_quote("categories_id"), $post["categories_id"],
+                        db_quote("active"), $post["active"],
+                        db_quote("public"), $post["public"],
+                        db_quote("aside"), $post["aside"],
+                        db_quote("mail_comments"), $post["mail_comments"],
+                        db_quote("allowanoncomments"), $post["allowanoncomments"]
                 );
                 //if post was inactive, and now it's active, we don't update the "modified" fields in the database.
                 if ($post["active"]) {
                         if ($orig_post["active"]) {
-                                $query .= sprintf(", last_modified = %d", mktime());
-                                $query .= sprintf(", modified_by = %d", $_SESSION["author_id"]);                
+                                $query .= sprintf(", %s = %d", db_quote("last_modified"), mktime());
+                                $query .= sprintf(", %s = %d", db_quote("modified_by"), $_SESSION["author_id"]);                
                         }
                 }
                 //only update the date if it is not the same day as the posts original date
                 if (date("d", $orig_post["date"]) != $post["day"] || date("m", $orig_post["date"]) != $post["month"] || date("Y", $orig_post["date"]) != $post["year"]) {
-                        $query .= sprintf(", date = %d", mktime(date("H"), date("i"), date("s"), $post["month"], $post["day"], $post["year"]));
+                        $query .= sprintf(", %s = %d", db_quote("date"), mktime(date("H"), date("i"), date("s"), $post["month"], $post["day"], $post["year"]));
                 }
                 $query .= sprintf(", ping_sent = 1, tb_uri = '%s'", preg_quote($tb_uri, "'"));
                 $query .= sprintf(" WHERE id = %d", $post["id"]);
         } else {
-                $query  = "INSERT INTO articles (title, body, authors_id, categories_id, date, active, public, aside, mail_comments, ping_sent, tb_uri, allowanoncomments)";
+                $query  = sprintf("INSERT INTO articles (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
+                        db_quote("title"), db_quote("body"), db_quote("authors_id"), db_quote("categories_id"), db_quote("date"), db_quote("active"),
+                        db_quote("public"), db_quote("aside"), db_quote("mail_comments"), db_quote("ping_sent"), db_quote("tb_uri"), db_quote("allowanoncomments")
+                );
                 $query .= sprintf("VALUES ('%s', '%s', %d, %d, %d, %d, %d, %d, %d, %d, '%s', %d)",
                         preg_quote(strip_tags($post["title"]), "'"),
@@ -333 +337 @@
         if (!$post["id"]) {
                 /* this is a new post. fetch old data */
-                $sql = sprintf("SELECT id FROM articles WHERE title = '%s' AND body = '%s' AND authors_id = %d AND categories_id = %d",
-                        preg_quote(strip_tags($post["title"]), "'"),
-                        preg_quote(_strip_tags($post["body"]), "'"),
+                $sql = sprintf("SELECT id FROM articles WHERE %s = '%s' AND %s = '%s' AND authors_id = %d AND categories_id = %d",
+                        db_quote("title"), preg_quote(strip_tags($post["title"]), "'"),
+                        db_quote("body"),  preg_quote(_strip_tags($post["body"]), "'"),
                         $_SESSION["author_id"], $post["categories_id"]
                 );
@@ -485 +489 @@
         global $db;
         if ($cat["id"]) {
-                $query  = sprintf("UPDATE categories SET \"name\" = '%s', \"desc\" = '%s', active = %d, public = %d WHERE id = %d",
-                        preg_quote(strip_tags($cat["name"]), "'"),
-                        preg_quote(strip_tags($cat["description"]), "'"),
-                        $cat["active"],
-                        $cat["public"],
+                $query  = sprintf("UPDATE categories SET %s = '%s', %s = '%s', %s = %d, %s = %d WHERE id = %d",
+                        db_quote("name"),   preg_quote(strip_tags($cat["name"]), "'"),
+                        db_quote("desc"),   preg_quote(strip_tags($cat["description"]), "'"),
+                        db_quote("active"), $cat["active"],
+                        db_quote("public"), $cat["public"],
                         $cat["id"]
                 );
         } else {
-                $query  = sprintf("INSERT INTO categories (\"name\", \"desc\", active, public) VALUES ('%s', '%s', %d, %d)",
+                $query  = sprintf("INSERT INTO categories (%s, %s, %s, %s) VALUES ('%s', '%s', %d, %d)",
+                        db_quote("name"), db_quote("desc"), db_quote("active"), db_quote("public"),
                         preg_quote(strip_tags($cat["name"]), "'"),
                         preg_quote(strip_tags($cat["description"]), "'"),
@@ -601 +606 @@
         global $db;
         if ($acro["id"]) {
-                $query = sprintf("UPDATE acronyms SET acronym = '%s', description = '%s' WHERE id = %d",
-                        preg_quote(strip_tags($acro["acronym"]), "'"),
-                        preg_quote(_strip_tags($acro["description"]), "'"),
+                $query = sprintf("UPDATE acronyms SET %s = '%s', %s = '%s' WHERE id = %d",
+                        db_quote("acronym"), preg_quote(strip_tags($acro["acronym"]), "'"),
+                        db_quote("description"), preg_quote(_strip_tags($acro["description"]), "'"),
                         $acro["id"]
                 );
         } else {
-                $query = sprintf("INSERT INTO acronyms (acronym, description) VALUES ('%s', '%s')",
+                $query = sprintf("INSERT INTO acronyms (%s, %s) VALUES ('%s', '%s')",
+                        db_quote("acronym"), db_quote("description"),
                         preg_quote(strip_tags($acro["acronym"]), "'"),
                         preg_quote(_strip_tags($acro["description"]), "'")
@@ -761 +767 @@
         if (!$error) {
                 if ($author["id"]) {
-                        $query = sprintf("UPDATE authors SET fullname = '%s', email = '%s', website = '%s', active = %d",
-                                preg_quote(strip_tags($author["fullname"]), "'"),
-                                preg_quote(strip_tags($author["email"]), "'"),
-                                preg_quote(strip_tags($author["website"]), "'"),
-                                $author["active"]
+                        $query = sprintf("UPDATE authors SET %s = '%s', %s = '%s', %s = '%s', %s = %d",
+                                db_quote("fullname"), preg_quote(strip_tags($author["fullname"]), "'"),
+                                db_quote("email"),    preg_quote(strip_tags($author["email"]), "'"),
+                                db_quote("website"),  preg_quote(strip_tags($author["website"]), "'"),
+                                db_quote("active"),   $author["active"]
                         );
                         if (trim($author["password"])) {
-                                $query .= sprintf(", password = '%s'", trim(preg_quote(strip_tags($author["password"]), "'")));
+                                $query .= sprintf(", %s = '%s'", db_quote("password"), trim(preg_quote(strip_tags($author["password"]), "'")));
                         }
                         $query .= sprintf(" WHERE id = %d", $author["id"]);
                 } else {
-                        $query = sprintf("INSERT INTO authors (password, fullname, email, website, login, active) VALUES ('%s', '%s', '%s', '%s', '%s', %d)",
+                        $query = sprintf("INSERT INTO authors (%s, %s, %s, %s, %s, %s) VALUES ('%s', '%s', '%s', '%s', '%s', %d)",
+                                db_quote("password"), db_type("fullname"), db_type("email"), db_quote("website"), db_quote("login"), db_quote("active"),
                                 preg_quote(strip_tags(trim($author["password"])), "'"),
                                 preg_quote(strip_tags($author["fullname"]), "'"),
@@ -920 +927 @@
         //make sure we are not inserting double loginnames
         if (!$user["id"]) {
-                $res =& $db->query("SELECT COUNT(*) FROM blog_users WHERE username='".$user["username"]."'");
+                $res =& $db->query(sprintf("SELECT COUNT(*) FROM blog_users WHERE %s='%s'", db_quote("username"), $user["username"]));
                 $res->fetchInto($count);
                 if ($count[0]) {
@@ -928 +935 @@
         if (!$error) {
                 if ($user["id"]) {
-                        $query = sprintf("UPDATE blog_users SET realname = '%s', email = '%s', website = '%s', active = %d",
-                                preg_quote(strip_tags($user["realname"]), "'"),
-                                preg_quote(strip_tags($user["email"]), "'"),
-                                preg_quote(strip_tags($user["website"]), "'"),
-                                $user["active"]
+                        $query = sprintf("UPDATE blog_users SET %s = '%s', %s = '%s', %s = '%s', %s = %d",
+                                db_quote("realname"), preg_quote(strip_tags($user["realname"]), "'"),
+                                db_quote("email"),    preg_quote(strip_tags($user["email"]), "'"),
+                                db_quote("website"),  preg_quote(strip_tags($user["website"]), "'"),
+                                db_quote("active"),   $user["active"]
                         );
                         if (trim($user["password"])) {
-                                $query .= sprintf(", password = '%s'", trim(preg_quote(strip_tags($user["password"]), "'")));
+                                $query .= sprintf(", %s = '%s'", db_quote("password"), trim(preg_quote(strip_tags($user["password"]), "'")));
                         }
                         $query .= sprintf(" WHERE id = %d", $user["id"]);
                 } else {
-                        $query = sprintf("INSERT INTO blog_users (password, realname, email, website, username, active) VALUES ('%s', '%s', '%s', '%s', '%s', %d)",
+                        $query = sprintf("INSERT INTO blog_users (%s, %s, %s, %s, %s, %s) VALUES ('%s', '%s', '%s', '%s', '%s', %d)",
+                                db_quote("password"), db_quote("realname"), db_quote("email"), db_quote("website"), db_quote("username"), db_quote("active"),
                                 preg_quote(strip_tags(trim($user["password"])), "'"),
                                 preg_quote(strip_tags($user["realname"]), "'"),