Skip to content

Commit 9d98337

Browse files
author
Marius Cramer
committed
- fixed some typos in sql queries
1 parent 0757327 commit 9d98337

File tree

9 files changed

+15
-15
lines changed

9 files changed

+15
-15
lines changed

interface/lib/classes/auth.inc.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -114,7 +114,7 @@ public function remove_group_from_user($userid, $groupid) {
114114
$groupid = $app->functions->intval($groupid);
115115

116116
if($userid > 0 && $groupid > 0) {
117-
$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ", $userid);
117+
$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $userid);
118118
$groups = explode(',', $user['groups']);
119119
$key = array_search($groupid, $groups);
120120
unset($groups[$key]);

interface/lib/classes/custom_datasource.inc.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ function dns_servers($field, $record) {
4747
if($_SESSION["s"]["user"]["typ"] == 'user') {
4848
// Get the limits of the client
4949
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
50-
$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
50+
$client = $app->db->queryOneRecord("SELECT default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
5151
$sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
5252
} else {
5353
$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";
@@ -69,7 +69,7 @@ function slave_dns_servers($field, $record) {
6969
if($_SESSION["s"]["user"]["typ"] == 'user') {
7070
// Get the limits of the client
7171
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
72-
$client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
72+
$client = $app->db->queryOneRecord("SELECT default_slave_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
7373
$sql = "SELECT server_id,server_name FROM server WHERE server_id = ?";
7474
} else {
7575
$sql = "SELECT server_id,server_name FROM server WHERE dns_server = 1 ORDER BY server_name";

interface/lib/classes/remote.d/client.inc.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -400,10 +400,10 @@ public function client_delete_everything($session_id, $client_id)
400400
$app->auth->remove_group_from_user($parent_user['userid'], $client_group['groupid']);
401401

402402
//* delete the group of the client
403-
$app->db->query("DELETE FROM sys_group WHERE client_id = ", $client_id);
403+
$app->db->query("DELETE FROM sys_group WHERE client_id = ?", $client_id);
404404

405405
//* delete the sys user(s) of the client
406-
$app->db->query("DELETE FROM sys_user WHERE client_id = ", $client_id);
406+
$app->db->query("DELETE FROM sys_user WHERE client_id = ?", $client_id);
407407

408408
//* Delete all records (sub-clients, mail, web, etc....) of this client.
409409
$tables = 'client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain,web_traffic';
@@ -413,7 +413,7 @@ public function client_delete_everything($session_id, $client_id)
413413
if($client_group_id > 1) {
414414
foreach($tables_array as $table) {
415415
if($table != '') {
416-
$records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ", $client_group_id);
416+
$records = $app->db->queryAllRecords("SELECT * FROM $table WHERE sys_groupid = ?", $client_group_id);
417417
//* find the primary ID of the table
418418
$table_info = $app->db->tableInfo($table);
419419
$index_field = '';

interface/web/client/client_del.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ function onDelete() {
7474

7575
$this->dataRecord = $app->tform->getDataRecord($this->id);
7676
$client_id = $app->functions->intval($this->dataRecord['client_id']);
77-
$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ", $client_id);
77+
$client_group = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ?", $client_id);
7878

7979
// Get all records (sub-clients, mail, web, etc....) of this client.
8080
$tables = 'cron,client,dns_rr,dns_soa,dns_slave,ftp_user,mail_access,mail_content_filter,mail_domain,mail_forwarding,mail_get,mail_user,mail_user_filter,shell_user,spamfilter_users,support_message,web_database,web_database_user,web_domain';

interface/web/client/domain_edit.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ function onShowEnd() {
9797
} else {
9898
// Get the limits of the client
9999
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
100-
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
100+
$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
101101

102102
// Fill the client select field
103103
$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";

interface/web/login/index.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,7 @@ public function render() {
109109
$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
110110
$tmp = $app->db->queryOneRecord($sql, $username, $passwort);
111111
$client_group_id = $app->functions->intval($tmp['default_group']);
112-
$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
112+
$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
113113

114114
if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) {
115115
die("You don't have the right to 'login as' this user!");
@@ -125,7 +125,7 @@ public function render() {
125125
} elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) {
126126
/* a reseller wants to 'login as', we need to check if he is allowed to */
127127
$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
128-
$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $res_client_group_id);
128+
$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $res_client_group_id);
129129

130130
/* this is the user the reseller wants to 'login as' */
131131
$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";

interface/web/mail/xmpp_user_edit.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -112,12 +112,12 @@ function onSubmit() {
112112
if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
113113
// Get the limits of the client
114114
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
115-
$client = $app->db->queryOneRecord("SELECT limit_xmpp_user, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
115+
$client = $app->db->queryOneRecord("SELECT limit_xmpp_user, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
116116

117117

118118
// Check if the user may add another xmpp user.
119119
if($this->id == 0 && $client["limit_xmpp_user"] >= 0) {
120-
$tmp = $app->db->queryOneRecord("SELECT count(xmppuser_id) as number FROM xmpp_user WHERE sys_groupid = ", $client_group_id);
120+
$tmp = $app->db->queryOneRecord("SELECT count(xmppuser_id) as number FROM xmpp_user WHERE sys_groupid = ?", $client_group_id);
121121
if($tmp["number"] >= $client["limit_xmpp_user"]) {
122122
$app->tform->errorMessage .= $app->tform->lng("limit_xmpp_user_txt")."<br>";
123123
}

interface/web/sites/cron_edit.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -87,15 +87,15 @@ function onSubmit() {
8787
if($_SESSION["s"]["user"]["typ"] != 'admin') {
8888
// Get the limits of the client
8989
$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
90-
$client = $app->db->queryOneRecord("SELECT limit_cron, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ", $client_group_id);
90+
$client = $app->db->queryOneRecord("SELECT limit_cron, limit_cron_type FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
9191

9292
// When the record is updated
9393
if($this->id > 0) {
9494
// When the record is inserted
9595
} else {
9696
// Check if the user may add another cron job.
9797
if($client["limit_cron"] >= 0) {
98-
$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM cron WHERE sys_groupid = ", $client_group_id);
98+
$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM cron WHERE sys_groupid = ?", $client_group_id);
9999
if($tmp["number"] >= $client["limit_cron"]) {
100100
$app->error($app->tform->wordbook["limit_cron_txt"]);
101101
}

interface/web/sites/database_edit.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,7 @@ function onSubmit() {
174174
if($_SESSION["s"]["user"]["typ"] != 'admin') {
175175
// Get the limits of the client
176176
$client_group_id = $_SESSION["s"]["user"]["default_group"];
177-
$client = $app->db->queryOneRecord("SELECT db_servers, limit_database, limit_database_quota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.groupid = ", $client_group_id);
177+
$client = $app->db->queryOneRecord("SELECT db_servers, limit_database, limit_database_quota, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.groupid = ?", $client_group_id);
178178

179179
// When the record is updated
180180
if($this->id > 0) {

0 commit comments

Comments
 (0)