Skip to content

Commit aa365c4

Browse files
author
root
committed
fixed sql-syntax
1 parent 634132a commit aa365c4

File tree

2 files changed

+10
-24
lines changed

2 files changed

+10
-24
lines changed

interface/lib/classes/plugin_backuplist.inc.php

Lines changed: 7 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -85,8 +85,8 @@ function onShow() {
8585
$server_id = $this->form->dataRecord['server_id'];
8686
$backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
8787
if($backup['server_id'] > 0) $server_id = $backup['server_id'];
88-
$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore' AND action_param = '$backup_id'";
89-
$tmp = $app->db->queryOneRecord($sql);
88+
$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore' AND action_param = ?";
89+
$tmp = $app->db->queryOneRecord($sql, $backup_id);
9090
if($tmp['number'] == 0) {
9191
$message .= $wb['restore_info_txt'];
9292
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
@@ -98,22 +98,15 @@ function onShow() {
9898
}
9999
if($_GET['backup_action'] == 'delete' && $backup_id > 0) {
100100
$server_id = $this->form->dataRecord['server_id'];
101-
$backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ".$backup_id);
101+
$backup = $app->db->queryOneRecord("SELECT * FROM web_backup WHERE backup_id = ?", $backup_id);
102102
if($backup['server_id'] > 0) $server_id = $backup['server_id'];
103-
$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_delete' AND action_param = '$backup_id'";
104-
$tmp = $app->db->queryOneRecord($sql);
103+
$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_delete' AND action_param = ?";
104+
$tmp = $app->db->queryOneRecord($sql, $backup_id);
105105
if($tmp['number'] == 0) {
106106
$message .= $wb['delete_info_txt'];
107107
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
108-
"VALUES (".
109-
(int)$server_id . ", " .
110-
time() . ", " .
111-
"'backup_delete', " .
112-
"'".$backup_id."', " .
113-
"'pending', " .
114-
"''" .
115-
")";
116-
$app->db->query($sql);
108+
"VALUES (?, UNIX_TIMESTAMP(), 'backup_delete', ?, 'pending', '')";
109+
$app->db->query($sql, $server_id, $backup_id);
117110
} else {
118111
$error .= $wb['delete_pending_txt'];
119112
}

interface/lib/classes/plugin_backuplist_mail.inc.php

Lines changed: 3 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ function onShow() {
6262
if($tmp['number'] == 0) {
6363
$message .= $wb['restore_info_txt'];
6464
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
65-
"VALUES (?, ? 'backup_restore_mail', ?, 'pending','')";
65+
"VALUES (?, ?, 'backup_restore_mail', ?, 'pending','')";
6666
$app->db->query($sql, $this->form->dataRecord['server_id'], time(), $backup_id);
6767
} else {
6868
$error .= $wb['restore_pending_txt'];
@@ -75,15 +75,8 @@ function onShow() {
7575
if($tmp['number'] == 0) {
7676
$message .= $wb['delete_info_txt'];
7777
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
78-
"VALUES (".
79-
(int)$this->form->dataRecord['server_id'] . ", " .
80-
time() . ", " .
81-
"'backup_delete_mail', " .
82-
"'".$backup_id."', " .
83-
"'pending', " .
84-
"''" .
85-
")";
86-
$app->db->query($sql);
78+
"VALUES (?, ?, 'backup_delete_mail, ?, 'pending', '')";
79+
$app->db->query($sql, $this->form->dataRecord['server_id'], time(), $backup_id);
8780
} else {
8881
$error .= $wb['delete_pending_txt'];
8982
}

0 commit comments

Comments
 (0)