- rewrite of sql queries to new form

Author: Marius Cramer

helper_scripts/recreate_webalizer_stats.php

@@ -5,8 +5,8 @@
 //######################################################################################################
 
 
-$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ".$conf["server_id"];
-$records = $app->db->queryAllRecords($sql);
+$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ?";
+$records = $app->db->queryAllRecords($sql, $conf["server_id"]);
 foreach($records as $rec) {
 	$domain = escapeshellcmd($rec["domain"]);
 	$logdir = escapeshellcmd($rec["document_root"].'/log');

install/apps/metronome_libs/mod_auth_external/db_auth.php

@@ -17,7 +17,7 @@
 
     // check for existing user
     $dbmail = $db->real_escape_string($arg_email);
-    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
+    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
     result_false($result->num_rows != 1);
 
     $user = $result->fetch_object();

install/apps/metronome_libs/mod_auth_external/db_isuser.php

@@ -15,7 +15,7 @@
 
     // check for existing user
     $dbmail = $db->real_escape_string($arg_email);
-    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
+    $result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
     result_false($result->num_rows != 1);
     result_true();
 

install/dist/lib/gentoo.lib.php

@@ -229,7 +229,7 @@ public function configure_dovecot()
 
 		// check if virtual_transport must be changed
 		if ($this->is_update) {
-			$tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
+			$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].".server", $conf['server_id']);
 			$ini_array = ini_to_array(stripslashes($tmp['config']));
 			// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
 
@@ -421,13 +421,13 @@ public function configure_powerdns()
 		global $conf;
 
 		//* Create the database
-		if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {
+		if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {
 			$this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');
 		}
 
 		//* Create the ISPConfig database user in the local database
-		$query = 'GRANT ALL ON `'.$conf['powerdns']['database'].'` . * TO \''.$conf['mysql']['ispconfig_user'].'\'@\'localhost\';';
-		if(!$this->db->query($query)) {
+		$query = 'GRANT ALL ON ??.* TO ?@?';
+		if(!$this->db->query($query, $conf['powerdns']['database'], $conf['mysql']['ispconfig_user'], 'localhost')) {
 			$this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);
 		}
 
@@ -537,21 +537,6 @@ public function configure_apache()
 
 
 		//* Copy the ISPConfig configuration include
-		/*
-		$content = $this->get_template_file('apache_ispconfig.conf', true);
-
-		$records = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'");
-		if(is_array($records) && count($records) > 0)
-		{
-			foreach($records as $rec) {
-				$content .= "NameVirtualHost ".$rec["ip_address"].":80\n";
-				$content .= "NameVirtualHost ".$rec["ip_address"].":443\n";
-			}
-		}
-
-		$this->write_config_file($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $content);
-		*/
-		
 		$tpl = new tpl('apache_ispconfig.conf.master');
 		$tpl->setVar('apache_version',getapacheversion());
 

install/uninstall.php

@@ -60,14 +60,6 @@
 
 	echo "\n\n>> Uninstalling ISPConfig 3... \n\n";
 
-	// Delete the ISPConfig database
-	// $app->db->query("DROP DATABASE '".$conf["db_database"]."'");
-	// $app->db->query("DELETE FROM mysql.user WHERE User = 'ispconfig'");
-	
-//	exec("/etc/init.d/mysql stop");
-//	exec("rm -rf /var/lib/mysql/".$conf["db_database"]);
-//	exec("/etc/init.d/mysql start");
-
 	$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
 	if (!$link) {
 		echo "Unable to connect to the database'.mysql_error($link)";

interface/lib/app.inc.php

@@ -155,15 +155,15 @@ public function load($files) {
 
 	public function conf($plugin, $key, $value = null) {
 		if(is_null($value)) {
-			$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
+			$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
 			if($tmpconf) return $tmpconf['value'];
 			else return null;
 		} else {
 			if($value === false) {
-				$this->db->query("DELETE FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
+				$this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
 				return null;
 			} else {
-				$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES ('" . $this->db->quote($plugin) . "', '" . $this->db->quote($key) . "', '" . $this->db->quote($value) . "')");
+				$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);
 				return $value;
 			}
 		}
@@ -179,8 +179,8 @@ public function log($msg, $priority = 0) {
 			$server_id = 0;
 			$priority = $this->functions->intval($priority);
 			$tstamp = time();
-			$msg = $this->db->quote('[INTERFACE]: '.$msg);
-			$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ($server_id,0,$priority,$tstamp,'$msg')");
+			$msg = '[INTERFACE]: '.$msg;
+			$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);
 			/*
 			if (is_writable($this->_conf['log_file'])) {
 				if (!$fp = fopen ($this->_conf['log_file'], 'a')) {

interface/lib/classes/aps_crawler.inc.php

@@ -356,14 +356,7 @@ public function startCrawler()
 										$old_folder = $this->interface_pkg_dir.'/'.$app_name.'-'.$ex_ver.'.app.zip';
 										if(file_exists($old_folder)) $this->removeDirectory($old_folder);
 
-										/*
-										$app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_OUTDATED."' WHERE name = '".
-											$app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
-											$app->db->quote($ex_ver)."';");
-										*/
-										$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = '".
-											$app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
-											$app->db->quote($ex_ver)."';");
+										$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = ? AND CONCAT(version, '-', CAST(`release` AS CHAR)) = ?", $app_name, $ex_ver);
 										$app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_OUTDATED, 'id', $tmp['id']);
 										unset($tmp);
 									}
@@ -539,13 +532,11 @@ public function parseFolderToDB()
 
 			// Get registered packages and mark non-existant packages with an error code to omit the install
 			$existing_packages = array();
-			$path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages;');
+			$path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages');
 			foreach($path_query as $path) $existing_packages[] = $path['Path'];
 			$diff = array_diff($existing_packages, $pkg_list);
 			foreach($diff as $todelete) {
-				/*$app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_ERROR_NOMETA."'
-                    WHERE path = '".$app->db->quote($todelete)."';");*/
-				$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = '".$app->db->quote($todelete)."';");
+				$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = ?", $todelete);
 				$app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_ERROR_NOMETA, 'id', $tmp['id']);
 				unset($tmp);
 			}
@@ -576,13 +567,6 @@ public function parseFolderToDB()
 				//$pkg_url = $this->app_download_url_list[$pkg];
 				$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$pkg.'/PKG_URL');
 
-				/*
-                $app->db->query("INSERT INTO `aps_packages`
-                    (`path`, `name`, `category`, `version`, `release`, `package_status`) VALUES
-                    ('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."',
-                    '".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."',
-                    ".$app->db->quote($pkg_release).", ".PACKAGE_ENABLED.");");
-				*/
 				// Insert only if data is complete
 				if($pkg != '' && $pkg_name != '' && $pkg_category != '' && $pkg_version != '' && $pkg_release != '' && $pkg_url){
 					$insert_data = "(`path`, `name`, `category`, `version`, `release`, `package_url`, `package_status`) VALUES
@@ -619,7 +603,7 @@ public function fixURLs()
 			// This method must be used in interface mode
 			if(!$this->interface_mode) return false;
 
-			$incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ''");
+			$incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ?", '');
 			if(is_array($incomplete_pkgs) && !empty($incomplete_pkgs)){
 				foreach($incomplete_pkgs as $incomplete_pkg){
 					$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');