From 2af58c77572fbc32c1c617764ebdd0252be24292 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Tue, 14 Apr 2015 12:54:42 -0400
Subject: [PATCH] - finished rewriting of sql statements
---
interface/web/vm/openvz_action.php | 53 ++++++++++++-----------------------------------------
1 files changed, 12 insertions(+), 41 deletions(-)
diff --git a/interface/web/vm/openvz_action.php b/interface/web/vm/openvz_action.php
index 6e090d7..757f55e 100644
--- a/interface/web/vm/openvz_action.php
+++ b/interface/web/vm/openvz_action.php
@@ -17,7 +17,7 @@
if($vm_id == 0) die('Invalid VM ID');
-$vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = $vm_id");
+$vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = ?", $vm_id);
$veid = $app->functions->intval($vm['veid']);
$server_id = $app->functions->intval($vm['server_id']);
@@ -47,15 +47,8 @@
//* Start the virtual machine
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", ".
- time() . ", ".
- "'openvz_start_vm', ".
- $veid.", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'openvz_start_vm', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $veid);
$app->tpl->setVar('msg', $wb['start_exec_txt']);
$options['start_option_enabled'] = 'checked="checked"';
@@ -64,15 +57,8 @@
//* Stop the virtual machine
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", ".
- time() . ", ".
- "'openvz_stop_vm', ".
- $veid.", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'openvz_stop_vm', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $veid);
$app->tpl->setVar('msg', $wb['stop_exec_txt']);
$options['stop_option_enabled'] = 'checked="checked"';
@@ -81,15 +67,8 @@
//* Restart the virtual machine
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", ".
- time() . ", ".
- "'openvz_restart_vm', ".
- $veid.", ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'openvz_restart_vm', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $veid);
$app->tpl->setVar('msg', $wb['restart_exec_txt']);
$options['restart_option_enabled'] = 'checked="checked"';
@@ -104,30 +83,22 @@
}
//* Quote name
- $ostemplate_name = $app->db->quote($ostemplate_name);
//* Check for duplicates
- $tmp = $app->db->queryOneRecord("SELECT count(ostemplate_id) as number FROM openvz_ostemplate WHERE template_file = '$ostemplate_name'");
+ $tmp = $app->db->queryOneRecord("SELECT count(ostemplate_id) as number FROM openvz_ostemplate WHERE template_file = ?", $ostemplate_name);
if($tmp['number'] > 0) $error_msg .= $wb['ostemplate_name_unique_error'].'<br />';
unset($tmp);
if($error_msg == '') {
//* Create ostemplate action
$sql = "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
- "VALUES (".
- (int)$server_id . ", ".
- time() . ", ".
- "'openvz_create_ostpl', ".
- "'".$veid.":".$ostemplate_name."', ".
- "'pending', ".
- "''".
- ")";
- $app->db->query($sql);
+ "VALUES (?, UNIX_TIMESTAMP(), 'openvz_create_ostpl', ?, 'pending', '')";
+ $app->db->query($sql, $server_id, $veid.":".$ostemplate_name);
//* Create a record in the openvz_ostemplate table
$sql = "INSERT INTO `openvz_ostemplate` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `template_name`, `template_file`, `server_id`, `allservers`, `active`, `description`)
- VALUES(1, 1, 'riud', 'riud', '', '$ostemplate_name', '$ostemplate_name', $server_id, 'n', 'y', '')";
- $app->db->query($sql);
+ VALUES(1, 1, 'riud', 'riud', '', ?, ?, ?, 'n', 'y', '')";
+ $app->db->query($sql, $ostemplate_name, $ostemplate_name, $server_id);
$app->tpl->setVar('msg', $wb['ostemplate_exec_txt']);
$options['ostemplate_option_enabled'] = 'checked="checked"';
--
Gitblit v1.9.1