From 528ac3b8fac377fc10c20c167f42d92a711eb722 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Thu, 03 May 2012 10:00:53 -0400
Subject: [PATCH] - Fixed FS#2197.
---
interface/lib/classes/db_mysql.inc.php | 70 +++++++++++++----------------------
1 files changed, 26 insertions(+), 44 deletions(-)
diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
index 471af6f..a5881dc 100644
--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -150,14 +150,12 @@
}
- // Check der variablen
- // Really.. using quote should be phased out in favor of using bind_param's. Though, for legacy code..
- // here's the equivalent
+ //* Function to quote strings
public function quote($formfield) {
return $this->escape_string($formfield);
}
- // Check der variablen
+ //* Function to unquotae strings
public function unquote($formfield) {
return stripslashes($formfield);
}
@@ -171,44 +169,6 @@
}
return $out;
}
-
- /*
- //* These functions are deprecated and will be removed.
- function insert($tablename,$form,$debug = 0)
- {
- if(is_array($form)){
- foreach($form as $key => $value)
- {
- $sql_key .= "$key, ";
- $sql_value .= "'".$this->check($value)."', ";
- }
- $sql_key = substr($sql_key,0,strlen($sql_key) - 2);
- $sql_value = substr($sql_value,0,strlen($sql_value) - 2);
-
- $sql = "INSERT INTO $tablename (" . $sql_key . ") VALUES (" . $sql_value .")";
-
- if($debug == 1) echo "SQL-Statement: ".$sql."<br><br>";
- $this->query($sql);
- if($debug == 1) echo "mySQL Error Message: ".$this->errorMessage;
- }
- }
-
- function update($tablename,$form,$bedingung,$debug = 0)
- {
-
- if(is_array($form)){
- foreach($form as $key => $value)
- {
- $insql .= "$key = '".$this->check($value)."', ";
- }
- $insql = substr($insql,0,strlen($insql) - 2);
- $sql = "UPDATE $tablename SET " . $insql . " WHERE $bedingung";
- if($debug == 1) echo "SQL-Statement: ".$sql."<br><br>";
- $this->query($sql);
- if($debug == 1) echo "mySQL Error Message: ".$this->errorMessage;
- }
- }
- */
public function diffrec($record_old, $record_new) {
$diffrec_full = array();
@@ -286,9 +246,21 @@
//** Inserts a record and saves the changes into the datalog
public function datalogInsert($tablename, $insert_data, $index_field) {
global $app;
+
+ if(is_array($insert_data)) {
+ $key_str = '';
+ $val_str = '';
+ foreach($insert_data as $key => $val) {
+ $key_str .= "`".$key ."`,";
+ $val_str .= "'".$this->quote($val)."',";
+ }
+ $insert_data_str = '('.$key_str.') VALUES ('.$val_str.')';
+ } else {
+ $insert_data_str = $insert_data;
+ }
$old_rec = array();
- $this->query("INSERT INTO $tablename $insert_data");
+ $this->query("INSERT INTO $tablename $insert_data_str");
$index_value = $this->insertID();
$new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
$this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);
@@ -298,13 +270,23 @@
//** Updates a record and saves the changes into the datalog
public function datalogUpdate($tablename, $update_data, $index_field, $index_value, $force_update = false) {
- global $app;
+ global $app;
if($force_update == true) {
$old_rec = array();
} else {
$old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
}
+
+ if(is_array($update_data)) {
+ $update_data_str = '';
+ foreach($update_data as $key => $val) {
+ $update_data_str .= "`".$key ."` = '".$this->quote($val)."',";
+ }
+ } else {
+ $update_data_str = $update_data;
+ }
+
$this->query("UPDATE $tablename SET $update_data WHERE $index_field = '$index_value'");
$new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
$this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec);
--
Gitblit v1.9.1