From cc7a82756b4f4d7ab18e928527c37489adbaf564 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Tue, 07 Apr 2015 14:10:50 -0400
Subject: [PATCH] - rewrite of sql queries to new form

---
 interface/web/admin/software_package_install.php |   13 ++++++-------
 1 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/interface/web/admin/software_package_install.php b/interface/web/admin/software_package_install.php
index dd49f2e..80e1fe6 100644
--- a/interface/web/admin/software_package_install.php
+++ b/interface/web/admin/software_package_install.php
@@ -42,7 +42,7 @@
 $install_server_id = $app->functions->intval($_REQUEST['server_id']);
 $install_key = $app->db->quote(trim($_REQUEST['install_key']));
 
-$package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = '$package_name'");
+$package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = ?", $package_name);
 
 $install_key_verified = false;
 $message_err = '';
@@ -51,7 +51,7 @@
 //* verify the key
 if($package['package_installable'] == 'key' && $install_key != '') {
 
-	$repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$app->db->quote($package['software_repo_id']));
+	$repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ?", $package['software_repo_id']);
 
 	$client = new SoapClient(null, array('location' => $repo['repo_url'],
 			'uri'      => $repo['repo_url']));
@@ -71,8 +71,8 @@
 
 //* Install packages, if all requirements are fullfilled.
 if($install_server_id > 0 && $package_name != '' && ($package['package_installable'] == 'yes' || $install_key_verified == true)) {
-	$sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '".$app->db->quote($package_name)."' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
-	$tmp = $app->db->queryOneRecord($sql);
+	$sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = ? ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
+	$tmp = $app->db->queryOneRecord($sql, $package_name);
 	$software_update_id = $tmp['software_update_id'];
 
 	//* if package requires a DB and there is no data for a db in config, then we create this data now
@@ -119,9 +119,8 @@
 			$app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);
 
 			$sql = "INSERT INTO `remote_user` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `remote_username`, `remote_password`, `remote_functions`) VALUES
-					(1, 1, 'riud', 'riud', '', '".$app->db->quote($remote_user)."', '".$app->db->quote($remote_password_md5)."', '".$app->db->quote($remote_functions)."');";
-
-			$app->db->query($sql);
+					(1, 1, 'riud', 'riud', '', ?, ?, ?)";
+			$app->db->query($sql, $remote_user, $remote_password_md5, $remote_functions);
 
 		}
 

--
Gitblit v1.9.1