more removal of exra quotes

This commit is contained in:
Isaac Connor 2013-10-17 15:54:17 -04:00
parent 36c4fad644
commit 0979830b91
1 changed files with 60 additions and 60 deletions

View File

@ -87,23 +87,23 @@ if ( !empty($action) )
$_REQUEST['filter']['sort_field'] = validStr($_REQUEST['sort_field']); $_REQUEST['filter']['sort_field'] = validStr($_REQUEST['sort_field']);
$_REQUEST['filter']['sort_asc'] = validStr($_REQUEST['sort_asc']); $_REQUEST['filter']['sort_asc'] = validStr($_REQUEST['sort_asc']);
$_REQUEST['filter']['limit'] = validInt($_REQUEST['limit']); $_REQUEST['filter']['limit'] = validInt($_REQUEST['limit']);
$sql = "replace into Filters set Name = '".dbEscape($filterName)."', Query = '".dbEscape(jsonEncode($_REQUEST['filter']))."'"; $sql = "replace into Filters set Name = ".dbEscape($filterName).", Query = ".dbEscape(jsonEncode($_REQUEST['filter']));
if ( !empty($_REQUEST['autoArchive']) ) if ( !empty($_REQUEST['autoArchive']) )
$sql .= ", AutoArchive = '".dbEscape($_REQUEST['autoArchive'])."'"; $sql .= ", AutoArchive = ".dbEscape($_REQUEST['autoArchive']);
if ( !empty($_REQUEST['autoVideo']) ) if ( !empty($_REQUEST['autoVideo']) )
$sql .= ", AutoVideo = '".dbEscape($_REQUEST['autoVideo'])."'"; $sql .= ", AutoVideo = ".dbEscape($_REQUEST['autoVideo']);
if ( !empty($_REQUEST['autoUpload']) ) if ( !empty($_REQUEST['autoUpload']) )
$sql .= ", AutoUpload = '".dbEscape($_REQUEST['autoUpload'])."'"; $sql .= ", AutoUpload = ".dbEscape($_REQUEST['autoUpload']);
if ( !empty($_REQUEST['autoEmail']) ) if ( !empty($_REQUEST['autoEmail']) )
$sql .= ", AutoEmail = '".dbEscape($_REQUEST['autoEmail'])."'"; $sql .= ", AutoEmail = ".dbEscape($_REQUEST['autoEmail']);
if ( !empty($_REQUEST['autoMessage']) ) if ( !empty($_REQUEST['autoMessage']) )
$sql .= ", AutoMessage = '".dbEscape($_REQUEST['autoMessage'])."'"; $sql .= ", AutoMessage = ".dbEscape($_REQUEST['autoMessage']);
if ( !empty($_REQUEST['autoExecute']) && !empty($_REQUEST['autoExecuteCmd']) ) if ( !empty($_REQUEST['autoExecute']) && !empty($_REQUEST['autoExecuteCmd']) )
$sql .= ", AutoExecute = '".dbEscape($_REQUEST['autoExecute'])."', AutoExecuteCmd = '".dbEscape($_REQUEST['autoExecuteCmd'])."'"; $sql .= ", AutoExecute = ".dbEscape($_REQUEST['autoExecute']).", AutoExecuteCmd = ".dbEscape($_REQUEST['autoExecuteCmd']);
if ( !empty($_REQUEST['autoDelete']) ) if ( !empty($_REQUEST['autoDelete']) )
$sql .= ", AutoDelete = '".dbEscape($_REQUEST['autoDelete'])."'"; $sql .= ", AutoDelete = ".dbEscape($_REQUEST['autoDelete']);
if ( !empty($_REQUEST['background']) ) if ( !empty($_REQUEST['background']) )
$sql .= ", Background = '".dbEscape($_REQUEST['background'])."'"; $sql .= ", Background = ".dbEscape($_REQUEST['background']);
dbQuery( $sql ); dbQuery( $sql );
$refreshParent = true; $refreshParent = true;
} }
@ -116,20 +116,20 @@ if ( !empty($action) )
{ {
if ( $action == "rename" && isset($_REQUEST['eventName']) && !empty($_REQUEST['eid']) ) if ( $action == "rename" && isset($_REQUEST['eventName']) && !empty($_REQUEST['eid']) )
{ {
dbQuery( "update Events set Name = '".dbEscape($_REQUEST['eventName'])."' where Id = '".dbEscape($_REQUEST['eid'])."'" ); dbQuery( "update Events set Name = ".dbEscape($_REQUEST['eventName'])." where Id = ".dbEscape($_REQUEST['eid']) );
} }
else if ( $action == "eventdetail" ) else if ( $action == "eventdetail" )
{ {
if ( !empty($_REQUEST['eid']) ) if ( !empty($_REQUEST['eid']) )
{ {
dbQuery( "update Events set Cause = '".dbEscape($_REQUEST['newEvent']['Cause'])."', Notes = '".dbEscape($_REQUEST['newEvent']['Notes'])."' where Id = '".dbEscape($_REQUEST['eid'])."'" ); dbQuery( "update Events set Cause = ".dbEscape($_REQUEST['newEvent']['Cause']).", Notes = ".dbEscape($_REQUEST['newEvent']['Notes'])." where Id = ".dbEscape($_REQUEST['eid']) );
$refreshParent = true; $refreshParent = true;
} }
else else
{ {
foreach( getAffectedIds( 'markEid' ) as $markEid ) foreach( getAffectedIds( 'markEid' ) as $markEid )
{ {
dbQuery( "update Events set Cause = '".dbEscape($_REQUEST['newEvent']['Cause'])."', Notes = '".dbEscape($_REQUEST['newEvent']['Notes'])."' where Id = '".dbEscape($markEid)."'" ); dbQuery( "update Events set Cause = ".dbEscape($_REQUEST['newEvent']['Cause']).", Notes = ".dbEscape($_REQUEST['newEvent']['Notes'])." where Id = ".dbEscape($markEid) );
$refreshParent = true; $refreshParent = true;
} }
} }
@ -139,13 +139,13 @@ if ( !empty($action) )
$archiveVal = ($action == "archive")?1:0; $archiveVal = ($action == "archive")?1:0;
if ( !empty($_REQUEST['eid']) ) if ( !empty($_REQUEST['eid']) )
{ {
dbQuery( "update Events set Archived = $archiveVal where Id = '".dbEscape($_REQUEST['eid'])."'" ); dbQuery( "update Events set Archived = $archiveVal where Id = ".dbEscape($_REQUEST['eid']) );
} }
else else
{ {
foreach( getAffectedIds( 'markEid' ) as $markEid ) foreach( getAffectedIds( 'markEid' ) as $markEid )
{ {
dbQuery( "update Events set Archived = $archiveVal where Id = '".dbEscape($markEid)."'" ); dbQuery( "update Events set Archived = $archiveVal where Id = ".dbEscape($markEid) );
$refreshParent = true; $refreshParent = true;
} }
} }
@ -159,7 +159,7 @@ if ( !empty($action) )
} }
if ( !empty($_REQUEST['fid']) ) if ( !empty($_REQUEST['fid']) )
{ {
dbQuery( "delete from Filters where Name = '".dbEscape($_REQUEST['fid'])."'" ); dbQuery( "delete from Filters where Name = ".dbEscape($_REQUEST['fid']) );
//$refreshParent = true; //$refreshParent = true;
} }
} }
@ -172,7 +172,7 @@ if ( !empty($action) )
$mid = validInt($_REQUEST['mid']); $mid = validInt($_REQUEST['mid']);
if ( $action == "control" ) if ( $action == "control" )
{ {
$monitor = dbFetchOne( "select C.*,M.* from Monitors as M inner join Controls as C on (M.ControlId = C.Id) where M.Id = '".dbEscape($mid)."'" ); $monitor = dbFetchOne( "select C.*,M.* from Monitors as M inner join Controls as C on (M.ControlId = C.Id) where M.Id = ".dbEscape($mid) );
$ctrlCommand = buildControlCommand( $monitor ); $ctrlCommand = buildControlCommand( $monitor );
@ -226,7 +226,7 @@ if ( !empty($action) )
{ {
if ( !empty($_REQUEST['cid']) ) if ( !empty($_REQUEST['cid']) )
{ {
$control = dbFetchOne( "select * from Controls where Id = '".dbEscape($_REQUEST['cid'])."'" ); $control = dbFetchOne( "select * from Controls where Id = ".dbEscape($_REQUEST['cid']) );
} }
else else
{ {
@ -252,7 +252,7 @@ if ( !empty($action) )
{ {
if ( !empty($_REQUEST['cid']) ) if ( !empty($_REQUEST['cid']) )
{ {
dbQuery( "update Controls set ".implode( ", ", $changes )." where Id = '".dbEscape($_REQUEST['cid'])."'" ); dbQuery( "update Controls set ".implode( ", ", $changes )." where Id = ".dbEscape($_REQUEST['cid']) );
} }
else else
{ {
@ -269,8 +269,8 @@ if ( !empty($action) )
{ {
foreach( $_REQUEST['markCids'] as $markCid ) foreach( $_REQUEST['markCids'] as $markCid )
{ {
dbQuery( "delete from Controls where Id = '".dbEscape($markCid)."'" ); dbQuery( "delete from Controls where Id = ".dbEscape($markCid) );
dbQuery( "update Monitors set Controllable = 0, ControlId = 0 where ControlId = '".dbEscape($markCid)."'" ); dbQuery( "update Monitors set Controllable = 0, ControlId = 0 where ControlId = ".dbEscape($markCid) );
$refreshParent = true; $refreshParent = true;
} }
} }
@ -292,7 +292,7 @@ if ( !empty($action) )
$oldEnabled = $monitor['Enabled']; $oldEnabled = $monitor['Enabled'];
if ( $newFunction != $oldFunction || $newEnabled != $oldEnabled ) if ( $newFunction != $oldFunction || $newEnabled != $oldEnabled )
{ {
dbQuery( "update Monitors set Function = '".dbEscape($newFunction)."', Enabled = '".$newEnabled."' where Id = '".$mid."'" ); dbQuery( "update Monitors set Function = ".dbEscape($newFunction).", Enabled = '".$newEnabled."' where Id = '".$mid."'" );
$monitor['Function'] = $newFunction; $monitor['Function'] = $newFunction;
$monitor['Enabled'] = $newEnabled; $monitor['Enabled'] = $newEnabled;
@ -310,11 +310,11 @@ if ( !empty($action) )
elseif ( $action == "zone" && isset( $_REQUEST['zid'] ) ) elseif ( $action == "zone" && isset( $_REQUEST['zid'] ) )
{ {
$zid = validInt($_REQUEST['zid']); $zid = validInt($_REQUEST['zid']);
$monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($mid)."'" ); $monitor = dbFetchOne( "select * from Monitors where Id = ".dbEscape($mid) );
if ( !empty($zid) ) if ( !empty($zid) )
{ {
$zone = dbFetchOne( "select * from Zones where MonitorId = '".dbEscape($mid)."' and Id = '".dbEscape($zid)."'" ); $zone = dbFetchOne( "select * from Zones where MonitorId = ".dbEscape($mid)." and Id = ".dbEscape($zid) );
} }
else else
{ {
@ -343,11 +343,11 @@ if ( !empty($action) )
{ {
if ( $zid > 0 ) if ( $zid > 0 )
{ {
$sql = "update Zones set ".implode( ", ", $changes )." where MonitorId = '".dbEscape($mid)."' and Id = '".dbEscape($zid)."'"; $sql = "update Zones set ".implode( ", ", $changes )." where MonitorId = ".dbEscape($mid)." and Id = ".dbEscape($zid);
} }
else else
{ {
$sql = "insert into Zones set MonitorId = '".dbEscape($mid)."', ".implode( ", ", $changes ); $sql = "insert into Zones set MonitorId = ".dbEscape($mid).", ".implode( ", ", $changes );
} }
dbQuery( $sql ); dbQuery( $sql );
//if ( $cookies ) session_write_close(); //if ( $cookies ) session_write_close();
@ -363,7 +363,7 @@ if ( !empty($action) )
{ {
$plugin=dbEscape($_REQUEST['pl']); $plugin=dbEscape($_REQUEST['pl']);
$zid=validInt($_REQUEST['zid']); $zid=validInt($_REQUEST['zid']);
$sql="SELECT * FROM PluginsConfig WHERE MonitorId='".dbEscape($mid)."' AND ZoneId='".$zid."' AND pluginName='".$plugin."'"; $sql="SELECT * FROM PluginsConfig WHERE MonitorId=".dbEscape($mid)." AND ZoneId='".$zid."' AND pluginName=".$plugin;
$pconfs=dbFetchAll( $sql ); $pconfs=dbFetchAll( $sql );
$changes=0; $changes=0;
foreach( $pconfs as $pconf ) foreach( $pconfs as $pconf )
@ -371,7 +371,7 @@ if ( !empty($action) )
$value=$_REQUEST['pluginOpt'][$pconf['Name']]; $value=$_REQUEST['pluginOpt'][$pconf['Name']];
if(array_key_exists($pconf['Name'], $_REQUEST['pluginOpt']) && ($pconf['Value']!=$value)) if(array_key_exists($pconf['Name'], $_REQUEST['pluginOpt']) && ($pconf['Value']!=$value))
{ {
dbQuery("UPDATE PluginsConfig SET Value='".dbEscape($value)."' WHERE id='".$pconf['Id']."'"); dbQuery("UPDATE PluginsConfig SET Value=".dbEscape($value)." WHERE id='".$pconf['Id']."'");
$changes++; $changes++;
} }
} }
@ -388,8 +388,8 @@ if ( !empty($action) )
elseif ( $action == "sequence" && isset($_REQUEST['smid']) ) elseif ( $action == "sequence" && isset($_REQUEST['smid']) )
{ {
$smid = validInt($_REQUEST['smid']); $smid = validInt($_REQUEST['smid']);
$monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($mid)."'" ); $monitor = dbFetchOne( "select * from Monitors where Id = ".dbEscape($mid) );
$smonitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($smid)."'" ); $smonitor = dbFetchOne( "select * from Monitors where Id = ".dbEscape($smid) );
dbQuery( "update Monitors set Sequence = '".$smonitor['Sequence']."' where Id = '".$monitor['Id']."'" ); dbQuery( "update Monitors set Sequence = '".$smonitor['Sequence']."' where Id = '".$monitor['Id']."'" );
dbQuery( "update Monitors set Sequence = '".$monitor['Sequence']."' where Id = '".$smonitor['Id']."'" ); dbQuery( "update Monitors set Sequence = '".$monitor['Sequence']."' where Id = '".$smonitor['Id']."'" );
@ -404,7 +404,7 @@ if ( !empty($action) )
$deletedZid = 0; $deletedZid = 0;
foreach( $_REQUEST['markZids'] as $markZid ) foreach( $_REQUEST['markZids'] as $markZid )
{ {
dbQuery( "delete from Zones where MonitorId = '".dbEscape($mid)."' && Id = '".dbEscape($markZid)."'" ); dbQuery( "delete from Zones where MonitorId = ".dbEscape($mid)." && Id = ".dbEscape($markZid) );
$deletedZid = 1; $deletedZid = 1;
} }
if ( $deletedZid ) if ( $deletedZid )
@ -427,11 +427,11 @@ if ( !empty($action) )
if ( !empty($_REQUEST['mid']) ) if ( !empty($_REQUEST['mid']) )
{ {
$mid = validInt($_REQUEST['mid']); $mid = validInt($_REQUEST['mid']);
$monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($mid)."'" ); $monitor = dbFetchOne( "select * from Monitors where Id = ".dbEscape($mid) );
if ( ZM_OPT_X10 ) if ( ZM_OPT_X10 )
{ {
$x10Monitor = dbFetchOne( "select * from TriggersX10 where MonitorId = '".dbEscape($mid)."'" ); $x10Monitor = dbFetchOne( "select * from TriggersX10 where MonitorId = ".dbEscape($mid) );
if ( !$x10Monitor ) if ( !$x10Monitor )
$x10Monitor = array(); $x10Monitor = array();
} }
@ -462,7 +462,7 @@ if ( !empty($action) )
if ( !empty($_REQUEST['mid']) ) if ( !empty($_REQUEST['mid']) )
{ {
$mid = validInt($_REQUEST['mid']); $mid = validInt($_REQUEST['mid']);
$sql = "update Monitors set ".implode( ", ", $changes )." where Id = '".dbEscape($mid)."'"; $sql = "update Monitors set ".implode( ", ", $changes )." where Id = ".dbEscape($mid);
dbQuery( $sql ); dbQuery( $sql );
if ( isset($changes['Name']) ) if ( isset($changes['Name']) )
{ {
@ -477,7 +477,7 @@ if ( !empty($action) )
$oldH = $monitor['Height']; $oldH = $monitor['Height'];
$oldA = $oldW * $oldH; $oldA = $oldW * $oldH;
$zones = dbFetchAll( "select * from Zones where MonitorId = '".dbEscape($mid)."'" ); $zones = dbFetchAll( "select * from Zones where MonitorId = ".dbEscape($mid) );
foreach ( $zones as $zone ) foreach ( $zones as $zone )
{ {
$newZone = $zone; $newZone = $zone;
@ -500,7 +500,7 @@ if ( !empty($action) )
if ( count( $changes ) ) if ( count( $changes ) )
{ {
dbQuery( "update Zones set ".implode( ", ", $changes )." where MonitorId = '".dbEscape($mid)."' and Id = '".$zone['Id']."'" ); dbQuery( "update Zones set ".implode( ", ", $changes )." where MonitorId = ".dbEscape($mid)." and Id = '".$zone['Id']."'" );
} }
} }
} }
@ -519,7 +519,7 @@ if ( !empty($action) )
symlink( $mid, ZM_DIR_EVENTS.'/'.$_REQUEST['newMonitor']['Name'] ); symlink( $mid, ZM_DIR_EVENTS.'/'.$_REQUEST['newMonitor']['Name'] );
if ( isset($_COOKIE['zmGroup']) ) if ( isset($_COOKIE['zmGroup']) )
{ {
$sql = "update Groups set MonitorIds = concat(MonitorIds,',".$mid."') where Id = '".dbEscape($_COOKIE['zmGroup'])."'"; $sql = "update Groups set MonitorIds = concat(MonitorIds,',".$mid."') where Id = ".dbEscape($_COOKIE['zmGroup']);
dbQuery( $sql ); dbQuery( $sql );
} }
} }
@ -534,17 +534,17 @@ if ( !empty($action) )
{ {
if ( $x10Monitor && isset($_REQUEST['newX10Monitor']) ) if ( $x10Monitor && isset($_REQUEST['newX10Monitor']) )
{ {
dbQuery( "update TriggersX10 set ".implode( ", ", $x10Changes )." where MonitorId = '".dbEscape($mid)."'" ); dbQuery( "update TriggersX10 set ".implode( ", ", $x10Changes )." where MonitorId = ".dbEscape($mid) );
} }
elseif ( !$user['MonitorIds'] ) elseif ( !$user['MonitorIds'] )
{ {
if ( !$x10Monitor ) if ( !$x10Monitor )
{ {
dbQuery( "insert into TriggersX10 set MonitorId = '".dbEscape($mid)."', ".implode( ", ", $x10Changes ) ); dbQuery( "insert into TriggersX10 set MonitorId = ".dbEscape($mid).", ".implode( ", ", $x10Changes ) );
} }
else else
{ {
dbQuery( "delete from TriggersX10 where MonitorId = '".dbEscape($mid)."'" ); dbQuery( "delete from TriggersX10 where MonitorId = ".dbEscape($mid) );
} }
} }
$restart = true; $restart = true;
@ -553,7 +553,7 @@ if ( !empty($action) )
if ( $restart ) if ( $restart )
{ {
$monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($mid)."'" ); $monitor = dbFetchOne( "select * from Monitors where Id = ".dbEscape($mid) );
fixDevices(); fixDevices();
//if ( $cookies ) //if ( $cookies )
//session_write_close(); //session_write_close();
@ -576,7 +576,7 @@ if ( !empty($action) )
{ {
if ( canEdit( 'Monitors', $markMid ) ) if ( canEdit( 'Monitors', $markMid ) )
{ {
$sql = "select * from Monitors where Id = '".dbEscape($markMid)."'"; $sql = "select * from Monitors where Id = ".dbEscape($markMid);
if ( $monitor = dbFetchOne( $sql ) ) if ( $monitor = dbFetchOne( $sql ) )
{ {
if ( daemonCheck() ) if ( daemonCheck() )
@ -586,10 +586,10 @@ if ( !empty($action) )
} }
// This is the important stuff // This is the important stuff
dbQuery( "delete from Monitors where Id = '".dbEscape($markMid)."'" ); dbQuery( "delete from Monitors where Id = ".dbEscape($markMid) );
dbQuery( "delete from Zones where MonitorId = '".dbEscape($markMid)."'" ); dbQuery( "delete from Zones where MonitorId = ".dbEscape($markMid) );
if ( ZM_OPT_X10 ) if ( ZM_OPT_X10 )
dbQuery( "delete from TriggersX10 where MonitorId = '".dbEscape($markMid)."'" ); dbQuery( "delete from TriggersX10 where MonitorId = ".dbEscape($markMid) );
fixSequences(); fixSequences();
@ -598,7 +598,7 @@ if ( !empty($action) )
// well time out before completing, in which case zmaudit will still tidy up // well time out before completing, in which case zmaudit will still tidy up
if ( !ZM_OPT_FAST_DELETE ) if ( !ZM_OPT_FAST_DELETE )
{ {
$sql = "select Id from Events where MonitorId = '".dbEscape($markMid)."'"; $sql = "select Id from Events where MonitorId = ".dbEscape($markMid);
$markEids = dbFetchAll( $sql, 'Id' ); $markEids = dbFetchAll( $sql, 'Id' );
foreach( $markEids as $markEid ) foreach( $markEids as $markEid )
deleteEvent( $markEid ); deleteEvent( $markEid );
@ -626,11 +626,11 @@ if ( !empty($action) )
{ {
if ( isset($_REQUEST['did']) ) if ( isset($_REQUEST['did']) )
{ {
dbQuery( "update Devices set Name = '".dbEscape($_REQUEST['newDevice']['Name'])."', KeyString = '".dbEscape($_REQUEST['newDevice']['KeyString'])."' where Id = '".dbEscape($_REQUEST['did'])."'" ); dbQuery( "update Devices set Name = ".dbEscape($_REQUEST['newDevice']['Name']).", KeyString = ".dbEscape($_REQUEST['newDevice']['KeyString'])." where Id = ".dbEscape($_REQUEST['did']) );
} }
else else
{ {
dbQuery( "insert into Devices set Name = '".dbEscape($_REQUEST['newDevice']['Name'])."', KeyString = '".dbEscape($_REQUEST['newDevice']['KeyString'])."'" ); dbQuery( "insert into Devices set Name = ".dbEscape($_REQUEST['newDevice']['Name']).", KeyString = ".dbEscape($_REQUEST['newDevice']['KeyString']) );
} }
$refreshParent = true; $refreshParent = true;
$view = 'none'; $view = 'none';
@ -642,7 +642,7 @@ if ( !empty($action) )
{ {
foreach( $_REQUEST['markDids'] as $markDid ) foreach( $_REQUEST['markDids'] as $markDid )
{ {
dbQuery( "delete from Devices where Id = '".dbEscape($markDid)."'" ); dbQuery( "delete from Devices where Id = ".dbEscape($markDid) );
$refreshParent = true; $refreshParent = true;
} }
} }
@ -802,7 +802,7 @@ if ( !empty($action) )
elseif ( $action == "user" ) elseif ( $action == "user" )
{ {
if ( !empty($_REQUEST['uid']) ) if ( !empty($_REQUEST['uid']) )
$dbUser = dbFetchOne( "select * from Users where Id = '".dbEscape($_REQUEST['uid'])."'" ); $dbUser = dbFetchOne( "select * from Users where Id = ".dbEscape($_REQUEST['uid']) );
else else
$dbUser = array(); $dbUser = array();
@ -810,7 +810,7 @@ if ( !empty($action) )
$changes = getFormChanges( $dbUser, $_REQUEST['newUser'], $types ); $changes = getFormChanges( $dbUser, $_REQUEST['newUser'], $types );
if ( $_REQUEST['newUser']['Password'] ) if ( $_REQUEST['newUser']['Password'] )
$changes['Password'] = "Password = password('".dbEscape($_REQUEST['newUser']['Password'])."')"; $changes['Password'] = "Password = password(".dbEscape($_REQUEST['newUser']['Password']).")";
else else
unset( $changes['Password'] ); unset( $changes['Password'] );
@ -818,7 +818,7 @@ if ( !empty($action) )
{ {
if ( !empty($_REQUEST['uid']) ) if ( !empty($_REQUEST['uid']) )
{ {
$sql = "update Users set ".implode( ", ", $changes )." where Id = '".dbEscape($_REQUEST['uid'])."'"; $sql = "update Users set ".implode( ", ", $changes )." where Id = ".dbEscape($_REQUEST['uid']);
} }
else else
{ {
@ -853,18 +853,18 @@ if ( !empty($action) )
$definition = join( ',', $definitions ); $definition = join( ',', $definitions );
if ( $_REQUEST['newState'] ) if ( $_REQUEST['newState'] )
$_REQUEST['runState'] = $_REQUEST['newState']; $_REQUEST['runState'] = $_REQUEST['newState'];
dbQuery( "replace into States set Name = '".dbEscape($_REQUEST['runState'])."', Definition = '".dbEscape($definition)."'" ); dbQuery( "replace into States set Name = ".dbEscape($_REQUEST['runState']).", Definition = ".dbEscape($definition) );
} }
} }
elseif ( $action == "group" ) elseif ( $action == "group" )
{ {
if ( !empty($_REQUEST['gid']) ) if ( !empty($_REQUEST['gid']) )
{ {
$sql = "update Groups set Name = '".dbEscape($_REQUEST['newGroup']['Name'])."', MonitorIds = '".dbEscape(join(',',$_REQUEST['newGroup']['MonitorIds']))."' where Id = '".dbEscape($_REQUEST['gid'])."'"; $sql = "update Groups set Name = ".dbEscape($_REQUEST['newGroup']['Name']).", MonitorIds = ".dbEscape(join(',',$_REQUEST['newGroup']['MonitorIds']))." where Id = ".dbEscape($_REQUEST['gid']);
} }
else else
{ {
$sql = "insert into Groups set Name = '".dbEscape($_REQUEST['newGroup']['Name'])."', MonitorIds = '".dbEscape(join(',',$_REQUEST['newGroup']['MonitorIds']))."'"; $sql = "insert into Groups set Name = ".dbEscape($_REQUEST['newGroup']['Name']).", MonitorIds = ".dbEscape(join(',',$_REQUEST['newGroup']['MonitorIds']));
} }
dbQuery( $sql ); dbQuery( $sql );
$refreshParent = true; $refreshParent = true;
@ -873,18 +873,18 @@ if ( !empty($action) )
elseif ( $action == "delete" ) elseif ( $action == "delete" )
{ {
if ( isset($_REQUEST['runState']) ) if ( isset($_REQUEST['runState']) )
dbQuery( "delete from States where Name = '".dbEscape($_REQUEST['runState'])."'" ); dbQuery( "delete from States where Name = ".dbEscape($_REQUEST['runState']) );
if ( isset($_REQUEST['markUids']) ) if ( isset($_REQUEST['markUids']) )
{ {
foreach( $_REQUEST['markUids'] as $markUid ) foreach( $_REQUEST['markUids'] as $markUid )
dbQuery( "delete from Users where Id = '".dbEscape($markUid)."'" ); dbQuery( "delete from Users where Id = ".dbEscape($markUid) );
if ( $markUid == $user['Id'] ) if ( $markUid == $user['Id'] )
userLogout(); userLogout();
} }
if ( !empty($_REQUEST['gid']) ) if ( !empty($_REQUEST['gid']) )
{ {
dbQuery( "delete from Groups where Id = '".dbEscape($_REQUEST['gid'])."'" ); dbQuery( "delete from Groups where Id = ".dbEscape($_REQUEST['gid']) );
if ( isset($_COOKIE['zmGroup']) ) if ( isset($_COOKIE['zmGroup']) )
{ {
if ( $_REQUEST['gid'] == $_COOKIE['zmGroup'] ) if ( $_REQUEST['gid'] == $_COOKIE['zmGroup'] )
@ -903,18 +903,18 @@ if ( !empty($action) )
{ {
$uid = $user['Id']; $uid = $user['Id'];
$dbUser = dbFetchOne( "select Id, Password, Language from Users where Id = '".dbEscape($uid)."'" ); $dbUser = dbFetchOne( "select Id, Password, Language from Users where Id = ".dbEscape($uid) );
$types = array(); $types = array();
$changes = getFormChanges( $dbUser, $_REQUEST['newUser'], $types ); $changes = getFormChanges( $dbUser, $_REQUEST['newUser'], $types );
if ( !empty($_REQUEST['newUser']['Password']) ) if ( !empty($_REQUEST['newUser']['Password']) )
$changes['Password'] = "Password = password('".dbEscape($_REQUEST['newUser']['Password'])."')"; $changes['Password'] = "Password = password(".dbEscape($_REQUEST['newUser']['Password']).")";
else else
unset( $changes['Password'] ); unset( $changes['Password'] );
if ( count( $changes ) ) if ( count( $changes ) )
{ {
$sql = "update Users set ".implode( ", ", $changes )." where Id = '".dbEscape($uid)."'"; $sql = "update Users set ".implode( ", ", $changes )." where Id = ".dbEscape($uid);
dbQuery( $sql ); dbQuery( $sql );
$refreshParent = true; $refreshParent = true;
} }