more removal of exra quotes
This commit is contained in:
parent
36c4fad644
commit
0979830b91
|
@ -87,23 +87,23 @@ if ( !empty($action) )
|
|||
$_REQUEST['filter']['sort_field'] = validStr($_REQUEST['sort_field']);
|
||||
$_REQUEST['filter']['sort_asc'] = validStr($_REQUEST['sort_asc']);
|
||||
$_REQUEST['filter']['limit'] = validInt($_REQUEST['limit']);
|
||||
$sql = "replace into Filters set Name = '".dbEscape($filterName)."', Query = '".dbEscape(jsonEncode($_REQUEST['filter']))."'";
|
||||
$sql = "replace into Filters set Name = ".dbEscape($filterName).", Query = ".dbEscape(jsonEncode($_REQUEST['filter']));
|
||||
if ( !empty($_REQUEST['autoArchive']) )
|
||||
$sql .= ", AutoArchive = '".dbEscape($_REQUEST['autoArchive'])."'";
|
||||
$sql .= ", AutoArchive = ".dbEscape($_REQUEST['autoArchive']);
|
||||
if ( !empty($_REQUEST['autoVideo']) )
|
||||
$sql .= ", AutoVideo = '".dbEscape($_REQUEST['autoVideo'])."'";
|
||||
$sql .= ", AutoVideo = ".dbEscape($_REQUEST['autoVideo']);
|
||||
if ( !empty($_REQUEST['autoUpload']) )
|
||||
$sql .= ", AutoUpload = '".dbEscape($_REQUEST['autoUpload'])."'";
|
||||
$sql .= ", AutoUpload = ".dbEscape($_REQUEST['autoUpload']);
|
||||
if ( !empty($_REQUEST['autoEmail']) )
|
||||
$sql .= ", AutoEmail = '".dbEscape($_REQUEST['autoEmail'])."'";
|
||||
$sql .= ", AutoEmail = ".dbEscape($_REQUEST['autoEmail']);
|
||||
if ( !empty($_REQUEST['autoMessage']) )
|
||||
$sql .= ", AutoMessage = '".dbEscape($_REQUEST['autoMessage'])."'";
|
||||
$sql .= ", AutoMessage = ".dbEscape($_REQUEST['autoMessage']);
|
||||
if ( !empty($_REQUEST['autoExecute']) && !empty($_REQUEST['autoExecuteCmd']) )
|
||||
$sql .= ", AutoExecute = '".dbEscape($_REQUEST['autoExecute'])."', AutoExecuteCmd = '".dbEscape($_REQUEST['autoExecuteCmd'])."'";
|
||||
$sql .= ", AutoExecute = ".dbEscape($_REQUEST['autoExecute']).", AutoExecuteCmd = ".dbEscape($_REQUEST['autoExecuteCmd']);
|
||||
if ( !empty($_REQUEST['autoDelete']) )
|
||||
$sql .= ", AutoDelete = '".dbEscape($_REQUEST['autoDelete'])."'";
|
||||
$sql .= ", AutoDelete = ".dbEscape($_REQUEST['autoDelete']);
|
||||
if ( !empty($_REQUEST['background']) )
|
||||
$sql .= ", Background = '".dbEscape($_REQUEST['background'])."'";
|
||||
$sql .= ", Background = ".dbEscape($_REQUEST['background']);
|
||||
dbQuery( $sql );
|
||||
$refreshParent = true;
|
||||
}
|
||||
|
@ -116,20 +116,20 @@ if ( !empty($action) )
|
|||
{
|
||||
if ( $action == "rename" && isset($_REQUEST['eventName']) && !empty($_REQUEST['eid']) )
|
||||
{
|
||||
dbQuery( "update Events set Name = '".dbEscape($_REQUEST['eventName'])."' where Id = '".dbEscape($_REQUEST['eid'])."'" );
|
||||
dbQuery( "update Events set Name = ".dbEscape($_REQUEST['eventName'])." where Id = ".dbEscape($_REQUEST['eid']) );
|
||||
}
|
||||
else if ( $action == "eventdetail" )
|
||||
{
|
||||
if ( !empty($_REQUEST['eid']) )
|
||||
{
|
||||
dbQuery( "update Events set Cause = '".dbEscape($_REQUEST['newEvent']['Cause'])."', Notes = '".dbEscape($_REQUEST['newEvent']['Notes'])."' where Id = '".dbEscape($_REQUEST['eid'])."'" );
|
||||
dbQuery( "update Events set Cause = ".dbEscape($_REQUEST['newEvent']['Cause']).", Notes = ".dbEscape($_REQUEST['newEvent']['Notes'])." where Id = ".dbEscape($_REQUEST['eid']) );
|
||||
$refreshParent = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
foreach( getAffectedIds( 'markEid' ) as $markEid )
|
||||
{
|
||||
dbQuery( "update Events set Cause = '".dbEscape($_REQUEST['newEvent']['Cause'])."', Notes = '".dbEscape($_REQUEST['newEvent']['Notes'])."' where Id = '".dbEscape($markEid)."'" );
|
||||
dbQuery( "update Events set Cause = ".dbEscape($_REQUEST['newEvent']['Cause']).", Notes = ".dbEscape($_REQUEST['newEvent']['Notes'])." where Id = ".dbEscape($markEid) );
|
||||
$refreshParent = true;
|
||||
}
|
||||
}
|
||||
|
@ -139,13 +139,13 @@ if ( !empty($action) )
|
|||
$archiveVal = ($action == "archive")?1:0;
|
||||
if ( !empty($_REQUEST['eid']) )
|
||||
{
|
||||
dbQuery( "update Events set Archived = $archiveVal where Id = '".dbEscape($_REQUEST['eid'])."'" );
|
||||
dbQuery( "update Events set Archived = $archiveVal where Id = ".dbEscape($_REQUEST['eid']) );
|
||||
}
|
||||
else
|
||||
{
|
||||
foreach( getAffectedIds( 'markEid' ) as $markEid )
|
||||
{
|
||||
dbQuery( "update Events set Archived = $archiveVal where Id = '".dbEscape($markEid)."'" );
|
||||
dbQuery( "update Events set Archived = $archiveVal where Id = ".dbEscape($markEid) );
|
||||
$refreshParent = true;
|
||||
}
|
||||
}
|
||||
|
@ -159,7 +159,7 @@ if ( !empty($action) )
|
|||
}
|
||||
if ( !empty($_REQUEST['fid']) )
|
||||
{
|
||||
dbQuery( "delete from Filters where Name = '".dbEscape($_REQUEST['fid'])."'" );
|
||||
dbQuery( "delete from Filters where Name = ".dbEscape($_REQUEST['fid']) );
|
||||
//$refreshParent = true;
|
||||
}
|
||||
}
|
||||
|
@ -172,7 +172,7 @@ if ( !empty($action) )
|
|||
$mid = validInt($_REQUEST['mid']);
|
||||
if ( $action == "control" )
|
||||
{
|
||||
$monitor = dbFetchOne( "select C.*,M.* from Monitors as M inner join Controls as C on (M.ControlId = C.Id) where M.Id = '".dbEscape($mid)."'" );
|
||||
$monitor = dbFetchOne( "select C.*,M.* from Monitors as M inner join Controls as C on (M.ControlId = C.Id) where M.Id = ".dbEscape($mid) );
|
||||
|
||||
$ctrlCommand = buildControlCommand( $monitor );
|
||||
|
||||
|
@ -226,7 +226,7 @@ if ( !empty($action) )
|
|||
{
|
||||
if ( !empty($_REQUEST['cid']) )
|
||||
{
|
||||
$control = dbFetchOne( "select * from Controls where Id = '".dbEscape($_REQUEST['cid'])."'" );
|
||||
$control = dbFetchOne( "select * from Controls where Id = ".dbEscape($_REQUEST['cid']) );
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -252,7 +252,7 @@ if ( !empty($action) )
|
|||
{
|
||||
if ( !empty($_REQUEST['cid']) )
|
||||
{
|
||||
dbQuery( "update Controls set ".implode( ", ", $changes )." where Id = '".dbEscape($_REQUEST['cid'])."'" );
|
||||
dbQuery( "update Controls set ".implode( ", ", $changes )." where Id = ".dbEscape($_REQUEST['cid']) );
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -269,8 +269,8 @@ if ( !empty($action) )
|
|||
{
|
||||
foreach( $_REQUEST['markCids'] as $markCid )
|
||||
{
|
||||
dbQuery( "delete from Controls where Id = '".dbEscape($markCid)."'" );
|
||||
dbQuery( "update Monitors set Controllable = 0, ControlId = 0 where ControlId = '".dbEscape($markCid)."'" );
|
||||
dbQuery( "delete from Controls where Id = ".dbEscape($markCid) );
|
||||
dbQuery( "update Monitors set Controllable = 0, ControlId = 0 where ControlId = ".dbEscape($markCid) );
|
||||
$refreshParent = true;
|
||||
}
|
||||
}
|
||||
|
@ -292,7 +292,7 @@ if ( !empty($action) )
|
|||
$oldEnabled = $monitor['Enabled'];
|
||||
if ( $newFunction != $oldFunction || $newEnabled != $oldEnabled )
|
||||
{
|
||||
dbQuery( "update Monitors set Function = '".dbEscape($newFunction)."', Enabled = '".$newEnabled."' where Id = '".$mid."'" );
|
||||
dbQuery( "update Monitors set Function = ".dbEscape($newFunction).", Enabled = '".$newEnabled."' where Id = '".$mid."'" );
|
||||
|
||||
$monitor['Function'] = $newFunction;
|
||||
$monitor['Enabled'] = $newEnabled;
|
||||
|
@ -310,11 +310,11 @@ if ( !empty($action) )
|
|||
elseif ( $action == "zone" && isset( $_REQUEST['zid'] ) )
|
||||
{
|
||||
$zid = validInt($_REQUEST['zid']);
|
||||
$monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($mid)."'" );
|
||||
$monitor = dbFetchOne( "select * from Monitors where Id = ".dbEscape($mid) );
|
||||
|
||||
if ( !empty($zid) )
|
||||
{
|
||||
$zone = dbFetchOne( "select * from Zones where MonitorId = '".dbEscape($mid)."' and Id = '".dbEscape($zid)."'" );
|
||||
$zone = dbFetchOne( "select * from Zones where MonitorId = ".dbEscape($mid)." and Id = ".dbEscape($zid) );
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -343,11 +343,11 @@ if ( !empty($action) )
|
|||
{
|
||||
if ( $zid > 0 )
|
||||
{
|
||||
$sql = "update Zones set ".implode( ", ", $changes )." where MonitorId = '".dbEscape($mid)."' and Id = '".dbEscape($zid)."'";
|
||||
$sql = "update Zones set ".implode( ", ", $changes )." where MonitorId = ".dbEscape($mid)." and Id = ".dbEscape($zid);
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql = "insert into Zones set MonitorId = '".dbEscape($mid)."', ".implode( ", ", $changes );
|
||||
$sql = "insert into Zones set MonitorId = ".dbEscape($mid).", ".implode( ", ", $changes );
|
||||
}
|
||||
dbQuery( $sql );
|
||||
//if ( $cookies ) session_write_close();
|
||||
|
@ -363,7 +363,7 @@ if ( !empty($action) )
|
|||
{
|
||||
$plugin=dbEscape($_REQUEST['pl']);
|
||||
$zid=validInt($_REQUEST['zid']);
|
||||
$sql="SELECT * FROM PluginsConfig WHERE MonitorId='".dbEscape($mid)."' AND ZoneId='".$zid."' AND pluginName='".$plugin."'";
|
||||
$sql="SELECT * FROM PluginsConfig WHERE MonitorId=".dbEscape($mid)." AND ZoneId='".$zid."' AND pluginName=".$plugin;
|
||||
$pconfs=dbFetchAll( $sql );
|
||||
$changes=0;
|
||||
foreach( $pconfs as $pconf )
|
||||
|
@ -371,7 +371,7 @@ if ( !empty($action) )
|
|||
$value=$_REQUEST['pluginOpt'][$pconf['Name']];
|
||||
if(array_key_exists($pconf['Name'], $_REQUEST['pluginOpt']) && ($pconf['Value']!=$value))
|
||||
{
|
||||
dbQuery("UPDATE PluginsConfig SET Value='".dbEscape($value)."' WHERE id='".$pconf['Id']."'");
|
||||
dbQuery("UPDATE PluginsConfig SET Value=".dbEscape($value)." WHERE id='".$pconf['Id']."'");
|
||||
$changes++;
|
||||
}
|
||||
}
|
||||
|
@ -388,8 +388,8 @@ if ( !empty($action) )
|
|||
elseif ( $action == "sequence" && isset($_REQUEST['smid']) )
|
||||
{
|
||||
$smid = validInt($_REQUEST['smid']);
|
||||
$monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($mid)."'" );
|
||||
$smonitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($smid)."'" );
|
||||
$monitor = dbFetchOne( "select * from Monitors where Id = ".dbEscape($mid) );
|
||||
$smonitor = dbFetchOne( "select * from Monitors where Id = ".dbEscape($smid) );
|
||||
|
||||
dbQuery( "update Monitors set Sequence = '".$smonitor['Sequence']."' where Id = '".$monitor['Id']."'" );
|
||||
dbQuery( "update Monitors set Sequence = '".$monitor['Sequence']."' where Id = '".$smonitor['Id']."'" );
|
||||
|
@ -404,7 +404,7 @@ if ( !empty($action) )
|
|||
$deletedZid = 0;
|
||||
foreach( $_REQUEST['markZids'] as $markZid )
|
||||
{
|
||||
dbQuery( "delete from Zones where MonitorId = '".dbEscape($mid)."' && Id = '".dbEscape($markZid)."'" );
|
||||
dbQuery( "delete from Zones where MonitorId = ".dbEscape($mid)." && Id = ".dbEscape($markZid) );
|
||||
$deletedZid = 1;
|
||||
}
|
||||
if ( $deletedZid )
|
||||
|
@ -427,11 +427,11 @@ if ( !empty($action) )
|
|||
if ( !empty($_REQUEST['mid']) )
|
||||
{
|
||||
$mid = validInt($_REQUEST['mid']);
|
||||
$monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($mid)."'" );
|
||||
$monitor = dbFetchOne( "select * from Monitors where Id = ".dbEscape($mid) );
|
||||
|
||||
if ( ZM_OPT_X10 )
|
||||
{
|
||||
$x10Monitor = dbFetchOne( "select * from TriggersX10 where MonitorId = '".dbEscape($mid)."'" );
|
||||
$x10Monitor = dbFetchOne( "select * from TriggersX10 where MonitorId = ".dbEscape($mid) );
|
||||
if ( !$x10Monitor )
|
||||
$x10Monitor = array();
|
||||
}
|
||||
|
@ -462,7 +462,7 @@ if ( !empty($action) )
|
|||
if ( !empty($_REQUEST['mid']) )
|
||||
{
|
||||
$mid = validInt($_REQUEST['mid']);
|
||||
$sql = "update Monitors set ".implode( ", ", $changes )." where Id = '".dbEscape($mid)."'";
|
||||
$sql = "update Monitors set ".implode( ", ", $changes )." where Id = ".dbEscape($mid);
|
||||
dbQuery( $sql );
|
||||
if ( isset($changes['Name']) )
|
||||
{
|
||||
|
@ -477,7 +477,7 @@ if ( !empty($action) )
|
|||
$oldH = $monitor['Height'];
|
||||
$oldA = $oldW * $oldH;
|
||||
|
||||
$zones = dbFetchAll( "select * from Zones where MonitorId = '".dbEscape($mid)."'" );
|
||||
$zones = dbFetchAll( "select * from Zones where MonitorId = ".dbEscape($mid) );
|
||||
foreach ( $zones as $zone )
|
||||
{
|
||||
$newZone = $zone;
|
||||
|
@ -500,7 +500,7 @@ if ( !empty($action) )
|
|||
|
||||
if ( count( $changes ) )
|
||||
{
|
||||
dbQuery( "update Zones set ".implode( ", ", $changes )." where MonitorId = '".dbEscape($mid)."' and Id = '".$zone['Id']."'" );
|
||||
dbQuery( "update Zones set ".implode( ", ", $changes )." where MonitorId = ".dbEscape($mid)." and Id = '".$zone['Id']."'" );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -519,7 +519,7 @@ if ( !empty($action) )
|
|||
symlink( $mid, ZM_DIR_EVENTS.'/'.$_REQUEST['newMonitor']['Name'] );
|
||||
if ( isset($_COOKIE['zmGroup']) )
|
||||
{
|
||||
$sql = "update Groups set MonitorIds = concat(MonitorIds,',".$mid."') where Id = '".dbEscape($_COOKIE['zmGroup'])."'";
|
||||
$sql = "update Groups set MonitorIds = concat(MonitorIds,',".$mid."') where Id = ".dbEscape($_COOKIE['zmGroup']);
|
||||
dbQuery( $sql );
|
||||
}
|
||||
}
|
||||
|
@ -534,17 +534,17 @@ if ( !empty($action) )
|
|||
{
|
||||
if ( $x10Monitor && isset($_REQUEST['newX10Monitor']) )
|
||||
{
|
||||
dbQuery( "update TriggersX10 set ".implode( ", ", $x10Changes )." where MonitorId = '".dbEscape($mid)."'" );
|
||||
dbQuery( "update TriggersX10 set ".implode( ", ", $x10Changes )." where MonitorId = ".dbEscape($mid) );
|
||||
}
|
||||
elseif ( !$user['MonitorIds'] )
|
||||
{
|
||||
if ( !$x10Monitor )
|
||||
{
|
||||
dbQuery( "insert into TriggersX10 set MonitorId = '".dbEscape($mid)."', ".implode( ", ", $x10Changes ) );
|
||||
dbQuery( "insert into TriggersX10 set MonitorId = ".dbEscape($mid).", ".implode( ", ", $x10Changes ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
dbQuery( "delete from TriggersX10 where MonitorId = '".dbEscape($mid)."'" );
|
||||
dbQuery( "delete from TriggersX10 where MonitorId = ".dbEscape($mid) );
|
||||
}
|
||||
}
|
||||
$restart = true;
|
||||
|
@ -553,7 +553,7 @@ if ( !empty($action) )
|
|||
|
||||
if ( $restart )
|
||||
{
|
||||
$monitor = dbFetchOne( "select * from Monitors where Id = '".dbEscape($mid)."'" );
|
||||
$monitor = dbFetchOne( "select * from Monitors where Id = ".dbEscape($mid) );
|
||||
fixDevices();
|
||||
//if ( $cookies )
|
||||
//session_write_close();
|
||||
|
@ -576,7 +576,7 @@ if ( !empty($action) )
|
|||
{
|
||||
if ( canEdit( 'Monitors', $markMid ) )
|
||||
{
|
||||
$sql = "select * from Monitors where Id = '".dbEscape($markMid)."'";
|
||||
$sql = "select * from Monitors where Id = ".dbEscape($markMid);
|
||||
if ( $monitor = dbFetchOne( $sql ) )
|
||||
{
|
||||
if ( daemonCheck() )
|
||||
|
@ -586,10 +586,10 @@ if ( !empty($action) )
|
|||
}
|
||||
|
||||
// This is the important stuff
|
||||
dbQuery( "delete from Monitors where Id = '".dbEscape($markMid)."'" );
|
||||
dbQuery( "delete from Zones where MonitorId = '".dbEscape($markMid)."'" );
|
||||
dbQuery( "delete from Monitors where Id = ".dbEscape($markMid) );
|
||||
dbQuery( "delete from Zones where MonitorId = ".dbEscape($markMid) );
|
||||
if ( ZM_OPT_X10 )
|
||||
dbQuery( "delete from TriggersX10 where MonitorId = '".dbEscape($markMid)."'" );
|
||||
dbQuery( "delete from TriggersX10 where MonitorId = ".dbEscape($markMid) );
|
||||
|
||||
fixSequences();
|
||||
|
||||
|
@ -598,7 +598,7 @@ if ( !empty($action) )
|
|||
// well time out before completing, in which case zmaudit will still tidy up
|
||||
if ( !ZM_OPT_FAST_DELETE )
|
||||
{
|
||||
$sql = "select Id from Events where MonitorId = '".dbEscape($markMid)."'";
|
||||
$sql = "select Id from Events where MonitorId = ".dbEscape($markMid);
|
||||
$markEids = dbFetchAll( $sql, 'Id' );
|
||||
foreach( $markEids as $markEid )
|
||||
deleteEvent( $markEid );
|
||||
|
@ -626,11 +626,11 @@ if ( !empty($action) )
|
|||
{
|
||||
if ( isset($_REQUEST['did']) )
|
||||
{
|
||||
dbQuery( "update Devices set Name = '".dbEscape($_REQUEST['newDevice']['Name'])."', KeyString = '".dbEscape($_REQUEST['newDevice']['KeyString'])."' where Id = '".dbEscape($_REQUEST['did'])."'" );
|
||||
dbQuery( "update Devices set Name = ".dbEscape($_REQUEST['newDevice']['Name']).", KeyString = ".dbEscape($_REQUEST['newDevice']['KeyString'])." where Id = ".dbEscape($_REQUEST['did']) );
|
||||
}
|
||||
else
|
||||
{
|
||||
dbQuery( "insert into Devices set Name = '".dbEscape($_REQUEST['newDevice']['Name'])."', KeyString = '".dbEscape($_REQUEST['newDevice']['KeyString'])."'" );
|
||||
dbQuery( "insert into Devices set Name = ".dbEscape($_REQUEST['newDevice']['Name']).", KeyString = ".dbEscape($_REQUEST['newDevice']['KeyString']) );
|
||||
}
|
||||
$refreshParent = true;
|
||||
$view = 'none';
|
||||
|
@ -642,7 +642,7 @@ if ( !empty($action) )
|
|||
{
|
||||
foreach( $_REQUEST['markDids'] as $markDid )
|
||||
{
|
||||
dbQuery( "delete from Devices where Id = '".dbEscape($markDid)."'" );
|
||||
dbQuery( "delete from Devices where Id = ".dbEscape($markDid) );
|
||||
$refreshParent = true;
|
||||
}
|
||||
}
|
||||
|
@ -802,7 +802,7 @@ if ( !empty($action) )
|
|||
elseif ( $action == "user" )
|
||||
{
|
||||
if ( !empty($_REQUEST['uid']) )
|
||||
$dbUser = dbFetchOne( "select * from Users where Id = '".dbEscape($_REQUEST['uid'])."'" );
|
||||
$dbUser = dbFetchOne( "select * from Users where Id = ".dbEscape($_REQUEST['uid']) );
|
||||
else
|
||||
$dbUser = array();
|
||||
|
||||
|
@ -810,7 +810,7 @@ if ( !empty($action) )
|
|||
$changes = getFormChanges( $dbUser, $_REQUEST['newUser'], $types );
|
||||
|
||||
if ( $_REQUEST['newUser']['Password'] )
|
||||
$changes['Password'] = "Password = password('".dbEscape($_REQUEST['newUser']['Password'])."')";
|
||||
$changes['Password'] = "Password = password(".dbEscape($_REQUEST['newUser']['Password']).")";
|
||||
else
|
||||
unset( $changes['Password'] );
|
||||
|
||||
|
@ -818,7 +818,7 @@ if ( !empty($action) )
|
|||
{
|
||||
if ( !empty($_REQUEST['uid']) )
|
||||
{
|
||||
$sql = "update Users set ".implode( ", ", $changes )." where Id = '".dbEscape($_REQUEST['uid'])."'";
|
||||
$sql = "update Users set ".implode( ", ", $changes )." where Id = ".dbEscape($_REQUEST['uid']);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -853,18 +853,18 @@ if ( !empty($action) )
|
|||
$definition = join( ',', $definitions );
|
||||
if ( $_REQUEST['newState'] )
|
||||
$_REQUEST['runState'] = $_REQUEST['newState'];
|
||||
dbQuery( "replace into States set Name = '".dbEscape($_REQUEST['runState'])."', Definition = '".dbEscape($definition)."'" );
|
||||
dbQuery( "replace into States set Name = ".dbEscape($_REQUEST['runState']).", Definition = ".dbEscape($definition) );
|
||||
}
|
||||
}
|
||||
elseif ( $action == "group" )
|
||||
{
|
||||
if ( !empty($_REQUEST['gid']) )
|
||||
{
|
||||
$sql = "update Groups set Name = '".dbEscape($_REQUEST['newGroup']['Name'])."', MonitorIds = '".dbEscape(join(',',$_REQUEST['newGroup']['MonitorIds']))."' where Id = '".dbEscape($_REQUEST['gid'])."'";
|
||||
$sql = "update Groups set Name = ".dbEscape($_REQUEST['newGroup']['Name']).", MonitorIds = ".dbEscape(join(',',$_REQUEST['newGroup']['MonitorIds']))." where Id = ".dbEscape($_REQUEST['gid']);
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql = "insert into Groups set Name = '".dbEscape($_REQUEST['newGroup']['Name'])."', MonitorIds = '".dbEscape(join(',',$_REQUEST['newGroup']['MonitorIds']))."'";
|
||||
$sql = "insert into Groups set Name = ".dbEscape($_REQUEST['newGroup']['Name']).", MonitorIds = ".dbEscape(join(',',$_REQUEST['newGroup']['MonitorIds']));
|
||||
}
|
||||
dbQuery( $sql );
|
||||
$refreshParent = true;
|
||||
|
@ -873,18 +873,18 @@ if ( !empty($action) )
|
|||
elseif ( $action == "delete" )
|
||||
{
|
||||
if ( isset($_REQUEST['runState']) )
|
||||
dbQuery( "delete from States where Name = '".dbEscape($_REQUEST['runState'])."'" );
|
||||
dbQuery( "delete from States where Name = ".dbEscape($_REQUEST['runState']) );
|
||||
|
||||
if ( isset($_REQUEST['markUids']) )
|
||||
{
|
||||
foreach( $_REQUEST['markUids'] as $markUid )
|
||||
dbQuery( "delete from Users where Id = '".dbEscape($markUid)."'" );
|
||||
dbQuery( "delete from Users where Id = ".dbEscape($markUid) );
|
||||
if ( $markUid == $user['Id'] )
|
||||
userLogout();
|
||||
}
|
||||
if ( !empty($_REQUEST['gid']) )
|
||||
{
|
||||
dbQuery( "delete from Groups where Id = '".dbEscape($_REQUEST['gid'])."'" );
|
||||
dbQuery( "delete from Groups where Id = ".dbEscape($_REQUEST['gid']) );
|
||||
if ( isset($_COOKIE['zmGroup']) )
|
||||
{
|
||||
if ( $_REQUEST['gid'] == $_COOKIE['zmGroup'] )
|
||||
|
@ -903,18 +903,18 @@ if ( !empty($action) )
|
|||
{
|
||||
$uid = $user['Id'];
|
||||
|
||||
$dbUser = dbFetchOne( "select Id, Password, Language from Users where Id = '".dbEscape($uid)."'" );
|
||||
$dbUser = dbFetchOne( "select Id, Password, Language from Users where Id = ".dbEscape($uid) );
|
||||
|
||||
$types = array();
|
||||
$changes = getFormChanges( $dbUser, $_REQUEST['newUser'], $types );
|
||||
|
||||
if ( !empty($_REQUEST['newUser']['Password']) )
|
||||
$changes['Password'] = "Password = password('".dbEscape($_REQUEST['newUser']['Password'])."')";
|
||||
$changes['Password'] = "Password = password(".dbEscape($_REQUEST['newUser']['Password']).")";
|
||||
else
|
||||
unset( $changes['Password'] );
|
||||
if ( count( $changes ) )
|
||||
{
|
||||
$sql = "update Users set ".implode( ", ", $changes )." where Id = '".dbEscape($uid)."'";
|
||||
$sql = "update Users set ".implode( ", ", $changes )." where Id = ".dbEscape($uid);
|
||||
dbQuery( $sql );
|
||||
$refreshParent = true;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue