diff --git a/web/skins/classic/includes/export_functions.php b/web/skins/classic/includes/export_functions.php index f09827eca..31eb6812e 100644 --- a/web/skins/classic/includes/export_functions.php +++ b/web/skins/classic/includes/export_functions.php @@ -437,22 +437,6 @@ function rewind() { } - - - - - - - - - - - - - - - - //---------------------------------+ // CARPE S l i d e r 1.3 | // 2005 - 12 - 10 | @@ -590,15 +574,9 @@ function slideManual(val,length,from,to) { if (yMax == 0) carpeLeft(sliderid, pos) // Snap horizontal slider to corresponding display position. } - - - - - if (ie||dom) start_slider(); else if (document.layers) window.onload=start_slider; - diff --git a/web/skins/classic/includes/timeline_functions.php b/web/skins/classic/includes/timeline_functions.php index cf92f8689..c74ea0ecb 100644 --- a/web/skins/classic/includes/timeline_functions.php +++ b/web/skins/classic/includes/timeline_functions.php @@ -232,7 +232,7 @@ function parseFilterToTree( $filter ) $value = "'$value'"; break; case 'DateTime': - $value = "'".strftime( STRF_FMT_DATETIME_DB, strtotime( $value ) )."'"; + $value = strftime( STRF_FMT_DATETIME_DB, strtotime( $value ) ); break; case 'Date': $value = "to_days( '".strftime( STRF_FMT_DATETIME_DB, strtotime( $value ) )."' )"; diff --git a/web/skins/classic/svn-commit.tmp b/web/skins/classic/svn-commit.tmp deleted file mode 100644 index a8bae9fc0..000000000 --- a/web/skins/classic/svn-commit.tmp +++ /dev/null @@ -1,5 +0,0 @@ - ---This line, and those below, will be ignored-- - -M views/plugin.php -M views/css/plugin.css diff --git a/web/skins/classic/views/console.php b/web/skins/classic/views/console.php index e1021a4cc..8f1c34ae4 100644 --- a/web/skins/classic/views/console.php +++ b/web/skins/classic/views/console.php @@ -71,8 +71,11 @@ $eventCounts = array( $running = daemonCheck(); $status = $running?$SLANG['Running']:$SLANG['Stopped']; -if ( $group = dbFetchOne( 'select * from Groups where Id = ?', NULL, array(empty($_COOKIE['zmGroup'])?0:$_COOKIE['zmGroup'])) ) - $groupIds = array_flip(explode( ',', $group['MonitorIds'] )); +$group = NULL; +if ( ! empty($_COOKIE['zmGroup']) ) { + if ( $group = dbFetchOne( 'select * from Groups where Id = ?', NULL, array($_COOKIE['zmGroup'])) ) + $groupIds = array_flip(explode( ',', $group['MonitorIds'] )); +} noCacheHeaders(); diff --git a/web/skins/classic/views/control.php b/web/skins/classic/views/control.php index 9d0217c73..28845243d 100644 --- a/web/skins/classic/views/control.php +++ b/web/skins/classic/views/control.php @@ -25,15 +25,14 @@ if ( !canView( 'Control' ) ) } $groupSql = ""; -if ( !empty($_REQUEST['group']) ) -{ +if ( !empty($_REQUEST['group']) ) { $row = dbFetchOne( 'SELECT * FROM Groups WHERE Id = ?', NULL, array($_REQUEST['group']) ); $groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )"; } $mid = validInt($_REQUEST['mid']); -$sql = "select * from Monitors where Function != 'None' and Controllable = 1$groupSql order by Sequence"; +$sql = "SELECT * FROM Monitors WHERE Function != 'None' AND Controllable = 1$groupSql ORDER BY Sequence"; $mids = array(); foreach( dbFetchAll( $sql ) as $row ) { @@ -50,7 +49,7 @@ foreach ( getSkinIncludes( 'includes/control_functions.php' ) as $includeFile ) require_once $includeFile; $sql = 'SELECT C.*,M.* FROM Monitors AS M INNER JOIN Controls AS C ON (M.ControlId = C.Id ) WHERE M.Id = ?'; -$monitor = dbFetchOne( $sql, NULL, $mid ); +$monitor = dbFetchOne( $sql, NULL, array( $mid ) ); $focusWindow = true; diff --git a/web/skins/classic/views/controlcaps.php b/web/skins/classic/views/controlcaps.php index 0a737a3f5..4007caa79 100644 --- a/web/skins/classic/views/controlcaps.php +++ b/web/skins/classic/views/controlcaps.php @@ -24,8 +24,7 @@ if ( !canView( 'Control' ) ) return; } -$sql = "select * from Controls order by Id"; -$controls = dbFetchAll( $sql ); +$controls = dbFetchAll( 'SELECT * FROM Controls ORDER BY Id' ); $focusWindow = true; diff --git a/web/skins/classic/views/cycle.php b/web/skins/classic/views/cycle.php index 4966c8198..95757c54c 100644 --- a/web/skins/classic/views/cycle.php +++ b/web/skins/classic/views/cycle.php @@ -41,15 +41,11 @@ $groupSql = ''; if ( !empty($_REQUEST['group']) ) { $group = validInt($_REQUEST['group']); - $row = dbFetchOne( 'select * from Groups where Id = ?', NULL, array( $group) ); + $row = dbFetchOne( 'SELECT * FROM Groups WHERE Id = ?', NULL, array($group) ); $groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )"; } -$sql = "select * from Monitors where Function != 'None'$groupSql"; -if ( ''+ZM_SERVER_HOST ) { - $sql .= " and ServerHost='".ZM_SERVER_HOST."'"; -} -$sql .= " order by Sequence"; +$sql = "SELECT * FROM Monitors WHERE Function != 'None'$groupSql ORDER BY Sequence"; $monitors = array(); $monIdx = 0; foreach( dbFetchAll( $sql ) as $row ) diff --git a/web/skins/classic/views/devices.php b/web/skins/classic/views/devices.php index 106f3d4a8..15100a4cd 100644 --- a/web/skins/classic/views/devices.php +++ b/web/skins/classic/views/devices.php @@ -24,7 +24,7 @@ if ( !canView( 'Devices' ) ) return; } -$sql = "select * from Devices where Type = 'X10' order by Name"; +$sql = "SELECT * FROM Devices WHERE Type = 'X10' ORDER BY Name"; $devices = array(); foreach( dbFetchAll( $sql ) as $row ) { diff --git a/web/skins/classic/views/event.php b/web/skins/classic/views/event.php index c4f23eb00..3d06f4c9e 100644 --- a/web/skins/classic/views/event.php +++ b/web/skins/classic/views/event.php @@ -33,7 +33,7 @@ else $midSql = ''; $sql = 'SELECT E.*,M.Name AS MonitorName,M.DefaultRate,M.DefaultScale FROM Events AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id WHERE E.Id = ?'.$midSql; -$event = dbFetchOne( $sql, NULL, array( $eid ) ); +$event = dbFetchOne( $sql, NULL, array($eid) ); if ( isset( $_REQUEST['rate'] ) ) $rate = validInt($_REQUEST['rate']); diff --git a/web/skins/classic/views/eventdetail.php b/web/skins/classic/views/eventdetail.php index e26be1a34..e9aa9a5a5 100644 --- a/web/skins/classic/views/eventdetail.php +++ b/web/skins/classic/views/eventdetail.php @@ -26,7 +26,7 @@ if ( !canEdit( 'Events' ) ) if ( isset($_REQUEST['eid']) ) { $mode = 'single'; $eid = validInt($_REQUEST['eid']); - $newEvent = dbFetchOne( 'SELECT E.* FROM Events AS E WHERE E.Id = ?', NULL, array( $eid ) ); + $newEvent = dbFetchOne( 'SELECT E.* FROM Events AS E WHERE E.Id = ?', NULL, array($eid) ); } elseif ( isset($_REQUEST['eids']) ) { $mode = 'multi'; $sql = 'SELECT E.* FROM Events AS E WHERE '; diff --git a/web/skins/classic/views/events.php b/web/skins/classic/views/events.php index 6e86e58af..46c3407fa 100644 --- a/web/skins/classic/views/events.php +++ b/web/skins/classic/views/events.php @@ -29,16 +29,13 @@ if ( !empty($_REQUEST['execute']) ) executeFilter( $tempFilterName ); } -$countSql = "select count(E.Id) as EventCount from Monitors as M inner join Events as E on (M.Id = E.MonitorId) where"; -$eventsSql = "select E.Id,E.MonitorId,M.Name As MonitorName,M.DefaultScale,E.Name,E.Width,E.Height,E.Cause,E.Notes,E.StartTime,E.Length,E.Frames,E.AlarmFrames,E.TotScore,E.AvgScore,E.MaxScore,E.Archived from Monitors as M inner join Events as E on (M.Id = E.MonitorId) where"; -if ( $user['MonitorIds'] ) -{ +$countSql = 'SELECT count(E.Id) AS EventCount FROM Monitors AS M INNER JOIN Events AS E ON (M.Id = E.MonitorId) WHERE'; +$eventsSql = 'SELECT E.Id,E.MonitorId,M.Name AS MonitorName,M.DefaultScale,E.Name,E.Width,E.Height,E.Cause,E.Notes,E.StartTime,E.Length,E.Frames,E.AlarmFrames,E.TotScore,E.AvgScore,E.MaxScore,E.Archived FROM Monitors AS M INNER JOIN Events AS E on (M.Id = E.MonitorId) WHERE'; +if ( $user['MonitorIds'] ) { $user_monitor_ids = " M.Id in (".join( ",", preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) ).")"; - $countSql .= $user_monitor_ids; - $eventsSql .= $user_monitor_ids; -} -else -{ + $countSql .= $user_monitor_ids; + $eventsSql .= $user_monitor_ids; +} else { $countSql .= " 1"; $eventsSql .= " 1"; } @@ -52,7 +49,7 @@ if ( $_REQUEST['filter']['sql'] ) $countSql .= $_REQUEST['filter']['sql']; $eventsSql .= $_REQUEST['filter']['sql']; } -$eventsSql .= " order by $sortColumn $sortOrder"; +$eventsSql .= " ORDER BY $sortColumn $sortOrder"; if ( isset($_REQUEST['page']) ) $page = validInt($_REQUEST['page']); @@ -69,18 +66,15 @@ if ( !empty($limit) && $nEvents > $limit ) $nEvents = $limit; } $pages = (int)ceil($nEvents/ZM_WEB_EVENTS_PER_PAGE); -if ( $pages > 1 ) -{ - if ( !empty($page) ) - { +if ( $pages > 1 ) { + if ( !empty($page) ) { if ( $page < 0 ) $page = 1; if ( $page > $pages ) $page = $pages; } } -if ( !empty($page) ) -{ +if ( !empty($page) ) { $limitStart = (($page-1)*ZM_WEB_EVENTS_PER_PAGE); if ( empty( $limit ) ) { @@ -92,10 +86,8 @@ if ( !empty($page) ) $limitAmount = ($limitLeft>ZM_WEB_EVENTS_PER_PAGE)?ZM_WEB_EVENTS_PER_PAGE:$limitLeft; } $eventsSql .= " limit $limitStart, $limitAmount"; -} -elseif ( !empty( $limit ) ) -{ - $eventsSql .= " limit 0, $limit"; +} elseif ( !empty( $limit ) ) { + $eventsSql .= " limit 0, ".$limit; } $maxWidth = 0; diff --git a/web/skins/classic/views/frame.php b/web/skins/classic/views/frame.php index 02577e4a3..c9c871fca 100644 --- a/web/skins/classic/views/frame.php +++ b/web/skins/classic/views/frame.php @@ -29,17 +29,14 @@ if ( !empty($_REQUEST['fid']) ) $fid = validInt($_REQUEST['fid']); $sql = 'SELECT E.*,M.Name AS MonitorName,M.DefaultScale FROM Events AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id WHERE E.Id = ?'; -$event = dbFetchOne( $sql, NULL, array( $eid ) ); +$event = dbFetchOne( $sql, NULL, array($eid) ); -if ( !empty($fid) ) -{ +if ( !empty($fid) ) { $sql = 'SELECT * FROM Frames WHERE EventId = ? AND FrameId = ?'; - if ( !($frame = dbFetchOne( $sql, NULL, array( $eid, $fid ) )) ) + if ( !($frame = dbFetchOne( $sql, NULL, array($eid, $fid) )) ) $frame = array( 'FrameId'=>$fid, 'Type'=>'Normal', 'Score'=>0 ); -} -else -{ - $frame = dbFetchOne( 'SELECT * FROM Frames WHERE EventId = ? AND Score = ?', null, array( $eid, $event['MaxScore'] ) ); +} else { + $frame = dbFetchOne( 'SELECT * FROM Frames WHERE EventId = ? AND Score = ?', NULL, array( $eid, $event['MaxScore'] ) ); } $maxFid = $event['Frames']; diff --git a/web/skins/classic/views/frames.php b/web/skins/classic/views/frames.php index 578b11b07..ec306a3f6 100644 --- a/web/skins/classic/views/frames.php +++ b/web/skins/classic/views/frames.php @@ -27,7 +27,7 @@ $sql = 'SELECT E.*,M.Name AS MonitorName FROM Events AS E INNER JOIN Monitors AS $event = dbFetchOne( $sql, NULL, array($_REQUEST['eid']) ); $sql = 'SELECT *, unix_timestamp( TimeStamp ) AS UnixTimeStamp FROM Frames WHERE EventID = ? ORDER BY FrameId'; -$frames = dbFetchAll( $sql, NULL, array( $_REQUEST['eid']) ); +$frames = dbFetchAll( $sql, NULL, array( $_REQUEST['eid'] ) ); $focusWindow = true; diff --git a/web/skins/flat/css/skin.css b/web/skins/flat/css/skin.css index bae1eb47f..4d2765597 100644 --- a/web/skins/flat/css/skin.css +++ b/web/skins/flat/css/skin.css @@ -1,5 +1,5 @@ /* - * ZoneMinder Base Stylesheet, $Date: 2011-06-23 22:53:45 +0100 (Thu, 23 Jun 2011) $, $Revision: 3462 $ + * ZoneMinder Base Stylesheet, $Date$, $Revision$ * Copyright (C) 2001-2008 Philip Coombes * * This program is free software; you can redistribute it and/or diff --git a/web/skins/flat/includes/export_functions.php b/web/skins/flat/includes/export_functions.php index c5055fee1..15625a4de 100644 --- a/web/skins/flat/includes/export_functions.php +++ b/web/skins/flat/includes/export_functions.php @@ -596,8 +596,8 @@ function exportEventImagesMaster( $eids ) "", "Name" => "New Device", diff --git a/web/skins/flat/views/events.php b/web/skins/flat/views/events.php index 80d43896b..46c3407fa 100644 --- a/web/skins/flat/views/events.php +++ b/web/skins/flat/views/events.php @@ -31,10 +31,10 @@ if ( !empty($_REQUEST['execute']) ) $countSql = 'SELECT count(E.Id) AS EventCount FROM Monitors AS M INNER JOIN Events AS E ON (M.Id = E.MonitorId) WHERE'; $eventsSql = 'SELECT E.Id,E.MonitorId,M.Name AS MonitorName,M.DefaultScale,E.Name,E.Width,E.Height,E.Cause,E.Notes,E.StartTime,E.Length,E.Frames,E.AlarmFrames,E.TotScore,E.AvgScore,E.MaxScore,E.Archived FROM Monitors AS M INNER JOIN Events AS E on (M.Id = E.MonitorId) WHERE'; -if ( $user['MonitorIds'] ) -{ - $countSql .= " M.Id in (".join( ",", preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) ).")"; - $eventsSql .= " M.Id in (".join( ",", preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) ).")"; +if ( $user['MonitorIds'] ) { + $user_monitor_ids = " M.Id in (".join( ",", preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) ).")"; + $countSql .= $user_monitor_ids; + $eventsSql .= $user_monitor_ids; } else { $countSql .= " 1"; $eventsSql .= " 1"; diff --git a/web/skins/flat/views/frames.php b/web/skins/flat/views/frames.php index 99baca67e..ec306a3f6 100644 --- a/web/skins/flat/views/frames.php +++ b/web/skins/flat/views/frames.php @@ -27,7 +27,7 @@ $sql = 'SELECT E.*,M.Name AS MonitorName FROM Events AS E INNER JOIN Monitors AS $event = dbFetchOne( $sql, NULL, array($_REQUEST['eid']) ); $sql = 'SELECT *, unix_timestamp( TimeStamp ) AS UnixTimeStamp FROM Frames WHERE EventID = ? ORDER BY FrameId'; -$frames = dbFetchAll( $sql, NULL, array($_REQUEST['eid']) ); +$frames = dbFetchAll( $sql, NULL, array( $_REQUEST['eid'] ) ); $focusWindow = true; diff --git a/web/skins/flat/views/monitor.php b/web/skins/flat/views/monitor.php index b4be02abb..62fe8c5d6 100644 --- a/web/skins/flat/views/monitor.php +++ b/web/skins/flat/views/monitor.php @@ -44,7 +44,7 @@ if ( !empty($_REQUEST['mid']) ) { $monitor = dbFetchMonitor( $_REQUEST['mid'] ); if ( ZM_OPT_X10 ) - $x10Monitor = dbFetchOne( "select * from TriggersX10 where MonitorId = '".dbEscape($_REQUEST['mid'])."'" ); + $x10Monitor = dbFetchOne( 'SELECT * FROM TriggersX10 WHERE MonitorId = ?', NULL, array($_REQUEST['mid']) ); } else { @@ -143,7 +143,7 @@ if ( $newMonitor['AlarmMaxFPS'] == '0.00' ) if ( !empty($_REQUEST['preset']) ) { - $preset = dbFetchOne( "select Type, Device, Channel, Format, Protocol, Method, Host, Port, Path, Width, Height, Palette, MaxFPS, Controllable, ControlId, ControlDevice, ControlAddress, DefaultRate, DefaultScale from MonitorPresets where Id = '".dbEscape($_REQUEST['preset'])."'" ); + $preset = dbFetchOne( 'SELECT Type, Device, Channel, Format, Protocol, Method, Host, Port, Path, Width, Height, Palette, MaxFPS, Controllable, ControlId, ControlDevice, ControlAddress, DefaultRate, DefaultScale FROM MonitorPresets WHERE Id = ?', NULL, array($_REQUEST['preset']) ); foreach ( $preset as $name=>$value ) { if ( isset($value) ) diff --git a/web/skins/flat/views/montage.php b/web/skins/flat/views/montage.php index 2362a7fad..c34ad068a 100644 --- a/web/skins/flat/views/montage.php +++ b/web/skins/flat/views/montage.php @@ -27,12 +27,12 @@ if ( !canView( 'Stream' ) ) $groupSql = ""; if ( !empty($_REQUEST['group']) ) { - $sql = "select * from Groups where Id = '".dbEscape($_REQUEST['group'])."'"; - $row = dbFetchOne( $sql ); - $groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )"; + $row = dbFetchOne( 'select * from Groups where Id = ?', NULL, array($_REQUEST['group']) ); + $sql = "select * from Monitors where Function != 'None' and find_in_set( Id, '".$row['MonitorIds']."' ) order by Sequence"; +} else { + $sql = "select * from Monitors where Function != 'None' order by Sequence"; } -$sql = "select * from Monitors where Function != 'None'$groupSql order by Sequence"; $maxWidth = 0; $maxHeight = 0; $showControl = false; @@ -70,11 +70,11 @@ foreach( dbFetchAll( $sql ) as $row ) $focusWindow = true; $layouts = array( - 'montage_freeform.css' => 'Default', - 'montage_2wide.css' => '2-wide grid', - 'montage_3wide.css' => '3-wide grid', - 'montage_4wide.css' => '4-wide grid', - 'montage_3wide50enlarge.css' => '3-wide grid, scaled, enlarge on alarm', + 'montage_freeform.css' => $SLANG['MtgDefault'], + 'montage_2wide.css' => $SLANG['Mtg2widgrd'], + 'montage_3wide.css' => $SLANG['Mtg3widgrd'], + 'montage_4wide.css' => $SLANG['Mtg4widgrd'], + 'montage_3wide50enlarge.css' => $SLANG['Mtg3widgrx'], ); if ( isset($_COOKIE['zmMontageLayout']) ) diff --git a/web/skins/flat/views/plugin.php b/web/skins/flat/views/plugin.php index 91795be77..ee8819dbd 100644 --- a/web/skins/flat/views/plugin.php +++ b/web/skins/flat/views/plugin.php @@ -29,15 +29,14 @@ $mid = validInt($_REQUEST['mid']); $zid = !empty($_REQUEST['zid'])?validInt($_REQUEST['zid']):0; -if ( $zid > 0 ) -{ - $newZone = dbFetchOne( "select * from Zones where MonitorId = '".dbEscape($mid)."' and Id = '".dbEscape($zid)."'" ); +if ( $zid > 0 ) { + $newZone = dbFetchOne( 'SELECT * FROM Zones WHERE MonitorId = ? AND Id = ?', NULL, array( $mid, $zid) ); } else { $view = "error"; return; } $monitor = dbFetchMonitor ( $mid ); -$plugin = dbEscape($_REQUEST['pl']); +$plugin = $_REQUEST['pl']; $plugin_path = dirname(ZM_PLUGINS_CONFIG_PATH)."/".$plugin; @@ -61,8 +60,8 @@ if(file_exists($plugin_path."/config.php")) include_once($plugin_path."/config.php"); } -$sql="SELECT * FROM PluginsConfig WHERE MonitorId=$mid AND ZoneId=$zid AND pluginName='$plugin'"; -foreach( dbFetchAll( $sql ) as $popt ) +$sql='SELECT * FROM PluginsConfig WHERE MonitorId=? AND ZoneId=? AND pluginName=?'; +foreach( dbFetchAll( $sql, NULL, array( $mid, $zid, $plugin ) ) as $popt ) { if(array_key_exists($popt['Name'], $pluginOptions) && $popt['Type']==$pluginOptions[$popt['Name']]['Type'] @@ -72,7 +71,7 @@ foreach( dbFetchAll( $sql ) as $popt ) $pluginOptions[$popt['Name']]=$popt; array_push($optionNames, $popt['Name']); } else { - dbQuery("DELETE from PluginsConfig WHERE Id=".$popt['Id']); + dbQuery('DELETE FROM PluginsConfig WHERE Id=?', array( $popt['Id'] ) ); } } foreach($pluginOptions as $name => $values) @@ -80,10 +79,8 @@ foreach($pluginOptions as $name => $values) if(!in_array($name, $optionNames)) { $popt=$pluginOptions[$name]; - $sql="INSERT INTO PluginsConfig VALUES - ('','".dbEscape($popt['Name'])."','".dbEscape($popt['Value'])."', - '".dbEscape($popt['Type'])."','".dbEscape($popt['Choices'])."','$mid','$zid','$plugin')"; - dbQuery($sql); + $sql="INSERT INTO PluginsConfig VALUES ('',?,?,?,?,?,?,?)"; + dbQuery($sql, array( $popt['Name'], $popt['Value'], $popt['Type'], $popt['Choices'], $mid, $zid, $plugin ) ); } } diff --git a/web/skins/flat/views/stats.php b/web/skins/flat/views/stats.php index a1668bc8e..07b5e7088 100644 --- a/web/skins/flat/views/stats.php +++ b/web/skins/flat/views/stats.php @@ -27,8 +27,8 @@ if ( !canView( 'Events' ) ) $eid = validInt($_REQUEST['eid']); $fid = validInt($_REQUEST['fid']); -$sql = "select S.*,E.*,Z.Name as ZoneName,Z.Units,Z.Area,M.Name as MonitorName from Stats as S left join Events as E on S.EventId = E.Id left join Zones as Z on S.ZoneId = Z.Id left join Monitors as M on E.MonitorId = M.Id where S.EventId = '".dbEscape($eid)."' and S.FrameId = '".dbEscape($fid)."' order by S.ZoneId"; -$stats = dbFetchAll( $sql ); +$sql = 'SELECT S.*,E.*,Z.Name AS ZoneName,Z.Units,Z.Area,M.Name AS MonitorName FROM Stats AS S LEFT JOIN Events AS E ON S.EventId = E.Id LEFT JOIN Zones AS Z ON S.ZoneId = Z.Id LEFT JOIN Monitors AS M ON E.MonitorId = M.Id WHERE S.EventId = ? AND S.FrameId = ? ORDER BY S.ZoneId'; +$stats = dbFetchAll( $sql, NULL, array( $eid, $fid ) ); $focusWindow = true; diff --git a/web/skins/flat/views/timeline.php b/web/skins/flat/views/timeline.php index d137b8bfd..22c61d638 100644 --- a/web/skins/flat/views/timeline.php +++ b/web/skins/flat/views/timeline.php @@ -382,8 +382,8 @@ foreach( dbFetchAll( $eventsSql ) as $event ) { if ( $startIndex == $endIndex ) { - $framesSql = "select FrameId,Score from Frames where EventId = '".$event['Id']."' and Score > 0 order by Score desc limit 1"; - $frame = dbFetchOne( $framesSql ); + $framesSql = "select FrameId,Score from Frames where EventId = ? and Score > 0 order by Score desc limit 1"; + $frame = dbFetchOne( $framesSql, NULL, array($event['Id']) ); $i = $startIndex; if ( !isset($currFrameSlots[$i]) ) @@ -407,8 +407,8 @@ foreach( dbFetchAll( $eventsSql ) as $event ) } else { - $framesSql = "select FrameId,Delta,unix_timestamp(TimeStamp) as TimeT,Score from Frames where EventId = '".$event['Id']."' and Score > 0"; - $result = dbQuery( $framesSql ); + $framesSql = "select FrameId,Delta,unix_timestamp(TimeStamp) as TimeT,Score from Frames where EventId = ? and Score > 0"; + $result = dbQuery( $framesSql, array( $event['Id'] ) ); while( $frame = dbFetchNext( $result ) ) { if ( $frame['Score'] == 0 ) @@ -462,8 +462,8 @@ if ( false ) { if ( !isset($currFrameSlots[$i]['frame']) ) { - $framesSql = "select FrameId,Score from Frames where EventId = '".$currFrameSlots[$i]['event']['Id']."' and Score > 0 order by FrameId limit 1"; - $currFrameSlots[$i]['frame'] = dbFetchOne( $framesSql ); + $framesSql = "select FrameId,Score from Frames where EventId = ? and Score > 0 order by FrameId limit 1"; + $currFrameSlots[$i]['frame'] = dbFetchOne( $framesSql, NULL, array( $currFrameSlots[$i]['event']['Id'] ) ); } } } @@ -818,11 +818,11 @@ xhtmlHeaders(__FILE__, $SLANG['Timeline'] );
-

Pass your mouse over the graph to view a snapshot image and event details.

-

Click on the coloured sections of the graph, or the image, to view the event.

-

Click on the background to zoom in to a smaller time period based around your click.

-

Use the controls below to zoom out or navigate back and forward through the time range.

-
+

+

+

+

+
diff --git a/web/skins/flat/views/user.php b/web/skins/flat/views/user.php index 55c7d9514..091ca3309 100644 --- a/web/skins/flat/views/user.php +++ b/web/skins/flat/views/user.php @@ -25,9 +25,7 @@ if ( !canEdit( 'System' ) && !$selfEdit ) $view = "error"; return; } -$sql = "select * from Users where Id = '".dbEscape($_REQUEST['uid'])."'"; -if ( !($newUser = dbFetchOne( $sql )) ) -{ +if ( !($newUser = dbFetchOne( 'SELECT * FROM Users WHERE Id = ?', NULL, $_REQUEST['uid']) ) ); { $newUser = array(); $newUser['Username'] = $SLANG['NewUser']; $newUser['Enabled'] = 1; diff --git a/web/skins/flat/views/video.php b/web/skins/flat/views/video.php index a34037aea..9ff0e6a5e 100644 --- a/web/skins/flat/views/video.php +++ b/web/skins/flat/views/video.php @@ -29,8 +29,8 @@ if ( !empty($user['MonitorIds']) ) else $midSql = ''; -$sql = "select E.*,M.Name as MonitorName,M.DefaultRate,M.DefaultScale from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = ".dbEscape($_REQUEST['eid']).$midSql; -$event = dbFetchOne( $sql ); +$sql = 'SELECT E.*,M.Name AS MonitorName,M.DefaultRate,M.DefaultScale FROM Events AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id WHERE E.Id = ?'.$midSql; +$event = dbFetchOne( $sql, NULL, array( $_REQUEST['eid'] ) ); if ( isset( $_REQUEST['rate'] ) ) $rate = validInt($_REQUEST['rate']); diff --git a/web/skins/flat/views/watch.php b/web/skins/flat/views/watch.php index eded86d0d..baad13323 100644 --- a/web/skins/flat/views/watch.php +++ b/web/skins/flat/views/watch.php @@ -24,8 +24,8 @@ if ( !canView( 'Stream' ) ) return; } -$sql = "select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = '".dbEscape($_REQUEST['mid'])."'"; -$monitor = dbFetchOne( $sql ); +$sql = 'SELECT C.*, M.* FROM Monitors AS M LEFT JOIN Controls AS C ON (M.ControlId = C.Id ) WHERE M.Id = ?'; +$monitor = dbFetchOne( $sql, NULL, array($_REQUEST['mid']) ); if ( isset($_REQUEST['showControls']) ) $showControls = validInt($_REQUEST['showControls']); diff --git a/web/skins/flat/views/zone.php b/web/skins/flat/views/zone.php index f7b917e26..0a3ca0a1e 100644 --- a/web/skins/flat/views/zone.php +++ b/web/skins/flat/views/zone.php @@ -70,7 +70,7 @@ if ( !isset($newZone) ) { if ( $zid > 0 ) { - $zone = dbFetchOne( "select * from Zones where MonitorId = '".dbEscape($monitor['Id'])."' and Id = '".dbEscape($zid)."'" ); + $zone = dbFetchOne( 'SELECT * FROM Zones WHERE MonitorId = ? AND Id=?', NULL, array( $monitor['Id'], $zid ) ); } else { diff --git a/web/skins/flat/views/zones.php b/web/skins/flat/views/zones.php index 3089c9ad3..76d249b61 100644 --- a/web/skins/flat/views/zones.php +++ b/web/skins/flat/views/zones.php @@ -32,9 +32,8 @@ chdir( $wd ); $monitor = dbFetchMonitor( $mid ); -$sql = "select * from Zones where MonitorId = '".$mid."' order by Area desc"; $zones = array(); -foreach( dbFetchAll( $sql ) as $row ) +foreach( dbFetchAll( 'select * from Zones where MonitorId = ? order by Area desc', NULL, array($mid) ) as $row ) { if ( $row['Points'] = coordsToPoints( $row['Coords'] ) ) {