remove extra quoets since dbEcape does quoting now
This commit is contained in:
parent
92d22b5202
commit
36c4fad644
|
@ -31,9 +31,7 @@ function dbConnect()
|
|||
global $dbConn;
|
||||
|
||||
try {
|
||||
#$dbConn = mysql_pconnect( ZM_DB_HOST, ZM_DB_USER, ZM_DB_PASS ) or die( "Could not connect to database: ".mysql_error() );
|
||||
$dbConn = new PDO( ZM_DB_TYPE . ':host=' . ZM_DB_HOST . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS ) or die( "Could not connect to database: ".mysql_error() );
|
||||
#mysql_select_db( ZM_DB_NAME, $dbConn ) or die( "Could not select database: ".mysql_error() );
|
||||
$dbConn = new PDO( ZM_DB_TYPE . ':host=' . ZM_DB_HOST . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS );
|
||||
} catch(PDOException $ex ) {
|
||||
echo "Unable to connect to ZM db." . $ex->getMessage();
|
||||
}
|
||||
|
@ -86,16 +84,17 @@ function dbError( $sql )
|
|||
|
||||
function dbEscape( $string )
|
||||
{
|
||||
global $dbConn;
|
||||
if ( version_compare( phpversion(), "4.3.0", "<") )
|
||||
if ( get_magic_quotes_gpc() )
|
||||
return( mysql_escape_string( stripslashes( $string ) ) );
|
||||
return( $dbConn->quote( stripslashes( $string ) ) );
|
||||
else
|
||||
return( mysql_escape_string( $string ) );
|
||||
return( $dbConn->quote( $string ) );
|
||||
else
|
||||
if ( get_magic_quotes_gpc() )
|
||||
return( mysql_real_escape_string( stripslashes( $string ) ) );
|
||||
return( $dbConn->quote( stripslashes( $string ) ) );
|
||||
else
|
||||
return( mysql_real_escape_string( $string ) );
|
||||
return( $dbConn->quote( $string ) );
|
||||
}
|
||||
|
||||
function dbQuery( $sql )
|
||||
|
|
|
@ -681,7 +681,7 @@ function getFormChanges( $values, $newValues, $types=false, $columns=false )
|
|||
{
|
||||
if ( join(',',$newValues[$key]) != $values[$key] )
|
||||
{
|
||||
$changes[$key] = "$key = '".dbEscape(join(',',$newValues[$key]))."'";
|
||||
$changes[$key] = "$key = ".dbEscape(join(',',$newValues[$key]));
|
||||
}
|
||||
}
|
||||
elseif ( $values[$key] )
|
||||
|
@ -701,12 +701,12 @@ function getFormChanges( $values, $newValues, $types=false, $columns=false )
|
|||
$changes[$key.'Size'] = $key."Size = ".$newValues[$key]['size'];
|
||||
ob_start();
|
||||
readfile( $newValues[$key]['tmp_name'] );
|
||||
$changes[$key] = $key." = '".dbEscape( ob_get_contents() )."'";
|
||||
$changes[$key] = $key." = ".dbEscape( ob_get_contents() );
|
||||
ob_end_clean();
|
||||
}
|
||||
else
|
||||
{
|
||||
$changes[$key] = "$key = '".dbEscape($value)."'";
|
||||
$changes[$key] = "$key = ".dbEscape($value);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
@ -719,18 +719,18 @@ function getFormChanges( $values, $newValues, $types=false, $columns=false )
|
|||
$changes[$key.'Size'] = $key."Size = ".$newValues[$key]['size'];
|
||||
ob_start();
|
||||
readfile( $newValues[$key]['tmp_name'] );
|
||||
$changes[$key] = $key." = '".dbEscape( ob_get_contents() )."'";
|
||||
$changes[$key] = $key." = ".dbEscape( ob_get_contents() );
|
||||
ob_end_clean();
|
||||
}
|
||||
else
|
||||
{
|
||||
$changes[$key] = "$key = '".dbEscape($value)."'";
|
||||
$changes[$key] = "$key = ".dbEscape($value);
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 'file' :
|
||||
{
|
||||
$changes[$key.'Type'] = $key."Type = '".dbEscape($newValues[$key]['type'])."'";
|
||||
$changes[$key.'Type'] = $key."Type = ".dbEscape($newValues[$key]['type']);
|
||||
$changes[$key.'Size'] = $key."Size = ".dbEscape($newValues[$key]['size']);
|
||||
ob_start();
|
||||
readfile( $newValues[$key]['tmp_name'] );
|
||||
|
@ -750,7 +750,7 @@ function getFormChanges( $values, $newValues, $types=false, $columns=false )
|
|||
{
|
||||
if ( !isset($values[$key]) || ($values[$key] != $value) )
|
||||
{
|
||||
$changes[$key] = "$key = '".dbEscape($value)."'";
|
||||
$changes[$key] = "$key = ".dbEscape($value);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
@ -978,7 +978,7 @@ function zmaControl( $monitor, $mode=false )
|
|||
{
|
||||
if ( !is_array( $monitor ) )
|
||||
{
|
||||
$sql = "select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = '".dbEscape($monitor)."'";
|
||||
$sql = "select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = ".dbEscape($monitor);
|
||||
$monitor = dbFetchOne( $sql );
|
||||
}
|
||||
if ( !$monitor || $monitor['Function'] == 'None' || $monitor['Function'] == 'Monitor' || $mode == "stop" )
|
||||
|
@ -1394,7 +1394,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
|
|||
switch ( $filter['terms'][$i]['attr'] )
|
||||
{
|
||||
case 'MonitorName':
|
||||
$filter['sql'] .= 'M.'.dbEscape(preg_replace( '/^Monitor/', '', $filter['terms'][$i]['attr'] ));
|
||||
$filter['sql'] .= dbEscape('M.'.preg_replace( '/^Monitor/', '', $filter['terms'][$i]['attr'] ));
|
||||
break;
|
||||
case 'DateTime':
|
||||
$filter['sql'] .= "E.StartTime";
|
||||
|
@ -1420,7 +1420,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
|
|||
case 'Cause':
|
||||
case 'Notes':
|
||||
case 'Archived':
|
||||
$filter['sql'] .= "E.".dbEscape($filter['terms'][$i]['attr']);
|
||||
$filter['sql'] .= dbEscape('E.'.$filter['terms'][$i]['attr']);
|
||||
break;
|
||||
case 'DiskPercent':
|
||||
$filter['sql'] .= getDiskPercent();
|
||||
|
@ -1441,7 +1441,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
|
|||
case 'Name':
|
||||
case 'Cause':
|
||||
case 'Notes':
|
||||
$value = "'".dbEscape($value)."'";
|
||||
$value = dbEscape($value);
|
||||
break;
|
||||
case 'DateTime':
|
||||
$value = "'".strftime( STRF_FMT_DATETIME_DB, strtotime( $value ) )."'";
|
||||
|
@ -1467,7 +1467,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
|
|||
case '>' :
|
||||
case '<' :
|
||||
case '<=' :
|
||||
$filter['sql'] .= " ".dbEscape($filter['terms'][$i]['op'])." $value";
|
||||
$filter['sql'] .= " ".$filter['terms'][$i]['op']." $value";
|
||||
break;
|
||||
case '=~' :
|
||||
$filter['sql'] .= " regexp ".$value;
|
||||
|
|
|
@ -464,8 +464,8 @@ class Logger
|
|||
try {
|
||||
global $dbCon;
|
||||
$sql = "INSERT INTO Logs ( TimeKey, Component, Pid, Level, Code, Message, File, Line ) values ( ?, ?, ?, ?, ?, ?, ?, ? )";
|
||||
$stmt = $dbCon->prepare( $sql );
|
||||
$result = $dbCon->execute( array( sprintf( "%d.%06d", $time['sec'], $time['usec'] ), .dbEscape($this->id), getmypid(), dbEscape($level), dbEscape($code), dbEscape($string), $dbFile, $dbLine ) );
|
||||
$stmt = $dbConn->prepare( $sql );
|
||||
$result = $stmt->execute( array( sprintf( "%d.%06d", $time['sec'], $time['usec'] ), dbEscape($this->id), getmypid(), dbEscape($level), dbEscape($code), dbEscape($string), $dbFile, $dbLine ) );
|
||||
} catch(PDOException $ex) {
|
||||
$this->databaseLevel = self::NOLOG;
|
||||
Fatal( "Can't write log entry '$sql': ". $ex->getMessage() );
|
||||
|
|
|
@ -27,7 +27,7 @@ if ( !canView( 'Stream' ) )
|
|||
$groupSql = "";
|
||||
if ( !empty($_REQUEST['group']) )
|
||||
{
|
||||
$sql = "select * from Groups where Id = '".dbEscape($_REQUEST['group'])."'";
|
||||
$sql = "select * from Groups where Id = ".dbEscape($_REQUEST['group']);
|
||||
$row = dbFetchOne( $sql );
|
||||
$groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )";
|
||||
}
|
||||
|
|
|
@ -70,7 +70,7 @@ if ( !isset($newZone) )
|
|||
{
|
||||
if ( $zid > 0 )
|
||||
{
|
||||
$zone = dbFetchOne( "select * from Zones where MonitorId = '".dbEscape($monitor['Id'])."' and Id = '".dbEscape($zid)."'" );
|
||||
$zone = dbFetchOne( "select * from Zones where MonitorId = ".dbEscape($monitor['Id'])." and Id = ".dbEscape($zid) );
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue