remove extra quoets since dbEcape does quoting now
This commit is contained in:
parent
92d22b5202
commit
36c4fad644
|
@ -31,9 +31,7 @@ function dbConnect()
|
||||||
global $dbConn;
|
global $dbConn;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
#$dbConn = mysql_pconnect( ZM_DB_HOST, ZM_DB_USER, ZM_DB_PASS ) or die( "Could not connect to database: ".mysql_error() );
|
$dbConn = new PDO( ZM_DB_TYPE . ':host=' . ZM_DB_HOST . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS );
|
||||||
$dbConn = new PDO( ZM_DB_TYPE . ':host=' . ZM_DB_HOST . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS ) or die( "Could not connect to database: ".mysql_error() );
|
|
||||||
#mysql_select_db( ZM_DB_NAME, $dbConn ) or die( "Could not select database: ".mysql_error() );
|
|
||||||
} catch(PDOException $ex ) {
|
} catch(PDOException $ex ) {
|
||||||
echo "Unable to connect to ZM db." . $ex->getMessage();
|
echo "Unable to connect to ZM db." . $ex->getMessage();
|
||||||
}
|
}
|
||||||
|
@ -86,16 +84,17 @@ function dbError( $sql )
|
||||||
|
|
||||||
function dbEscape( $string )
|
function dbEscape( $string )
|
||||||
{
|
{
|
||||||
|
global $dbConn;
|
||||||
if ( version_compare( phpversion(), "4.3.0", "<") )
|
if ( version_compare( phpversion(), "4.3.0", "<") )
|
||||||
if ( get_magic_quotes_gpc() )
|
if ( get_magic_quotes_gpc() )
|
||||||
return( mysql_escape_string( stripslashes( $string ) ) );
|
return( $dbConn->quote( stripslashes( $string ) ) );
|
||||||
else
|
else
|
||||||
return( mysql_escape_string( $string ) );
|
return( $dbConn->quote( $string ) );
|
||||||
else
|
else
|
||||||
if ( get_magic_quotes_gpc() )
|
if ( get_magic_quotes_gpc() )
|
||||||
return( mysql_real_escape_string( stripslashes( $string ) ) );
|
return( $dbConn->quote( stripslashes( $string ) ) );
|
||||||
else
|
else
|
||||||
return( mysql_real_escape_string( $string ) );
|
return( $dbConn->quote( $string ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
function dbQuery( $sql )
|
function dbQuery( $sql )
|
||||||
|
|
|
@ -681,7 +681,7 @@ function getFormChanges( $values, $newValues, $types=false, $columns=false )
|
||||||
{
|
{
|
||||||
if ( join(',',$newValues[$key]) != $values[$key] )
|
if ( join(',',$newValues[$key]) != $values[$key] )
|
||||||
{
|
{
|
||||||
$changes[$key] = "$key = '".dbEscape(join(',',$newValues[$key]))."'";
|
$changes[$key] = "$key = ".dbEscape(join(',',$newValues[$key]));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
elseif ( $values[$key] )
|
elseif ( $values[$key] )
|
||||||
|
@ -701,12 +701,12 @@ function getFormChanges( $values, $newValues, $types=false, $columns=false )
|
||||||
$changes[$key.'Size'] = $key."Size = ".$newValues[$key]['size'];
|
$changes[$key.'Size'] = $key."Size = ".$newValues[$key]['size'];
|
||||||
ob_start();
|
ob_start();
|
||||||
readfile( $newValues[$key]['tmp_name'] );
|
readfile( $newValues[$key]['tmp_name'] );
|
||||||
$changes[$key] = $key." = '".dbEscape( ob_get_contents() )."'";
|
$changes[$key] = $key." = ".dbEscape( ob_get_contents() );
|
||||||
ob_end_clean();
|
ob_end_clean();
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$changes[$key] = "$key = '".dbEscape($value)."'";
|
$changes[$key] = "$key = ".dbEscape($value);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -719,18 +719,18 @@ function getFormChanges( $values, $newValues, $types=false, $columns=false )
|
||||||
$changes[$key.'Size'] = $key."Size = ".$newValues[$key]['size'];
|
$changes[$key.'Size'] = $key."Size = ".$newValues[$key]['size'];
|
||||||
ob_start();
|
ob_start();
|
||||||
readfile( $newValues[$key]['tmp_name'] );
|
readfile( $newValues[$key]['tmp_name'] );
|
||||||
$changes[$key] = $key." = '".dbEscape( ob_get_contents() )."'";
|
$changes[$key] = $key." = ".dbEscape( ob_get_contents() );
|
||||||
ob_end_clean();
|
ob_end_clean();
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$changes[$key] = "$key = '".dbEscape($value)."'";
|
$changes[$key] = "$key = ".dbEscape($value);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case 'file' :
|
case 'file' :
|
||||||
{
|
{
|
||||||
$changes[$key.'Type'] = $key."Type = '".dbEscape($newValues[$key]['type'])."'";
|
$changes[$key.'Type'] = $key."Type = ".dbEscape($newValues[$key]['type']);
|
||||||
$changes[$key.'Size'] = $key."Size = ".dbEscape($newValues[$key]['size']);
|
$changes[$key.'Size'] = $key."Size = ".dbEscape($newValues[$key]['size']);
|
||||||
ob_start();
|
ob_start();
|
||||||
readfile( $newValues[$key]['tmp_name'] );
|
readfile( $newValues[$key]['tmp_name'] );
|
||||||
|
@ -750,7 +750,7 @@ function getFormChanges( $values, $newValues, $types=false, $columns=false )
|
||||||
{
|
{
|
||||||
if ( !isset($values[$key]) || ($values[$key] != $value) )
|
if ( !isset($values[$key]) || ($values[$key] != $value) )
|
||||||
{
|
{
|
||||||
$changes[$key] = "$key = '".dbEscape($value)."'";
|
$changes[$key] = "$key = ".dbEscape($value);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -978,7 +978,7 @@ function zmaControl( $monitor, $mode=false )
|
||||||
{
|
{
|
||||||
if ( !is_array( $monitor ) )
|
if ( !is_array( $monitor ) )
|
||||||
{
|
{
|
||||||
$sql = "select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = '".dbEscape($monitor)."'";
|
$sql = "select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = ".dbEscape($monitor);
|
||||||
$monitor = dbFetchOne( $sql );
|
$monitor = dbFetchOne( $sql );
|
||||||
}
|
}
|
||||||
if ( !$monitor || $monitor['Function'] == 'None' || $monitor['Function'] == 'Monitor' || $mode == "stop" )
|
if ( !$monitor || $monitor['Function'] == 'None' || $monitor['Function'] == 'Monitor' || $mode == "stop" )
|
||||||
|
@ -1394,7 +1394,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
|
||||||
switch ( $filter['terms'][$i]['attr'] )
|
switch ( $filter['terms'][$i]['attr'] )
|
||||||
{
|
{
|
||||||
case 'MonitorName':
|
case 'MonitorName':
|
||||||
$filter['sql'] .= 'M.'.dbEscape(preg_replace( '/^Monitor/', '', $filter['terms'][$i]['attr'] ));
|
$filter['sql'] .= dbEscape('M.'.preg_replace( '/^Monitor/', '', $filter['terms'][$i]['attr'] ));
|
||||||
break;
|
break;
|
||||||
case 'DateTime':
|
case 'DateTime':
|
||||||
$filter['sql'] .= "E.StartTime";
|
$filter['sql'] .= "E.StartTime";
|
||||||
|
@ -1420,7 +1420,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
|
||||||
case 'Cause':
|
case 'Cause':
|
||||||
case 'Notes':
|
case 'Notes':
|
||||||
case 'Archived':
|
case 'Archived':
|
||||||
$filter['sql'] .= "E.".dbEscape($filter['terms'][$i]['attr']);
|
$filter['sql'] .= dbEscape('E.'.$filter['terms'][$i]['attr']);
|
||||||
break;
|
break;
|
||||||
case 'DiskPercent':
|
case 'DiskPercent':
|
||||||
$filter['sql'] .= getDiskPercent();
|
$filter['sql'] .= getDiskPercent();
|
||||||
|
@ -1441,7 +1441,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
|
||||||
case 'Name':
|
case 'Name':
|
||||||
case 'Cause':
|
case 'Cause':
|
||||||
case 'Notes':
|
case 'Notes':
|
||||||
$value = "'".dbEscape($value)."'";
|
$value = dbEscape($value);
|
||||||
break;
|
break;
|
||||||
case 'DateTime':
|
case 'DateTime':
|
||||||
$value = "'".strftime( STRF_FMT_DATETIME_DB, strtotime( $value ) )."'";
|
$value = "'".strftime( STRF_FMT_DATETIME_DB, strtotime( $value ) )."'";
|
||||||
|
@ -1467,7 +1467,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' )
|
||||||
case '>' :
|
case '>' :
|
||||||
case '<' :
|
case '<' :
|
||||||
case '<=' :
|
case '<=' :
|
||||||
$filter['sql'] .= " ".dbEscape($filter['terms'][$i]['op'])." $value";
|
$filter['sql'] .= " ".$filter['terms'][$i]['op']." $value";
|
||||||
break;
|
break;
|
||||||
case '=~' :
|
case '=~' :
|
||||||
$filter['sql'] .= " regexp ".$value;
|
$filter['sql'] .= " regexp ".$value;
|
||||||
|
|
|
@ -464,8 +464,8 @@ class Logger
|
||||||
try {
|
try {
|
||||||
global $dbCon;
|
global $dbCon;
|
||||||
$sql = "INSERT INTO Logs ( TimeKey, Component, Pid, Level, Code, Message, File, Line ) values ( ?, ?, ?, ?, ?, ?, ?, ? )";
|
$sql = "INSERT INTO Logs ( TimeKey, Component, Pid, Level, Code, Message, File, Line ) values ( ?, ?, ?, ?, ?, ?, ?, ? )";
|
||||||
$stmt = $dbCon->prepare( $sql );
|
$stmt = $dbConn->prepare( $sql );
|
||||||
$result = $dbCon->execute( array( sprintf( "%d.%06d", $time['sec'], $time['usec'] ), .dbEscape($this->id), getmypid(), dbEscape($level), dbEscape($code), dbEscape($string), $dbFile, $dbLine ) );
|
$result = $stmt->execute( array( sprintf( "%d.%06d", $time['sec'], $time['usec'] ), dbEscape($this->id), getmypid(), dbEscape($level), dbEscape($code), dbEscape($string), $dbFile, $dbLine ) );
|
||||||
} catch(PDOException $ex) {
|
} catch(PDOException $ex) {
|
||||||
$this->databaseLevel = self::NOLOG;
|
$this->databaseLevel = self::NOLOG;
|
||||||
Fatal( "Can't write log entry '$sql': ". $ex->getMessage() );
|
Fatal( "Can't write log entry '$sql': ". $ex->getMessage() );
|
||||||
|
|
|
@ -27,7 +27,7 @@ if ( !canView( 'Stream' ) )
|
||||||
$groupSql = "";
|
$groupSql = "";
|
||||||
if ( !empty($_REQUEST['group']) )
|
if ( !empty($_REQUEST['group']) )
|
||||||
{
|
{
|
||||||
$sql = "select * from Groups where Id = '".dbEscape($_REQUEST['group'])."'";
|
$sql = "select * from Groups where Id = ".dbEscape($_REQUEST['group']);
|
||||||
$row = dbFetchOne( $sql );
|
$row = dbFetchOne( $sql );
|
||||||
$groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )";
|
$groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )";
|
||||||
}
|
}
|
||||||
|
|
|
@ -70,7 +70,7 @@ if ( !isset($newZone) )
|
||||||
{
|
{
|
||||||
if ( $zid > 0 )
|
if ( $zid > 0 )
|
||||||
{
|
{
|
||||||
$zone = dbFetchOne( "select * from Zones where MonitorId = '".dbEscape($monitor['Id'])."' and Id = '".dbEscape($zid)."'" );
|
$zone = dbFetchOne( "select * from Zones where MonitorId = ".dbEscape($monitor['Id'])." and Id = ".dbEscape($zid) );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue