diff --git a/web/ajax/event.php b/web/ajax/event.php index 28a5b33bc..d5cc2b09d 100644 --- a/web/ajax/event.php +++ b/web/ajax/event.php @@ -14,7 +14,7 @@ if ( canView( 'Events' ) ) { } elseif ( empty($_REQUEST['scale']) ) { ajaxError( "Video Generation Failure, no scale given" ); } else { - $sql = 'select E.*,M.Name as MonitorName,M.DefaultRate,M.DefaultScale from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = ?'.monitorLimitSql(); + $sql = 'SELECT E.*,M.Name AS MonitorName,M.DefaultRate,M.DefaultScale FROM Events AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id WHERE E.Id = ?'.monitorLimitSql(); if ( !($event = dbFetchOne( $sql, NULL, array( $_REQUEST['id'] ) )) ) ajaxError( "Video Generation Failure, can't load event" ); else diff --git a/web/ajax/log.php b/web/ajax/log.php index a230c892b..e5096b03d 100644 --- a/web/ajax/log.php +++ b/web/ajax/log.php @@ -39,9 +39,8 @@ switch ( $_REQUEST['task'] ) $filterFields = array( 'Component', 'Pid', 'Level', 'File', 'Line' ); - //$filterSql = $filter?' where - $total = dbFetchOne( "select count(*) as Total from Logs", 'Total' ); - $sql = "select * from Logs"; + $total = dbFetchOne( "SELECT count(*) AS Total FROM Logs", 'Total' ); + $sql = 'SELECT * FROM Logs'; $where = array(); $values = array(); if ( $minTime ) { @@ -61,11 +60,10 @@ switch ( $_REQUEST['task'] ) } } if ( count($where) ) - $sql.= " where ".join( " and ", $where ); + $sql.= ' WHERE '.join( ' AND ', $where ); $sql .= " order by ".$sortField." ".$sortOrder." limit ".$limit; $logs = array(); - foreach ( dbFetchAll( $sql, NULL, $values ) as $log ) - { + foreach ( dbFetchAll( $sql, NULL, $values ) as $log ) { $log['DateTime'] = preg_replace( '/^\d+/', strftime( "%Y-%m-%d %H:%M:%S", intval($log['TimeKey']) ), $log['TimeKey'] ); $logs[] = $log; } @@ -83,15 +81,15 @@ switch ( $_REQUEST['task'] ) } foreach( $filterFields as $field ) { - $sql = "select distinct $field from Logs where not isnull($field)"; + $sql = "SELECT DISTINCT $field FROM Logs WHERE NOT isnull($field)"; $fieldWhere = array_diff_key( $where, array( $field=>true ) ); $fieldValues = array_diff_key( $values, array( $field=>true ) ); if ( count($fieldWhere) ) - $sql.= " and ".join( " and ", $fieldWhere ); - $sql.= " order by $field asc"; + $sql.= " AND ".join( ' AND ', $fieldWhere ); + $sql.= " ORDER BY $field ASC"; if ( $field == 'Level' ) { - foreach( dbFetchAll( $sql, $field, $fieldValues ) as $value ) + foreach( dbFetchAll( $sql, $field, array_values($fieldValues) ) as $value ) if ( $value <= Logger::INFO ) $options[$field][$value] = Logger::$codes[$value]; else @@ -99,15 +97,15 @@ switch ( $_REQUEST['task'] ) } else { - foreach( dbFetchAll( $sql, $field ) as $value ) + foreach( dbFetchAll( $sql, $field, array_values( $fieldValues ) ) as $value ) if ( $value != '' ) $options[$field][] = $value; } } if ( count($filter) ) { - $sql = "select count(*) as Available from Logs where ".join( " and ", $where ); - $available = dbFetchOne( $sql, 'Available', $values ); + $sql = "SELECT count(*) AS Available FROM Logs WHERE ".join( ' AND ', $where ); + $available = dbFetchOne( $sql, 'Available', array_values($values) ); } ajaxResponse( array( 'updated' => preg_match( '/%/', DATE_FMT_CONSOLE_LONG )?strftime( DATE_FMT_CONSOLE_LONG ):date( DATE_FMT_CONSOLE_LONG ), diff --git a/web/ajax/status.php b/web/ajax/status.php index be4e0d720..b29460365 100644 --- a/web/ajax/status.php +++ b/web/ajax/status.php @@ -248,14 +248,13 @@ function collectData() $index = 0; $where = array(); $values = array(); - foreach( $entitySpec['selector'] as $selector ) - { + foreach( $entitySpec['selector'] as $selector ) { if ( is_array( $selector ) ) { $where[] = $selector['selector'].' = ?'; - $values[] = $id[$index]; + $values[] = validInt($id[$index]); } else { $where[] = $selector.' = ?'; - $values[] = $id[$index]; + $values[] = validInt($id[$index]); } $index++; } @@ -268,9 +267,12 @@ function collectData() if ( !empty($entitySpec['limit']) ) $limit = $entitySpec['limit']; elseif ( !empty($_REQUEST['count']) ) - $limit = $_REQUEST['count']; - if ( !empty( $limit ) ) - $sql .= " limit ".$limit; + $limit = validInt($_REQUEST['count']); + $limit_offset=""; + if ( !empty($_REQUEST['offset']) ) + $limit_offset = validInt($_REQUEST['offset']) . ", "; + if ( !empty( $limit ) ) + $sql .= " limit ".$limit_offset.$limit; if ( isset($limit) && $limit == 1 ) { if ( $sqlData = dbFetchOne( $sql, NULL, $values ) ) { foreach ( $postFuncs as $element=>$func ) diff --git a/web/includes/database.php b/web/includes/database.php index 7d781ed65..b849405d9 100644 --- a/web/includes/database.php +++ b/web/includes/database.php @@ -98,8 +98,7 @@ function dbEscape( $string ) return( $dbConn->quote( $string ) ); } -function dbQuery( $sql, $params=NULL ) -{ +function dbQuery( $sql, $params=NULL ) { global $dbConn; if ( dbLog( $sql, true ) ) return; diff --git a/web/includes/functions.php b/web/includes/functions.php index 9ce4b2dec..e41c82030 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -1381,7 +1381,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' ) switch ( $filter['terms'][$i]['attr'] ) { case 'MonitorName': - $filter['sql'] .= dbEscape('M.'.preg_replace( '/^Monitor/', '', $filter['terms'][$i]['attr'] )); + $filter['sql'] .= 'M.'.preg_replace( '/^Monitor/', '', $filter['terms'][$i]['attr'] ); break; case 'DateTime': $filter['sql'] .= "E.StartTime"; @@ -1407,7 +1407,7 @@ function parseFilter( &$filter, $saveToSession=false, $querySep='&' ) case 'Cause': case 'Notes': case 'Archived': - $filter['sql'] .= "E.".$filter['terms'][$i]['attr']; + $filter['sql'] .= 'E.'.$filter['terms'][$i]['attr']; break; case 'DiskPercent': $filter['sql'] .= getDiskPercent();