diff --git a/web/skins/flat/includes/export_functions.php b/web/skins/flat/includes/export_functions.php index 1c77ca9bb..c5055fee1 100644 --- a/web/skins/flat/includes/export_functions.php +++ b/web/skins/flat/includes/export_functions.php @@ -146,8 +146,7 @@ function exportEventFrames( $event, $exportDetail, $exportImages ) { global $SLANG; - $sql = "select *, unix_timestamp( TimeStamp ) as UnixTimeStamp from Frames where EventID = '".dbEscape($event['Id'])."' order by FrameId"; - $frames = dbFetchAll( $sql ); + $frames = dbFetchAll( 'SELECT *, unix_timestamp(TimeStamp) AS UnixTimeStamp FROM Frames WHERE EventID = ? ORDER BY FrameId', NULL, ARRAY(event['Id']) ); ob_start(); exportHeader( $SLANG['Frames']." ".$event['Id'] ); @@ -438,21 +437,6 @@ function rewind() { } - - - - - - - - - - - - - - - //---------------------------------+ // CARPE S l i d e r 1.3 | // 2005 - 12 - 10 | @@ -590,15 +574,9 @@ function slideManual(val,length,from,to) { if (yMax == 0) carpeLeft(sliderid, pos) // Snap horizontal slider to corresponding display position. } - - - - - if (ie||dom) start_slider(); else if (document.layers) window.onload=start_slider; - @@ -607,10 +585,6 @@ else if (document.layers) window.onload=start_slider; return( ob_get_clean() ); } - - - - function exportEventImagesMaster( $eids ) { global $SLANG; @@ -622,8 +596,8 @@ function exportEventImagesMaster( $eids ) $limit ) $nEvents = $limit; } $pages = (int)ceil($nEvents/ZM_WEB_EVENTS_PER_PAGE); -if ( $pages > 1 ) -{ - if ( !empty($page) ) - { +if ( $pages > 1 ) { + if ( !empty($page) ) { if ( $page < 0 ) $page = 1; if ( $page > $pages ) $page = $pages; } } -if ( !empty($page) ) -{ +if ( !empty($page) ) { $limitStart = (($page-1)*ZM_WEB_EVENTS_PER_PAGE); if ( empty( $limit ) ) { @@ -91,10 +86,8 @@ if ( !empty($page) ) $limitAmount = ($limitLeft>ZM_WEB_EVENTS_PER_PAGE)?ZM_WEB_EVENTS_PER_PAGE:$limitLeft; } $eventsSql .= " limit $limitStart, $limitAmount"; -} -elseif ( !empty( $limit ) ) -{ - $eventsSql .= " limit 0, ".dbEscape($limit); +} elseif ( !empty( $limit ) ) { + $eventsSql .= " limit 0, ".$limit; } $maxWidth = 0; diff --git a/web/skins/flat/views/frame.php b/web/skins/flat/views/frame.php index 1cbe3634e..c9c871fca 100644 --- a/web/skins/flat/views/frame.php +++ b/web/skins/flat/views/frame.php @@ -28,18 +28,15 @@ $eid = validInt($_REQUEST['eid']); if ( !empty($_REQUEST['fid']) ) $fid = validInt($_REQUEST['fid']); -$sql = "select E.*,M.Name as MonitorName,M.DefaultScale from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '".dbEscape($eid)."'"; -$event = dbFetchOne( $sql ); +$sql = 'SELECT E.*,M.Name AS MonitorName,M.DefaultScale FROM Events AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id WHERE E.Id = ?'; +$event = dbFetchOne( $sql, NULL, array($eid) ); -if ( !empty($fid) ) -{ - $sql = "select * from Frames where EventId = '".dbEscape($eid)."' and FrameId = '".dbEscape($fid)."'"; - if ( !($frame = dbFetchOne( $sql )) ) +if ( !empty($fid) ) { + $sql = 'SELECT * FROM Frames WHERE EventId = ? AND FrameId = ?'; + if ( !($frame = dbFetchOne( $sql, NULL, array($eid, $fid) )) ) $frame = array( 'FrameId'=>$fid, 'Type'=>'Normal', 'Score'=>0 ); -} -else -{ - $frame = dbFetchOne( "select * from Frames where EventId = '".dbEscape($eid)."' and Score = '".$event['MaxScore']."'" ); +} else { + $frame = dbFetchOne( 'SELECT * FROM Frames WHERE EventId = ? AND Score = ?', NULL, array( $eid, $event['MaxScore'] ) ); } $maxFid = $event['Frames']; diff --git a/web/skins/flat/views/frames.php b/web/skins/flat/views/frames.php index a9c7862fe..99baca67e 100644 --- a/web/skins/flat/views/frames.php +++ b/web/skins/flat/views/frames.php @@ -23,11 +23,11 @@ if ( !canView( 'Events' ) ) $view = "error"; return; } -$sql = "select E.*,M.Name as MonitorName from Events as E inner join Monitors as M on E.MonitorId = M.Id where E.Id = '".dbEscape($_REQUEST['eid'])."'"; -$event = dbFetchOne( $sql ); +$sql = 'SELECT E.*,M.Name AS MonitorName FROM Events AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id WHERE E.Id = ?'; +$event = dbFetchOne( $sql, NULL, array($_REQUEST['eid']) ); -$sql = "select *, unix_timestamp( TimeStamp ) as UnixTimeStamp from Frames where EventID = '".dbEscape($_REQUEST['eid'])."' order by FrameId"; -$frames = dbFetchAll( $sql ); +$sql = 'SELECT *, unix_timestamp( TimeStamp ) AS UnixTimeStamp FROM Frames WHERE EventID = ? ORDER BY FrameId'; +$frames = dbFetchAll( $sql, NULL, array($_REQUEST['eid']) ); $focusWindow = true;