PDO

renlok · May 26, 2014 · baba0cf · baba0cf
1 parent 7b06834
commit baba0cf
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 41 deletions.
diff --git a/send_email.php b/send_email.php
@@ -38,18 +38,19 @@
 
 // Get item description
 $query = "SELECT a.user, a.title, u.nick, u.email FROM " . $DBPrefix . "auctions a
-		LEFT JOIN " . $DBPrefix . "users u ON (u.id = a.user)
-		WHERE a.id = " . intval($auction_id);
-$result = mysql_query($query);
-$system->check_mysql($result, $query, __LINE__, __FILE__);
+	LEFT JOIN " . $DBPrefix . "users u ON (u.id = a.user)
+	WHERE a.id = :auc_id";
+$params = array();
+$params[] = array(':auc_id', $auction_id, 'int');
+$db->query($query, $params);
 
-if (mysql_num_rows($result) == 0)
+if ($db->numrows() == 0)
 {
 	$TPL_error_text = $ERR_606;
 }
 else
 {
-	$auction_data = mysql_fetch_assoc($result);
+	$auction_data = $db->result();
 	$seller_id = $auction_data['user'];
 	$item_title = $auction_data['title'];
 	$seller_nick = $auction_data['nick'];
@@ -99,9 +100,17 @@
 		$id_type = (!$user->logged_in) ? 'fromemail' : 'sentfrom';
 		$emailer->email_uid = $seller_id;
 		$emailer->email_sender($seller_email, 'send_email.inc.php', $subject);
+
 		$query = "INSERT INTO " . $DBPrefix . "messages (sentto, " . $id_type . ", sentat, message, subject, question)
-				VALUES (" . $seller_id . ", '" . $from_id . "', '" . time() . "', '" . $cleaned_question . "', '" . $system->cleanvars(sprintf($MSG['651'], $item_title)) . "', " . $auction_id . ")";
-		$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+			VALUES (:seller_id, :from_id, :timer, :question, :title, :auc_id)";
+		$params = array();
+		$params[] = array(':seller_id', $seller_id, 'int');
+		$params[] = array(':from_id', $from_id, 'int');
+		$params[] = array(':timer', time(), 'int');
+		$params[] = array(':question', $cleaned_question, 'str');
+		$params[] = array(':title', $system->cleanvars(sprintf($MSG['651'], $item_title)), 'str');
+		$params[] = array(':auc_id', $auction_id, 'int');
+		$db->query($query, $params);
 	}
 }
 

diff --git a/yourbids.php b/yourbids.php
@@ -24,15 +24,16 @@
 
 // get active bids for this user
 $query = "SELECT a.current_bid, a.id, a.title, a.ends, b.bid, b.quantity FROM " . $DBPrefix . "bids b
-		LEFT JOIN " . $DBPrefix . "auctions a ON (a.id = b.auction)
-		WHERE a.closed = 0 AND b.bidder = " . $user->user_data['id'] . "
-		AND a.bn_only = 'n' ORDER BY a.ends ASC, b.bid DESC";
-$res = mysql_query($query);
-$system->check_mysql($res, $query, __LINE__, __FILE__);
+	LEFT JOIN " . $DBPrefix . "auctions a ON (a.id = b.auction)
+	WHERE a.closed = 0 AND b.bidder = :user_id
+	AND a.bn_only = 'n' ORDER BY a.ends ASC, b.bid DESC";
+$params = array();
+$params[] = array(':user_id', $user->user_data['id'], 'int');
+$db->query($query, $params);
 
 $idcheck = array();
 $auctions_count = 0;
-while ($row = mysql_fetch_assoc($res))
+while ($row = $db->fetch())
 {
 	if (!in_array($row['id'], $idcheck))
 	{

diff --git a/yourfeedback.php b/yourfeedback.php
@@ -41,36 +41,36 @@
 $page = (!isset($_GET['pg']) || $_GET['pg'] == 0) ? $_GET['pg'] : 1;
 $left_limit = ($page - 1) * $system->SETTINGS['perpage'];
 
-$query = "SELECT count(*) FROM " . $DBPrefix . "feedbacks WHERE rated_user_id = " . $user->user_data['id'];
-$res = mysql_query($query);
-$system->check_mysql($res, $query, __LINE__, __FILE__);
-$total = mysql_result($res, 0);
+$query = "SELECT count(*) As COUNT FROM " . $DBPrefix . "feedbacks WHERE rated_user_id = :user_id";
+$params = array();
+$params[] = array(':user_id', $user->user_data['id'], 'int');
+$db->query($query, $params);
+$total = $db->result('COUNT');
 // get number of pages
 $pages = ceil($total / $system->SETTINGS['perpage']);
 
 $left_limit = ($left_limit < 0) ? 0 : $left_limit;
 
-$query = "SELECT f.*, a.title FROM " . $DBPrefix . "feedbacks f
-		LEFT OUTER JOIN " . $DBPrefix . "auctions a
-		ON a.id = f.auction_id
-		WHERE rated_user_id = " . $user->user_data['id'] . "
-		ORDER by feedbackdate DESC
-		LIMIT $left_limit, " . $system->SETTINGS['perpage'];
-$res = mysql_query($query);
-$system->check_mysql($res, $query, __LINE__, __FILE__);
+$query = "SELECT f.*, a.title, u.rate_sum FROM " . $DBPrefix . "feedbacks f
+	LEFT OUTER JOIN " . $DBPrefix . "auctions a ON (a.id = f.auction_id)
+	LEFT JOIN " . $DBPrefix . "users u ON (u.id = f.rated_user_id)
+	WHERE rated_user_id = :user_id
+	ORDER by feedbackdate DESC
+	LIMIT :left_limit, :perpage";
+$params = array();
+$params[] = array(':user_id', $user->user_data['id'], 'int');
+$params[] = array(':left_limit', $left_limit, 'int');
+$params[] = array(':perpage', $system->SETTINGS['perpage'], 'int');
+$db->query($query, $params);
 
 $i = 0;
 $feed_disp = array();
-while ($arrfeed = mysql_fetch_assoc($res))
+while ($arrfeed = $db->fetch())
 {
-	$query = "SELECT id, rate_num, rate_sum FROM " . $DBPrefix . "users WHERE nick = '" . $arrfeed['rater_user_nick'] . "'";
-	$result = mysql_query($query);
-	$system->check_mysql($result, $query, __LINE__, __FILE__);
-	$usarr = mysql_fetch_array($result);
 	$j = 0;
 	foreach ($memtypesarr as $k => $l)
 	{
-		if ($k >= $usarr['rate_sum'] || $j++ == (count($memtypesarr) - 1))
+		if ($k >= $arrfeed['rate_sum'] || $j++ == (count($memtypesarr) - 1))
 		{
 			$usicon = '<img src="' . $system->SETTINGS['siteurl'] . 'images/icons/' . $l['icon'] . '" alt="' . $l['icon'] . '" class="fbstar">';
 			break;
@@ -88,9 +88,9 @@
 	$template->assign_block_vars('fbs', array(
 			'BGCOLOUR' => (!(($i + 1) % 2)) ? '' : 'class="alt-row"',
 			'IMG' => $uimg,
-			'USFLINK' => 'profile.php?user_id=' . $usarr['id'] . '&auction_id=' . $arrfeed['auction_id'],
+			'USFLINK' => 'profile.php?user_id=' . $arrfeed['rated_user_id'] . '&auction_id=' . $arrfeed['auction_id'],
 			'USERNAME' => $arrfeed['rater_user_nick'],
-			'USFEED' => $usarr['rate_sum'],
+			'USFEED' => $arrfeed['rate_sum'],
 			'USICON' => (isset($usicon)) ? $usicon : '',
 			'FBDATE' => FormatDate($arrfeed['feedbackdate']),
 			'AUCTIONURL' => ($arrfeed['title']) ? '<a href="item.php?id=' . $arrfeed['auction_id'] . '">' . $arrfeed['title'] . '</a>' : $MSG['113'] . $arrfeed['auction_id'],

diff --git a/yourmessages.php b/yourmessages.php
@@ -26,18 +26,20 @@
 // check message is to user
 $query = "SELECT m.*, u.nick FROM " . $DBPrefix . "messages m
 		LEFT JOIN " . $DBPrefix . "users u ON (u.id = m.sentfrom)
-		WHERE m.sentto = " . $user->user_data['id'] . " AND m.id = " . $messageid;
-$res = mysql_query($query);
-$system->check_mysql($res, $query, __LINE__, __FILE__);
-$check = mysql_num_rows($res);
+		WHERE m.sentto = :user_id AND m.id = :message_id";
+$params = array();
+$params[] = array(':user_id', $user->user_data['id'], 'int');
+$params[] = array(':message_id', $messageid, 'int');
+$db->query($query, $params);
+$check = $db->numrows();
 
 if ($check == 0)
 {
 	$_SESSION['message'] = $ERR_070;
 	header('location: mail.php');
 }
 
-$array = mysql_fetch_array($res);
+$array = $db->fetch();
 $sent = gmdate('M d, Y H:ia', $array['sentat'] + $system->tdiff);
 $subject = $array['subject'];
 $message = $array['message'];
@@ -61,8 +63,11 @@
 }
 
 // Update message
-$query = "UPDATE " . $DBPrefix . "messages SET isread = 1 WHERE id = " . $messageid;
-$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
+$query = "UPDATE " . $DBPrefix . "messages SET isread = :read WHERE id = :message_id";
+$params = array();
+$params[] = array(':read', 1, 'int');
+$params[] = array(':message_id', $messageid, 'int');
+$db->query($query, $params);
 
 // set session for reply
 $_SESSION['subject' . $hash] = (substr($subject, 0, 3) == 'Re:') ? $subject : 'Re: ' . $subject;