PDO

renlok · May 29, 2014 · db1b539 · db1b539
1 parent baba0cf
commit db1b539
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 52 deletions.
diff --git a/language/EN/messages.inc.php b/language/EN/messages.inc.php
@@ -931,6 +931,7 @@
 $MSG['867'] = 'Pick up only';
 $MSG['868'] = ' each';
 $MSG['869'] = 'Sale Date';
+$MSG['870'] = 'You have sold %s items';
 
 $MSG['888'] = 'Error log is currently empty';
 $MSG['889'] = "Error Log Purged";

diff --git a/themes/default/rss.tpl b/themes/default/rss.tpl
@@ -1,14 +1,5 @@
 {XML} 
-
-<rss version="2.0" 
-	xmlns:content="http://purl.org/rss/1.0/modules/content/" 
-	xmlns:wfw="http://wellformedweb.org/CommentAPI/" 
-	xmlns:dc="http://purl.org/dc/elements/1.1/" 
-	xmlns:atom="http://www.w3.org/2005/Atom" 
-	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" 
-	xmlns:slash="http://purl.org/rss/1.0/modules/slash/" 
-	> 
-
+<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
 	<channel> 
 		<title>{PAGE_TITLE}: {RSSTITLE}</title> 
 		<atom:link href="{SITEURL}rss.php?feed={FEED}" rel="self" type="application/rss+xml" /> 
@@ -21,7 +12,9 @@
 			<title><![CDATA[{rss.TITLE} - {rss.PRICE}]]></title> 
 			<link>{rss.URL}</link> 
 			<guid isPermaLink="true">{rss.URL}</guid> 
-			<description><![CDATA[{rss.DESC}<br />{rss.CAT}]]></description> 
+			<description>
+				<![CDATA[{rss.DESC}<br />{rss.CAT}]]>
+			</description> 
 			<dc:creator>{rss.USER}</dc:creator> 
 			<dc:date>{rss.POSTED}</dc:date> 
 		</item> 

diff --git a/themes/default/user_menu.tpl b/themes/default/user_menu.tpl
@@ -49,6 +49,7 @@
                 {TO_PAY}
                 {BENDING_SOON}
                 {BOUTBID}
+                {SOLD_ITEMS}
 			</td>
 		</tr>
 		</table>

diff --git a/user_menu.php b/user_menu.php
@@ -24,46 +24,59 @@
 
 function get_reminders($secid)
 {
-	global $DBPrefix, $system;
+	global $DBPrefix, $system, $db;
 	$data = array();
+
 	// get number of new messages
 	$query = "SELECT COUNT(*) AS total FROM " . $DBPrefix . "messages
-			WHERE isread = 0 AND sentto = " . $secid;
-	$res = mysql_query($query);
-	$system->check_mysql($res, $query, __LINE__, __FILE__);
-	$data[] = mysql_result($res, 0, 'total');
+			WHERE isread = 0 AND sentto = :sec_id";
+	$params = array();
+	$params[] = array(':sec_id', $secid, 'int');
+	$db->query($query, $params);
+	$data[] = $db->result('total');
+
 	// get number of pending feedback
 	$query = "SELECT COUNT(DISTINCT a.auction) AS total FROM " . $DBPrefix . "winners a
 			LEFT JOIN " . $DBPrefix . "auctions b ON (a.auction = b.id)
 			WHERE (b.closed = 1 OR b.bn_only = 'y') AND b.suspended = 0
-			AND ((a.seller = " . $secid . " AND a.feedback_sel = 0)
-			OR (a.winner = " . $secid . " AND a.feedback_win = 0))";
-	$res = mysql_query($query);
-	$system->check_mysql($res, $query, __LINE__, __FILE__);
-	$data[] = mysql_result($res, 0, 'total');
+			AND ((a.seller = :seller AND a.feedback_sel = 0)
+			OR (a.winner = :winner AND a.feedback_win = 0))";
+	$params = array();
+	$params[] = array(':seller', $secid, 'int');
+	$params[] = array(':winner', $secid, 'int');
+	$db->query($query, $params);
+	$data[] = $db->result('total');
+
 	// get auctions still requiring payment
 	$query = "SELECT COUNT(DISTINCT id) AS total FROM " . $DBPrefix . "winners
-			WHERE paid = 0 AND winner = " . $secid;
-	$res = mysql_query($query);
-	$system->check_mysql($res, $query, __LINE__, __FILE__);
-	$data[] = mysql_result($res, 0, 'total');
+			WHERE paid = 0 AND winner = :winner_id";
+	$params = array();
+	$params[] = array(':winner_id', $secid, 'int');
+	$db->query($query, $params);
+	$data[] = $db->result('total');
+
 	// get auctions ending soon
 	$query = "SELECT COUNT(DISTINCT b.auction) AS total FROM " . $DBPrefix . "bids b
 			LEFT JOIN " . $DBPrefix . "auctions a ON (b.auction = a.id)
-			WHERE b.bidder = " . $secid . " AND a.ends <= " . (time() + (3600 * 24)) . "
+			WHERE b.bidder = :bidder AND a.ends <= :timer
 			AND a.closed = 0 GROUP BY b.auction";
-	$res = mysql_query($query);
-	$system->check_mysql($res, $query, __LINE__, __FILE__);
-	$data[] = (mysql_num_rows($res) > 0) ? mysql_result($res, 0, 'total') : 0;
+	$params = array();
+	$params[] = array(':bidder', $secid, 'int');
+	$params[] = array(':timer', (time() + (3600 * 24)), 'int');
+	$db->query($query, $params);
+	$data[] = ($db->numrows() > 0) ? $db->result('total') : 0;
+
 	// get outbid auctions
-	$query = "SELECT a.current_bid, a.id, a.title, a.ends, b.bid FROM " . $DBPrefix . "auctions a, " . $DBPrefix . "bids b
-			WHERE a.id = b.auction AND a.closed = 0 AND b.bidder = " . $secid . "
+	$query = "SELECT a.current_bid, a.id, a.title, a.ends, b.bid
+			FROM " . $DBPrefix . "auctions a, " . $DBPrefix . "bids b
+			WHERE a.id = b.auction AND a.closed = 0 AND b.bidder = :bidder
 			AND a.bn_only = 'n' ORDER BY a.ends ASC, b.bidwhen DESC";
-	$res = mysql_query($query);
-	$system->check_mysql($res, $query, __LINE__, __FILE__);
+	$params = array();
+	$params[] = array(':bidder', $secid, 'int');
+	$db->query($query, $params);
 	$idcheck = array();
 	$auctions_count = 0;
-	while ($row = mysql_fetch_assoc($res))
+	while ($row = $db->fetch())
 	{
 		if (!in_array($row['id'], $idcheck))
 		{
@@ -74,6 +87,15 @@ function get_reminders($secid)
 	}
 	$data[] = $auctions_count;
 
+	// get auctions sold item
+	$query = "SELECT COUNT(DISTINCT a.id) AS total FROM " . $DBPrefix . "winners a
+		LEFT JOIN " . $DBPrefix . "auctions b ON (a.auction = b.id)
+		WHERE b.closed = 1 AND a.seller = :sellers AND a.is_read = 0";
+	$params = array();
+	$params[] = array(':sellers', $secid, 'int');
+	$db->query($query, $params);
+	$data[] =  $db->result('total');
+
 	return $data;
 }
 
@@ -121,7 +143,9 @@ function get_reminders($secid)
 				'TO_PAY' => ($reminders[2] > 0) ? sprintf($MSG['792'], $reminders[2]) . ' (<a href="' . $system->SETTINGS['siteurl'] . 'outstanding.php">' . $MSG['5295'] . '</a>)<br>' : '',
 				'BENDING_SOON' => ($reminders[3] > 0) ? $reminders[3] . $MSG['793'] . ' (<a href="' . $system->SETTINGS['siteurl'] . 'yourbids.php">' . $MSG['5295'] . '</a>)<br>' : '',
 				'BOUTBID' => ($reminders[4] > 0) ? sprintf($MSG['794'], $reminders[4]) . ' (<a href="' . $system->SETTINGS['siteurl'] . 'yourbids.php">' . $MSG['5295'] . '</a>)<br>' : '',
-				'NO_REMINDERS' => (($reminders[0] + $reminders[1] + $reminders[2] + $reminders[3] + $reminders[4]) == 0) ? $MSG['510'] : '',
+				'SOLD_ITEMS' => ($reminders[5] > 0) ? sprintf($MSG['870'], $reminders[5]) . ' (<a href="' . $system->SETTINGS['siteurl'] . 'yourauctions_sold.php">' . $MSG['5295'] . '</a>)<br>' : '',
+				'NO_REMINDERS' => (($reminders[0] + $reminders[1] + $reminders[2] + $reminders[3] + $reminders[4] + $reminders[5]) == 0) ? $MSG['510'] : '',
+
 				));
 		break;
 	case 'account':

diff --git a/viewhelp.php b/viewhelp.php
@@ -18,11 +18,12 @@
 if ($cat > 0)
 {
 	// Retrieve category's name
-	$query = "SELECT category FROM " . $DBPrefix . "faqscategories WHERE id = " . $cat;
-	$res = mysql_query($query);
-	$system->check_mysql($res, $query, __LINE__, __FILE__);
+	$query = "SELECT category FROM " . $DBPrefix . "faqscategories WHERE id = :cats";
+	$params = array();
+	$params[] = array(':cats', $cat, 'int');
+	$db->query($query, $params);
+	$FAQ_ctitle = $db->result('category');
 
-	$FAQ_ctitle = stripslashes(mysql_result($res, 0));
 	$template->assign_vars(array(
 			'DOCDIR' => $DOCDIR, // Set document direction (set in includes/messages.XX.inc.php) ltr/rtl
 			'PAGE_TITLE' => $system->SETTINGS['sitename'] . ' ' . $MSG['5236'] . ' - ' . $FAQ_ctitle,
@@ -32,36 +33,38 @@
 
 			'FNAME' => $FAQ_ctitle
 			));
+
 	// Retrieve FAQs categories from the database
 	$query = "SELECT * FROM " . $DBPrefix . "faqscategories ORDER BY category ASC";
-	$res = mysql_query($query);
-	$system->check_mysql($res, $query, __LINE__, __FILE__);
-
-	while ($cats = mysql_fetch_array($res))
+	$db->direct_query($query);
+	while ($cats = $db->result())
 	{
 		$template->assign_block_vars('cats', array(
-				'CAT' => stripslashes($cats['category']),
+				'CAT' => $cats['category'],
 				'ID' => $cats['id']
 				));
 	}
+
 	// Retrieve FAQs from the database
 	$query = "SELECT f.question As q, f.answer As a, t.* FROM " . $DBPrefix . "faqs f
 			LEFT JOIN " . $DBPrefix . "faqs_translated t ON (t.id = f.id)
-			WHERE f.category = " . $cat . " AND t.lang = '" . $language . "'";
-	$res = mysql_query($query);
-	$system->check_mysql($res, $query, __LINE__, __FILE__);
+			WHERE f.category = :cat AND t.lang = :languages";
+	$params = array();
+	$params[] = array(':cat', $cat, 'int');
+	$params[] = array(':languages', $language, 'int');
+	$db->query($query, $params);
 
-	while ($row = mysql_fetch_assoc($res))
+	while ($row = $db->fetch())
 	{
 		if (!empty($row['question']) && !empty($row['answer']))
 		{
-			$question = stripslashes($row['question']);
-			$answer = stripslashes($row['answer']);
+			$question = $row['question'];
+			$answer = $row['answer'];
 		}
 		else
 		{
-			$question = stripslashes($row['q']);
-			$answer = stripslashes($row['a']);
+			$question = $row['q'];
+			$answer = $row['a'];
 		}
 
 		$template->assign_block_vars('faqs', array(