diff --git a/admin/copy_field.php b/admin/copy_field.php index 4a7bcc8b2c..d48cc8667a 100644 --- a/admin/copy_field.php +++ b/admin/copy_field.php @@ -62,9 +62,9 @@ $t_string_table = db_get_table( 'mantis_custom_field_string_table' ); $t_bug_table = db_get_table( 'mantis_bug_table' ); - $query = 'SELECT * FROM ' . $t_string_table . ' WHERE field_id = ' . $f_source_field_id . ' and value <> \'\''; + $query = 'SELECT * FROM ' . $t_string_table . ' WHERE field_id = ' . db_param(0) . ' and value <> ' . db_param(1); - $result = @db_query( $query ); + $result = @db_query_bound( $query, Array( $f_source_field_id, '' ) ); if ( FALSE == $result ) { echo '
No fields need to be updated.
'; } else { diff --git a/admin/install_functions.php b/admin/install_functions.php index 53ee569ce1..19accd35cb 100644 --- a/admin/install_functions.php +++ b/admin/install_functions.php @@ -31,10 +31,10 @@ function install_category_migrate() { $t_project_category_table = db_get_table( 'mantis_project_category_table' ); $query = "SELECT project_id, category FROM $t_project_category_table ORDER BY project_id, category"; - $t_category_result = db_query( $query ); + $t_category_result = db_query_bound( $query ); $query = "SELECT project_id, category FROM $t_bug_table ORDER BY project_id, category"; - $t_bug_result = db_query( $query ); + $t_bug_result = db_query_bound( $query ); $t_data = Array(); diff --git a/admin/schema.php b/admin/schema.php index c77ccb661a..fec1314d1f 100644 --- a/admin/schema.php +++ b/admin/schema.php @@ -323,7 +323,7 @@ $upgrade[] = Array('CreateIndexSQL',Array('idx_access',db_get_table('mantis_user_table'),'access_level')); $upgrade[] = Array('InsertData', Array( db_get_table('mantis_user_table'), "(username, realname, email, password, date_created, last_visit, enabled, protected, access_level, login_count, lost_password_request_count, failed_login_count, cookie_string) VALUES - ('administrator', '', 'root@localhost', '63a9f0ea7bb98050796b649e85481845', " . db_now() . ", " . db_now() . ", '1', '0', 90, 3, 0, 0, '" . + ('administrator', '', 'root@localhost', '63a9f0ea7bb98050796b649e85481845', '" . db_now() . "', '" . db_now() . "', '1', '0', 90, 3, 0, 0, '" . md5( mt_rand( 0, mt_getrandmax() ) + mt_rand( 0, mt_getrandmax() ) ) . md5( time() ) . "')" ) ); $upgrade[] = Array('AlterColumnSQL', Array( db_get_table( 'mantis_bug_history_table' ), "old_value C(255) NOTNULL" ) ); $upgrade[] = Array('AlterColumnSQL', Array( db_get_table( 'mantis_bug_history_table' ), "new_value C(255) NOTNULL" ) ); diff --git a/admin/upgrade_unattended.php b/admin/upgrade_unattended.php index c90c15f43f..4374a1ddf7 100644 --- a/admin/upgrade_unattended.php +++ b/admin/upgrade_unattended.php @@ -78,7 +78,7 @@ function print_test_result( $p_result, $p_hard_fail=true, $p_message='' ) { description char(255) NOT NULL, PRIMARY KEY (upgrade_id))"; - $result = db_query( $query ); + $result = db_query_bound( $query ); } # link the data structures and upgrade list diff --git a/api/soap/mc_file_api.php b/api/soap/mc_file_api.php index ed5e43b534..f3f60aaa7c 100644 --- a/api/soap/mc_file_api.php +++ b/api/soap/mc_file_api.php @@ -124,7 +124,7 @@ function mci_file_add( $p_id, $p_name, $p_content, $p_file_type, $p_table, $p_ti $query = "INSERT INTO $t_file_table (" . $p_table . "_id, title, description, diskfile, filename, folder, filesize, file_type, date_added, content) VALUES - ($c_id, '$c_title', '$c_desc', '$c_disk_file_name', '$c_new_file_name', '$c_file_path', $c_file_size, '$c_file_type', " . db_now() .", '$c_content')"; + ($c_id, '$c_title', '$c_desc', '$c_disk_file_name', '$c_new_file_name', '$c_file_path', $c_file_size, '$c_file_type', '" . db_now() ."', '$c_content')"; db_query( $query ); # get attachment id diff --git a/bugnote_view_inc.php b/bugnote_view_inc.php index f17c4e3940..d0357ba157 100644 --- a/bugnote_view_inc.php +++ b/bugnote_view_inc.php @@ -96,8 +96,8 @@ # grab the bugnote text and id and prefix with v3_ $query = "SELECT note FROM $t_bugnote_text_table - WHERE id='$v3_bugnote_text_id'"; - $result2 = db_query( $query ); + WHERE id=" . db_param(0); + $result2 = db_query_bound( $query, Array( $v3_bugnote_text_id ) ); $row = db_fetch_array( $result2 ); $v3_note = $row['note']; diff --git a/changelog_page.php b/changelog_page.php index eb0c7a6552..509243e226 100644 --- a/changelog_page.php +++ b/changelog_page.php @@ -95,7 +95,6 @@ function print_project_header ( $p_project_name ) { $t_version_header_printed = false; $t_version = $t_version_row['version']; - $c_version = db_prepare_string( $t_version ); $t_version_id = version_get_id( $t_version, $t_project_id ); @@ -109,7 +108,7 @@ function print_project_header ( $p_project_name ) { $t_issue_ids = array(); $t_issue_parents = array(); - $t_result = db_query_bound( $query, Array( $c_project_id, $c_version ) ); + $t_result = db_query_bound( $query, Array( $c_project_id, $t_version ) ); while ( $t_row = db_fetch_array( $t_result ) ) { # hide private bugs if user doesn't have access to view them. diff --git a/core/authentication_api.php b/core/authentication_api.php index d1f011828f..03bacd5961 100644 --- a/core/authentication_api.php +++ b/core/authentication_api.php @@ -510,7 +510,7 @@ function auth_reauthenticate_page( $p_user_id, $p_username ) { } ?> -