remove mysql_query calls (website_code/php/folderproperties/*.php) - …

…see #29
thexerteproject · May 9, 2014 · dbaa4d3 · dbaa4d3
1 parent d87c011
commit dbaa4d3
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 21 deletions.
diff --git a/website_code/php/properties/notes_change_template.php b/website_code/php/properties/notes_change_template.php
@@ -18,19 +18,18 @@
 if(is_numeric($_POST['template_id'])){
 
     $database_id = database_connect("notes change template database connect success","notes change template database connect failed");
+    $prefix = $xerte_toolkits_site->database_table_prefix;
+    $query = "update {$prefix}templaterights SET notes = ?  WHERE template_id = ?";
 
-    $query = "update " . $xerte_toolkits_site->database_table_prefix . "templaterights SET notes =\"" . mysql_real_escape_string($_POST['notes']) . "\" WHERE template_id =\"" . mysql_real_escape_string($_POST['template_id']) . "\"";
+    $params = array($_POST['notes'], $_POST['template_id']);
+
+
+    if(db_query($query, $params)){
 
-    if(mysql_query($query)){
-
-        notes_display($_POST['notes'],true);
+        notes_display($_POST['notes'],true, $_POST['template_id']);
 
     }else{
 
     }
 
-    mysql_close($database_id);
-
 }
-
-?>
diff --git a/website_code/php/properties/peer_change_template.php b/website_code/php/properties/peer_change_template.php
@@ -21,33 +21,38 @@
 
 $database_id = database_connect("peer template database connect success","peer template change database connect failed");
 
+$prefix = $xerte_toolkits_site->database_table_prefix;
+
 if(is_numeric($_POST['template_id'])){
 
     if(is_user_creator(mysql_real_escape_string($_POST['template_id']))||is_user_admin()){
 
         if($_POST['peer_status']=="off"){
 
-            $query = "delete from " . $xerte_toolkits_site->database_table_prefix . "additional_sharing where template_id=\"" . mysql_real_escape_string($_POST['template_id']) . "\" AND sharing_type=\"peer\"";
+            $query = "DELETE FROM {$prefix}additional_sharing WHERE template_id= ? AND sharing_type = ?";
+            $params = array($_POST['template_id'], 'peer'); 
 
-            mysql_query($query);
+            db_query($query, $params);
 
         }else{
 
-            $query = "select * from " . $xerte_toolkits_site->database_table_prefix . "additional_sharing where sharing_type=\"peer\" AND template_id =\"" . mysql_real_escape_string($_POST['template_id']) . "\"";
+            $query = "select * from {$prefix}additional_sharing where sharing_type= ? AND template_id = ?";
+            $params = array("peer", $_POST['template_id']);
 
-            $query_response = mysql_query($query);
+            $query_response = db_query($query, $params);
 
-            if(mysql_num_rows($query_response)==1)
+            if(sizeof($query_response)==1)
             {
                 // Update record
-                $query = "UPDATE " . $xerte_toolkits_site->database_table_prefix . "additional_sharing set sharing_type='peer', extra='" .  mysql_real_escape_string($_POST['extra']) . "' where template_id=" . mysql_real_escape_string($_POST['template_id']);
+                $query = "UPDATE {$prefix}additional_sharing set sharing_type='peer', extra= ? WHERE template_id = ?";
+                $params = array($_POST['extra'], $_POST['template_id']);    
             }
             else
             {
-                $query = "INSERT INTO " . $xerte_toolkits_site->database_table_prefix . "additional_sharing (template_id, sharing_type, extra) VALUES (" . mysql_real_escape_string($_POST['template_id']) . ", \"peer\",\"" .  mysql_real_escape_string($_POST['extra']) . "\")";
+                $query = "INSERT INTO {$prefix}additional_sharing (template_id, sharing_type, extra) VALUES (?,?,?)";
+                $params = array($_POST['template_id'], "peer", $_POST['extra']);
             }
-
-            mysql_query($query);
+            db_query($query, $params);
 
         }		
 
@@ -63,8 +68,4 @@
 
     }
 
-    mysql_close($database_id);
-
 }
-
-?>