Browse Source

Fix "fix ghost entry" feature and use prepared queries on some classes

biotorrents 4 years ago
parent
commit
0a21914f54

+ 10
- 10
classes/artists.class.php View File

@@ -47,7 +47,7 @@ class Artists
47 47
             }
48 48
 
49 49
             $QueryID = G::$DB->get_query_id();
50
-            G::$DB->query("
50
+            G::$DB->prepared_query("
51 51
             SELECT
52 52
               ta.`GroupID`,
53 53
               ta.`ArtistID`,
@@ -169,7 +169,7 @@ class Artists
169 169
     public static function delete_artist($ArtistID)
170 170
     {
171 171
         $QueryID = G::$DB->get_query_id();
172
-        G::$DB->query("
172
+        G::$DB->prepared_query("
173 173
         SELECT
174 174
           `NAME`
175 175
         FROM
@@ -180,7 +180,7 @@ class Artists
180 180
         list($Name) = G::$DB->next_record(MYSQLI_NUM, false);
181 181
 
182 182
         // Delete requests
183
-        G::$DB->query("
183
+        G::$DB->prepared_query("
184 184
         SELECT
185 185
           `RequestID`
186 186
         FROM
@@ -192,7 +192,7 @@ class Artists
192 192
         $Requests = G::$DB->to_array();
193 193
         foreach ($Requests as $Request) {
194 194
             list($RequestID) = $Request;
195
-            G::$DB->query("
195
+            G::$DB->prepared_query("
196 196
             DELETE
197 197
             FROM
198 198
               `requests`
@@ -200,7 +200,7 @@ class Artists
200 200
               `ID` = '$RequestID'
201 201
             ");
202 202
 
203
-            G::$DB->query("
203
+            G::$DB->prepared_query("
204 204
             DELETE
205 205
             FROM
206 206
               `requests_votes`
@@ -208,7 +208,7 @@ class Artists
208 208
               `RequestID` = '$RequestID'
209 209
             ");
210 210
 
211
-            G::$DB->query("
211
+            G::$DB->prepared_query("
212 212
             DELETE
213 213
             FROM
214 214
               `requests_tags`
@@ -216,7 +216,7 @@ class Artists
216 216
               `RequestID` = '$RequestID'
217 217
             ");
218 218
 
219
-            G::$DB->query("
219
+            G::$DB->prepared_query("
220 220
             DELETE
221 221
             FROM
222 222
               `requests_artists`
@@ -226,7 +226,7 @@ class Artists
226 226
         }
227 227
 
228 228
         // Delete artist
229
-        G::$DB->query("
229
+        G::$DB->prepared_query("
230 230
         DELETE
231 231
         FROM
232 232
           `artists_group`
@@ -236,7 +236,7 @@ class Artists
236 236
         G::$Cache->decrement('stats_artist_count');
237 237
 
238 238
         // Delete wiki revisions
239
-        G::$DB->query("
239
+        G::$DB->prepared_query("
240 240
         DELETE
241 241
         FROM
242 242
           `wiki_artists`
@@ -245,7 +245,7 @@ class Artists
245 245
         ");
246 246
 
247 247
         // Delete tags
248
-        G::$DB->query("
248
+        G::$DB->prepared_query("
249 249
         DELETE
250 250
         FROM
251 251
           `artists_tags`

+ 2
- 2
classes/badges.class.php View File

@@ -28,7 +28,7 @@ class Badges
28 28
             return false;
29 29
         } else {
30 30
             $QueryID = G::$DB->get_query_id();
31
-            G::$DB->query("
31
+            G::$DB->prepared_query("
32 32
             INSERT INTO `users_badges`(`UserID`, `BadgeID`)
33 33
             VALUES($UserID, $BadgeID)
34 34
             ");
@@ -126,7 +126,7 @@ class Badges
126 126
     {
127 127
         $QueryID = G::$DB->get_query_id();
128 128
 
129
-        G::$DB->query("
129
+        G::$DB->prepared_query("
130 130
         SELECT
131 131
           `ID`,
132 132
           `Icon`,

+ 1
- 1
classes/bookmarks.class.php View File

@@ -97,7 +97,7 @@ class Bookmarks
97 97
             list($Table, $Col) = self::bookmark_schema($Type);
98 98
             $QueryID = G::$DB->get_query_id();
99 99
 
100
-            G::$DB->query("
100
+            G::$DB->prepared_query("
101 101
             SELECT `$Col`
102 102
             FROM `$Table`
103 103
               WHERE UserID = '$UserID'");

+ 4
- 4
classes/collages.class.php View File

@@ -6,7 +6,7 @@ class Collages
6 6
     public static function increase_subscriptions($CollageID)
7 7
     {
8 8
         $QueryID = G::$DB->get_query_id();
9
-        G::$DB->query("
9
+        G::$DB->prepared_query("
10 10
         UPDATE
11 11
           `collages`
12 12
         SET
@@ -20,7 +20,7 @@ class Collages
20 20
     public static function decrease_subscriptions($CollageID)
21 21
     {
22 22
         $QueryID = G::$DB->get_query_id();
23
-        G::$DB->query("
23
+        G::$DB->prepared_query("
24 24
         UPDATE
25 25
           `collages`
26 26
         SET
@@ -37,7 +37,7 @@ class Collages
37 37
 
38 38
     public static function create_personal_collage()
39 39
     {
40
-        G::$DB->query("
40
+        G::$DB->prepared_query("
41 41
         SELECT
42 42
           COUNT(`ID`)
43 43
         FROM
@@ -57,7 +57,7 @@ class Collages
57 57
         $NameStr = db_string(G::$LoggedUser['Username']."'s personal collage".($CollageCount > 0 ? ' no. '.($CollageCount + 1) : ''));
58 58
         $Description = db_string('Personal collage for '.G::$LoggedUser['Username'].'. The first 5 albums will appear on his or her [url='.site_url().'user.php?id= '.G::$LoggedUser['ID'].']profile[/url].');
59 59
 
60
-        G::$DB->query("
60
+        G::$DB->prepared_query("
61 61
         INSERT INTO `collages`(
62 62
           `Name`,
63 63
           `Description`,

+ 7
- 3
sections/torrents/index.php View File

@@ -197,8 +197,13 @@ if (!empty($_REQUEST['action'])) {
197 197
             break;
198 198
             
199 199
         case 'fix_group':
200
-            if ((check_perms('users_mod') || check_perms('torrents_fix_ghosts')) && authorize() && !empty($_GET['groupid']) && is_number($_GET['groupid'])) {
201
-                $DB->prepare_query("
200
+            if ((check_perms('users_mod') || check_perms('torrents_fix_ghosts'))
201
+              && !empty($_GET['groupid'])
202
+              && is_number($_GET['groupid'])
203
+                ) {
204
+                authorize();
205
+
206
+                $DB->prepared_query("
202 207
                 SELECT
203 208
                   COUNT(`ID`)
204 209
                 FROM
@@ -206,7 +211,6 @@ if (!empty($_REQUEST['action'])) {
206 211
                 WHERE
207 212
                   `GroupID` = '$_GET[groupid]'
208 213
                 ");
209
-                $DB->exec_prepared_query();
210 214
                 list($Count) = $DB->next_record();
211 215
                 
212 216
                 if ($Count === 0) {

Loading…
Cancel
Save