Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
Browse Source

Use prepared queries on stats and store

biotorrents 3 years ago
parent
8f824a4843
commit
abbdd7612d
19 changed files with 71 additions and 71 deletions
Split View Show Diff Stats
  1. 3
    3
      sections/stats/torrents.php
  2. 5
    5
      sections/stats/users.php
  3. 3
    3
      sections/store/badge.php
  4. 6
    6
      sections/store/coinbadge.php
  5. 7
    7
      sections/store/freeleechize.php
  6. 8
    8
      sections/store/freeleechpool.php
  7. 3
    3
      sections/store/invite.php
  8. 3
    3
      sections/store/points_1.php
  9. 3
    3
      sections/store/points_10.php
  10. 3
    3
      sections/store/points_100.php
  11. 3
    3
      sections/store/points_1000.php
  12. 4
    4
      sections/store/promotion.php
  13. 2
    2
      sections/store/store.php
  14. 3
    3
      sections/store/title.php
  15. 3
    3
      sections/store/token.php
  16. 3
    3
      sections/store/upload_1.php
  17. 3
    3
      sections/store/upload_10.php
  18. 3
    3
      sections/store/upload_100.php
  19. 3
    3
      sections/store/upload_1000.php

+ 3
- 3
sections/stats/torrents.php View File 

@@ -7,7 +7,7 @@ DESC
7 7 
 LIMIT 1, 12
8 8 
 */
9 9 
 if (!list($Labels, $InFlow, $OutFlow, $Max) = $Cache->get_value('torrents_timeline')) {
10 
-    $DB->query("
10 
+    $DB->prepared_query("
11 11 
     SELECT
12 12 
       DATE_FORMAT(`Time`, '%b %Y') AS Month,
13 13 
       COUNT(`ID`)
 
@@ -23,7 +23,7 @@ if (!list($Labels, $InFlow, $OutFlow, $Max) = $Cache->get_value('torrents_timeli
23 23 
     ");
24 24 
     $TimelineIn = array_reverse($DB->to_array());
25 25
26 
-    $DB->query("
26 
+    $DB->prepared_query("
27 27 
     SELECT
28 28 
       DATE_FORMAT(`Time`, '%b %Y') AS Month,
29 29 
       COUNT(`ID`)
 
@@ -51,7 +51,7 @@ if (!list($Labels, $InFlow, $OutFlow, $Max) = $Cache->get_value('torrents_timeli
51 51 
 }
52 52
53 53 
 if (!$CategoryDistribution = $Cache->get_value('category_distribution')) {
54 
-    $DB->query("
54 
+    $DB->prepared_query("
55 55 
     SELECT
56 56 
       tg.`category_id`,
57 57 
       COUNT(t.`ID`) AS Torrents

+ 5
- 5
sections/stats/users.php View File 

@@ -3,7 +3,7 @@
3 3
4 4
5 5 
 if (!$ClassDistribution = $Cache->get_value('class_distribution')) {
6 
-    $DB->query("
6 
+    $DB->prepared_query("
7 7 
       SELECT p.Name, COUNT(m.ID) AS Users
8 8 
       FROM users_main AS m
9 9 
         JOIN permissions AS p ON m.PermissionID = p.ID
 
@@ -16,7 +16,7 @@ if (!$ClassDistribution = $Cache->get_value('class_distribution')) {
16 16 
 }
17 17
18 18 
 if (!$PlatformDistribution = $Cache->get_value('platform_distribution')) {
19 
-    $DB->query("
19 
+    $DB->prepared_query("
20 20 
       SELECT OperatingSystem, COUNT(DISTINCT UserID) AS Users
21 21 
       FROM users_sessions
22 22 
       GROUP BY OperatingSystem
 
@@ -27,7 +27,7 @@ if (!$PlatformDistribution = $Cache->get_value('platform_distribution')) {
27 27 
 }
28 28
29 29 
 if (!$BrowserDistribution = $Cache->get_value('browser_distribution')) {
30 
-    $DB->query("
30 
+    $DB->prepared_query("
31 31 
       SELECT Browser, COUNT(DISTINCT UserID) AS Users
32 32 
       FROM users_sessions
33 33 
       GROUP BY Browser
 
@@ -39,7 +39,7 @@ if (!$BrowserDistribution = $Cache->get_value('browser_distribution')) {
39 39
40 40 
 // Timeline generation
41 41 
 if (!list($Labels, $InFlow, $OutFlow) = $Cache->get_value('users_timeline')) {
42 
-    $DB->query("
42 
+    $DB->prepared_query("
43 43 
       SELECT DATE_FORMAT(JoinDate,\"%b %Y\") AS Month, COUNT(UserID)
44 44 
       FROM users_info
45 45 
       GROUP BY Month
 
@@ -47,7 +47,7 @@ if (!list($Labels, $InFlow, $OutFlow) = $Cache->get_value('users_timeline')) {
47 47 
       LIMIT 1, 11");
48 48 
     $TimelineIn = array_reverse($DB->to_array());
49 49
50 
-    $DB->query("
50 
+    $DB->prepared_query("
51 51 
       SELECT DATE_FORMAT(BanDate,\"%b %Y\") AS Month, COUNT(UserID)
52 52 
       FROM users_info
53 53 
       WHERE BanDate > 0

+ 3
- 3
sections/store/badge.php View File 

@@ -29,7 +29,7 @@ if (!$BadgeID) {
29 29
30 30 
 if (isset($_GET['confirm']) && $_GET['confirm'] === '1') {
31 31 
     if (!isset($Err)) {
32 
-        $DB->query("
32 
+        $DB->prepared_query("
33 33 
           SELECT BonusPoints
34 34 
           FROM users_main
35 35 
           WHERE ID = $UserID");
 
@@ -42,12 +42,12 @@ if (isset($_GET['confirm']) && $_GET['confirm'] === '1') {
42 42 
                 if (!Badges::award_badge($UserID, $BadgeID)) {
43 43 
                     $Err = 'Could not award badge, unknown error occurred.';
44 44 
                 } else {
45 
-                    $DB->query("
45 
+                    $DB->prepared_query("
46 46 
                       UPDATE users_main
47 47 
                       SET BonusPoints = BonusPoints - " . $Prices[$BadgeID] ."
48 48 
                       WHERE ID = $UserID");
49 49
50 
-                    $DB->query("
50 
+                    $DB->prepared_query("
51 51 
                       UPDATE users_info
52 52 
                       SET AdminComment = CONCAT('".sqltime()." - Purchased badge $BadgeID from store\n\n', AdminComment)
53 53 
                       WHERE UserID = $UserID");

+ 6
- 6
sections/store/coinbadge.php View File 

@@ -2,7 +2,7 @@
2 2 
 #declare(strict_types=1);
3 3
4 4 
 $UserID = $LoggedUser['ID'];
5 
-$DB->query("
5 
+$DB->prepared_query("
6 6 
   SELECT First, Second
7 7 
   FROM misc
8 8 
   WHERE Name='CoinBadge'");
 
@@ -10,7 +10,7 @@ $DB->query("
10 10 
 if ($DB->has_results()) {
11 11 
     list($Purchases, $Price) = $DB->next_record();
12 12 
 } else {
13 
-    $DB->query("
13 
+    $DB->prepared_query("
14 14 
     INSERT INTO misc
15 15 
       (Name, First, Second)
16 16 
     VALUES ('CoinBadge', 0, 1000)");
 
@@ -24,7 +24,7 @@ View::show_header('Store');
24 24 
   if (isset($_GET['confirm'])
25 25 
    && $_GET['confirm'] === 1
26 26 
    && !Badges::has_badge($UserID, 255)) {
27 
-      $DB->query("
27 
+      $DB->prepared_query("
28 28 
       SELECT BonusPoints
29 29 
       FROM users_main
30 30 
       WHERE ID = $UserID");
 
@@ -34,12 +34,12 @@ View::show_header('Store');
34 34 
           if (!Badges::award_badge($UserID, 255)) {
35 35 
               $Err = 'Could not award badge, unknown error occurred.';
36 36 
           } else {
37 
-              $DB->query("
37 
+              $DB->prepared_query("
38 38 
               UPDATE users_main
39 39 
               SET BonusPoints = BonusPoints - $Price
40 40 
               WHERE ID = $UserID");
41 41
42 
-              $DB->query("
42 
+              $DB->prepared_query("
43 43 
               UPDATE users_info
44 44 
               SET AdminComment = CONCAT('".sqltime()." - Purchased badge 255 from store\n\n', AdminComment)
45 45 
               WHERE UserID = $UserID");
 
@@ -50,7 +50,7 @@ View::show_header('Store');
50 50 
               $x = $Purchases;
51 51 
               $Price = 1000+$x*(10000+1400*((sin($x/1.3)+cos($x/4.21))+(sin($x/2.6)+cos(2*$x/4.21))/2));
52 52
53 
-              $DB->query("
53 
+              $DB->prepared_query("
54 54 
               UPDATE misc
55 55 
               SET First  = $Purchases,
56 56 
                 Second = $Price

+ 7
- 7
sections/store/freeleechize.php View File 

@@ -26,7 +26,7 @@ if (isset($_POST['torrent'])) {
26 26 
     $UserID = $LoggedUser['ID'];
27 27
28 28 
     // Make sure torrent exists
29 
-    $DB->query("
29 
+    $DB->prepared_query("
30 30 
       SELECT FreeTorrent, FreeLeechType
31 31 
       FROM torrents
32 32 
       WHERE ID = $TorrentID");
 
@@ -42,7 +42,7 @@ if (isset($_POST['torrent'])) {
42 42 
         error('Torrent does not exist');
43 43 
     }
44 44
45 
-    $DB->query("
45 
+    $DB->prepared_query("
46 46 
       SELECT BonusPoints
47 47 
       FROM users_main
48 48 
       WHERE ID = $UserID");
 
@@ -51,30 +51,30 @@ if (isset($_POST['torrent'])) {
51 51 
         list($Points) = $DB->next_record();
52 52
53 53 
         if ($Points >= $Cost) {
54 
-            $DB->query("
54 
+            $DB->prepared_query("
55 55 
               SELECT TorrentID
56 56 
               FROM shop_freeleeches
57 57 
               WHERE TorrentID = $TorrentID");
58 58
59 59 
             if ($DB->has_results()) {
60 
-                $DB->query("
60 
+                $DB->prepared_query("
61 61 
                   UPDATE shop_freeleeches
62 62 
                   SET ExpiryTime = ExpiryTime + INTERVAL 1 DAY
63 63 
                   WHERE TorrentID = $TorrentID");
64 64 
             } else {
65 
-                $DB->query("
65 
+                $DB->prepared_query("
66 66 
                   INSERT INTO shop_freeleeches
67 67 
                     (TorrentID, ExpiryTime)
68 68 
                   VALUES($TorrentID, NOW() + INTERVAL 1 DAY)");
69 69 
                 Torrents::freeleech_torrents($TorrentID, 1, 3);
70 70 
             }
71 71
72 
-            $DB->query("
72 
+            $DB->prepared_query("
73 73 
               UPDATE users_main
74 74 
               SET BonusPoints = BonusPoints - $Cost
75 75 
               WHERE ID = $UserID");
76 76
77 
-            $DB->query("
77 
+            $DB->prepared_query("
78 78 
               UPDATE users_info
79 79 
               SET AdminComment = CONCAT('".sqltime()." - Made TorrentID $TorrentID freeleech for 24 more hours via the store\n\n', AdminComment)
80 80 
               WHERE UserID = $UserID");

+ 8
- 8
sections/store/freeleechpool.php View File 

@@ -10,7 +10,7 @@ if (isset($_POST['donation'])) {
10 10 
     }
11 11
12 12 
     $UserID = $LoggedUser['ID'];
13 
-    $DB->query("
13 
+    $DB->prepared_query("
14 14 
       SELECT BonusPoints
15 15 
       FROM users_main
16 16 
       WHERE ID = $UserID");
 
@@ -21,19 +21,19 @@ if (isset($_POST['donation'])) {
21 21 
         if ($Points >= $Donation) {
22 22 
             $PoolTipped = false;
23 23
24 
-            $DB->query("
24 
+            $DB->prepared_query("
25 25 
               UPDATE users_main
26 26 
               SET BonusPoints = BonusPoints - $Donation
27 27 
               WHERE ID = $UserID");
28 28
29 
-            $DB->query("
29 
+            $DB->prepared_query("
30 30 
               UPDATE misc
31 31 
               SET First = First + $Donation
32 32 
               WHERE Name = 'FreeleechPool'");
33 33 
             $Cache->delete_value('user_info_heavy_'.$UserID);
34 34
35 35 
             // Check to see if we're now over the target pool size
36 
-            $DB->query("
36 
+            $DB->prepared_query("
37 37 
               SELECT First, Second
38 38 
               FROM misc
39 39 
               WHERE Name = 'FreeleechPool'");
 
@@ -48,7 +48,7 @@ if (isset($_POST['donation'])) {
48 48
49 49 
                     for ($i = 0; $i < $NumTorrents; $i++) {
50 50 
                         $TorrentSize = intval($Pool * (($i===$NumTorrents-1)?1:(rand(10, 80)/100)) * 100000); # todo
51 
-                        $DB->query("
51 
+                        $DB->prepared_query("
52 52 
                           SELECT ID, Size
53 53 
                           FROM torrents
54 54 
                           WHERE Size < $TorrentSize
 
@@ -61,7 +61,7 @@ if (isset($_POST['donation'])) {
61 61 
                         if ($DB->has_results()) {
62 62 
                             list($TorrentID, $Size) = $DB->next_record();
63 63
64 
-                            $DB->query("
64 
+                            $DB->prepared_query("
65 65 
                               INSERT INTO shop_freeleeches
66 66 
                                 (TorrentID, ExpiryTime)
67 67 
                               VALUES($TorrentID, NOW() + INTERVAL 2 DAY)");
 
@@ -77,7 +77,7 @@ if (isset($_POST['donation'])) {
77 77 
                     }
78 78
79 79 
                     $Target = rand(10000, 100000);
80 
-                    $DB->query("
80 
+                    $DB->prepared_query("
81 81 
                       UPDATE misc
82 82 
                       SET First = 0,
83 83 
                         Second = $Target
 
@@ -116,7 +116,7 @@ if (isset($_POST['donation'])) {
116 116 
 <?php
117 117 
 View::show_footer();
118 118 
 } else {
119 
-    $DB->query("
119 
+    $DB->prepared_query("
120 120 
       SELECT First
121 121 
       FROM misc
122 122 
       WHERE Name = 'FreeleechPool'");

+ 3
- 3
sections/store/invite.php View File 

@@ -6,7 +6,7 @@ $Cost = 10000;
6 6 
 $Purchase = "1 invite";
7 7 
 $UserID = $LoggedUser['ID'];
8 8
9 
-$DB->query("
9 
+$DB->prepared_query("
10 10 
   SELECT BonusPoints
11 11 
   FROM users_main
12 12 
   WHERE ID = $UserID");
 
@@ -15,13 +15,13 @@ if ($DB->has_results()) {
15 15 
     list($Points) = $DB->next_record();
16 16
17 17 
     if ($Points >= $Cost) {
18 
-        $DB->query("
18 
+        $DB->prepared_query("
19 19 
           UPDATE users_main
20 20 
           SET BonusPoints = BonusPoints - $Cost,
21 21 
             Invites = Invites + 1
22 22 
           WHERE ID = $UserID");
23 23
24 
-        $DB->query("
24 
+        $DB->prepared_query("
25 25 
           UPDATE users_info
26 26 
           SET AdminComment = CONCAT('".sqltime()." - Purchased an invite from the store\n\n', AdminComment)
27 27 
           WHERE UserID = $UserID");

+ 3
- 3
sections/store/points_1.php View File 

@@ -9,7 +9,7 @@ $Purchase = "10 $ENV->BONUS_POINTS";
9 9 
 $GiB = 1024 * 1024 * 1024;
10 10 
 $Cost = intval(0.15 * $GiB);
11 11
12 
-$DB->query("
12 
+$DB->prepared_query("
13 13 
   SELECT Uploaded
14 14 
   FROM users_main
15 15 
   WHERE ID = $UserID");
 
@@ -18,13 +18,13 @@ if ($DB->has_results()) {
18 18 
     list($Upload) = $DB->next_record();
19 19
20 20 
     if ($Upload >= $Cost) {
21 
-        $DB->query("
21 
+        $DB->prepared_query("
22 22 
           UPDATE users_main
23 23 
           SET BonusPoints = BonusPoints + 10,
24 24 
             Uploaded = Uploaded - $Cost
25 25 
           WHERE ID = $UserID");
26 26
27 
-        $DB->query("
27 
+        $DB->prepared_query("
28 28 
           UPDATE users_info
29 29 
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
30 30 
           WHERE UserID = $UserID");

+ 3
- 3
sections/store/points_10.php View File 

@@ -9,7 +9,7 @@ $Purchase = "100 $ENV->BONUS_POINTS";
9 9 
 $GiB = 1024 * 1024 * 1024;
10 10 
 $Cost = 1.5 * $GiB;
11 11
12 
-$DB->query("
12 
+$DB->prepared_query("
13 13 
   SELECT Uploaded
14 14 
   FROM users_main
15 15 
   WHERE ID = $UserID");
 
@@ -18,13 +18,13 @@ if ($DB->has_results()) {
18 18 
     list($Upload) = $DB->next_record();
19 19
20 20 
     if ($Upload >= $Cost) {
21 
-        $DB->query("
21 
+        $DB->prepared_query("
22 22 
           UPDATE users_main
23 23 
           SET BonusPoints = BonusPoints + 100,
24 24 
             Uploaded = Uploaded - $Cost
25 25 
           WHERE ID = $UserID");
26 26
27 
-        $DB->query("
27 
+        $DB->prepared_query("
28 28 
           UPDATE users_info
29 29 
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
30 30 
           WHERE UserID = $UserID");

+ 3
- 3
sections/store/points_100.php View File 

@@ -9,7 +9,7 @@ $Purchase = "1,000 $ENV->BONUS_POINTS";
9 9 
 $GiB = 1024 * 1024 * 1024;
10 10 
 $Cost = 15.0 * $GiB;
11 11
12 
-$DB->query("
12 
+$DB->prepared_query("
13 13 
   SELECT Uploaded
14 14 
   FROM users_main
15 15 
   WHERE ID = $UserID");
 
@@ -18,13 +18,13 @@ if ($DB->has_results()) {
18 18 
     list($Upload) = $DB->next_record();
19 19
20 20 
     if ($Upload >= $Cost) {
21 
-        $DB->query("
21 
+        $DB->prepared_query("
22 22 
           UPDATE users_main
23 23 
           SET BonusPoints = BonusPoints + 1000,
24 24 
             Uploaded = Uploaded - $Cost
25 25 
           WHERE ID = $UserID");
26 26
27 
-        $DB->query("
27 
+        $DB->prepared_query("
28 28 
           UPDATE users_info
29 29 
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
30 30 
           WHERE UserID = $UserID");

+ 3
- 3
sections/store/points_1000.php View File 

@@ -9,7 +9,7 @@ $Purchase = "10,000 $ENV->BONUS_POINTS";
9 9 
 $GiB = 1024*1024*1024;
10 10 
 $Cost = 150.0 * $GiB;
11 11
12 
-$DB->query("
12 
+$DB->prepared_query("
13 13 
   SELECT Uploaded
14 14 
   FROM users_main
15 15 
   WHERE ID = $UserID");
 
@@ -18,13 +18,13 @@ if ($DB->has_results()) {
18 18 
     list($Upload) = $DB->next_record();
19 19
20 20 
     if ($Upload >= $Cost) {
21 
-        $DB->query("
21 
+        $DB->prepared_query("
22 22 
           UPDATE users_main
23 23 
           SET BonusPoints = BonusPoints + 10000,
24 24 
             Uploaded = Uploaded - $Cost
25 25 
           WHERE ID = $UserID");
26 26
27 
-        $DB->query("
27 
+        $DB->prepared_query("
28 28 
           UPDATE users_info
29 29 
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
30 30 
           WHERE UserID = $UserID");

+ 4
- 4
sections/store/promotion.php View File 

@@ -64,7 +64,7 @@ $Classes = array(
64 64 
 );
65 65
66 66 
 $To = -1;
67 
-$DB->query("
67 
+$DB->prepared_query("
68 68 
   SELECT PermissionID, BonusPoints, Warned, Uploaded, Downloaded, (Uploaded / Downloaded) AS Ratio, Enabled, COUNT(torrents.ID) AS Uploads, COUNT(DISTINCT torrents.GroupID) AS Groups
69 69 
   FROM users_main
70 70 
     JOIN users_info ON users_main.ID = users_info.UserID
 
@@ -100,7 +100,7 @@ if ($DB->has_results()) {
100 100 
         $Err[] = "This account is disabled, how did you get here?";
101 101 
     } else {
102 102 
         if ($Classes[$To]['NonSmall'] > 0) {
103 
-            $DB->query("
103 
+            $DB->prepared_query("
104 104 
               SELECT COUNT(torrents.ID)
105 105 
               FROM torrents
106 106 
               JOIN torrents_group ON torrents.GroupID = torrents_group.ID
 
@@ -159,14 +159,14 @@ if ($DB->has_results()) {
159 159 
         }
160 160
161 161 
         if (!isset($Err)) {
162 
-            $DB->query("
162 
+            $DB->prepared_query("
163 163 
               UPDATE users_main
164 164 
               SET
165 165 
                 BonusPoints = BonusPoints - ".$Classes[$To]['Price'].",
166 166 
                 PermissionID = $To
167 167 
               WHERE ID = $UserID");
168 168
169 
-            $DB->query("
169 
+            $DB->prepared_query("
170 170 
               UPDATE users_info
171 171 
               SET AdminComment = CONCAT('".sqltime()." - Class changed to ".Users::make_class_string($To)." via store purchase\n\n', AdminComment)
172 172 
               WHERE UserID = $UserID");

+ 2
- 2
sections/store/store.php View File 

@@ -6,7 +6,7 @@ $PermID = $LoggedUser['PermissionID'];
6 6
7 7 
 if (!$LoggedUser['DisablePoints']) {
8 8 
     $PointsRate = 0;
9 
-    $getTorrents = $DB->query("
9 
+    $getTorrents = $DB->prepared_query("
10 10 
       SELECT um.BonusPoints,
11 11 
         COUNT(DISTINCT x.fid) AS Torrents,
12 12 
         SUM(t.Size) AS Size,
 
@@ -271,7 +271,7 @@ View::show_header('Store');
271 271 
       </tr>
272 272
273 273 
       <?php
274 
-$DB->query("
274 
+$DB->prepared_query("
275 275 
   SELECT ID AS BadgeID, Name, Description
276 276 
   FROM badges
277 277 
   WHERE ID IN (40, 41, 42, 43, 44, 45, 46, 47, 48)

+ 3
- 3
sections/store/title.php View File 

@@ -11,7 +11,7 @@ if (isset($_POST['title'])) {
11 11 
     $Title = htmlspecialchars($_POST['title'], ENT_QUOTES);
12 12 
     $UserID = $LoggedUser['ID'];
13 13
14 
-    $DB->query("
14 
+    $DB->prepared_query("
15 15 
       SELECT BonusPoints
16 16 
       FROM users_main
17 17 
       WHERE ID = $UserID");
 
@@ -20,13 +20,13 @@ if (isset($_POST['title'])) {
20 20 
         list($Points) = $DB->next_record();
21 21
22 22 
         if ($Points >= $Cost) {
23 
-            $DB->query("
23 
+            $DB->prepared_query("
24 24 
               UPDATE users_main
25 25 
               SET BonusPoints = BonusPoints - $Cost,
26 26 
                 Title = ?
27 27 
               WHERE ID = ?", $Title, $UserID);
28 28
29 
-            $DB->query("
29 
+            $DB->prepared_query("
30 30 
               UPDATE users_info
31 31 
               SET AdminComment = CONCAT(NOW(), ' - Changed title to ', ?, ' via the store\n\n', AdminComment)
32 32 
               WHERE UserID = ?", $Title, $UserID);

+ 3
- 3
sections/store/token.php View File 

@@ -6,7 +6,7 @@ $Cost = 1000;
6 6 
 $Purchase = "1 freeleech token";
7 7 
 $UserID = $LoggedUser['ID'];
8 8
9 
-$DB->query("
9 
+$DB->prepared_query("
10 10 
   SELECT BonusPoints
11 11 
   FROM users_main
12 12 
   WHERE ID = $UserID");
 
@@ -15,13 +15,13 @@ if ($DB->has_results()) {
15 15 
     list($Points) = $DB->next_record();
16 16
17 17 
     if ($Points >= $Cost) {
18 
-        $DB->query("
18 
+        $DB->prepared_query("
19 19 
           UPDATE users_main
20 20 
           SET BonusPoints = BonusPoints - $Cost,
21 21 
             FLTokens = FLTokens + 1
22 22 
           WHERE ID = $UserID");
23 23
24 
-        $DB->query("
24 
+        $DB->prepared_query("
25 25 
           UPDATE users_info
26 26 
           SET AdminComment = CONCAT('".sqltime()." - Purchased a freeleech token from the store\n\n', AdminComment)
27 27 
           WHERE UserID = $UserID");

+ 3
- 3
sections/store/upload_1.php View File 

@@ -7,7 +7,7 @@ $Purchase = "0.1 GiB upload";
7 7 
 $GiB = 1024*1024*1024;
8 8 
 $Cost = 15;
9 9
10 
-$DB->query("
10 
+$DB->prepared_query("
11 11 
   SELECT BonusPoints
12 12 
   FROM users_main
13 13 
   WHERE ID = $UserID");
 
@@ -16,13 +16,13 @@ if ($DB->has_results()) {
16 16 
     list($Points) = $DB->next_record();
17 17
18 18 
     if ($Points >= $Cost) {
19 
-        $DB->query("
19 
+        $DB->prepared_query("
20 20 
           UPDATE users_main
21 21 
           SET BonusPoints = BonusPoints - $Cost,
22 22 
             Uploaded = Uploaded + ($GiB * 0.1)
23 23 
           WHERE ID = $UserID");
24 24
25 
-        $DB->query("
25 
+        $DB->prepared_query("
26 26 
           UPDATE users_info
27 27 
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
28 28 
           WHERE UserID = $UserID");

+ 3
- 3
sections/store/upload_10.php View File 

@@ -7,7 +7,7 @@ $Purchase = "1 GiB upload";
7 7 
 $GiB = 1024*1024*1024;
8 8 
 $Cost = 150;
9 9
10 
-$DB->query("
10 
+$DB->prepared_query("
11 11 
   SELECT BonusPoints
12 12 
   FROM users_main
13 13 
   WHERE ID = $UserID");
 
@@ -16,13 +16,13 @@ if ($DB->has_results()) {
16 16 
     list($Points) = $DB->next_record();
17 17
18 18 
     if ($Points >= $Cost) {
19 
-        $DB->query("
19 
+        $DB->prepared_query("
20 20 
           UPDATE users_main
21 21 
           SET BonusPoints = BonusPoints - $Cost,
22 22 
             Uploaded = Uploaded + ($GiB * 1)
23 23 
           WHERE ID = $UserID");
24 24
25 
-        $DB->query("
25 
+        $DB->prepared_query("
26 26 
           UPDATE users_info
27 27 
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
28 28 
           WHERE UserID = $UserID");

+ 3
- 3
sections/store/upload_100.php View File 

@@ -7,7 +7,7 @@ $Purchase = "10 GiB upload";
7 7 
 $GiB = 1024*1024*1024;
8 8 
 $Cost = 1500;
9 9
10 
-$DB->query("
10 
+$DB->prepared_query("
11 11 
   SELECT BonusPoints
12 12 
   FROM users_main
13 13 
   WHERE ID = $UserID");
 
@@ -16,13 +16,13 @@ if ($DB->has_results()) {
16 16 
     list($Points) = $DB->next_record();
17 17
18 18 
     if ($Points >= $Cost) {
19 
-        $DB->query("
19 
+        $DB->prepared_query("
20 20 
           UPDATE users_main
21 21 
           SET BonusPoints = BonusPoints - $Cost,
22 22 
             Uploaded = Uploaded + ($GiB * 10)
23 23 
           WHERE ID = $UserID");
24 24
25 
-        $DB->query("
25 
+        $DB->prepared_query("
26 26 
           UPDATE users_info
27 27 
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
28 28 
           WHERE UserID = $UserID");

+ 3
- 3
sections/store/upload_1000.php View File 

@@ -7,7 +7,7 @@ $Purchase = "100 GiB upload";
7 7 
 $GiB = 1024*1024*1024;
8 8 
 $Cost = 15000;
9 9
10 
-$DB->query("
10 
+$DB->prepared_query("
11 11 
   SELECT BonusPoints
12 12 
   FROM users_main
13 13 
   WHERE ID = $UserID");
 
@@ -16,13 +16,13 @@ if ($DB->has_results()) {
16 16 
     list($Points) = $DB->next_record();
17 17
18 18 
     if ($Points >= $Cost) {
19 
-        $DB->query("
19 
+        $DB->prepared_query("
20 20 
           UPDATE users_main
21 21 
           SET BonusPoints = BonusPoints - $Cost,
22 22 
             Uploaded = Uploaded + ($GiB * 100)
23 23 
           WHERE ID = $UserID");
24 24
25 
-        $DB->query("
25 
+        $DB->prepared_query("
26 26 
           UPDATE users_info
27 27 
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
28 28 
           WHERE UserID = $UserID");

Write Preview
Loading…
Cancel
Save