$a = DI::app();
- $search = Strings::escapeTags(trim($_GET['search'] ?? ''));
- $nets = Strings::escapeTags(trim($_GET['nets'] ?? ''));
- $rel = Strings::escapeTags(trim($_GET['rel'] ?? ''));
- $group = Strings::escapeTags(trim($_GET['group'] ?? ''));
+ $search = trim($_GET['search'] ?? '');
+ $nets = trim($_GET['nets'] ?? '');
+ $rel = trim($_GET['rel'] ?? '');
+ $group = trim($_GET['group'] ?? '');
$accounttype = $_GET['accounttype'] ?? '';
$accounttypeid = User::getAccountTypeByString($accounttype);
'$submit' => DI::l10n()->t('Submit'),
'$lbl_info1' => $lbl_info1,
'$lbl_info2' => DI::l10n()->t('Their personal note'),
- '$reason' => trim(Strings::escapeTags($contact['reason'])),
+ '$reason' => trim($contact['reason']),
'$infedit' => DI::l10n()->t('Edit contact notes'),
'$common_link' => 'contact/' . $contact['id'] . '/contacts/common',
'$relation_text' => $relation_text,
}
if ($group) {
- $sql_extra = " AND EXISTS(SELECT `id` FROM `group_member` WHERE `gid` = ? AND `contact`.`id` = `contact-id`)";
+ $sql_extra .= " AND EXISTS(SELECT `id` FROM `group_member` WHERE `gid` = ? AND `contact`.`id` = `contact-id`)";
$sql_values[] = $group;
}
- $total = 0;
- $stmt = DBA::p("SELECT COUNT(*) AS `total`
- FROM `contact`
- WHERE `uid` = ?
- AND `self` = 0
- AND NOT `deleted`
- $sql_extra
- " . Widget::unavailableNetworks(),
- $sql_values
- );
- if (DBA::isResult($stmt)) {
- $total = DBA::fetch($stmt)['total'];
- }
- DBA::close($stmt);
+ $networks = Widget::unavailableNetworks();
+ $sql_extra .= " AND NOT `network` IN (" . substr(str_repeat("?, ", count($networks)), 0, -2) . ")";
+ $sql_values = array_merge($sql_values, $networks);
- $pager = new Pager(DI::l10n(), DI::args()->getQueryString());
+ $condition = ["`uid` = ? AND NOT `self` AND NOT `deleted`" . $sql_extra];
+ $condition = array_merge($condition, $sql_values);
- $sql_values[] = $pager->getStart();
- $sql_values[] = $pager->getItemsPerPage();
+ $total = DBA::count('contact', $condition);
+
+ $pager = new Pager(DI::l10n(), DI::args()->getQueryString());
$contacts = [];
- $stmt = DBA::p("SELECT *
- FROM `contact`
- WHERE `uid` = ?
- AND `self` = 0
- AND NOT `deleted`
- $sql_extra
- ORDER BY `name` ASC
- LIMIT ?, ?",
- $sql_values
- );
+ $stmt = DBA::select('contact', [], $condition, ['order' => ['name'], 'limit' => [$pager->getStart(), $pager->getItemsPerPage()]]);
+
while ($contact = DBA::fetch($stmt)) {
$contact['blocked'] = Model\Contact\User::isBlocked($contact['id'], local_user());
$contact['readonly'] = Model\Contact\User::isIgnored($contact['id'], local_user());