X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmysql-manager.php;h=db1db43c106c11241a12ca79cf5915854f839db0;hb=579747bc21e7026a4dd39f58cb2f34453c521eec;hp=b4b635d87b4e2f5a60261114679589cdcf80bc96;hpb=5dae780ad5a596f93c5fcf338ca56c336a7eb480;p=mailer.git

diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php
index b4b635d87b..db1db43c10 100644
--- a/inc/mysql-manager.php
+++ b/inc/mysql-manager.php
@@ -636,14 +636,14 @@ function addMaxReceiveList ($mode, $default = '') {
 	switch ($mode) {
 		case 'guest':
 			// Guests (in the registration form) are not allowed to select 0 mails per day.
-			$result = SQL_QUERY('SELECT `value`,`comment` FROM `{?_MYSQL_PREFIX?}_max_receive` WHERE `value` > 0 ORDER BY `value` ASC',
+			$result = SQL_QUERY('SELECT `value`, `comment` FROM `{?_MYSQL_PREFIX?}_max_receive` WHERE `value` > 0 ORDER BY `value` ASC',
 			__FUNCTION__, __LINE__);
 			break;
 
 		case 'admin':
 		case 'member':
 			// Members are allowed to set to zero mails per day (we will change this soon!)
-			$result = SQL_QUERY('SELECT `value`,`comment` FROM `{?_MYSQL_PREFIX?}_max_receive` ORDER BY `value` ASC',
+			$result = SQL_QUERY('SELECT `value`, `comment` FROM `{?_MYSQL_PREFIX?}_max_receive` ORDER BY `value` ASC',
 			__FUNCTION__, __LINE__);
 			break;
 
@@ -748,7 +748,7 @@ function isMenuActionValid ($mode, $action, $what, $updateEntry = false) {
 			), __FUNCTION__, __LINE__, false);
 	} elseif (($what != 'welcome') && (!empty($what))) {
 		// Other actions
-		$sql = SQL_QUERY_ESC("SELECT `id`,`what` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE `action`='%s' AND `what`='%s'".$add." ORDER BY `action` DESC LIMIT 1",
+		$sql = SQL_QUERY_ESC("SELECT `id`, `what` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE `action`='%s' AND `what`='%s'".$add." ORDER BY `action` DESC LIMIT 1",
 			array(
 				$mode,
 				$action,
@@ -756,7 +756,7 @@ function isMenuActionValid ($mode, $action, $what, $updateEntry = false) {
 			), __FUNCTION__, __LINE__, false);
 	} else {
 		// Admin login overview
-		$sql = SQL_QUERY_ESC("SELECT `id`,`what` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE `action`='%s' AND (`what`='' OR `what` IS NULL)".$add." ORDER BY `action` DESC LIMIT 1",
+		$sql = SQL_QUERY_ESC("SELECT `id`, `what` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE `action`='%s' AND (`what`='' OR `what` IS NULL)".$add." ORDER BY `action` DESC LIMIT 1",
 			array(
 				$mode,
 				$action
@@ -959,7 +959,7 @@ function removeReceiver (&$receivers, $key, $userid, $poolId, $statsId = 0, $isB
 			// Was it *not* found?
 			if (SQL_HASZERONUMS($result)) {
 				// So we add one!
-				SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_links` (`%s`,`userid`,`link_type`) VALUES (%s,%s,'%s')",
+				SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_links` (`%s`, `userid`, `link_type`) VALUES (%s,%s,'%s')",
 					array(
 						$rowName,
 						bigintval($statsId),
@@ -1354,7 +1354,7 @@ function generateOptions ($table, $key, $value, $default = '', $extra = '', $whe
 		} // END - if
 
 		// Run SQL query
-		$result = SQL_QUERY_ESC("SELECT `%s` AS `key`,`%s` AS `value`" . $extraColumn . " FROM `{?_MYSQL_PREFIX?}_%s` " . $whereStatement . " ORDER BY `%s` ASC",
+		$result = SQL_QUERY_ESC("SELECT `%s` AS `key`, `%s` AS `value`" . $extraColumn . " FROM `{?_MYSQL_PREFIX?}_%s` " . $whereStatement . " ORDER BY `%s` ASC",
 			array(
 				$key,
 				$value,
@@ -1465,7 +1465,7 @@ LIMIT 1",
 	} // END - if
 
 	// Add reason and translate points
-	$data['text']   = $reason;
+	$data['text'] = $reason;
 
 	// Now a mail to the user and that's all...
 	$message = loadEmailTemplate('member_user_deleted', $data, $userid);
@@ -1523,7 +1523,14 @@ function generateCategoryOptionsList ($mode, $userid = NULL) {
 	);
 
 	// Get categories
-	$result = SQL_QUERY('SELECT `id`,`cat` FROM `{?_MYSQL_PREFIX?}_cats`' . $whereStatement . ' ORDER BY `sort` ASC',
+	$result = SQL_QUERY('SELECT
+	`id`,
+	`cat`
+FROM
+	`{?_MYSQL_PREFIX?}_cats`
+' . $whereStatement . '
+ORDER BY
+	`sort` ASC',
 		__FUNCTION__, __LINE__);
 
 	// Are there entries?
@@ -1596,13 +1603,34 @@ function addBonusMailToQueue ($subject, $text, $receiverList, $points, $seconds,
 
 	// HTML extension active?
 	if (isExtensionActive('html_mail')) {
-		// Determine if we have HTML mode active
-		$HTML = convertBooleanToYesNo($mode == 'html');
-
 		// Add HTML mail
-		SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_bonus`
-(`subject`,`text`,`receivers`,`points`,`time`,`data_type`,`timestamp`,`url`,`cat_id`,`target_send`,`mails_sent`,`html_msg`)
-VALUES ('%s','%s','%s',%s,%s,'NEW', UNIX_TIMESTAMP(),'%s',%s,%s,%s,'%s')",
+		SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_bonus` (
+	`subject`,
+	`text`,
+	`receivers`,
+	`points`,
+	`time`,
+	`data_type`,
+	`timestamp`,
+	`url`,
+	`cat_id`,
+	`target_send`,
+	`mails_sent`,
+	`html_msg`
+) VALUES (
+	'%s',
+	%s',
+	'%s',
+	%s,
+	%s,
+	'NEW',
+	UNIX_TIMESTAMP(),
+	'%s',
+	%s,
+	%s,
+	%s,
+	'%s'
+)",
 		array(
 			$subject,
 			$text,
@@ -1613,13 +1641,35 @@ VALUES ('%s','%s','%s',%s,%s,'NEW', UNIX_TIMESTAMP(),'%s',%s,%s,%s,'%s')",
 			bigintval($categoryId),
 			$target,
 			bigintval($receiver),
-			$HTML
+			convertBooleanToYesNo($mode == 'html')
 		), __FUNCTION__, __LINE__);
 	} else {
 		// Add regular mail
-		SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_bonus`
-(`subject`,`text`,`receivers`,`points`,`time`,`data_type`,`timestamp`,`url`,`cat_id`,`target_send`,`mails_sent`)
-VALUES ('%s','%s','%s',%s,%s,'NEW', UNIX_TIMESTAMP(),'%s',%s,%s,%s)",
+		SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_bonus` (
+	`subject`,
+	`text`,
+	`receivers`,
+	`points`,
+	`time`,
+	`data_type`,
+	`timestamp`,
+	`url`,
+	`cat_id`,
+	`target_send`,
+	`mails_sent`
+) VALUES (
+	'%s',
+	'%s',
+	'%s',
+	%s,
+	%s,
+	'NEW',
+	UNIX_TIMESTAMP(),
+	'%s',
+	%s,
+	%s,
+	%s
+)",
 		array(
 			$subject,
 			$text,
@@ -1746,7 +1796,7 @@ function reduceRecipientReceivedMails ($column, $id, $count) {
 // Creates a new task
 function createNewTask ($subject, $notes, $taskType, $userid = NULL, $adminId = NULL, $strip = true) {
 	// Insert the task data into the database
-	SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_task_system` (`assigned_admin`,`userid`,`status`,`task_type`,`subject`,`text`,`task_created`) VALUES (%s,%s,'NEW','%s','%s','%s', UNIX_TIMESTAMP())",
+	SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_task_system` (`assigned_admin`, `userid`, `status`, `task_type`, `subject`, `text`, `task_created`) VALUES (%s,%s,'NEW','%s','%s','%s', UNIX_TIMESTAMP())",
 		array(
 			convertZeroToNull($adminId),
 			convertZeroToNull($userid),
@@ -1810,52 +1860,52 @@ function doGenericListEntries ($tableTemplate, $rowTemplate, $noEntryMessageId,
 	}
 
 	// This is the minimum query, so at least columns and tableName must have entries
-	$SQL = 'SELECT ';
+	$sql = 'SELECT ';
 
 	// Get the sql part back from given array
-	$SQL .= getSqlPartFromXmlArray($columns);
+	$sql .= getSqlPartFromXmlArray($columns);
 
 	// Remove last commata and add FROM statement
-	$SQL .= ' FROM `{?_MYSQL_PREFIX?}_' . $tableName[0] . '`';
+	$sql .= ' FROM `{?_MYSQL_PREFIX?}_' . $tableName[0] . '`';
 
 	// Are there entries from whereColumns to add?
 	if (count($whereColumns) > 0) {
 		// Then add these as well
 		if (count($whereColumns) == 1) {
 			// One entry found
-			$SQL .= ' WHERE ';
+			$sql .= ' WHERE ';
 
 			// Table/alias included?
 			if (!empty($whereColumns[0]['table'])) {
 				// Add it as well
-				$SQL .= $whereColumns[0]['table'] . '.';
+				$sql .= $whereColumns[0]['table'] . '.';
 			} // END - if
 
 			// Add the rest
-			$SQL .= '`' . $whereColumns[0]['column'] . '`' . $whereColumns[0]['condition'] . chr(39) . $whereColumns[0]['look_for'] . chr(39);
+			$sql .= '`' . $whereColumns[0]['column'] . '`' . $whereColumns[0]['condition'] . chr(39) . $whereColumns[0]['look_for'] . chr(39);
 		} elseif ((count($whereColumns > 1)) && (count($conditions) > 0)) {
 			// More than one "WHERE" + condition found
 			foreach ($whereColumns as $idx => $columnArray) {
 				// Default is WHERE
-				$condition = 'WHERE';
+				$condition = ' WHERE ';
 
 				// Is the condition element there?
 				if (isset($conditions[$columnArray['column']])) {
 					// Assume the condition
-					$condition = $conditions[$columnArray['column']];
+					$condition = ' ' . $conditions[$columnArray['column']] . ' ';
 				} // END - if
 
 				// Add to SQL query
-				$SQL .= ' ' . $condition;
+				$sql .= $condition;
 
 				// Table/alias included?
 				if (!empty($whereColumns[$idx]['table'])) {
 					// Add it as well
-					$SQL .= $whereColumns[$idx]['table'] . '.';
+					$sql .= $whereColumns[$idx]['table'] . '.';
 				} // END - if
 
 				// Add the rest
-				$SQL .= '`' . $whereColumns[$idx]['column'] . '`' . $whereColumns[$idx]['condition'] . chr(39) . convertDollarDataToGetElement($whereColumns[$idx]['look_for']) . chr(39);
+				$sql .= '`' . $whereColumns[$idx]['column'] . '`' . $whereColumns[$idx]['condition'] . chr(39) . convertDollarDataToGetElement($whereColumns[$idx]['look_for']) . chr(39);
 			} // END - foreach
 		} else {
 			// Did not set $conditions
@@ -1866,7 +1916,7 @@ function doGenericListEntries ($tableTemplate, $rowTemplate, $noEntryMessageId,
 	// Are there entries from orderByColumns to add?
 	if (count($orderByColumns) > 0) {
 		// Add them as well
-		$SQL .= ' ORDER BY ';
+		$sql .= ' ORDER BY ';
 		foreach ($orderByColumns as $orderByColumn => $array) {
 			// Get keys (table/alias) and values (sorting itself)
 			$table   = trim(implode('', array_keys($array)));
@@ -1875,25 +1925,25 @@ function doGenericListEntries ($tableTemplate, $rowTemplate, $noEntryMessageId,
 			// table/alias can be omitted
 			if (!empty($table)) {
 				// table/alias is given
-				$SQL .= $table . '.';
+				$sql .= $table . '.';
 			} // END - if
 
 			// Add order-by column
-			$SQL .= '`' . $orderByColumn . '` ' . $sorting . ',';
+			$sql .= '`' . $orderByColumn . '` ' . $sorting . ',';
 		} // END - foreach
 
 		// Remove last column
-		$SQL = substr($SQL, 0, -1);
+		$sql = substr($sql, 0, -1);
 	} // END - if
 
 	// Now handle all over to the inner function which will execute the listing
-	doListEntries($SQL, $tableTemplate, $noEntryMessageId, $rowTemplate, $callbackColumns, $extraParameters);
+	doListEntries($sql, $tableTemplate, $noEntryMessageId, $rowTemplate, $callbackColumns, $extraParameters);
 }
 
 // Do the listing of entries
-function doListEntries ($SQL, $tableTemplate, $noEntryMessageId, $rowTemplate, $callbackColumns, $extraParameters = array()) {
+function doListEntries ($sql, $tableTemplate, $noEntryMessageId, $rowTemplate, $callbackColumns, $extraParameters = array()) {
 	// Run the SQL query
-	$result = SQL_QUERY($SQL, __FUNCTION__, __LINE__);
+	$result = SQL_QUERY($sql, __FUNCTION__, __LINE__);
 
 	// Are there some URLs left?
 	if (!SQL_HASZERONUMS($result)) {
@@ -2011,7 +2061,7 @@ function doGenericAddEntries ($tableName, $columns = array(), $filterFunctions =
 	// If all values are okay, continue
 	if ($sqlValues[$key] !== false) {
 		// Build the SQL query
-		$sql = 'INSERT INTO `{?_MYSQL_PREFIX?}_' . $tableName[0] . '` (`' . implode('`,`', $sqlColumns) . "`) VALUES (" . implode(',', $sqlValues) . ')';
+		$sql = 'INSERT INTO `{?_MYSQL_PREFIX?}_' . $tableName[0] . '` (`' . implode('`, `', $sqlColumns) . "`) VALUES (" . implode(',', $sqlValues) . ')';
 
 		// Run the SQL query
 		SQL_QUERY($sql, __FUNCTION__, __LINE__);
@@ -2170,14 +2220,28 @@ function doGenericDeleteEntriesConfirm ($tableName, $columns = array(), $filterF
 	$sql = "DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s` IN (%s)";
 
 	// Is a user id provided?
+	//* BUG: */ die('<pre>'.print_r($rawUserId,true).'</pre><pre>'.print_r($userIdColumn,true).'</pre>');
 	if ((isset($rawUserId[0])) && (isPostRequestElementSet($rawUserId[0])) && (isset($userIdColumn[0]))) {
 		// Add user id as well
 		$sql .= ' AND `' . $userIdColumn[0] . '`=' . bigintval(postRequestElement($rawUserId[0]));
 	} // END - if
 
+	// $idColumn[0] in POST must be an array again
+	if (!is_array(postRequestElement($idColumn[0]))) {
+		// This indicates that you have conflicting form field naming with XML names
+		reportBug(__FUNCTION__, __LINE__, 'You have a wrong form field element, idColumn[0]=' . $idColumn[0]);
+	} // END - if
+
 	// Delete them all
+	//* BUG: */ die($sql.'<br /><pre>'.print_r($tableName,true).'</pre><pre>'.print_r($columns,true).'</pre><pre>'.print_r($filterFunctions,true).'</pre><pre>'.print_r($extraValues,true).'</pre><pre>'.print_r($deleteNow,true).'</pre><pre>'.print_r($idColumn,true).'</pre>');
 	$idList = '';
 	foreach (postRequestElement($idColumn[0]) as $id => $sel) {
+		// Is id zero?
+		if ($id == '0') {
+			// Then skip this
+			continue;
+		} // END - if
+
 		// Is there a userid?
 		if (isPostRequestElementSet($userIdColumn[0])) {
 			// Load all data from that id
@@ -2203,7 +2267,12 @@ function doGenericDeleteEntriesConfirm ($tableName, $columns = array(), $filterF
 	} // END - foreach
 
 	// Run the query
-	SQL_QUERY_ESC($sql, array($tableName[0], $idColumn[0], substr($idList, 0, -1)), __FUNCTION__, __LINE__);
+	SQL_QUERY_ESC($sql,
+		array(
+			$tableName[0],
+			$idColumn[0],
+			convertNullToZero(substr($idList, 0, -1))
+		), __FUNCTION__, __LINE__);
 
 	// Return affected rows
 	return SQL_AFFECTEDROWS();