diff --git a/manage-twitter-presets.php b/manage-twitter-presets.php
index 64cfefc..26cea27 100644
--- a/manage-twitter-presets.php
+++ b/manage-twitter-presets.php
@@ -30,7 +30,7 @@ if( isset($_REQUEST['action']) && 'edit_twitter' == $_REQUEST['action']) {
}
}
-$statuses = $mtdb->getAll('SELECT id, position, message FROM twitter_status ORDER BY position, id');
+$statuses = $dbConnection->fetchAll('SELECT id, position, message FROM twitter_status ORDER BY position, id');
adminhead('Manage Twitter Presets');
adminmenu();
diff --git a/post-scratchpad.php b/post-scratchpad.php
index 051ba49..ee6e593 100644
--- a/post-scratchpad.php
+++ b/post-scratchpad.php
@@ -6,7 +6,7 @@ auth_redirect(); // Require logged in user to access this page.
check_nonce('new-scratchpad');
-$mtdb->query( sprintf( 'INSERT INTO scratchpad (contributor, message) VALUES (%d, "%s")', (int)$currentuser->id, mysqli_real_escape_string($mtdb->link, $_REQUEST['message'])) );
+$dbConnection->executeUpdate('INSERT INTO scratchpad (contributor, message) VALUES (?, ?)', array($currentuser->id, $_REQUEST['message']));
adminlog("User posted to scratchpad.", MTS_SCRATCH, MTA_INSERT);
_redirect( ADMIN_PATH . '/index.php' );
diff --git a/post-twitter.php b/post-twitter.php
index 6393c58..b0c5129 100644
--- a/post-twitter.php
+++ b/post-twitter.php
@@ -14,13 +14,13 @@ if('post_twitter' == $_REQUEST['action'])
if( strlen($_REQUEST['message']) ) $postmessage = trim($_REQUEST['message']);
#string replacement macros
- $next_strip_id = $mtdb->getOne( 'SELECT MAX(id) FROM strip' );
+ $next_strip_id = $dbConnection->fetchColumn('SELECT MAX(id) FROM strip');
$next_strip_id += 1;
$postmessage = str_replace("#nextcomic", $next_strip_id, $postmessage);
if('' == $postmessage) _redirect( ADMIN_PATH . '/post-twitter.php?tweet=missing');
$username = sanitize_username($_REQUEST['twitter_user']);
- $postasuser = $mtdb->getOne( sprintf('SELECT username FROM twitter_user WHERE username="%s"', mysqli_real_escape_string($mtdb->link, $username)));
+ $postasuser = $dbConnection->fetchColumn('SELECT username FROM twitter_user WHERE username = ?', array($username));
if( in_array('twitter', $_REQUEST['service']) )
$rc = twitterpost( numeric_entities(utfentities($postmessage)), $postasuser );
@@ -43,8 +43,8 @@ if( isset($_REQUEST['tweet']) && 'missing' == $_REQUEST['tweet'] )
$error.='Oops~ Looks like you forgot to enter a message.';
-$statuses = $mtdb->getAll('SELECT id, position, message FROM twitter_status ORDER BY position, id');
-$twitter_users = $mtdb->getAll('SELECT id, username, oauth_token, oauth_token_secret, oauth_access_token FROM twitter_user ORDER BY username');
+$statuses = $dbConnection->fetchAll('SELECT id, position, message FROM twitter_status ORDER BY position, id');
+$twitter_users = $dbConnection->fetchAll('SELECT id, username, oauth_token, oauth_token_secret, oauth_access_token FROM twitter_user ORDER BY username');
adminhead('Update Twitter');
adminmenu();
@@ -86,7 +86,6 @@ adminmenu();
diff --git a/rss-adminlog.php b/rss-adminlog.php
index 6e720e3..a7ace0c 100644
--- a/rss-adminlog.php
+++ b/rss-adminlog.php
@@ -6,7 +6,7 @@ auth_basic();
$count = isset($_REQUEST['count']) && ctype_digit($_REQUEST['count']) ? $_REQUEST['count'] : 25;
-$entries = $mtdb->getAll("SELECT UNIX_TIMESTAMP(l.logdate) AS logdate, c.name AS cname, c.email AS cmail, s.name AS section, action, level, message FROM admin_log l JOIN admin_section s ON l.section = s.id LEFT JOIN contributor c ON l.contributor = c.id ORDER BY l.logdate DESC LIMIT $count");
+$entries = $dbConnection->fetchAll("SELECT UNIX_TIMESTAMP(l.logdate) AS logdate, c.name AS cname, c.email AS cmail, s.name AS section, action, level, message FROM admin_log l JOIN admin_section s ON l.section = s.id JOIN contributor c ON l.contributor = c.id ORDER BY l.logdate DESC LIMIT ?", array($count), array(PDO::PARAM_INT));
header("Content-Type: application/rss+xml;charset=utf-8");
diff --git a/rss-scratchpad.php b/rss-scratchpad.php
index d932663..4c8a0bf 100644
--- a/rss-scratchpad.php
+++ b/rss-scratchpad.php
@@ -6,7 +6,7 @@ auth_basic();
$count = isset($_REQUEST['count']) && ctype_digit($_REQUEST['count']) ? $_REQUEST['count'] : 25;
-$entries = $mtdb->getAll("SELECT UNIX_TIMESTAMP(s.published) AS pubdate, c.name AS cname, c.email AS cmail, message FROM scratchpad s JOIN contributor c ON s.contributor = c.id ORDER BY s.published DESC LIMIT $count");
+$entries = $dbConnection->fetchAll('SELECT UNIX_TIMESTAMP(s.published) AS pubdate, c.name AS cname, c.email AS cmail, message FROM scratchpad s JOIN contributor c ON s.contributor = c.id ORDER BY published DESC LIMIT ?', array($count), array(PDO::PARAM_INT));
header("Content-Type: application/rss+xml;charset=utf-8");
diff --git a/rss-striplog.php b/rss-striplog.php
index 6d78c2f..c2feaa1 100644
--- a/rss-striplog.php
+++ b/rss-striplog.php
@@ -4,7 +4,7 @@ require_once('include/admin.inc.php');
$count = isset($_REQUEST['count']) && ctype_digit($_REQUEST['count']) ? $_REQUEST['count'] : 25;
-$entries = $mtdb->getAll("SELECT UNIX_TIMESTAMP(l.logdate) AS logdate, s.name AS section, action, message FROM admin_log l JOIN admin_section s ON l.section = s.id WHERE s.name = 'strip' ORDER BY l.logdate DESC LIMIT $count");
+$entries = $dbConnection->fetchAll('SELECT UNIX_TIMESTAMP(l.logdate) AS logdate, s.name AS section, action, message FROM admin_log l JOIN admin_section s ON l.section = s.id WHERE s.name = \'strip\' ORDER BY l.logdate DESC LIMIT ?', array($count), array(PDO::PARAM_INT));
header("Content-Type: application/rss+xml;charset=utf-8");
diff --git a/twitter-scheduled.php b/twitter-scheduled.php
index e57d984..17abe7d 100644
--- a/twitter-scheduled.php
+++ b/twitter-scheduled.php
@@ -4,13 +4,8 @@ require_once('include/admin.inc.php');
// First, the quick hack way. May become neccessary to parallelize later.
-$tweets = $mtdb->getAll("SELECT username, password, text, status, twitter_post.id AS id
- FROM twitter_post JOIN twitter_user
- ON twitter_post.user = twitter_user.id
- WHERE twitter_post.status = 'scheduled'
- AND time >= NOW()
- AND time < TIMESTAMPADD(" . RUN_INTERVAL . ", NOW())
-");
+$tweets = $dbConnection->fetchAll('SELECT username, password, text, status, tp.id AS id FROM twitter_post tp JOIN twitter_user tu ON tp.user = tu.id ' .
+ 'WHERE tp.status = \'scheduled\' AND time >= NOW() AND time < TIMESTAMPADD(?, NOW())', array(RUN_INTERVAL));
// Check if we actually have any tweets. If not, bail.
if(count($tweets) === 0)
@@ -23,7 +18,7 @@ if(count($tweets) === 0)
foreach($tweets as $t)
{
// Lock the tweet
- $mtdb->query("UPDATE twitter_post SET status = 'locked' WHERE id = ".(int)$t->id." AND status = 'scheduled'", false);
+ $dbConnection->executeUpdate('UPDATE twitter_post SET status = \'locked\' WHERE id = ? AND status = \'scheduled\'', array($t->id));
if(twitterpost($t->text, $t->username, $t->password))
{
@@ -39,7 +34,7 @@ foreach($tweets as $t)
}
// Unlock tweet, update db.
- $mtdb->query("UPDATE twitter_post SET status = '".mysqli_real_escape_string($mtdb->link, $t->status)."' WHERE status = 'locked' AND id = ".(int)$t->id, false);
+ $dbConnection->executeUpdate('UPDATE twitter_post SET status = ? WHERE status = \'locked\' AND id = ?', array($t->status, $t->id));
}
?>
diff --git a/user-edit.php b/user-edit.php
index d2c15b4..bd5e4a5 100644
--- a/user-edit.php
+++ b/user-edit.php
@@ -15,7 +15,7 @@ if( isset($_POST['edit']) ) {
copy(RANTIMG.'default', RANTIMG.$username.'.png');
- $mtdb->query( 'INSERT INTO contributor (name, default_image) VALUES ("' . mysqli_real_escape_string($mtdb->link, $username) . '", "'.$username.'.png")' );
+ $dbConnection->executeUpdate('INSERT INTO contributor (name, default_image) VALUES (?, ?)', array($username, $username . '.png'));
$user = get_userdatabylogin( $username );
$userid = $user->id;
$info.='User Account Created
';
@@ -37,7 +37,7 @@ if( isset($_POST['edit']) ) {
$error.='New passwords do not match.
';
} else {
/* password change */
- if( ! $mtdb->getOne( 'SELECT id FROM contributor WHERE id = "' . (int)$user->id . '" AND (password = SHA1("' . mysqli_real_escape_string($mtdb->link, $_POST['password_old']) . '") OR password = "")' )) {
+ if( ! $dbConnection->fetchColumn('SELECT id FROM contributor WHERE id = ? AND (password = SHA1(?) OR password = "")', array((int)$user->id, $_POST['password_old']))) {
$error.='Specified password is incorrect.
';
} else {
/* Password match */
diff --git a/users.php b/users.php
index 26c5d62..da018c2 100644
--- a/users.php
+++ b/users.php
@@ -10,11 +10,11 @@ adminhead('Users');
adminmenu();
?>
User Administration
-Make changes to accounts for contributers to the website.
+Make changes to accounts for contributors to the website.
getAll("SELECT id,name,email,nameplate FROM contributor");
+$users = $dbConnection->fetchAll('SELECT id, name, email, nameplate FROM contributor');
?>
diff --git a/view-adminlog.php b/view-adminlog.php
index 2edebd7..8fc4531 100644
--- a/view-adminlog.php
+++ b/view-adminlog.php
@@ -17,10 +17,11 @@ $page = 1;
if( isset($_GET['page'] )) $page = (int) $_GET['page'];
$perpage = 15;
-$start = ($page-1) * $perpage;
+$start = ($page - 1) * $perpage;
-$total = ceil( $mtdb->getOne("SELECT COUNT(*) FROM admin_log") / $perpage );
-$entries = $mtdb->getAll("SELECT UNIX_TIMESTAMP(l.logdate) AS logstamp, l.logdate AS logdate, c.name AS cname, c.email AS cmail, s.name AS section, action, level, message FROM admin_log l JOIN admin_section s ON l.section = s.id LEFT JOIN contributor c ON l.contributor = c.id ORDER BY l.logdate DESC LIMIT $start,$perpage");
+$total = ceil( $dbConnection->fetchColumn('SELECT COUNT(*) FROM admin_log') / $perpage );
+$entries = $dbConnection->fetchAll('SELECT UNIX_TIMESTAMP(l.logdate) AS logstamp, l.logdate AS logdate, c.name AS cname, s.name AS section, action, level, message ' .
+ 'FROM admin_log l JOIN admin_section s ON l.section = s.id JOIN contributor c ON l.contributor = c.id ORDER BY l.logdate DESC LIMIT ?, ?', array($start, $perpage), array(PDO::PARAM_INT, PDO::PARAM_INT));
pagination( $page, $total );