diff --git a/manage-metatypes.php b/manage-metatypes.php index 3fba133..44b06cc 100644 --- a/manage-metatypes.php +++ b/manage-metatypes.php @@ -6,10 +6,10 @@ auth_redirect(); // Require logged in user to access this page. if( isset($_GET['delete']) && (int)$_GET['delete'] ) { check_nonce('delete-metatype-'.(int)$_GET['delete']); - if(! $mtdb->query( 'DELETE FROM meta_t WHERE id=' . (int)$_GET['delete'] ) ) + if(! $dbConnection->executeUpdate('DELETE FROM meta_t WHERE id = ?', array($_GET['delete']))) { adminlog("Error on deleting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_DELETE, E_WARNING); - mtdie("Error on update: ". htmlentities(mysqli_error())); + mtdie("Error on update: ". $dbConnection->errorCode()); } $info.='

Deleted metatype successfully.

'; adminlog("Metatype ".(int)$_GET['delete']." deleted.", MTS_TYPE_META, MTA_DELETE); @@ -21,10 +21,10 @@ if( isset($_POST['action']) && $_POST['action'] == 'new_meta' ) { $name = trim($_POST['name']); if( check_type_name( $name ) ) { - if(! $mtdb->query( 'INSERT INTO meta_t(name) VALUES("'. mysqli_real_escape_string($mtdb->link, $name) . '")' ) ) + if(! $dbConnection->executeUpdate('INSERT INTO meta_t (name) VALUES (?)', array($name))) { adminlog("Error on inserting metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_INSERT, E_WARNING); - mtdie("Error on insertion: ". htmlentities(mysqli_error())); + mtdie("Error on insertion: ". $dbConnection->errorCode()); } } $info.='

New metatype created successfully.

'; @@ -37,10 +37,10 @@ if( isset($_POST['action']) && $_POST['action'] == 'edit_meta' ) { $name = trim($_POST['name']); if( check_type_name( $name ) ) { - if(! $mtdb->query( 'UPDATE meta_t SET name = "' . mysqli_real_escape_string($mtdb->link, $name) . '" WHERE id=' . (int)$_POST['type_id']) ) + if(! $dbConnection->executeUpdate('UPDATE meta_t SET name = ? WHERE id = ?', array($name, $_POST['type_id']))) { adminlog("Error updating metatype ".(int)$_GET['delete'], MTS_TYPE_META, MTA_UPDATE, E_WARNING); - mtdie("Error on update: ". htmlentities(mysqli_error())); + mtdie("Error on update: ". $dbConnection->errorCode()); } } $info.='

Changes to metatype saved successfully.

'; @@ -48,7 +48,7 @@ if( isset($_POST['action']) && $_POST['action'] == 'edit_meta' ) { } //get all metatypes -$metas = $mtdb->getAll("SELECT id, name FROM meta_t"); +$metas = $dbConnection->fetchAll('SELECT id, name FROM meta_t'); adminhead('Metatypes'); adminmenu(); diff --git a/manage-statusbox.php b/manage-statusbox.php index 31c8020..e4694fa 100644 --- a/manage-statusbox.php +++ b/manage-statusbox.php @@ -12,7 +12,7 @@ auth_redirect(); // Require logged in user to access this page. /* Handle form submission of new updates */ function handle_update_form() { - global $error,$info,$mtdb; + global $error,$info,$dbConnection; check_nonce('update-statusbox'); $percent = $_POST['update_percentage']; @@ -36,7 +36,7 @@ function handle_update_form() { return; } - $mtdb->query( 'INSERT INTO status (published,eta,percentage,text) VALUES( NOW(), FROM_UNIXTIME(' . (int)$eta . '), '. (int)$percent . ', "' . mysqli_real_escape_string($mtdb->link, $text) . '")' ); + $dbConnection->executeUpdate('INSERT INTO status (published, eta, percentage, text) VALUES (NOW(), FROM_UNIXTIME(?), ?, ?)', array($eta, $percent, $text)); $_POST['update_percentage']=$_POST['update_eta']=$_POST['update_text']=''; $info = '

Statusbox updated successfully.

'; @@ -55,7 +55,7 @@ adminmenu('manage-statusbox.php'); /* Simple Presets, Select things said before */ -$presets = $mtdb->getAll('SELECT COUNT(*) as c, percentage, text, CONCAT( percentage, "% - ", text ) as p FROM status GROUP BY p HAVING c>1 ORDER BY c DESC'); +$presets = $dbConnection->fetchAll('SELECT COUNT(*) as c, percentage, text, CONCAT( percentage, "% - ", text ) as p FROM status GROUP BY p HAVING c > 1 ORDER BY c DESC'); ?> @@ -129,7 +129,7 @@ $presets = $mtdb->getAll('SELECT COUNT(*) as c, percentage, text, CONCAT( percen getAll("SELECT published,eta,percentage,text FROM status ORDER BY published DESC limit 5"); +$stats = $dbConnection->fetchAll("SELECT published, eta, percentage, text FROM status ORDER BY published DESC LIMIT 5"); ?> diff --git a/manage-twitter-presets.php b/manage-twitter-presets.php index 26cea27..3f0ac82 100644 --- a/manage-twitter-presets.php +++ b/manage-twitter-presets.php @@ -17,15 +17,15 @@ if( isset($_REQUEST['action']) && 'edit_twitter' == $_REQUEST['action']) { if(0 == $id && !empty($msg)) { // Add a new preset - $mtdb->query( sprintf('INSERT INTO twitter_status (position, message) VALUES (%d, "%s")', $position, mysqli_real_escape_string($mtdb->link, $msg)) ); + $dbConnection->executeUpdate('INSERT INTO twitter_status (position, message) VALUES (?, ?)', array($position, $msg)); adminlog("Added new preset: $msg", MTS_TWITTER, MTA_ADD); } elseif(empty($msg)) { // Delete an existing preset - $mtdb->query( "DELETE FROM twitter_status WHERE id = $id" ); + $dbConnection->executeUpdate('DELETE FROM twitter_status WHERE id = ?', array($id)); adminlog("Removed preset: $id", MTS_TWITTER, MTA_ADD); } else { // Modify an existing preset - $mtdb->query( sprintf('UPDATE twitter_status SET position = %d, message = "%s" WHERE id = %d', $position, mysqli_real_escape_string($mtdb->link, $msg), $id) ); + $dbConnection->executeUpdate('UPDATE twitter_status SET position = ?, message = ? WHERE id = ?', array($position, $msg, $id)); } } }