From 3b807424bd87ff9a86a671112add3473f52fa943 2017-06-21 21:28:24
From: DarkMorford <DarkMorford@Gmail.com>
Date: 2017-06-21 21:28:24
Subject: [PATCH] Update more admin pages to use DBAL functions.

---

diff --git a/character-twitter.php b/character-twitter.php
index 9aee60b..9ee383c 100644
--- a/character-twitter.php
+++ b/character-twitter.php
@@ -10,7 +10,8 @@ if('post_twitter' == $_REQUEST['action'])
 	check_nonce('new-character-twitter');
 
 	#Fetch the password from the DB.
-	$acct = $mtdb->getRow(sprintf("SELECT username, password FROM twitter_user WHERE id = '%d'", $_REQUEST['twitter-account']));
+	$stmt = $dbConnection->executeQuery('SELECT username, password FROM twitter_user WHERE id = ?', array($_REQUEST['twitter-account']));
+	$acct = $stmt->fetch();
 
 	$post_at = strtotime($_REQUEST['date18']);
 
@@ -35,13 +36,8 @@ if('post_twitter' == $_REQUEST['action'])
 		else
 		{
 			#No luck, gotta schedule.
-			$mtdb->query(
-				sprintf("INSERT INTO twitter_post (status, user, time, text)VALUES ('scheduled', '%d', FROM_UNIXTIME('%d'), '%s')",
-					mysqli_real_escape_string($mtdb->link, $_REQUEST['twitter-account']),
-					$post_at,
-					mysqli_real_escape_string($mtdb->link, $_REQUEST['message'])
-				)
-			);
+			$dbConnection->executeUpdate('INSERT INTO twitter_post (status, user, time, text) VALUES (\'scheduled\', ?, FROM_UNIXTIME(?), ?)',
+				array($_REQUEST['twitter-account'], $post_at, $_REQUEST['message']));
 			$info .= "Your tweet for user " . htmlentities($acct->username) . " has been scheduled.";
 			adminlog('Tweet for account ' . $acct->username . ' has been scheduled.', MTS_TWITTER, MTA_ADD);
 		}
@@ -52,12 +48,11 @@ if('post_twitter' == $_REQUEST['action'])
 	}
 }
 
-$characters = $mtdb->getAll("SELECT id, username FROM twitter_user ORDER BY username");
+$characters = $dbConnection->fetchAll('SELECT id, username FROM twitter_user ORDER BY username');
 
-$scheduled = $mtdb->getAll("SELECT username, text, status, twitter_post.id AS id, time
-	FROM twitter_post JOIN twitter_user
-		ON twitter_post.user = twitter_user.id
-	WHERE twitter_post.status = 'scheduled' ORDER BY time");
+$scheduled = $dbConnection->fetchAll('SELECT username, text, status, twitter_post.id AS id, time ' .
+	'FROM twitter_post JOIN twitter_user ON twitter_post.user = twitter_user.id ' .
+	'WHERE twitter_post.status = \'scheduled\' ORDER BY time');
 
 adminhead('Manage Character Twitters');
 adminmenu();
diff --git a/delete-tweet.php b/delete-tweet.php
index e70002e..4a35719 100644
--- a/delete-tweet.php
+++ b/delete-tweet.php
@@ -12,7 +12,7 @@ $victim = (int)$_REQUEST['tweet_id'];
 
 if($victim)
 {
-	$r = $mtdb->query("DELETE FROM twitter_post WHERE id = '$victim'");
+	$r = $dbConnection->executeUpdate('DELETE FROM twitter_post WHERE id = ?', array($victim));
 	if(!$r)
 	{
 		adminlog('Error deleting scheduled tweet ' . $victim, MTS_TWITTER, MTA_DELETE, E_ERROR);
diff --git a/delete-twitter-user.php b/delete-twitter-user.php
index c8069b1..0a50ed8 100644
--- a/delete-twitter-user.php
+++ b/delete-twitter-user.php
@@ -12,7 +12,7 @@ $victim = (int)$_REQUEST['id'];
 
 if($victim)
 {
-	$r = $mtdb->query("DELETE FROM twitter_user WHERE id = '$victim'");
+	$r = $dbConnection->executeUpdate('DELETE FROM twitter_user WHERE id = ?', array($victim));
 	if(!$r)
 	{
 		adminlog('Error deleting specified twitter user ' . $victim, MTS_TWITTER, MTA_DELETE, E_ERROR);
diff --git a/edit-comic.php b/edit-comic.php
index 478b5ac..28d170b 100644
--- a/edit-comic.php
+++ b/edit-comic.php
@@ -35,13 +35,13 @@ if( $_POST ) {
 			if( !is_valid_upload('comicFile') )
 			{
 				adminlog("Image upload failed.", MTS_STRIP, MTA_ADD, E_WARNING);
-				mtdie('If you want to upload a new comic, you must provide said comic.','Strip upload failed.');
+				mtdie('If you want to upload a new comic, you must provide said comic.', 'Strip upload failed.');
 			}
 
 			// get image type and target extension
 			$imagedata = getimagesize($_FILES['comicFile']['tmp_name']);
 			$strip->media = $imagedata[2];
-			$fileext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id = ' . (int)$strip->media );
+			$fileext = $dbConnection->fetchColumn('SELECT extension FROM media_t WHERE id = ?', array($strip->media), array(PDO::PARAM_INT));
 
 			if(strlen($fileext) < 3)
 			{
@@ -86,7 +86,7 @@ if( $_POST ) {
 				$imagedata = getimagesize($_FILES['comicFile']['tmp_name']);
 				$strip->media = $imagedata[2];
 			}
-			$fileext = $mtdb->getOne( 'SELECT extension FROM media_t WHERE id=' . (int)$strip->media );
+			$fileext = $dbConnection->fetchColumn('SELECT extension FROM media_t WHERE id = ?', array($strip->media), array(PDO::PARAM_INT));
 
 			if(strlen($fileext) < 3)
 			{
@@ -178,7 +178,7 @@ adminmenu('manage-comics.php');
 <h3 class="dbx-handle">Comic Type</h3>
 <div class="dbx-content"><select name="strip_type">
 <?php
-$types = $mtdb->getAll( 'SELECT id, description FROM strip_t ORDER BY id' );
+$types = $dbConnection->fetchAll('SELECT id, description FROM strip_t ORDER BY id');
 foreach( $types as $k=>$v )
 	printf('<option value="%s" %s>%s</option>', htmlentities($v->id), ($strip->type == $v->id ? 'selected="selected"' : '' ), htmlentities($v->description));
 
diff --git a/edit-metatype.php b/edit-metatype.php
index 0024134..549d232 100644
--- a/edit-metatype.php
+++ b/edit-metatype.php
@@ -4,7 +4,12 @@ require_once('include/admin.inc.php');
 
 auth_redirect(); // Require logged in user to access this page.
 
-$type = $mtdb->getRow( 'SELECT id, name FROM meta_t WHERE id=' . (int)$_GET['edit'] )
+$sql = 'SELECT id, name FROM meta_t WHERE id = ?';
+$stmt = $dbConnection->prepare($sql);
+$stmt->bindValue(1, $_GET['edit'], PDO::PARAM_INT);
+$stmt->execute();
+
+$type = $stmt->fetch()
 	or mtdie("Invalid metatype number!");
 
 adminhead('Metatypes');
diff --git a/manage-comics.php b/manage-comics.php
index 05596cb..f139bd0 100644
--- a/manage-comics.php
+++ b/manage-comics.php
@@ -17,11 +17,11 @@ $page = 1;
 if( isset($_GET['page'] )) $page = (int) $_GET['page'];
 
 $perpage = 15;
-$start = ($page-1) * $perpage;
+$start = ($page - 1) * $perpage;
 
-$total = ceil( $mtdb->getOne("SELECT count(DISTINCT id) FROM strip") / $perpage );
-$strips = $mtdb->getAll("SELECT id, UNIX_TIMESTAMP(published) as published, type, media, title, book, page FROM strip GROUP BY id ORDER BY id DESC LIMIT $start,$perpage");
-$types_db = $mtdb->getAll("SELECT id,description FROM strip_t");
+$total = ceil( $dbConnection->fetchColumn('SELECT COUNT(id) FROM strip') / $perpage );
+$strips = $dbConnection->fetchAll('SELECT id, UNIX_TIMESTAMP(published) AS published, type, media, title, book, page FROM strip ORDER BY id DESC LIMIT ?, ?', array($start, $perpage), array(PDO::PARAM_INT, PDO::PARAM_INT));
+$types_db = $dbConnection->fetchAll('SELECT id, description FROM strip_t');
 
 $type = array();
 foreach( $types_db as $k ) $type[$k->id]=$k->description;
diff --git a/post-comic.php b/post-comic.php
index 7de703a..5b8aee0 100644
--- a/post-comic.php
+++ b/post-comic.php
@@ -4,8 +4,8 @@ require_once('include/admin.inc.php');
 
 auth_redirect(); // Require logged in user to access this page.
 
-$last_type = $mtdb->getOne( 'SELECT type FROM strip ORDER BY id DESC limit 1' );
-$last_strip_id = $mtdb->getOne( 'SELECT MAX(id) FROM strip' );
+$last_type = $dbConnection->fetchColumn('SELECT type FROM strip ORDER BY id DESC LIMIT 1');
+$last_strip_id = $dbConnection->fetchColumn('SELECT MAX(id) FROM strip');
 
 adminhead('Post Comic');
 adminmenu('post-comic.php');
@@ -44,7 +44,7 @@ if(isset($_REQUEST['next']) && $_REQUEST['next'] == "yes")
 <h3 class="dbx-handle">Comic Type</h3>
 <div class="dbx-content"><select name="strip_type">
 <?php
-$types = $mtdb->getAll( 'SELECT id, description FROM strip_t ORDER BY id' );
+$types = $dbConnection->fetchAll('SELECT id, description FROM strip_t ORDER BY id');
 foreach( $types as $k=>$v )
 	printf('<option value="%s" %s>%s</option>', htmlentities($v->id), ($last_type == $v->id ? 'selected="selected"' : '' ), $v->description);
 ?>