jostreff/nsedit
1
0
Fork 0
mirror of https://github.com/tuxis-ie/nsedit.git synced 2025-04-19 20:09:14 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Switch from 'querySingle' to 'prepare and bindValue'

Browse source
This commit is contained in:
Mark Schouten 2014-07-04 11:14:34 +02:00
parent 90534c6e60
commit 98dd2695fa
1 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
zones.php
View file

@ -119,7 +119,10 @@ function add_db_zone($zone, $owner) {
jtable_respond(null, 'error', "$zone is not a valid zonename"); jtable_respond(null, 'error', "$zone is not a valid zonename");
} }
$db = get_db(); $db = get_db();
$zoneinfo = $db->querySingle("INSERT OR REPLACE INTO zones (zone, owner) VALUES ('".$zone."', (SELECT id FROM users WHERE emailaddress = '".$owner."'))"); $q = $db->prepare("INSERT OR REPLACE INTO zones (zone, owner) VALUES (':zone', (SELECT id FROM users WHERE emailaddress = ':ownwer'))");
$q->bindValue(':zone', $zone);
$q->bindValue(':owner', $owner);
$q->execute();
$db->close(); $db->close();
} }
@ -128,7 +131,10 @@ function get_zone_owner($zone) {
jtable_respond(null, 'error', "$zone is not a valid zonename"); jtable_respond(null, 'error', "$zone is not a valid zonename");
} }
$db = get_db(); $db = get_db();
$zoneinfo = $db->querySingle("SELECT u.emailaddress FROM users u, zones z WHERE z.owner = u.id AND z.zone = '".$zone."'", 1); $q = $db->prepare("SELECT u.emailaddress FROM users u, zones z WHERE z.owner = u.id AND z.zone = ':zone", 1);
$q->bindValue(':zone', $zone);
$result = $q->execute();
$zoneinfo = $result->fetchArray(SQLITE3_ASSOC);
$db->close(); $db->close();
if (isset($zoneinfo['emailaddress']) && $zoneinfo['emailaddress'] != NULL ) { if (isset($zoneinfo['emailaddress']) && $zoneinfo['emailaddress'] != NULL ) {
return $zoneinfo['emailaddress']; return $zoneinfo['emailaddress'];