--- branches/pear-db/admin/include/update.php	2004/03/06 00:33:16	53
+++ branches/pear-db/admin/include/update.php	2004/03/06 01:08:29	54
@@ -58,9 +58,9 @@
 	$problem = 0;
 
 	if ($staff_id > 0) {
-		$sql = "UPDATE staff SET password = NULL WHERE staff_id = " . $staff_id;
+		$sql = "UPDATE staff SET password = NULL WHERE staff_id = ?";
 
-		if (!xx_query ($sql, $con)){
+		if (!xx_prepare_execute($sql, $staff_id)){
 			$problem = 1;
 			sql_err($sql);
 			xx_query ("UNLOCK TABLES", $con);
@@ -94,7 +94,6 @@
 
 	// Need for display/uniqueness
 	$coursesub_display = $coursesub;
-	$coursesub_search = textSearchmySQL($coursesub);
 
 	// Check to see if already exists
 	$exists = recordCount($con, "coursesub", "coursesub", $coursesub_search, "A");
@@ -122,24 +121,10 @@
 	// Perform the update only if no errors encountered
 	if ($err_code == 0) {
 
-		// Clean up strings
-		$coursesub = textInmySQL($coursesub);
-		$coursesub_descr = textInmySQL($coursesub_descr);
-		$cip_code = textInmySQL($cip_code);
-	
 		// Build the SQL
-		$sql = "UPDATE coursesub SET coursesub = '"
-			. $coursesub
-			. "', coursesub_descr ='"
-			. $coursesub_descr
-			. "', cip_code = '"
-			. $cip_code
-			. "', campus_id = "
-			. $campus_id
-			. " WHERE coursesub_id ="
-			. $coursesub_id;
+		$sql = "UPDATE coursesub SET coursesub = ?, coursesub_descr = ?, cip_code = ?, campus_id = ? WHERE coursesub_id = ?";
 
-		if (!xx_query ($sql, $con)){
+		if (!xx_prepare_execute($sql, $coursesub, $coursesub_descr, $cip_code, $campus_id, $coursesub_id)){
 			sql_err($sql);
 			xx_query ("UNLOCK TABLES", $con);
 			bailout();
@@ -204,25 +189,10 @@
 
 	if ($err_code == 0 ) {
 
-		// Clean up strings
-		if (strlen($faculty_lastname) > 0) $faculty_lastname = textInmySQL($faculty_lastname);
-		if (strlen($faculty_firstname) > 0) $faculty_firstname = textInmySQL($faculty_firstname);
-		if (strlen($faculty_email) > 0) $faculty_email = textInmySQL($faculty_email);
-		if (strlen($faculty_account) > 0) $faculty_account = textInmySQL($faculty_account);
-                
 		// Build the SQL
-		$sql = "UPDATE faculty SET faculty_lastname = '"
-			. $faculty_lastname
-			. "', faculty_firstname ='"
-			. $faculty_firstname
-			. "', faculty_email ='"
-			. $faculty_email
-			. "', faculty_account ='"
-			. $faculty_account
-			. "' WHERE faculty_id ="
-			. $faculty_id;
+		$sql = "UPDATE faculty SET faculty_lastname = ?, faculty_firstname = ?, faculty_email = ?, faculty_account = ? WHERE faculty_id = ?";
 
-		if (!xx_query ($sql, $con)){
+		if (!xx_query ($sql,$faculty_lastname,$faculty_firstname,$faculty_account,$faculty_email,$faculty_id)){
 			sql_err($sql);
 			xx_query ("UNLOCK TABLES", $con);
 			bailout();
@@ -256,7 +226,6 @@
 
 	// Need for display/uniqueness
 	$feature_display = $feature;
-	$feature_search = textSearchmySQL($feature);
 
 	// Check to see if already exists
 	$exists = recordCount($con, "feature", "feature", $feature_search, "A");
@@ -285,23 +254,10 @@
 	// Perform the update only if no errors encountered
 	if ($err_code == 0) {
 
-		// Clean up strings
-		$feature = textInmySQL($feature);
-		$image_alt = textInmySQL($image_alt);
-		$image_path = textInmySQL($image_path);
-	
 		// Build the SQL
-		$sql = "UPDATE feature SET feature = '"
-			. $feature
-			. "', image_alt ='"
-			. $image_alt
-			. "', image_path ='"
-			. $image_path
-			. "' WHERE feature_id ="
-			. $feature_id;
+		$sql = "UPDATE feature SET feature = ?, image_alt = ?, image_path = ? WHERE feature_id = ?";
 
-		if (!xx_query ($sql, $con)){
-			sql_err($sql);
+		if (!xx_prepare_execute($sql, $feature, $image_alt, $image_path, $feature_id)){
 			xx_query ("UNLOCK TABLES", $con);
 			bailout();
 		}
@@ -335,7 +291,6 @@
 
 	// Need for display/uniqueness purposes
 	$infotype_display = $infotype;
-	$infotype_search = textSearchmySQL($infotype);
 
 	// Check to see if already exists
 	$exists = recordCount($con, "infotype", "infotype", $infotype_search, "A");
@@ -363,19 +318,11 @@
 	// Proceed if no errors encountered
 	if ($err_code == 0) {
 
-		// Clean up strings
-		$infotype = textInmySQL($infotype);		
-
-
 		// First, update affected RQS relationships
-		$sql = "UPDATE res_sub_infotype SET masterinfotype_id = "
-			. $masterinfotype_id
-			. " WHERE infotype_id = "
-			. $infotype_id;
-			
-		if (!xx_query ($sql, $con)){
+		$sql = "UPDATE res_sub_infotype SET masterinfotype_id = ? WHERE infotype_id = ?";
+
+		if (!xx_prepare_execute($sql, $masterinfotype_id, $infotype_id)){
 			$err_code = 1;
-			sql_err($sql);
 			xx_query ("UNLOCK TABLES", $con);
 			bailout();
 		}
@@ -389,18 +336,10 @@
 	if ($err_code == 0) {
 
 		// Build the SQL
-		$sql = "UPDATE infotype SET infotype = '"
-			. $infotype
-			. "', masterinfotype_id ="
-			. $masterinfotype_id
-			. ", mastersubject_id ="
-			. $mastersubject_id
-			. " WHERE infotype_id ="
-			. $infotype_id;
+		$sql = "UPDATE infotype SET infotype = ?, masterinfotype_id = ?, mastersubject_id = ? WHERE infotype_id = ?";
 
-		if (!xx_query ($sql, $con)){
+		if (!xx_prepare_execute($sql, $infotype, $masterinfotype_id, $mastersubject_id, $infotype_id)){
 			$err_code = 1;
-			sql_err($sql);
 			xx_query ("UNLOCK TABLES", $con);
 			bailout();
 		}
@@ -442,8 +381,6 @@
 	// Need for display/uniqueness purposes
 	$libunit_display = $libunit;
 	$libunit_abbrev_display = $libunit_abbrev;
-	$libunit_search = textSearchmySQL($libunit);
-	$libunit_abbrev_search = textSearchmySQL($libunit_abbrev);
 
 	// Check to see if libunit already exists
 	$exists = recordCount($con, "libunit", "libunit", $libunit_search, "A");
@@ -477,21 +414,10 @@
 	// Add only if no errors encountered
 	if ($err_code == 0) {
 
-		if (strlen($libunit) > 0) $libunit = textInmySQL($libunit);
-		if (strlen($libunit_abbrev) > 0) $libunit_abbrev = textInmySQL($libunit_abbrev);
-
 		// Build the SQL
-		$sql = "UPDATE libunit SET libunit = '"
-			. $libunit
-			. "', libunit_abbrev ='"
-			. $libunit_abbrev
-			. "', head_staff_id ="
-			. $head_staff_id
-			. " WHERE libunit_id ="
-			. $libunit_id;
+		$sql = "UPDATE libunit SET libunit = ?, libunit_abbrev = ?, head_staff_id = ? WHERE libunit_id = ?";
 
-		if (!xx_query ($sql, $con)){
-			sql_err($sql);
+		if (!xx_prepare_execute($sql, $libunit, $libunit_abbrev, $head_staff_id, $libunit_id)){
 			xx_query ("UNLOCK TABLES", $con);
 			bailout();
 		}
@@ -535,7 +461,6 @@
 
 	// Need for display/uniqueness purposes
 	$location_display = $location;
-	$location_search = textSearchmySQL($location);
 
 	// Check to see if already exists
 	$exists = recordCount($con, "location", "location", $location_search, "A");
@@ -563,50 +488,17 @@
 	// Perform the update only if no errors encountered
 	if ($err_code == 0) {
 
-		// Clean up strings
-		if (strlen($location) > 0) $location = textInmySQL($location);
-		if (strlen($location_descr) > 0) $location_descr = textInmySQL($location_descr);
-		if (strlen($campus) > 0) $campus = textInmySQL($campus);
-		if (strlen($address1) > 0) $address1 = textInmySQL($address1);
-		if (strlen($address2) > 0) $address2 = textInmySQL($address2);
-		if (strlen($address3) > 0) $address3 = textInmySQL($address3);
-		if (strlen($address4) > 0) $address4 = textInmySQL($address4);		
-		if (strlen($telephone) > 0) $telephone = textInmySQL($telephone);
-		if (strlen($mainURL) > 0) $mainURL = textInmySQL($mainURL);
-		if (strlen($referenceURL) > 0) $referenceURL = textInmySQL($referenceURL);
-		if (strlen($mapURL) > 0) $mapURL = textInmySQL($mapURL);
-		if (strlen($hoursURL) > 0) $hoursURL = textInmySQL($hoursURL);
-                
 		// Build the SQL
-		$sql = "UPDATE location SET location = '"
-			. $location
-			. "', location_descr ='"
-			. $location_descr
-			. "', campus ='"
-			. $campus
-			. "', address1 ='"
-			. $address1
-			. "', address2 ='"
-			. $address2
-			. "', address3 ='"
-			. $address3
-			. "', address4 ='"
-			. $address4
-			. "', mainURL ='"
-			. $mainURL
-			. "', hoursURL ='"
-			. $hoursURL
-			. "', referenceURL ='"
-			. $referenceURL
-			. "', mapURL ='"
-			. $mapURL
-			. "', telephone ='"
-			. $telephone
-			. "' WHERE location_id ="
-			. $location_id;
-
-		if (!xx_query ($sql, $con)){
-			sql_err($sql);
+		$sql = "UPDATE location SET location = ?, location_descr = ?, campus = ?,
+			address1 = ?, address2 = ?, address3 = ?, address4 = ?,
+			mainURL = ?, hoursURL = ?, referenceURL = ?, mapURL = ?,
+			telephone = ? WHERE location_id = ?";
+
+		if (!xx_prepare_execute($sql,
+			$location,$location_descr,$campus,
+			$address1,$address2,$address3,$address4,
+			$mainURL,$hoursURL,$referenceURL,$mapURL,
+			$telephone,$location_id)){
 			xx_query ("UNLOCK TABLES", $con);
 			bailout();
 		}
@@ -662,12 +554,9 @@
 	if ($err_code == 0) {
 
 		// Build the SQL
-		$sql = "UPDATE staff SET password = password('"
-			. $password
-			. "') WHERE staff_id ="
-			. $staff_id;
+		$sql = "UPDATE staff SET password = password(?) WHERE staff_id = ?";
 
-		if (!xx_query ($sql, $con)){
+		if (!xx_prepare_execute($sql, $password, $staff_id)){
 			sql_err($sql);
 			xx_query ("UNLOCK TABLES", $con);
 			bailout();
@@ -708,61 +597,20 @@
 	$edition, $infotype_id, $key_id, $other_title, $pub_date, $publisher, $sess_staff_account,
 	$sources_indexed, $title, $url) {
 
-	// Clean up strings
-	if (strlen($annotation) > 0) $annotation = textInmySQL($annotation);
-	if (strlen($author) > 0) $author = textInmySQL($author);
-	if (strlen($call_no) > 0) $call_no = textInmySQL($call_no);
-	if (strlen($cat_num) > 0) $cat_num = textInmySQL($cat_num);
-	if (strlen($coverage_detail) > 0) $coverage_detail = textInmySQL($coverage_detail);
-	if (strlen($edition) > 0) $edition = textInmySQL($edition);
-	if (strlen($other_title) > 0) $other_title = textInmySQL($other_title);
-	if (strlen($pub_date) > 0) $pub_date = textInmySQL($pub_date);
-	if (strlen($publisher) > 0) $publisher = textInmySQL($publisher);
-	if (strlen($sources_indexed) > 0) $sources_indexed = textInmySQL($sources_indexed);
-	if (strlen($title)> 0) $title = textInmySQL($title);
-	if (strlen($url) > 0) $url = textInmySQL($url);
-
         // Set up SQL
-        $sql = "UPDATE resource SET annotation = '"
-        	. $annotation
-        	. "', author = '"
-        	. $author
-        	. "', call_no = '"
-        	. $call_no
-        	. "', cat_num = '"
-        	. $cat_num
-        	. "', coverage_detail = '"
-        	. $coverage_detail
-        	. "', date_modified = now() "
-        	. ", edition = '"
-        	. $edition
-        	. "', infotype_id = "
-        	. $infotype_id
-        	. ", other_title = '"
-        	. $other_title
-        	. "', pub_date = '"
-        	. $pub_date
-        	. "', publisher = '"
-        	. $publisher
-        	. "', sources_indexed = '"
-        	. $sources_indexed
-        	. "', title = '"
-        	. $title
-        	. "', url = '"
-        	. $url
-        	. "', vendor_id = '"
-        	. $vendor_id
-        	. "', account_modified = '"
-        	. $sess_staff_account
-        	. "' WHERE resource_id = "
-        	. $key_id;
+        $sql = "UPDATE resource SET
+		annotation = ?, author = ?, call_no = ?, cat_num = ?, coverage_detail = ?,
+		date_modified = now(), edition = ?, infotype_id = ?, other_title = ?, pub_date = ?, publisher = ?,
+		sources_indexed = ?, title = ?, url = ?, vendor_id = ?, account_modified = ? WHERE resource_id = ?";
 
-        // printf("sql was: %s<br><br>\n", $sql);
+	// printf("sql was: %s<br><br>\n", $sql);
                 
         // Edit the record
         xx_query ("LOCK TABLE resource WRITE", $con);
-        if (!xx_query($sql, $con)){
-		sql_err($con);
+        if (!xx_prepare_execute($sql,
+		$annotation, $author, $call_no, $cat_num, $coverage_detail,
+		$edition, $infotype_id, $other_title, $pub_date, $publisher,
+		$sources_indexed, $title, $url, $vendor_id, $sess_staff_account, $key_id)) {
 		xx_query ("UNLOCK TABLES", $con);
 		bailout();
         }
@@ -809,45 +657,14 @@
 
 	if ($err_code == 0) {
 
-		// Clean up strings
-		if (strlen($address1) > 0) $address1 = textInmySQL($address1);
-		if (strlen($address2) > 0) $address2 = textInmySQL($address2);
-		if (strlen($address3) > 0) $address3 = textInmySQL($address3);
-		if (strlen($address4) > 0) $address4 = textInmySQL($address4);
-		if (strlen($email) > 0) $email = textInmySQL($email);
-		if (strlen($fax) > 0) $fax = textInmySQL($fax);
-		if (strlen($service) > 0) $service = textInmySQL($service);
-		if (strlen($serviceDescr) > 0) $serviceDescr = textInmySQL($serviceDescr);
-		if (strlen($serviceURL) > 0) $serviceURL = textInmySQL($serviceURL);
-		if (strlen($telephone) > 0) $telephone = textInmySQL($telephone);
-	
 		// Build the SQL
-		$sql = "UPDATE service SET service = '"
-			. $service
-			. "', serviceDescr ='"
-			. $serviceDescr
-			. "', address1 ='"
-			. $address1
-			. "', address2 ='"
-			. $address2
-			. "', address3 ='"
-			. $address3
-			. "', address4 ='"
-			. $address4
-			. "', serviceURL ='"
-			. $serviceURL
-			. "', email ='"
-			. $email
-			. "', fax ='"
-			. $fax
-			. "', telephone ='"
-			. $telephone
-			. "', nonaff = '"
-			. $nonaff
-			. "' WHERE service_id ="
-			. $service_id;
-
-		if (!xx_query ($sql, $con)){
+		$sql = "UPDATE service SET service = ?, serviceDescr = ?,
+			address1 = ?, address2 = ?, address3 = ?, address4 = ?,
+			serviceURL = ?, email = ?, fax = ?, telephone = ?, nonaff = ? WHERE service_id = ?";
+
+		if (!xx_prepare_execute($sql, $service, $serviceDescr,
+			$address1, $address2, $address3, $address4,
+			$serviceURL, $email, $fax, $telephone, $nonaff, $service_id)){
 			sql_err($sql);
 			xx_query ("UNLOCK TABLES", $con);
 			bailout();
@@ -925,21 +742,11 @@
 	if ($err_code == 0) {
 	
 		$newValue_display = $newValue;
-		$newValue = textInmySQL($newValue);
 	
 		// Build the SQL
-		$sql = "UPDATE "
-			. $table
-			. " SET "
-			. $display_field
-			. " = '"
-			. $newValue
-			. "' WHERE "
-			. $key_field
-			. " = "
-			. $key_id;
+		$sql = "UPDATE ! SET ! = ? WHERE ! = ?";
 
-		if (!xx_query ($sql, $con)){
+		if (!xx_prepare_execute($sql, $table, $display_field, $newValue, $key_field, $key_id)){
 			sql_err($sql);
 			xx_query ("UNLOCK TABLES", $con);
 			bailout();
@@ -1019,22 +826,9 @@
 		if (strlen($staff_email) > 0) $staff_email = textInmySQL($staff_email);
                 
 		// Build the SQL
-		$sql = "UPDATE staff SET access_id = "
-			. $access_id
-			. ", first_name ='"	
-			. $first_name
-			. "', last_name ='"
-			. $last_name
-			. "', stafftitle_id = "
-			. $stafftitle_id
-			. ", staff_account = '"
-			. $staff_account
-			. "', staff_email = '"
-			. $staff_email
-			. "' WHERE staff_id ="
-			. $staff_id;
+		$sql = "UPDATE staff SET access_id = ?, first_name = ?, last_name = ?, stafftitle_id = ?, staff_account = ?, staff_email = ? WHERE staff_id = ?";
 
-		if (!xx_query ($sql, $con)){
+		if (!xx_prepare_execute($sql, $access_id, $first_name, $last_name, $stafftitle_id, $staff_account, $staff_email, $staff_id)){
 			sql_err($sql);
 			xx_query ("UNLOCK TABLES", $con);
 			bailout();
@@ -1111,18 +905,9 @@
 		if (strlen($style_title) > 0) $style_title = textInmySQL($style_title);
                 
 		// Build the SQL
-		$sql = "UPDATE style SET style_title = '"
-			. $style_title
-			. "', css_file ='"
-			. $css_file
-			. "', footer_file ='"
-			. $footer_file
-			. "', header_file ='"
-			. $header_file
-			. "' WHERE style_id ="
-			. $style_id;
+		$sql = "UPDATE style SET style_title = ?, css_file = ?, footer_file = ?, header_file = ? WHERE style_id = ?";
 
-		if (!xx_query ($sql, $con)){
+		if (!xx_prepare_execute($sql, $style_title, $css_file, $footer_file, $header_file, $style_id)){
 			sql_err($sql);
 			xx_query ("UNLOCK TABLES", $con);
 			bailout();
@@ -1183,15 +968,9 @@
 		if (strlen($subject_descr) > 0) $subject_descr = textInmySQL($subject_descr);
 
 		// Build the SQL
-		$sql = "UPDATE subject SET subject = '"
-			. $subject
-			. "', subject_descr = '"
-			. $subject_descr
-			. "', sublocation_id ="
-			. $sublocation_id
-			. " WHERE subject_id = " . $subject_id;
+		$sql = "UPDATE subject SET subject = ?, subject_descr = ?, sublocation_id = ? WHERE subject_id = ?";
 
-		if (!xx_query ($sql, $con)){
+		if (!xx_query ($sql, $subject, $subject_descr, $sublocation_id, $subject_id)){
 			sql_err($sql);
 			xx_query ("UNLOCK TABLES", $con);
 			bailout();