--- branches/pear-db/admin/include/update.php 2004/03/06 00:33:16 53
+++ branches/pear-db/admin/include/update.php 2004/03/06 01:08:29 54
@@ -58,9 +58,9 @@
$problem = 0;
if ($staff_id > 0) {
- $sql = "UPDATE staff SET password = NULL WHERE staff_id = " . $staff_id;
+ $sql = "UPDATE staff SET password = NULL WHERE staff_id = ?";
- if (!xx_query ($sql, $con)){
+ if (!xx_prepare_execute($sql, $staff_id)){
$problem = 1;
sql_err($sql);
xx_query ("UNLOCK TABLES", $con);
@@ -94,7 +94,6 @@
// Need for display/uniqueness
$coursesub_display = $coursesub;
- $coursesub_search = textSearchmySQL($coursesub);
// Check to see if already exists
$exists = recordCount($con, "coursesub", "coursesub", $coursesub_search, "A");
@@ -122,24 +121,10 @@
// Perform the update only if no errors encountered
if ($err_code == 0) {
- // Clean up strings
- $coursesub = textInmySQL($coursesub);
- $coursesub_descr = textInmySQL($coursesub_descr);
- $cip_code = textInmySQL($cip_code);
-
// Build the SQL
- $sql = "UPDATE coursesub SET coursesub = '"
- . $coursesub
- . "', coursesub_descr ='"
- . $coursesub_descr
- . "', cip_code = '"
- . $cip_code
- . "', campus_id = "
- . $campus_id
- . " WHERE coursesub_id ="
- . $coursesub_id;
+ $sql = "UPDATE coursesub SET coursesub = ?, coursesub_descr = ?, cip_code = ?, campus_id = ? WHERE coursesub_id = ?";
- if (!xx_query ($sql, $con)){
+ if (!xx_prepare_execute($sql, $coursesub, $coursesub_descr, $cip_code, $campus_id, $coursesub_id)){
sql_err($sql);
xx_query ("UNLOCK TABLES", $con);
bailout();
@@ -204,25 +189,10 @@
if ($err_code == 0 ) {
- // Clean up strings
- if (strlen($faculty_lastname) > 0) $faculty_lastname = textInmySQL($faculty_lastname);
- if (strlen($faculty_firstname) > 0) $faculty_firstname = textInmySQL($faculty_firstname);
- if (strlen($faculty_email) > 0) $faculty_email = textInmySQL($faculty_email);
- if (strlen($faculty_account) > 0) $faculty_account = textInmySQL($faculty_account);
-
// Build the SQL
- $sql = "UPDATE faculty SET faculty_lastname = '"
- . $faculty_lastname
- . "', faculty_firstname ='"
- . $faculty_firstname
- . "', faculty_email ='"
- . $faculty_email
- . "', faculty_account ='"
- . $faculty_account
- . "' WHERE faculty_id ="
- . $faculty_id;
+ $sql = "UPDATE faculty SET faculty_lastname = ?, faculty_firstname = ?, faculty_email = ?, faculty_account = ? WHERE faculty_id = ?";
- if (!xx_query ($sql, $con)){
+ if (!xx_query ($sql,$faculty_lastname,$faculty_firstname,$faculty_account,$faculty_email,$faculty_id)){
sql_err($sql);
xx_query ("UNLOCK TABLES", $con);
bailout();
@@ -256,7 +226,6 @@
// Need for display/uniqueness
$feature_display = $feature;
- $feature_search = textSearchmySQL($feature);
// Check to see if already exists
$exists = recordCount($con, "feature", "feature", $feature_search, "A");
@@ -285,23 +254,10 @@
// Perform the update only if no errors encountered
if ($err_code == 0) {
- // Clean up strings
- $feature = textInmySQL($feature);
- $image_alt = textInmySQL($image_alt);
- $image_path = textInmySQL($image_path);
-
// Build the SQL
- $sql = "UPDATE feature SET feature = '"
- . $feature
- . "', image_alt ='"
- . $image_alt
- . "', image_path ='"
- . $image_path
- . "' WHERE feature_id ="
- . $feature_id;
+ $sql = "UPDATE feature SET feature = ?, image_alt = ?, image_path = ? WHERE feature_id = ?";
- if (!xx_query ($sql, $con)){
- sql_err($sql);
+ if (!xx_prepare_execute($sql, $feature, $image_alt, $image_path, $feature_id)){
xx_query ("UNLOCK TABLES", $con);
bailout();
}
@@ -335,7 +291,6 @@
// Need for display/uniqueness purposes
$infotype_display = $infotype;
- $infotype_search = textSearchmySQL($infotype);
// Check to see if already exists
$exists = recordCount($con, "infotype", "infotype", $infotype_search, "A");
@@ -363,19 +318,11 @@
// Proceed if no errors encountered
if ($err_code == 0) {
- // Clean up strings
- $infotype = textInmySQL($infotype);
-
-
// First, update affected RQS relationships
- $sql = "UPDATE res_sub_infotype SET masterinfotype_id = "
- . $masterinfotype_id
- . " WHERE infotype_id = "
- . $infotype_id;
-
- if (!xx_query ($sql, $con)){
+ $sql = "UPDATE res_sub_infotype SET masterinfotype_id = ? WHERE infotype_id = ?";
+
+ if (!xx_prepare_execute($sql, $masterinfotype_id, $infotype_id)){
$err_code = 1;
- sql_err($sql);
xx_query ("UNLOCK TABLES", $con);
bailout();
}
@@ -389,18 +336,10 @@
if ($err_code == 0) {
// Build the SQL
- $sql = "UPDATE infotype SET infotype = '"
- . $infotype
- . "', masterinfotype_id ="
- . $masterinfotype_id
- . ", mastersubject_id ="
- . $mastersubject_id
- . " WHERE infotype_id ="
- . $infotype_id;
+ $sql = "UPDATE infotype SET infotype = ?, masterinfotype_id = ?, mastersubject_id = ? WHERE infotype_id = ?";
- if (!xx_query ($sql, $con)){
+ if (!xx_prepare_execute($sql, $infotype, $masterinfotype_id, $mastersubject_id, $infotype_id)){
$err_code = 1;
- sql_err($sql);
xx_query ("UNLOCK TABLES", $con);
bailout();
}
@@ -442,8 +381,6 @@
// Need for display/uniqueness purposes
$libunit_display = $libunit;
$libunit_abbrev_display = $libunit_abbrev;
- $libunit_search = textSearchmySQL($libunit);
- $libunit_abbrev_search = textSearchmySQL($libunit_abbrev);
// Check to see if libunit already exists
$exists = recordCount($con, "libunit", "libunit", $libunit_search, "A");
@@ -477,21 +414,10 @@
// Add only if no errors encountered
if ($err_code == 0) {
- if (strlen($libunit) > 0) $libunit = textInmySQL($libunit);
- if (strlen($libunit_abbrev) > 0) $libunit_abbrev = textInmySQL($libunit_abbrev);
-
// Build the SQL
- $sql = "UPDATE libunit SET libunit = '"
- . $libunit
- . "', libunit_abbrev ='"
- . $libunit_abbrev
- . "', head_staff_id ="
- . $head_staff_id
- . " WHERE libunit_id ="
- . $libunit_id;
+ $sql = "UPDATE libunit SET libunit = ?, libunit_abbrev = ?, head_staff_id = ? WHERE libunit_id = ?";
- if (!xx_query ($sql, $con)){
- sql_err($sql);
+ if (!xx_prepare_execute($sql, $libunit, $libunit_abbrev, $head_staff_id, $libunit_id)){
xx_query ("UNLOCK TABLES", $con);
bailout();
}
@@ -535,7 +461,6 @@
// Need for display/uniqueness purposes
$location_display = $location;
- $location_search = textSearchmySQL($location);
// Check to see if already exists
$exists = recordCount($con, "location", "location", $location_search, "A");
@@ -563,50 +488,17 @@
// Perform the update only if no errors encountered
if ($err_code == 0) {
- // Clean up strings
- if (strlen($location) > 0) $location = textInmySQL($location);
- if (strlen($location_descr) > 0) $location_descr = textInmySQL($location_descr);
- if (strlen($campus) > 0) $campus = textInmySQL($campus);
- if (strlen($address1) > 0) $address1 = textInmySQL($address1);
- if (strlen($address2) > 0) $address2 = textInmySQL($address2);
- if (strlen($address3) > 0) $address3 = textInmySQL($address3);
- if (strlen($address4) > 0) $address4 = textInmySQL($address4);
- if (strlen($telephone) > 0) $telephone = textInmySQL($telephone);
- if (strlen($mainURL) > 0) $mainURL = textInmySQL($mainURL);
- if (strlen($referenceURL) > 0) $referenceURL = textInmySQL($referenceURL);
- if (strlen($mapURL) > 0) $mapURL = textInmySQL($mapURL);
- if (strlen($hoursURL) > 0) $hoursURL = textInmySQL($hoursURL);
-
// Build the SQL
- $sql = "UPDATE location SET location = '"
- . $location
- . "', location_descr ='"
- . $location_descr
- . "', campus ='"
- . $campus
- . "', address1 ='"
- . $address1
- . "', address2 ='"
- . $address2
- . "', address3 ='"
- . $address3
- . "', address4 ='"
- . $address4
- . "', mainURL ='"
- . $mainURL
- . "', hoursURL ='"
- . $hoursURL
- . "', referenceURL ='"
- . $referenceURL
- . "', mapURL ='"
- . $mapURL
- . "', telephone ='"
- . $telephone
- . "' WHERE location_id ="
- . $location_id;
-
- if (!xx_query ($sql, $con)){
- sql_err($sql);
+ $sql = "UPDATE location SET location = ?, location_descr = ?, campus = ?,
+ address1 = ?, address2 = ?, address3 = ?, address4 = ?,
+ mainURL = ?, hoursURL = ?, referenceURL = ?, mapURL = ?,
+ telephone = ? WHERE location_id = ?";
+
+ if (!xx_prepare_execute($sql,
+ $location,$location_descr,$campus,
+ $address1,$address2,$address3,$address4,
+ $mainURL,$hoursURL,$referenceURL,$mapURL,
+ $telephone,$location_id)){
xx_query ("UNLOCK TABLES", $con);
bailout();
}
@@ -662,12 +554,9 @@
if ($err_code == 0) {
// Build the SQL
- $sql = "UPDATE staff SET password = password('"
- . $password
- . "') WHERE staff_id ="
- . $staff_id;
+ $sql = "UPDATE staff SET password = password(?) WHERE staff_id = ?";
- if (!xx_query ($sql, $con)){
+ if (!xx_prepare_execute($sql, $password, $staff_id)){
sql_err($sql);
xx_query ("UNLOCK TABLES", $con);
bailout();
@@ -708,61 +597,20 @@
$edition, $infotype_id, $key_id, $other_title, $pub_date, $publisher, $sess_staff_account,
$sources_indexed, $title, $url) {
- // Clean up strings
- if (strlen($annotation) > 0) $annotation = textInmySQL($annotation);
- if (strlen($author) > 0) $author = textInmySQL($author);
- if (strlen($call_no) > 0) $call_no = textInmySQL($call_no);
- if (strlen($cat_num) > 0) $cat_num = textInmySQL($cat_num);
- if (strlen($coverage_detail) > 0) $coverage_detail = textInmySQL($coverage_detail);
- if (strlen($edition) > 0) $edition = textInmySQL($edition);
- if (strlen($other_title) > 0) $other_title = textInmySQL($other_title);
- if (strlen($pub_date) > 0) $pub_date = textInmySQL($pub_date);
- if (strlen($publisher) > 0) $publisher = textInmySQL($publisher);
- if (strlen($sources_indexed) > 0) $sources_indexed = textInmySQL($sources_indexed);
- if (strlen($title)> 0) $title = textInmySQL($title);
- if (strlen($url) > 0) $url = textInmySQL($url);
-
// Set up SQL
- $sql = "UPDATE resource SET annotation = '"
- . $annotation
- . "', author = '"
- . $author
- . "', call_no = '"
- . $call_no
- . "', cat_num = '"
- . $cat_num
- . "', coverage_detail = '"
- . $coverage_detail
- . "', date_modified = now() "
- . ", edition = '"
- . $edition
- . "', infotype_id = "
- . $infotype_id
- . ", other_title = '"
- . $other_title
- . "', pub_date = '"
- . $pub_date
- . "', publisher = '"
- . $publisher
- . "', sources_indexed = '"
- . $sources_indexed
- . "', title = '"
- . $title
- . "', url = '"
- . $url
- . "', vendor_id = '"
- . $vendor_id
- . "', account_modified = '"
- . $sess_staff_account
- . "' WHERE resource_id = "
- . $key_id;
+ $sql = "UPDATE resource SET
+ annotation = ?, author = ?, call_no = ?, cat_num = ?, coverage_detail = ?,
+ date_modified = now(), edition = ?, infotype_id = ?, other_title = ?, pub_date = ?, publisher = ?,
+ sources_indexed = ?, title = ?, url = ?, vendor_id = ?, account_modified = ? WHERE resource_id = ?";
- // printf("sql was: %s
\n", $sql);
+ // printf("sql was: %s
\n", $sql);
// Edit the record
xx_query ("LOCK TABLE resource WRITE", $con);
- if (!xx_query($sql, $con)){
- sql_err($con);
+ if (!xx_prepare_execute($sql,
+ $annotation, $author, $call_no, $cat_num, $coverage_detail,
+ $edition, $infotype_id, $other_title, $pub_date, $publisher,
+ $sources_indexed, $title, $url, $vendor_id, $sess_staff_account, $key_id)) {
xx_query ("UNLOCK TABLES", $con);
bailout();
}
@@ -809,45 +657,14 @@
if ($err_code == 0) {
- // Clean up strings
- if (strlen($address1) > 0) $address1 = textInmySQL($address1);
- if (strlen($address2) > 0) $address2 = textInmySQL($address2);
- if (strlen($address3) > 0) $address3 = textInmySQL($address3);
- if (strlen($address4) > 0) $address4 = textInmySQL($address4);
- if (strlen($email) > 0) $email = textInmySQL($email);
- if (strlen($fax) > 0) $fax = textInmySQL($fax);
- if (strlen($service) > 0) $service = textInmySQL($service);
- if (strlen($serviceDescr) > 0) $serviceDescr = textInmySQL($serviceDescr);
- if (strlen($serviceURL) > 0) $serviceURL = textInmySQL($serviceURL);
- if (strlen($telephone) > 0) $telephone = textInmySQL($telephone);
-
// Build the SQL
- $sql = "UPDATE service SET service = '"
- . $service
- . "', serviceDescr ='"
- . $serviceDescr
- . "', address1 ='"
- . $address1
- . "', address2 ='"
- . $address2
- . "', address3 ='"
- . $address3
- . "', address4 ='"
- . $address4
- . "', serviceURL ='"
- . $serviceURL
- . "', email ='"
- . $email
- . "', fax ='"
- . $fax
- . "', telephone ='"
- . $telephone
- . "', nonaff = '"
- . $nonaff
- . "' WHERE service_id ="
- . $service_id;
-
- if (!xx_query ($sql, $con)){
+ $sql = "UPDATE service SET service = ?, serviceDescr = ?,
+ address1 = ?, address2 = ?, address3 = ?, address4 = ?,
+ serviceURL = ?, email = ?, fax = ?, telephone = ?, nonaff = ? WHERE service_id = ?";
+
+ if (!xx_prepare_execute($sql, $service, $serviceDescr,
+ $address1, $address2, $address3, $address4,
+ $serviceURL, $email, $fax, $telephone, $nonaff, $service_id)){
sql_err($sql);
xx_query ("UNLOCK TABLES", $con);
bailout();
@@ -925,21 +742,11 @@
if ($err_code == 0) {
$newValue_display = $newValue;
- $newValue = textInmySQL($newValue);
// Build the SQL
- $sql = "UPDATE "
- . $table
- . " SET "
- . $display_field
- . " = '"
- . $newValue
- . "' WHERE "
- . $key_field
- . " = "
- . $key_id;
+ $sql = "UPDATE ! SET ! = ? WHERE ! = ?";
- if (!xx_query ($sql, $con)){
+ if (!xx_prepare_execute($sql, $table, $display_field, $newValue, $key_field, $key_id)){
sql_err($sql);
xx_query ("UNLOCK TABLES", $con);
bailout();
@@ -1019,22 +826,9 @@
if (strlen($staff_email) > 0) $staff_email = textInmySQL($staff_email);
// Build the SQL
- $sql = "UPDATE staff SET access_id = "
- . $access_id
- . ", first_name ='"
- . $first_name
- . "', last_name ='"
- . $last_name
- . "', stafftitle_id = "
- . $stafftitle_id
- . ", staff_account = '"
- . $staff_account
- . "', staff_email = '"
- . $staff_email
- . "' WHERE staff_id ="
- . $staff_id;
+ $sql = "UPDATE staff SET access_id = ?, first_name = ?, last_name = ?, stafftitle_id = ?, staff_account = ?, staff_email = ? WHERE staff_id = ?";
- if (!xx_query ($sql, $con)){
+ if (!xx_prepare_execute($sql, $access_id, $first_name, $last_name, $stafftitle_id, $staff_account, $staff_email, $staff_id)){
sql_err($sql);
xx_query ("UNLOCK TABLES", $con);
bailout();
@@ -1111,18 +905,9 @@
if (strlen($style_title) > 0) $style_title = textInmySQL($style_title);
// Build the SQL
- $sql = "UPDATE style SET style_title = '"
- . $style_title
- . "', css_file ='"
- . $css_file
- . "', footer_file ='"
- . $footer_file
- . "', header_file ='"
- . $header_file
- . "' WHERE style_id ="
- . $style_id;
+ $sql = "UPDATE style SET style_title = ?, css_file = ?, footer_file = ?, header_file = ? WHERE style_id = ?";
- if (!xx_query ($sql, $con)){
+ if (!xx_prepare_execute($sql, $style_title, $css_file, $footer_file, $header_file, $style_id)){
sql_err($sql);
xx_query ("UNLOCK TABLES", $con);
bailout();
@@ -1183,15 +968,9 @@
if (strlen($subject_descr) > 0) $subject_descr = textInmySQL($subject_descr);
// Build the SQL
- $sql = "UPDATE subject SET subject = '"
- . $subject
- . "', subject_descr = '"
- . $subject_descr
- . "', sublocation_id ="
- . $sublocation_id
- . " WHERE subject_id = " . $subject_id;
+ $sql = "UPDATE subject SET subject = ?, subject_descr = ?, sublocation_id = ? WHERE subject_id = ?";
- if (!xx_query ($sql, $con)){
+ if (!xx_query ($sql, $subject, $subject_descr, $sublocation_id, $subject_id)){
sql_err($sql);
xx_query ("UNLOCK TABLES", $con);
bailout();