more mysql_dal

pro-prodipto · May 19, 2018 · 02ec69b · 02ec69b
1 parent 7b8b972
commit 02ec69b
Show file tree

Hide file tree

Showing 5 changed files with 72 additions and 45 deletions.
diff --git a/objects/Channel.php b/objects/Channel.php
@@ -18,14 +18,12 @@ static function getChannels(){
  $res = sqlDAL::readSql($sql); 
  $fullResult = sqlDAL::fetchAllAssoc($res);
  sqlDAL::close($res);
- // $res = $global['mysqli']->query($sql);
  $subscribe = array();
  if ($res!=false) {
  foreach ($fullResult as $row) {
  unset($row['password']);
  $subscribe[] = $row;
  }
- //$subscribe = $res->fetch_all(MYSQLI_ASSOC);
  } else {
  $subscribe = false;
  die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);

diff --git a/objects/comment.php b/objects/comment.php
@@ -88,6 +88,7 @@ function save() {
  sqlDAL::writeSql($sql,$formats,$values); */
  $sql = "UPDATE comments SET "
  . " comment = '{$this->comment}', modified = now() WHERE id = {$this->id}";
+ $resp = sqlDAL::writeSql($sql,"si",array($this->comment,$this->id));
  } else {
  $id = User::getId();
  // The new prepared line failed like this:
@@ -97,14 +98,18 @@ function save() {
  $formats = "ssss";
  $values = array($this->comment,$id,$this->videos_id,$this->comments_id_pai);
  sqlDAL::writeSql($sql,$formats,$values);*/
+
+ // with the pai, it fails, like this it works on mine.
  $sql = "INSERT INTO comments ( comment,users_id, videos_id, comments_id_pai, created, modified) VALUES "
- . " ('{$this->comment}', {$id}, {$this->videos_id}, {$this->comments_id_pai}, now(), now())";
+ . " (?, ?, ?, {$this->comments_id_pai}, now(), now())";
+ $resp = sqlDAL::writeSql($sql,"sii",array($this->comment,$id,$this->videos_id));
  }
- $resp = $global['mysqli']->query($sql);
+
  if(empty($resp)){
  die('Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
  }
  if (empty($this->id)) {
+ // log_error("note: insert_id works? ".$global['mysqli']->insert_id); // success!
  $id = $global['mysqli']->insert_id;
  $this->id = $id;
  } else {

diff --git a/objects/comments_like.php b/objects/comments_like.php
@@ -50,9 +50,12 @@ private function getLike() {
  header('Content-Type: application/json');
  die('{"error":"You must have user and videos set to get a like"}');
  }
- $sql = "SELECT * FROM comments_likes WHERE users_id = $this->users_id AND comments_id = $this->comments_id LIMIT 1";
+ $sql = "SELECT * FROM comments_likes WHERE users_id = ? AND comments_id = ? LIMIT 1";
  $res = $global['mysqli']->query($sql);
- return ($res) ? $res->fetch_assoc() : false;
+ $res = sqlDAL::readSql($sql,"ii",array($this->users_id,$this->comments_id));
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ return ($res) ? $result : false;
  }
 
  private function save() {
@@ -61,14 +64,20 @@ private function save() {
  header('Content-Type: application/json');
  die('{"error":"'.__("Permission denied").'"}');
  }
+ $formats = "";
+ $values = array();
  if (!empty($this->id)) {
- $sql = "UPDATE comments_likes SET `like` = '{$this->like}', modified = now() WHERE id = {$this->id}";
+ $sql = "UPDATE comments_likes SET `like` = ?, modified = now() WHERE id = ?";
+ $formats = "ii";
+ $values = array($this->like,$this->id);
  } else {
- $sql = "INSERT INTO comments_likes ( `like`,users_id, comments_id, created, modified) VALUES ('{$this->like}', {$this->users_id}, {$this->comments_id}, now(), now())";
+ $sql = "INSERT INTO comments_likes ( `like`,users_id, comments_id, created, modified) VALUES (?, ?, ?, now(), now())";
+ $formats = "iii";
+ $values = array($this->like,$this->users_id,$this->comments_id);
  }
  //echo $sql;exit;
- $resp = $global['mysqli']->query($sql);
- if (empty($resp)) {
+ $resp = sqlDAL::writeSql($sql,$formats,$values);
+ if ($global['mysqli']->errno!=0) {
  die('Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
  }
  return $resp;
@@ -83,21 +92,23 @@ static function getLikes($comments_id) {
  $obj->dislikes = 0;
  $obj->myVote = self::getMyVote($comments_id);
 
- $sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = {$comments_id} AND `like` = 1 "; // like
- $res = $global['mysqli']->query($sql);
+ $sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = 1 "; // like
+ $res = sqlDAL::readSql($sql,"i",array($comments_id));
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
  if (!$res) {
  die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
  }
- $row = $res->fetch_assoc();
- $obj->likes = intval($row['total']);
+ $obj->likes = intval($result['total']);
 
- $sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = {$comments_id} AND `like` = -1 "; // dislike
- $res = $global['mysqli']->query($sql);
+ $sql = "SELECT count(*) as total FROM comments_likes WHERE comments_id = ? AND `like` = -1 "; // dislike
+ $res = sqlDAL::readSql($sql,"i",array($comments_id));
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
  if (!$res) {
  die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
  }
- $row = $res->fetch_assoc();
- $obj->dislikes = intval($row['total']);
+ $obj->dislikes = intval($result['total']);
  return $obj;
  }
 
@@ -109,20 +120,22 @@ static function getTotalLikes() {
  $obj->dislikes = 0;
 
  $sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = 1 "; // like
- $res = $global['mysqli']->query($sql);
+ $res = sqlDAL::readSql($sql);
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
  if (!$res) {
  die($sql . '\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
  }
- $row = $res->fetch_assoc();
- $obj->likes = intval($row['total']);
+ $obj->likes = intval($result['total']);
 
  $sql = "SELECT count(*) as total FROM comments_likes WHERE `like` = -1 "; // dislike
- $res = $global['mysqli']->query($sql);
+ $res = sqlDAL::readSql($sql);
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
  if (!$res) {
  die($sql.'\nError : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
  }
- $row = $res->fetch_assoc();
- $obj->dislikes = intval($row['total']);
+ $obj->dislikes = intval($result['total']);
  return $obj;
  }
 
@@ -132,10 +145,12 @@ static function getMyVote($comments_id) {
  return 0;
  }
  $id = User::getId();
- $sql = "SELECT `like` FROM comments_likes WHERE comments_id = {$comments_id} AND users_id = {$id} "; // like
- $res = $global['mysqli']->query($sql);
- if ($row = $res->fetch_assoc()) {
- return intval($row['like']);
+ $sql = "SELECT `like` FROM comments_likes WHERE comments_id = ? AND users_id = ? "; // like
+ $res = sqlDAL::readSql($sql,"ii",array($comments_id,$id));
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
+ if (!empty($result)) {
+ return intval($result['like']);
  }
  return 0;
  }

diff --git a/objects/user.php b/objects/user.php
@@ -362,10 +362,12 @@ function save($updateUserGroups = false) {
  static function getChannelOwner($channelName){
  global $global;
  $channelName = $global['mysqli']->real_escape_string($channelName);
- $sql = "SELECT * FROM users WHERE channelName = '$channelName' LIMIT 1";
- $res = $global['mysqli']->query($sql);
+ $sql = "SELECT * FROM users WHERE channelName = ? LIMIT 1";
+ $res = sqlDAL::readSql($sql,"s",array($channelName));
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
  if ($res) {
- $user = $res->fetch_assoc();
+ $user = $result;
  } else {
  $user = false;
  }
@@ -452,7 +454,8 @@ function thisUserCanStream() {
 
  private function find($user, $pass, $mustBeactive = false, $encodedPass=false) {
  global $global;
-
+ $formats = "";
+ $values = array();
  $user = $global['mysqli']->real_escape_string($user);
  $sql = "SELECT * FROM users WHERE user = '$user' ";
 
@@ -464,13 +467,16 @@ private function find($user, $pass, $mustBeactive = false, $encodedPass=false) {
  if (!$encodedPass || $encodedPass === 'false') {
  $pass = md5($pass);
  }
- $sql .= " AND password = '$pass' ";
+ $sql .= " AND password = ? ";
+ $formats = "s";
+ $values = array($pass);
  }
  $sql .= " LIMIT 1";
- $res = $global['mysqli']->query($sql);
-
+ $res = sqlDAL::readSql($sql,$formats,$values);
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
  if ($res) {
- $user = $res->fetch_assoc();
+ $user = $result;
  } else {
  $user = false;
  }
@@ -480,11 +486,12 @@ private function find($user, $pass, $mustBeactive = false, $encodedPass=false) {
  static private function findById($id) {
  global $global;
 
- $sql = "SELECT * FROM users WHERE id = '$id' LIMIT 1";
- $res = $global['mysqli']->query($sql);
-
+ $sql = "SELECT * FROM users WHERE id = ? LIMIT 1";
+ $res = sqlDAL::readSql($sql,"i",array($id));
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
  if ($res) {
- $user = $res->fetch_assoc();
+ $user = $result;
  } else {
  $user = false;
  }
@@ -496,9 +503,10 @@ static function findByEmail($email) {
 
  $sql = "SELECT * FROM users WHERE email = ? LIMIT 1";
  $res = sqlDAL::readSql($sql,"s",array($email));
+ $result = sqlDAL::fetchAssoc($res);
+ sqlDAL::close($res);
  if ($res!=false) {
- $user = sqlDAL::fetchAssoc($res);
- sqlDAL::close($res);
+ $user = $result;
  } else {
  $user = false;
  }
@@ -624,10 +632,12 @@ static function getTotalUsers($ignoreAdmin = false) {
 
  $sql .= BootGrid::getSqlSearchFromPost(array('name', 'email', 'user'));
 
- $res = $global['mysqli']->query($sql);
+ $res = sqlDAL::readSql($sql);
+ $result = sqlDal::num_rows($res);
+ sqlDAL::close($res);
 
 
- return $res->num_rows;
+ return $result;
  }
 
  static function userExists($user) {

diff --git a/objects/video_statistic.php b/objects/video_statistic.php
@@ -41,7 +41,6 @@ static function save($videos_id) {
 
  if ($insert_row) {
  return $global['mysqli']->insert_id;
- ;
  } else {
  die($sql . ' Save Video Statistics Error : (' . $global['mysqli']->errno . ') ' . $global['mysqli']->error);
  }