labels: PDO

master
Andrew Dolgov 7 years ago
parent c2418a559b
commit 21295a52aa

@ -8,12 +8,13 @@ class Pref_Labels extends Handler_Protected {
}
function edit() {
$label_id = $this->dbh->escape_string($_REQUEST['id']);
$label_id = $_REQUEST['id'];
$result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE
id = '$label_id' AND owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("SELECT * FROM ttrss_labels2 WHERE
id = ? AND owner_uid = ?");
$sth->execute([$label_id, $_SESSION['uid']]);
$line = $this->dbh->fetch_assoc($result);
if ($line = $sth->fetch()) {
print_hidden("id", "$label_id");
print_hidden("op", "pref-labels");
@ -80,8 +81,7 @@ class Pref_Labels extends Handler_Protected {
print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">".
__('Cancel')."</button>";
print "</div>";
return;
}
}
function getlabeltree() {
@ -90,12 +90,13 @@ class Pref_Labels extends Handler_Protected {
$root['name'] = __('Labels');
$root['items'] = array();
$result = $this->dbh->query("SELECT *
$sth = $this->pdo->prepare("SELECT *
FROM ttrss_labels2
WHERE owner_uid = ".$_SESSION["uid"]."
WHERE owner_uid = ?
ORDER BY caption");
$sth->execute([$_SESSION['uid']]);
while ($line = $this->dbh->fetch_assoc($result)) {
while ($line = $sth->fetch()) {
$label = array();
$label['id'] = 'LABEL:' . $line['id'];
$label['bare_id'] = $line['id'];
@ -118,84 +119,92 @@ class Pref_Labels extends Handler_Protected {
}
function colorset() {
$kind = $this->dbh->escape_string($_REQUEST["kind"]);
$ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"]));
$color = $this->dbh->escape_string($_REQUEST["color"]);
$fg = $this->dbh->escape_string($_REQUEST["fg"]);
$bg = $this->dbh->escape_string($_REQUEST["bg"]);
$kind = $_REQUEST["kind"];
$ids = explode(',', $_REQUEST["ids"]);
$color = $_REQUEST["color"];
$fg = $_REQUEST["fg"];
$bg = $_REQUEST["bg"];
foreach ($ids as $id) {
if ($kind == "fg" || $kind == "bg") {
$this->dbh->query("UPDATE ttrss_labels2 SET
${kind}_color = '$color' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
${kind}_color = ? WHERE id = ?
AND owner_uid = ?");
$sth->execute([$color, $id, $_SESSION['uid']]);
} else {
$this->dbh->query("UPDATE ttrss_labels2 SET
fg_color = '$fg', bg_color = '$bg' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
fg_color = ?, bg_color = ? WHERE id = ?
AND owner_uid = ?");
$sth->execute([$fg, $bg, $id, $_SESSION['uid']]);
}
$caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"]));
$caption = Labels::find_caption($id, $_SESSION["uid"]);
/* Remove cached data */
$this->dbh->query("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE ? AND owner_uid = ?");
$sth->execute(["%$caption%", $_SESSION['uid']]);
}
return;
}
function colorreset() {
$ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"]));
$ids = explode(',', $_REQUEST["ids"]);
foreach ($ids as $id) {
$this->dbh->query("UPDATE ttrss_labels2 SET
fg_color = '', bg_color = '' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
fg_color = '', bg_color = '' WHERE id = ?
AND owner_uid = ?");
$sth->execute([$id, $_SESSION['uid']]);
$caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"]));
$caption = Labels::find_caption($id, $_SESSION["uid"]);
/* Remove cached data */
$this->dbh->query("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE ? AND owner_uid = ?");
$sth->execute(["%$caption%", $_SESSION['uid']]);
}
}
function save() {
$id = $this->dbh->escape_string($_REQUEST["id"]);
$caption = $this->dbh->escape_string(trim($_REQUEST["caption"]));
$id = $_REQUEST["id"];
$caption = trim($_REQUEST["caption"]);
$this->dbh->query("BEGIN");
$this->pdo->beginTransaction();
$result = $this->dbh->query("SELECT caption FROM ttrss_labels2
WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
$sth = $this->pdo->prepare("SELECT caption FROM ttrss_labels2
WHERE id = ? AND owner_uid = ?");
$sth->execute([$id, $_SESSION['uid']]);
if ($this->dbh->num_rows($result) != 0) {
$old_caption = $this->dbh->fetch_result($result, 0, "caption");
if ($row = $sth->fetch()) {
$old_caption = $row["caption"];
$result = $this->dbh->query("SELECT id FROM ttrss_labels2
WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_labels2
WHERE caption = ? AND owner_uid = ?");
$sth->execute([$caption, $_SESSION['uid']]);
if ($this->dbh->num_rows($result) == 0) {
if (!$sth->fetch()) {
if ($caption) {
$result = $this->dbh->query("UPDATE ttrss_labels2 SET
caption = '$caption' WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
caption = ? WHERE id = ? AND
owner_uid = ?");
$sth->execute([$caption, $id, $_SESSION['uid']]);
/* Update filters that reference label being renamed */
$old_caption = $this->dbh->escape_string($old_caption);
$this->dbh->query("UPDATE ttrss_filters2_actions SET
action_param = '$caption' WHERE action_param = '$old_caption'
$sth = $this->pdo->prepare("UPDATE ttrss_filters2_actions SET
action_param = ? WHERE action_param = ?
AND action_id = 7
AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ".$_SESSION["uid"].")");
AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ?)");
$sth->execute([$caption, $old_caption, $_SESSION['uid']]);
print $_REQUEST["value"];
} else {
@ -206,14 +215,13 @@ class Pref_Labels extends Handler_Protected {
}
}
$this->dbh->query("COMMIT");
$this->pdo->commit();
return;
}
function remove() {
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
$ids = explode(",", $_REQUEST["ids"]);
foreach ($ids as $id) {
Labels::remove($id, $_SESSION["uid"]);
@ -222,8 +230,8 @@ class Pref_Labels extends Handler_Protected {
}
function add() {
$caption = $this->dbh->escape_string($_REQUEST["caption"]);
$output = $this->dbh->escape_string($_REQUEST["output"]);
$caption = $_REQUEST["caption"];
$output = $_REQUEST["output"];
if ($caption) {

Loading…
Cancel
Save