diff --git a/include/utils/InventoryUtils.php b/include/utils/InventoryUtils.php
index 2aa41675d062b4644609b9f5ccb73b2061217cf6..1388f65b082eda25302cb7b286fa2e5fa325ee5a 100644
--- a/include/utils/InventoryUtils.php
+++ b/include/utils/InventoryUtils.php
@@ -1312,9 +1312,10 @@ function createRecords($obj) {
$moduleFields = $moduleMeta->getModuleFields();
$focus = CRMEntity::getInstance($moduleName);
- $tableName = Import_Utils_Helper::getDbTableName($obj->user);
- $sql = 'SELECT * FROM ' . $tableName . ' WHERE status = '. Import_Data_Action::$IMPORT_RECORD_NONE .' GROUP BY subject';
-
+ $params = array();
+ $tableName = Vtiger_Util_Helper::validateStringForSql(Import_Utils_Helper::getDbTableName($obj->user));
+ $sql = 'SELECT * FROM ' . $tableName . ' WHERE status = ? GROUP BY subject';
+ $params[] = Import_Data_Action::$IMPORT_RECORD_NONE;
if($obj->batchImport) {
$importBatchLimit = getImportBatchLimit();
$sql .= ' LIMIT '. $importBatchLimit;
@@ -1323,7 +1324,7 @@ function createRecords($obj) {
$pagingLimit = $configReader->get('importPagingLimit');
$sql .= ' LIMIT '.$pagingLimit;
}
- $result = $adb->query($sql);
+ $result = $adb->pquery($sql, $params);
$numberOfRecords = $adb->num_rows($result);
if ($numberOfRecords <= 0) {
@@ -1343,8 +1344,10 @@ function createRecords($obj) {
$subject = $row['subject'];
$subject = str_replace("\\", "\\\\", $subject);
$subject = str_replace('"', '""', $subject);
- $sql = "SELECT * FROM $tableName WHERE status = ".Import_Data_Action::$IMPORT_RECORD_NONE." AND subject = '$subject'";
- $subjectResult = $adb->query($sql);
+ $sql = "SELECT * FROM $tableName WHERE status = ? AND subject = ?";
+ $params = array();
+ array_push($params, Import_Data_Action::$IMPORT_RECORD_NONE, $subject);
+ $subjectResult = $adb->pquery($sql, $params);
$count = $adb->num_rows($subjectResult);
$subjectRowIDs = array();
for ($j = 0; $j < $count; ++$j) {
@@ -1519,8 +1522,8 @@ function importRecord($obj, $inventoryFieldData, $lineItemDetails) {
function getImportStatusCount($obj) {
global $adb;
- $tableName = Import_Utils_Helper::getDbTableName($obj->user);
- $result = $adb->query('SELECT status FROM '.$tableName. ' GROUP BY subject');
+ $tableName = Vtiger_Util_Helper::validateStringForSql(Import_Utils_Helper::getDbTableName($obj->user));
+ $result = $adb->pquery('SELECT status FROM '.$tableName. ' GROUP BY subject', array());
$statusCount = array('TOTAL' => 0, 'IMPORTED' => 0, 'FAILED' => 0, 'PENDING' => 0,
'CREATED' => 0, 'SKIPPED' => 0, 'UPDATED' => 0, 'MERGED' => 0);
@@ -1562,15 +1565,14 @@ function undoLastImport($obj, $user) {
$owner->id = $ownerId;
$owner->retrieve_entity_info($ownerId, 'Users');
- $dbTableName = Import_Utils_Helper::getDbTableName($owner);
+ $dbTableName = Vtiger_Util_Helper::validateStringForSql(Import_Utils_Helper::getDbTableName($owner));
if(!is_admin($user) && $user->id != $owner->id) {
$viewer = new Vtiger_Viewer();
$viewer->view('OperationNotPermitted.tpl', 'Vtiger');
exit;
}
- $result = $adb->query("SELECT recordid FROM $dbTableName WHERE status = ". Import_Data_Controller::$IMPORT_RECORD_CREATED
- ." AND recordid IS NOT NULL GROUP BY subject");
+ $result = $adb->pquery("SELECT recordid FROM $dbTableName WHERE status = ? AND recordid IS NOT NULL GROUP BY subject", array(Import_Data_Controller::$IMPORT_RECORD_CREATED));
$noOfRecords = $adb->num_rows($result);
$noOfRecordsDeleted = 0;
for($i=0; $i<$noOfRecords; ++$i) {
diff --git a/include/utils/UserInfoUtil.php b/include/utils/UserInfoUtil.php
index f782f7591b3872563ffd9a158f27ef90618d476f..5d34fccba6174a6c28edee9b0dc22c0b5c42a2c8 100755
--- a/include/utils/UserInfoUtil.php
+++ b/include/utils/UserInfoUtil.php
@@ -2225,9 +2225,9 @@ function getSharingModuleList($eliminateModules=false)
if(!in_array('Events', $eliminateModules)) $eliminateModules[] = 'Events';
$query = "SELECT name FROM vtiger_tab WHERE presence=0 AND ownedby = 0 AND isentitytype = 1";
- $query .= " AND name NOT IN('" . implode("','", $eliminateModules) . "')";
+ $query .= " AND name NOT IN(" . generateQuestionMarks($eliminateModules) . ")";
- $result = $adb->query($query);
+ $result = $adb->pquery($query, $eliminateModules);
while($resrow = $adb->fetch_array($result)) {
$sharingModuleArray[] = $resrow['name'];
}
diff --git a/include/utils/VtlibUtils.php b/include/utils/VtlibUtils.php
index 51b35ba0e2341e08956629c2ba7d40b93f9fb4ba..dbf16efb05ff2c524bf4a9bab6c980d7e07767ea 100644
--- a/include/utils/VtlibUtils.php
+++ b/include/utils/VtlibUtils.php
@@ -122,7 +122,7 @@ function vtlib_isModuleActive($module) {
*/
function vtlib_RecreateUserPrivilegeFiles() {
global $adb;
- $userres = $adb->query('SELECT id FROM vtiger_users WHERE deleted = 0');
+ $userres = $adb->pquery('SELECT id FROM vtiger_users WHERE deleted = 0', array());
if($userres && $adb->num_rows($userres)) {
while($userrow = $adb->fetch_array($userres)) {
createUserPrivilegesfile($userrow['id']);
@@ -194,7 +194,7 @@ function vtlib_getToggleModuleInfo() {
$modinfo = Array();
- $sqlresult = $adb->query("SELECT name, presence, customized, isentitytype FROM vtiger_tab WHERE name NOT IN ('Users','Home') AND presence IN (0,1) ORDER BY name");
+ $sqlresult = $adb->pquery("SELECT name, presence, customized, isentitytype FROM vtiger_tab WHERE name NOT IN ('Users','Home') AND presence IN (0,1) ORDER BY name", array());
$num_rows = $adb->num_rows($sqlresult);
for($idx = 0; $idx < $num_rows; ++$idx) {
$module = $adb->query_result($sqlresult, $idx, 'name');
@@ -219,7 +219,7 @@ function vtlib_getToggleLanguageInfo() {
$adb->dieOnError = false;
$langinfo = Array();
- $sqlresult = $adb->query("SELECT * FROM vtiger_language");
+ $sqlresult = $adb->pquery("SELECT * FROM vtiger_language", array());
if($sqlresult) {
for($idx = 0; $idx < $adb->num_rows($sqlresult); ++$idx) {
$row = $adb->fetch_array($sqlresult);
@@ -532,7 +532,7 @@ function vtlib_getPicklistValues_AccessibleToAll($field_columnname) {
$tablename = "vtiger_$columnname";
// Gather all the roles (except H1 which is organization role)
- $roleres = $adb->query("SELECT roleid FROM vtiger_role WHERE roleid != 'H1'");
+ $roleres = $adb->pquery("SELECT roleid FROM vtiger_role WHERE roleid != 'H1'", array());
$roleresCount= $adb->num_rows($roleres);
$allroles = Array();
if($roleresCount) {
@@ -542,10 +542,10 @@ function vtlib_getPicklistValues_AccessibleToAll($field_columnname) {
sort($allroles);
// Get all the picklist values associated to roles (except H1 - organization role).
- $picklistres = $adb->query(
+ $picklistres = $adb->pquery(
"SELECT $columnname as pickvalue, roleid FROM $tablename
INNER JOIN vtiger_role2picklist ON $tablename.picklist_valueid=vtiger_role2picklist.picklistvalueid
- WHERE roleid != 'H1'");
+ WHERE roleid != 'H1'", array());
$picklistresCount = $adb->num_rows($picklistres);
@@ -578,7 +578,7 @@ function vtlib_getPicklistValues($field_columnname) {
$columnname = $adb->sql_escape_string($field_columnname);
$tablename = "vtiger_$columnname";
- $picklistres = $adb->query("SELECT $columnname as pickvalue FROM $tablename");
+ $picklistres = $adb->pquery("SELECT $columnname as pickvalue FROM $tablename", array());
$picklistresCount = $adb->num_rows($picklistres);
diff --git a/include/utils/utils.php b/include/utils/utils.php
index 965910a3f85cb8906a7571806ac87490a44d11d9..fc250c377a47f30faf3464479efdc9ba750ccc0b 100755
--- a/include/utils/utils.php
+++ b/include/utils/utils.php
@@ -1230,7 +1230,7 @@ function getAccessPickListValues($module)
$temp_status = Array();
for($i=0;$i < $adb->num_rows($result);$i++)
{
- $fieldname = $adb->query_result($result,$i,"fieldname");
+ $fieldname = Vtiger_Util_Helper::validateStringForSql($adb->query_result($result,$i,"fieldname"));
$fieldlabel = $adb->query_result($result,$i,"fieldlabel");
$columnname = $adb->query_result($result,$i,"columnname");
$tabid = $adb->query_result($result,$i,"tabid");
@@ -1247,7 +1247,7 @@ function getAccessPickListValues($module)
$mulsel="select distinct $fieldname from vtiger_$fieldname inner join vtiger_role2picklist on vtiger_role2picklist.picklistvalueid = vtiger_$fieldname.picklist_valueid where roleid ='".$roleid."' and picklistid in (select picklistid from vtiger_$fieldname) order by sortid asc";
}
if($fieldname != 'firstname')
- $mulselresult = $adb->query($mulsel);
+ $mulselresult = $adb->pquery($mulsel, array());
for($j=0;$j < $adb->num_rows($mulselresult);$j++)
{
$fieldvalues[] = $adb->query_result($mulselresult,$j,$fieldname);
@@ -1755,7 +1755,7 @@ function com_vtGetModules($adb) {
inner join vtiger_tab
on vtiger_field.tabid=vtiger_tab.tabid
where vtiger_field.tabid not in(9,10,16,15,29) and vtiger_tab.presence = 0 and vtiger_tab.isentitytype=1";
- $it = new SqlResultIterator($adb, $adb->query($sql));
+ $it = new SqlResultIterator($adb, $adb->pquery($sql, array()));
$modules = array();
foreach($it as $row) {
if(isPermitted($row->name,'index') == "yes") {
diff --git a/modules/Calendar/Activity.php b/modules/Calendar/Activity.php
index e40a285a67d68aea203d902831af955870f2bce3..5b8bb355f68c9da391ba670b769c3b125bc06074 100644
--- a/modules/Calendar/Activity.php
+++ b/modules/Calendar/Activity.php
@@ -579,7 +579,7 @@ function insertIntoRecurringTable(& $recurObj)
left join vtiger_contactdetails on vtiger_contactdetails.contactid= vtiger_cntactivityrel.contactid
left join vtiger_seactivityrel on vtiger_seactivityrel.activityid = vtiger_activity.activityid
WHERE vtiger_crmentity.deleted=0 ".$criteria;
- $result =& $this->db->query($query);
+ $result =& $this->db->pquery($query, array());
if($this->db->getRowCount($result) > 0){
// We have some data.
@@ -675,7 +675,7 @@ function insertIntoRecurringTable(& $recurObj)
{
global $log;
$log->debug("Entering process_list_query1(".$query.") method ...");
- $result =& $this->db->query($query,true,"Error retrieving $this->object_name list: ");
+ $result =& $this->db->pquery($query,array(),true,"Error retrieving $this->object_name list: ");
$list = Array();
$rows_found = $this->db->getRowCount($result);
if($rows_found != 0)
diff --git a/modules/Calendar/iCalExport.php b/modules/Calendar/iCalExport.php
index 41c79c9f2e9b3ca9648691110a0881de519c5b76..47eb1c9d10a3d4d3641e165fd0e4539450478588 100644
--- a/modules/Calendar/iCalExport.php
+++ b/modules/Calendar/iCalExport.php
@@ -16,10 +16,10 @@ global $current_user,$adb,$default_timezone;
$filename = $_REQUEST['filename'];
$ical_query = "select vtiger_activity.*,vtiger_crmentity.description,vtiger_activity_reminder.reminder_time from vtiger_activity inner join vtiger_crmentity on vtiger_activity.activityid = vtiger_crmentity.crmid " .
" LEFT JOIN vtiger_activity_reminder ON vtiger_activity_reminder.activity_id=vtiger_activity.activityid AND vtiger_activity_reminder.recurringid=0" .
- " where vtiger_crmentity.deleted = 0 and vtiger_crmentity.smownerid = " . $current_user->id .
+ " where vtiger_crmentity.deleted = 0 and vtiger_crmentity.smownerid = ?" .
" and vtiger_activity.activitytype NOT IN ('Emails')";
-$calendar_results = $adb->query($ical_query);
+$calendar_results = $adb->pquery($ical_query, array($current_user->id));
// Send the right content type and filename
header ("Content-type: text/calendar");
diff --git a/modules/Campaigns/Campaigns.php b/modules/Campaigns/Campaigns.php
index cc99d855fdbe03ec6a22a15fe0e655dc9634972b..93fa0c1a0161c44dc97b21fe40877f429880a8ed 100644
--- a/modules/Campaigns/Campaigns.php
+++ b/modules/Campaigns/Campaigns.php
@@ -535,7 +535,7 @@ class Campaigns extends CRMEntity {
if(!$this->campaignrelstatus)
{
- $result = $adb->query('SELECT * FROM vtiger_campaignrelstatus;');
+ $result = $adb->pquery('SELECT * FROM vtiger_campaignrelstatus;', array());
while($row = $adb->fetchByAssoc($result))
{
$this->campaignrelstatus[$row['campaignrelstatus']] = $row;
diff --git a/modules/Contacts/Contacts.php b/modules/Contacts/Contacts.php
index 2e33d8b7a454478ec00962d35a10b1d1053ec84c..1a53e84d561d641057f1c4c9d955ca7c6b503d5e 100644
--- a/modules/Contacts/Contacts.php
+++ b/modules/Contacts/Contacts.php
@@ -197,7 +197,7 @@ class Contacts extends CRMEntity {
global $log;
$log->debug("Entering process_list_query1(".$query.") method ...");
- $result =& $this->db->query($query,true,"Error retrieving $this->object_name list: ");
+ $result =& $this->db->pquery($query,array(),true,"Error retrieving $this->object_name list: ");
$list = Array();
$rows_found = $this->db->getRowCount($result);
if($rows_found != 0)
@@ -266,7 +266,7 @@ class Contacts extends CRMEntity {
$permitted_field_lists[] = $adb->query_result($result1,$i,'columnname');
}
- $result =& $this->db->query($query,true,"Error retrieving $this->object_name list: ");
+ $result =& $this->db->pquery($query,array(),true,"Error retrieving $this->object_name list: ");
$list = Array();
$rows_found = $this->db->getRowCount($result);
if($rows_found != 0)
diff --git a/modules/CustomView/ListViewTop.php b/modules/CustomView/ListViewTop.php
index f175168a62fe270c914414f8cb16599ba2bd78d2..f676baa60bc7cad70102b3448e2690764a398e4a 100644
--- a/modules/CustomView/ListViewTop.php
+++ b/modules/CustomView/ListViewTop.php
@@ -79,7 +79,7 @@ function getKeyMetrics($maxval,$calCnt)
$oCustomView = new CustomView($metriclist['module']);
$metricsql = $oCustomView->getModifiedCvListQuery($metriclist['id'],$listquery,$metriclist['module']);
$metricsql = Vtiger_Functions::mkCountQuery($metricsql);
- $metricresult = $adb->query($metricsql);
+ $metricresult = $adb->pquery($metricsql, array());
if($metricresult)
{
$rowcount = $adb->fetch_array($metricresult);
@@ -91,7 +91,7 @@ function getKeyMetrics($maxval,$calCnt)
$queryGenerator->initForCustomViewById($metriclist['id']);
$metricsql = $queryGenerator->getQuery();
$metricsql = Vtiger_Functions::mkCountQuery($metricsql);
- $metricresult = $adb->query($metricsql);
+ $metricresult = $adb->pquery($metricsql, array());
if($metricresult)
{
$rowcount = $adb->fetch_array($metricresult);
diff --git a/modules/CustomView/models/Record.php b/modules/CustomView/models/Record.php
index 2c2cf5b13acc608ccce9025a8e26763337a0b504..e0161d030637b781b7a13f6ce9c555a60b25b0d5 100644
--- a/modules/CustomView/models/Record.php
+++ b/modules/CustomView/models/Record.php
@@ -232,9 +232,10 @@ class CustomView_Record_Model extends Vtiger_Base_Model {
}
if($skipRecords && !empty($skipRecords) && is_array($skipRecords) && count($skipRecords) > 0) {
- $listQuery .= ' AND '.$baseTableName.'.'.$baseTableId.' NOT IN ('. implode(',', $skipRecords) .')';
+ $listQuery .= ' AND '.$baseTableName.'.'.$baseTableId.' NOT IN ('. generateQuestionMarks($skipRecords) .')';
+ $params = array($skipRecords);
}
- $result = $db->query($listQuery);
+ $result = $db->pquery($listQuery, $params);
$noOfRecords = $db->num_rows($result);
$recordIds = array();
for($i=0; $i<$noOfRecords; ++$i) {
diff --git a/modules/HelpDesk/HelpDesk.php b/modules/HelpDesk/HelpDesk.php
index 9bd40d4b25ebf6650569aebb1df5269fcd8d1d63..0d83c3d3a9926af7b77129c90d6ffa295a1d05e7 100644
--- a/modules/HelpDesk/HelpDesk.php
+++ b/modules/HelpDesk/HelpDesk.php
@@ -305,7 +305,7 @@ class HelpDesk extends CRMEntity {
global $log;
$log->debug("Entering process_list_query(".$query.") method ...");
- $result =& $this->db->query($query,true,"Error retrieving $this->object_name list: ");
+ $result =& $this->db->pquery($query,array(),true,"Error retrieving $this->object_name list: ");
$list = Array();
$rows_found = $this->db->getRowCount($result);
if($rows_found != 0)
diff --git a/modules/PickList/PickListUtils.php b/modules/PickList/PickListUtils.php
index c742a78355adc3c8a9ff3644dd87ed280082947a..bd5b04705bb1803bf388d1f0571459c853167e2f 100644
--- a/modules/PickList/PickListUtils.php
+++ b/modules/PickList/PickListUtils.php
@@ -112,7 +112,7 @@ function getAllPickListValues($fieldName,$lang = Array() ){
$arr = array_map('decode_html', $userRecordModel->getAccessibleUsers());
}else {
$sql = 'SELECT * FROM vtiger_'.$adb->sql_escape_string($fieldName);
- $result = $adb->query($sql);
+ $result = $adb->pquery($sql, array());
$count = $adb->num_rows($result);
$arr = array();
@@ -143,7 +143,7 @@ function getEditablePicklistValues($fieldName, $lang= array(), $adb){
$values = array();
$fieldName = $adb->sql_escape_string($fieldName);
$sql="select $fieldName from vtiger_$fieldName where presence=1 and $fieldName <> '--None--'";
- $res = $adb->query($sql);
+ $res = $adb->pquery($sql, array());
$RowCount = $adb->num_rows($res);
if($RowCount > 0){
for($i=0;$i<$RowCount;$i++){
@@ -169,7 +169,7 @@ function getNonEditablePicklistValues($fieldName, $lang=array(), $adb){
$values = array();
$fieldName = $adb->sql_escape_string($fieldName);
$sql = "select $fieldName from vtiger_$fieldName where presence=0";
- $result = $adb->query($sql);
+ $result = $adb->pquery($sql, array());
$count = $adb->num_rows($result);
for($i=0;$i<$count;$i++){
$non_val = $adb->query_result($result,$i,$fieldName);
diff --git a/modules/Reports/ReportRun.php b/modules/Reports/ReportRun.php
index bd5a37bd9be7bcd627fed3c0d90b7ea1ac1952c8..7a2469d5961897fbe04913b3a7b35ca993cc43f0 100644
--- a/modules/Reports/ReportRun.php
+++ b/modules/Reports/ReportRun.php
@@ -3159,7 +3159,7 @@ class ReportRun extends CRMEntity {
$sSQL = $this->sGetSQLforReport($this->reportid, $filtersql, "COLUMNSTOTOTAL");
if (isset($this->totallist)) {
if ($sSQL != "") {
- $result = $adb->query($sSQL);
+ $result = $adb->pquery($sSQL, array());
$y = $adb->num_fields($result);
$custom_field_values = $adb->fetch_array($result);
@@ -3325,7 +3325,7 @@ class ReportRun extends CRMEntity {
$sSQL = $this->sGetSQLforReport($this->reportid, $filtersql, "COLUMNSTOTOTAL");
if (isset($this->totallist)) {
if ($sSQL != '') {
- $result = $adb->query($sSQL);
+ $result = $adb->pquery($sSQL, array());
$y = $adb->num_fields($result);
$custom_field_values = $adb->fetch_array($result);
@@ -3540,7 +3540,7 @@ class ReportRun extends CRMEntity {
if (isset($this->totallist)) {
if ($sSQL != "") {
- $result = $adb->query($sSQL);
+ $result = $adb->pquery($sSQL, array());
$y = $adb->num_fields($result);
$custom_field_values = $adb->fetch_array($result);
$reportModule = 'Reports';
@@ -3764,7 +3764,7 @@ class ReportRun extends CRMEntity {
$sSQL = $this->sGetSQLforReport($this->reportid, $filtersql, "COLUMNSTOTOTAL");
if (isset($this->totallist)) {
if ($sSQL != "") {
- $result = $adb->query($sSQL);
+ $result = $adb->pquery($sSQL, array());
$y = $adb->num_fields($result);
$custom_field_values = $adb->fetch_array($result);
$reportModule = 'Reports';
diff --git a/modules/Reports/ReportSharing.php b/modules/Reports/ReportSharing.php
index 6481cd48adeb8b78f0158dc2e69e982286e8c09e..30fcc9daec8b9900adc04079e6f0c10bceb503ee 100644
--- a/modules/Reports/ReportSharing.php
+++ b/modules/Reports/ReportSharing.php
@@ -107,7 +107,7 @@ function getVisibleCriteria($recordid='')
if($selcriteria == ""){
$selcriteria = 'Public';
}
- $filter_result = $adb->query("select * from vtiger_reportfilters");
+ $filter_result = $adb->pquery("select * from vtiger_reportfilters", array());
$numrows = $adb->num_rows($filter_result);
for($j=0;$j<$numrows;$j++)
{
diff --git a/modules/Reports/models/Folder.php b/modules/Reports/models/Folder.php
index f153789b262ecd202e9cbe57945e8beb9e715ba7..ab166717e3501519d18869ee78651245bcdcaeba 100644
--- a/modules/Reports/models/Folder.php
+++ b/modules/Reports/models/Folder.php
@@ -374,9 +374,9 @@ class Reports_Folder_Model extends Vtiger_Base_Model {
$listQuery = $this->getListViewQuery($folderId, $searchParams);
if($skipRecords && !empty($skipRecords) && is_array($skipRecords) && count($skipRecords) > 0) {
- $listQuery .= ' AND '.$baseTableName.'.'.$baseTableId.' NOT IN ('. implode(',', $skipRecords) .')';
+ $listQuery .= ' AND '.$baseTableName.'.'.$baseTableId.' NOT IN ('. generateQuestionMarks($skipRecords) .')';
}
- $result = $db->query($listQuery);
+ $result = $db->pquery($listQuery, $skipRecords);
$noOfRecords = $db->num_rows($result);
$recordIds = array();
for($i=0; $i<$noOfRecords; ++$i) {
diff --git a/modules/Reports/models/Record.php b/modules/Reports/models/Record.php
index 96101870a2b177eadea38b180a21cd61b5807f63..86c626065d746a3a8ef796042c19311ec5f33370 100644
--- a/modules/Reports/models/Record.php
+++ b/modules/Reports/models/Record.php
@@ -793,7 +793,7 @@ class Reports_Record_Model extends Vtiger_Record_Model {
$query = $this->get('recordCountQuery');
global $adb;
$count = 0;
- $result = $adb->query($query, array());
+ $result = $adb->pquery($query, array());
if($adb->num_rows($result) > 0 ){
$count = $adb->query_result($result, 0, 'count');
}
diff --git a/modules/com_vtiger_workflow/WorkFlowScheduler.php b/modules/com_vtiger_workflow/WorkFlowScheduler.php
index fce3a5fd562370b349682303eaa009da5fe2e2fb..04fbda18cd62da172830aa4951ce6dd1d4b57f82 100755
--- a/modules/com_vtiger_workflow/WorkFlowScheduler.php
+++ b/modules/com_vtiger_workflow/WorkFlowScheduler.php
@@ -57,7 +57,7 @@ class WorkFlowScheduler {
public function getEligibleWorkflowRecords($workflow, $start=0, $limit=0) {
$adb = $this->db;
$query = $this->getWorkflowQuery($workflow, $start, $limit);
- $result = $adb->query($query);
+ $result = $adb->pquery($query, array());
$noOfRecords = $adb->num_rows($result);
$recordsList = array();
for ($i = 0; $i < $noOfRecords; ++$i) {
diff --git a/pkg/vtiger/modules/Assets/modules/Assets/Assets.php b/pkg/vtiger/modules/Assets/modules/Assets/Assets.php
index 5f3a98af104df6c53f8d4091c14ae2156912933e..ba4c6b8e26914aebdfeb6a319060be3a2607266a 100644
--- a/pkg/vtiger/modules/Assets/modules/Assets/Assets.php
+++ b/pkg/vtiger/modules/Assets/modules/Assets/Assets.php
@@ -415,14 +415,14 @@ class Assets extends CRMEntity {
if(getTabid('CustomerPortal') && $assetsTabId) {
$checkAlreadyExists = $adb->pquery('SELECT 1 FROM vtiger_customerportal_tabs WHERE tabid=?', array($assetsTabId));
if($checkAlreadyExists && $adb->num_rows($checkAlreadyExists) < 1) {
- $maxSequenceQuery = $adb->query("SELECT max(sequence) as maxsequence FROM vtiger_customerportal_tabs");
+ $maxSequenceQuery = $adb->pquery("SELECT max(sequence) as maxsequence FROM vtiger_customerportal_tabs", array());
$maxSequence = $adb->query_result($maxSequenceQuery, 0, 'maxsequence');
$nextSequence = $maxSequence+1;
- $adb->query("INSERT INTO vtiger_customerportal_tabs(tabid,visible,sequence) VALUES (?,?,?)", array($assetsTabId,1,$nextSequence));
+ $adb->pquery("INSERT INTO vtiger_customerportal_tabs(tabid,visible,sequence) VALUES (?,?,?)", array($assetsTabId,1,$nextSequence));
}
$checkAlreadyExists = $adb->pquery('SELECT 1 FROM vtiger_customerportal_prefs WHERE tabid=?', array($assetsTabId));
if($checkAlreadyExists && $adb->num_rows($checkAlreadyExists) < 1) {
- $adb->query("INSERT INTO vtiger_customerportal_prefs(tabid,prefkey,prefvalue) VALUES (?,?,?)", array($assetsTabId,'showrelatedinfo',1));
+ $adb->pquery("INSERT INTO vtiger_customerportal_prefs(tabid,prefkey,prefvalue) VALUES (?,?,?)", array($assetsTabId,'showrelatedinfo',1));
}
}
}
diff --git a/pkg/vtiger/modules/CustomerPortal/modules/CustomerPortal/CustomerPortal.php b/pkg/vtiger/modules/CustomerPortal/modules/CustomerPortal/CustomerPortal.php
index e5d64a43b45ad337b7701a3019082eca085769ac..8fdc5bd75d856f5149c305fc56a010dd5edd9b02 100644
--- a/pkg/vtiger/modules/CustomerPortal/modules/CustomerPortal/CustomerPortal.php
+++ b/pkg/vtiger/modules/CustomerPortal/modules/CustomerPortal/CustomerPortal.php
@@ -33,13 +33,13 @@ class CustomerPortal {
$tabId = $adb->query_result($tabIdResult, 0, 'tabid');
if($tabId) {
++$i;
- $adb->query("INSERT INTO vtiger_customerportal_tabs (tabid,visible,sequence) VALUES ($tabId,1,$i)");
- $adb->query("INSERT INTO vtiger_customerportal_prefs(tabid,prefkey,prefvalue) VALUES ($tabId,'showrelatedinfo',1)");
+ $adb->query("INSERT INTO vtiger_customerportal_tabs (tabid,visible,sequence) VALUES (?, ?, ?)", array($tabId,1,$i));
+ $adb->query("INSERT INTO vtiger_customerportal_prefs(tabid,prefkey,prefvalue) VALUES (?, ?, ?)", array($tabId,'showrelatedinfo',1));
}
}
- $adb->query("INSERT INTO vtiger_customerportal_prefs(tabid,prefkey,prefvalue) VALUES (0,'userid',1)");
- $adb->query("INSERT INTO vtiger_customerportal_prefs(tabid,prefkey,prefvalue) VALUES (0,'defaultassignee',1)");
+ $adb->query("INSERT INTO vtiger_customerportal_prefs(tabid,prefkey,prefvalue) VALUES (?, ?, ?)", array(0,'userid',1));
+ $adb->pquery("INSERT INTO vtiger_customerportal_prefs(tabid,prefkey,prefvalue) VALUES (?, ?, ?)", array(0,'defaultassignee',1));
// Mark the module as Standard module
$adb->pquery('UPDATE vtiger_tab SET customized=0 WHERE name=?', array($moduleName));
diff --git a/pkg/vtiger/modules/Import/modules/Import/actions/Data.php b/pkg/vtiger/modules/Import/modules/Import/actions/Data.php
index d2e928c77bc67d0b137c2715fa16fa0089537832..0de1652ab0377b215ddcce5275ab0910ebd502a7 100644
--- a/pkg/vtiger/modules/Import/modules/Import/actions/Data.php
+++ b/pkg/vtiger/modules/Import/modules/Import/actions/Data.php
@@ -296,7 +296,7 @@ class Import_Data_Action extends Vtiger_Action_Controller {
$query = $queryGenerator->getQuery();
// to eliminate clash of next record values
$queryGenerator->clearConditionals();
- $duplicatesResult = $adb->query($query);
+ $duplicatesResult = $adb->pquery($query, array());
$noOfDuplicates = $adb->num_rows($duplicatesResult);
if ($noOfDuplicates > 0) {
@@ -825,7 +825,7 @@ class Import_Data_Action extends Vtiger_Action_Controller {
public function getImportStatusCount() {
$adb = PearDatabase::getInstance();
- $tableName = Import_Utils_Helper::getDbTableName($this->user);
+ $tableName = Vtiger_Util_Helper::validateStringForSql(Import_Utils_Helper::getDbTableName($this->user));
$focus = CRMEntity::getInstance($this->module);
if ($focus && method_exists($focus, 'getGroupQuery')) {
@@ -833,7 +833,7 @@ class Import_Data_Action extends Vtiger_Action_Controller {
} else {
$query = 'SELECT status FROM '.$tableName;
}
- $result = $adb->query($query, array());
+ $result = $adb->pquery($query, array());
$statusCount = array('TOTAL' => 0, 'IMPORTED' => 0, 'FAILED' => 0, 'PENDING' => 0, 'CREATED' => 0, 'SKIPPED' => 0, 'UPDATED' => 0, 'MERGED' => 0);
diff --git a/pkg/vtiger/modules/Import/modules/Import/helpers/Utils.php b/pkg/vtiger/modules/Import/modules/Import/helpers/Utils.php
index 55b7c396783ee09f1c11087cacdac8718e420f5c..ba3fdd45f285f8312a8a0d1279a4922c6779edf9 100644
--- a/pkg/vtiger/modules/Import/modules/Import/helpers/Utils.php
+++ b/pkg/vtiger/modules/Import/modules/Import/helpers/Utils.php
@@ -121,10 +121,10 @@ class Import_Utils_Helper {
public static function isUserImportBlocked($user) {
$adb = PearDatabase::getInstance();
- $tableName = self::getDbTableName($user);
+ $tableName = Vtiger_Util_Helper::validateStringForSql(self::getDbTableName($user));
if(Vtiger_Utils::CheckTable($tableName)) {
- $result = $adb->query('SELECT 1 FROM '.$tableName.' WHERE status = '. Import_Data_Action::$IMPORT_RECORD_NONE);
+ $result = $adb->pquery('SELECT 1 FROM '.$tableName.' WHERE status = ?', array(Import_Data_Action::$IMPORT_RECORD_NONE));
if($adb->num_rows($result) > 0) {
return true;
}
@@ -136,7 +136,7 @@ class Import_Utils_Helper {
$adb = PearDatabase::getInstance();
$tableName = self::getDbTableName($user);
- $adb->query('DROP TABLE IF EXISTS '.$tableName);
+ $adb->pquery('DROP TABLE IF EXISTS '.$tableName, array());
Import_Lock_Action::unLock($user);
Import_Queue_Action::removeForUser($user);
}
diff --git a/pkg/vtiger/modules/Import/modules/Import/readers/FileReader.php b/pkg/vtiger/modules/Import/modules/Import/readers/FileReader.php
index 147512ed25aa4f60097a6293b18d9f71cad52086..52f5b3f53c6291c108b48754bfc465ca5a87cea1 100644
--- a/pkg/vtiger/modules/Import/modules/Import/readers/FileReader.php
+++ b/pkg/vtiger/modules/Import/modules/Import/readers/FileReader.php
@@ -102,7 +102,7 @@ class Import_FileReader_Reader {
public function createTable() {
$db = PearDatabase::getInstance();
- $tableName = Import_Utils_Helper::getDbTableName($this->user);
+ $tableName = Vtiger_Util_Helper::validateStringForSql(Import_Utils_Helper::getDbTableName($this->user));
$fieldMapping = $this->request->get('field_mapping');
$moduleFields = $this->moduleModel->getFields();
@@ -116,7 +116,7 @@ class Import_FileReader_Reader {
$columnsListQuery .= $this->getDBColumnType($fieldObject, $fieldTypes);
}
$createTableQuery = 'CREATE TABLE '. $tableName . ' ('.$columnsListQuery.') ENGINE=MyISAM ';
- $db->query($createTableQuery);
+ $db->pquery($createTableQuery, array());
return true;
}
diff --git a/pkg/vtiger/modules/Mobile/modules/Mobile/api/ws/RelatedRecordsWithGrouping.php b/pkg/vtiger/modules/Mobile/modules/Mobile/api/ws/RelatedRecordsWithGrouping.php
index f187b3ff0b8ae21574981e6e65313213fe4008c3..1e7a3151841049d2aad50024add7b626f45c49b8 100644
--- a/pkg/vtiger/modules/Mobile/modules/Mobile/api/ws/RelatedRecordsWithGrouping.php
+++ b/pkg/vtiger/modules/Mobile/modules/Mobile/api/ws/RelatedRecordsWithGrouping.php
@@ -48,7 +48,7 @@ class Mobile_WS_RelatedRecordsWithGrouping extends Mobile_WS_QueryWithGrouping {
}
$query = sprintf("SELECT vtiger_crmentity.crmid, $querySEtype %s", substr($query, stripos($query, 'FROM')));
- $queryResult = $adb->query($query);
+ $queryResult = $adb->pquery($query, array());
// Gather resolved record id's
$relatedRecords = array();
diff --git a/pkg/vtiger/modules/Projects/Project/modules/Project/Project.php b/pkg/vtiger/modules/Projects/Project/modules/Project/Project.php
index b7e65d428b00e892e1d3c87667743a189de3a7df..8438409e6b46de943066279500eb769ebfd63a74 100644
--- a/pkg/vtiger/modules/Projects/Project/modules/Project/Project.php
+++ b/pkg/vtiger/modules/Projects/Project/modules/Project/Project.php
@@ -343,11 +343,11 @@ class Project extends CRMEntity {
if(getTabid('CustomerPortal') && $projectTabid) {
$checkAlreadyExists = $adb->pquery('SELECT 1 FROM vtiger_customerportal_tabs WHERE tabid=?', array($projectTabid));
if($checkAlreadyExists && $adb->num_rows($checkAlreadyExists) < 1) {
- $maxSequenceQuery = $adb->query("SELECT max(sequence) as maxsequence FROM vtiger_customerportal_tabs");
+ $maxSequenceQuery = $adb->pquery("SELECT max(sequence) as maxsequence FROM vtiger_customerportal_tabs", array());
$maxSequence = $adb->query_result($maxSequenceQuery, 0, 'maxsequence');
$nextSequence = $maxSequence+1;
- $adb->query("INSERT INTO vtiger_customerportal_tabs(tabid,visible,sequence) VALUES ($projectTabid,1,$nextSequence)");
- $adb->query("INSERT INTO vtiger_customerportal_prefs(tabid,prefkey,prefvalue) VALUES ($projectTabid,'showrelatedinfo',1)");
+ $adb->pquery("INSERT INTO vtiger_customerportal_tabs(tabid,visible,sequence) VALUES (?, ?, ?)", array($projectTabid,1,$nextSequence));
+ $adb->pquery("INSERT INTO vtiger_customerportal_prefs(tabid,prefkey,prefvalue) VALUES (?, ?, ?)", array($projectTabid,'showrelatedinfo',1));
}
}
@@ -401,7 +401,7 @@ class Project extends CRMEntity {
// Add Gnatt chart to the related list of the module
$relation_id = $adb->getUniqueID('vtiger_relatedlists');
$max_sequence = 0;
- $result = $adb->query("SELECT max(sequence) as maxsequence FROM vtiger_relatedlists WHERE tabid=$projectTabid");
+ $result = $adb->pquery("SELECT max(sequence) as maxsequence FROM vtiger_relatedlists WHERE tabid=?", array($projectTabid));
if($adb->num_rows($result)) $max_sequence = $adb->query_result($result, 0, 'maxsequence');
$sequence = $max_sequence+1;
$adb->pquery("INSERT INTO vtiger_relatedlists(relation_id,tabid,related_tabid,name,sequence,label,presence) VALUES(?,?,?,?,?,?,?)",
diff --git a/pkg/vtiger/modules/Projects/ProjectMilestone/modules/ProjectMilestone/ProjectMilestone.php b/pkg/vtiger/modules/Projects/ProjectMilestone/modules/ProjectMilestone/ProjectMilestone.php
index 2c7102f0b75c49728481f25c9715f04cbb75e9df..706bbefab0803ef98f5bb5dd0f0efcf8d1d7c726 100644
--- a/pkg/vtiger/modules/Projects/ProjectMilestone/modules/ProjectMilestone/ProjectMilestone.php
+++ b/pkg/vtiger/modules/Projects/ProjectMilestone/modules/ProjectMilestone/ProjectMilestone.php
@@ -336,7 +336,7 @@ class ProjectMilestone extends CRMEntity {
if(getTabid('CustomerPortal')) {
$checkAlreadyExists = $adb->pquery('SELECT 1 FROM vtiger_customerportal_tabs WHERE tabid=?', array($projectmilestoneTabid));
if($checkAlreadyExists && $adb->num_rows($checkAlreadyExists) < 1) {
- $maxSequenceQuery = $adb->query("SELECT max(sequence) as maxsequence FROM vtiger_customerportal_tabs");
+ $maxSequenceQuery = $adb->pquery("SELECT max(sequence) as maxsequence FROM vtiger_customerportal_tabs", array());
$maxSequence = $adb->query_result($maxSequenceQuery, 0, 'maxsequence');
$nextSequence = $maxSequence+1;
$adb->pquery("INSERT INTO vtiger_customerportal_tabs(tabid,visible,sequence) VALUES (?,?,?)", array($projectmilestoneTabid,1,$nextSequence));
diff --git a/pkg/vtiger/modules/Projects/ProjectTask/modules/ProjectTask/ProjectTask.php b/pkg/vtiger/modules/Projects/ProjectTask/modules/ProjectTask/ProjectTask.php
index 1fea35246a732ecbcc88b8ef889188c6d0f1b1dc..c48c3e82dc5fb65d0497162200663e00349a00c2 100644
--- a/pkg/vtiger/modules/Projects/ProjectTask/modules/ProjectTask/ProjectTask.php
+++ b/pkg/vtiger/modules/Projects/ProjectTask/modules/ProjectTask/ProjectTask.php
@@ -342,11 +342,11 @@ class ProjectTask extends CRMEntity {
if(getTabid('CustomerPortal')) {
$checkAlreadyExists = $adb->pquery('SELECT 1 FROM vtiger_customerportal_tabs WHERE tabid=?', array($projecttaskTabid));
if($checkAlreadyExists && $adb->num_rows($checkAlreadyExists) < 1) {
- $maxSequenceQuery = $adb->query("SELECT max(sequence) as maxsequence FROM vtiger_customerportal_tabs");
+ $maxSequenceQuery = $adb->pquery("SELECT max(sequence) as maxsequence FROM vtiger_customerportal_tabs", array());
$maxSequence = $adb->query_result($maxSequenceQuery, 0, 'maxsequence');
$nextSequence = $maxSequence+1;
- $adb->query("INSERT INTO vtiger_customerportal_tabs(tabid,visible,sequence) VALUES ($projecttaskTabid,1,$nextSequence)");
- $adb->query("INSERT INTO vtiger_customerportal_prefs(tabid,prefkey,prefvalue) VALUES ($projecttaskTabid,'showrelatedinfo',1)");
+ $adb->pquery("INSERT INTO vtiger_customerportal_tabs(tabid,visible,sequence) VALUES (?, ?, ?)", array($projecttaskTabid,1,$nextSequence));
+ $adb->pquery("INSERT INTO vtiger_customerportal_prefs(tabid,prefkey,prefvalue) VALUES (?, ?, ?)", array($projecttaskTabid,'showrelatedinfo',1));
}
}
diff --git a/pkg/vtiger/modules/RecycleBin/modules/RecycleBin/models/Module.php b/pkg/vtiger/modules/RecycleBin/modules/RecycleBin/models/Module.php
index d3cdec9291b9990523ca4bd7da2e2ac0b91d2dfe..e24f4040776aa24ce21f5ffb0c6de8f21aebcef5 100644
--- a/pkg/vtiger/modules/RecycleBin/modules/RecycleBin/models/Module.php
+++ b/pkg/vtiger/modules/RecycleBin/modules/RecycleBin/models/Module.php
@@ -134,8 +134,8 @@ class RecycleBin_Module_Model extends Vtiger_Module_Model {
}
}
$this->deleteFiles($recordIds);
- $db->query('DELETE FROM vtiger_crmentity WHERE deleted = 1');
- $db->query('DELETE FROM vtiger_relatedlists_rb');
+ $db->pquery('DELETE FROM vtiger_crmentity WHERE deleted = 1', array());
+ $db->pquery('DELETE FROM vtiger_relatedlists_rb', array());
return true;
}
diff --git a/pkg/vtiger/modules/Tooltip/modules/Tooltip/Tooltip.php b/pkg/vtiger/modules/Tooltip/modules/Tooltip/Tooltip.php
index 806ce55c5874affbc09676d272654226c268cd22..2bf0a7af6e0722ae108e5ba08cba069bc78f0082 100644
--- a/pkg/vtiger/modules/Tooltip/modules/Tooltip/Tooltip.php
+++ b/pkg/vtiger/modules/Tooltip/modules/Tooltip/Tooltip.php
@@ -34,9 +34,10 @@ class Tooltip {
$icon = 'quickview.png';
$description = 'LBL_TOOLTIP_MANAGEMENT_DESCRIPTION';
$links = 'index.php?module=Tooltip&action=QuickView&parenttab=Settings';
-
- $adb->query("INSERT INTO vtiger_settings_field (fieldid, blockid, name, iconpath, description, linkto)
- VALUES (".$adb->getUniqueID('vtiger_settings_field').", ".getSettingsBlockId($blockname).", '$name', '$icon', '$description', '$links')");
+ $params = array($adb->getUniqueID('vtiger_settings_field'), getSettingsBlockId($blockname), $name, $icon, $description, $links);
+
+ $adb->pquery("INSERT INTO vtiger_settings_field (fieldid, blockid, name, iconpath, description, linkto)
+ VALUES (". generateQuestionMarks($params).")", $params);
} else if($eventType == 'module.disabled') {
// TODO Handle actions when this module is disabled.
$moduleInstance = Vtiger_Module::getInstance('Tooltip');
diff --git a/vtlib/Vtiger/Access.php b/vtlib/Vtiger/Access.php
index 83d84025f2f54557da9a6f7275d55940600df606..ea24637d9656d83f4af3d2f5e16f2ba5bf383ff9 100644
--- a/vtlib/Vtiger/Access.php
+++ b/vtlib/Vtiger/Access.php
@@ -69,8 +69,8 @@ class Vtiger_Access {
static function initSharing($moduleInstance) {
global $adb;
- $result = $adb->query("SELECT share_action_id from vtiger_org_share_action_mapping WHERE share_action_name in
- ('Public: Read Only', 'Public: Read, Create/Edit', 'Public: Read, Create/Edit, Delete', 'Private')");
+ $result = $adb->pquery("SELECT share_action_id from vtiger_org_share_action_mapping WHERE share_action_name in
+ ('Public: Read Only', 'Public: Read, Create/Edit', 'Public: Read, Create/Edit, Delete', 'Private')", array());
for($index = 0; $index < $adb->num_rows($result); ++$index) {
$actionid = $adb->query_result($result, $index, 'share_action_id');
diff --git a/vtlib/Vtiger/Deprecated.php b/vtlib/Vtiger/Deprecated.php
index 43e7ec882b73e161ea9840ec03d4adcfe5587057..f574c1c5ae13a1ab39a9b3a86fe13910d8480b81 100644
--- a/vtlib/Vtiger/Deprecated.php
+++ b/vtlib/Vtiger/Deprecated.php
@@ -541,19 +541,19 @@ class Vtiger_Deprecated {
global $adb;
switch ($module) {
case "Invoice":
- $res = $adb->query("SELECT invoice_no FROM vtiger_invoice WHERE invoiceid = $recordId");
+ $res = $adb->pquery("SELECT invoice_no FROM vtiger_invoice WHERE invoiceid = ?", array($recordId));
$moduleSeqNo = $adb->query_result($res, 0, 'invoice_no');
break;
case "PurchaseOrder":
- $res = $adb->query("SELECT purchaseorder_no FROM vtiger_purchaseorder WHERE purchaseorderid = $recordId");
+ $res = $adb->pquery("SELECT purchaseorder_no FROM vtiger_purchaseorder WHERE purchaseorderid = ?", array($recordId));
$moduleSeqNo = $adb->query_result($res, 0, 'purchaseorder_no');
break;
case "Quotes":
- $res = $adb->query("SELECT quote_no FROM vtiger_quotes WHERE quoteid = $recordId");
+ $res = $adb->pquery("SELECT quote_no FROM vtiger_quotes WHERE quoteid = ?", array($recordId));
$moduleSeqNo = $adb->query_result($res, 0, 'quote_no');
break;
case "SalesOrder":
- $res = $adb->query("SELECT salesorder_no FROM vtiger_salesorder WHERE salesorderid = $recordId");
+ $res = $adb->pquery("SELECT salesorder_no FROM vtiger_salesorder WHERE salesorderid = ?", array($recordId));
$moduleSeqNo = $adb->query_result($res, 0, 'salesorder_no');
break;
}
diff --git a/vtlib/Vtiger/ModuleBasic.php b/vtlib/Vtiger/ModuleBasic.php
index 3f2adc269493dd5ac7be8815f01784d9661cc92c..4e57fef5745b14c1af2f4c7f3938573016f5e9be 100644
--- a/vtlib/Vtiger/ModuleBasic.php
+++ b/vtlib/Vtiger/ModuleBasic.php
@@ -114,7 +114,7 @@ class Vtiger_ModuleBasic {
*/
function __getUniqueId() {
global $adb;
- $result = $adb->query("SELECT MAX(tabid) AS max_seq FROM vtiger_tab");
+ $result = $adb->pquery("SELECT MAX(tabid) AS max_seq FROM vtiger_tab", array());
$maxseq = $adb->query_result($result, 0, 'max_seq');
return ++$maxseq;
}