[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [9853] controller: typecasting to avoid errors
From: |
Sigurd Nes |
Subject: |
[Fmsystem-commits] [9853] controller: typecasting to avoid errors |
Date: |
Tue, 14 Aug 2012 13:19:02 +0000 |
Revision: 9853
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=9853
Author: sigurdne
Date: 2012-08-14 13:19:01 +0000 (Tue, 14 Aug 2012)
Log Message:
-----------
controller: typecasting to avoid errors
Modified Paths:
--------------
trunk/controller/inc/class.socase.inc.php
trunk/controller/inc/class.socheck_item.inc.php
trunk/controller/inc/class.socheck_list.inc.php
trunk/controller/inc/class.socontrol.inc.php
trunk/controller/inc/class.socontrol_group.inc.php
trunk/controller/inc/class.socontrol_group_list.inc.php
trunk/controller/inc/class.socontrol_item.inc.php
trunk/controller/inc/class.socontrol_item_list.inc.php
trunk/controller/inc/class.sodocument.inc.php
trunk/controller/inc/class.soprocedure.inc.php
Modified: trunk/controller/inc/class.socase.inc.php
===================================================================
--- trunk/controller/inc/class.socase.inc.php 2012-08-14 12:31:16 UTC (rev
9852)
+++ trunk/controller/inc/class.socase.inc.php 2012-08-14 13:19:01 UTC (rev
9853)
@@ -61,8 +61,10 @@
*/
public function get_single($case_id)
{
+ $case_id = (int) $case_id;
+
$sql = "SELECT * FROM controller_check_item_case ";
- $sql .= "WHERE id = $case_id";
+ $sql .= "WHERE id = {$case_id}";
$this->db->limit_query($sql, 0, __LINE__, __FILE__, 1);
@@ -98,6 +100,9 @@
*/
public function get_cases_by_message($location_id,
$location_item_id, $return_type = "return_object")
{
+ $location_id = (int) $location_id;
+ $location_item_id = (int) $location_item_id;
+
$sql = "SELECT * FROM controller_check_item_case ";
$sql .= "WHERE location_id = {$location_id} AND
location_item_id = {$location_item_id}";
@@ -207,6 +212,7 @@
*/
function delete($case_id)
{
+ $case_id = (int) $case_id;
$status = $this->db->query("DELETE FROM
controller_check_item_case WHERE id = $case_id");
if( isset($status) )
Modified: trunk/controller/inc/class.socheck_item.inc.php
===================================================================
--- trunk/controller/inc/class.socheck_item.inc.php 2012-08-14 12:31:16 UTC
(rev 9852)
+++ trunk/controller/inc/class.socheck_item.inc.php 2012-08-14 13:19:01 UTC
(rev 9853)
@@ -108,9 +108,11 @@
*/
public function get_single($check_item_id)
{
+ $check_item_id = (int) $check_item_id;
+
$sql = "SELECT ci.*, ci.id as c_id, coi.id as coi_id,
coi.* ";
$sql .= "FROM controller_check_item ci,
controller_control_item coi ";
- $sql .= "WHERE ci.id = $check_item_id ";
+ $sql .= "WHERE ci.id = {$check_item_id} ";
$sql .= "AND ci.control_item_id=coi.id";
$this->db->limit_query($sql, 0, __LINE__, __FILE__, 1);
@@ -143,14 +145,17 @@
* @param $check_item_id id to check item to be fetched
from database
* @return check item object
*/
- public function get_single_with_cases($check_item_id,
$return_type = "return_object"){
+ public function get_single_with_cases($check_item_id,
$return_type = "return_object")
+ {
+ $check_item_id = (int) $check_item_id;
+
$sql = "SELECT ci.id as ci_id, control_item_id,
check_list_id, ";
$sql .= "cic.id as cic_id, cic.status as cic_status,
cic.*, ";
$sql .= "coi.id as coi_id, coi.* ";
$sql .= "FROM controller_check_item ci ";
$sql .= "LEFT JOIN controller_control_item as coi ON
ci.control_item_id = coi.id ";
$sql .= "LEFT JOIN controller_check_item_case as cic ON
ci.id = cic.check_item_id ";
- $sql .= "WHERE ci.id = $check_item_id ";
+ $sql .= "WHERE ci.id = {$check_item_id} ";
$this->db->query($sql);
@@ -180,7 +185,7 @@
$cases_array = array();
}
- if($this->db->f('cic_id', true) != ''){
+ if($this->db->f('cic_id') != ''){
$case = new
controller_check_item_case($this->unmarshal($this->db->f('cic_id'), 'int'));
$case->set_check_item_id($this->unmarshal($this->db->f('check_item_id'),
'int'));
$case->set_status($this->unmarshal($this->db->f('cic_status'), 'int'));
@@ -224,11 +229,14 @@
*/
public function
get_check_item_by_check_list_and_control_item($check_list_id, $control_item_id)
{
+ $check_list_id = (int) $check_list_id;
+ $control_item_id = (int) $control_item_id;
+
$sql = "SELECT ci.*, ci.id as c_id, coi.id as coi_id,
coi.* ";
$sql .= "FROM controller_check_item ci,
controller_control_item coi ";
- $sql .= "WHERE ci.check_list_id = $check_list_id ";
+ $sql .= "WHERE ci.check_list_id = {$check_list_id} ";
$sql .= "AND ci.control_item_id = coi.id ";
- $sql .= "AND ci.control_item_id = $control_item_id";
+ $sql .= "AND ci.control_item_id = {$control_item_id}";
$this->db->limit_query($sql, 0, __LINE__, __FILE__, 1);
@@ -309,14 +317,16 @@
* @param $returnType data returned as objects or arrays
* @return check item objects
*/
- public function get_check_items_with_cases($check_list_id,
$type = "control_item_type_1", $status = "open", $messageStatus = null,
$return_type = "return_object"){
+ public function get_check_items_with_cases($check_list_id,
$type = "control_item_type_1", $status = "open", $messageStatus = null,
$return_type = "return_object")
+ {
+ $check_list_id = (int) $check_list_id;
$sql = "SELECT ci.id as ci_id, control_item_id,
check_list_id, ";
$sql .= "cic.id as cic_id, cic.status as cic_status,
cic.*, ";
$sql .= "coi.id as coi_id, coi.* ";
$sql .= "FROM controller_check_item ci ";
$sql .= "LEFT JOIN controller_control_item as coi ON
ci.control_item_id = coi.id ";
$sql .= "LEFT JOIN controller_check_item_case as cic ON
ci.id = cic.check_item_id ";
- $sql .= "WHERE ci.check_list_id = $check_list_id ";
+ $sql .= "WHERE ci.check_list_id = {$check_list_id} ";
if($status == 'open')
$sql .= "AND cic.status = 0 ";
@@ -418,14 +428,17 @@
* @param $returnType data returned as objects or arrays
* @return check item objects
*/
- public function
get_check_items_with_cases_by_message($message_ticket_id, $return_type =
"return_object"){
+ public function
get_check_items_with_cases_by_message($message_ticket_id, $return_type =
"return_object")
+ {
+ $message_ticket_id = (int) $message_ticket_id;
+
$sql = "SELECT ci.id as ci_id, control_item_id, ";
$sql .= "check_list_id, cic.id as cic_id, cic.status as
cic_status, cic.*, ";
$sql .= "coi.id as coi_id, coi.* ";
$sql .= "FROM controller_check_item ci ";
$sql .= "LEFT JOIN controller_control_item as coi ON
ci.control_item_id = coi.id ";
$sql .= "LEFT JOIN controller_check_item_case as cic ON
ci.id = cic.check_item_id ";
- $sql .= "WHERE cic.location_item_id =
$message_ticket_id";
+ $sql .= "WHERE cic.location_item_id =
{$message_ticket_id}";
$this->db->query($sql);
@@ -464,7 +477,7 @@
$cases_array = array();
}
- if($this->db->f('cic_id', true) != ''){
+ if($this->db->f('cic_id') != ''){
$case = new
controller_check_item_case($this->unmarshal($this->db->f('cic_id'), 'int'));
$case->set_status($this->unmarshal($this->db->f('cic_status'), 'int'));
$case->set_check_item_id($this->unmarshal($this->db->f('check_item_id'),
'int'));
Modified: trunk/controller/inc/class.socheck_list.inc.php
===================================================================
--- trunk/controller/inc/class.socheck_list.inc.php 2012-08-14 12:31:16 UTC
(rev 9852)
+++ trunk/controller/inc/class.socheck_list.inc.php 2012-08-14 13:19:01 UTC
(rev 9853)
@@ -57,12 +57,14 @@
* @param $check_list_id
* @return check list object
*/
- public function get_single($check_list_id){
+ public function get_single($check_list_id)
+ {
+ $check_list_id = (int) $check_list_id;
$sql = "SELECT cl.id as cl_id, cl.status as cl_status,
cl.control_id, cl.comment as cl_comment, deadline, planned_date, ";
$sql .= "completed_date, location_code, component_id,
num_open_cases, num_pending_cases, location_id, ci.id as ci_id, control_item_id
";
$sql .= "FROM controller_check_list cl ";
$sql .= "LEFT JOIN controller_check_item as ci ON cl.id =
ci.check_list_id ";
- $sql .= "WHERE cl.id = $check_list_id";
+ $sql .= "WHERE cl.id = {$check_list_id}";
$this->db->query($sql);
$this->db->next_record();
@@ -95,7 +97,9 @@
* @param $type control items registration type (Radiobuttons,
Checklist, textfield, just commentfield)
* @return returns a check list object
*/
- public function get_single_with_check_items($check_list_id, $status,
$type){
+ public function get_single_with_check_items($check_list_id, $status,
$type)
+ {
+ $check_list_id = (int) $check_list_id;
$sql = "SELECT cl.id as cl_id, cl.status as cl_status,
cl.control_id, cl.comment as cl_comment, deadline, planned_date,
completed_date, num_open_cases, location_code, num_pending_cases, ";
$sql .= "ci.id as ci_id, control_item_id, check_list_id, ";
$sql .= "coi.title as coi_title, coi.required as coi_required,
";
@@ -103,7 +107,7 @@
$sql .= "FROM controller_check_list cl ";
$sql .= "LEFT JOIN controller_check_item as ci ON cl.id =
ci.check_list_id ";
$sql .= "LEFT JOIN controller_control_item as coi ON
ci.control_item_id = coi.id ";
- $sql .= "WHERE cl.id = $check_list_id ";
+ $sql .= "WHERE cl.id = {$check_list_id} ";
if($status == 'open')
$sql .= "AND ci.status = 0 ";
@@ -165,12 +169,15 @@
* @param $control_id
* @return array with check list objects
*/
- function get_check_lists_for_control($control_id){
+ function get_check_lists_for_control($control_id)
+ {
+ $control_id = (int) $control_id;
+
$sql = "SELECT cl.id as cl_id, cl.status as cl_status,
cl.comment as cl_comment, deadline, planned_date, ";
$sql .= "completed_date, component_id, location_code,
num_open_cases, num_pending_cases ";
$sql .= "ci.id as ci_id, control_item_id, check_list_id ";
$sql .= "FROM controller_check_list cl, controller_check_item
ci ";
- $sql .= "WHERE cl.control_id = $control_id ";
+ $sql .= "WHERE cl.control_id = {$control_id} ";
$sql .= "AND cl.id = ci.check_list_id ";
$sql .= "ORDER BY cl.id;";
@@ -228,6 +235,8 @@
*/
function get_planned_check_lists_for_control($control_id,
$location_code,$location_id, $component_id)
{
+ $control_id = (int) $control_id;
+
$component_filter = ' AND component_id IS NULL ';
if($component_id)
{
@@ -239,7 +248,7 @@
$sql = "SELECT cl.id as cl_id, cl.status as cl_status,
cl.comment as cl_comment, deadline, planned_date, ";
$sql .= "completed_date, component_id, location_code,
num_open_cases, num_pending_cases ";
$sql .= "FROM controller_check_list cl ";
- $sql .= "WHERE cl.control_id = $control_id ";
+ $sql .= "WHERE cl.control_id = {$control_id} ";
$sql .= "AND cl.location_code = '{$location_code}' ";
$sql .= "AND NOT cl.planned_date IS NULL ";
$sql .= "AND cl.completed_date IS NULL ";
@@ -288,11 +297,14 @@
* @param $location_code
* @return array with check list objects
*/
- function get_unplanned_check_lists_for_control($control_id,
$location_code){
+ function get_unplanned_check_lists_for_control($control_id,
$location_code)
+ {
+ $control_id = (int) $control_id;
+
$sql = "SELECT cl.id as cl_id, cl.status as cl_status,
cl.comment as cl_comment, deadline, planned_date, ";
$sql .= "completed_date, component_id, location_code,
num_open_cases, num_pending_cases ";
$sql .= "FROM controller_check_list cl ";
- $sql .= "WHERE cl.control_id = $control_id ";
+ $sql .= "WHERE cl.control_id = {$control_id} ";
$sql .= "AND cl.location_code = '{$location_code}' ";
$sql .= "AND cl.planned_date IS NULL ";
$sql .= "AND cl.completed_date IS NULL ";
@@ -337,11 +349,14 @@
* @param $location_code location code
* @return array with check list objects
*/
- function get_open_check_lists_for_control($control_id, $location_code,
$from_date){
+ function get_open_check_lists_for_control($control_id, $location_code,
$from_date)
+ {
+ $control_id = (int) $control_id;
+
$sql = "SELECT cl.id as cl_id, cl.status as cl_status,
cl.comment as cl_comment, deadline, planned_date, ";
$sql .= "completed_date, component_id, location_code,
num_open_cases, num_pending_cases ";
$sql .= "FROM controller_check_list cl ";
- $sql .= "WHERE cl.control_id = $control_id ";
+ $sql .= "WHERE cl.control_id = {$control_id} ";
$sql .= "AND cl.location_code = '{$location_code}' ";
$sql .= "AND (cl.planned_date IS NULL OR cl.planned_date <
$from_date) ";
$sql .= "AND cl.deadline < $from_date ";
@@ -493,14 +508,18 @@
* @param $repeat_type_expr repeat type expression
* @return array with check list objects
*/
- function get_check_lists_for_component( $location_id, $component_id,
$from_date_ts, $to_date_ts, $repeat_type_expr = null ){
+ function get_check_lists_for_component( $location_id, $component_id,
$from_date_ts, $to_date_ts, $repeat_type_expr = null )
+ {
+ $location_id = (int) $location_id;
+ $component_id = (int) $component_id;
+
$sql = "SELECT c.id as c_id, ";
$sql .= "cl.id as cl_id, cl.status as cl_status, cl.comment as
cl_comment, deadline, planned_date, completed_date, ";
$sql .= "cl.component_id, cl.location_id, cl.location_code as
cl_location_code, num_open_cases, num_pending_cases ";
$sql .= "FROM controller_control c ";
$sql .= "LEFT JOIN controller_check_list cl on cl.control_id =
c.id ";
- $sql .= "WHERE cl.location_id = $location_id ";
- $sql .= "AND cl.component_id = $component_id ";
+ $sql .= "WHERE cl.location_id = {$location_id} ";
+ $sql .= "AND cl.component_id = {$component_id} ";
if( $repeat_type != null )
$sql .= "AND c.repeat_type $repeat_type_expr ";
@@ -562,7 +581,10 @@
* @param $repeat_type_expr repeat type expression
* @return array with check list objects
*/
- function get_check_lists_for_control_and_location( $control_id,
$location_code, $from_date_ts, $to_date_ts, $repeat_type = null ){
+ function get_check_lists_for_control_and_location( $control_id,
$location_code, $from_date_ts, $to_date_ts, $repeat_type = null )
+ {
+ $control_id = (int) $control_id;
+
$sql = "SELECT cl.id as cl_id, cl.status as cl_status,
cl.comment as cl_comment, deadline, planned_date, completed_date, ";
$sql .= "cl.component_id as cl_component_id, cl.location_code
as cl_location_code, num_open_cases, num_pending_cases ";
$sql .= "FROM controller_check_list cl ";
@@ -605,7 +627,12 @@
* @param $repeat_type_expr repeat type expression
* @return array with check list objects
*/
- function get_check_lists_for_control_and_component( $control_id,
$location_id, $component_id, $from_date_ts, $to_date_ts, $repeat_type = null ){
+ function get_check_lists_for_control_and_component( $control_id,
$location_id, $component_id, $from_date_ts, $to_date_ts, $repeat_type = null )
+ {
+ $control_id = (int) $control_id;
+ $location_id = (int) $location_id;
+ $component_id = (int) $component_id;
+
$sql = "SELECT cl.id as cl_id, cl.status as cl_status,
cl.comment as cl_comment, deadline, planned_date, completed_date, ";
$sql .= "cl.component_id as cl_component_id, cl.location_id as
cl_location_id, cl.location_code as cl_location_code, num_open_cases,
num_pending_cases ";
$sql .= "FROM controller_check_list cl ";
Modified: trunk/controller/inc/class.socontrol.inc.php
===================================================================
--- trunk/controller/inc/class.socontrol.inc.php 2012-08-14 12:31:16 UTC
(rev 9852)
+++ trunk/controller/inc/class.socontrol.inc.php 2012-08-14 13:19:01 UTC
(rev 9853)
@@ -120,8 +120,10 @@
* @param $role_id responsible role for carrying out the
control
* @return array with controls as objects or arrays
*/
- public function get_controls_by_location($location_code,
$from_date, $to_date, $repeat_type, $return_type = "return_object", $role_id =
'')
+ public function get_controls_by_location($location_code,
$from_date, $to_date, $repeat_type, $return_type = "return_object", $role_id =
0)
{
+ $role_id = (int) $role_id;
+
$controls_array = array();
$sql = "SELECT distinct c.*,
fm_responsibility_role.name AS responsibility_name ";
@@ -181,8 +183,10 @@
* @param $role_id responsible role for carrying out the
control
* @return array with controls as objects or arrays
*/
- public function
get_controls_for_components_by_location($location_code, $from_date, $to_date,
$repeat_type, $return_type = "return_object", $role_id = '')
+
+ public function
get_controls_for_components_by_location($location_code, $from_date, $to_date,
$repeat_type, $return_type = "return_object", $role_id = 0)
{
+ $role_id = (int) $role_id;
$controls_array = array();
$sql = "SELECT distinct c.*,
fm_responsibility_role.name AS responsibility_name, ccl.location_id,
ccl.component_id ";
@@ -245,8 +249,10 @@
* @param $role_id responsible role for carrying out the
control
* @return array of components as objects or arrays
*/
- public function get_controls_by_component($location_code,
$from_date, $to_date, $repeat_type = '', $return_type = "return_object",
$role_id = '', $filter = null)
+ public function get_controls_by_component($location_code,
$from_date, $to_date, $repeat_type = '', $return_type = "return_object",
$role_id = 0, $filter = null)
{
+ $role_id = (int) $role_id;
+
$controls_array = array();
$sql = "SELECT c.id as control_id, c.*, ";
@@ -414,11 +420,13 @@
*/
function get_locations_for_control($control_id)
{
+ $control_id = (int) $control_id;
+
$controls_array = array();
$sql = "SELECT c.id, c.title, cll.location_code ";
$sql .= "FROM controller_control c,
controller_control_location_list cll ";
- $sql .= "WHERE cll.control_id = $control_id ";
+ $sql .= "WHERE cll.control_id = {$control_id} ";
$sql .= "AND cll.control_id = c.id";
$this->db->query($sql);
@@ -451,12 +459,14 @@
* @param $control_id control id
* @return array with arrays of component info
*/
- function get_components_for_control($control_id)
+ function get_components_for_control($control_id)
{
+ $control_id = (int) $control_id;
+
$controls_array = array();
$sql = "SELECT ccl.control_id, ccl.component_id as
component_id, ccl.location_id as location_id, bim_type.description,
bim_item.location_code ";
- $sql .= "FROM controller_control_component_list ccl, fm_bim_item
bim_item, fm_bim_type bim_type ";
+ $sql .= "FROM controller_control_component_list ccl,
fm_bim_item bim_item, fm_bim_type bim_type ";
$sql .= "WHERE ccl.control_id = $control_id ";
$sql .= "AND ccl.component_id = bim_item.id ";
$sql .= "AND ccl.location_id = bim_type.location_id ";
Modified: trunk/controller/inc/class.socontrol_group.inc.php
===================================================================
--- trunk/controller/inc/class.socontrol_group.inc.php 2012-08-14 12:31:16 UTC
(rev 9852)
+++ trunk/controller/inc/class.socontrol_group.inc.php 2012-08-14 13:19:01 UTC
(rev 9853)
@@ -212,6 +212,7 @@
*/
function get_control_groups_as_array($control_area_id)
{
+ $control_area_id = (int) $control_area_id;
$results = array();
$sql = "SELECT * FROM controller_control_group WHERE
control_area_id=$control_area_id";
@@ -331,6 +332,7 @@
*/
function get_control_groups_by_control_area($control_area_id)
{
+ $control_area_id = (int) $control_area_id;
$controls_array = array();
$sql = "SELECT * FROM controller_control_group WHERE
control_area_id=$control_area_id";
@@ -368,7 +370,8 @@
*/
function get_control_areas_by_control_group($control_group_id)
{
- $sql = "SELECT control_area_id FROM
controller_control_group WHERE control_group_id=$control_group_id";
+ $control_group_id = (int) $control_group_id;
+ $sql = "SELECT control_area_id FROM
controller_control_group WHERE control_group_id={$control_group_id}";
$this->db->query($sql);
while($this->db->next_record()) {
@@ -458,6 +461,7 @@
*/
function get_components_for_control_group($control_group_id)
{
+ $control_group_id = (int) $control_group_id;
$results = array();
$sql = "select * from
controller_control_group_component_list where
control_group_id={$control_group_id}";
Modified: trunk/controller/inc/class.socontrol_group_list.inc.php
===================================================================
--- trunk/controller/inc/class.socontrol_group_list.inc.php 2012-08-14
12:31:16 UTC (rev 9852)
+++ trunk/controller/inc/class.socontrol_group_list.inc.php 2012-08-14
13:19:01 UTC (rev 9853)
@@ -142,7 +142,10 @@
*/
function get_group_list_by_control_and_group($control_id,
$control_group_id)
{
- $sql = "SELECT p.* FROM controller_control_group_list p
WHERE p.control_id=" . $control_id . " AND p.control_group_id=" .
$control_group_id;
+ $control_id = (int) $control_id;
+ $control_group_id = (int) $control_group_id;
+
+ $sql = "SELECT p.* FROM controller_control_group_list p
WHERE p.control_id={$control_id} AND p.control_group_id={$control_group_id}";
$this->db->limit_query($sql, 0, __LINE__, __FILE__, 1);
if($this->db->next_record()){
@@ -168,6 +171,9 @@
*/
function delete($control_id, $control_group_id)
{
+ $control_id = (int) $control_id;
+ $control_group_id = (int) $control_group_id;
+
$result = $this->db->query("DELETE FROM
controller_control_group_list WHERE control_id = $control_id AND
control_group_id = $control_group_id");
return isset($result);
@@ -181,6 +187,7 @@
*/
function delete_control_groups($control_id)
{
+ $control_id = (int) $control_id;
$result = $this->db->query("DELETE FROM
controller_control_group_list WHERE control_id = $control_id");
return isset($result);
@@ -195,9 +202,10 @@
*/
function get_control_groups_by_control($control_id, $returnType
= "object")
{
+ $control_id = (int) $control_id;
$sql = "SELECT cg.*, cgl.order_nr ";
$sql .= "FROM controller_control_group_list cgl,
controller_control_group cg ";
- $sql .= "WHERE cgl.control_id=$control_id ";
+ $sql .= "WHERE cgl.control_id={$control_id} ";
$sql .= "AND cgl.control_group_id=cg.id ";
$sql .= "ORDER BY cgl.order_nr";
Modified: trunk/controller/inc/class.socontrol_item.inc.php
===================================================================
--- trunk/controller/inc/class.socontrol_item.inc.php 2012-08-14 12:31:16 UTC
(rev 9852)
+++ trunk/controller/inc/class.socontrol_item.inc.php 2012-08-14 13:19:01 UTC
(rev 9853)
@@ -159,7 +159,9 @@
* @param $return_type return data as objects or as arrays
* @return control item object
*/
- public function get_single_with_options($id, $return_type =
"return_object"){
+ public function get_single_with_options($id, $return_type =
"return_object")
+ {
+ $id = (int)$id;
$sql = "SELECT ci.id as ci_id, ci.*, cio.id as cio_id,
cio.*, cg.group_name ";
$sql .= "FROM controller_control_item ci ";
$sql .= "LEFT JOIN controller_control_item_option as
cio ON cio.control_item_id = ci.id ";
@@ -227,7 +229,8 @@
*/
function delete_option_values($control_item_id)
{
- $sql = "delete from controller_control_item_option
where control_item_id=$control_item_id";
+ $control_item_id = (int)$control_item_id;
+ $sql = "delete from controller_control_item_option
where control_item_id={$control_item_id}";
$this->db->query($sql);
}
@@ -408,6 +411,9 @@
*/
function get_items_for_control_group($control_id,
$control_group_id)
{
+ $control_id = (int) $control_id;
+ $control_group_id = (int) $control_group_id;
+
$results = array();
$sql = "select ci.* from controller_control_item ci,
controller_control_item_list cil where ci.control_group_id =
{$control_group_id} and cil.control_id = {$control_id} and ci.id =
cil.control_item_id";
Modified: trunk/controller/inc/class.socontrol_item_list.inc.php
===================================================================
--- trunk/controller/inc/class.socontrol_item_list.inc.php 2012-08-14
12:31:16 UTC (rev 9852)
+++ trunk/controller/inc/class.socontrol_item_list.inc.php 2012-08-14
13:19:01 UTC (rev 9853)
@@ -132,6 +132,9 @@
*/
function get_single_2($control_id, $control_item_id)
{
+ $control_id = (int) $control_id;
+ $control_item_id = (int) $control_item_id;
+
$sql = "SELECT cil.* FROM controller_control_item_list
cil WHERE cil.control_id = " . $control_id . " AND cil.control_item_id = " .
$control_item_id;
$this->db->limit_query($sql, 0, __LINE__, __FILE__, 1);
$this->db->next_record();
@@ -153,6 +156,8 @@
*/
function get_control_items($control_group_id, $return_type =
"return_object")
{
+ $control_group_id = (int) $control_group_id;
+
$results = array();
$sql = "SELECT * ";
@@ -187,6 +192,8 @@
*/
function get_control_items_by_control($control_id, $returnType
= "return_object")
{
+ $control_id = (int) $control_id;
+
$results = array();
$sql = "SELECT ci.* ";
@@ -224,6 +231,9 @@
*/
function get_control_items_by_control_and_group($control_id,
$control_group_id, $returnType = "return_array")
{
+ $control_id = (int) $control_id;
+ $control_group_id = (int) $control_group_id;
+
$results = array();
$sql = "SELECT ci.* ";
@@ -264,6 +274,9 @@
*/
function
get_control_items_and_options_by_control_and_group($control_id,
$control_group_id, $return_type = "return_array")
{
+ $control_id = (int) $control_id;
+ $control_group_id = (int) $control_group_id;
+
$results = array();
$sql = "SELECT ci.id as ci_id, ci.*, cio.id as cio_id,
cio.* ";
@@ -338,6 +351,9 @@
*/
function delete($control_id, $control_item_id)
{
+ $control_id = (int) $control_id;
+ $control_item_id = (int) $control_item_id;
+
$result = $this->db->query("DELETE FROM
controller_control_item_list WHERE control_id = $control_id AND control_item_id
= $control_item_id", __LINE__,__FILE__);
return isset($result);
@@ -351,6 +367,7 @@
*/
function delete_control_items($control_id)
{
+ $control_id = (int) $control_id;
$result = $this->db->query("DELETE FROM
controller_control_item_list WHERE control_id = $control_id");
return isset($result);
@@ -365,6 +382,9 @@
*/
function delete_control_items_for_group_list($control_id,
$control_group_id)
{
+ $control_id = (int) $control_id;
+ $control_group_id = (int) $control_group_id;
+
$sql = "DELETE FROM controller_control_item_list ";
$sql .= "USING controller_control_item ";
$sql .= "WHERE control_id = $control_id ";
Modified: trunk/controller/inc/class.sodocument.inc.php
===================================================================
--- trunk/controller/inc/class.sodocument.inc.php 2012-08-14 12:31:16 UTC
(rev 9852)
+++ trunk/controller/inc/class.sodocument.inc.php 2012-08-14 13:19:01 UTC
(rev 9853)
@@ -153,6 +153,8 @@
function populate(int $document_id, &$document)
{
+ $document_id = (int) $document_id;
+
if($document == null)
{
$document = new controller_document($document_id);
Modified: trunk/controller/inc/class.soprocedure.inc.php
===================================================================
--- trunk/controller/inc/class.soprocedure.inc.php 2012-08-14 12:31:16 UTC
(rev 9852)
+++ trunk/controller/inc/class.soprocedure.inc.php 2012-08-14 13:19:01 UTC
(rev 9853)
@@ -252,6 +252,7 @@
function get_procedures_by_control_area($control_area_id)
{
+ $control_area_id = (int) $control_area_id;
$results = array();
$sql = "SELECT * FROM controller_procedure WHERE
control_area_id={$control_area_id} AND end_date IS NULL ORDER BY title ASC";
@@ -351,6 +352,7 @@
function get_old_revisions($id)
{
+ $id = (int) $id;
$results = array();
$sql = "SELECT p.* FROM controller_procedure p WHERE
procedure_id = {$id} ORDER BY end_date DESC";
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [9853] controller: typecasting to avoid errors,
Sigurd Nes <=