diff options
| author | jfd <jfd@underverse> | 2012-07-30 20:46:14 +0200 |
|---|---|---|
| committer | Jörn Friedrich Dreyer <jfd@butonic.de> | 2012-07-31 18:53:05 +0200 |
| commit | ede464f05872574a703c36d8d976b5c97e55c23f (patch) | |
| tree | c075f46d52b905a93cb5d3137af5198de83d34f2 /apps/contacts/lib | |
| parent | 3c5670b662ea9e5ee36146f10f63faaadacb8187 (diff) | |
| download | nextcloud-server-ede464f05872574a703c36d8d976b5c97e55c23f.tar.gz nextcloud-server-ede464f05872574a703c36d8d976b5c97e55c23f.zip | |
escape all identifiers with backticks
Diffstat (limited to 'apps/contacts/lib')
| -rw-r--r-- | apps/contacts/lib/addressbook.php | 16 | ||||
| -rw-r--r-- | apps/contacts/lib/vcard.php | 24 |
2 files changed, 20 insertions, 20 deletions
diff --git a/apps/contacts/lib/addressbook.php b/apps/contacts/lib/addressbook.php index 634d59eb9bd..1953b296616 100644 --- a/apps/contacts/lib/addressbook.php +++ b/apps/contacts/lib/addressbook.php @@ -44,7 +44,7 @@ class OC_Contacts_Addressbook{ * @return array */ public static function all($uid){ - $stmt = OCP\DB::prepare( 'SELECT * FROM *PREFIX*contacts_addressbooks WHERE userid = ? ORDER BY displayname' ); + $stmt = OCP\DB::prepare( 'SELECT * FROM `*PREFIX*contacts_addressbooks` WHERE `userid` = ? ORDER BY `displayname`' ); $result = $stmt->execute(array($uid)); $addressbooks = array(); @@ -72,7 +72,7 @@ class OC_Contacts_Addressbook{ */ public static function find($id){ try { - $stmt = OCP\DB::prepare( 'SELECT * FROM *PREFIX*contacts_addressbooks WHERE id = ?' ); + $stmt = OCP\DB::prepare( 'SELECT * FROM `*PREFIX*contacts_addressbooks` WHERE `id` = ?' ); $result = $stmt->execute(array($id)); return $result->fetchRow(); } catch(Exception $e) { @@ -98,7 +98,7 @@ class OC_Contacts_Addressbook{ $uri = self::createURI($name, $uris ); - $stmt = OCP\DB::prepare( 'INSERT INTO *PREFIX*contacts_addressbooks (userid,displayname,uri,description,ctag) VALUES(?,?,?,?,?)' ); + $stmt = OCP\DB::prepare( 'INSERT INTO `*PREFIX*contacts_addressbooks` (`userid`,`displayname`,`uri`,`description`,`ctag`) VALUES(?,?,?,?,?)' ); $result = $stmt->execute(array($userid,$name,$uri,$description,1)); return OCP\DB::insertid('*PREFIX*contacts_addressbooks'); @@ -115,7 +115,7 @@ class OC_Contacts_Addressbook{ public static function addFromDAVData($principaluri,$uri,$name,$description){ $userid = self::extractUserID($principaluri); - $stmt = OCP\DB::prepare( 'INSERT INTO *PREFIX*contacts_addressbooks (userid,displayname,uri,description,ctag) VALUES(?,?,?,?,?)' ); + $stmt = OCP\DB::prepare( 'INSERT INTO `*PREFIX*contacts_addressbooks` (`userid`,`displayname`,`uri`,`description`,`ctag`) VALUES(?,?,?,?,?)' ); $result = $stmt->execute(array($userid,$name,$uri,$description,1)); return OCP\DB::insertid('*PREFIX*contacts_addressbooks'); @@ -139,7 +139,7 @@ class OC_Contacts_Addressbook{ $description = $addressbook['description']; } - $stmt = OCP\DB::prepare( 'UPDATE *PREFIX*contacts_addressbooks SET displayname=?,description=?, ctag=ctag+1 WHERE id=?' ); + $stmt = OCP\DB::prepare( 'UPDATE `*PREFIX*contacts_addressbooks` SET `displayname`=?,`description`=?, `ctag`=`ctag`+1 WHERE `id`=?' ); $result = $stmt->execute(array($name,$description,$id)); return true; @@ -208,7 +208,7 @@ class OC_Contacts_Addressbook{ return $addressbooks; } $ids_sql = join(',', array_fill(0, count($active), '?')); - $prep = 'SELECT * FROM *PREFIX*contacts_addressbooks WHERE id IN ('.$ids_sql.') ORDER BY displayname'; + $prep = 'SELECT * FROM `*PREFIX*contacts_addressbooks` WHERE `id` IN ('.$ids_sql.') ORDER BY `displayname`'; try { $stmt = OCP\DB::prepare( $prep ); $result = $stmt->execute($active); @@ -275,7 +275,7 @@ class OC_Contacts_Addressbook{ public static function delete($id){ // FIXME: There's no error checking at all. self::setActive($id, false); - $stmt = OCP\DB::prepare( 'DELETE FROM *PREFIX*contacts_addressbooks WHERE id = ?' ); + $stmt = OCP\DB::prepare( 'DELETE FROM `*PREFIX*contacts_addressbooks` WHERE `id` = ?' ); $stmt->execute(array($id)); $cards = OC_Contacts_VCard::all($id); @@ -292,7 +292,7 @@ class OC_Contacts_Addressbook{ * @return boolean */ public static function touch($id){ - $stmt = OCP\DB::prepare( 'UPDATE *PREFIX*contacts_addressbooks SET ctag = ctag + 1 WHERE id = ?' ); + $stmt = OCP\DB::prepare( 'UPDATE `*PREFIX*contacts_addressbooks` SET `ctag` = `ctag` + 1 WHERE `id` = ?' ); $stmt->execute(array($id)); return true; diff --git a/apps/contacts/lib/vcard.php b/apps/contacts/lib/vcard.php index 7c8dbd2ee49..a0491c6323c 100644 --- a/apps/contacts/lib/vcard.php +++ b/apps/contacts/lib/vcard.php @@ -51,7 +51,7 @@ class OC_Contacts_VCard{ $result = null; if(is_array($id) && count($id) > 1) { $id_sql = join(',', array_fill(0, count($id), '?')); - $prep = 'SELECT * FROM *PREFIX*contacts_cards WHERE addressbookid IN ('.$id_sql.') ORDER BY fullname'; + $prep = 'SELECT * FROM `*PREFIX*contacts_cards` WHERE `addressbookid` IN ('.$id_sql.') ORDER BY `fullname`'; try { $stmt = OCP\DB::prepare( $prep ); $result = $stmt->execute($id); @@ -68,7 +68,7 @@ class OC_Contacts_VCard{ $id = $id[0]; } try { - $stmt = OCP\DB::prepare( 'SELECT * FROM *PREFIX*contacts_cards WHERE addressbookid = ? ORDER BY fullname' ); + $stmt = OCP\DB::prepare( 'SELECT * FROM `*PREFIX*contacts_cards` WHERE `addressbookid` = ? ORDER BY `fullname`' ); $result = $stmt->execute(array($id)); } catch(Exception $e) { OCP\Util::writeLog('contacts','OC_Contacts_VCard:all:, exception: '.$e->getMessage(),OCP\Util::ERROR); @@ -94,7 +94,7 @@ class OC_Contacts_VCard{ * @return associative array */ public static function find($id){ - $stmt = OCP\DB::prepare( 'SELECT * FROM *PREFIX*contacts_cards WHERE id = ?' ); + $stmt = OCP\DB::prepare( 'SELECT * FROM `*PREFIX*contacts_cards` WHERE `id` = ?' ); $result = $stmt->execute(array($id)); return $result->fetchRow(); @@ -107,7 +107,7 @@ class OC_Contacts_VCard{ * @return associative array */ public static function findWhereDAVDataIs($aid,$uri){ - $stmt = OCP\DB::prepare( 'SELECT * FROM *PREFIX*contacts_cards WHERE addressbookid = ? AND uri = ?' ); + $stmt = OCP\DB::prepare( 'SELECT * FROM `*PREFIX*contacts_cards` WHERE `addressbookid` = ? AND `uri` = ?' ); $result = $stmt->execute(array($aid,$uri)); return $result->fetchRow(); @@ -156,7 +156,7 @@ class OC_Contacts_VCard{ * @returns true if the UID has been changed. */ protected static function trueUID($aid, &$uid) { - $stmt = OCP\DB::prepare( 'SELECT * FROM *PREFIX*contacts_cards WHERE addressbookid = ? AND uri = ?' ); + $stmt = OCP\DB::prepare( 'SELECT * FROM `*PREFIX*contacts_cards` WHERE `addressbookid` = ? AND `uri` = ?' ); $uri = $uid.'.vcf'; $result = $stmt->execute(array($aid,$uri)); if($result->numRows() > 0){ @@ -297,7 +297,7 @@ class OC_Contacts_VCard{ } $data = $card->serialize(); - $stmt = OCP\DB::prepare( 'INSERT INTO *PREFIX*contacts_cards (addressbookid,fullname,carddata,uri,lastmodified) VALUES(?,?,?,?,?)' ); + $stmt = OCP\DB::prepare( 'INSERT INTO `*PREFIX*contacts_cards` (`addressbookid`,`fullname`,`carddata`,`uri`,`lastmodified`) VALUES(?,?,?,?,?)' ); $result = $stmt->execute(array($aid,$fn,$data,$uri,time())); $newid = OCP\DB::insertid('*PREFIX*contacts_cards'); @@ -323,7 +323,7 @@ class OC_Contacts_VCard{ * @param array $objects An array of [id, carddata]. */ public static function updateDataByID($objects){ - $stmt = OCP\DB::prepare( 'UPDATE *PREFIX*contacts_cards SET carddata = ?, lastmodified = ? WHERE id = ?' ); + $stmt = OCP\DB::prepare( 'UPDATE `*PREFIX*contacts_cards` SET `carddata` = ?, `lastmodified` = ? WHERE `id` = ?' ); $now = new DateTime; foreach($objects as $object) { $vcard = OC_VObject::parse($object[1]); @@ -365,7 +365,7 @@ class OC_Contacts_VCard{ $card->setString('REV', $now->format(DateTime::W3C)); $data = $card->serialize(); - $stmt = OCP\DB::prepare( 'UPDATE *PREFIX*contacts_cards SET fullname = ?,carddata = ?, lastmodified = ? WHERE id = ?' ); + $stmt = OCP\DB::prepare( 'UPDATE `*PREFIX*contacts_cards` SET `fullname` = ?,`carddata` = ?, `lastmodified` = ? WHERE `id` = ?' ); $result = $stmt->execute(array($fn,$data,time(),$id)); OC_Contacts_Addressbook::touch($oldcard['addressbookid']); @@ -397,7 +397,7 @@ class OC_Contacts_VCard{ */ public static function delete($id){ // FIXME: Add error checking. - $stmt = OCP\DB::prepare( 'DELETE FROM *PREFIX*contacts_cards WHERE id = ?' ); + $stmt = OCP\DB::prepare( 'DELETE FROM `*PREFIX*contacts_cards` WHERE `id` = ?' ); $stmt->execute(array($id)); return true; @@ -411,7 +411,7 @@ class OC_Contacts_VCard{ */ public static function deleteFromDAVData($aid,$uri){ // FIXME: Add error checking. Deleting a card gives an Kontact/Akonadi error. - $stmt = OCP\DB::prepare( 'DELETE FROM *PREFIX*contacts_cards WHERE addressbookid = ? AND uri=?' ); + $stmt = OCP\DB::prepare( 'DELETE FROM `*PREFIX*contacts_cards` WHERE `addressbookid` = ? AND `uri`=?' ); $stmt->execute(array($aid,$uri)); OC_Contacts_Addressbook::touch($aid); @@ -546,7 +546,7 @@ class OC_Contacts_VCard{ OC_Contacts_App::getAddressbook($aid); // check for user ownership. if(is_array($id)) { $id_sql = join(',', array_fill(0, count($id), '?')); - $prep = 'UPDATE *PREFIX*contacts_cards SET addressbookid = ? WHERE id IN ('.$id_sql.')'; + $prep = 'UPDATE `*PREFIX*contacts_cards` SET `addressbookid` = ? WHERE `id` IN ('.$id_sql.')'; try { $stmt = OCP\DB::prepare( $prep ); //$aid = array($aid); @@ -560,7 +560,7 @@ class OC_Contacts_VCard{ } } else { try { - $stmt = OCP\DB::prepare( 'UPDATE *PREFIX*contacts_cards SET addressbookid = ? WHERE id = ?' ); + $stmt = OCP\DB::prepare( 'UPDATE `*PREFIX*contacts_cards` SET `addressbookid` = ? WHERE `id` = ?' ); $result = $stmt->execute(array($aid, $id)); } catch(Exception $e) { OCP\Util::writeLog('contacts','OC_Contacts_VCard::moveToAddressBook:, exception: '.$e->getMessage(),OCP\Util::DEBUG); |