escape all identifiers with backticks

author: jfd <jfd@underverse> 2012-07-30 20:46:14 +0200
committer: Jörn Friedrich Dreyer <jfd@butonic.de> 2012-07-31 18:53:05 +0200
commit: ede464f05872574a703c36d8d976b5c97e55c23f (patch)
tree: c075f46d52b905a93cb5d3137af5198de83d34f2 /apps/gallery/lib
parent: 3c5670b662ea9e5ee36146f10f63faaadacb8187 (diff)
download: nextcloud-server-ede464f05872574a703c36d8d976b5c97e55c23f.tar.gz
nextcloud-server-ede464f05872574a703c36d8d976b5c97e55c23f.zip
4 files changed, 34 insertions, 34 deletions
diff --git a/apps/gallery/lib/album.php b/apps/gallery/lib/album.php
index 5f962f12f12..b9aa5356292 100644
--- a/apps/gallery/lib/album.php
+++ b/apps/gallery/lib/album.php
@@ -23,7 +23,7 @@
 
 class OC_Gallery_Album {
 	public static function create($owner, $name, $path){
-		$stmt = OCP\DB::prepare('INSERT INTO *PREFIX*gallery_albums (uid_owner, album_name, album_path, parent_path) VALUES (?, ?, ?, ?)');
+		$stmt = OCP\DB::prepare('INSERT INTO `*PREFIX*gallery_albums` (`uid_owner`, `album_name`, `album_path`, `parent_path`) ALUES (?, ?, ?, ?)');
 		$stmt->execute(array($owner, $name, $path, self::getParentPath($path)));
 	}
 
@@ -40,18 +40,18 @@ class OC_Gallery_Album {
 	}
 
 	public static function remove($owner, $name=null, $path=null, $parent=null) {
-		$sql = 'DELETE FROM *PREFIX*gallery_albums WHERE uid_owner LIKE ?';
+		$sql = 'DELETE FROM `*PREFIX*gallery_albums` WHERE `uid_owner` LIKE ?';
 		$args = array($owner);
 		if (!is_null($name)){
-			$sql .= ' AND album_name LIKE ?';
+			$sql .= ' AND `album_name` LIKE ?';
 			$args[] = $name;
 		}
 		if (!is_null($path)){
-			$sql .= ' AND album_path LIKE ?';
+			$sql .= ' AND `album_path` LIKE ?';
 			$args[] = $path;
 		}
 		if (!is_null($parent)){
-			$sql .= ' AND parent_path LIKE ?';
+			$sql .= ' AND `parent_path` LIKE ?';
 			$args[] = $parent;
 		}
 		$stmt = OCP\DB::prepare($sql);
@@ -63,29 +63,29 @@ class OC_Gallery_Album {
 	public static function removeByParentPath($owner, $parent) { self::remove($owner, null, null, $parent); }
 	
 	public static function find($owner, $name=null, $path=null, $parent=null){
-		$sql = 'SELECT * FROM *PREFIX*gallery_albums WHERE uid_owner = ?';
+		$sql = 'SELECT * FROM `*PREFIX*gallery_albums` WHERE `uid_owner` = ?';
 		$args = array($owner);
 		if (!is_null($name)){
-			$sql .= ' AND album_name = ?';
+			$sql .= ' AND `album_name` = ?';
 			$args[] = $name;
 		}
 		if (!is_null($path)){
-			$sql .= ' AND album_path = ?';
+			$sql .= ' AND `album_path` = ?';
 			$args[] = $path;
 		}
 		if (!is_null($parent)){
-			$sql .= ' AND parent_path = ?';
+			$sql .= ' AND `parent_path` = ?';
 			$args[] = $parent;
 		}
     $order = OCP\Config::getUserValue($owner, 'gallery', 'order', 'ASC');
-		$sql .= ' ORDER BY album_name ' . $order;
+		$sql .= ' ORDER BY `album_name` ' . $order;
 
 		$stmt = OCP\DB::prepare($sql);
 		return $stmt->execute($args);
 	}
 
 	public static function changePath($oldname, $newname, $owner) {
-		$stmt = OCP\DB::prepare('UPDATE *PREFIX*gallery_albums SET album_path=? WHERE uid_owner=? AND album_path=?');
+		$stmt = OCP\DB::prepare('UPDATE `*PREFIX*gallery_albums` SET `album_path`=? WHERE `uid_owner`=? AND `album_path`=?');
 		$stmt->execute(array($newname, $owner, $oldname));
 	}
 
@@ -96,7 +96,7 @@ class OC_Gallery_Album {
 	}
 
 	public static function getAlbumSize($id){
-    $sql = 'SELECT COUNT(*) as size FROM *PREFIX*gallery_photos WHERE album_id = ?';
+		$sql = 'SELECT COUNT(*) AS `size` FROM `*PREFIX*gallery_photos` WHERE `album_id` = ?';
     $stmt = OCP\DB::prepare($sql);
     $result=$stmt->execute(array($id))->fetchRow();
     return $result['size'];
@@ -104,7 +104,7 @@ class OC_Gallery_Album {
 
   public static function getIntermediateGallerySize($path) {
     $path .= '%';
-    $sql = 'SELECT COUNT(*) as size FROM *PREFIX*gallery_photos photos, *PREFIX*gallery_albums albums WHERE photos.album_id = albums.album_id AND uid_owner = ? AND file_path LIKE ?';
+		$sql = 'SELECT COUNT(*) AS `size` FROM `*PREFIX*gallery_photos` AS `photos`, `*PREFIX*gallery_albums` AS `albums` WHERE `photos`.`album_id` = `albums`.`album_id` AND `uid_owner` = ? AND `file_path` LIKE ?';
     $stmt = OCP\DB::prepare($sql);
     $result = $stmt->execute(array(OCP\USER::getUser(), $path))->fetchRow();
     return $result['size'];
diff --git a/apps/gallery/lib/managers.php b/apps/gallery/lib/managers.php
index da09c565cb9..82356e54dda 100644
--- a/apps/gallery/lib/managers.php
+++ b/apps/gallery/lib/managers.php
@@ -17,7 +17,7 @@ class DatabaseManager {
 	public function getFileData($path) {
 		$gallery_path = \OCP\Config::getSystemValue( 'datadirectory' ).'/'.\OC_User::getUser().'/gallery';
 		$path = $gallery_path.$path;
-		$stmt = \OCP\DB::prepare('SELECT * FROM *PREFIX*pictures_images_cache WHERE uid_owner LIKE ? AND path = ?');
+		$stmt = \OCP\DB::prepare('SELECT * FROM `*PREFIX*pictures_images_cache` WHERE `uid_owner` LIKE ? AND `path` = ?');
 		$result = $stmt->execute(array(\OCP\USER::getUser(), $path));
 		if (($row = $result->fetchRow()) != false) {
 			return $row;
@@ -26,7 +26,7 @@ class DatabaseManager {
 		if (!$image->loadFromFile($path)) {
 			return false;
 		}
-		$stmt = \OCP\DB::prepare('INSERT INTO *PREFIX*pictures_images_cache (uid_owner, path, width, height) VALUES (?, ?, ?, ?)');
+		$stmt = \OCP\DB::prepare('INSERT INTO `*PREFIX*pictures_images_cache` (`uid_owner`, `path`, `width`, `height`) VALUES (?, ?, ?, ?)');
 		$stmt->execute(array(\OCP\USER::getUser(), $path, $image->width(), $image->height()));
 		$ret = array('path' => $path, 'width' => $image->width(), 'height' => $image->height());
 		unset($image);
diff --git a/apps/gallery/lib/photo.php b/apps/gallery/lib/photo.php
index 99384af621a..1b4f908773e 100644
--- a/apps/gallery/lib/photo.php
+++ b/apps/gallery/lib/photo.php
@@ -23,14 +23,14 @@
 
 class OC_Gallery_Photo {
 	public static function create($albumId, $img){
-		$stmt = OCP\DB::prepare('INSERT INTO *PREFIX*gallery_photos (album_id, file_path) VALUES (?, ?)');
+		$stmt = OCP\DB::prepare('INSERT INTO `*PREFIX*gallery_photos` (`album_id`, `file_path`) VALUES (?, ?)');
 		$stmt->execute(array($albumId, $img));
 	}
 	public static function find($albumId, $img=null){
-		$sql = 'SELECT * FROM *PREFIX*gallery_photos WHERE album_id = ?';
+		$sql = 'SELECT * FROM `*PREFIX*gallery_photos` WHERE `album_id` = ?';
 		$args = array($albumId);
 		if (!is_null($img)){
-			$sql .= ' AND file_path = ?';
+			$sql .= ' AND `file_path` = ?';
 			$args[] = $img;
 		}
 		$stmt = OCP\DB::prepare($sql);
@@ -38,31 +38,31 @@ class OC_Gallery_Photo {
 	}
 	public static function findForAlbum($owner, $album_name){
 		$stmt = OCP\DB::prepare('SELECT *'
-			.' FROM *PREFIX*gallery_photos photos,'
-				.' *PREFIX*gallery_albums albums'
-			.' WHERE albums.uid_owner = ?'
-				.' AND albums.album_name = ?'
-				.' AND photos.album_id = albums.album_id');
+			.' FROM `*PREFIX*gallery_photos photos`,'
+				.' `*PREFIX*gallery_albums albums`'
+			.' WHERE `albums`.`uid_owner` = ?'
+				.' AND `albums`.`album_name` = ?'
+				.' AND `photos`.`album_id` = `albums`.`album_id`');
 		return $stmt->execute(array($owner, $album_name));
 	}
 
   public static function removeByPath($path, $album_id) {
-    $stmt = OCP\DB::prepare('DELETE FROM *PREFIX*gallery_photos WHERE file_path LIKE ? and album_id = ?');
+    $stmt = OCP\DB::prepare('DELETE FROM `*PREFIX*gallery_photos` WHERE `file_path` LIKE ? AND `album_id` = ?');
 		$stmt->execute(array($path, $album_id));
 	}
 
 	public static function removeById($id) {
-		$stmt = OCP\DB::prepare('DELETE FROM *PREFIX*gallery_photos WHERE photo_id = ?');
+		$stmt = OCP\DB::prepare('DELETE FROM `*PREFIX*gallery_photos` WHERE `photo_id` = ?');
 		$stmt->execute(array($id));
 	}
 
 	public static function removeByAlbumId($albumid) {
-		$stmt = OCP\DB::prepare('DELETE FROM *PREFIX*gallery_photos WHERE album_id = ?');
+		$stmt = OCP\DB::prepare('DELETE FROM `*PREFIX*gallery_photos` WHERE `album_id` = ?');
 		$stmt->execute(array($albumid));
 	}
 
 	public static function changePath($oldAlbumId, $newAlbumId, $oldpath, $newpath) {
-		$stmt = OCP\DB::prepare("UPDATE *PREFIX*gallery_photos SET file_path = ?, album_id = ? WHERE album_id = ? and file_path = ?");
+		$stmt = OCP\DB::prepare("UPDATE `*PREFIX*gallery_photos` SET `file_path` = ?, `album_id` = ? WHERE `album_id` = ? AND `file_path` = ?");
 		$stmt->execute(array($newpath, $newAlbumId, $oldAlbumId, $oldpath));
 	}
 
diff --git a/apps/gallery/lib/sharing.php b/apps/gallery/lib/sharing.php
index fffeca032a3..e79692392a8 100644
--- a/apps/gallery/lib/sharing.php
+++ b/apps/gallery/lib/sharing.php
@@ -23,7 +23,7 @@
 
 class OC_Gallery_Sharing {
   private static function getEntries($token) {
-    $sql = 'SELECT * FROM *PREFIX*gallery_sharing WHERE token = ?';
+    $sql = 'SELECT * FROM `*PREFIX*gallery_sharing` WHERE `token` = ?';
     $stmt = OCP\DB::prepare($sql);
     return $stmt->execute(array($token));
   }
@@ -44,7 +44,7 @@ class OC_Gallery_Sharing {
     $r = self::getEntries($token);
     if ($row = $r->fetchRow()) {
       $galleryId = $row['gallery_id'];
-      $sql = 'SELECT * FROM *PREFIX*gallery_albums WHERE album_id = ?';
+      $sql = 'SELECT * FROM `*PREFIX*gallery_albums` WHERE `album_id` = ?';
       $stmt = OCP\DB::prepare($sql);
       $r = $stmt->execute(array($galleryId));
       if ($row = $r->fetchRow())
@@ -57,7 +57,7 @@ class OC_Gallery_Sharing {
     $r = self::getEntries($token);
     if ($row = $r->fetchRow()) {
       $galleryId = $row['gallery_id'];
-      $sql = 'SELECT * FROM *PREFIX*gallery_albums WHERE album_id = ?';
+      $sql = 'SELECT * FROM `*PREFIX*gallery_albums` WHERE `album_id` = ?';
       $stmt = OCP\DB::prepare($sql);
       $r = $stmt->execute(array($galleryId));
       if ($row = $r->fetchRow())
@@ -66,23 +66,23 @@ class OC_Gallery_Sharing {
   }
 
   public static function updateSharingByToken($token, $recursive) {
-    $stmt = OCP\DB::prepare('UPDATE *PREFIX*gallery_sharing SET recursive = ? WHERE token = ?');
+    $stmt = OCP\DB::prepare('UPDATE `*PREFIX*gallery_sharing` SET `recursive` = ? WHERE `token` = ?');
     $stmt->execute(array($recursive, $token));
   }
 
   public static function getEntryByAlbumId($album_id) {
-    $stmt = OCP\DB::prepare('SELECT * FROM *PREFIX*gallery_sharing WHERE gallery_id = ?');
+    $stmt = OCP\DB::prepare('SELECT * FROM `*PREFIX*gallery_sharing` WHERE `gallery_id` = ?');
     return $stmt->execute(array($album_id));
   }
 
   public static function addShared($token, $albumId, $recursive) {
-    $sql = 'INSERT INTO *PREFIX*gallery_sharing (token, gallery_id, recursive) VALUES (?, ?, ?)';
+    $sql = 'INSERT INTO `*PREFIX*gallery_sharing` (`token`, `gallery_id`, `recursive`) VALUES (?, ?, ?)';
     $stmt = OCP\DB::prepare($sql);
     $stmt->execute(array($token, $albumId, $recursive));
   }
 
   public static function remove($albumId) {
-    $stmt = OCP\DB::prepare('DELETE FROM *PREFIX*gallery_sharing WHERE gallery_id = ?');
+    $stmt = OCP\DB::prepare('DELETE FROM `*PREFIX*gallery_sharing` WHERE `gallery_id` = ?');
     $stmt->execute(array($albumId));
   }
 }
author	jfd <jfd@underverse>	2012-07-30 20:46:14 +0200
committer	Jörn Friedrich Dreyer <jfd@butonic.de>	2012-07-31 18:53:05 +0200
commit	ede464f05872574a703c36d8d976b5c97e55c23f (patch)
tree	c075f46d52b905a93cb5d3137af5198de83d34f2 /apps/gallery/lib
parent	3c5670b662ea9e5ee36146f10f63faaadacb8187 (diff)
download	nextcloud-server-ede464f05872574a703c36d8d976b5c97e55c23f.tar.gz nextcloud-server-ede464f05872574a703c36d8d976b5c97e55c23f.zip