diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-08-12 13:14:39 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-08-12 13:14:39 +0000 |
| commit | 8405f0d324fd42bec2f775986e69e5d8cf548ebf (patch) | |
| tree | efa8caf14f78d67ece434c39e294532adbd20a8b /phpBB/includes/functions_user.php | |
| parent | 0c6bfcf4c715b64d8c971adb6077018994fe5ce9 (diff) | |
| download | forums-8405f0d324fd42bec2f775986e69e5d8cf548ebf.tar forums-8405f0d324fd42bec2f775986e69e5d8cf548ebf.tar.gz forums-8405f0d324fd42bec2f775986e69e5d8cf548ebf.tar.bz2 forums-8405f0d324fd42bec2f775986e69e5d8cf548ebf.tar.xz forums-8405f0d324fd42bec2f775986e69e5d8cf548ebf.zip | |
sql_in_set changes
git-svn-id: file:///svn/phpbb/trunk@6271 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions_user.php')
| -rw-r--r-- | phpBB/includes/functions_user.php | 110 |
1 files changed, 55 insertions, 55 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index bc1c41b087..c03e92d0b0 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -34,7 +34,7 @@ function user_get_id_name(&$user_id_ary, &$username_ary) $$which_ary = array($$which_ary); } - $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $$which_ary); + $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : $$which_ary; unset($$which_ary); $user_id_ary = $username_ary = array(); @@ -42,8 +42,8 @@ function user_get_id_name(&$user_id_ary, &$username_ary) // Grab the user id/username records $sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username'; $sql = 'SELECT user_id, username - FROM ' . USERS_TABLE . " - WHERE $sql_where IN (" . implode(', ', $sql_in) . ')'; + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set($sql_where, $sql_in); $result = $db->sql_query($sql); if (!($row = $db->sql_fetchrow($result))) @@ -307,7 +307,7 @@ function user_delete($mode, $user_id, $post_username = false) { $sql = 'SELECT topic_id, topic_replies, topic_replies_real FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')'; + WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); $result = $db->sql_query($sql); $del_topic_ary = array(); @@ -323,7 +323,7 @@ function user_delete($mode, $user_id, $post_username = false) if (sizeof($del_topic_ary)) { $sql = 'DELETE FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary); $db->sql_query($sql); } } @@ -528,24 +528,23 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas $username = trim($username); if ($username != '') { - $sql_usernames[] = "'" . $db->sql_escape($username) . "'"; + $sql_usernames[] = strtolower($username); } } - $sql_usernames = implode(', ', $sql_usernames); // Make sure we have been given someone to ban - if (empty($sql_usernames)) + if (!sizeof($sql_usernames)) { trigger_error($user->lang['NO_USER_SPECIFIED']); } $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' - WHERE username IN (' . $sql_usernames . ')'; + WHERE ' . $db->sql_in_set('LOWER(username)', $sql_usernames); if (sizeof($founder)) { - $sql .= ' AND user_id NOT IN (' . implode(', ', array_keys($founder)) . ')'; + $sql .= ' AND ' . $db->sql_in_set('user_id', array_keys($founder), true); } $result = $db->sql_query($sql); @@ -762,17 +761,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas switch ($mode) { case 'user': - $sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE session_user_id IN (' . implode(', ', $banlist_ary) . ')'; + $sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary); break; case 'ip': - $banlist_ary_sql = array(); - - foreach ($banlist_ary as $ban_entry) - { - $banlist_ary_sql[] = "'" . $db->sql_escape($ban_entry) . "'"; - } - $sql_where = 'WHERE session_ip IN (' . implode(', ', $banlist_ary_sql) . ')'; + $sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary); break; case 'email': @@ -780,12 +773,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas foreach ($banlist_ary as $ban_entry) { - $banlist_ary_sql[] = "'" . $db->sql_escape(str_replace('*', '%', $ban_entry)) . "'"; + $banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry); } $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' - WHERE user_email IN (' . implode(', ', $banlist_ary_sql) . ')'; + WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql); $result = $db->sql_query($sql); $sql_in = array(); @@ -798,7 +791,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas } while ($row = $db->sql_fetchrow($result)); - $sql_where = 'WHERE session_user_id IN (' . implode(', ', $sql_in) . ")"; + $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in); } $db->sql_freeresult($result); break; @@ -812,7 +805,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas if ($mode == 'user') { - $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE user_id IN (' . implode(', ', $banlist_ary) . ')'); + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary)); $db->sql_query($sql); } } @@ -847,30 +840,30 @@ function user_unban($mode, $ban) $ban = array($ban); } - $unban_sql = implode(', ', array_map('intval', $ban)); + $unban_sql = array_map('intval', $ban); - if ($unban_sql) + if (sizeof($unban_sql)) { // Grab details of bans for logging information later switch ($mode) { case 'user': $sql = 'SELECT u.username AS unban_info - FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . " b - WHERE b.ban_id IN ($unban_sql) - AND u.user_id = b.ban_userid"; + FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b + WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . ' + AND u.user_id = b.ban_userid'; break; case 'email': $sql = 'SELECT ban_email AS unban_info - FROM ' . BANLIST_TABLE . " - WHERE ban_id IN ($unban_sql)"; + FROM ' . BANLIST_TABLE . ' + WHERE ' . $db->sql_in_set('ban_id', $unban_sql); break; case 'ip': $sql = 'SELECT ban_ip AS unban_info - FROM ' . BANLIST_TABLE . " - WHERE ban_id IN ($unban_sql)"; + FROM ' . BANLIST_TABLE . ' + WHERE ' . $db->sql_in_set('ban_id', $unban_sql); break; } $result = $db->sql_query($sql); @@ -882,8 +875,8 @@ function user_unban($mode, $ban) } $db->sql_freeresult($result); - $sql = 'DELETE FROM ' . BANLIST_TABLE . " - WHERE ban_id IN ($unban_sql)"; + $sql = 'DELETE FROM ' . BANLIST_TABLE . ' + WHERE ' . $db->sql_in_set('ban_id', $unban_sql); $db->sql_query($sql); add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list); @@ -1580,7 +1573,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, // Remove users who are already members of this group $sql = 'SELECT user_id, group_leader FROM ' . USER_GROUP_TABLE . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ") + WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . " AND group_id = $group_id"; $result = $db->sql_query($sql); @@ -1636,7 +1629,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, { $sql = 'UPDATE ' . USER_GROUP_TABLE . ' SET group_leader = 1 - WHERE user_id IN (' . implode(', ', $update_id_ary) . ") + WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . " AND group_id = $group_id"; $db->sql_query($sql); } @@ -1682,7 +1675,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $sql = 'SELECT * FROM ' . GROUPS_TABLE . ' - WHERE group_name IN (' . implode(', ', preg_replace('#^(.*)$#', "'\\1'", $group_order)) . ')'; + WHERE ' . $db->sql_in_set('group_name', $group_order); $result = $db->sql_query($sql); $group_order_id = $special_group_data = array(); @@ -1711,7 +1704,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, // Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default $sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ")"; + WHERE ' . $db->sql_in_set('user_id', $user_id_ary); $result = $db->sql_query($sql); $default_groups = array(); @@ -1724,7 +1717,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, // What special group memberships exist for these users? $sql = 'SELECT g.group_id, g.group_name, ug.user_id FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g - WHERE ug.user_id IN (' . implode(', ', $user_id_ary) . ") + WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . " AND g.group_id = ug.group_id AND g.group_id <> $group_id AND g.group_type = " . GROUP_SPECIAL . ' @@ -1760,7 +1753,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem) $sql = 'SELECT user_id, user_avatar FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ') + WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]) . ' AND user_avatar_type = ' . AVATAR_UPLOAD; $result = $db->sql_query($sql); @@ -1772,7 +1765,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, } $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $special_group_data[$gid]) . ' - WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')'; + WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]); $db->sql_query($sql); } } @@ -1780,7 +1773,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $sql = 'DELETE FROM ' . USER_GROUP_TABLE . " WHERE group_id = $group_id - AND user_id IN (" . implode(', ', $user_id_ary) . ')'; + AND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); // Clear permissions cache of relevant users @@ -1825,7 +1818,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna $sql = 'UPDATE ' . USER_GROUP_TABLE . ' SET group_leader = ' . (($action == 'promote') ? 1 : 0) . " WHERE group_id = $group_id - AND user_id IN (" . implode(', ', $user_id_ary) . ')'; + AND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); $log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED'; @@ -1838,7 +1831,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna WHERE ug.group_id = ' . $group_id . ' AND ug.user_pending = 1 AND ug.user_id = u.user_id - AND ug.user_id IN (' . implode(', ', $user_id_ary) . ')'; + AND ' . $db->sql_in_set('ug.user_id', $user_id_ary); $result = $db->sql_query($sql); $user_id_ary = $email_users = array(); @@ -1857,7 +1850,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna $sql = 'UPDATE ' . USER_GROUP_TABLE . " SET user_pending = 0 WHERE group_id = $group_id - AND user_id IN (" . implode(', ', $user_id_ary) . ')'; + AND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); // Send approved email to users... @@ -1963,7 +1956,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem) $sql = 'SELECT user_id, user_avatar FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ') + WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . ' AND user_avatar_type = ' . AVATAR_UPLOAD; $result = $db->sql_query($sql); @@ -1975,7 +1968,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal } $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ')'; + WHERE ' . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); } @@ -2016,22 +2009,29 @@ function group_memberships($group_id_ary = false, $user_id_ary = false, $return_ return true; } + if ($user_id_ary) + { + $user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary; + } + + if ($group_id_ary) + { + $group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary; + } + $sql = 'SELECT ug.*, u.username, u.user_email FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u WHERE ug.user_id = u.user_id AND '; - if ($group_id_ary && $user_id_ary) - { - $sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary") . " - AND ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary"); - } - else if ($group_id_ary) + if ($group_id_ary) { - $sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary"); + $sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary); } - else if ($user_id_ary) + + if ($user_id_ary) { - $sql .= " ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary"); + $sql .= ($group_id_ary) ? ' AND ' : ' '; + $sql .= $db->sql_in_set('ug.user_id', $user_id_ary); } $result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql); |