1 files changed, 34 insertions, 28 deletions
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index 068925b359..fe38b6276b 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -387,7 +387,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 		{
 			$sql = 'SELECT *
 				FROM ' . USER_GROUP_TABLE . ' 
-				WHERE user_id IN (' . implode(', ', $user_ids) . ')
+				WHERE ' . $db->sql_in_set('user_id', $user_ids) . '
 					AND user_pending = 0';
 			$result = $db->sql_query($sql);
 
@@ -506,7 +506,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 	{
 		$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' 
 			SET pm_unread = 0
-			WHERE msg_id IN (' . implode(', ', $unread_ids) . ")
+			WHERE ' . $db->sql_in_set('msg_id', $unread_ids) . "
 				AND user_id = $user_id
 				AND folder_id = " . PRIVMSGS_NO_BOX;
 		$db->sql_query($sql);
@@ -519,7 +519,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 			SET pm_marked = !pm_marked
 			WHERE folder_id = ' . PRIVMSGS_NO_BOX . "
 				AND user_id = $user_id
-				AND msg_id IN (" . implode(', ', $important_ids) . ')';
+				AND " . $db->sql_in_set('msg_id', $important_ids);
 		$db->sql_query($sql);
 	}
 
@@ -531,9 +531,15 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 		// Determine Full Folder Action - we need the move to folder id later eventually
 		$full_folder_action = ($user->data['user_full_folder'] == FULL_FOLDER_NONE) ? ($config['full_folder_action'] - (FULL_FOLDER_NONE*(-1))) : $user->data['user_full_folder'];
 
+		$sql_folder = array_keys($move_into_folder);
+		if ($full_folder_action >= 0)
+		{
+			$sql_folder[] = $full_folder_action;
+		}
+
 		$sql = 'SELECT folder_id, pm_count 
 			FROM ' . PRIVMSGS_FOLDER_TABLE . '
-			WHERE folder_id IN (' . implode(', ', array_keys($move_into_folder)) . (($full_folder_action >= 0) ? ', ' . $full_folder_action : '') . ")
+			WHERE ' . $db->sql_in_set('folder_id', $sql_folder) . "
 				AND user_id = $user_id";
 		$result = $db->sql_query($sql);
 
@@ -543,6 +549,8 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 		}
 		$db->sql_freeresult($result);
 
+		unset($sql_folder);
+
 		if (in_array(PRIVMSGS_INBOX, array_keys($move_into_folder)))
 		{
 			$sql = 'SELECT folder_id, COUNT(msg_id) as num_messages
@@ -610,7 +618,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 				SET folder_id = ' . PRIVMSGS_HOLD_BOX . '
 				WHERE folder_id = ' . PRIVMSGS_NO_BOX . "
 					AND user_id = $user_id
-					AND msg_id IN (" . implode(', ', $msg_ary) . ')';
+					AND " . $db->sql_in_set('msg_id', $msg_ary);
 			$db->sql_query($sql);
 		}
 		else
@@ -620,7 +628,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 				WHERE folder_id = " . PRIVMSGS_NO_BOX . "
 					AND user_id = $user_id
 					AND pm_new = 1
-					AND msg_id IN (" . implode(', ', $msg_ary) . ')';
+					AND " . $db->sql_in_set('msg_id', $msg_ary);
 			$db->sql_query($sql);
 
 			if ($dest_folder != PRIVMSGS_INBOX)
@@ -645,7 +653,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 		$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' 
 			SET folder_id = ' . PRIVMSGS_SENTBOX . '
 			WHERE folder_id = ' . PRIVMSGS_OUTBOX . '
-				AND msg_id IN (' . implode(', ', array_keys($action_ary)) . ')';
+				AND ' . $db->sql_in_set('msg_id', array_keys($action_ary));
 		$db->sql_query($sql);
 	}
 
@@ -730,7 +738,7 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol
 			SET folder_id = $dest_folder
 			WHERE folder_id = $cur_folder_id
 				AND user_id = $user_id
-				AND msg_id IN (" . implode(', ', $move_msg_ids) . ')';
+				AND " . $db->sql_in_set('msg_id', $move_msg_ids);
 		$db->sql_query($sql);
 		$num_moved = $db->sql_affectedrows();
 
@@ -809,7 +817,7 @@ function handle_mark_actions($user_id, $mark_action)
 				SET pm_marked = !pm_marked
 				WHERE folder_id = $cur_folder_id
 					AND user_id = $user_id
-					AND msg_id IN (" . implode(', ', $msg_ids) . ')';
+					AND " . $db->sql_in_set('msg_id', $msg_ids);
 			$db->sql_query($sql);
 
 		break;
@@ -879,7 +887,7 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	// Get PM Informations for later deleting
 	$sql = 'SELECT msg_id, pm_unread, pm_new
 		FROM ' . PRIVMSGS_TO_TABLE . '
-		WHERE msg_id IN (' . implode(', ', array_map('intval', $msg_ids)) . ")
+		WHERE ' . $db->sql_in_set('msg_id', array_map('intval', $msg_ids)) . "
 			AND folder_id = $folder_id
 			AND user_id = $user_id";
 	$result = $db->sql_query($sql);
@@ -908,19 +916,19 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 		// Remove PM from Outbox
 		$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . "
 			WHERE user_id = $user_id AND folder_id = " . PRIVMSGS_OUTBOX . '
-				AND msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
+				AND ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
 		$db->sql_query($sql);
 
 		// Update PM Information for safety
 		$sql = 'UPDATE ' . PRIVMSGS_TABLE . " SET message_text = ''
-			WHERE msg_id IN (" . implode(', ', array_keys($delete_rows)) . ')';
+			WHERE " . $db->sql_in_set('msg_id', array_keys($delete_rows));
 		$db->sql_query($sql);
 
 		// Set delete flag for those intended to receive the PM
 		// We do not remove the message actually, to retain some basic informations (sent time for example)
 		$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
 			SET pm_deleted = 1
-			WHERE msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
+			WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
 		$db->sql_query($sql);
 
 		$num_deleted = $db->sql_affectedrows();
@@ -931,7 +939,7 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 		$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . "
 			WHERE user_id = $user_id
 				AND folder_id = $folder_id
-				AND msg_id IN (" . implode(', ', array_keys($delete_rows)) . ')';
+				AND " . $db->sql_in_set('msg_id', array_keys($delete_rows));
 		$db->sql_query($sql);
 		$num_deleted = $db->sql_affectedrows();
 	}
@@ -961,7 +969,7 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	// Now we have to check which messages we can delete completely	
 	$sql = 'SELECT msg_id 
 		FROM ' . PRIVMSGS_TO_TABLE . '
-		WHERE msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
+		WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
 	$result = $db->sql_query($sql);
 
 	while ($row = $db->sql_fetchrow($result))
@@ -970,12 +978,12 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	}
 	$db->sql_freeresult($result);
 
-	$delete_ids = implode(', ', array_keys($delete_rows));
+	$delete_ids = array_keys($delete_rows);
 
-	if ($delete_ids)
+	if (sizeof($delete_ids))
 	{
 		$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
-			WHERE msg_id IN (' . $delete_ids . ')';
+			WHERE ' . $db->sql_in_set('msg_id', $delete_ids);
 		$db->sql_query($sql);
 	}
 
@@ -1051,7 +1059,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
 		{
 			$sql = 'SELECT user_id, username, user_colour 
 				FROM ' . USERS_TABLE . '
-				WHERE user_id IN (' . implode(', ', $u) . ')
+				WHERE ' . $db->sql_in_set('user_id', $u) . '
 					AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
 			$result = $db->sql_query($sql);
 
@@ -1078,7 +1086,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
 			{
 				$sql = 'SELECT group_name, group_type
 					FROM ' . GROUPS_TABLE . ' 
-						WHERE group_id IN (' . implode(', ', $g) . ')';
+						WHERE ' . $db->sql_in_set('group_id', $g);
 				$result = $db->sql_query($sql);
 		
 				while ($row = $db->sql_fetchrow($result))
@@ -1094,7 +1102,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
 			{
 				$sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_type, ug.user_id
 					FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
-						WHERE g.group_id IN (' . implode(', ', $g) . ')
+						WHERE ' . $db->sql_in_set('g.group_id', $g) . '
 						AND g.group_id = ug.group_id
 						AND ug.user_pending = 0';
 				$result = $db->sql_query($sql);
@@ -1234,7 +1242,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 		{
 			$sql = 'SELECT group_id, user_id
 				FROM ' . USER_GROUP_TABLE . '
-				WHERE group_id IN (' . implode(', ', array_keys($data['address_list']['g'])) . ')
+				WHERE ' . $db->sql_in_set('group_id', array_keys($data['address_list']['g'])) . '
 					AND user_pending = 0';
 			$result = $db->sql_query($sql);
 	
@@ -1373,7 +1381,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
 
 		$sql = 'UPDATE ' . USERS_TABLE . ' 
 			SET user_new_privmsg = user_new_privmsg + 1, user_unread_privmsg = user_unread_privmsg + 1, user_last_privmsg = ' . time() . '
-			WHERE user_id IN (' . implode(', ', array_keys($recipients)) . ')';
+			WHERE ' . $db->sql_in_set('user_id', array_keys($recipients));
 		$db->sql_query($sql);
 
 		// Put PM into outbox
@@ -1501,7 +1509,7 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
 	// Get banned User ID's
 	$sql = 'SELECT ban_userid 
 		FROM ' . BANLIST_TABLE . '
-		WHERE ban_userid IN (' . implode(', ', array_map('intval', array_keys($recipients))) . ')
+		WHERE ' . $db->sql_in_set('ban_userid', array_map('intval', array_keys($recipients))) . '
 			AND ban_exclude = 0';
 	$result = $db->sql_query($sql);
 
@@ -1516,11 +1524,9 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
 		return;
 	}
 
-	$recipient_list = implode(', ', array_map('intval', array_keys($recipients)));
-
 	$sql = 'SELECT user_id, username, user_email, user_lang, user_notify_pm, user_notify_type, user_jabber 
-		FROM ' . USERS_TABLE . "
-		WHERE user_id IN ($recipient_list)";
+		FROM ' . USERS_TABLE . '
+		WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($recipients)));
 	$result = $db->sql_query($sql);
 
 	$msg_list_ary = array();