From f4915acec3dc0f746d068ba5c8019ed58df8bdfe Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Wed, 26 Oct 2005 23:15:48 +0000 Subject: Bug 303693: Eliminate deprecated Bugzilla::DB routines from describe*.cgi, duplicates.cgi, quips.cgi, report.cgi, request.cgi and showdependency*.cgi - Patch by Teemu Mannermaa r=LpSolit a=myk --- quips.cgi | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) (limited to 'quips.cgi') diff --git a/quips.cgi b/quips.cgi index f661d5476..c7dadee5d 100755 --- a/quips.cgi +++ b/quips.cgi @@ -36,6 +36,7 @@ use Bugzilla::Constants; Bugzilla->login(LOGIN_REQUIRED); my $cgi = Bugzilla->cgi; +my $dbh = Bugzilla->dbh; my $template = Bugzilla->template; my $vars = {}; @@ -43,23 +44,24 @@ my $action = $cgi->param('action') || ""; if ($action eq "show") { # Read in the entire quip list - SendSQL("SELECT quipid, userid, quip, approved FROM quips"); + my $quipsref = $dbh->selectall_arrayref( + "SELECT quipid, userid, quip, approved FROM quips"); my $quips; my @quipids; - while (MoreSQLData()) { - my ($quipid, $userid, $quip, $approved) = FetchSQLData(); + foreach my $quipref (@$quipsref) { + my ($quipid, $userid, $quip, $approved) = @$quipref; $quips->{$quipid} = {'userid' => $userid, 'quip' => $quip, 'approved' => $approved}; push(@quipids, $quipid); } my $users; + my $sth = $dbh->prepare("SELECT login_name FROM profiles WHERE userid = ?"); foreach my $quipid (@quipids) { my $userid = $quips->{$quipid}{'userid'}; if ($userid && not defined $users->{$userid}) { - SendSQL("SELECT login_name FROM profiles WHERE userid = $userid"); - $users->{$userid} = FetchOneColumn(); + ($users->{$userid}) = $dbh->selectrow_array($sth, undef, $userid); } } $vars->{'quipids'} = \@quipids; @@ -77,20 +79,21 @@ if ($action eq "add") { (Param('quip_list_entry_control') eq "open") || (UserInGroup('admin')) || 0; my $comment = $cgi->param("quip"); $comment || ThrowUserError("need_quip"); + trick_taint($comment); # Used in a placeholder below - SendSQL("INSERT INTO quips (userid, quip, approved) VALUES " . - '(' . $userid . ', ' . SqlQuote($comment) . ', ' . $approved . ')'); + $dbh->do("INSERT INTO quips (userid, quip, approved) VALUES (?, ?, ?)", + undef, ($userid, $comment, $approved)); $vars->{'added_quip'} = $comment; } if ($action eq 'approve') { # Read in the entire quip list - SendSQL("SELECT quipid, approved FROM quips"); - + my $quipsref = $dbh->selectall_arrayref("SELECT quipid, approved FROM quips"); + my %quips; - while (MoreSQLData()) { - my ($quipid, $approved) = FetchSQLData(); + foreach my $quipref (@$quipsref) { + my ($quipid, $approved) = @$quipref; $quips{$quipid} = $approved; } @@ -103,9 +106,9 @@ if ($action eq 'approve') { else { push(@unapproved, $quipid); } } } - SendSQL("UPDATE quips SET approved = 1 WHERE quipid IN (" . + $dbh->do("UPDATE quips SET approved = 1 WHERE quipid IN (" . join(",", @approved) . ")") if($#approved > -1); - SendSQL("UPDATE quips SET approved = 0 WHERE quipid IN (" . + $dbh->do("UPDATE quips SET approved = 0 WHERE quipid IN (" . join(",", @unapproved) . ")") if($#unapproved > -1); $vars->{ 'approved' } = \@approved; $vars->{ 'unapproved' } = \@unapproved; @@ -120,9 +123,10 @@ if ($action eq "delete") { ThrowCodeError("need_quipid") unless $quipid =~ /(\d+)/; $quipid = $1; - SendSQL("SELECT quip FROM quips WHERE quipid = $quipid"); - $vars->{'deleted_quip'} = FetchSQLData(); - SendSQL("DELETE FROM quips WHERE quipid = $quipid"); + ($vars->{'deleted_quip'}) = $dbh->selectrow_array( + "SELECT quip FROM quips WHERE quipid = ?", + undef, $quipid); + $dbh->do("DELETE FROM quips WHERE quipid = ?", undef, $quipid); } print $cgi->header(); -- cgit v1.2.1