diff options
author | Arun Persaud <arun@nubati.net> | 2013-02-25 22:04:21 -0800 |
---|---|---|
committer | Arun Persaud <arun@nubati.net> | 2013-02-25 22:04:21 -0800 |
commit | 5116d22ed84db0f15a7f583bcbe243ee2cd606e1 (patch) | |
tree | f0606717f34a65c874116e435638b19209e325fb /include/db.php | |
parent | 94bbb934cb0bc65c72e2ab724f4bf99b3c7207be (diff) | |
download | e-DoKo-5116d22ed84db0f15a7f583bcbe243ee2cd606e1.tar.gz e-DoKo-5116d22ed84db0f15a7f583bcbe243ee2cd606e1.tar.bz2 e-DoKo-5116d22ed84db0f15a7f583bcbe243ee2cd606e1.zip |
mysql optimization: don't quote integers as strings in WHERE
Diffstat (limited to 'include/db.php')
-rw-r--r-- | include/db.php | 41 |
1 files changed, 21 insertions, 20 deletions
diff --git a/include/db.php b/include/db.php index 493b93d..f9eb07a 100644 --- a/include/db.php +++ b/include/db.php @@ -802,7 +802,7 @@ function DB_get_PREF($myid) /* get all preferences */ $r = DB_query('SELECT pref_key, value FROM User_Prefs'. - " WHERE user_id='$myid' " ); + " WHERE user_id=".DB_quote_smart($myid) ); while($pref = DB_fetch_array($r) ) { switch($pref[0]) @@ -864,7 +864,7 @@ function DB_get_RULES($gameid) { $r = DB_query_array("SELECT * FROM Rulesets". " LEFT JOIN Game ON Game.ruleset=Rulesets.id ". - " WHERE Game.id='$gameid'" ); + " WHERE Game.id=".DB_quote_smart($gameid) ); $RULES['dullen'] = $r[2]; $RULES['schweinchen'] = $r[3]; @@ -878,7 +878,7 @@ function DB_get_email_pref_by_hash($hash) { $r = DB_query_array("SELECT value FROM Hand". " LEFT JOIN User_Prefs ON Hand.user_id=User_Prefs.user_id". - " WHERE hash='$hash' AND pref_key='email'" ); + " WHERE hash=".DB_quote_smart($hash)." AND pref_key='email'" ); if($r) { if($r[0]=="emailaddict") @@ -893,7 +893,7 @@ function DB_get_email_pref_by_hash($hash) function DB_get_email_pref_by_uid($uid) { $r = DB_query_array("SELECT value FROM User_Prefs ". - " WHERE user_id='$uid' AND pref_key='email'" ); + " WHERE user_id=".DB_quote_smart($uid)." AND pref_key='email'" ); if($r) { if($r[0]=="emailaddict") @@ -928,7 +928,7 @@ function DB_get_unused_randomnumbers($userstr) function DB_get_number_of_passwords_recovery($user) { $r = DB_query_array("SELECT COUNT(*) FROM Recovery ". - " WHERE user_id=$user ". + " WHERE user_id=".DB_quote_smart($user). " AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= create_date". " GROUP BY user_id " ); if($r) @@ -955,7 +955,7 @@ function DB_get_card_name($card) if($card==0) return 'backside'; - $r = DB_query_array("SELECT strength,suite FROM Card WHERE id='$card'"); + $r = DB_query_array("SELECT strength,suite FROM Card WHERE id=".DB_quote_smart($card)); if($r) return $r[0]." of ".$r[1]; @@ -970,7 +970,7 @@ function DB_get_current_playid($gameid) if(!$trick) return -1; - $r = DB_query_array("SELECT id FROM Play WHERE trick_id='$trick' ORDER BY create_date DESC LIMIT 1"); + $r = DB_query_array("SELECT id FROM Play WHERE trick_id=".DB_quote_smart($trick)." ORDER BY create_date DESC LIMIT 1"); if($r) return $r[0]; @@ -980,7 +980,7 @@ function DB_get_current_playid($gameid) function DB_get_call_by_hash($hash) { - $r = DB_query_array("SELECT point_call FROM Hand WHERE hash='$hash'"); + $r = DB_query_array("SELECT point_call FROM Hand WHERE hash=".DB_quote_smart($hash)); if($r) return $r[0]; @@ -994,7 +994,7 @@ function DB_get_partner_call_by_hash($hash) if($partner) { - $r = DB_query_array("SELECT point_call FROM Hand WHERE hash='$partner'"); + $r = DB_query_array("SELECT point_call FROM Hand WHERE hash=".DB_quote_smart($partner)); if($r) return $r[0]; @@ -1008,7 +1008,8 @@ function DB_get_partner_hash_by_hash($hash) $gameid = DB_get_gameid_by_hash($hash); $party = DB_get_party_by_hash($hash); - $r = DB_query_array("SELECT hash FROM Hand WHERE game_id='$gameid' AND party='$party' AND hash<>'$hash'"); + $r = DB_query_array("SELECT hash FROM Hand WHERE game_id=".DB_quote_smart($gameid). + " AND party=".DB_quote_smart($party)." AND hash<>".DB_quote_smart($hash)); if($r) return $r[0]; @@ -1019,22 +1020,22 @@ function DB_get_partner_hash_by_hash($hash) function DB_format_gameid($gameid) { /* get session and create date */ - $r = DB_query_array("SELECT session, create_date FROM Game WHERE id='$gameid' "); + $r = DB_query_array("SELECT session, create_date FROM Game WHERE id=".DB_quote_smart($gameid)); $session = $r[0]; $date = $r[1]; /* get number of game */ $r = DB_query_array("SELECT SUM(TIME_TO_SEC(TIMEDIFF(create_date, '$date'))<=0) ". " FROM Game". - " WHERE session='$session' "); + " WHERE session=".DB_quote_smart($session)); return $session.'.'.$r[0]; } function DB_get_reminder($user,$gameid) { $r = DB_query_array("SELECT COUNT(*) FROM Reminder ". - " WHERE user_id=$user ". - " AND game_id=$gameid ". + " WHERE user_id=".DB_quote_smart($user). + " AND game_id=".DB_quote_smart($gameid). " AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= create_date". " GROUP BY user_id " ); if($r) @@ -1073,11 +1074,11 @@ function DB_get_gameids_of_finished_games_by_session($session) " GROUP BY Game.id"); else /* return games in a session */ $queryresult = DB_query_array_all("SELECT Game.id,SUM(IF(STRCMP(Score.party,'re'),-1,1)),Game.type FROM Game ". - " LEFT JOIN Score on game_id=Game.id". - " WHERE session=$session ". - " AND status='gameover' ". - " GROUP BY Game.id". - " ORDER BY Game.create_date ASC"); + " LEFT JOIN Score on game_id=Game.id". + " WHERE session=".DB_quote_smart($session). + " AND status='gameover' ". + " GROUP BY Game.id". + " ORDER BY Game.create_date ASC"); return $queryresult; } @@ -1085,7 +1086,7 @@ function DB_get_gameids_of_finished_games_by_session($session) function DB_get_card_value_by_cardid($id) { $r = DB_query_array("SELECT points FROM Card ". - " WHERE id=$id "); + " WHERE id=".DB_quote_smart($id)); if($r) return $r[0]; |