$myname = DB_get_name('hash',$me);
/* check if game really is old enough to be canceled */
-$r = DB_query_array("SELECT mod_date from Game WHERE id='$gameid' " );
+$r = DB_query_array("SELECT mod_date from Game WHERE id=".DB_quote_smart($gameid) );
if(time()-strtotime($r[0]) > 60*60*24*30) /* = 1 month */
{
/* email to all players */
/* get all preferences */
$r = DB_query('SELECT pref_key, value FROM User_Prefs'.
- " WHERE user_id='$myid' " );
+ " WHERE user_id=".DB_quote_smart($myid) );
while($pref = DB_fetch_array($r) )
{
switch($pref[0])
{
$r = DB_query_array("SELECT * FROM Rulesets".
" LEFT JOIN Game ON Game.ruleset=Rulesets.id ".
- " WHERE Game.id='$gameid'" );
+ " WHERE Game.id=".DB_quote_smart($gameid) );
$RULES['dullen'] = $r[2];
$RULES['schweinchen'] = $r[3];
{
$r = DB_query_array("SELECT value FROM Hand".
" LEFT JOIN User_Prefs ON Hand.user_id=User_Prefs.user_id".
- " WHERE hash='$hash' AND pref_key='email'" );
+ " WHERE hash=".DB_quote_smart($hash)." AND pref_key='email'" );
if($r)
{
if($r[0]=="emailaddict")
function DB_get_email_pref_by_uid($uid)
{
$r = DB_query_array("SELECT value FROM User_Prefs ".
- " WHERE user_id='$uid' AND pref_key='email'" );
+ " WHERE user_id=".DB_quote_smart($uid)." AND pref_key='email'" );
if($r)
{
if($r[0]=="emailaddict")
function DB_get_number_of_passwords_recovery($user)
{
$r = DB_query_array("SELECT COUNT(*) FROM Recovery ".
- " WHERE user_id=$user ".
+ " WHERE user_id=".DB_quote_smart($user).
" AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= create_date".
" GROUP BY user_id " );
if($r)
if($card==0)
return 'backside';
- $r = DB_query_array("SELECT strength,suite FROM Card WHERE id='$card'");
+ $r = DB_query_array("SELECT strength,suite FROM Card WHERE id=".DB_quote_smart($card));
if($r)
return $r[0]." of ".$r[1];
if(!$trick) return -1;
- $r = DB_query_array("SELECT id FROM Play WHERE trick_id='$trick' ORDER BY create_date DESC LIMIT 1");
+ $r = DB_query_array("SELECT id FROM Play WHERE trick_id=".DB_quote_smart($trick)." ORDER BY create_date DESC LIMIT 1");
if($r)
return $r[0];
function DB_get_call_by_hash($hash)
{
- $r = DB_query_array("SELECT point_call FROM Hand WHERE hash='$hash'");
+ $r = DB_query_array("SELECT point_call FROM Hand WHERE hash=".DB_quote_smart($hash));
if($r)
return $r[0];
if($partner)
{
- $r = DB_query_array("SELECT point_call FROM Hand WHERE hash='$partner'");
+ $r = DB_query_array("SELECT point_call FROM Hand WHERE hash=".DB_quote_smart($partner));
if($r)
return $r[0];
$gameid = DB_get_gameid_by_hash($hash);
$party = DB_get_party_by_hash($hash);
- $r = DB_query_array("SELECT hash FROM Hand WHERE game_id='$gameid' AND party='$party' AND hash<>'$hash'");
+ $r = DB_query_array("SELECT hash FROM Hand WHERE game_id=".DB_quote_smart($gameid).
+ " AND party=".DB_quote_smart($party)." AND hash<>".DB_quote_smart($hash));
if($r)
return $r[0];
function DB_format_gameid($gameid)
{
/* get session and create date */
- $r = DB_query_array("SELECT session, create_date FROM Game WHERE id='$gameid' ");
+ $r = DB_query_array("SELECT session, create_date FROM Game WHERE id=".DB_quote_smart($gameid));
$session = $r[0];
$date = $r[1];
/* get number of game */
$r = DB_query_array("SELECT SUM(TIME_TO_SEC(TIMEDIFF(create_date, '$date'))<=0) ".
" FROM Game".
- " WHERE session='$session' ");
+ " WHERE session=".DB_quote_smart($session));
return $session.'.'.$r[0];
}
function DB_get_reminder($user,$gameid)
{
$r = DB_query_array("SELECT COUNT(*) FROM Reminder ".
- " WHERE user_id=$user ".
- " AND game_id=$gameid ".
+ " WHERE user_id=".DB_quote_smart($user).
+ " AND game_id=".DB_quote_smart($gameid).
" AND DATE_SUB(CURDATE(),INTERVAL 1 DAY) <= create_date".
" GROUP BY user_id " );
if($r)
" GROUP BY Game.id");
else /* return games in a session */
$queryresult = DB_query_array_all("SELECT Game.id,SUM(IF(STRCMP(Score.party,'re'),-1,1)),Game.type FROM Game ".
- " LEFT JOIN Score on game_id=Game.id".
- " WHERE session=$session ".
- " AND status='gameover' ".
- " GROUP BY Game.id".
- " ORDER BY Game.create_date ASC");
+ " LEFT JOIN Score on game_id=Game.id".
+ " WHERE session=".DB_quote_smart($session).
+ " AND status='gameover' ".
+ " GROUP BY Game.id".
+ " ORDER BY Game.create_date ASC");
return $queryresult;
}
function DB_get_card_value_by_cardid($id)
{
$r = DB_query_array("SELECT points FROM Card ".
- " WHERE id=$id ");
+ " WHERE id=".DB_quote_smart($id));
if($r)
return $r[0];
" Hand.hash, ".
" User.timezone, ".
" User.email ".
- "FROM Hand ".
- "LEFT JOIN User ON User.id=Hand.user_id ".
- "WHERE Hand.game_id='".$gameid."' ".
- "ORDER BY position ASC");
+ " FROM Hand".
+ " LEFT JOIN User ON User.id=Hand.user_id".
+ " WHERE Hand.game_id=".DB_quote_smart($gameid).
+ " ORDER BY position ASC");
$row0 = DB_fetch_array($result);
$row1 = DB_fetch_array($result);
" Hand.hash, ".
" User.timezone, ".
" User.email ".
- "FROM Hand ".
- "LEFT JOIN User ON User.id=Hand.user_id ".
- "WHERE Hand.game_id='".$gameid."' ".
- "ORDER BY position ASC");
+ " FROM Hand".
+ " LEFT JOIN User ON User.id=Hand.user_id".
+ " WHERE Hand.game_id=".DB_quote_smart($gameid).
+ " ORDER BY position ASC");
$row0 = DB_fetch_array($result);
$row1 = DB_fetch_array($result);
if($skiphash)
$result = DB_query("SELECT Hand.hash,Hand.game_id,Game.player from Hand".
" LEFT JOIN Game On Hand.game_id=Game.id".
- " WHERE Hand.user_id='$id'".
- " AND Hand.hash!='$skiphash'".
+ " WHERE Hand.user_id=".DB_quote_smart($id).
+ " AND Hand.hash!=".DB_quote_smart($skiphash).
" AND ( Game.player='$id' OR ISNULL(Game.player) )".
" AND ( Game.status='pre' OR Game.status='play' )".
" ORDER BY Game.session" );
else
$result = DB_query("SELECT Hand.hash,Hand.game_id,Game.player from Hand".
" LEFT JOIN Game On Hand.game_id=Game.id".
- " WHERE Hand.user_id='$id'".
- " AND ( Game.player='$id' OR ISNULL(Game.player) )".
+ " WHERE Hand.user_id=".DB_quote_smart($id).
+ " AND ( Game.player=".DB_quote_smart($id)." OR ISNULL(Game.player) )".
" AND ( Game.status='pre' OR Game.status='play' )".
" ORDER BY Game.session" );
/* get player id from the first game */
$result = DB_query("SELECT user_id from Hand".
- " WHERE Hand.game_id=".$gameids[0][0]);
+ " WHERE Hand.game_id=".DB_quote_smart($gameids[0][0]));
while( $r = DB_fetch_array($result))
$player[$r[0]] = 0;
{
/* get start date */
$result = DB_query_array("SELECT value FROM User_Prefs".
- " WHERE user_id='$userid' AND pref_key='vacation start'" );
+ " WHERE user_id=".DB_quote_smart($userid)." AND pref_key='vacation start'" );
if($result)
$start = $result[0];
else
/* get end date */
$result = DB_query_array("SELECT value FROM User_Prefs".
- " WHERE user_id='$userid' AND pref_key='vacation stop'" );
+ " WHERE user_id=".DB_quote_smart($userid)." AND pref_key='vacation stop'" );
if($result)
$stop = $result[0];
else
/* get comment */
$result = DB_query_array("SELECT value FROM User_Prefs".
- " WHERE user_id='$userid' AND pref_key='vacation comment'" );
+ " WHERE user_id=".DB_quote_smart($userid)." AND pref_key='vacation comment'" );
if($result)
$comment = $result[0];
else
/* get time from the last action of the game */
-$r = DB_query_array("SELECT mod_date from Game WHERE id='$gameid' " );
+$r = DB_query_array("SELECT mod_date from Game WHERE id=".DB_quote_smart($gameid));
$gameend = time() - strtotime($r[0]);
/* handle comments in case player didn't play a card, allow comments a week after the end of the game */
if(!( $mygametype == 'solo' && $mygamesolo == 'silent') )
echo " <li onclick=\"hl(0);\" class=\"old\"><a href=\"#\">Pre</a></li>\n";
- $result = DB_query('SELECT Trick.id '.
- 'FROM Trick '.
- "WHERE Trick.game_id='".$gameid."' ".
- 'GROUP BY Trick.id '.
- 'ORDER BY Trick.id ASC');
+ $result = DB_query('SELECT Trick.id'.
+ ' FROM Trick'.
+ " WHERE Trick.game_id=".DB_quote_smart($gameid).
+ ' GROUP BY Trick.id'.
+ ' ORDER BY Trick.id ASC');
$trickNR = 1;
$lasttrick = DB_get_max_trickid($gameid);
if($exchange >0)
{
$result = DB_query("UPDATE Hand_Card SET hand_id='$partnerhand'".
- " WHERE hand_id='$myhand' AND card_id=".DB_quote_smart($exchange));
+ " WHERE hand_id=".DB_quote_smart($myhand)." AND card_id=".DB_quote_smart($exchange));
DB_add_exchanged_card(DB_quote_smart($exchange),$myhand,$partnerhand);
};
}
DB_add_exchanged_card($card,$userhand,$myhand);
/* copy trump from player A to B */
- $result = DB_query("UPDATE Hand_Card SET hand_id='$myhand' WHERE hand_id='$userhand' AND card_id<'27'" );
+ $result = DB_query("UPDATE Hand_Card SET hand_id='$myhand' WHERE hand_id=".DB_quote_smart($userhand)." AND card_id<'27'" );
/* reload cards */
$mycards = DB_get_hand($me);
$result = DB_query('SELECT Hand_Card.card_id as card,'.
' Hand.position as position,'.
' Play.sequence as sequence, '.
- ' Trick.id, '.
+ ' Trick.id,'.
" GROUP_CONCAT(CONCAT('<span>',User.fullname,': ',Comment.comment,'</span>')".
" SEPARATOR '\n' ), ".
- ' Play.create_date, '.
- ' Hand.user_id '.
- 'FROM Trick '.
- 'LEFT JOIN Play ON Trick.id=Play.trick_id '.
- 'LEFT JOIN Hand_Card ON Play.hand_card_id=Hand_Card.id '.
- 'LEFT JOIN Hand ON Hand_Card.hand_id=Hand.id '.
- 'LEFT JOIN Comment ON Play.id=Comment.play_id '.
- 'LEFT JOIN User On User.id=Comment.user_id '.
- "WHERE Trick.game_id='".$gameid."' ".
- 'GROUP BY Trick.id, sequence '.
- 'ORDER BY Trick.id, sequence ASC');
+ ' Play.create_date,'.
+ ' Hand.user_id'.
+ ' FROM Trick'.
+ ' LEFT JOIN Play ON Trick.id=Play.trick_id'.
+ ' LEFT JOIN Hand_Card ON Play.hand_card_id=Hand_Card.id'.
+ ' LEFT JOIN Hand ON Hand_Card.hand_id=Hand.id'.
+ ' LEFT JOIN Comment ON Play.id=Comment.play_id'.
+ ' LEFT JOIN User On User.id=Comment.user_id'.
+ " WHERE Trick.game_id=".DB_quote_smart($gameid).
+ ' GROUP BY Trick.id, sequence'.
+ ' ORDER BY Trick.id, sequence ASC');
$trickNR = 0;
$lasttrick = DB_get_max_trickid($gameid);
DB_update_game_timestamp($gameid);
/* mark card as played */
- DB_query("UPDATE Hand_Card SET played='true' WHERE hand_id='$handid' AND card_id=".
+ DB_query("UPDATE Hand_Card SET played='true' WHERE hand_id=".DB_quote_smart($handid)." AND card_id=".
DB_quote_smart($card));
/* get trick id or start new trick */
*/
if($winner>0)
- DB_query("UPDATE Trick SET winner='$winner' WHERE id='$trickid'");
+ DB_query("UPDATE Trick SET winner='$winner' WHERE id=".DB_quote_smart($trickid));
else
$messages[] = "ERROR during scoring";
' LEFT JOIN Play ON Trick.id=Play.trick_id'.
' LEFT JOIN Hand_Card ON Hand_Card.id=Play.hand_card_id'.
' LEFT JOIN Card ON Card.id=Hand_Card.card_id'.
- " WHERE Hand.game_id='$gameid'".
+ " WHERE Hand.game_id=".DB_quote_smart($gameid).
' GROUP BY User.fullname' );
$email_message = _("The game is over. Thanks for playing :)")."\n";
$email_message .= _("Final score:")."\n";
' LEFT JOIN Play ON Trick.id=Play.trick_id'.
' LEFT JOIN Hand_Card ON Hand_Card.id=Play.hand_card_id'.
' LEFT JOIN Card ON Card.id=Hand_Card.card_id'.
- " WHERE Hand.game_id='$gameid'".
+ " WHERE Hand.game_id=".DB_quote_smart($gameid).
' GROUP BY Hand.party' );
$email_message .= "\n"._("Totals:")."\n";
$re = 0;
$Tpoint = 0;
$email_message .= " "._("Points Re:")." \n";
$queryresult = DB_query('SELECT score FROM Score '.
- " WHERE game_id=$gameid AND party='re'");
+ " WHERE game_id=".DB_quote_smart($gameid)." AND party='re'");
while($r = DB_fetch_array($queryresult) )
{
$email_message .= ' '.$r[0]."\n";
}
$email_message .= " "._("Points Contra:")." \n";
$queryresult = DB_query('SELECT score FROM Score '.
- " WHERE game_id=$gameid AND party='contra'");
+ " WHERE game_id=".DB_quote_smart($gameid)." AND party='contra'");
while($r = DB_fetch_array($queryresult) )
{
$email_message .= ' '.$r[0]."\n";
' LEFT JOIN Play ON Trick.id=Play.trick_id'.
' LEFT JOIN Hand_Card ON Hand_Card.id=Play.hand_card_id'.
' LEFT JOIN Card ON Card.id=Hand_Card.card_id'.
- " WHERE Hand.game_id='$gameid'".
+ " WHERE Hand.game_id=".DB_quote_smart($gameid).
' GROUP BY User.fullname' );
while( $r = DB_fetch_array($result))
echo ' <div class="card'.($r[3]-1)."\">\n".
' LEFT JOIN Play ON Trick.id=Play.trick_id'.
' LEFT JOIN Hand_Card ON Hand_Card.id=Play.hand_card_id'.
' LEFT JOIN Card ON Card.id=Hand_Card.card_id'.
- " WHERE Hand.game_id='$gameid'".
+ " WHERE Hand.game_id=".DB_quote_smart($gameid).
' GROUP BY Hand.party' );
echo " <div class=\"total\">\n Totals:<br />\n";
while( $r = DB_fetch_array($result))
echo ' '.$r[0].' '.$r[1]."<br />\n";
$queryresult = DB_query('SELECT timediff(mod_date,create_date) '.
- " FROM Game WHERE id='$gameid'");
+ " FROM Game WHERE id=".DB_quote_smart($gameid));
$r = DB_fetch_array($queryresult);
echo ' <p>This game took '.$r[0]." hours.</p>\n";
echo " <div class=\"re\">\n Points Re: <br />\n";
$queryresult = DB_query('SELECT score FROM Score '.
- " WHERE game_id=$gameid AND party='re'");
+ " WHERE game_id=".DB_quote_smart($gameid)." AND party='re'");
while($r = DB_fetch_array($queryresult) )
echo ' '.$r[0]."<br />\n";
echo " </div>\n";
echo " <div class=\"contra\">\n Points Contra: <br />\n";
$queryresult = DB_query('SELECT score FROM Score '.
- " WHERE game_id=$gameid AND party='contra'");
+ " WHERE game_id=".DB_quote_smart($gameid)." AND party='contra'");
while($r = DB_fetch_array($queryresult) )
echo ' '.$r[0]."<br />\n";
echo " </div>\n";
echo "<div class=\"gameinfo\">\n";
/* get time from the last action of the game */
-$r = DB_query_array("SELECT mod_date from Game WHERE id='$gameid' " );
+$r = DB_query_array("SELECT mod_date from Game WHERE id=".DB_quote_smart($gameid));
$gameend = time() - strtotime($r[0]);
/* comment box */
function DB_GetOpenIDsByUser($user_id)
{
- return DB_query_array_all("SELECT openid_url FROM user_openids WHERE user_id = '$user_id'");
+ return DB_query_array_all("SELECT openid_url FROM user_openids WHERE user_id =".DB_quote_smart($user_id));
}
function DB_AttachOpenID($openid_url, $user_id)
{
- DB_query("INSERT INTO user_openids VALUES (".DB_quote_smart(OpenIDUrlEncode($openid_url)).", '$user_id')");
+ DB_query("INSERT INTO user_openids VALUES (".DB_quote_smart(OpenIDUrlEncode($openid_url)).", ".DB_quote_smart($user_id).")");
}
function DB_DetachOpenID($openid_url, $user_id)
{
- DB_query("DELETE FROM user_openids WHERE openid_url = ".DB_quote_smart(OpenIDUrlEncode($openid_url))." AND user_id = '$user_id'");
+ DB_query("DELETE FROM user_openids WHERE openid_url = ".DB_quote_smart(OpenIDUrlEncode($openid_url)).
+ " AND user_id = ".DB_quote_smart($user_id));
}
function DB_DetachOpenIDsByUser($user_id)
{
- DB_query("DELETE FROM user_openids WHERE user_id = '$user_id'");
+ DB_query("DELETE FROM user_openids WHERE user_id = ".DB_quote_smart($user_id));
}
?>
\ No newline at end of file
if($_REQUEST['vacation_start'] == $_REQUEST['vacation_stop'])
{
$result = DB_query("DELETE FROM User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation start'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" );
$result = DB_query("DELETE FROM User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation stop'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" );
$result = DB_query("DELETE FROM User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation comment'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" );
$changed_vacation = 1;
}
/* change in database if format is ok */
if($vacation_start!=$PREF['vacation_start'])
{
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation start'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_start).
- " WHERE user_id='$myid' AND pref_key='vacation start'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation start'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation start',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation start',".
DB_quote_smart($vacation_start).")");
$changed_vacation = 1;
if($vacation_stop!=$PREF['vacation_stop'])
{
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation stop'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_stop).
- " WHERE user_id='$myid' AND pref_key='vacation stop'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation stop'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation stop',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation stop',".
DB_quote_smart($vacation_stop).")");
$changed_vacation = 1;
if($vacation_comment!=$PREF['vacation_comment'])
{
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='vacation comment'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($vacation_comment).
- " WHERE user_id='$myid' AND pref_key='vacation comment'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='vacation comment'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','vacation comment',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'vacation comment',".
DB_quote_smart($vacation_comment).")");
$changed_vacation = 1;
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='cardset'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($cards).
- " WHERE user_id='$myid' AND pref_key='cardset'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='cardset'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','cardset',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'cardset',".
DB_quote_smart($cards).")");
$changed_cards = 1;
}
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='email'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($notify).
- " WHERE user_id='$myid' AND pref_key='email'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='email'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','email',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'email',".
DB_quote_smart($notify).")");
$changed_notify=1;
}
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='digest'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($digest).
- " WHERE user_id='$myid' AND pref_key='digest'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='digest'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','digest',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'digest',".
DB_quote_smart($digest).")");
$changed_digest=1;
}
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='autosetup'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($autosetup).
- " WHERE user_id='$myid' AND pref_key='autosetup'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='autosetup'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','autosetup',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'autosetup',".
DB_quote_smart($autosetup).")");
$changed_autosetup=1;
}
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='sorting'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($sorting).
- " WHERE user_id='$myid' AND pref_key='sorting'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='sorting'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','sorting',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'sorting',".
DB_quote_smart($sorting).")");
$changed_sorting=1;
}
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='open for games'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($openforgames).
- " WHERE user_id='$myid' AND pref_key='open for games'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='open for games'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','open for games',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'open for games',".
DB_quote_smart($openforgames).")");
$changed_openforgames=1;
}
{
/* check if we already have an entry for the user, if so change it, if not create new one */
$result = DB_query("SELECT * from User_Prefs".
- " WHERE user_id='$myid' AND pref_key='language'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" );
if( DB_fetch_array($result))
$result = DB_query("UPDATE User_Prefs SET value=".DB_quote_smart($language).
- " WHERE user_id='$myid' AND pref_key='language'" );
+ " WHERE user_id=".DB_quote_smart($myid)." AND pref_key='language'" );
else
- $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,'$myid','language',".
+ $result = DB_query("INSERT INTO User_Prefs VALUES(NULL,".DB_quote_smart($myid).",'language',".
DB_quote_smart($language).")");
$changed_language = 1;
}
" G.session".
" FROM Hand".
" LEFT JOIN Game G ON G.id=Hand.game_id".
- " WHERE user_id='$myid'".
+ " WHERE user_id=".DB_quote_smart($myid).
" ORDER BY G.session,G.create_date" );
/* sort into active and passive sessions */
$result = DB_query("SELECT Hand.hash,Hand.game_id,Game.player from Hand".
" LEFT JOIN Game On Hand.game_id=Game.id".
- " WHERE Hand.user_id='$id'".
- " AND ( Game.player='$id' OR ISNULL(Game.player) )".
+ " WHERE Hand.user_id=".DB_quote_smart($id).
+ " AND ( Game.player=".DB_quote_smart($id)." OR ISNULL(Game.player) )".
" AND ( Game.status='pre' OR Game.status='play' )".
" ORDER BY Game.session" );
projects / e-DoKo.git / commitdiff
