" Hand.hash, ".
" User.timezone, ".
" User.email ".
- "FROM Hand ".
- "LEFT JOIN User ON User.id=Hand.user_id ".
- "WHERE Hand.game_id='".$gameid."' ".
- "ORDER BY position ASC");
+ " FROM Hand".
+ " LEFT JOIN User ON User.id=Hand.user_id".
+ " WHERE Hand.game_id=".DB_quote_smart($gameid).
+ " ORDER BY position ASC");
$row0 = DB_fetch_array($result);
$row1 = DB_fetch_array($result);
" Hand.hash, ".
" User.timezone, ".
" User.email ".
- "FROM Hand ".
- "LEFT JOIN User ON User.id=Hand.user_id ".
- "WHERE Hand.game_id='".$gameid."' ".
- "ORDER BY position ASC");
+ " FROM Hand".
+ " LEFT JOIN User ON User.id=Hand.user_id".
+ " WHERE Hand.game_id=".DB_quote_smart($gameid).
+ " ORDER BY position ASC");
$row0 = DB_fetch_array($result);
$row1 = DB_fetch_array($result);
if($skiphash)
$result = DB_query("SELECT Hand.hash,Hand.game_id,Game.player from Hand".
" LEFT JOIN Game On Hand.game_id=Game.id".
- " WHERE Hand.user_id='$id'".
- " AND Hand.hash!='$skiphash'".
+ " WHERE Hand.user_id=".DB_quote_smart($id).
+ " AND Hand.hash!=".DB_quote_smart($skiphash).
" AND ( Game.player='$id' OR ISNULL(Game.player) )".
" AND ( Game.status='pre' OR Game.status='play' )".
" ORDER BY Game.session" );
else
$result = DB_query("SELECT Hand.hash,Hand.game_id,Game.player from Hand".
" LEFT JOIN Game On Hand.game_id=Game.id".
- " WHERE Hand.user_id='$id'".
- " AND ( Game.player='$id' OR ISNULL(Game.player) )".
+ " WHERE Hand.user_id=".DB_quote_smart($id).
+ " AND ( Game.player=".DB_quote_smart($id)." OR ISNULL(Game.player) )".
" AND ( Game.status='pre' OR Game.status='play' )".
" ORDER BY Game.session" );
/* get player id from the first game */
$result = DB_query("SELECT user_id from Hand".
- " WHERE Hand.game_id=".$gameids[0][0]);
+ " WHERE Hand.game_id=".DB_quote_smart($gameids[0][0]));
while( $r = DB_fetch_array($result))
$player[$r[0]] = 0;
{
/* get start date */
$result = DB_query_array("SELECT value FROM User_Prefs".
- " WHERE user_id='$userid' AND pref_key='vacation start'" );
+ " WHERE user_id=".DB_quote_smart($userid)." AND pref_key='vacation start'" );
if($result)
$start = $result[0];
else
/* get end date */
$result = DB_query_array("SELECT value FROM User_Prefs".
- " WHERE user_id='$userid' AND pref_key='vacation stop'" );
+ " WHERE user_id=".DB_quote_smart($userid)." AND pref_key='vacation stop'" );
if($result)
$stop = $result[0];
else
/* get comment */
$result = DB_query_array("SELECT value FROM User_Prefs".
- " WHERE user_id='$userid' AND pref_key='vacation comment'" );
+ " WHERE user_id=".DB_quote_smart($userid)." AND pref_key='vacation comment'" );
if($result)
$comment = $result[0];
else
projects / e-DoKo.git / blobdiff