From 43f52582195b1ec92442d480496b495a1da5c6a8 Mon Sep 17 00:00:00 2001 From: Martin Konecny Date: Wed, 5 Sep 2012 17:43:45 -0400 Subject: [PATCH] CC-4348: Prepared statements - part 4 -User.php --- airtime_mvc/application/models/User.php | 41 ++++++++++--------------- 1 file changed, 16 insertions(+), 25 deletions(-) diff --git a/airtime_mvc/application/models/User.php b/airtime_mvc/application/models/User.php index 85ff5ea64..fbfb84794 100644 --- a/airtime_mvc/application/models/User.php +++ b/airtime_mvc/application/models/User.php @@ -284,45 +284,38 @@ class Application_Model_User $sql_gen = "SELECT login AS value, login AS label, id as index FROM cc_subjs "; $sql = $sql_gen; - $type = array_map( function($t) { - return "type = '{$t}'"; - }, $type); + $types = array(); + $params = array(); + for ($i=0; $iquery($sql)->fetchAll();; + return Application_Common_Database::prepareAndExecute($sql, $params, "all"); } public static function getUserCount($type=null) { $con = Propel::getConnection(); $sql = ''; - $sql_gen = "SELECT count(*) AS cnt FROM cc_subjs "; - - if (!isset($type)) { - $sql = $sql_gen; - } else { - if (is_array($type)) { - for ($i=0; $iquery($sql)->fetchColumn(0); @@ -366,13 +359,11 @@ class Application_Model_User public static function getUserData($id) { - $con = Propel::getConnection(); - $sql = "SELECT login, first_name, last_name, type, id, email, cell_phone, skype_contact, jabber_contact" ." FROM cc_subjs" - ." WHERE id = $id"; + ." WHERE id = :id"; - return $con->query($sql)->fetch(); + return Application_Common_Database::prepareAndExecute($sql, array(":id" => $id), 'single'); } public static function getCurrentUser()