fixing sql to be prepared statements.

2013-05-09 13:28:22 -04:00 · 2013-05-09 13:28:22 -04:00 · 540e817101
commit 540e817101
parent ffe06ea2a0
2 changed files with 17 additions and 7 deletions
--- a/airtime_mvc/application/models/StreamSetting.php
+++ b/airtime_mvc/application/models/StreamSetting.php
@ -72,14 +72,14 @@ class Application_Model_StreamSetting
                ."WHERE keyname LIKE '%_enable' "
                ."AND value='true'";

-        $rows = $con->query($sql)->fetchAll();
        $ids = array();
        
+        $rows = Application_Common_Database::prepareAndExecute($sql, array(), 'all');
+
        foreach ($rows as $row) {
            $ids[] = substr($row["keyname"], 0, strpos($row["keyname"], "_"));
        }

-        //Logging::info(print_r($ids, true));
        return $ids;
    }

@ -91,7 +91,8 @@ class Application_Model_StreamSetting
            ."FROM cc_stream_setting "
            ."WHERE keyname IN ('output_sound_device', 'icecast_vorbis_metadata')";

-        $rows = $con->query($sql)->fetchAll();
+        $rows = Application_Common_Database::prepareAndExecute($sql, array(), 'all');
+        
        $data = array();

        foreach ($rows as $row) {
@ -165,7 +166,7 @@ class Application_Model_StreamSetting
                ." FROM cc_stream_setting"
                ." WHERE keyname not like '%_error' AND keyname not like '%_admin_%'";

-        $rows = $con->query($sql)->fetchAll();
+        $rows = Application_Common_Database::prepareAndExecute($sql, array(), 'all');

        $exists = array();

@ -466,6 +467,9 @@ class Application_Model_StreamSetting
    }
    
    public static function GetAllListenerStatErrors(){
+    	$sql = "SELECT * FROM cc_stream_setting WHERE keyname like :p1";
+    	$mounts =  Application_Common_Database::prepareAndExecute($sql, array(':p1'=>'%_mount'));
+    	
        $sql = "SELECT * FROM cc_stream_setting WHERE keyname like :p1";
        return Application_Common_Database::prepareAndExecute($sql, array(':p1'=>'%_listener_stat_error'));
    }
--- a/airtime_mvc/application/models/Subjects.php
+++ b/airtime_mvc/application/models/Subjects.php
@ -21,9 +21,15 @@ class Application_Model_Subjects
    public static function increaseLoginAttempts($login)
    {
        $con = Propel::getConnection();
-        $sql = "UPDATE cc_subjs SET login_attempts = login_attempts+1"
-            ." WHERE login='$login'";
-        $res = $con->exec($sql);
+        //$sql = "UPDATE cc_subjs SET login_attempts = login_attempts+1"
+        //    ." WHERE login='$login'";
+        //$res = $con->exec($sql);
+        
+        $sql = "UPDATE cc_subjs SET login_attempts = login_attempts + 1 WHERE login = :login";
+        
+        $paramMap[':login'] = $login;
+        
+        Application_Common_Database::prepareAndExecute($sql, $paramMap, 'execute');

        return (intval($res) > 0);
    }