diff --git a/include/bisfunktion.class.php b/include/bisfunktion.class.php index 8381a5758..a9da151e3 100644 --- a/include/bisfunktion.class.php +++ b/include/bisfunktion.class.php @@ -69,7 +69,7 @@ class bisfunktion extends basis_db } //laden des Datensatzes - $qry = "SELECT * FROM bis.tbl_bisfunktion WHERE bisverwendung_id='$bisverwendung_id' AND studiengang_kz='$studiengang_kz'"; + $qry = "SELECT * FROM bis.tbl_bisfunktion WHERE bisverwendung_id=".$this->db_add_param($bisverwendung_id, FHC_INTEGER)." AND studiengang_kz=".$this->db_add_param($studiengang_kz, FHC_INTEGER).";"; if($this->db_query($qry)) { @@ -118,7 +118,7 @@ class bisfunktion extends basis_db return false; } - $qry = "DELETE FROM bis.tbl_bisfunktion WHERE bisverwendung_id = '$bisverwendung_id' AND studiengang_kz='$studiengang_kz';"; + $qry = "DELETE FROM bis.tbl_bisfunktion WHERE bisverwendung_id = ".$this->db_add_param($bisverwendung_id, FHC_INTEGER)." AND studiengang_kz=".$this->db_add_param($studiengang_kz, FHC_INTEGER).";"; if($this->db_query($qry)) { @@ -167,14 +167,14 @@ class bisfunktion extends basis_db //Neuen Datensatz anlegen $qry = "INSERT INTO bis.tbl_bisfunktion (bisverwendung_id, studiengang_kz, sws, updateamum, updatevon, insertamum, insertvon, ext_id) VALUES (". - $this->addslashes($this->bisverwendung_id).', '. - $this->addslashes($this->studiengang_kz).', '. - $this->addslashes($this->sws).', '. - $this->addslashes($this->updateamum).', '. - $this->addslashes($this->updatevon).', '. - $this->addslashes($this->insertamum).', '. - $this->addslashes($this->insertvon).', '. - $this->addslashes($this->ext_id).');'; + $this->db_add_param($this->bisverwendung_id, FHC_INTEGER).', '. + $this->db_add_param($this->studiengang_kz, FHC_INTEGER).', '. + $this->db_add_param($this->sws).', '. + $this->db_add_param($this->updateamum).', '. + $this->db_add_param($this->updatevon).', '. + $this->db_add_param($this->insertamum).', '. + $this->db_add_param($this->insertvon).', '. + $this->db_add_param($this->ext_id).');'; } else @@ -186,12 +186,12 @@ class bisfunktion extends basis_db //Bestehenden Datensatz aktualisieren $qry= "UPDATE bis.tbl_bisfunktion SET". - " sws=".$this->addslashes($this->sws).",". - " studiengang_kz=".$this->addslashes($this->studiengang_kz).",". - " updateamum=".$this->addslashes($this->updateamum).",". - " updatevon=".$this->addslashes($this->updatevon).",". - " ext_id=".$this->addslashes($this->ext_id). - " WHERE bisverwendung_id='".addslashes($this->bisverwendung_id)."' AND studiengang_kz='".addslashes($this->studiengang_kz_old)."'"; + " sws=".$this->db_add_param($this->sws).",". + " studiengang_kz=".$this->db_add_param($this->studiengang_kz, FHC_INTEGER).",". + " updateamum=".$this->db_add_param($this->updateamum).",". + " updatevon=".$this->db_add_param($this->updatevon).",". + " ext_id=".$this->db_add_param($this->ext_id). + " WHERE bisverwendung_id=".$this->db_add_param($this->bisverwendung_id, FHC_INTEGER)." AND studiengang_kz=".$this->db_add_param($this->studiengang_kz_old, FHC_INTEGER); } if($this->db_query($qry)) @@ -213,12 +213,12 @@ class bisfunktion extends basis_db public function getBisFunktion($bisverwendung_id, $studiengang_kz=null) { //laden des Datensatzes - $qry = "SELECT * FROM bis.tbl_bisfunktion WHERE bisverwendung_id='".addslashes($bisverwendung_id)."'"; + $qry = "SELECT * FROM bis.tbl_bisfunktion WHERE bisverwendung_id=".$this->db_add_param($bisverwendung_id, FHC_INTEGER); if($studiengang_kz!=null) - $qry.=" AND studiengang_kz='".addslashes($studiengang_kz)."'"; + $qry.=" AND studiengang_kz=".$this->db_add_param($studiengang_kz, FHC_INTEGER); - $qry.=" ORDER BY studiengang_kz"; + $qry.=" ORDER BY studiengang_kz;"; if($this->db_query($qry)) { diff --git a/include/bisio.class.php b/include/bisio.class.php index c6f753bb5..b6de33282 100644 --- a/include/bisio.class.php +++ b/include/bisio.class.php @@ -74,7 +74,7 @@ class bisio extends basis_db return false; } - $qry = "SELECT * FROM bis.tbl_bisio WHERE bisio_id='$bisio_id'"; + $qry = "SELECT * FROM bis.tbl_bisio WHERE bisio_id=".$this->db_add_param($bisio_id, FHC_INTEGER).";"; if($this->db_query($qry)) { @@ -177,38 +177,38 @@ class bisio extends basis_db //Neuen Datensatz einfuegen $qry='BEGIN;INSERT INTO bis.tbl_bisio (mobilitaetsprogramm_code, nation_code, von, bis, zweck_code, student_uid, updateamum, updatevon, insertamum, insertvon, ext_id, ort, universitaet, lehreinheit_id) VALUES('. - $this->addslashes($this->mobilitaetsprogramm_code).', '. - $this->addslashes($this->nation_code).', '. - $this->addslashes($this->von).', '. - $this->addslashes($this->bis).', '. - $this->addslashes($this->zweck_code).', '. - $this->addslashes($this->student_uid).', '. - $this->addslashes($this->updateamum).', '. - $this->addslashes($this->updatevon).', '. - $this->addslashes($this->insertamum).', '. - $this->addslashes($this->insertvon).', '. - $this->addslashes($this->ext_id).','. - $this->addslashes($this->ort).', '. - $this->addslashes($this->universitaet).', '. - $this->addslashes($this->lehreinheit_id).');'; + $this->db_add_param($this->mobilitaetsprogramm_code, FHC_INTEGER).', '. + $this->db_add_param($this->nation_code).', '. + $this->db_add_param($this->von).', '. + $this->db_add_param($this->bis).', '. + $this->db_add_param($this->zweck_code).', '. + $this->db_add_param($this->student_uid).', '. + $this->db_add_param($this->updateamum).', '. + $this->db_add_param($this->updatevon).', '. + $this->db_add_param($this->insertamum).', '. + $this->db_add_param($this->insertvon).', '. + $this->db_add_param($this->ext_id, FHC_INTEGER).','. + $this->db_add_param($this->ort).', '. + $this->db_add_param($this->universitaet).', '. + $this->db_add_param($this->lehreinheit_id, FHC_INTEGER).');'; } else { //Updaten des bestehenden Datensatzes $qry = 'UPDATE bis.tbl_bisio SET '. - ' mobilitaetsprogramm_code='.$this->addslashes($this->mobilitaetsprogramm_code).','. - ' nation_code='.$this->addslashes($this->nation_code).','. - ' von='.$this->addslashes($this->von).','. - ' bis='.$this->addslashes($this->bis).','. - ' zweck_code='.$this->addslashes($this->zweck_code).','. - ' student_uid='.$this->addslashes($this->student_uid).','. - ' updateamum='.$this->addslashes($this->updateamum).','. - ' updatevon='.$this->addslashes($this->updatevon).','. - ' ext_id='.$this->addslashes($this->ext_id).','. - ' ort='.$this->addslashes($this->ort).','. - ' universitaet='.$this->addslashes($this->universitaet).','. - ' lehreinheit_id='.$this->addslashes($this->lehreinheit_id). - " WHERE bisio_id='".addslashes($this->bisio_id)."';"; + ' mobilitaetsprogramm_code='.$this->db_add_param($this->mobilitaetsprogramm_code, FHC_INTEGER).','. + ' nation_code='.$this->db_add_param($this->nation_code).','. + ' von='.$this->db_add_param($this->von).','. + ' bis='.$this->db_add_param($this->bis).','. + ' zweck_code='.$this->db_add_param($this->zweck_code).','. + ' student_uid='.$this->db_add_param($this->student_uid).','. + ' updateamum='.$this->db_add_param($this->updateamum).','. + ' updatevon='.$this->db_add_param($this->updatevon).','. + ' ext_id='.$this->db_add_param($this->ext_id, FHC_INTEGER).','. + ' ort='.$this->db_add_param($this->ort).','. + ' universitaet='.$this->db_add_param($this->universitaet).','. + ' lehreinheit_id='.$this->db_add_param($this->lehreinheit_id, FHC_INTEGER). + " WHERE bisio_id=".db_add_param($this->bisio_id, FHC_INTEGER).";"; } if($this->db_query($qry)) @@ -259,7 +259,7 @@ class bisio extends basis_db return false; } - $qry = "DELETE FROM bis.tbl_bisio WHERE bisio_id='$bisio_id'"; + $qry = "DELETE FROM bis.tbl_bisio WHERE bisio_id=".$this->db_add_param($bisio_id, FHC_INTEGER).";"; if($this->db_query($qry)) return true; @@ -286,10 +286,10 @@ class bisio extends basis_db bis.tbl_zweck, bis.tbl_mobilitaetsprogramm WHERE - student_uid='".addslashes($uid)."' AND + student_uid=".$this->db_add_param($uid)." AND tbl_zweck.zweck_code=tbl_bisio.zweck_code AND tbl_mobilitaetsprogramm.mobilitaetsprogramm_code=tbl_bisio.mobilitaetsprogramm_code - ORDER BY bis"; + ORDER BY bis;"; if($this->db_query($qry)) { diff --git a/include/bisverwendung.class.php b/include/bisverwendung.class.php index 76d0a82e8..ffb8bb660 100644 --- a/include/bisverwendung.class.php +++ b/include/bisverwendung.class.php @@ -88,7 +88,7 @@ class bisverwendung extends basis_db tbl_bisverwendung.ba2code=tbl_beschaeftigungsart2.ba2code AND tbl_bisverwendung.beschausmasscode=tbl_beschaeftigungsausmass.beschausmasscode AND tbl_bisverwendung.verwendung_code=tbl_verwendung.verwendung_code AND - bisverwendung_id='$bisverwendung_id';"; + bisverwendung_id=".$this->db_add_param($bisverwendung_id, FHC_INTEGER).";"; if($this->db_query($qry)) { @@ -101,6 +101,9 @@ class bisverwendung extends basis_db $this->verwendung_code = $row->verwendung_code; $this->mitarbeiter_uid = $row->mitarbeiter_uid; $this->hauptberufcode = $row->hauptberufcode; + $this->hauptberuflich = $this->db_parse_bool($row->hauptberuflich); + /** + if($row->hauptberuflich=='t') $this->hauptberuflich = true; elseif($row->hauptberuflich=='f') @@ -109,6 +112,9 @@ class bisverwendung extends basis_db $this->hauptberuflich = ''; $this->habilitation = ($row->habilitation=='t'?true:false); + + */ + $this->habilitation = $this->db_parse_bool($row->habilitation); $this->beginn = $row->beginn; $this->ende = $row->ende; $this->updatevon = $row->updatevon; @@ -150,7 +156,7 @@ class bisverwendung extends basis_db $this->errormsg = 'bisverwendung_id muss eine gueltige Zahl sein'; return false; } - $qry = "SELECT count(*) as anzahl FROM bis.tbl_bisfunktion WHERE bisverwendung_id='$bisverwendung_id'"; + $qry = "SELECT count(*) as anzahl FROM bis.tbl_bisfunktion WHERE bisverwendung_id=".$this->db_add_param($bisverwendung_id, FHC_INTEGER); if($this->db_query($qry)) { if($row = $this->db_fetch_object()) @@ -163,7 +169,7 @@ class bisverwendung extends basis_db } } - $qry = "DELETE FROM bis.tbl_bisverwendung WHERE bisverwendung_id = '$bisverwendung_id';"; + $qry = "DELETE FROM bis.tbl_bisverwendung WHERE bisverwendung_id = ".$this->db_add_param($bisverwendung_id, FHC_INTEGER).";"; if($this->db_query($qry)) { @@ -206,7 +212,7 @@ class bisverwendung extends basis_db $new = $this->new; if(is_bool($this->hauptberuflich)) - $hauptberuflich = ($this->hauptberuflich?'true':'false'); + $hauptberuflich = $this->db_add_param($this->hauptberuflich, FHC_BOOLEAN); else $hauptberuflich = 'null'; if($new) @@ -215,52 +221,52 @@ class bisverwendung extends basis_db $qry = "BEGIN;INSERT INTO bis.tbl_bisverwendung (ba1code, ba2code, beschausmasscode, verwendung_code, mitarbeiter_uid, hauptberufcode, hauptberuflich, habilitation, beginn, ende, vertragsstunden, updateamum, updatevon, insertamum, insertvon, ext_id) VALUES (". - $this->addslashes($this->ba1code).', '. - $this->addslashes($this->ba2code).', '. - $this->addslashes($this->beschausmasscode).', '. - $this->addslashes($this->verwendung_code).', '. - $this->addslashes($this->mitarbeiter_uid).', '. - $this->addslashes($this->hauptberufcode).', '. + $this->db_add_param($this->ba1code, FHC_INTEGER).', '. + $this->db_add_param($this->ba2code, FHC_INTEGER).', '. + $this->db_add_param($this->beschausmasscode, FHC_INTEGER).', '. + $this->db_add_param($this->verwendung_code, FHC_INTEGER).', '. + $this->db_add_param($this->mitarbeiter_uid).', '. + $this->db_add_param($this->hauptberufcode, FHC_INTEGER).', '. $hauptberuflich.', '. - ($this->habilitation?'true':'false').', '. - $this->addslashes($this->beginn).', '. - $this->addslashes($this->ende).', '. - $this->addslashes($this->vertragsstunden).', '. - $this->addslashes($this->updateamum).', '. - $this->addslashes($this->updatevon).', '. - $this->addslashes($this->insertamum).', '. - $this->addslashes($this->insertvon).', '. - $this->addslashes($this->ext_id).');'; + $this->db_add_param($this->habilitation, FHC_BOOLEAN).', '. + $this->db_add_param($this->beginn).', '. + $this->db_add_param($this->ende).', '. + $this->db_add_param($this->vertragsstunden).', '. + $this->db_add_param($this->updateamum).', '. + $this->db_add_param($this->updatevon).', '. + $this->db_add_param($this->insertamum).', '. + $this->db_add_param($this->insertvon).', '. + $this->db_add_param($this->ext_id, FHC_INTEGER).');'; } else { //Bestehenden Datensatz aktualisieren $qry= "UPDATE bis.tbl_bisverwendung SET". - " ba1code=".$this->addslashes($this->ba1code).",". - " ba2code=".$this->addslashes($this->ba2code).",". - " beschausmasscode=".$this->addslashes($this->beschausmasscode).",". - " verwendung_code=".$this->addslashes($this->verwendung_code).",". - " mitarbeiter_uid=".$this->addslashes($this->mitarbeiter_uid).",". - " hauptberufcode=".$this->addslashes($this->hauptberufcode).",". + " ba1code=".$this->db_add_param($this->ba1code, FHC_INTEGER).",". + " ba2code=".$this->db_add_param($this->ba2code, FHC_INTEGER).",". + " beschausmasscode=".$this->db_add_param($this->beschausmasscode, FHC_INTEGER).",". + " verwendung_code=".$this->db_add_param($this->verwendung_code, FHC_INTEGER).",". + " mitarbeiter_uid=".$this->db_add_param($this->mitarbeiter_uid).",". + " hauptberufcode=".$this->db_add_param($this->hauptberufcode, FHC_INTEGER).",". " hauptberuflich=".$hauptberuflich.",". - " habilitation=".($this->habilitation?'true':'false').",". - " beginn=".$this->addslashes($this->beginn).",". - " ende=".$this->addslashes($this->ende).",". - " vertragsstunden=".$this->addslashes($this->vertragsstunden).",". - " updateamum=".$this->addslashes($this->updateamum).",". - " updatevon=".$this->addslashes($this->updatevon).",". - " insertamum=".$this->addslashes($this->insertamum).",". - " insertvon=".$this->addslashes($this->insertvon).",". - " ext_id=".$this->addslashes($this->ext_id). - " WHERE bisverwendung_id='".addslashes($this->bisverwendung_id)."'"; + " habilitation=".$this->db_add_param($this->habilitation, FHC_BOOLEAN).",". + " beginn=".$this->db_add_param($this->beginn).",". + " ende=".$this->db_add_param($this->ende).",". + " vertragsstunden=".$this->db_add_param($this->vertragsstunden).",". + " updateamum=".$this->db_add_param($this->updateamum).",". + " updatevon=".$this->db_add_param($this->updatevon).",". + " insertamum=".$this->db_add_param($this->insertamum).",". + " insertvon=".$this->db_add_param($this->insertvon).",". + " ext_id=".$this->db_add_param($this->ext_id, FHC_INTEGER). + " WHERE bisverwendung_id=".$this->db_add_param($this->bisverwendung_id, FHC_INTEGER); } if($this->db_query($qry)) { if($new) { - $qry = "SELECT currval('bis.tbl_bisverwendung_bisverwendung_id_seq') as id"; + $qry = "SELECT currval('bis.tbl_bisverwendung_bisverwendung_id_seq') as id;"; if($this->db_query($qry)) { if($row = $this->db_fetch_object()) @@ -312,7 +318,7 @@ class bisverwendung extends basis_db tbl_bisverwendung.ba2code=tbl_beschaeftigungsart2.ba2code AND tbl_bisverwendung.beschausmasscode=tbl_beschaeftigungsausmass.beschausmasscode AND tbl_bisverwendung.verwendung_code=tbl_verwendung.verwendung_code AND - mitarbeiter_uid='".addslashes($uid)."' ORDER BY beginn;"; + mitarbeiter_uid=".$this->db_add_param($uid)." ORDER BY beginn;"; if($this->db_query($qry)) { @@ -327,6 +333,9 @@ class bisverwendung extends basis_db $obj->verwendung_code = $row->verwendung_code; $obj->mitarbeiter_uid = $row->mitarbeiter_uid; $obj->hauptberufcode = $row->hauptberufcode; + $obj->hauptberuflich = $this->db_parse_bool($row->hauptberuflich); + + /** if($row->hauptberuflich=='t') $obj->hauptberuflich = true; elseif($row->hauptberuflich=='f') @@ -334,6 +343,8 @@ class bisverwendung extends basis_db else $obj->hauptberuflich = ''; $obj->habilitation = ($row->habilitation=='t'?true:false); + **/ + $obj->habilitation = $this->db_parse_bool($row->habilitation); $obj->beginn = $row->beginn; $obj->ende = $row->ende; $obj->updatevon = $row->updatevon;