diff --git a/include/kontakt.class.php b/include/kontakt.class.php index 04b2ffdfe..e0953bd04 100644 --- a/include/kontakt.class.php +++ b/include/kontakt.class.php @@ -87,7 +87,7 @@ class kontakt extends basis_db public.tbl_kontakt LEFT JOIN public.tbl_standort USING(standort_id) LEFT JOIN public.tbl_firma USING(firma_id) - WHERE kontakt_id='$kontakt_id'"; + WHERE kontakt_id=".$this->db_add_param($kontakt_id, FHC_INTEGER).";"; if($this->db_query($qry)) { @@ -101,7 +101,7 @@ class kontakt extends basis_db $this->kontakttyp = $row->kontakttyp; $this->anmerkung = $row->anmerkung; $this->kontakt = $row->kontakt; - $this->zustellung = ($row->zustellung=='t'?true:false); + $this->zustellung = $this->db_parse_bool($row->zustellung); $this->updateamum = $row->updateamum; $this->updatevon = $row->updatevon; $this->insertamum = $row->insertamum; @@ -171,15 +171,15 @@ class kontakt extends basis_db { //Neuen Datensatz einfuegen $qry='BEGIN;INSERT INTO public.tbl_kontakt (person_id, standort_id, kontakttyp, anmerkung, kontakt, zustellung, ext_id, insertamum, insertvon, updateamum, updatevon) VALUES('. - $this->addslashes($this->person_id).', '. - $this->addslashes($this->standort_id).', '. - $this->addslashes($this->kontakttyp).', '. - $this->addslashes($this->anmerkung).', '. - $this->addslashes($this->kontakt).', '. - ($this->zustellung?'true':'false').', '. - $this->addslashes($this->ext_id).', now(), '. - $this->addslashes($this->insertvon).', now(), '. - $this->addslashes($this->updatevon).');'; + $this->db_add_param($this->person_id, FHC_INTEGER).', '. + $this->db_add_param($this->standort_id, FHC_INTEGER).', '. + $this->db_add_param($this->kontakttyp).', '. + $this->db_add_param($this->anmerkung).', '. + $this->db_add_param($this->kontakt).', '. + $this->db_add_param($this->zustellung, FHC_BOOLEAN).', '. + $this->db_add_param($this->ext_id, FHC_INTEGER).', now(), '. + $this->db_add_param($this->insertvon).', now(), '. + $this->db_Add_param($this->updatevon).');'; } else { @@ -192,16 +192,16 @@ class kontakt extends basis_db return false; } $qry='UPDATE public.tbl_kontakt SET '. - 'person_id='.$this->addslashes($this->person_id).', '. - 'standort_id='.$this->addslashes($this->standort_id).', '. - 'kontakttyp='.$this->addslashes($this->kontakttyp).', '. - 'anmerkung='.$this->addslashes($this->anmerkung).', '. - 'kontakt='.$this->addslashes($this->kontakt).', '. - 'zustellung='.($this->zustellung?'true':'false').', '. - 'ext_id='.$this->addslashes($this->ext_id).', '. + 'person_id='.$this->db_add_param($this->person_id,FHC_INTEGER).', '. + 'standort_id='.$this->db_add_param($this->standort_id, FHC_INTEGER).', '. + 'kontakttyp='.$this->db_add_param($this->kontakttyp).', '. + 'anmerkung='.$this->db_add_param($this->anmerkung).', '. + 'kontakt='.$this->db_add_param($this->kontakt).', '. + 'zustellung='.$this->db_add_param($this->zustellung, FHC_BOOLEAN).', '. + 'ext_id='.$this->db_add_param($this->ext_id, FHC_INTEGER).', '. 'updateamum= now(), '. - 'updatevon='.$this->addslashes($this->updatevon).' '. - 'WHERE kontakt_id='.$this->addslashes($this->kontakt_id).';'; + 'updatevon='.$this->db_add_param($this->updatevon).' '. + 'WHERE kontakt_id='.$this->db_add_param($this->kontakt_id, FHC_INTEGER).';'; } if($this->db_query($qry)) @@ -209,27 +209,27 @@ class kontakt extends basis_db //Sequence auslesen um die eingefuegte ID zu ermitteln if($this->new) { - $qry = "SELECT currval('public.tbl_kontakt_kontakt_id_seq') as id"; + $qry = "SELECT currval('public.tbl_kontakt_kontakt_id_seq') as id;"; if($this->db_query($qry)) { if($row = $this->db_fetch_object()) { $this->kontakt_id = $row->id; - $this->db_query('COMMIT'); + $this->db_query('COMMIT;'); return true; } else { $this->errormsg = 'Fehler beim Auslesen er Sequence'; - $this->db_query('ROLLBACK'); + $this->db_query('ROLLBACK;'); return false; } } else { $this->errormsg = 'Fehler beim Auslesen der Sequence'; - $this->db_query('ROLLBACK'); + $this->db_query('ROLLBACK;'); return false; } } @@ -255,7 +255,7 @@ class kontakt extends basis_db return false; } - $qry = "DELETE FROM public.tbl_kontakt WHERE kontakt_id='$kontakt_id'"; + $qry = "DELETE FROM public.tbl_kontakt WHERE kontakt_id=".$this->db_add_param($kontakt_id, FHC_INTEGER).";"; if($this->db_query($qry)) return true; @@ -298,7 +298,7 @@ class kontakt extends basis_db $obj->kontakttyp = $row->kontakttyp; $obj->anmerkung = $row->anmerkung; $obj->kontakt = $row->kontakt; - $obj->zustellung = ($row->zustellung=='t'?true:false); + $obj->zustellung = $this->db_parse_bool($row->zustellung); $obj->updateamum = $row->updateamum; $obj->updatevon = $row->updatevon; $obj->insertamum = $row->insertamum; @@ -333,7 +333,7 @@ class kontakt extends basis_db } $qry = "SELECT tbl_kontakt.*, tbl_firma.name as firma_name, tbl_firma.firma_id - FROM public.tbl_kontakt LEFT JOIN public.tbl_standort USING(standort_id) LEFT JOIN public.tbl_firma USING(firma_id) WHERE person_id='$person_id'"; + FROM public.tbl_kontakt LEFT JOIN public.tbl_standort USING(standort_id) LEFT JOIN public.tbl_firma USING(firma_id) WHERE person_id=".$this->db_add_param($person_id, FHC_INTEGER).';'; if($this->db_query($qry)) { @@ -349,7 +349,7 @@ class kontakt extends basis_db $obj->kontakttyp = $row->kontakttyp; $obj->anmerkung = $row->anmerkung; $obj->kontakt = $row->kontakt; - $obj->zustellung = ($row->zustellung=='t'?true:false); + $obj->zustellung = $this->db_parse_bool($row->zustellung); $obj->updateamum = $row->updateamum; $obj->updatevon = $row->updatevon; $obj->insertamum = $row->insertamum; @@ -405,13 +405,15 @@ class kontakt extends basis_db "; if(is_numeric($firma_id)) - $qry.=" and tbl_standort.firma_id='".addslashes($firma_id)."'"; + $qry.=" and tbl_standort.firma_id=".$this->db_add_param($firma_id, FHC_INTEGER); if(is_numeric($standort_id)) - $qry.=" and tbl_kontakt.standort_id='".addslashes($standort_id)."'"; + $qry.=" and tbl_kontakt.standort_id=".$this->db_add_param($standort_id, FHC_INTEGER); if(is_numeric($kontakt_id)) - $qry.=" and tbl_kontakt.kontakt_id='".addslashes($kontakt_id)."'"; + $qry.=" and tbl_kontakt.kontakt_id=".$this->db_add_param($kontakt_id, FHC_INTEGER); if(is_numeric($person_id)) - $qry.=" and tbl_kontakt.person_id='".addslashes($person_id)."'"; + $qry.=" and tbl_kontakt.person_id=".$this->db_add_param($person_id, FHC_INTEGER); + + $qry.=';'; ##echo $qry; if($this->db_query($qry)) { @@ -428,7 +430,7 @@ class kontakt extends basis_db $obj->kontakttyp = $row->kontakttyp; $obj->anmerkung = $row->anmerkung; $obj->kontakt = $row->kontakt; - $obj->zustellung = ($row->zustellung=='t'?true:false); + $obj->zustellung = $this->db_parse_bool($row->zustellung); $obj->updateamum = $row->updateamum; $obj->updatevon = $row->updatevon; $obj->insertamum = $row->insertamum; @@ -461,7 +463,7 @@ class kontakt extends basis_db return false; } - $qry = "SELECT * FROM public.tbl_kontakt WHERE standort_id='".addslashes($standort_id)."' AND kontakttyp='".addslashes($kontakttyp)."' ORDER BY kontakt_id LIMIT 1"; + $qry = "SELECT * FROM public.tbl_kontakt WHERE standort_id=".$this->db_add_param($standort_id, FHC_INTEGER)." AND kontakttyp=".$this->db_add_param($kontakttyp)." ORDER BY kontakt_id LIMIT 1;"; if($result = $this->db_query($qry)) { @@ -488,7 +490,7 @@ class kontakt extends basis_db */ public function getKontakttyp() { - $qry = "SELECT * FROM public.tbl_kontakttyp ORDER BY beschreibung"; + $qry = "SELECT * FROM public.tbl_kontakttyp ORDER BY beschreibung;"; if($this->db_query($qry)) {