mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-19 06:18:28 +01:00
Code Issues Projects Releases Wiki Activity

MDL-10820 Fixed double quotes in SQL statements

Browse Source
This commit is contained in:
skodak 2007-09-16 21:48:47 +00:00
parent 18ff5a61b6
commit 1519cdeb39
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
notes/lib.php
View File

@ -44,9 +44,9 @@ function note_list($courseid=0, $userid=0, $state = '', $author = 0, $order='las
$selects[] = 'usermodified=' . $author; $selects[] = 'usermodified=' . $author;
} }
if($state) { if($state) {
$selects[] = 'publishstate="' . $state . '"'; $selects[] = "publishstate='$state'";
} }
$selects[] = 'module="notes"'; $selects[] = "module='notes'";
$select = implode(' AND ', $selects); $select = implode(' AND ', $selects);
$fields = 'id,courseid,userid,content,format,created,lastmodified,usermodified,publishstate'; $fields = 'id,courseid,userid,content,format,created,lastmodified,usermodified,publishstate';
// retrieve data // retrieve data
@ -62,11 +62,11 @@ function note_list($courseid=0, $userid=0, $state = '', $author = 0, $order='las
*/ */
function note_load($note_id) { function note_load($note_id) {
$fields = 'id,courseid,userid,content,format,created,lastmodified,usermodified,publishstate'; $fields = 'id,courseid,userid,content,format,created,lastmodified,usermodified,publishstate';
return get_record_select('post', 'id=' . $note_id . ' AND module="notes"', $fields); return get_record_select('post', "id=$note_id AND module='notes'", $fields);
} }
/** /**
* Saves a note object. The note object is passed by reference and its fields (i.e. id) * Saves a note object. The note object is passed by reference and its fields (i.e. id)
* might change during the save. * might change during the save.
* *
* @param note $note object to save * @param note $note object to save
@ -109,7 +109,7 @@ function note_save(&$note) {
* @return boolean true if the object was deleted; false otherwise * @return boolean true if the object was deleted; false otherwise
*/ */
function note_delete($noteid) { function note_delete($noteid) {
return delete_records_select('post', 'id=' . $noteid . ' AND module="notes"'); return delete_records_select('post', "id=$noteid AND module='notes'");
} }
/** /**
@ -164,7 +164,7 @@ function note_print($note, $detail = NOTES_SHOW_FULL) {
$authoring->name = '<a href="'.$CFG->wwwroot.'/user/view.php?id='.$author->id.'&amp;course='.$note->courseid.'">'.fullname($author).'</a>'; $authoring->name = '<a href="'.$CFG->wwwroot.'/user/view.php?id='.$author->id.'&amp;course='.$note->courseid.'">'.fullname($author).'</a>';
$authoring->date = userdate($note->lastmodified); $authoring->date = userdate($note->lastmodified);
echo '<div class="notepost '. $note->publishstate . 'notepost' . echo '<div class="notepost '. $note->publishstate . 'notepost' .
($note->usermodified == $USER->id ? ' ownnotepost' : '') . ($note->usermodified == $USER->id ? ' ownnotepost' : '') .
'" id="note-'. $note->id .'">'; '" id="note-'. $note->id .'">';
@ -174,22 +174,22 @@ function note_print($note, $detail = NOTES_SHOW_FULL) {
echo '<div class="user">'; echo '<div class="user">';
print_user_picture($user->id, $note->courseid, $user->picture); print_user_picture($user->id, $note->courseid, $user->picture);
echo fullname($user) . '</div>'; echo fullname($user) . '</div>';
echo '<div class="info">' . echo '<div class="info">' .
get_string('bynameondate', 'notes', $authoring) . get_string('bynameondate', 'notes', $authoring) .
' (' . get_string('created', 'notes') . ': ' . userdate($note->created) . ')</div>'; ' (' . get_string('created', 'notes') . ': ' . userdate($note->created) . ')</div>';
echo '</div>'; echo '</div>';
} }
// print note content // print note content
if($detail & NOTES_SHOW_BODY) { if($detail & NOTES_SHOW_BODY) {
echo '<div class="content">'; echo '<div class="content">';
echo format_text($note->content, $note->format); echo format_text($note->content, $note->format);
echo '</div>'; echo '</div>';
} }
// print note options (e.g. delete, edit) // print note options (e.g. delete, edit)
if($detail & NOTES_SHOW_FOOT) { if($detail & NOTES_SHOW_FOOT) {
if (has_capability('moodle/notes:manage', $sitecontext) && $note->publishstate == NOTES_STATE_SITE || if (has_capability('moodle/notes:manage', $sitecontext) && $note->publishstate == NOTES_STATE_SITE ||
has_capability('moodle/notes:manage', $context) && ($note->publishstate == NOTES_STATE_PUBLIC || $note->usermodified == $USER->id)) { has_capability('moodle/notes:manage', $context) && ($note->publishstate == NOTES_STATE_PUBLIC || $note->usermodified == $USER->id)) {
echo '<div class="footer"><p>'; echo '<div class="footer"><p>';
echo '<a href="'.$CFG->wwwroot.'/notes/edit.php?note='.$note->id. '">'. get_string('edit') .'</a> | '; echo '<a href="'.$CFG->wwwroot.'/notes/edit.php?note='.$note->id. '">'. get_string('edit') .'</a> | ';