Changeset 146 for trunk/lib/Version.inc.php
- Timestamp:
- Jun 5, 2006 1:14:51 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Version.inc.php
r144 r146 25 25 'min_days' => 7, // Keep ALL versions within this many days, even if MORE than min_qty. 26 26 'db_table' => 'version_tbl', 27 'create_table' => true, // Automatically create table and verify columns. Better set to false after site launch. 27 28 // Automatically create table and verify columns. Better set to false after site launch. 29 'create_table' => true, 28 30 'db_schema_strict' => true, // If true, makes an exact comparison of saved vs. live table schemas. If false, just checks that the saved columns are available. 29 31 ); … … 90 92 $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_table')), LOG_DEBUG, __FILE__, __LINE__); 91 93 } 92 $db->query("CREATE TABLE IF NOT EXISTS " . $ this->getParam('db_table') . " (94 $db->query("CREATE TABLE IF NOT EXISTS " . $db->escapeString($this->getParam('db_table')) . " ( 93 95 version_id int NOT NULL auto_increment, 94 96 record_table varchar(255) NOT NULL default '', … … 151 153 return $this->_params[$param]; 152 154 } else { 153 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);155 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 154 156 return null; 155 157 } … … 184 186 // Save as new version. 185 187 $db->query(" 186 INSERT INTO " . $ this->getParam('db_table') . " (188 INSERT INTO " . $db->escapeString($this->getParam('db_table')) . " ( 187 189 record_table, 188 190 record_key, … … 224 226 // Get version data. 225 227 $qid = $db->query(" 226 SELECT * FROM " . $ this->getParam('db_table') . "228 SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . " 227 229 WHERE version_id = '" . $db->escapeString($version_id) . "' 228 230 "); … … 284 286 // Get total number of versions for this record. 285 287 $qid = $db->query(" 286 SELECT COUNT(*) FROM " . $ this->getParam('db_table') . "288 SELECT COUNT(*) FROM " . $db->escapeString($this->getParam('db_table')) . " 287 289 WHERE record_table = '" . $db->escapeString($record_table) . "' 288 290 AND record_key = '" . $db->escapeString($record_key) . "' … … 296 298 // First query for oldest records, selecting enough to bring total number down to min_qty. 297 299 $qid = $db->query(" 298 SELECT version_id FROM " . $ this->getParam('db_table') . "300 SELECT version_id FROM " . $db->escapeString($this->getParam('db_table')) . " 299 301 WHERE record_table = '" . $db->escapeString($record_table) . "' 300 302 AND record_key = '" . $db->escapeString($record_key) . "' … … 307 309 } 308 310 $db->query(" 309 DELETE FROM " . $ this->getParam('db_table') . "311 DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " 310 312 WHERE version_id IN ('" . join("','", $old_versions) . "') 311 313 "); … … 313 315 // Delete versions older than min_days, while still keeping min_qty. 314 316 $qid = $db->query(" 315 SELECT version_id FROM " . $ this->getParam('db_table') . "317 SELECT version_id FROM " . $db->escapeString($this->getParam('db_table')) . " 316 318 WHERE record_table = '" . $db->escapeString($record_table) . "' 317 319 AND record_key = '" . $db->escapeString($record_key) . "' … … 326 328 if (sizeof($old_versions) > 0) { 327 329 $db->query(" 328 DELETE FROM " . $ this->getParam('db_table') . "330 DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " 329 331 WHERE version_id IN ('" . join("','", $old_versions) . "') 330 332 "); … … 352 354 $qid = $db->query(" 353 355 SELECT version_id, saved_by_user_id, version_datetime, version_title 354 FROM " . $ this->getParam('db_table') . "356 FROM " . $db->escapeString($this->getParam('db_table')) . " 355 357 WHERE record_table = '" . $db->escapeString($record_table) . "' 356 358 AND record_key = '" . $db->escapeString($record_key) . "' … … 382 384 // Get version data. 383 385 $qid = $db->query(" 384 SELECT * FROM " . $ this->getParam('db_table') . "386 SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . " 385 387 WHERE version_id = '" . $db->escapeString($version_id) . "' 386 388 "); … … 403 405 // Get version data. 404 406 $qid = $db->query(" 405 SELECT * FROM " . $ this->getParam('db_table') . "407 SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . " 406 408 WHERE version_id = '" . $db->escapeString($version_id) . "' 407 409 ");
Note: See TracChangeset
for help on using the changeset viewer.