plugins/note: use PDO
This commit is contained in:
Andrew Dolgov
parent
2179332acd
commit
ef2438a503
1 changed files with 26 additions and 18 deletions
|
|
@ -1,5 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
class Note extends Plugin {
|
class Note extends Plugin {
|
||||||
|
|
||||||
|
/* @var PluginHost $host */
|
||||||
private $host;
|
private $host;
|
||||||
|
|
||||||
function about() {
|
function about() {
|
||||||
|
|
@ -27,24 +29,29 @@ class Note extends Plugin {
|
||||||
}
|
}
|
||||||
|
|
||||||
function edit() {
|
function edit() {
|
||||||
$param = db_escape_string($_REQUEST['param']);
|
$param = $_REQUEST['param'];
|
||||||
|
|
||||||
$result = db_query("SELECT note FROM ttrss_user_entries WHERE
|
$sth = $this->pdo->prepare("SELECT note FROM ttrss_user_entries WHERE
|
||||||
ref_id = '$param' AND owner_uid = " . $_SESSION['uid']);
|
ref_id = ? AND owner_uid = ?");
|
||||||
|
$sth->execute([$param, $_SESSION['uid']]);
|
||||||
|
|
||||||
$note = db_fetch_result($result, 0, "note");
|
if ($row = $sth->fetch()) {
|
||||||
|
|
||||||
print_hidden("id", "$param");
|
$note = $row['note'];
|
||||||
print_hidden("op", "pluginhandler");
|
|
||||||
print_hidden("method", "setNote");
|
|
||||||
print_hidden("plugin", "note");
|
|
||||||
|
|
||||||
print "<table width='100%'><tr><td>";
|
print_hidden("id", "$param");
|
||||||
print "<textarea dojoType=\"dijit.form.SimpleTextarea\"
|
print_hidden("op", "pluginhandler");
|
||||||
style='font-size : 12px; width : 98%; height: 100px;'
|
print_hidden("method", "setNote");
|
||||||
placeHolder='body#ttrssMain { font-size : 14px; };'
|
print_hidden("plugin", "note");
|
||||||
name='note'>$note</textarea>";
|
|
||||||
print "</td></tr></table>";
|
print "<table width='100%'><tr><td>";
|
||||||
|
print "<textarea dojoType=\"dijit.form.SimpleTextarea\"
|
||||||
|
style='font-size : 12px; width : 98%; height: 100px;'
|
||||||
|
placeHolder='body#ttrssMain { font-size : 14px; };'
|
||||||
|
name='note'>$note</textarea>";
|
||||||
|
print "</td></tr></table>";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
print "<div class='dlgButtons'>";
|
print "<div class='dlgButtons'>";
|
||||||
print "<button dojoType=\"dijit.form.Button\"
|
print "<button dojoType=\"dijit.form.Button\"
|
||||||
|
|
@ -56,11 +63,12 @@ class Note extends Plugin {
|
||||||
}
|
}
|
||||||
|
|
||||||
function setNote() {
|
function setNote() {
|
||||||
$id = db_escape_string($_REQUEST["id"]);
|
$id = $_REQUEST["id"];
|
||||||
$note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
|
$note = trim(strip_tags($_REQUEST["note"]));
|
||||||
|
|
||||||
db_query("UPDATE ttrss_user_entries SET note = '$note'
|
$sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET note = ?
|
||||||
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
|
WHERE ref_id = ? AND owner_uid = ?");
|
||||||
|
$sth->execute([$note, $id, $_SESSION['uid']]);
|
||||||
|
|
||||||
$formatted_note = Article::format_article_note($id, $note);
|
$formatted_note = Article::format_article_note($id, $note);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue