Changed from mysqli to PDO, some refactorings, faster sql queries

author: Igor Scheller <igor.scheller@igorshp.de> 2017-01-21 13:58:53 +0100
committer: Igor Scheller <igor.scheller@igorshp.de> 2017-01-21 13:58:53 +0100
commit: 9a3ad8883403949a59e8935497a548ec536f1d40 (patch)
tree: d3c27912c925e53bc240640ccc1133d8f87f1fd3 /includes/pages/admin_news.php
parent: f7c09cb7ff84db1004a4fa83a70735475702023f (diff)
1 files changed, 24 insertions, 11 deletions
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
index 6d52bcf5..86631d6b 100644
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@@ -1,5 +1,7 @@
 <?php
 
+use Engelsystem\Database\DB;
+
 /**
  * @return string
  */
@@ -18,14 +20,14 @@ function admin_news()
         return error('Incomplete call, missing News ID.', true);
     }
 
-    $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1");
+    $news = DB::select('SELECT * FROM `News` WHERE `ID`=? LIMIT 1', [$news_id]);
     if (empty($news)) {
         return error('No News found.', true);
     }
 
     switch ($_REQUEST['action']) {
         case 'edit':
-            list($news) = $news;
+            $news = array_shift($news);
             $user_source = User($news['UID']);
 
             $html .= form([
@@ -43,21 +45,32 @@ function admin_news()
             break;
 
         case 'save':
-            sql_query("UPDATE `News` SET 
-              `Datum`='" . sql_escape(time()) . "', 
-              `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', 
-              `Text`='" . sql_escape($_POST["eText"]) . "', 
-              `UID`='" . sql_escape($user['UID']) . "', 
-              `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' 
-              WHERE `ID`='" . sql_escape($news_id) . "'");
+            DB::update('
+                UPDATE `News` SET 
+                    `Datum`=?,
+                    `Betreff`=?,
+                    `Text`=?,
+                    `UID`=?,
+                    `Treffen`=?
+                WHERE `ID`=?
+                ',
+                [
+                    time(),
+                    $_POST["eBetreff"],
+                    $_POST["eText"],
+                    $user['UID'],
+                    isset($_POST["eTreffen"]) ? 1 : 0,
+                    $news_id
+                ]
+            );
             engelsystem_log('News updated: ' . $_POST['eBetreff']);
             success(_('News entry updated.'));
             redirect(page_link_to('news'));
             break;
 
         case 'delete':
-            list($news) = $news;
-            sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1");
+            $news = array_shift($news);
+            DB::delete('DELETE FROM `News` WHERE `ID`=? LIMIT 1', [$news_id]);
             engelsystem_log('News deleted: ' . $news['Betreff']);
             success(_('News entry deleted.'));
             redirect(page_link_to('news'));
author	Igor Scheller <igor.scheller@igorshp.de>	2017-01-21 13:58:53 +0100
committer	Igor Scheller <igor.scheller@igorshp.de>	2017-01-21 13:58:53 +0100
commit	9a3ad8883403949a59e8935497a548ec536f1d40 (patch)
tree	d3c27912c925e53bc240640ccc1133d8f87f1fd3 /includes/pages/admin_news.php
parent	f7c09cb7ff84db1004a4fa83a70735475702023f (diff)