summaryrefslogtreecommitdiff
path: root/includes/pages/admin_free.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/pages/admin_free.php')
-rw-r--r--includes/pages/admin_free.php50
1 files changed, 30 insertions, 20 deletions
diff --git a/includes/pages/admin_free.php b/includes/pages/admin_free.php
index 67d91006..630603ba 100644
--- a/includes/pages/admin_free.php
+++ b/includes/pages/admin_free.php
@@ -1,5 +1,7 @@
<?php
+use Engelsystem\Database\DB;
+
/**
* @return string
*/
@@ -20,19 +22,20 @@ function admin_free()
$search = strip_request_item('search');
}
- $angeltypesearch = '';
+ $angelTypeSearch = '';
if (empty($_REQUEST['angeltype'])) {
$_REQUEST['angeltype'] = '';
} else {
- $angeltypesearch = ' INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = \''
- . sql_escape($_REQUEST['angeltype']) . "' AND `UserAngelTypes`.`user_id` = `User`.`UID`";
+ $angelTypeSearch = ' INNER JOIN `UserAngelTypes` ON (`UserAngelTypes`.`angeltype_id` = '
+ . DB::getPdo()->quote($_REQUEST['angeltype'])
+ . ' AND `UserAngelTypes`.`user_id` = `User`.`UID`';
if (isset($_REQUEST['confirmed_only'])) {
- $angeltypesearch .= ' AND `UserAngelTypes`.`confirm_user_id`';
+ $angelTypeSearch .= ' AND `UserAngelTypes`.`confirm_user_id`';
}
- $angeltypesearch .= ') ';
+ $angelTypeSearch .= ') ';
}
- $angel_types_source = sql_select('SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`');
+ $angel_types_source = DB::select('SELECT `id`, `name` FROM `AngelTypes` ORDER BY `name`');
$angel_types = [
'' => 'alle Typen'
];
@@ -40,20 +43,27 @@ function admin_free()
$angel_types[$angel_type['id']] = $angel_type['name'];
}
- $users = sql_select("
- SELECT `User`.*
- FROM `User`
- ${angeltypesearch}
- LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID`
- LEFT JOIN `Shifts`
- ON (
- `ShiftEntry`.`SID` = `Shifts`.`SID`
- AND `Shifts`.`start` < '" . sql_escape(time()) . "'
- AND `Shifts`.`end` > '" . sql_escape(time()) . "'
- )
- WHERE `User`.`Gekommen` = 1 AND `Shifts`.`SID` IS NULL
- GROUP BY `User`.`UID`
- ORDER BY `Nick`");
+ $users = DB::select('
+ SELECT `User`.*
+ FROM `User`
+ ' . $angelTypeSearch . '
+ LEFT JOIN `ShiftEntry` ON `User`.`UID` = `ShiftEntry`.`UID`
+ LEFT JOIN `Shifts`
+ ON (
+ `ShiftEntry`.`SID` = `Shifts`.`SID`
+ AND `Shifts`.`start` < ?
+ AND `Shifts`.`end` > ?
+ )
+ WHERE `User`.`Gekommen` = 1
+ AND `Shifts`.`SID` IS NULL
+ GROUP BY `User`.`UID`
+ ORDER BY `Nick`
+ ',
+ [
+ time(),
+ time(),
+ ]
+ );
$free_users_table = [];
if ($search == '') {