Changed database access to PDO using prepared statements
This commit is contained in:
@@ -15,64 +15,53 @@ include("header.php");
|
||||
|
||||
|
||||
// locationcrumb
|
||||
|
||||
$query = "SELECT location_id AS id,
|
||||
location_name AS name,
|
||||
location_parent AS parent_id,
|
||||
location_info
|
||||
FROM location
|
||||
WHERE location_id=" . $location_id;
|
||||
$location = $db->db_select($query);
|
||||
$location[0]['url'] = 'locationview.php?location_id=' . $location[0]['id'];
|
||||
$crumbs[] = $location[0];
|
||||
$level = 1;
|
||||
while ($crumbs[0]['parent_id'] != 0) {
|
||||
$query = "SELECT location_id AS id,
|
||||
location_name AS name,
|
||||
location_parent AS parent_id
|
||||
$sql = "SELECT location_id AS id, location_name AS name,
|
||||
location_parent AS parent_id, location_info AS info,
|
||||
CONCAT('locationview.php?location_id=', location_id) AS url
|
||||
FROM location
|
||||
WHERE location_id=" . $crumbs[0]['parent_id'];
|
||||
$result = $db->db_select($query);
|
||||
$result[0]['url'] = 'locationview.php?location_id=' . $result[0]['id'];
|
||||
array_unshift($crumbs, $result[0]);
|
||||
WHERE location_id=?";
|
||||
$sth = $dbh->prepare($sql);
|
||||
$sth->execute([$location_id]);
|
||||
$location = $sth->fetch(PDO::FETCH_OBJ);
|
||||
|
||||
$crumbs[] = $location;
|
||||
$level = 1;
|
||||
$sql = "SELECT location_id AS id, location_name AS name,
|
||||
location_parent AS parent_id,
|
||||
CONCAT('locationview.php?location_id=', location_id) AS url
|
||||
FROM location
|
||||
WHERE location_id=?";
|
||||
$sth = $dbh->prepare($sql);
|
||||
while ($crumbs[0]->parent_id != 0) {
|
||||
$sth->execute([$crumbs[0]->parent_id]);
|
||||
$result = $sth->fetch(PDO::FETCH_OBJ);
|
||||
array_unshift($crumbs, $result);
|
||||
$level++;
|
||||
}
|
||||
|
||||
$smarty->assign("location_id", $location_id);
|
||||
$smarty->assign("location_info", nl2br($location[0]['location_info']));
|
||||
$smarty->assign("location_id", $location->id);
|
||||
$smarty->assign("location_info", nl2br($location->info));
|
||||
$smarty->assign("crumbs", $crumbs);
|
||||
|
||||
|
||||
// sublocations
|
||||
$query = "SELECT
|
||||
location_id AS sublocation_id,
|
||||
location_name AS sublocation_name,
|
||||
LEFT(location_info, 40) AS info_short,
|
||||
CHAR_LENGTH(location_info) AS info_length
|
||||
FROM
|
||||
location
|
||||
WHERE
|
||||
location_parent=" . $location_id . "
|
||||
ORDER BY
|
||||
location_name";
|
||||
|
||||
$sublocations = $db->db_select($query);
|
||||
$smarty->assign("sublocations", $sublocations);
|
||||
$sql = "SELECT location_id AS sublocation_id, location_name AS sublocation_name,
|
||||
LEFT(location_info, 40) AS info_short,
|
||||
CHAR_LENGTH(location_info) AS info_length
|
||||
FROM location
|
||||
WHERE location_parent=?
|
||||
ORDER BY location_name";
|
||||
$sth = $dbh->prepare($sql);
|
||||
$sth->execute([$location_id]);
|
||||
$smarty->assign("sublocations", $sth->fetchAll());
|
||||
|
||||
// subnets
|
||||
$query = "SELECT
|
||||
s.subnet_id,
|
||||
s.subnet_address,
|
||||
s.subnet_mask
|
||||
FROM
|
||||
subnet AS s LEFT JOIN subnetlocation USING (subnet_id)
|
||||
WHERE
|
||||
subnetlocation.location_id=" . $location_id . "
|
||||
ORDER BY
|
||||
INET_ATON(s.subnet_address)";
|
||||
|
||||
$subnets = $db->db_select($query);
|
||||
$smarty->assign("subnets", $subnets);
|
||||
$sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask
|
||||
FROM subnet AS s LEFT JOIN subnetlocation AS l USING (subnet_id)
|
||||
WHERE l.location_id=?
|
||||
ORDER BY INET_ATON(s.subnet_address)";
|
||||
$sth = $dbh->prepare($sql);
|
||||
$sth->execute([$location_id]);
|
||||
$smarty->assign("subnets", $sth->fetchAll());
|
||||
|
||||
$smarty->display("locationview.tpl");
|
||||
|
||||
|
||||
Reference in New Issue
Block a user