Changeset 257 for trunk/admin/modules/Elezioni/ele_come.php

Timestamp:

Feb 9, 2019, 8:45:24 PM (6 years ago)

Author:

roby

Message:

 

File:

• trunk/admin/modules/Elezioni/ele_come.php (modified) (7 diffs)

trunk/admin/modules/Elezioni/ele_come.php

@@ -14 +14 @@
     die ("You can't access this file directly...");
 }
-
+global $dbi;
 $aid=$_SESSION['aid'];
-$dbi=$_SESSION['dbi'];
 $prefix=$_SESSION['prefix'];
 $currentlang=$_SESSION['lang'];
@@ -38 +37 @@
 /*********************************************************/
 $sql="SELECT t1.descrizione,t1.tipo_cons,t2.id_cons FROM ".$prefix."_ele_consultazione as t1, ".$prefix."_ele_cons_comune as t2 where t1.id_cons_gen=t2.id_cons_gen and t2.id_cons_gen='$id_cons_gen' and t2.id_comune='$id_comune'";
-$res = mysql_query("$sql", $dbi);
-list($descr_cons,$tipo_cons,$id_cons) = mysql_fetch_row($res);
+$res = $dbi->prepare("$sql");
+$res->execute();        
+list($descr_cons,$tipo_cons,$id_cons) = $res->fetch(PDO::FETCH_NUM);
 
 include("modules/Elezioni/ele.php");
@@ -64 +64 @@
 
 
-    $result = mysql_query("select  mid, title,preamble, content,  editimage from ".$prefix.$tab."  where id_cons='$id_cons'", $dbi);
-    while(list($mid2, $title, $preamble, $content,  $editimage) = mysql_fetch_row($result)) {
+    $sql="select  mid, title,preamble, content,  editimage from ".$prefix.$tab."  where id_cons='$id_cons'";
+        $result = $dbi->prepare("$sql");
+        $result->execute();     
+    while(list($mid2, $title, $preamble, $content,  $editimage) = $result->fetch(PDO::FETCH_NUM)) {
 
         echo "<tr>"
@@ -80 +82 @@
     echo "<br>";
     if($vai=='editedit'){
-    $result = mysql_query("select title, preamble,content, editimage from ".$prefix.$tab." WHERE mid='$mid' AND id_cons='$id_cons'", $dbi);
-    list($add_title,$add_preamble, $add_content, $editimage) = mysql_fetch_row($result);
+    $sql="select title, preamble,content, editimage from ".$prefix.$tab." WHERE mid='$mid' AND id_cons='$id_cons'";
+        $result = $dbi->prepare("$sql");
+        $result->execute();     
+    list($add_title,$add_preamble, $add_content, $editimage) = $result->fetch(PDO::FETCH_NUM);
     }
 //25.05.2009
     $sql="SELECT editor,ed_user FROM ".$prefix."_config";
-$res = mysql_query("$sql", $dbi);
-list($editor,$ed_user) = mysql_fetch_row($res);
+        $res = $dbi->prepare("$sql");
+        $res->execute();        
+        list($editor,$ed_user) = $res->fetch(PDO::FETCH_NUM);
 //
 
@@ -157 +162 @@
 $temp=$title.$preamble.$content;
         if (preg_match("/script/i",$temp)) die("La parola script e' proibita, devi toglierla dal testo.");
-    $result = mysql_query("update ".$prefix.$tab." set title='$title', preamble='$preamble', content='$content' WHERE mid='$mid' AND id_cons='$id_cons'", $dbi);
+    $sql="update ".$prefix.$tab." set title='$title', preamble='$preamble', content='$content' WHERE mid='$mid' AND id_cons='$id_cons'";
+        $res = $dbi->prepare("$sql");
+        $res->execute();        
     Header("Location: admin.php?op=$op&vai=come&id_cons_gen=$id_cons_gen");
 }
@@ -164 +171 @@
     global $prefix, $dbi,$id_cons, $id_cons_gen,$tab,$op;
 
-    $result = mysql_query("insert into ".$prefix.$tab." (id_cons,title,preamble,content) values ('$id_cons', '$add_title', '$add_preamble','$add_content')", $dbi);
-    if (!$result) {
+    $sql="insert into ".$prefix.$tab." (id_cons,title,preamble,content) values ('$id_cons', '$add_title', '$add_preamble','$add_content')";
+        $res = $dbi->prepare("$sql");
+        $res->execute();        
+    if (!$res->rowCount()) {
         exit();
     }
@@ -175 +184 @@
     global $prefix, $dbi, $id_cons,$id_cons_gen,$tab,$op;
     if($ok) {
-        $result = mysql_query("delete from ".$prefix.$tab." where mid=$mid and id_cons='$id_cons'", $dbi);
-        if (!$result) {
+        $sql="delete from ".$prefix.$tab." where mid=$mid and id_cons='$id_cons'";
+        $res = $dbi->prepare("$sql");
+        $res->execute();        
+        if (!$res->rowCount()) {
             return;
         }