oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use placeholder parameters to prevent string interpolation in SQL queries.

Browse source
This commit is contained in:
Colin Kuskie 2010-06-16 08:55:25 -07:00
parent 7057e92248
commit 6d4d51c6ee
1 changed files with 10 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

22
lib/WebGUI/Macro/UsersOnline.pm
View file

@ -191,14 +191,13 @@ sub _visitors {
# increase the count artificially. Note, that the number determined here
# may deviate from the number of items returned in the visitor loop.
$var->{'visitors'} = $db->quickScalar("SELECT COUNT(DISTINCT lastIp) FROM " .
"userSession WHERE (lastPageView > $epoch) AND (userId = 1) AND " .
"lastIp NOT LIKE '127.%.%.%'" . $ip_clause);
"userSession WHERE (lastPageView > ?) AND (userId = 1) AND " .
"lastIp NOT LIKE '127.%.%.%'" . $ip_clause, [$epoch]);
# Query session IDs and IPs of visitors
my $query = $db->prepare("SELECT sessionId, lastIp, lastPageView FROM " .
"userSession WHERE (lastPageView > $epoch) AND (userId = 1) AND " .
"lastIp NOT LIKE '127.%.%.%' " . $ip_clause . "LIMIT $maxVisitors");
$query->execute;
my $query = $db->read("SELECT sessionId, lastIp, lastPageView FROM " .
"userSession WHERE (lastPageView > ?) AND (userId = 1) AND " .
"lastIp NOT LIKE '127.%.%.%' " . $ip_clause . "LIMIT ?", [$epoch, $maxVisitors]);
# Iterate through rows
while (my %row = $query->hash) {
@ -255,15 +254,14 @@ sub _members {
# Determine the number of registered users that are online. The Admin
# account is excluded from the list.
$var->{'members'} = $db->quickScalar("SELECT COUNT(DISTINCT userId) FROM " .
"userSession where (lastPageView > $epoch) and (userId != '1') and " .
"(userId != '3')");
"userSession where (lastPageView > ?) and (userId != '1') and " .
"(userId != '3')", [$epoch]);
# Query the names of registered users that are online. The showOnline flag
# in the user profile is respected.
my $query = $db->prepare("SELECT userId, sessionId, lastIp, lastPageView " .
"FROM userSession WHERE (lastPageView > $epoch) AND (userId != '1') " .
"AND (userId != '3') LIMIT $maxMembers");
$query->execute;
my $query = $db->read("SELECT userId, sessionId, lastIp, lastPageView " .
"FROM userSession WHERE (lastPageView > ?) AND (userId != '1') " .
"AND (userId != '3') LIMIT ?", [$epoch, $maxMembers]);
# Iterate through rows
while (my %row = $query->hash) {