MDL-14679 removed all instances of get_records_sql_menu()

diff --git a/enrol/authorize/locallib.php b/enrol/authorize/locallib.php
index 6b7c79337af95f5f58547145198e8c1883f1323c..069af1bc2077352c5658b62d0077ad1f9dfab54f 100644 (file)
--- a/enrol/authorize/locallib.php
+++ b/enrol/authorize/locallib.php
@@ -44,10 +44,11 @@ function authorize_print_orders($courseid, $userid)
 
     $baseurl = $CFG->wwwroot.'/enrol/authorize/index.php?user='.$userid;
 
-    $sql = "SELECT c.id, c.fullname FROM {$CFG->prefix}course c INNER JOIN {$CFG->prefix}enrol_authorize e ON c.id = e.courseid ";
-    $sql .= ($userid > 0) ? "WHERE (e.userid='$userid') " : '';
+    $params = array('userid'=>$userid);
+    $sql = "SELECT c.id, c.fullname FROM {course} c JOIN {enrol_authorize} e ON c.id = e.courseid ";
+    $sql .= ($userid > 0) ? "WHERE (e.userid=:userid) " : '';
     $sql .= "ORDER BY c.sortorder, c.fullname";
-    if (($popupcrs = get_records_sql_menu($sql))) {
+    if (($popupcrs = $DB->get_records_sql_menu($sql, $params))) {
         $popupcrs = array($SITE->id => $SITE->fullname) + $popupcrs;
     }
     $popupmenu = empty($popupcrs) ? '' : popup_form($baseurl.'&status='.$status.'&course=',$popupcrs,'coursesmenu',$courseid,'','','',true);

diff --git a/lib/dmllib.php b/lib/dmllib.php
index 50d56bf73f7c8b54d036209d27f98b77db5269fc..13b9e9baeab7c20cc5eda2f879036ff896723a2a 100644 (file)
--- a/lib/dmllib.php
+++ b/lib/dmllib.php
@@ -435,3 +435,7 @@ function get_records_menu($table, $field='', $value='', $sort='', $fields='*', $
 function get_records_select_menu($table, $select='', $sort='', $fields='*', $limitfrom='', $limitnum='') {
     error('get_records_select_menu() removed');
 }
+
+function get_records_sql_menu($sql, $limitfrom='', $limitnum='') {
+    error('get_records_sql_menu() removed');
+}

diff --git a/lib/dmllib_todo.php b/lib/dmllib_todo.php
index 888df948a328d755faba820845da1afd6c776a5a..6055abaef1672d06e1ceff7147990a48dfd4315f 100644 (file)
--- a/lib/dmllib_todo.php
+++ b/lib/dmllib_todo.php
@@ -664,22 +664,6 @@ function records_to_menu($records, $field1, $field2) {
     }
 }
 
-/**
- * Get the first two columns from a number of records as an associative array.
- *
- * Arguments as for @see function get_recordset_sql.
- * Return value as for @see function get_records_menu.
- *
- * @param string $sql The SQL string you wish to be executed.
- * @param int $limitfrom return a subset of records, starting at this point (optional, required if $limitnum is set).
- * @param int $limitnum return a subset comprising this many records (optional, required if $limitfrom is set).
- * @return mixed an associative array, or false if no records were found or an error occured.
- */
-function get_records_sql_menu($sql, $limitfrom='', $limitnum='') {
-    $rs = get_recordset_sql($sql, $limitfrom, $limitnum);
-    return recordset_to_menu($rs);
-}
-
 /**
  * Get a single value from a table row where a particular select clause is true.
  *

diff --git a/mod/data/field/checkbox/field.class.php b/mod/data/field/checkbox/field.class.php
index 6574c3f417e9d4dce3bc977adcf62bba117d4aeb..3cf433cab665cc59d145ce1c559bf757e6fc71ca 100755 (executable)
--- a/mod/data/field/checkbox/field.class.php
+++ b/mod/data/field/checkbox/field.class.php
@@ -66,8 +66,8 @@ class data_field_checkbox extends data_field_base {
     }
 
     function display_search_field($value='') {
-        global $CFG;
-        $temp = get_records_sql_menu('SELECT id, content from '.$CFG->prefix.'data_content WHERE fieldid='.$this->field->id.' GROUP BY content ORDER BY content');
+        global $CFG, $DB;
+        $temp = $DB->get_records_sql_menu('SELECT id, content FROM {data_content} WHERE fieldid=? GROUP BY content ORDER BY content', array($this->field->id));
         $options = array();
         if(!empty($temp)) {
             $options[''] = '';              //Make first index blank.

diff --git a/mod/data/field/latlong/field.class.php b/mod/data/field/latlong/field.class.php
index 9d7b734f4e67c9288d9f5d5a02242cbcafce3c49..99d9f7fab869e762b2d3b676f1ebb3dbef2d43f3 100755 (executable)
--- a/mod/data/field/latlong/field.class.php
+++ b/mod/data/field/latlong/field.class.php
@@ -69,9 +69,9 @@ class data_field_latlong extends data_field_base {
     }
 
     function display_search_field($value = '') {
-        global $CFG;
-        $lats = get_records_sql_menu('SELECT id, content from '.$CFG->prefix.'data_content WHERE fieldid='.$this->field->id.' GROUP BY content ORDER BY content');
-        $longs = get_records_sql_menu('SELECT id, content1 from '.$CFG->prefix.'data_content WHERE fieldid='.$this->field->id.' GROUP BY content ORDER BY content');
+        global $CFG, $DB;
+        $lats = $DB->get_records_sql_menu('SELECT id, content FROM {data_content} WHERE fieldid=? GROUP BY content ORDER BY content', array($this->field->id));
+        $longs = $DB->get_records_sql_menu('SELECT id, content1 FROM {data_content} WHERE fieldid=? GROUP BY content ORDER BY content', array($this->field->id));
         $options = array();
         if(!empty($lats) && !empty($longs)) {
             $options[''] = '';

diff --git a/mod/data/field/radiobutton/field.class.php b/mod/data/field/radiobutton/field.class.php
index 0ed463184f10a6d712a21dff46ed79a159211a05..e023ef391b5911fd9596221ce8b68a14eb33d36a 100755 (executable)
--- a/mod/data/field/radiobutton/field.class.php
+++ b/mod/data/field/radiobutton/field.class.php
@@ -68,8 +68,8 @@ class data_field_radiobutton extends data_field_base {
     }
     
      function display_search_field($value = '') {
-        global $CFG;
-        $temp = get_records_sql_menu('SELECT id, content from '.$CFG->prefix.'data_content WHERE fieldid='.$this->field->id.' GROUP BY content ORDER BY content');
+        global $CFG, $DB;
+        $temp = $DB->get_records_sql_menu('SELECT id, content FROM {data_content} WHERE fieldid=? GROUP BY content ORDER BY content', array($this->field->id));
         $options = array();
         if(!empty($temp)) {
             $options[''] = '';              //Make first index blank.

diff --git a/mod/feedback/analysis_course.php b/mod/feedback/analysis_course.php
index a78cbda8bf2e27b3630aa8aa25d29c9d2260d0f6..fa2409e3d75000952d17274e30b7a7cfa870d0d1 100644 (file)
--- a/mod/feedback/analysis_course.php
+++ b/mod/feedback/analysis_course.php
@@ -145,15 +145,16 @@
                 </script>';
 
 
-        $sql = 'select c.id, c.shortname from '.$CFG->prefix.'course c, '.
-                                              $CFG->prefix.'feedback_value fv, '.$CFG->prefix.'feedback_item fi '.
+        $sql = 'select c.id, c.shortname from {course} c, '.
+                                              '{feedback_value} fv, {feedback_item} fi '.
                                               'where c.id = fv.course_id and fv.item = fi.id '.
-                                              'and fi.feedback = '.$feedback->id.' '.
+                                              'and fi.feedback = ?'.
                                               'and 
-                                              (c.shortname '.sql_ilike().' \'%'.$searchcourse.'%\'
-                                              OR c.fullname '.sql_ilike().' \'%'.$searchcourse.'%\')';
+                                              (c.shortname '.$DB->sql_ilike().' ?
+                                              OR c.fullname '.$DB->sql_ilike().' ?)';
+        $params = array($feedback->id, "%$searchcourse%", "%$searchcourse%");
         
-        if ($courses = get_records_sql_menu($sql)) {
+        if ($courses = $DB->get_records_sql_menu($sql, $params)) {
 
              echo ' ' . get_string('filter_by_course', 'feedback') . ': ';
              choose_from_menu ($courses, 'coursefilter', $coursefilter, 'choose', 'this.form.submit()');

diff --git a/mod/feedback/lib.php b/mod/feedback/lib.php
index 80f5b8a4c9f740bfe59476e869ca3115bc2e4263..c4cb02bfefee04e720e04d75890ec96e82783d76 100644 (file)
--- a/mod/feedback/lib.php
+++ b/mod/feedback/lib.php
@@ -1670,8 +1670,7 @@ function feedback_print_numeric_option_list($startval, $endval, $selectval = '',
  *  @return void
  */
 function feedback_send_email($cm, $feedback, $course, $userid) {
-    
-    global $CFG;
+    global $CFG, $DB;
     
     if ($feedback->email_notification == 0) {  // No need to do anything
         return;
@@ -1680,13 +1679,12 @@ function feedback_send_email($cm, $feedback, $course, $userid) {
     $user = get_record('user', 'id', $userid);
     
     if (groupmode($course, $cm) == SEPARATEGROUPS) {    // Separate groups are being used
-        $groups = get_records_sql_menu("SELECT g.name, g.id
-                                          FROM {$CFG->prefix}groups g,
-                                                 {$CFG->prefix}groups_members m
-                                          WHERE g.courseid = '$course->id'
-                                             AND g.id = m.groupid
-                                             AND m.userid = '$userid'
-                                             ORDER BY name ASC");
+        $groups = $DB->get_records_sql_menu("SELECT g.name, g.id
+                                               FROM {groups} g, {groups_members} m
+                                              WHERE g.courseid = ?
+                                                    AND g.id = m.groupid
+                                                    AND m.userid = ?
+                                           ORDER BY name ASC", array($course->id, $userid));
         $groups = array_values($groups);
         
         $teachers = feedback_get_receivemail_users($cm->id, $groups);

diff --git a/mod/feedback/mapcourse.php b/mod/feedback/mapcourse.php
index dad9c4926f41c1c4e86d9db329d55667538039df..aab310cedf91ec29d16519fb0672e90213be4301 100644 (file)
--- a/mod/feedback/mapcourse.php
+++ b/mod/feedback/mapcourse.php
@@ -96,12 +96,13 @@
     echo '<input type="hidden" name="id" value="'.$id.'" />';
     echo '<input type="hidden" name="sesskey" value="'.$USER->sesskey.'" />';
     
-    $sql = "select c.id, c.shortname from {$CFG->prefix}course c
-            where
-                c.shortname ".sql_ilike()." '%{$searchcourse}%'
-            OR c.fullname ".sql_ilike()." '%{$searchcourse}%'";
+    $sql = "select c.id, c.shortname
+              from {course} c
+             where c.shortname ".$DB->sql_ilike()." ?
+                   OR c.fullname ".$DB->sql_ilike()." ?";
+    $params = array("%{$searchcourse}%", "%{$searchcourse}%");
     
-    if (($courses = get_records_sql_menu($sql)) && !empty($searchcourse)) {
+    if (($courses = $DB->get_records_sql_menu($sql, $params)) && !empty($searchcourse)) {
         echo ' ' . get_string('courses') . ': ';
         choose_from_menu ($courses, 'coursefilter', $coursefilter, 'choose');
         echo '<input type="submit" value="'.get_string('mapcourse', 'feedback').'"/>';

diff --git a/mod/glossary/filter.php b/mod/glossary/filter.php
index ba4525a440da27c0dc0376eceb2ba2647ad708fe..31ddf06e787b7ff4fa29f3cc2deb98f3d22be493 100644 (file)
--- a/mod/glossary/filter.php
+++ b/mod/glossary/filter.php
@@ -1,7 +1,7 @@
 <?php // $Id$
 
 function glossary_filter($courseid, $text) {
-    global $CFG;
+    global $CFG, $DB;
 
     // Trivial-cache - keyed on $cachedcourseid
     static $nothingtodo;
@@ -28,17 +28,15 @@ function glossary_filter($courseid, $text) {
     if (empty($conceptlist)) {
 
     /// Find all the glossaries we need to examine
-        if (!$glossaries = get_records_sql_menu ('SELECT g.id, g.name
-                                                    FROM '.$CFG->prefix.'glossary g,
-                                                         '.$CFG->prefix.'course_modules cm,
-                                                         '.$CFG->prefix.'modules m
+        if (!$glossaries = $DB->get_records_sql_menu('SELECT g.id, g.name
+                                                    FROM {glossary} g, {course_modules} cm, {modules} m
                                                     WHERE m.name = \'glossary\' AND
                                                           cm.module = m.id AND
                                                           cm.visible = 1 AND
                                                           g.id = cm.instance AND
-                                                          g.usedynalink != 0 AND
-                                                          (g.course = \''.$courseid.'\' OR g.globalglossary = 1)
-                                                    ORDER BY g.globalglossary, g.id')) {
+                                                          g.usedynalink <> 0 AND
+                                                          (g.course = ? OR g.globalglossary = 1)
+                                                    ORDER BY g.globalglossary, g.id', array($courseid))) {
             $nothingtodo = true;
             return $text;
         }

diff --git a/mod/hotpot/lib.php b/mod/hotpot/lib.php
index 47d15b2368fb440b3dfdc5032a9a94c9013844a2..803f1ec3d1a790645c787f6abe31af34d1e5e776 100644 (file)
--- a/mod/hotpot/lib.php
+++ b/mod/hotpot/lib.php
@@ -1170,7 +1170,7 @@ function hotpot_grades($hotpotid) {
     return $return;
 }
 function hotpot_get_grades($hotpot, $user_ids='') {
-    global $CFG;
+    global $CFG, $DB;
 
     $grades = array();
 
@@ -1201,12 +1201,12 @@ function hotpot_get_grades($hotpot, $user_ids='') {
 
     if ($grade) {
         $userid_condition = empty($user_ids) ? '' : "AND userid IN ($user_ids) ";
-        $grades = get_records_sql_menu("
+        $grades = $DB->get_records_sql_menu("
             SELECT userid, $grade
-            FROM {$CFG->prefix}hotpot_attempts
-            WHERE timefinish>0 AND hotpot='$hotpot->id' $userid_condition
+            FROM {hotpot_attempts}
+            WHERE timefinish>0 AND hotpot=:hid $userid_condition
             GROUP BY userid
-        ");
+        ", array('hid'=>$hotpot->id));
         if ($grades) {
             if ($hotpot->grademethod==HOTPOT_GRADEMETHOD_FIRST || $hotpot->grademethod==HOTPOT_GRADEMETHOD_LAST) {
                 // remove left hand characters in $grade (up to and including the underscore)

diff --git a/mod/hotpot/report/click/report.php b/mod/hotpot/report/click/report.php
index cdfe1e1b76ec0c6b4bee41c07d2b849ac6ff8ba2..32ff520d50a17fa73b720f563f2ad12834883a88 100644 (file)
--- a/mod/hotpot/report/click/report.php
+++ b/mod/hotpot/report/click/report.php
@@ -406,13 +406,13 @@ class hotpot_report extends hotpot_default_report {
                );
        }
        function set_data_attempt(&$attempt, &$strftimedate, &$strftimetime, &$blank) {
-               global $CFG;
-               $records = get_records_sql_menu("
+               global $CFG, $DB;
+               $records = $DB->get_records_sql_menu("
                        SELECT userid, MAX(time) AS logintime
-                       FROM {$CFG->prefix}log
-                       WHERE userid=$attempt->userid AND action='login' AND time<$attempt->timestart
+                       FROM {log}
+                       WHERE userid=? AND action='login' AND time<?
                        GROUP BY userid
-               ");
+               ", array($attempt->userid, $attempt->timestart));
                if (empty($records)) {
                        $logindate = $blank;
                        $logintime = $blank;
@@ -421,12 +421,12 @@ class hotpot_report extends hotpot_default_report {
                        $logindate = trim(userdate($logintime, $strftimedate));
                        $logintime = trim(userdate($logintime, $strftimetime));
                }
-               $records = get_records_sql_menu("
+               $records = $DB->get_records_sql_menu("
                        SELECT userid, MIN(time) AS logouttime
-                       FROM {$CFG->prefix}log
-                       WHERE userid=$attempt->userid AND action='logout' AND time>$attempt->cr_timefinish 
+                       FROM {log}
+                       WHERE userid=? AND action='logout' AND time>? 
                        GROUP BY userid
-               ");
+               ", array($attempt->userid, $attempt->cr_timefinish));
                if (empty($records)) {
                        $logouttime = $blank;
                } else {

diff --git a/mod/quiz/lib.php b/mod/quiz/lib.php
index efa0d96814810ec66b2d9c7ec5f18fab02222b91..d8402c18aad77bbc1a5807b65c80efb3941ef6d8 100644 (file)
--- a/mod/quiz/lib.php
+++ b/mod/quiz/lib.php
@@ -931,19 +931,17 @@ function quiz_get_post_actions() {
  * @return array of strings
  */
 function quiz_question_list_instances($questionid) {
-    global $CFG;
+    global $CFG, $DB;
 
     // TODO: we should also consider other questions that are used by
     // random questions in this quiz, but that is very hard.
 
     $sql = "SELECT q.id, q.name
-            FROM {$CFG->prefix}quiz q
-            INNER JOIN
-                 {$CFG->prefix}quiz_question_instances qqi
-            ON q.id = qqi.quiz
-            WHERE qqi.question = '$questionid'";
+            FROM {quiz} q
+            JOIN {quiz_question_instances} qqi ON q.id = qqi.quiz
+            WHERE qqi.question = ?";
 
-    if ($instances = get_records_sql_menu($sql)) {
+    if ($instances = $DB->get_records_sql_menu($sql, array($questionid))) {
         return $instances;
     }
     return array();

diff --git a/mod/quiz/report/analysis/report.php b/mod/quiz/report/analysis/report.php
index 67fc709ab09676b8f3367022b899a6ce6eb5f744..1c00c1ff3e626bad2903f74660bbaa3aca24d257 100644 (file)
--- a/mod/quiz/report/analysis/report.php
+++ b/mod/quiz/report/analysis/report.php
@@ -6,7 +6,7 @@
 class quiz_report extends quiz_default_report {
 
     function display($quiz, $cm, $course) {     /// This function just displays the report
-        global $CFG, $SESSION, $QTYPES;
+        global $CFG, $SESSION, $QTYPES, $DB;
         $strnoattempts = get_string('noattempts','quiz');
     /// Only print headers if not asked to download data
         $download = optional_param('download', NULL);
@@ -72,10 +72,10 @@ class quiz_report extends quiz_default_report {
 
         if ($attemptselection != QUIZ_ALLATTEMPTS) {
             $sql = 'SELECT qa.userid '.$limit.
-                    'FROM '.$CFG->prefix.'user u LEFT JOIN '.$CFG->prefix.'quiz_attempts qa ON u.id = qa.userid '.
-                    'WHERE qa.quiz = '.$quiz->id.' AND qa.preview = 0 '.
+                    'FROM {user} u LEFT JOIN {quiz_attempts} qa ON u.id = qa.userid '.
+                    'WHERE qa.quiz = ? AND qa.preview = 0 '.
                     $group;
-            $usermax = get_records_sql_menu($sql);
+            $usermax = $DB->get_records_sql_menu($sql, array($quiz->id));
         }else {
             $usermax = '';
         }

diff --git a/mod/quiz/report/reportlib.php b/mod/quiz/report/reportlib.php
index 62205f7ee3f853c3817d8038ee3011187283db1a..950146407a61ce31d3b5806d1f6e97c397c77fd1 100644 (file)
--- a/mod/quiz/report/reportlib.php
+++ b/mod/quiz/report/reportlib.php
@@ -39,19 +39,19 @@ function quiz_get_newgraded_states($attemptids, $idxattemptq = true){
 }
 
 function quiz_get_average_grade_for_questions($quiz, $userids){
-    global $CFG;
+    global $CFG, $DB;
     $qmfilter = quiz_report_qm_filter_subselect($quiz, 'qa.userid');
     $questionavgssql = "SELECT qs.question, AVG(qs.grade) FROM " .
             "{$CFG->prefix}question_sessions qns, " .
             "{$CFG->prefix}quiz_attempts qa, " .
             "{$CFG->prefix}question_states qs " .
             "WHERE qns.attemptid = qa.uniqueid AND " .
-            "qa.quiz = {$quiz->id} AND " .
+            "qa.quiz = ? AND " .
             ($qmfilter?$qmfilter.' AND ':'').
             "qa.userid IN ({$userids}) AND " .
             "qs.event IN (".QUESTION_EVENTS_GRADED.") AND ".
             "qns.newgraded = qs.id GROUP BY qs.question";
-    return get_records_sql_menu($questionavgssql);
+    return $DB->get_records_sql_menu($questionavgssql, array($quiz->id));
 }
 
 function quiz_get_total_qas_graded_and_ungraded($quiz, $questionids, $userids){
@@ -164,17 +164,16 @@ function quiz_report_qm_filter_subselect($quiz, $useridsql = 'u.id'){
 }
 
 function quiz_report_grade_bands($bandwidth, $bands, $quizid, $useridlist){
-    global $CFG;
+    global $CFG, $DB;
     $sql = "SELECT
         FLOOR(qg.grade/$bandwidth) AS band,
         COUNT(1) AS num
     FROM
-        {$CFG->prefix}quiz_grades qg, 
-        {$CFG->prefix}quiz q
-    WHERE qg.quiz = q.id AND qg.quiz = $quizid AND qg.userid IN ($useridlist)
+        {quiz_grades} qg,  {quiz} q
+    WHERE qg.quiz = q.id AND qg.quiz = ? AND qg.userid IN ($useridlist)
     GROUP BY band
     ORDER BY band";
-    $data = get_records_sql_menu($sql);
+    $data = $DB->get_records_sql_menu($sql, array($quizid));
     //need to create array elements with values 0 at indexes where there is no element
     $data =  $data + array_fill(0, $bands+1, 0);
     ksort($data);

diff --git a/question/backuplib.php b/question/backuplib.php
index aee1cb568cc9a469d17b574a8df814dcb2c83f4d..ad7c609a29ad45cdefa9ba519baf74c0cdcff8ee 100644 (file)
--- a/question/backuplib.php
+++ b/question/backuplib.php
@@ -457,18 +457,17 @@
     }
     
     function question_insert_c_and_q_ids_for_module($backup_unique_code, $course, $modulename, $instances){
-        global $CFG;
+        global $CFG, $DB;
         $status = true;
-        // using 'dummykeyname' in sql because otherwise get_records_sql_menu returns an error
+        // using 'dummykeyname' in sql because otherwise $DB->get_records_sql_menu returns an error
         // if two key names are the same.
         $cmcontexts = array();
         if(!empty($instances)) {
-            $cmcontexts = get_records_sql_menu("SELECT c.id, c.id AS dummykeyname FROM {$CFG->prefix}modules m,
-                                                        {$CFG->prefix}course_modules cm,
-                                                        {$CFG->prefix}context c
-                               WHERE m.name = '$modulename' AND m.id = cm.module AND cm.id = c.instanceid
-                                    AND c.contextlevel = ".CONTEXT_MODULE." AND cm.course = $course
-                                    AND cm.instance IN (".implode(',',array_keys($instances)).")");
+            $cmcontexts = $DB->get_records_sql_menu("SELECT c.id, c.id AS dummykeyname FROM {modules} m,
+                                                        {course_modules} cm, {context} c
+                               WHERE m.name = ? AND m.id = cm.module AND cm.id = c.instanceid
+                                    AND c.contextlevel = ".CONTEXT_MODULE." AND cm.course = ?
+                                    AND cm.instance IN (".implode(',',array_keys($instances)).")", array($modulename, $course));
         }
                                     
         if ($cmcontexts){

diff --git a/search/add.php b/search/add.php
index 17d74377b01a30288dc46a376bfc182568a736ba..61fff17a1ebdc57ac856c801dcd557ba0a9217c5 100644 (file)
--- a/search/add.php
+++ b/search/add.php
@@ -90,10 +90,10 @@
                                 FROM 
                                     {$CFG->prefix}{$table}
                                 WHERE 
-                                    doctype = '{$mod->name}'
+                                    doctype = ?
                                     $itemtypes
                             ";
-                            $docIds = get_records_sql_menu($query);
+                            $docIds = $DB->get_records_sql_menu($query, array($mod->name));
                             $docIdList = ($docIds) ? implode("','", array_keys($docIds)) : '' ;
                             
                             $query =  "

diff --git a/search/update.php b/search/update.php
index e621e32dfce66cc71a78294c7c61efde62eaba0a..d1a38dcd4983888056edaf6e267f25fe85bbde0d 100644 (file)
--- a/search/update.php
+++ b/search/update.php
@@ -85,10 +85,10 @@
                                 FROM 
                                     {$CFG->prefix}{$table}
                                 WHERE
-                                    doctype = '{$mod->name}'
+                                    doctype = ?
                                     $itemtypes
                             ";
-                            $docIds = get_records_sql_menu($query);
+                            $docIds = $DB->get_records_sql_menu($query, array($mod->name));
                             $docIdList = ($docIds) ? implode("','", array_keys($docIds)) : '' ;
                             
                             $query = "