From: Petr Skoda <skodak@moodle.org>
Date: Tue, 17 Nov 2009 10:21:29 +0000 (+0000)
Subject: MDL-14679 fixed dml conversion issues
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=cce60fc4819800ad0ac5756b564f30c6ede62b13;p=moodle.git

MDL-14679 fixed dml conversion issues
---

diff --git a/admin/user/user_bulk_confirm.php b/admin/user/user_bulk_confirm.php
index b2870b8311..f6603a05b1 100755
--- a/admin/user/user_bulk_confirm.php
+++ b/admin/user/user_bulk_confirm.php
@@ -23,8 +23,8 @@ admin_externalpage_print_header();
 //TODO: add support for large number of users
 
 if ($confirm and confirm_sesskey()) {
-    $in = implode(',', $SESSION->bulk_users);
-    if ($rs = $DB->get_recordset_select('user', "id IN ($in)", null, '', 'id, username, secret, confirmed, auth, firstname, lastname')) {
+    list($in, $params) = $DB->get_in_or_equal($SESSION->bulk_users);
+    if ($rs = $DB->get_recordset_select('user', "id $in", $params, '', 'id, username, secret, confirmed, auth, firstname, lastname')) {
         foreach ($rs as $user) {
             if ($user->confirmed) {
                 continue;
@@ -40,8 +40,8 @@ if ($confirm and confirm_sesskey()) {
     redirect($return, get_string('changessaved'));
 
 } else {
-    $in = implode(',', $SESSION->bulk_users);
-    $userlist = $DB->get_records_select_menu('user', "id IN ($in)", null, 'fullname', 'id,'.$DB->sql_fullname().' AS fullname');
+    list($in, $params) = $DB->get_in_or_equal($SESSION->bulk_users);
+    $userlist = $DB->get_records_select_menu('user', "id $in", $params, 'fullname', 'id,'.$DB->sql_fullname().' AS fullname');
     $usernames = implode(', ', $userlist);
     echo $OUTPUT->heading(get_string('confirmation', 'admin'));
     $formcontinue = html_form::make_button('user_bulk_confirm.php', array('confirm' => 1), get_string('yes'));
diff --git a/admin/user/user_bulk_delete.php b/admin/user/user_bulk_delete.php
index aac880c21f..0b398668f5 100755
--- a/admin/user/user_bulk_delete.php
+++ b/admin/user/user_bulk_delete.php
@@ -25,8 +25,8 @@ admin_externalpage_print_header();
 if ($confirm and confirm_sesskey()) {
     $primaryadmin = get_admin();
 
-    $in = implode(',', $SESSION->bulk_users);
-    if ($rs = $DB->get_recordset_select('user', "id IN ($in)", null)) {
+    list($in, $params) = $DB->get_in_or_equal($SESSION->bulk_users);
+    if ($rs = $DB->get_recordset_select('user', "id $in", $params)) {
         foreach ($rs as $user) {
             if ($primaryadmin->id != $user->id and $USER->id != $user->id and delete_user($user)) {
                 unset($SESSION->bulk_users[$user->id]);
@@ -40,8 +40,8 @@ if ($confirm and confirm_sesskey()) {
     redirect($return, get_string('changessaved'));
 
 } else {
-    $in = implode(',', $SESSION->bulk_users);
-    $userlist = $DB->get_records_select_menu('user', "id IN ($in)", null, 'fullname', 'id,'.$DB->sql_fullname().' AS fullname');
+    list($in, $params) = $DB->get_in_or_equal($SESSION->bulk_users);
+    $userlist = $DB->get_records_select_menu('user', "id $in", $params, 'fullname', 'id,'.$DB->sql_fullname().' AS fullname');
     $usernames = implode(', ', $userlist);
     echo $OUTPUT->heading(get_string('confirmation', 'admin'));
     $formcontinue = html_form::make_button('user_bulk_delete.php', array('confirm' => 1), get_string('yes'));
diff --git a/admin/user/user_bulk_message.php b/admin/user/user_bulk_message.php
index bbfca19ebd..67819be736 100755
--- a/admin/user/user_bulk_message.php
+++ b/admin/user/user_bulk_message.php
@@ -24,8 +24,8 @@ if (empty($CFG->messaging)) {
 //TODO: add support for large number of users
 
 if ($confirm and !empty($msg) and confirm_sesskey()) {
-    $in = implode(',', $SESSION->bulk_users);
-    if ($rs = $DB->get_recordset_select('user', "id IN ($in)", null)) {
+    list($in, $params) = $DB->get_in_or_equal($SESSION->bulk_users);
+    if ($rs = $DB->get_recordset_select('user', "id $in", $params)) {
         foreach ($rs as $user) {
             message_post_message($USER, $user, $msg, FORMAT_HTML, 'direct');
         }
@@ -52,8 +52,8 @@ if ($msgform->is_cancelled()) {
 
     $msg = format_text($formdata->messagebody, $formdata->format, $options);
 
-    $in = implode(',', $SESSION->bulk_users);
-    $userlist = $DB->get_records_select_menu('user', "id IN ($in)", null, 'fullname', 'id,'.$DB->sql_fullname().' AS fullname');
+    list($in, $params) = $DB->get_in_or_equal($SESSION->bulk_users);
+    $userlist = $DB->get_records_select_menu('user', "id $in", $params, 'fullname', 'id,'.$DB->sql_fullname().' AS fullname');
     $usernames = implode(', ', $userlist);
     admin_externalpage_print_header();
     echo $OUTPUT->heading(get_string('confirmation', 'admin'));