From 5b0af8c5e31ecc7bc708576c71611b7339c532ac Mon Sep 17 00:00:00 2001 From: nicolasconnault Date: Mon, 26 May 2008 05:06:01 +0000 Subject: [PATCH] MDL-14967 More upgrades --- lib/grade/grade_category.php | 36 ++++++----- lib/grade/grade_grade.php | 7 +- lib/grade/grade_item.php | 90 +++++++++++++++----------- lib/grade/grade_object.php | 18 +++--- lib/grade/grade_outcome.php | 36 ++++++----- lib/grade/grade_scale.php | 9 +-- lib/grade/simpletest/testgradeitem.php | 2 +- 7 files changed, 113 insertions(+), 85 deletions(-) diff --git a/lib/grade/grade_category.php b/lib/grade/grade_category.php index f93c662126..cd6a188e70 100644 --- a/lib/grade/grade_category.php +++ b/lib/grade/grade_category.php @@ -417,31 +417,34 @@ class grade_category extends grade_object { if (empty($depends_on)) { $items = false; } else { - $gis = implode(',', $depends_on); + list($usql, $params) = $DB->get_in_or_equal($depends_on); $sql = "SELECT * - FROM {$CFG->prefix}grade_items - WHERE id IN ($gis)"; - $items = $DB->get_records_sql($sql); + FROM {grade_items} + WHERE id $usql"; + $items = $DB->get_records_sql($sql, $params); } + $grade_inst = new grade_grade(); + $fields = 'g.'.implode(',g.', $grade_inst->required_fields); + + // where to look for final grades - include grade of this item too, we will store the results there + $gis = array_merge($depends_on, array($this->grade_item->id)); + list($usql, $params) = $DB->get_in_or_equal($gis); + if ($userid) { - $usersql = "AND g.userid=$userid"; + $usersql = "AND g.userid=?"; + $params[] = $userid; } else { $usersql = ""; } - $grade_inst = new grade_grade(); - $fields = 'g.'.implode(',g.', $grade_inst->required_fields); - - // where to look for final grades - include grade of this item too, we will store the results there - $gis = implode(',', array_merge($depends_on, array($this->grade_item->id))); $sql = "SELECT $fields - FROM {$CFG->prefix}grade_grades g, {$CFG->prefix}grade_items gi - WHERE gi.id = g.itemid AND gi.id IN ($gis) $usersql + FROM {grade_grades} g, {grade_items} gi + WHERE gi.id = g.itemid AND gi.id $usql $usersql ORDER BY g.userid"; // group the results by userid and aggregate the grades for this user - if ($rs = $DB->get_recordset_sql($sql)) { + if ($rs = $DB->get_recordset_sql($sql, $params)) { $prevuser = 0; $grade_values = array(); $excluded = array(); @@ -1294,9 +1297,10 @@ class grade_category extends grade_object { * @static */ public static function updated_forced_settings() { - global $CFG; - $sql = "UPDATE {$CFG->prefix}grade_items SET needsupdate=1 WHERE itemtype='course' or itemtype='category'"; - execute_sql($sql, false); + global $CFG, $DB; + $params = array(1, 'course', 'category'); + $sql = "UPDATE {grade_items} SET needsupdate=? WHERE itemtype=? or itemtype=?"; + $DB->execute($sql, $params); } } ?> diff --git a/lib/grade/grade_grade.php b/lib/grade/grade_grade.php index f299e4b40c..d72dc6055d 100644 --- a/lib/grade/grade_grade.php +++ b/lib/grade/grade_grade.php @@ -384,11 +384,10 @@ class grade_grade extends grade_object { public function check_locktime_all($items) { global $CFG, $DB; - $items_sql = implode(',', $items); - $now = time(); // no rounding needed, this is not supposed to be called every 10 seconds - - if ($rs = $DB->get_recordset_select('grade_grades', "itemid IN ($items_sql) AND locked = 0 AND locktime > 0 AND locktime < $now")) { + list($usql, $params) = $DB->get_in_or_equal($items); + $params[] = $now; + if ($rs = $DB->get_recordset_select('grade_grades', "itemid $usql AND locked = 0 AND locktime > 0 AND locktime < ?")) { foreach ($rs as $grade) { $grade_grade = new grade_grade($grade, false); $grade_grade->locked = time(); diff --git a/lib/grade/grade_item.php b/lib/grade/grade_item.php index f43fc539fa..c23ec32abc 100644 --- a/lib/grade/grade_item.php +++ b/lib/grade/grade_item.php @@ -434,7 +434,7 @@ class grade_item extends grade_object { if (!empty($cm->idnumber)) { return false; } - if ($DB->set_field('course_modules', 'idnumber', addslashes($idnumber), array('id' => $cm->id))) { + if ($DB->set_field('course_modules', 'idnumber', $idnumber, array('id' => $cm->id))) { $this->idnumber = $idnumber; return $this->update(); } @@ -608,9 +608,10 @@ class grade_item extends grade_object { * @param return int Number of hidden grades */ public function has_hidden_grades($groupsql="", $groupwheresql="") { - global $CFG, $DB; - return $DB->get_field_sql("SELECT COUNT(*) FROM {$CFG->prefix}grade_grades g LEFT JOIN " - ."{$CFG->prefix}user u ON g.userid = u.id $groupsql WHERE itemid = $this->id AND hidden = 1 $groupwheresql"); + global $DB; + $params = array($this->id); + return $DB->get_field_sql("SELECT COUNT(*) FROM {grade_grades} g LEFT JOIN " + ."{user} u ON g.userid = u.id $groupsql WHERE itemid = ? AND hidden = 1 $groupwheresql", $params); } /** @@ -677,7 +678,8 @@ class grade_item extends grade_object { $grade_inst = new grade_grade(); $fields = implode(',', $grade_inst->required_fields); if ($userid) { - $rs = $DB->get_recordset_select('grade_grades', "itemid={$this->id} AND userid=$userid", null, '', $fields); + $params = array($this->id, $userid); + $rs = $DB->get_recordset_select('grade_grades', "itemid=? AND userid=?", $params, '', $fields); } else { $rs = $DB->get_recordset('grade_grades', array('itemid' => $this->id), '', $fields); } @@ -1154,13 +1156,14 @@ class grade_item extends grade_object { } public function move_after_sortorder($sortorder) { - global $CFG; + global $CFG, $DB; //make some room first - $sql = "UPDATE {$CFG->prefix}grade_items + $params = array($sortorder, $this->courseid); + $sql = "UPDATE {grade_items} SET sortorder = sortorder + 1 - WHERE sortorder > $sortorder AND courseid = {$this->courseid}"; - execute_sql($sql, false); + WHERE sortorder > ? AND courseid = ?"; + $DB->execute($sql, $params); $this->set_sortorder($sortorder + 1); } @@ -1244,6 +1247,8 @@ class grade_item extends grade_object { } } else if ($grade_category = $this->load_item_category()) { + $params = array(); + //only items with numeric or scale values can be aggregated if ($this->gradetype != GRADE_TYPE_VALUE and $this->gradetype != GRADE_TYPE_SCALE) { $this->dependson_cache = array(); @@ -1259,40 +1264,47 @@ class grade_item extends grade_object { } if (empty($CFG->grade_includescalesinaggregation)) { - $gtypes = "gi.gradetype = ".GRADE_TYPE_VALUE; + $gtypes = "gi.gradetype = ?"; + $params[] = GRADE_TYPE_VALUE; } else { - $gtypes = "(gi.gradetype = ".GRADE_TYPE_VALUE." OR gi.gradetype = ".GRADE_TYPE_SCALE.")"; + $gtypes = "(gi.gradetype = ? OR gi.gradetype = ?)"; + $params[] = GRADE_TYPE_VALUE; + $params[] = GRADE_TYPE_SCALE; } if ($grade_category->aggregatesubcats) { // return all children excluding category items + $params[] = $grade_category->id; $sql = "SELECT gi.id - FROM {$CFG->prefix}grade_items gi + FROM {grade_items} gi WHERE $gtypes $outcomes_sql AND gi.categoryid IN ( SELECT gc.id - FROM {$CFG->prefix}grade_categories gc - WHERE gc.path LIKE '%/{$grade_category->id}/%')"; + FROM {grade_categories} gc + WHERE gc.path LIKE '%?%')"; } else { + $params[] = $grade_category->id; + $params[] = $grade_category->id; + $params[] = GRADE_TYPE_VALUE; + $params[] = GRADE_TYPE_SCALE; $sql = "SELECT gi.id - FROM {$CFG->prefix}grade_items gi - WHERE gi.categoryid = {$grade_category->id} - AND $gtypes + FROM {grade_items} gi + WHERE $gtypes + AND gi.categoryid = ? $outcomes_sql - UNION SELECT gi.id - FROM {$CFG->prefix}grade_items gi, {$CFG->prefix}grade_categories gc + FROM {grade_items} gi, {grade_categories} gc WHERE (gi.itemtype = 'category' OR gi.itemtype = 'course') AND gi.iteminstance=gc.id - AND gc.parent = {$grade_category->id} + AND gc.parent = ? AND $gtypes $outcomes_sql"; } - if ($children = $DB->get_records_sql($sql)) { + if ($children = $DB->get_records_sql($sql, $params)) { $this->dependson_cache = array_keys($children); return $this->dependson_cache; } else { @@ -1619,14 +1631,15 @@ class grade_item extends grade_object { } // precreate grades - we need them to exist + $params = array($this->id); $sql = "SELECT DISTINCT go.userid - FROM {$CFG->prefix}grade_grades go - JOIN {$CFG->prefix}grade_items gi + FROM {grade_grades} go + JOIN {grade_items} gi ON gi.id = go.itemid - LEFT OUTER JOIN {$CFG->prefix}grade_grades g - ON (g.userid = go.userid AND g.itemid = $this->id) + LEFT OUTER JOIN {grade_grades} g + ON (g.userid = go.userid AND g.itemid = ?) WHERE gi.id <> $this->id AND g.id IS NULL"; - if ($missing = $DB->get_records_sql($sql)) { + if ($missing = $DB->get_records_sql($sql, $params)) { foreach ($missing as $m) { $grade = new grade_grade(array('itemid'=>$this->id, 'userid'=>$m->userid), false); $grade->grade_item =& $this; @@ -1647,10 +1660,12 @@ class grade_item extends grade_object { // where to look for final grades? // this itemid is added so that we use only one query for source and final grades - $gis = implode(',', array_merge($useditems, array($this->id))); + $gis = array_merge($useditems, array($this->id)); + list($usql, $params) = $DB->get_in_or_equal($gis); if ($userid) { - $usersql = "AND g.userid=$userid"; + $usersql = "AND g.userid=?"; + $params[] = $userid; } else { $usersql = ""; } @@ -1658,15 +1673,16 @@ class grade_item extends grade_object { $grade_inst = new grade_grade(); $fields = 'g.'.implode(',g.', $grade_inst->required_fields); + $params[] = $this->courseid; $sql = "SELECT $fields - FROM {$CFG->prefix}grade_grades g, {$CFG->prefix}grade_items gi - WHERE gi.id = g.itemid AND gi.courseid={$this->courseid} AND gi.id IN ($gis) $usersql - ORDER BY g.userid"; + FROM {grade_grades} g, {grade_items} gi + WHERE gi.id = g.itemid AND gi.id $usql $usersql AND gi.courseid=? + ORDER BY g.userid"; $return = true; // group the grades by userid and use formula on the group - if ($rs = $DB->get_recordset_sql($sql)) { + if ($rs = $DB->get_recordset_sql($sql, $params)) { $prevuser = 0; $grade_records = array(); $oldgrade = null; @@ -1808,13 +1824,13 @@ class grade_item extends grade_object { $grade_items = array(); } else { - $gis = implode(',', $useditems); - + list($usql, $params) = $DB->get_in_or_equal($useditems); + $params[] = $this->courseid; $sql = "SELECT gi.* - FROM {$CFG->prefix}grade_items gi - WHERE gi.id IN ($gis) and gi.courseid={$this->courseid}"; // from the same course only! + FROM {grade_items} gi + WHERE gi.id $usql and gi.courseid=?"; // from the same course only! - if (!$grade_items = $DB->get_records_sql($sql)) { + if (!$grade_items = $DB->get_records_sql($sql, $params)) { $grade_items = array(); } } diff --git a/lib/grade/grade_object.php b/lib/grade/grade_object.php index fdedb135f1..6a71955fbc 100644 --- a/lib/grade/grade_object.php +++ b/lib/grade/grade_object.php @@ -154,6 +154,8 @@ abstract class grade_object { $wheresql = array(); // remove incorrect params + $named_params = array(); + foreach ($params as $var=>$value) { if (!in_array($var, $instance->required_fields) and !array_key_exists($var, $instance->optional_fields)) { continue; @@ -161,8 +163,8 @@ abstract class grade_object { if (is_null($value)) { $wheresql[] = " $var IS NULL "; } else { - $value = addslashes($value); - $wheresql[] = " $var = '$value' "; + $wheresql[] = " $var = ? "; + $named_params[] = $value; } } @@ -173,7 +175,7 @@ abstract class grade_object { } global $DB; - if ($datas = $DB->get_records_select($table, $wheresql, array('id'))) { + if ($datas = $DB->get_records_select($table, $wheresql, $named_params)) { $result = array(); foreach($datas as $data) { $instance = new $classname(); @@ -202,7 +204,7 @@ abstract class grade_object { $data = $this->get_record_data(); - if (!$DB->update_record($this->table, addslashes_recursive($data))) { + if (!$DB->update_record($this->table, $data)) { return false; } @@ -213,7 +215,7 @@ abstract class grade_object { $data->source = $source; $data->timemodified = time(); $data->userlogged = $USER->id; - $DB->insert_record($this->table.'_history', addslashes_recursive($data)); + $DB->insert_record($this->table.'_history', $data); } return true; @@ -243,7 +245,7 @@ abstract class grade_object { $data->source = $source; $data->timemodified = time(); $data->userlogged = $USER->id; - $DB->insert_record($this->table.'_history', addslashes_recursive($data)); + $DB->insert_record($this->table.'_history', $data); } return true; @@ -287,7 +289,7 @@ abstract class grade_object { $data = $this->get_record_data(); - if (!$this->id = $DB->insert_record($this->table, addslashes_recursive($data))) { + if (!$this->id = $DB->insert_record($this->table, $data)) { debugging("Could not insert object into db"); return false; } @@ -304,7 +306,7 @@ abstract class grade_object { $data->source = $source; $data->timemodified = time(); $data->userlogged = $USER->id; - $DB->insert_record($this->table.'_history', addslashes_recursive($data)); + $DB->insert_record($this->table.'_history', $data); } return $this->id; diff --git a/lib/grade/grade_outcome.php b/lib/grade/grade_outcome.php index 0e39fc2e8e..0e55c9fb26 100644 --- a/lib/grade/grade_outcome.php +++ b/lib/grade/grade_outcome.php @@ -91,8 +91,9 @@ class grade_outcome extends grade_object { * @return boolean success */ public function delete($source=null) { + global $DB; if (!empty($this->courseid)) { - delete_records('grade_outcomes_courses', 'outcomeid', $this->id, 'courseid', $this->courseid); + $DB->delete_records('grade_outcomes_courses', array('outcomeid' => $this->id, 'courseid' => $this->courseid)); } return parent::delete($source); } @@ -147,7 +148,7 @@ class grade_outcome extends grade_object { return false; } - if (!record_exists('grade_outcomes_courses', 'courseid', $courseid, 'outcomeid', $this->id)) { + if (!$DB->record_exists('grade_outcomes_courses', array('courseid' => $courseid, 'outcomeid' => $this->id))) { $goc = new object(); $goc->courseid = $courseid; $goc->outcomeid = $this->id; @@ -225,12 +226,13 @@ class grade_outcome extends grade_object { global $CFG, $DB; $result = array(); + $params = array($courseid); $sql = "SELECT go.* - FROM {$CFG->prefix}grade_outcomes go, {$CFG->prefix}grade_outcomes_courses goc - WHERE go.id = goc.outcomeid AND goc.courseid = {$courseid} + FROM {grade_outcomes} go, {grade_outcomes_courses} goc + WHERE go.id = goc.outcomeid AND goc.courseid = ? ORDER BY go.id ASC"; - if ($datas = $DB->get_records_sql($sql)) { + if ($datas = $DB->get_records_sql($sql, $params)) { foreach($datas as $data) { $instance = new grade_outcome(); grade_object::set_properties($instance, $data); @@ -279,13 +281,13 @@ class grade_outcome extends grade_object { * @return int */ public function get_course_uses_count() { - global $CFG; + global $DB; if (!empty($this->courseid)) { return 1; } - return count_records('grade_outcomes_courses', 'outcomeid', $this->id); + return $DB->count_records('grade_outcomes_courses', array('outcomeid' => $this->id)); } /** @@ -293,7 +295,8 @@ class grade_outcome extends grade_object { * @return int */ public function get_item_uses_count() { - return count_records('grade_items', 'outcomeid', $this->id); + global $DB; + return $DB->count_records('grade_items', array('outcomeid' => $this->id)); } /** @@ -321,24 +324,27 @@ class grade_outcome extends grade_object { return false; } + $params = array($this->id); + $wheresql = ''; if (!is_null($courseid)) { - $wheresql = " AND {$CFG->prefix}grade_items.courseid = $courseid "; + $wheresql = " AND {grade_items}.courseid = ? "; + $params[] = $courseid; } $selectadd = ''; if ($items !== false) { - $selectadd = ", {$CFG->prefix}grade_items.* "; + $selectadd = ", {grade_items}.* "; } $sql = "SELECT finalgrade $selectadd - FROM {$CFG->prefix}grade_grades, {$CFG->prefix}grade_items, {$CFG->prefix}grade_outcomes - WHERE {$CFG->prefix}grade_outcomes.id = {$CFG->prefix}grade_items.outcomeid - AND {$CFG->prefix}grade_items.id = {$CFG->prefix}grade_grades.itemid - AND {$CFG->prefix}grade_outcomes.id = $this->id + FROM {grade_grades}, {grade_items}, {grade_outcomes} + WHERE {grade_outcomes}.id = {grade_items}.outcomeid + AND {grade_items}.id = {grade_grades}.itemid + AND {grade_outcomes}.id = ? $wheresql"; - $grades = $DB->get_records_sql($sql); + $grades = $DB->get_records_sql($sql, $params); $retval = array(); if ($average !== false && count($grades) > 0) { diff --git a/lib/grade/grade_scale.php b/lib/grade/grade_scale.php index c506ccf9ef..779d293c19 100644 --- a/lib/grade/grade_scale.php +++ b/lib/grade/grade_scale.php @@ -236,14 +236,15 @@ class grade_scale extends grade_object { global $CFG; // count grade items excluding the - $sql = "SELECT COUNT(id) FROM {$CFG->prefix}grade_items WHERE scaleid = {$this->id} AND outcomeid IS NULL"; - if (count_records_sql($sql)) { + $params = array($this->id); + $sql = "SELECT COUNT(id) FROM {grade_items} WHERE scaleid = ? AND outcomeid IS NULL"; + if ($DB->count_records_sql($sql, $params)) { return true; } // count outcomes - $sql = "SELECT COUNT(id) FROM {$CFG->prefix}grade_outcomes WHERE scaleid = {$this->id}"; - if (count_records_sql($sql)) { + $sql = "SELECT COUNT(id) FROM {grade_outcomes} WHERE scaleid = ?"; + if ($DB->count_records_sql($sql, $params)) { return true; } diff --git a/lib/grade/simpletest/testgradeitem.php b/lib/grade/simpletest/testgradeitem.php index 07fc0e12f2..62afda7424 100755 --- a/lib/grade/simpletest/testgradeitem.php +++ b/lib/grade/simpletest/testgradeitem.php @@ -210,7 +210,7 @@ class grade_item_test extends grade_test { $this->assertEqual($grade_item->sortorder, 6); $after = grade_item::fetch(array('id'=>$this->grade_items[6]->id)); - $this->assertEqual($after->sortorder, 7); + $this->assertEqual($after->sortorder, 8); } function test_grade_item_get_name() { -- 2.39.5