[dgoette] 40320: continue: converting database calls to PDO - Ros-diffs

2 Apr 2009

Author: dgoette
Date: Thu Apr  2 04:42:42 2009
New Revision: 40320
URL: http://svn.reactos.org/svn/reactos?rev=40320&view=rev
Log:
continue: converting database calls to PDO
Modified:
    branches/danny-web/reactos.org/htdocs/compat/inc/comp/comp_group.php
    branches/danny-web/reactos.org/htdocs/compat/inc/comp/comp_item_submit.php
    branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_flat.php
    branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_flat_count_grouplist.php
    branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_grouplist_1.php
    branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_grouplist_2.php
    branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_tree.php
    branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_tree_count_grouplist.php
    branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_historybar.php
    branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_menubar_sections.php
    branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_name_flat.php
    branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_flat.php
    branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_flat_maintainer.php
    branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_id.php
    branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_id_maintainer.php
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/comp/comp_group.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================

--- branches/danny-web/reactos.org/htdocs/compat/inc/comp/comp_group.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/comp/comp_group.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -512,7 +512,7 @@
    		<blockquote>
                <?php  
    	// Query Bundles	
-		$stmt=DBConnections::getInstance()->prepare("SELECT * FROM rsdb_group_bundles WHERE bundle_groupid = :group_id") ;
+		$stmt=CDBConnections::getInstance()->prepare("SELECT * FROM rsdb_group_bundles WHERE bundle_groupid = :group_id") ;
     $stmt->bindParam('group_id',$result_page["grpentr_id"],PDO::PARAM_STR);
     $stmt->execute();
    	while($result_bundlelist = $stmt->fetch(PDO::FETCH_ASSOC)) {
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/comp/comp_item_submit.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/comp/comp_item_submit.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/comp/comp_item_submit.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -526,7 +526,7 @@
         $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_vendor WHERE vendor_name = :name ORDER BY vendor_id DESC LIMIT 1");
         $stmt->bindParam('name',$RSDB_TEMP_txtvname,PDO::PARAM_STR);
         $stmt->execute();
-				$result_vendor_entry = $stmt->fetch(PDO::FETCH_ASSOC)
+				$result_vendor_entry = $stmt->fetch(PDO::FETCH_ASSOC);
    			
    			$RSDB_TEMP_cboVendor = $result_vendor_entry['vendor_id'];
@@ -535,7 +535,7 @@
    			$RSDB_TEMP_cboVendor = $RSDB_TEMP_rockhide;
    		}
-      $stmt=CDBConnection::getInstance()->prepare("INSERT INTO rsdb_groups ( grpentr_id, grpentr_name, grpentr_visible, grpentr_category, grpentr_vendor, grpentr_description, grpentr_usrid, grpentr_date ) VALUES ('', :name, '1', :category, :vendor, :description, :user_id , NOW() )";
+      $stmt=CDBConnection::getInstance()->prepare("INSERT INTO rsdb_groups ( grpentr_id, grpentr_name, grpentr_visible, grpentr_category, grpentr_vendor, grpentr_description, grpentr_usrid, grpentr_date ) VALUES ('', :name, '1', :category, :vendor, :description, :user_id , NOW() )");
       $stmt->bindParam('name',$RSDB_TEMP_txtname,PDO::PARAM_STR);
       $stmt->bindParam('category',$RSDB_TEMP_cboCategory,PDO::PARAM_STR);
       $stmt->bindParam('vendor',$RSDB_TEMP_cboVendor,PDO::PARAM_STR);
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_flat.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_flat.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_flat.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -35,17 +35,16 @@
-$query_count_cat=mysql_query("SELECT COUNT('cat_id')
-						FROM `rsdb_categories`
-						WHERE `cat_visible` = '1'
-						AND `cat_path` = " . htmlentities($RSDB_SET_cat) . "
-						" . $RSDB_intern_code_db_rsdb_categories . " ;");	
-$result_count_cat = mysql_fetch_row($query_count_cat);
+$stmt=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_categories WHERE cat_visible = '1' AND cat_path = :path " . $RSDB_intern_code_db_rsdb_categories . "");
+$stmt->bindParam('path',$RSDB_SET_cat,PDO::PARAM_STR);
+$stmt->execute();
+$result_count_cat = $stmt->fetch(PDO::FETCH_NUM);
// Update the ViewCounter:
 if ($RSDB_SET_cat != "" || $RSDB_SET_cat != "0") {
-	$query_update_viewcounter = "UPDATE `rsdb_categories` SET `cat_viewcounter` = (cat_viewcounter + 1) WHERE `cat_id` = '" . $RSDB_SET_cat . "' LIMIT 1 ;";
-	@mysql_query($query_update_viewcounter);
+  $stmt=CDBConnection::getInstance()->prepare("UPDATE rsdb_categories SET cat_viewcounter = (cat_viewcounter + 1) WHERE cat_id = :cat_id");
+  $stmt->bindParam('cat_id',$RSDB_SET_cat,PDO::PARAM_STR);
+  $stmt->execute();
 }
if ($result_count_cat[0]) {
@@ -66,12 +65,9 @@
      </tr>
      <?php
    
-		$query_page = mysql_query("SELECT * 
-									FROM `rsdb_categories` 
-									WHERE `cat_visible` = '1'
-									AND `cat_path` = " . htmlentities($RSDB_SET_cat) . "
-									" . $RSDB_intern_code_db_rsdb_categories . "
-									ORDER BY `".htmlentities($RSDB_TEMP_sortby)."` ASC") ;
+    $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_visible = '1' AND cat_path = :path " . $RSDB_intern_code_db_rsdb_categories . " ORDER BY `".htmlentities($RSDB_TEMP_sortby)."` ASC");
+    $stmt->bindParam('path',$RSDB_SET_cat,PDO::PARAM_STR);
+    $stmt->execute();
    
    	$farbe1="#E2E2E2";
    	$farbe2="#EEEEEE";
@@ -81,7 +77,7 @@
    	include('inc/tree/tree_category_flat_count_grouplist.php');
-		while($result_page = mysql_fetch_array($query_page)) { // Pages
+		while($result_page = $stmt->fetch(PDO::FETCH_ASSOC)) { // Pages
    ?>
      <tr> 
    	<td width="25%" valign="top" bgcolor="<?php
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_flat_count_grouplist.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_flat_count_grouplist.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_flat_count_grouplist.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -51,24 +51,19 @@
    	
    	$RSDB_VAR_counter_tree_grouplist = 0;
    
-		$query_count_groups=mysql_query("SELECT COUNT('cat_id')
-								FROM `rsdb_categories`
-								WHERE `cat_visible` = '1'
-								AND `cat_path` = " . $RSDB_SET_cat . "
-								" . $RSDB_intern_code_db_rsdb_categories . " ;");	
-		$result_count_groups = mysql_fetch_row($query_count_groups);
+		$stmt=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_categories WHERE cat_visible = '1' AND cat_path = :path " . $RSDB_intern_code_db_rsdb_categories . "");
+    $stmt->bindParam('path',$RSDB_SET_cat,PDO::PARAM_STR);
+    $stmt->execute();
+		$result_count_groups = $stmt->fetch();
    	
    	$RSDB_TEMP_counter_group=0;
    	count_group_and_category($RSDB_TEMP_cat_id_grouplista);
if ($result_count_groups[0]) {
    		
-			$query_treeview_count_groups = mysql_query("SELECT * 
-										FROM `rsdb_categories` 
-										WHERE `cat_visible` = '1'
-										AND `cat_path` = " . $RSDB_TEMP_cat_id_grouplist . "
-										" . $RSDB_intern_code_db_rsdb_categories . "
-										ORDER BY `cat_name` ASC") ;
+      $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_visible = '1' AND cat_path = :path " . $RSDB_intern_code_db_rsdb_categories . " ORDER BY cat_name ASC");
+      $stmt->bindParam('path',$RSDB_TEMP_cat_id_grouplist,PDO::PARAM_STR);
+      $stmt->execute();
    		
    		
    			$cellcolor1="#E2E2E2";
@@ -76,7 +71,7 @@
    			$cellcolorcounter="0";
    			
    			
-			while($result_treeview_count_groups = mysql_fetch_array($query_treeview_count_groups)) { // treeview_count_groups
+			while($result_treeview_count_groups = $stmt->fetch(PDO::FETCH_ASSOC)) { // treeview_count_groups
    	  
    			
 //				echo "<br><a href='".$RSDB_intern_link_category_cat.$result_treeview_count_groups['cat_id']."'>".$result_treeview_count_groups['cat_name']."</a>";
@@ -101,12 +96,9 @@
    	global $RSDB_TEMP_counter_group;
    	global $RSDB_intern_code_db_rsdb_groups;
-		$query_count_group_and_category=mysql_query("SELECT COUNT('grpentr_id')
-						FROM `rsdb_groups`
-						WHERE `grpentr_visible` = '1'
-						AND `grpentr_category` = " . $RSDB_TEMP_cat_id_group . "
-						" . $RSDB_intern_code_db_rsdb_groups . " ;");	
-		$result_count_group_and_category = mysql_fetch_row($query_count_group_and_category);
+    $stmt=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_groups WHERE grpentr_visible = '1' AND grpentr_category = :category " . $RSDB_intern_code_db_rsdb_groups . "");
+    $stmt->bindParam('category',$RSDB_TEMP_cat_id_group,PDO::PARAM_STR);
+		$result_count_group_and_category = $stmt->fetch(PDO::FETCH_NUM);
 //		echo "->".$result_count_group_and_category[0]."<-";
    	
    	if ($result_count_group_and_category[0]) {
@@ -131,13 +123,11 @@
    	global $RSDB_intern_code_db_rsdb_categories;
-		$query_create_historybar=mysql_query("SELECT * 
-								FROM `rsdb_categories` 
-								WHERE `cat_path` = " . $RSDB_TEMP_cat_id ."
-								" . $RSDB_intern_code_db_rsdb_categories . "
-								AND `cat_visible` = '1' ;");
+    $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_path = :path " . $RSDB_intern_code_db_rsdb_categories . " AND cat_visible = '1'");
+    $stmt->bindParam('path',$RSDB_TEMP_cat_id,PDO::PARAM_STR);
+    $stmt->execute();
    				
-		while($result_create_historybar=mysql_fetch_array($query_create_historybar)) { 
+		while($result_create_historybar=$stmt->fetch(PDO::FETCH_ASSOC)) { 
    		count_tree_groups_entry($result_create_historybar['cat_id'], $RSDB_TEMP_cat_level_newmain);
    		create_counter_groups($result_create_historybar['cat_path'], $result_create_historybar['cat_id'], 0, $RSDB_TEMP_cat_level_newmain);
    	}
@@ -152,13 +142,11 @@
-		$query_count_tree_groups_entry=mysql_query("SELECT * 
-												FROM `rsdb_categories` 
-												WHERE `cat_id` = " . $RSDB_TEMP_entry_id ."
-												AND `cat_visible` = '1'
-												" . $RSDB_intern_code_db_rsdb_categories . " ;");
+    $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_id = :cat_id AND cat_visible = '1' " . $RSDB_intern_code_db_rsdb_categories . "");
+    $stmt->bindParam('cat_id',$RSDB_TEMP_entry_id,PDO::PARAM_STR);
+    $stmt->execute();
    				
-		$result_count_tree_groups_entry=mysql_fetch_array($query_count_tree_groups_entry);
+		$result_count_tree_groups_entry=$stmt->fetch(PDO::FETCH_ASSOC);
//		echo "<a href='".$RSDB_intern_link_category_cat.$result_count_tree_groups_entry['cat_id']."'>".$result_count_tree_groups_entry['cat_name']."</a>";
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_grouplist_1.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_grouplist_1.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_grouplist_1.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -34,12 +34,10 @@
    }
-$query_count_groups=mysql_query("SELECT COUNT('grpentr_id')
-						FROM `rsdb_groups`
-						WHERE `grpentr_visible` = '1'
-						AND `grpentr_category` = " . mysql_real_escape_string($RSDB_SET_cat) . "
-						" . $RSDB_intern_code_db_rsdb_groups . " ;");	
-$result_count_groups = mysql_fetch_row($query_count_groups);
+$stmt=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_groups WHERE grpentr_visible = '1' AND grpentr_category = :category " . $RSDB_intern_code_db_rsdb_groups . "");
+$stmt->bindParam('category',$RSDB_SET_cat,PDO::PARAM_STR);
+$stmt->execute();
+$result_count_groups = $stmt->fetch(PDO::FETCH_NUM);
 if ($result_count_groups[0]) {
?>
@@ -69,18 +67,15 @@
      </tr>
      <?php
    
-		$query_page = mysql_query("SELECT * 
-									FROM `rsdb_groups` 
-									WHERE `grpentr_visible` = '1'
-									AND `grpentr_category` = " . mysql_real_escape_string($RSDB_SET_cat) . "
-									" . $RSDB_intern_code_db_rsdb_groups . "
-									ORDER BY `grpentr_name` ASC") ;
+    $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_groups WHERE grpentr_visible = '1' AND grpentr_category = :category " . $RSDB_intern_code_db_rsdb_groups . " ORDER BY grpentr_name ASC");
+    $stmt->bindParam('category',$RSDB_SET_cat,PDO::PARAM_STR);
+    $stmt->execute();
    
    	$farbe1="#E2E2E2";
    	$farbe2="#EEEEEE";
    	$zaehler="0";
    	
-		while($result_page = mysql_fetch_array($query_page)) { // Pages
+		while($result_page = $stmt->fetch(PDO::FETCH_ASSOC)) { // Pages
    ?>
      <tr> 
    	<td valign="top" bgcolor="<?php
@@ -96,26 +91,20 @@
    								}
    							 ?>" > <div align="left"><font size="2" face="Arial, Helvetica, sans-serif"><b><a href="<?php echo $RSDB_intern_link_group_EX.$result_page['grpentr_id'].$RSDB_URI_slash; ?>">
    	  <?php
-			$query_entry_vendor = mysql_query("SELECT * 
-												FROM `rsdb_item_vendor` 
-												WHERE `vendor_id` = " .  mysql_real_escape_string($result_page['grpentr_vendor']) ." ;") ;
-			$result_entry_vendor = mysql_fetch_array($query_entry_vendor);
+			$stmt_vendor=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_vendor WHERE vendor_id = :vendor_id");
+      $stmt_vendor->bindParam('vendor_id',$result_page['grpentr_vendor'],PDO::PARAM_STR);
+      $stmt_vendor->execute();
+			$result_entry_vendor = $stmt->fetch(PDO::FETCH_ASSOC);
    /*	
    		echo $result_entry_vendor['vendor_name']."&nbsp;";
    */
    	  ?>
    	  <?php echo $result_page['grpentr_name']; ?></a></b><?php
    		echo " &nbsp;<i>";
-			$query_entry_appver = mysql_query("SELECT DISTINCT (
-												`comp_appversion` 
-												), `comp_osversion` , `comp_id` , `comp_name` 
-												FROM `rsdb_item_comp` 
-												WHERE `comp_visible` = '1'
-												AND `comp_groupid` = '". mysql_real_escape_string($result_page['grpentr_id']) ."'
-												GROUP BY `comp_appversion` 
-												ORDER BY `comp_appversion` ASC 
-												LIMIT 0 , 15 ;") ;
-			while($result_entry_appver = mysql_fetch_array($query_entry_appver)) {
+			$stmt_comp=CDBConnection::getInstance()->prepare("SELECT DISTINCT(comp_appversion), comp_osversion, comp_id, comp_name FROM rsdb_item_comp WHERE comp_visible = '1' AND comp_groupid = :group_id GROUP BY comp_appversion ORDER BY comp_appversion ASC  LIMIT 15");
+      $stmt_comp->bindParam('group_id',$result_page['grpentr_id'],PDO::PARAM_STR);
+      $stmt_comp->execute();
+			while($result_entry_appver = $stmt_comp->fetch(PDO::FETCH_ASSOC)) {
    			if ($result_entry_appver['comp_name'] > $result_page['grpentr_name']) {
    				echo "<a href="".$RSDB_intern_link_group_EX.$result_page['grpentr_id'].$RSDB_URI_slash2."&amp;group2=".$result_entry_appver['comp_appversion']."">".substr($result_entry_appver['comp_name'], strlen($result_page['grpentr_name'])+1 )."</a>, ";
    			}
@@ -149,49 +138,41 @@
    		$counter_forumentries = 0;
    		$counter_screenshots = 0;
-			$query_group_sum_items = mysql_query("SELECT * 
-													FROM `rsdb_item_comp` 
-													WHERE `comp_groupid` = " . mysql_real_escape_string($result_page['grpentr_id']) . "
-													AND `comp_visible` = '1'
-													ORDER BY `comp_groupid` DESC ;") ;
-			while($result_group_sum_items = mysql_fetch_array($query_group_sum_items)) { 
+			$stmt_item=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_comp WHERE comp_groupid = :group_id AND comp_visible = '1' ORDER BY comp_groupid DESC");
+      $stmt_item->bindParam('group_id',$result_page['grpentr_id'],PDO::PARAM_STR);
+      $stmt_item->execute();
+			while($result_group_sum_items = $stmt_item->fetch(PDO::FETCH_ASSOC)) { 
    			$counter_items++;
    			if ($counter_awards_best < $result_group_sum_items['comp_award']) {
    				$counter_awards_best = $result_group_sum_items['comp_award'];
    			}
-				$query_count_stars_sum = mysql_query("SELECT * 
-								FROM `rsdb_item_comp_testresults` 
-								WHERE `test_visible` = '1'
-								AND `test_comp_id` = " . $result_group_sum_items['comp_id'] . "
-								ORDER BY `test_comp_id` ASC") ;
-								
-				while($result_count_stars_sum = mysql_fetch_array($query_count_stars_sum)) {
-					$counter_stars_install_sum += $result_count_stars_sum['test_result_install'];
-					$counter_stars_function_sum += $result_count_stars_sum['test_result_function'];
-					$counter_stars_user_sum++;
-				}
+        $stmt_tests=CDBConnection::getInstance()->prepare("SELECT SUM(test_result_install) AS install_sum, SUM(test_result_function) AS function_sum, COUNT(*) AS user_sum FROM rsdb_item_comp_testresults WHERE test_visible = '1' AND test_comp_id = :comp_id");
+        $stmt_tests->bindParam('comp_id',$result_group_sum_items['comp_id'],PDO::PARAM_STR);
+        $stmt_tests->execute();
+        $tmp=$stmt_tests->fetch(PDO::FETCH_ASSOC);
+
+        $counter_stars_install_sum += $tmp['install_sum'];
+        $counter_stars_function_sum += $tmp['function_sum'];
+        $counter_stars_user_sum += $tmp['user_sum'];
    			
-				$query_count_testentries=mysql_query("SELECT COUNT('test_id')
-														FROM `rsdb_item_comp_testresults`
-														WHERE `test_visible` = '1' 
-														AND `test_comp_id` = '".mysql_real_escape_string($result_group_sum_items['comp_id'])."' ;");	
-				$result_count_testentries = mysql_fetch_row($query_count_testentries);
+        $stmt_count=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_item_comp_testresults WHERE test_visible = '1' AND test_comp_id = :comp_id");
+        $stmt_count->bindParam('comp_id',$result_group_sum_items['comp_id'],PDO::PARAM_STR);
+        $stmt_count->execute();
+				$result_count_testentries = $stmt_count->fetch(PDO::FETCH_NUM);
    			$counter_testentries += $result_count_testentries[0];
    			
    			// Forum entries:
-				$query_count_forumentries=mysql_query("SELECT COUNT('fmsg_id')
-														FROM `rsdb_item_comp_forum`
-														WHERE `fmsg_visible` = '1' 
-														AND `fmsg_comp_id` = '".mysql_real_escape_string($result_group_sum_items['comp_id'])."' ;");	
-				$result_count_forumentries = mysql_fetch_row($query_count_forumentries);
+        $stmt_count=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_item_comp_forum WHERE fmsg_visible = '1' AND fmsg_comp_id = :comp_id");
+        $stmt_count->bindParam('comp_id',$result_group_sum_items['comp_id'],PDO::PARAM_STR);
+        $stmt_count->execute();
+				$result_count_forumentries = $stmt_count->fetch(PDO::FETCH_NUM);
    			$counter_forumentries += $result_count_forumentries[0];
// Screenshots:
-				$query_count_screenshots=mysql_query("SELECT COUNT('media_id')
-														FROM `rsdb_object_media`
-														WHERE `media_visible` = '1' 
-														AND `media_groupid` = '".mysql_real_escape_string($result_group_sum_items['comp_media'])."' ;");	
-				$result_count_screenshots = mysql_fetch_row($query_count_screenshots);
+        $stmt_count=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_object_media WHERE media_visible = '1' AND media_groupid = :group_id");
+        $stmt_count->bindParam('group_id',$result_group_sum_items['comp_media'],PDO::PARAM_STR);
+        $stmt_count->execute();
+				$result_count_screenshots = $stmt_count->fetch(PDO::FETCH_NUM);
    			$counter_screenshots += $result_count_screenshots[0];
    		}
 ?>
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_grouplist_2.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_grouplist_2.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_grouplist_2.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -34,12 +34,10 @@
    }
-$query_count_groups=mysql_query("SELECT COUNT('grpentr_id')
-						FROM `rsdb_groups`
-						WHERE `grpentr_visible` = '1'
-						AND `grpentr_category` = " . $RSDB_SET_cat . "
-						" . $RSDB_intern_code_db_rsdb_groups . " ;");	
-$result_count_groups = mysql_fetch_row($query_count_groups);
+$stmt=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_groups WHERE grpentr_visible = '1' AND grpentr_category = :category " . $RSDB_intern_code_db_rsdb_groups . "");
+$stmt->bindParam('category',$RSDB_SET_cat,PDO::PARAM_STR);
+$stmt->execute();
+$result_count_groups = $stmt->fetch(PDO::FETCH_NUM);
 if ($result_count_groups[0]) {
?>
@@ -52,18 +50,15 @@
      </tr>
      <?php
    
-		$query_page = mysql_query("SELECT * 
-									FROM `rsdb_groups` 
-									WHERE `grpentr_visible` = '1'
-									AND `grpentr_category` = " . $RSDB_SET_cat . "
-									" . $RSDB_intern_code_db_rsdb_groups . "
-									ORDER BY `grpentr_order` ASC") ;
+    $stmt=CDBConnecion::getInstance()->prepare("SELECT * FROM rsdb_groups WHERE grpentr_visible = '1' AND grpentr_category = :category " . $RSDB_intern_code_db_rsdb_groups . " ORDER BY grpentr_order ASC");
+    $stmt->bindParam('category',$RSDB_SET_cat,PDO::PARAM_STR);
+    $stmt->execute();
    
    	$farbe1="#E2E2E2";
    	$farbe2="#EEEEEE";
    	$zaehler="0";
    	
-		while($result_page = mysql_fetch_array($query_page)) { // Pages
+		while($result_page = $stmt->fetch(PDO::FETCH_ASSOC)) { // Pages
    ?>
      <tr> 
    	<td valign="top" bgcolor="<?php
@@ -97,24 +92,19 @@
    		
    		$counter_items = 0;
-			$query_group_sum_items = @mysql_query("SELECT * 
-													FROM `rsdb_item_".mysql_escape_string($RSDB_intern_code_view_shortname)."` 
-													WHERE `".mysql_escape_string($RSDB_intern_code_view_shortname)."_groupid` = " . $result_page['grpentr_id'] . "
-													AND `".mysql_escape_string($RSDB_intern_code_view_shortname)."_visible` = '1'
-													ORDER BY `".mysql_escape_string($RSDB_intern_code_view_shortname)."_groupid` DESC ;") ;
-			while($result_group_sum_items = @mysql_fetch_array($query_group_sum_items)) { 
+      $stmt_item=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_".$RSDB_intern_code_view_shortname." WHERE ".$RSDB_intern_code_view_shortname."_groupid = :group_id AND ".$RSDB_intern_code_view_shortname."_visible` = '1' ORDER BY ".$RSDB_intern_code_view_shortname."_groupid DESC");
+      $stmt_item->bindParam('group_id',$result_page['grpentr_id'],PDO::PARAM_STR);
+      $stmt_item->execute();
+			while($result_group_sum_items = $stmt_item->fetch(PDO::FETCH_ASSOC)) { 
    			$counter_items++;
-				$query_count_stars_sum = @mysql_query("SELECT * 
-								FROM `".mysql_escape_string($RSDB_intern_code_view_shortname)."_item_".mysql_escape_string($RSDB_intern_code_view_shortname)."_testresults` 
-								WHERE `test_visible` = '1'
-								AND `test_comp_id` = " . $result_group_sum_items[$RSDB_intern_code_view_shortname.'_id'] . "
-								ORDER BY `test_comp_id` ASC") ;
-								
-				while($result_count_stars_sum = @mysql_fetch_array($query_count_stars_sum)) {
-					$counter_stars_install_sum += $result_count_stars_sum['test_result_install'];
-					$counter_stars_function_sum += $result_count_stars_sum['test_result_function'];
-					$counter_stars_user_sum++;
-				}
+        $stmt_tests=CDBConnection::getInstance()->prepare("SELECT SUM(test_result_install) AS install_sum, SUM(test_result_function) AS function_sum, COUNT(*) AS user_sum FROM ".$RSDB_intern_code_view_shortname."_item_".$RSDB_intern_code_view_shortname."_testresults  WHERE test_visible = '1' AND test_comp_id = :comp_id ORDER BY test_comp_id ASC");
+        $stmt_tests->bindParam('comp_id',$result_group_sum_items[$RSDB_intern_code_view_shortname.'_id'],PDO::PARAM_STR);
+        $stmt_tests->execute();
+        $tmp=$stmt_tests->fetch(PDO::FETCH_ASSOC);
+
+        $counter_stars_install_sum += $tmp['install_sum'];
+        $counter_stars_function_sum += $tmp['function_sum'];
+        $counter_stars_user_sum += $tmp['user_sum'];
    		}
    		echo $counter_items;
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_tree.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_tree.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_tree.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -36,17 +36,16 @@
-$query_count_cat=mysql_query("SELECT COUNT('cat_id')
-						FROM `rsdb_categories`
-						WHERE `cat_visible` = '1'
-						AND `cat_path` = " . htmlentities($RSDB_SET_cat) . "
-						" . $RSDB_intern_code_db_rsdb_categories . " ;");	
-$result_count_cat = mysql_fetch_row($query_count_cat);
+$stmt=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_categories WHERE cat_visible = '1' AND cat_path = :path " . $RSDB_intern_code_db_rsdb_categories . "");
+$stmt->bindParam('path',$RSDB_SET_cat,PDO::PARAM_STR);
+$stmt->execute();
+$result_count_cat = $stmt->fetch(PDO::FETCH_NUM);
// Update the ViewCounter:
 if ($RSDB_SET_cat != "" || $RSDB_SET_cat != "0") {
-	$query_update_viewcounter = "UPDATE `rsdb_categories` SET `cat_viewcounter` = (cat_viewcounter + 1) WHERE `cat_id` = '" . $RSDB_SET_cat . "' LIMIT 1 ;";
-	@mysql_query($query_update_viewcounter);
+  $stmt=CDBConnection::getInstance()->prepare("UPDATE rsdb_categories SET cat_viewcounter = (cat_viewcounter + 1) WHERE cat_id = :cat_id");
+  $stmt->bindParam('cat_id',$RSDB_SET_cat,PDO::PARAM_STR);
+  $stmt->execute();
 }
if ($result_count_cat[0]) {
@@ -74,12 +73,9 @@
      <?php
-		$query_treeview = mysql_query("SELECT * 
-									FROM `rsdb_categories` 
-									WHERE `cat_visible` = '1'
-									AND `cat_path` = " . htmlentities($RSDB_SET_cat) . "
-									" . $RSDB_intern_code_db_rsdb_categories . "
-									ORDER BY `".htmlentities($RSDB_TEMP_sortby)."` ASC") ;
+    $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_visible = '1' AND cat_path = :path " . $RSDB_intern_code_db_rsdb_categories . " ORDER BY ".$RSDB_TEMP_sortby." ASC");
+    $stmt->bindParam('path',$RSDB_SET_cat,PDO::PARAM_STR);
+    $stmt->execute();
    	
    	
    		$cellcolor1="#E2E2E2";
@@ -88,7 +84,7 @@
    		
    		include('inc/tree/tree_category_tree_count_grouplist.php');
    		
-		while($result_treeview = mysql_fetch_array($query_treeview)) { // TreeView
+		while($result_treeview = $stmt->fetch(PDO::FETCH_ASSOC)) { // TreeView
    ?>
      <tr> 
    	
@@ -112,12 +108,10 @@
    	
    	for ($guesslevel=1; ; $guesslevel++) {
 //				echo $guesslevel."#";
-				$query_category_tree_guesslevel= mysql_query("SELECT * 
-															FROM `rsdb_categories` 
-															WHERE `cat_id` = " . $RSDB_TEMP_cat_current_id_guess ."
-															AND `cat_visible` = '1'
-															" . $RSDB_intern_code_db_rsdb_categories . " ;");
-				$result_category_tree_guesslevel=mysql_fetch_array($query_category_tree_guesslevel);
+				$stmt_cat=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_id = :cat_id AND cat_visible = '1' " . $RSDB_intern_code_db_rsdb_categories . "");
+        $stmt_cat->bindParam('cat_id',$RSDB_TEMP_cat_current_id_guess,PDO::PARAM_STR);
+        $stmt_cat->execute();
+				$result_category_tree_guesslevel=$stmt_cat->fetch(PDO::FETCH_ASSOC);
 //					echo $result_category_tree_guesslevel['cat_name'];
    			$RSDB_TEMP_cat_current_id_guess = $result_category_tree_guesslevel['cat_path'];
    			
@@ -166,15 +160,12 @@
    	global $RSDB_intern_code_db_rsdb_categories;
    	global $RSDB_TEMP_sortby;
-		$query_create_historybar=mysql_query("SELECT * 
-								FROM `rsdb_categories` 
-								WHERE `cat_path` = " . $RSDB_TEMP_cat_id ."
-								AND `cat_visible` = '1' 
-								" . $RSDB_intern_code_db_rsdb_categories . "
-								ORDER BY `".$RSDB_TEMP_sortby."` ASC ;");
+    $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_path = :path AND cat_visible = '1' " . $RSDB_intern_code_db_rsdb_categories . " ORDER BY ".$RSDB_TEMP_sortby." ASC");
+    $stmt->bindParam('path',$RSDB_TEMP_cat_id,PDO::PARAM_STR);
+    $stmt->execute();
    				
    	//$result_create_historybar=mysql_fetch_array($query_create_historybar);
-		while($result_create_historybar=mysql_fetch_array($query_create_historybar)) { 
+		while($result_create_historybar=$stmt->fetch(PDO::FETCH_ASSOC)) { 
    		//echo "&nbsp;&nbsp; catlev: ".$result_create_historybar['cat_level']." | curlev: ".$RSDB_TEMP_cat_level."<br>";
    		
 /*			if ($result_create_historybar['cat_level'] > $RSDB_TEMP_cat_level) {
@@ -205,13 +196,11 @@
 //		global $RSDB_TEMP_cat_icon;
-		$query_create_tree_entry=mysql_query("SELECT * 
-												FROM `rsdb_categories` 
-												WHERE `cat_id` = " . $RSDB_TEMP_entry_id ."
-												AND `cat_visible` = '1'
-												" . $RSDB_intern_code_db_rsdb_categories . " ;");
+    $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_id = :cat_id AND cat_visible = '1' " . $RSDB_intern_code_db_rsdb_categories . "");
+    $stmt->bindParam('cat_id',$RSDB_TEMP_entry_id,PDO::PARAM_STR);
+    $stmt->execute();
    				
-		$result_create_tree_entry=mysql_fetch_array($query_create_tree_entry);
+		$result_create_tree_entry=$stmt->fetch(PDO::FETCH_ASSOC);
/*		if ($result_create_tree_entry['cat_icon'] != "") {
    		$RSDB_TEMP_cat_icon = $result_create_tree_entry['cat_icon'];
@@ -227,12 +216,10 @@
    	// count the levels -> current category level
    	for ($guesslevel=1; ; $guesslevel++) {
 //				echo $guesslevel."#";
-				$query_category_tree_guesslevel= mysql_query("SELECT * 
-															FROM `rsdb_categories` 
-															WHERE `cat_id` = " . $RSDB_TEMP_cat_current_id_guess ."
-															AND `cat_visible` = '1'
-															" . $RSDB_intern_code_db_rsdb_categories . " ;");
-				$result_category_tree_guesslevel=mysql_fetch_array($query_category_tree_guesslevel);
+        $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_id = :cat_id AND cat_visible = '1' " . $RSDB_intern_code_db_rsdb_categories . "");
+        $stmt->bindParam('cat_id',$RSDB_TEMP_cat_current_id_guess,PDO::PARAM_STR);
+        $stmt->execute();
+				$result_category_tree_guesslevel=$stmt->fetch(PDO::FETCH_ASSOC);
 //					echo $result_category_tree_guesslevel['cat_name'];
    			$RSDB_TEMP_cat_current_id_guess = $result_category_tree_guesslevel['cat_path'];
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_tree_count_grouplist.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_tree_count_grouplist.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_category_tree_count_grouplist.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -55,12 +55,10 @@
    	global $RSDB_TEMP_counter_group;
    	global $RSDB_intern_code_db_rsdb_groups;
-		$query_count_group_and_category=mysql_query("SELECT COUNT('grpentr_id')
-						FROM `rsdb_groups`
-						WHERE `grpentr_visible` = '1'
-						AND `grpentr_category` = " . $RSDB_TEMP_cat_id_group . "
-						" . $RSDB_intern_code_db_rsdb_groups . " ;");	
-		$result_count_group_and_category = mysql_fetch_row($query_count_group_and_category);
+		$stmt=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_groups WHERE grpentr_visible = '1' AND grpentr_category = :category " . $RSDB_intern_code_db_rsdb_groups . "");
+    $stmt->bindParam('category',$RSDB_TEMP_cat_id_group,PDO::PARAM_STR);
+    $stmt->execute();
+		$result_count_group_and_category = $stmt->fetch(PDO::FETCH_NUM);
 //		echo "->".$result_count_group_and_category[0]."<-";
    	
    	if ($result_count_group_and_category[0]) {
@@ -78,4 +76,4 @@
    }
-?>
+?>
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_historybar.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_historybar.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_historybar.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -62,12 +62,10 @@
    	if ($RSDB_SET_cat != "") {
if ($RSDB_SET_item != "" && $RSDB_viewpage != false) {
-				$query_itemid = mysql_query("SELECT * 
-												FROM `rsdb_item_" . $RSDB_intern_code_view_shortname ."` 
-												WHERE `" . $RSDB_intern_code_view_shortname . "_visible` = '1'
-												AND `" . $RSDB_intern_code_view_shortname . "_id` = " . $RSDB_SET_item . "
-												ORDER BY `" . $RSDB_intern_code_view_shortname . "_name` ASC") ;				
-				$result_itempid = @mysql_fetch_array($query_itemid);			
+				$stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_" . $RSDB_intern_code_view_shortname ." WHERE " . $RSDB_intern_code_view_shortname . "_visible = '1' AND " . $RSDB_intern_code_view_shortname . "_id = :item_id ORDER BY " . $RSDB_intern_code_view_shortname . "_name ASC");
+        $stmt->bindParam('item_id',$RSDB_SET_item,PDO::PARAM_STR);
+        $stmt->execute();
+				$result_itempid = $stmt->fetch(PDO::FETCH_ASSOC);
    			if ($result_itempid[$RSDB_intern_code_view_shortname.'_groupid'] == "" || $result_itempid[$RSDB_intern_code_view_shortname . '_groupid'] == "0") {
    				//die("");
    				//echo "die1";
@@ -77,25 +75,20 @@
    		}
    		if ($RSDB_SET_group != "" && $RSDB_viewpage != false) {
    			//echo "+++++".$RSDB_SET_group;
-				$query_groupid = mysql_query("SELECT * 
-												FROM `rsdb_groups` 
-												WHERE `grpentr_visible` = '1'
-												AND `grpentr_id` = " . $RSDB_SET_group . "
-												" . $RSDB_intern_code_db_rsdb_groups . "
-												ORDER BY `grpentr_name` ASC") ;				
-				$result_groupid = mysql_fetch_array($query_groupid);			
+        $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_groups WHERE grpentr_visible = '1' AND grpentr_id = :group_id " . $RSDB_intern_code_db_rsdb_groups . " ORDER BY grpentr_name ASC") ;
+        $stmt->bindParam('group_id',$RSDB_SET_group,PDO::PARAM_STR);
+        $stmt->execute();
+				$result_groupid = $stmt->fetch(PDO::FETCH_ASSOC);
    			if ($result_groupid['grpentr_category'] == "" || $result_groupid['grpentr_category'] == "0") {
    				//die("");
    				//echo "die2";
    				$RSDB_viewpage = false;
    			}
    			if ($RSDB_viewpage != false) {
-					$query_category_treehistory_groupid= mysql_query("SELECT * 
-																FROM `rsdb_categories` 
-																WHERE `cat_id` = " . $result_groupid['grpentr_category'] ."
-																AND `cat_visible` = '1'
-																" . $RSDB_intern_code_db_rsdb_categories . " ;");
-					$result_category_treehistory_groupid=mysql_fetch_array($query_category_treehistory_groupid);
+          $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_id = :cat_id AND cat_visible = '1' " . $RSDB_intern_code_db_rsdb_categories . "");
+          $stmt->bindParam('cat_id',$result_groupid['grpentr_category'],PDO::PARAM_STR);
+          $stmt->execute();
+					$result_category_treehistory_groupid=$stmt->fetch(PDO::FETCH_ASSOC);
    				
    				$RSDB_TEMP_cat_path = $result_category_treehistory_groupid['cat_path'];
    				$RSDB_TEMP_cat_id = $result_category_treehistory_groupid['cat_id'];
@@ -109,12 +102,10 @@
    		}
    		elseif ($RSDB_viewpage != false) {
    			//echo "hjall";
-				$query_category_treehistory= mysql_query("SELECT * 
-															FROM `rsdb_categories` 
-															WHERE `cat_id` = " . $RSDB_SET_cat ."
-															AND `cat_visible` = '1'
-															" . $RSDB_intern_code_db_rsdb_categories . " ;");
-				$result_category_treehistory=mysql_fetch_array($query_category_treehistory);
+        $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_id = :cat_id AND cat_visible = '1' " . $RSDB_intern_code_db_rsdb_categories . "");
+        $stmt->bindParam('cat_id',$RSDB_SET_cat,PDO::PARAM_STR);
+        $stmt->execute();
+				$result_category_treehistory=$stmt->fetch(PDO::FETCH_ASSOC);
    			
    			$RSDB_TEMP_cat_path = $result_category_treehistory['cat_path'];
    			$RSDB_TEMP_cat_id = $result_category_treehistory['cat_id'];
@@ -130,12 +121,10 @@
    			// count the levels -> current category level
    			for ($guesslevel=1; ; $guesslevel++) {
    //				echo $guesslevel."#";
-						$query_category_tree_guesslevel= mysql_query("SELECT * 
-																	FROM `rsdb_categories` 
-																	WHERE `cat_id` = " . $RSDB_TEMP_cat_current_id_guess ."
-																	AND `cat_visible` = '1'
-																	" . $RSDB_intern_code_db_rsdb_categories . " ;");
-						$result_category_tree_guesslevel=@mysql_fetch_array($query_category_tree_guesslevel);
+            $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_id = :cat_id AND cat_visible = '1' " . $RSDB_intern_code_db_rsdb_categories . "");
+            $stmt->bindParam('cat_id',$RSDB_TEMP_cat_current_id_guess,PDO::PARAM_STR);
+            $stmt->execute();
+						$result_category_tree_guesslevel=$stmt->fetch(PDO::FETCH_ASSOC);
    //					echo $result_category_tree_guesslevel['cat_name'];
    					$RSDB_TEMP_cat_current_id_guess = $result_category_tree_guesslevel['cat_path'];
    					
@@ -153,12 +142,10 @@
    //				echo "<br>Ring0: ".$i." ";
    				for ($k=1; $k < ($RSDB_intern_catlevel+1-$i); $k++) {
    //					echo $k."|";
-							$query_category_tree_temp= mysql_query("SELECT * 
-																		FROM `rsdb_categories` 
-																		WHERE `cat_id` = " . $RSDB_TEMP_cat_current_id ."
-																		AND `cat_visible` = '1'
-																		" . $RSDB_intern_code_db_rsdb_categories . " ;");
-							$result_category_tree_temp=mysql_fetch_array($query_category_tree_temp);
+              $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_id = :cat_id AND `cat_visible` = '1' " . $RSDB_intern_code_db_rsdb_categories . "");
+              $stmt->bindParam('cat_id',$RSDB_TEMP_cat_current_id,PDO::PARAM_STR);
+              $stmt->execute();
+							$result_category_tree_temp=$stmt->fetch(PDO::FETCH_ASSOC);
    						$RSDB_TEMP_cat_current_id = $result_category_tree_temp['cat_path'];
    						
    //						echo "K:".$k."|E:".($result_category_treehistory['cat_level']+1-$i);
@@ -185,22 +172,17 @@
    		}
    		
    		if ($RSDB_SET_group != "" && $RSDB_viewpage != false) {
-				$query_current_group = mysql_query("SELECT * 
-								FROM `rsdb_groups` 
-								WHERE `grpentr_visible` = '1'
-								AND `grpentr_id` = " . $RSDB_SET_group . "
-								" . $RSDB_intern_code_db_rsdb_groups . "
-								ORDER BY `grpentr_name` ASC") ;
-				$result_current_group = mysql_fetch_array($query_current_group);
+        $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_groups WHERE grpentr_visible = '1' AND grpentr_id = :group_id " . $RSDB_intern_code_db_rsdb_groups . " ORDER BY grpentr_name ASC");
+        $stmt->bindParam('group_id',$RSDB_SET_group,PDO::PARAM_STR);
+        $stmt->execute();
+				$result_current_group = $stmt->fetch(PDO::FETCH_ASSOC);
    			echo " <font size='2'>&rarr;</font> <a href='".$RSDB_intern_link_group_EX.$RSDB_SET_group.$RSDB_URI_slash."'>".$result_current_group['grpentr_name']."</a>";
    		}
    		if ($RSDB_SET_item != "" && $RSDB_viewpage != false) {
-				$query_current_group = mysql_query("SELECT * 
-								FROM `rsdb_item_" . $RSDB_intern_code_view_shortname ."` 
-								WHERE `" . $RSDB_intern_code_view_shortname . "_visible` = '1'
-								AND `" . $RSDB_intern_code_view_shortname . "_id` = " . $RSDB_SET_item . "
-								ORDER BY `" . $RSDB_intern_code_view_shortname . "_name` ASC") ;
-				$result_current_group = mysql_fetch_array($query_current_group);
+        $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_" . $RSDB_intern_code_view_shortname ." WHERE " . $RSDB_intern_code_view_shortname . "_visible = '1' AND " . $RSDB_intern_code_view_shortname . "_id = :item_id ORDER BY " . $RSDB_intern_code_view_shortname . "_name ASC");
+        $stmt->bindParam('item_id',$RSDB_SET_item,PDO::PARAM_STR);
+        $stmt->execute();
+				$result_current_group = $stmt->fetch(PDO::PARAM_STR);
    			echo " <font size='2'>&rarr;</font> <a href='".$RSDB_intern_link_item2_id_EX.$RSDB_SET_item.$RSDB_URI_slash."'>".$result_current_group[$RSDB_intern_code_view_shortname .'_name'];
    			
    				switch ($RSDB_SET_view) {
@@ -254,24 +236,20 @@
    if ($RSDB_SET_sec == "name" || $RSDB_SET_sec == "vendor") {
    	if ($RSDB_SET_sec == "name") {
    		if ($RSDB_SET_item != "") {
-				$query_itemid = mysql_query("SELECT * 
-												FROM `rsdb_item_" . $RSDB_intern_code_view_shortname ."` 
-												WHERE `" . $RSDB_intern_code_view_shortname . "_visible` = '1'
-												AND `" . $RSDB_intern_code_view_shortname . "_id` = " . $RSDB_SET_item . "
-												ORDER BY `" . $RSDB_intern_code_view_shortname . "_name` ASC") ;				
-				$result_itempid = @mysql_fetch_array($query_itemid);			
+        $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_" . $RSDB_intern_code_view_shortname ."  WHERE " . $RSDB_intern_code_view_shortname . "_visible = '1' AND " . $RSDB_intern_code_view_shortname . "_id = :item_id ORDER BY " . $RSDB_intern_code_view_shortname . "_name ASC") ;
+        $stmt->bindParam('item_id',$RSDB_SET_item,PDO::PARAM_STR);
+        $stmt->execute();
+				$result_itempid = $stmt->fetch(PDO::FETCH_ASSOC);
    			if ($result_itempid[$RSDB_intern_code_view_shortname.'_groupid'] == "" || $result_itempid[$RSDB_intern_code_view_shortname . '_groupid'] == "0") {
    				$RSDB_viewpage = false;
    			}
    			$RSDB_SET_group = $result_itempid[$RSDB_intern_code_view_shortname . '_groupid'];
    		}
    		if ($RSDB_SET_group != "") {
-			$query_groupid = mysql_query("SELECT * 
-											FROM `rsdb_groups` 
-											WHERE `grpentr_visible` = '1'
-											AND `grpentr_id` = " . $RSDB_SET_group . "
-											ORDER BY `grpentr_id` ASC") ;				
-			$result_groupid = mysql_fetch_array($query_groupid);			
+      $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_groups WHERE grpentr_visible = '1' AND grpentr_id = :group_id ORDER BY grpentr_id ASC");
+      $stmt->bindParam('group_id',$RSDB_SET_group,PDO::PARAM_STR);
+      $stmt->execute();
+			$result_groupid = $stmt->fetch(PDO::FETCH_ASSOC);
    		$RSDB_SET_letter = strtolower(substr($result_groupid['grpentr_name'], 0, 1)); 
    	}
    ?>
@@ -289,12 +267,10 @@
    	echo "</a>";
    	 
    	if ($RSDB_SET_item != "" && $RSDB_viewpage != false) {
-			$query_itemid = mysql_query("SELECT * 
-											FROM `rsdb_item_" . $RSDB_intern_code_view_shortname ."` 
-											WHERE `" . $RSDB_intern_code_view_shortname . "_visible` = '1'
-											AND `" . $RSDB_intern_code_view_shortname . "_id` = " . $RSDB_SET_item . "
-											ORDER BY `" . $RSDB_intern_code_view_shortname . "_name` ASC") ;				
-			$result_itempid = mysql_fetch_array($query_itemid);			
+      $stmt=CDBConnection::getInstance("SELECT * FROM rsdb_item_" . $RSDB_intern_code_view_shortname ." WHERE " . $RSDB_intern_code_view_shortname . "_visible = '1' AND " . $RSDB_intern_code_view_shortname . "_id = :item_id ORDER BY " . $RSDB_intern_code_view_shortname . "_name ASC");
+      $stmt->bindParam('item_id',$RSDB_SET_item,PDO::PARAM_STR);
+      $stmt->execute();
+			$result_itempid = $stmt->fetch(PDO::FETCH_ASSOC);
    		if ($result_itempid[$RSDB_intern_code_view_shortname.'_groupid'] == "" || $result_itempid[$RSDB_intern_code_view_shortname . '_groupid'] == "0") {
    			//die("");
    			$RSDB_viewpage = false;
@@ -302,13 +278,10 @@
    		$RSDB_SET_group = $result_itempid[$RSDB_intern_code_view_shortname . '_groupid'];
    	}
    	if ($RSDB_SET_group != "" && $RSDB_viewpage != false) {
-			$query_current_group = mysql_query("SELECT * 
-							FROM `rsdb_groups` 
-							WHERE `grpentr_visible` = '1'
-							AND `grpentr_id` = " . $RSDB_SET_group . "
-							" . $RSDB_intern_code_db_rsdb_groups . "
-							ORDER BY `grpentr_name` ASC") ;
-			$result_current_group = mysql_fetch_array($query_current_group);
+			$stmt=CDBConnection::getInstance()->prepare("SELECT *  FROM rsdb_groups WHERE grpentr_visible = '1' AND grpentr_id = :group_id " . $RSDB_intern_code_db_rsdb_groups . " ORDER BY grpentr_name ASC");
+      $stmt->bindParam('group_id',$RSDB_SET_group,PDO::PARAM_STR);
+      $stmt->execute();
+			$result_current_group = $stmt->fetch(PDO::FETCH_ASSOC);
    		if ($result_current_group['grpentr_category'] == "" || $result_current_group['grpentr_category'] == "0") {
    			//die("");
    			$RSDB_viewpage = false;
@@ -316,12 +289,10 @@
    		echo " <font size='2'>&rarr;</font> <a href='".$RSDB_intern_link_group_EX.$RSDB_SET_group.$RSDB_URI_slash."'>".$result_current_group['grpentr_name']."</a>";
    	}
    	if ($RSDB_SET_item != "" && $RSDB_viewpage != false) {
-			$query_current_group = mysql_query("SELECT * 
-							FROM `rsdb_item_" . $RSDB_intern_code_view_shortname ."` 
-							WHERE `" . $RSDB_intern_code_view_shortname . "_visible` = '1'
-							AND `" . $RSDB_intern_code_view_shortname . "_id` = " . $RSDB_SET_item . "
-							ORDER BY `" . $RSDB_intern_code_view_shortname . "_name` ASC") ;
-			$result_current_group = mysql_fetch_array($query_current_group);
+      $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_" . $RSDB_intern_code_view_shortname ." WHERE " . $RSDB_intern_code_view_shortname . "_visible = '1' AND " . $RSDB_intern_code_view_shortname . "_id = :item_id ORDER BY " . $RSDB_intern_code_view_shortname . "_name ASC");
+      $stmt->bindParam('item_id',$RSDB_SET_item,PDO::PARAM_STR);
+      $stmt->execute();
+			$result_current_group = $stmt->fetch(PDO::FETCH_ASSOC);
    		echo " <font size='2'>&rarr;</font> <a href='".$RSDB_intern_link_item_EX.$RSDB_SET_item.$RSDB_URI_slash."'>".$result_current_group[$RSDB_intern_code_view_shortname .'_name'];
    		
    			switch ($RSDB_SET_view) {
@@ -349,11 +320,10 @@
    elseif ($RSDB_SET_sec == "vendor") {
if ($RSDB_SET_vendor != "") {
-				$query_itemid = mysql_query("SELECT * 
-												FROM `rsdb_item_vendor` 
-												WHERE `vendor_id` = " . $RSDB_SET_vendor . "
-												ORDER BY `vendor_name` ASC") ;				
-				$result_itempid = @mysql_fetch_array($query_itemid);			
+        $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_vendor WHERE vendor_id = :vendor_id ORDER BY vendor_name ASC");
+        $stmt->bindParam('vendor_id',$RSDB_SET_vendor,PDO::PARAM_STR);
+        $stmt->execute();
+				$result_itempid = $stmt->fetch(PDO::FETCH_ASSOC);
    			if ($result_itempid['vendor_id'] == "" || $result_itempid['vendor_id'] == "0") {
    				$RSDB_viewpage = false;
    			}
@@ -376,11 +346,10 @@
    	echo "</a></font>";
    	 
    	if ($RSDB_SET_vendor != "" && $RSDB_viewpage != false) {
-			$query_itemid = mysql_query("SELECT * 
-												FROM `rsdb_item_vendor` 
-												WHERE `vendor_id` = " . $RSDB_SET_vendor . "
-												ORDER BY `vendor_name` ASC") ;				
-			$result_itempid = mysql_fetch_array($query_itemid);			
+      $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_vendor WHERE vendor_id = :vendor_id ORDER BY vendor_name ASC");
+      $stmt->bindParam('vendor_id',$RSDB_SET_vendor,PDO::PARAM_STR);
+      $stmt->execute();
+			$result_itempid = $stmt->fetch(PDO::FETCH_ASSOC);
    		if ($result_itempid['vendor_id'] == "" || $result_itempid['vendor_id'] == "0") {
    			//die("");
    			$RSDB_viewpage = false;
@@ -389,13 +358,10 @@
    		echo " <font size='2'>&rarr;</font> <a href='".$RSDB_intern_link_vendor_id_EX.$RSDB_SET_vendor.$RSDB_URI_slash."'>".$result_itempid['vendor_name']."</a>";
    	}
    	if ($RSDB_SET_group != "" && $RSDB_viewpage != false) {
-			$query_current_group = mysql_query("SELECT * 
-							FROM `rsdb_groups` 
-							WHERE `grpentr_visible` = '1'
-							AND `grpentr_id` = " . $RSDB_SET_group . "
-							" . $RSDB_intern_code_db_rsdb_groups . "
-							ORDER BY `grpentr_name` ASC") ;
-			$result_current_group = mysql_fetch_array($query_current_group);
+      $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_groups WHERE grpentr_visible = '1' AND grpentr_id = :group_id " . $RSDB_intern_code_db_rsdb_groups . " ORDER BY grpentr_name ASC");
+      $stmt->bindParam('group_id',$RSDB_SET_group,PDO::PARAM_STR);
+      $stmt->execute();
+			$result_current_group = $stmt->fetch(PDO::FETCH_ASSOC);
    		if ($result_current_group['grpentr_category'] == "" || $result_current_group['grpentr_category'] == "0") {
    			//die("");
    			$RSDB_viewpage = false;
@@ -403,11 +369,10 @@
    		echo " <font size='2'>&rarr;</font> <a href='".$RSDB_intern_link_name_group_EX.$RSDB_SET_group.$RSDB_URI_slash."'>".$result_current_group['grpentr_name']."</a>";
    	}
    	if ($RSDB_SET_item != "" && $RSDB_viewpage != false) {
-			$query_current_group = mysql_query("SELECT * 
-												FROM `rsdb_item_vendor` 
-												WHERE `vendor_id` = " . $RSDB_SET_vendor . "
-												ORDER BY `vendor_name` ASC") ;				
-			$result_current_group = mysql_fetch_array($query_current_group);
+      $stmt=CDBCOnnection::getInstance()->prepare("SELECT * FROM rsdb_item_vendor WHERE vendor_id = :vendor_id ORDER BY vendor_name ASC");
+      $stmt->bindParam('group_id',$RSDB_SET_vendor,PDO::PARAM_STR);
+      $stmt->execute();
+			$result_current_group = $stmt->fetch(PDO::PARAM_STR);
    		echo " <font size='2'>&rarr;</font> <a href='".$RSDB_intern_link_name_item_EX.$RSDB_SET_item.$RSDB_URI_slash."'>".$result_current_group['vendor_name'];
    		echo "</a>";
    	}
@@ -649,4 +614,4 @@
    		echo "<br />";
    		break;
    }
-?>
+?>
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_menubar_sections.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_menubar_sections.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_menubar_sections.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -53,11 +53,10 @@
    				$result_count_group['cat_media']=1;
    			}
    			else {
-					$query_count_group=mysql_query("SELECT *
-													FROM `rsdb_categories` 
-													WHERE `cat_id` = ". $RSDB_SET_cat ."
-													AND `cat_visible` = '1' ;");	
-					$result_count_group = mysql_fetch_array($query_count_group);
+          $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_categories WHERE cat_id = :cat_id AND cat_visible = '1'");
+          $stmt->bindParam('cat_id',$RSDB_SET_cat,PDO::PARAM_STR);
+          $stmt->execute();
+					$result_count_group = $stmt->fetch(PDO::FETCH_ASSOC);
    			}
    			$RSDB_compare_string = 'cat';
    		}
@@ -83,11 +82,10 @@
    				$RSDB_compare_string = 'item';
    			}
    			elseif ($RSDB_SET_group != "") {
-					$query_count_group=mysql_query("SELECT *
-													FROM `rsdb_groups` 
-													WHERE `grpentr_id` = ". $RSDB_SET_group ."
-													AND `grpentr_visible` = '1' ;");	
-					$result_count_group = mysql_fetch_array($query_count_group);
+          $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_groups WHERE grpentr_id = :group_id AND grpentr_visible = '1'");
+          $stmt->bindParam('group_id',$RSDB_SET_group,PDO::PARAM_STR);
+          $stmt->execute();
+					$result_count_group = $stmt->fetch(PDO::FETCH_ASSOC);
    				$RSDB_compare_string = 'grpentr';
    			}
    		}
@@ -125,4 +123,4 @@
    	</table>
    </td>
   </tr>
-</table>
+</table>
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_name_flat.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_name_flat.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_name_flat.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -39,12 +39,10 @@
    $RSDB_SET_letter = "%";
 }
-$query_count_cat=mysql_query("SELECT COUNT('cat_id')
-						FROM `rsdb_groups`
-						WHERE `grpentr_visible` = '1'
-						AND `grpentr_name` LIKE  '" . $RSDB_SET_letter . "%'
-						" . $RSDB_intern_code_db_rsdb_groups . " ;");	
-$result_count_cat = mysql_fetch_row($query_count_cat);
+$stmt=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_groups WHERE grpentr_visible = '1' AND grpentr_name LIKE  :starts_with " . $RSDB_intern_code_db_rsdb_groups . "");
+$stmt->bindValue('starts_with',$RSDB_SET_letter.'%',PDO::PARAM_STR);
+$stmt->execute();
+$result_count_cat = $stmt->fetch(PDO::FETCH_NUM);
 if ($result_count_cat[0]) {
echo "<p align='center'>";
@@ -102,20 +100,16 @@
   </tr>
   <?php
    
-		$query_page = mysql_query("SELECT * 
-									FROM `rsdb_groups` 
-									WHERE `grpentr_visible` = '1'
-									AND `grpentr_name` LIKE  '" . $RSDB_SET_letter . "%'
-									" . $RSDB_intern_code_db_rsdb_groups . "
-									ORDER BY `grpentr_name` ASC
-									LIMIT " . $RSDB_SET_curpos . " , " . $RSDB_intern_items_per_page . " ;") ;
+    $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_groups WHERE grpentr_visible = '1' AND grpentr_name LIKE :starts_with " . $RSDB_intern_code_db_rsdb_groups . " ORDER BY grpentr_name ASC LIMIT ".intval($RSDB_intern_items_per_page)." OFFSET ".intval($RSDB_SET_curpos));
+    $stmt->bindValue('starts_with',$RSDB_SET_letter.'%',PDO::PARAM_STR);
+    $stmt->execute();
    
    	$farbe1="#E2E2E2";
    	$farbe2="#EEEEEE";
    	$zaehler="0";
    	//$farbe="#CCCCC";
    	
-		while($result_page = mysql_fetch_array($query_page)) { // Pages
+		while($result_page = $stmt->fetch(PDO::FETCH_ASSOC)) { // Pages
    ?>
   <tr> 
     <td valign="top" bgcolor="<?php
@@ -132,10 +126,10 @@
    							 ?>" > <div align="left"><font face="Arial, Helvetica, sans-serif">&nbsp;<a href="<?php echo $RSDB_intern_link_group_EX.$result_page['grpentr_id'].$RSDB_URI_slash; ?>"><b><?php echo $result_page['grpentr_name']; ?></b></a></font></div></td>
     <td valign="top" bgcolor="<?php echo $farbe; ?>"> <div align="left"><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;<?php
    	
-			$query_entry_vendor = mysql_query("SELECT * 
-												FROM `rsdb_item_vendor` 
-												WHERE `vendor_id` = " .  $result_page['grpentr_vendor'] ." ;") ;
-			$result_entry_vendor = mysql_fetch_array($query_entry_vendor);
+      $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_vendor WHERE vendor_id = :vendor_id");
+      $stmt->bindParam('vendor_id',$result_page['grpentr_vendor'],PDO::PARAM_STR);
+      $stmt->execute();
+			$result_entry_vendor = $stmt->fetch(PDO::FETCH_ASSOC);
    		echo '<a href="'.$RSDB_intern_link_vendor_sec.$result_entry_vendor['vendor_id'].'">'.$result_entry_vendor['vendor_name'].'</a>';
?></font><font face="Arial, Helvetica, sans-serif"></font> 
@@ -163,49 +157,40 @@
    		$counter_forumentries = 0;
    		$counter_screenshots = 0;
-			$query_group_sum_items = mysql_query("SELECT * 
-													FROM `rsdb_item_comp` 
-													WHERE `comp_groupid` = " . mysql_real_escape_string($result_page['grpentr_id']) . "
-													AND `comp_visible` = '1'
-													ORDER BY `comp_groupid` DESC ;") ;
-			while($result_group_sum_items = mysql_fetch_array($query_group_sum_items)) { 
+      $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_comp WHERE comp_groupid = :group_id AND comp_visible = '1' ORDER BY comp_groupid DESC");
+      $stmt->bindParam('group_id',$result_page['grpentr_id'],PDO::PARAM_STR);
+      $stmt->execute();
+			while($result_group_sum_items = $stmt->fetch(PDO::FETCH_ASSOC)) { 
    			$counter_items++;
    			if ($counter_awards_best < $result_group_sum_items['comp_award']) {
    				$counter_awards_best = $result_group_sum_items['comp_award'];
    			}
-				$query_count_stars_sum = mysql_query("SELECT * 
-								FROM `rsdb_item_comp_testresults` 
-								WHERE `test_visible` = '1'
-								AND `test_comp_id` = " . $result_group_sum_items['comp_id'] . "
-								ORDER BY `test_comp_id` ASC") ;
-								
-				while($result_count_stars_sum = mysql_fetch_array($query_count_stars_sum)) {
-					$counter_stars_install_sum += $result_count_stars_sum['test_result_install'];
-					$counter_stars_function_sum += $result_count_stars_sum['test_result_function'];
-					$counter_stars_user_sum++;
-				}
-				
-				$query_count_testentries=mysql_query("SELECT COUNT('test_id')
-														FROM `rsdb_item_comp_testresults`
-														WHERE `test_visible` = '1' 
-														AND `test_comp_id` = '".mysql_real_escape_string($result_group_sum_items['comp_id'])."' ;");	
-				$result_count_testentries = mysql_fetch_row($query_count_testentries);
+        $stmt_sub=CDBConnection::getInstance()->prepare("SELECT SUM(test_result_install) AS install_sum, SUM(test_result_function) AS function_sum, COUNT(*) AS user_sum FROM rsdb_item_comp_testresults WHERE test_visible = '1' AND test_comp_id = :comp_id ORDER BY test_comp_id ASC");
+        $stmt_sub->bindParam('comp_id',$result_group_sum_items['comp_id'],PDO::PARAM_STR);
+        $stmt_sub->execute();
+        $tmp=$stmt_sub->fetchOnce(PDO::FETCH_ASSOC);
+				$counter_stars_install_sum += $tmp['install_sum'];
+				$counter_stars_function_sum += $tmp['function_sum'];
+				$counter_stars_user_sum += $tmp['user_sum'];
+
+        $stmt_sub=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_item_comp_testresults WHERE test_visible = '1' AND test_comp_id = :comp_id");
+        $stmt_sub->bindParam('comp_id',$result_group_sum_items['comp_id'],PDO::PARAM_STR);
+        $stmt_sub->execute();
+				$result_count_testentries = $stmt->fetch(PDO::FETCH_NUM);
    			$counter_testentries += $result_count_testentries[0];
    			
    			// Forum entries:
-				$query_count_forumentries=mysql_query("SELECT COUNT('fmsg_id')
-														FROM `rsdb_item_comp_forum`
-														WHERE `fmsg_visible` = '1' 
-														AND `fmsg_comp_id` = '".mysql_real_escape_string($result_group_sum_items['comp_id'])."' ;");	
-				$result_count_forumentries = mysql_fetch_row($query_count_forumentries);
+        $stmt=CDBCOnnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_item_comp_forum WHERE fmsg_visible = '1' AND fmsg_comp_id = :comp_id");
+        $stmt->bindParam('comp_id',$result_group_sum_items['comp_id'],PDO::PARAM_STR);
+        $stmt->execute();
+				$result_count_forumentries = $stmt->fetch(PDO::FETCH_NUM);
    			$counter_forumentries += $result_count_forumentries[0];
// Screenshots:
-				$query_count_screenshots=mysql_query("SELECT COUNT('media_id')
-														FROM `rsdb_object_media`
-														WHERE `media_visible` = '1' 
-														AND `media_groupid` = '".mysql_real_escape_string($result_group_sum_items['comp_media'])."' ;");	
-				$result_count_screenshots = mysql_fetch_row($query_count_screenshots);
+        $stmt=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_object_media WHERE media_visible = '1' AND media_groupid = :group_id");
+        $stmt->bindParam('group_id',$result_group_sum_items['comp_media'],PDO::PARAM_STR);
+        $stmt->execute();
+				$result_count_screenshots = $stmt->fetch(PDO::FETCH_NUM);
    			$counter_screenshots += $result_count_screenshots[0];
    		}
    ?>
@@ -219,24 +204,19 @@
    		
    		$counter_items = 0;
-			$query_group_sum_items = mysql_query("SELECT * 
-													FROM `rsdb_item_comp` 
-													WHERE `comp_groupid` = " . $result_page['grpentr_id'] . "
-													AND `comp_visible` = '1'
-													ORDER BY `comp_groupid` DESC ;") ;
-			while($result_group_sum_items = mysql_fetch_array($query_group_sum_items)) { 
+      $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_comp WHERE comp_groupid = :group_id AND comp_visible = '1' ORDER BY comp_groupid DESC");
+      $stmt->bindParam('group_id',$result_page['grpentr_id'],PDO::PARAM_STR);
+      $stmt->execute();
+			while($result_group_sum_items = $stmt->fetch(PDO::FETCH_ASSOC)) { 
    			$counter_items++;
-				$query_count_stars_sum = mysql_query("SELECT * 
-								FROM `rsdb_item_comp_testresults` 
-								WHERE `test_visible` = '1'
-								AND `test_comp_id` = " . $result_group_sum_items['comp_id'] . "
-								ORDER BY `test_comp_id` ASC") ;
-								
-				while($result_count_stars_sum = mysql_fetch_array($query_count_stars_sum)) {
-					$counter_stars_install_sum += $result_count_stars_sum['test_result_install'];
-					$counter_stars_function_sum += $result_count_stars_sum['test_result_function'];
-					$counter_stars_user_sum++;
-				}
+        $stmt_test=CDBConnection::getInstance()->prepare("SELECT SUM(test_result_install) AS install_sum, SUM(test_result_function) AS function_sum, COUNT(*) AS user_sum FROM rsdb_item_comp_testresults WHERE test_visible = '1' AND test_comp_id = :comp_id ORDER BY test_comp_id ASC");
+        $stmt_test->bindParam('comp_id',$result_group_sum_items['comp_id'],PDO::PARAM_STR);
+        $stmt_test->execute();
+        $stmt_test->fetchOnce(PDO::FETCH_ASSOC);
+
+				$counter_stars_install_sum += $tmp['install_sum'];
+				$counter_stars_function_sum += $tmp['function_sum'];
+				$counter_stars_user_sum += $tmp['user_sum'];
    		}
    		echo $counter_items;
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_flat.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_flat.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_flat.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -39,11 +39,10 @@
    $RSDB_SET_letter = "%";
 }
-$query_count_cat=mysql_query("SELECT COUNT('cat_id')
-									FROM `rsdb_item_vendor` 
-									WHERE `vendor_name` LIKE  '" . $RSDB_SET_letter . "%' 
-									AND `vendor_visible` = '1' ;");	
-$result_count_cat = mysql_fetch_row($query_count_cat);
+$stmt=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_item_vendor WHERE vendor_name LIKE :starts_with AND vendor_visible = '1'");
+$stmt->bindValue('starts_with',$RSDB_SET_letter.'%',PDO::PARAM_STR);
+$stmt->execute();
+$result_count_cat = $stmt->fetchOnce(PDO::FETCH_NUM);
 if ($result_count_cat[0]) {
echo "<p align='center'>";
@@ -71,19 +70,17 @@
   </tr>
   <?php
    
-		$query_page = mysql_query("SELECT * 
-									FROM `rsdb_item_vendor` 
-									WHERE `vendor_name` LIKE  '" . mysql_real_escape_string($RSDB_SET_letter) . "%' 
-									AND `vendor_visible` = '1' 
-									ORDER BY `vendor_name` ASC
-									LIMIT " . mysql_real_escape_string($RSDB_SET_curpos) . " , " . mysql_real_escape_string($RSDB_intern_items_per_page) . " ;") ;
+    $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_vendor WHERE vendor_name LIKE :starts_with AND vendor_visible = '1' ORDER BY vendor_name ASC LIMIT :limit OFFSET :offset");
+    $stmt->bindValue('starts_with',$RSDB_SET_letter.'%',PDO::PARAM_STR);
+    $stmt->bindParam('limit',$RSDB_intern_items_per_page,PDO::PARAM_INT);
+    $stmt->bindParam('offset',$RSDB_SET_curpos,PDO::PARAM_INT);
    
    	$farbe1="#E2E2E2";
    	$farbe2="#EEEEEE";
    	$zaehler="0";
    	//$farbe="#CCCCC";
    	
-		while($result_page = mysql_fetch_array($query_page)) { // Pages
+		while($result_page = $stmt->fetch(PDO::FETCH_ASSOC)) { // Pages
    ?>
   <tr> 
     <td valign="top" bgcolor="<?php
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_flat_maintainer.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_flat_maintainer.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_flat_maintainer.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -36,12 +36,10 @@
if (usrfunc_IsModerator($RSDB_intern_user_id)) {
    
-		$query_maintainer_vendor = mysql_query("SELECT * 
-									FROM `rsdb_item_vendor` 
-									WHERE `vendor_visible` = '1'
-									AND `vendor_id` = '".mysql_real_escape_string($RSDB_SET_vendor)."'
-									LIMIT 1 ;") ;
-		$result_maintainer_vendor = mysql_fetch_array($query_maintainer_vendor);
+    $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_vendor WHERE vendor_visible = '1' AND vendor_id = :vendor_id LIMIT 1");
+    $stmt->bindParam('vendor_id',$RSDB_SET_vendor,PDO::PARAM_STR);
+    $stmt->execute();
+		$result_maintainer_vendor = $stmt->fetchOnce(PDO::FETCH_ASSOC);
$RSDB_referrer="";
    	$RSDB_usragent="";
@@ -75,9 +73,15 @@
    	if ($RSDB_TEMP_pmod == "ok" && $RSDB_SET_sec == "vendor" && $RSDB_TEMP_vendname != "" && $RSDB_TEMP_txturl != "" && usrfunc_IsModerator($RSDB_intern_user_id)) {
    		// Submit vendor entry:
    			
-			$update_group_entry = "INSERT INTO `rsdb_item_vendor` ( `vendor_id` , `vendor_name` , `vendor_visible` , `vendor_fullname` , `vendor_url` , `vendor_email` , `vendor_infotext` , `vendor_usrid` , `vendor_usrip` , `vendor_date` , `vendor_checked` ) 
-									VALUES ('', '". mysql_real_escape_string($RSDB_TEMP_vendname) ."', '1', '". mysql_real_escape_string($RSDB_TEMP_fullname) ."', '". mysql_real_escape_string($RSDB_TEMP_txturl) ."', '". mysql_real_escape_string($RSDB_TEMP_txtemail) ."', '". mysql_real_escape_string($RSDB_TEMP_txtinfo) ."', '".mysql_real_escape_string($RSDB_intern_user_id)."', '".mysql_real_escape_string($RSDB_ipaddr)."', NOW( ) , 'yes')";
-			mysql_query($update_group_entry);
+      $stmt=CDBConnection::getInstance()->prepare("INSERT INTO rsdb_item_vendor ( vendor_id, vendor_name, vendor_visible, vendor_fullname, vendor_url, vendor_email, vendor_infotext, vendor_usrid, vendor_usrip, vendor_date, vendor_checked ) VALUES ('', :name, '1', :fullname, :url, :email, :info, :user_id, :ip, NOW() , 'yes')");
+      $stmt->bindParam('name',$RSDB_TEMP_vendname,PDO::PARAM_STR);
+      $stmt->bindParam('fullname',$RSDB_TEMP_fullname,PDO::PARAM_STR);
+      $stmt->bindParam('url',$RSDB_TEMP_txturl,PDO::PARAM_STR);
+      $stmt->bindParam('email',$RSDB_TEMP_txtemail,PDO::PARAM_STR);
+      $stmt->bindParam('info',$RSDB_TEMP_txtinfo,PDO::PARAM_STR);
+      $stmt->bindParam('user_id',$RSDB_intern_user_id,PDO::PARAM_STR);
+      $stmt->bindParam('ip',$RSDB_ipaddr,PDO::PARAM_STR);
+      $stmt->execute();
    		
    		add_log_entry("low", "tree_vendor", "submit", "[Vendor] Submit entry", @usrfunc_GetUsername($RSDB_intern_user_id)." submitted the following vendor: \n\nVendor-Name: ".htmlentities($RSDB_TEMP_vendname)."\n\Fullname: ".htmlentities($RSDB_TEMP_fullname)." \n\nUrl: ".htmlentities($RSDB_TEMP_txturl)." \n\E-Mail: ".htmlentities($RSDB_TEMP_txtemail)." \n\Info: ".htmlentities($RSDB_TEMP_txtinfo), "0");
    		?>
@@ -89,9 +93,15 @@
// Special request:
    	if ($RSDB_TEMP_pmod == "ok" && $RSDB_TEMP_txtreq1 != "" && $RSDB_TEMP_txtreq2 != "" && usrfunc_IsModerator($RSDB_intern_user_id)) {
-			$report_submit="INSERT INTO `rsdb_logs` ( `log_id` , `log_date` , `log_usrid` , `log_usrip` , `log_level` , `log_action` , `log_title` , `log_description` , `log_category` , `log_badusr` , `log_referrer` , `log_browseragent` , `log_read` , `log_taskdone_usr` ) 
-							VALUES ('', NOW( ) , '".mysql_real_escape_string($RSDB_intern_user_id)."', '".mysql_escape_string($RSDB_ipaddr)."', 'low', 'request', '".mysql_escape_string($RSDB_TEMP_txtreq1)."', '".mysql_escape_string($RSDB_TEMP_txtreq2)."', 'user_moderator', '0', '".mysql_escape_string($RSDB_referrer)."', '".mysql_escape_string($RSDB_usragent)."', ';', '0');";
-			$db_report_submit=mysql_query($report_submit);
+      $stmt=CDBConnection::getInstance()->prepare("INSERT INTO rsdb_logs (log_id, log_date, log_usrid, log_usrip, log_level, log_action, log_title, log_description, log_category, log_badusr, log_referrer, log_browseragent, log_read, log_taskdone_usr ) 
+							VALUES ('', NOW() , :user_id, :ip, 'low', 'request', :title, :description, 'user_moderator', '0', :referrer, :user_agent, ';', '0')");
+      $stmt->bindParam('user_id',$RSDB_intern_user_id,PDO::PARAM_STR);
+      $stmt->bindParam('ip',$RSDB_ipaddr,PDO::PARAM_STR);
+      $stmt->bindParam('title',$RSDB_TEMP_txtreq1,PDO::PARAM_STR);
+      $stmt->bindParam('description',$RSDB_TEMP_txtreq2,PDO::PARAM_STR);
+      $stmt->bindParam('referrer',$RSDB_referrer,PDO::PARAM_STR);
+      $stmt->bindParam('user_agent',$RSDB_usragent,PDO::PARAM_STR);
+      $stmt->execute();
    	}
?>
@@ -196,9 +206,10 @@
    	if (array_key_exists("done", $_POST)) $RSDB_TEMP_done=htmlspecialchars($_POST["done"]);
    	
    	if ($RSDB_TEMP_padmin == "ok" && $RSDB_TEMP_done != "" && usrfunc_IsAdmin($RSDB_intern_user_id)) {
-			$update_log_entry = "UPDATE `rsdb_logs` SET 
-									`log_taskdone_usr` = '". mysql_real_escape_string($RSDB_intern_user_id) ."' WHERE `log_id` = '". mysql_real_escape_string($RSDB_TEMP_done) ."' LIMIT 1 ;";
-			mysql_query($update_log_entry);
+      $stmt=CDBConnection::getInstance()->prepare("UPDATE rsdb_logs SET log_taskdone_usr = :user_id WHERE log_id = :log_id LIMIT 1");
+      $stmt->bindParam('user_id',$RSDB_intern_user_id,PDO::PARAM_STR);
+      $stmt->bindParam('log_id',$RSDB_TEMP_done,PDO::PARAM_STR);
+      $stmt->execute();
    	}
    	
 ?>
@@ -219,14 +230,9 @@
    				$cellcolor1="#E2E2E2";
    				$cellcolor2="#EEEEEE";
    				$cellcolorcounter="0";
-					$query_entry_sprequest = mysql_query("SELECT * 
-							FROM `rsdb_logs` 
-							WHERE `log_level` LIKE 'low'
-							AND `log_action` LIKE 'request'
-							AND `log_category` LIKE 'user_moderator'
-							ORDER BY `log_date` DESC
-							LIMIT 0, 30;") ;
-					while($result_entry_sprequest = mysql_fetch_array($query_entry_sprequest)) {
+          $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_logs WHERE log_level LIKE 'low' AND log_action LIKE 'request' AND log_category LIKE 'user_moderator' ORDER BY log_date DESC LIMIT 30");
+          $stmt->execute();
+					while($result_entry_sprequest = $stmt->fetch(PDO::FETCH_ASSOC)) {
    			?> 
   <tr valign="top" bgcolor="<?php
    				$cellcolorcounter++;
@@ -281,4 +287,4 @@
    </script>
 <?php
    }
-?>
+?>
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_id.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_id.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_id.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -35,13 +35,11 @@
-	$query_page = mysql_query("SELECT * 
-								FROM `rsdb_item_vendor` 
-								WHERE `vendor_id` = ". htmlentities($RSDB_SET_vendor) ."
-								AND `vendor_visible` = '1'
-								ORDER BY `vendor_name` ASC") ;
-	
-	$result_page = mysql_fetch_array($query_page);
+  $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_vendor WHERE vendor_id = :vendor_id AND vendor_visible = '1' ORDER BY vendor_name ASC");
+  $stmt->bindParam('vendor_id',$RSDB_SET_vendor,PDO::PARAM_STR);
+  $stmt->execute();
+	
+	$result_page = $stmt->fetchOnce(PDO::FETCH_ASSOC);
    
 if ($result_page['vendor_id']) {
 ?>
@@ -172,18 +170,15 @@
       </tr>
       <?php
    
-		$query_page = mysql_query("SELECT * 
-									FROM `rsdb_groups` 
-									WHERE `grpentr_vendor` = " . htmlentities($RSDB_SET_vendor) . "
-									AND `grpentr_visible` = '1'
-									". $RSDB_intern_code_db_rsdb_groups ."
-									ORDER BY `grpentr_name` ASC ;") ;
+    $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_groups WHERE grpentr_vendor = :vendor_id AND grpentr_visible = '1' ". $RSDB_intern_code_db_rsdb_groups ." ORDER BY grpentr_name ASC");
+    $stmt->bindParam('vendor_id',$RSDB_SET_vendor,PDO::PARAM_STR);
+    $stmt->execute();
    
    	$farbe1="#E2E2E2";
    	$farbe2="#EEEEEE";
    	$zaehler="0";
    	
-		while($result_page = mysql_fetch_array($query_page)) { // Pages
+		while($result_page = $stmt->fetch(PDO::FETCH_ASSOC)) { // Pages
    ?>
       <tr>
         <td valign="top" bgcolor="<?php
@@ -200,10 +195,10 @@
    							 ?>" >
           <div align="left"><font size="2" face="Arial, Helvetica, sans-serif"><b><a href="<?php echo $RSDB_intern_link_vendor2_group.$result_page['grpentr_id']; ?>">
             <?php
-			$query_entry_vendor = mysql_query("SELECT * 
-												FROM `rsdb_item_vendor` 
-												WHERE `vendor_id` = " .  mysql_real_escape_string($result_page['grpentr_vendor']) ." ;") ;
-			$result_entry_vendor = mysql_fetch_array($query_entry_vendor);
+      $stmt_item=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_vendor WHERE vendor_id = :vendor_id");
+      $stmt_item->bindParam('vendor_id',$result_page['grpentr_vendor'],PDO::PARAM_STR);
+      $stmt_item->execute();
+			$result_entry_vendor = $stmt->fetch(PDO::FETCH_ASSOC);
    /*	
    		echo $result_entry_vendor['vendor_name']."&nbsp;";
    */
@@ -211,16 +206,10 @@
             <?php echo $result_page['grpentr_name']; ?></a></b>
                 <?php
    		echo " &nbsp;<i>";
-			$query_entry_appver = mysql_query("SELECT DISTINCT (
-												`comp_appversion` 
-												), `comp_osversion` , `comp_id` , `comp_name` 
-												FROM `rsdb_item_comp` 
-												WHERE `comp_visible` = '1'
-												AND `comp_groupid` = '". mysql_real_escape_string($result_page['grpentr_id']) ."'
-												GROUP BY `comp_appversion` 
-												ORDER BY `comp_appversion` ASC 
-												LIMIT 0 , 15 ;") ;
-			while($result_entry_appver = mysql_fetch_array($query_entry_appver)) {
+      $stmt_item=CDBConnection::getInstance()->prepare("SELECT DISTINCT (comp_appversion), comp_osversion, comp_id, comp_name FROM rsdb_item_comp WHERE comp_visible = '1' AND comp_groupid = :group_id GROUP BY comp_appversion ORDER BY comp_appversion ASC LIMIT 15");
+      $stmt_item->bindParam('group_id',$result_page['grpentr_id'],PDO::PARAM_STR);
+      $stmt_item->execute();
+			while($result_entry_appver = $stmt_item->fetch(PDO::FETCH_ASSOC)) {
    			if ($result_entry_appver['comp_name'] > $result_page['grpentr_name']) {
    				echo "<a href="".$RSDB_intern_link_group.$result_page['grpentr_id']."&amp;group2=".$result_entry_appver['comp_appversion']."">".substr($result_entry_appver['comp_name'], strlen($result_page['grpentr_name'])+1 )."</a>, ";
    			}
@@ -252,49 +241,41 @@
    		$counter_forumentries = 0;
    		$counter_screenshots = 0;
-			$query_group_sum_items = mysql_query("SELECT * 
-													FROM `rsdb_item_comp` 
-													WHERE `comp_groupid` = " . mysql_real_escape_string($result_page['grpentr_id']) . "
-													AND `comp_visible` = '1'
-													ORDER BY `comp_groupid` DESC ;") ;
-			while($result_group_sum_items = mysql_fetch_array($query_group_sum_items)) { 
+      $stmt_comp=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_item_comp WHERE comp_groupid = :group_id AND comp_visible = '1' ORDER BY comp_groupid DESC");
+      $stmt_comp->bindParam('group_id',$result_page['grpentr_id'],PDO::PARAM_STR);
+      $stmt_comp->execute();
+			while($result_group_sum_items = $stmt_comp->fetch(PDO::FETCH_ASSOC)) { 
    			$counter_items++;
    			if ($counter_awards_best < $result_group_sum_items['comp_award']) {
    				$counter_awards_best = $result_group_sum_items['comp_award'];
    			}
-				$query_count_stars_sum = mysql_query("SELECT * 
-								FROM `rsdb_item_comp_testresults` 
-								WHERE `test_visible` = '1'
-								AND `test_comp_id` = " . $result_group_sum_items['comp_id'] . "
-								ORDER BY `test_comp_id` ASC") ;
-								
-				while($result_count_stars_sum = mysql_fetch_array($query_count_stars_sum)) {
-					$counter_stars_install_sum += $result_count_stars_sum['test_result_install'];
-					$counter_stars_function_sum += $result_count_stars_sum['test_result_function'];
-					$counter_stars_user_sum++;
-				}
+        $stmt_results=CDBConnection::getInstance()->prepare("SELECT SUM(test_result_install) AS install_sum, SUM(test_result_function) AS function_sum, COUNT(*) AS user_sum FROM rsdb_item_comp_testresults WHERE test_visible = '1' AND test_comp_id = :comp_id ORDER BY test_comp_id ASC");
+        $stmt_results->bindParam('comp_id',$result_group_sum_items['comp_id'],PDO::PARAM_STR);
+        $stmt_results->execute();
+        $tmp=$stmt_results->fetchOnce(PDO::FETCH_ASSOC);
+
+				$counter_stars_install_sum += $tmp['install_sum'];
+				$counter_stars_function_sum += $tmp['function_sum'];
+				$counter_stars_user_sum += $tmp['user_sum'];
    			
-				$query_count_testentries=mysql_query("SELECT COUNT('test_id')
-														FROM `rsdb_item_comp_testresults`
-														WHERE `test_visible` = '1' 
-														AND `test_comp_id` = '".mysql_real_escape_string($result_group_sum_items['comp_id'])."' ;");	
-				$result_count_testentries = mysql_fetch_row($query_count_testentries);
+        $stmt_count=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_item_comp_testresults WHERE test_visible = '1' AND test_comp_id = :comp_id");
+        $stmt_count->bindParam('comp_id',$result_group_sum_items['comp_id'],PDO::PARAM_STR);
+        $stmt_count->execute();
+				$result_count_testentries = $stmt_count->fetchOnce(PDO::FETCH_NUM);
    			$counter_testentries += $result_count_testentries[0];
    			
    			// Forum entries:
-				$query_count_forumentries=mysql_query("SELECT COUNT('fmsg_id')
-														FROM `rsdb_item_comp_forum`
-														WHERE `fmsg_visible` = '1' 
-														AND `fmsg_comp_id` = '".mysql_real_escape_string($result_group_sum_items['comp_id'])."' ;");	
-				$result_count_forumentries = mysql_fetch_row($query_count_forumentries);
+        $stmt_count=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_item_comp_forum WHERE fmsg_visible = '1' AND fmsg_comp_id = :comp_id");
+        $stmt->bindParam('comp_id',$result_group_sum_items['comp_id'],PDO::PARAM_STR);
+        $stmt->execute();
+				$result_count_forumentries = $stmt->fetchOnce(PDO::FETCH_NUM);
    			$counter_forumentries += $result_count_forumentries[0];
// Screenshots:
-				$query_count_screenshots=mysql_query("SELECT COUNT('media_id')
-														FROM `rsdb_object_media`
-														WHERE `media_visible` = '1' 
-														AND `media_groupid` = '".mysql_real_escape_string($result_group_sum_items['comp_media'])."' ;");	
-				$result_count_screenshots = mysql_fetch_row($query_count_screenshots);
+        $stmt_count=CDBConnection::getInstance()->prepare("SELECT COUNT(*) FROM rsdb_object_media WHERE media_visible = '1' AND media_groupid = :group_id");
+        $stmt_count->bindParam('group_id',$result_group_sum_items['comp_media'],PDO::PARAM_STR);
+        $stmt_count->execute();
+				$result_count_screenshots = $stmt_count->fetchOnce(PDO::FETCH_ASSOC);
    			$counter_screenshots += $result_count_screenshots[0];
    		}
 ?>
Modified: branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_id_maintainer.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/com...
==============================================================================
--- branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_id_maintainer.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/compat/inc/tree/tree_vendor_id_maintainer.php [iso-8859-1] Thu Apr  2 04:42:42 2009
@@ -36,12 +36,10 @@
if (usrfunc_IsModerator($RSDB_intern_user_id)) {
    
-		$query_maintainer_vendor = mysql_query("SELECT * 
-									FROM `rsdb_item_vendor` 
-									WHERE `vendor_visible` = '1'
-									AND `vendor_id` = '".mysql_real_escape_string($RSDB_SET_vendor)."'
-									LIMIT 1 ;") ;
-		$result_maintainer_vendor = mysql_fetch_array($query_maintainer_vendor);
+    $stmt=CDBConnection::getInstance()->prepapare("SELECT * FROM rsdb_item_vendor WHERE vendor_visible = '1' AND vendor_id = :vendor_id LIMIT 1");
+    $stmt->bindParam('vendor_id',$RSDB_SET_vendor,PDO::PARAM_STR);
+    $stmt->execute();
+		$result_maintainer_vendor = $stmt->fetchOnce(PDO::FETCH_ASSOC);
$RSDB_referrer="";
    	$RSDB_usragent="";
@@ -75,13 +73,14 @@
    	// Edit application group data:
    	if ($RSDB_TEMP_pmod == "ok" && $RSDB_SET_vendor != "" && $RSDB_TEMP_vendname != "" && $RSDB_TEMP_txturl != "" && usrfunc_IsModerator($RSDB_intern_user_id)) {
    		// Update group entry:
-			$update_group_entry = "UPDATE `rsdb_item_vendor` SET `vendor_name` = '". mysql_real_escape_string($RSDB_TEMP_vendname) ."',
-								`vendor_fullname` = '". mysql_real_escape_string($RSDB_TEMP_fullname) ."',
-								`vendor_url` = '". mysql_real_escape_string($RSDB_TEMP_txturl) ."',
-								`vendor_email` = '". mysql_real_escape_string($RSDB_TEMP_txtemail) ."',
-								`vendor_infotext` = '". mysql_real_escape_string($RSDB_TEMP_txtinfo) ."' 
-								WHERE `vendor_id` = '". mysql_real_escape_string($RSDB_SET_vendor) ."' LIMIT 1 ;";
-			mysql_query($update_group_entry);
+      $stmt=CDBConnection::getInstance()->prepare("UPDATE rsdb_item_vendor SET vendor_name = :name, vendor_fullname = :fullname, vendor_url = :url, vendor_email = :email, vendor_infotext = :info WHERE vendor_id = :vendor_id LIMIT 1");
+      $stmt->bindParam('name',$RSDB_TEMP_vendname,PDO::PARAM_STR);
+      $stmt->bindParam('fullname',$RSDB_TEMP_fullname,PDO::PARAM_STR);
+      $stmt->bindParam('url',$RSDB_TEMP_txturl,PDO::PARAM_STR);
+      $stmt->bindParam('email',$RSDB_TEMP_txtemail,PDO::PARAM_STR);
+      $stmt->bindParam('info',$RSDB_TEMP_txtinfo,PDO::PARAM_STR);
+      $stmt->bindParam('vendor_id',$RSDB_SET_vendor,PDO::PARAM_STR);
+      $stmt->execute();
    		
    		add_log_entry("low", "tree_vendor", "edit", "[Vendor] Edit entry", @usrfunc_GetUsername($RSDB_intern_user_id)." changed the group data from: \n\nVendor-Name: ".htmlentities($result_maintainer_vendor['vendor_name'])." - ".htmlentities($result_maintainer_vendor['vendor_fullname'])." - ".$result_maintainer_vendor['vendor_id']."\n\nUrl: ".htmlentities($result_maintainer_vendor['vendor_url'])." \n\E-Mail: ".$result_maintainer_vendor['vendor_email']." \n\Info: ".$result_maintainer_vendor['vendor_infotext']." \n\n\nTo: \n\nVendor-Name: ".htmlentities($RSDB_TEMP_vendname)."\n\Fullname: ".htmlentities($RSDB_TEMP_fullname)." \n\nUrl: ".htmlentities($RSDB_TEMP_txturl)." \n\E-Mail: ".htmlentities($RSDB_TEMP_txtemail)." \n\Info: ".htmlentities($RSDB_TEMP_txtinfo), "0");
    		?>
@@ -93,15 +92,20 @@
// Special request:
    	if ($RSDB_TEMP_pmod == "ok" && $RSDB_TEMP_txtreq1 != "" && $RSDB_TEMP_txtreq2 != "" && usrfunc_IsModerator($RSDB_intern_user_id)) {
-			$report_submit="INSERT INTO `rsdb_logs` ( `log_id` , `log_date` , `log_usrid` , `log_usrip` , `log_level` , `log_action` , `log_title` , `log_description` , `log_category` , `log_badusr` , `log_referrer` , `log_browseragent` , `log_read` , `log_taskdone_usr` ) 
-							VALUES ('', NOW( ) , '".mysql_real_escape_string($RSDB_intern_user_id)."', '".mysql_escape_string($RSDB_ipaddr)."', 'low', 'request', '".mysql_escape_string($RSDB_TEMP_txtreq1)."', '".mysql_escape_string($RSDB_TEMP_txtreq2)."', 'user_moderator', '0', '".mysql_escape_string($RSDB_referrer)."', '".mysql_escape_string($RSDB_usragent)."', ';', '0');";
-			$db_report_submit=mysql_query($report_submit);
+      $stmt=CDBConnection::getInstance()->prepare("INSERT INTO rsdb_logs (log_id, log_date, log_usrid, log_usrip, log_level, log_action, log_title, log_description, log_category, log_badusr, log_referrer, log_browseragent, log_read, log_taskdone_usr) VALUES ('', NOW(), :user_id, :ip, 'low', 'request', :title, :description, 'user_moderator', '0', :referrer, :user_agent, ';', '0')");
+      $stmt->bindParam('user_id',$RSDB_intern_user_id,PDO::PARAM_STR);
+      $stmt->bindParam('ip',$RSDB_ipaddr,PDO::PARAM_STR);
+      $stmt->bindParam('title',$RSDB_TEMP_txtreq1,PDO::PARAM_STR);
+      $stmt->bindParam('description',$RSDB_TEMP_txtreq2,PDO::PARAM_STR);
+      $stmt->bindParam('referrer',$RSDB_referrer,PDO::PARAM_STR);
+      $stmt->bindParam('user_agent',$RSDB_usragent,PDO::PARAM_STR);
+      $stmt->execute();
    	}
    	// Report spam:
    	if ($RSDB_TEMP_pmod == "ok" && $RSDB_TEMP_txtspam != "" && usrfunc_IsModerator($RSDB_intern_user_id)) {
-			$update_log_entry = "UPDATE `rsdb_item_vendor` SET
-									`vendor_visible` = '3' WHERE `vendor_id` = '". mysql_real_escape_string($RSDB_SET_vendor) ."' LIMIT 1 ;";
-			mysql_query($update_log_entry);
+      $stmt=CDBConnection::getInstance()->prepare("UPDATE rsdb_item_vendor SET vendor_visible = '3' WHERE vendor_id = :vendor_id LIMIT 1");
+      $stmt->bindParam('vendor_id',$RSDB_SET_vendor,PDO::PARAM_STR);
+      $stmt->execute();
    		add_log_entry("low", "tree_vendor", "report_spam", "[Vendor] Spam/ads report", @usrfunc_GetUsername($RSDB_intern_user_id)." wrote: \n".htmlentities($RSDB_TEMP_txtspam)." \n\n\n\nUser: ".@usrfunc_GetUsername($result_maintainer_vendor['vendor_usrid'])." - ".$result_maintainer_vendor['vendor_usrid']."\n\nVendor-Name: ".htmlentities($result_maintainer_vendor['vendor_name'])." - ".$result_maintainer_vendor['vendor_id']."\n\nUrl: ".htmlentities($result_maintainer_vendor['vendor_url'])." \n\E-Mail: ".$result_maintainer_vendor['vendor_email']." \n\Info: ".$result_maintainer_vendor['vendor_infotext'], $result_maintainer_vendor['vendor_usrid']);
    	}
    	// Verified:
@@ -113,9 +117,10 @@
    	}
    	if ($result_maintainer_vendor['vendor_checked'] == "1" || $result_maintainer_vendor['vendor_checked'] == "no") {
    		if ($RSDB_TEMP_pmod == "ok" && $RSDB_TEMP_verified == "done" && usrfunc_IsModerator($RSDB_intern_user_id)) {
-				$update_log_entry = "UPDATE `rsdb_item_vendor` SET
-										`vendor_checked` = '". mysql_real_escape_string($temp_verified) ."' WHERE `vendor_id` = '". mysql_real_escape_string($RSDB_SET_vendor) ."' LIMIT 1 ;";
-				mysql_query($update_log_entry);
+        $stmt=CDBConnection::getInstance()->prepare("UPDATE rsdb_item_vendor SET vendor_checked = :checked WHERE vendor_id = :vendor_id LIMIT 1");
+        $stmt->bindParam('checked',$temp_verified,PDO::PARAM_STR);
+        $stmt->bindParam('vendor_id',$RSDB_SET_vendor,PDO::PARAM_STR);
+        $stmt->execute();
    			add_log_entry("low", "tree_vendor", "verified", "[Vendor] Verified", @usrfunc_GetUsername($RSDB_intern_user_id)." has verified the following vendor: \n\n\n\nUser: ".@usrfunc_GetUsername($result_maintainer_vendor['vendor_usrid'])." - ".$result_maintainer_vendor['vendor_usrid']."\n\nVendor-Name: ".htmlentities($result_maintainer_vendor['vendor_name'])." - ".$result_maintainer_vendor['vendor_id']."\n\nUrl: ".htmlentities($result_maintainer_vendor['vendor_url'])." \n\E-Mail: ".$result_maintainer_vendor['vendor_email']." \n\Info: ".$result_maintainer_vendor['vendor_infotext'], "0");
    		}
    	}
@@ -354,9 +359,10 @@
    	if (array_key_exists("done", $_POST)) $RSDB_TEMP_done=htmlspecialchars($_POST["done"]);
    	
    	if ($RSDB_TEMP_padmin == "ok" && $RSDB_TEMP_done != "" && usrfunc_IsAdmin($RSDB_intern_user_id)) {
-			$update_log_entry = "UPDATE `rsdb_logs` SET 
-									`log_taskdone_usr` = '". mysql_real_escape_string($RSDB_intern_user_id) ."' WHERE `log_id` = '". mysql_real_escape_string($RSDB_TEMP_done) ."' LIMIT 1 ;";
-			mysql_query($update_log_entry);
+      $stmt=CDBConnection::getInstance()->prepare"UPDATE rsdb_logs SET log_taskdone_usr = :user_id WHERE log_id = :log_id LIMIT 1");
+      $stmt->bindParam('user_id',$RSDB_intern_user_id,PDO::PARAM_STR);
+      $stmt->bindParam('log_id',$RSDB_TEMP_done,PDO::PARAM_STR);
+      $stmt->execute();
    	}
    	
 ?>
@@ -377,14 +383,9 @@
    				$cellcolor1="#E2E2E2";
    				$cellcolor2="#EEEEEE";
    				$cellcolorcounter="0";
-					$query_entry_sprequest = mysql_query("SELECT * 
-							FROM `rsdb_logs` 
-							WHERE `log_level` LIKE 'low'
-							AND `log_action` LIKE 'request'
-							AND `log_category` LIKE 'user_moderator'
-							ORDER BY `log_date` DESC
-							LIMIT 0, 30;") ;
-					while($result_entry_sprequest = mysql_fetch_array($query_entry_sprequest)) {
+          $stmt=CDBConnection::getInstance()->prepare("SELECT * FROM rsdb_logs WHERE log_level LIKE 'low' AND log_action LIKE 'request' AND log_category LIKE 'user_moderator' ORDER BY log_date DESC LIMIT 30;");
+          $stmt->execute();
+					while($result_entry_sprequest = $stmt->fetch(PDO::FETCH_ASSOC)) {
    			?> 
   <tr valign="top" bgcolor="<?php
    				$cellcolorcounter++;
@@ -439,4 +440,4 @@
    </script>
 <?php
    }
-?>
+?>

    