From c46f03bf8f3f95a5b3667f5a70ab7a152c0a247b Mon Sep 17 00:00:00 2001
From: Shish <shish@shishnet.org>
Date: Thu, 26 Jan 2012 16:20:26 +0000
Subject: [PATCH] convert mysql functions + direct query building -> sql
 standards + paramaters

---
 contrib/numeric_score/main.php | 30 ++++++++++++++++--------------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/contrib/numeric_score/main.php b/contrib/numeric_score/main.php
index 03c8c4df..e07b1a9d 100644
--- a/contrib/numeric_score/main.php
+++ b/contrib/numeric_score/main.php
@@ -110,10 +110,8 @@ class NumericScore implements Extension {
 				//TODO: Somehow make popular_by_#/2012/12/31 > popular_by_#?day=31&month=12&year=2012 (So no problems with date formats)
 				//TODO: Add Popular_by_week.
 
-				$sql =
-					"SELECT *
-					FROM images
-					";
+				$sql = "SELECT * FROM images ";
+				$args = array();
 
 				//year
 				if(int_escape($event->get_arg(0)) == 0){
@@ -137,17 +135,17 @@ class NumericScore implements Extension {
 
 				if($event->page_matches("popular_by_day")){
 					$sql .=
-						"WHERE YEAR(posted) =".$year."
-						AND MONTH(posted) =".$month."
-						AND DAY(posted) =".$day."
+						"WHERE EXTRACT(YEAR FROM posted) = :year
+						AND EXTRACT(MONTH FROM posted) = :month
+						AND EXTRACT(DAY FROM posted) = :day
 						AND NOT numeric_score=0
 						";
 					$dte = array($totaldate, date("F jS, Y", (strtotime($totaldate))), "Y/m/d", "day");
 				}
 				if($event->page_matches("popular_by_month")){
 					$sql .=
-						"WHERE YEAR(posted) =".$year."
-						AND MONTH(posted) =".$month."
+						"WHERE EXTRACT(YEAR FROM posted) = :year
+						AND EXTRACT(MONTH FROM posted) = :month
 						AND NOT numeric_score=0
 						";
 					$title = date("F Y", (strtotime($totaldate)));
@@ -155,17 +153,21 @@ class NumericScore implements Extension {
 				}
 				if($event->page_matches("popular_by_year")){
 					$sql .=
-						"WHERE YEAR(posted) =".$year."
+						"WHERE EXTRACT(YEAR FROM posted) = :year
 						AND NOT numeric_score=0
 						";
 					$dte = array($totaldate, $year, "Y", "year");
 				}
-				$sql .=
-					"ORDER BY numeric_score DESC
-					LIMIT 0 OFFSET ".$t_images;
+				$sql .= " ORDER BY numeric_score DESC LIMIT :limit OFFSET 0";
 
 				//filter images by year/score != 0 > limit to max images on one page > order from highest to lowest score
-				$result = $database->get_all($sql);
+				$args = array(
+					"year" => $year,
+					"month" => $month,
+					"day" => $day,
+					"limit" => $t_images
+				);
+				$result = $database->get_all($sql, $args);
 
 				$images = array();
 				foreach($result as $singleResult) {