Skip to content

Commit

Permalink
Use placeholder parameters to prevent string interpolation in SQL que…
Browse files Browse the repository at this point in the history 
…ries.
  • Loading branch information
@perlDreamer
perlDreamer committed Jun 16, 2010
1 parent 7057e92 commit 6d4d51c
Showing 1 changed file with 10 additions and 12 deletions.
22 changes: 10 additions & 12 deletions lib/WebGUI/Macro/UsersOnline.pm
View file
Expand Up @@ -191,14 +191,13 @@ sub _visitors {
# increase the count artificially. Note, that the number determined here
# may deviate from the number of items returned in the visitor loop.
$var->{'visitors'} = $db->quickScalar("SELECT COUNT(DISTINCT lastIp) FROM " .
"userSession WHERE (lastPageView > $epoch) AND (userId = 1) AND " .
"lastIp NOT LIKE '127.%.%.%'" . $ip_clause);
"userSession WHERE (lastPageView > ?) AND (userId = 1) AND " .
"lastIp NOT LIKE '127.%.%.%'" . $ip_clause, [$epoch]);

# Query session IDs and IPs of visitors
my $query = $db->prepare("SELECT sessionId, lastIp, lastPageView FROM " .
"userSession WHERE (lastPageView > $epoch) AND (userId = 1) AND " .
"lastIp NOT LIKE '127.%.%.%' " . $ip_clause . "LIMIT $maxVisitors");
$query->execute;
my $query = $db->read("SELECT sessionId, lastIp, lastPageView FROM " .
"userSession WHERE (lastPageView > ?) AND (userId = 1) AND " .
"lastIp NOT LIKE '127.%.%.%' " . $ip_clause . "LIMIT ?", [$epoch, $maxVisitors]);

# Iterate through rows
while (my %row = $query->hash) {
Expand Down Expand Up @@ -255,15 +254,14 @@ sub _members {
# Determine the number of registered users that are online. The Admin
# account is excluded from the list.
$var->{'members'} = $db->quickScalar("SELECT COUNT(DISTINCT userId) FROM " .
"userSession where (lastPageView > $epoch) and (userId != '1') and " .
"(userId != '3')");
"userSession where (lastPageView > ?) and (userId != '1') and " .
"(userId != '3')", [$epoch]);

# Query the names of registered users that are online. The showOnline flag
# in the user profile is respected.
my $query = $db->prepare("SELECT userId, sessionId, lastIp, lastPageView " .
"FROM userSession WHERE (lastPageView > $epoch) AND (userId != '1') " .
"AND (userId != '3') LIMIT $maxMembers");
$query->execute;
my $query = $db->read("SELECT userId, sessionId, lastIp, lastPageView " .
"FROM userSession WHERE (lastPageView > ?) AND (userId != '1') " .
"AND (userId != '3') LIMIT ?", [$epoch, $maxMembers]);

# Iterate through rows
while (my %row = $query->hash) {
Expand Down

0 comments on commit 6d4d51c

Please sign in to comment.