Update conference_rooms.php (#4243)

2019-06-03 10:53:58 -06:00 · 2019-06-03 10:53:58 -06:00 · 362a16c96d
parent 219416e4c6
commit 362a16c96d
1 changed files with 14 additions and 11 deletions
--- a/app/conference_centers/conference_rooms.php
+++ b/app/conference_centers/conference_rooms.php
@ -51,14 +51,14 @@
 	$search = preg_replace('{\D}', '', $search);
 	if (strlen($search) > 0) {
 		$sql = "select * from v_meetings ";
-		$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+		$sql .= "where domain_uuid = :domain_uuid ";
-		$sql .= "and (moderator_pin = '".$search."' or participant_pin = '".$search."') ";
+		$sql .= "and (moderator_pin = :search or participant_pin = :search) ";
-		$prep_statement = $db->prepare(check_sql($sql));
+		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
-		if ($prep_statement) {
+		if (strlen($search) > 0) {
-			$prep_statement->execute();
+			$parameters['search'] = '%'.$search.'%';
 			$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
 			$meeting_uuid = $row['meeting_uuid'];
 		}
 		$database = new database;
 		$row = $database->select($sql, $parameters, 'all');
 	}
 //if the $_GET array exists then process it
@ -107,11 +107,14 @@
 			if (strlen($enabled) > 0) {
 				$sql .= "enabled = '$enabled' ";
 			}
-			$sql .= "where domain_uuid = '$domain_uuid' ";
+			$sql .= "where domain_uuid = :domain_uuid ";
-			$sql .= "and conference_room_uuid = '$conference_room_uuid' ";
+			$sql .= "and conference_room_uuid = :conference_room_uuid ";
 			//echo $sql; //exit;
-			$db->exec(check_sql($sql));
+			//$db->exec(check_sql($sql));
-			unset($sql);
+			//unset($sql);
 			$parameters['conference_room_uuid'] = $conference_room_uuid;
 			$database = new database;
 			$database->select($sql, $parameters);
 	}
 //get conference array