diff --git a/app/contacts/contact_url_delete.php b/app/contacts/contact_url_delete.php
index de5a64a928..b582e4cfe5 100644
--- a/app/contacts/contact_url_delete.php
+++ b/app/contacts/contact_url_delete.php
@@ -38,24 +38,24 @@ else {
$language = new text;
$text = $language->get();
-if (count($_GET)>0) {
- $id = check_str($_GET["id"]);
- $contact_uuid = check_str($_GET["contact_uuid"]);
+$contact_url_uuid = $_GET["id"];
+$contact_uuid = $_GET["contact_uuid"];
+
+if (is_uuid($contact_url_uuid) && is_uuid($contact_uuid)) {
+
+ $array['contact_urls'][0]['contact_url_uuid'] = $contact_url_uuid;
+ $array['contact_urls'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+
+ $database = new database;
+ $database->app_name = 'contacts';
+ $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+ $database->delete($array);
+ unset($array);
+
+ message::add($text['message-delete']);
}
-if (strlen($id)>0) {
- $sql = "";
- $sql .= "delete from v_contact_urls ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= "and contact_url_uuid = '".$id."' ";
-
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($sql);
-}
-
-message::add($text['message-delete']);
header("Location: contact_edit.php?id=".$contact_uuid);
-return;
+exit;
?>
\ No newline at end of file
diff --git a/app/contacts/contact_url_edit.php b/app/contacts/contact_url_edit.php
index 479a497475..1dc290e6da 100644
--- a/app/contacts/contact_url_edit.php
+++ b/app/contacts/contact_url_edit.php
@@ -40,37 +40,37 @@ else {
$text = $language->get();
//action add or update
- if (isset($_REQUEST["id"])) {
+ if (is_uuid($_REQUEST["id"])) {
$action = "update";
- $contact_url_uuid = check_str($_REQUEST["id"]);
+ $contact_url_uuid = $_REQUEST["id"];
}
else {
$action = "add";
}
//get the contact uuid
- if (strlen($_GET["contact_uuid"]) > 0) {
- $contact_uuid = check_str($_GET["contact_uuid"]);
+ if (is_uuid($_GET["contact_uuid"])) {
+ $contact_uuid = $_GET["contact_uuid"];
}
//get http post variables and set them to php variables
if (count($_POST) > 0) {
- $url_label = check_str($_POST["url_label"]);
- $url_label_custom = check_str($_POST["url_label_custom"]);
- $url_address = check_str($_POST["url_address"]);
- $url_primary = check_str($_POST["url_primary"]);
- $url_description = check_str($_POST["url_description"]);
+ $url_label = $_POST["url_label"];
+ $url_label_custom = $_POST["url_label_custom"];
+ $url_address = $_POST["url_address"];
+ $url_primary = $_POST["url_primary"];
+ $url_description = $_POST["url_description"];
//use custom label if set
- $url_label = ($url_label_custom != '') ? $url_label_custom : $url_label;
+ $url_label = $url_label_custom != '' ? $url_label_custom : $url_label;
}
//process the form data
- if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
+ if (is_array($_POST) && @sizeof($_POST) != 0 && strlen($_POST["persistformvar"]) == 0) {
//set the uuid
if ($action == "update") {
- $contact_url_uuid = check_str($_POST["contact_url_uuid"]);
+ $contact_url_uuid = $_POST["contact_url_uuid"];
}
//check for all required data
@@ -92,89 +92,84 @@ else {
if ($_POST["persistformvar"] != "true") {
//update last modified
- $sql = "update v_contacts set ";
- $sql .= "last_mod_date = now(), ";
- $sql .= "last_mod_user = '".$_SESSION['username']."' ";
- $sql .= "where domain_uuid = '".$domain_uuid."' ";
- $sql .= "and contact_uuid = '".$contact_uuid."' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['contacts'][0]['contact_uuid'] = $contact_uuid;
+ $array['contacts'][0]['domain_uuid'] = $domain_uuid;
+ $array['contacts'][0]['last_mod_date'] = 'now()';
+ $array['contacts'][0]['last_mod_user'] = $_SESSION['username'];
+
+ $p = new permissions;
+ $p->add('contact_edit', 'temp');
+
+ $database = new database;
+ $database->app_name = 'contacts';
+ $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+ $database->save($array);
+ unset($array);
+
+ $p->delete('contact_edit', 'temp');
//if primary, unmark other primary numbers
if ($url_primary) {
$sql = "update v_contact_urls set url_primary = 0 ";
- $sql .= "where domain_uuid = '".$domain_uuid."' ";
- $sql .= "and contact_uuid = '".$contact_uuid."' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ $sql .= "where domain_uuid = :domain_uuid ";
+ $sql .= "and contact_uuid = :contact_uuid ";
+ $parameters['domain_uuid'] = $domain_uuid;
+ $parameters['contact_uuid'] = $contact_uuid;
+ $database = new database;
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
}
if ($action == "add") {
$contact_url_uuid = uuid();
- $sql = "insert into v_contact_urls ";
- $sql .= "(";
- $sql .= "domain_uuid, ";
- $sql .= "contact_uuid, ";
- $sql .= "contact_url_uuid, ";
- $sql .= "url_label, ";
- $sql .= "url_address, ";
- $sql .= "url_primary, ";
- $sql .= "url_description ";
- $sql .= ")";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'".$_SESSION['domain_uuid']."', ";
- $sql .= "'".$contact_uuid."', ";
- $sql .= "'".$contact_url_uuid."', ";
- $sql .= "'".$url_label."', ";
- $sql .= "'".$url_address."', ";
- $sql .= (($url_primary) ? 1 : 0).", ";
- $sql .= "'".$url_description."' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['contact_urls'][0]['contact_url_uuid'] = $contact_url_uuid;
message::add($text['message-add']);
- header("Location: contact_edit.php?id=".$contact_uuid);
- return;
- } //if ($action == "add")
+ }
if ($action == "update") {
- $sql = "update v_contact_urls set ";
- $sql .= "contact_uuid = '".$contact_uuid."', ";
- $sql .= "url_label = '".$url_label."', ";
- $sql .= "url_address = '".$url_address."', ";
- $sql .= "url_primary = ".(($url_primary) ? 1 : 0).", ";
- $sql .= "url_description = '".$url_description."' ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= "and contact_url_uuid = '".$contact_url_uuid."'";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['contact_urls'][0]['contact_url_uuid'] = $contact_url_uuid;
message::add($text['message-update']);
- header("Location: contact_edit.php?id=".$contact_uuid);
- return;
- } //if ($action == "update")
- } //if ($_POST["persistformvar"] != "true")
- } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+ }
+
+ if (is_array($array) && @sizeof($array) != 0) {
+ $array['contact_urls'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ $array['contact_urls'][0]['contact_uuid'] = $contact_uuid;
+ $array['contact_urls'][0]['url_label'] = $url_label;
+ $array['contact_urls'][0]['url_address'] = $url_address;
+ $array['contact_urls'][0]['url_primary'] = $url_primary ? 1 : 0;
+ $array['contact_urls'][0]['url_description'] = $url_description;
+
+ $database = new database;
+ $database->app_name = 'contacts';
+ $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+ $database->save($array);
+ unset($array);
+ }
+
+ header("Location: contact_edit.php?id=".$contact_uuid);
+ exit;
+ }
+ }
//pre-populate the form
- if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
+ if (is_array($_GET) && @sizeof($_GET) != 0 && $_POST["persistformvar"] != "true") {
$contact_url_uuid = $_GET["id"];
$sql = "select * from v_contact_urls ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= "and contact_url_uuid = '".$contact_url_uuid."' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
+ $sql .= "where domain_uuid = :domain_uuid ";
+ $sql .= "and contact_url_uuid = :contact_url_uuid ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['contact_url_uuid'] = $contact_url_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && @sizeof($row) != 0) {
$url_label = $row["url_label"];
$url_address = $row["url_address"];
$url_primary = $row["url_primary"];
$url_description = $row["url_description"];
- break; //limit to 1 row
}
- unset ($prep_statement);
+ unset($sql, $parameters, $row);
}
//show the header
diff --git a/app/contacts/contact_urls.php b/app/contacts/contact_urls.php
index 8bfb24d957..0da336bb8b 100644
--- a/app/contacts/contact_urls.php
+++ b/app/contacts/contact_urls.php
@@ -48,14 +48,14 @@
//get the contact list
$sql = "select * from v_contact_urls ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= "and contact_uuid = '$contact_uuid' ";
+ $sql .= "where domain_uuid = :domain_uuid ";
+ $sql .= "and contact_uuid = :contact_uuid ";
$sql .= "order by url_primary desc, url_label asc ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- $result_count = count($result);
- unset ($prep_statement, $sql);
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['contact_uuid'] = $contact_uuid;
+ $database = new database;
+ $result = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
$c = 0;
$row_style["0"] = "row_style0";
@@ -74,12 +74,12 @@
echo "\n";
echo "\n";
- if ($result_count > 0) {
+ if (is_array($result) && @sizeof($result) != 0) {
foreach($result as $row) {
if (permission_exists('contact_url_edit')) {
$tr_link = "href='contact_url_edit.php?contact_uuid=".escape($row['contact_uuid'])."&id=".escape($row['contact_url_uuid'])."'";
}
- echo "\n";
+ echo "
\n";
echo " | ".escape($row['url_label'])." | \n";
echo " ".str_replace("http://", "", str_replace("https://", "", escape($row['url_address'])))." | \n";
echo " ".escape($row['url_description'])." | \n";
@@ -92,10 +92,10 @@
}
echo " \n";
echo "
\n";
- $c = ($c) ? 0 : 1;
- } //end foreach
- unset($sql, $result, $row_count);
- } //end if results
+ $c = $c ? 0 : 1;
+ }
+ }
+ unset($result, $row);
echo "\n";
diff --git a/app/contacts/contact_user_delete.php b/app/contacts/contact_user_delete.php
index 01f7142598..fb4614934d 100644
--- a/app/contacts/contact_user_delete.php
+++ b/app/contacts/contact_user_delete.php
@@ -26,7 +26,7 @@
require_once "root.php";
require_once "resources/require.php";
require_once "resources/check_auth.php";
-if (permission_exists('contact_group_delete')) {
+if (permission_exists('contact_user_delete')) {
//access granted
}
else {
@@ -40,19 +40,23 @@ else {
$language = new text;
$text = $language->get();
- if (count($_REQUEST) > 0) {
- $contact_user_uuid = check_str($_REQUEST["id"]);
- $contact_uuid = check_str($_REQUEST["contact_uuid"]);
+ if (is_array($_REQUEST) && @sizeof($_REQUEST) != 0) {
+ $contact_user_uuid = $_REQUEST["id"];
+ $contact_uuid = $_REQUEST["contact_uuid"];
}
}
//delete the user
if (is_uuid($contact_uuid) && is_uuid($contact_user_uuid)) {
- $sql = "delete from v_contact_users ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= "and contact_user_uuid = '$contact_user_uuid' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['contact_users'][0]['contact_user_uuid'] = $contact_user_uuid;
+ $array['contact_users'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+
+ $database = new database;
+ $database->app_name = 'contacts';
+ $database->app_uuid = '04481e0e-a478-c559-adad-52bd4174574c';
+ $database->delete($array);
+ $response = $database->message;
+ unset($array);
}
//redirect the browser
diff --git a/app/contacts/contacts.php b/app/contacts/contacts.php
index 3db46a4848..1651b8a8b1 100644
--- a/app/contacts/contacts.php
+++ b/app/contacts/contacts.php
@@ -48,12 +48,12 @@
require_once "resources/header.php";
//get the search criteria
- $search_all = strtolower(check_str($_GET["search_all"]));
- $phone_number = check_str($_GET["phone_number"]);
+ $search_all = strtolower($_GET["search_all"]);
+ $phone_number = $_GET["phone_number"];
//get variables used to control the order
- $order_by = check_str($_GET["order_by"]);
- $order = check_str($_GET["order"]);
+ $order_by = $_GET["order_by"];
+ $order = $_GET["order"];
//retrieve current user's assigned groups (uuids)
foreach ($_SESSION['groups'] as $group_data) {
@@ -70,103 +70,123 @@
$sql .= "from ";
$sql .= "v_contact_settings ";
$sql .= "where ";
- $sql .= "domain_uuid = '".$_SESSION['domain_uuid']."' ";
+ $sql .= "domain_uuid = :domain_uuid ";
$sql .= "and contact_setting_category = 'sync' ";
$sql .= "and contact_setting_subcategory = 'source' ";
$sql .= "and contact_setting_name = 'array' ";
$sql .= "and contact_setting_value <> '' ";
$sql .= "and contact_setting_value is not null ";
if (!(if_group("superadmin") || if_group("admin"))) {
- $sql .= "and ( \n"; //only contacts assigned to current user's group(s) and those not assigned to any group
- $sql .= " contact_uuid in ( \n";
+ $sql .= "and ( "; //only contacts assigned to current user's group(s) and those not assigned to any group
+ $sql .= " contact_uuid in ( ";
$sql .= " select contact_uuid from v_contact_groups ";
- $sql .= " where group_uuid in ('".implode("','", array_filter($user_group_uuids))."') ";
- $sql .= " and domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= " ) \n";
- $sql .= " or \n";
- $sql .= " contact_uuid not in ( \n";
+ $sql .= " where ";
+ if (is_array($user_group_uuids) && @sizeof($user_group_uuids) != 0) {
+ foreach ($user_group_uuids as $index => $user_group_uuid) {
+ if (is_uuid($user_group_uuid)) {
+ $sql_where_or[] = "group_uuid = :group_uuid_".$index;
+ $parameters['group_uuid_'.$index] = $user_group_uuid;
+ }
+ }
+ if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) {
+ $sql .= " ( ".implode(' or ', $sql_where_or)." ) ";
+ }
+ unset($sql_where_or, $index, $user_group_uuid);
+ }
+ $sql .= " and domain_uuid = :domain_uuid ";
+ $sql .= " ) ";
+ $sql .= " or ";
+ $sql .= " contact_uuid not in ( ";
$sql .= " select contact_uuid from v_contact_groups ";
- $sql .= " where group_uuid = '".$_SESSION['group_uuid']."' ";
- $sql .= " and domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= " ) \n";
- $sql .= ") \n";
+ $sql .= " where group_uuid = :group_uuid ";
+ $sql .= " and domain_uuid = :domain_uuid ";
+ $sql .= " ) ";
+ $sql .= ") ";
}
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- if (count($result) > 0) {
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['group_uuid'] = $_SESSION['group_uuid'];
+ $database = new database;
+ $result = $database->select($sql, $parameters, 'all');
+ if (is_array($result) && @sizeof($result) != 0) {
foreach($result as $row) {
$contact_sync_sources[$row['contact_uuid']][] = $row['contact_setting_value'];
}
}
- unset ($sql, $prep_statement, $result);
+ unset($sql, $parameters, $result);
//build query for paging and list
- $sql = "select count(*) as num_rows ";
+ $sql = "select count(*) ";
$sql .= "from v_contacts as c ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+ $sql .= "where domain_uuid = :domain_uuid ";
if (!(if_group("superadmin") || if_group("admin"))) {
- $sql .= "and ( \n"; //only contacts assigned to current user's group(s) and those not assigned to any group
- $sql .= " contact_uuid in ( \n";
+ $sql .= "and ( "; //only contacts assigned to current user's group(s) and those not assigned to any group
+ $sql .= " contact_uuid in ( ";
$sql .= " select contact_uuid from v_contact_groups ";
- $sql .= " where group_uuid in ('".implode("','", array_filter($user_group_uuids))."') ";
- $sql .= " and domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= " ) \n";
- $sql .= " or contact_uuid in ( \n";
+ $sql .= " where ";
+ if (is_array($user_group_uuids) && @sizeof($user_group_uuids) != 0) {
+ foreach ($user_group_uuids as $index => $user_group_uuid) {
+ if (is_uuid($user_group_uuid)) {
+ $sql_where_or[] = "group_uuid = :group_uuid_".$index;
+ $parameters['group_uuid_'.$index] = $user_group_uuid;
+ }
+ }
+ if (is_array($sql_where_or) && @sizeof($sql_where_or) != 0) {
+ $sql .= " ( ".implode(' or ', $sql_where_or)." ) ";
+ }
+ unset($sql_where_or, $index, $user_group_uuid);
+ }
+ $sql .= " and domain_uuid = :domain_uuid ";
+ $sql .= " ) ";
+ $sql .= " or contact_uuid in ( ";
$sql .= " select contact_uuid from v_contact_users ";
- $sql .= " where user_uuid = '".$_SESSION['user_uuid']."' ";
- $sql .= " and domain_uuid = '".$_SESSION['domain_uuid']."' ";
+ $sql .= " where user_uuid = :user_uuid ";
+ $sql .= " and domain_uuid = :domain_uuid ";
$sql .= "";
- $sql .= " ) \n";
- $sql .= ") \n";
+ $sql .= " ) ";
+ $sql .= ") ";
+ $parameters['user_uuid'] = $_SESSION['user_uuid'];
}
if (strlen($phone_number) > 0) {
$phone_number = preg_replace('{\D}', '', $phone_number);
$sql .= "and contact_uuid in ( ";
$sql .= " select contact_uuid from v_contact_phones ";
- $sql .= " where phone_number like '%".$phone_number."%' ";
- $sql .= ") \n";
+ $sql .= " where phone_number like :phone_number ";
+ $sql .= ") ";
+ $parameters['phone_number'] = '%'.$phone_number.'%';
}
else {
if (strlen($search_all) > 0) {
if (is_numeric($search_all)) {
- $sql .= "and contact_uuid in ( \n";
+ $sql .= "and contact_uuid in ( ";
$sql .= " select contact_uuid from v_contact_phones ";
- $sql .= " where phone_number like '%".$search_all."%' ";
- $sql .= ") \n";
+ $sql .= " where phone_number like :search_all ";
+ $sql .= ") ";
}
else {
- $sql .= "and contact_uuid in ( \n";
+ $sql .= "and contact_uuid in ( ";
$sql .= " select contact_uuid from v_contacts ";
- $sql .= " where domain_uuid = '".$_SESSION['domain_uuid']."' \n";
- $sql .= " and ( \n";
- $sql .= " lower(contact_organization) like '%".$search_all."%' or \n";
- $sql .= " lower(contact_name_given) like '%".$search_all."%' or \n";
- $sql .= " lower(contact_name_family) like '%".$search_all."%' or \n";
- $sql .= " lower(contact_nickname) like '%".$search_all."%' or \n";
- $sql .= " lower(contact_title) like '%".$search_all."%' or \n";
- $sql .= " lower(contact_category) like '%".$search_all."%' or \n";
- $sql .= " lower(contact_role) like '%".$search_all."%' or \n";
- $sql .= " lower(contact_url) like '%".$search_all."%' or \n";
- $sql .= " lower(contact_time_zone) like '%".$search_all."%' or \n";
- $sql .= " lower(contact_note) like '%".$search_all."%' or \n";
- $sql .= " lower(contact_type) like '%".$search_all."%' \n";
- $sql .= " ) \n";
- $sql .= ") \n";
+ $sql .= " where domain_uuid = :domain_uuid ";
+ $sql .= " and ( ";
+ $sql .= " lower(contact_organization) like :search_all or ";
+ $sql .= " lower(contact_name_given) like :search_all or ";
+ $sql .= " lower(contact_name_family) like :search_all or ";
+ $sql .= " lower(contact_nickname) like :search_all or ";
+ $sql .= " lower(contact_title) like :search_all or ";
+ $sql .= " lower(contact_category) like :search_all or ";
+ $sql .= " lower(contact_role) like :search_all or ";
+ $sql .= " lower(contact_url) like :search_all or ";
+ $sql .= " lower(contact_time_zone) like :search_all or ";
+ $sql .= " lower(contact_note) like :search_all or ";
+ $sql .= " lower(contact_type) like :search_all ";
+ $sql .= " ) ";
+ $sql .= ") ";
}
+ $parameters['search_all'] = '%'.$search_all.'%';
}
}
- $prep_statement = $db->prepare($sql);
- if ($prep_statement) {
- $prep_statement->execute();
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
- if ($row['num_rows'] > 0) {
- $num_rows = $row['num_rows'];
- }
- else {
- $num_rows = '0';
- }
- }
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $database = new database;
+ $num_rows = $database->select($sql, $parameters, 'column');
//prepare to page the results
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -178,24 +198,24 @@
$offset = $rows_per_page * $page;
//get the list
- $contact_default_sort_column = ($_SESSION['contacts']['default_sort_column']['text'] != '') ? $_SESSION['contacts']['default_sort_column']['text'] : "last_mod_date";
- $contact_default_sort_order = ($_SESSION['contacts']['default_sort_order']['text'] != '') ? $_SESSION['contacts']['default_sort_order']['text'] : "desc";
-
- $sql = str_replace('count(*) as num_rows', '*, (select a.contact_attachment_uuid from v_contact_attachments as a where a.contact_uuid = c.contact_uuid and a.attachment_primary = 1) as contact_attachment_uuid', $sql);
- if (strlen($order_by) > 0) {
- $sql .= "order by ".$order_by." ".$order.", contact_organization asc ";
+ $sql = str_replace('count(*)', '*, (select a.contact_attachment_uuid from v_contact_attachments as a where a.contact_uuid = c.contact_uuid and a.attachment_primary = 1) as contact_attachment_uuid', $sql);
+ if ($order_by != '') {
+ $sql .= order_by($order_by, $order);
+ $sql .= ", contact_organization asc ";
}
else {
- $sql .= "order by ".$contact_default_sort_column." ".$contact_default_sort_order." ";
+ $contact_default_sort_column = $_SESSION['contacts']['default_sort_column']['text'] != '' ? $_SESSION['contacts']['default_sort_column']['text'] : "last_mod_date";
+ $contact_default_sort_order = $_SESSION['contacts']['default_sort_order']['text'] != '' ? $_SESSION['contacts']['default_sort_order']['text'] : "desc";
+
+ $sql .= order_by($contact_default_sort_column, $contact_default_sort_order);
if ($db_type == "pgsql") {
- $sql .= "nulls last ";
+ $sql .= " nulls last ";
}
}
- $sql .= "limit ".$rows_per_page." offset ".$offset." ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $contacts = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- unset ($prep_statement, $sql);
+ $sql .= limit_offset($rows_per_page, $offset);
+ $database = new database;
+ $contacts = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
//styles
echo "