From 69e1737063cd1bd52fe269bc6ac588557c03a9e1 Mon Sep 17 00:00:00 2001
From: int2001 <joerg@dj7nt.de>
Date: Fri, 6 Sep 2024 13:08:23 +0000
Subject: [PATCH] Changed DXCC to binding

---
 application/models/Dxcc.php | 143 +++++++++++++++++++++++-------------
 1 file changed, 90 insertions(+), 53 deletions(-)

diff --git a/application/models/Dxcc.php b/application/models/Dxcc.php
index a8789b442..5ecdb2738 100644
--- a/application/models/Dxcc.php
+++ b/application/models/Dxcc.php
@@ -16,9 +16,9 @@ class DXCC extends CI_Model {
 		$exceptions = $this->db->query('
 				SELECT *
 				FROM `dxcc_exceptions`
-				WHERE `prefix` = \''.$callsign.'\'
+				WHERE `prefix` = ?
 				LIMIT 1
-			');
+			',array($callsign));
 
 		if ($exceptions->num_rows() > 0) {
 			return $exceptions;
@@ -26,10 +26,10 @@ class DXCC extends CI_Model {
 			$query = $this->db->query('
 					SELECT *
 					FROM dxcc_entities
-					WHERE prefix = SUBSTRING( \''.$callsign.'\', 1, LENGTH( prefix ) )
+					WHERE prefix = SUBSTRING(?, 1, LENGTH( prefix ) )
 					ORDER BY LENGTH( prefix ) DESC
 					LIMIT 1
-				');
+				',array($callsign));
 
 			return $query;
 		}
@@ -67,7 +67,7 @@ class DXCC extends CI_Model {
 
 		$location_list = "'".implode("','",$logbooks_locations_array)."'";
 
-        	$qsl = $this->genfunctions->gen_qsl_from_postdata($postdata);
+		$qsl = $this->genfunctions->gen_qsl_from_postdata($postdata);
 
 		foreach ($bands as $band) {             	// Looping through bands and entities to generate the array needed for display
 			foreach ($dxccArray as $dxcc) {
@@ -123,6 +123,7 @@ class DXCC extends CI_Model {
 	}
 
 	function getDxccBandConfirmed($location_list, $band, $postdata) {
+		$bindings=[];
 		$sql = "select adif as dxcc, name from dxcc_entities
 				join (
 					select col_dxcc from ".$this->config->item('table_name')." thcv
@@ -130,18 +131,21 @@ class DXCC extends CI_Model {
 					where station_id in (" . $location_list .
 				  ") and col_dxcc > 0";
 
-		$sql .= $this->genfunctions->addBandToQuery($band);
+		$sql .= $this->genfunctions->addBandToQuery($band,$bindings);
 		if ($band == 'SAT') {
 			if ($postdata['sat'] != 'All') {
-				$sql .= " and col_sat_name ='" . $postdata['sat'] . "'";
+				$sql .= " and col_sat_name = ?";
+				$bindings[]=$postdata['sat'];
 			}
 		}
 
 		if ($postdata['mode'] != 'All') {
-			$sql .= " and (col_mode = '" . $postdata['mode'] . "' or col_submode = '" . $postdata['mode'] . "')";
+			$sql .= " and (col_mode = ? or col_submode = ?)";
+			$bindings[]=$postdata['mode'];
+			$bindings[]=$postdata['mode'];
 		}
 
-		$sql .= $this->addOrbitToQuery($postdata);
+		$sql .= $this->addOrbitToQuery($postdata,$bindings);
 
 		$sql .= $this->genfunctions->addQslToQuery($postdata);
 
@@ -154,28 +158,32 @@ class DXCC extends CI_Model {
 
 		$sql .= $this->addContinentsToQuery($postdata);
 
-		$query = $this->db->query($sql);
+		$query = $this->db->query($sql,$bindings);
 
 		return $query->result();
 	}
 
 	function getDxccBandWorked($location_list, $band, $postdata) {
+		$bindings=[];
 		$sql = "select adif as dxcc, name from dxcc_entities
 				join (
 					select col_dxcc from ".$this->config->item('table_name')." thcv
 					LEFT JOIN satellite on thcv.COL_SAT_NAME = satellite.name
 					where station_id in (" . $location_list .
 					") and col_dxcc > 0";
-		$sql .= $this->genfunctions->addBandToQuery($band);
+		$sql .= $this->genfunctions->addBandToQuery($band,$bindings);
 		if ($band == 'SAT') {
 			if ($postdata['sat'] != 'All') {
-				$sql .= " and col_sat_name ='" . $postdata['sat'] . "'";
+				$sql .= " and col_sat_name = ?";
+				$bindings[]=$postdata['sat'];
 			}
 		}
 		if ($postdata['mode'] != 'All') {
-			$sql .= " and (col_mode = '" . $postdata['mode'] . "' or col_submode = '" . $postdata['mode'] . "')";
+			$sql .= " and (col_mode = ? or col_submode = ?)";
+			$bindings[]=$postdata['mode'];
+			$bindings[]=$postdata['mode'];
 		}
-		$sql .= $this->addOrbitToQuery($postdata);
+		$sql .= $this->addOrbitToQuery($postdata,$bindings);
 
 		$sql .= " group by col_dxcc
 				) x on dxcc_entities.adif = x.col_dxcc";;
@@ -184,14 +192,14 @@ class DXCC extends CI_Model {
 		}
 		$sql .= $this->addContinentsToQuery($postdata);
 
-		$query = $this->db->query($sql);
+		$query = $this->db->query($sql,$bindings);
 		return $query->result();
 	}
 
 	function fetchDxcc($postdata) {
-		$CI =& get_instance();
-		$CI->load->model('logbooks_model');
-		$logbooks_locations_array = $CI->logbooks_model->list_logbook_relationships($this->session->userdata('active_station_logbook'));
+		$bindings=[];
+		$this->load->model('logbooks_model');
+		$logbooks_locations_array = $this->logbooks_model->list_logbook_relationships($this->session->userdata('active_station_logbook'));
 
 		if (!$logbooks_locations_array) {
 			return null;
@@ -209,21 +217,26 @@ class DXCC extends CI_Model {
 
 			if ($postdata['band'] != 'All') {
 				if ($postdata['band'] == 'SAT') {
-					$sql .= " and col_prop_mode ='" . $postdata['band'] . "'";
+					$sql .= " and col_prop_mode = ?";
+					$bindings[]=$postdata['band'];
 					if ($postdata['sat'] != 'All') {
-						$sql .= " and col_sat_name ='" . $postdata['sat'] . "'";
+						$sql .= " and col_sat_name = ?";
+						$bindings[]=$postdata['sat'];
 					}
 				} else {
 					$sql .= " and col_prop_mode !='SAT'";
-					$sql .= " and col_band ='" . $postdata['band'] . "'";
+					$sql .= " and col_band = ?";
+					$bindings[]=$postdata['band'];
 				}
 			}
 
 			if ($postdata['mode'] != 'All') {
-				$sql .= " and (col_mode = '" . $postdata['mode'] . "' or col_submode = '" . $postdata['mode'] . "')";
+			$sql .= " and (col_mode = ? or col_submode = ?)";
+			$bindings[]=$postdata['mode'];
+			$bindings[]=$postdata['mode'];
 			}
 
-			$sql .= $this->addOrbitToQuery($postdata);
+			$sql .= $this->addOrbitToQuery($postdata, $bindings);
 
 			$sql .= ' group by col_dxcc) x on dxcc_entities.adif = x.col_dxcc';
 		}
@@ -237,12 +250,13 @@ class DXCC extends CI_Model {
 		$sql .= $this->addContinentsToQuery($postdata);
 
 		$sql .= ' order by prefix';
-		$query = $this->db->query($sql);
+		$query = $this->db->query($sql,$bindings);
 
 		return $query->result();
 	}
 
 	function getDxccWorked($location_list, $postdata) {
+		$bindings=[];
 		$sql = "SELECT adif as dxcc FROM dxcc_entities
 			join (
 				select col_dxcc
@@ -250,30 +264,36 @@ class DXCC extends CI_Model {
 				LEFT JOIN satellite on thcv.COL_SAT_NAME = satellite.name
 				where station_id in (" . $location_list .
 				") and col_dxcc > 0";
-		$sql .= $this->genfunctions->addBandToQuery($postdata['band']);
+		$sql .= $this->genfunctions->addBandToQuery($postdata['band'],$bindings);
 		if ($postdata['band'] == 'SAT') {
 			if ($postdata['sat'] != 'All') {
-				$sql .= " and col_sat_name ='" . $postdata['sat'] . "'";
+				$sql .= " and col_sat_name = ?";
+				$bindings[]=$postdata['sat'];
 			}
 		}
 
-		$sql .= $this->addOrbitToQuery($postdata);
+		$sql .= $this->addOrbitToQuery($postdata,$bindings);
 
 		if ($postdata['mode'] != 'All') {
-			$sql .= " and (col_mode = '" . $postdata['mode'] . "' or col_submode = '" . $postdata['mode'] . "')";
+			$sql .= " and (col_mode = ? or col_submode = ?)";
+			$bindings[]=$postdata['mode'];
+			$bindings[]=$postdata['mode'];
 		}
 
 		$sql .= " and not exists (select 1 from ".$this->config->item('table_name')." where station_id in (". $location_list .") and col_dxcc = thcv.col_dxcc and col_dxcc > 0";
-		$sql .= $this->genfunctions->addBandToQuery($postdata['band']);
+		$sql .= $this->genfunctions->addBandToQuery($postdata['band'],$bindings);
 		if ($postdata['band'] == 'SAT') {
 			if ($postdata['sat'] != 'All') {
-				$sql .= " and col_sat_name ='" . $postdata['sat'] . "'";
+				$sql .= " and col_sat_name = ?";
+				$bindings[]=$postdata['sat'];
 			}
 		}
-		$sql .= $this->addOrbitToQuery($postdata);
+		$sql .= $this->addOrbitToQuery($postdata,$bindings);
 
 		if ($postdata['mode'] != 'All') {
-			$sql .= " and (col_mode = '" . $postdata['mode'] . "' or col_submode = '" . $postdata['mode'] . "')";
+			$sql .= " and (col_mode = ? or col_submode = ?)";
+			$bindings[]=$postdata['mode'];
+			$bindings[]=$postdata['mode'];
 		}
 
 		$sql .= $this->genfunctions->addQslToQuery($postdata);
@@ -288,11 +308,12 @@ class DXCC extends CI_Model {
 
 		$sql .= $this->addContinentsToQuery($postdata);
 
-		$query = $this->db->query($sql);
+		$query = $this->db->query($sql,$bindings);
 		return $query->result();
 	}
 
 	function getDxccConfirmed($location_list, $postdata) {
+		$bindings=[];
 		$sql = "SELECT adif as dxcc FROM dxcc_entities
 	    join (
 		select col_dxcc
@@ -301,18 +322,21 @@ class DXCC extends CI_Model {
 		where station_id in (". $location_list .
 		    ") and col_dxcc > 0";
 
-		$sql .= $this->genfunctions->addBandToQuery($postdata['band']);
+		$sql .= $this->genfunctions->addBandToQuery($postdata['band'],$bindings);
 		if ($postdata['band'] == 'SAT') {
 			if ($postdata['sat'] != 'All') {
-				$sql .= " and col_sat_name ='" . $postdata['sat'] . "'";
+				$sql .= " and col_sat_name = ?";
+				$bindings[]=$postdata['sat'];
 			}
 		}
 
 		if ($postdata['mode'] != 'All') {
-			$sql .= " and (col_mode = '" . $postdata['mode'] . "' or col_submode = '" . $postdata['mode'] . "')";
+			$sql .= " and (col_mode = ? or col_submode = ?)";
+			$bindings[]=$postdata['mode'];
+			$bindings[]=$postdata['mode'];
 		}
 
-		$sql .= $this->addOrbitToQuery($postdata);
+		$sql .= $this->addOrbitToQuery($postdata,$bindings);
 
 		$sql .= $this->genfunctions->addQslToQuery($postdata);
 
@@ -327,7 +351,7 @@ class DXCC extends CI_Model {
 		$sql .= $this->addContinentsToQuery($postdata);
 
 
-		$query = $this->db->query($sql);
+		$query = $this->db->query($sql,$bindings);
 
 		return $query->result();
 	}
@@ -396,6 +420,7 @@ class DXCC extends CI_Model {
 	}
 
 	function getSummaryByBand($band, $postdata, $location_list) {
+		$bindings=[];
 		$sql = "SELECT count(distinct thcv.col_dxcc) as count FROM " . $this->config->item('table_name') . " thcv";
 		$sql .= " LEFT JOIN satellite on thcv.COL_SAT_NAME = satellite.name";
 		$sql .= " join dxcc_entities d on thcv.col_dxcc = d.adif";
@@ -405,7 +430,8 @@ class DXCC extends CI_Model {
 		if ($band == 'SAT') {
 			$sql .= " and thcv.col_prop_mode ='" . $band . "'";
 			if ($band != 'All' && $postdata['sat'] != 'All') {
-				$sql .= " and col_sat_name ='" . $postdata['sat'] . "'";
+				$sql .= " and col_sat_name = ?";
+				$bindings[]=$postdata['sat'];
 			}
 		} else if ($band == 'All') {
 			$this->load->model('bands');
@@ -418,11 +444,14 @@ class DXCC extends CI_Model {
 				" and thcv.col_prop_mode !='SAT'";
 		} else {
 			$sql .= " and thcv.col_prop_mode !='SAT'";
-			$sql .= " and thcv.col_band ='" . $band . "'";
+			$sql .= " and thcv.col_band = ?";
+			$bindings[]=$band;
 		}
 
 		if ($postdata['mode'] != 'All') {
-			$sql .= " and (col_mode = '" . $postdata['mode'] . "' or col_submode = '" . $postdata['mode'] . "')";
+			$sql .= " and (col_mode = ? or col_submode = ?)";
+			$bindings[]=$postdata['mode'];
+			$bindings[]=$postdata['mode'];
 		}
 
 		if ($postdata['includedeleted'] == NULL) {
@@ -431,24 +460,26 @@ class DXCC extends CI_Model {
 
 		$sql .= $this->addContinentsToQuery($postdata);
 
-		$sql .= $this->addOrbitToQuery($postdata);
+		$sql .= $this->addOrbitToQuery($postdata,$bindings);
 
-		$query = $this->db->query($sql);
+		$query = $this->db->query($sql,$bindings);
 
 		return $query->result();
 	}
 
 	// Adds orbit type to query
-	function addOrbitToQuery($postdata) {
+	function addOrbitToQuery($postdata,&$binding) {
 		$sql = '';
 		if ($postdata['orbit'] != 'All') {
-			$sql .= ' AND satellite.orbit = \''.$postdata['orbit'].'\'';
+			$sql .= ' AND satellite.orbit = ?';
+			$binding[]=$postdata['orbit'];
 		}
 
 		return $sql;
 	}
 
 	function getSummaryByBandConfirmed($band, $postdata, $location_list) {
+		$bindings=[];
 		$sql = "SELECT count(distinct thcv.col_dxcc) as count FROM " . $this->config->item('table_name') . " thcv";
 		$sql .= " LEFT JOIN satellite on thcv.COL_SAT_NAME = satellite.name";
 		$sql .= " join dxcc_entities d on thcv.col_dxcc = d.adif";
@@ -456,9 +487,11 @@ class DXCC extends CI_Model {
 		$sql .= " where station_id in (" . $location_list . ")";
 
 		if ($band == 'SAT') {
-			$sql .= " and thcv.col_prop_mode ='" . $band . "'";
+			$sql .= " and thcv.col_prop_mode = ?";
+			$bindings[]=$band;
 			if ($postdata['sat'] != 'All') {
-				$sql .= " and col_sat_name ='" . $postdata['sat'] . "'";
+				$sql .= " and col_sat_name = ?";
+				$bindings[]=$postdata['sat'];
 			}
 		} else if ($band == 'All') {
 			$this->load->model('bands');
@@ -471,16 +504,19 @@ class DXCC extends CI_Model {
 				" and thcv.col_prop_mode !='SAT'";
 		} else {
 			$sql .= " and thcv.col_prop_mode !='SAT'";
-			$sql .= " and thcv.col_band ='" . $band . "'";
+			$sql .= " and thcv.col_band = ?";
+			$bindings[]=$band;
 		}
 
 		if ($postdata['mode'] != 'All') {
-			$sql .= " and (col_mode = '" . $postdata['mode'] . "' or col_submode = '" . $postdata['mode'] . "')";
+			$sql .= " and (col_mode = ? or col_submode = ?)";
+			$bindings[]=$postdata['mode'];
+			$bindings[]=$postdata['mode'];
 		}
 
 		$sql .= $this->genfunctions->addQslToQuery($postdata);
 
-		$sql .= $this->addOrbitToQuery($postdata);
+		$sql .= $this->addOrbitToQuery($postdata,$bindings);
 
 
 		if ($postdata['includedeleted'] == NULL) {
@@ -489,19 +525,20 @@ class DXCC extends CI_Model {
 
 		$sql .= $this->addContinentsToQuery($postdata);
 
-		$query = $this->db->query($sql);
+		$query = $this->db->query($sql,$bindings);
 
 		return $query->result();
 	}
 
 	function lookup_country($country) {
+		$bindings=[];
 		$query = $this->db->query('
 					SELECT *
 					FROM dxcc_entities
-					WHERE name = "'.$country.'"
+					WHERE name = ?
 					ORDER BY LENGTH( prefix ) DESC
 					LIMIT 1
-				');
+				',array($country));
 
 		return $query->row();
 	}