search

x2002uwh / moodle2-skillsoft-activity

Automatically exported from code.google.com/p/moodle2-skillsoft-activity
0 stars 0 forks source link

invalid use of DML - hard coded params in sql. #5

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
in locallib.php the following functions use variables in in-line sql instead of 
correct parameter usage.
function skillsoft_setFirstAccessDate()
function skillsoft_setCompletedDate() 
function skillsoft_setAccessCount()
function skillsoft_setFirstScore()
function skillsoft_setBestScore()

for example:
if ($track = $DB->get_record_select('skillsoft_au_track',"userid='$userid' AND 
skillsoftid='$skillsoftid' AND attempt='$attempt' AND 
element='[SUMMARY]firstaccess'")) {

$userid, $skillsoftid, $attempt should be passed as parameters instead of 
inline sql

like this(untested)
if ($track = $DB->get_record_select('skillsoft_au_track',"userid=? AND 
skillsoftid=? AND attempt=? AND element='[SUMMARY]firstaccess'", $params)) {

Original issue reported on code.google.com by Dan.Mars...@gmail.com on 19 Jun 2013 at 8:15

GoogleCodeExporter commented 8 years ago 
Fixed in dev branch
http://code.google.com/p/moodle2-skillsoft-activity/source/detail?r=106

Original comment by martinho...@googlemail.com on 19 Jun 2013 at 8:49

GoogleCodeExporter commented 8 years ago 
wow - that was really fast too - thanks Martin! - hope you're keeping well!

Original comment by Dan.Mars...@gmail.com on 19 Jun 2013 at 8:53