add IP as parameter

5a74acfa · Daniel Ruf · Scott · 0847a500 · 5a74acfa · 5a74acfa
Commit 5a74acfa authored Feb 11, 2016 by Daniel Ruf Committed by Scott Feb 22, 2016
9 changed files
--- a/qa-include/db/admin.php
+++ b/qa-include/db/admin.php
@@ -159,7 +159,8 @@
 */
 	{
 		return qa_db_read_all_values(qa_db_query_sub(
-			"SELECT postid FROM ^posts WHERE createip=".inet_pton($ip)." AND type IN ('Q', 'A', 'C', 'Q_QUEUED', 'A_QUEUED', 'C_QUEUED')"
+			"SELECT postid FROM ^posts WHERE createip=$ AND type IN ('Q', 'A', 'C', 'Q_QUEUED', 'A_QUEUED', 'C_QUEUED')",
+			inet_pton($ip)
 		));
 	}

--- a/qa-include/db/blobs.php
+++ b/qa-include/db/blobs.php
@@ -40,8 +40,8 @@
 				continue;
 			qa_db_query_sub(
-				'INSERT INTO ^blobs (blobid, format, content, filename, userid, cookieid, createip, created) VALUES (#, $, $, $, $, #, '.inet_pton($ip).', NOW())',
+				'INSERT INTO ^blobs (blobid, format, content, filename, userid, cookieid, createip, created) VALUES (#, $, $, $, $, #, $, NOW())',
-				$blobid, $format, $content, $sourcefilename, $userid, $cookieid
+				$blobid, $format, $content, $sourcefilename, $userid, $cookieid, inet_pton($ip)
 			);
 			return $blobid;

--- a/qa-include/db/cookies.php
+++ b/qa-include/db/cookies.php
@@ -39,8 +39,8 @@
 			qa_db_query_sub(
 				'INSERT INTO ^cookies (cookieid, created, createip) '.
-					'VALUES (#, NOW(), '.inet_pton($ipaddress).')',
+					'VALUES (#, NOW(), $)',
-				$cookieid
+				$cookieid, inet_pton($ipaddress)
 			);
 			return $cookieid;
@@ -56,8 +56,8 @@
 */
 	{
 		qa_db_query_sub(
-			'UPDATE ^cookies SET written=NOW(), writeip='.inet_pton($ipaddress).' WHERE cookieid=#',
+			'UPDATE ^cookies SET written=NOW(), writeip=$ WHERE cookieid=#',
-			$cookieid
+			inet_pton($ipaddress), $cookieid
 		);
 	}

--- a/qa-include/db/hotness.php
+++ b/qa-include/db/hotness.php
@@ -44,7 +44,7 @@
 				'(a.acount+0.0)*# + '.
 				'(a.netvotes+0.0)*# + '.
 				'(a.views+0.0+#)*#'.
-			')'.($viewincrement ? ', x.views=x.views+1, x.lastviewip='.inet_pton(qa_remote_ip_address()) : '').' WHERE x.postid=a.postid';
+			')'.($viewincrement ? ', x.views=x.views+1, x.lastviewip=$' : '').' WHERE x.postid=a.postid';
 			//	Additional multiples based on empirical analysis of activity on Q2A meta site to give approx equal influence for all factors
@@ -59,6 +59,9 @@
 				qa_opt('hot_weight_views')*4000,
 			);
+			if ($viewincrement)
+				$arguments[]=inet_pton(qa_remote_ip_address());
 			 qa_db_query_raw(qa_db_apply_sub($query, $arguments));
 		}
 	}

--- a/qa-include/db/limits.php
+++ b/qa-include/db/limits.php
@@ -42,7 +42,8 @@
 		}
 		if (isset($ip)) {
-			$selects[]="(SELECT 'ip' AS limitkey, period, count FROM ^iplimits WHERE ip=".inet_pton($ip)." AND action=$)";
+			$selects[]="(SELECT 'ip' AS limitkey, period, count FROM ^iplimits WHERE ip=$ AND action=$)";
+			$arguments[]=inet_pton($ip);
 			$arguments[]=$action;
 		}
@@ -74,9 +75,9 @@
 */
 	{
 		qa_db_query_sub(
-			'INSERT INTO ^iplimits (ip, action, period, count) VALUES ('.inet_pton($ip).', $, #, #) '.
+			'INSERT INTO ^iplimits (ip, action, period, count) VALUES ($, $, #, #) '.
 			'ON DUPLICATE KEY UPDATE count=IF(period=#, count+#, #), period=#',
-			$action, $period, $count, $period, $count, $count, $period
+			inet_pton($ip), $action, $period, $count, $period, $count, $count, $period
 		);
 	}

--- a/qa-include/db/post-create.php
+++ b/qa-include/db/post-create.php
@@ -33,8 +33,8 @@
 	{
 		qa_db_query_sub(
 			'INSERT INTO ^posts (categoryid, type, parentid, userid, cookieid, createip, title, content, format, tags, notify, name, created) '.
-			'VALUES (#, $, #, $, #, '.inet_pton($ip).', $, $, $, $, $, $, NOW())',
+			'VALUES (#, $, #, $, #, $, $, $, $, $, $, $, NOW())',
-			$categoryid, $type, $parentid, $userid, $cookieid, $title, $content, $format, $tagstring, $notify, $name
+			$categoryid, $type, $parentid, $userid, $cookieid, inet_pton($ip), $title, $content, $format, $tagstring, $notify, $name
 		);
 		return qa_db_last_insert_id();

--- a/qa-include/db/post-update.php
+++ b/qa-include/db/post-update.php
@@ -48,8 +48,8 @@
 		if (isset($selchildid) && isset($lastuserid) && isset($lastip))
 			qa_db_query_sub(
-				"UPDATE ^posts SET updated=NOW(), updatetype=$, lastuserid=$, lastip=".inet_pton($lastip)." WHERE postid=#",
+				"UPDATE ^posts SET updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#",
-				QA_UPDATE_SELECTED, $lastuserid, $selchildid
+				QA_UPDATE_SELECTED, $lastuserid, inet_pton($lastip), $selchildid
 			);
 	}
@@ -62,8 +62,8 @@
 	{
 		if (isset($lastuserid) || isset($lastip)) {
 			qa_db_query_sub(
-				"UPDATE ^posts SET closedbyid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=".inet_pton($lastip)." WHERE postid=#",
+				"UPDATE ^posts SET closedbyid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#",
-				$closedbyid, QA_UPDATE_CLOSED, $lastuserid, $questionid
+				$closedbyid, QA_UPDATE_CLOSED, $lastuserid, inet_pton($lastip), $questionid
 			);
 		} else
 			qa_db_query_sub(
@@ -80,8 +80,8 @@
 	{
 		if (isset($lastuserid) || isset($lastip)) {
 			qa_db_query_sub(
-				'UPDATE ^posts SET type=$, updated=NOW(), updatetype=$, lastuserid=$, lastip='.inet_pton($lastip).' WHERE postid=#',
+				'UPDATE ^posts SET type=$, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#',
-				$type, $updatetype, $lastuserid, $postid
+				$type, $updatetype, $lastuserid, inet_pton($lastip), $postid
 			);
 		} else
 			qa_db_query_sub(
@@ -98,8 +98,8 @@
 	{
 		if (isset($lastuserid) || isset($lastip))
 			qa_db_query_sub(
-				"UPDATE ^posts SET parentid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=".inet_pton($lastip)." WHERE postid=#",
+				"UPDATE ^posts SET parentid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#",
-				$parentid, QA_UPDATE_PARENT, $lastuserid, $postid
+				$parentid, QA_UPDATE_PARENT, $lastuserid, inet_pton($lastip), $postid
 			);
 		else
 			qa_db_query_sub(
@@ -118,8 +118,8 @@
 	{
 		if (isset($lastuserid) || isset($lastip)) // use COALESCE() for name since $name=null means it should not be modified (for backwards compatibility)
 			qa_db_query_sub(
-				'UPDATE ^posts SET title=$, content=$, format=$, tags=$, name=COALESCE($, name), notify=$, updated=NOW(), updatetype=$, lastuserid=$, lastip='.inet_pton($lastip).' WHERE postid=#',
+				'UPDATE ^posts SET title=$, content=$, format=$, tags=$, name=COALESCE($, name), notify=$, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#',
-				$title, $content, $format, $tagstring, $name, $notify, $updatetype, $lastuserid, $postid
+				$title, $content, $format, $tagstring, $name, $notify, $updatetype, $lastuserid, inet_pton($lastip), $postid
 			);
 		else
 			qa_db_query_sub(
@@ -148,8 +148,8 @@
 	{
 		if (isset($lastuserid) || isset($lastip))
 			qa_db_query_sub(
-				"UPDATE ^posts SET categoryid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=".inet_pton($lastip)." WHERE postid=#",
+				"UPDATE ^posts SET categoryid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#",
-				$categoryid, QA_UPDATE_CATEGORY, $lastuserid, $postid
+				$categoryid, QA_UPDATE_CATEGORY, $lastuserid, inet_pton($lastip), $postid
 			);
 		else
 			qa_db_query_sub(

--- a/qa-include/db/selects.php
+++ b/qa-include/db/selects.php
@@ -323,9 +323,12 @@
 		$selectspec['source'].=" JOIN (SELECT postid FROM ^posts WHERE ".
 			qa_db_categoryslugs_sql_args($categoryslugs, $selectspec['arguments']).
-			(isset($createip) ? "createip=".inet_pton($createip)." AND " : "").
+			(isset($createip) ? "createip=$ AND " : "").
 			"type=$ ".$sortsql." LIMIT #,#) y ON ^posts.postid=y.postid";
+		if (isset($createip))
+			$selectspec['arguments'][]=inet_pton($createip);
 		array_push($selectspec['arguments'], $type, $start, $count);
 		$selectspec['sortdesc']=$sort;
@@ -403,10 +406,13 @@
 			" LEFT JOIN ^userpoints AS auserpoints ON aposts.userid=auserpoints.userid".
 			" JOIN (SELECT postid FROM ^posts WHERE ".
 			qa_db_categoryslugs_sql_args($categoryslugs, $selectspec['arguments']).
-			(isset($createip) ? "createip=".inet_pton($createip)." AND " : "").
+			(isset($createip) ? "createip=$ AND " : "").
 			"type=$ ORDER BY ^posts.created DESC LIMIT #,#) y ON aposts.postid=y.postid".
 			($specialtype ? '' : " WHERE ^posts.type='Q'");
+		if (isset($createip))
+			$selectspec['arguments'][]=inet_pton($createip);
 		array_push($selectspec['arguments'], $type, $start, $count);
 		$selectspec['sortdesc']='otime';
@@ -443,10 +449,13 @@
 			" LEFT JOIN ^userpoints AS cuserpoints ON cposts.userid=cuserpoints.userid".
 			" JOIN (SELECT postid FROM ^posts WHERE ".
 			qa_db_categoryslugs_sql_args($categoryslugs, $selectspec['arguments']).
-			(isset($createip) ? "createip=".inet_pton($createip)." AND " : "").
+			(isset($createip) ? "createip=$ AND " : "").
 			"type=$ ORDER BY ^posts.created DESC LIMIT #,#) y ON cposts.postid=y.postid".
 			($specialtype ? '' : " WHERE ^posts.type='Q' AND ((parentposts.type='Q') OR (parentposts.type='A'))");
+		if (isset($createip))
+			$selectspec['arguments'][]=inet_pton($createip);
 		array_push($selectspec['arguments'], $type, $start, $count);
 		$selectspec['sortdesc']='otime';
@@ -478,11 +487,14 @@
 			" LEFT JOIN ^userpoints AS edituserpoints ON editposts.lastuserid=edituserpoints.userid".
 			" JOIN (SELECT postid FROM ^posts WHERE ".
 			qa_db_categoryslugs_sql_args($categoryslugs, $selectspec['arguments']).
-			(isset($lastip) ? "lastip=".inet_pton($lastip)." AND " : "").
+			(isset($lastip) ? "lastip=$ AND " : "").
 			($onlyvisible ? "type IN ('Q', 'A', 'C')" : "1").
 			" ORDER BY ^posts.updated DESC LIMIT #,#) y ON editposts.postid=y.postid".
 			($onlyvisible ? " WHERE parentposts.type IN ('Q', 'A', 'C') AND ^posts.type IN ('Q', 'A', 'C')" : "");
+		if (isset($lastip))
+			$selectspec['arguments'][]=inet_pton($lastip);
 		array_push($selectspec['arguments'], $start, $count);
 		$selectspec['sortdesc']='otime';
@@ -1666,7 +1678,8 @@
 	{
 		return array(
 			'columns' => array('action', 'period', 'count'),
-			'source' => '^iplimits WHERE ip='.inet_pton($ip),
+			'source' => '^iplimits WHERE ip=$',
+			'arguments' => array(inet_pton($ip)),
 			'arraykey' => 'action',
 		);
 	}

--- a/qa-include/db/users.php
+++ b/qa-include/db/users.php
@@ -47,16 +47,16 @@
 		if (QA_PASSWORD_HASH) {
 			qa_db_query_sub(
 				'INSERT INTO ^users (created, createip, email, passhash, level, handle, loggedin, loginip) '.
-				'VALUES (NOW(), '.inet_pton($ip).', $, $, #, $, NOW(), '.inet_pton($ip).')',
+				'VALUES (NOW(), $, $, $, #, $, NOW(), $)',
-				$email, isset($password) ? password_hash($password, PASSWORD_BCRYPT) : null, (int)$level, $handle
+				inet_pton($ip), $email, isset($password) ? password_hash($password, PASSWORD_BCRYPT) : null, (int)$level, $handle, inet_pton($ip)
 			);
 		} else {
 			$salt = isset($password) ? qa_random_alphanum(16) : null;
 			qa_db_query_sub(
 				'INSERT INTO ^users (created, createip, email, passsalt, passcheck, level, handle, loggedin, loginip) '.
-				'VALUES (NOW(), '.inet_pton($ip).', 0), $, $, UNHEX($), #, $, NOW(), '.inet_pton($ip).')',
+				'VALUES (NOW(), $, $, $, UNHEX($), #, $, NOW(), $)',
-				$email, $salt, isset($password) ? qa_db_calc_passcheck($password, $salt) : null, (int)$level, $handle
+				inet_pton($ip), $email, $salt, isset($password) ? qa_db_calc_passcheck($password, $salt) : null, (int)$level, $handle, inet_pton($ip)
 			);
 		}
@@ -236,8 +236,8 @@
 */
 	{
 		qa_db_query_sub(
-			'UPDATE ^users SET loggedin=NOW(), loginip='.inet_pton($ip).' WHERE userid=$',
+			'UPDATE ^users SET loggedin=NOW(), loginip=$ WHERE userid=$',
-			$userid
+			inet_pton($ip), $userid
 		);
 	}
@@ -248,8 +248,8 @@
 */
 	{
 		qa_db_query_sub(
-			'UPDATE ^users SET written=NOW(), writeip='.inet_pton($ip).' WHERE userid=$',
+			'UPDATE ^users SET written=NOW(), writeip=$ WHERE userid=$',
-			$userid
+			inet_pton($ip), $userid
 		);
 	}