Issues in banner.php (develop) - Issues in develop - Nickbur/Sunrise-CMS - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2407)

administration/model/design/banner.php (10 issues)

Labels

Severity

<?php

/* 	Divine CMS - Open source CMS for widespread use.
    Copyright (c) 2019 Mykola Burakov ([email protected])

    See SOURCE.txt for other and additional information.

    This file is part of Divine CMS.

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program. If not, see <http://www.gnu.org/licenses/>. */

class ModelDesignBanner extends \Divine\Engine\Core\Model
namespace YourVendor;

class YourClass { }
{
    public function addBanner($data)

    {
        $this->db->query("
			INSERT INTO banner 
			SET name = '" . $this->db->escape($data['name']) . "', 
				status = '" . (int)$data['status'] . "'
		");

        $banner_id = $this->db->getLastId();

        if (isset($data['banner_image'])) {
            foreach ($data['banner_image'] as $language_id => $value) {
                foreach ($value as $banner_image) {
                    $this->db->query("
						INSERT INTO banner_image 
						SET banner_id = '" . (int)$banner_id . "', 
							language_id = '" . (int)$language_id . "', 
							title = '" .  $this->db->escape($banner_image['title']) . "', 
							link = '" .  $this->db->escape($banner_image['link']) . "', 
							image = '" .  $this->db->escape($banner_image['image']) . "', 
							sort_order = '" .  (int)$banner_image['sort_order'] . "'
					");
                }
            }
        }

        return $banner_id;
    }

    public function editBanner($banner_id, $data)
    {
        $this->db->query("
			UPDATE banner 
			SET name = '" . $this->db->escape($data['name']) . "', 
				status = '" . (int)$data['status'] . "' 
			WHERE banner_id = '" . (int)$banner_id . "'
		");

        $this->db->query("
			DELETE 
			FROM banner_image 
			WHERE banner_id = '" . (int)$banner_id . "'
		");

        if (isset($data['banner_image'])) {
            foreach ($data['banner_image'] as $language_id => $value) {
                foreach ($value as $banner_image) {
                    $this->db->query("
						INSERT INTO banner_image 
						SET banner_id = '" . (int)$banner_id . "', 
							language_id = '" . (int)$language_id . "', 
							title = '" .  $this->db->escape($banner_image['title']) . "', 
							link = '" .  $this->db->escape($banner_image['link']) . "', 
							image = '" .  $this->db->escape($banner_image['image']) . "', 
							sort_order = '" . (int)$banner_image['sort_order'] . "'
					");
                }
            }
        }
    }

    public function deleteBanner($banner_id)
    {
        $this->db->query("
			DELETE 
			FROM banner 
			WHERE banner_id = '" . (int)$banner_id . "'
		");
        $this->db->query("
			DELETE 
			FROM banner_image 
			WHERE banner_id = '" . (int)$banner_id . "'
		");
    }

    public function getBanner($banner_id)
    {
        $query = $this->db->query("
			SELECT DISTINCT * 
			FROM banner 
			WHERE banner_id = '" . (int)$banner_id . "'
		");

        return $query->row;
    }

    public function getBanners($data = array())
    {
        $sql = "
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
			SELECT * 
			FROM banner
		";

        $sort_data = array(
            'name',
            'status'
        );

        if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
            $sql .= " ORDER BY " . $data['sort'];
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
        } else {
            $sql .= " ORDER BY name";
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
        }

        if (isset($data['order']) && ($data['order'] == 'DESC')) {
            $sql .= " DESC";
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
        } else {
            $sql .= " ASC";
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
        }

        if (isset($data['start']) || isset($data['limit'])) {
            if ($data['start'] < 0) {
                $data['start'] = 0;
            }

            if ($data['limit'] < 1) {
                $data['limit'] = 20;
            }

            $sql .= " LIMIT " . (int)$data['start'] . "," . (int)$data['limit'];
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
        }

        $query = $this->db->query($sql);

        return $query->rows;
    }

    public function getBannerImages($banner_id)
    {
        $banner_image_data = array();

        $banner_image_query = $this->db->query("
			SELECT * 
			FROM banner_image 
			WHERE banner_id = '" . (int)$banner_id . "' 
			ORDER BY sort_order ASC
		");

        foreach ($banner_image_query->rows as $banner_image) {
            $banner_image_data[$banner_image['language_id']][] = array(
                'title'      => $banner_image['title'],
                'link'       => $banner_image['link'],
                'image'      => $banner_image['image'],
                'sort_order' => $banner_image['sort_order']
            );
        }

        return $banner_image_data;
    }

    public function getTotalBanners()
    {
        $query = $this->db->query("
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
			SELECT COUNT(*) AS total 
			FROM banner
		");

        return $query->row['total'];
    }
}


1			<?php
2
3			/* Divine CMS - Open source CMS for widespread use.
4			Copyright (c) 2019 Mykola Burakov ([email protected])
5
6			See SOURCE.txt for other and additional information.
7
8			This file is part of Divine CMS.
9
10			This program is free software: you can redistribute it and/or modify
11			it under the terms of the GNU General Public License as published by
12			the Free Software Foundation, either version 3 of the License, or
13			(at your option) any later version.
14
15			This program is distributed in the hope that it will be useful,
16			but WITHOUT ANY WARRANTY; without even the implied warranty of
17			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18			GNU General Public License for more details.
19
20			You should have received a copy of the GNU General Public License
21			along with this program. If not, see <http://www.gnu.org/licenses/>. */
22
23			class ModelDesignBanner extends \Divine\Engine\Core\Model
			0 ignored issues – show Coding Style Compatibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
24			{
25			public function addBanner($data)
			0 ignored issues – show Coding Style introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 2 blank lines before function; 0 found Loading history...
26			{
27			$this->db->query("
28			INSERT INTO banner
29			SET name = '" . $this->db->escape($data['name']) . "',
30			status = '" . (int)$data['status'] . "'
31			");
32
33			$banner_id = $this->db->getLastId();
34
35			if (isset($data['banner_image'])) {
36			foreach ($data['banner_image'] as $language_id => $value) {
37			foreach ($value as $banner_image) {
38			$this->db->query("
39			INSERT INTO banner_image
40			SET banner_id = '" . (int)$banner_id . "',
41			language_id = '" . (int)$language_id . "',
42			title = '" . $this->db->escape($banner_image['title']) . "',
43			link = '" . $this->db->escape($banner_image['link']) . "',
44			image = '" . $this->db->escape($banner_image['image']) . "',
45			sort_order = '" . (int)$banner_image['sort_order'] . "'
46			");
47			}
48			}
49			}
50
51			return $banner_id;
52			}
53
54			public function editBanner($banner_id, $data)
55			{
56			$this->db->query("
57			UPDATE banner
58			SET name = '" . $this->db->escape($data['name']) . "',
59			status = '" . (int)$data['status'] . "'
60			WHERE banner_id = '" . (int)$banner_id . "'
61			");
62
63			$this->db->query("
64			DELETE
65			FROM banner_image
66			WHERE banner_id = '" . (int)$banner_id . "'
67			");
68
69			if (isset($data['banner_image'])) {
70			foreach ($data['banner_image'] as $language_id => $value) {
71			foreach ($value as $banner_image) {
72			$this->db->query("
73			INSERT INTO banner_image
74			SET banner_id = '" . (int)$banner_id . "',
75			language_id = '" . (int)$language_id . "',
76			title = '" . $this->db->escape($banner_image['title']) . "',
77			link = '" . $this->db->escape($banner_image['link']) . "',
78			image = '" . $this->db->escape($banner_image['image']) . "',
79			sort_order = '" . (int)$banner_image['sort_order'] . "'
80			");
81			}
82			}
83			}
84			}
85
86			public function deleteBanner($banner_id)
87			{
88			$this->db->query("
89			DELETE
90			FROM banner
91			WHERE banner_id = '" . (int)$banner_id . "'
92			");
93			$this->db->query("
94			DELETE
95			FROM banner_image
96			WHERE banner_id = '" . (int)$banner_id . "'
97			");
98			}
99
100			public function getBanner($banner_id)
101			{
102			$query = $this->db->query("
103			SELECT DISTINCT *
104			FROM banner
105			WHERE banner_id = '" . (int)$banner_id . "'
106			");
107
108			return $query->row;
109			}
110
111			public function getBanners($data = array())
112			{
113			$sql = "
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `\n SELECT * \... FROM banner\n` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
114			SELECT *
115			FROM banner
116			";
117
118			$sort_data = array(
119			'name',
120			'status'
121			);
122
123			if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
124			$sql .= " ORDER BY " . $data['sort'];
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `ORDER BY` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
125			} else {
126			$sql .= " ORDER BY name";
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `ORDER BY name` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
127			}
128
129			if (isset($data['order']) && ($data['order'] == 'DESC')) {
130			$sql .= " DESC";
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `DESC` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
131			} else {
132			$sql .= " ASC";
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `ASC` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
133			}
134
135			if (isset($data['start']) \|\| isset($data['limit'])) {
136			if ($data['start'] < 0) {
137			$data['start'] = 0;
138			}
139
140			if ($data['limit'] < 1) {
141			$data['limit'] = 20;
142			}
143
144			$sql .= " LIMIT " . (int)$data['start'] . "," . (int)$data['limit'];
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `LIMIT` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history... Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `,` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
145			}
146
147			$query = $this->db->query($sql);
148
149			return $query->rows;
150			}
151
152			public function getBannerImages($banner_id)
153			{
154			$banner_image_data = array();
155
156			$banner_image_query = $this->db->query("
157			SELECT *
158			FROM banner_image
159			WHERE banner_id = '" . (int)$banner_id . "'
160			ORDER BY sort_order ASC
161			");
162
163			foreach ($banner_image_query->rows as $banner_image) {
164			$banner_image_data[$banner_image['language_id']][] = array(
165			'title' => $banner_image['title'],
166			'link' => $banner_image['link'],
167			'image' => $banner_image['image'],
168			'sort_order' => $banner_image['sort_order']
169			);
170			}
171
172			return $banner_image_data;
173			}
174
175			public function getTotalBanners()
176			{
177			$query = $this->db->query("
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `\n SELECT COU... FROM banner\n` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
178			SELECT COUNT(*) AS total
179			FROM banner
180			");
181
182			return $query->row['total'];
183			}
184			}
185

Nickbur / Sunrise-CMS

Issues (2407)

administration/model/design/banner.php (10 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like