Issues in benefit.php (develop) - Issues in develop - Nickbur/Sunrise-CMS - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2407)

administration/model/design/benefit.php (12 issues)

Labels

Severity

<?php

/* 	Divine CMS - Open source CMS for widespread use.
    Copyright (c) 2019 Mykola Burakov ([email protected])

    See SOURCE.txt for other and additional information.

    This file is part of Divine CMS.

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program. If not, see <http://www.gnu.org/licenses/>. */

class ModelDesignBenefit extends \Divine\Engine\Core\Model
namespace YourVendor;

class YourClass { }
{
    public function addBenefit($data)

    {
        $this->db->query("
			INSERT INTO benefit 
			SET name = '" . $this->db->escape($data['name']) . "', 
				link = '" . $data['link'] . "', 
				type = '" . (int)$data['type'] . "', 
				status = '" . (int)$data['status'] . "'
		");

        $benefit_id = $this->db->getLastId();

        if (isset($data['image'])) {
            $this->db->query("
				UPDATE benefit 
				SET image = '" . $this->db->escape(html_entity_decode($data['image'], ENT_QUOTES, 'UTF-8')) . "' 
				WHERE benefit_id = '" . (int)$benefit_id . "'
			");
        }
        
        foreach ($data['benefit_description'] as $language_id => $value) {
            $this->db->query("
				INSERT INTO benefit_description 
				SET benefit_id = '" . (int)$benefit_id . "', 
					language_id = '" . (int)$language_id . "', 
					description = '" . $this->db->escape($value['description']) . "'
			");
        }
    }

    public function editBenefit($benefit_id, $data)
    {
        $this->db->query("
			UPDATE benefit 
			SET name = '" . $this->db->escape($data['name']) . "', 
				link = '" . $data['link'] . "', 
				type = '" . (int)$data['type'] . "', 
				status = '" . (int)$data['status'] . "' 
			WHERE benefit_id = '" . (int)$benefit_id . "'
		");
    
        if (isset($data['image'])) {
            $this->db->query("
				UPDATE benefit 
				SET image = '" . $this->db->escape(html_entity_decode($data['image'], ENT_QUOTES, 'UTF-8')) . "' 
				WHERE benefit_id = '" . (int)$benefit_id . "'
			");
        }
        
        $this->db->query("
			DELETE 
			FROM benefit_description 
			WHERE benefit_id = '" . (int)$benefit_id . "'
		");
    
        foreach ($data['benefit_description'] as $language_id => $value) {
            $this->db->query("
				INSERT INTO benefit_description 
				SET benefit_id = '" . (int)$benefit_id . "', 
					language_id = '" . (int)$language_id . "', 
					description = '" . $this->db->escape($value['description']) . "'
			");
        }
    }

    public function deleteBenefit($benefit_id)
    {
        $this->db->query("
			DELETE 
			FROM benefit 
			WHERE benefit_id = '" . (int)$benefit_id . "'
		");
        $this->db->query("
			DELETE 
			FROM benefit_description 
			WHERE benefit_id = '" . (int)$benefit_id . "'
		");
    }

    public function getBenefit($benefit_id)
    {
        $query = $this->db->query("
			SELECT DISTINCT * 
			FROM benefit 
			WHERE benefit_id = '" . (int)$benefit_id . "'
		");

        return $query->row;
    }

    public function getBenefits($data = array())
    {
        $sql = "
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
			SELECT * 
			FROM benefit
		";

        $sort_data = array(
            'name',
            'status'
        );

        if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
            $sql .= " ORDER BY " . $data['sort'];
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
        } else {
            $sql .= " ORDER BY name";
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
        }

        if (isset($data['order']) && ($data['order'] == 'DESC')) {
            $sql .= " DESC";
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
        } else {
            $sql .= " ASC";
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
        }

        if (isset($data['start']) || isset($data['limit'])) {
            if ($data['start'] < 0) {
                $data['start'] = 0;
            }

            if ($data['limit'] < 1) {
                $data['limit'] = 20;
            }

            $sql .= " LIMIT " . (int)$data['start'] . "," . (int)$data['limit'];
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
        }

        $query = $this->db->query($sql);

        return $query->rows;
    }

    public function getProductBenefit($product_id)
    {
        $benefits = array();

        $query = $this->db->query("
			SELECT benefit_id, 
				position 
			FROM product_to_benefit 
			WHERE product_id = '" . (int)$product_id . "' 
			GROUP BY position
		");
        
        foreach ($query->rows as $benefit) {
            $benefits[$benefit['position']] = $benefit['benefit_id'];
        }

        return $benefits;
    }

    public function getTotalBenefits()
    {
        $query = $this->db->query("
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
			SELECT COUNT(*) AS total 
			FROM benefit
		");

        return $query->row['total'];
    }
    
    public function validateDelete($selected)
    {
        $query = $this->db->query("
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
			SELECT COUNT(*) AS total 
			FROM product_to_benefit 
			WHERE benefit_id IN (". $selected .")
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
		");

        return $query->row['total'];
    }
    
    
    public function getBenefitDescriptions($benefit_id)
    {
        $benefit_description_data = array();

        $query = $this->db->query("
			SELECT * 
			FROM benefit_description 
			WHERE benefit_id = '" . (int)$benefit_id . "'
		");

        foreach ($query->rows as $result) {
            $benefit_description_data[$result['language_id']] = array(
                'description'  => $result['description'],
            );
        }

        return $benefit_description_data;
    }
}


1			<?php
2
3			/* Divine CMS - Open source CMS for widespread use.
4			Copyright (c) 2019 Mykola Burakov ([email protected])
5
6			See SOURCE.txt for other and additional information.
7
8			This file is part of Divine CMS.
9
10			This program is free software: you can redistribute it and/or modify
11			it under the terms of the GNU General Public License as published by
12			the Free Software Foundation, either version 3 of the License, or
13			(at your option) any later version.
14
15			This program is distributed in the hope that it will be useful,
16			but WITHOUT ANY WARRANTY; without even the implied warranty of
17			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18			GNU General Public License for more details.
19
20			You should have received a copy of the GNU General Public License
21			along with this program. If not, see <http://www.gnu.org/licenses/>. */
22
23			class ModelDesignBenefit extends \Divine\Engine\Core\Model
			0 ignored issues – show Coding Style Compatibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
24			{
25			public function addBenefit($data)
			0 ignored issues – show Coding Style introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 2 blank lines before function; 0 found Loading history...
26			{
27			$this->db->query("
28			INSERT INTO benefit
29			SET name = '" . $this->db->escape($data['name']) . "',
30			link = '" . $data['link'] . "',
31			type = '" . (int)$data['type'] . "',
32			status = '" . (int)$data['status'] . "'
33			");
34
35			$benefit_id = $this->db->getLastId();
36
37			if (isset($data['image'])) {
38			$this->db->query("
39			UPDATE benefit
40			SET image = '" . $this->db->escape(html_entity_decode($data['image'], ENT_QUOTES, 'UTF-8')) . "'
41			WHERE benefit_id = '" . (int)$benefit_id . "'
42			");
43			}
44
45			foreach ($data['benefit_description'] as $language_id => $value) {
46			$this->db->query("
47			INSERT INTO benefit_description
48			SET benefit_id = '" . (int)$benefit_id . "',
49			language_id = '" . (int)$language_id . "',
50			description = '" . $this->db->escape($value['description']) . "'
51			");
52			}
53			}
54
55			public function editBenefit($benefit_id, $data)
56			{
57			$this->db->query("
58			UPDATE benefit
59			SET name = '" . $this->db->escape($data['name']) . "',
60			link = '" . $data['link'] . "',
61			type = '" . (int)$data['type'] . "',
62			status = '" . (int)$data['status'] . "'
63			WHERE benefit_id = '" . (int)$benefit_id . "'
64			");
65
66			if (isset($data['image'])) {
67			$this->db->query("
68			UPDATE benefit
69			SET image = '" . $this->db->escape(html_entity_decode($data['image'], ENT_QUOTES, 'UTF-8')) . "'
70			WHERE benefit_id = '" . (int)$benefit_id . "'
71			");
72			}
73
74			$this->db->query("
75			DELETE
76			FROM benefit_description
77			WHERE benefit_id = '" . (int)$benefit_id . "'
78			");
79
80			foreach ($data['benefit_description'] as $language_id => $value) {
81			$this->db->query("
82			INSERT INTO benefit_description
83			SET benefit_id = '" . (int)$benefit_id . "',
84			language_id = '" . (int)$language_id . "',
85			description = '" . $this->db->escape($value['description']) . "'
86			");
87			}
88			}
89
90			public function deleteBenefit($benefit_id)
91			{
92			$this->db->query("
93			DELETE
94			FROM benefit
95			WHERE benefit_id = '" . (int)$benefit_id . "'
96			");
97			$this->db->query("
98			DELETE
99			FROM benefit_description
100			WHERE benefit_id = '" . (int)$benefit_id . "'
101			");
102			}
103
104			public function getBenefit($benefit_id)
105			{
106			$query = $this->db->query("
107			SELECT DISTINCT *
108			FROM benefit
109			WHERE benefit_id = '" . (int)$benefit_id . "'
110			");
111
112			return $query->row;
113			}
114
115			public function getBenefits($data = array())
116			{
117			$sql = "
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `\n SELECT * \... FROM benefit\n` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
118			SELECT *
119			FROM benefit
120			";
121
122			$sort_data = array(
123			'name',
124			'status'
125			);
126
127			if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
128			$sql .= " ORDER BY " . $data['sort'];
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `ORDER BY` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
129			} else {
130			$sql .= " ORDER BY name";
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `ORDER BY name` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
131			}
132
133			if (isset($data['order']) && ($data['order'] == 'DESC')) {
134			$sql .= " DESC";
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `DESC` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
135			} else {
136			$sql .= " ASC";
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `ASC` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
137			}
138
139			if (isset($data['start']) \|\| isset($data['limit'])) {
140			if ($data['start'] < 0) {
141			$data['start'] = 0;
142			}
143
144			if ($data['limit'] < 1) {
145			$data['limit'] = 20;
146			}
147
148			$sql .= " LIMIT " . (int)$data['start'] . "," . (int)$data['limit'];
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `LIMIT` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history... Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `,` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
149			}
150
151			$query = $this->db->query($sql);
152
153			return $query->rows;
154			}
155
156			public function getProductBenefit($product_id)
157			{
158			$benefits = array();
159
160			$query = $this->db->query("
161			SELECT benefit_id,
162			position
163			FROM product_to_benefit
164			WHERE product_id = '" . (int)$product_id . "'
165			GROUP BY position
166			");
167
168			foreach ($query->rows as $benefit) {
169			$benefits[$benefit['position']] = $benefit['benefit_id'];
170			}
171
172			return $benefits;
173			}
174
175			public function getTotalBenefits()
176			{
177			$query = $this->db->query("
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `\n SELECT COU... FROM benefit\n` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
178			SELECT COUNT(*) AS total
179			FROM benefit
180			");
181
182			return $query->row['total'];
183			}
184
185			public function validateDelete($selected)
186			{
187			$query = $this->db->query("
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `\n SELECT COU... WHERE benefit_id IN (` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
188			SELECT COUNT(*) AS total
189			FROM product_to_benefit
190			WHERE benefit_id IN (". $selected .")
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `)\n` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
191			");
192
193			return $query->row['total'];
194			}
195
196
197			public function getBenefitDescriptions($benefit_id)
198			{
199			$benefit_description_data = array();
200
201			$query = $this->db->query("
202			SELECT *
203			FROM benefit_description
204			WHERE benefit_id = '" . (int)$benefit_id . "'
205			");
206
207			foreach ($query->rows as $result) {
208			$benefit_description_data[$result['language_id']] = array(
209			'description' => $result['description'],
210			);
211			}
212
213			return $benefit_description_data;
214			}
215			}
216

Nickbur / Sunrise-CMS

Issues (2407)

administration/model/design/benefit.php (12 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like