aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLiam McLoughlin <hexxeh@hexxeh.net>2011-07-27 20:29:49 +0100
committerLiam McLoughlin <hexxeh@hexxeh.net>2011-07-27 20:29:49 +0100
commit5099c71493abe193f23b7f0a7381e539bc67bb33 (patch)
tree7628542c989bace2895427d34959b5f3fcbd2150 /web/status.php
parentAdded disk size cap (diff)
downloadgentoaster-5099c71493abe193f23b7f0a7381e539bc67bb33.tar.gz
gentoaster-5099c71493abe193f23b7f0a7381e539bc67bb33.tar.bz2
gentoaster-5099c71493abe193f23b7f0a7381e539bc67bb33.zip
Moved to using mysqli and prepared statements
Diffstat (limited to 'web/status.php')
-rw-r--r--web/status.php61
1 files changed, 31 insertions, 30 deletions
diff --git a/web/status.php b/web/status.php
index 86e7e0e..719afe6 100644
--- a/web/status.php
+++ b/web/status.php
@@ -5,22 +5,24 @@
require_once "config.php";
- $buildID = $_GET["uuid"];
+ $buildID = filter_input(INPUT_GET, "uuid", FILTER_UNSAFE_RAW);
$buildresult = "Unknown!";
$inprogress = false;
$builddone = false;
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD);
- if (!$db) {
- die("Could not connect to database ".mysql_error()."\n");
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME,
+ MYSQL_PASSWORD, MYSQL_DATABASE);
+ if (mysqli_connect_errno()) {
+ die("Could not connect to database ".mysqli_connect_error());
}
- mysql_select_db(MYSQL_DATABASE);
- $query = "SELECT handle FROM builds ".
- "WHERE id = '".mysql_real_escape_string($buildID)."'";
- $result = mysql_query($query);
- if (mysql_num_rows($result) == 1) {
- $handles = mysql_fetch_array($result);
- $handle = $handles[0];
+
+ $stmt = $db->prepare("SELECT handle FROM builds WHERE id = ?");
+ $stmt->bind_param("s", $buildID);
+ $stmt->execute();
+ if ($stmt->num_rows == 1) {
+ $stmt->bind_result($handle);
+ $stmt->fetch();
+ $stmt->close();
$client = new GearmanClient();
$client->addServer();
@@ -35,13 +37,14 @@
$buildresult = "Task has not yet been processed";
}
} else {
- $cleanBuildID = mysql_real_escape_string($buildID);
- $query = "SELECT returncode, result FROM builds ".
- "WHERE id = '".$cleanBuildID."'";
- $result = mysql_query($query);
- $jobres = mysql_fetch_array($result);
- if ($jobres[0] !== null) {
- if ($jobres[0] == 0) {
+ $stmt = $db->prepare("SELECT returncode, result FROM builds WHERE id = ?");
+ $stmt->bind_param("s", $buildID);
+ $stmt->execute();
+ $stmt->bind_result($returncode, $result);
+ $stmt->fetch();
+ $stmt->close();
+ if ($returncode !== null) {
+ if ($returncode == 0) {
$buildresult = "Your build is complete! ".
"What would you like to do now?".
"<br /><br /><center>".
@@ -56,16 +59,24 @@
"</table></center>";
$builddone = true;
} else {
- $buildresult = "Job returned with code ".$jobres[0].": ".$jobres[1];
+ $buildresult = "Job returned with code ".$returncode.": ".$result;
}
} else {
$buildresult = "Job failed";
}
}
} else {
+ $stmt->close();
$buildresult = "Invalid handle hash";
}
+ $db->close();
+
+ if (!$builddone) {
+ $titleString = "How's things?";
+ } else {
+ $titleString = "It's showtime!";
+ }
?>
<html>
<head>
@@ -90,17 +101,7 @@
<div id="content">
<div id="main">
<div id="status" class="step">
- <?php
- if (!$builddone) {
- ?>
- <h1>How's things?</h1>
- <?php
- } else {
- ?>
- <h1>It's showtime!</h1>
- <?php
- }
- ?>
+ <h1><?php echo $titleString; ?></h1>
<p>
<?php echo $buildresult; ?>
<div id="progressbar"></div>