--- a/include/db/stop-dao.inc.php +++ b/include/db/stop-dao.inc.php @@ -2,21 +2,23 @@ function getStop($stopID) { global $conn; - $query = "Select * from stops where stop_id = '$stopID' LIMIT 1"; + $query = "Select * from stops where stop_id = :stopID LIMIT 1"; debug($query, "database"); - $result = pg_query($conn, $query); - if (!$result) { - databaseError(pg_result_error($result)); + $query = $conn->prepare($query); + $query->bindParam(":stopID", $stopID); + $query->execute(); + if (!$query) { + databaseError($conn->errorInfo()); return Array(); } - return pg_fetch_assoc($result); + return $query->fetch(PDO::FETCH_ASSOC); } function getStops($timingPointsOnly = false, $firstLetter = "") { global $conn; $conditions = Array(); if ($timingPointsOnly) $conditions[] = "substr(stop_code,1,2) != 'Wj'"; - if ($firstLetter != "") $conditions[] = "substr(stop_name,1,1) = '$firstLetter'"; + if ($firstLetter != "") $conditions[] = "substr(stop_name,1,1) = :firstLetter"; $query = "Select * from stops"; if (sizeof($conditions) > 0) { if (sizeof($conditions) > 1) { @@ -27,41 +29,48 @@ } } $query.= " order by stop_name;"; - debug($query, "database"); - $result = pg_query($conn, $query); - if (!$result) { - databaseError(pg_result_error($result)); + $query = $conn->prepare($query); + $query->bindParam(":firstLetter", $firstLetter); + $query->execute(); + if (!$query) { + databaseError($conn->errorInfo()); return Array(); } - return pg_fetch_all($result); + return $query->fetchAll(); } function getNearbyStops($lat, $lng, $limit = "", $distance = 1000) { if ($lat == null || $lng == null) return Array(); - if ($limit != "") $limit = " LIMIT $limit "; + if ($limit != "") $limitSQL = " LIMIT :limit "; global $conn; $query = "Select *, ST_Distance(position, ST_GeographyFromText('SRID=4326;POINT($lng $lat)'), FALSE) as distance - from stops WHERE ST_DWithin(position, ST_GeographyFromText('SRID=4326;POINT($lng $lat)'), $distance, FALSE) - order by distance $limit;"; + from stops WHERE ST_DWithin(position, ST_GeographyFromText('SRID=4326;POINT($lng $lat)'), :distance, FALSE) + order by distance $limitSQL;"; debug($query, "database"); - $result = pg_query($conn, $query); - if (!$result) { - databaseError(pg_result_error($result)); + $query = $conn->prepare($query); + $query->bindParam(":distance", $distance); + $query->bindParam(":limit", $limit); + $query->execute(); + if (!$query) { + databaseError($conn->errorInfo()); return Array(); } - return pg_fetch_all($result); + return $query->fetchAll(); } function getStopsBySuburb($suburb) { global $conn; - $query = "Select * from stops where zone_id LIKE '%$suburb;%' order by stop_name;"; + $query = "Select * from stops where zone_id LIKE :suburb order by stop_name;"; debug($query, "database"); - $result = pg_query($conn, $query); - if (!$result) { - databaseError(pg_result_error($result)); + $query = $conn->prepare($query); + $suburb = "%" . $suburb . ";%"; + $query->bindParam(":suburb", $suburb); + $query->execute(); + if (!$query) { + databaseError($conn->errorInfo()); return Array(); } - return pg_fetch_all($result); + return $query->fetchAll(); } function getStopRoutes($stopID, $service_period) { @@ -69,19 +78,21 @@ global $conn; $query = "SELECT service_id,trips.route_id,route_short_name,route_long_name FROM stop_times join trips on trips.trip_id = -stop_times.trip_id join routes on trips.route_id = routes.route_id WHERE stop_id = '$stopID' AND service_id='$service_period'"; +stop_times.trip_id join routes on trips.route_id = routes.route_id WHERE stop_id = :stopID AND service_id=:service_period"; debug($query, "database"); - $result = pg_query($conn, $query); - if (!$result) { - databaseError(pg_result_error($result)); + $query = $conn->prepare($query); + $query->bindParam(":service_period", $service_period); + $query->bindParam(":stopID", $stopID); + $query->execute(); + if (!$query) { + databaseError($conn->errorInfo()); return Array(); } - return pg_fetch_all($result); + return $query->fetchAll(); } function getStopTrips($stopID, $service_period = "", $afterTime = "") { if ($service_period == "") $service_period = service_period(); - $afterCondition = "AND arrival_time > '$afterTime'"; global $conn; if ($afterTime != "") { $query = " SELECT stop_times.trip_id,stop_times.arrival_time,stop_times.stop_id,stop_sequence,service_id,trips.route_id,route_short_name,route_long_name, end_times.arrival_time as end_time @@ -90,10 +101,10 @@ stop_times.trip_id join routes on trips.route_id = routes.route_id , (SELECT trip_id,max(arrival_time) as arrival_time from stop_times WHERE stop_times.arrival_time IS NOT NULL group by trip_id) as end_times -WHERE stop_times.stop_id = '$stopID' +WHERE stop_times.stop_id = :stopID AND stop_times.trip_id = end_times.trip_id -AND service_id='$service_period' -AND end_times.arrival_time > '$afterTime' +AND service_id=:service_period +AND end_times.arrival_time > :afterTime ORDER BY end_time"; } else { @@ -102,17 +113,21 @@ join trips on trips.trip_id = stop_times.trip_id join routes on trips.route_id = routes.route_id -WHERE stop_times.stop_id = '$stopID' -AND service_id='$service_period' +WHERE stop_times.stop_id = :stopID +AND service_id=:service_period ORDER BY arrival_time"; } debug($query, "database"); - $result = pg_query($conn, $query); - if (!$result) { - databaseError(pg_result_error($result)); + $query = $conn->prepare($query); + $query->bindParam(":service_period", $service_period); + $query->bindParam(":stopID", $stopID); + if ($afterTime != "") $query->bindParam(":afterTime", $afterTime); + $query->execute(); + if (!$query) { + databaseError($conn->errorInfo()); return Array(); } - return pg_fetch_all($result); + return $query->fetchAll(); } function getStopTripsWithTimes($stopID, $time = "", $service_period = "", $time_range = "", $limit = "") {