fixed sql query usage by PDO

SE/se-lib/Data_Source.php

@@ -630,19 +630,15 @@ class Data_Source {
 	 */
 	public function getItem($primaryKey, $params = []) {
 		$primaryKeyField = $this->getPrimaryKeyField();
-		$ret = null;
 		$sql_cols = $this->_getSqlCols();
-		$primaryKey = intval($primaryKey);// TODO: validate $primaryKey
-		$sql = "select {$sql_cols}
+		$item = DB::getPDO()->fetchFirst("
+			select {$sql_cols}
 			from `{$this->_tbl}` as t
-			where t.`{$primaryKeyField}`='{$primaryKey}'
-		";
-		// TODO: use PDO
-		$res = $this->getDB()->query($sql);
-		if ($r = $this->getDB()->fetch($res)) {
-			$ret = $r;
-		}
-		return $ret;
+			where t.`{$primaryKeyField}` = :pk
+		", [
+			':pk' => $primaryKey,
+		]);
+		return ($item) ? (object)$item : null;
 	}
 
 	function get_items($params = array()) {// TODO: RMME

SE/se-lib/Route/Msgs.php

@@ -316,25 +316,24 @@ SQL_QUERY;
 
 	public function getActiveMessagesForTableRecord($tblName, $id) {
 		if (empty($tblName)) return;
-		$db = DB::getDB();
-		$tblName = $db->_($tblName);
-
 		$usrLogin = User::getLogin();
-		$msgs = null;
-		$sql = "select m.*
+		$msgs = [];
+		$rawMsgs = DB::getPDO()->fetchAll("
+			select m.*
 			from `CRM_UI_MSGS` m
-			where m.`uiTargetType`='default_db_table_record'
-				and m.`uiTargetName`='{$tblName}.{$id}'
+			where m.`uiTargetType` = 'default_db_table_record'
+				and m.`uiTargetName` = :feature_id
 				and (m.`userTargetType` in('everyone')
-					or (m.`userTargetType`='user' and m.`userTargetName`='{$usrLogin}')
+					or (m.`userTargetType` = 'user' and m.`userTargetName` = '{$usrLogin}')
 					-- TODO: use group id
 				)
-				and m.`A_STATUS`='WAITING'
+				and m.`A_STATUS` = 'WAITING'
 			order by m.`ID` DESC
-		";
-		$db = DB::getDB();
-		$res = $db->query($sql);
-		while ($r = $db->fetch($res)) {
+		", [
+			':feature_id' => "{$tblName}.{$id}",
+		]);
+		foreach ($rawMsgs as $row) {
+			$r = (object)$row;
 			if ($msg = $this->parseMessage($r)) {
 				$msg['link'] = 'index.php?_route=Msgs&_task=run&_msgId=' . $r->ID;
 				$msg['linkType'] = 'ajax';

SE/se-lib/Route/TableMsgs.php

@@ -382,33 +382,30 @@ function tblMsgsLoadMoreRows(n) {
 				break;
 			default: throw new Exception("Unknown filter type");
 		}
-		$db = DB::getDB();
-		$tableName = $db->_($tableName);
-
 		if ($lastMsgId > 0) {
 			$sqlWhereAddFilter .= "\n  and m.`ID`<{$lastMsgId}";
 		}
 		$sqlLimit = $this->_listLimit + 1;
-		$sql = "select m.*
+		$rawMsgs = DB::getPDO()->fetchAllByKey("
+			select m.*
 			from `CRM_UI_MSGS` m
-			where m.`uiTargetType`='default_db_table_record'
-				and m.`uiTargetName`='{$tableName}.{$idRow}'
+			where m.`uiTargetType` = 'default_db_table_record'
+				and m.`uiTargetName` = :feature_id
 				{$sqlWhereAddFilter}
 			order by m.`ID` DESC
 			limit {$sqlLimit}
-		";
-		//DBG::_('DBG_MSGS', '>1', "sql", $sql, __CLASS__, __FUNCTION__, __LINE__);
-		$db = DB::getDB();
-		$res = $db->query($sql);
-		while ($r = $db->fetch($res)) {
-			$msg['message'] = $r->msg;
-			$msg['type'] = $r->msgType;
-			$msg['_raw'] = $r;
-			$msg['_read'] = ('WAITING' != $r->A_STATUS);
-			$msg['_readDate'] = $r->actionExecutedTime;
-			$msgsList[$r->ID] = $msg;
-		}
-		return $msgsList;
+		", 'ID', [
+			':feature_id' => "{$tableName}.{$idRow}"
+		]);
+		return array_map(function ($msg) {
+			return [
+				'message' => $msg['msg'],
+				'type' => $msg['msgType'],
+				'_raw' => (object)$msg,
+				'_read' => ('WAITING' != $msg['A_STATUS']),
+				'_readDate' => $msg['actionExecutedTime'],
+			];
+		}, $rawMsgs);
 	}
 
 	public function _validate($args) {