Skip to content

Commit a2fabca

Browse files
jmontoyaajmontoyaa
committed
Sepe plugin: Use Database::insert + add exape_string
1 parent 6a98e32 commit a2fabca

File tree

1 file changed

+87
-27
lines changed

1 file changed

+87
-27
lines changed

plugin/sepe/ws/Sepe.php

Lines changed: 87 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -246,6 +246,9 @@ public function crearAccion($crearAccionInput)
246246

247247
// Comprobamos si existen datos almacenados previamente
248248
$table = Database::get_main_table('plugin_sepe_actions');
249+
$actionOrigin = Database::escape_string($actionOrigin);
250+
$actionCode = Database::escape_string($actionCode);
251+
249252
$sql = "SELECT action_origin FROM $table
250253
WHERE action_origin='".$actionOrigin."' AND action_code='".$actionCode."';";
251254
$rs = Database::query($sql);
@@ -263,11 +266,29 @@ public function crearAccion($crearAccionInput)
263266
$startDate = self::fixDate($startDate);
264267
$endDate = self::fixDate($endDate);
265268

266-
$sql = "INSERT INTO $table (action_origin, action_code, situation, specialty_origin, professional_area, specialty_code, duration, start_date, end_date, full_itinerary_indicator, financing_type, attendees_count, action_name, global_info, schedule, requirements, contact_action)
267-
VALUES ('".$actionOrigin."','".$actionCode."','".$situation."','".$specialtyOrigin."','".$professionalArea."','".$specialtyCode."','".$duration."','".$startDate."','".$endDate."','".$fullItineraryIndicator."','".$financingType."','".$attendeesCount."','".$actionName."','".$globalInfo."','".$schedule."','".$requerements."','".$contactAction."')";
269+
$params = [
270+
'action_origin' => $actionOrigin,
271+
'action_code' => $actionCode,
272+
'situation' => $situation,
273+
'specialty_origin' => $specialtyOrigin,
274+
'professional_area' => $professionalArea,
275+
'specialty_code' => $specialtyCode,
276+
'duration' => $duration,
277+
'start_date' => $startDate,
278+
'end_date' => $endDate,
279+
'full_itinerary_indicator' =>$fullItineraryIndicator,
280+
'financing_type' => $financingType,
281+
'attendees_count' => $attendeesCount,
282+
'action_name' => $actionName,
283+
'global_info' => $globalInfo,
284+
'schedule' => $schedule,
285+
'requirements' => $requerements,
286+
'contact_actio' => $contactAction,
287+
];
268288

269-
$rs = Database::query($sql);
270-
if (!$rs) {
289+
$actionId = Database::insert( $table, $params);
290+
291+
if (!empty($actionId)) {
271292
return [
272293
"RESPUESTA_OBT_ACCION" => [
273294
"CODIGO_RETORNO" => "-1",
@@ -276,7 +297,6 @@ public function crearAccion($crearAccionInput)
276297
],
277298
];
278299
}
279-
$actionId = Database::insert_id();
280300

281301
// DATOS ESPECIALIDADES DE LA ACCION
282302
$table = Database::get_main_table('plugin_sepe_specialty');
@@ -397,7 +417,9 @@ public function crearAccion($crearAccionInput)
397417
foreach ($centroList as $centro) {
398418
$centerOrigin = $centro->ORIGEN_CENTRO;
399419
$centerCode = $centro->CODIGO_CENTRO;
400-
$sql = "SELECT id FROM $tableCenters
420+
$centerOrigin = Database::escape_string($centerOrigin);
421+
$centerCode = Database::escape_string($centerCode);
422+
$sql = "SELECT id FROM $tableCenters
401423
WHERE center_origin='".$centerOrigin."' AND center_code='".$centerCode."';";
402424
$res = Database::query($sql);
403425
if (Database::num_rows($res) > 0) {
@@ -446,18 +468,23 @@ public function crearAccion($crearAccionInput)
446468
$experienceTeleforming = $tutor->EXPERIENCIA_MODALIDAD_TELEFORMACION;
447469
$trainingTeleforming = $tutor->FORMACION_MODALIDAD_TELEFORMACION;
448470

471+
$documentType = Database::escape_string($documentType);
472+
$documentNumber = Database::escape_string($documentNumber);
473+
$documentLetter = Database::escape_string($documentLetter);
474+
449475
/* check tutor not exists */
450-
$sql = "SELECT id FROM $tableTutors WHERE
451-
document_type='".$documentType."' AND
452-
document_number='".$documentNumber."' AND
476+
$sql = "SELECT id FROM $tableTutors
477+
WHERE
478+
document_type='".$documentType."' AND
479+
document_number='".$documentNumber."' AND
453480
document_letter='".$documentLetter."';";
454481
$res = Database::query($sql);
455482
if (Database::num_rows($res) > 0) {
456483
$aux_row = Database::fetch_assoc($res);
457484
$tutorId = $aux_row['id'];
458485
} else {
459486
$sql = "INSERT INTO $tableTutors (document_type, document_number, document_letter)
460-
VALUES ('".$documentType."','".$documentNumber."','".$documentLetter."');";
487+
VALUES ('".$documentType."','".$documentNumber."','".$documentLetter."');";
461488
Database::query($sql);
462489
$tutorId = Database::insert_id();
463490
}
@@ -470,15 +497,24 @@ public function crearAccion($crearAccionInput)
470497
],
471498
];
472499
}
473-
$sql = "INSERT INTO $tableSpecialityTutors (specialty_id, tutor_id, tutor_accreditation, professional_experience, teaching_competence, experience_teleforming, training_teleforming)
474-
VALUES ('".$specialtyId."','".$tutorId."','".$tutorAccreditation."','".$professionalExperience."','".$teachingCompetence."','".$experienceTeleforming."','".$trainingTeleforming."');";
475-
Database::query($sql);
500+
501+
$params = [
502+
'specialty_id' => $specialtyId,
503+
'tutor_id' => $tutorId,
504+
'tutor_accreditation' => $tutorAccreditation,
505+
'professional_experience' => $professionalExperience,
506+
'teaching_competence' => $teachingCompetence,
507+
'experience_teleforming' => $experienceTeleforming,
508+
'training_teleforming' => $trainingTeleforming,
509+
];
510+
Database::insert($tableSpecialityTutors, $params);
476511
}
477512
}
478513
}
479514
}
480515
}
481516
}
517+
482518
// DATOS PARTICIPANTES
483519
$tableParticipants = Database::get_main_table('plugin_sepe_participants');
484520
$tableTutorsCompany = Database::get_main_table('plugin_sepe_tutors_company');
@@ -532,12 +568,15 @@ public function crearAccion($crearAccionInput)
532568
$documentNumberTraining = isset($participant->CONTRATO_FORMACION->ID_TUTOR_FORMACION->NUM_DOCUMENTO) ? $participant->CONTRATO_FORMACION->ID_TUTOR_FORMACION->NUM_DOCUMENTO : null;
533569
$documentLetterTraining = isset($participant->CONTRATO_FORMACION->ID_TUTOR_FORMACION->LETRA_NIF) ? $participant->CONTRATO_FORMACION->ID_TUTOR_FORMACION->LETRA_NIF : null;
534570
if (!empty($documentTypeTraining) || !empty($documentNumberTraining) || !empty($documentLetterTraining)) {
571+
$documentTypeTraining = Database::escape_string($documentTypeTraining);
572+
$documentNumberTraining = Database::escape_string($documentNumberTraining);
573+
$documentLetterTraining = Database::escape_string($documentLetterTraining);
535574
$tmp_f = Database::query(
536575
'
537-
SELECT id FROM '.$tableTutorsCompany.'
576+
SELECT id FROM '.$tableTutorsCompany.'
538577
WHERE
539-
document_type="'.$documentTypeTraining.'" AND
540-
document_number="'.$documentNumberTraining.'" AND
578+
document_type="'.$documentTypeTraining.'" AND
579+
document_number="'.$documentNumberTraining.'" AND
541580
document_letter="'.$documentLetterTraining.'";'
542581
);
543582
if (Database::num_rows($tmp_f) > 0) {
@@ -631,10 +670,24 @@ public function crearAccion($crearAccionInput)
631670
$endDate = self::fixDate($endDate);
632671

633672
$table_aux = Database::get_main_table('plugin_sepe_participants_specialty');
634-
$sql = "INSERT INTO $table_aux (participant_id,specialty_origin,professional_area,specialty_code,registration_date,leaving_date,center_origin,center_code,start_date,end_date,final_result,final_qualification,final_score)
635-
VALUES ('".$participantId."','".$specialtyOrigin."','".$professionalArea."','".$specialtyCode."','".$registrationDate."','".$leavingDate."','".$centerOrigin."','".$centerCode."','".$startDate."','".$endDate."','".$finalResult."','".$finalQualification."','".$finalScore."');";
636-
Database::query($sql);
637-
$participantSpecialtyId = Database::insert_id();
673+
674+
$params = [
675+
'participant_id' => $participantId,
676+
'specialty_origin' => $specialtyOrigin,
677+
'professional_area' => $professionalArea,
678+
'specialty_code' => $specialtyCode,
679+
'registration_date' => $registrationDate,
680+
'leaving_date' => $leavingDate,
681+
'center_origin' => $centerOrigin,
682+
'center_code' => $centerCode,
683+
'start_date' => $startDate,
684+
'end_date' => $endDate,
685+
'final_result' => $finalResult,
686+
'final_qualification' => $finalQualification,
687+
'final_score' => $finalScore,
688+
];
689+
690+
$participantSpecialtyId = Database::insert($table_aux, $params);
638691
if (empty($participantSpecialtyId)) {
639692
return [
640693
"RESPUESTA_OBT_ACCION" => [
@@ -661,10 +714,16 @@ public function crearAccion($crearAccionInput)
661714
$endDate = self::fixDate($endDate);
662715

663716
$table_aux2 = Database::get_main_table('plugin_sepe_participants_specialty_tutorials');
664-
$sql = "INSERT INTO $table_aux2 (participant_specialty_id,center_origin,center_code,start_date,end_date)
665-
VALUES ('".$participantSpecialtyId."','".$centerOrigin."','".$centerCode."','".$startDate."','".$endDate."');";
666-
$rs = Database::query($sql);
667-
if (!$rs) {
717+
$params = [
718+
'participant_specialty_id' => $participantSpecialtyId,
719+
'center_origin' => $centerOrigin,
720+
'center_code' =>$centerCode ,
721+
'start_date' => $startDate,
722+
'end_date' => $endDate,
723+
];
724+
$id = Database::insert($table_aux2, $params);
725+
726+
if (!empty($id)) {
668727
return [
669728
"RESPUESTA_OBT_ACCION" => [
670729
"CODIGO_RETORNO" => "-1",
@@ -685,9 +744,7 @@ public function crearAccion($crearAccionInput)
685744
$obtenerAccionInput->ID_ACCION->ORIGEN_ACCION = $actionOrigin;
686745
$obtenerAccionInput->ID_ACCION->CODIGO_ACCION = $actionCode;
687746

688-
$result = self::obtenerAccion($obtenerAccionInput);
689-
690-
return $result;
747+
return self::obtenerAccion($obtenerAccionInput);
691748
}
692749

693750
public function obtenerAccion($obtenerAccionInput)
@@ -725,6 +782,9 @@ public function obtenerAccion($obtenerAccionInput)
725782
$participantsSpecialityTutorialsTable = Database::get_main_table('plugin_sepe_participants_specialty_tutorials');
726783
$tableTutorsCompany = Database::get_main_table('plugin_sepe_tutors_company');
727784

785+
$actionOrigin = Database::escape_string($actionOrigin);
786+
$actionCode = Database::escape_string($actionCode);
787+
728788
// Comprobamos si existen datos almacenados previamente
729789
$sql = "SELECT *
730790
FROM $table

0 commit comments

Comments
 (0)