From 65ca4c9f7cf5266ad2be15fa939a279e3df5461d Mon Sep 17 00:00:00 2001
From: Bernhard Froehlich <ted@convey.de>
Date: Tue, 11 Jan 2011 23:52:12 +0100
Subject: [PATCH] Removing parameters from JOIN ... ON clauses

---
 core/print_api.php |    8 ++++----
 core/tag_api.php   |    7 ++++---
 core/user_api.php  |    8 ++++----
 summary_page.php   |    8 ++++----
 4 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/core/print_api.php b/core/print_api.php
index eaec5f2..993d2f5 100644
--- a/core/print_api.php
+++ b/core/print_api.php
@@ -1051,12 +1051,12 @@ function print_project_user_list_option_list( $p_project_id = null ) {
 	$query = "SELECT DISTINCT u.id, u.username, u.realname
 				FROM $t_mantis_user_table u
 				LEFT JOIN $t_mantis_project_user_list_table p
-				ON p.user_id=u.id AND p.project_id=" . db_param() . "
+				ON p.user_id=u.id AND p.project_id=$c_project_id
 				WHERE u.access_level<" . db_param() . " AND
 					u.enabled = " . db_param() . " AND
 					p.user_id IS NULL
 				ORDER BY u.realname, u.username";
-	$result = db_query_bound( $query, Array( $c_project_id, $t_adm, true ) );
+	$result = db_query_bound( $query, Array( $t_adm, true ) );
 	$t_display = array();
 	$t_sort = array();
 	$t_users = array();
@@ -1097,11 +1097,11 @@ function print_project_user_list_option_list2( $p_user_id ) {
 	$query = "SELECT DISTINCT p.id, p.name
 				FROM $t_mantis_project_table p
 				LEFT JOIN $t_mantis_project_user_list_table u
-				ON p.id=u.project_id AND u.user_id=" . db_param() . "
+				ON p.id=u.project_id AND u.user_id=$c_user_id
 				WHERE p.enabled = " . db_param() . " AND
 					u.user_id IS NULL
 				ORDER BY p.name";
-	$result = db_query_bound( $query, Array( $c_user_id, true ) );
+	$result = db_query_bound( $query, Array( true ) );
 	$category_count = db_num_rows( $result );
 	for( $i = 0;$i < $category_count;$i++ ) {
 		$row = db_fetch_array( $result );
diff --git a/core/tag_api.php b/core/tag_api.php
index 7b3bff8..57a23d8 100644
--- a/core/tag_api.php
+++ b/core/tag_api.php
@@ -418,6 +418,7 @@ function tag_get_candidates_for_bug( $p_bug_id ) {
 
 			$t_subquery_results = array();
 
+            $t_subquery_results[] = 0; # To make sure the statement will be syntactically correct even with no hits!
 			while( $row = db_fetch_array( $result ) ) {
 				$t_subquery_results[] = (int)$row;
 			}
@@ -738,9 +739,9 @@ function tag_stats_related( $p_tag_id, $p_limit = 5 ) {
 
 	$subquery = "SELECT b.id FROM $t_bug_table AS b
 					LEFT JOIN $t_project_user_list_table AS p
-						ON p.project_id=b.project_id AND p.user_id=" . db_param() . "
+						ON p.project_id=b.project_id AND p.user_id=$c_user_id
 					JOIN $t_user_table AS u
-						ON u.id=" . db_param() . "
+						ON u.id=$c_user_id
 					JOIN $t_bug_tag_table AS t
 						ON t.bug_id=b.id
 					WHERE ( p.access_level>b.view_state OR u.access_level>b.view_state )
@@ -750,7 +751,7 @@ function tag_stats_related( $p_tag_id, $p_limit = 5 ) {
 					WHERE tag_id != " . db_param() . "
 						AND bug_id IN ( $subquery ) ";
 
-	$result = db_query_bound( $query, Array( /*query*/ $c_tag_id, /*subquery*/ $c_user_id, $c_user_id, $c_tag_id ) );
+	$result = db_query_bound( $query, Array( /*query*/ $c_tag_id, /*subquery*/  $c_tag_id ) );
 
 	$t_tag_counts = array();
 	while( $row = db_fetch_array( $result ) ) {
diff --git a/core/user_api.php b/core/user_api.php
index 1b3f1ac..080a8e8 100644
--- a/core/user_api.php
+++ b/core/user_api.php
@@ -871,7 +871,7 @@ function user_get_accessible_projects( $p_user_id, $p_show_disabled = false ) {
 		$query = "SELECT p.id, p.name, ph.parent_id
 						  FROM $t_project_table p
 						  LEFT JOIN $t_project_user_list_table u
-						    ON p.id=u.project_id AND u.user_id=" . db_param() . "
+						    ON p.id=u.project_id AND u.user_id=$p_user_id
 						  LEFT JOIN $t_project_hierarchy_table ph
 						    ON ph.child_id = p.id
 						  WHERE " . ( $p_show_disabled ? '' : ( 'p.enabled = ' . db_param() . ' AND ' ) ) . "
@@ -881,7 +881,7 @@ function user_get_accessible_projects( $p_user_id, $p_show_disabled = false ) {
 							        u.user_id=" . db_param() . " )
 							)
 			  ORDER BY p.name";
-		$result = db_query_bound( $query, ( $p_show_disabled ? Array( $p_user_id, $t_public, $t_private, $p_user_id ) : Array( $p_user_id, true, $t_public, $t_private, $p_user_id ) ) );
+		$result = db_query_bound( $query, ( $p_show_disabled ? Array( $t_public, $t_private, $p_user_id ) : Array( true, $t_public, $t_private, $p_user_id ) ) );
 
 		$row_count = db_num_rows( $result );
 
@@ -950,7 +950,7 @@ function user_get_accessible_subprojects( $p_user_id, $p_project_id, $p_show_dis
 		$query = "SELECT DISTINCT p.id, p.name, ph.parent_id
 					  FROM $t_project_table p
 					  LEFT JOIN $t_project_user_list_table u
-					    ON p.id = u.project_id AND u.user_id=" . db_param() . "
+					    ON p.id = u.project_id AND u.user_id=$p_user_id
 					  LEFT JOIN $t_project_hierarchy_table ph
 					    ON ph.child_id = p.id
 					  WHERE " . ( $p_show_disabled ? '' : ( 'p.enabled = ' . db_param() . ' AND ' ) ) . '
@@ -961,7 +961,7 @@ function user_get_accessible_subprojects( $p_user_id, $p_project_id, $p_show_dis
 						        u.user_id=' . db_param() . ' )
 						)
 					  ORDER BY p.name';
-		$result = db_query_bound( $query, ( $p_show_disabled ? Array( $p_user_id, $t_public, $t_private, $p_user_id ) : Array( $p_user_id, 1, $t_public, $t_private, $p_user_id ) ) );
+		$result = db_query_bound( $query, ( $p_show_disabled ? Array( $t_public, $t_private, $p_user_id ) : Array( 1, $t_public, $t_private, $p_user_id ) ) );
 	}
 
 	$row_count = db_num_rows( $result );
diff --git a/summary_page.php b/summary_page.php
index 0ad8ca7..6a4b658 100644
--- a/summary_page.php
+++ b/summary_page.php
@@ -48,11 +48,11 @@
 	#  will look up the most recent 'resolved' status change and return it as well
 	$query = "SELECT b.id, b.date_submitted, b.last_updated, MAX(h.date_modified) as hist_update, b.status
         FROM $t_bug_table b LEFT JOIN $t_history_table h
-            ON b.id = h.bug_id  AND h.type=0 AND h.field_name='status' AND h.new_value=" . db_param() . "
+            ON b.id = h.bug_id  AND h.type=0 AND h.field_name='status' AND h.new_value=$t_resolved
             WHERE b.status >=" . db_param() . " AND $specific_where
             GROUP BY b.id, b.status, b.date_submitted, b.last_updated
             ORDER BY b.id ASC";
-	$result = db_query_bound( $query, Array( $t_resolved, $t_resolved ) );
+	$result = db_query_bound( $query, Array( $t_resolved ) );
 	$bug_count = db_num_rows( $result );
 
 	$t_bug_id       = 0;
@@ -103,7 +103,7 @@
 ?>
 
 <br />
-<?php 
+<?php
 	print_summary_menu( 'summary_page.php' );
 	print_summary_submenu(); ?>
 <br />
@@ -115,7 +115,7 @@
 </tr>
 <tr valign="top">
 	<td width="50%">
-		<?php # PROJECT # 
+		<?php # PROJECT #
 			if ( 1 < count( $t_project_ids ) ) { ?>
 		<table class="width100" cellspacing="1">
 		<tr>
-- 
1.7.3.3