fixed queries to be parameterized, adjusted array length check, fixed indentation

include/functions.inc.php

@@ -748,8 +748,6 @@ function load_courses($db, $filesBaseDir)
     } else {
         // error opening the file.
     }
-
-    return $courseId;
 }
 
 function load_enrol($db, $filesBaseDir)
@@ -767,7 +765,7 @@ function load_enrol($db, $filesBaseDir)
         while (($line = fgets($handle)) !== false) {
             $lineItems = explode("|", $line);
 
-            if (sizeof($lineItems) < 9) continue;
+            if (sizeof($lineItems) < 3) continue;
 
             $nuid = $lineItems[1];
             $courseId = trim($lineItems[0]);
@@ -777,11 +775,11 @@ function load_enrol($db, $filesBaseDir)
                 'nuid' => $nuid
             );
 
-            $findPeople = "SELECT nuid FROM people WHERE nuid=" . $nuid;
-            $findEnrol = "SELECT enrollment_id FROM enrollments WHERE  course_id='" . $courseId . "' AND nuid=" . $nuid;
+            $findPeople = "SELECT nuid FROM people WHERE nuid = ?";
+            $findEnrol = "SELECT enrollment_id FROM enrollments WHERE course_id = ? AND nuid = ?";
 
-            $existingPerson = $db->GetOne($findPeople);
-            $existingEnrol = $db->GetOne($findEnrol);
+            $existingPerson = $db->GetOne($findPeople, array($nuid));
+            $existingEnrol = $db->GetOne($findEnrol, array($courseId, $nuid));
 
             if ($lineItems[2] != 'W') {
                 if ( !$existingPerson)
@@ -792,13 +790,16 @@ function load_enrol($db, $filesBaseDir)
                 {
                     auto_update($db, 'enrollments', $enrolData, 'enrollment_id', $existingEnrol['enrollment_id']);
                 }
-                else auto_insert($db, 'enrollments', $enrolData);
+                else
+                {
+                    auto_insert($db, 'enrollments', $enrolData);
+                }
             }
             else if ( $existingEnrol ) {
-                    $removeEnrol = "DELETE FROM enrollments WHERE course_id='" . $courseId . "' AND nuid=" . $nuid;
-                    $db->Execute($removeEnrol);
-                }
+                $removeEnrol = "DELETE FROM enrollments WHERE course_id = ? AND nuid = ?";
+                $db->Execute($removeEnrol, array($courseId, $nuid));
             }
+        }
         fclose($handle);
     } else {
         // error opening the file.
@@ -830,11 +831,11 @@ function load_staff($db, $filesBaseDir)
                 'nuid' => $nuid
             );
 
-            $findPeople = "SELECT nuid FROM people WHERE nuid=" . $nuid;
-            $findStaff = "SELECT assignment_id FROM staff_assignments WHERE course_id='" . $courseId . "' AND nuid=" . $nuid;
+            $findPeople = "SELECT nuid FROM people WHERE nuid = ?";
+            $findStaff = "SELECT assignment_id FROM staff_assignments WHERE course_id = ? AND nuid = ?";
 
-            $existingPerson = $db->GetOne($findPeople);
-            $existingStaff = $db->GetOne($findStaff);
+            $existingPerson = $db->GetOne($findPeople, array($nuid));
+            $existingStaff = $db->GetOne($findStaff, array($courseId, $nuid));
 
             if ( !$existingPerson )
             {
@@ -845,9 +846,11 @@ function load_staff($db, $filesBaseDir)
             {
                auto_update($db, 'staff_assignments', $staffData, 'assignment_id', $existingStaff['assignment_id']);
             }
-            else auto_insert($db, 'staff_assignments', $staffData);
+            else
+            {
+                auto_insert($db, 'staff_assignments', $staffData);
+            }
         }
-
         fclose($handle);
     } else {
         // error opening the file.