Database class integration.

core/menu/menu.php

@@ -61,18 +61,9 @@ else {
 	echo "</table>\n";
 
 	//prepare to page the results
-		$sql = " select count(*) as num_rows from v_menus ";
-		$prep_statement = $db->prepare($sql);
-		if ($prep_statement) {
-		$prep_statement->execute();
-			$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-			if ($row['num_rows'] > 0) {
-				$num_rows = $row['num_rows'];
-			}
-			else {
-				$num_rows = '0';
-			}
-		}
+		$sql = "select count(*) from v_menus ";
+		$database = new database;
+		$num_rows = $database->select($sql, null, 'column');
 
 	//prepare to page the results
 		$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -83,14 +74,12 @@ else {
 		$offset = $rows_per_page * $page;
 
 	//get the  list
-		$sql = " select * from v_menus ";
-		if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
-		$sql .= " limit $rows_per_page offset $offset ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		$result_count = count($result);
-		unset ($prep_statement, $sql);
+		$sql = "select * from v_menus ";
+		$sql .= order_by($order_by, $order);
+		$sql .= limit_offset($rows_per_page, $offset);
+		$database = new database;
+		$result = $database->select($sql, null, 'all');
+		unset($sql);
 
 	$c = 0;
 	$row_style["0"] = "row_style0";
@@ -106,7 +95,7 @@ else {
 	echo "</td>\n";
 	echo "</tr>\n";
 
-	if ($result_count > 0) {
+	if (is_array($result) && sizeof($result) != 0) {
 		foreach($result as $row) {
 			$tr_link = "href='menu_edit.php?id=".$row['menu_uuid']."'";
 			echo "<tr ".$tr_link.">\n";
@@ -119,9 +108,9 @@ else {
 			echo "	</td>\n";
 			echo "</tr>\n";
 			if ($c==0) { $c=1; } else { $c=0; }
-		} //end foreach
-		unset($sql, $result, $row_count);
-	} //end if results
+		}
+	}
+	unset($result, $row);
 
 	echo "<tr>\n";
 	echo "<td colspan='5' align='left'>\n";
@@ -140,7 +129,6 @@ else {
 	echo "</table>";
 	echo "<br><br>";
 
-
 //include the footer
 	require_once "resources/footer.php";
 ?>

core/menu/menu_delete.php

@@ -38,55 +38,54 @@ else {
 	$language = new text;
 	$text = $language->get();
 
-//set the variables
-	if (count($_GET)>0) {
-		$id = check_str($_GET["id"]);
-	}
-
 //delete the data
-	if (strlen($id) == 36) {
+	if (is_uuid($_GET["id"])) {
+		$menu_uuid = $_GET["id"];
+
 		//start the database transaction
 			$db->beginTransaction();
 
 		//delete the menu
-			$sql = "delete from v_menus ";
-			$sql .= "where menu_uuid = '$id'; ";
-			//echo $sql."\n";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			unset($sql);
+			$array['menus'][0]['menu_uuid'] = $menu_uuid;
+			$database = new database;
+			$database->app_name = 'menu';
+			$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+			$database->delete($array);
+			unset($array);
 
 		//delete the items in the menu
 			$sql = "delete from v_menu_items ";
-			$sql .= "where menu_uuid = '$id'; ";
-			//echo $sql."\n";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			unset($sql);
+			$sql .= "where menu_uuid = :menu_uuid ";
+			$parameters['menu_uuid'] = $menu_uuid;
+			$database = new database;
+			$database->execute($sql, $parameters);
+			unset($sql, $parameters);
 
 		//delete the menu permissions
 			$sql = "delete from v_menu_item_groups ";
-			$sql .= "where menu_uuid = '$id'; ";
-			//echo $sql."\n";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			unset($sql);
+			$sql .= "where menu_uuid = :menu_uuid ";
+			$parameters['menu_uuid'] = $menu_uuid;
+			$database = new database;
+			$database->execute($sql, $parameters);
+			unset($sql, $parameters);
 
 		//delete the menu languages
 			$sql = "delete from v_menu_languages ";
-			$sql .= "where menu_uuid = '$id'; ";
-			//echo $sql."\n";
-			$prep_statement = $db->prepare(check_sql($sql));
-			$prep_statement->execute();
-			unset($sql);
+			$sql .= "where menu_uuid = :menu_uuid ";
+			$parameters['menu_uuid'] = $menu_uuid;
+			$database = new database;
+			$database->execute($sql, $parameters);
+			unset($sql, $parameters);
 
 		//save the changes to the database
 			$db->commit();
+
+		//set message
+			message::add($text['message-delete']);
 	}
 
 //redirect the user
-	message::add($text['message-delete']);
 	header("Location: menu.php");
-	return;
+	exit;
 
 ?>

core/menu/menu_edit.php

@@ -39,9 +39,9 @@ else {
 	$text = $language->get();
 
 //action add or update
-	if (isset($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$menu_uuid = check_str($_REQUEST["id"]);
+		$menu_uuid = $_REQUEST["id"];
 	}
 	else {
 		$action = "add";
@@ -49,17 +49,17 @@ else {
 
 //get http post variables and set them to php variables
 	if (count($_POST)>0) {
-		$menu_uuid = check_str($_POST["menu_uuid"]);
-		$menu_name = check_str($_POST["menu_name"]);
-		$menu_language = check_str($_POST["menu_language"]);
-		$menu_description = check_str($_POST["menu_description"]);
+		$menu_uuid = $_POST["menu_uuid"];
+		$menu_name = $_POST["menu_name"];
+		$menu_language = $_POST["menu_language"];
+		$menu_description = $_POST["menu_description"];
 	}
 
 if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 
 	$msg = '';
 	if ($action == "update") {
-		$menu_uuid = check_str($_POST["menu_uuid"]);
+		$menu_uuid = $_POST["menu_uuid"];
 	}
 
 	//check for all required data
@@ -86,22 +86,15 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 				$menu_uuid = uuid();
 
 			//start a new menu
-				$sql = "insert into v_menus ";
-				$sql .= "(";
-				$sql .= "menu_uuid, ";
-				$sql .= "menu_name, ";
-				$sql .= "menu_language, ";
-				$sql .= "menu_description ";
-				$sql .= ")";
-				$sql .= "values ";
-				$sql .= "(";
-				$sql .= "'".$menu_uuid."', ";
-				$sql .= "'".$menu_name."', ";
-				$sql .= "'".$menu_language."', ";
-				$sql .= "'".$menu_description."' ";
-				$sql .= ")";
-				$db->exec(check_sql($sql));
-				unset($sql);
+				$array['menus'][0]['menu_uuid'] = $menu_uuid;
+				$array['menus'][0]['menu_name'] = $menu_name;
+				$array['menus'][0]['menu_language'] = $menu_language;
+				$array['menus'][0]['menu_description'] = $menu_description;
+				$database = new database;
+				$database->app_name = 'menu';
+				$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+				$database->save($array);
+				unset($array);
 
 			//add the default items in the menu
 				require_once "resources/classes/menu.php";
@@ -119,38 +112,39 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 
 		if ($action == "update") {
 			//update the menu
-				$sql = "update v_menus set ";
-				$sql .= "menu_name = '".$menu_name."', ";
-				$sql .= "menu_language = '".$menu_language."', ";
-				$sql .= "menu_description = '".$menu_description."' ";
-				$sql .= "where menu_uuid = '".$menu_uuid."'";
-				$db->exec(check_sql($sql));
-				unset($sql);
+				$array['menus'][0]['menu_uuid'] = $menu_uuid;
+				$array['menus'][0]['menu_name'] = $menu_name;
+				$array['menus'][0]['menu_language'] = $menu_language;
+				$array['menus'][0]['menu_description'] = $menu_description;
+				$database = new database;
+				$database->app_name = 'menu';
+				$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+				$database->save($array);
+				unset($array);
 
 			//redirect the user back to the main menu
 				message::add($text['message-update']);
 				header("Location: menu.php");
 				return;
-		} //if ($action == "update")
-	} //if ($_POST["persistformvar"] != "true")
-} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+		}
+	}
+}
 
 //pre-populate the form
 	if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
 		$menu_uuid = $_GET["id"];
 		$sql = "select * from v_menus ";
-		$sql .= "where menu_uuid = '$menu_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
+		$sql .= "where menu_uuid = :menu_uuid ";
+		$parameters['menu_uuid'] = $menu_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && sizeof($row) != 0) {
 			$menu_uuid = $row["menu_uuid"];
 			$menu_name = $row["menu_name"];
 			$menu_language = $row["menu_language"];
 			$menu_description = $row["menu_description"];
-			break; //limit to 1 row
 		}
-		unset ($prep_statement);
+		unset($sql, $parameters, $row);
 	}
 
 //show the header
@@ -238,7 +232,9 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	echo "</form>";
 
 //show the menu items
-	require_once "core/menu/menu_item_list.php";
+	if ($action == "update") {
+		require_once "core/menu/menu_item_list.php";
+	}
 
 //include the footer
 	require_once "resources/footer.php";

core/menu/menu_item_delete.php

@@ -38,39 +38,49 @@ else {
 	$language = new text;
 	$text = $language->get();
 
-if (count($_GET)>0) {
-	//clear the menu session so it will rebuild with the update
-		$_SESSION["menu"] = "";
+//delete the data
+	if (is_uuid($_GET["id"]) && is_uuid($_GET["menu_item_uuid"])) {
+		//get the menu uuid
+			$menu_uuid = $_GET["id"];
+			$menu_item_uuid = $_GET["menu_item_uuid"];
 
-	//get the menu uuid
-		$menu_uuid = check_str($_GET["id"]);
-		$menu_item_uuid = check_str($_GET["menu_item_uuid"]);
+		//clear the menu session so it will rebuild with the update
+			$_SESSION["menu"] = "";
 
-	//delete the item in the menu
-		$sql  = "delete from v_menu_items ";
-		$sql .= "where menu_item_uuid = '$menu_item_uuid' ";
-		$sql .= "and menu_uuid = '$menu_uuid' ";
-		$db->exec(check_sql($sql));
-		unset($sql);
+		//delete the item in the menu
+			$array['menu_items'][0]['menu_item_uuid'] = $menu_item_uuid;
+			$array['menu_items'][0]['menu_uuid'] = $menu_uuid;
+			$database = new database;
+			$database->app_name = 'menu';
+			$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+			$database->delete($array);
 
-	//delete the menu item groups
-		$sql  = "delete from v_menu_item_groups ";
-		$sql .= "where menu_item_uuid = '$menu_item_uuid' ";
-		$sql .= "and menu_uuid = '$menu_uuid' ";
-		$db->exec(check_sql($sql));
-		unset($sql);
+		//delete the menu item groups
+			$sql  = "delete from v_menu_item_groups ";
+			$sql .= "where menu_item_uuid = :menu_item_uuid ";
+			$sql .= "and menu_uuid = :menu_uuid ";
+			$parameters['menu_item_uuid'] = $menu_item_uuid;
+			$parameters['menu_uuid'] = $menu_uuid;
+			$database = new database;
+			$database->execute($sql, $parameters);
+			unset($sql, $parameters);
 
-	//delete the menu item language
-		$sql  = "delete from v_menu_languages ";
-		$sql .= "where menu_uuid = '$menu_uuid' ";
-		$sql .= "and menu_item_uuid = '$menu_item_uuid' ";
-		$db->exec(check_sql($sql));
-		unset($sql);
+		//delete the menu item language
+			$sql  = "delete from v_menu_languages ";
+			$sql .= "where menu_uuid = :menu_uuid ";
+			$sql .= "and menu_item_uuid = :menu_item_uuid ";
+			$parameters['menu_uuid'] = $menu_uuid;
+			$parameters['menu_item_uuid'] = $menu_item_uuid;
+			$database = new database;
+			$database->execute($sql, $parameters);
+			unset($sql, $parameters);
 
-	//redirect the user
-		message::add($text['message-delete']);
-		header("Location: menu_edit.php?id=".$menu_uuid);
-		return;
-}
+		//set message
+			message::add($text['message-delete']);
+	}
+
+//redirect the user
+	header("Location: menu_edit.php?id=".$menu_uuid);
+	exit;
 
 ?>

core/menu/menu_item_edit.php

@@ -39,17 +39,20 @@ else {
 	$text = $language->get();
 
 //get the menu_uuid
-	$menu_uuid = check_str($_REQUEST["id"]);
-	$menu_item_uuid = check_str($_REQUEST['menu_item_uuid']);
-	$group_uuid_name = check_str($_REQUEST['group_uuid_name']);
-	$menu_item_group_uuid = check_str($_REQUEST['menu_item_group_uuid']);
+	$menu_uuid = $_REQUEST["id"];
+	$menu_item_uuid = $_REQUEST['menu_item_uuid'];
+	$group_uuid_name = $_REQUEST['group_uuid_name'];
+	$menu_item_group_uuid = $_REQUEST['menu_item_group_uuid'];
 
 //delete the group from the menu item
-	if ($_REQUEST["a"] == "delete" && permission_exists("menu_delete") && $menu_item_group_uuid != '') {
+	if ($_REQUEST["a"] == "delete" && permission_exists("menu_delete") && is_uuid($menu_item_group_uuid)) {
 		//delete the group from the users
-			$sql = "delete from v_menu_item_groups  ";
-			$sql .= "where menu_item_group_uuid = '".$menu_item_group_uuid."' ";
-			$db->exec(check_sql($sql));
+			$array['menu_item_groups'][0]['menu_item_group_uuid'] = $menu_item_group_uuid;
+			$database = new database;
+			$database->app_name = 'menu';
+			$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+			$database->delete($array);
+			unset($array);
 		//redirect the browser
 			message::add($text['message-delete']);
 			header("Location: menu_item_edit.php?id=".$menu_uuid."&menu_item_uuid=".$menu_item_uuid."&menu_uuid=".$menu_uuid);
@@ -57,42 +60,38 @@ else {
 	}
 
 //action add or update
-	if (isset($_REQUEST["menu_item_uuid"])) {
-		if (strlen($_REQUEST["menu_item_uuid"]) > 0) {
-			$action = "update";
-			$menu_item_uuid = check_str($_REQUEST["menu_item_uuid"]);
-		}
-		else {
-			$action = "add";
-		}
+	if (is_uuid($_REQUEST["menu_item_uuid"])) {
+		$action = "update";
+		$menu_item_uuid = $_REQUEST["menu_item_uuid"];
 	}
 	else {
 		$action = "add";
 	}
 
+
 //clear the menu session so it will rebuild with the update
 	$_SESSION["menu"] = "";
 
 //get the HTTP POST variables and set them as PHP variables
 	if (count($_POST) > 0) {
-		$menu_uuid = check_str($_POST["menu_uuid"]);
-		$menu_item_uuid = check_str($_POST["menu_item_uuid"]);
-		$menu_item_title = check_str($_POST["menu_item_title"]);
-		$menu_item_link = check_str($_POST["menu_item_link"]);
-		$menu_item_category = check_str($_POST["menu_item_category"]);
-		$menu_item_icon = check_str($_POST["menu_item_icon"]);
-		$menu_item_description = check_str($_POST["menu_item_description"]);
-		$menu_item_protected = check_str($_POST["menu_item_protected"]);
-		//$menu_item_uuid = check_str($_POST["menu_item_uuid"]);
-		$menu_item_parent_uuid = check_str($_POST["menu_item_parent_uuid"]);
-		$menu_item_order = check_str($_POST["menu_item_order"]);
+		$menu_uuid = $_POST["menu_uuid"];
+		$menu_item_uuid = $_POST["menu_item_uuid"];
+		$menu_item_title = $_POST["menu_item_title"];
+		$menu_item_link = $_POST["menu_item_link"];
+		$menu_item_category = $_POST["menu_item_category"];
+		$menu_item_icon = $_POST["menu_item_icon"];
+		$menu_item_description = $_POST["menu_item_description"];
+		$menu_item_protected = $_POST["menu_item_protected"];
+		//$menu_item_uuid = $_POST["menu_item_uuid"];
+		$menu_item_parent_uuid = $_POST["menu_item_parent_uuid"];
+		$menu_item_order = $_POST["menu_item_order"];
 	}
 
 //when a HTTP POST is available then process it
 	if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) {
 
 		if ($action == "update") {
-			$menu_item_uuid = check_str($_POST["menu_item_uuid"]);
+			$menu_item_uuid = $_POST["menu_item_uuid"];
 		}
 
 		//check for all required data
@@ -116,101 +115,77 @@ else {
 		//add or update the database
 		if ($_POST["persistformvar"] != "true") {
 			//get the language from the menu
-				$sql = "SELECT menu_language FROM v_menus ";
-				$sql .= "where menu_uuid = '$menu_uuid' ";
-				$prep_statement = $db->prepare(check_sql($sql));
-				$prep_statement->execute();
-				$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-				foreach ($result as &$row) {
-					$menu_language = $row['menu_language'];
-				}
+				$sql = "select menu_language from v_menus ";
+				$sql .= "where menu_uuid = :menu_uuid ";
+				$parameters['menu_uuid'] = $menu_uuid;
+				$database = new database;
+				$menu_language = $database->select($sql, $parameters, 'column');
+				unset($sql, $parameters);
 
 			//get the highest menu item order
-				if (strlen($menu_item_parent_uuid) == 0) {
-					$sql = "SELECT menu_item_order FROM v_menu_items ";
-					$sql .= "where menu_uuid = '$menu_uuid' ";
+				if (!is_uuid($menu_item_parent_uuid)) {
+					$sql = "select menu_item_order from v_menu_items ";
+					$sql .= "where menu_uuid = :menu_uuid ";
 					$sql .= "and menu_item_parent_uuid is null ";
 					$sql .= "order by menu_item_order desc ";
 					$sql .= "limit 1 ";
-					$prep_statement = $db->prepare(check_sql($sql));
-					$prep_statement->execute();
-					$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-					foreach ($result as &$row) {
-						$highest_menu_item_order = $row['menu_item_order'];
-					}
-					unset($prep_statement);
+					$parameters['menu_uuid'] = $menu_uuid;
+					$database = new database;
+					$highest_menu_item_order = $database->select($sql, $parameters, 'column');
+					unset($sql, $parameters);
 				}
 
 			//add a menu item
 				if ($action == "add" && permission_exists('menu_add')) {
 					$menu_item_uuid = uuid();
-					$sql = "insert into v_menu_items ";
-					$sql .= "(";
-					$sql .= "menu_uuid, ";
-					$sql .= "menu_item_title, ";
-					$sql .= "menu_item_link, ";
-					$sql .= "menu_item_category, ";
-					$sql .= "menu_item_icon, ";
-					$sql .= "menu_item_description, ";
-					$sql .= "menu_item_protected, ";
-					$sql .= "menu_item_uuid, ";
-					$sql .= "menu_item_parent_uuid, ";
-					if (strlen($menu_item_parent_uuid) == 0) {
-						$sql .= "menu_item_order, ";
-					}
-					$sql .= "menu_item_add_user, ";
-					$sql .= "menu_item_add_date ";
-					$sql .= ")";
-					$sql .= "values ";
-					$sql .= "(";
-					$sql .= "'$menu_uuid', ";
-					$sql .= "'$menu_item_title', ";
-					$sql .= "'$menu_item_link', ";
-					$sql .= "'$menu_item_category', ";
-					$sql .= "'$menu_item_icon', ";
-					$sql .= "'$menu_item_description', ";
-					$sql .= "'$menu_item_protected', ";
-					$sql .= "'".$menu_item_uuid."', ";
-					if (strlen($menu_item_parent_uuid) == 0) {
-						$sql .= "null, ";
-						$sql .= "'".($highest_menu_item_order+1)."', ";
+					$array['menu_items'][0]['menu_uuid'] = $menu_uuid;
+					$array['menu_items'][0]['menu_item_title'] = $menu_item_title;
+					$array['menu_items'][0]['menu_item_link'] = $menu_item_link;
+					$array['menu_items'][0]['menu_item_category'] = $menu_item_category;
+					$array['menu_items'][0]['menu_item_icon'] = $menu_item_icon;
+					$array['menu_items'][0]['menu_item_description'] = $menu_item_description;
+					$array['menu_items'][0]['menu_item_protected'] = $menu_item_protected;
+					$array['menu_items'][0]['menu_item_uuid'] = $menu_item_uuid;
+					if (!is_uuid($menu_item_parent_uuid)) {
+						$array['menu_items'][0]['menu_item_parent_uuid'] = null;
+						$array['menu_items'][0]['menu_item_order'] = ($highest_menu_item_order + 1);
 					}
 					else {
-						$sql .= "'$menu_item_parent_uuid', ";
+						$array['menu_items'][0]['menu_item_parent_uuid'] = $menu_item_parent_uuid;
 					}
-					$sql .= "'".$_SESSION["username"]."', ";
-					$sql .= "now() ";
-					$sql .= ")";
-					$db->exec(check_sql($sql));
-					unset($sql);
+					$array['menu_items'][0]['menu_item_add_user'] = $_SESSION["username"];
+					$array['menu_items'][0]['menu_item_add_date'] = 'now()';
+					$database = new database;
+					$database->app_name = 'menu';
+					$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+					$database->save($array);
+					unset($array);
 				}
 
 			//update the menu item
 				if ($action == "update" && permission_exists('menu_edit')) {
-					$sql  = "update v_menu_items set ";
-					$sql .= "menu_item_title = '$menu_item_title', ";
-					$sql .= "menu_item_link = '$menu_item_link', ";
-					$sql .= "menu_item_category = '$menu_item_category', ";
-					$sql .= "menu_item_icon = '$menu_item_icon', ";
-					$sql .= "menu_item_description = '$menu_item_description', ";
-					$sql .= "menu_item_protected = '$menu_item_protected', ";
-					if (strlen($menu_item_parent_uuid) == 0) {
-						$sql .= "menu_item_parent_uuid = null, ";
-						if (strlen($menu_item_order) > 0) {
-							$sql .= "menu_item_order = '$menu_item_order', ";
-						}
-						else {
-							$sql .= "menu_item_order = '".($highest_menu_item_order+1)."', ";
-						}
+					$array['menu_items'][0]['menu_uuid'] = $menu_uuid;
+					$array['menu_items'][0]['menu_item_title'] = $menu_item_title;
+					$array['menu_items'][0]['menu_item_link'] = $menu_item_link;
+					$array['menu_items'][0]['menu_item_category'] = $menu_item_category;
+					$array['menu_items'][0]['menu_item_icon'] = $menu_item_icon;
+					$array['menu_items'][0]['menu_item_description'] = $menu_item_description;
+					$array['menu_items'][0]['menu_item_protected'] = $menu_item_protected;
+					$array['menu_items'][0]['menu_item_uuid'] = $menu_item_uuid;
+					if (!is_uuid($menu_item_parent_uuid)) {
+						$array['menu_items'][0]['menu_item_parent_uuid'] = null;
+						$array['menu_items'][0]['menu_item_order'] = is_numeric($menu_item_order) ? $menu_item_order : ($highest_menu_item_order + 1);
 					}
 					else {
-						$sql .= "menu_item_parent_uuid = '$menu_item_parent_uuid', ";
+						$array['menu_items'][0]['menu_item_parent_uuid'] = $menu_item_parent_uuid;
 					}
-					$sql .= "menu_item_mod_user = '".$_SESSION["username"]."', ";
-					$sql .= "menu_item_mod_date = now() ";
-					$sql .= "where menu_uuid = '$menu_uuid' ";
-					$sql .= "and menu_item_uuid = '$menu_item_uuid' ";
-					$count = $db->exec(check_sql($sql));
+					$array['menu_items'][0]['menu_item_add_user'] = $_SESSION["username"];
+					$array['menu_items'][0]['menu_item_add_date'] = 'now()';
+					$database = new database;
+					$database->app_name = 'menu';
+					$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+					$database->save($array);
+					unset($array);
 				}
 
 			//add a group to the menu
@@ -219,63 +194,56 @@ else {
 					$group_uuid = $group_data[0];
 					$group_name = $group_data[1];
 					//add the group to the menu
-						if (strlen($menu_item_uuid) > 0) {
+						if (is_uuid($menu_item_uuid)) {
 							$menu_item_group_uuid = uuid();
-							$sql_insert = "insert into v_menu_item_groups ";
-							$sql_insert .= "(";
-							$sql_insert .= "menu_item_group_uuid, ";
-							$sql_insert .= "menu_uuid, ";
-							$sql_insert .= "menu_item_uuid, ";
-							$sql_insert .= "group_name, ";
-							$sql_insert .= "group_uuid ";
-							$sql_insert .= ")";
-							$sql_insert .= "values ";
-							$sql_insert .= "(";
-							$sql_insert .= "'".$menu_item_group_uuid."', ";
-							$sql_insert .= "'".$menu_uuid."', ";
-							$sql_insert .= "'".$menu_item_uuid."', ";
-							$sql_insert .= "'".$group_name."', ";
-							$sql_insert .= "'".$group_uuid."' ";
-							$sql_insert .= ")";
-							$db->exec($sql_insert);
+							$array['menu_item_groups'][0]['menu_item_group_uuid'] = $menu_item_group_uuid;
+							$array['menu_item_groups'][0]['menu_uuid'] = $menu_uuid;
+							$array['menu_item_groups'][0]['menu_item_uuid'] = $menu_item_uuid;
+							$array['menu_item_groups'][0]['group_name'] = $group_name;
+							$array['menu_item_groups'][0]['group_uuid'] = $group_uuid;
+							$database = new database;
+							$database->app_name = 'menu';
+							$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+							$database->save($array);
+							unset($array);
 						}
 				}
 
 			//add title to menu languages
 				if ($_REQUEST["a"] != "delete" && strlen($menu_item_title) > 0 && permission_exists('menu_add')) {
-					$sql = "select count(*) as num_rows from v_menu_languages ";
-					$sql .= "where menu_item_uuid = '".$menu_item_uuid."' ";
-					$sql .= "and menu_language = '$menu_language' ";
-					$prep_statement = $db->prepare($sql);
-					$prep_statement->execute();
-					$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-					if ($row['num_rows'] == 0) {
-						$sql_insert = "insert into v_menu_languages ";
-						$sql_insert .= "(";
-						$sql_insert .= "menu_language_uuid, ";
-						$sql_insert .= "menu_uuid, ";
-						$sql_insert .= "menu_item_uuid, ";
-						$sql_insert .= "menu_language, ";
-						$sql_insert .= "menu_item_title ";
-						$sql_insert .= ")";
-						$sql_insert .= "values ";
-						$sql_insert .= "(";
-						$sql_insert .= "'".uuid()."', ";
-						$sql_insert .= "'".$menu_uuid."', ";
-						$sql_insert .= "'".$menu_item_uuid."', ";
-						$sql_insert .= "'".$menu_language."', ";
-						$sql_insert .= "'".$menu_item_title."' ";
-						$sql_insert .= ")";
-						$db->exec($sql_insert);
+					$sql = "select count(*) from v_menu_languages ";
+					$sql .= "where menu_item_uuid = :menu_item_uuid ";
+					$sql .= "and menu_language = :menu_language ";
+					$parameters['menu_item_uuid'] = $menu_item_uuid;
+					$parameters['menu_language'] = $menu_language;
+					$database = new database;
+					$num_rows = $database->select($sql, $parameters, 'column');
+					if ($num_rows == 0) {
+						$array['menu_languages'][0]['menu_language_uuid'] = uuid();
+						$array['menu_languages'][0]['menu_uuid'] = $menu_uuid;
+						$array['menu_languages'][0]['menu_item_uuid'] = $menu_item_uuid;
+						$array['menu_languages'][0]['menu_language'] = $menu_language;
+						$array['menu_languages'][0]['menu_item_title'] = $menu_item_title;
+						$database = new database;
+						$database->app_name = 'menu';
+						$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+						$database->save($array);
+						unset($array);
 					}
 					else {
 						$sql  = "update v_menu_languages set ";
-						$sql .= "menu_item_title = '$menu_item_title' ";
-						$sql .= "where menu_uuid = '$menu_uuid' ";
-						$sql .= "and menu_item_uuid = '$menu_item_uuid' ";
-						$sql .= "and menu_language = '$menu_language' ";
-						$count = $db->exec(check_sql($sql));
+						$sql .= "menu_item_title = :menu_item_title ";
+						$sql .= "where menu_uuid = :menu_uuid ";
+						$sql .= "and menu_item_uuid = :menu_item_uuid ";
+						$sql .= "and menu_language = :menu_language ";
+						$parameters['menu_item_title'] = $menu_item_title;
+						$parameters['menu_uuid'] = $menu_uuid;
+						$parameters['menu_item_uuid'] = $menu_item_uuid;
+						$parameters['menu_language'] = $menu_language;
+						$database = new database;
+						$database->execute($sql, $parameters);
 					}
+					unset($sql, $parameters, $num_rows);
 				}
 
 			//set response message
@@ -294,20 +262,21 @@ else {
 					header("Location: menu_edit.php?id=".$menu_uuid);
 				}
 				return;
-		} //if ($_POST["persistformvar"] != "true")
-	} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+		}
+	}
 
 //pre-populate the form
 	if (count($_GET)>0 && $_POST["persistformvar"] != "true") {
 		$menu_item_uuid = $_GET["menu_item_uuid"];
 
 		$sql = "select * from v_menu_items ";
-		$sql .= "where menu_uuid = '$menu_uuid' ";
-		$sql .= "and menu_item_uuid = '$menu_item_uuid' ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach ($result as &$row) {
+		$sql .= "where menu_uuid = :menu_uuid ";
+		$sql .= "and menu_item_uuid = :menu_item_uuid ";
+		$parameters['menu_uuid'] = $menu_uuid;
+		$parameters['menu_item_uuid'] = $menu_item_uuid;
+		$database = new database;
+		$row = $database->select($sql, $parameters, 'row');
+		if (is_array($row) && sizeof($row) != 0) {
 			$menu_item_title = $row["menu_item_title"];
 			$menu_item_link = $row["menu_item_link"];
 			$menu_item_category = $row["menu_item_category"];
@@ -323,15 +292,17 @@ else {
 			$menu_item_mod_user = $row["menu_item_mod_user"];
 			$menu_item_mod_date = $row["menu_item_mod_date"];
 		}
+		unset($sql, $parameters, $row);
 	}
 
 //get the the menu items
-	$sql = "SELECT * FROM v_menu_items ";
-	$sql .= "where menu_uuid = '$menu_uuid' ";
+	$sql = "select * from v_menu_items ";
+	$sql .= "where menu_uuid = :menu_uuid ";
 	$sql .= "order by menu_item_title asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$menu_items = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$parameters['menu_uuid'] = $menu_uuid;
+	$database = new database;
+	$menu_items = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //get the assigned groups
 	$sql = "select ";
@@ -346,30 +317,35 @@ else {
 	$sql .= "order by ";
 	$sql .= "	g.domain_uuid desc, ";
 	$sql .= "	g.group_name asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->bindParam(':menu_uuid', $menu_uuid);
-	$prep_statement->bindParam(':menu_item_uuid', $menu_item_uuid);
-	$prep_statement->execute();
-	$menu_item_groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	unset($sql, $prep_statement);
+	$parameters['menu_uuid'] = $menu_uuid;
+	$parameters['menu_item_uuid'] = $menu_item_uuid;
+	$database = new database;
+	$menu_item_groups = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //set the assigned_groups array
-	foreach($menu_item_groups as $field) {
-		if (strlen($field['group_name']) > 0) {
-			$assigned_groups[] = $field['group_uuid'];
+	if (is_array($menu_item_groups) && sizeof($menu_item_groups) != 0) {
+		foreach ($menu_item_groups as $field) {
+			if (strlen($field['group_name']) > 0) {
+				$assigned_groups[] = $field['group_uuid'];
+			}
 		}
 	}
 
 //get the groups
 	$sql = "select * from v_groups ";
-	if (sizeof($assigned_groups) > 0) {
-		$sql .= "where group_uuid not in ('".implode("','",$assigned_groups)."') ";
+	if (is_array($assigned_groups) && sizeof($assigned_groups) != 0) {
+		$sql .= "where ";
+		foreach ($assigned_groups as $index => $assigned_group) {
+			$sql_where[] = "group_uuid <> :group_uuid_".$index;
+			$parameters['group_uuid_'.$index] = $assigned_group;
+		}
+		$sql .= implode(' and ', $sql_where);
 	}
 	$sql .= "order by domain_uuid desc, group_name asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	unset($sql, $prep_statement);
+	$database = new database;
+	$groups = $database->select($sql, $parameters, 'all');
+	unset($sql, $sql_where, $parameters);
 
 //include the header
 	require_once "resources/header.php";
@@ -485,7 +461,7 @@ else {
 	echo "	<tr>";
 	echo "		<td class='vncell' valign='top'>".$text['label-groups']."</td>";
 	echo "		<td class='vtable'>";
-	if (is_array($menu_item_groups)) {
+	if (is_array($menu_item_groups) && sizeof($menu_item_groups) != 0) {
 		echo "<table cellpadding='0' cellspacing='0' border='0'>\n";
 		foreach($menu_item_groups as $field) {
 			if (strlen($field['group_name']) > 0) {

core/menu/menu_item_list.php

@@ -42,17 +42,19 @@ function build_db_child_menu_list ($db, $menu_item_level, $menu_item_uuid, $c) {
 	//check for sub menus
 		$menu_item_level = $menu_item_level+1;
 		$sql = "select * from v_menu_items ";
-		$sql .= "where menu_uuid = '".$menu_uuid."' ";
-		$sql .= "and menu_item_parent_uuid = '".$menu_item_uuid."' ";
+		$sql .= "where menu_uuid = :menu_uuid ";
+		$sql .= "and menu_item_parent_uuid = :menu_item_parent_uuid ";
 		$sql .= "order by menu_item_title, menu_item_order asc ";
-		$prep_statement_2 = $db->prepare($sql);
-		$prep_statement_2->execute();
-		$result2 = $prep_statement_2->fetchAll(PDO::FETCH_NAMED);
+		$parameters['menu_uuid'] = $menu_uuid;
+		$parameters['menu_item_parent_uuid'] = $menu_item_uuid;
+		$database = new database;
+		$result2 = $database->select($sql, $parameters, 'all');
+		unset($sql, $parameters);
 
 		$row_style["0"] = "row_style1";
 		$row_style["1"] = "row_style1";
 
-		if (count($result2) > 0) {
+		if (is_array($result2) && sizeof($result2) != 0) {
 			if ($c == 0) { $c2 = 1; } else { $c2 = 0; }
 			foreach($result2 as $row2) {
 				//set the db values as php variables
@@ -62,8 +64,8 @@ function build_db_child_menu_list ($db, $menu_item_level, $menu_item_uuid, $c) {
 					$menu_item_parent_uuid = $row2['menu_item_parent_uuid'];
 					$menu_item_order = $row2['menu_item_order'];
 					$menu_item_language = $row2['menu_item_language'];
-					$menu_item_title = $row2[menu_item_title];
-					$menu_item_link = $row2[menu_item_link];
+					$menu_item_title = $row2['menu_item_title'];
+					$menu_item_link = $row2['menu_item_link'];
 				//get the groups that have been assigned to the menu
 					$sql = "select ";
 					$sql .= "	g.group_name, g.domain_uuid as group_domain_uuid ";
@@ -72,20 +74,24 @@ function build_db_child_menu_list ($db, $menu_item_level, $menu_item_uuid, $c) {
 					$sql .= "	v_groups as g ";
 					$sql .= "where ";
 					$sql .= "	mig.group_uuid = g.group_uuid ";
-					$sql .= "	and mig.menu_uuid = '".$menu_uuid."' ";
-					$sql .= "	and mig.menu_item_uuid = '".$menu_item_uuid."' ";
+					$sql .= "	and mig.menu_uuid = :menu_uuid ";
+					$sql .= "	and mig.menu_item_uuid = :menu_item_uuid ";
 					$sql .= "order by ";
 					$sql .= "	g.domain_uuid desc, ";
 					$sql .= "	g.group_name asc ";
-					$sub_prep_statement = $db->prepare(check_sql($sql));
-					$sub_prep_statement->execute();
-					$sub_result = $sub_prep_statement->fetchAll(PDO::FETCH_NAMED);
-					unset($group_list);
-					foreach ($sub_result as &$sub_row) {
-						$group_list[] = $sub_row["group_name"].(($sub_row['group_domain_uuid'] != '') ? "@".$_SESSION['domains'][$sub_row['group_domain_uuid']]['domain_name'] : null);
+					$parameters['menu_uuid'] = $menu_uuid;
+					$parameters['menu_item_uuid'] = $menu_item_uuid;
+					$database = new database;
+					$sub_result = $database->select($sql, $parameters, 'all');
+					unset($sql, $parameters, $group_list);
+
+					if (is_array($sub_result) && sizeof($sub_result) != 0) {
+						foreach ($sub_result as &$sub_row) {
+							$group_list[] = $sub_row["group_name"].(($sub_row['group_domain_uuid'] != '') ? "@".$_SESSION['domains'][$sub_row['group_domain_uuid']]['domain_name'] : null);
+						}
+						$group_list = isset($group_list) ? implode(', ', $group_list) : '';
 					}
-					$group_list = isset($group_list) ? implode(', ', $group_list) : '';
-					unset ($sub_prep_statement);
+					unset($sql, $sub_result, $sub_row);
 				//display the main body of the list
 					switch ($menu_item_category) {
 						case "internal":
@@ -103,7 +109,7 @@ function build_db_child_menu_list ($db, $menu_item_level, $menu_item_uuid, $c) {
 					}
 
 				//display the content of the list
-					$tr_link = (permission_exists('menu_edit')) ? "href='menu_item_edit.php?id=".$menu_uuid."&menu_item_uuid=".$row2['menu_item_uuid']."&menu_item_parent_uuid=".$row2['menu_item_parent_uuid']."'" : null;
+					$tr_link = permission_exists('menu_edit') ? "href='menu_item_edit.php?id=".$menu_uuid."&menu_item_uuid=".$row2['menu_item_uuid']."&menu_item_parent_uuid=".$row2['menu_item_parent_uuid']."'" : null;
 					echo "<tr ".$tr_link.">\n";
 					echo "<td valign='top' class='".$row_style[$c]." ".(($menu_item_category != 'internal') ? "tr_link_void" : null)."' style='padding-left: ".($menu_item_level * 25)."px;' nowrap>".$menu_item_title."&nbsp;</td>";
 					echo "<td valign='top' class='".$row_style[$c]."'>".$group_list."&nbsp;</td>";
@@ -138,12 +144,15 @@ function build_db_child_menu_list ($db, $menu_item_level, $menu_item_uuid, $c) {
 
 				//update the menu order
 					if ($row2[menu_item_order] != $tmp_menu_item_order) {
-						$sql  = "update v_menu_items set ";
-						$sql .= "menu_item_title = '".$row2[menu_item_title]."', ";
-						$sql .= "menu_item_order = '".$tmp_menu_item_order."' ";
-						$sql .= "where menu_uuid = '".$menu_uuid."' ";
-						$sql .= "and menu_item_uuid = '".$row2[menu_item_uuid]."' ";
-						$count = $db->exec(check_sql($sql));
+						$array['menu_items'][0]['menu_item_uuid'] = $row2['menu_item_uuid'];
+						$array['menu_items'][0]['menu_uuid'] = $menu_uuid;
+						$array['menu_items'][0]['menu_item_title'] = $row2['menu_item_title'];
+						$array['menu_items'][0]['menu_item_order'] = $tmp_menu_item_order;
+						$database = new database;
+						$database->app_name = 'menu';
+						$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+						$database->save($array);
+						unset($array);
 					}
 					$tmp_menu_item_order++;
 
@@ -154,54 +163,44 @@ function build_db_child_menu_list ($db, $menu_item_level, $menu_item_uuid, $c) {
 
 				if ($c==0) { $c=1; } else { $c=0; }
 			} //end foreach
-			unset($sql, $result2, $row2);
+			unset($result2, $row2);
 		}
 		return $c;
 	//end check for children
 }
 
 require_once "resources/header.php";
-$order_by = $_GET["order_by"];
+
+$order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'menu_item_order';
 $order = $_GET["order"];
 
 $sql = "select * from v_menu_items ";
-$sql .= "where menu_uuid = '".$menu_uuid."' ";
+$sql .= "where menu_uuid = :menu_uuid ";
 $sql .= "and menu_item_parent_uuid is null ";
-if (strlen($order_by)> 0) {
-	$sql .= "order by $order_by $order ";
-}
-else {
-	$sql .= "order by menu_item_order asc ";
-}
-$prep_statement = $db->prepare(check_sql($sql));
-$prep_statement->execute();
-$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-$result_count = count($result);
+$sql .= order_by($order_by, $order);
+$parameters['menu_uuid'] = $menu_uuid;
+$database = new database;
+$result = $database->select($sql, $parameters, 'all');
+unset($sql, $parameters);
 
 $c = 0;
 $row_style["0"] = "row_style0";
 $row_style["1"] = "row_style0";
 
 echo "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
-
-if ($result_count == 0) {
-	//no results
-	echo "<tr><td>&nbsp;</td></tr>";
+echo "	<tr>";
+echo "		<th align='left' nowrap>".$text['label-title']."</th>";
+echo "		<th align='left' nowrap>".$text['label-groups']."</th>";
+echo "		<th align='left'nowrap>".$text['label-category']."</th>";
+echo "		<th nowrap style='text-align: center;'>".$text['label-protected']."</th>";
+echo "		<th nowrap width='70' style='text-align: center;'>".$text['label-menu_order']."</th>";
+echo "		<td class='list_control_icons'>";
+if (permission_exists('menu_add')) {
+	echo "		<a href='menu_item_edit.php?id=".$menu_uuid."' alt='".$text['button-add']."'>$v_link_label_add</a>";
 }
-else {
-	echo "<tr>";
-	echo "<th align='left' nowrap>".$text['label-title']."</th>";
-	echo "<th align='left' nowrap>".$text['label-groups']."</th>";
-	echo "<th align='left'nowrap>".$text['label-category']."</th>";
-	echo "<th nowrap style='text-align: center;'>".$text['label-protected']."</th>";
-	echo "<th nowrap width='70' style='text-align: center;'>".$text['label-menu_order']."</th>";
-	echo "<td class='list_control_icons'>";
-	if (permission_exists('menu_add')) {
-		echo "<a href='menu_item_edit.php?id=".$menu_uuid."' alt='".$text['button-add']."'>$v_link_label_add</a>";
-	}
-	echo "</td>\n";
-	echo "</tr>";
-
+echo "		</td>\n";
+echo "	</tr>";
+if (is_array($result) && sizeof($result) != 0) {
 	foreach($result as $row) {
 		//set the db values as php variables
 			$menu_item_uuid = $row['menu_item_uuid'];
@@ -218,20 +217,24 @@ else {
 			$sql .= "	v_groups as g ";
 			$sql .= "where ";
 			$sql .= "	mig.group_uuid = g.group_uuid ";
-			$sql .= "	and mig.menu_uuid = '".$menu_uuid."' ";
-			$sql .= "	and mig.menu_item_uuid = '".$menu_item_uuid."' ";
+			$sql .= "	and mig.menu_uuid = :menu_uuid ";
+			$sql .= "	and mig.menu_item_uuid = :menu_item_uuid ";
 			$sql .= "order by ";
 			$sql .= "	g.domain_uuid desc, ";
 			$sql .= "	g.group_name asc ";
-			$sub_prep_statement = $db->prepare(check_sql($sql));
-			$sub_prep_statement->execute();
-			$sub_result = $sub_prep_statement->fetchAll(PDO::FETCH_NAMED);
-			unset($group_list);
-			foreach ($sub_result as &$sub_row) {
-				$group_list[] = $sub_row["group_name"].(($sub_row['group_domain_uuid'] != '') ? "@".$_SESSION['domains'][$sub_row['group_domain_uuid']]['domain_name'] : null);
+			$parameters['menu_uuid'] = $menu_uuid;
+			$parameters['menu_item_uuid'] = $menu_item_uuid;
+			$database = new database;
+			$sub_result = $database->select($sql, $parameters, 'all');
+			unset($sql, $group_list);
+
+			if (is_array($sub_result) && sizeof($sub_result) != 0) {
+				foreach ($sub_result as &$sub_row) {
+					$group_list[] = $sub_row["group_name"].(($sub_row['group_domain_uuid'] != '') ? "@".$_SESSION['domains'][$sub_row['group_domain_uuid']]['domain_name'] : null);
+				}
+				$group_list = implode(', ', $group_list);
 			}
-			$group_list = implode(', ', $group_list);
-			unset ($sub_prep_statement);
+			unset($sub_result, $sub_row);
 
 		//add the type link based on the typd of the menu
 			switch ($menu_item_category) {
@@ -290,12 +293,15 @@ else {
 
 		//update the menu order
 			if ($row[menu_item_order] != $tmp_menu_item_order) {
-				$sql  = "update v_menu_items set ";
-				$sql .= "menu_item_title = '".$row['menu_item_title']."', ";
-				$sql .= "menu_item_order = '".$tmp_menu_item_order."' ";
-				$sql .= "where menu_uuid = '".$menu_uuid."' ";
-				$sql .= "and menu_item_uuid = '".$row[menu_item_uuid]."' ";
-				//$db->exec(check_sql($sql));
+				$array['menu_items'][0]['menu_item_uuid'] = $row['menu_item_uuid'];
+				$array['menu_items'][0]['menu_uuid'] = $menu_uuid;
+				$array['menu_items'][0]['menu_item_title'] = $row['menu_item_title'];
+				$array['menu_items'][0]['menu_item_order'] = $tmp_menu_item_order;
+				//$database = new database;
+				//$database->app_name = 'menu';
+				//$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+				//$database->save($array);
+				unset($array);
 			}
 			$tmp_menu_item_order++;
 
@@ -307,7 +313,7 @@ else {
 
 		if ($c==0) { $c=1; } else { $c=0; }
 	} //end foreach
-	unset($sql, $result, $row_count);
+	unset($result);
 
 } //end if results
 

core/menu/menu_item_move_down.php

@@ -42,21 +42,17 @@ else {
 //update v_menu_items set menu_item_order = (menu_item_order+1) where menu_item_order > 2 or menu_item_order = 2
 
 if (count($_GET)>0) {
-	$menu_item_id = check_str($_GET["menu_item_id"]);
-	$menu_item_order = check_str($_GET["menu_item_order"]);
-	$menu_parent_guid = check_str($_GET["menu_parent_guid"]);
+	$menu_item_id = $_GET["menu_item_id"];
+	$menu_item_order = $_GET["menu_item_order"];
+	$menu_parent_guid = $_GET["menu_parent_guid"];
 
-	$sql = "SELECT menu_item_order FROM v_menu_items ";
-	$sql .= "where domain_uuid = '".$domain_uuid."' ";
+	$sql = "select menu_item_order from v_menu_items ";
+	$sql .= "where domain_uuid = :domain_uuid ";
 	$sql .= "order by menu_item_order desc ";
-	$sql .= "limit 1 ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	foreach ($result as &$row) {
-		$highestmenu_item_order = $row[menu_item_order];
-	}
-	unset($prep_statement);
+	$sql .= "limit 1 offset 0";
+	$parameters['domain_uuid'] = $domain_uuid;
+	$database = new database;
+	$highestmenu_item_order = $database->select($sql, $parameters, 'column');
 
 	if ($menu_item_order != $highestmenu_item_order) {
 		//clear the menu session so it will rebuild with the update
@@ -64,23 +60,35 @@ if (count($_GET)>0) {
 
 		//move the current item's order number up
 			$sql  = "update v_menu_items set ";
-			$sql .= "menu_item_order = (menu_item_order-1) "; //move down
-			$sql .= "where domain_uuid = '".$domain_uuid."' ";
-			$sql .= "and menu_item_order = ".($menu_item_order+1)." ";
-			$db->exec(check_sql($sql));
-			unset($sql);
+			$sql .= "menu_item_order = (menu_item_order - 1) "; //move down
+			$sql .= "where domain_uuid = :domain_uuid ";
+			$sql .= "and menu_item_order = :menu_item_order ";
+			$parameters['domain_uuid'] = $domain_uuid;
+			$parameters['menu_item_order'] = $menu_item_order + 1;
+			$database = new database;
+			$database->app_name = 'menu';
+			$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+			$database->execute($sql, $parameters);
+			unset($sql, $parameters);
 
 		//move the selected item's order number down
 			$sql  = "update v_menu_items set ";
-			$sql .= "menu_item_order = (menu_item_order+1) "; //move up
-			$sql .= "where domain_uuid = '".$domain_uuid."' ";
-			$sql .= "and menu_item_id = '$menu_item_id' ";
-			$db->exec(check_sql($sql));
-			unset($sql);
+			$sql .= "menu_item_order = (menu_item_order + 1) "; //move up
+			$sql .= "where domain_uuid = :domain_uuid ";
+			$sql .= "and menu_item_id = :menu_item_id ";
+			$parameters['domain_uuid'] = $domain_uuid;
+			$parameters['menu_item_id'] = $menu_item_id;
+			$database = new database;
+			$database->app_name = 'menu';
+			$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+			$database->execute($sql, $parameters);
+			unset($sql, $parameters);
+
+		//set message
+			message::add($text['message-moved_down']);
 	}
 
 	//redirect the user
-		message::add($text['message-moved_down']);
 		header("Location: menu_list.php?menu_item_id=".$menu_item_id);
 		return;
 }

core/menu/menu_item_move_up.php

@@ -42,8 +42,8 @@ else {
 //update v_menu_items set menu_order = (menu_order+1) where menu_order > 2 or menu_order = 2
 
 if (count($_GET)>0) {
-	$menu_item_id = check_str($_GET["menu_item_id"]);
-	$menu_order = check_str($_GET["menu_order"]);
+	$menu_item_id = $_GET["menu_item_id"];
+	$menu_order = $_GET["menu_order"];
 
 	if ($menu_order != 1) {
 		//clear the menu session so it will rebuild with the update
@@ -51,23 +51,35 @@ if (count($_GET)>0) {
 
 		//move the current item's order number down
 			$sql  = "update v_menu_items set ";
-			$sql .= "menu_order = (menu_order+1) "; //move down
-			$sql .= "where domain_uuid = '".$domain_uuid."' ";
-			$sql .= "and menu_order = ".($menu_order-1)." ";
-			$db->exec(check_sql($sql));
-			unset($sql);
+			$sql .= "menu_order = (menu_order + 1) "; //move down
+			$sql .= "where domain_uuid = :domain_uuid ";
+			$sql .= "and menu_order = :menu_order ";
+			$parameters['domain_uuid'] = $domain_uuid;
+			$parameters['menu_order'] = $menu_order - 1;
+			$database = new database;
+			$database->app_name = 'menu';
+			$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+			$database->execute($sql, $parameters);
+			unset($sql, $parameters);
 
 		//move the selected item's order number up
 			$sql  = "update v_menu_items set ";
-			$sql .= "menu_order = (menu_order-1) "; //move up
-			$sql .= "where domain_uuid = '".$domain_uuid."' ";
-			$sql .= "and menu_item_id = '$menu_item_id' ";
-			$db->exec(check_sql($sql));
-			unset($sql);
+			$sql .= "menu_order = (menu_order - 1) "; //move up
+			$sql .= "where domain_uuid = :domain_uuid ";
+			$sql .= "and menu_item_id = :menu_item_id ";
+			$parameters['domain_uuid'] = $domain_uuid;
+			$parameters['menu_item_id'] = $menu_item_id;
+			$database = new database;
+			$database->app_name = 'menu';
+			$database->app_uuid = 'f4b3b3d2-6287-489c-2a00-64529e46f2d7';
+			$database->execute($sql, $parameters);
+			unset($sql, $parameters);
+
+		//set message
+			message::add($text['message-moved_up']);
 	}
 
 	//redirect the user
-		message::add($text['message-moved_up']);
 		header("Location: menu_list.php?menu_item_id=".$menu_item_id);
 		return;
 }

core/menu/menu_restore_default.php

@@ -44,8 +44,8 @@
 
 //get the http value and set as a php variable
 	if (!$included) {
-		$menu_uuid = check_str($_REQUEST["menu_uuid"]);
-		$menu_language = check_str($_REQUEST["menu_language"]);
+		$menu_uuid = $_REQUEST["menu_uuid"];
+		$menu_language = $_REQUEST["menu_language"];
 	}
 
 //menu restore default