diff --git a/include/controls.php b/include/controls.php
index 97b4b6711..278725463 100644
--- a/include/controls.php
+++ b/include/controls.php
@@ -72,7 +72,9 @@ function print_radio($id, $default, $true_is, $values, $attributes = "") {
function print_feed_multi_select($id, $default_ids = [],
$attributes = "", $include_all_feeds = true,
- $root_id = false, $nest_level = 0) {
+ $root_id = null, $nest_level = 0) {
+
+ $pdo = DB::pdo();
print_r(in_array("CAT:6",$default_ids));
@@ -86,18 +88,18 @@ function print_feed_multi_select($id, $default_ids = [],
if (get_pref('ENABLE_FEED_CATS')) {
- if ($root_id)
- $parent_qpart = "parent_cat = '$root_id'";
- else
- $parent_qpart = "parent_cat IS NULL";
+ if (!$root_id) $root_id = null;
- $result = db_query("SELECT id,title,
+ $sth = $pdo->prepare("SELECT id,title,
(SELECT COUNT(id) FROM ttrss_feed_categories AS c2 WHERE
c2.parent_cat = ttrss_feed_categories.id) AS num_children
FROM ttrss_feed_categories
- WHERE owner_uid = ".$_SESSION["uid"]." AND $parent_qpart ORDER BY title");
+ WHERE owner_uid = :uid AND
+ (parent_cat = :root_id OR :root_id IS NULL AND parent_cat IS NULL) ORDER BY title");
- while ($line = db_fetch_assoc($result)) {
+ $sth->execute([":uid" => $_SESSION['uid'], ":root_id" => $root_id]);
+
+ while ($line = $sth->fetch()) {
for ($i = 0; $i < $nest_level; $i++)
$line["title"] = " - " . $line["title"];
@@ -111,10 +113,12 @@ function print_feed_multi_select($id, $default_ids = [],
print_feed_multi_select($id, $default_ids, $attributes,
$include_all_feeds, $line["id"], $nest_level+1);
- $feed_result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE cat_id = '".$line["id"]."' AND owner_uid = ".$_SESSION["uid"] . " ORDER BY title");
+ $f_sth = $pdo->prepare("SELECT id,title FROM ttrss_feeds
+ WHERE cat_id = ? AND owner_uid = ? ORDER BY title");
- while ($fline = db_fetch_assoc($feed_result)) {
+ $f_sth->execute([$line['id'], $_SESSION['uid']]);
+
+ while ($fline = $f_sth->fetch()) {
$is_selected = (in_array($fline["id"], $default_ids)) ? "selected=\"1\"" : "";
$fline["title"] = " + " . $fline["title"];
@@ -133,10 +137,11 @@ function print_feed_multi_select($id, $default_ids = [],
printf("",
__("Uncategorized"));
- $feed_result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE cat_id IS NULL AND owner_uid = ".$_SESSION["uid"] . " ORDER BY title");
+ $f_sth = $pdo->prepare("SELECT id,title FROM ttrss_feeds
+ WHERE cat_id IS NULL AND owner_uid = ? ORDER BY title");
+ $f_sth->execute([$_SESSION['uid']]);
- while ($fline = db_fetch_assoc($feed_result)) {
+ while ($fline = $f_sth->fetch()) {
$is_selected = in_array($fline["id"], $default_ids) ? "selected=\"1\"" : "";
$fline["title"] = " + " . $fline["title"];
@@ -150,10 +155,11 @@ function print_feed_multi_select($id, $default_ids = [],
}
} else {
- $result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title");
+ $sth = $pdo->prepare("SELECT id,title FROM ttrss_feeds
+ WHERE owner_uid = ? ORDER BY title");
+ $sth->execute([$_SESSION['uid']]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$is_selected = (in_array($line["id"], $default_ids)) ? "selected=\"1\"" : "";
@@ -309,13 +315,16 @@ function format_inline_player($url, $ctype) {
function print_label_select($name, $value, $attributes = "") {
- $result = db_query("SELECT caption FROM ttrss_labels2
- WHERE owner_uid = '".$_SESSION["uid"]."' ORDER BY caption");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT caption FROM ttrss_labels2
+ WHERE owner_uid = ? ORDER BY caption");
+ $sth->execute([$_SESSION['uid']]);
print "