[DATABASE] Only use single quotation marks for SQL strings

Double quotation marks are only used for identifiers in the SQL standard.

scripts/allsites.php

@@ -1,21 +1,25 @@
 #!/usr/bin/env php
 <?php
-/*
- * StatusNet - the distributed open-source microblogging tool
- * Copyright (C) 2009, StatusNet, Inc.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+// This file is part of GNU social - https://www.gnu.org/software/social
+//
+// GNU social is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// GNU social is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with GNU social.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * @package   GNUsocial
+ * @author    Evan Prodromou <evan@status.net>
+ * @copyright 2009, StatusNet, Inc.
+ * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
  */
 
 // Abort if called from a web server
@@ -37,8 +41,8 @@ ENDOFHELP;
 
 require_once INSTALLDIR.'/scripts/commandline.inc';
 
-function print_all_sites() {
-
+function print_all_sites()
+{
     $sn = new Status_network();
 
     if ($sn->find()) {
@@ -49,14 +53,16 @@ function print_all_sites() {
     return;
 }
 
-function print_tagged_sites($tag) {
-
+function print_tagged_sites($tag)
+{
     $sn = new Status_network();
 
-    $sn->query('select status_network.nickname '.
-               'from status_network join status_network_tag '.
-               'on status_network.site_id = status_network_tag.site_id '.
-               'where status_network_tag.tag = "' . $tag . '"');
+    $sn->query(
+        'SELECT status_network.nickname '.
+        'FROM status_network INNER JOIN status_network_tag '.
+        'ON status_network.site_id = status_network_tag.site_id '.
+        "WHERE status_network_tag.tag = '" . $sn->escape($tag) . "'"
+    );
 
     while ($sn->fetch()) {
         print "$sn->nickname\n";
@@ -65,16 +71,18 @@ function print_tagged_sites($tag) {
     return;
 }
 
-function print_untagged_sites($tag) {
-
+function print_untagged_sites($tag)
+{
     $sn = new Status_network();
 
-    $sn->query('select status_network.nickname '.
-               'from status_network '.
-               'where not exists '.
-               '(select tag from status_network_tag '.
-               'where site_id = status_network.site_id '.
-               'and tag = "'.$tag.'")');
+    $sn->query(
+        'SELECT status_network.nickname '.
+        'FROM status_network '.
+        'WHERE NOT EXISTS '.
+        '(SELECT tag FROM status_network_tag '.
+        'WHERE site_id = status_network.site_id '.
+        "AND tag = '" . $sn->escape($tag) . "')"
+    );
 
     while ($sn->fetch()) {
         print "$sn->nickname\n";
@@ -86,7 +94,7 @@ function print_untagged_sites($tag) {
 if (have_option('t', 'tagged')) {
     $tag = get_option_value('t', 'tagged');
     print_tagged_sites($tag);
-} else if (have_option('w', 'not-tagged')) {
+} elseif (have_option('w', 'not-tagged')) {
     $tag = get_option_value('w', 'not-tagged');
     print_untagged_sites($tag);
 } else {

scripts/upgrade.php

@@ -249,7 +249,7 @@ function fixupConversationURIs()
         while ($conv->fetch()) {
             $uri = common_local_url('conversation', ['id' => $conv->id]);
             $sql = sprintf(
-                'UPDATE conversation SET uri="%1$s" WHERE id="%2$d";',
+                'UPDATE conversation SET uri = \'%1$s\' WHERE id = %2$d;',
                 $conv->escape($uri),
                 $conv->id
             );
@@ -379,7 +379,7 @@ function initSubscriptionURI()
                 $sub->decache();
                 $sub->query(sprintf(
                     'UPDATE subscription '.
-                    'SET uri = "%s" '.
+                    "SET uri = '%s' " .
                     'WHERE subscriber = %d '.
                       'AND subscribed = %d',
                     $sub->escape(Subscription::newUri($sub->getSubscriber(), $sub->getSubscribed(), $sub->created)),
@@ -408,7 +408,7 @@ function initGroupMemberURI()
                 $mem->decache();
                 $mem->query(sprintf(
                     'UPDATE group_member '.
-                    'SET uri = "%s" '.
+                    "SET uri = '%s' " .
                     'WHERE profile_id = %d ' .
                       'AND group_id = %d',
                     Group_member::newUri(Profile::getByID($mem->profile_id), User_group::getByID($mem->group_id), $mem->created),
@@ -537,7 +537,7 @@ function deleteLocalFileThumbnailsWithoutFilename()
         while ($file->fetch()) {
             $thumbs = new File_thumbnail();
             $thumbs->file_id = $file->id;
-            $thumbs->whereAdd('filename IS NULL OR filename = ""');
+            $thumbs->whereAdd("filename IS NULL OR filename = ''");
             // Checking if there were any File_thumbnail entries without filename
             if (!$thumbs->find()) {
                 continue;
@@ -560,7 +560,7 @@ function deleteMissingLocalFileThumbnails()
     printfnq("Removing all local File_thumbnail entries without existing files...");
 
     $thumbs = new File_thumbnail();
-    $thumbs->whereAdd('filename IS NOT NULL AND filename != ""');
+    $thumbs->whereAdd("filename IS NOT NULL AND filename != ''");
     // Checking if there were any File_thumbnail entries without filename
     if ($thumbs->find()) {
         while ($thumbs->fetch()) {
@@ -583,7 +583,7 @@ function setFilehashOnLocalFiles()
     printfnq('Ensuring all local files have the filehash field set...');
 
     $file = new File();
-    $file->whereAdd('filename IS NOT NULL AND filename != ""');        // local files
+    $file->whereAdd("filename IS NOT NULL AND filename != ''"); // local files
     $file->whereAdd('filehash IS NULL', 'AND');     // without filehash value
 
     if ($file->find()) {
@@ -606,10 +606,14 @@ function fixupFileThumbnailUrlhash()
     printfnq("Setting urlhash for File_thumbnail entries: ");
 
     $thumb = new File_thumbnail();
-    $thumb->query('UPDATE '.$thumb->escapedTableName().' SET urlhash=SHA2(url, 256) WHERE'.
-                    ' url IS NOT NULL AND'. // find all entries with a url value
-                    ' url != "" AND'.       // precaution against non-null empty strings
-                    ' urlhash IS NULL');    // but don't touch those we've already calculated
+    $thumb->query(sprintf(
+        'UPDATE %1$s ' .
+        'SET urlhash = sha2(url, 256) ' .
+        'WHERE url IS NOT NULL ' . // find all entries with a url value
+        "AND url <> '' " .         // precaution against non-null empty strings
+        'AND urlhash IS NULL',     // but don't touch those we've already calculated
+        $thumb->escapedTableName()
+    ));
 
     printfnq("DONE.\n");
 }