diff --git a/www/include/configuration/configObject/service/listServiceByHostGroup.php b/www/include/configuration/configObject/service/listServiceByHostGroup.php index 10724fe36fe..5a43d147d95 100644 --- a/www/include/configuration/configObject/service/listServiceByHostGroup.php +++ b/www/include/configuration/configObject/service/listServiceByHostGroup.php @@ -202,27 +202,56 @@ * HostGroup/service list */ if ($searchS || $searchHG) { + //preparing tmp binds + $tmpIds = explode(',', $tmp); + $tmpQueryBinds = []; + foreach ($tmpIds as $key => $value) { + $tmpQueryBinds[':tmp_id_' . $key] = $value; + } + $tmpBinds = implode(',', array_keys($tmpQueryBinds)); + //preparing tmp2 binds + $tmp2Ids = explode(',', $tmp2); + $tmp2QueryBinds = []; + foreach ($tmp2Ids as $key => $value) { + $tmp2QueryBinds[':tmp2_id_' . $key] = $value; + } + $tmp2Binds = implode(',', array_keys($tmp2QueryBinds)); + $query = "SELECT $distinct @nbr:=(SELECT COUNT(*) FROM host_service_relation " . "WHERE service_service_id = sv.service_id GROUP BY sv.service_id ) AS nbr, sv.service_id, " . "sv.service_description, sv.service_activate, sv.service_template_model_stm_id, hg.hg_id, hg.hg_name " . "FROM service sv, hostgroup hg, host_service_relation hsr $aclFrom " . - "WHERE sv.service_register = '1' $sqlFilterCase AND sv.service_id IN (" . ($tmp ? $tmp : 'NULL') . - ") AND hsr.hostgroup_hg_id IN (" . ($tmp2 ? $tmp2 : 'NULL') . ") " . - ((isset($template) && $template) ? " AND service_template_model_stm_id = '$template' " : "") . + "WHERE sv.service_register = '1' $sqlFilterCase AND sv.service_id " . + "IN ($tmpBinds) AND hsr.hostgroup_hg_id IN ($tmp2Binds) " . + ((isset($template) && $template) ? " AND service_template_model_stm_id = :template " : "") . " AND hsr.service_service_id = sv.service_id AND hg.hg_id = hsr.hostgroup_hg_id " . $aclCond . - "ORDER BY hg.hg_name, sv.service_description LIMIT " . $num * $limit . ", " . $limit; + "ORDER BY hg.hg_name, sv.service_description LIMIT :offset_, :limit"; + $statement = $pearDB->prepare($query); + //tmp bind values + foreach ($tmpQueryBinds as $key => $value) { + $statement->bindValue($key, (int) $value, PDO::PARAM_INT); + } + //tmp bind values + foreach ($tmp2QueryBinds as $key => $value) { + $statement->bindValue($key, (int) $value, PDO::PARAM_INT); + } } else { $query = "SELECT $distinct @nbr:=(SELECT COUNT(*) FROM host_service_relation " . "WHERE service_service_id = sv.service_id GROUP BY sv.service_id ) AS nbr, sv.service_id, " . "sv.service_description, sv.service_activate, sv.service_template_model_stm_id, hg.hg_id, hg.hg_name " . "FROM service sv, hostgroup hg, host_service_relation hsr $aclFrom " . "WHERE sv.service_register = '1' $sqlFilterCase " . - ((isset($template) && $template) ? " AND service_template_model_stm_id = '$template' " : "") . + ((isset($template) && $template) ? " AND service_template_model_stm_id = :template " : "") . " AND hsr.service_service_id = sv.service_id AND hg.hg_id = hsr.hostgroup_hg_id " . $aclCond . - "ORDER BY hg.hg_name, sv.service_description LIMIT " . $num * $limit . ", " . $limit; + "ORDER BY hg.hg_name, sv.service_description LIMIT :offset_, :limit"; + $statement = $pearDB->prepare($query); } -$dbResult = $pearDB->query($query); - +$statement->bindValue(':offset_', (int) $num * (int) $limit, \PDO::PARAM_INT); +$statement->bindValue(':limit', (int) $limit, \PDO::PARAM_INT); +if ((isset($template) && $template)) { + $statement->bindValue(':template', (int) $template, \PDO::PARAM_INT); +} +$statement->execute(); $form = new HTML_QuickFormCustom('select_form', 'POST', "?p=" . $p); // Different style between each lines @@ -263,7 +292,7 @@ $centreonToken = createCSRFToken(); -for ($i = 0; $service = $dbResult->fetch(); $i++) { +for ($i = 0; $service = $statement->fetch(); $i++) { $moptions = ""; $fgHostgroup["value"] != $service["hg_name"] ? ($fgHostgroup["print"] = true && $fgHostgroup["value"] = $service["hg_name"])