fixing database accesses

includes/mysql.php

@@ -6,8 +6,8 @@
   if (!$GlobalMysqlHandler)
   {
     $err_msg = "Cannot connect to mysql database \"$GlobalMysqlHost\" as \"$GlobalMysqlUser\"!";
-    $err_msg += "\nErrno: " . mysqli_connect_errno();
-    $err_msg += "\nError: " . mysqli_connect_error();
+    $err_msg .= "\nErrno: " . mysqli_connect_errno();
+    $err_msg .= "\nError: " . mysqli_connect_error();
     ErrorLog($err_msg);
     $MysqlErrorsArePresent = 1;
   }
@@ -16,8 +16,8 @@
     if (!mysqli_select_db($GlobalMysqlHandler, $GlobalMysqlDatabase))
     {
       $err_msg = "Cannot select mysql database \"$GlobalMysqlDatabase\"!";
-      $err_msg += "\nErrno: " . mysqli_connect_errno();
-      $err_msg += "\nError: " . mysqli_connect_error();
+      $err_msg .= "\nErrno: " . mysqli_connect_errno();
+      $err_msg .= "\nError: " . mysqli_connect_error();
       ErrorLog($err_msg);
       $MysqlErrorsArePresent = 2;
     }

includes/user.php

@@ -6,11 +6,11 @@ if ($ToDo=="Login")
 {
   $Login    = (isset($_POST['Login']))    ?     $_POST['Login']    :"";
   $Password = (isset($_POST['Password'])) ? md5($_POST['Password']):"";
-  
+
   if ($Login=="root")
   {
     global $CfgRootPassword;
-    
+
     if ($Password==$CfgRootPassword)
     {
       MessageSuccess(LangSpell('ScentenceLoginSucceeded')."\n");
@@ -24,7 +24,7 @@ if ($ToDo=="Login")
       $_SESSION['Id']=0;
       $_SESSION['Login']="";
       $_SESSION['Time']=0;
-    }    
+    }
   }
   else if ($Login)
   {
@@ -47,7 +47,7 @@ if ($ToDo=="Login")
       $_SESSION['Id']=0;
       $_SESSION['Login']="";
       $_SESSION['Time']=0;
-    }    
+    }
   }
   else
   {
@@ -149,10 +149,10 @@ function UserLoadSettings()
 
   global $GlobalTemplate;
   global $CfgStdTemplate;
-  
+
   global $GlobalLanguage;
   global $CfgStdLanguage;
-  
+
   if (isset($_SESSION['Id']) && $_SESSION['Id']>0)
   {
     $LoadQuery="SELECT `Template` , `Language` FROM `User` WHERE `Id` =".$_SESSION['Id'];

pages/consistency_check_databse.php

@@ -85,16 +85,16 @@ if (UserGetLogin()=="root")
         mysqli_query($CheckHandler, 'ALTER TABLE `Types` DROP PRIMARY KEY , ADD PRIMARY KEY ( `Id` )');
         mysqli_query($CheckHandler, 'ALTER TABLE `Types` CHANGE `Id` `Id` INT( 11 ) NOT NULL AUTO_INCREMENT ');
         mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `Name` varchar(100) COLLATE utf8_unicode_ci NOT NULL');
-        mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `ShortName` varchar(10) COLLATE utf8_unicode_ci NOT NULL');
-        mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `NameValue1` varchar(50) COLLATE utf8_unicode_ci NOT NULL');
-        mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `UnitValue1` varchar(20) COLLATE utf8_unicode_ci NOT NULL');
-        mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `NameValue2` varchar(50) COLLATE utf8_unicode_ci NOT NULL');
-        mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `UnitValue2` varchar(20) COLLATE utf8_unicode_ci NOT NULL');
-        mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `NameValue3` varchar(50) COLLATE utf8_unicode_ci NOT NULL');
-        mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `UnitValue3` varchar(20) COLLATE utf8_unicode_ci NOT NULL');
-        mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `ParentId` int(11) NOT NULL');
-        mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `LockId` int(11) NOT NULL');
-        mysqli_query($CheckHandler, 'ALTER TABLE `Types` ADD `LockTime` int(11) NOT NULL');
+        mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `ShortName` varchar(10) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
+        mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `NameValue1` varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
+        mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `UnitValue1` varchar(20) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
+        mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `NameValue2` varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
+        mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `UnitValue2` varchar(20) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
+        mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `NameValue3` varchar(50) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
+        mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `UnitValue3` varchar(20) COLLATE utf8_unicode_ci NOT NULL DEFAULT ''");
+        mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `ParentId` int(11) NOT NULL");
+        mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `LockId` int(11) NOT NULL DEFAULT '0'");
+        mysqli_query($CheckHandler, "ALTER TABLE `Types` ADD `LockTime` int(11) NOT NULL DEFAULT '0'");
         //User
         mysqli_query($CheckHandler, 'CREATE TABLE IF NOT EXISTS `User` ( `Id` int(11) NOT NULL AUTO_INCREMENT, PRIMARY KEY (`Id`) ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; ');
         mysqli_query($CheckHandler, 'ALTER TABLE `User` ADD `Id` int(11) NOT NULL AUTO_INCREMENT');

pages/edit_types.php

@@ -8,14 +8,14 @@ function WriteTypeList($ParentId, $ParentIsLocked)
   global $GlobalContent;
   global $GlobalTemplate;
   global $EditTypesEditId;
-  
+
   $ListQuery="SELECT * FROM `Types` WHERE `ParentId` =$ParentId";
   $ListQuery=mysqli_query($GlobalMysqlHandler, $ListQuery);
 
   if (!$ParentId || NestedListVisibilityIsSet($ParentId, 'EditTypes'))
-    $GlobalContent .= "<ul style=\"display:block;\">\n";  
+    $GlobalContent .= "<ul style=\"display:block;\">\n";
   else
-    $GlobalContent .= "<ul style=\"display:none;\">\n";  
+    $GlobalContent .= "<ul style=\"display:none;\">\n";
 
   if (mysqli_num_rows($ListQuery))
   {
@@ -26,7 +26,7 @@ function WriteTypeList($ParentId, $ParentIsLocked)
           && !( LockIsActive('Types',$ListData['Id']) || $ParentIsLocked)
           )
       { //edit entry
-        $GlobalContent .= " <li>\n";        
+        $GlobalContent .= " <li>\n";
         $GlobalContent .= ' <a href="index.php?Page=EditTypes&ToDo=DeleteType&Id='.$ListData['Id'].'" title="'.LangSpellHtml('TagTitleDelete').'">'.OtherGetIcon('Delete',"Button").'</a>';
         $GlobalContent .= ' <form action="index.php?Page=EditTypes&ToDo=EditTypeSave" method="post">';
           $GlobalContent .= '  <input type="hidden" name="Id" value="'.$ListData['Id'].'">';
@@ -56,7 +56,7 @@ function WriteTypeList($ParentId, $ParentIsLocked)
       }
       else
       { //just show entry
-        $GlobalContent .= " <li>\n";        
+        $GlobalContent .= " <li>\n";
         if (LockIsActive('Types',$ListData['Id']) || $ParentIsLocked)
         {
           $GlobalContent .= ' '.OtherGetIcon('LockActive');
@@ -71,7 +71,7 @@ function WriteTypeList($ParentId, $ParentIsLocked)
         $GlobalContent .= " (".NestedListCountSubElements($ListData['Id'],'Types').")";
         $GlobalContent .= " \n</li>\n";
       }
-      
+
       WriteTypeList($ListData['Id'],$ParentIsLocked);
     }
   }
@@ -103,7 +103,7 @@ if (UserHasRight('EditTypes'))
       $Id = $_POST['Id'];
       $Name = $_POST['Name'];
       $MoveId = (isset($_POST['MoveToId']))? $_POST['MoveToId']:0;
-      
+
       if ($MoveId)
       {
         $MoveQuery = "";
@@ -131,7 +131,7 @@ if (UserHasRight('EditTypes'))
           ErrorLog("[edit_types.php] Db error on moving element with id $Id to parent id $MoveId");
         }
       }
-      
+
       //$ChangeItemQuery="UPDATE `Types` SET `Name` = '$Name' WHERE `Id` =$Id LIMIT 1 ;";
       $ChangeItemQuery="UPDATE `Types` SET `Name` = '$Name', `ShortName` = '".$_POST['ShortName']."', `NameValue1` = '".$_POST['NameValue1']."', `NameValue2` = '".$_POST['NameValue2']."', `NameValue3` = '".$_POST['NameValue3']."', `UnitValue1` = '".$_POST['UnitValue1']."', `UnitValue2` = '".$_POST['UnitValue2']."', `UnitValue3` = '".$_POST['UnitValue3']."' WHERE `Id` =$Id LIMIT 1 ;";
       if (!mysqli_query($GlobalMysqlHandler, $ChangeItemQuery))
@@ -199,13 +199,16 @@ if (UserHasRight('EditTypes'))
         if (trim($NewTypeName)!="")
         {
           global $GlobalMysqlHandler;
-          $InsertQuery="INSERT INTO `Types` ( `Name` , `ParentId` ) VALUES ( '$NewTypeName', '$ParentId' );";
-          if (mysqli_query($GlobalMysqlHandler, $InsertQuery))
-          {
+          $InsertQuery="INSERT INTO `Types` (`Name`, `ParentId`) VALUES ( '$NewTypeName', '$ParentId');";
+          $QueyResult = mysqli_query($GlobalMysqlHandler, $InsertQuery);
+          if ($QueyResult === True) {
             MessageSuccess(LangSpell('EditTypesNewTypeAdded'));
-          }
-          else
-          {
+          } else {
+            $err_msg = "Cannot create new type!";
+            $err_msg .= "\nErrno: " . mysqli_connect_errno();
+            $err_msg .= "\nError: " . mysqli_connect_error();
+            $err_msg .= "\nQuery: " . $InsertQuery;
+            ErrorLog($err_msg);
             MessageError(LangSpell('SentenceDatabaseError'));
           }
         }
@@ -297,7 +300,7 @@ if (UserHasRight('EditTypes') || UserHasRight('ViewSTPV'))
     }
     $ToDo="";
   }
-  
+
    ///////////////
   // sow types
   if ($ToDo=="")

pages/edit_vendors.php

@@ -88,8 +88,8 @@ if (UserHasRight('EditVendors'))
       $InsertVendorQuery = "INSERT INTO `Vendors` (`Name`, `Homepage`, `MinBill`, `ShippingCost`, `LockId`, `LockTime`) VALUES ('$Name', '$Homepage', '$MinBill', '$ShippingCost', 0, 0);";
       if (mysqli_query($GlobalMysqlHandler, $InsertVendorQuery) === false) {
         $err_msg = "Database error while insert new vendor!";
-        $err_msg += "\nErrno: " . mysqli_connect_errno();
-        $err_msg += "\nError: " . mysqli_connect_error();
+        $err_msg .= "\nErrno: " . mysqli_connect_errno();
+        $err_msg .= "\nError: " . mysqli_connect_error();
         ErrorLog($err_msg);
         MessageError(LangSpell('SentenceDatabaseError'));
       } else {