Use new object-oriented backend

[infodrom.org/service.infodrom.org] / src / InfoCon / account / list.wml

diff --git a/src/InfoCon/account/list.wml b/src/InfoCon/account/list.wml
index fdce01f..405f7a2 100644 (file)
--- a/src/InfoCon/account/list.wml
+++ b/src/InfoCon/account/list.wml
@@ -15,63 +15,58 @@
   <th width=10%>Betrag</th>
 </tr>
 <?
-  pg_exec ($dbh, "SET DateStyle = 'ISO'") or die("Datenbank-Abfrage!");
-
   $table = "account";
   $value = "value_eur";
   $add = '';
-  if ((strlen ($_POST[currency]) > 0) && ($_POST[currency] == "dm")) {
+  if ((strlen ($_POST['currency']) > 0) && ($_POST['currency'] == "dm")) {
     $table = "account_dm";
     $value = "value_dm";
     $add = "&cur=dm";
   }
 
-  $where[] = "blz_kto = '$_POST[blzkto]'";
-  if (strlen($_POST[year])) {
-    $where[] = sprintf ("datum >= '%04d-01-01'", $_POST[year]);
+  $where[] = sprintf("blz_kto = '%s'", $_POST['blzkto']);
+  if (strlen($_POST['year'])) {
+    $where[] = sprintf ("datum >= '%04d-01-01'", $_POST['year']);
     $year++;
-    $where[] = sprintf ("datum < '%04d-01-01'", $_POST[year]+1);
+    $where[] = sprintf ("datum < '%04d-01-01'", $_POST['year']+1);
   }
 
-  if (strlen($_POST[deadline]) && strlen(trim($_POST[deadline]))) {
-    $date = form_to_yyyymmdd ($_POST[deadline]);
+  if (strlen($_POST[deadline]) && strlen(trim($_POST['deadline']))) {
+    $date = form_to_yyyymmdd ($_POST['deadline']);
     $where[] = sprintf ("datum < '%s'", $date);
   }
 
-  if (strlen($_POST[statement]) && strlen(trim($_POST[statement]))) {
-    $where[] = "statement = '$_POST[statement]'";
+  if (strlen($_POST['statement']) && strlen(trim($_POST['statement']))) {
+    $where[] = sprintf("statement = '%s'", $_POST['statement']);
   }
 
-  if (strlen($_POST[category]) && strlen(trim($_POST[category]))) {
-    $where[] = "category = '$_POST[category]'";
+  if (strlen($_POST['category']) && strlen(trim($_POST['category']))) {
+    $where[] = sprintf("category = '%s'", $_POST['category']);
   }
 
-  if (strlen($_POST[keyword]) && strlen(trim($_POST[keyword]))) {
-    $where[] = "descr ~* '$_POST[keyword]'";
+  if (strlen($_POST['keyword']) && strlen(trim($_POST['keyword']))) {
+    $where[] = sprintf("descr ~* '%s'", $_POST['keyword']);
   }
 
-  if (strlen($_POST[from_to]) && strlen(trim($_POST[from_to]))) {
-    $where[] = "from_to = '$_POST[from_to]'";
+  if (strlen($_POST['from_to']) && strlen(trim($_POST['from_to']))) {
+    $where[] = sprintf("from_to = '%s'", $_POST['from_to']);
   }
 
-  if ($_POST[input] && !$_POST[output]) {
+  if ($_POST['input'] && !$_POST['output']) {
     $where[] = "$value > 0.0";
-  } elseif ($_POST[output] && !$_POST[input]) {
+  } elseif ($_POST['output'] && !$_POST['input']) {
     $where[] = "$value < 0.0";
   }
 
   $query = "SELECT datum,id,category,descr,$value FROM $table WHERE "
         . implode ($where, " AND ")
         . " ORDER BY datum,id";
-  $sth = pg_exec ($dbh, $query) or die("Datenbank-Abfrage!");
 
   $sum = 0.0;
   $sum_in = 0.0;
   $sum_out = 0.0;
   $color = 0;
-  for ($nr=0; $nr < pg_NumRows ($sth); $nr++) {
-    $row = pg_fetch_array ($sth, $nr);
-
+  foreach ($db->fetchAssocList($query) as $row) {
     $descr = explode ("
 ", $row['descr']);
     $date = explode (" ", $row['datum']);