fixed mysql statements

interface/login/login.php

@@ -75,7 +75,7 @@ function imsubmitted() {
 
         <?php
         // collect groups
-        $res = sqlStatement("select distinct name from groups");
+        $res = sqlStatement("select distinct name from `groups`");
         for ($iter = 0; $row = sqlFetchArray($res); $iter++)
             $result[$iter] = $row;
         if (count($result) == 1) {

interface/usergroup/usergroup_admin.php

@@ -442,7 +442,7 @@
       //set the facility name from the selected facility_id
       sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '" . trim(formData('facility_id')) . "' AND users.username = '" . trim(formData('rumple')) . "'");
 
-      sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
+      sqlStatement("insert into `groups` set name = '" . trim(formData('groupname')) .
         "', user = '" . trim(formData('rumple')) . "'");
 
       if (isset($phpgacl_location) && acl_check('admin', 'acl') && trim(formData('rumple'))) {
@@ -470,7 +470,7 @@
       refreshCalendar(); //after "Add User" process is complete
   }
   else if ($_POST["mode"] == "new_group") {
-    $res = sqlStatement("select distinct name, user from groups");
+    $res = sqlStatement("select distinct name, user from `groups`");
     for ($iter = 0; $row = sqlFetchArray($res); $iter++)
       $result[$iter] = $row;
     $doit = 1;
@@ -479,7 +479,7 @@
         $doit--;
     }
     if ($doit == 1) {
-      sqlStatement("insert into groups set name = '" . trim(formData('groupname')) .
+      sqlStatement("insert into `groups` set name = '" . trim(formData('groupname')) .
         "', user = '" . trim(formData('rumple')) . "'");
     } else {
       $alertmsg .= "User " . trim(formData('rumple')) .
@@ -504,25 +504,25 @@
     // reference users to make sure this user is not referenced!
 
     foreach($result as $iter) {
-      sqlStatement("delete from groups where user = '" . $iter{"username"} . "'");
+      sqlStatement("delete from `groups` where user = '" . $iter{"username"} . "'");
     }
     sqlStatement("delete from users where iid = ?", array($_GET["id"]))
   }
   *******************************************************************/
 
   if ($_GET["mode"] == "delete_group") {
-    $res = sqlStatement("select distinct user from groups where id = ?", array($_GET["id"]));
+    $res = sqlStatement("select distinct user from `groups` where id = ?", array($_GET["id"]));
     for ($iter = 0; $row = sqlFetchArray($res); $iter++)
       $result[$iter] = $row;
     foreach($result as $iter)
       $un = $iter{"user"};
-    $res = sqlStatement("select name, user from groups where user = '$un' " .
+    $res = sqlStatement("select name, user from `groups` where user = '$un' " .
       "and id != ?", array($_GET["id"]));
 
     // Remove the user only if they are also in some other group.  I.e. every
     // user must be a member of at least one group.
     if (sqlFetchArray($res) != FALSE) {
-      sqlStatement("delete from groups where id = ?", array($_GET["id"]));
+      sqlStatement("delete from `groups` where id = ?", array($_GET["id"]));
     } else {
       $alertmsg .= "You must add this user to some other group before " .
         "removing them from this group. ";
@@ -684,7 +684,7 @@ function authorized_clicked() {
     </div>
 <?php
 if (empty($GLOBALS['disable_non_default_groups'])) {
-  $res = sqlStatement("select * from groups order by name");
+  $res = sqlStatement("select * from `groups` order by name");
   for ($iter = 0;$row = sqlFetchArray($res);$iter++)
     $result5[$iter] = $row;
 

interface/usergroup/usergroup_admin_add.php

@@ -241,7 +241,7 @@ function authorized_clicked() {
 <td>
 <select name=groupname<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>
 <?php
-$res = sqlStatement("select distinct name from groups");
+$res = sqlStatement("select distinct name from `groups`");
 $result2 = array();
 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
   $result2[$iter] = $row;
@@ -484,7 +484,7 @@ function authorized_clicked() {
 <span class="text"><?php echo xlt('Groupname'); ?>: </span>
 <select name=groupname>
 <?php
-$res = sqlStatement("select distinct name from groups");
+$res = sqlStatement("select distinct name from `groups`");
 $result2 = array();
 for ($iter = 0;$row = sqlFetchArray($res);$iter++)
   $result2[$iter] = $row;
@@ -503,7 +503,7 @@ function authorized_clicked() {
 
 <?php
 if (empty($GLOBALS['disable_non_default_groups'])) {
-  $res = sqlStatement("select * from groups order by name");
+  $res = sqlStatement("select * from `groups` order by name");
   for ($iter = 0;$row = sqlFetchArray($res);$iter++)
     $result5[$iter] = $row;
 

library/auth.inc

@@ -201,22 +201,22 @@ function getUserList ($cols = '*', $limit = 'all', $start = '0')
 function getProviderList ($cols = '*', $limit= 'all', $start = '0')
 {
     if ($limit = "all")
-        $rez = sqlStatement("select ? from groups order by date DESC", array($cols));
+        $rez = sqlStatement("select ? from `groups` order by date DESC", array($cols));
     else
-        $rez = sqlStatement("select ? from groups order by date DESC limit ?, ?", array($cols, $limit, $start));
+        $rez = sqlStatement("select ? from `groups` order by date DESC limit ?, ?", array($cols, $limit, $start));
     for ($iter = 0; $row = sqlFetchArray($rez); $iter++)
         $tbl[$iter] = $row;
     return $tbl;
 }
 
 function addGroup ($groupname)
 {
-    return sqlInsert("insert into groups (name) values (?)", array($groupname));
+    return sqlInsert("insert into `groups` (name) values (?)", array($groupname));
 }
 
 function delGroup ($group_id)
 {
-    return sqlQuery("delete from groups where id = ? limit 0,1", array($group_id));
+    return sqlQuery("delete from `groups` where id = ? limit 0,1", array($group_id));
 }
 
 /***************************************************************

library/authentication/login_operations.php

@@ -101,7 +101,7 @@ function validate_user_password($username,&$password,$provider)
     $password='';
     if($valid)
     {
-        if ($authGroup = privQuery("select * from groups where user=? and name=?",array($username,$provider)))
+        if ($authGroup = privQuery("select * from `groups` where user=? and name=?",array($username,$provider)))
         {
             $_SESSION['authUser'] = $username;
             $_SESSION['authPass'] = $phash;

library/classes/Installer.class.php

@@ -221,7 +221,7 @@ public function add_version_info() {
   }
 
   public function add_initial_user() {
-    if ($this->execute_sql("INSERT INTO groups (id, name, user) VALUES (1,'$this->igroup','$this->iuser')") == FALSE) {
+    if ($this->execute_sql("INSERT INTO `groups` (id, name, user) VALUES (1,'$this->igroup','$this->iuser')") == FALSE) {
       $this->error_message = "ERROR. Unable to add initial user group\n" .
         "<p>".mysqli_error($this->dbh)." (#".mysqli_errno($this->dbh).")\n";
       return FALSE;

modules/calendar/find_patient.php

@@ -29,7 +29,7 @@
   }
   $timesave = "$year-$month-$day $hour:$minute";
   //echo $timesave;
-  $providerres = sqlQuery("select name from groups where user=? limit 1", array($_POST["provider"]) );
+  $providerres = sqlQuery("select name from `groups` where user=? limit 1", array($_POST["provider"]) );
 
   saveCalendarUpdate($_POST["calid"],$_POST["pid"],$timesave,$_POST["reason"],$_POST["provider"],$providerres{"name"});
 }
@@ -49,7 +49,7 @@
     $hour += 12;
   }
   $timesave = "$year-$month-$day $hour:$minute";
-  $providerres = sqlQuery("select name from groups where user=? limit 1", array($_POST["provider"]) );
+  $providerres = sqlQuery("select name from `groups` where user=? limit 1", array($_POST["provider"]) );
   newCalendarItem($_POST["pid"],$timesave,$_POST["reason"],$_POST["provider"],$providerres{"name"});
 } else {
   $body_code = "";

modules/setup/classes/Database.php

@@ -246,7 +246,7 @@ public function add_version_info() {
 
     public function add_initial_user() {
 
-        if ($this->execute_sql("INSERT INTO groups (id, name, user) VALUES (1,'$this->igroup','$this->iuser')") == FALSE) {
+        if ($this->execute_sql("INSERT INTO `groups` VALUES (1,'$this->igroup','$this->iuser')") == FALSE) {
             $this->error_message = "ERROR. Unable to add initial user group "." ".mysqli_error($this->dbh)." (#".mysqli_errno($this->dbh).")";
             return false;
         }