centreon
diff --git a/‎src/Centreon/Domain/Repository/TopologyRepository.php
+9-8 b/‎src/Centreon/Domain/Repository/TopologyRepository.php
+9-8
diff --git a/‎src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php
+1-1 b/‎src/Centreon/Tests/Domain/Repository/TopologyRepositoryTest.php
+1-1
diff --git a/‎www/class/centreon-clapi/centreonHostGroup.class.php
+15-10 b/‎www/class/centreon-clapi/centreonHostGroup.class.php
+15-10
diff --git a/‎www/class/centreon-clapi/centreonLDAP.class.php
+5-3 b/‎www/class/centreon-clapi/centreonLDAP.class.php
+5-3
diff --git a/‎www/class/centreon-clapi/centreonService.class.php
+6-6 b/‎www/class/centreon-clapi/centreonService.class.php
+6-6
diff --git a/‎www/class/centreon-knowledge/procedures.class.php
+8-6 b/‎www/class/centreon-knowledge/procedures.class.php
+8-6
diff --git a/‎www/class/centreon-partition/partEngine.class.php
-38 b/‎www/class/centreon-partition/partEngine.class.php
-38
diff --git a/‎www/class/centreon.class.php
-10 b/‎www/class/centreon.class.php
-10
diff --git a/‎www/class/centreonConfigCentreonBroker.php
+5-3 b/‎www/class/centreonConfigCentreonBroker.php
+5-3
diff --git a/‎www/class/centreonCriticality.class.php
-25 b/‎www/class/centreonCriticality.class.php
-25
diff --git a/‎www/class/centreonDB.class.php
+43 b/‎www/class/centreonDB.class.php
+43
diff --git a/‎www/class/centreonHostgroups.class.php
+8-7 b/‎www/class/centreonHostgroups.class.php
+8-7
diff --git a/‎www/class/centreonMedia.class.php
+5-7 b/‎www/class/centreonMedia.class.php
+5-7
diff --git a/‎www/class/centreonNotification.class.php
+5-3 b/‎www/class/centreonNotification.class.php
+5-3
diff --git a/‎www/class/centreonService.class.php
+6-4 b/‎www/class/centreonService.class.php
+6-4
@@ -103,14 +103,15 @@ public function getReactTopologiesPerUserWithAcl($user)
                 if ($DBRESULT->rowCount()) {
                     $topology = array();
                     $tmp_topo_page = array();
+                    $statement = $this->db->prepare("SELECT topology_topology_id, acl_topology_relations.access_right "
+                        . "FROM acl_topology_relations, acl_topology "
+                        . "WHERE acl_topology.acl_topo_activate = '1' "
+                        . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "
+                        . "AND acl_topology_relations.acl_topo_id = :acl_topo_id ");
                     while ($topo_group = $DBRESULT->fetchRow()) {
-                        $query2 = "SELECT topology_topology_id, acl_topology_relations.access_right "
-                            . "FROM acl_topology_relations, acl_topology "
-                            . "WHERE acl_topology.acl_topo_activate = '1' "
-                            . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "
-                            . "AND acl_topology_relations.acl_topo_id = '" . $topo_group["acl_topology_id"] . "' ";
-                        $DBRESULT2 = $this->db->query($query2);
-                        while ($topo_page = $DBRESULT2->fetchRow()) {
+                        $statement->bindValue(':acl_topo_id', $topo_group["acl_topology_id"], \PDO::PARAM_INT);
+                        $statement->execute();
+                        while ($topo_page = $statement->fetch(\PDO::FETCH_ASSOC)) {
                             $topology[] = (int)$topo_page["topology_topology_id"];
                             if (!isset($tmp_topo_page[$topo_page['topology_topology_id']])) {
                                 $tmp_topo_page[$topo_page["topology_topology_id"]] = $topo_page["access_right"];
@@ -125,7 +126,7 @@ public function getReactTopologiesPerUserWithAcl($user)
                                 }
                             }
                         }
-                        $DBRESULT2->closeCursor();
+                        $statement->closeCursor();
                     }
                     $DBRESULT->closeCursor();
 
 
@@ -46,7 +46,7 @@ protected function setUp(): void
                 . "FROM acl_topology_relations, acl_topology "
                 . "WHERE acl_topology.acl_topo_activate = '1' "
                 . "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "
-                . "AND acl_topology_relations.acl_topo_id = '1' ",
+                . "AND acl_topology_relations.acl_topo_id = :acl_topo_id ",
                 'data' => [
                     [
                         'topology_topology_id' => 1,
 
@@ -174,6 +174,7 @@ public function getparam($parameters = null)
             $listParam = explode('|', $params[1]);
             $exportedFields = [];
             $resultString = "";
+            $paramString = "";
             foreach ($listParam as $paramSearch) {
                 if (!$paramString) {
                     $paramString = $paramSearch;
@@ -257,20 +258,24 @@ public function initUpdateParameters($parameters = null)
     public function getIdIcon($path)
     {
         $iconData = explode('/', $path);
-        $query = 'SELECT dir_id FROM view_img_dir WHERE dir_name = "' . $iconData[0] . '"';
-        $res = $this->db->query($query);
-        $row = $res->fetch();
+        $dirStatement = $this->db->prepare("SELECT dir_id FROM view_img_dir WHERE dir_name = :IconData");
+        $dirStatement->bindValue(':IconData', $iconData[0], \PDO::PARAM_STR);
+        $dirStatement->execute();
+        $row = $dirStatement->fetch();
         $dirId = $row['dir_id'];
 
-        $query = 'SELECT img_id FROM view_img WHERE img_path = "' . $iconData[1] . '"';
-        $res = $this->db->query($query);
-        $row = $res->fetch();
+        $imgStatement = $this->db->prepare("SELECT img_id FROM view_img WHERE img_path = :iconData");
+        $imgStatement->bindValue(':iconData', $iconData[1], \PDO::PARAM_STR);
+        $imgStatement->execute();
+        $row = $imgStatement->fetch();
         $iconId = $row['img_id'];
 
-        $query = 'SELECT vidr_id FROM view_img_dir_relation ' .
-            'WHERE dir_dir_parent_id = ' . $dirId . ' AND img_img_id = ' . $iconId;
-        $res = $this->db->query($query);
-        $row = $res->fetch();
+        $vidrStatement = $this->db->prepare("SELECT vidr_id FROM view_img_dir_relation " .
+            "WHERE dir_dir_parent_id = :dirId AND img_img_id = :iconId");
+        $vidrStatement->bindValue(':dirId', (int) $dirId, \PDO::PARAM_INT);
+        $vidrStatement->bindValue(':iconId', (int) $iconId, \PDO::PARAM_INT);
+        $vidrStatement->execute();
+        $row = $vidrStatement->fetch();
         return $row['vidr_id'];
     }
 
 
@@ -184,10 +184,12 @@ public function showserver($arName = null)
         }
         $sql = "SELECT ldap_host_id, host_address, host_port, use_ssl, use_tls, host_order
                 FROM auth_ressource_host
-                WHERE auth_ressource_id = " . $arId . "
+                WHERE auth_ressource_id = :auth_ressource_id 
                 ORDER BY host_order";
-        $res = $this->db->query($sql);
-        $row = $res->fetchAll();
+        $statement = $this->db->prepare($sql);
+        $statement->bindValue(':auth_ressource_id', (int) $arId, \PDO::PARAM_INT);
+        $statement->execute();
+        $row = $statement->fetchAll(\PDO::FETCH_ASSOC);
         echo "id;address;port;ssl;tls;order\n";
         foreach ($row as $srv) {
             echo $srv['ldap_host_id'] . $this->delim .
 
@@ -1584,12 +1584,12 @@ public function getCustomMacroInDb($serviceId = null, $template = null)
         $arr = array();
         $i = 0;
         if ($serviceId) {
-            $res = $this->db->query("SELECT svc_macro_name, svc_macro_value, is_password, description
-                                FROM on_demand_macro_service
-                                WHERE svc_svc_id = " .
-                $serviceId . "
-                                ORDER BY macro_order ASC");
-            while ($row = $res->fetch()) {
+            $statement = $this->db->prepare("SELECT svc_macro_name, svc_macro_value, is_password, description " .
+                "FROM on_demand_macro_service " .
+                "WHERE svc_svc_id = :serviceId ORDER BY macro_order ASC");
+            $statement->bindValue(':serviceId', (int) $serviceId, \PDO::PARAM_INT);
+            $statement->execute();
+            while ($row = $statement->fetch()) {
                 if (preg_match('/\$_SERVICE(.*)\$$/', $row['svc_macro_name'], $matches)) {
                     $arr[$i]['svc_macro_name'] = $matches[1];
                     $arr[$i]['svc_macro_value'] = $row['svc_macro_value'];
 
@@ -139,13 +139,15 @@ public function getMyHostMultipleTemplateModels($host_id = null)
             "WHERE host_host_id = '" . $host_id . "' " .
             "ORDER BY `order`"
         );
+        $statement = $this->centreon_DB->prepare(
+            "SELECT host_name " .
+            "FROM host " .
+            "WHERE host_id = :host_id LIMIT 1"
+        );
         while ($row = $dbResult->fetch()) {
-            $dbResult2 = $this->centreon_DB->query(
-                "SELECT host_name " .
-                "FROM host " .
-                "WHERE host_id = '" . $row['host_tpl_id'] . "' LIMIT 1"
-            );
-            $hTpl = $dbResult2->fetch();
+            $statement->bindValue(':host_id', $row['host_tpl_id'], \PDO::PARAM_INT);
+            $statement->execute();
+            $hTpl = $statement->fetch(\PDO::FETCH_ASSOC);
             $tplArr[$row['host_tpl_id']] = html_entity_decode($hTpl["host_name"], ENT_QUOTES);
         }
         unset($row);
 
@@ -426,44 +426,6 @@ public function updateParts($table, $db)
         }
     }
 
-    /**
-     * optimize all partitions for a table
-     *
-     * @param MysqlTable $table
-     */
-    public function optimizeTablePartitions($table, $db)
-    {
-        $tableName = "`" . $table->getSchema() . "`." . $table->getName();
-        if (!$table->exists()) {
-            throw new Exception("Optimize error: Table " . $tableName . " does not exists\n");
-        }
-
-        $request = "SELECT PARTITION_NAME FROM information_schema.`PARTITIONS` ";
-        $request .= "WHERE `TABLE_NAME`='" . $table->getName() . "' ";
-        $request .= "AND TABLE_SCHEMA='" . $table->getSchema() . "' ";
-        try {
-            $dbResult = $db->query($request);
-        } catch (\PDOException $e) {
-            throw new Exception(
-                "Error : Cannot get table schema information  for "
-                . $tableName . ", " . $e->getMessage() . "\n"
-            );
-        }
-
-        while ($row = $dbResult->fetch()) {
-            $request = "ALTER TABLE " . $tableName . " OPTIMIZE PARTITION `" . $row["PARTITION_NAME"] . "`;";
-            try {
-                $dbResult2 = $db->query($request);
-            } catch (\PDOException $e) {
-                throw new Exception(
-                    "Optimize error : Cannot optimize partition " . $row["PARTITION_NAME"]
-                    . " of table " . $tableName . ", " . $e->getMessage() . "\n"
-                );
-            }
-        }
-
-        $dbResult->closeCursor();
-    }
 
     /**
      * list all partitions for a table
 
@@ -162,22 +162,12 @@ public function creatModuleList()
             $this->modules[$result["name"]] = array(
                 "name" => $result["name"],
                 "gen" => false,
-                "restart" => false,
                 "license" => false
             );
 
             if (is_dir("./modules/" . $result["name"] . "/generate_files/")) {
                 $this->modules[$result["name"]]["gen"] = true;
             }
-            if (is_dir("./modules/" . $result["name"] . "/restart_pollers/")) {
-                $this->modules[$result["name"]]["restart"] = true;
-            }
-            if (is_dir("./modules/" . $result["name"] . "/restart_pollers/")) {
-                $this->modules[$result["name"]]["restart"] = true;
-            }
-            if (file_exists("./modules/" . $result["name"] . "/license/merethis_lic.zl")) {
-                $this->modules[$result["name"]]["license"] = true;
-            }
         }
         $dbResult = null;
     }
 
@@ -731,13 +731,15 @@ public function insertConfig($values)
         /*
          * Get the ID
          */
-        $query = "SELECT config_id FROM cfg_centreonbroker WHERE config_name = '" . $values['name'] . "'";
+        $query = "SELECT config_id FROM cfg_centreonbroker WHERE config_name = :config_name";
         try {
-            $res = $this->db->query($query);
+            $statement = $this->db->prepare($query);
+            $statement->bindValue(':config_name', $values['name'], \PDO::PARAM_STR);
+            $statement->execute();
         } catch (\PDOException $e) {
             return false;
         }
-        $row = $res->fetch();
+        $row = $statement->fetch(\PDO::FETCH_ASSOC);
         $id = $row['config_id'];
 
         /*
 
@@ -358,29 +358,4 @@ protected function getServiceCriticality($service_id)
         }
         return 0;
     }
-
-    public function getHostTplCriticities($host_id, $cache)
-    {
-        global $pearDB;
-        
-        if (!$host_id) {
-            return null;
-        }
-        
-        $rq = "SELECT host_tpl_id " .
-            "FROM host_template_relation " .
-            "WHERE host_host_id = '".$host_id."' " .
-            "ORDER BY `order`";
-        $DBRESULT = $pearDB->query($rq);
-        while ($row = $DBRESULT->fetchRow()) {
-            if (isset($cache[$row['host_tpl_id']])) {
-                return $this->getData($cache[$row['host_tpl_id']], false);
-            } else {
-                if ($result_field = $this->getHostTplCriticities($row['host_tpl_id'], $cache)) {
-                    return $result_field;
-                }
-            }
-        }
-        return null;
-    }
 }
@@ -447,4 +447,47 @@ public function isColumnExist(string $table = null, string $column = null): int
             return -1;
         }
     }
+
+    /**
+     * Write SQL errors messages and queries
+     *
+     * @param string $query the query string to write to log
+     * @param string $message the message to write to log
+     */
+    private function logSqlError(string $query, string $message): void
+    {
+        $this->log->insertLog(2, $message . " QUERY : " . $query);
+    }
+
+    /**
+     * This method returns a column type from a given table and column.
+     *
+     * @param string $tableName
+     * @param string $columnName
+     * @return string
+     */
+    public function getColumnType(string $tableName, string $columnName): string
+    {
+        $query = 'SELECT COLUMN_TYPE
+            FROM INFORMATION_SCHEMA.COLUMNS
+            WHERE TABLE_SCHEMA = :dbName
+            AND TABLE_NAME = :tableName
+            AND COLUMN_NAME = :columnName';
+
+        $stmt = $this->prepare($query);
+
+        try {
+            $stmt->bindValue(':dbName', $this->dsn['database'], \PDO::PARAM_STR);
+            $stmt->bindValue(':tableName', $tableName, \PDO::PARAM_STR);
+            $stmt->bindValue(':columnName', $columnName, \PDO::PARAM_STR);
+            $stmt->execute();
+            $result = $stmt->fetch(\PDO::FETCH_ASSOC);
+            if (! empty($result)) {
+                return $result['COLUMN_TYPE'];
+            }
+            throw new \PDOException("Unable to get column type");
+        } catch (\PDOException $e) {
+            $this->logSqlError($query, $e->getMessage());
+        }
+    }
 }
@@ -100,18 +100,19 @@ public function getHostGroupHosts($hg_id = null)
         }
 
         $hosts = array();
-        $DBRESULT = $this->DB->query(
-            "SELECT hgr.host_host_id " .
+        $statement = $this->DB->prepare("SELECT hgr.host_host_id " .
             "FROM hostgroup_relation hgr, host h " .
-            "WHERE hgr.hostgroup_hg_id = '" . $this->DB->escape($hg_id) . "' " .
+            "WHERE hgr.hostgroup_hg_id = :hgId " .
             "AND h.host_id = hgr.host_host_id " .
-            "ORDER by h.host_name"
-        );
-        while ($elem = $DBRESULT->fetchRow()) {
+            "ORDER by h.host_name");
+        $statement->bindValue(':hgId', (int) $hg_id, \PDO::PARAM_INT);
+        $statement->execute();
+
+        while ($elem = $statement->fetchRow()) {
             $ref[$elem["host_host_id"]] = $elem["host_host_id"];
             $hosts[] = $elem["host_host_id"];
         }
-        $DBRESULT->closeCursor();
+        $statement->closeCursor();
         unset($elem);
 
         if (isset($hostgroups) && count($hostgroups)) {
 
@@ -410,14 +410,12 @@ public function addImage($parameters, $binary = null)
             $imageId = $row['img_id'];
 
             // Insert relation between directory and image
-            $query = 'INSERT INTO view_img_dir_relation '
-                . '(dir_dir_parent_id, img_img_id) '
-                . 'VALUES ('
-                . $directoryId . ', '
-                . $imageId . ' '
-                . ') ';
+            $statement = $this->db->prepare("INSERT INTO view_img_dir_relation (dir_dir_parent_id, img_img_id) " .
+                "VALUES (:dirId, :imgId) ");
+            $statement->bindValue(':dirId', (int) $directoryId, \PDO::PARAM_INT);
+            $statement->bindValue(':imgId', (int) $imageId, \PDO::PARAM_INT);
             try {
-                $this->db->query($query);
+                $statement->execute();
             } catch (\PDOException $e) {
                 throw new \Exception('Error while inserting relation between' . $imageName . ' and ' . $directoryName);
             }
 
@@ -342,10 +342,12 @@ protected function getHostTemplateNotifications($hostId, $templates)
         		FROM host_template_relation htr
         		LEFT JOIN contact_host_relation ctr ON htr.host_host_id = ctr.host_host_id
         		LEFT JOIN contactgroup_host_relation ctr2 ON htr.host_host_id = ctr2.host_host_id
-        		WHERE htr.host_host_id = " . $hostId . "
+        		WHERE htr.host_host_id = :host_id 
         		ORDER BY `order`";
-        $res = $this->db->query($sql);
-        while ($row = $res->fetchRow()) {
+        $statement = $this->db->prepare($sql);
+        $statement->bindValue(':host_id', (int) $hostId, \PDO::PARAM_INT);
+        $statement->execute();
+        while ($row = $statement->fetch(\PDO::FETCH_ASSOC)) {
             if ($row['contact_id']) {
                 $this->hostBreak[1] = true;
             }
 
@@ -1727,12 +1727,14 @@ public function getTemplatesChain($svcId, $alreadyProcessed = array())
         } else {
             $alreadyProcessed[] = $svcId;
 
-            $res = $this->db->query(
-                "SELECT service_template_model_stm_id FROM service WHERE service_id = " . $this->db->escape($svcId)
+            $statement = $this->db->prepare(
+                "SELECT service_template_model_stm_id FROM service WHERE service_id = :service_id"
             );
+            $statement->bindValue(':service_id', (int) $svcId, \PDO::PARAM_INT);
+            $statement->execute();
 
-            if ($res->rowCount()) {
-                $row = $res->fetchRow();
+            if ($statement->rowCount()) {
+                $row = $statement->fetch(\PDO::FETCH_ASSOC);
                 if (!empty($row['service_template_model_stm_id']) && $row['service_template_model_stm_id'] !== null) {
                     $svcTmpl = array_merge(
                         $svcTmpl,
Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ protected function setUp(): void`
`46`	`46`	`. "FROM acl_topology_relations, acl_topology "`
`47`	`47`	`. "WHERE acl_topology.acl_topo_activate = '1' "`
`48`	`48`	`. "AND acl_topology.acl_topo_id = acl_topology_relations.acl_topo_id "`
`49`		`- . "AND acl_topology_relations.acl_topo_id = '1' ",`
	`49`	`+ . "AND acl_topology_relations.acl_topo_id = :acl_topo_id ",`
`50`	`50`	`'data' => [`
`51`	`51`	`[`
`52`	`52`	`'topology_topology_id' => 1,`