Pass contact ID as param to executeQuery()

author Christian Wach <needle@haystack.co.uk>

Wed, 9 Oct 2019 08:33:29 +0000 (09:33 +0100)

committer Christian Wach <needle@haystack.co.uk>

Wed, 9 Oct 2019 08:33:29 +0000 (09:33 +0100)
author Christian Wach <needle@haystack.co.uk>
Wed, 9 Oct 2019 08:33:29 +0000 (09:33 +0100)
committer Christian Wach <needle@haystack.co.uk>
Wed, 9 Oct 2019 08:33:29 +0000 (09:33 +0100)
diff --git a/CRM/Core/BAO/Dashboard.php b/CRM/Core/BAO/Dashboard.php

index b4e4ea81c01872acdf127da5fb514e46aa8dcd25..c33079aa911c39b1cff1dc9c7e8005a57110c6cf 100644 (file)
--- a/CRM/Core/BAO/Dashboard.php
+++ b/CRM/Core/BAO/Dashboard.php
@@ -373,15 +373,23 @@ class CRM_Core_BAO_Dashboard extends CRM_Core_DAO_Dashboard {
      // Restrict query to Dashlets in this domain.
      $domainDashletClause = !empty($domainDashletIDs) ? "dashboard_id IN (" . implode(',', $domainDashletIDs) . ")" : '(1)';
  
-    // Disable inactive widgets.
-    $dashletClause = $dashletIDs ? "dashboard_id NOT IN  (" . implode(',', $dashletIDs) . ")" : '(1)';
+    // Target only those Dashlets which are inactive.
+    $dashletClause = $dashletIDs ? "dashboard_id NOT IN (" . implode(',', $dashletIDs) . ")" : '(1)';
+
+    // Build params.
+    $params = [
+      1 => [$contactID, 'Integer'],
+    ];
+
+    // Build query.
      $updateQuery = "UPDATE civicrm_dashboard_contact
                      SET is_active = 0
                      WHERE $domainDashletClause
                      AND $dashletClause
-                    AND contact_id = {$contactID}";
+                    AND contact_id = %1";
  
-    CRM_Core_DAO::executeQuery($updateQuery);
+    // Disable inactive widgets.
+    CRM_Core_DAO::executeQuery($updateQuery, $params);
    }
  
    /**
author	Christian Wach <needle@haystack.co.uk>
	Wed, 9 Oct 2019 08:33:29 +0000 (09:33 +0100)
committer	Christian Wach <needle@haystack.co.uk>
	Wed, 9 Oct 2019 08:33:29 +0000 (09:33 +0100)