From 0bfbca60e451f8c9e627dd698d4a58ddae73c874 Mon Sep 17 00:00:00 2001
From: Harald Eilertsen <haraldei@anduin.net>
Date: Mon, 6 Sep 2021 20:00:13 +0200
Subject: Refactor Concert::find_concerts.

Make it a bit more compact and fix use of $wpdb->prepare for
`currentuser` filter.
---
 includes/concert.php | 51 ++++++++++++++++++++++++++++-----------------------
 1 file changed, 28 insertions(+), 23 deletions(-)

diff --git a/includes/concert.php b/includes/concert.php
index 089e9a7..936154f 100644
--- a/includes/concert.php
+++ b/includes/concert.php
@@ -37,6 +37,17 @@ if ( !class_exists('GiglogAdmin_Concert') ) {
         public const STATUS_ALL_APPROVED = 4;
         public const STATUS_REJECTED = 5;
 
+        // Table to translate from filter keys to db columns used by
+        // find_Concerts
+        private const KEY_TRANS_TABLE = [
+            'name' => 'wpgconcert_name',
+            'date' => 'wpgconcert_date',
+            'venue_id' => 'wpg_venues.id',
+            'venue' => 'wpg_venues.wpgvenue_name',
+            'city' => 'wpg_venues.wpgvenue_city',
+            'currentuser' => 'wpgconcert_roles',
+        ];
+
         private const BASE_QUERY =
             'SELECT wpg_concerts.*, wpg_venues.wpgvenue_name wpg_venues_wpgvenue_city '
             . 'FROM wpg_concerts '
@@ -195,29 +206,23 @@ if ( !class_exists('GiglogAdmin_Concert') ) {
             $query = self::BASE_QUERY;
 
             $where = [];
-
-            if ( isset( $filter['name'] ) ) {
-                array_push($where, "wpgconcert_name = {$wpdb->prepare('%s', $filter['name'])}");
-            }
-
-            if ( isset( $filter['date'] ) ) {
-                array_push($where, "wpgconcert_date = {$wpdb->prepare('%s', $filter['date'])}");
-            }
-
-            if ( isset( $filter["city"] ) ) {
-                array_push($where, 'wpg_venues.wpgvenue_city = ' . $wpdb->prepare('%s', $filter["city"]));
-            }
-
-            if ( isset( $filter["venue_id"] ) ) {
-                array_push($where, 'wpg_venues.id = ' . $wpdb->prepare('%s', $filter["venue_id"]));
-            }
-
-            if ( isset( $filter['venue'] ) ) {
-                array_push($where, "wpg_venues.wpgvenue_name = {$wpdb->prepare('%s', $filter['venue'])}");
-            }
-
-            if ( isset( $filter["currentuser"] ) ) {
-                array_push($where , 'wpgconcert_roles like "%'.$filter["currentuser"].'%"');
+            foreach( $filter as $key => $value ) {
+                switch ($key) {
+                    case 'name':
+                    case 'date':
+                    case 'venue':
+                    case 'city':
+                        array_push($where, $wpdb->prepare(self::KEY_TRANS_TABLE[$key] . '=%s', $value));
+                        break;
+
+                    case 'venue_id':
+                        array_push($where, $wpdb->prepare(self::KEY_TRANS_TABLE[$key] . '=%d', $value));
+                        break;
+
+                    case 'currentuser':
+                        array_push($where , $wpdb->prepare(self::KEY_TRANS_TABLE[$key] . ' like %%%s%%', $value));
+                        break;
+                }
             }
 
             if ( ! empty( $where ) ) {
-- 
cgit v1.2.3