From 56f033fa957092a48d683f842a33c6463e62f3bc Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Fri, 8 Oct 2021 10:01:15 +0000
Subject: [PATCH] Some more "q" calls handled

---
 include/api.php | 15 ++-------------
 mod/photos.php  | 12 ++----------
 2 files changed, 4 insertions(+), 23 deletions(-)

diff --git a/include/api.php b/include/api.php
index 3820ccd0b9..5937481e81 100644
--- a/include/api.php
+++ b/include/api.php
@@ -3727,15 +3727,8 @@ function api_direct_messages_destroy($type)
 	// add parent-uri to sql command if specified by calling app
 	$sql_extra = ($parenturi != "" ? " AND `parent-uri` = '" . DBA::escape($parenturi) . "'" : "");
 
-	// get data of the specified message id
-	$r = q(
-		"SELECT `id` FROM `mail` WHERE `uid` = %d AND `id` = %d" . $sql_extra,
-		intval($uid),
-		intval($id)
-	);
-
 	// error message if specified id is not in database
-	if (!DBA::isResult($r)) {
+	if (!DBA::exists('mail', ["`uid` = ? AND `id` = ? " . $sql_extra, $uid, $id])) {
 		if ($verbose == "true") {
 			$answer = ['result' => 'error', 'message' => 'message id not in database'];
 			return api_format_data("direct_messages_delete", $type, ['$result' => $answer]);
@@ -3745,11 +3738,7 @@ function api_direct_messages_destroy($type)
 	}
 
 	// delete message
-	$result = q(
-		"DELETE FROM `mail` WHERE `uid` = %d AND `id` = %d" . $sql_extra,
-		intval($uid),
-		intval($id)
-	);
+	$result = DBA::delete('mail', ["`uid` = ? AND `id` = ? " . $sql_extra, $uid, $id]);
 
 	if ($verbose == "true") {
 		if ($result) {
diff --git a/mod/photos.php b/mod/photos.php
index 0d8744055a..f3b907dd80 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -1101,11 +1101,7 @@ function photos_content(App $a)
 	// Display one photo
 	if ($datatype === 'image') {
 		// fetch image, item containing image, then comments
-		$ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
-			$sql_extra ORDER BY `scale` ASC ",
-			intval($owner_uid),
-			DBA::escape($datum)
-		);
+		$ph = Photo::selectToArray([], ["`uid` = ? AND `resource-id` = ? " . $sql_extra, $owner_uid, $datum], ['order' => ['scale' => true]]);
 
 		if (!DBA::isResult($ph)) {
 			if (DBA::exists('photo', ['resource-id' => $datum, 'uid' => $owner_uid])) {
@@ -1149,11 +1145,7 @@ function photos_content(App $a)
 				$order = 'DESC';
 			}
 
-			$prvnxt = q("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0
-				$sql_extra ORDER BY `created` $order ",
-				DBA::escape($ph[0]['album']),
-				intval($owner_uid)
-			);
+			$prvnxt = Photo::selectToArray(['resource-id'], ["`album` = ? AND `uid` = ? AND `scale` = ?" . $sql_extra, $ph[0]['album'], $owner_uid, 0]);
 
 			if (DBA::isResult($prvnxt)) {
 				$prv = null;