- $query .= " AND DATE_FORMAT(timestamp, '%Y-%m-%d') >= \"".$datefrom."\" " if $datefrom;
- $query .= " AND DATE_FORMAT(timestamp, '%Y-%m-%d') <= \"".$dateto."\" " if $dateto;
- $query .= " AND user LIKE \"%".$user."%\" " if $user;
- $query .= " AND module LIKE \"%".$module."%\" " if $module;
- $query .= " AND action LIKE \"%".$action."%\" " if $action;
- $query .= " AND object LIKE \"%".$object."%\" " if $object;
- $query .= " AND info LIKE \"%".$info."%\" " if $info;
-
+
+ my @parameters;
+ $query .= " AND DATE_FORMAT(timestamp, '%Y-%m-%d') >= \"".$iso_datefrom."\" " if $iso_datefrom; #fix me - mysql specific
+ $query .= " AND DATE_FORMAT(timestamp, '%Y-%m-%d') <= \"".$iso_dateto."\" " if $iso_dateto;
+ if($user) {
+ $query .= " AND user LIKE ? ";
+ push(@parameters,"%".$user."%");
+ }
+ if(scalar @$modules > 1 or @$modules[0] ne "") {
+ $query .= " AND (1 = 2"; #always false but used to build the query
+ foreach my $module (@$modules) {
+ next if $module eq "";
+ $query .= " or module = ?";
+ push(@parameters,$module);
+ }
+ $query .= ")";
+ }
+ if($action) {
+ $query .= " AND action LIKE ? ";
+ push(@parameters,"%".$action."%");
+ }
+ if($object) {
+ $query .= " AND object LIKE ? ";
+ push(@parameters,"%".$object."%");
+ }
+ if($info) {
+ $query .= " AND info LIKE ? ";
+ push(@parameters,"%".$info."%");
+ }
+