- $query .= " AND DATE_FORMAT(timestamp, '%Y-%m-%d') >= \"".$datefrom."\" " if $datefrom;
- $query .= " AND DATE_FORMAT(timestamp, '%Y-%m-%d') <= \"".$dateto."\" " if $dateto;
- $query .= " AND user LIKE \"%".$user."%\" " if $user;
- $query .= " AND module LIKE \"%".$module."%\" " if $module;
- $query .= " AND action LIKE \"%".$action."%\" " if $action;
- $query .= " AND object LIKE \"%".$object."%\" " if $object;
- $query .= " AND info LIKE \"%".$info."%\" " if $info;
-
+
+ my @parameters;
+ $query .= " AND DATE_FORMAT(timestamp, '%Y-%m-%d') >= \"".$iso_datefrom."\" " if $iso_datefrom; #fix me - mysql specific
+ $query .= " AND DATE_FORMAT(timestamp, '%Y-%m-%d') <= \"".$iso_dateto."\" " if $iso_dateto;
+ if($user ne "") {
+ $query .= " AND user = ? ";
+ push(@parameters,$user);
+ }
+ if($modules && scalar(@$modules)) {
+ $query .= " AND module IN (".join(",",map {"?"} @$modules).") ";
+ push(@parameters,@$modules);
+ }
+ if($action && scalar(@$action)) {
+ $query .= " AND action IN (".join(",",map {"?"} @$action).") ";
+ push(@parameters,@$action);
+ }
+ if($object) {
+ $query .= " AND object = ? ";
+ push(@parameters,$object);
+ }
+ if($info) {
+ $query .= " AND info LIKE ? ";
+ push(@parameters,"%".$info."%");
+ }
+