diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
index c9de1de91d7bf2105ec95cc9adbcad5aae2b6d99..b18d5837531ca6a186a05407b9c811625b530b2d 100644
--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -29,6 +29,12 @@
class db extends mysqli
{
+ /**#@+
+ * @access private
+ */
+ private $_iQueryId;
+ private $_iConnId;
+
private $dbHost = ''; // hostname of the MySQL server
private $dbName = ''; // logical database name on that server
private $dbUser = ''; // database authorized user
@@ -36,6 +42,12 @@ class db extends mysqli
private $dbCharset = 'utf8';// Database charset
private $dbNewLink = false; // Return a new linkID when connect is called again
private $dbClientFlags = 0; // MySQL Client falgs
+ /**#@-*/
+
+ public $show_error_messages = false; // false in server, true in interface
+
+
+ /* old things - unused now ////
private $linkId = 0; // last result of mysqli_connect()
private $queryId = 0; // last result of mysqli_query()
private $record = array(); // last record fetched
@@ -44,8 +56,9 @@ class db extends mysqli
private $errorNumber = 0; // last error number
public $errorMessage = ''; // last error message
private $errorLocation = '';// last error location
- public $show_error_messages = false; // false in server, true in interface
private $isConnected = false; // needed to know if we have a valid mysqli object from the constructor
+ ////
+ */
// constructor
public function __construct($prefix = '') {
@@ -58,154 +71,371 @@ class db extends mysqli
$this->dbCharset = $conf[$prefix.'db_charset'];
$this->dbNewLink = $conf[$prefix.'db_new_link'];
$this->dbClientFlags = $conf[$prefix.'db_client_flags'];
- parent::__construct($conf[$prefix.'db_host'], $conf[$prefix.'db_user'], $conf[$prefix.'db_password'], $conf[$prefix.'db_database']);
+
+ $this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
$try = 0;
- //while(!is_null($this->connect_error) && $try < 5) {
- while(mysqli_connect_error() && $try < 5) {
+ while((!is_object($this->_iConnId) || mysqli_connect_error()) && $try < 5) {
if($try > 0) sleep(1);
$try++;
- $this->updateError('DB::__construct');
-
- parent::__construct($conf[$prefix.'db_host'], $conf[$prefix.'db_user'], $conf[$prefix.'db_password'], $conf[$prefix.'db_database']);
+ $this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
}
- //if(is_null($this->connect_error)) $this->isConnected = true;
- //else return false;
- if(!mysqli_connect_error()) $this->isConnected = true;
- else return false;
+ if(!is_object($this->_iConnId) || mysqli_connect_error()) {
+ $this->_iConnId = null;
+ $this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!');
+ return false;
+ }
+ if(!((bool)mysqli_query( $this->_iConnId, "USE $this->dbName"))) {
+ $this->close();
+ $this->_sqlerror('Datenbank nicht gefunden / Database not found');
+ return false;
+ }
- $this->setCharacterEncoding();
+ $this->_setCharset();
}
public function __destruct() {
- $this->close(); // helps avoid memory leaks, and persitent connections that don't go away.
+ if($this->_iConnId) mysqli_close($this->_iConnId);
}
- // error handler
- public function updateError($location) {
- global $app, $conf;
+ public function close() {
+ if($this->_iConnId) mysqli_close($this->_iConnId);
+ $this->_iConnId = null;
+ }
- /*
- if(!is_null($this->connect_error)) {
- $this->errorNumber = $this->connect_errno;
- $this->errorMessage = $this->connect_error;
- } else {
- $this->errorNumber = $this->errno;
- $this->errorMessage = $this->error;
- }
- */
- if(mysqli_connect_error()) {
- $this->errorNumber = mysqli_connect_errno();
- $this->errorMessage = mysqli_connect_error();
- } else {
- $this->errorNumber = mysqli_errno($this);
- $this->errorMessage = mysqli_error($this);
- }
+ public function _build_query_string($sQuery = '') {
+ $iArgs = func_num_args();
+ if($iArgs > 1) {
+ $aArgs = func_get_args();
+
+ if($iArgs == 3 && $aArgs[1] === true && is_array($aArgs[2])) {
+ $aArgs = $aArgs[2];
+ $iArgs = count($aArgs);
+ } else {
+ array_shift($aArgs); // delete the query string that is the first arg!
+ }
+
+ $iPos = 0;
+ $iPos2 = 0;
+ foreach($aArgs as $sKey => $sValue) {
+ $iPos2 = strpos($sQuery, '??', $iPos2);
+ $iPos = strpos($sQuery, '?', $iPos);
+ if($iPos === false && $iPos2 === false) break;
- $this->errorLocation = $location;
- if($this->errorNumber) {
- $error_msg = $this->errorLocation .' '. $this->errorMessage;
- // This right here will allow us to use the same file for server & interface
- if($this->show_error_messages && $conf['demo_mode'] === false) {
- echo $error_msg;
- } else if(is_object($app) && method_exists($app, 'log')) {
- $app->log($error_msg, LOGLEVEL_WARN);
+ if($iPos2 !== false && ($iPos === false || $iPos2 <= $iPos)) {
+ $sTxt = $this->escape($sValue);
+
+ if(strpos($sTxt, '.') !== false) $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
+ else $sTxt = '`' . $sTxt . '`';
+
+ $sQuery = substr_replace($sQuery, $sTxt, $iPos2, 2);
+ $iPos2 += strlen($sTxt);
+ $iPos = $iPos2;
+ } else {
+ if(is_int($sValue) || is_float($sValue)) {
+ $sTxt = $sValue;
+ } elseif(is_string($sValue) && (strcmp($sValue, '#NULL#') == 0)) {
+ $sTxt = 'NULL';
+ } elseif(is_array($sValue)) {
+ $sTxt = '';
+ foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
+ $sTxt = '(' . substr($sTxt, 1) . ')';
+ if($sTxt == '()') $sTxt = '(0)';
+ } else {
+ $sTxt = '\'' . $this->escape($sValue) . '\'';
+ }
+
+ $sQuery = substr_replace($sQuery, $sTxt, $iPos, 1);
+ $iPos += strlen($sTxt);
+ $iPos2 = $iPos;
}
+ }
}
+
+ return $sQuery;
}
- private function setCharacterEncoding() {
- if($this->isConnected == false) return false;
- parent::query( 'SET NAMES '.$this->dbCharset);
- parent::query( "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
+ /**#@-*/
+
+
+ /**#@+
+ * @access private
+ */
+ private function _setCharset() {
+ mysqli_query($this->_iConnId, 'SET NAMES '.$this->dbCharset);
+ mysqli_query($this->_iConnId, "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
}
- public function query($queryString) {
- global $conf;
- if($this->isConnected == false) return false;
+ private function _query($sQuery = '') {
+ global $app;
+
+ if ($sQuery == '') {
+ $this->_sqlerror('Keine Anfrage angegeben / No query given');
+ return false;
+ }
+
$try = 0;
do {
$try++;
- $ok = $this->ping();
+ $ok = mysqli_ping($this->_iConnId);
if(!$ok) {
- if(!$this->real_connect($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName)) {
+ if(!mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName)) {
if($try > 4) {
- $this->updateError('DB::query -> reconnect');
+ $this->_sqlerror('DB::query -> reconnect');
return false;
} else {
sleep(1);
}
} else {
- $this->setCharacterEncoding();
+ $this->_setCharset();
$ok = true;
}
}
} while($ok == false);
- $this->queryId = parent::query($queryString);
- $this->updateError('DB::query('.$queryString.') -> mysqli_query');
- if($this->errorNumber && $conf['demo_mode'] === false) debug_print_backtrace();
- if(!$this->queryId) {
+
+ $aArgs = func_get_args();
+ $sQuery = call_user_func_array(array(&$this, '_build_query_string'), $aArgs);
+
+ $this->_iQueryId = mysqli_query($this->_iConnId, $sQuery);
+ if (!$this->_iQueryId) {
+ $this->_sqlerror('Falsche Anfrage / Wrong Query', false, 'SQL-Query = ' . $sQuery);
return false;
}
- $this->currentRow = 0;
- return $this->queryId;
+
+ return is_bool($this->_iQueryId) ? $this->_iQueryId : new db_result($this->_iQueryId, $this->_iConnId);
}
- // returns all records in an array
- public function queryAllRecords($queryString) {
- if(!$this->query($queryString))
- {
- return false;
- }
- $ret = array();
- while($line = $this->nextRecord())
- {
- $ret[] = $line;
+ /**#@-*/
+
+
+
+
+
+ /**
+ * Executes a query
+ *
+ * Executes a given query string, has a variable amount of parameters:
+ * - 1 parameter
+ * executes the given query
+ * - 2 parameters
+ * executes the given query, replaces the first ? in the query with the second parameter
+ * - 3 parameters
+ * if the 2nd parameter is a boolean true, the 3rd parameter has to be an array containing all the replacements for every occuring ? in the query, otherwise the second parameter replaces the first ?, the third parameter replaces the second ? in the query
+ * - 4 or more parameters
+ * all ? in the query are replaced from left to right by the parameters 2 to x
+ *
+ * @access public
+ * @param string $sQuery query string
+ * @param mixed ... one or more parameters
+ * @return db_result the result object of the query
+ */
+
+
+ public function query($sQuery = '') {
+ $aArgs = func_get_args();
+ return call_user_func_array(array(&$this, '_query'), $aArgs);
+ }
+
+ /**
+ * Execute a query and get first result array
+ *
+ * Executes a query and returns the first result row as an array
+ * This is like calling $result = $db->query(), $result->get(), $result->free()
+ * Use of this function @see query
+ *
+ * @access public
+ * @param string $sQuery query to execute
+ * @param ... further params (see query())
+ * @return array result row or NULL if none found
+ */
+ public function queryOneRecord($sQuery = '') {
+ if(!preg_match('/limit \d+\s*,\s*\d+$/i', $sQuery)) $sQuery .= ' LIMIT 0,1';
+
+ $aArgs = func_get_args();
+ $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
+ if(!$oResult) return null;
+
+ $aReturn = $oResult->get();
+ $oResult->free();
+
+ return $aReturn;
+ }
+
+ public function queryOne($sQuery = '') {
+ return $this->query_one($sQuery);
+ }
+
+ public function query_one($sQuery = '') {
+ return $this->queryOneRecord($sQuery);
+ }
+
+ /**
+ * Execute a query and return all rows
+ *
+ * Executes a query and returns all result rows in an array
+ * Use this with extreme care!!! Uses lots of memory on big result sets.
+ *
+ * @access public
+ * @param string $sQuery query to execute
+ * @param ... further params (see query())
+ * @return array all the rows in the result set
+ */
+ public function queryAllRecords($sQuery = '') {
+ $aArgs = func_get_args();
+ $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
+ if(!$oResult) return array();
+
+ $aResults = array();
+ while($aRow = $oResult->get()) {
+ $aResults[] = $aRow;
}
- return $ret;
+ $oResult->free();
+
+ return $aResults;
}
- // returns one record in an array
- public function queryOneRecord($queryString) {
- if(!$this->query($queryString) || $this->numRows() == 0)
- {
- return false;
+ public function queryAll($sQuery = '') {
+ return $this->queryAllRecords($sQuery);
+ }
+
+ public function query_all($sQuery = '') {
+ return $this->queryAllRecords($sQuery);
+ }
+
+ /**
+ * Execute a query and return all rows as simple array
+ *
+ * Executes a query and returns all result rows in an array with elements
+ * Only first column is returned Uses lots of memory on big result sets.
+ *
+ * @access public
+ * @param string $sQuery query to execute
+ * @param ... further params (see query())
+ * @return array all the rows in the result set
+ */
+ public function queryAllArray($sQuery = '') {
+ $aArgs = func_get_args();
+ $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
+ if(!$oResult) return array();
+
+ $aResults = array();
+ while($aRow = $oResult->get()) {
+ $aResults[] = reset($aRow);
}
- return $this->nextRecord();
+ $oResult->free();
+
+ return $aResults;
}
- // returns the next record in an array
- public function nextRecord() {
- $this->record = $this->queryId->fetch_assoc();
- $this->updateError('DB::nextRecord()-> mysql_fetch_array');
- if(!$this->record || !is_array($this->record))
- {
- return false;
+ public function query_all_array($sQuery = '') {
+ return $this->queryAllArray($sQuery);
+ }
+
+
+
+ /**
+ * Get id of last inserted row
+ *
+ * Gives you the id of the last inserted row in a table with an auto-increment primary key
+ *
+ * @access public
+ * @return int id of last inserted row or 0 if none
+ */
+ public function insert_id() {
+ $iRes = mysqli_query($this->_iConnId, 'SELECT LAST_INSERT_ID() as `newid`');
+ if(!is_object($iRes)) return false;
+
+ $aReturn = mysqli_fetch_assoc($iRes);
+ mysqli_free_result($iRes);
+
+ return $aReturn['newid'];
+ }
+
+
+
+ /**
+ * get affected row count
+ *
+ * Gets the amount of rows affected by the previous query
+ *
+ * @access public
+ * @return int affected rows
+ */
+ public function affected() {
+ if(!is_object($this->_iConnId)) return 0;
+ $iRows = mysqli_affected_rows($this->_iConnId);
+ if(!$iRows) $iRows = 0;
+ return $iRows;
+ }
+
+
+
+ /**
+ * Escape a string for usage in a query
+ *
+ * @access public
+ * @param string $sString query string to escape
+ * @return string escaped string
+ */
+ public function escape($sString) {
+ global $app;
+ if(!is_string($sString) && !is_numeric($sString)) {
+ $app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_INFO);
+ $sAddMsg = getDebugBacktrace();
+ $app->log($sAddMsg, LOGLEVEL_DEBUG);
+ $sString = '';
}
- $this->currentRow++;
- return $this->record;
+
+ /*$cur_encoding = mb_detect_encoding($sString);
+ if($cur_encoding != "UTF-8") {
+ if($cur_encoding != 'ASCII') {
+ $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_WARN);
+ if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);
+ else $sString = mb_convert_encoding($sString, 'UTF-8');
+ }
+ } elseif(!PXBase::check_utf8($sString)) {
+ $sString = utf8_encode($sString);
+ }*/
+
+ if($this->_iConnId) return mysqli_real_escape_string($this->_iConnId, $sString);
+ else return addslashes($sString);
}
- // returns number of rows returned by the last select query
- public function numRows() {
- return intval($this->queryId->num_rows);
+ /**
+ *
+ *
+ * @access private
+ */
+ private function _sqlerror($sErrormsg = 'Unbekannter Fehler', $sAddMsg = '') {
+ global $app, $conf;
+
+ $mysql_error = (is_object($this->_iConnId) ? mysqli_error($this->_iConnId) : mysqli_connect_error());
+ $mysql_errno = (is_object($this->_iConnId) ? mysqli_errno($this->_iConnId) : mysqli_connect_errno());
+
+ $sAddMsg .= getDebugBacktrace();
+
+ if($this->show_error_messages && $conf['demo_mode'] === false) {
+ echo $sErrormsg . $sAddMsg;
+ } else if(is_object($app) && method_exists($app, 'log')) {
+ $app->log($sErrormsg . $sAddMsg, LOGLEVEL_WARN);
+ }
}
public function affectedRows() {
- return intval($this->queryId->affected_rows);
+ return $this->affected();
}
// returns mySQL insert id
public function insertID() {
- return $this->insert_id;
+ return $this->insert_id();
}
//* Function to quote strings
public function quote($formfield) {
- return $this->escape_string($formfield);
+ return $this->escape($formfield);
}
//* Function to unquotae strings
@@ -284,20 +514,20 @@ class db extends mysqli
// Insert the server_id, if the record has a server_id
$server_id = (isset($record_old['server_id']) && $record_old['server_id'] > 0)?$record_old['server_id']:0;
if(isset($record_new['server_id'])) $server_id = $record_new['server_id'];
- $server_id = intval($server_id);
+
if($diff_num > 0) {
//print_r($diff_num);
//print_r($diffrec_full);
- $diffstr = $app->db->quote(serialize($diffrec_full));
- $username = $app->db->quote($_SESSION['s']['user']['username']);
+ $diffstr = serialize($diffrec_full);
+ $username = $_SESSION['s']['user']['username'];
$dbidx = $primary_field.':'.$primary_id;
if($action == 'INSERT') $action = 'i';
if($action == 'UPDATE') $action = 'u';
if($action == 'DELETE') $action = 'd';
- $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$db_table."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')";
- $app->db->query($sql);
+ $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES (?, ?, ?, ?, ?, ?, ?)";
+ $app->db->query($sql, $db_table, $dbidx, $server_id, $action, time(), $username, $diffstr);
}
return true;
@@ -306,16 +536,13 @@ class db extends mysqli
//** Inserts a record and saves the changes into the datalog
public function datalogInsert($tablename, $insert_data, $index_field) {
global $app;
-
- $tablename = $this->quote($tablename);
- $index_field = $this->quote($index_field);
if(is_array($insert_data)) {
$key_str = '';
$val_str = '';
foreach($insert_data as $key => $val) {
$key_str .= "`".$key ."`,";
- $val_str .= "'".$this->quote($val)."',";
+ $val_str .= "'".$this->escape($val)."',";
}
$key_str = substr($key_str, 0, -1);
$val_str = substr($val_str, 0, -1);
@@ -323,11 +550,12 @@ class db extends mysqli
} else {
$insert_data_str = $insert_data;
}
+ /* TODO: reduce risk of insert_data_str! */
$old_rec = array();
- $this->query("INSERT INTO $tablename $insert_data_str");
+ $this->query("INSERT INTO ?? $insert_data_str", $tablename);
$index_value = $this->insertID();
- $new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+ $new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ? = ?", $tablename, $index_field, $index_value);
$this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);
return $index_value;
@@ -336,25 +564,22 @@ class db extends mysqli
//** Updates a record and saves the changes into the datalog
public function datalogUpdate($tablename, $update_data, $index_field, $index_value, $force_update = false) {
global $app;
-
- $tablename = $this->quote($tablename);
- $index_field = $this->quote($index_field);
- $index_value = $this->quote($index_value);
- $old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+ $old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
if(is_array($update_data)) {
$update_data_str = '';
foreach($update_data as $key => $val) {
- $update_data_str .= "`".$key ."` = '".$this->quote($val)."',";
+ $update_data_str .= "`".$key ."` = '".$this->escape($val)."',";
}
$update_data_str = substr($update_data_str, 0, -1);
} else {
$update_data_str = $update_data;
}
+ /* TODO: reduce risk of update_data_str */
- $this->query("UPDATE $tablename SET $update_data_str WHERE $index_field = '$index_value'");
- $new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+ $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);
+ $new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
$this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec, $force_update);
return true;
@@ -363,13 +588,9 @@ class db extends mysqli
//** Deletes a record and saves the changes into the datalog
public function datalogDelete($tablename, $index_field, $index_value) {
global $app;
-
- $tablename = $this->quote($tablename);
- $index_field = $this->quote($index_field);
- $index_value = $this->quote($index_value);
- $old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
- $this->query("DELETE FROM $tablename WHERE $index_field = '$index_value'");
+ $old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
+ $this->query("DELETE FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
$new_rec = array();
$this->datalogSave($tablename, 'DELETE', $index_field, $index_value, $old_rec, $new_rec);
@@ -387,7 +608,7 @@ class db extends mysqli
$login = $_SESSION['s']['user']['username'];
}
- $result = $this->queryAllRecords("SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable FROM sys_datalog, server WHERE server.server_id = sys_datalog.server_id AND sys_datalog.user = '" . $this->quote($login) . "' AND sys_datalog.datalog_id > server.updated GROUP BY sys_datalog.dbtable, sys_datalog.action");
+ $result = $this->queryAllRecords("SELECT COUNT( * ) AS cnt, sys_datalog.action, sys_datalog.dbtable FROM sys_datalog, server WHERE server.server_id = sys_datalog.server_id AND sys_datalog.user = ? AND sys_datalog.datalog_id > server.updated GROUP BY sys_datalog.dbtable, sys_datalog.action", $login);
foreach($result as $row) {
if(!$row['dbtable'] || in_array($row['dbtable'], array('aps_instances', 'aps_instances_settings', 'mail_access', 'mail_content_filter'))) continue; // ignore some entries, maybe more to come
$return['entries'][] = array('table' => $row['dbtable'], 'action' => $row['action'], 'count' => $row['cnt'], 'text' => $app->lng('datalog_status_' . $row['action'] . '_' . $row['dbtable']));
@@ -398,28 +619,6 @@ class db extends mysqli
return $return;
}
-
- public function freeResult($query)
- {
- if(is_object($query) && (get_class($query) == "mysqli_result")) {
- $query->free();
- return true;
- } else {
- return false;
- }
- }
-
- /* TODO: Does anything use this? */
- public function delete() {
-
- }
-
- /* TODO: Does anything use this? */
- public function Transaction($action) {
- //action = begin, commit oder rollback
-
- }
-
/*
$columns = array(action => add | alter | drop
name => Spaltenname
@@ -436,7 +635,7 @@ class db extends mysqli
public function createTable($table_name, $columns) {
$index = '';
- $sql = "CREATE TABLE $table_name (";
+ $sql = "CREATE TABLE ?? (";
foreach($columns as $col){
$sql .= $col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';
@@ -456,7 +655,8 @@ class db extends mysqli
$sql .= $index;
$sql = substr($sql, 0, -1);
$sql .= ')';
- $this->query($sql);
+ /* TODO: secure parameters */
+ $this->query($sql, $table_name);
return true;
}
@@ -475,7 +675,7 @@ class db extends mysqli
*/
public function alterTable($table_name, $columns) {
$index = '';
- $sql = "ALTER TABLE $table_name ";
+ $sql = "ALTER TABLE ?? ";
foreach($columns as $col){
if($col['action'] == 'add') {
$sql .= 'ADD '.$col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';
@@ -501,26 +701,23 @@ class db extends mysqli
}
$sql .= $index;
$sql = substr($sql, 0, -1);
-
+ /* TODO: secure parameters */
//die($sql);
- $this->query($sql);
+ $this->query($sql, $table_name);
return true;
}
public function dropTable($table_name) {
$this->check($table_name);
- $sql = "DROP TABLE '". $table_name."'";
- return $this->query($sql);
+ $sql = "DROP TABLE ??";
+ return $this->query($sql, $table_name);
}
// gibt Array mit Tabellennamen zur�ck
public function getTables($database_name = '') {
- if($this->isConnected == false) return false;
+ if(!is_object($this->_iConnId)) return false;
if($database_name == '') $database_name = $this->dbName;
- $result = parent::query("SHOW TABLES FROM $database_name");
- for ($i = 0; $i < $result->num_rows; $i++) {
- $tb_names[$i] = (($result->data_seek( $i) && (($___mysqli_tmp = $result->fetch_row()) !== NULL)) ? array_shift($___mysqli_tmp) : false);
- }
+ $tb_names = $this->queryAllArray("SHOW TABLES FROM ??", $database_name);
return $tb_names;
}
@@ -544,7 +741,7 @@ class db extends mysqli
global $go_api, $go_info, $app;
// Tabellenfelder einlesen
- if($rows = $app->db->queryAllRecords('SHOW FIELDS FROM '.$table_name)){
+ if($rows = $app->db->queryAllRecords('SHOW FIELDS FROM ??', $table_name)){
foreach($rows as $row) {
/*
$name = $row[0];
@@ -669,4 +866,238 @@ class db extends mysqli
}
+/**
+ * database query result class
+ *
+ * @package pxFramework
+ *
+ */
+class db_result {
+
+ /**
+ *
+ *
+ * @access private
+ */
+ private $_iResId = null;
+ private $_iConnection = null;
+
+
+
+ /**
+ *
+ *
+ * @access private
+ */
+ public function db_result($iResId, $iConnection) {
+ $this->_iResId = $iResId;
+ $this->_iConnection = $iConnection;
+ }
+
+
+
+ /**
+ * get count of result rows
+ *
+ * Returns the amount of rows in the result set
+ *
+ * @access public
+ * @return int amount of rows
+ */
+ public function rows() {
+ if(!is_object($this->_iResId)) return 0;
+ $iRows = mysqli_num_rows($this->_iResId);
+ if(!$iRows) $iRows = 0;
+ return $iRows;
+ }
+
+
+
+ /**
+ * Get number of affected rows
+ *
+ * Returns the amount of rows affected by the previous query
+ *
+ * @access public
+ * @return int amount of affected rows
+ */
+ public function affected() {
+ if(!is_object($this->_iConnection)) return 0;
+ $iRows = mysqli_affected_rows($this->_iConnection);
+ if(!$iRows) $iRows = 0;
+ return $iRows;
+ }
+
+
+
+ /**
+ * Frees the result set
+ *
+ * @access public
+ */
+ public function free() {
+ if(!is_object($this->_iResId)) return;
+
+ mysqli_free_result($this->_iResId);
+ return;
+ }
+
+
+
+ /**
+ * Get a result row (associative)
+ *
+ * Returns the next row in the result set. To be used in a while loop like while($currow = $result->get()) { do something ... }
+ *
+ * @access public
+ * @return array result row
+ */
+ public function get() {
+ $aItem = null;
+
+ if(is_object($this->_iResId)) {
+ $aItem = mysqli_fetch_assoc($this->_iResId);
+ if(!$aItem) $aItem = null;
+ }
+ return $aItem;
+ }
+
+
+
+ /**
+ * Get a result row (array with numeric index)
+ *
+ * @access public
+ * @return array result row
+ */
+ public function getAsRow() {
+ $aItem = null;
+
+ if(is_object($this->_iResId)) {
+ $aItem = mysqli_fetch_row($this->_iResId);
+ if(!$aItem) $aItem = null;
+ }
+ return $aItem;
+ }
+
+}
+
+/**
+ * database query result class
+ *
+ * emulates a db result set out of an array so you can use array results and db results the same way
+ *
+ * @package pxFramework
+ * @see db_result
+ *
+ *
+ */
+class fakedb_result {
+
+ /**
+ *
+ *
+ * @access private
+ */
+ private $aResultData = array();
+
+ /**
+ *
+ *
+ * @access private
+ */
+ private $aLimitedData = array();
+
+
+
+ /**
+ *
+ *
+ * @access private
+ */
+ public function fakedb_result($aData) {
+ $this->aResultData = $aData;
+ $this->aLimitedData = $aData;
+ reset($this->aLimitedData);
+ }
+
+
+
+ /**
+ * get count of result rows
+ *
+ * Returns the amount of rows in the result set
+ *
+ * @access public
+ * @return int amount of rows
+ */
+ // Gibt die Anzahl Zeilen zurück
+ public function rows() {
+ return count($this->aLimitedData);
+ }
+
+
+
+ /**
+ * Frees the result set
+ *
+ * @access public
+ */
+ // Gibt ein Ergebnisset frei
+ public function free() {
+ $this->aResultData = array();
+ $this->aLimitedData = array();
+ return;
+ }
+
+
+
+ /**
+ * Get a result row (associative)
+ *
+ * Returns the next row in the result set. To be used in a while loop like while($currow = $result->get()) { do something ... }
+ *
+ * @access public
+ * @return array result row
+ */
+ // Gibt eine Ergebniszeile zurück
+ public function get() {
+ $aItem = null;
+
+ if(!is_array($this->aLimitedData)) return $aItem;
+
+ if(list($vKey, $aItem) = each($this->aLimitedData)) {
+ if(!$aItem) $aItem = null;
+ }
+ return $aItem;
+ }
+
+
+
+ /**
+ * Get a result row (array with numeric index)
+ *
+ * @access public
+ * @return array result row
+ */
+ public function getAsRow() {
+ return $this->get();
+ }
+
+
+
+ /**
+ * Limit the result (like a LIMIT x,y in a SQL query)
+ *
+ * @access public
+ * @param int $iStart offset to start read
+ * @param int iLength amount of datasets to read
+ */
+ public function limit_result($iStart, $iLength) {
+ $this->aLimitedData = array_slice($this->aResultData, $iStart, $iLength, true);
+ }
+
+}
+
+
?>
diff --git a/interface/web/sites/web_aliasdomain_edit.php b/interface/web/sites/web_aliasdomain_edit.php
index 02e11d501b8708504cef383e4eb0da05e6a39315..b220011dd3c2e678a7661efba79886b7056c022c 100644
--- a/interface/web/sites/web_aliasdomain_edit.php
+++ b/interface/web/sites/web_aliasdomain_edit.php
@@ -143,7 +143,7 @@ class page_action extends tform_actions {
}
// Get the record of the parent domain
- $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ".$app->functions->intval(@$this->dataRecord["parent_domain_id"]) . " AND ".$app->tform->getAuthSQL('r'));
+ $parent_domain = $app->db->queryOneRecord("select * FROM web_domain WHERE domain_id = ? AND ".$app->tform->getAuthSQL('r'), @$this->dataRecord["parent_domain_id"]);
if(!$parent_domain || $parent_domain['domain_id'] != @$this->dataRecord['parent_domain_id']) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
// Set a few fixed values
@@ -162,7 +162,7 @@ class page_action extends tform_actions {
function onAfterInsert() {
global $app, $conf;
- $app->db->query('UPDATE web_domain SET sys_groupid = '.$app->functions->intval($this->parent_domain_record['sys_groupid']).' WHERE domain_id = '.$this->id);
+ $app->db->query('UPDATE web_domain SET sys_groupid = ? WHERE domain_id = ?', $this->parent_domain_record['sys_groupid'], $this->id);
}
@@ -173,11 +173,11 @@ class page_action extends tform_actions {
if($this->dataRecord['parent_domain_id'] != $this->oldDataRecord['parent_domain_id']) {
//* Update the domain owner
- $app->db->query('UPDATE web_domain SET sys_groupid = '.$app->functions->intval($this->parent_domain_record['sys_groupid']).' WHERE domain_id = '.$this->id);
+ $app->db->query('UPDATE web_domain SET sys_groupid = ? WHERE domain_id = ?', $this->parent_domain_record['sys_groupid'], $this->id);
//* Update the old website, so that the vhost alias gets removed
//* We force the update by inserting a transaction record without changes manually.
- $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = '.$app->functions->intval($this->oldDataRecord['domain_id']));
+ $old_website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ?', $this->oldDataRecord['domain_id']);
$app->db->datalogSave('web_domain', 'UPDATE', 'domain_id', $this->oldDataRecord['parent_domain_id'], $old_website, $old_website, true);
}
diff --git a/interface/web/tools/import_plesk.php b/interface/web/tools/import_plesk.php
index aea9c230f972d2b5440ee8891eb6baa481983bd6..f6e2890ea1546d28d3d8fae078df7e03adfec797 100644
--- a/interface/web/tools/import_plesk.php
+++ b/interface/web/tools/import_plesk.php
@@ -346,7 +346,7 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
foreach($domains as $entry) {
$res = $exdb->query("SELECT d.dom_id, d.param, d.val FROM dom_param as d WHERE d.dom_id = '" . $entry['id'] . "'");
$options = array();
- while($opt = $exdb->nextRecord()) {
+ while($opt = $res->get()) {
$options[$opt['param']] = $opt['val'];
}
@@ -728,7 +728,7 @@ if(isset($_POST['start']) && $_POST['start'] == 1) {
foreach($subdomains as $entry) {
$res = $exdb->query("SELECT d.dom_id, d.param, d.val FROM dom_param as d WHERE d.dom_id = '" . $entry['dom_id'] . "'");
$options = array();
- while($opt = $exdb->nextRecord()) {
+ while($opt = $res->get()) {
$options[$opt['param']] = $opt['val'];
}
diff --git a/server/lib/classes/db_mysql.inc.php b/server/lib/classes/db_mysql.inc.php
index 9d56ac3055e09df3156b4f64681256b172bd16da..488a3816d8ba78163f2045535b572ffdd2469433 100644
--- a/server/lib/classes/db_mysql.inc.php
+++ b/server/lib/classes/db_mysql.inc.php
@@ -29,13 +29,25 @@
class db extends mysqli
{
- protected $dbHost = ''; // hostname of the MySQL server
+ /**#@+
+ * @access private
+ */
+ private $_iQueryId;
+ private $_iConnId;
+
+ private $dbHost = ''; // hostname of the MySQL server
private $dbName = ''; // logical database name on that server
private $dbUser = ''; // database authorized user
private $dbPass = ''; // user's password
private $dbCharset = 'utf8';// Database charset
private $dbNewLink = false; // Return a new linkID when connect is called again
private $dbClientFlags = 0; // MySQL Client falgs
+ /**#@-*/
+
+ public $show_error_messages = false; // false in server, true in interface
+
+
+ /* old things - unused now ////
private $linkId = 0; // last result of mysqli_connect()
private $queryId = 0; // last result of mysqli_query()
private $record = array(); // last record fetched
@@ -44,8 +56,9 @@ class db extends mysqli
public $errorNumber = 0; // last error number
public $errorMessage = ''; // last error message
private $errorLocation = '';// last error location
- public $show_error_messages = false; // false in server, true in interface
private $isConnected = false; // needed to know if we have a valid mysqli object from the constructor
+ ////
+ */
// constructor
public function __construct($host = NULL , $user = NULL, $pass = NULL, $database = NULL) {
@@ -59,27 +72,36 @@ class db extends mysqli
$this->dbNewLink = $conf['db_new_link'];
$this->dbClientFlags = $conf['db_client_flags'];
- parent::__construct($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName);
+ $this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
$try = 0;
- //while(!is_null($this->connect_error) && $try < 10) {
- while(mysqli_connect_error() && $try < 10) {
- if($try > 8) sleep(5);
- elseif($try > 0) sleep(1);
+ while((!is_object($this->_iConnId) || mysqli_connect_error()) && $try < 5) {
+ if($try > 0) sleep(1);
$try++;
- $this->updateError('DB::__construct');
-
- parent::__construct($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName);
+ $this->_iConnId = mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass);
}
- //if(is_null($this->connect_error)) $this->isConnected = true;
- if(!mysqli_connect_error()) $this->isConnected = true;
+ if(!is_object($this->_iConnId) || mysqli_connect_error()) {
+ $this->_iConnId = null;
+ $this->_sqlerror('Zugriff auf Datenbankserver fehlgeschlagen! / Database server not accessible!');
+ return false;
+ }
+ if(!((bool)mysqli_query( $this->_iConnId, "USE $this->dbName"))) {
+ $this->close();
+ $this->_sqlerror('Datenbank nicht gefunden / Database not found');
+ return false;
+ }
- $this->setCharacterEncoding();
+ $this->_setCharset();
}
public function __destruct() {
- $this->close(); // helps avoid memory leaks, and persitent connections that don't go away.
+ if($this->_iConnId) mysqli_close($this->_iConnId);
+ }
+
+ public function close() {
+ if($this->_iConnId) mysqli_close($this->_iConnId);
+ $this->_iConnId = null;
}
/* This allows our private variables to be "read" out side of the class */
@@ -87,135 +109,341 @@ class db extends mysqli
return isset($this->$var) ? $this->$var : NULL;
}
- // error handler
- public function updateError($location) {
- global $app;
+ public function _build_query_string($sQuery = '') {
+ $iArgs = func_num_args();
+ if($iArgs > 1) {
+ $aArgs = func_get_args();
- /*
- if(!is_null($this->connect_error)) {
- $this->errorNumber = $this->connect_errno;
- $this->errorMessage = $this->connect_error;
- } else {
- $this->errorNumber = $this->errno;
- $this->errorMessage = $this->error;
- }
- */
- if(mysqli_connect_error()) {
- $this->errorNumber = mysqli_connect_errno();
- $this->errorMessage = mysqli_connect_error();
- } else {
- $this->errorNumber = mysqli_errno($this);
- $this->errorMessage = mysqli_error($this);
- }
+ if($iArgs == 3 && $aArgs[1] === true && is_array($aArgs[2])) {
+ $aArgs = $aArgs[2];
+ $iArgs = count($aArgs);
+ } else {
+ array_shift($aArgs); // delete the query string that is the first arg!
+ }
+
+ $iPos = 0;
+ $iPos2 = 0;
+ foreach($aArgs as $sKey => $sValue) {
+ $iPos2 = strpos($sQuery, '??', $iPos2);
+ $iPos = strpos($sQuery, '?', $iPos);
+
+ if($iPos === false && $iPos2 === false) break;
- $this->errorLocation = $location;
- if($this->errorNumber) {
- $error_msg = $this->errorLocation .' '. $this->errorMessage;
- // This right here will allow us to use the samefile for server & interface
- if($this->show_error_messages) {
- echo $error_msg;
- } else if(is_object($app) && method_exists($app, 'log')) {
- $app->log($error_msg, LOGLEVEL_WARN);
+ if($iPos2 !== false && ($iPos === false || $iPos2 <= $iPos)) {
+ $sTxt = $this->escape($sValue);
+
+ if(strpos($sTxt, '.') !== false) $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
+ else $sTxt = '`' . $sTxt . '`';
+
+ $sQuery = substr_replace($sQuery, $sTxt, $iPos2, 2);
+ $iPos2 += strlen($sTxt);
+ $iPos = $iPos2;
} else {
- /* This could be called before $app is ever declared.. In that case we should just spit out to error_log() */
- error_log($error_msg);
+ if(is_int($sValue) || is_float($sValue)) {
+ $sTxt = $sValue;
+ } elseif(is_string($sValue) && (strcmp($sValue, '#NULL#') == 0)) {
+ $sTxt = 'NULL';
+ } elseif(is_array($sValue)) {
+ $sTxt = '';
+ foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
+ $sTxt = '(' . substr($sTxt, 1) . ')';
+ if($sTxt == '()') $sTxt = '(0)';
+ } else {
+ $sTxt = '\'' . $this->escape($sValue) . '\'';
+ }
+
+ $sQuery = substr_replace($sQuery, $sTxt, $iPos, 1);
+ $iPos += strlen($sTxt);
+ $iPos2 = $iPos;
+ }
}
}
+
+ return $sQuery;
}
- private function setCharacterEncoding() {
- if($this->isConnected == false) return false;
- parent::query( 'SET NAMES '.$this->dbCharset);
- parent::query( "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
+ /**#@-*/
+
+
+ /**#@+
+ * @access private
+ */
+ private function _setCharset() {
+ mysqli_query($this->_iConnId, 'SET NAMES '.$this->dbCharset);
+ mysqli_query($this->_iConnId, "SET character_set_results = '".$this->dbCharset."', character_set_client = '".$this->dbCharset."', character_set_connection = '".$this->dbCharset."', character_set_database = '".$this->dbCharset."', character_set_server = '".$this->dbCharset."'");
}
- public function query($queryString) {
- if($this->isConnected == false) return false;
+ private function _query($sQuery = '') {
+ global $app;
+
+ if ($sQuery == '') {
+ $this->_sqlerror('Keine Anfrage angegeben / No query given');
+ return false;
+ }
+
$try = 0;
do {
$try++;
- $ok = $this->ping();
+ $ok = mysqli_ping($this->_iConnId);
if(!$ok) {
- if(!$this->real_connect($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName)) {
+ if(!mysqli_connect($this->dbHost, $this->dbUser, $this->dbPass, $this->dbName)) {
if($try > 9) {
- $this->updateError('DB::query -> reconnect');
+ $this->_sqlerror('DB::query -> reconnect');
return false;
} else {
sleep(($try > 7 ? 5 : 1));
}
} else {
- $this->setCharacterEncoding();
+ $this->_setCharset();
$ok = true;
}
}
} while($ok == false);
- $this->queryId = parent::query($queryString);
- $this->updateError('DB::query('.$queryString.') -> mysqli_query');
- if(!$this->queryId) {
+
+ $aArgs = func_get_args();
+ $sQuery = call_user_func_array(array(&$this, '_build_query_string'), $aArgs);
+
+ $this->_iQueryId = mysqli_query($this->_iConnId, $sQuery);
+ if (!$this->_iQueryId) {
+ $this->_sqlerror('Falsche Anfrage / Wrong Query', false, 'SQL-Query = ' . $sQuery);
return false;
}
- $this->currentRow = 0;
- return $this->queryId;
+
+ return is_bool($this->_iQueryId) ? $this->_iQueryId : new db_result($this->_iQueryId, $this->_iConnId);
}
- // returns all records in an array
- public function queryAllRecords($queryString) {
- if(!$this->query($queryString))
- {
- return false;
- }
- $ret = array();
- while($line = $this->nextRecord())
- {
- $ret[] = $line;
+ /**#@-*/
+
+
+
+
+
+ /**
+ * Executes a query
+ *
+ * Executes a given query string, has a variable amount of parameters:
+ * - 1 parameter
+ * executes the given query
+ * - 2 parameters
+ * executes the given query, replaces the first ? in the query with the second parameter
+ * - 3 parameters
+ * if the 2nd parameter is a boolean true, the 3rd parameter has to be an array containing all the replacements for every occuring ? in the query, otherwise the second parameter replaces the first ?, the third parameter replaces the second ? in the query
+ * - 4 or more parameters
+ * all ? in the query are replaced from left to right by the parameters 2 to x
+ *
+ * @access public
+ * @param string $sQuery query string
+ * @param mixed ... one or more parameters
+ * @return db_result the result object of the query
+ */
+
+
+ public function query($sQuery = '') {
+ $aArgs = func_get_args();
+ return call_user_func_array(array(&$this, '_query'), $aArgs);
+ }
+
+ /**
+ * Execute a query and get first result array
+ *
+ * Executes a query and returns the first result row as an array
+ * This is like calling $result = $db->query(), $result->get(), $result->free()
+ * Use of this function @see query
+ *
+ * @access public
+ * @param string $sQuery query to execute
+ * @param ... further params (see query())
+ * @return array result row or NULL if none found
+ */
+ public function queryOneRecord($sQuery = '') {
+ if(!preg_match('/limit \d+\s*,\s*\d+$/i', $sQuery)) $sQuery .= ' LIMIT 0,1';
+
+ $aArgs = func_get_args();
+ $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
+ if(!$oResult) return null;
+
+ $aReturn = $oResult->get();
+ $oResult->free();
+
+ return $aReturn;
+ }
+
+ public function queryOne($sQuery = '') {
+ return $this->query_one($sQuery);
+ }
+
+ public function query_one($sQuery = '') {
+ return $this->queryOneRecord($sQuery);
+ }
+
+ /**
+ * Execute a query and return all rows
+ *
+ * Executes a query and returns all result rows in an array
+ * Use this with extreme care!!! Uses lots of memory on big result sets.
+ *
+ * @access public
+ * @param string $sQuery query to execute
+ * @param ... further params (see query())
+ * @return array all the rows in the result set
+ */
+ public function queryAllRecords($sQuery = '') {
+ $aArgs = func_get_args();
+ $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
+ if(!$oResult) return array();
+
+ $aResults = array();
+ while($aRow = $oResult->get()) {
+ $aResults[] = $aRow;
}
- return $ret;
+ $oResult->free();
+
+ return $aResults;
}
- // returns one record in an array
- public function queryOneRecord($queryString) {
- if(!$this->query($queryString) || $this->numRows() == 0)
- {
- return false;
+ public function queryAll($sQuery = '') {
+ return $this->queryAllRecords($sQuery);
+ }
+
+ public function query_all($sQuery = '') {
+ return $this->queryAllRecords($sQuery);
+ }
+
+ /**
+ * Execute a query and return all rows as simple array
+ *
+ * Executes a query and returns all result rows in an array with elements
+ * Only first column is returned Uses lots of memory on big result sets.
+ *
+ * @access public
+ * @param string $sQuery query to execute
+ * @param ... further params (see query())
+ * @return array all the rows in the result set
+ */
+ public function queryAllArray($sQuery = '') {
+ $aArgs = func_get_args();
+ $oResult = call_user_func_array(array(&$this, 'query'), $aArgs);
+ if(!$oResult) return array();
+
+ $aResults = array();
+ while($aRow = $oResult->get()) {
+ $aResults[] = reset($aRow);
}
- return $this->nextRecord();
+ $oResult->free();
+
+ return $aResults;
}
- // returns the next record in an array
- public function nextRecord() {
- $this->record = $this->queryId->fetch_assoc();
- $this->updateError('DB::nextRecord()-> mysql_fetch_array');
- if(!$this->record || !is_array($this->record))
- {
- return false;
+ public function query_all_array($sQuery = '') {
+ return $this->queryAllArray($sQuery);
+ }
+
+
+
+ /**
+ * Get id of last inserted row
+ *
+ * Gives you the id of the last inserted row in a table with an auto-increment primary key
+ *
+ * @access public
+ * @return int id of last inserted row or 0 if none
+ */
+ public function insert_id() {
+ $iRes = mysqli_query($this->_iConnId, 'SELECT LAST_INSERT_ID() as `newid`');
+ if(!is_object($iRes)) return false;
+
+ $aReturn = mysqli_fetch_assoc($iRes);
+ mysqli_free_result($iRes);
+
+ return $aReturn['newid'];
+ }
+
+
+
+ /**
+ * get affected row count
+ *
+ * Gets the amount of rows affected by the previous query
+ *
+ * @access public
+ * @return int affected rows
+ */
+ public function affected() {
+ if(!is_object($this->_iConnId)) return 0;
+ $iRows = mysqli_affected_rows($this->_iConnId);
+ if(!$iRows) $iRows = 0;
+ return $iRows;
+ }
+
+
+
+ /**
+ * Escape a string for usage in a query
+ *
+ * @access public
+ * @param string $sString query string to escape
+ * @return string escaped string
+ */
+ public function escape($sString) {
+ global $app;
+ if(!is_string($sString) && !is_numeric($sString)) {
+ $app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_INFO);
+ $sAddMsg = getDebugBacktrace();
+ $app->log($sAddMsg, LOGLEVEL_DEBUG);
+ $sString = '';
}
- $this->currentRow++;
- return $this->record;
+
+ /*$cur_encoding = mb_detect_encoding($sString);
+ if($cur_encoding != "UTF-8") {
+ if($cur_encoding != 'ASCII') {
+ $app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_WARN);
+ if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);
+ else $sString = mb_convert_encoding($sString, 'UTF-8');
+ }
+ } elseif(!PXBase::check_utf8($sString)) {
+ $sString = utf8_encode($sString);
+ }*/
+
+ if($this->_iConnId) return mysqli_real_escape_string($this->_iConnId, $sString);
+ else return addslashes($sString);
}
- // returns number of rows returned by the last select query
- public function numRows() {
- return $this->queryId->num_rows;
+ /**
+ *
+ *
+ * @access private
+ */
+ private function _sqlerror($sErrormsg = 'Unbekannter Fehler', $sAddMsg = '') {
+ global $app, $conf;
+
+ $mysql_error = (is_object($this->_iConnId) ? mysqli_error($this->_iConnId) : mysqli_connect_error());
+ $mysql_errno = (is_object($this->_iConnId) ? mysqli_errno($this->_iConnId) : mysqli_connect_errno());
+
+ $sAddMsg .= getDebugBacktrace();
+
+ if($this->show_error_messages && $conf['demo_mode'] === false) {
+ echo $sErrormsg . $sAddMsg;
+ } else if(is_object($app) && method_exists($app, 'log')) {
+ $app->log($sErrormsg . $sAddMsg, LOGLEVEL_WARN);
+ }
}
public function affectedRows() {
- return $this->queryId->affected_rows;
+ return $this->affected();
}
// returns mySQL insert id
public function insertID() {
- return $this->insert_id;
+ return $this->insert_id();
}
- // Check der variablen
- // Really.. using quote should be phased out in favor of using bind_param's. Though, for legacy code..
- // here's the equivalent
+ //* Function to quote strings
public function quote($formfield) {
- return $this->escape_string($formfield);
+ return $this->escape($formfield);
}
- // Check der variablen
+ //* Function to unquotae strings
public function unquote($formfield) {
return stripslashes($formfield);
}
@@ -321,9 +549,9 @@ class db extends mysqli
if($diff_num > 0) {
- $diffstr = $this->quote(serialize($diffrec_full));
+ $diffstr = serialize($diffrec_full);
if(isset($_SESSION)) {
- $username = $this->quote($_SESSION['s']['user']['username']);
+ $username = $_SESSION['s']['user']['username'];
} else {
$username = 'admin';
}
@@ -332,8 +560,8 @@ class db extends mysqli
if($action == 'INSERT') $action = 'i';
if($action == 'UPDATE') $action = 'u';
if($action == 'DELETE') $action = 'd';
- $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES ('".$db_table."','$dbidx','$server_id','$action','".time()."','$username','$diffstr')";
- $this->query($sql);
+ $sql = "INSERT INTO sys_datalog (dbtable,dbidx,server_id,action,tstamp,user,data) VALUES (?, ?, ?, ?, ?, ?, ?)";
+ $app->db->query($sql, $db_table, $dbidx, $server_id, $action, time(), $username, $diffstr);
}
return true;
@@ -348,7 +576,7 @@ class db extends mysqli
$val_str = '';
foreach($insert_data as $key => $val) {
$key_str .= "`".$key ."`,";
- $val_str .= "'".$this->quote($val)."',";
+ $val_str .= "'".$this->escape($val)."',";
}
$key_str = substr($key_str, 0, -1);
$val_str = substr($val_str, 0, -1);
@@ -356,11 +584,12 @@ class db extends mysqli
} else {
$insert_data_str = $insert_data;
}
+ /* TODO: reduce risk of insert_data_str! */
$old_rec = array();
- $this->query("INSERT INTO $tablename $insert_data_str");
+ $this->query("INSERT INTO ?? $insert_data_str", $tablename);
$index_value = $this->insertID();
- $new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+ $new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ? = ?", $tablename, $index_field, $index_value);
$this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);
return $index_value;
@@ -370,20 +599,21 @@ class db extends mysqli
public function datalogUpdate($tablename, $update_data, $index_field, $index_value, $force_update = false) {
global $app;
- $old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+ $old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
if(is_array($update_data)) {
$update_data_str = '';
foreach($update_data as $key => $val) {
- $update_data_str .= "`".$key ."` = '".$this->quote($val)."',";
+ $update_data_str .= "`".$key ."` = '".$this->escape($val)."',";
}
$update_data_str = substr($update_data_str, 0, -1);
} else {
$update_data_str = $update_data;
}
+ /* TODO: reduce risk of update_data_str */
- $this->query("UPDATE $tablename SET $update_data_str WHERE $index_field = '$index_value'");
- $new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+ $this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);
+ $new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
$this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec, $force_update);
return true;
@@ -393,8 +623,8 @@ class db extends mysqli
public function datalogDelete($tablename, $index_field, $index_value) {
global $app;
- $old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
- $this->query("DELETE FROM $tablename WHERE $index_field = '$index_value'");
+ $old_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
+ $this->query("DELETE FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);
$new_rec = array();
$this->datalogSave($tablename, 'DELETE', $index_field, $index_value, $old_rec, $new_rec);
@@ -421,17 +651,6 @@ class db extends mysqli
}
}
- /* TODO: Does anything use this? */
- public function delete() {
-
- }
-
- /* TODO: Does anything use this? */
- public function Transaction($action) {
- //action = begin, commit oder rollback
-
- }
-
/*
$columns = array(action => add | alter | drop
name => Spaltenname
@@ -448,7 +667,7 @@ class db extends mysqli
public function createTable($table_name, $columns) {
$index = '';
- $sql = "CREATE TABLE $table_name (";
+ $sql = "CREATE TABLE ?? (";
foreach($columns as $col){
$sql .= $col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';
@@ -468,7 +687,8 @@ class db extends mysqli
$sql .= $index;
$sql = substr($sql, 0, -1);
$sql .= ')';
- $this->query($sql);
+ /* TODO: secure parameters */
+ $this->query($sql, $table_name);
return true;
}
@@ -487,7 +707,7 @@ class db extends mysqli
*/
public function alterTable($table_name, $columns) {
$index = '';
- $sql = "ALTER TABLE $table_name ";
+ $sql = "ALTER TABLE ?? ";
foreach($columns as $col){
if($col['action'] == 'add') {
$sql .= 'ADD '.$col['name'].' '.$this->mapType($col['type'], $col['typeValue']).' ';
@@ -513,26 +733,23 @@ class db extends mysqli
}
$sql .= $index;
$sql = substr($sql, 0, -1);
-
+ /* TODO: secure parameters */
//die($sql);
- $this->query($sql);
+ $this->query($sql, $table_name);
return true;
}
public function dropTable($table_name) {
$this->check($table_name);
- $sql = "DROP TABLE '". $table_name."'";
- return $this->query($sql);
+ $sql = "DROP TABLE ??";
+ return $this->query($sql, $table_name);
}
// gibt Array mit Tabellennamen zur�ck
public function getTables($database_name = '') {
- if($this->isConnected == false) return false;
+ if(!is_object($this->_iConnId)) return false;
if($database_name == '') $database_name = $this->dbName;
- $result = parent::query("SHOW TABLES FROM $database_name");
- for ($i = 0; $i < $result->num_rows; $i++) {
- $tb_names[$i] = (($result->data_seek( $i) && (($___mysqli_tmp = $result->fetch_row()) !== NULL)) ? array_shift($___mysqli_tmp) : false);
- }
+ $tb_names = $this->queryAllArray("SHOW TABLES FROM ??", $database_name);
return $tb_names;
}
@@ -556,14 +773,14 @@ class db extends mysqli
global $go_api, $go_info;
// Tabellenfelder einlesen
- if($rows = $go_api->db->queryAllRecords('SHOW FIELDS FROM '.$table_name)){
+ if($rows = $go_api->db->queryAllRecords('SHOW FIELDS FROM ??', $table_name)){
foreach($rows as $row) {
- $name = $row[0];
- $default = $row[4];
- $key = $row[3];
- $extra = $row[5];
- $isnull = $row[2];
- $type = $row[1];
+ $name = $row['Field'];
+ $default = $row['Default'];
+ $key = $row['Key'];
+ $extra = $row['Extra'];
+ $isnull = $row['Null'];
+ $type = $row['Type'];
$column = array();
@@ -672,4 +889,238 @@ class db extends mysqli
}
+/**
+ * database query result class
+ *
+ * @package pxFramework
+ *
+ */
+class db_result {
+
+ /**
+ *
+ *
+ * @access private
+ */
+ private $_iResId = null;
+ private $_iConnection = null;
+
+
+
+ /**
+ *
+ *
+ * @access private
+ */
+ public function db_result($iResId, $iConnection) {
+ $this->_iResId = $iResId;
+ $this->_iConnection = $iConnection;
+ }
+
+
+
+ /**
+ * get count of result rows
+ *
+ * Returns the amount of rows in the result set
+ *
+ * @access public
+ * @return int amount of rows
+ */
+ public function rows() {
+ if(!is_object($this->_iResId)) return 0;
+ $iRows = mysqli_num_rows($this->_iResId);
+ if(!$iRows) $iRows = 0;
+ return $iRows;
+ }
+
+
+
+ /**
+ * Get number of affected rows
+ *
+ * Returns the amount of rows affected by the previous query
+ *
+ * @access public
+ * @return int amount of affected rows
+ */
+ public function affected() {
+ if(!is_object($this->_iConnection)) return 0;
+ $iRows = mysqli_affected_rows($this->_iConnection);
+ if(!$iRows) $iRows = 0;
+ return $iRows;
+ }
+
+
+
+ /**
+ * Frees the result set
+ *
+ * @access public
+ */
+ public function free() {
+ if(!is_object($this->_iResId)) return;
+
+ mysqli_free_result($this->_iResId);
+ return;
+ }
+
+
+
+ /**
+ * Get a result row (associative)
+ *
+ * Returns the next row in the result set. To be used in a while loop like while($currow = $result->get()) { do something ... }
+ *
+ * @access public
+ * @return array result row
+ */
+ public function get() {
+ $aItem = null;
+
+ if(is_object($this->_iResId)) {
+ $aItem = mysqli_fetch_assoc($this->_iResId);
+ if(!$aItem) $aItem = null;
+ }
+ return $aItem;
+ }
+
+
+
+ /**
+ * Get a result row (array with numeric index)
+ *
+ * @access public
+ * @return array result row
+ */
+ public function getAsRow() {
+ $aItem = null;
+
+ if(is_object($this->_iResId)) {
+ $aItem = mysqli_fetch_row($this->_iResId);
+ if(!$aItem) $aItem = null;
+ }
+ return $aItem;
+ }
+
+}
+
+/**
+ * database query result class
+ *
+ * emulates a db result set out of an array so you can use array results and db results the same way
+ *
+ * @package pxFramework
+ * @see db_result
+ *
+ *
+ */
+class fakedb_result {
+
+ /**
+ *
+ *
+ * @access private
+ */
+ private $aResultData = array();
+
+ /**
+ *
+ *
+ * @access private
+ */
+ private $aLimitedData = array();
+
+
+
+ /**
+ *
+ *
+ * @access private
+ */
+ public function fakedb_result($aData) {
+ $this->aResultData = $aData;
+ $this->aLimitedData = $aData;
+ reset($this->aLimitedData);
+ }
+
+
+
+ /**
+ * get count of result rows
+ *
+ * Returns the amount of rows in the result set
+ *
+ * @access public
+ * @return int amount of rows
+ */
+ // Gibt die Anzahl Zeilen zurück
+ public function rows() {
+ return count($this->aLimitedData);
+ }
+
+
+
+ /**
+ * Frees the result set
+ *
+ * @access public
+ */
+ // Gibt ein Ergebnisset frei
+ public function free() {
+ $this->aResultData = array();
+ $this->aLimitedData = array();
+ return;
+ }
+
+
+
+ /**
+ * Get a result row (associative)
+ *
+ * Returns the next row in the result set. To be used in a while loop like while($currow = $result->get()) { do something ... }
+ *
+ * @access public
+ * @return array result row
+ */
+ // Gibt eine Ergebniszeile zurück
+ public function get() {
+ $aItem = null;
+
+ if(!is_array($this->aLimitedData)) return $aItem;
+
+ if(list($vKey, $aItem) = each($this->aLimitedData)) {
+ if(!$aItem) $aItem = null;
+ }
+ return $aItem;
+ }
+
+
+
+ /**
+ * Get a result row (array with numeric index)
+ *
+ * @access public
+ * @return array result row
+ */
+ public function getAsRow() {
+ return $this->get();
+ }
+
+
+
+ /**
+ * Limit the result (like a LIMIT x,y in a SQL query)
+ *
+ * @access public
+ * @param int $iStart offset to start read
+ * @param int iLength amount of datasets to read
+ */
+ public function limit_result($iStart, $iLength) {
+ $this->aLimitedData = array_slice($this->aResultData, $iStart, $iLength, true);
+ }
+
+}
+
+
?>