Issues in Db.php (develop) - Issues in develop - Nickbur/Sunrise-CMS - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2407)

engine/library/Db.php (9 issues)

Labels

Severity

Informational 9

<?php
/* 	Divine CMS - Open source CMS for widespread use.
    Copyright (c) 2019 Mykola Burakov ([email protected])

    See SOURCE.txt for other and additional information.

    This file is part of Divine CMS.

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program. If not, see <http://www.gnu.org/licenses/>. */

namespace Divine\Engine\Library;

class Db
{
    private $connection;
    private $statement;
    // tracy
    private $log;

    public function __construct($hostname, $username, $password, $database)

    {
        try {
            $this->connection = @new \PDO("mysql:host=" . $hostname . ";port=3306;dbname=" . $database, $username, $password, array(\PDO::ATTR_PERSISTENT => true));
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
        } catch (\PDOException $e) {
            throw new \Exception('Error: Could not make a database link using ' . $username . '@' . $hostname . '!');
        }

        $this->connection->exec("SET NAMES 'utf8mb4'");
        $this->connection->exec("SET CHARACTER SET utf8mb4");
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
        $this->connection->exec("SET CHARACTER_SET_CONNECTION=utf8mb4");
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
        $this->connection->exec("SET SQL_MODE = ''");

        // Tracy Debugger
        if (isset($_SESSION['_tracy']['sql_log'])) {
            unset($_SESSION['_tracy']['sql_log']);
        }
        $this->log = array();
        $this->log['page_url'] = (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : 'index.php';
        $this->log['query_total_time'] = 0;
        //
    }

    public function query($sql, $params = array())
    {


        // Tracy Debugger
        $this->log['query_total_time'] = 0;

        $trace = debug_backtrace();
        $filename = (isset($trace[0]['file'])) ? $trace[0]['file'] : '---';
        $cmsPath = str_replace('upload/engine/', '', $_SERVER['DOCUMENT_ROOT'] . '/engine/');
        $cmsPath = str_replace('public/engine/', '', $cmsPath);
        $pureFile = str_replace($cmsPath, '', $filename);

        $bench = new \Ubench;
        $bench->start();
        //

        $this->statement = $this->connection->prepare($sql);

        $result = false;

        try {
            if ($this->statement && $this->statement->execute($params)) {
                $data = array();

                while ($row = $this->statement->fetch(\PDO::FETCH_ASSOC)) {
                    $data[] = $row;
                }

                $result = new \stdClass();
                $result->row = isset($data[0]) ? $data[0] : array();
                $result->rows = $data;
                $result->num_rows = $this->statement->rowCount();
            }
        } catch (\PDOException $e) {
            throw new \Exception('Error: ' . $e->getMessage() . ' Error Code : ' . $e->getCode() . ' <br />' . $sql);
        }

        // Tracy Debugger
        $bench->end();
        $exec_time = $bench->getTime();

        if (!isset($this->log['query_total_time'])) {
            $this->log['query_total_time'] = 0;
        }

        $this->log['query_total_time'] = (float) $this->log['query_total_time'] + (float) $exec_time;
        $this->log['file']  = $pureFile;
        $this->log['time']  = $exec_time;
        $this->log['query'] = \SqlFormatter::format($sql);
        $_SESSION['_tracy']['sql_log'][] = $this->log;
        //

        if (!$result) {
            $result = new \stdClass();
            $result->row = array();
            $result->rows = array();
            $result->num_rows = 0;
        }

        return $result;
    }

    public function execute()
    {
        try {
            if ($this->statement && $this->statement->execute()) {
                $data = array();

                while ($row = $this->statement->fetch(\PDO::FETCH_ASSOC)) {
                    $data[] = $row;
                }

                $result = new \stdClass();
                $result->row = isset($data[0]) ? $data[0] : array();
                $result->rows = $data;
                $result->num_rows = $this->statement->rowCount();
            }
        } catch (\PDOException $e) {
            throw new \Exception('Error: ' . $e->getMessage() . ' Error Code : ' . $e->getCode());
        }
    }

    public function escape($value)
    {
        return str_replace(array("\\", "\0", "\n", "\r", "\x1a", "'", '"'), array("\\\\", "\\0", "\\n", "\\r", "\Z", "\'", '\"'), $value);
<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;
    }

    public function prepare($sql)
    {
        $this->statement = $this->connection->prepare($sql);
    }

    public function bindParam($parameter, $variable, $data_type = \PDO::PARAM_STR, $length = 0)
    {
        if ($length) {
            $this->statement->bindParam($parameter, $variable, $data_type, $length);
        } else {
            $this->statement->bindParam($parameter, $variable, $data_type);
        }
    }

    public function countAffected()
    {
        if ($this->statement) {
            return $this->statement->rowCount();
        } else {
            return 0;
        }
    }

    public function getLastId()
    {
        return $this->connection->lastInsertId();
    }

    public function isConnected()
    {
        if ($this->connection) {
            return true;
        } else {
            return false;
        }
    }

    public function __destruct()
    {
        $this->connection = null;
    }
}


1			<?php
2			/* Divine CMS - Open source CMS for widespread use.
3			Copyright (c) 2019 Mykola Burakov ([email protected])
4
5			See SOURCE.txt for other and additional information.
6
7			This file is part of Divine CMS.
8
9			This program is free software: you can redistribute it and/or modify
10			it under the terms of the GNU General Public License as published by
11			the Free Software Foundation, either version 3 of the License, or
12			(at your option) any later version.
13
14			This program is distributed in the hope that it will be useful,
15			but WITHOUT ANY WARRANTY; without even the implied warranty of
16			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17			GNU General Public License for more details.
18
19			You should have received a copy of the GNU General Public License
20			along with this program. If not, see <http://www.gnu.org/licenses/>. */
21
22			namespace Divine\Engine\Library;
23
24			class Db
25			{
26			private $connection;
27			private $statement;
28			// tracy
29			private $log;
30
31			public function __construct($hostname, $username, $password, $database)
			0 ignored issues – show Coding Style introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 2 blank lines before function; 1 found Loading history...
32			{
33			try {
34			$this->connection = @new \PDO("mysql:host=" . $hostname . ";port=3306;dbname=" . $database, $username, $password, array(\PDO::ATTR_PERSISTENT => true));
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `mysql:host=` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history... Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `;port=3306;dbname=` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
35			} catch (\PDOException $e) {
36			throw new \Exception('Error: Could not make a database link using ' . $username . '@' . $hostname . '!');
37			}
38
39			$this->connection->exec("SET NAMES 'utf8mb4'");
40			$this->connection->exec("SET CHARACTER SET utf8mb4");
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `SET CHARACTER SET utf8mb4` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
41			$this->connection->exec("SET CHARACTER_SET_CONNECTION=utf8mb4");
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `SET CHARACTER_SET_CONNECTION=utf8mb4` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
42			$this->connection->exec("SET SQL_MODE = ''");
43
44			// Tracy Debugger
45			if (isset($_SESSION['_tracy']['sql_log'])) {
46			unset($_SESSION['_tracy']['sql_log']);
47			}
48			$this->log = array();
49			$this->log['page_url'] = (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : 'index.php';
50			$this->log['query_total_time'] = 0;
51			//
52			}
53
54			public function query($sql, $params = array())
55			{
			0 ignored issues – show Coding Style introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 0 blank lines after opening function brace; 1 found Loading history...
56
57			// Tracy Debugger
58			$this->log['query_total_time'] = 0;
59
60			$trace = debug_backtrace();
61			$filename = (isset($trace[0]['file'])) ? $trace[0]['file'] : '---';
62			$cmsPath = str_replace('upload/engine/', '', $_SERVER['DOCUMENT_ROOT'] . '/engine/');
63			$cmsPath = str_replace('public/engine/', '', $cmsPath);
64			$pureFile = str_replace($cmsPath, '', $filename);
65
66			$bench = new \Ubench;
67			$bench->start();
68			//
69
70			$this->statement = $this->connection->prepare($sql);
71
72			$result = false;
73
74			try {
75			if ($this->statement && $this->statement->execute($params)) {
76			$data = array();
77
78			while ($row = $this->statement->fetch(\PDO::FETCH_ASSOC)) {
79			$data[] = $row;
80			}
81
82			$result = new \stdClass();
83			$result->row = isset($data[0]) ? $data[0] : array();
84			$result->rows = $data;
85			$result->num_rows = $this->statement->rowCount();
86			}
87			} catch (\PDOException $e) {
88			throw new \Exception('Error: ' . $e->getMessage() . ' Error Code : ' . $e->getCode() . ' <br />' . $sql);
89			}
90
91			// Tracy Debugger
92			$bench->end();
93			$exec_time = $bench->getTime();
94
95			if (!isset($this->log['query_total_time'])) {
96			$this->log['query_total_time'] = 0;
97			}
98
99			$this->log['query_total_time'] = (float) $this->log['query_total_time'] + (float) $exec_time;
100			$this->log['file'] = $pureFile;
101			$this->log['time'] = $exec_time;
102			$this->log['query'] = \SqlFormatter::format($sql);
103			$_SESSION['_tracy']['sql_log'][] = $this->log;
104			//
105
106			if (!$result) {
107			$result = new \stdClass();
108			$result->row = array();
109			$result->rows = array();
110			$result->num_rows = 0;
111			}
112
113			return $result;
114			}
115
116			public function execute()
117			{
118			try {
119			if ($this->statement && $this->statement->execute()) {
120			$data = array();
121
122			while ($row = $this->statement->fetch(\PDO::FETCH_ASSOC)) {
123			$data[] = $row;
124			}
125
126			$result = new \stdClass();
127			$result->row = isset($data[0]) ? $data[0] : array();
128			$result->rows = $data;
129			$result->num_rows = $this->statement->rowCount();
130			}
131			} catch (\PDOException $e) {
132			throw new \Exception('Error: ' . $e->getMessage() . ' Error Code : ' . $e->getCode());
133			}
134			}
135
136			public function escape($value)
137			{
138			return str_replace(array("\\", "\0", "\n", "\r", "\x1a", "'", '"'), array("\\\\", "\\0", "\\n", "\\r", "\Z", "\'", '\"'), $value);
			0 ignored issues – show Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `\\` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history... Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `\\\\` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history... Coding Style Comprehensibility introduced 2019-07-29 15:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The string literal `\Z` does not require double quotes, as per coding-style, please use single quotes. PHP provides two ways to mark string literals. Either with single quotes `'literal'` or with double quotes `"literal"`. The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences. String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (`\'`) and the backslash (`\\`). Every other character is displayed as is. Double quoted string literals may contain other variables or more complex escape sequences. <?php $singleQuoted = 'Value'; $doubleQuoted = "\tSingle is $singleQuoted"; print $doubleQuoted; will print an indented: `Single is Value` If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear. For more information on PHP string literals and available escape sequences see the PHP core documentation. Loading history...
139			}
140
141			public function prepare($sql)
142			{
143			$this->statement = $this->connection->prepare($sql);
144			}
145
146			public function bindParam($parameter, $variable, $data_type = \PDO::PARAM_STR, $length = 0)
147			{
148			if ($length) {
149			$this->statement->bindParam($parameter, $variable, $data_type, $length);
150			} else {
151			$this->statement->bindParam($parameter, $variable, $data_type);
152			}
153			}
154
155			public function countAffected()
156			{
157			if ($this->statement) {
158			return $this->statement->rowCount();
159			} else {
160			return 0;
161			}
162			}
163
164			public function getLastId()
165			{
166			return $this->connection->lastInsertId();
167			}
168
169			public function isConnected()
170			{
171			if ($this->connection) {
172			return true;
173			} else {
174			return false;
175			}
176			}
177
178			public function __destruct()
179			{
180			$this->connection = null;
181			}
182			}
183

Nickbur / Sunrise-CMS

Issues (2407)

engine/library/Db.php (9 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like