1 | <?php |
||
2 | |||
3 | /** |
||
4 | * This file has all the main functions in it that relate to the database. |
||
5 | * |
||
6 | * Simple Machines Forum (SMF) |
||
7 | * |
||
8 | * @package SMF |
||
9 | * @author Simple Machines https://www.simplemachines.org |
||
10 | * @copyright 2022 Simple Machines and individual contributors |
||
11 | * @license https://www.simplemachines.org/about/smf/license.php BSD |
||
12 | * |
||
13 | * @version 2.1.0 |
||
14 | */ |
||
15 | |||
16 | if (!defined('SMF')) |
||
17 | die('No direct access...'); |
||
18 | |||
19 | /** |
||
20 | * Maps the implementations in this file (smf_db_function_name) |
||
21 | * to the $smcFunc['db_function_name'] variable. |
||
22 | * |
||
23 | * @param string $db_server The database server |
||
24 | * @param string $db_name The name of the database |
||
25 | * @param string $db_user The database username |
||
26 | * @param string $db_passwd The database password |
||
27 | * @param string $db_prefix The table prefix |
||
28 | * @param array $db_options An array of database options |
||
29 | * @return null|resource Returns null on failure if $db_options['non_fatal'] is true or a MySQL connection resource handle if the connection was successful. |
||
30 | */ |
||
31 | function smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, $db_prefix, $db_options = array()) |
||
32 | { |
||
33 | global $smcFunc; |
||
34 | |||
35 | // Map some database specific functions, only do this once. |
||
36 | if (!isset($smcFunc['db_fetch_assoc'])) |
||
37 | $smcFunc += array( |
||
38 | 'db_query' => 'smf_db_query', |
||
39 | 'db_quote' => 'smf_db_quote', |
||
40 | 'db_fetch_assoc' => 'mysqli_fetch_assoc', |
||
41 | 'db_fetch_row' => 'mysqli_fetch_row', |
||
42 | 'db_free_result' => 'mysqli_free_result', |
||
43 | 'db_insert' => 'smf_db_insert', |
||
44 | 'db_insert_id' => 'smf_db_insert_id', |
||
45 | 'db_num_rows' => 'mysqli_num_rows', |
||
46 | 'db_data_seek' => 'mysqli_data_seek', |
||
47 | 'db_num_fields' => 'mysqli_num_fields', |
||
48 | 'db_escape_string' => 'smf_db_escape_string', |
||
49 | 'db_unescape_string' => 'stripslashes', |
||
50 | 'db_server_info' => 'smf_db_get_server_info', |
||
51 | 'db_affected_rows' => 'smf_db_affected_rows', |
||
52 | 'db_transaction' => 'smf_db_transaction', |
||
53 | 'db_error' => 'mysqli_error', |
||
54 | 'db_select_db' => 'smf_db_select', |
||
55 | 'db_title' => MYSQL_TITLE, |
||
56 | 'db_sybase' => false, |
||
57 | 'db_case_sensitive' => false, |
||
58 | 'db_escape_wildcard_string' => 'smf_db_escape_wildcard_string', |
||
59 | 'db_is_resource' => 'smf_is_resource', |
||
60 | 'db_mb4' => false, |
||
61 | 'db_ping' => 'mysqli_ping', |
||
62 | 'db_fetch_all' => 'smf_db_fetch_all', |
||
63 | 'db_error_insert' => 'smf_db_error_insert', |
||
64 | 'db_custom_order' => 'smf_db_custom_order', |
||
65 | 'db_native_replace' => 'smf_db_native_replace', |
||
66 | 'db_cte_support' => 'smf_db_cte_support', |
||
67 | 'db_connect_error' => 'mysqli_connect_error', |
||
68 | 'db_connect_errno' => 'mysqli_connect_errno', |
||
69 | ); |
||
70 | |||
71 | if (!empty($db_options['persist'])) |
||
72 | $db_server = 'p:' . $db_server; |
||
73 | |||
74 | // We are not going to make it very far without these. |
||
75 | if (!function_exists('mysqli_init') || !function_exists('mysqli_real_connect')) |
||
76 | display_db_error(); |
||
77 | |||
78 | // This was the default prior to PHP 8.1, and all our code assumes it. |
||
79 | mysqli_report(MYSQLI_REPORT_OFF); |
||
80 | |||
81 | $connection = mysqli_init(); |
||
82 | |||
83 | $flags = 2; // MYSQLI_CLIENT_FOUND_ROWS = 2 |
||
84 | |||
85 | $success = false; |
||
86 | |||
87 | if ($connection) |
||
0 ignored issues
–
show
introduced
by
![]() |
|||
88 | { |
||
89 | if (!empty($db_options['port'])) |
||
90 | $success = @mysqli_real_connect($connection, $db_server, $db_user, $db_passwd, null, $db_options['port'], null, $flags); |
||
91 | else |
||
92 | $success = @mysqli_real_connect($connection, $db_server, $db_user, $db_passwd, null, 0, null, $flags); |
||
93 | } |
||
94 | |||
95 | // Something's wrong, show an error if its fatal (which we assume it is) |
||
96 | if ($success === false) |
||
97 | { |
||
98 | if (!empty($db_options['non_fatal'])) |
||
99 | return null; |
||
100 | else |
||
101 | display_db_error(); |
||
102 | } |
||
103 | |||
104 | // Select the database, unless told not to |
||
105 | if (empty($db_options['dont_select_db']) && !@mysqli_select_db($connection, $db_name) && empty($db_options['non_fatal'])) |
||
106 | display_db_error(); |
||
107 | |||
108 | mysqli_query($connection, 'SET SESSION sql_mode = \'ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION,PIPES_AS_CONCAT\''); |
||
109 | |||
110 | if (!empty($db_options['db_mb4'])) |
||
111 | $smcFunc['db_mb4'] = (bool) $db_options['db_mb4']; |
||
112 | |||
113 | return $connection; |
||
114 | } |
||
115 | |||
116 | /** |
||
117 | * Extend the database functionality. It calls the respective file's init |
||
118 | * to add the implementations in that file to $smcFunc array. |
||
119 | * |
||
120 | * @param string $type Indicates which additional file to load. ('extra', 'packages') |
||
121 | */ |
||
122 | function db_extend($type = 'extra') |
||
123 | { |
||
124 | global $sourcedir; |
||
125 | |||
126 | // we force the MySQL files as nothing syntactically changes with MySQLi |
||
127 | require_once($sourcedir . '/Db' . strtoupper($type[0]) . substr($type, 1) . '-mysql.php'); |
||
128 | $initFunc = 'db_' . $type . '_init'; |
||
129 | $initFunc(); |
||
130 | } |
||
131 | |||
132 | /** |
||
133 | * Fix up the prefix so it doesn't require the database to be selected. |
||
134 | * |
||
135 | * @param string &$db_prefix The table prefix |
||
136 | * @param string $db_name The database name |
||
137 | */ |
||
138 | function db_fix_prefix(&$db_prefix, $db_name) |
||
139 | { |
||
140 | $db_prefix = is_numeric(substr($db_prefix, 0, 1)) ? $db_name . '.' . $db_prefix : '`' . $db_name . '`.' . $db_prefix; |
||
141 | } |
||
142 | |||
143 | /** |
||
144 | * Wrap mysqli_select_db so the connection does not need to be specified |
||
145 | * |
||
146 | * @param string &$database The database |
||
147 | * @param object $connection The connection object (if null, $db_connection is used) |
||
148 | * @return bool Whether the database was selected |
||
149 | */ |
||
150 | function smf_db_select($database, $connection = null) |
||
151 | { |
||
152 | global $db_connection; |
||
153 | return mysqli_select_db($connection === null ? $db_connection : $connection, $database); |
||
154 | } |
||
155 | |||
156 | /** |
||
157 | * Wrap mysqli_get_server_info so the connection does not need to be specified |
||
158 | * |
||
159 | * @param object $connection The connection to use (if null, $db_connection is used) |
||
160 | * @return string The server info |
||
161 | */ |
||
162 | function smf_db_get_server_info($connection = null) |
||
163 | { |
||
164 | global $db_connection; |
||
165 | return mysqli_get_server_info($connection === null ? $db_connection : $connection); |
||
166 | } |
||
167 | |||
168 | /** |
||
169 | * Callback for preg_replace_callback on the query. |
||
170 | * It allows to replace on the fly a few pre-defined strings, for convenience ('query_see_board', 'query_wanna_see_board', etc), with |
||
171 | * their current values from $user_info. |
||
172 | * In addition, it performs checks and sanitization on the values sent to the database. |
||
173 | * |
||
174 | * @param array $matches The matches from preg_replace_callback |
||
175 | * @return string The appropriate string depending on $matches[1] |
||
176 | */ |
||
177 | function smf_db_replacement__callback($matches) |
||
178 | { |
||
179 | global $db_callback, $user_info, $db_prefix, $smcFunc; |
||
180 | |||
181 | list ($values, $connection) = $db_callback; |
||
182 | if (!is_object($connection)) |
||
183 | display_db_error(); |
||
184 | |||
185 | if ($matches[1] === 'db_prefix') |
||
186 | return $db_prefix; |
||
187 | |||
188 | if (isset($user_info[$matches[1]]) && strpos($matches[1], 'query_') !== false) |
||
189 | return $user_info[$matches[1]]; |
||
190 | |||
191 | if ($matches[1] === 'empty') |
||
192 | return '\'\''; |
||
193 | |||
194 | if (!isset($matches[2])) |
||
195 | smf_db_error_backtrace('Invalid value inserted or no type specified.', '', E_USER_ERROR, __FILE__, __LINE__); |
||
196 | |||
197 | if ($matches[1] === 'literal') |
||
198 | return '\'' . mysqli_real_escape_string($connection, $matches[2]) . '\''; |
||
199 | |||
200 | if (!isset($values[$matches[2]])) |
||
201 | smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . (isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($matches[2]) : htmlspecialchars($matches[2])), '', E_USER_ERROR, __FILE__, __LINE__); |
||
202 | |||
203 | $replacement = $values[$matches[2]]; |
||
204 | |||
205 | switch ($matches[1]) |
||
206 | { |
||
207 | case 'int': |
||
208 | if (!is_numeric($replacement) || (string) $replacement !== (string) (int) $replacement) |
||
209 | smf_db_error_backtrace('Wrong value type sent to the database. Integer expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
210 | return (string) (int) $replacement; |
||
211 | break; |
||
212 | |||
213 | case 'string': |
||
214 | case 'text': |
||
215 | return sprintf('\'%1$s\'', mysqli_real_escape_string($connection, $replacement)); |
||
216 | break; |
||
217 | |||
218 | case 'array_int': |
||
219 | if (is_array($replacement)) |
||
220 | { |
||
221 | if (empty($replacement)) |
||
222 | smf_db_error_backtrace('Database error, given array of integer values is empty. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
223 | |||
224 | foreach ($replacement as $key => $value) |
||
225 | { |
||
226 | if (!is_numeric($value) || (string) $value !== (string) (int) $value) |
||
227 | smf_db_error_backtrace('Wrong value type sent to the database. Array of integers expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
228 | |||
229 | $replacement[$key] = (string) (int) $value; |
||
230 | } |
||
231 | |||
232 | return implode(', ', $replacement); |
||
233 | } |
||
234 | else |
||
235 | smf_db_error_backtrace('Wrong value type sent to the database. Array of integers expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
236 | |||
237 | break; |
||
238 | |||
239 | case 'array_string': |
||
240 | if (is_array($replacement)) |
||
241 | { |
||
242 | if (empty($replacement)) |
||
243 | smf_db_error_backtrace('Database error, given array of string values is empty. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
244 | |||
245 | foreach ($replacement as $key => $value) |
||
246 | $replacement[$key] = sprintf('\'%1$s\'', mysqli_real_escape_string($connection, $value)); |
||
247 | |||
248 | return implode(', ', $replacement); |
||
249 | } |
||
250 | else |
||
251 | smf_db_error_backtrace('Wrong value type sent to the database. Array of strings expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
252 | break; |
||
253 | |||
254 | case 'date': |
||
255 | if (preg_match('~^(\d{4})-([0-1]?\d)-([0-3]?\d)$~', $replacement, $date_matches) === 1) |
||
256 | return sprintf('\'%04d-%02d-%02d\'', $date_matches[1], $date_matches[2], $date_matches[3]); |
||
257 | else |
||
258 | smf_db_error_backtrace('Wrong value type sent to the database. Date expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
259 | break; |
||
260 | |||
261 | case 'time': |
||
262 | if (preg_match('~^([0-1]?\d|2[0-3]):([0-5]\d):([0-5]\d)$~', $replacement, $time_matches) === 1) |
||
263 | return sprintf('\'%02d:%02d:%02d\'', $time_matches[1], $time_matches[2], $time_matches[3]); |
||
264 | else |
||
265 | smf_db_error_backtrace('Wrong value type sent to the database. Time expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
266 | break; |
||
267 | |||
268 | case 'datetime': |
||
269 | if (preg_match('~^(\d{4})-([0-1]?\d)-([0-3]?\d) ([0-1]?\d|2[0-3]):([0-5]\d):([0-5]\d)$~', $replacement, $datetime_matches) === 1) |
||
270 | return 'str_to_date(' . |
||
271 | sprintf('\'%04d-%02d-%02d %02d:%02d:%02d\'', $datetime_matches[1], $datetime_matches[2], $datetime_matches[3], $datetime_matches[4], $datetime_matches[5], $datetime_matches[6]) . |
||
272 | ',\'%Y-%m-%d %h:%i:%s\')'; |
||
273 | else |
||
274 | smf_db_error_backtrace('Wrong value type sent to the database. Datetime expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
275 | break; |
||
276 | |||
277 | case 'float': |
||
278 | if (!is_numeric($replacement)) |
||
279 | smf_db_error_backtrace('Wrong value type sent to the database. Floating point number expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
280 | return (string) (float) $replacement; |
||
281 | break; |
||
282 | |||
283 | case 'identifier': |
||
284 | // Backticks inside identifiers are supported as of MySQL 4.1. We don't need them for SMF. |
||
285 | return '`' . implode('`.`', array_filter(explode('.', strtr($replacement, array('`' => ''))), 'strlen')) . '`'; |
||
286 | break; |
||
287 | |||
288 | case 'raw': |
||
289 | return $replacement; |
||
290 | break; |
||
291 | |||
292 | case 'inet': |
||
293 | if ($replacement == 'null' || $replacement == '') |
||
294 | return 'null'; |
||
295 | if (!isValidIP($replacement)) |
||
296 | smf_db_error_backtrace('Wrong value type sent to the database. IPv4 or IPv6 expected.(' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
297 | //we don't use the native support of mysql > 5.6.2 |
||
298 | return sprintf('unhex(\'%1$s\')', bin2hex(inet_pton($replacement))); |
||
299 | |||
300 | case 'array_inet': |
||
301 | if (is_array($replacement)) |
||
302 | { |
||
303 | if (empty($replacement)) |
||
304 | smf_db_error_backtrace('Database error, given array of IPv4 or IPv6 values is empty. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
305 | |||
306 | foreach ($replacement as $key => $value) |
||
307 | { |
||
308 | if ($replacement == 'null' || $replacement == '') |
||
309 | $replacement[$key] = 'null'; |
||
310 | if (!isValidIP($value)) |
||
311 | smf_db_error_backtrace('Wrong value type sent to the database. IPv4 or IPv6 expected.(' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
312 | $replacement[$key] = sprintf('unhex(\'%1$s\')', bin2hex(inet_pton($value))); |
||
313 | } |
||
314 | |||
315 | return implode(', ', $replacement); |
||
316 | } |
||
317 | else |
||
318 | smf_db_error_backtrace('Wrong value type sent to the database. Array of IPv4 or IPv6 expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); |
||
319 | break; |
||
320 | |||
321 | default: |
||
322 | smf_db_error_backtrace('Undefined type used in the database query. (' . $matches[1] . ':' . $matches[2] . ')', '', false, __FILE__, __LINE__); |
||
323 | break; |
||
324 | } |
||
325 | } |
||
326 | |||
327 | /** |
||
328 | * Just like the db_query, escape and quote a string, but not executing the query. |
||
329 | * |
||
330 | * @param string $db_string The database string |
||
331 | * @param array $db_values An array of values to be injected into the string |
||
332 | * @param resource $connection = null The connection to use (null to use $db_connection) |
||
333 | * @return string The string with the values inserted |
||
334 | */ |
||
335 | function smf_db_quote($db_string, $db_values, $connection = null) |
||
336 | { |
||
337 | global $db_callback, $db_connection; |
||
338 | |||
339 | // Only bother if there's something to replace. |
||
340 | if (strpos($db_string, '{') !== false) |
||
341 | { |
||
342 | // This is needed by the callback function. |
||
343 | $db_callback = array($db_values, $connection === null ? $db_connection : $connection); |
||
344 | |||
345 | // Do the quoting and escaping |
||
346 | $db_string = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', 'smf_db_replacement__callback', $db_string); |
||
347 | |||
348 | // Clear this global variable. |
||
349 | $db_callback = array(); |
||
350 | } |
||
351 | |||
352 | return $db_string; |
||
353 | } |
||
354 | |||
355 | /** |
||
356 | * Do a query. Takes care of errors too. |
||
357 | * |
||
358 | * @param string $identifier An identifier. Only used in Postgres when we need to do things differently... |
||
359 | * @param string $db_string The database string |
||
360 | * @param array $db_values = array() The values to be inserted into the string |
||
361 | * @param resource $connection = null The connection to use (null to use $db_connection) |
||
362 | * @return resource|bool Returns a MySQL result resource (for SELECT queries), true (for UPDATE queries) or false if the query failed |
||
363 | */ |
||
364 | function smf_db_query($identifier, $db_string, $db_values = array(), $connection = null) |
||
365 | { |
||
366 | global $db_cache, $db_count, $db_connection, $db_show_debug; |
||
367 | global $db_unbuffered, $db_callback, $modSettings; |
||
368 | |||
369 | // Comments that are allowed in a query are preg_removed. |
||
370 | static $allowed_comments_from = array( |
||
371 | '~\s+~s', |
||
372 | '~/\*!40001 SQL_NO_CACHE \*/~', |
||
373 | '~/\*!40000 USE INDEX \([A-Za-z\_]+?\) \*/~', |
||
374 | '~/\*!40100 ON DUPLICATE KEY UPDATE id_msg = \d+ \*/~', |
||
375 | ); |
||
376 | static $allowed_comments_to = array( |
||
377 | ' ', |
||
378 | '', |
||
379 | '', |
||
380 | '', |
||
381 | ); |
||
382 | |||
383 | // Decide which connection to use. |
||
384 | $connection = $connection === null ? $db_connection : $connection; |
||
385 | |||
386 | // One more query.... |
||
387 | $db_count = !isset($db_count) ? 1 : $db_count + 1; |
||
388 | |||
389 | if (empty($modSettings['disableQueryCheck']) && strpos($db_string, '\'') !== false && empty($db_values['security_override'])) |
||
390 | smf_db_error_backtrace('No direct access...', 'Illegal character (\') used in query...', true, __FILE__, __LINE__); |
||
391 | |||
392 | // Use "ORDER BY null" to prevent Mysql doing filesorts for Group By clauses without an Order By |
||
393 | if (strpos($db_string, 'GROUP BY') !== false && strpos($db_string, 'ORDER BY') === false && preg_match('~^\s+SELECT~i', $db_string)) |
||
394 | { |
||
395 | // Add before LIMIT |
||
396 | if ($pos = strpos($db_string, 'LIMIT ')) |
||
397 | $db_string = substr($db_string, 0, $pos) . "\t\t\tORDER BY null\n" . substr($db_string, $pos, strlen($db_string)); |
||
398 | else |
||
399 | // Append it. |
||
400 | $db_string .= "\n\t\t\tORDER BY null"; |
||
401 | } |
||
402 | |||
403 | if (empty($db_values['security_override']) && (!empty($db_values) || strpos($db_string, '{db_prefix}') !== false)) |
||
404 | { |
||
405 | // Pass some values to the global space for use in the callback function. |
||
406 | $db_callback = array($db_values, $connection); |
||
407 | |||
408 | // Inject the values passed to this function. |
||
409 | $db_string = preg_replace_callback('~{([a-z_]+)(?::([a-zA-Z0-9_-]+))?}~', 'smf_db_replacement__callback', $db_string); |
||
410 | |||
411 | // This shouldn't be residing in global space any longer. |
||
412 | $db_callback = array(); |
||
413 | } |
||
414 | |||
415 | // First, we clean strings out of the query, reduce whitespace, lowercase, and trim - so we can check it over. |
||
416 | if (empty($modSettings['disableQueryCheck'])) |
||
417 | { |
||
418 | $clean = ''; |
||
419 | $old_pos = 0; |
||
420 | $pos = -1; |
||
421 | // Remove the string escape for better runtime |
||
422 | $db_string_1 = str_replace('\\\'', '', $db_string); |
||
423 | while (true) |
||
424 | { |
||
425 | $pos = strpos($db_string_1, '\'', $pos + 1); |
||
426 | if ($pos === false) |
||
427 | break; |
||
428 | $clean .= substr($db_string_1, $old_pos, $pos - $old_pos); |
||
429 | |||
430 | while (true) |
||
431 | { |
||
432 | $pos1 = strpos($db_string_1, '\'', $pos + 1); |
||
433 | $pos2 = strpos($db_string_1, '\\', $pos + 1); |
||
434 | if ($pos1 === false) |
||
435 | break; |
||
436 | elseif ($pos2 === false || $pos2 > $pos1) |
||
437 | { |
||
438 | $pos = $pos1; |
||
439 | break; |
||
440 | } |
||
441 | |||
442 | $pos = $pos2 + 1; |
||
443 | } |
||
444 | $clean .= ' %s '; |
||
445 | |||
446 | $old_pos = $pos + 1; |
||
447 | } |
||
448 | $clean .= substr($db_string_1, $old_pos); |
||
449 | $clean = trim(strtolower(preg_replace($allowed_comments_from, $allowed_comments_to, $clean))); |
||
450 | |||
451 | // Comments? We don't use comments in our queries, we leave 'em outside! |
||
452 | if (strpos($clean, '/*') > 2 || strpos($clean, '--') !== false || strpos($clean, ';') !== false) |
||
453 | $fail = true; |
||
454 | // Trying to change passwords, slow us down, or something? |
||
455 | elseif (strpos($clean, 'sleep') !== false && preg_match('~(^|[^a-z])sleep($|[^[_a-z])~s', $clean) != 0) |
||
456 | $fail = true; |
||
457 | elseif (strpos($clean, 'benchmark') !== false && preg_match('~(^|[^a-z])benchmark($|[^[a-z])~s', $clean) != 0) |
||
458 | $fail = true; |
||
459 | |||
460 | if (!empty($fail) && function_exists('log_error')) |
||
461 | smf_db_error_backtrace('No direct access...', 'No direct access...' . "\n" . $db_string, E_USER_ERROR, __FILE__, __LINE__); |
||
462 | } |
||
463 | |||
464 | // Debugging. |
||
465 | if (isset($db_show_debug) && $db_show_debug === true) |
||
466 | { |
||
467 | // Get the file and line number this function was called. |
||
468 | list ($file, $line) = smf_db_error_backtrace('', '', 'return', __FILE__, __LINE__); |
||
469 | |||
470 | // Initialize $db_cache if not already initialized. |
||
471 | if (!isset($db_cache)) |
||
472 | $db_cache = array(); |
||
473 | |||
474 | if (!empty($_SESSION['debug_redirect'])) |
||
475 | { |
||
476 | $db_cache = array_merge($_SESSION['debug_redirect'], $db_cache); |
||
477 | $db_count = count($db_cache) + 1; |
||
478 | $_SESSION['debug_redirect'] = array(); |
||
479 | } |
||
480 | |||
481 | // Don't overload it. |
||
482 | $db_cache[$db_count]['q'] = $db_count < 50 ? $db_string : '...'; |
||
483 | $db_cache[$db_count]['f'] = $file; |
||
484 | $db_cache[$db_count]['l'] = $line; |
||
485 | $db_cache[$db_count]['s'] = ($st = microtime(true)) - TIME_START; |
||
486 | } |
||
487 | |||
488 | if (empty($db_unbuffered)) |
||
489 | $ret = @mysqli_query($connection, $db_string); |
||
490 | else |
||
491 | $ret = @mysqli_query($connection, $db_string, MYSQLI_USE_RESULT); |
||
492 | |||
493 | if ($ret === false && empty($db_values['db_error_skip'])) |
||
494 | $ret = smf_db_error($db_string, $connection); |
||
495 | |||
496 | // Debugging. |
||
497 | if (isset($db_show_debug) && $db_show_debug === true) |
||
498 | $db_cache[$db_count]['t'] = microtime(true) - $st; |
||
499 | |||
500 | return $ret; |
||
501 | } |
||
502 | |||
503 | /** |
||
504 | * affected_rows |
||
505 | * |
||
506 | * @param resource $connection A connection to use (if null, $db_connection is used) |
||
507 | * @return int The number of rows affected by the last query |
||
508 | */ |
||
509 | function smf_db_affected_rows($connection = null) |
||
510 | { |
||
511 | global $db_connection; |
||
512 | |||
513 | return mysqli_affected_rows($connection === null ? $db_connection : $connection); |
||
514 | } |
||
515 | |||
516 | /** |
||
517 | * Gets the ID of the most recently inserted row. |
||
518 | * |
||
519 | * @param string $table The table (only used for Postgres) |
||
520 | * @param string $field = null The specific field (not used here) |
||
521 | * @param resource $connection = null The connection (if null, $db_connection is used) |
||
522 | * @return int The ID of the most recently inserted row |
||
523 | */ |
||
524 | function smf_db_insert_id($table, $field = null, $connection = null) |
||
525 | { |
||
526 | global $db_connection; |
||
527 | |||
528 | // MySQL doesn't need the table or field information. |
||
529 | return mysqli_insert_id($connection === null ? $db_connection : $connection); |
||
530 | } |
||
531 | |||
532 | /** |
||
533 | * Do a transaction. |
||
534 | * |
||
535 | * @param string $type The step to perform (i.e. 'begin', 'commit', 'rollback') |
||
536 | * @param resource $connection The connection to use (if null, $db_connection is used) |
||
537 | * @return bool True if successful, false otherwise |
||
538 | */ |
||
539 | function smf_db_transaction($type = 'commit', $connection = null) |
||
540 | { |
||
541 | global $db_connection; |
||
542 | |||
543 | // Decide which connection to use |
||
544 | $connection = $connection === null ? $db_connection : $connection; |
||
545 | |||
546 | if ($type == 'begin') |
||
547 | return @mysqli_query($connection, 'BEGIN'); |
||
548 | elseif ($type == 'rollback') |
||
549 | return @mysqli_query($connection, 'ROLLBACK'); |
||
550 | elseif ($type == 'commit') |
||
551 | return @mysqli_query($connection, 'COMMIT'); |
||
552 | |||
553 | return false; |
||
554 | } |
||
555 | |||
556 | /** |
||
557 | * Database error! |
||
558 | * Backtrace, log, try to fix. |
||
559 | * |
||
560 | * @param string $db_string The DB string |
||
561 | * @param object $connection The connection to use (if null, $db_connection is used) |
||
562 | */ |
||
563 | function smf_db_error($db_string, $connection = null) |
||
564 | { |
||
565 | global $txt, $context, $sourcedir, $webmaster_email, $modSettings; |
||
566 | global $db_connection, $db_last_error, $db_persist, $cache_enable; |
||
567 | global $db_server, $db_user, $db_passwd, $db_name, $db_show_debug, $ssi_db_user, $ssi_db_passwd; |
||
568 | global $smcFunc; |
||
569 | |||
570 | // Get the file and line numbers. |
||
571 | list ($file, $line) = smf_db_error_backtrace('', '', 'return', __FILE__, __LINE__); |
||
572 | |||
573 | // Decide which connection to use |
||
574 | $connection = $connection === null ? $db_connection : $connection; |
||
575 | |||
576 | // This is the error message... |
||
577 | $query_error = mysqli_error($connection); |
||
578 | $query_errno = mysqli_errno($connection); |
||
579 | |||
580 | // Error numbers: |
||
581 | // 1016: Can't open file '....MYI' |
||
582 | // 1030: Got error ??? from table handler. |
||
583 | // 1034: Incorrect key file for table. |
||
584 | // 1035: Old key file for table. |
||
585 | // 1205: Lock wait timeout exceeded. |
||
586 | // 1213: Deadlock found. |
||
587 | |||
588 | // Log the error. |
||
589 | if ($query_errno != 1213 && $query_errno != 1205 && function_exists('log_error')) |
||
590 | log_error($txt['database_error'] . ': ' . $query_error . (!empty($modSettings['enableErrorQueryLogging']) ? "\n\n$db_string" : ''), 'database', $file, $line); |
||
591 | |||
592 | // Database error auto fixing ;). |
||
593 | if (function_exists('cache_get_data') && (!isset($modSettings['autoFixDatabase']) || $modSettings['autoFixDatabase'] == '1')) |
||
594 | { |
||
595 | // Force caching on, just for the error checking. |
||
596 | $old_cache = @$cache_enable; |
||
597 | $cache_enable = '1'; |
||
598 | |||
599 | if (($temp = cache_get_data('db_last_error', 600)) !== null) |
||
600 | $db_last_error = max(@$db_last_error, $temp); |
||
601 | |||
602 | if (@$db_last_error < time() - 3600 * 24 * 3) |
||
603 | { |
||
604 | // We know there's a problem... but what? Try to auto detect. |
||
605 | if ($query_errno == 1030 && strpos($query_error, ' 127 ') !== false) |
||
606 | { |
||
607 | preg_match_all('~(?:[\n\r]|^)[^\']+?(?:FROM|JOIN|UPDATE|TABLE) ((?:[^\n\r(]+?(?:, )?)*)~s', $db_string, $matches); |
||
608 | |||
609 | $fix_tables = array(); |
||
610 | foreach ($matches[1] as $tables) |
||
611 | { |
||
612 | $tables = array_unique(explode(',', $tables)); |
||
613 | foreach ($tables as $table) |
||
614 | { |
||
615 | // Now, it's still theoretically possible this could be an injection. So backtick it! |
||
616 | if (trim($table) != '') |
||
617 | $fix_tables[] = '`' . strtr(trim($table), array('`' => '')) . '`'; |
||
618 | } |
||
619 | } |
||
620 | |||
621 | $fix_tables = array_unique($fix_tables); |
||
622 | } |
||
623 | // Table crashed. Let's try to fix it. |
||
624 | elseif ($query_errno == 1016) |
||
625 | { |
||
626 | if (preg_match('~\'([^\.\']+)~', $query_error, $match) != 0) |
||
627 | $fix_tables = array('`' . $match[1] . '`'); |
||
628 | } |
||
629 | // Indexes crashed. Should be easy to fix! |
||
630 | elseif ($query_errno == 1034 || $query_errno == 1035) |
||
631 | { |
||
632 | preg_match('~\'([^\']+?)\'~', $query_error, $match); |
||
633 | $fix_tables = array('`' . $match[1] . '`'); |
||
634 | } |
||
635 | } |
||
636 | |||
637 | // Check for errors like 145... only fix it once every three days, and send an email. (can't use empty because it might not be set yet...) |
||
638 | if (!empty($fix_tables)) |
||
639 | { |
||
640 | // Subs-Admin.php for updateSettingsFile(), Subs-Post.php for sendmail(). |
||
641 | require_once($sourcedir . '/Subs-Admin.php'); |
||
642 | require_once($sourcedir . '/Subs-Post.php'); |
||
643 | |||
644 | // Make a note of the REPAIR... |
||
645 | cache_put_data('db_last_error', time(), 600); |
||
646 | if (($temp = cache_get_data('db_last_error', 600)) === null) |
||
647 | updateSettingsFile(array('db_last_error' => time())); |
||
648 | |||
649 | // Attempt to find and repair the broken table. |
||
650 | foreach ($fix_tables as $table) |
||
651 | $smcFunc['db_query']('', " |
||
652 | REPAIR TABLE $table", false, false); |
||
653 | |||
654 | // And send off an email! |
||
655 | sendmail($webmaster_email, $txt['database_error'], $txt['tried_to_repair'], null, 'dberror'); |
||
656 | |||
657 | $cache_enable = $old_cache; |
||
658 | |||
659 | // Try the query again...? |
||
660 | $ret = $smcFunc['db_query']('', $db_string, false, false); |
||
661 | if ($ret !== false) |
||
662 | return $ret; |
||
663 | } |
||
664 | else |
||
665 | $cache_enable = $old_cache; |
||
666 | |||
667 | // Check for the "lost connection" or "deadlock found" errors - and try it just one more time. |
||
668 | if (in_array($query_errno, array(1205, 1213))) |
||
669 | { |
||
670 | if ($db_connection) |
||
671 | { |
||
672 | // Try a deadlock more than once more. |
||
673 | for ($n = 0; $n < 4; $n++) |
||
674 | { |
||
675 | $ret = $smcFunc['db_query']('', $db_string, false, false); |
||
676 | |||
677 | $new_errno = mysqli_errno($db_connection); |
||
678 | if ($ret !== false || in_array($new_errno, array(1205, 1213))) |
||
679 | break; |
||
680 | } |
||
681 | |||
682 | // If it failed again, shucks to be you... we're not trying it over and over. |
||
683 | if ($ret !== false) |
||
684 | return $ret; |
||
685 | } |
||
686 | } |
||
687 | // Are they out of space, perhaps? |
||
688 | elseif ($query_errno == 1030 && (strpos($query_error, ' -1 ') !== false || strpos($query_error, ' 28 ') !== false || strpos($query_error, ' 12 ') !== false)) |
||
689 | { |
||
690 | if (!isset($txt)) |
||
691 | $query_error .= ' - check database storage space.'; |
||
692 | else |
||
693 | { |
||
694 | if (!isset($txt['mysql_error_space'])) |
||
695 | loadLanguage('Errors'); |
||
696 | |||
697 | $query_error .= !isset($txt['mysql_error_space']) ? ' - check database storage space.' : $txt['mysql_error_space']; |
||
698 | } |
||
699 | } |
||
700 | } |
||
701 | |||
702 | // Nothing's defined yet... just die with it. |
||
703 | if (empty($context) || empty($txt)) |
||
704 | die($query_error); |
||
705 | |||
706 | // Show an error message, if possible. |
||
707 | $context['error_title'] = $txt['database_error']; |
||
708 | if (allowedTo('admin_forum')) |
||
709 | $context['error_message'] = nl2br($query_error) . '<br>' . $txt['file'] . ': ' . $file . '<br>' . $txt['line'] . ': ' . $line; |
||
710 | else |
||
711 | $context['error_message'] = $txt['try_again']; |
||
712 | |||
713 | if (allowedTo('admin_forum') && isset($db_show_debug) && $db_show_debug === true) |
||
714 | { |
||
715 | $context['error_message'] .= '<br><br>' . nl2br($db_string); |
||
716 | } |
||
717 | |||
718 | // It's already been logged... don't log it again. |
||
719 | fatal_error($context['error_message'], false); |
||
720 | } |
||
721 | |||
722 | /** |
||
723 | * Inserts data into a table |
||
724 | * |
||
725 | * @param string $method The insert method - can be 'replace', 'ignore' or 'insert' |
||
726 | * @param string $table The table we're inserting the data into |
||
727 | * @param array $columns An array of the columns we're inserting the data into. Should contain 'column' => 'datatype' pairs |
||
728 | * @param array $data The data to insert |
||
729 | * @param array $keys The keys for the table, needs to be not empty on replace mode |
||
730 | * @param int returnmode 0 = nothing(default), 1 = last row id, 2 = all rows id as array |
||
731 | * @param object $connection The connection to use (if null, $db_connection is used) |
||
732 | * @return mixed value of the first key, behavior based on returnmode. null if no data. |
||
733 | */ |
||
734 | function smf_db_insert($method, $table, $columns, $data, $keys, $returnmode = 0, $connection = null) |
||
735 | { |
||
736 | global $smcFunc, $db_connection, $db_prefix; |
||
737 | |||
738 | $connection = $connection === null ? $db_connection : $connection; |
||
739 | |||
740 | $return_var = null; |
||
741 | |||
742 | // With nothing to insert, simply return. |
||
743 | if (empty($table) || empty($data)) |
||
744 | return; |
||
745 | |||
746 | // Force method to lower case |
||
747 | $method = strtolower($method); |
||
748 | |||
749 | // Replace the prefix holder with the actual prefix. |
||
750 | $table = str_replace('{db_prefix}', $db_prefix, $table); |
||
751 | |||
752 | $with_returning = false; |
||
753 | |||
754 | if (!empty($keys) && (count($keys) > 0) && $returnmode > 0) |
||
755 | { |
||
756 | $with_returning = true; |
||
757 | if ($returnmode == 2) |
||
758 | $return_var = array(); |
||
759 | } |
||
760 | |||
761 | // Inserting data as a single row can be done as a single array. |
||
762 | if (!is_array($data[array_rand($data)])) |
||
763 | $data = array($data); |
||
764 | |||
765 | // Create the mold for a single row insert. |
||
766 | $insertData = '('; |
||
767 | foreach ($columns as $columnName => $type) |
||
768 | { |
||
769 | // Are we restricting the length? |
||
770 | if (strpos($type, 'string-') !== false) |
||
771 | $insertData .= sprintf('SUBSTRING({string:%1$s}, 1, ' . substr($type, 7) . '), ', $columnName); |
||
772 | else |
||
773 | $insertData .= sprintf('{%1$s:%2$s}, ', $type, $columnName); |
||
774 | } |
||
775 | $insertData = substr($insertData, 0, -2) . ')'; |
||
776 | |||
777 | // Create an array consisting of only the columns. |
||
778 | $indexed_columns = array_keys($columns); |
||
779 | |||
780 | // Here's where the variables are injected to the query. |
||
781 | $insertRows = array(); |
||
782 | foreach ($data as $dataRow) |
||
783 | $insertRows[] = smf_db_quote($insertData, array_combine($indexed_columns, $dataRow), $connection); |
||
784 | |||
785 | // Determine the method of insertion. |
||
786 | $queryTitle = $method == 'replace' ? 'REPLACE' : ($method == 'ignore' ? 'INSERT IGNORE' : 'INSERT'); |
||
787 | |||
788 | // Sanity check for replace is key part of the columns array |
||
789 | if ($method == 'replace') |
||
790 | { |
||
791 | if (empty($keys)) |
||
792 | smf_db_error_backtrace('When using the replace mode, the key column is a required entry.', |
||
793 | 'Change the method of db insert to insert or add the pk field to the key array', E_USER_ERROR, __FILE__, __LINE__); |
||
794 | if (count(array_intersect_key($columns, array_flip($keys))) !== count($keys)) |
||
795 | smf_db_error_backtrace('Primary Key field missing in insert call', |
||
796 | 'Change the method of db insert to insert or add the pk field to the columns array', E_USER_ERROR, __FILE__, __LINE__); |
||
797 | } |
||
798 | |||
799 | if (!$with_returning || $method != 'ignore') |
||
800 | { |
||
801 | // Do the insert. |
||
802 | $smcFunc['db_query']('', ' |
||
803 | ' . $queryTitle . ' INTO ' . $table . '(`' . implode('`, `', $indexed_columns) . '`) |
||
804 | VALUES |
||
805 | ' . implode(', |
||
806 | ', $insertRows), |
||
807 | array( |
||
808 | 'security_override' => true, |
||
809 | 'db_error_skip' => $table === $db_prefix . 'log_errors', |
||
810 | ), |
||
811 | $connection |
||
812 | ); |
||
813 | } |
||
814 | // Special way for ignore method with returning |
||
815 | else |
||
816 | { |
||
817 | $count = count($insertRows); |
||
818 | $ai = 0; |
||
819 | for ($i = 0; $i < $count; $i++) |
||
820 | { |
||
821 | $old_id = $smcFunc['db_insert_id']($table); |
||
822 | |||
823 | $smcFunc['db_query']('', ' |
||
824 | ' . $queryTitle . ' INTO ' . $table . '(`' . implode('`, `', $indexed_columns) . '`) |
||
825 | VALUES |
||
826 | ' . $insertRows[$i], |
||
827 | array( |
||
828 | 'security_override' => true, |
||
829 | 'db_error_skip' => $table === $db_prefix . 'log_errors', |
||
830 | ), |
||
831 | $connection |
||
832 | ); |
||
833 | $new_id = $smcFunc['db_insert_id']($table); |
||
834 | |||
835 | // the inserted value was new |
||
836 | if ($old_id != $new_id) |
||
837 | { |
||
838 | $ai = $new_id; |
||
839 | } |
||
840 | // the inserted value already exists we need to find the pk |
||
841 | else |
||
842 | { |
||
843 | $where_string = ''; |
||
844 | $count2 = count($keys); |
||
845 | for ($x = 0; $x < $count2; $x++) |
||
846 | { |
||
847 | $keyPos = array_search($keys[$x], array_keys($columns)); |
||
848 | $where_string .= $keys[$x] . ' = ' . $data[$i][$keyPos]; |
||
849 | if (($x + 1) < $count2) |
||
850 | $where_string .= ' AND '; |
||
851 | } |
||
852 | |||
853 | $request = $smcFunc['db_query']('', ' |
||
854 | SELECT `' . $keys[0] . '` FROM ' . $table . ' |
||
855 | WHERE ' . $where_string . ' LIMIT 1', |
||
856 | array() |
||
857 | ); |
||
858 | |||
859 | if ($request !== false && $smcFunc['db_num_rows']($request) == 1) |
||
860 | { |
||
861 | $row = $smcFunc['db_fetch_assoc']($request); |
||
862 | $ai = $row[$keys[0]]; |
||
863 | } |
||
864 | } |
||
865 | |||
866 | if ($returnmode == 1) |
||
867 | $return_var = $ai; |
||
868 | elseif ($returnmode == 2) |
||
869 | $return_var[] = $ai; |
||
870 | } |
||
871 | } |
||
872 | |||
873 | if ($with_returning) |
||
874 | { |
||
875 | if ($returnmode == 1 && empty($return_var)) |
||
876 | $return_var = smf_db_insert_id($table, $keys[0]) + count($insertRows) - 1; |
||
877 | elseif ($returnmode == 2 && empty($return_var)) |
||
878 | { |
||
879 | $return_var = array(); |
||
880 | $count = count($insertRows); |
||
881 | $start = smf_db_insert_id($table, $keys[0]); |
||
882 | for ($i = 0; $i < $count; $i++) |
||
883 | $return_var[] = $start + $i; |
||
884 | } |
||
885 | return $return_var; |
||
886 | } |
||
887 | } |
||
888 | |||
889 | /** |
||
890 | * This function tries to work out additional error information from a back trace. |
||
891 | * |
||
892 | * @param string $error_message The error message |
||
893 | * @param string $log_message The message to log |
||
894 | * @param string|bool $error_type What type of error this is |
||
895 | * @param string $file The file the error occurred in |
||
896 | * @param int $line What line of $file the code which generated the error is on |
||
897 | * @return void|array Returns an array with the file and line if $error_type is 'return' |
||
898 | */ |
||
899 | function smf_db_error_backtrace($error_message, $log_message = '', $error_type = false, $file = null, $line = null) |
||
900 | { |
||
901 | if (empty($log_message)) |
||
902 | $log_message = $error_message; |
||
903 | |||
904 | foreach (debug_backtrace() as $step) |
||
905 | { |
||
906 | // Found it? |
||
907 | if (strpos($step['function'], 'query') === false && !in_array(substr($step['function'], 0, 7), array('smf_db_', 'preg_re', 'db_erro', 'call_us')) && strpos($step['function'], '__') !== 0) |
||
908 | { |
||
909 | $log_message .= '<br>Function: ' . $step['function']; |
||
910 | break; |
||
911 | } |
||
912 | |||
913 | if (isset($step['line'])) |
||
914 | { |
||
915 | $file = $step['file']; |
||
916 | $line = $step['line']; |
||
917 | } |
||
918 | } |
||
919 | |||
920 | // A special case - we want the file and line numbers for debugging. |
||
921 | if ($error_type == 'return') |
||
922 | return array($file, $line); |
||
923 | |||
924 | // Is always a critical error. |
||
925 | if (function_exists('log_error')) |
||
926 | log_error($log_message, 'critical', $file, $line); |
||
927 | |||
928 | if (function_exists('fatal_error')) |
||
929 | { |
||
930 | fatal_error($error_message, false); |
||
931 | |||
932 | // Cannot continue... |
||
933 | exit; |
||
934 | } |
||
935 | elseif ($error_type) |
||
936 | trigger_error($error_message . ($line !== null ? '<em>(' . basename($file) . '-' . $line . ')</em>' : ''), $error_type); |
||
937 | else |
||
938 | trigger_error($error_message . ($line !== null ? '<em>(' . basename($file) . '-' . $line . ')</em>' : '')); |
||
939 | } |
||
940 | |||
941 | /** |
||
942 | * Escape the LIKE wildcards so that they match the character and not the wildcard. |
||
943 | * |
||
944 | * @param string $string The string to escape |
||
945 | * @param bool $translate_human_wildcards If true, turns human readable wildcards into SQL wildcards. |
||
946 | * @return string The escaped string |
||
947 | */ |
||
948 | function smf_db_escape_wildcard_string($string, $translate_human_wildcards = false) |
||
949 | { |
||
950 | $replacements = array( |
||
951 | '%' => '\%', |
||
952 | '_' => '\_', |
||
953 | '\\' => '\\\\', |
||
954 | ); |
||
955 | |||
956 | if ($translate_human_wildcards) |
||
957 | $replacements += array( |
||
958 | '*' => '%', |
||
959 | ); |
||
960 | |||
961 | return strtr($string, $replacements); |
||
962 | } |
||
963 | |||
964 | /** |
||
965 | * Validates whether the resource is a valid mysqli instance. |
||
966 | * Mysqli uses objects rather than resource. https://bugs.php.net/bug.php?id=42797 |
||
967 | * |
||
968 | * @param mixed $result The string to test |
||
969 | * @return bool True if it is, false otherwise |
||
970 | */ |
||
971 | function smf_is_resource($result) |
||
972 | { |
||
973 | if ($result instanceof mysqli_result) |
||
974 | return true; |
||
975 | |||
976 | return false; |
||
977 | } |
||
978 | |||
979 | /** |
||
980 | * Fetches all rows from a result as an array |
||
981 | * |
||
982 | * @param resource $request A MySQL result resource |
||
983 | * @return array An array that contains all rows (records) in the result resource |
||
984 | */ |
||
985 | function smf_db_fetch_all($request) |
||
986 | { |
||
987 | // Return the right row. |
||
988 | if (function_exists('mysqli_fetch_all')) |
||
989 | $return = mysqli_fetch_all($request, MYSQLI_ASSOC); |
||
990 | else |
||
991 | { |
||
992 | $return = array(); |
||
993 | while($row = mysqli_fetch_assoc($request)) |
||
994 | $return[] = $row; |
||
995 | } |
||
996 | return !empty($return) ? $return : array(); |
||
997 | } |
||
998 | |||
999 | /** |
||
1000 | * Function to save errors in database in a safe way |
||
1001 | * |
||
1002 | * @param array with keys in this order id_member, log_time, ip, url, message, session, error_type, file, line |
||
1003 | * @return void |
||
1004 | */ |
||
1005 | function smf_db_error_insert($error_array) |
||
1006 | { |
||
1007 | global $db_prefix, $db_connection; |
||
1008 | static $mysql_error_data_prep; |
||
1009 | |||
1010 | // without database we can't do anything |
||
1011 | if (empty($db_connection)) |
||
1012 | return; |
||
1013 | |||
1014 | if (empty($mysql_error_data_prep)) |
||
1015 | $mysql_error_data_prep = mysqli_prepare($db_connection, |
||
1016 | 'INSERT INTO ' . $db_prefix . 'log_errors |
||
1017 | (id_member, log_time, ip, url, message, session, error_type, file, line, backtrace) |
||
1018 | VALUES( ?, ?, unhex(?), ?, ?, ?, ?, ?, ?, ?)' |
||
1019 | ); |
||
1020 | |||
1021 | if (filter_var($error_array[2], FILTER_VALIDATE_IP) !== false) |
||
1022 | $error_array[2] = bin2hex(inet_pton($error_array[2])); |
||
1023 | else |
||
1024 | $error_array[2] = null; |
||
1025 | mysqli_stmt_bind_param($mysql_error_data_prep, 'iissssssis', |
||
1026 | $error_array[0], $error_array[1], $error_array[2], $error_array[3], $error_array[4], $error_array[5], $error_array[6], |
||
1027 | $error_array[7], $error_array[8], $error_array[9]); |
||
1028 | mysqli_stmt_execute($mysql_error_data_prep); |
||
1029 | } |
||
1030 | |||
1031 | /** |
||
1032 | * Function which constructs an optimize custom order string |
||
1033 | * as an improved alternative to find_in_set() |
||
1034 | * |
||
1035 | * @param string $field name |
||
1036 | * @param array $array_values Field values sequenced in array via order priority. Must cast to int. |
||
1037 | * @param boolean $desc default false |
||
1038 | * @return string case field when ... then ... end |
||
1039 | */ |
||
1040 | function smf_db_custom_order($field, $array_values, $desc = false) |
||
1041 | { |
||
1042 | $return = 'CASE ' . $field . ' '; |
||
1043 | $count = count($array_values); |
||
1044 | $then = ($desc ? ' THEN -' : ' THEN '); |
||
1045 | |||
1046 | for ($i = 0; $i < $count; $i++) |
||
1047 | $return .= 'WHEN ' . (int) $array_values[$i] . $then . $i . ' '; |
||
1048 | |||
1049 | $return .= 'END'; |
||
1050 | return $return; |
||
1051 | } |
||
1052 | |||
1053 | /** |
||
1054 | * Function which return the information if the database supports native replace inserts |
||
1055 | * |
||
1056 | * @return boolean true or false |
||
1057 | */ |
||
1058 | function smf_db_native_replace() |
||
1059 | { |
||
1060 | return true; |
||
1061 | } |
||
1062 | |||
1063 | /** |
||
1064 | * Function which return the information if the database supports cte with recursive |
||
1065 | * |
||
1066 | * @return boolean true or false |
||
1067 | */ |
||
1068 | function smf_db_cte_support() |
||
1069 | { |
||
1070 | global $smcFunc; |
||
1071 | static $return; |
||
1072 | |||
1073 | if (isset($return)) |
||
1074 | return $return; |
||
1075 | |||
1076 | db_extend('extra'); |
||
1077 | |||
1078 | $version = $smcFunc['db_get_version'](); |
||
1079 | |||
1080 | if (strpos(strtolower($version), 'mariadb') !== false) |
||
1081 | $return = version_compare($version, '10.2.2', '>='); |
||
1082 | else //mysql |
||
1083 | $return = version_compare($version, '8.0.1', '>='); |
||
1084 | |||
1085 | return $return; |
||
1086 | } |
||
1087 | |||
1088 | /** |
||
1089 | * Function which return the escaped string |
||
1090 | * |
||
1091 | * @param string the unescaped text |
||
1092 | * @param resource $connection = null The connection to use (null to use $db_connection) |
||
1093 | * @return string escaped string |
||
1094 | */ |
||
1095 | function smf_db_escape_string($string, $connection = null) |
||
1096 | { |
||
1097 | global $db_connection; |
||
1098 | |||
1099 | return mysqli_real_escape_string($connection === null ? $db_connection : $connection, $string); |
||
1100 | } |
||
1101 | |||
1102 | ?> |