YOURLS / YOURLS

includes/ezSQL/ez_sql_mysql.php

<?php

	/**********************************************************************
	*  Author: Justin Vincent (jv@jvmultimedia.com)
	*  Web...: http://twitter.com/justinvincent
	*  Name..: ezSQL_mysql
	*  Desc..: mySQL component (part of ezSQL databse abstraction library)
	*
	*/

	/**********************************************************************
	*  ezSQL error strings - mySQL
	*/
    
    global $ezsql_mysql_str;

	$ezsql_mysql_str = array
	(
		1 => 'Require $dbuser and $dbpassword to connect to a database server',
		2 => 'Error establishing mySQL database connection. Correct user/password? Correct hostname? Database server running?',
		3 => 'Require $dbname to select a database',
		4 => 'mySQL database connection is not active',
		5 => 'Unexpected error while trying to select database'
	);

	/**********************************************************************
	*  ezSQL Database specific class - mySQL
	*/

	if ( ! function_exists ('mysql_connect') ) die('<b>Fatal Error:</b> ezSQL_mysql requires mySQL Lib to be compiled and or linked in to the PHP engine');
	if ( ! class_exists ('ezSQLcore') ) die('<b>Fatal Error:</b> ezSQL_mysql requires ezSQLcore (ez_sql_core.php) to be included/loaded before it can be used');

	class ezSQL_mysql extends ezSQLcore
	{

		var $dbuser = false;
		var $dbpassword = false;
		var $dbname = false;
		var $dbhost = false;
		var $encoding = false;
		var $rows_affected = false;

		/**********************************************************************
		*  Constructor - allow the user to perform a qucik connect at the
		*  same time as initialising the ezSQL_mysql class
		*/

		function __construct($dbuser='', $dbpassword='', $dbname='', $dbhost='localhost', $encoding='')

This method seems to be duplicated in your project.

It is generally recommended to explicitly declare the visibility for methods.

		{
			$this->dbuser = $dbuser;

The property $dbuser was declared of type boolean, but $dbuser is of type string. Maybe add a type cast?

			$this->dbpassword = $dbpassword;

The property $dbpassword was declared of type boolean, but $dbpassword is of type string. Maybe add a type cast?

			$this->dbname = $dbname;

The property $dbname was declared of type boolean, but $dbname is of type string. Maybe add a type cast?

			$this->dbhost = $dbhost;

The property $dbhost was declared of type boolean, but $dbhost is of type string. Maybe add a type cast?

			$this->encoding = $encoding;

The property $encoding was declared of type boolean, but $encoding is of type string. Maybe add a type cast?

		}

		/**********************************************************************
		*  Short hand way to connect to mySQL database server
		*  and select a mySQL database at the same time
		*/

		function quick_connect($dbuser='', $dbpassword='', $dbname='', $dbhost='localhost', $encoding='')

It is generally recommended to explicitly declare the visibility for methods.

This method seems to be duplicated in your project.

		{
			$return_val = false;
			if ( ! $this->connect($dbuser, $dbpassword, $dbhost,true) ) ;

The call to ezSQL_mysql::connect() has too many arguments starting with true.

			else if ( ! $this->select($dbname,$encoding) ) ;
			else $return_val = true;
			return $return_val;
		}

		/**********************************************************************
		*  Try to connect to mySQL database server
		*/

		function connect($dbuser='', $dbpassword='', $dbhost='localhost')

It is generally recommended to explicitly declare the visibility for methods.

		{
			global $ezsql_mysql_str; $return_val = false;
			
			// Keep track of how long the DB takes to connect
			$this->timer_start('db_connect_time');

			// Must have a user and a password
			if ( ! $dbuser )
			{
				$this->register_error($ezsql_mysql_str[1].' in '.__FILE__.' on line '.__LINE__);
				$this->show_errors ? trigger_error($ezsql_mysql_str[1],E_USER_WARNING) : null;
			}
			// Try to establish the server database handle
			else if ( ! $this->dbh = @mysql_connect($dbhost,$dbuser,$dbpassword,true,131074) )

The property dbh does not exist. Did you maybe forget to declare it?

			{
				$this->register_error($ezsql_mysql_str[2].' in '.__FILE__.' on line '.__LINE__);
				$this->show_errors ? trigger_error($ezsql_mysql_str[2],E_USER_WARNING) : null;
			}
			else

This code seems to be duplicated across your project.

			{
				$this->dbuser = $dbuser;

The property $dbuser was declared of type boolean, but $dbuser is of type string. Maybe add a type cast?

				$this->dbpassword = $dbpassword;

The property $dbpassword was declared of type boolean, but $dbpassword is of type string. Maybe add a type cast?

				$this->dbhost = $dbhost;

The property $dbhost was declared of type boolean, but $dbhost is of type string. Maybe add a type cast?

				$return_val = true;
			}

			return $return_val;
		}

		/**********************************************************************
		*  Try to select a mySQL database
		*/

		function select($dbname='', $encoding='')

It is generally recommended to explicitly declare the visibility for methods.

		{
			global $ezsql_mysql_str; $return_val = false;

			// Must have a database name
			if ( ! $dbname )
			{
				$this->register_error($ezsql_mysql_str[3].' in '.__FILE__.' on line '.__LINE__);
				$this->show_errors ? trigger_error($ezsql_mysql_str[3],E_USER_WARNING) : null;
			}

			// Must have an active database connection
			else if ( ! $this->dbh )
			{
				$this->register_error($ezsql_mysql_str[4].' in '.__FILE__.' on line '.__LINE__);
				$this->show_errors ? trigger_error($ezsql_mysql_str[4],E_USER_WARNING) : null;
			}

			// Try to connect to the database
			else if ( !@mysql_select_db($dbname,$this->dbh) )
			{
				// Try to get error supplied by mysql if not use our own
				if ( !$str = @mysql_error($this->dbh))
					  $str = $ezsql_mysql_str[5];

				$this->register_error($str.' in '.__FILE__.' on line '.__LINE__);
				$this->show_errors ? trigger_error($str,E_USER_WARNING) : null;
			}
			else
			{
				$this->dbname = $dbname;

The property $dbname was declared of type boolean, but $dbname is of type string. Maybe add a type cast?

                if ( $encoding == '') $encoding = $this->encoding;
				if($encoding!='')
				{
					$encoding = strtolower(str_replace("-","",$encoding));
					$charsets = array();
					$result = mysql_query("SHOW CHARACTER SET");
					while($row = mysql_fetch_array($result,MYSQL_ASSOC))
					{
						$charsets[] = $row["Charset"];
					}
					if(in_array($encoding,$charsets)){
						mysql_query("SET NAMES '".$encoding."'");						
					}
				}
				
				$return_val = true;
			}

			return $return_val;
		}

		/**********************************************************************
		*  Format a mySQL string correctly for safe mySQL insert
		*  (no mater if magic quotes are on or not)
		*/

		function escape($str)

It is generally recommended to explicitly declare the visibility for methods.

		{
			// If there is no existing database connection then try to connect
			if ( ! isset($this->dbh) || ! $this->dbh )
			{
				$this->connect($this->dbuser, $this->dbpassword, $this->dbhost);

$this->dbuser is of type boolean, but the function expects a string.

$this->dbpassword is of type boolean, but the function expects a string.

$this->dbhost is of type boolean, but the function expects a string.

				$this->select($this->dbname, $this->encoding);

$this->dbname is of type boolean, but the function expects a string.

$this->encoding is of type boolean, but the function expects a string.

			}

			return mysql_real_escape_string(stripslashes($str));
		}

		/**********************************************************************
		*  Return mySQL specific system date syntax
		*  i.e. Oracle: SYSDATE Mysql: NOW()
		*/

		function sysdate()

It is generally recommended to explicitly declare the visibility for methods.

		{
			return 'NOW()';
		}

		/**********************************************************************
		*  Perform mySQL query and try to detirmin result value
		*/

		function query($query)

It is generally recommended to explicitly declare the visibility for methods.

		{

			// This keeps the connection alive for very long running scripts
			if ( $this->num_queries >= 500 )

This code seems to be duplicated across your project.

			{
				$this->num_queries = 0;
				$this->disconnect();
				$this->quick_connect($this->dbuser,$this->dbpassword,$this->dbname,$this->dbhost,$this->encoding);

$this->dbuser is of type boolean, but the function expects a string.

$this->dbpassword is of type boolean, but the function expects a string.

$this->dbname is of type boolean, but the function expects a string.

$this->dbhost is of type boolean, but the function expects a string.

$this->encoding is of type boolean, but the function expects a string.

			}

			// Initialise return
			$return_val = 0;

$return_val is not used, you could remove the assignment.

			// Flush cached values..
			$this->flush();

			// For reg expressions
			$query = trim($query);

			// Log how the function was called
			$this->func_call = "\$db->query(\"$query\")";

The property func_call does not exist. Did you maybe forget to declare it?

			// Keep track of the last query for debug..
			$this->last_query = $query;

			// Count how many queries there have been
			$this->num_queries++;
			
			// Start timer
			$this->timer_start($this->num_queries);

			// Use core file cache function
			if ( $cache = $this->get_cache($query) )

This code seems to be duplicated across your project.

			{
				// Keep tack of how long all queries have taken
				$this->timer_update_global($this->num_queries);

				// Trace all queries
				if ( $this->use_trace_log )
				{
					$this->trace_log[] = $this->debug(false);
				}
				
				return $cache;
			}

			// If there is no existing database connection then try to connect
			if ( ! isset($this->dbh) || ! $this->dbh )

This code seems to be duplicated across your project.

			{
				$this->connect($this->dbuser, $this->dbpassword, $this->dbhost);

$this->dbuser is of type boolean, but the function expects a string.

$this->dbpassword is of type boolean, but the function expects a string.

$this->dbhost is of type boolean, but the function expects a string.

				$this->select($this->dbname,$this->encoding);

$this->dbname is of type boolean, but the function expects a string.

$this->encoding is of type boolean, but the function expects a string.

                if ( ! isset($this->dbh) || ! $this->dbh )
                    return false;
			}

			// Perform the query via std mysql_query function..
			$this->result = @mysql_query($query,$this->dbh);

The property result does not exist. Did you maybe forget to declare it?

			// If there is an error then take note of it..
			if ( $str = @mysql_error($this->dbh) )

This code seems to be duplicated across your project.

			{
				$is_insert = true;

$is_insert is not used, you could remove the assignment.

				$this->register_error($str);
				$this->show_errors ? trigger_error($str,E_USER_WARNING) : null;
				return false;
			}

			// Query was an insert, delete, update, replace
			$is_insert = false;
			if ( preg_match("/^(insert|delete|update|replace|truncate|drop|create|alter|set)\s+/i",$query) )
			{
				$this->rows_affected = @mysql_affected_rows($this->dbh);

				// Take note of the insert_id
				if ( preg_match("/^(insert|replace)\s+/i",$query) )
				{
					$this->insert_id = @mysql_insert_id($this->dbh);

The property insert_id does not exist. Did you maybe forget to declare it?

				}

				// Return number fo rows affected
				$return_val = $this->rows_affected;
			}
			// Query was a select
			else
			{

				// Take note of column info
				$i=0;
				while ($i < @mysql_num_fields($this->result))
				{
					$this->col_info[$i] = @mysql_fetch_field($this->result);
					$i++;
				}

				// Store Query Results
				$num_rows=0;
				while ( $row = @mysql_fetch_object($this->result) )
				{
					// Store relults as an objects within main array
					$this->last_result[$num_rows] = $row;

The property last_result does not seem to exist. Did you mean result?

					$num_rows++;
				}

				@mysql_free_result($this->result);

It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

				// Log number of rows the query returned
				$this->num_rows = $num_rows;

The property num_rows does not exist. Did you maybe forget to declare it?

				// Return number of rows selected
				$return_val = $this->num_rows;
			}

			// disk caching of queries
			$this->store_cache($query,$is_insert);

			// If debug ALL queries
			$this->trace || $this->debug_all ? $this->debug() : null ;

			// Keep tack of how long all queries have taken
			$this->timer_update_global($this->num_queries);

			// Trace all queries
			if ( $this->use_trace_log )
			{
				$this->trace_log[] = $this->debug(false);
			}

			return $return_val;

		}
		
		/**********************************************************************
		*  Close the active mySQL connection
		*/

		function disconnect()

It is generally recommended to explicitly declare the visibility for methods.

		{
			@mysql_close($this->dbh);	

It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.

		}

	}