These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /********************************************************************** |
||
4 | * Author: Justin Vincent ([email protected]) |
||
5 | * Web...: http://twitter.com/justinvincent |
||
6 | * Name..: ezSQL_mysql |
||
7 | * Desc..: mySQL component (part of ezSQL databse abstraction library) |
||
8 | * |
||
9 | */ |
||
10 | |||
11 | /********************************************************************** |
||
12 | * ezSQL error strings - mySQL |
||
13 | */ |
||
14 | |||
15 | global $ezsql_mysql_str; |
||
16 | |||
17 | $ezsql_mysql_str = array |
||
18 | ( |
||
19 | 1 => 'Require $dbuser and $dbpassword to connect to a database server', |
||
20 | 2 => 'Error establishing mySQL database connection. Correct user/password? Correct hostname? Database server running?', |
||
21 | 3 => 'Require $dbname to select a database', |
||
22 | 4 => 'mySQL database connection is not active', |
||
23 | 5 => 'Unexpected error while trying to select database' |
||
24 | ); |
||
25 | |||
26 | /********************************************************************** |
||
27 | * ezSQL Database specific class - mySQL |
||
28 | */ |
||
29 | |||
30 | if ( ! function_exists ('mysql_connect') ) die('<b>Fatal Error:</b> ezSQL_mysql requires mySQL Lib to be compiled and or linked in to the PHP engine'); |
||
31 | if ( ! class_exists ('ezSQLcore') ) die('<b>Fatal Error:</b> ezSQL_mysql requires ezSQLcore (ez_sql_core.php) to be included/loaded before it can be used'); |
||
32 | |||
33 | class ezSQL_mysql extends ezSQLcore |
||
34 | { |
||
35 | |||
36 | var $dbuser = false; |
||
37 | var $dbpassword = false; |
||
38 | var $dbname = false; |
||
39 | var $dbhost = false; |
||
40 | var $encoding = false; |
||
41 | var $rows_affected = false; |
||
42 | |||
43 | /********************************************************************** |
||
44 | * Constructor - allow the user to perform a qucik connect at the |
||
45 | * same time as initialising the ezSQL_mysql class |
||
46 | */ |
||
47 | |||
48 | View Code Duplication | function __construct($dbuser='', $dbpassword='', $dbname='', $dbhost='localhost', $encoding='') |
|
49 | { |
||
50 | $this->dbuser = $dbuser; |
||
51 | $this->dbpassword = $dbpassword; |
||
52 | $this->dbname = $dbname; |
||
53 | $this->dbhost = $dbhost; |
||
54 | $this->encoding = $encoding; |
||
55 | } |
||
56 | |||
57 | /********************************************************************** |
||
58 | * Short hand way to connect to mySQL database server |
||
59 | * and select a mySQL database at the same time |
||
60 | */ |
||
61 | |||
62 | View Code Duplication | function quick_connect($dbuser='', $dbpassword='', $dbname='', $dbhost='localhost', $encoding='') |
|
63 | { |
||
64 | $return_val = false; |
||
65 | if ( ! $this->connect($dbuser, $dbpassword, $dbhost,true) ) ; |
||
66 | else if ( ! $this->select($dbname,$encoding) ) ; |
||
67 | else $return_val = true; |
||
68 | return $return_val; |
||
69 | } |
||
70 | |||
71 | /********************************************************************** |
||
72 | * Try to connect to mySQL database server |
||
73 | */ |
||
74 | |||
75 | function connect($dbuser='', $dbpassword='', $dbhost='localhost') |
||
76 | { |
||
77 | global $ezsql_mysql_str; $return_val = false; |
||
78 | |||
79 | // Keep track of how long the DB takes to connect |
||
80 | $this->timer_start('db_connect_time'); |
||
81 | |||
82 | // Must have a user and a password |
||
83 | if ( ! $dbuser ) |
||
84 | { |
||
85 | $this->register_error($ezsql_mysql_str[1].' in '.__FILE__.' on line '.__LINE__); |
||
86 | $this->show_errors ? trigger_error($ezsql_mysql_str[1],E_USER_WARNING) : null; |
||
87 | } |
||
88 | // Try to establish the server database handle |
||
89 | else if ( ! $this->dbh = @mysql_connect($dbhost,$dbuser,$dbpassword,true,131074) ) |
||
90 | { |
||
91 | $this->register_error($ezsql_mysql_str[2].' in '.__FILE__.' on line '.__LINE__); |
||
92 | $this->show_errors ? trigger_error($ezsql_mysql_str[2],E_USER_WARNING) : null; |
||
93 | } |
||
94 | View Code Duplication | else |
|
95 | { |
||
96 | $this->dbuser = $dbuser; |
||
97 | $this->dbpassword = $dbpassword; |
||
98 | $this->dbhost = $dbhost; |
||
99 | $return_val = true; |
||
100 | } |
||
101 | |||
102 | return $return_val; |
||
103 | } |
||
104 | |||
105 | /********************************************************************** |
||
106 | * Try to select a mySQL database |
||
107 | */ |
||
108 | |||
109 | function select($dbname='', $encoding='') |
||
110 | { |
||
111 | global $ezsql_mysql_str; $return_val = false; |
||
112 | |||
113 | // Must have a database name |
||
114 | if ( ! $dbname ) |
||
115 | { |
||
116 | $this->register_error($ezsql_mysql_str[3].' in '.__FILE__.' on line '.__LINE__); |
||
117 | $this->show_errors ? trigger_error($ezsql_mysql_str[3],E_USER_WARNING) : null; |
||
118 | } |
||
119 | |||
120 | // Must have an active database connection |
||
121 | else if ( ! $this->dbh ) |
||
122 | { |
||
123 | $this->register_error($ezsql_mysql_str[4].' in '.__FILE__.' on line '.__LINE__); |
||
124 | $this->show_errors ? trigger_error($ezsql_mysql_str[4],E_USER_WARNING) : null; |
||
125 | } |
||
126 | |||
127 | // Try to connect to the database |
||
128 | else if ( !@mysql_select_db($dbname,$this->dbh) ) |
||
129 | { |
||
130 | // Try to get error supplied by mysql if not use our own |
||
131 | if ( !$str = @mysql_error($this->dbh)) |
||
132 | $str = $ezsql_mysql_str[5]; |
||
133 | |||
134 | $this->register_error($str.' in '.__FILE__.' on line '.__LINE__); |
||
135 | $this->show_errors ? trigger_error($str,E_USER_WARNING) : null; |
||
136 | } |
||
137 | else |
||
138 | { |
||
139 | $this->dbname = $dbname; |
||
140 | if ( $encoding == '') $encoding = $this->encoding; |
||
141 | if($encoding!='') |
||
142 | { |
||
143 | $encoding = strtolower(str_replace("-","",$encoding)); |
||
144 | $charsets = array(); |
||
145 | $result = mysql_query("SHOW CHARACTER SET"); |
||
146 | while($row = mysql_fetch_array($result,MYSQL_ASSOC)) |
||
147 | { |
||
148 | $charsets[] = $row["Charset"]; |
||
149 | } |
||
150 | if(in_array($encoding,$charsets)){ |
||
151 | mysql_query("SET NAMES '".$encoding."'"); |
||
152 | } |
||
153 | } |
||
154 | |||
155 | $return_val = true; |
||
156 | } |
||
157 | |||
158 | return $return_val; |
||
159 | } |
||
160 | |||
161 | /********************************************************************** |
||
162 | * Format a mySQL string correctly for safe mySQL insert |
||
163 | * (no mater if magic quotes are on or not) |
||
164 | */ |
||
165 | |||
166 | function escape($str) |
||
167 | { |
||
168 | // If there is no existing database connection then try to connect |
||
169 | if ( ! isset($this->dbh) || ! $this->dbh ) |
||
170 | { |
||
171 | $this->connect($this->dbuser, $this->dbpassword, $this->dbhost); |
||
172 | $this->select($this->dbname, $this->encoding); |
||
173 | } |
||
174 | |||
175 | return mysql_real_escape_string(stripslashes($str)); |
||
176 | } |
||
177 | |||
178 | /********************************************************************** |
||
179 | * Return mySQL specific system date syntax |
||
180 | * i.e. Oracle: SYSDATE Mysql: NOW() |
||
181 | */ |
||
182 | |||
183 | function sysdate() |
||
184 | { |
||
185 | return 'NOW()'; |
||
186 | } |
||
187 | |||
188 | /********************************************************************** |
||
189 | * Perform mySQL query and try to detirmin result value |
||
190 | */ |
||
191 | |||
192 | function query($query) |
||
193 | { |
||
194 | |||
195 | // This keeps the connection alive for very long running scripts |
||
196 | View Code Duplication | if ( $this->num_queries >= 500 ) |
|
197 | { |
||
198 | $this->num_queries = 0; |
||
199 | $this->disconnect(); |
||
200 | $this->quick_connect($this->dbuser,$this->dbpassword,$this->dbname,$this->dbhost,$this->encoding); |
||
201 | } |
||
202 | |||
203 | // Initialise return |
||
204 | $return_val = 0; |
||
205 | |||
206 | // Flush cached values.. |
||
207 | $this->flush(); |
||
208 | |||
209 | // For reg expressions |
||
210 | $query = trim($query); |
||
211 | |||
212 | // Log how the function was called |
||
213 | $this->func_call = "\$db->query(\"$query\")"; |
||
214 | |||
215 | // Keep track of the last query for debug.. |
||
216 | $this->last_query = $query; |
||
217 | |||
218 | // Count how many queries there have been |
||
219 | $this->num_queries++; |
||
220 | |||
221 | // Start timer |
||
222 | $this->timer_start($this->num_queries); |
||
223 | |||
224 | // Use core file cache function |
||
225 | View Code Duplication | if ( $cache = $this->get_cache($query) ) |
|
226 | { |
||
227 | // Keep tack of how long all queries have taken |
||
228 | $this->timer_update_global($this->num_queries); |
||
229 | |||
230 | // Trace all queries |
||
231 | if ( $this->use_trace_log ) |
||
232 | { |
||
233 | $this->trace_log[] = $this->debug(false); |
||
234 | } |
||
235 | |||
236 | return $cache; |
||
237 | } |
||
238 | |||
239 | // If there is no existing database connection then try to connect |
||
240 | View Code Duplication | if ( ! isset($this->dbh) || ! $this->dbh ) |
|
241 | { |
||
242 | $this->connect($this->dbuser, $this->dbpassword, $this->dbhost); |
||
243 | $this->select($this->dbname,$this->encoding); |
||
244 | if ( ! isset($this->dbh) || ! $this->dbh ) |
||
245 | return false; |
||
246 | } |
||
247 | |||
248 | // Perform the query via std mysql_query function.. |
||
249 | $this->result = @mysql_query($query,$this->dbh); |
||
250 | |||
251 | // If there is an error then take note of it.. |
||
252 | View Code Duplication | if ( $str = @mysql_error($this->dbh) ) |
|
253 | { |
||
254 | $is_insert = true; |
||
255 | $this->register_error($str); |
||
256 | $this->show_errors ? trigger_error($str,E_USER_WARNING) : null; |
||
257 | return false; |
||
258 | } |
||
259 | |||
260 | // Query was an insert, delete, update, replace |
||
261 | $is_insert = false; |
||
262 | if ( preg_match("/^(insert|delete|update|replace|truncate|drop|create|alter|set)\s+/i",$query) ) |
||
263 | { |
||
264 | $this->rows_affected = @mysql_affected_rows($this->dbh); |
||
265 | |||
266 | // Take note of the insert_id |
||
267 | if ( preg_match("/^(insert|replace)\s+/i",$query) ) |
||
268 | { |
||
269 | $this->insert_id = @mysql_insert_id($this->dbh); |
||
270 | } |
||
271 | |||
272 | // Return number fo rows affected |
||
273 | $return_val = $this->rows_affected; |
||
274 | } |
||
275 | // Query was a select |
||
276 | else |
||
277 | { |
||
278 | |||
279 | // Take note of column info |
||
280 | $i=0; |
||
281 | while ($i < @mysql_num_fields($this->result)) |
||
282 | { |
||
283 | $this->col_info[$i] = @mysql_fetch_field($this->result); |
||
284 | $i++; |
||
285 | } |
||
286 | |||
287 | // Store Query Results |
||
288 | $num_rows=0; |
||
289 | while ( $row = @mysql_fetch_object($this->result) ) |
||
290 | { |
||
291 | // Store relults as an objects within main array |
||
292 | $this->last_result[$num_rows] = $row; |
||
293 | $num_rows++; |
||
294 | } |
||
295 | |||
296 | @mysql_free_result($this->result); |
||
0 ignored issues
–
show
|
|||
297 | |||
298 | // Log number of rows the query returned |
||
299 | $this->num_rows = $num_rows; |
||
300 | |||
301 | // Return number of rows selected |
||
302 | $return_val = $this->num_rows; |
||
303 | } |
||
304 | |||
305 | // disk caching of queries |
||
306 | $this->store_cache($query,$is_insert); |
||
307 | |||
308 | // If debug ALL queries |
||
309 | $this->trace || $this->debug_all ? $this->debug() : null ; |
||
310 | |||
311 | // Keep tack of how long all queries have taken |
||
312 | $this->timer_update_global($this->num_queries); |
||
313 | |||
314 | // Trace all queries |
||
315 | if ( $this->use_trace_log ) |
||
316 | { |
||
317 | $this->trace_log[] = $this->debug(false); |
||
318 | } |
||
319 | |||
320 | return $return_val; |
||
321 | |||
322 | } |
||
323 | |||
324 | /********************************************************************** |
||
325 | * Close the active mySQL connection |
||
326 | */ |
||
327 | |||
328 | function disconnect() |
||
329 | { |
||
330 | @mysql_close($this->dbh); |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
331 | } |
||
332 | |||
333 | } |
||
334 |
If you suppress an error, we recommend checking for the error condition explicitly: