Issues in ez_sql_pdo.php - Fixed Issues - Inspection of "Remove ezSQL, use PDO" - YOURLS/YOURLS - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#2282)

by ྅༻ Ǭɀħ

created 2017-09-03 17:39 UTC

includes/ezSQL/ez_sql_pdo.php (18 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

	/**********************************************************************
	*  Author: Justin Vincent ([email protected])
	*  Web...: http://twitter.com/justinvincent
	*  Name..: ezSQL_pdo
	*  Desc..: PDO component (part of ezSQL databse abstraction library)
	*
	*/

	/**********************************************************************
	*  ezSQL error strings - PDO
	*/
    
    global $ezsql_pdo_str;

	$ezsql_pdo_str = array
	(
		1 => 'Require $dsn and $user and $password to create a connection'
	);

	/**********************************************************************
	*  ezSQL Database specific class - PDO
	*/

	if ( ! class_exists ('PDO') ) die('<b>Fatal Error:</b> ezSQL_pdo requires PDO Lib to be compiled and or linked in to the PHP engine');
	if ( ! class_exists ('ezSQLcore') ) die('<b>Fatal Error:</b> ezSQL_pdo requires ezSQLcore (ez_sql_core.php) to be included/loaded before it can be used');

	class ezSQL_pdo extends ezSQLcore
	{

		var $dsn;
		var $user;
		var $password;
		var $rows_affected = false;

		/**********************************************************************
		*  Constructor - allow the user to perform a qucik connect at the 
		*  same time as initialising the ezSQL_pdo class
		*/

		function __construct($dsn='', $user='', $password='', $ssl=array())

		{
			// Turn on track errors 
			ini_set('track_errors',1);
			
			if ( $dsn && $user )
			{
				$this->connect($dsn, $user, $password);
			}
		}

		/**********************************************************************
		*  Try to connect to database server
		*/

		function connect($dsn='', $user='', $password='', $ssl=array())

		{
			global $ezsql_pdo_str; $return_val = false;
			
			// Must have a dsn and user
			if ( ! $dsn || ! $user )
			{
				$this->register_error($ezsql_pdo_str[1].' in '.__FILE__.' on line '.__LINE__);
				$this->show_errors ? trigger_error($ezsql_pdo_str[1],E_USER_WARNING) : null;
			}
			
			// Establish PDO connection
			try 
			{
				if(!empty($ssl))
				{
					$this->dbh = new PDO($dsn, $user, $password, $ssl);
class MyClass { }

$x = new MyClass();
$x->foo = true;
				}
				else
				{
					$this->dbh = new PDO($dsn, $user, $password);
				}
				
				$return_val = true;
			} 
			catch (PDOException $e) 
			{
				$this->register_error($e->getMessage());
				$this->show_errors ? trigger_error($e->getMessage(),E_USER_WARNING) : null;
			}

			return $return_val;			
		}

		/**********************************************************************
		*  In the case of PDO quick_connect is not really needed
		*  because std. connect already does what quick connect does - 
		*  but for the sake of consistency it has been included
		*/

		function quick_connect($dsn='', $user='', $password='', $ssl=array())

		{
			return $this->connect($dsn, $user, $password);
		}

		/**********************************************************************
		*  No real equivalent of mySQL select in PDO 
		*  once again, function included for the sake of consistency
		*/

		function select($dsn='', $user='', $password='', $ssl=array())

		{
			return $this->connect($dsn, $user, $password);
		}
		
		/**********************************************************************
		*  Format a string correctly for safe PDO insert
		*  (no mater if magic quotes are on or not)
		*/

		function escape($str)

		{
			switch (gettype($str))
			{
				case 'string' : $str = addslashes(stripslashes($str));
				break;
				case 'boolean' : $str = ($str === FALSE) ? 0 : 1;
				break;
				default : $str = ($str === NULL) ? 'NULL' : $str;
				break;
			}

			return $str;
		}

		/**********************************************************************
		*  Return specific system date syntax 
		*  i.e. Oracle: SYSDATE Mysql: NOW()
		*/

		function sysdate()

		{
			return "NOW()";			
		}

		/**********************************************************************
		*  Hooks into PDO error system and reports it to user
		*/

		function catch_error()

		{
			$error_str = 'No error info';
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
						
			$err_array = $this->dbh->errorInfo();
			
			// Note: Ignoring error - bind or column index out of range
			if ( isset($err_array[1]) && $err_array[1] != 25)
			{
				
				$error_str = '';
				foreach ( $err_array as $entry )
				{
					$error_str .= $entry . ', ';
				}

				$error_str = substr($error_str,0,-2);

				$this->register_error($error_str);
				$this->show_errors ? trigger_error($error_str.' '.$this->last_query,E_USER_WARNING) : null;
				
				return true;
			}

		}

		// ==================================================================
		//	Basic Query	- see docs for more detail

		function query($query)

		{

			// For reg expressions
			$query = str_replace("/[\n\r]/",'',trim($query)); 

			// initialise return
			$return_val = 0;
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

			// Flush cached values..
			$this->flush();

			// Log how the function was called
			$this->func_call = "\$db->query(\"$query\")";
class MyClass { }

$x = new MyClass();
$x->foo = true;

			// Keep track of the last query for debug..
			$this->last_query = $query;

			$this->num_queries++;

			// Start timer
			$this->timer_start($this->num_queries);

			// Use core file cache function
			if ( $cache = $this->get_cache($query) )

			{

				// Keep tack of how long all queries have taken
				$this->timer_update_global($this->num_queries);

				// Trace all queries
				if ( $this->use_trace_log )
				{
					$this->trace_log[] = $this->debug(false);
				}

				return $cache;
			}

			// If there is no existing database connection then try to connect
			if ( ! isset($this->dbh) || ! $this->dbh )
			{
				$this->connect($this->dsn, $this->user, $this->password);
                if ( ! isset($this->dbh) || ! $this->dbh )
                    return false;
			}

			// Query was an insert, delete, update, replace
			if ( preg_match("/^(insert|delete|update|replace|drop|create)\s+/i",$query) )
			{		

				// Perform the query and log number of affected rows
				$this->rows_affected = $this->dbh->exec($query);
	
				// If there is an error then take note of it..
				if ( $this->catch_error() ) return false;

				$is_insert = true;

				// Take note of the insert_id
				if ( preg_match("/^(insert|replace)\s+/i",$query) )
				{
					$this->insert_id = @$this->dbh->lastInsertId();	
class MyClass { }

$x = new MyClass();
$x->foo = true;
				}

				// Return number fo rows affected
				$return_val = $this->rows_affected;
	
			}
			// Query was an select
			else
			{

				// Perform the query and log number of affected rows
				$sth = $this->dbh->query($query);
	
				// If there is an error then take note of it..
				if ( $this->catch_error() ) return false;

				$is_insert = false;
				
				$col_count = $sth->columnCount();
				
				for ( $i=0 ; $i < $col_count ; $i++ )
				{
					$this->col_info[$i] = new stdClass();
					
					if ( $meta = $sth->getColumnMeta($i) )
					{					
						$this->col_info[$i]->name =  $meta['name'];
						$this->col_info[$i]->type =  !empty($meta['native_type']) ? $meta['native_type'] : 'undefined';
						$this->col_info[$i]->max_length =  '';
					}
					else
					{
						$this->col_info[$i]->name =  'undefined';
						$this->col_info[$i]->type =  'undefined';
						$this->col_info[$i]->max_length = '';
					}
				}

				// Store Query Results
				$num_rows=0;
				while ( $row = @$sth->fetch(PDO::FETCH_ASSOC) )
				{
					// Store relults as an objects within main array
					$this->last_result[$num_rows] = (object) $row;
class MyClass { }

$x = new MyClass();
$x->foo = true;
					$num_rows++;
				}

				// Log number of rows the query returned
				$this->num_rows = $num_rows;
class MyClass { }

$x = new MyClass();
$x->foo = true;

				// Return number of rows selected
				$return_val = $this->num_rows;

			}
			
			// disk caching of queries
			$this->store_cache($query,$is_insert);

			// If debug ALL queries
			$this->trace || $this->debug_all ? $this->debug() : null ;

			// Keep tack of how long all queries have taken
			$this->timer_update_global($this->num_queries);

			// Trace all queries
			if ( $this->use_trace_log )
			{
				$this->trace_log[] = $this->debug(false);
			}
			
			return $return_val;

		}

	}


1		<?php
2
3		/**********************************************************************
4		* Author: Justin Vincent ([email protected])
5		* Web...: http://twitter.com/justinvincent
6		* Name..: ezSQL_pdo
7		* Desc..: PDO component (part of ezSQL databse abstraction library)
8		*
9		*/
10
11		/**********************************************************************
12		* ezSQL error strings - PDO
13		*/
14
15		global $ezsql_pdo_str;
16
17		$ezsql_pdo_str = array
18		(
19		1 => 'Require $dsn and $user and $password to create a connection'
20		);
21
22		/**********************************************************************
23		* ezSQL Database specific class - PDO
24		*/
25
26		if ( ! class_exists ('PDO') ) die('<b>Fatal Error:</b> ezSQL_pdo requires PDO Lib to be compiled and or linked in to the PHP engine');
27		if ( ! class_exists ('ezSQLcore') ) die('<b>Fatal Error:</b> ezSQL_pdo requires ezSQLcore (ez_sql_core.php) to be included/loaded before it can be used');
28
29		class ezSQL_pdo extends ezSQLcore
30		{
31
32		var $dsn;
33		var $user;
34		var $password;
35		var $rows_affected = false;
36
37		/**********************************************************************
38		* Constructor - allow the user to perform a qucik connect at the
39		* same time as initialising the ezSQL_pdo class
40		*/
41
42		function __construct($dsn='', $user='', $password='', $ssl=array())
		0 ignored issues – show Best Practice introduced 2015-11-27 01:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
43		{
44		// Turn on track errors
45		ini_set('track_errors',1);
46
47		if ( $dsn && $user )
48		{
49		$this->connect($dsn, $user, $password);
50		}
51		}
52
53		/**********************************************************************
54		* Try to connect to database server
55		*/
56
57		function connect($dsn='', $user='', $password='', $ssl=array())
		0 ignored issues – show Best Practice introduced 2015-11-27 01:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
58		{
59		global $ezsql_pdo_str; $return_val = false;
60
61		// Must have a dsn and user
62		if ( ! $dsn \|\| ! $user )
63		{
64		$this->register_error($ezsql_pdo_str[1].' in '.__FILE__.' on line '.__LINE__);
65		$this->show_errors ? trigger_error($ezsql_pdo_str[1],E_USER_WARNING) : null;
66		}
67
68		// Establish PDO connection
69		try
70		{
71		if(!empty($ssl))
72		{
73		$this->dbh = new PDO($dsn, $user, $password, $ssl);
		0 ignored issues – show Bug introduced 2015-11-27 01:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `dbh` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
74		}
75		else
76		{
77		$this->dbh = new PDO($dsn, $user, $password);
78		}
79
80		$return_val = true;
81		}
82		catch (PDOException $e)
83		{
84		$this->register_error($e->getMessage());
85		$this->show_errors ? trigger_error($e->getMessage(),E_USER_WARNING) : null;
86		}
87
88		return $return_val;
89		}
90
91		/**********************************************************************
92		* In the case of PDO quick_connect is not really needed
93		* because std. connect already does what quick connect does -
94		* but for the sake of consistency it has been included
95		*/
96
97		function quick_connect($dsn='', $user='', $password='', $ssl=array())
		0 ignored issues – show Unused Code introduced 2017-04-18 10:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$ssl` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Best Practice introduced 2017-04-18 10:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
98		{
99		return $this->connect($dsn, $user, $password);
100		}
101
102		/**********************************************************************
103		* No real equivalent of mySQL select in PDO
104		* once again, function included for the sake of consistency
105		*/
106
107		function select($dsn='', $user='', $password='', $ssl=array())
		0 ignored issues – show Unused Code introduced 2017-04-18 10:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$ssl` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Best Practice introduced 2017-04-18 10:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
108		{
109		return $this->connect($dsn, $user, $password);
110		}
111
112		/**********************************************************************
113		* Format a string correctly for safe PDO insert
114		* (no mater if magic quotes are on or not)
115		*/
116
117		function escape($str)
		0 ignored issues – show Best Practice introduced 2015-11-27 01:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
118		{
119		switch (gettype($str))
120		{
121		case 'string' : $str = addslashes(stripslashes($str));
122		break;
123		case 'boolean' : $str = ($str === FALSE) ? 0 : 1;
124		break;
125		default : $str = ($str === NULL) ? 'NULL' : $str;
126		break;
127		}
128
129		return $str;
130		}
131
132		/**********************************************************************
133		* Return specific system date syntax
134		* i.e. Oracle: SYSDATE Mysql: NOW()
135		*/
136
137		function sysdate()
		0 ignored issues – show Best Practice introduced 2017-04-18 10:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
138		{
139		return "NOW()";
140		}
141
142		/**********************************************************************
143		* Hooks into PDO error system and reports it to user
144		*/
145
146		function catch_error()
		0 ignored issues – show Best Practice introduced 2015-11-27 01:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
147		{
148		$error_str = 'No error info';
		0 ignored issues – show Unused Code introduced 2017-04-18 10:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$error_str` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
149
150		$err_array = $this->dbh->errorInfo();
151
152		// Note: Ignoring error - bind or column index out of range
153		if ( isset($err_array[1]) && $err_array[1] != 25)
154		{
155
156		$error_str = '';
157		foreach ( $err_array as $entry )
158		{
159		$error_str .= $entry . ', ';
160		}
161
162		$error_str = substr($error_str,0,-2);
163
164		$this->register_error($error_str);
165		$this->show_errors ? trigger_error($error_str.' '.$this->last_query,E_USER_WARNING) : null;
166
167		return true;
168		}
169
170		}
171
172		// ==================================================================
173		// Basic Query - see docs for more detail
174
175		function query($query)
		0 ignored issues – show Best Practice introduced 2015-11-27 01:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
176		{
177
178		// For reg expressions
179		$query = str_replace("/[\n\r]/",'',trim($query));
180
181		// initialise return
182		$return_val = 0;
		0 ignored issues – show Unused Code introduced 2017-04-18 10:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$return_val` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
183
184		// Flush cached values..
185		$this->flush();
186
187		// Log how the function was called
188		$this->func_call = "\$db->query(\"$query\")";
		0 ignored issues – show Bug introduced 2015-11-27 01:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `func_call` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
189
190		// Keep track of the last query for debug..
191		$this->last_query = $query;
192
193		$this->num_queries++;
194
195		// Start timer
196		$this->timer_start($this->num_queries);
197
198		// Use core file cache function
199	View Code Duplication	if ( $cache = $this->get_cache($query) )
		0 ignored issues – show Duplication introduced 2015-11-27 01:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
200		{
201
202		// Keep tack of how long all queries have taken
203		$this->timer_update_global($this->num_queries);
204
205		// Trace all queries
206		if ( $this->use_trace_log )
207		{
208		$this->trace_log[] = $this->debug(false);
209		}
210
211		return $cache;
212		}
213
214		// If there is no existing database connection then try to connect
215		if ( ! isset($this->dbh) \|\| ! $this->dbh )
216		{
217		$this->connect($this->dsn, $this->user, $this->password);
218		if ( ! isset($this->dbh) \|\| ! $this->dbh )
219		return false;
220		}
221
222		// Query was an insert, delete, update, replace
223		if ( preg_match("/^(insert\|delete\|update\|replace\|drop\|create)\s+/i",$query) )
224		{
225
226		// Perform the query and log number of affected rows
227		$this->rows_affected = $this->dbh->exec($query);
228
229		// If there is an error then take note of it..
230		if ( $this->catch_error() ) return false;
231
232		$is_insert = true;
233
234		// Take note of the insert_id
235		if ( preg_match("/^(insert\|replace)\s+/i",$query) )
236		{
237		$this->insert_id = @$this->dbh->lastInsertId();
		0 ignored issues – show Bug introduced 2015-11-27 01:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `insert_id` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
238		}
239
240		// Return number fo rows affected
241		$return_val = $this->rows_affected;
242
243		}
244		// Query was an select
245		else
246		{
247
248		// Perform the query and log number of affected rows
249		$sth = $this->dbh->query($query);
250
251		// If there is an error then take note of it..
252		if ( $this->catch_error() ) return false;
253
254		$is_insert = false;
255
256		$col_count = $sth->columnCount();
257
258		for ( $i=0 ; $i < $col_count ; $i++ )
259		{
260		$this->col_info[$i] = new stdClass();
261
262		if ( $meta = $sth->getColumnMeta($i) )
263		{
264		$this->col_info[$i]->name = $meta['name'];
265		$this->col_info[$i]->type = !empty($meta['native_type']) ? $meta['native_type'] : 'undefined';
266		$this->col_info[$i]->max_length = '';
267		}
268		else
269		{
270		$this->col_info[$i]->name = 'undefined';
271		$this->col_info[$i]->type = 'undefined';
272		$this->col_info[$i]->max_length = '';
273		}
274		}
275
276		// Store Query Results
277		$num_rows=0;
278		while ( $row = @$sth->fetch(PDO::FETCH_ASSOC) )
279		{
280		// Store relults as an objects within main array
281		$this->last_result[$num_rows] = (object) $row;
		0 ignored issues – show Bug introduced 2017-04-18 10:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `last_result` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
282		$num_rows++;
283		}
284
285		// Log number of rows the query returned
286		$this->num_rows = $num_rows;
		0 ignored issues – show Bug introduced 2017-04-18 10:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `num_rows` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
287
288		// Return number of rows selected
289		$return_val = $this->num_rows;
290
291		}
292
293		// disk caching of queries
294		$this->store_cache($query,$is_insert);
295
296		// If debug ALL queries
297		$this->trace \|\| $this->debug_all ? $this->debug() : null ;
298
299		// Keep tack of how long all queries have taken
300		$this->timer_update_global($this->num_queries);
301
302		// Trace all queries
303		if ( $this->use_trace_log )
304		{
305		$this->trace_log[] = $this->debug(false);
306		}
307
308		return $return_val;
309
310		}
311
312		}
313

YOURLS / YOURLS

Pull Request — master (#2282)

includes/ezSQL/ez_sql_pdo.php (18 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like