Issues in CDatabaseBasic.php (master) - Issues in master - mosbth/cdatabase - Measure and Improve Code Quality continuously with Scrutinizer

Issues (12)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Database/CDatabaseBasic.php (8 issues)

Labels

Coding Style 8

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Mos\Database;

/**
 * Database wrapper, provides a database API for the framework but hides details of implementation.
 *
 */
class CDatabaseBasic
{

    use TSQLQueryBuilderBasic;



    /**
     * Properties
     */
    private $options;                   // Options used when creating the PDO object
    private $db   = null;               // The PDO object
    private $stmt = null;               // The latest statement used to execute a query
    private static $numQueries = 0;     // Count all queries made
    private static $queries    = [];    // Save all queries for debugging purpose
    private static $params     = [];    // Save all parameters for debugging purpose



    /**
     * Constructor creating a PDO object connecting to a choosen database.
     *
     * @param array $options containing details for connecting to the database.
     */
    public function __construct($options = [])
    {
        $this->setOptions($options);
    }



    /**
     * Set options and connection details.
     *
     * @param array $options containing details for connecting to the database.
     *
     * @return void
     */
    public function setOptions($options = [])
    {
        $default = [
            'dsn'             => null,
            'username'        => null,
            'password'        => null,
            'driver_options'  => null,
            'table_prefix'    => null,
            'fetch_mode'      => \PDO::FETCH_OBJ,
            'session_key'     => 'CDatabase',
            'verbose'         => null,
            'debug_connect'   => false,
        ];
        $this->options = array_merge($default, $options);

        if ($this->options['table_prefix']) {
            $this->setTablePrefix($this->options['table_prefix']);
        }

        if ($this->options['dsn']) {
            $dsn = explode(':', $this->options['dsn']);
            $this->setSQLDialect($dsn[0]);
        }
    }



    /**
     * Connect to the database.
     *
     * @param boolean $debug default false, set to true to throw exception with full connection details 
     * when connection fails.
     *
     * @return void
     */
    public function connect($debug = false)
    {
        if (isset($this->options['dsn'])) {
            if ($this->options['verbose']) {
                echo "<p>Connecting to dsn:<br><code>" . $this->options['dsn'] . "</code>";
            }

            try {
                $this->db = new \PDO(
                    $this->options['dsn'],
                    $this->options['username'],
                    $this->options['password'],
                    $this->options['driver_options']
                );

                $this->db->setAttribute(\PDO::ATTR_DEFAULT_FETCH_MODE, $this->options['fetch_mode']);
                $this->db->setAttribute(\PDO::ATTR_EMULATE_PREPARES, false);


            } catch(\Exception $e) {


                if ($debug || $this->options['debug_connect']) {
                    // For debug purpose, shows all connection details
                    throw $e;
                } else {
                    // Hide connection details.
                    throw new \PDOException("Could not connect to database, hiding connection details. Connect using 'debug' to see the full exception message.");
                }
            }


        } else {
            throw new \Exception("You can not connect, missing dsn.");
        }

        $this->loadHistory();
    }



    /**
     * Set and unset verbose mode to display queries made.
     *
     * @param boolean $on set true to display queries made through echo, false to disable.
     *
     * @return void
     */
    public function setVerbose($on = true)
    {
        $this->options['verbose'] = $on;
    }



    /**
     * Set fetch mode. (OBSOLETE?)
     *
     * @param int $fetchmode as \PDO::FETCH_OBJ, \PDO::FETCH_CLASS, \PDO::FETCH_INTO, etc.
     *
     * @return void
     */
    public function setFetchMode($fetchmode = null)
    {
        $fetchmode = isset($fetchmode)
            ? $fetchmode
            : $this->options['fetch_mode'];

        $this->stmt->setFetchMode($fetchmode);
    }



    /**
     * Set fetchmode to insert Fetch one resultset from previous select statement as an object.
     * 
     * @param string $class to insert values into.
     *
     * @return boolean Returns TRUE on success or FALSE on failure.
     */
    public function setFetchModeClass($class)
    {
        return $this->stmt->setFetchMode(\PDO::FETCH_CLASS, $class);
    }



    /**
     * Load query-history from session if available.
     *
     * @return int number of database queries made.
     */
    public function loadHistory()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $key = $this->options['session_key'];
        if (isset($_SESSION['CDatabase'])) {
            self::$numQueries = $_SESSION[$key]['numQueries'];
            self::$queries    = $_SESSION[$key]['queries'];
            self::$params     = $_SESSION[$key]['params'];
            unset($_SESSION[$key]);
        }
    }



    /**
     * Save query-history in session, useful as a flashmemory when redirecting to another page.
     * 
     * @param string $extra enables to save some extra debug information.
     *
     * @return void
     */
    public function saveHistory($extra = null)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if (!is_null($extra)) {
            self::$queries[] = $extra;
            self::$params[] = null;
        }

        self::$queries[] = 'Saved query-history to session.';
        self::$params[] = null;

        $key = $this->options['session_key'];
        $_SESSION[$key]['numQueries'] = self::$numQueries;
        $_SESSION[$key]['queries']    = self::$queries;
        $_SESSION[$key]['params']     = self::$params;
    }



    /**
     * Get how many queries have been processed.
     *
     * @return int number of database queries made.
     */
    public function getNumQueries()
    {
        return self::$numQueries;
    }



    /**
     * Get all the queries that have been processed.
     *
     * @return array with queries.
     */
    public function getQueries()
    {
        return [self::$queries, self::$params];
    }



    /**
     * Get a html representation of all queries made, for debugging and analysing purpose.
     * 
     * @return string with html.
     */
    public function dump()
    {
        $html  = '<p><i>You have made ' . self::$numQueries . ' database queries.</i></p><pre>';
        
        foreach (self::$queries as $key => $val) {
            $params = empty(self::$params[$key]) ? null : htmlentities(print_r(self::$params[$key], 1), null, 'UTF-8') . '<br/><br/>';
            $html .= htmlentities($val, null, 'UTF-8') . '<br/><br/>' . $params;
        }
        
        return $html . '</pre>';
    }



    /**
     * Extend params array to support arrays in it, extract array items and add to $params and insert ? for each entry.
     *
     * @param string $query  as the query to prepare.
     * @param array  $params the parameters that may contain arrays.
     *
     * @return array with query and params.
     */
    protected function expandParamArray($query, $params)
    {
        $param = [];
        $offset = -1;

        foreach ($params as $val) {


            $offset = strpos($query, '?', $offset + 1);

            if (is_array($val)) {

            
                $nrOfItems = count($val);
            
                if ($nrOfItems) {
                    $query = substr($query, 0, $offset) . str_repeat('?,', $nrOfItems  - 1) . '?' . substr($query, $offset + 1);
                    $param = array_merge($param, $val);
                } else {
                    $param[] = null;
                }
            } else {
                $param[] = $val;
            }
        }

        return array($query, $param);
    }



    /**
     * Execute a select-query with arguments and return all resultset.
     * 
     * @param string  $query      the SQL query with ?.
     * @param array   $params     array which contains the argument to replace ?.
     *
     * @return array with resultset.
     */
    public function executeFetchAll(
        $query = null,
        $params = []
    ) {

        $this->execute($query, $params);
        return $this->fetchAll();
    }



    /**
     * Execute a select-query with arguments and return one resultset.
     *
     * @param string  $query      the SQL query with ?.
     * @param array   $params     array which contains the argument to replace ?.
     *
     * @return array with resultset.
     */
    public function executeFetchOne(
        $query = null,
        $params = []
    ) {

        $this->execute($query, $params);
        return $this->fetchOne();
    }



    /**
     * Fetch all resultset from previous select statement.
     * 
     * @return array with resultset.
     */
    public function fetchAll()
    {
        return $this->stmt->fetchAll();
    }



    /**
     * Fetch one resultset from previous select statement.
     * 
     * @return array with resultset.
     */
    public function fetchOne()
    {
        return $this->stmt->fetch();
    }



    /**
     * Fetch one resultset from previous select statement as an object.
     * 
     * @param object $class which type of object to instantiate.
     *
     * @return array with resultset.
     */
    public function fetchObject($class)
    {
        return $this->stmt->fetchObject($class);
    }



    /**
     * Fetch one resultset from previous select statement as an object.
     * 
     * @param object $object to insert values into.
     *
     * @return array with resultset.
     */
    public function fetchInto($object)
    {
        $this->stmt->setFetchMode(\PDO::FETCH_INTO, $object);
        return $this->stmt->fetch();
    }



    /**
     * Execute a SQL-query and ignore the resultset.
     *
     * @param string  $query  the SQL query with ?.
     * @param array   $params array which contains the argument to replace ?.
     *
     * @throws Exception when failing to prepare question.
     *
     * @return boolean returns TRUE on success or FALSE on failure.
     */
    public function execute(
        $query = null,
        $params = []
    ) {

        if (is_null($query)) {
            $query = $this->getSQL();
        } else if (is_array($query)) {
            $params = $query;
            $query = $this->getSQL();
        }

        list($query, $params) = $this->expandParamArray($query, $params);

        self::$queries[] = $query;
        self::$params[]  = $params;
        self::$numQueries++;

        if ($this->options['verbose']) {
            echo "<p>Num query = "
                . self::$numQueries
                . "</p><p>Query = </p><pre>"
                . htmlentities($query)
                . "</pre>"
                . (empty($params)
                    ? null
                    : "<p>Params:</p><pre>" . htmlentities(print_r($params, 1)) . "</pre>"
                );
        }

        $this->stmt = $this->db->prepare($query);

        if (!$this->stmt) {
            $msg = "Error in preparing query: "
                . $this->db->errorCode()
                . " "
                . htmlentities(print_r($this->db->errorInfo(), 1));
            throw new \Exception($msg);
        }

        $res = $this->stmt->execute($params);

        if (!$res) {
            $msg = "Error in executing query: "
                . $this->stmt->errorCode()
                . " "
                . htmlentities(print_r($this->stmt->errorInfo(), 1));
            throw new \Exception($msg);
        }

        return $res;
    }



    /**
     * Return last insert id.
     */
    public function lastInsertId()
    {
        return $this->db->lastInsertId();
    }



    /**
    * Return rows affected of last INSERT, UPDATE, DELETE
    */
    public function rowCount()
    {
        return is_null($this->stmt)
            ? $this->stmt
            : $this->stmt->rowCount();
    }
}


1		<?php
2
3		namespace Mos\Database;
4
5		/**
6		* Database wrapper, provides a database API for the framework but hides details of implementation.
7		*
8		*/
9		class CDatabaseBasic
10		{
11
12		use TSQLQueryBuilderBasic;
13
14
15
16		/**
17		* Properties
18		*/
19		private $options; // Options used when creating the PDO object
20		private $db = null; // The PDO object
21		private $stmt = null; // The latest statement used to execute a query
22		private static $numQueries = 0; // Count all queries made
23		private static $queries = []; // Save all queries for debugging purpose
24		private static $params = []; // Save all parameters for debugging purpose
25
26
27
28		/**
29		* Constructor creating a PDO object connecting to a choosen database.
30		*
31		* @param array $options containing details for connecting to the database.
32		*/
33	9	public function __construct($options = [])
34		{
35	9	$this->setOptions($options);
36	9	}
37
38
39
40		/**
41		* Set options and connection details.
42		*
43		* @param array $options containing details for connecting to the database.
44		*
45		* @return void
46		*/
47	9	public function setOptions($options = [])
48		{
49		$default = [
50	9	'dsn' => null,
51	9	'username' => null,
52	9	'password' => null,
53	9	'driver_options' => null,
54	9	'table_prefix' => null,
55	9	'fetch_mode' => \PDO::FETCH_OBJ,
56	9	'session_key' => 'CDatabase',
57	9	'verbose' => null,
58	9	'debug_connect' => false,
59	9	];
60	9	$this->options = array_merge($default, $options);
61
62	9	if ($this->options['table_prefix']) {
63		$this->setTablePrefix($this->options['table_prefix']);
64		}
65
66	9	if ($this->options['dsn']) {
67	9	$dsn = explode(':', $this->options['dsn']);
68	9	$this->setSQLDialect($dsn[0]);
69	9	}
70	9	}
71
72
73
74		/**
75		* Connect to the database.
76		*
77		* @param boolean $debug default false, set to true to throw exception with full connection details
78		* when connection fails.
79		*
80		* @return void
81		*/
82	9	public function connect($debug = false)
83		{
84	9	if (isset($this->options['dsn'])) {
85	9	if ($this->options['verbose']) {
86		echo "<p>Connecting to dsn:<br><code>" . $this->options['dsn'] . "</code>";
87		}
88
89		try {
90	9	$this->db = new \PDO(
91	9	$this->options['dsn'],
92	9	$this->options['username'],
93	9	$this->options['password'],
94	9	$this->options['driver_options']
95	9	);
96
97	9	$this->db->setAttribute(\PDO::ATTR_DEFAULT_FETCH_MODE, $this->options['fetch_mode']);
98	9	$this->db->setAttribute(\PDO::ATTR_EMULATE_PREPARES, false);
99
		0 ignored issues – show Coding Style introduced 2019-04-09 20:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this Blank line found at end of control structure Loading history...
100	9	} catch(\Exception $e) {
		0 ignored issues – show Coding Style introduced 2016-02-03 15:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 1 space after CATCH keyword; 0 found Loading history... Coding Style introduced 2019-04-09 20:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this Blank line found at start of control structure Loading history...
101
102		if ($debug \|\| $this->options['debug_connect']) {
103		// For debug purpose, shows all connection details
104		throw $e;
105		} else {
106		// Hide connection details.
107		throw new \PDOException("Could not connect to database, hiding connection details. Connect using 'debug' to see the full exception message.");
108		}
109		}
110
		0 ignored issues – show Coding Style introduced 2019-04-09 20:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this Blank line found at end of control structure Loading history...
111	9	} else {
112	1	throw new \Exception("You can not connect, missing dsn.");
113		}
114
115	9	$this->loadHistory();
116	9	}
117
118
119
120		/**
121		* Set and unset verbose mode to display queries made.
122		*
123		* @param boolean $on set true to display queries made through echo, false to disable.
124		*
125		* @return void
126		*/
127		public function setVerbose($on = true)
128		{
129		$this->options['verbose'] = $on;
130		}
131
132
133
134		/**
135		* Set fetch mode. (OBSOLETE?)
136		*
137		* @param int $fetchmode as \PDO::FETCH_OBJ, \PDO::FETCH_CLASS, \PDO::FETCH_INTO, etc.
138		*
139		* @return void
140		*/
141		public function setFetchMode($fetchmode = null)
142		{
143		$fetchmode = isset($fetchmode)
144		? $fetchmode
145		: $this->options['fetch_mode'];
146
147		$this->stmt->setFetchMode($fetchmode);
148		}
149
150
151
152		/**
153		* Set fetchmode to insert Fetch one resultset from previous select statement as an object.
154		*
155		* @param string $class to insert values into.
156		*
157		* @return boolean Returns TRUE on success or FALSE on failure.
158		*/
159		public function setFetchModeClass($class)
160		{
161		return $this->stmt->setFetchMode(\PDO::FETCH_CLASS, $class);
162		}
163
164
165
166		/**
167		* Load query-history from session if available.
168		*
169		* @return int number of database queries made.
170		*/
171	9	public function loadHistory()
		0 ignored issues – show Coding Style introduced 2019-04-09 20:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this `loadHistory` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
172		{
173	9	$key = $this->options['session_key'];
174	9	if (isset($_SESSION['CDatabase'])) {
175		self::$numQueries = $_SESSION[$key]['numQueries'];
176		self::$queries = $_SESSION[$key]['queries'];
177		self::$params = $_SESSION[$key]['params'];
178		unset($_SESSION[$key]);
179		}
180	9	}
181
182
183
184		/**
185		* Save query-history in session, useful as a flashmemory when redirecting to another page.
186		*
187		* @param string $extra enables to save some extra debug information.
188		*
189		* @return void
190		*/
191		public function saveHistory($extra = null)
		0 ignored issues – show Coding Style introduced 2019-04-09 20:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this `saveHistory` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
192		{
193		if (!is_null($extra)) {
194		self::$queries[] = $extra;
195		self::$params[] = null;
196		}
197
198		self::$queries[] = 'Saved query-history to session.';
199		self::$params[] = null;
200
201		$key = $this->options['session_key'];
202		$_SESSION[$key]['numQueries'] = self::$numQueries;
203		$_SESSION[$key]['queries'] = self::$queries;
204		$_SESSION[$key]['params'] = self::$params;
205		}
206
207
208
209		/**
210		* Get how many queries have been processed.
211		*
212		* @return int number of database queries made.
213		*/
214		public function getNumQueries()
215		{
216		return self::$numQueries;
217		}
218
219
220
221		/**
222		* Get all the queries that have been processed.
223		*
224		* @return array with queries.
225		*/
226		public function getQueries()
227		{
228		return [self::$queries, self::$params];
229		}
230
231
232
233		/**
234		* Get a html representation of all queries made, for debugging and analysing purpose.
235		*
236		* @return string with html.
237		*/
238		public function dump()
239		{
240		$html = '<p><i>You have made ' . self::$numQueries . ' database queries.</i></p><pre>';
241
242		foreach (self::$queries as $key => $val) {
243		$params = empty(self::$params[$key]) ? null : htmlentities(print_r(self::$params[$key], 1), null, 'UTF-8') . '<br/><br/>';
244		$html .= htmlentities($val, null, 'UTF-8') . '<br/><br/>' . $params;
245		}
246
247		return $html . '</pre>';
248		}
249
250
251
252		/**
253		* Extend params array to support arrays in it, extract array items and add to $params and insert ? for each entry.
254		*
255		* @param string $query as the query to prepare.
256		* @param array $params the parameters that may contain arrays.
257		*
258		* @return array with query and params.
259		*/
260	6	protected function expandParamArray($query, $params)
261		{
262	6	$param = [];
263	6	$offset = -1;
264
265	6	foreach ($params as $val) {
		0 ignored issues – show Coding Style introduced 2019-04-09 20:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this Blank line found at start of control structure Loading history...
266
267	2	$offset = strpos($query, '?', $offset + 1);
268
269	2	if (is_array($val)) {
		0 ignored issues – show Coding Style introduced 2019-04-09 20:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this Blank line found at start of control structure Loading history...
270
271		$nrOfItems = count($val);
272
273		if ($nrOfItems) {
274		$query = substr($query, 0, $offset) . str_repeat('?,', $nrOfItems - 1) . '?' . substr($query, $offset + 1);
275		$param = array_merge($param, $val);
276		} else {
277		$param[] = null;
278		}
279		} else {
280	2	$param[] = $val;
281		}
282	6	}
283
284	6	return array($query, $param);
285		}
286
287
288
289		/**
290		* Execute a select-query with arguments and return all resultset.
291		*
292		* @param string $query the SQL query with ?.
293		* @param array $params array which contains the argument to replace ?.
294		*
295		* @return array with resultset.
296		*/
297	1	public function executeFetchAll(
298		$query = null,
299		$params = []
300		) {
301
302	1	$this->execute($query, $params);
303	1	return $this->fetchAll();
304		}
305
306
307
308		/**
309		* Execute a select-query with arguments and return one resultset.
310		*
311		* @param string $query the SQL query with ?.
312		* @param array $params array which contains the argument to replace ?.
313		*
314		* @return array with resultset.
315		*/
316		public function executeFetchOne(
317		$query = null,
318		$params = []
319		) {
320
321		$this->execute($query, $params);
322		return $this->fetchOne();
323		}
324
325
326
327		/**
328		* Fetch all resultset from previous select statement.
329		*
330		* @return array with resultset.
331		*/
332	1	public function fetchAll()
333		{
334	1	return $this->stmt->fetchAll();
335		}
336
337
338
339		/**
340		* Fetch one resultset from previous select statement.
341		*
342		* @return array with resultset.
343		*/
344		public function fetchOne()
345		{
346		return $this->stmt->fetch();
347		}
348
349
350
351		/**
352		* Fetch one resultset from previous select statement as an object.
353		*
354		* @param object $class which type of object to instantiate.
355		*
356		* @return array with resultset.
357		*/
358		public function fetchObject($class)
359		{
360		return $this->stmt->fetchObject($class);
361		}
362
363
364
365		/**
366		* Fetch one resultset from previous select statement as an object.
367		*
368		* @param object $object to insert values into.
369		*
370		* @return array with resultset.
371		*/
372		public function fetchInto($object)
373		{
374		$this->stmt->setFetchMode(\PDO::FETCH_INTO, $object);
375		return $this->stmt->fetch();
376		}
377
378
379
380		/**
381		* Execute a SQL-query and ignore the resultset.
382		*
383		* @param string $query the SQL query with ?.
384		* @param array $params array which contains the argument to replace ?.
385		*
386		* @throws Exception when failing to prepare question.
387		*
388		* @return boolean returns TRUE on success or FALSE on failure.
389		*/
390	6	public function execute(
391		$query = null,
392		$params = []
393		) {
394
395	6	if (is_null($query)) {
396	4	$query = $this->getSQL();
397	6	} else if (is_array($query)) {
398	1	$params = $query;
399	1	$query = $this->getSQL();
400	1	}
401
402	6	list($query, $params) = $this->expandParamArray($query, $params);
403
404	6	self::$queries[] = $query;
405	6	self::$params[] = $params;
406	6	self::$numQueries++;
407
408	6	if ($this->options['verbose']) {
409		echo "<p>Num query = "
410		. self::$numQueries
411		. "</p><p>Query = </p><pre>"
412		. htmlentities($query)
413		. "</pre>"
414		. (empty($params)
415		? null
416		: "<p>Params:</p><pre>" . htmlentities(print_r($params, 1)) . "</pre>"
417		);
418		}
419
420	6	$this->stmt = $this->db->prepare($query);
421
422	6	if (!$this->stmt) {
423		$msg = "Error in preparing query: "
424		. $this->db->errorCode()
425		. " "
426		. htmlentities(print_r($this->db->errorInfo(), 1));
427		throw new \Exception($msg);
428		}
429
430	6	$res = $this->stmt->execute($params);
431
432	6	if (!$res) {
433		$msg = "Error in executing query: "
434		. $this->stmt->errorCode()
435		. " "
436		. htmlentities(print_r($this->stmt->errorInfo(), 1));
437		throw new \Exception($msg);
438		}
439
440	6	return $res;
441		}
442
443
444
445		/**
446		* Return last insert id.
447		*/
448	1	public function lastInsertId()
449		{
450	1	return $this->db->lastInsertId();
451		}
452
453
454
455		/**
456		* Return rows affected of last INSERT, UPDATE, DELETE
457		*/
458		public function rowCount()
459		{
460		return is_null($this->stmt)
461		? $this->stmt
462		: $this->stmt->rowCount();
463		}
464		}
465

mosbth / cdatabase

Issues (12)

Security Analysis no request data

src/Database/CDatabaseBasic.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like