brennen
/
quasicms
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
A Qcodo based CMS/ecommerce framework
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
3.2 MiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
quasicms/core/classes/QuasiMysql.class.php

374 lines
13 KiB
Raw Permalink Normal View History

Import from svn
12 years ago
 
  1. <?php
  2. 

  3. /**
  4. * QuasiMysql - driver class for a MySQL database server.
  5. *   This class inherits QuasiDBI, implementing the actual
  6. * connection and query methods. Do _not_ use this class 
  7. * directly! Use QuasiDBI::getInstance() to retrieve a dbi object
  8. * or QuasiDBI::getInstance()->method().
  9. *
  10. * Note: We use the newer mysqli functions so this requires PHP5
  11. * and MySQL 4.1 and above.
  12. *
  13. * @author Erik Winn <ewinn@erikwinn.com>
  14. *
  15. * $Id: QuasiMysql.class.php 97 2008-08-29 21:36:11Z erikwinn $
  16. *
  17. *@version 0.2
  18. *
  19. * @copyright Erik Winn 2008
  20. * @license GPL v.2
  21. * @class
  22. */
  23. 

  24. 

  25. class QuasiMysql extends QuasiDBI
  26. {
  27.   
  28. /** connect()
  29. * Connects to the db server, setting $objDatabaseHandle to the current link to db
  30. *@access public
  31. * @return boolean true on success or false
  32. */
  33.   
  34.     public function connect()
  35.     {
  36.         // We don't handle persistent connections.  Yet, at least.

  37.         // if( defined(USE_PCONNECT) && USE_PCONNECT == true );

  38. 

  39.         $this->objDatabaseHandle = mysqli_init();
  40. 

  41.         /* If DB_USE_SSL is defined, we attempt to set some parameters.  A client key,
  42.         client certificate, and CA certificate matching the one on the server
  43.         must be available on the local filesystem. */
  44. 

  45.         if ( defined('DB_USE_SSL') && true === DB_USE_SSL )
  46.             $this->objDatabaseHandle->ssl_set(DB_SSL_KEY, DB_SSL_CERT, DB_SSL_CA_CERT, null, null);
  47. 

  48.         $this->objDatabaseHandle->real_connect($this->strDatabaseServer,
  49.                                                                             $this->strUsername,
  50.                                                                             $this->strPassword,
  51.                                                                             $this->strDatabase);
  52. 

  53.         /* make sure we are connected */
  54.         if (mysqli_connect_errno())
  55.         {
  56.             $this->strErrors .= "Connection to database failed in QuasiMysql: " . mysqli_connect_error() . "\n";
  57.             $this->blnIsConnected = false;
  58.             return false;
  59.         }
  60. 

  61.         $this->blnIsConnected = true;
  62.         return true;
  63.     }
  64. 

  65.     /** disconnect()
  66.     * Closes current connection.
  67.     *@access public
  68.     * 
  69.     */
  70.     public function disconnect()
  71.     {
  72.         if($this->objDatabaseHandle)
  73.             $this->objDatabaseHandle->close();
  74.         $this->blnIsConnected = false;
  75.     }
  76. 

  77.     /** getInsertId()
  78.     * Returns the insert id of the most recent insert action.
  79.     *@access public
  80.     * @return integer insert id of last query.
  81.     */
  82.     public function getInsertId()
  83.     {
  84.         if($this->objDatabaseHandle)
  85.             return $this->objDatabaseHandle->insert_id;
  86.         return 0;
  87.     }
  88. 

  89.     /** doQuery()
  90.     * Send a preformatted (i.e. complete) query to the server.
  91.     * NOTE:With out the second parameter, this stores the result in
  92.     * $objResultSet which we manage internally -- CAUTION: if you
  93.     * intend to conduct new queries in a loop based on data from rows in the
  94.     * first result set, you MUST accept the result set handle and pass
  95.     * it to nextRow or else the rows from the first query _will_ be overwritten!!
  96.     * 
  97.     *@access public
  98.     *@param string strQuery string
  99.     *@param boolean blnReturnResultSet - return a copy of the result set
  100.     *@param boolean blnUnbuffered - use MYSQLI_USE_RESULT, ie. do not buffer results on the server
  101.     * @return mixed mysqli_result on success or false
  102.     */
  103.     public function doQuery($strQuery, $blnReturnResultSet=false, $blnUnbuffered=true )
  104.     {// todo - optionally use MYSQLI_USE_RESULT, set in config?

  105.         if(! $this->objDatabaseHandle)
  106.             return false;
  107.         
  108.         // clean up the string

  109.         if($this->isBad($strQuery))
  110.             return false;
  111. 

  112.         $objResultSet = $this->objDatabaseHandle->query($strQuery);
  113.         
  114.         if($objResultSet === false)
  115.         { //query of any kind failed ..

  116.         $this->strDbErrors .= $this->objDatabaseHandle->error;
  117.             return false;
  118.         }
  119. 

  120.         if($blnReturnResultSet)
  121.             return $objResultSet;
  122.         else
  123.             $this->objResultSet =& $objResultSet;
  124.         
  125.         return $this->objResultSet;
  126.     }
  127. 

  128.     /** nextRow()
  129.     * Fetches the next row of most recent result set as an associative array,
  130.     * where $key = column name and $value = column value.
  131.     * Optionally, you may provide the parameter false to return a simple
  132.     * numerically indexed array of column values.
  133.     *  Returns 0 after last row.
  134.     *
  135.     * You may optionally provide the result set through which to iterate
  136.     * as the first parameter - by default we use the result set internal
  137.     * to this class.
  138.     *
  139.     *@access public
  140.     *@param object $objResultSet - object of type mysqli_result
  141.     *@param boolean $blnReturnAssocArray=true returns an associative array, or false for numerical index keys
  142.     * @return mixed object|integer
  143.     */
  144.     public function nextRow($objResultSet=NULL,$blnReturnAssocArray=true)
  145.     {
  146.         if(!$this->getNumRows() && ! $objResultSet)
  147.             return 0;
  148.         if( ! $objResultSet)
  149.         {
  150.             if($blnReturnAssocArray)
  151.                 return $this->objResultSet->fetch_assoc();
  152.             else   // numerical indices ..

  153.                 return $this->objResultSet->fetch_array();
  154.         }
  155.         //use provided result set ..

  156.         if($blnReturnAssocArray)
  157.             return $objResultSet->fetch_assoc();
  158.         else   // numerical indices ..

  159.             return $objResultSet->fetch_array();
  160.     }
  161. 

  162.     /** getDbError()
  163.     *Returns a string containing the db error from the last query
  164.     * including errorno...
  165.     *@access public
  166.     * @return string errors
  167.     */
  168.     public function getDbError()
  169.     {
  170.         //erm, this is confused ..todo: work out sensible error reporting ..

  171.         if($this->objDatabaseHandle->errorno)
  172.             $this->strDbErrors = $this->objDatabaseHandle->error . "\n Error No.:" . $this->objDatabaseHandle->errorno ;
  173.         return  $this->strDbErrors;
  174.     }
  175.     
  176.     /** insertArray
  177.     *  Perform a simple insert or update on a specified table with
  178.     * an array - adds a where clause filter when using UPDATE,
  179.     *  eg. $where = "name like 'joe' ", or $where = " id = $idno ".
  180.     *
  181.     * $aryValues must be an associative array in the format:
  182.     *      'columname' = 'columnvalue'
  183.     * Examples:
  184.         insertArray($tablename, array('col1'=>'bar', 'col2' = 'baz') )
  185.         insertArray($tablename, array('col1'=>'bar', 'col2' = 'baz'), 'update', $where )
  186.     *
  187.     *
  188.     *@access public
  189.     *@param string $strTable - which table to address
  190.     *@param object $aryValues - assoc array of values to insert|update
  191.     *@param string $strAction - may be either INSERT or UPDATE (case insensitive)
  192.     *@param string $where - optional WHERE [conditions]
  193.     *
  194.     * @return boolean true on success or false
  195.     */
  196.     public function insertArray( $strTable, $aryValues, $strAction = "INSERT", $where = '')
  197.     {
  198.         if(!is_array($aryValues) || !isset($aryValues))
  199.         {
  200.             $this->strErrors .= "insertArray called with bad array ..";
  201.             return false;
  202.         }
  203.         $strAction = trim(strtoupper($strAction));
  204.         $numcols = count($aryValues);
  205.         $strQuery = '';
  206.         if($strAction == 'INSERT')
  207.         {
  208.             $strQuery = 'INSERT INTO ' . $strTable;
  209.             $cols = ' (';
  210.             $vals = ' VALUES (';
  211.             $i=0;
  212.             foreach($aryValues as $col => $val)
  213.             {
  214.                 $i++;
  215.                 $end =  $i < $numcols ? ", " : ") ";
  216.                 //if(empty($val))     continue;

  217.                 $cols .= $col . $end;
  218.                 if(trim(strtoupper($val)) === "NOW()" || trim(strtoupper($val)) === "NULL")
  219.                     $vals .= $val;
  220.                 else
  221.                     $vals .= " '" . $val . "' ";
  222.                 $vals .= $end;
  223.             }
  224.             $strQuery .= $cols . $vals;
  225.         }
  226.         elseif($strAction == 'UPDATE')
  227.         {
  228.             $strQuery = 'UPDATE ' . $strTable . ' SET ';
  229.             $cols = '';
  230.             $i=0;
  231.             foreach($aryValues as $col => $val)
  232.             {
  233.                 $i++;
  234.                 $end =  $i < $numcols ? ", " : " ";
  235.                 //if(empty($val))  continue;

  236.                 $cols .= $col . ' = ';
  237.                 if(trim(strtoupper($val)) === "NOW()" || trim(strtoupper($val)) === "NULL")
  238.                     $vals = $val;
  239.                 else
  240.                     $vals = " '" . $val . "' ";
  241.                 $cols .= $vals . $end;
  242.             }
  243.             $strQuery .= $cols;
  244.         }
  245.         if(!empty($where))
  246.             $strQuery .= ' WHERE ' . $where;
  247. 

  248.         return $this->doQuery($strQuery);
  249.         
  250.     }
  251. 

  252.     /** getNumRows() 
  253.     * Returns the number of rows in the most recent result set.
  254.     * Note: if you are using a returned objResultSet from doQuery($strQuery,true)
  255.     * you _must_ provide it as a parameter to get an accurate count.
  256.     *
  257.     *@access public
  258.     *
  259.     *@param object $objResultSet - object of type mysqli_result
  260.     * @return integer number of rows
  261.     */
  262.     public function getNumRows($objResultSet=NULL)
  263.     {
  264.         if($objResultSet)
  265.             return $objResultSet->num_rows;
  266.         
  267.         if(!$this->objDatabaseHandle || !$this->objResultSet)
  268.             return 0;
  269.         return $this->objResultSet->num_rows;
  270.     }
  271. 

  272.     /** getAffectedRows() 
  273.     * Returns the number of rows affected by the most recent query.
  274.     * Note: if you are using a returned objResultSet from doQuery($strQuery,true)
  275.     * you _must_ provide it as a parameter to get an accurate count.
  276.     *
  277.     *@access public
  278.     *
  279.     *@param object $objResultSet - object of type mysqli_result
  280.     * @return integer number of rows
  281.     */
  282.     public function getAffectedRows($objResultSet=NULL)
  283.     {
  284.         if($objResultSet)
  285.             return $objResultSet->affected_rows;
  286.         
  287.         if(!$this->objDatabaseHandle || !$this->objResultSet)
  288.             return 0;
  289.         return $this->objResultSet->affected_rows;
  290.     }
  291. 

  292.     
  293.     /** prepInput()
  294.     * Returns a string suitable for database input with escaped
  295.     * single quotes, slashes, etc.. Use this to clean up a string or
  296.     * array of strings from the outside world before constructing
  297.     * a query. Note: do not use this on the whole query esp. if you have
  298.     * single quotes in eg. the where clause - that will cause a mysql error.
  299.     * Note also that we trim whitespace from input string.
  300.     * Example:
  301.     *  $safe = $dbi->prepInput($_GET[unsafe]);
  302.     * $query = 'SELECT foo FROM table WHERE bar LIKE \'' . $safe . '\' [AND other conditions ] ';
  303.     * Wrong:  $dbi->prepare($query);
  304.     * Characters escaped are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z.

  305.     *
  306.     *  !! RUDENESS ALERT !! If input has MySQL injection attempts like LOAD DATA
  307.     * ( see QuasiDBI::BADNESS ) this will return an empty string!!!
  308.     *
  309.     *@access public
  310.     *@param string | array $input string or array to process
  311.     * @return mixed string|array  query safe string or array
  312.     */
  313.     public function prepInput($input)
  314.     {
  315.         if(!$this->objDatabaseHandle ) //shouldn't happen but momma's don't need objDatabaseHandle so ..

  316.         return parent::prepInput($input);
  317.         if(is_string($input))
  318.         {
  319.             // remove magic quotes and let mysqli escape the string below

  320.             if(get_magic_quotes_gpc())
  321.                 $t_input = trim(stripslashes($input));
  322.             else
  323.                 $t_input = trim($input);
  324.                 
  325.             // check for prohibited SQL ..

  326.             if($this->isBad($t_input))
  327.             {//TODO: - error msg ..

  328.                 $t_input = "";
  329.                 return $t_input;
  330.             }
  331.             return $this->objDatabaseHandle->escape_string( $t_input);
  332.         }
  333.         elseif (is_array($input))
  334.         {
  335.             foreach($input as $key => &$value)
  336.                 $input[$key] = $this->prepInput($value);
  337.             return $input;
  338.         } else 
  339.             return $input;
  340.     }
  341.     
  342.     /**changeDatabase
  343.     *Resets the default database for queries and ensures that there
  344.     * is a valid connection. returns false if this fails or if there
  345.     * is not a valid objDatabaseHandle, or if connect fails ..
  346.     *@access public
  347.     *@param string $strNewDatabase - new database name
  348.     * @return boolean true on success or false
  349.     */  
  350.     public function changeDatabase($strNewDatabase)
  351.     {
  352.         if(!$this->objDatabaseHandle )
  353.         {
  354.             $this->strDbErrors .= "Change database called with no objDatabaseHandle!!";
  355.             return false;
  356.         }
  357.         
  358.         $this->setDbName($strNewDatabase);
  359.         if(!$this->isConnected())
  360.             return $this->connect();
  361.         else
  362.             return $this->objDatabaseHandle->select_db($strNewDatabase);
  363.     }
  364. 

  365.  /**
  366. *just a comment template - ignore at will ..
  367. *@access public
  368. *@param string foo
  369. * @return boolean true on success or false
  370. */
  371.   
  372. }
  373. 

  374. ?>