2 /************************************************************************
3 * MXChange v0.2.1 Start: 08/29/2004 *
4 * =============== Last change: 08/29/2004 *
6 * -------------------------------------------------------------------- *
7 * File : lib-mysql3.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Database layer for MySQL +3.x server *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Datenbankschicht fuer MySQL +3.x Server *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2009 by Roland Haeder *
21 * For more information visit: http://www.mxchange.org *
23 * This program is free software; you can redistribute it and/or modify *
24 * it under the terms of the GNU General Public License as published by *
25 * the Free Software Foundation; either version 2 of the License, or *
26 * (at your option) any later version. *
28 * This program is distributed in the hope that it will be useful, *
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
31 * GNU General Public License for more details. *
33 * You should have received a copy of the GNU General Public License *
34 * along with this program; if not, write to the Free Software *
35 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
37 ************************************************************************/
39 // Some security stuff...
40 if (!defined('__SECURITY')) {
45 function SQL_QUERY ($sqlString, $F, $L) {
47 $sqlString = trim($sqlString);
50 if (!SQL_IS_LINK_UP()) {
51 // We should not quietly ignore this!
52 debug_report_bug(sprintf("Cannot query database: sqlString=%s,file=%s,line=%s",
58 // Return 'false' because it has failed
60 } elseif (empty($sqlString)) {
62 debug_report_bug(sprintf("SQL string is empty. Please fix this. file=%s, line=%s",
67 // This is invalid, of course
71 // Remove \t, \n and \r from queries they may confuse some MySQL version I have heard
72 $sqlString = str_replace("\t", ' ', str_replace("\n", ' ', str_replace("\r", ' ', $sqlString)));
75 $sqlString = FILTER_COMPILE_CONFIG($sqlString);
78 $querytimeBefore = array_sum(explode(' ', microtime()));
81 //* DEBUG: */ print($sqlString . '<br />');
82 $result = mysql_query($sqlString, SQL_GET_LINK())
83 or addFatalMessage(__FUNCTION__, __LINE__, $F . ' (' . $L . '):' . mysql_error() . '<br />
86 //* DEBUG: */ print(__LINE__ . ': numRows=' . SQL_NUMROWS($result) . ',affected=' . SQL_AFFECTEDROWS() . "<br />");
89 $querytimeAfter = array_sum(explode(' ', microtime()));
91 // Calculate query time
92 $queryTime = $querytimeAfter - $querytimeBefore;
94 // Add this query to array including timing
95 addSqlToDebug($result, $sqlString, $queryTime, $F, $L);
97 // Save last successfull query
98 setConfigEntry('db_last_query', $sqlString);
100 // Count all query times
101 incrementConfigEntry('sql_time', $queryTime);
104 incrementConfigEntry('sql_count');
107 if ((getOutputMode() != 1) && (isDebugModeEnabled()) && (isConfigEntrySet('DEBUG_SQL')) && (getConfig('DEBUG_SQL') == 'Y')) {
109 // Debugging stuff...
111 $fp = fopen(getConfig('CACHE_PATH') . 'mysql.log', 'a') or app_die(__FILE__, __LINE__, "Cannot write mysql.log!");
112 if (!isset($GLOBALS['sql_first_entry'])) {
114 fwrite($fp, 'Module=' . getModule() . "\n");
115 $GLOBALS['sql_first_entry'] = true;
117 fwrite($fp, $F . '(LINE=' . $L . '|NUM=' . SQL_NUMROWS($result) . '|AFFECTED=' . SQL_AFFECTEDROWS() . '|QUERYTIME:' . $queryTime . '): ' . str_replace("\r", '', str_replace("\n", ' ', $sqlString)) . "\n");
122 if (!isStatsEntrySet('db_hits')) {
123 // Count in dummy variable
124 setStatsEntry('db_hits', 1);
126 // Count to config array
127 incrementStatsEntry('db_hits');
135 function SQL_NUMROWS ($result) {
136 // Link is not up, no rows by default
139 // Is the result a valid resource?
140 if (is_resource($result)) {
141 // Get the count of rows from database
142 $lines = mysql_num_rows($result);
144 // Is the result empty? Then we have an error!
145 if (empty($lines)) $lines = 0;
146 } elseif (SQL_IS_LINK_UP()) {
147 // No resource given, no lines found!
156 function SQL_AFFECTEDROWS() {
157 // Valid link resource?
158 if (!SQL_IS_LINK_UP()) return false;
161 $lines = mysql_affected_rows(SQL_GET_LINK());
168 function SQL_FETCHROW ($result) {
169 // Is a result resource set?
170 if ((!is_resource($result)) || (!SQL_IS_LINK_UP())) return false;
172 // Fetch the data and return it
173 return mysql_fetch_row($result);
177 function SQL_FETCHARRAY ($res, $nr=0, $remove_numerical=true) {
178 // Is a result resource set?
179 if ((!is_resource($res)) || (!SQL_IS_LINK_UP())) return false;
184 // Load row from database
185 $row = mysql_fetch_array($res);
187 // Return only arrays here
188 if (is_array($row)) {
189 // Shall we remove numerical data here automatically?
190 if ($remove_numerical) {
191 // So let's remove all numerical elements to save memory!
193 for ($idx = 0; $idx < ($max / 2); $idx++) {
202 // Return a false here...
208 function SQL_RESULT ($res, $row, $field = 0) {
210 if ((!is_resource($res)) || (!SQL_IS_LINK_UP())) return false;
212 // Run the result command and return the result
213 $result = mysql_result($res, $row, $field);
218 function SQL_CONNECT ($host, $login, $password, $F, $L) {
220 $connect = mysql_connect($host, $login, $password) or addFatalMessage(__FUNCTION__, __LINE__, $F." (".$L."):".mysql_error());
222 // Set the link resource
223 SQL_SET_LINK($connect);
226 unset($GLOBALS['sql_link_res']);
229 // SQL select database
230 function SQL_SELECT_DB ($dbName, $F, $L) {
231 // Is there still a valid link? If not, skip it.
232 if (!SQL_IS_LINK_UP()) return false;
235 return mysql_select_db($dbName, SQL_GET_LINK()) or addFatalMessage(__FUNCTION__, __LINE__, $F." (".$L."):".mysql_error());
239 function SQL_CLOSE ($F, $L) {
240 if (!SQL_IS_LINK_UP()) {
245 // Close database link and forget the link
246 $close = mysql_close(SQL_GET_LINK())
247 or addFatalMessage(__FUNCTION__, __LINE__, $F . ' (' . $L . '):'.mysql_error());
253 unset($GLOBALS['sql_link_res']);
260 function SQL_FREERESULT ($result) {
261 if ((!is_resource($result)) || (!SQL_IS_LINK_UP())) {
266 $res = mysql_free_result($result);
270 // SQL string escaping
271 function SQL_QUERY_ESC ($qstring, $data, $F, $L, $run=true, $strip=true, $secure=true) {
273 if ((!SQL_IS_LINK_UP()) || (!is_array($data))) return false;
277 $dataSecured['__sql_string'] = $qstring;
278 foreach ($data as $key => $value) {
279 $dataSecured[$key] = SQL_ESCAPE($value, $secure, $strip);
283 $query = call_user_func_array('sprintf', $dataSecured);
285 /* Old eval() way... *
289 if ($strip === true) {
295 if ($secure === true) {
301 $eval = "\$query = sprintf(\"" . $qstring . "\"";
302 foreach ($data as $var) {
303 if ((!empty($var)) || ($var === 0)) {
304 $eval .= ", SQL_ESCAPE('" . $var . "', " . $secure . ', ' . $strip . ')';
314 //* DEBUG: */ $fp = fopen(getConfig('CACHE_PATH') . 'escape_debug.log', 'a') or app_die(__FILE__, __LINE__, "Cannot write debug.log!");
315 //* DEBUG: */ fwrite($fp, $F.'('.$L."): ".str_replace("\r", '', str_replace("\n", " ", $eval))."\n");
316 //* DEBUG: */ fclose($fp);
322 // Was the eval() command fine?
323 if ($query == 'failed') {
324 // Something went wrong?
325 debug_report_bug('eval=' . $eval);
330 // Run SQL query (default)
331 return SQL_QUERY($query, $F, $L);
333 // Return secured string
338 // Get ID from last INSERT command
339 function SQL_INSERTID () {
340 if (!SQL_IS_LINK_UP()) return false;
341 return mysql_insert_id();
344 // Escape a string for the database
345 function SQL_ESCAPE ($str, $secureString=true, $strip=true) {
347 if (isset($GLOBALS['sql_escapes'][$str])) {
348 // Then use it instead
349 return $GLOBALS['sql_escapes'][$str];
352 // Secure string first? (which is the default behaviour!)
353 if ($secureString === true) {
355 $str = secureString($str, $strip);
358 if (!SQL_IS_LINK_UP()) {
359 // Fall-back to smartAddSlashes() when there is no link
360 $ret = smartAddSlashes($str);
361 } elseif (function_exists('mysql_real_escape_string')) {
362 // The new and improved version
363 //* DEBUG: */ print(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):str={$str}<br />");
364 $ret = mysql_real_escape_string($str, SQL_GET_LINK());
365 } elseif (function_exists('mysql_escape_string')) {
366 // The obsolete function
367 $ret = mysql_escape_string($str, SQL_GET_LINK());
369 // If nothing else works, fall back to smartAddSlashes() again
370 $ret = smartAddSlashes($str);
374 $GLOBALS['sql_escapes'][$str] = $ret;
380 // SELECT query string from table, columns and so on... ;-)
381 function SQL_RESULT_FROM_ARRAY ($table, $columns, $idRow, $id, $F, $L) {
382 // Is columns an array?
383 if (!is_array($columns)) {
385 debug_report_bug(sprintf("columns is not an array. %s != array, file=%s, line=%s",
391 // Abort here with 'false'
395 // Prepare the SQL statement
396 $sql = "SELECT `".implode("`,`", $columns)."` FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`='%s' LIMIT 1";
399 return SQL_QUERY_ESC($sql,
408 // ALTER TABLE wrapper function
409 function SQL_ALTER_TABLE ($sql, $F, $L) {
410 // Abort if link is down
411 if (!SQL_IS_LINK_UP()) return false;
413 // This is the default result...
416 // Determine index/fulltext/unique word
419 strpos($sql, 'INDEX') === false
421 strpos($sql, 'FULLTEXT') === false
423 strpos($sql, 'UNIQUE') === false
427 // Extract table name
428 $tableArray = explode(" ", $sql);
429 $tableName = str_replace('`', '', $tableArray[2]);
431 // Shall we add/drop?
432 if (((strpos($sql, 'ADD') !== false) || (strpos($sql, 'DROP') !== false)) && ($noIndex === true)) {
433 // And column name as well
434 $columnName = str_replace('`', '', $tableArray[4]);
436 // Get column information
437 $result = SQL_QUERY_ESC("SHOW COLUMNS FROM `%s` LIKE '%s'",
438 array($tableName, $columnName), __FILE__, __LINE__);
440 // Do we have no entry on ADD or an entry on DROP?
441 // 123 4 4 3 3 4 4 32 23 4 4 3 3 4 4 321
442 if (((SQL_NUMROWS($result) == 0) && (strpos($sql, 'ADD') !== false)) || ((SQL_NUMROWS($result) == 1) && (strpos($sql, 'DROP') !== false))) {
444 //* DEBUG: */ print(__LINE__.':'.$sql."<br />");
445 $result = SQL_QUERY($sql, $F, $L, false);
447 } elseif ((getConfig('_TABLE_TYPE') == 'InnoDB') && (strpos($sql, 'FULLTEXT') !== false)) {
448 // Skip this query silently
449 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, sprintf("Skipped FULLTEXT: sql=%s,file=%s,line=%s", $sql, $F, $L));
450 } elseif ($noIndex === false) {
451 // And column name as well
452 $columnName = str_replace('`', '', $tableArray[4]);
454 // Is this "UNIQUE" or so? FULLTEXT has been handled the elseif() block above
455 if (in_array(strtoupper($columnName), array('INDEX', 'UNIQUE', 'KEY', 'FULLTEXT'))) {
457 $begin = 1; $columnName = ',';
458 while (strpos($columnName, ',') !== false) {
460 $columnName = str_replace('`', '', $tableArray[count($tableArray) - $begin]);
461 //* DEBUG: */ print(__LINE__.':'.$columnName."----------------".$begin."<br />");
464 $columnName = str_replace('(', '', str_replace(')', '', $columnName));
465 //* DEBUG: */ print(__LINE__.':'.$columnName."----------------".$begin."<br />");
473 $result = SQL_QUERY_ESC("SHOW INDEX FROM `%s`",
474 array($tableName), __FILE__, __LINE__);
478 while ($content = SQL_FETCHARRAY($result)) {
480 //* DEBUG: */ print("<pre>".print_r($content, true)."</pre>");
481 if (($content['Column_name'] == $columnName) || ($content['Key_name'] == $columnName)) {
483 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, sprintf("Skiped: %s", $sql));
490 SQL_FREERESULT($result);
493 if ($skip === false) {
494 // Send it to the SQL_QUERY() function
495 //* DEBUG: */ print(__LINE__.':'.$sql."<br />");
496 $result = SQL_QUERY($sql, $F, $L, false);
499 // Other ALTER TABLE query
500 //* DEBUG: */ print(__LINE__.':'.$sql."<br />");
501 $result = SQL_QUERY($sql, $F, $L, false);
508 // Getter for SQL link
509 function SQL_GET_LINK () {
513 // Is it in the globals?
514 if (isset($GLOBALS['sql_link'])) {
516 $link = $GLOBALS['sql_link'];
524 function SQL_SET_LINK ($link) {
525 // Is this a resource or null?
526 if ((!is_resource($link)) && (!is_null($link))) {
527 // This should never happen!
528 debug_report_bug(sprintf("link is not resource or null. Type: %s", gettype($link)));
532 $GLOBALS['sql_link'] = $link;
535 // Checks if the link is up
536 function SQL_IS_LINK_UP () {
540 // Do we have cached this?
541 if (isset($GLOBALS['sql_link_res'])) {
543 $linkUp = $GLOBALS['sql_link_res'];
546 $linkUp = is_resource(SQL_GET_LINK());
549 $GLOBALS['sql_link_res'] = $linkUp;