2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 06/12/2013 *
4 * =================== Last change: 06/12/2013 *
6 * -------------------------------------------------------------------- *
7 * File : lib-mysqli.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Database layer for MySQL 3/4/5 server (MySQLi) *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Datenbankschicht fuer MySQL 3/4/5 Server (MySQLi)*
12 * -------------------------------------------------------------------- *
13 * Copyright (c) 2003 - 2009 by Roland Haeder *
14 * Copyright (c) 2009 - 2016 by Mailer Developer Team *
15 * For more information visit: http://mxchange.org *
17 * This program is free software; you can redistribute it and/or modify *
18 * it under the terms of the GNU General Public License as published by *
19 * the Free Software Foundation; either version 2 of the License, or *
20 * (at your option) any later version. *
22 * This program is distributed in the hope that it will be useful, *
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
25 * GNU General Public License for more details. *
27 * You should have received a copy of the GNU General Public License *
28 * along with this program; if not, write to the Free Software *
29 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
31 ************************************************************************/
33 // Some security stuff...
34 if (!defined('__SECURITY')) {
39 function sqlQuery ($sqlString, $file, $line, $enableCodes = TRUE) {
41 if (!isset($GLOBALS[__FUNCTION__][$sqlString])) {
42 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Called: ' . $sqlString);
45 $sqlStringModified = trim($sqlString);
47 // Empty query string or link is not up?
48 if (empty($sqlStringModified)) {
50 reportBug(__FUNCTION__, __LINE__, sprintf('SQL string is empty, please fix this: file=%s, line=%s',
54 } elseif (!isSqlLinkUp()) {
55 // We should not quietly ignore this
56 reportBug(__FUNCTION__, __LINE__, sprintf('Cannot query database: sqlString=%s,file=%s,line=%s',
63 // Remove \t, \n and \r from queries they may confuse some MySQL versions
64 $sqlStringModified = str_replace(array(chr(9), PHP_EOL, chr(13)), array(' ', ' ', ' '), $sqlStringModified);
66 // Compile config entries out
67 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sqlStringModified=' . $sqlStringModified . ',enableCodes=' . intval($enableCodes));
68 $sqlStringModified = sqlPrepareQueryString($sqlStringModified, $enableCodes);
69 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sqlStringModified=' . $sqlStringModified . ',enableCodes=' . intval($enableCodes));
71 // Cache it and remember as last SQL query
72 $GLOBALS[__FUNCTION__][$sqlString] = $sqlStringModified;
73 $GLOBALS['last_sql'] = $sqlStringModified;
74 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Stored cache: ' . $sqlStringModified);
75 } elseif (!isSqlLinkUp()) {
76 // Link went down while using cached SQL
77 reportBug(__FUNCTION__, __LINE__, 'Link went down while using cached SQL: sqlString=' . $sqlString . ',file=' . basename($file) . ',line=' . $line . ',enableCodes=' . intval($enableCodes));
79 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Cache used: ' . $sqlString);
81 // Use cache (to save a lot function calls
82 $GLOBALS['last_sql'] = $GLOBALS[__FUNCTION__][$sqlString];
84 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Cache is: ' . $sqlString);
88 $querytimeBefore = microtime(TRUE);
91 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'file=' . basename($file) . ',line=' . $line . ',sql=' . $GLOBALS['last_sql']);
92 $result = mysqli_query(getSqlLink(), $GLOBALS['last_sql'])
93 or logSqlError($file, $line, 'file='. basename($file) . ',line=' . $line . ':mysqli_error()=' . mysqli_error(getSqlLink()) . ',last_query=' . $GLOBALS['last_sql']);
94 //* DEBUG: */ logDebugMessage($file, $line, 'sql=' . $GLOBALS['last_sql'] . ',affected=' . sqlAffectedRows() . ',numRows='.(isValidSqlLink($result) ? sqlNumRows($result) : gettype($result)));
96 // Calculate query time
97 $queryTime = microtime(TRUE) - $querytimeBefore;
99 // Add this query to array including timing
100 addSqlToDebug($result, $GLOBALS['last_sql'], $queryTime, $file, $line);
102 // Save last successfull query
103 setConfigEntry('db_last_query', $GLOBALS['last_sql']);
105 // Count all query times
106 incrementConfigEntry('sql_time', $queryTime);
109 incrementConfigEntry('sql_count');
112 if (isSqlDebugEnabled()) {
113 // Is this the first call?
114 if (!isset($GLOBALS['sql_first_entry'])) {
116 appendLineToFile(getCachePath() . 'mysql.log', 'Module=' . getModule());
117 $GLOBALS['sql_first_entry'] = TRUE;
121 appendLineToFile(getCachePath() . 'mysql.log', basename($file) . '|LINE=' . $line . '|NUM=' . (isValidSqlLink($result) ? sqlNumRows($result) : 'false') . '|AFFECTED=' . sqlAffectedRows() . '|QUERYTIME:' . ($queryTime * 1000) . 'ms): ' . str_replace(array(chr(13), PHP_EOL), array('', ' '), $GLOBALS['last_sql']));
124 // Increment stats entry
125 incrementStatsEntry('db_hits');
132 function sqlNumRows ($resource) {
133 // Valid link resource?
134 if (!isSqlLinkUp()) return FALSE;
136 // Get the count of rows from database
137 $lines = mysqli_num_rows($resource);
144 function sqlAffectedRows () {
145 // Valid link resource?
146 if (!isSqlLinkUp()) return FALSE;
149 $lines = mysqli_affected_rows(getSqlLink());
156 function sqlFetchRow ($resource) {
157 // Is $resource valid?
158 if ((!isValidSqlLink($resource)) || (!isSqlLinkUp())) return FALSE;
160 // Fetch the data and return it
161 return mysqli_fetch_row($resource);
165 function sqlFetchArray ($resource) {
166 // Is $resource valid?
167 if ((!isValidSqlLink($resource)) || (!isSqlLinkUp())) return FALSE;
169 // Load row as array from database
170 $row = mysqli_fetch_assoc($resource);
172 // Return only arrays here
173 if (is_array($row)) {
177 // Return a false, else some loops would go endless...
183 function sqlResult ($resource, $row, $field = '0') {
184 // Is $resource valid?
185 if ((!isValidSqlLink($resource)) || (!isSqlLinkUp())) return FALSE;
187 // Run the result command
188 $result = mysqli_result($resource, $row, $field);
190 // ... and return the result
195 function sqlConnectToDatabase ($host, $login, $password, $file, $line) {
197 $linkResource = mysqli_connect($host, $login, $password) or logSqlError($file, $line, mysqli_error(getSqlLink()));
199 // Set the link resource
200 if ($linkResource instanceof mysqli) {
202 * A non-resource (boolean) may happen on installation phase which
203 * shall not be set here. Only valid link resources shall be set so
204 * isSqlLinkUp() will only return 'true' if there is really a
205 * working database link.
207 setSqlLink($file . ':' . __FUNCTION__, $line . ':' . __LINE__, $linkResource);
209 // Init charsets (UTF-8 is default now)
211 `character_set_results`='utf8',
212 `character_set_client`='utf8',
213 `character_set_connection`='utf8',
214 `character_set_database`='utf8',
215 `character_set_server`='utf8'", $file . ':' . __FUNCTION__, $line . ':' . __LINE__);
217 // Disallow subtraction for unsigned columns
218 sqlQuery("SET `sql_mode`='NO_UNSIGNED_SUBTRACTION'", $file . ':' . __FUNCTION__, $line . ':' . __LINE__);
221 // Any errors encountered?
222 if (mysqli_connect_error()) {
223 // Something went horrible wrong
224 reportBug($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
227 // Return the resource
228 //* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'linkResource[]=' . gettype($linkResource));
229 return $linkResource;
232 // SQL select database
233 function sqlSelectDatabase ($dbName, $file, $line) {
234 // Is there still a valid link? If not, skip it.
235 if (!isSqlLinkUp()) return FALSE;
238 //* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'Selecting database ' . $dbName);
239 return mysqli_select_db(getSqlLink(), $dbName) or logSqlError($file, $line, mysqli_error(getSqlLink()));
243 function sqlCloseLink ($file, $line) {
245 if (!isSqlLinkUp()) {
247 //* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'Called but no link is open.');
251 // Close database link and forget the link
252 $close = mysqli_close(getSqlLink()) or logSqlError($file . ':' . __FUNCTION__, $line . ':' . __LINE__, mysqli_error(getSqlLink()));
254 // Close link in this layer
255 unsetSqlLinkUp(__FUNCTION__, __LINE__);
258 //* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'close[' . gettype($close) . ']=' . intval($close));
263 function sqlFreeResult ($resource) {
264 if ((!isValidSqlLink($resource)) || (!isSqlLinkUp())) {
270 $res = mysqli_free_result($resource);
272 // And return that result of freeing it...
276 // Get id from last INSERT command and secure id
277 function getSqlInsertId () {
278 if (!isSqlLinkUp()) return FALSE;
279 return bigintval(mysqli_insert_id(getSqlLink()));
282 // Escape a string for the database
283 function sqlEscapeString ($str, $secureString = TRUE, $strip = TRUE) {
285 if (!isset($GLOBALS['sql_escapes']['' . $str . ''])) {
287 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ' - BEFORE!');
289 // Prepare the string here
290 $str = sqlPrepareQueryString($str);
293 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ' - AFTER!');
295 // Secure string first? (which is the default behaviour!)
296 if ($secureString === TRUE) {
298 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',strip=' . intval($strip) . ' - BEFORE!');
301 $str = secureString($str, $strip);
304 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',strip=' . intval($strip) . ' - AFTER!');
307 // Init (invalid) value
310 if (!isSqlLinkUp()) {
311 // Fall-back to escapeQuotes() when there is no link
312 $ret = escapeQuotes($str);
313 } elseif (function_exists('mysqli_real_escape_string')) {
315 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str);
317 // The new and improved version
318 $ret = mysqli_real_escape_string(getSqlLink(), $str);
321 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',ret=' . $ret);
323 // If nothing else works, fall back to escapeQuotes() again
324 $ret = escapeQuotes($str);
328 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',ret=' . $ret);
331 $GLOBALS['sql_escapes']['' . $str . ''] = $ret;
335 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',sql_escapes=' . $GLOBALS['sql_escapes']['' . $str . '']);
338 return $GLOBALS['sql_escapes']['' . $str . ''];
341 // Set SQL error in global array
342 function setSqlError ($file, $line, $message) {
343 // Remember plain error in last_sql_error
344 $GLOBALS['last_sql_error'] = mysqli_error(getSqlLink());
347 // Checks whether given link is a valid SQL link
348 function isValidSqlLink ($linkInstance) {
350 $isValid = (($linkInstance instanceof mysqli) || ($linkInstance instanceof mysqli_result));
353 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'linkInstance[]=' . gettype($linkInstance). ',isValid=' . intval($isValid));
359 // Checks whether given result is really a result
360 function isSqlResult ($resultInstance) {
362 $isValid = ($resultInstance instanceof mysqli_result);
365 //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'resultInstance[]=' . gettype($resultInstance). ',isValid=' . intval($isValid));