<?php
/************************************************************************
- * MXChange v0.2.1 Start: 08/29/2004 *
- * =============== Last change: 08/29/2004 *
+ * Mailer v0.2.1-FINAL Start: 08/29/2004 *
+ * =================== Last change: 08/29/2004 *
* *
* -------------------------------------------------------------------- *
- * File : lib.php *
+ * File : lib-mysql3.php *
* -------------------------------------------------------------------- *
- * Short description : *
+ * Short description : Database layer for MySQL 3/4/5 server *
* -------------------------------------------------------------------- *
- * Kurzbeschreibung : *
+ * Kurzbeschreibung : Datenbankschicht fuer MySQL 3/4/5 Server *
* -------------------------------------------------------------------- *
- * *
+ * $Revision:: $ *
+ * $Date:: $ *
+ * $Tag:: 0.2.1-FINAL $ *
+ * $Author:: $ *
* -------------------------------------------------------------------- *
- * Copyright (c) 2003 - 2008 by Roland Haeder *
- * For more information visit: http://www.mxchange.org *
+ * Copyright (c) 2003 - 2009 by Roland Haeder *
+ * Copyright (c) 2009 - 2013 by Mailer Developer Team *
+ * For more information visit: http://mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
- require($INC);
-}
+if (!defined('__SECURITY')) {
+ die();
+} // END - if
// SQL queries
-function SQL_QUERY($sql_string, $F, $L) {
- global $link, $CSS, $_CONFIG, $OK;
+function sqlQuery ($sqlString, $file, $line, $enableCodes = TRUE) {
+ // Is there cache?
+ if (!isset($GLOBALS[__FUNCTION__][$sqlString])) {
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Called: ' . $sqlString);
- // Remove \t, \n and \r from queries they may confuse some MySQL version I have heard
- $sql_string = str_replace("\t", " ", str_replace("\n", " ", str_replace("\r", " ", $sql_string)));
+ // Trim SQL string
+ $sqlStringModified = trim($sqlString);
- // Run SQL command
- $result = @mysql_query($sql_string, $link)
- or ADD_FATAL($F." (".$L."):".mysql_error()."<br />
-".MYSQL_QUERY_STRING."<br />
-".$sql_string);
-
- // Count this query
- if (!isset($_CONFIG['sql_count'])) $_CONFIG['sql_count'] = 0;
- $_CONFIG['sql_count']++;
-
- // Debug output
- //* DEBUG: */ print "Query=<pre>".$sql_string."</pre>, affected=<b>".SQL_AFFECTEDROWS()."</b>, numrows=<b>".SQL_NUMROWS($result)."</b><br />\n";
-
- if (($CSS != "1") && ($CSS != "-1") && (isBooleanConstantAndTrue('DEBUG_MODE')) && (DEBUG_SQL)) {
- //
- // Debugging stuff...
- //
- $fp = @fopen(PATH."debug.log", 'a') or mxchange_die("Cannot write debug.log!");
- if (!isset($OK)) {
- // Write first entry
- fwrite($fp, "Module=".$GLOBALS['module']."\n");
- $OK = true;
+ // Empty query string or link is not up?
+ if (empty($sqlStringModified)) {
+ // Empty SQL string!
+ reportBug(__FUNCTION__, __LINE__, sprintf("SQL string is empty, please fix this: file=%s, line=%s",
+ basename($file),
+ $line
+ ));
+ } elseif (!isSqlLinkUp()) {
+ // We should not quietly ignore this
+ reportBug(__FUNCTION__, __LINE__, sprintf("Cannot query database: sqlString=%s,file=%s,line=%s",
+ $sqlStringModified,
+ basename($file),
+ $line
+ ));
}
- fwrite($fp, $F."(LINE=".$L."|NUM=".SQL_NUMROWS($result)."|AFFECTED=".SQL_AFFECTEDROWS()."): ".str_replace('\r', "", str_replace('\n', " ", $sql_string))."\n");
- fclose($fp);
- }
- // Count DB hits
- if (!isset($_CONFIG['db_hits'])) {
- // Count in dummy variable
- $_CONFIG['db_hits'] = 0;
+ // Remove \t, \n and \r from queries they may confuse some MySQL versions
+ $sqlStringModified = str_replace(array(chr(9), PHP_EOL, chr(13)), array(' ', ' ', ' '), $sqlStringModified);
+
+ // Compile config entries out
+ $sqlStringModified = sqlPrepareQueryString($sqlStringModified, $enableCodes);
+
+ // Cache it and remember as last SQL query
+ $GLOBALS[__FUNCTION__][$sqlString] = $sqlStringModified;
+ $GLOBALS['last_sql'] = $sqlStringModified;
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Stored cache: ' . $sqlStringModified);
+ } elseif (!isSqlLinkUp()) {
+ // Link went down while using cached SQL
+ reportBug(__FUNCTION__, __LINE__, 'Link went down while using cached SQL: sqlString=' . $sqlString . ',file=' . basename($file) . ',line=' . $line . ',enableCodes=' . intval($enableCodes));
} else {
- // Count to config array
- $_CONFIG['db_hits']++;
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Cache used: ' . $sqlString);
+
+ // Use cache (to save a lot function calls
+ $GLOBALS['last_sql'] = $GLOBALS[__FUNCTION__][$sqlString];
+
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Cache is: ' . $sqlString);
}
+
+ // Starting time
+ $querytimeBefore = microtime(TRUE);
+
+ // Run SQL command
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'file=' . basename($file) . ',line=' . $line . ',sql=' . $GLOBALS['last_sql']);
+ $result = mysql_query($GLOBALS['last_sql'], getSqlLink())
+ or sqlError($file, $line, 'file='. basename($file) . ',line=' . $line . ':mysql_error()=' . mysql_error() . ',last_query=' . $GLOBALS['last_sql']);
+ //* DEBUG: */ logDebugMessage($file, $line, 'sql=' . $GLOBALS['last_sql'] . ',affected=' . sqlAffectedRows() . ',numRows='.(is_resource($result) ? sqlNumRows($result) : gettype($result)));
+
+ // Calculate query time
+ $queryTime = microtime(TRUE) - $querytimeBefore;
+
+ // Add this query to array including timing
+ addSqlToDebug($result, $GLOBALS['last_sql'], $queryTime, $file, $line);
+
+ // Save last successfull query
+ setConfigEntry('db_last_query', $GLOBALS['last_sql']);
+
+ // Count all query times
+ incrementConfigEntry('sql_time', $queryTime);
+
+ // Count this query
+ incrementConfigEntry('sql_count');
+
+ // Debug output
+ if (isSqlDebugEnabled()) {
+ // Is this the first call?
+ if (!isset($GLOBALS['sql_first_entry'])) {
+ // Write first entry
+ appendLineToFile(getCachePath() . 'mysql.log', 'Module=' . getModule());
+ $GLOBALS['sql_first_entry'] = TRUE;
+ } // END - if
+
+ // Append debug line
+ appendLineToFile(getCachePath() . 'mysql.log', basename($file) . '|LINE=' . $line . '|NUM=' . (is_resource($result) ? sqlNumRows($result) : 'false') . '|AFFECTED=' . sqlAffectedRows() . '|QUERYTIME:' . ($queryTime * 1000) . 'ms): ' . str_replace(array(chr(13), PHP_EOL), array('', ' '), $GLOBALS['last_sql']));
+ } // END - if
+
+ // Increment stats entry
+ incrementStatsEntry('db_hits');
+
+ // Return the result
return $result;
}
// SQL num rows
-function SQL_NUMROWS($result) {
- if ($result != false) {
- $lines = @mysql_num_rows($result);
- if (empty($lines)) $lines = "0";
+function sqlNumRows ($resource) {
+ // Valid link resource?
+ if (!isSqlLinkUp()) return FALSE;
+
+ // Link is not up, no rows by default
+ $lines = FALSE;
+
+ // Is the result a valid resource?
+ if (isset($GLOBALS['sql_numrows'][intval($resource)])) {
+ // Use cache
+ $lines = $GLOBALS['sql_numrows'][intval($resource)];
+ } elseif (is_resource($resource)) {
+ // Get the count of rows from database
+ $lines = mysql_num_rows($resource);
+ // Remember it in cache
+ $GLOBALS['sql_numrows'][intval($resource)] = $lines;
} else {
- // No resource given, no lines found!
- $lines = "0";
+ // No resource given, please fix this
+ reportBug(__FUNCTION__, __LINE__, 'No resource given! result[]=' . gettype($resource) . ',last_sql=' . $GLOBALS['last_sql']);
}
+
+ // Return lines
return $lines;
}
// SQL affected rows
-function SQL_AFFECTEDROWS($lnk="x", $F="dummy", $L="dummy") {
- global $link;
- // $lnk will be ignored for now!
- $lines = @mysql_affected_rows($link);
+function sqlAffectedRows () {
+ // Valid link resource?
+ if (!isSqlLinkUp()) return FALSE;
+
+ // Get affected rows
+ $lines = mysql_affected_rows(getSqlLink());
+
+ // Return it
return $lines;
}
// SQL fetch row
-function SQL_FETCHROW($result) {
- $DATA = array();
- $DATA = @mysql_fetch_row($result);
- return $DATA;
+function sqlFetchRow ($resource) {
+ // Is $resource valid?
+ if ((!is_resource($resource)) || (!isSqlLinkUp())) return FALSE;
+
+ // Fetch the data and return it
+ return mysql_fetch_row($resource);
}
// SQL fetch array
-function SQL_FETCHARRAY($res=false, $nr=0, $remove_numerical=true) {
- // Is a result resource set?
- if (!$res) return false;
-
- // Initialize array
- $row = array();
+function sqlFetchArray ($resource) {
+ // Is $resource valid?
+ if ((!is_resource($resource)) || (!isSqlLinkUp())) return FALSE;
- // Load row from database
- $row = @mysql_fetch_array($res);
+ // Load row as array from database
+ $row = mysql_fetch_assoc($resource);
// Return only arrays here
if (is_array($row)) {
- // Shall we remove numerical data here automatically?
- if ($remove_numerical) {
- // So let's remove all numerical elements to save memory!
- $max = count($row);
- for ($idx = 0; $idx < ($max / 2); $idx++) {
- // Remove entry
- unset($row[$idx]);
- }
- }
-
// Return row
return $row;
} else {
- // Return a false here...
- return false;
+ // Return a false, else some loops would go endless...
+ return FALSE;
}
}
// SQL result
-function SQL_RESULT($res, $row, $field) {
- $result = @mysql_result($res, $row, $field);
+function sqlResult ($resource, $row, $field = '0') {
+ // Is $resource valid?
+ if ((!is_resource($resource)) || (!isSqlLinkUp())) return FALSE;
+
+ // Run the result command
+ $result = mysql_result($resource, $row, $field);
+
+ // ... and return the result
return $result;
}
+
// SQL connect
-function SQL_CONNECT($host, $login, $password, $F, $L) {
- $connect = @mysql_connect($host, $login, $password) or ADD_FATAL($F." (".$L."):".mysql_error());
- return $connect;
+function sqlConnectToDatabase ($host, $login, $password, $file, $line) {
+ // Try to connect
+ $linkResource = mysql_connect($host, $login, $password) or sqlError($file, $line, mysql_error());
+
+ // Set the link resource
+ if (is_resource($linkResource)) {
+ /*
+ * A non-resource (boolean) may happen on installation phase which
+ * shall not be set here. Only valid link resources shall be set so
+ * isSqlLinkUp() will only return 'true' if there is really a
+ * working database link.
+ */
+ setSqlLink(__FUNCTION__, __LINE__, $linkResource);
+
+ // Init charsets (UTF-8 is default now)
+ sqlQuery("SET
+ `character_set_results`='utf8',
+ `character_set_client`='utf8',
+ `character_set_connection`='utf8',
+ `character_set_database`='utf8',
+ `character_set_server`='utf8'", __FUNCTION__, __LINE__);
+ } // END - if
+
+ // Return the resource
+ //* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'linkResource[]=' . gettype($linkResource));
+ return $linkResource;
}
+
// SQL select database
-function SQL_SELECT_DB($dbName, $link, $F, $L) {
- $select = false;
- if (is_resource($link)) {
- $select = @mysql_select_db($dbName, $link) or ADD_FATAL($F." (".$L."):".mysql_error());
- }
- return $select;
+function sqlSelectDatabase ($dbName, $file, $line) {
+ // Is there still a valid link? If not, skip it.
+ if (!isSqlLinkUp()) return FALSE;
+
+ // Return the result
+ //* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'Selecting database ' . $dbName);
+ return mysql_select_db($dbName, getSqlLink()) or sqlError($file, $line, mysql_error());
}
+
// SQL close link
-function SQL_CLOSE($link, $F, $L) {
- global $_CONFIG, $cacheInstance, $cacheArray;
- if ((GET_EXT_VERSION("cache") >= "0.0.7") && (isset($_CONFIG['db_hits'])) && (isset($_CONFIG['cache_hits'])) && (is_object($cacheInstance))) {
- // Update counter for db/cache
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET db_hits=%d, cache_hits=%d WHERE config=0 LIMIT 1",
- array(bigintval($_CONFIG['db_hits']), bigintval($_CONFIG['cache_hits'])), __FILE__, __LINE__);
-
- // Update cache here
- if (GET_EXT_VERSION("cache") >= "0.1.2") {
- if ($cacheInstance->cache_file("config", true)) {
- // Replace data
- $cacheInstance->cache_replace("cache_hits", $_CONFIG['cache_hits'], "0", $cacheArray);
- $cacheInstance->cache_replace("db_hits" , $_CONFIG['db_hits'] , "0", $cacheArray);
- }
- }
- }
+function sqlCloseLink ($file, $line) {
+ // Is the link up?
+ if (!isSqlLinkUp()) {
+ // Skip double close
+ //* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'Called but no link is open.');
+ return FALSE;
+ } // END - if
- // Close database link
- $close = @mysql_close($link) or ADD_FATAL($F." (".$L."):".mysql_error());
+ // Close database link and forget the link
+ $close = mysql_close(getSqlLink()) or sqlError($file . ':' . __FUNCTION__, $line . ':' . __LINE__, mysql_error());
+
+ // Close link in this layer
+ unsetSqlLinkUp(__FUNCTION__, __LINE__);
+
+ // Return the result
+ //* DEBUG: */ logDebugMessage($file . ':' . __FUNCTION__, $line . ':' . __LINE__, 'close[' . gettype($close) . ']=' . intval($close));
return $close;
}
+
// SQL free result
-function SQL_FREERESULT($result) {
- $res = @mysql_free_result($result);
+function sqlFreeResult ($resource) {
+ if ((!is_resource($resource)) || (!isSqlLinkUp())) {
+ // Abort here
+ return FALSE;
+ } // END - if
+
+ // Free result
+ $res = mysql_free_result($resource);
+
+ // And return that result of freeing it...
return $res;
}
-// SQL string escaping
-function SQL_QUERY_ESC($qstring, $data, $file, $line, $run=true, $strip=true) {
- global $link;
- $eval = "\$query = sprintf(\"".$qstring."\"";
- foreach ($data as $var) {
- if (!empty($var)) {
- if ($strip) {
- $eval .= ", SQL_ESCAPE(\"".strip_tags($var)."\")";
- } else {
- $eval .= ", SQL_ESCAPE(\"".$var."\")";
- }
+
+// Get id from last INSERT command and secure id
+function getSqlInsertId () {
+ if (!isSqlLinkUp()) return FALSE;
+ return bigintval(mysql_insert_id());
+}
+
+// Escape a string for the database
+function sqlEscapeString ($str, $secureString = TRUE, $strip = TRUE) {
+ // Is there cache?
+ if (!isset($GLOBALS['sql_escapes']['' . $str . ''])) {
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ' - BEFORE!');
+
+ // Prepare the string here
+ $str = sqlPrepareQueryString($str);
+
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ' - AFTER!');
+
+ // Secure string first? (which is the default behaviour!)
+ if ($secureString === TRUE) {
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',strip=' . intval($strip) . ' - BEFORE!');
+
+ // Then do it here
+ $str = secureString($str, $strip);
+
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',strip=' . intval($strip) . ' - AFTER!');
+ } // END - if
+
+ // Init (invalid) value
+ $ret = '!INVALID!';
+
+ if (!isSqlLinkUp()) {
+ // Fall-back to escapeQuotes() when there is no link
+ $ret = escapeQuotes($str);
+ } elseif (function_exists('mysql_real_escape_string')) {
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str);
+
+ // The new and improved version
+ $ret = mysql_real_escape_string($str, getSqlLink());
+
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',ret=' . $ret);
+ } elseif (function_exists('mysql_escape_string')) {
+ // The obsolete function
+ $ret = mysql_escape_string($str, getSqlLink());
} else {
- $eval .= ", ''";
+ // If nothing else works, fall back to escapeQuotes() again
+ $ret = escapeQuotes($str);
}
- }
- $eval .= ");";
- //
- // Debugging
- //
- //$fp = fopen(PATH."escape_debug.log", 'a') or mxchange_die("Cannot write debug.log!");
- //fwrite($fp, $file."(".$line."): ".str_replace('\r', "", str_replace('\n', " ", $eval))."\n");
- //fclose($fp);
- eval($eval);
- if ($run) {
- // Run SQL query (default)
- return SQL_QUERY($query, $file, $line);
- } else {
- // Return secured string
- return $query;
- }
-}
-// Get ID from last INSERT command
-function SQL_INSERTID() {
- return @mysql_insert_id();
+
+ // Log message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',ret=' . $ret);
+
+ // Cache result
+ $GLOBALS['sql_escapes']['' . $str . ''] = $ret;
+ } // END - if
+
+ // Log message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',sql_escapes=' . $GLOBALS['sql_escapes']['' . $str . '']);
+
+ // Return it
+ return $GLOBALS['sql_escapes']['' . $str . ''];
}
-// Escape a string for the database
-function SQL_ESCAPE($str) {
- global $link;
- if (!is_resource($link)) {
- // Fall-back to addslashes() when there is no link
- return addslashes($str);
- }
- if (function_exists('mysql_real_escape_string')) {
- // The new and improved version
- return mysql_real_escape_string($str, $link);
- } elseif (function_exists('mysql_escape_string')) {
- // The obsulete function
- return mysql_escape_string($str, $link);
+// Log SQL errors to debug.log in installation phase or call reportBug()
+function sqlError ($file, $line, $message) {
+ // Remember plain error in last_sql_error
+ $GLOBALS['last_sql_error'] = mysql_error();
+
+ // Is login set?
+ if (!empty($GLOBALS['mysql']['login'])) {
+ // Secure login name in message
+ $message = str_replace($GLOBALS['mysql']['login'], '***', $message);
+ } // END - if
+
+ // Is database password set?
+ if (!empty($GLOBALS['mysql']['password'])) {
+ // Secure password in message
+ $message = str_replace($GLOBALS['mysql']['password'], '***', $message);
+ } // END - if
+
+ // Is database name set?
+ if (!empty($GLOBALS['mysql']['dbase'])) {
+ // Secure database name in message
+ $message = str_replace($GLOBALS['mysql']['dbase'], '***', $message);
+ } // END - if
+
+ // Is there installation phase?
+ if (isInstallationPhase()) {
+ /*
+ * In installation phase, we don't want SQL errors abort e.g. connection
+ * tests, so just log it away.
+ */
+ logDebugMessage($file, $line, $message);
} else {
- // If nothing else works
- return addslashes($str);
+ // Regular mode, then call reportBug()
+ reportBug($file, $line, $message);
}
}
-// SELECT query string from table, columns and so on... ;-)
-function SQL_RESULT_FROM_ARRAY ($table, $columns, $idRow, $id) {
- // Prepare the SQL statement
- $SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%d LIMIT 1";
- // Return the result
- return SQL_QUERY_ESC($SQL, array(bigintval($id)), __FILE__, __LINE__);
-}
-//
+// [EOF]
?>