X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=inc%2Fdb%2Flib-mysql3.php;h=b4e386ce8ea20a1835d8a4bea4be04d445c05938;hb=b73179774f08d52b76fe1836ab80f085f05f8e46;hp=9b42362a0f5336f7dfcd4e764992e4bdb85114d1;hpb=13c15f245f4635042918d1986a89910b676aae04;p=mailer.git
diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php
index 9b42362a0f..b4e386ce8e 100644
--- a/inc/db/lib-mysql3.php
+++ b/inc/db/lib-mysql3.php
@@ -10,9 +10,14 @@
* -------------------------------------------------------------------- *
* Kurzbeschreibung : Datenbankschicht fuer MySQL +3.x Server *
* -------------------------------------------------------------------- *
- * *
+ * $Revision:: $ *
+ * $Date:: $ *
+ * $Tag:: 0.2.1-FINAL $ *
+ * $Author:: $ *
+ * Needs to be in all Files and every File needs "svn propset *
+ * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
* -------------------------------------------------------------------- *
- * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * Copyright (c) 2003 - 2009 by Roland Haeder *
* For more information visit: http://www.mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
@@ -33,29 +38,52 @@
// Some security stuff...
if (!defined('__SECURITY')) {
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
- require($INC);
-}
+ die();
+} // END - if
// SQL queries
-function SQL_QUERY($sql_string, $F, $L) {
- global $link, $CSS, $_CONFIG, $OK;
+function SQL_QUERY ($sqlString, $F, $L) {
+ // Trim SQL string
+ $sqlString = trim($sqlString);
+
+ // Link is up?
+ if (!SQL_IS_LINK_UP()) {
+ // We should not quietly ignore this!
+ debug_report_bug(sprintf("Cannot query database: sqlString=%s,file=%s,line=%s",
+ $sqlString,
+ basename($F),
+ $L
+ ));
+
+ // Return 'false' because it has failed
+ return false;
+ } elseif (empty($sqlString)) {
+ // Empty SQL string!
+ debug_report_bug(sprintf("SQL string is empty. Please fix this. file=%s, line=%s",
+ basename($F),
+ $L
+ ));
+
+ // This is invalid, of course
+ return false;
+ }
// Remove \t, \n and \r from queries they may confuse some MySQL version I have heard
- $sql_string = str_replace("\t", " ", str_replace("\n", " ", str_replace("\r", " ", $sql_string)));
+ $sqlString = str_replace("\t", ' ', str_replace("\n", ' ', str_replace("\r", ' ', $sqlString)));
+
+ // Compile config out
+ $sqlString = FILTER_COMPILE_CONFIG($sqlString, true);
// Starting time
$querytimeBefore = array_sum(explode(' ', microtime()));
// Run SQL command
- //* DEBUG: */ echo $sql_string."
\n";
- $result = @mysql_query($sql_string, $link)
- or ADD_FATAL($F." (".$L."):".mysql_error()."
-".MYSQL_QUERY_STRING."
-".$sql_string);
-
- // Save last successfull query
- $_CONFIG['db_last_query'] = $sql_string;
+ //* DEBUG: */ print('F=' . basename($F) . ',L=' . $L . 'sql=' . $sqlString . '
');
+ $result = mysql_query($sqlString, SQL_GET_LINK())
+ or addFatalMessage(__FUNCTION__, __LINE__, $F . ' (' . $L . '):' . mysql_error() . '
+Query string:
+' . $sqlString);
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sql=' . $sqlString . ',numRows=' . SQL_NUMROWS($result) . ',affected=' . SQL_AFFECTEDROWS());
// Ending time
$querytimeAfter = array_sum(explode(' ', microtime()));
@@ -63,34 +91,40 @@ function SQL_QUERY($sql_string, $F, $L) {
// Calculate query time
$queryTime = $querytimeAfter - $querytimeBefore;
+ // Add this query to array including timing
+ addSqlToDebug($result, $sqlString, $queryTime, $F, $L);
+
+ // Save last successfull query
+ setConfigEntry('db_last_query', $sqlString);
+
+ // Count all query times
+ incrementConfigEntry('sql_time', $queryTime);
+
// Count this query
- if (!isset($_CONFIG['sql_count'])) $_CONFIG['sql_count'] = 0;
- $_CONFIG['sql_count']++;
+ incrementConfigEntry('sql_count');
// Debug output
- //* DEBUG: */ print "Query=
".$sql_string.", affected=".SQL_AFFECTEDROWS().", numrows=".SQL_NUMROWS($result)."
"; - debug_print_backtrace(); - die(""); - } - if ($run) { + //* DEBUG: */ $fp = fopen(getConfig('CACHE_PATH') . 'escape_debug.log', 'a') or app_die(__FILE__, __LINE__, "Cannot write debug.log!"); + //* DEBUG: */ fwrite($fp, $F.'('.$L."): ".str_replace("\r", '', str_replace("\n", " ", $eval))."\n"); + //* DEBUG: */ fclose($fp); + + if ($run === true) { // Run SQL query (default) - return SQL_QUERY($query, $file, $line); + return SQL_QUERY($query, $F, $L); } else { // Return secured string return $query; } } -// Get ID from last INSERT command -function SQL_INSERTID() { - return @mysql_insert_id(); + +// Get id from last INSERT command +function SQL_INSERTID () { + if (!SQL_IS_LINK_UP()) return false; + return mysql_insert_id(); } + // Escape a string for the database -function SQL_ESCAPE($str, $secureString = true) { - global $link; +function SQL_ESCAPE ($str, $secureString=true, $strip=true) { + // Do we have cache? + if (!isset($GLOBALS['sql_escapes'][''.$str.''])) { + // Secure string first? (which is the default behaviour!) + if ($secureString === true) { + // Then do it here + $str = secureString($str, $strip); + } // END - if - // Secure string first? (which is the default behaviour!) - if ($secureString) { - // Then do it here - $str = secureString($str); - } // END - if + if (!SQL_IS_LINK_UP()) { + // Fall-back to smartAddSlashes() when there is no link + $ret = smartAddSlashes($str); + } elseif (function_exists('mysql_real_escape_string')) { + // The new and improved version + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str='.$str); + $ret = mysql_real_escape_string($str, SQL_GET_LINK()); + } elseif (function_exists('mysql_escape_string')) { + // The obsolete function + $ret = mysql_escape_string($str, SQL_GET_LINK()); + } else { + // If nothing else works, fall back to smartAddSlashes() again + $ret = smartAddSlashes($str); + } - if (!is_resource($link)) { - // Fall-back to addslashes() when there is no link - return addslashes($str); + // Cache result + $GLOBALS['sql_escapes'][''.$str.''] = $ret; } // END - if - if (function_exists('mysql_real_escape_string')) { - // The new and improved version - return mysql_real_escape_string($str, $link); - } elseif (function_exists('mysql_escape_string')) { - // The obsulete function - return mysql_escape_string($str, $link); - } else { - // If nothing else works - return addslashes($str); - } + // Return it + return $GLOBALS['sql_escapes'][''.$str.'']; } + // SELECT query string from table, columns and so on... ;-) function SQL_RESULT_FROM_ARRAY ($table, $columns, $idRow, $id, $F, $L) { + // Is columns an array? + if (!is_array($columns)) { + // No array + debug_report_bug(sprintf("columns is not an array. %s != array, file=%s, line=%s", + gettype($columns), + basename($F), + $L + )); + + // Abort here with 'false' + return false; + } // END - if + // Prepare the SQL statement - $SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%s LIMIT 1"; + $sql = "SELECT `".implode("`,`", $columns)."` FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`='%s' LIMIT 1"; // Return the result - return SQL_QUERY_ESC($SQL, array(bigintval($id)), $F, $L); + return SQL_QUERY_ESC($sql, + array( + $table, + $idRow, + bigintval($id), + ), $F, $L + ); } -// ALTER TABLE wrapper function -function SQL_ALTER_TABLE($sql, $F, $L) { - // Shall we add? - if (eregi("ADD", $sql) > 0) { - // Extract table name - $tableArray = explode(" ", $sql); - $tableName = str_replace("`", "", $tableArray[2]); +// ALTER TABLE wrapper function +function SQL_ALTER_TABLE ($sql, $F, $L) { + // Abort if link is down + if (!SQL_IS_LINK_UP()) return false; + + // This is the default result... + $result = false; + + // Determine index/fulltext/unique word + $noIndex = ( + ( + strpos($sql, 'INDEX') === false + ) && ( + strpos($sql, 'KEY') === false + ) && ( + strpos($sql, 'FULLTEXT') === false + ) && ( + strpos($sql, 'UNIQUE') === false + ) + ); + + // Extract table name + $tableArray = explode(' ', $sql); + $tableName = str_replace('`', '', $tableArray[2]); + + // Shall we add/drop? + if (((strpos($sql, 'ADD') !== false) || (strpos($sql, 'DROP') !== false)) && ($noIndex === true)) { + // Try two columns, one should fix + foreach (array(4,5) as $idx) { + // And column name as well + $columnName = str_replace('`', '', $tableArray[$idx]); + + // Get column information + $result = SQL_QUERY_ESC("SHOW COLUMNS FROM `%s` LIKE '%s'", + array($tableName, $columnName), __FILE__, __LINE__); + + // Do we have no entry on ADD or an entry on DROP? + // 123 4 4 3 3 4 4 32 23 4 4 3 3 4 4 321 + if (((SQL_NUMROWS($result) == 0) && (strpos($sql, 'ADD') !== false)) || ((SQL_NUMROWS($result) == 1) && (strpos($sql, 'DROP') !== false))) { + // Do the query + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Executing: ' . $sql); + $result = SQL_QUERY($sql, $F, $L, false); + + // Skip further attempt(s) + break; + } elseif ((((SQL_NUMROWS($result) == 1) && (strpos($sql, 'ADD') !== false)) || ((SQL_NUMROWS($result) == 0) && (strpos($sql, 'DROP') !== false))) && ($columnName != 'KEY')) { + // Abort here because it is alreay there + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Skipped: ' . $sql); + break; + } elseif ($columnName != 'KEY') { + // Something didn't fit + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Possible problem: ' . $sql); + } + } // END - foreach + } elseif ((getConfig('_TABLE_TYPE') == 'InnoDB') && (strpos($sql, 'FULLTEXT') !== false)) { + // Skip this query silently + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, sprintf("Skipped FULLTEXT: sql=%s,file=%s,line=%s", $sql, $F, $L)); + } elseif ($noIndex === false) { // And column name as well - $columnName = str_replace("`", "", $tableArray[4]); + //* DEBUG: */ print __LINE__.':tableArray=
' . print_r($tableArray, true) . ''; + $keyName = str_replace('`', '', $tableArray[5]); + + // Is this "UNIQUE" or so? FULLTEXT has been handled the elseif() block above + if (in_array(strtoupper($keyName), array('INDEX', 'UNIQUE', 'KEY', 'FULLTEXT'))) { + // Init loop + $begin = 1; $keyName = ','; + while (strpos($keyName, ',') !== false) { + // Use last + $keyName = str_replace('`', '', $tableArray[count($tableArray) - $begin]); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $keyName . '----------------' . $begin); + + // Remove brackes + $keyName = str_replace('(', '', str_replace(')', '', $keyName)); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $keyName . '----------------' . $begin); + + // Continue + $begin++; + } // END while + } // END - if + + // Show indexes + $result = SQL_QUERY_ESC("SHOW INDEX FROM `%s`", array($tableName), __FILE__, __LINE__); - // Get column information - $result = SQL_QUERY_ESC("SHOW COLUMNS FROM %s LIKE '%s'", - array($tableName, $columnName), $F, $L); + // Non-skipping is default for ADD + $skip = false; - // Do we have no entry? - if (SQL_NUMROWS($result) == 0) { - // Do the query - return SQL_QUERY($sql, $F, $L, false); + // But should we DROP? + if ($tableArray[3] == 'DROP') { + // Then skip if nothing found! + $skip = true; + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Going to drop key ' . $keyName); } // END - if + + // Walk through all + while ($content = SQL_FETCHARRAY($result)) { + // Is it found? + //* DEBUG: */ print(__LINE__.':columnName='.$keyName.',content=
' . print_r($content, true) . ''); + if (($content['Key_name'] == $keyName) && ($tableArray[3] == 'ADD')) { + // Skip this query! + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, sprintf("ADD: Skiped: %s", $sql)); + $skip = true; + break; + } elseif (($content['Key_name'] == $keyName) && ($tableArray[3] == 'DROP')) { + // Don't skip this! + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, sprintf("DROP: Not skiped: %s", $sql)); + $skip = false; + break; + } + } // END - while + + // Free result + SQL_FREERESULT($result); + + // Shall we run it? + if ($skip === false) { + // Send it to the SQL_QUERY() function + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $sql); + $result = SQL_QUERY($sql, $F, $L, false); + } else { + // Not executed + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Not executed: ' . $sql); + } + } else { + // Other ALTER TABLE query + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $sql); + $result = SQL_QUERY($sql, $F, $L, false); + } + + // Return result + return $result; +} + +// Getter for SQL link +function SQL_GET_LINK () { + // Init link + $link = null; + + // Is it in the globals? + if (isset($GLOBALS['sql_link'])) { + // Then take it + $link = $GLOBALS['sql_link']; + } // END - if + + // Return it + return $link; +} + +// Setter for link +function SQL_SET_LINK ($link) { + // Is this a resource or null? + if ((!is_resource($link)) && (!is_null($link))) { + // This should never happen! + debug_report_bug(sprintf("link is not resource or null. Type: %s", gettype($link))); + } // END - if + + // Set it + $GLOBALS['sql_link'] = $link; +} + +// Checks if the link is up +function SQL_IS_LINK_UP () { + // Default is not up + $linkUp = false; + + // Do we have cached this? + if (isset($GLOBALS['sql_link_res'])) { + // Then use this + $linkUp = $GLOBALS['sql_link_res']; } else { - // Send it to the SQL_QUERY() function - return SQL_QUERY($sql, $F, $L, false); + // Get it + $linkUp = is_resource(SQL_GET_LINK()); + + // And cache it + $GLOBALS['sql_link_res'] = $linkUp; } + + // Return the result + return $linkUp; } -// + +// [EOF] ?>