X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FDatabase%2FDBA.php;h=ab856ef9d05da6fd2c1205fcf07e2029d8fdce02;hb=9744f0e7809873bf3bed76b72bcef25e34ebcdd6;hp=8e5a621b3689819f93ec021506716debf7f6561e;hpb=cfa68c52b9117616fa95a4639ad74e7d220d193d;p=friendica.git

diff --git a/src/Database/DBA.php b/src/Database/DBA.php
index 8e5a621b36..ab856ef9d0 100644
--- a/src/Database/DBA.php
+++ b/src/Database/DBA.php
@@ -91,6 +91,7 @@ class DBA
 				self::$connection->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
 				self::$connected = true;
 			} catch (PDOException $e) {
+				/// @TODO At least log exception, don't ignore it!
 			}
 		}
 
@@ -251,11 +252,16 @@ class DBA
 	}
 
 	public static function escape($str) {
-		switch (self::$driver) {
-			case 'pdo':
-				return substr(@self::$connection->quote($str, PDO::PARAM_STR), 1, -1);
-			case 'mysqli':
-				return @self::$connection->real_escape_string($str);
+		if (self::$connected) {
+			switch (self::$driver) {
+				case 'pdo':
+					return substr(@self::$connection->quote($str, PDO::PARAM_STR), 1, -1);
+
+				case 'mysqli':
+					return @self::$connection->real_escape_string($str);
+			}
+		} else {
+			return str_replace("'", "\\'", $str);
 		}
 	}
 
@@ -368,7 +374,7 @@ class DBA
 	 * @usage Example: $r = p("SELECT * FROM `item` WHERE `guid` = ?", $guid);
 	 *
 	 * Please only use it with complicated queries.
-	 * For all regular queries please use dba::select or dba::exists
+	 * For all regular queries please use DBA::select or DBA::exists
 	 *
 	 * @param string $sql SQL statement
 	 * @return bool|object statement object or result object
@@ -586,7 +592,7 @@ class DBA
 	/**
 	 * @brief Executes a prepared statement like UPDATE or INSERT that doesn't return data
 	 *
-	 * Please use dba::delete, dba::insert, dba::update, ... instead
+	 * Please use DBA::delete, DBA::insert, DBA::update, ... instead
 	 *
 	 * @param string $sql SQL statement
 	 * @return boolean Was the query successfull? False is returned only if an error occurred
@@ -681,7 +687,7 @@ class DBA
 	/**
 	 * Fetches the first row
 	 *
-	 * Please use dba::selectFirst or dba::exists whenever this is possible.
+	 * Please use DBA::selectFirst or DBA::exists whenever this is possible.
 	 *
 	 * @brief Fetches the first row
 	 * @param string $sql SQL statement
@@ -928,13 +934,11 @@ class DBA
 
 		switch (self::$driver) {
 			case 'pdo':
-				if (self::$connection->inTransaction()) {
-					break;
-				}
-				if (!self::$connection->beginTransaction()) {
+				if (!self::$connection->inTransaction() && !self::$connection->beginTransaction()) {
 					return false;
 				}
 				break;
+
 			case 'mysqli':
 				if (!self::$connection->begin_transaction()) {
 					return false;
@@ -953,10 +957,13 @@ class DBA
 				if (!self::$connection->inTransaction()) {
 					return true;
 				}
+
 				return self::$connection->commit();
+
 			case 'mysqli':
 				return self::$connection->commit();
 		}
+
 		return true;
 	}
 
@@ -989,6 +996,7 @@ class DBA
 				}
 				$ret = self::$connection->rollBack();
 				break;
+
 			case 'mysqli':
 				$ret = self::$connection->rollback();
 				break;
@@ -1054,7 +1062,12 @@ class DBA
 
 		$commands[$key] = ['table' => $table, 'conditions' => $conditions];
 
-		$cascade = defaults($options, 'cascade', true);
+		// Don't use "defaults" here, since it would set "false" to "true"
+		if (isset($options['cascade'])) {
+			$cascade = $options['cascade'];
+		} else {
+			$cascade = true;
+		}
 
 		// To speed up the whole process we cache the table relations
 		if ($cascade && count(self::$relation) == 0) {
@@ -1294,7 +1307,7 @@ class DBA
 	 *
 	 * $params = array("order" => array("id", "received" => true), "limit" => 10);
 	 *
-	 * $data = dba::select($table, $fields, $condition, $params);
+	 * $data = DBA::select($table, $fields, $condition, $params);
 	 */
 	public static function select($table, array $fields = [], array $condition = [], array $params = [])
 	{
@@ -1336,7 +1349,7 @@ class DBA
 	 * or:
 	 * $condition = ["`uid` = ? AND `network` IN (?, ?)", 1, 'dfrn', 'dspr'];
 	 *
-	 * $count = dba::count($table, $condition);
+	 * $count = DBA::count($table, $condition);
 	 */
 	public static function count($table, array $condition = [])
 	{
@@ -1390,7 +1403,7 @@ class DBA
 						/* Workaround for MySQL Bug #64791.
 						 * Never mix data types inside any IN() condition.
 						 * In case of mixed types, cast all as string.
-						 * Logic needs to be consistent with dba::p() data types.
+						 * Logic needs to be consistent with DBA::p() data types.
 						 */
 						$is_int = false;
 						$is_alpha = false;
@@ -1450,7 +1463,7 @@ class DBA
 
 		$limit_string = '';
 		if (isset($params['limit']) && is_int($params['limit'])) {
-			$limit_string = " LIMIT " . $params['limit'];
+			$limit_string = " LIMIT " . intval($params['limit']);
 		}
 
 		if (isset($params['limit']) && is_array($params['limit'])) {
@@ -1521,7 +1534,7 @@ class DBA
 			case 'mysqli':
 				// MySQLi offers both a mysqli_stmt and a mysqli_result class.
 				// We should be careful not to assume the object type of $stmt
-				// because dba::p() has been able to return both types.
+				// because DBA::p() has been able to return both types.
 				if ($stmt instanceof mysqli_stmt) {
 					$stmt->free_result();
 					$ret = $stmt->close();
@@ -1610,7 +1623,7 @@ class DBA
 			if (is_bool($value)) {
 				$value = ($value ? '1' : '0');
 			} else {
-				$value = dbesc($value);
+				$value = self::escape($value);
 			}
 			return;
 		}
@@ -1620,7 +1633,7 @@ class DBA
 		} elseif (is_float($value) || is_integer($value)) {
 			$value = (string) $value;
 		} else {
-			$value = "'" . dbesc($value) . "'";
+			$value = "'" . self::escape($value) . "'";
 		}
 	}