Fixed handling of SQL strings

[mailer.git] / inc / sql-functions.php

diff --git a/inc/sql-functions.php b/inc/sql-functions.php
index 503197b38f86a7d027f9371d89bcf989199a67b2..5686a79ff5a863403646bf92f7521b268b27410b 100644 (file)
--- a/inc/sql-functions.php
+++ b/inc/sql-functions.php
@@ -304,7 +304,9 @@ function sqlQueryEscaped ($sqlString, $data, $file, $line, $run = TRUE, $strip =
 
        // Escape all data
        foreach ($data as $key => $value) {
+               //* DEBUG: */ logDebugMessage(basename($file) . '/' . __FUNCTION__, $line . '/' . __LINE__, 'key=' . $key . ',value=' . $value . ',run=' . intval($run) . ',strip=' . intval($strip) . ',secure=' . intval($secure));
                $dataSecured[$key] = sqlEscapeString($value, $secure, $strip);
+               //* DEBUG: */ logDebugMessage(basename($file) . '/' . __FUNCTION__, $line . '/' . __LINE__, 'dataSecured[key]=' . $dataSecured[$key]);
        } // END - foreach
 
        // Generate query
@@ -501,16 +503,16 @@ function setSqlLink ($file, $line, $link) {
        if ((ifFatalErrorsDetected()) && (isInstaller())) {
                // This may happen in installation phase
                return;
-       } elseif ((!is_resource($link)) && (!is_null($link))) {
+       } elseif ((!is_resource($link)) && (!is_null($link)) && (!$link instanceof mysqli)) {
                // This should never happen!
-               reportBug($file . ':' . __FUNCTION__, $line . ':' . __LINE__, sprintf('Type of link is not resource or null, type=%s', gettype($link)));
+               reportBug($file . ':' . __FUNCTION__, $line . ':' . __LINE__, sprintf('Type of link is not resource, null or mysqli class, type=%s', gettype($link)));
        } // END - if
 
        // Set it
        $GLOBALS['__sql_link'] = $link;
 
        // Re-init cache
-       $GLOBALS['__is_sql_link_up'] = is_resource($link);
+       $GLOBALS['__is_sql_link_up'] = ((function_exists('isValidSqlLink')) && (isValidSqlLink($link)));
 }
 
 // Checks if the link is up
@@ -546,20 +548,23 @@ function sqlPrepareQueryString ($sqlString, $enableCodes = TRUE) {
        // Is it already cached?
        if (!isset($GLOBALS['sql_strings']['' . $sqlString . ''])) {
                // Preserve escaping and compile URI codes+config+expression code
-               $sqlString2 = FILTER_COMPILE_EXPRESSION_CODE(FILTER_COMPILE_CONFIG($sqlString));
+               $sqlString2 = str_replace(chr(92), '{BACKLASH}', $sqlString);
+               //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sqlString2=' . $sqlString2);
+               $sqlString2 = FILTER_COMPILE_EXPRESSION_CODE(FILTER_COMPILE_CONFIG($sqlString2));
 
                // Debug message
                //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sqlString2=' . $sqlString2);
 
-               // Do final compilation and revert {ESCAPE}
+               // Do final compilation and revert {BACKSLASH}
                $GLOBALS['sql_strings']['' . $sqlString . ''] = doFinalCompilation($sqlString2, FALSE, $enableCodes);
+               $GLOBALS['sql_strings']['' . $sqlString . ''] = str_replace('{BACKLASH}', chr(92), $GLOBALS['sql_strings']['' . $sqlString . '']);
        } else {
                // Log message
                //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sqlString=' . $sqlString . ' - CACHE!');
        }
 
        // Debug message
-       //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sqlString=' . $sqlString . ',enableCodes=' . intval($enableCodes) . ',sql_strings=' . $GLOBALS['sql_strings']['' . $sqlString . ''] . ' - EXIT!');
+       //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sqlString=' . $sqlString . ',enableCodes=' . intval($enableCodes) . ',returned sql_string=' . $GLOBALS['sql_strings']['' . $sqlString . ''] . ' - EXIT!');
 
        // Return it
        return $GLOBALS['sql_strings']['' . $sqlString . ''];
@@ -585,7 +590,7 @@ function ifSqlTableExists ($tableName) {
                        array($tableName), __FUNCTION__, __LINE__);
 
                // Is a link there?
-               if (!is_resource($result)) {
+               if (!isValidSqlLink($result)) {
                        // Is installation phase?
                        if (isInstaller()) {
                                // Then silently abort here
@@ -630,7 +635,7 @@ function ifSqlTableColumnExists ($tableName, $columnName, $forceFound = FALSE) {
                ), __FUNCTION__, __LINE__);
 
        // Is a link there?
-       if (!is_resource($result)) {
+       if (!isValidSqlLink($result)) {
                // Is installation phase?
                if (isInstaller()) {
                        // Then silently abort here
@@ -672,7 +677,7 @@ function ifSqlTableIndexExist ($tableName, $keyName, $forceFound = FALSE) {
        $result = sqlQueryEscaped("SHOW INDEX FROM `%s`", array($tableName), __FUNCTION__, __LINE__);
 
        // Is a link there?
-       if (!is_resource($result)) {
+       if (!isValidSqlLink($result)) {
                // Is installation phase?
                if (isInstaller()) {
                        // Then silently abort here
@@ -755,7 +760,7 @@ function getArrayFromSupportedSqlEngines ($requestedEngine = 'ALL') {
 // "Getter" for result from given table and field/type LIKEs
 function sqlGetResultFromLikeColumnsType ($tableName, $field, $type) {
        // The table should be there
-       assert(ifSqlTableExists($tableName), 'tableName=' . $tableName . ' does not exist. field=' . $field . ',type=' . $type);
+       assert(ifSqlTableExists($tableName));
 
        // Default no field set
        $fieldSql = '';