| 1 |
rodolico |
1 |
<?php
|
|
|
2 |
|
| 4 |
rodolico |
3 |
//require_once "DBDatabase.class.php";
|
| 1 |
rodolico |
4 |
require_once "Logging.class.php"; // For logging
|
|
|
5 |
|
|
|
6 |
global $LOGFILE;
|
|
|
7 |
|
|
|
8 |
define( 'HTML_QUOTE_CHAR', '"' );
|
|
|
9 |
define( 'CONSTANT_NO_VALUE_DROPDOWN', '--------' );
|
|
|
10 |
|
|
|
11 |
class DBQuery {
|
| 4 |
rodolico |
12 |
|
|
|
13 |
// following are used for the class with no instantiation
|
|
|
14 |
protected static $connected = false;
|
|
|
15 |
protected static $connectionInfo = null; // connection information for database
|
|
|
16 |
|
| 1 |
rodolico |
17 |
protected $query; // the query to be processed
|
|
|
18 |
protected $rowsAffected; // the number of rows 1) affectd by an insert, update or delete or 2) returned by a select
|
|
|
19 |
protected $lastInsertKey; // the value of the last row inserted (mysql only)
|
|
|
20 |
protected $returnData; // an array that contains the data retrieved by a query (select only)
|
|
|
21 |
protected $columnMetaData; // an array that contains the meta data from the query
|
|
|
22 |
protected $useAssociativeArray; // if true, $returnData is an array of associative array, with the column names being the key fields
|
|
|
23 |
protected $showErrors; // if true, will return errors to STDOUT
|
|
|
24 |
protected $error; // set to last error returned
|
|
|
25 |
protected $log; // Wil be instantiation of a Logging instance if set
|
|
|
26 |
protected $auditTable; // if set to a table name, all queries are written to it
|
|
|
27 |
protected $orderBy;
|
|
|
28 |
|
| 4 |
rodolico |
29 |
public static function connect( $connectionInfo = null ) {
|
|
|
30 |
if ( isset ( $connectionInfo ) ) {
|
|
|
31 |
DBQuery::$connectionInfo = $connectionInfo;
|
|
|
32 |
if ( ! isset( DBQuery::$connectionInfo['host'] ) || DBQuery::$connectionInfo['host'] == '' )
|
|
|
33 |
DBQuery::$connectionInfo['host'] = '127.0.0.1';
|
|
|
34 |
} // if they passed in a connection string
|
|
|
35 |
if ( ! DBQuery::$connected ) {
|
|
|
36 |
try {
|
|
|
37 |
if ( mysql_connect( DBQuery::$connectionInfo['host'], DBQuery::$connectionInfo['username'], DBQuery::$connectionInfo['password'] ) === false )
|
|
|
38 |
throw new Exception( mysql_error() );
|
|
|
39 |
if ( mysql_select_db( DBQuery::$connectionInfo['name'] ) === false )
|
|
|
40 |
throw new Exception(mysql_error());
|
|
|
41 |
DBQuery::$connected = true;
|
|
|
42 |
} catch ( Exception $e ) {
|
|
|
43 |
die( $e->getMessage() );
|
|
|
44 |
}
|
|
|
45 |
} // if we are not connected
|
|
|
46 |
} // static function connect
|
|
|
47 |
|
|
|
48 |
|
| 1 |
rodolico |
49 |
public function __construct( $query, $whereClause = null, $orderBy = null, $runImmediate = false ) {
|
|
|
50 |
$this->query = $query;
|
|
|
51 |
if ( isset( $whereClause ) ) {
|
|
|
52 |
$this->query .= $this->makeWhereClause( $whereClause );
|
| 4 |
rodolico |
53 |
} // whereclause
|
| 1 |
rodolico |
54 |
if ( isset( $orderBy ) ) {
|
|
|
55 |
$this->orderBy .= ' order by ' . implode( ',', $orderBy );
|
| 4 |
rodolico |
56 |
} // orderby
|
| 1 |
rodolico |
57 |
$this->rowsAffected = 0;
|
|
|
58 |
$this->lastInsertKey = '';
|
|
|
59 |
$this->returnData = array();
|
|
|
60 |
$this->columnMetaData = array();
|
|
|
61 |
$this->useAssociativeArray = true;
|
|
|
62 |
$this->showErrors = true;
|
|
|
63 |
$this->error = '';
|
|
|
64 |
if (isset( $LOGFILE ) ) $this->logFile = new Logging( $LOGFILE );
|
| 4 |
rodolico |
65 |
if ( $runImmediate )
|
| 1 |
rodolico |
66 |
$this->run();
|
|
|
67 |
// if (isset( $AUDITTABLE ) ) $this->auditTable = new Logging( $LOGFILE );
|
| 4 |
rodolico |
68 |
} // __construct
|
| 1 |
rodolico |
69 |
|
|
|
70 |
public function __set( $name, $value ) {
|
|
|
71 |
$this->$name = $value;
|
| 4 |
rodolico |
72 |
return $value;
|
| 1 |
rodolico |
73 |
}
|
|
|
74 |
|
|
|
75 |
public function __get( $name ) {
|
|
|
76 |
return isset( $this->$name ) ? $this->$name : null;
|
|
|
77 |
}
|
|
|
78 |
|
|
|
79 |
public function __isset( $name ) {
|
|
|
80 |
return isset( $this->$name );
|
|
|
81 |
}
|
|
|
82 |
|
|
|
83 |
/*
|
|
|
84 |
function actually executes the query, populating the members with the results
|
|
|
85 |
returns true if no errors, false if errors (see $this->error for code)
|
|
|
86 |
*/
|
|
|
87 |
function run () {
|
|
|
88 |
// print "<pre>In Query database\n---------------------\n$query\n---------------------\n</pre>";
|
|
|
89 |
if ( isset($this->log) ) $this->log->printLog( $query );
|
|
|
90 |
// if ( isset( $this->auditTable) ) audit( $query );
|
|
|
91 |
$result = @mysql_query($this->query);
|
|
|
92 |
if( mysql_errno() ) {
|
| 4 |
rodolico |
93 |
$this->error = 'MYSQL ERROR #'.mysql_errno().' : <small>' . mysql_error(). "</small><br><VAR>$this->query</VAR>";
|
| 1 |
rodolico |
94 |
if ( $this->showErrors ) echo($this->error);
|
|
|
95 |
return false;
|
|
|
96 |
} // if
|
|
|
97 |
if( preg_match ( '/^\s*select/i', $this->query ) ) { // this is a select statement
|
|
|
98 |
$this->rowsAffected = @mysql_num_rows($result);
|
|
|
99 |
$this->columnMetaData = array();
|
|
|
100 |
for ($i = 0; $i < mysql_num_fields( $result ); $i++) {
|
|
|
101 |
$meta = mysql_fetch_field ( $result );
|
|
|
102 |
$this->columnMetaData[] = array('name' => $meta->name, 'length' => $meta->max_length, 'numeric' => $meta->numeric, 'type' => $meta->type );
|
|
|
103 |
}
|
|
|
104 |
if( ! $this->rowsAffected ) return;
|
|
|
105 |
$this->returnData = array();
|
|
|
106 |
for( $i = 0; $i < $this->rowsAffected; $i++ ) {
|
|
|
107 |
$this->returnData[] = $this->useAssociativeArray ? mysql_fetch_assoc($result) : mysql_fetch_row($result);
|
|
|
108 |
}
|
|
|
109 |
mysql_free_result($result);
|
|
|
110 |
} else { // not a select statement
|
|
|
111 |
$this->rowsAffected = mysql_affected_rows();
|
|
|
112 |
$this->lastInsertKey = mysql_insert_id();
|
|
|
113 |
}
|
|
|
114 |
return true;
|
|
|
115 |
} // function run
|
|
|
116 |
|
|
|
117 |
|
|
|
118 |
|
|
|
119 |
/*
|
|
|
120 |
* function will return one and only one row, NOT as an array of array
|
|
|
121 |
* but as a single row array
|
|
|
122 |
* if more than one row is returned by query, error is set and function
|
|
|
123 |
* returns false.
|
|
|
124 |
* Otherwise, function returns true
|
|
|
125 |
*/
|
|
|
126 |
public function getOneRow( $sql = null ) {
|
|
|
127 |
if ( isset( $sql ) )
|
|
|
128 |
$this->query = $sql;
|
|
|
129 |
$save = $this->useAssociativeArray;
|
|
|
130 |
$useAssociativeArray = true;
|
|
|
131 |
$this->run();
|
|
|
132 |
$useAssociativeArray = $save;
|
|
|
133 |
if ( $this->rowsAffected == 1 ) {
|
|
|
134 |
$this->returnData = $this->returnData[0];
|
|
|
135 |
return true;
|
|
|
136 |
} else
|
|
|
137 |
$this->error = "$this->rowsAffected rows returned from getOneRow";
|
|
|
138 |
return false;
|
|
|
139 |
} // getOneRow
|
|
|
140 |
|
|
|
141 |
|
|
|
142 |
// function returns the first column of the first row of data returned from query
|
|
|
143 |
// or null no value returned
|
|
|
144 |
function getOneDBValue( $sql = null ) {
|
|
|
145 |
if ( isset( $sql ) )
|
|
|
146 |
$this->query = $sql;
|
|
|
147 |
$save = $this->useAssociativeArray;
|
|
|
148 |
$useAssociativeArray = false;
|
|
|
149 |
$this->run();
|
|
|
150 |
$useAssociativeArray = $save;
|
|
|
151 |
return $this->rowsAffected ? $this->returnData[0][0] : null;
|
|
|
152 |
}
|
|
|
153 |
|
|
|
154 |
function countNumberOfRows ( $sql = null ) {
|
|
|
155 |
if ( isset( $sql ) )
|
|
|
156 |
$this->query = $sql;
|
|
|
157 |
$save = $this->useAssociativeArray;
|
|
|
158 |
$useAssociativeArray = false;
|
|
|
159 |
$this->run();
|
|
|
160 |
$useAssociativeArray = $save;
|
|
|
161 |
return $this->rowsAffected;
|
|
|
162 |
}
|
|
|
163 |
|
|
|
164 |
function makeWhereClause ($conditions, $joinedBy = 'and') {
|
|
|
165 |
$joinedBy = " $joinedBy "; // make sure there are spaces around it
|
|
|
166 |
$whereClause = ' where ' . implode ( $joinedBy, $conditions );
|
|
|
167 |
return $whereClause;
|
|
|
168 |
}
|
|
|
169 |
|
|
|
170 |
/*
|
|
|
171 |
values is an associative array of name/value pairs
|
|
|
172 |
function will replace all items of the form <$name> with its values (the less than and greater than symbols around the key)
|
|
|
173 |
*/
|
|
|
174 |
function insertValuesIntoQuery( $values ) {
|
|
|
175 |
foreach ( $values as $name => $value ) {
|
|
|
176 |
$this->query = search_replace_string($this->query, "<$name>", $value );
|
|
|
177 |
}
|
|
|
178 |
}
|
| 4 |
rodolico |
179 |
|
|
|
180 |
/*
|
|
|
181 |
* function will attempt to make a constant ($value) safe for SQL depending on the type.
|
|
|
182 |
*
|
|
|
183 |
* if $value is empty, $default is returned, as will happen if any of the
|
|
|
184 |
* conversions (date, datetime, etc...) fail.
|
|
|
185 |
*
|
|
|
186 |
* First, it will pass it through get_magic_quotes_gpc,
|
|
|
187 |
* then will run through mysql_real_escape_string
|
|
|
188 |
*
|
|
|
189 |
* For strings, will encapsulate in quotes
|
|
|
190 |
* Dates will attempt a conversion, then change to YYYY-MM-DD and encapsulate in quotes
|
|
|
191 |
* DateTime will perform the same, but change to YYYY-MM-DD HH:MM:SS
|
|
|
192 |
* Integer and Floats are passed through builtins intval and floatval
|
|
|
193 |
* Boolean only checks the first character, a '0', 'f' and 'n' denoting false
|
|
|
194 |
* all else denoting true. The result is converted based on the variable
|
|
|
195 |
* $falsetrue, with the first char denoting false and the second denoting true
|
|
|
196 |
*/
|
|
|
197 |
public static function makeSafeSQLConstant ( $value, $type='S', $default='null', $falsetrue='10' ) {
|
|
|
198 |
if (strlen($value) == 0) // simply set any empty values to null
|
|
|
199 |
return $default;
|
|
|
200 |
// print "Processing $value as $type with default $default<br>\n";
|
|
|
201 |
switch ( strtolower( $type ) ) {
|
|
|
202 |
case 'string' :
|
|
|
203 |
case 's' :
|
|
|
204 |
if ( get_magic_quotes_gpc() )
|
|
|
205 |
$value = stripslashes($value);
|
|
|
206 |
$value = mysql_real_escape_string( $value );
|
|
|
207 |
$value = strlen( $value ) > 0 ? "'$value'" : $default;
|
|
|
208 |
break;
|
|
|
209 |
case 'date' :
|
|
|
210 |
case 'd' :
|
|
|
211 |
if ( $value != 'null' ) {
|
|
|
212 |
$result = strtotime( $value );
|
|
|
213 |
$value = ( $result === false ) ? $default : "'" . Date( 'Y-m-d', $result) . "'";
|
|
|
214 |
}
|
|
|
215 |
break;
|
|
|
216 |
case 'datetime':
|
|
|
217 |
case 'timestamp':
|
|
|
218 |
case 'dt':
|
|
|
219 |
if ( $value != 'null' ) {
|
|
|
220 |
$result = strtotime( $value );
|
|
|
221 |
$value = ( $result === false ) ? $default : "'" . Date( 'Y-m-d H:i:s', $result) . "'";
|
|
|
222 |
}
|
|
|
223 |
break;
|
|
|
224 |
case 'integer':
|
|
|
225 |
case 'i' :
|
|
|
226 |
$value = intval( $value );
|
|
|
227 |
break;
|
|
|
228 |
case 'float':
|
|
|
229 |
case 'f' :
|
|
|
230 |
$value = floatval( $value );
|
|
|
231 |
break;
|
|
|
232 |
case 'bool':
|
|
|
233 |
case 'boolean':
|
|
|
234 |
case 'b' : // note, because of the way strpos works, you can not
|
|
|
235 |
// simply set $value based on the output; you MUST do
|
|
|
236 |
// as below; specifically check for false, then set the result
|
|
|
237 |
$value = strpos( '0fn', strtolower(substr( $value, 0, 1 )) ) === false ? 0 : 1;
|
|
|
238 |
$value = substr( $falsetrue, $value, 0, 1 );
|
|
|
239 |
break;
|
|
|
240 |
} // switch
|
|
|
241 |
return $value;
|
|
|
242 |
}
|
| 1 |
rodolico |
243 |
|
| 4 |
rodolico |
244 |
|
| 1 |
rodolico |
245 |
} // class DBQuery
|
|
|
246 |
|
|
|
247 |
?>
|