2 require ("result.inc");
19 var $_halt_on_error = true;
22 function CLASS_DATABASE ($database=DB_DATABASE,$user=DB_USER,$password=DB_PASS,$url=DB_HOST) {
23 $this->Database=$database;
24 $this->Password=$password;
29 function CLASS_DATABASE() {
30 $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
33 function connect($url,$user,$password,$database, $halt_on_error = true) {
35 $this->_halt_on_error = $halt_on_error;
36 if ($this->_linkId == false) {
37 $this->_linkId=mysql_connect($url, $user, $password);
38 if ($this->_linkId == false) {
39 $error='chcipla databaza';
40 $this->exception($error);
44 // mysql_query('set character set utf8');
48 $this->_password=$password;
50 if ($this->_linkId == false || mysql_select_db($database, $this->_linkId) == false) {
51 $this->exception("1Database failed.");
55 $this->_database=$database;
60 function closeMysql() {
61 mysql_close($this->_linkId);
64 function query($sql) {
66 $this->_linkId = false;
67 $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
70 // Simple IDS, against automats
71 // When possible attack is detected,
72 // query & session information is stored into log
73 // Looking for following string in SQL query:
74 // - "user()" (get cur. user)
75 // - "@@version" (get mysql version)
76 // - "AND 1=1" (blind sqli) (too many false positives?)
77 // - "information_schema" (for listing of tables, columns...)
79 // - "/*" (comment) (too many false positives?)
80 // - "--" (comment) (too many false positives?)
82 if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql)
83 || preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql)
85 logger::log('SQL ALARM',$sql);
89 $this->_queryId = mysql_query($sql,$this->_linkId);
91 if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) {
94 echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
97 if ($this->_queryId == false) {
98 $this->exception("query failed ::$sql::");
101 return new result($this->_queryId, $sql);
105 function executequery($sql) {
106 return($this->query($sql));
109 function executetransaction($queries) {
110 $this->executequery("set autocommit=0");
111 if (is_array($queries)) {
112 foreach ($queries as $query) {
113 $this->executequery($query);
116 $this->executequery("commit");
117 $this->executequery("set autocommit=1");
120 function executeupdate($sql) {
121 return($this->update($sql));
124 function update($sql) {
125 if (!$this->Master) {
126 $this->_linkId = false;
127 $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
128 $this->Master = true;
131 $this->_queryId = @mysql_db_query($this->_database,$sql,$this->_linkId);
132 if ($this->_queryId == false) {
133 $this->exception("update failed.");
135 $rows=@mysql_affected_rows($this->_linkId);
139 function getLastInsertId() {
140 return(@mysql_insert_id($this->_linkId));
143 function exception($errorMessage) {
146 echo @mysql_error($this->_linkId)," (",@mysql_errno($this->_linkId),")";
149 if ($this->_halt_on_error) {
150 die("<pre>".$errorMessage."</pre>");
152 echo $errorMessage."<br>";