Database=$database; $this->Password=$password; $this->User=$user; $this->Url=$url; */ function CLASS_DATABASE() { $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE); } function connect($url,$user,$password,$database, $halt_on_error = true) { global $error; $this->_halt_on_error = $halt_on_error; if ($this->_linkId == false) { $this->_linkId=mysql_connect($url, $user, $password); if ($this->_linkId == false) { $error='chcipla databaza'; $this->exception($error); return false; //die(); }// else { // mysql_query('set character set utf8'); //} $this->_url=$url; $this->_user=$user; $this->_password=$password; if ($this->_linkId == false || mysql_select_db($database, $this->_linkId) == false) { $this->exception("1Database failed."); return false; die(); } $this->_database=$database; } return true; } function closeMysql() { mysql_close($this->_linkId); } function query($sql) { $this->_linkId = false; $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE); $this->Master = true; // Simple IDS, against automats // When possible attack is detected, // query & session information is stored into log // Looking for following string in SQL query: // - "user()" (get cur. user) // - "@@version" (get mysql version) // - "AND 1=1" (blind sqli) (too many false positives?) // - "information_schema" (for listing of tables, columns...) // - "/*" (comment) (too many false positives?) // - "--" (comment) (too many false positives?) if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql) || preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql) ) { logger::log('SQL ALARM',$sql); } $this->_queryId = mysql_query($sql,$this->_linkId); if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) { echo $sql; global $timer_start; echo "
".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7); } if ($this->_queryId == false) { $this->exception("query failed ::$sql::"); } return new result($this->_queryId, $sql); } function executequery($sql) { return($this->query($sql)); } function executetransaction($queries) { $this->executequery("set autocommit=0"); if (is_array($queries)) { foreach ($queries as $query) { $this->executequery($query); } } $this->executequery("commit"); $this->executequery("set autocommit=1"); } function executeupdate($sql) { return($this->update($sql)); } function update($sql) { if (!$this->Master) { $this->_linkId = false; $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE); $this->Master = true; } $this->_queryId = @mysql_db_query($this->_database,$sql,$this->_linkId); if ($this->_queryId == false) { $this->exception("update failed."); } $rows=@mysql_affected_rows($this->_linkId); return($rows); } function getLastInsertId() { return(@mysql_insert_id($this->_linkId)); } function exception($errorMessage) { echo ""; if ($this->_halt_on_error) { die("
".$errorMessage."
"); } else { echo $errorMessage."
"; return false; } } } ?>