X-Git-Url: https://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Fdatabase.inc;h=80a03a93711275078acf726b4ec75ff55cbe5182;hb=78f1a5f44941de2459b71c375e36cf88227c689c;hp=e3781925afd812a1b151069f3692814e6e37584d;hpb=d068d94b5e62de2f80164fd8062adce6e0ad93ae;p=mirrors%2FKyberia-bloodline.git
diff --git a/wwwroot/inc/database.inc b/wwwroot/inc/database.inc
index e378192..80a03a9 100644
--- a/wwwroot/inc/database.inc
+++ b/wwwroot/inc/database.inc
@@ -1,160 +1,101 @@
Database=$database;
- $this->Password=$password;
- $this->User=$user;
- $this->Url=$url;
-*/
-
-function CLASS_DATABASE() {
- $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
+function db_escape_string($str) {
+ global $db;
+ //This function should be used in whole project instead of *_escape_string() functions!
+ //return mysql_escape_string($str); //XXX TODO $db->quote($str), mysql_real_escape_string() or pg_escape_string() should be used here!
+ return preg_replace('(^.|.$)', '', $db->quote($str)); //XXX HACK
}
-function connect($url,$user,$password,$database, $halt_on_error = true) {
- global $error;
- $this->_halt_on_error = $halt_on_error;
- if ($this->_linkId == false) {
- $this->_linkId=mysql_connect($url, $user, $password);
- if ($this->_linkId == false) {
- $error='chcipla databaza';
- $this->exception($error);
- return false;
- //die();
- }// else {
- // mysql_query('set character set utf8');
- //}
- $this->_url=$url;
- $this->_user=$user;
- $this->_password=$password;
+class CLASS_DATABASE extends PDO {
+ //All functions in this class are deprecated!
+ //Please use only native PDO functions!
- if ($this->_linkId == false || mysql_select_db($database, $this->_linkId) == false) {
- $this->exception("1Database failed.");
- return false;
- die();
- }
- $this->_database=$database;
- }
- return true;
-}
+ var $Master = true;
+ var $_linkId = false;
+ var $_url = "";
+ var $_user = "";
+ var $_password = "";
+ var $_database = "";
+ var $_halt_on_error = true;
-/* DEPRECATED!
-function closeMysql() {
- mysql_close($this->_linkId);
-}
-*/
-
-function query($sql) {
-
- $this->_linkId = false;
- $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
- $this->Master = true;
-
- // Simple IDS, against automats
- // When possible attack is detected,
- // query & session information is stored into log
- // Looking for following string in SQL query:
- // - "user()" (get cur. user)
- // - "@@version" (get mysql version)
- // - "AND 1=1" (blind sqli) (too many false positives?)
- // - "information_schema" (for listing of tables, columns...)
-
- // - "/*" (comment) (too many false positives?)
- // - "--" (comment) (too many false positives?)
-
- if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql)
- || preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql)
- ) {
- logger::log('SQL ALARM',$sql);
-
+ function __construct() {
+ $this->connect(DB_HOST, DB_USER, DB_PASS, DB_DATABASE);
}
- $this->_queryId = mysql_query($sql,$this->_linkId);
-
- if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) {
- echo $sql;
- global $timer_start;
- echo "
".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
- }
+ protected function connect($host, $user, $password, $database, $halt_on_error = true) {
+ global $error;
+ parent::__construct("mysql:host=$host;dbname=$database", $user,
+ $password);
+ /*{
+ $error='chcipla databaza';
+ $this->exception($error); //deprecated
+ }; */
+ $this->setAttribute(PDO::ATTR_STATEMENT_CLASS,
+ array('result', array($this)));
- if ($this->_queryId == false) {
- $this->exception("query failed ::$sql::");
+ $this->_halt_on_error = $halt_on_error;
+ $this->_url = $host;
+ $this->_user = $user;
+ $this->_password = $password;
+ /* if ($this->_linkId == false) {
+ $this->_linkId=mysql_connect($host, $user, $password);
+ if ($this->_linkId == false) {
+ $error='chcipla databaza';
+ $this->exception($error);
+ return false;
+ //die();
+ }// else {
+ // mysql_query('set character set utf8');
+ //}
+ $this->_url=$host;
+ $this->_user=$user;
+ $this->_password=$password;
+
+ if ($this->_linkId == false || mysql_select_db($database, $this->_linkId) == false) {
+ $this->exception("1Database failed.");
+ return false;
+ die();
+ }
+ $this->_database=$database;
+ }
+ */
+ return true;
}
- return new result($this->_queryId, $sql);
-}
-
-/* DEPRECATED!
-function executequery($sql) { //same as query()!
- return($this->query($sql));
-}
-
-function executetransaction($queries) {
- $this->executequery("set autocommit=0");
- if (is_array($queries)) {
- foreach ($queries as $query) {
- $this->executequery($query);
+ function update($sql) { //DEPRECATED!!! Use $db->query($sql)->rowCount(); instead!!!
+ if (!$this->Master) {
+ $this->_linkId = false;
+ $this->connect(DB_HOST, DB_USER, DB_PASS, DB_DATABASE);
+ $this->Master = true;
}
- }
- $this->executequery("commit");
- $this->executequery("set autocommit=1");
-}
-function executeupdate($sql) {
- return($this->update($sql));
-}
-*/
-
-function update($sql) {
- if (!$this->Master) {
- $this->_linkId = false;
- $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
- $this->Master = true;
- }
-
- $this->_queryId = @mysql_db_query($this->_database,$sql,$this->_linkId);
+ $this->_queryId = $this->query($sql);
if ($this->_queryId == false) {
$this->exception("update failed.");
}
- $rows=@mysql_affected_rows($this->_linkId);
- return($rows);
-}
+ $rows = @$this->_queryId->rowCount();
+ return ($rows);
+ }
-function getLastInsertId() {
- return(@mysql_insert_id($this->_linkId));
-}
+ function getLastInsertId() { //DEPRECATED!!! Use $db->lastInsertId(); instead!!!
+ return (@$this->lastInsertId());
+ }
-function exception($errorMessage) { //Internal only!
+ protected function exception($errorMessage) {
- echo "";
+ echo "";
- if ($this->_halt_on_error) {
- die("".$errorMessage."
");
+ if ($this->_halt_on_error) {
+ die("".$errorMessage."
");
} else {
echo $errorMessage."
";
return false;
}
}
}
-?>
+