1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
<?php
/*
* File: ratatoeskr/sys/db.php
*
* Helper functions for dealing with MySQL.
*
* License:
* This file is part of Ratatöskr.
* Ratatöskr is licensed unter the MIT / X11 License.
* See "ratatoeskr/licenses/ratatoeskr" for more information.
*/
require_once(dirname(__FILE__) . "/config.php");
require_once(dirname(__FILE__) . "/utils.php");
/*
* Function: db_connect
*
* Establish a connection to the MySQL database.
*/
function db_connect()
{
global $config;
$db_connection = mysql_pconnect(
$config["mysql"]["server"],
$config["mysql"]["user"],
$config["mysql"]["passwd"]);
if(!$db_connection)
die("Could not connect to database server. " . mysql_error());
if(!mysql_select_db($config["mysql"]["db"], $db_connection))
die("Could not open database. " . mysql_error());
mysql_query("SET NAMES 'utf8'", $db_connection);
}
function sqlesc($str)
{
return mysql_real_escape_string($str);
}
/*
* Function: qdb_vfmt
* Like <qdb_fmt>, but needs arguments as single array.
*
* Parameters:
* $args - The arguments as an array.
*
* Returns:
* The formatted string.
*/
function qdb_vfmt($args)
{
global $config;
if(count($args) < 1)
throw new InvalidArgumentException('Need at least one parameter');
$query = $args[0];
$data = array_map(function($x) { return is_string($x) ? sqlesc($x) : $x; }, array_slice($args, 1));
$query = str_replace("PREFIX_", $config["mysql"]["prefix"], $query);
return vsprintf($query, $data);
}
/*
* Function: qdb_fmt
* Formats a string like <qdb>, that means it replaces "PREFIX_" and <sqlesc>'s everything before sends everything to vsprintf.
*
* Returns:
* The formatted string.
*/
function qdb_fmt()
{
return qdb_vfmt(func_get_args());
}
/*
* Function: qdb
* Query Database.
*
* This function replaces mysql_query and should eliminate SQL-Injections.
* Use it like this:
*
* $result = qdb("SELECT `foo` FROM `bar` WHERE `id` = %d AND `baz` = '%s'", 100, "lol");
*
* It will also replace "PREFIX_" with the prefix defined in 'config.php'.
*/
function qdb()
{
$query = qdb_vfmt(func_get_args());
$rv = mysql_query($query);
if($rv === false)
throw new MySQLException(mysql_errno() . ': ' . mysql_error() . (__DEBUG__ ? ("[[FULL QUERY: " . $query . "]]") : "" ));
return $rv;
}
/*
* Class: MySQLException
* Will be thrown by qdb*, if the query induced an MySQL error.
*/
class MySQLException extends Exception { }
?>
|