aboutsummaryrefslogtreecommitdiff
path: root/ratatoeskr/sys/db.php
diff options
context:
space:
mode:
Diffstat (limited to 'ratatoeskr/sys/db.php')
-rw-r--r--ratatoeskr/sys/db.php103
1 files changed, 103 insertions, 0 deletions
diff --git a/ratatoeskr/sys/db.php b/ratatoeskr/sys/db.php
new file mode 100644
index 0000000..0f3357a
--- /dev/null
+++ b/ratatoeskr/sys/db.php
@@ -0,0 +1,103 @@
+<?php
+/*
+ * File: db.php
+ *
+ * Helper functions for dealing with MySQL.
+ *
+ * This file is part of Ratatöskr.
+ * Ratatöskr is licensed unter the MIT / X11 License.
+ * See "ratatoeskr/licenses/ratatoeskr" for more information.
+ */
+
+require_once(dirname(__FILE__) . "/../config.php");
+require_once(dirname(__FILE__) . "/utils.php");
+
+/*
+ * Function: db_connect
+ *
+ * Establish a connection to the MySQL database.
+ */
+function db_connect()
+{
+ global $config;
+ $db_connection = mysql_pconnect(
+ $config["mysql"]["server"],
+ $config["mysql"]["user"],
+ $config["mysql"]["passwd"]);
+ if(!$db_connection)
+ die("Could not connect to database server. " . mysql_error());
+
+ if(!mysql_select_db($config["mysql"]["db"], $db_connection))
+ die("Could not open database. " . mysql_error());
+
+ mysql_query("SET NAMES 'utf8'", $db_connection);
+}
+
+function sqlesc($str)
+{
+ return mysql_real_escape_string($str);
+}
+
+/*
+ * Class: MySQLException
+ */
+class MySQLException extends Exception { }
+
+/*
+ * Function: qdb_vfmt
+ * Like <qdb_fmt>, but needs arguments as single array.
+ *
+ * Parameters:
+ * $args - The arguments as an array.
+ *
+ * Returns:
+ * The formatted string.
+ */
+function qdb_vfmt($args)
+{
+ global $config;
+
+ if(count($args) < 1)
+ throw new InvalidArgumentException('Need at least one parameter');
+
+ $query = $args[0];
+
+ $data = array_map(function($x) { return is_string($x) ? sqlesc($x) : $x; }, array_slice($args, 1));
+ $query = str_replace("PREFIX_", $config["mysql"]["prefix"], $query);
+
+ return vsprintf($query, $data);
+}
+
+/*
+ * Function: qdb_fmt
+ * Formats a string like <qdb>, that means it replaces "PREFIX_" and <sqlesc>'s everything before sends everything to vsprintf.
+ *
+ * Returns:
+ * The formatted string.
+ */
+function qdb_fmt()
+{
+ return qdb_vfmt(fung_get_args());
+}
+
+/*
+ * Function: qdb
+ * Query Database.
+ *
+ * This function replaces mysql_query and should eliminate SQL-Injections.
+ * Use it like this:
+ *
+ * $result = qdb("SELECT `foo` FROM `bar` WHERE `id` = %d AND `baz` = '%s'", 100, "lol");
+ *
+ * It will also replace "PREFIX_" with the prefix defined in 'config.php'.
+ */
+function qdb()
+{
+ $query = qdb_vfmt(func_get_args());
+ $rv = mysql_query($query);
+ if($rv === false)
+ throw new MySQLException(mysql_errno() . ': ' . mysql_error() . (__DEBUG__ ? ("[[FULL QUERY: " . $query . "]]") : "" ));
+ return $rv;
+}
+
+?>