From 2679351132552536fec082cc9ec22fb474ebdff2 Mon Sep 17 00:00:00 2001 From: Kevin Chabowski Date: Wed, 2 Oct 2013 22:20:56 +0200 Subject: models.php now uses PDO (UNTESTED!) --- ratatoeskr/sys/db.php | 117 ++++++++++++++++++++++++++++---------------------- 1 file changed, 65 insertions(+), 52 deletions(-) (limited to 'ratatoeskr/sys/db.php') diff --git a/ratatoeskr/sys/db.php b/ratatoeskr/sys/db.php index 5ab2688..18776bb 100644 --- a/ratatoeskr/sys/db.php +++ b/ratatoeskr/sys/db.php @@ -15,6 +15,8 @@ if(!defined("SETUP")) require_once(dirname(__FILE__) . "/utils.php"); +$db_con = Null; + /* * Function: db_connect * @@ -23,86 +25,97 @@ require_once(dirname(__FILE__) . "/utils.php"); function db_connect() { global $config; - $db_connection = @mysql_pconnect( - $config["mysql"]["server"], - $config["mysql"]["user"], - $config["mysql"]["passwd"]); - if(!$db_connection) - throw new MySQLException("Could not connect to database server. " . mysql_error()); + global $db_con; - if(!@mysql_select_db($config["mysql"]["db"], $db_connection)) - throw new MySQLException("Could not open database. " . mysql_error()); - - mysql_query("SET NAMES 'utf8'", $db_connection); + $db_con = new PDO( + "mysql:host=" . $config["mysql"]["server"] . ",dbname=" . $config["mysql"]["db"] . ",charset=utf8", + $config["mysql"]["user"], + $config["mysql"]["passwd"], + array( + PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8', + )); + $db_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } -function sqlesc($str) +/* + * Function: sub_prefix + * + * Substitutes "PREFIX_" in the input string with the prefix from the config. + */ +function sub_prefix($q) { - return mysql_real_escape_string($str); + global $config; + return str_replace("PREFIX_", $config["mysql"]["prefix"], $q); } /* - * Function: qdb_vfmt - * Like , but needs arguments as single array. + * Function: prep_stmt + * + * Prepares a SQL statement using the global DB connection. + * This will also replace "PREFIX_" with the prefix defined in 'config.php'. * * Parameters: - * $args - The arguments as an array. + * $q - The query / statement to prepare. * * Returns: - * The formatted string. + * A PDOStatement object. */ -function qdb_vfmt($args) +function prep_stmt($q) { - global $config; - - if(count($args) < 1) - throw new InvalidArgumentException('Need at least one parameter'); - - $query = $args[0]; - - $data = array_map(function($x) { return is_string($x) ? sqlesc($x) : $x; }, array_slice($args, 1)); - $query = str_replace("PREFIX_", $config["mysql"]["prefix"], $query); + global $db_con; - return vsprintf($query, $data); + return $db_con->prepare(sub_prefix($q)); } /* - * Function: qdb_fmt - * Formats a string like , that means it replaces "PREFIX_" and 's everything before sends everything to vsprintf. + * Function: qdb + * + * Prepares statement (1st argument) with and executes it with the remaining arguments. * * Returns: - * The formatted string. + * A PDOStatement object. */ -function qdb_fmt() +function qdb() { - return qdb_vfmt(func_get_args()); + $args = func_get_args(); + if(count($args) < 1) + throw new InvalidArgumentException("qdb needs at least 1 argument"); + + $stmt = prep_stmt($args[0]); + $stmt->execute(array_slice($args, 1)); + return $stmt; } - /* - * Function: qdb - * Query Database. + * Function: transaction * - * This function replaces mysql_query and should eliminate SQL-Injections. - * Use it like this: + * Executes function $f and wraps it in a transaction. + * If $f has thrown an exception, the transactrion will be rolled back and the excetion will be re-thrown. + * Otherwise the transaction will be committed. * - * $result = qdb("SELECT `foo` FROM `bar` WHERE `id` = %d AND `baz` = '%s'", 100, "lol"); - * - * It will also replace "PREFIX_" with the prefix defined in 'config.php'. + * Parameters: + * $f - A function / callback. */ -function qdb() +function transaction($f) { - $query = qdb_vfmt(func_get_args()); - $rv = mysql_query($query); - if($rv === false) - throw new MySQLException(mysql_errno() . ': ' . mysql_error() . (__DEBUG__ ? ("[[FULL QUERY: " . $query . "]]") : "" )); - return $rv; + global $db_con; + + if($db_con->inTransaction()) + call_user_func($f); + else + { + try + { + $db_con->beginTransaction(); + call_user_func($f); + $db_con->commit(); + } + catch(Exception $e) + { + $db_con->rollBack(); + throw $e; + } + } } -/* - * Class: MySQLException - * Will be thrown by qdb*, if the query induced an MySQL error. - */ -class MySQLException extends Exception { } - ?> -- cgit v1.2.3-54-g00ecf From 8f5461a4d9036c432c63c3f6bbb5cfc03ebcd59b Mon Sep 17 00:00:00 2001 From: Kevin Chabowski Date: Thu, 3 Oct 2013 22:17:59 +0200 Subject: Fixed PDO DSN. --- ratatoeskr/sys/db.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'ratatoeskr/sys/db.php') diff --git a/ratatoeskr/sys/db.php b/ratatoeskr/sys/db.php index 18776bb..0b4bb4a 100644 --- a/ratatoeskr/sys/db.php +++ b/ratatoeskr/sys/db.php @@ -28,7 +28,7 @@ function db_connect() global $db_con; $db_con = new PDO( - "mysql:host=" . $config["mysql"]["server"] . ",dbname=" . $config["mysql"]["db"] . ",charset=utf8", + "mysql:host=" . $config["mysql"]["server"] . ";dbname=" . $config["mysql"]["db"] . ";charset=utf8", $config["mysql"]["user"], $config["mysql"]["passwd"], array( -- cgit v1.2.3-54-g00ecf