diff options
author | Kevin Chabowski <kevin@kch42.de> | 2011-07-21 14:14:40 +0200 |
---|---|---|
committer | Kevin Chabowski <kevin@kch42.de> | 2011-07-21 14:14:40 +0200 |
commit | 8f431ef8af6c83aa9ebdcd8a2dd6252759127de1 (patch) | |
tree | eaabc5d0568a182dd911d06afd611d2c17e71754 /ratatoeskr/sys/db.php | |
parent | 70389c5e60bce048cb97f2c91c83fc210cf44797 (diff) | |
download | ratatoeskr-cms-8f431ef8af6c83aa9ebdcd8a2dd6252759127de1.tar.gz ratatoeskr-cms-8f431ef8af6c83aa9ebdcd8a2dd6252759127de1.tar.bz2 ratatoeskr-cms-8f431ef8af6c83aa9ebdcd8a2dd6252759127de1.zip |
(Almost) finished DB-Models / abstraction layer.
Diffstat (limited to 'ratatoeskr/sys/db.php')
-rw-r--r-- | ratatoeskr/sys/db.php | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/ratatoeskr/sys/db.php b/ratatoeskr/sys/db.php new file mode 100644 index 0000000..0f3357a --- /dev/null +++ b/ratatoeskr/sys/db.php @@ -0,0 +1,103 @@ +<?php +/* + * File: db.php + * + * Helper functions for dealing with MySQL. + * + * This file is part of Ratatöskr. + * Ratatöskr is licensed unter the MIT / X11 License. + * See "ratatoeskr/licenses/ratatoeskr" for more information. + */ + +require_once(dirname(__FILE__) . "/../config.php"); +require_once(dirname(__FILE__) . "/utils.php"); + +/* + * Function: db_connect + * + * Establish a connection to the MySQL database. + */ +function db_connect() +{ + global $config; + $db_connection = mysql_pconnect( + $config["mysql"]["server"], + $config["mysql"]["user"], + $config["mysql"]["passwd"]); + if(!$db_connection) + die("Could not connect to database server. " . mysql_error()); + + if(!mysql_select_db($config["mysql"]["db"], $db_connection)) + die("Could not open database. " . mysql_error()); + + mysql_query("SET NAMES 'utf8'", $db_connection); +} + +function sqlesc($str) +{ + return mysql_real_escape_string($str); +} + +/* + * Class: MySQLException + */ +class MySQLException extends Exception { } + +/* + * Function: qdb_vfmt + * Like <qdb_fmt>, but needs arguments as single array. + * + * Parameters: + * $args - The arguments as an array. + * + * Returns: + * The formatted string. + */ +function qdb_vfmt($args) +{ + global $config; + + if(count($args) < 1) + throw new InvalidArgumentException('Need at least one parameter'); + + $query = $args[0]; + + $data = array_map(function($x) { return is_string($x) ? sqlesc($x) : $x; }, array_slice($args, 1)); + $query = str_replace("PREFIX_", $config["mysql"]["prefix"], $query); + + return vsprintf($query, $data); +} + +/* + * Function: qdb_fmt + * Formats a string like <qdb>, that means it replaces "PREFIX_" and <sqlesc>'s everything before sends everything to vsprintf. + * + * Returns: + * The formatted string. + */ +function qdb_fmt() +{ + return qdb_vfmt(fung_get_args()); +} + +/* + * Function: qdb + * Query Database. + * + * This function replaces mysql_query and should eliminate SQL-Injections. + * Use it like this: + * + * $result = qdb("SELECT `foo` FROM `bar` WHERE `id` = %d AND `baz` = '%s'", 100, "lol"); + * + * It will also replace "PREFIX_" with the prefix defined in 'config.php'. + */ +function qdb() +{ + $query = qdb_vfmt(func_get_args()); + $rv = mysql_query($query); + if($rv === false) + throw new MySQLException(mysql_errno() . ': ' . mysql_error() . (__DEBUG__ ? ("[[FULL QUERY: " . $query . "]]") : "" )); + return $rv; +} + +?> |