diff options
author | Kevin Chabowski <kevin@kch42.de> | 2013-10-02 22:20:56 +0200 |
---|---|---|
committer | Kevin Chabowski <kevin@kch42.de> | 2013-10-03 22:22:06 +0200 |
commit | 2679351132552536fec082cc9ec22fb474ebdff2 (patch) | |
tree | 0d57424d366a5860e16c1d31908cebabd7c3e758 /ratatoeskr/sys/db.php | |
parent | b15a2a020981a26d6eb77c2af626ef7df4da8bbc (diff) | |
download | ratatoeskr-cms-2679351132552536fec082cc9ec22fb474ebdff2.tar.gz ratatoeskr-cms-2679351132552536fec082cc9ec22fb474ebdff2.tar.bz2 ratatoeskr-cms-2679351132552536fec082cc9ec22fb474ebdff2.zip |
models.php now uses PDO (UNTESTED!)
Diffstat (limited to 'ratatoeskr/sys/db.php')
-rw-r--r-- | ratatoeskr/sys/db.php | 117 |
1 files changed, 65 insertions, 52 deletions
diff --git a/ratatoeskr/sys/db.php b/ratatoeskr/sys/db.php index 5ab2688..18776bb 100644 --- a/ratatoeskr/sys/db.php +++ b/ratatoeskr/sys/db.php @@ -15,6 +15,8 @@ if(!defined("SETUP")) require_once(dirname(__FILE__) . "/utils.php"); +$db_con = Null; + /* * Function: db_connect * @@ -23,86 +25,97 @@ require_once(dirname(__FILE__) . "/utils.php"); function db_connect() { global $config; - $db_connection = @mysql_pconnect( - $config["mysql"]["server"], - $config["mysql"]["user"], - $config["mysql"]["passwd"]); - if(!$db_connection) - throw new MySQLException("Could not connect to database server. " . mysql_error()); + global $db_con; - if(!@mysql_select_db($config["mysql"]["db"], $db_connection)) - throw new MySQLException("Could not open database. " . mysql_error()); - - mysql_query("SET NAMES 'utf8'", $db_connection); + $db_con = new PDO( + "mysql:host=" . $config["mysql"]["server"] . ",dbname=" . $config["mysql"]["db"] . ",charset=utf8", + $config["mysql"]["user"], + $config["mysql"]["passwd"], + array( + PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8', + )); + $db_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } -function sqlesc($str) +/* + * Function: sub_prefix + * + * Substitutes "PREFIX_" in the input string with the prefix from the config. + */ +function sub_prefix($q) { - return mysql_real_escape_string($str); + global $config; + return str_replace("PREFIX_", $config["mysql"]["prefix"], $q); } /* - * Function: qdb_vfmt - * Like <qdb_fmt>, but needs arguments as single array. + * Function: prep_stmt + * + * Prepares a SQL statement using the global DB connection. + * This will also replace "PREFIX_" with the prefix defined in 'config.php'. * * Parameters: - * $args - The arguments as an array. + * $q - The query / statement to prepare. * * Returns: - * The formatted string. + * A PDOStatement object. */ -function qdb_vfmt($args) +function prep_stmt($q) { - global $config; - - if(count($args) < 1) - throw new InvalidArgumentException('Need at least one parameter'); - - $query = $args[0]; - - $data = array_map(function($x) { return is_string($x) ? sqlesc($x) : $x; }, array_slice($args, 1)); - $query = str_replace("PREFIX_", $config["mysql"]["prefix"], $query); + global $db_con; - return vsprintf($query, $data); + return $db_con->prepare(sub_prefix($q)); } /* - * Function: qdb_fmt - * Formats a string like <qdb>, that means it replaces "PREFIX_" and <sqlesc>'s everything before sends everything to vsprintf. + * Function: qdb + * + * Prepares statement (1st argument) with <prep_stmt> and executes it with the remaining arguments. * * Returns: - * The formatted string. + * A PDOStatement object. */ -function qdb_fmt() +function qdb() { - return qdb_vfmt(func_get_args()); + $args = func_get_args(); + if(count($args) < 1) + throw new InvalidArgumentException("qdb needs at least 1 argument"); + + $stmt = prep_stmt($args[0]); + $stmt->execute(array_slice($args, 1)); + return $stmt; } - /* - * Function: qdb - * Query Database. + * Function: transaction * - * This function replaces mysql_query and should eliminate SQL-Injections. - * Use it like this: + * Executes function $f and wraps it in a transaction. + * If $f has thrown an exception, the transactrion will be rolled back and the excetion will be re-thrown. + * Otherwise the transaction will be committed. * - * $result = qdb("SELECT `foo` FROM `bar` WHERE `id` = %d AND `baz` = '%s'", 100, "lol"); - * - * It will also replace "PREFIX_" with the prefix defined in 'config.php'. + * Parameters: + * $f - A function / callback. */ -function qdb() +function transaction($f) { - $query = qdb_vfmt(func_get_args()); - $rv = mysql_query($query); - if($rv === false) - throw new MySQLException(mysql_errno() . ': ' . mysql_error() . (__DEBUG__ ? ("[[FULL QUERY: " . $query . "]]") : "" )); - return $rv; + global $db_con; + + if($db_con->inTransaction()) + call_user_func($f); + else + { + try + { + $db_con->beginTransaction(); + call_user_func($f); + $db_con->commit(); + } + catch(Exception $e) + { + $db_con->rollBack(); + throw $e; + } + } } -/* - * Class: MySQLException - * Will be thrown by qdb*, if the query induced an MySQL error. - */ -class MySQLException extends Exception { } - ?> |