aboutsummaryrefslogtreecommitdiff
path: root/ratatoeskr/sys/db.php
diff options
context:
space:
mode:
Diffstat (limited to 'ratatoeskr/sys/db.php')
-rw-r--r--ratatoeskr/sys/db.php117
1 files changed, 65 insertions, 52 deletions
diff --git a/ratatoeskr/sys/db.php b/ratatoeskr/sys/db.php
index 5ab2688..0b4bb4a 100644
--- a/ratatoeskr/sys/db.php
+++ b/ratatoeskr/sys/db.php
@@ -15,6 +15,8 @@ if(!defined("SETUP"))
require_once(dirname(__FILE__) . "/utils.php");
+$db_con = Null;
+
/*
* Function: db_connect
*
@@ -23,86 +25,97 @@ require_once(dirname(__FILE__) . "/utils.php");
function db_connect()
{
global $config;
- $db_connection = @mysql_pconnect(
- $config["mysql"]["server"],
- $config["mysql"]["user"],
- $config["mysql"]["passwd"]);
- if(!$db_connection)
- throw new MySQLException("Could not connect to database server. " . mysql_error());
+ global $db_con;
- if(!@mysql_select_db($config["mysql"]["db"], $db_connection))
- throw new MySQLException("Could not open database. " . mysql_error());
-
- mysql_query("SET NAMES 'utf8'", $db_connection);
+ $db_con = new PDO(
+ "mysql:host=" . $config["mysql"]["server"] . ";dbname=" . $config["mysql"]["db"] . ";charset=utf8",
+ $config["mysql"]["user"],
+ $config["mysql"]["passwd"],
+ array(
+ PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
+ ));
+ $db_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
-function sqlesc($str)
+/*
+ * Function: sub_prefix
+ *
+ * Substitutes "PREFIX_" in the input string with the prefix from the config.
+ */
+function sub_prefix($q)
{
- return mysql_real_escape_string($str);
+ global $config;
+ return str_replace("PREFIX_", $config["mysql"]["prefix"], $q);
}
/*
- * Function: qdb_vfmt
- * Like <qdb_fmt>, but needs arguments as single array.
+ * Function: prep_stmt
+ *
+ * Prepares a SQL statement using the global DB connection.
+ * This will also replace "PREFIX_" with the prefix defined in 'config.php'.
*
* Parameters:
- * $args - The arguments as an array.
+ * $q - The query / statement to prepare.
*
* Returns:
- * The formatted string.
+ * A PDOStatement object.
*/
-function qdb_vfmt($args)
+function prep_stmt($q)
{
- global $config;
-
- if(count($args) < 1)
- throw new InvalidArgumentException('Need at least one parameter');
-
- $query = $args[0];
-
- $data = array_map(function($x) { return is_string($x) ? sqlesc($x) : $x; }, array_slice($args, 1));
- $query = str_replace("PREFIX_", $config["mysql"]["prefix"], $query);
+ global $db_con;
- return vsprintf($query, $data);
+ return $db_con->prepare(sub_prefix($q));
}
/*
- * Function: qdb_fmt
- * Formats a string like <qdb>, that means it replaces "PREFIX_" and <sqlesc>'s everything before sends everything to vsprintf.
+ * Function: qdb
+ *
+ * Prepares statement (1st argument) with <prep_stmt> and executes it with the remaining arguments.
*
* Returns:
- * The formatted string.
+ * A PDOStatement object.
*/
-function qdb_fmt()
+function qdb()
{
- return qdb_vfmt(func_get_args());
+ $args = func_get_args();
+ if(count($args) < 1)
+ throw new InvalidArgumentException("qdb needs at least 1 argument");
+
+ $stmt = prep_stmt($args[0]);
+ $stmt->execute(array_slice($args, 1));
+ return $stmt;
}
-
/*
- * Function: qdb
- * Query Database.
+ * Function: transaction
*
- * This function replaces mysql_query and should eliminate SQL-Injections.
- * Use it like this:
+ * Executes function $f and wraps it in a transaction.
+ * If $f has thrown an exception, the transactrion will be rolled back and the excetion will be re-thrown.
+ * Otherwise the transaction will be committed.
*
- * $result = qdb("SELECT `foo` FROM `bar` WHERE `id` = %d AND `baz` = '%s'", 100, "lol");
- *
- * It will also replace "PREFIX_" with the prefix defined in 'config.php'.
+ * Parameters:
+ * $f - A function / callback.
*/
-function qdb()
+function transaction($f)
{
- $query = qdb_vfmt(func_get_args());
- $rv = mysql_query($query);
- if($rv === false)
- throw new MySQLException(mysql_errno() . ': ' . mysql_error() . (__DEBUG__ ? ("[[FULL QUERY: " . $query . "]]") : "" ));
- return $rv;
+ global $db_con;
+
+ if($db_con->inTransaction())
+ call_user_func($f);
+ else
+ {
+ try
+ {
+ $db_con->beginTransaction();
+ call_user_func($f);
+ $db_con->commit();
+ }
+ catch(Exception $e)
+ {
+ $db_con->rollBack();
+ throw $e;
+ }
+ }
}
-/*
- * Class: MySQLException
- * Will be thrown by qdb*, if the query induced an MySQL error.
- */
-class MySQLException extends Exception { }
-
?>