1 files changed, 65 insertions, 52 deletions
diff --git a/ratatoeskr/sys/db.php b/ratatoeskr/sys/db.php
index 5ab2688..18776bb 100644
--- a/ratatoeskr/sys/db.php
+++ b/ratatoeskr/sys/db.php
@@ -15,6 +15,8 @@ if(!defined("SETUP"))
 
 require_once(dirname(__FILE__) . "/utils.php");
 
+$db_con = Null;
+
 /*
  * Function: db_connect
  *
@@ -23,86 +25,97 @@ require_once(dirname(__FILE__) . "/utils.php");
 function db_connect()
 {
 	global $config;
-	$db_connection = @mysql_pconnect(
-		$config["mysql"]["server"],
-		$config["mysql"]["user"],
-		$config["mysql"]["passwd"]);
-	if(!$db_connection)
-		throw new MySQLException("Could not connect to database server. " . mysql_error());
+	global $db_con;
 	
-	if(!@mysql_select_db($config["mysql"]["db"], $db_connection))
-		throw new MySQLException("Could not open database. " . mysql_error());
-	
-	mysql_query("SET NAMES 'utf8'", $db_connection);
+	$db_con = new PDO(
+		"mysql:host=" . $config["mysql"]["server"] . ",dbname=" . $config["mysql"]["db"] . ",charset=utf8",
+		$config["mysql"]["user"],
+		$config["mysql"]["passwd"],
+		array(
+			PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
+		));
+	$db_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 }
 
-function sqlesc($str)
+/*
+ * Function: sub_prefix
+ *
+ * Substitutes "PREFIX_" in the input string with the prefix from the config.
+ */
+function sub_prefix($q)
 {
-	return mysql_real_escape_string($str);
+	global $config;
+	return str_replace("PREFIX_", $config["mysql"]["prefix"], $q);
 }
 
 /*
- * Function: qdb_vfmt
- * Like <qdb_fmt>, but needs arguments as single array. 
+ * Function: prep_stmt
+ * 
+ * Prepares a SQL statement using the global DB connection.
+ * This will also replace "PREFIX_" with the prefix defined in 'config.php'.
  * 
  * Parameters:
- * 	$args - The arguments as an array.
+ * 	$q - The query / statement to prepare.
  * 
  * Returns:
- * 	The formatted string.
+ * 	A PDOStatement object.
  */
-function qdb_vfmt($args)
+function prep_stmt($q)
 {
-	global $config;
-	
-	if(count($args) < 1)
-		throw new InvalidArgumentException('Need at least one parameter');
-	
-	$query = $args[0];
-	
-	$data = array_map(function($x) { return is_string($x) ? sqlesc($x) : $x; }, array_slice($args, 1));
-	$query = str_replace("PREFIX_", $config["mysql"]["prefix"], $query);
+	global $db_con;
 	
-	return vsprintf($query, $data);
+	return $db_con->prepare(sub_prefix($q));
 }
 
 /*
- * Function: qdb_fmt
- * Formats a string like <qdb>, that means it replaces "PREFIX_" and <sqlesc>'s everything before sends everything to vsprintf.
+ * Function: qdb
+ * 
+ * Prepares statement (1st argument) with <prep_stmt> and executes it with the remaining arguments.
  * 
  * Returns:
- * 	The formatted string.
+ * 	A PDOStatement object.
  */
-function qdb_fmt()
+function qdb()
 {
-	return qdb_vfmt(func_get_args());
+	$args = func_get_args();
+	if(count($args) < 1)
+		throw new InvalidArgumentException("qdb needs at least 1 argument");
+	
+	$stmt = prep_stmt($args[0]);
+	$stmt->execute(array_slice($args, 1));
+	return $stmt;
 }
 
-
 /*
- * Function: qdb
- * Query Database.
+ * Function: transaction
  * 
- * This function replaces mysql_query and should eliminate SQL-Injections.
- * Use it like this:
+ * Executes function $f and wraps it in a transaction.
+ * If $f has thrown an exception, the transactrion will be rolled back and the excetion will be re-thrown.
+ * Otherwise the transaction will be committed.
  * 
- * $result = qdb("SELECT `foo` FROM `bar` WHERE `id` = %d AND `baz` = '%s'", 100, "lol");
- * 
- * It will also replace "PREFIX_" with the prefix defined in 'config.php'.
+ * Parameters:
+ * 	$f - A function / callback.
  */
-function qdb()
+function transaction($f)
 {
-	$query = qdb_vfmt(func_get_args());
-	$rv = mysql_query($query);
-	if($rv === false)
-		throw new MySQLException(mysql_errno() . ': ' . mysql_error() . (__DEBUG__ ? ("[[FULL QUERY: " . $query . "]]") : "" ));
-	return $rv;
+	global $db_con;
+	
+	if($db_con->inTransaction())
+		call_user_func($f);
+	else
+	{
+		try
+		{
+			$db_con->beginTransaction();
+			call_user_func($f);
+			$db_con->commit();
+		}
+		catch(Exception $e)
+		{
+			$db_con->rollBack();
+			throw $e;
+		}
+	}
 }
 
-/*
- * Class: MySQLException
- * Will be thrown by qdb*, if the query induced an MySQL error.
- */
-class MySQLException extends Exception { }
-
 ?>