From 8f431ef8af6c83aa9ebdcd8a2dd6252759127de1 Mon Sep 17 00:00:00 2001
From: Kevin Chabowski <kevin@kch42.de>
Date: Thu, 21 Jul 2011 14:14:40 +0200
Subject: (Almost) finished DB-Models / abstraction layer.

---
 ratatoeskr/sys/db.php | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 103 insertions(+)
 create mode 100644 ratatoeskr/sys/db.php

(limited to 'ratatoeskr/sys/db.php')

diff --git a/ratatoeskr/sys/db.php b/ratatoeskr/sys/db.php
new file mode 100644
index 0000000..0f3357a
--- /dev/null
+++ b/ratatoeskr/sys/db.php
@@ -0,0 +1,103 @@
+<?php
+/*
+ * File: db.php
+ * 
+ * Helper functions for dealing with MySQL.
+ *
+ * This file is part of Ratatöskr.
+ * Ratatöskr is licensed unter the MIT / X11 License.
+ * See "ratatoeskr/licenses/ratatoeskr" for more information.
+ */
+
+require_once(dirname(__FILE__) . "/../config.php");
+require_once(dirname(__FILE__) . "/utils.php");
+
+/*
+ * Function: db_connect
+ *
+ * Establish a connection to the MySQL database.
+ */
+function db_connect()
+{
+	global $config;
+	$db_connection = mysql_pconnect(
+		$config["mysql"]["server"],
+		$config["mysql"]["user"],
+		$config["mysql"]["passwd"]);
+	if(!$db_connection)
+		die("Could not connect to database server. " . mysql_error());
+	
+	if(!mysql_select_db($config["mysql"]["db"], $db_connection))
+		die("Could not open database. " . mysql_error());
+
+	mysql_query("SET NAMES 'utf8'", $db_connection);
+}
+
+function sqlesc($str)
+{
+	return mysql_real_escape_string($str);
+}
+
+/*
+ * Class: MySQLException
+ */
+class MySQLException extends Exception { }
+
+/*
+ * Function: qdb_vfmt
+ * Like <qdb_fmt>, but needs arguments as single array. 
+ * 
+ * Parameters:
+ * 	$args - The arguments as an array.
+ * 
+ * Returns:
+ * 	The formatted string.
+ */
+function qdb_vfmt($args)
+{
+	global $config;
+	
+	if(count($args) < 1)
+		throw new InvalidArgumentException('Need at least one parameter');
+	
+	$query = $args[0];
+	
+	$data = array_map(function($x) { return is_string($x) ? sqlesc($x) : $x; }, array_slice($args, 1));
+	$query = str_replace("PREFIX_", $config["mysql"]["prefix"], $query);
+	
+	return vsprintf($query, $data);
+}
+
+/*
+ * Function: qdb_fmt
+ * Formats a string like <qdb>, that means it replaces "PREFIX_" and <sqlesc>'s everything before sends everything to vsprintf.
+ * 
+ * Returns:
+ * 	The formatted string.
+ */
+function qdb_fmt()
+{
+	return qdb_vfmt(fung_get_args());
+}
+
+/*
+ * Function: qdb
+ * Query Database.
+ * 
+ * This function replaces mysql_query and should eliminate SQL-Injections.
+ * Use it like this:
+ * 
+ * $result = qdb("SELECT `foo` FROM `bar` WHERE `id` = %d AND `baz` = '%s'", 100, "lol");
+ * 
+ * It will also replace "PREFIX_" with the prefix defined in 'config.php'.
+ */
+function qdb()
+{
+	$query = qdb_vfmt(func_get_args());
+	$rv = mysql_query($query);
+	if($rv === false)
+		throw new MySQLException(mysql_errno() . ': ' . mysql_error() . (__DEBUG__ ? ("[[FULL QUERY: " . $query . "]]") : "" ));
+	return $rv;
+}
+
+?>
-- 
cgit v1.2.3-70-g09d2