api.mysql.php 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465
  1. <?php
  2. ////////////////////////////////////////////////////////////////////////////////
  3. // //
  4. // This program is distributed in the hope that it will be useful, //
  5. // but WITHOUT ANY WARRANTY, without even the implied warranty of //
  6. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
  7. // //
  8. // This product released under GNU General Public License v2 //
  9. ////////////////////////////////////////////////////////////////////////////////
  10. /**
  11. * Debug on/off
  12. */
  13. define("DEBUG", 0);
  14. $query_counter = 0;
  15. if (!extension_loaded('mysql')) {
  16. /**
  17. * MySQLi database layer
  18. *
  19. */
  20. if (!($db_config = @parse_ini_file('config/' . 'mysql.ini'))) {
  21. print('Cannot load mysql configuration');
  22. exit;
  23. }
  24. $dbport = (empty($db_config['port'])) ? 3306 : $db_config['port'];
  25. $loginDB = new mysqli($db_config['server'], $db_config['username'], $db_config['password'], $db_config['db'], $dbport);
  26. if ($loginDB->connect_error) {
  27. die('Connection error (' . $loginDB->connect_errno . ') '
  28. . $loginDB->connect_error);
  29. } else {
  30. $loginDB->query("set character_set_client='" . $db_config['character'] . "'");
  31. $loginDB->query("set character_set_results='" . $db_config['character'] . "'");
  32. $loginDB->query("set collation_connection='" . $db_config['character'] . "_general_ci'");
  33. }
  34. /**
  35. * Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection
  36. *
  37. * @global mysqli $loginDB
  38. * @param aata to filter $parametr
  39. *
  40. * @return string
  41. */
  42. function loginDB_real_escape_string($parametr) {
  43. global $loginDB;
  44. $result = $loginDB->real_escape_string($parametr);
  45. return($result);
  46. }
  47. if (!function_exists('mysql_real_escape_string')) {
  48. /**
  49. * Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection
  50. *
  51. * @param string $data
  52. *
  53. * @return string
  54. */
  55. function mysql_real_escape_string($data) {
  56. return(loginDB_real_escape_string($data));
  57. }
  58. }
  59. /**
  60. * Executing query and returns result as array
  61. *
  62. * @global int $query_counter
  63. * @param string $query
  64. * @return array
  65. */
  66. function simple_queryall($query) {
  67. global $loginDB, $query_counter;
  68. if (DEBUG) {
  69. print ($query . "\n");
  70. }
  71. $result = array();
  72. $queried = $loginDB->query($query) or die('wrong data input: ' . $query);
  73. while ($row = mysqli_fetch_assoc($queried)) {
  74. $result[] = $row;
  75. }
  76. $query_counter++;
  77. return($result);
  78. }
  79. /**
  80. * Executing query and returns array of first result
  81. *
  82. * @global int $query_counter
  83. * @param string $query
  84. * @return array
  85. */
  86. function simple_query($query) {
  87. global $loginDB, $query_counter;
  88. if (DEBUG) {
  89. print ($query . "\n");
  90. }
  91. $queried = $loginDB->query($query) or die('wrong data input: ' . $query);
  92. $result = mysqli_fetch_assoc($queried);
  93. $query_counter++;
  94. return($result);
  95. }
  96. /**
  97. * Updates single field in table with where expression
  98. *
  99. * @param string $tablename
  100. * @param string $field
  101. * @param string $value
  102. * @param string $where
  103. * @param bool $NoQuotesAroundValue
  104. */
  105. function simple_update_field($tablename, $field, $value, $where = '', $NoQuotesAroundValue = false) {
  106. $tablename = loginDB_real_escape_string($tablename);
  107. $value = loginDB_real_escape_string($value);
  108. $field = loginDB_real_escape_string($field);
  109. if ($NoQuotesAroundValue) {
  110. $query = "UPDATE `" . $tablename . "` SET `" . $field . "` = " . $value . " " . $where . "";
  111. } else {
  112. $query = "UPDATE `" . $tablename . "` SET `" . $field . "` = '" . $value . "' " . $where . "";
  113. }
  114. nr_query($query);
  115. }
  116. /**
  117. * Returns last used `id` field available in some table
  118. *
  119. * @param string $tablename
  120. * @return int
  121. */
  122. function simple_get_lastid($tablename) {
  123. $tablename = loginDB_real_escape_string($tablename);
  124. $query = "SELECT `id` from `" . $tablename . "` ORDER BY `id` DESC LIMIT 1";
  125. $result = simple_query($query);
  126. return($result['id']);
  127. }
  128. /**
  129. * Just executing single query
  130. *
  131. * @global int $query_counter
  132. * @param string $query
  133. * @return mixed
  134. */
  135. function nr_query($query) {
  136. global $loginDB, $query_counter;
  137. if (DEBUG) {
  138. print ($query . "\n");
  139. }
  140. $queried = $loginDB->query($query) or die('wrong data input: ' . $query);
  141. $query_counter++;
  142. return($queried);
  143. }
  144. } else {
  145. /**
  146. * MySQL database old driver abstraction class
  147. *
  148. */
  149. class MySQLDB {
  150. var $connection;
  151. var $last_query_num = 0;
  152. var $db_config = array();
  153. /**
  154. * last query result id
  155. *
  156. * @var MySQL result
  157. */
  158. var $lastresult;
  159. /**
  160. * last query assoc value
  161. *
  162. * @var bool
  163. */
  164. var $assoc = true;
  165. /**
  166. * Initialises connection with MySQL database server and selects needed db
  167. *
  168. * @param MySQL Connection Id $connection
  169. * @return MySQLDB
  170. */
  171. public function __construct($connection = false) {
  172. if ($connection)
  173. $this->connection = $connection;
  174. else {
  175. if (!($this->db_config = @parse_ini_file('config/' . 'mysql.ini'))) {
  176. print(('Cannot load mysql configuration'));
  177. return false;
  178. }
  179. if (!extension_loaded('mysql')) {
  180. print(('Unable to load module for database server "mysql": PHP mysql extension not available!'));
  181. return false;
  182. }
  183. $dbport = (empty($this->db_config['port'])) ? 3306 : $this->db_config['port'];
  184. $this->connection = @mysql_connect($this->db_config['server'] . ':' . $dbport, $this->db_config['username'], $this->db_config['password']);
  185. }
  186. if (empty($this->connection)) {
  187. print(('Unable to connect to database server!'));
  188. return false;
  189. } else if (!@mysql_select_db($this->db_config['db'], $this->connection)) {
  190. $this->db_error();
  191. return false;
  192. }
  193. mysql_query("set character_set_client='" . $this->db_config['character'] . "'");
  194. mysql_query("set character_set_results='" . $this->db_config['character'] . "'");
  195. mysql_query("set collation_connection='" . $this->db_config['character'] . "_general_ci'");
  196. return true;
  197. }
  198. /**
  199. * Executes query and returns result identifier
  200. *
  201. * @param string $query
  202. * @return MySQL result
  203. */
  204. function query($query) {
  205. // use escape/vf function for input data.
  206. $result = @mysql_query($query, $this->connection) or $this->db_error(0, $query);
  207. $this->last_query_num++;
  208. return $result;
  209. }
  210. /**
  211. * Executes query and makes abstract data read available
  212. *
  213. * @param string $query
  214. * @param bool $assoc
  215. */
  216. function ExecuteReader($query, $assoc = true) {
  217. $this->lastresult = $this->query($query);
  218. $this->assoc = $assoc;
  219. }
  220. /**
  221. * Link to query method
  222. *
  223. * @param string $query
  224. * @return MySQL result
  225. */
  226. function ExecuteNonQuery($query) {
  227. $result = $this->query($query);
  228. return (mysql_affected_rows() == 0 ? false : $result);
  229. }
  230. /**
  231. * Returns array with from the current query result
  232. *
  233. * @return array
  234. */
  235. function Read() {
  236. if ($this->assoc) {
  237. $result = @mysql_fetch_assoc($this->lastresult) or false;
  238. } else {
  239. $result = @mysql_fetch_row($this->lastresult) or false;
  240. }
  241. return $result;
  242. }
  243. /**
  244. * Returns one row from the current query result
  245. *
  246. * @param int $row
  247. * @return string
  248. */
  249. function ReadSingleRow($row) {
  250. return mysql_result($this->lastresult, $row) or false;
  251. }
  252. /**
  253. * Prints MySQL error message; swithing DEBUG, prints MySQL error description or sends it to administrator
  254. *
  255. */
  256. function db_error($show = 0, $query = '') {
  257. global $system;
  258. if (!in_array(mysql_errno(), array(1062, 1065, 1191))) { // Errcodes in array are handled at another way :)
  259. if (DEBUG == 1 || $show == 1) {
  260. $warning = '<br><b>' . ('MySQL Error') . ':</b><br><i>';
  261. $warning.=mysql_errno() . ' : ' . mysql_error() . (empty($query) ? '</i>' : '<br>In query: <textarea cols="50" rows="7">' . $query . '</textarea></i>');
  262. print($warning) or print($warning);
  263. } else {
  264. print('An error occured. Please, try again later. Thank You !');
  265. @$message.=mysql_errno() . ':' . mysql_error() . "\r\n";
  266. $message.=(empty($query) ? '' : "In query: \r\n" . $query . "\r\n");
  267. die('MySQL error ' . $message);
  268. }
  269. }
  270. }
  271. /**
  272. * Escapes string to use in SQL query
  273. *
  274. * @param string $string
  275. * @return string
  276. */
  277. function escape($string) {
  278. if (!get_magic_quotes_gpc())
  279. return mysql_real_escape_string($string, $this->connection);
  280. else
  281. return mysql_real_escape_string(stripslashes($string), $this->connection);
  282. }
  283. /**
  284. * Disconnects from database server
  285. *
  286. */
  287. function disconnect() {
  288. @mysql_close($this->connection);
  289. }
  290. }
  291. /**
  292. * Executing query and returns result as array
  293. *
  294. * @global int $query_counter
  295. * @param string $query
  296. * @return array
  297. */
  298. function simple_queryall($query) {
  299. global $query_counter;
  300. if (DEBUG) {
  301. print ($query . "\n");
  302. }
  303. $result = array();
  304. $queried = mysql_query($query) or die('wrong data input: ' . $query);
  305. while ($row = mysql_fetch_assoc($queried)) {
  306. $result[] = $row;
  307. }
  308. $query_counter++;
  309. return($result);
  310. }
  311. /**
  312. * Executing query and returns array of first result
  313. *
  314. * @global int $query_counter
  315. * @param string $query
  316. * @return array
  317. */
  318. function simple_query($query) {
  319. global $query_counter;
  320. if (DEBUG) {
  321. print ($query . "\n");
  322. }
  323. $queried = mysql_query($query) or die('wrong data input: ' . $query);
  324. $result = mysql_fetch_assoc($queried);
  325. $query_counter++;
  326. return($result);
  327. }
  328. /**
  329. * Updates single field in table with where expression
  330. *
  331. * @param string $tablename
  332. * @param string $field
  333. * @param string $value
  334. * @param string $where
  335. * @param bool $NoQuotesAroundValue
  336. */
  337. function simple_update_field($tablename, $field, $value, $where = '', $NoQuotesAroundValue = false) {
  338. $tablename = mysql_real_escape_string($tablename);
  339. $value = mysql_real_escape_string($value);
  340. $field = mysql_real_escape_string($field);
  341. if ($NoQuotesAroundValue) {
  342. $query = "UPDATE `" . $tablename . "` SET `" . $field . "` = " . $value . " " . $where . "";
  343. } else {
  344. $query = "UPDATE `" . $tablename . "` SET `" . $field . "` = '" . $value . "' " . $where . "";
  345. }
  346. nr_query($query);
  347. }
  348. /**
  349. * Returns last used `id` field available in some table
  350. *
  351. * @param string $tablename
  352. * @return int
  353. */
  354. function simple_get_lastid($tablename) {
  355. $tablename = mysql_real_escape_string($tablename);
  356. $query = "SELECT `id` from `" . $tablename . "` ORDER BY `id` DESC LIMIT 1";
  357. $result = simple_query($query);
  358. return ($result['id']);
  359. }
  360. /**
  361. * Just executing single query
  362. *
  363. * @global int $query_counter
  364. * @param string $query
  365. * @return mixed
  366. */
  367. function nr_query($query) {
  368. global $query_counter;
  369. if (DEBUG) {
  370. print ($query . "\n");
  371. }
  372. $queried = mysql_query($query) or die('wrong data input: ' . $query);
  373. $query_counter++;
  374. return($queried);
  375. }
  376. //creating mysql connection object instance
  377. $db = new MySQLDB();
  378. }
  379. /**
  380. * Returns cutted down data entry
  381. * Available modes:
  382. * 1 - digits, letters
  383. * 2 - only letters
  384. * 3 - only digits
  385. * 4 - digits, letters, "-", "_", "."
  386. * 5 - current lang alphabet + digits + punctuation
  387. * default - filter only blacklist chars
  388. *
  389. * @param string $data
  390. * @param int $mode
  391. * @return string
  392. */
  393. function vf($data, $mode = 0) {
  394. switch ($mode) {
  395. case 1:
  396. return preg_replace("#[^a-z0-9A-Z]#Uis", '', $data); // digits, letters
  397. break;
  398. case 2:
  399. return preg_replace("#[^a-zA-Z]#Uis", '', $data); // letters
  400. break;
  401. case 3:
  402. return preg_replace("#[^0-9]#Uis", '', $data); // digits
  403. break;
  404. case 4:
  405. return preg_replace("#[^a-z0-9A-Z\-_\.]#Uis", '', $data); // digits, letters, "-", "_", "."
  406. break;
  407. case 5:
  408. return preg_replace("#[^ [:punct:]" . ('a-zA-Z') . "0-9]#Uis", '', $data); // current lang alphabet + digits + punctuation
  409. break;
  410. default:
  411. return preg_replace("#[~@\+\?\%\/\;=\*\>\<\"\'\-]#Uis", '', $data); // black list anyway
  412. break;
  413. }
  414. }
  415. ?>