From 07516c318c07c06acf51ed0c0795c08dfc2cbebd Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 5 Mar 2017 21:56:50 +0000 Subject: [PATCH 1/5] We now support PDO for database connections as well --- include/dba.php | 321 ++++++++++++++++++++++++++++---------------- include/uimport.php | 9 +- 2 files changed, 205 insertions(+), 125 deletions(-) diff --git a/include/dba.php b/include/dba.php index 8e2d18db60..09d705cbdb 100644 --- a/include/dba.php +++ b/include/dba.php @@ -1,17 +1,5 @@ error = sprintf( t('Cannot locate DNS info for database server \'%s\''), $server); + $this->error = sprintf(t('Cannot locate DNS info for database server \'%s\''), $server); $this->connected = false; $this->db = null; return; @@ -61,37 +48,49 @@ class dba { } } - if (class_exists('mysqli')) { + if (class_exists('\PDO') && in_array('mysql', PDO::getAvailableDrivers())) { + $this->driver = 'pdo'; + $connect = "mysql:host=".$server.";dbname=".$db; + if (isset($a->config["system"]["db_charset"])) { + $connect .= ";charset=".$a->config["system"]["db_charset"]; + } + $this->db = @new PDO($connect, $user, $pass); + if (!$this->db->errorCode()) { + $this->connected = true; + } + } elseif (class_exists('mysqli')) { + $this->driver = 'mysqli'; $this->db = @new mysqli($server,$user,$pass,$db); - if (! mysqli_connect_errno()) { + if (!mysqli_connect_errno()) { $this->connected = true; } if (isset($a->config["system"]["db_charset"])) { $this->db->set_charset($a->config["system"]["db_charset"]); } - } else { - $this->mysqli = false; + } elseif (function_exists('mysql_connect')) { + $this->driver = 'mysql'; $this->db = mysql_connect($server,$user,$pass); if ($this->db && mysql_select_db($db,$this->db)) { $this->connected = true; } if (isset($a->config["system"]["db_charset"])) mysql_set_charset($a->config["system"]["db_charset"], $this->db); + } else { + // No suitable SQL driver was found. + if (!$install) { + system_unavailable(); + } } + if (!$this->connected) { $this->db = null; if (!$install) { system_unavailable(); } } - $a->save_timestamp($stamp1, "network"); } - public function getdb() { - return $this->db; - } - /** * @brief Returns the MySQL server version string * @@ -101,12 +100,18 @@ class dba { * @return string */ public function server_info() { - if ($this->mysqli) { - $return = $this->db->server_info; - } else { - $return = mysql_get_server_info($this->db); + switch ($this->driver) { + case 'pdo': + $version = $this->db->getAttribute(PDO::ATTR_SERVER_VERSION); + break; + case 'mysqli': + $version = $this->db->server_info; + break; + case 'mysql': + $version = mysql_get_server_info($this->db); + break; } - return $return; + return $version; } /** @@ -130,12 +135,18 @@ class dba { return 0; } - if ($this->mysqli) { - $return = $this->result->num_rows; - } else { - $return = mysql_num_rows($this->result); + switch ($this->driver) { + case 'pdo': + $rows = $this->result->rowCount(); + break; + case 'mysqli': + $rows = $this->result->num_rows; + break; + case 'mysql': + $rows = mysql_num_rows($this->result); + break; } - return $return; + return $rows; } /** @@ -172,8 +183,9 @@ class dba { if ((intval($a->config["system"]["db_loglimit_index"]) > 0)) { $log = (in_array($row['key'], $watchlist) AND ($row['rows'] >= intval($a->config["system"]["db_loglimit_index"]))); - } else + } else { $log = false; + } if ((intval($a->config["system"]["db_loglimit_index_high"]) > 0) AND ($row['rows'] >= intval($a->config["system"]["db_loglimit_index_high"]))) { $log = true; @@ -204,11 +216,19 @@ class dba { $this->error = ''; // Check the connection (This can reconnect the connection - if configured) - if ($this->mysqli) { - $connected = $this->db->ping(); - } else { - $connected = mysql_ping($this->db); + switch ($this->driver) { + case 'pdo': + // Not sure if this really is working like expected + $connected = ($this->db->getAttribute(PDO::ATTR_CONNECTION_STATUS) != ""); + break; + case 'mysqli': + $connected = $this->db->ping(); + break; + case 'mysql': + $connected = mysql_ping($this->db); + break; } + $connstr = ($connected ? "Connected" : "Disonnected"); $stamp1 = microtime(true); @@ -219,10 +239,16 @@ class dba { $sql = "/*".$a->callstack()." */ ".$sql; } - if ($this->mysqli) { - $result = @$this->db->query($sql); - } else { - $result = @mysql_query($sql,$this->db); + switch ($this->driver) { + case 'pdo': + $result = @$this->db->query($sql); + break; + case 'mysqli': + $result = @$this->db->query($sql); + break; + case 'mysql': + $result = @mysql_query($sql,$this->db); + break; } $stamp2 = microtime(true); $duration = (float)($stamp2-$stamp1); @@ -243,16 +269,27 @@ class dba { } } - if ($this->mysqli) { - if ($this->db->errno) { - $this->error = $this->db->error; - $this->errorno = $this->db->errno; - } - } elseif (mysql_errno($this->db)) { - $this->error = mysql_error($this->db); - $this->errorno = mysql_errno($this->db); + switch ($this->driver) { + case 'pdo': + $errorInfo = $this->db->errorInfo(); + if ($errorInfo) { + $this->error = $errorInfo[2]; + $this->errorno = $errorInfo[1]; + } + break; + case 'mysqli': + if ($this->db->errno) { + $this->error = $this->db->error; + $this->errorno = $this->db->errno; + } + break; + case 'mysql': + if (mysql_errno($this->db)) { + $this->error = mysql_error($this->db); + $this->errorno = mysql_errno($this->db); + } + break; } - if (strlen($this->error)) { logger('DB Error ('.$connstr.') '.$this->errorno.': '.$this->error); } @@ -266,10 +303,16 @@ class dba { } elseif ($result === true) { $mesg = 'true'; } else { - if ($this->mysqli) { - $mesg = $result->num_rows . ' results' . EOL; - } else { - $mesg = mysql_num_rows($result) . ' results' . EOL; + switch ($this->driver) { + case 'pdo': + $mesg = $result->rowCount().' results'.EOL; + break; + case 'mysqli': + $mesg = $result->num_rows.' results'.EOL; + break; + case 'mysql': + $mesg = mysql_num_rows($result).' results'.EOL; + break; } } @@ -302,18 +345,28 @@ class dba { } $r = array(); - if ($this->mysqli) { - if ($result->num_rows) { - while($x = $result->fetch_array(MYSQLI_ASSOC)) - $r[] = $x; - $result->free_result(); - } - } else { - if (mysql_num_rows($result)) { - while($x = mysql_fetch_array($result, MYSQL_ASSOC)) - $r[] = $x; - mysql_free_result($result); - } + switch ($this->driver) { + case 'pdo': + if ($result->rowCount()) { + while($x = $result->fetch(PDO::FETCH_ASSOC)) + $r[] = $x; + $result->closeCursor(); + } + break; + case 'mysqli': + if ($result->num_rows) { + while($x = $result->fetch_array(MYSQLI_ASSOC)) + $r[] = $x; + $result->free_result(); + } + break; + case 'mysql': + if (mysql_num_rows($result)) { + while($x = mysql_fetch_array($result, MYSQL_ASSOC)) + $r[] = $x; + mysql_free_result($result); + } + break; } //$a->save_timestamp($stamp1, "database"); @@ -328,12 +381,22 @@ class dba { $x = false; if ($this->result) { - if ($this->mysqli) { - if ($this->result->num_rows) - $x = $this->result->fetch_array(MYSQLI_ASSOC); - } else { - if (mysql_num_rows($this->result)) - $x = mysql_fetch_array($this->result, MYSQL_ASSOC); + switch ($this->driver) { + case 'pdo': + if ($this->result->rowCount()) { + $x = $this->result->fetch(PDO::FETCH_ASSOC); + } + break; + case 'mysqli': + if ($this->result->num_rows) { + $x = $this->result->fetch_array(MYSQLI_ASSOC); + } + break; + case 'mysql': + if (mysql_num_rows($this->result)) { + $x = mysql_fetch_array($this->result, MYSQL_ASSOC); + } + break; } } return($x); @@ -341,10 +404,16 @@ class dba { public function qclose() { if ($this->result) { - if ($this->mysqli) { - $this->result->free_result(); - } else { - mysql_free_result($this->result); + switch ($this->driver) { + case 'pdo': + $this->result->closeCursor(); + break; + case 'mysqli': + $this->result->free_result(); + break; + case 'mysql': + mysql_free_result($this->result); + break; } } } @@ -355,35 +424,65 @@ class dba { public function escape($str) { if ($this->db && $this->connected) { - if ($this->mysqli) { - return @$this->db->real_escape_string($str); - } else { - return @mysql_real_escape_string($str,$this->db); + switch ($this->driver) { + case 'pdo': + return substr(@$this->db->quote($str, PDO::PARAM_STR), 1, -1); + case 'mysqli': + return @$this->db->real_escape_string($str); + case 'mysql': + return @mysql_real_escape_string($str,$this->db); } } } function connected() { - if ($this->mysqli) { - $connected = $this->db->ping(); - } else { - $connected = mysql_ping($this->db); + switch ($this->driver) { + case 'pdo': + // Not sure if this really is working like expected + $connected = ($this->db->getAttribute(PDO::ATTR_CONNECTION_STATUS) != ""); + break; + case 'mysqli': + $connected = $this->db->ping(); + break; + case 'mysql': + $connected = mysql_ping($this->db); + break; } return $connected; } + function insert_id() { + switch ($this->driver) { + case 'pdo': + $id = $this->db->lastInsertId(); + break; + case 'mysqli': + $id = $this->db->insert_id; + break; + case 'mysql': + $id = mysql_insert_id($this->db); + break; + } + return $id; + } + function __destruct() { if ($this->db) { - if ($this->mysqli) { - $this->db->close(); - } else { - mysql_close($this->db); + switch ($this->driver) { + case 'pdo': + $this->db = null; + break; + case 'mysqli': + $this->db->close(); + break; + case 'mysql': + mysql_close($this->db); + break; } } } -}} +} -if (! function_exists('printable')) { function printable($s) { $s = preg_replace("~([\x01-\x08\x0E-\x0F\x10-\x1F\x7F-\xFF])~",".", $s); $s = str_replace("\x00",'.',$s); @@ -391,37 +490,32 @@ function printable($s) { $s = escape_tags($s); } return $s; -}} +} // Procedural functions -if (! function_exists('dbg')) { function dbg($state) { global $db; + if ($db) { $db->dbg($state); } -}} +} -if (! function_exists('dbesc')) { function dbesc($str) { global $db; + if ($db && $db->connected) { return($db->escape($str)); } else { return(str_replace("'","\\'",$str)); } -}} - - +} // Function: q($sql,$args); // Description: execute SQL query with printf style args. // Example: $r = q("SELECT * FROM `%s` WHERE `uid` = %d", // 'user', 1); - -if (! function_exists('q')) { function q($sql) { - global $db; $args = func_get_args(); unset($args[0]); @@ -445,8 +539,7 @@ function q($sql) { */ logger('dba: no database: ' . print_r($args,true)); return false; - -}} +} /** * @brief Performs a query with "dirty reads" @@ -458,8 +551,8 @@ function q($sql) { * @return array Query array */ function qu($sql) { - global $db; + $args = func_get_args(); unset($args[0]); @@ -484,7 +577,6 @@ function qu($sql) { */ logger('dba: no database: ' . print_r($args,true)); return false; - } /** @@ -492,40 +584,31 @@ function qu($sql) { * Raw db query, no arguments * */ - -if (! function_exists('dbq')) { function dbq($sql) { - global $db; + if ($db && $db->connected) { $ret = $db->q($sql); } else { $ret = false; } return $ret; -}} - +} // Caller is responsible for ensuring that any integer arguments to // dbesc_array are actually integers and not malformed strings containing // SQL injection vectors. All integer array elements should be specifically // cast to int to avoid trouble. - - -if (! function_exists('dbesc_array_cb')) { function dbesc_array_cb(&$item, $key) { if (is_string($item)) $item = dbesc($item); -}} +} - -if (! function_exists('dbesc_array')) { function dbesc_array(&$arr) { if (is_array($arr) && count($arr)) { array_walk($arr,'dbesc_array_cb'); } -}} - +} function dba_timer() { return microtime(true); diff --git a/include/uimport.php b/include/uimport.php index b774d78c6d..0d7ce5d27a 100644 --- a/include/uimport.php +++ b/include/uimport.php @@ -11,14 +11,11 @@ define("IMPORT_DEBUG", False); function last_insert_id() { global $db; + if (IMPORT_DEBUG) return 1; - if ($db->mysqli) { - $thedb = $db->getdb(); - return $thedb->insert_id; - } else { - return mysql_insert_id(); - } + + return $db->insert_id(); } function last_error() { From 2ea50d9c47bad0517513cb39dd5187fbb4ee0be0 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 5 Mar 2017 23:59:53 +0000 Subject: [PATCH 2/5] Emulation for the mysqli behaviour when executing insert, update, ... --- include/dba.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/dba.php b/include/dba.php index 09d705cbdb..000b5b49ec 100644 --- a/include/dba.php +++ b/include/dba.php @@ -334,6 +334,9 @@ class dba { if (file_exists('dbfail.out')) { file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n" . $this->error . "\n", FILE_APPEND); } + } elseif (($this->driver == 'pdo') AND (strtolower(substr($orig_sql, 0, 6)) != "select")) { + // mysqli separates the return value between "select" and "update" - pdo doesn't + $result = true; } if (($result === true) || ($result === false)) { From d686bdcf0905c82780e0c4edd79638dcef67825c Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 6 Mar 2017 10:10:22 +0000 Subject: [PATCH 3/5] Quickfix for SQL commands that should return "true" instead of an empty array --- include/dba.php | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/include/dba.php b/include/dba.php index 000b5b49ec..3742ba7018 100644 --- a/include/dba.php +++ b/include/dba.php @@ -63,18 +63,21 @@ class dba { $this->db = @new mysqli($server,$user,$pass,$db); if (!mysqli_connect_errno()) { $this->connected = true; - } - if (isset($a->config["system"]["db_charset"])) { - $this->db->set_charset($a->config["system"]["db_charset"]); + + if (isset($a->config["system"]["db_charset"])) { + $this->db->set_charset($a->config["system"]["db_charset"]); + } } } elseif (function_exists('mysql_connect')) { $this->driver = 'mysql'; $this->db = mysql_connect($server,$user,$pass); if ($this->db && mysql_select_db($db,$this->db)) { $this->connected = true; + + if (isset($a->config["system"]["db_charset"])) { + mysql_set_charset($a->config["system"]["db_charset"], $this->db); + } } - if (isset($a->config["system"]["db_charset"])) - mysql_set_charset($a->config["system"]["db_charset"], $this->db); } else { // No suitable SQL driver was found. if (!$install) { @@ -334,9 +337,6 @@ class dba { if (file_exists('dbfail.out')) { file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n" . $this->error . "\n", FILE_APPEND); } - } elseif (($this->driver == 'pdo') AND (strtolower(substr($orig_sql, 0, 6)) != "select")) { - // mysqli separates the return value between "select" and "update" - pdo doesn't - $result = true; } if (($result === true) || ($result === false)) { @@ -372,6 +372,11 @@ class dba { break; } + if (($this->driver == 'pdo') AND (strtolower(substr($orig_sql, 0, 6)) != "select") AND (count($r) == 0)) { + // mysqli separates the return value between "select" and "update" - pdo doesn't + $r = true; + } + //$a->save_timestamp($stamp1, "database"); if ($this->debug) { From f09a8609dff388a4344170ae61aea910361bd6a7 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 7 Mar 2017 17:16:17 +0000 Subject: [PATCH 4/5] Better separation between queries with or without result --- include/dba.php | 45 +++++++++++++++++++++------------------------ 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/include/dba.php b/include/dba.php index 3742ba7018..7a1e3a2597 100644 --- a/include/dba.php +++ b/include/dba.php @@ -242,9 +242,13 @@ class dba { $sql = "/*".$a->callstack()." */ ".$sql; } + $columns = 0; + switch ($this->driver) { case 'pdo': $result = @$this->db->query($sql); + // Is used to separate between queries that returning data - or not + $columns = $result->columnCount(); break; case 'mysqli': $result = @$this->db->query($sql); @@ -350,31 +354,30 @@ class dba { $r = array(); switch ($this->driver) { case 'pdo': - if ($result->rowCount()) { - while($x = $result->fetch(PDO::FETCH_ASSOC)) - $r[] = $x; - $result->closeCursor(); + while ($x = $result->fetch(PDO::FETCH_ASSOC)) { + $r[] = $x; } + $result->closeCursor(); break; case 'mysqli': - if ($result->num_rows) { - while($x = $result->fetch_array(MYSQLI_ASSOC)) - $r[] = $x; - $result->free_result(); + while ($x = $result->fetch_array(MYSQLI_ASSOC)) { + $r[] = $x; } + $result->free_result(); break; case 'mysql': - if (mysql_num_rows($result)) { - while($x = mysql_fetch_array($result, MYSQL_ASSOC)) - $r[] = $x; - mysql_free_result($result); + while ($x = mysql_fetch_array($result, MYSQL_ASSOC)) { + $r[] = $x; } + mysql_free_result($result); break; } - if (($this->driver == 'pdo') AND (strtolower(substr($orig_sql, 0, 6)) != "select") AND (count($r) == 0)) { - // mysqli separates the return value between "select" and "update" - pdo doesn't - $r = true; + // PDO doesn't return "true" on successful operations - like mysqli does + // Emulate this behaviour by checking if the query returned data and had columns + // This should be reliable enough + if (($this->driver == 'pdo') AND (count($r) == 0) AND ($columns == 0)) { + return true; } //$a->save_timestamp($stamp1, "database"); @@ -391,19 +394,13 @@ class dba { if ($this->result) { switch ($this->driver) { case 'pdo': - if ($this->result->rowCount()) { - $x = $this->result->fetch(PDO::FETCH_ASSOC); - } + $x = $this->result->fetch(PDO::FETCH_ASSOC); break; case 'mysqli': - if ($this->result->num_rows) { - $x = $this->result->fetch_array(MYSQLI_ASSOC); - } + $x = $this->result->fetch_array(MYSQLI_ASSOC); break; case 'mysql': - if (mysql_num_rows($this->result)) { - $x = mysql_fetch_array($this->result, MYSQL_ASSOC); - } + $x = mysql_fetch_array($this->result, MYSQL_ASSOC); break; } } From acadb8ecdbb4b74b9fdc3d8d913b697f14753938 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 13 Mar 2017 06:09:00 +0000 Subject: [PATCH 5/5] Remove redundancies. --- include/dba.php | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/include/dba.php b/include/dba.php index 7a1e3a2597..4b0498ad3c 100644 --- a/include/dba.php +++ b/include/dba.php @@ -218,21 +218,7 @@ class dba { $this->error = ''; - // Check the connection (This can reconnect the connection - if configured) - switch ($this->driver) { - case 'pdo': - // Not sure if this really is working like expected - $connected = ($this->db->getAttribute(PDO::ATTR_CONNECTION_STATUS) != ""); - break; - case 'mysqli': - $connected = $this->db->ping(); - break; - case 'mysql': - $connected = mysql_ping($this->db); - break; - } - - $connstr = ($connected ? "Connected" : "Disonnected"); + $connstr = ($this->connected() ? "Connected" : "Disonnected"); $stamp1 = microtime(true);