|
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
class SafeMySQL
|
|
|
|
|
{
|
|
|
|
|
public $lastquery;
|
|
|
|
|
|
|
|
|
|
private $conn;
|
|
|
|
|
private $emode;
|
|
|
|
|
private $exname;
|
|
|
|
|
|
|
|
|
|
private $defaults = array(
|
|
|
|
|
'host' => 'localhost',
|
|
|
|
|
'user' => 'root',
|
|
|
|
|
'pass' => '',
|
|
|
|
|
'db' => 'test',
|
|
|
|
|
'port' => NULL,
|
|
|
|
|
'socket' => NULL,
|
|
|
|
|
'pconnect' => FALSE,
|
|
|
|
|
'charset' => 'utf8',
|
|
|
|
|
'errmode' => 'error', //or exception
|
|
|
|
|
'exception' => 'Exception', //Exception class name
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
const RESULT_ASSOC = MYSQLI_ASSOC;
|
|
|
|
|
const RESULT_NUM = MYSQLI_NUM;
|
|
|
|
|
|
|
|
|
|
function __construct($opt = array())
|
|
|
|
|
{
|
|
|
|
|
$opt = array_merge($this->defaults,$opt);
|
|
|
|
|
|
|
|
|
|
$this->emode = $opt['errmode'];
|
|
|
|
|
$this->exname = $opt['exception'];
|
|
|
|
|
|
|
|
|
|
if ($opt['pconnect'])
|
|
|
|
|
{
|
|
|
|
|
$opt['host'] = "p:".$opt['host'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@$this->conn = mysqli_connect($opt['host'], $opt['user'], $opt['pass'], $opt['db'], $opt['port'], $opt['socket']);
|
|
|
|
|
if ( !$this->conn )
|
|
|
|
|
{
|
|
|
|
|
$this->error(mysqli_connect_errno()." ".mysqli_connect_error());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mysqli_set_charset($this->conn, $opt['charset']) or $this->error(mysqli_error($this->conn));
|
|
|
|
|
unset($opt); // I am paranoid
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function query()
|
|
|
|
|
{
|
|
|
|
|
return $this->rawQuery($this->prepareQuery(func_get_args()));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function fetch($result,$mode=self::RESULT_ASSOC)
|
|
|
|
|
{
|
|
|
|
|
return mysqli_fetch_array($result, $mode);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function affected_rows()
|
|
|
|
|
{
|
|
|
|
|
return mysqli_affected_rows ($this->conn);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function insert_id()
|
|
|
|
|
{
|
|
|
|
|
return mysqli_insert_id($this->conn);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function num_rows($result)
|
|
|
|
|
{
|
|
|
|
|
return mysqli_num_rows($result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function free($result)
|
|
|
|
|
{
|
|
|
|
|
mysqli_free_result($result);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getOne()
|
|
|
|
|
{
|
|
|
|
|
$query = $this->prepareQuery(func_get_args());
|
|
|
|
|
if ($res = $this->rawQuery($query))
|
|
|
|
|
{
|
|
|
|
|
$row = $this->fetch($res);
|
|
|
|
|
if (is_array($row)) {
|
|
|
|
|
return reset($row);
|
|
|
|
|
}
|
|
|
|
|
$this->free($res);
|
|
|
|
|
}
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getRow()
|
|
|
|
|
{
|
|
|
|
|
$query = $this->prepareQuery(func_get_args());
|
|
|
|
|
if ($res = $this->rawQuery($query)) {
|
|
|
|
|
$ret = $this->fetch($res);
|
|
|
|
|
$this->free($res);
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getCol()
|
|
|
|
|
{
|
|
|
|
|
$ret = array();
|
|
|
|
|
$query = $this->prepareQuery(func_get_args());
|
|
|
|
|
if ( $res = $this->rawQuery($query) )
|
|
|
|
|
{
|
|
|
|
|
while($row = $this->fetch($res))
|
|
|
|
|
{
|
|
|
|
|
$ret[] = reset($row);
|
|
|
|
|
}
|
|
|
|
|
$this->free($res);
|
|
|
|
|
}
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getAll()
|
|
|
|
|
{
|
|
|
|
|
$ret = array();
|
|
|
|
|
$query = $this->prepareQuery(func_get_args());
|
|
|
|
|
if ( $res = $this->rawQuery($query) )
|
|
|
|
|
{
|
|
|
|
|
while($row = $this->fetch($res))
|
|
|
|
|
{
|
|
|
|
|
$ret[] = $row;
|
|
|
|
|
}
|
|
|
|
|
$this->free($res);
|
|
|
|
|
}
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getInd()
|
|
|
|
|
{
|
|
|
|
|
$args = func_get_args();
|
|
|
|
|
$index = array_shift($args);
|
|
|
|
|
$query = $this->prepareQuery($args);
|
|
|
|
|
|
|
|
|
|
$ret = array();
|
|
|
|
|
if ( $res = $this->rawQuery($query) )
|
|
|
|
|
{
|
|
|
|
|
while($row = $this->fetch($res))
|
|
|
|
|
{
|
|
|
|
|
$ret[$row[$index]] = $row;
|
|
|
|
|
}
|
|
|
|
|
$this->free($res);
|
|
|
|
|
}
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getIndCol()
|
|
|
|
|
{
|
|
|
|
|
$args = func_get_args();
|
|
|
|
|
$index = array_shift($args);
|
|
|
|
|
$query = $this->prepareQuery($args);
|
|
|
|
|
|
|
|
|
|
$ret = array();
|
|
|
|
|
if ( $res = $this->rawQuery($query) )
|
|
|
|
|
{
|
|
|
|
|
while($row = $res->fetch($res))
|
|
|
|
|
{
|
|
|
|
|
$key = $row[$index];
|
|
|
|
|
unset($row[$index]);
|
|
|
|
|
$ret[$key] = reset($row);
|
|
|
|
|
}
|
|
|
|
|
$this->free($res);
|
|
|
|
|
}
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function parse()
|
|
|
|
|
{
|
|
|
|
|
return $this->prepareQuery(func_get_args());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function whiteList($input,$allowed,$strict=FALSE)
|
|
|
|
|
{
|
|
|
|
|
$found = array_search($input);
|
|
|
|
|
if ($strict && ($found === FALSE))
|
|
|
|
|
{
|
|
|
|
|
return FALSE;
|
|
|
|
|
} else {
|
|
|
|
|
return $allowed[$found];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function filterArray($input,$allowed)
|
|
|
|
|
{
|
|
|
|
|
foreach(array_keys($input) as $key )
|
|
|
|
|
{
|
|
|
|
|
if ( !in_array($key,$allowed) )
|
|
|
|
|
{
|
|
|
|
|
unset($input[$key]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $input;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function rawQuery($query)
|
|
|
|
|
{
|
|
|
|
|
$this->lastquery = $query;
|
|
|
|
|
$res = mysqli_query($this->conn, $query) or $this->error(mysqli_error($this->conn).". Full query: [$query]");
|
|
|
|
|
return $res;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function prepareQuery($args)
|
|
|
|
|
{
|
|
|
|
|
$raw = $query = array_shift($args);
|
|
|
|
|
preg_match_all('~(\?[a-z?])~',$query,$m,PREG_OFFSET_CAPTURE);
|
|
|
|
|
$pholders = $m[1];
|
|
|
|
|
$count = 0;
|
|
|
|
|
foreach ($pholders as $i => $p)
|
|
|
|
|
{
|
|
|
|
|
if ($p[0] != '??')
|
|
|
|
|
{
|
|
|
|
|
$count++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if ( $count != count($args) )
|
|
|
|
|
{
|
|
|
|
|
$this->error("Number of args (".count($args).") doesn't match number of placeholders ($count) in [$raw]");
|
|
|
|
|
}
|
|
|
|
|
$shift = 0;
|
|
|
|
|
$qmarks = 0;
|
|
|
|
|
foreach ($pholders as $i => $p)
|
|
|
|
|
{
|
|
|
|
|
$pholder = $p[0];
|
|
|
|
|
$offset = $p[1] + $shift;
|
|
|
|
|
if ($pholder != '??')
|
|
|
|
|
{
|
|
|
|
|
$value = $args[$i-$qmarks];
|
|
|
|
|
}
|
|
|
|
|
switch ($pholder)
|
|
|
|
|
{
|
|
|
|
|
case '?n':
|
|
|
|
|
$value = $this->escapeIdent($value);
|
|
|
|
|
break;
|
|
|
|
|
case '?s':
|
|
|
|
|
$value = $this->escapeString($value);
|
|
|
|
|
break;
|
|
|
|
|
case '?i':
|
|
|
|
|
$value = $this->escapeInt($value);
|
|
|
|
|
break;
|
|
|
|
|
case '?a':
|
|
|
|
|
$value = $this->createIN($value);
|
|
|
|
|
break;
|
|
|
|
|
case '?u':
|
|
|
|
|
$value = $this->createSET($value);
|
|
|
|
|
break;
|
|
|
|
|
case '??':
|
|
|
|
|
$value = '?';
|
|
|
|
|
$qmarks++;
|
|
|
|
|
break;
|
|
|
|
|
case '?p':
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
$this->error("Unknown placeholder type ($pholder) in [$raw]");
|
|
|
|
|
}
|
|
|
|
|
$query = substr_replace($query,$value,$offset,2);
|
|
|
|
|
$shift+= strlen($value) - strlen($pholder);
|
|
|
|
|
}
|
|
|
|
|
return $query;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function escapeInt($value)
|
|
|
|
|
{
|
|
|
|
|
if (is_float($value))
|
|
|
|
|
{
|
|
|
|
|
return number_format($value, 0, '.', ''); // may lose precision on big numbers
|
|
|
|
|
}
|
|
|
|
|
elseif(is_numeric($value))
|
|
|
|
|
{
|
|
|
|
|
return (string)$value;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$this->error("Invalid value for ?i (int) placeholder: [$value](".gettype($value).")");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function escapeString($value)
|
|
|
|
|
{
|
|
|
|
|
return "'".mysqli_real_escape_string($this->conn,$value)."'";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function escapeIdent($value)
|
|
|
|
|
{
|
|
|
|
|
if ($value)
|
|
|
|
|
{
|
|
|
|
|
return "`".str_replace("`","``",$value)."`";
|
|
|
|
|
} else {
|
|
|
|
|
$this->error("Empty value for ?n (identifier) placeholder.");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function createIN($data)
|
|
|
|
|
{
|
|
|
|
|
if (!is_array($data))
|
|
|
|
|
{
|
|
|
|
|
$this->error("Value for ?a (IN) placeholder should be array.");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (!$data)
|
|
|
|
|
{
|
|
|
|
|
return 'NULL';
|
|
|
|
|
}
|
|
|
|
|
$query = $comma = '';
|
|
|
|
|
foreach ($data as $key => $value)
|
|
|
|
|
{
|
|
|
|
|
$query .= $comma.$this->escapeString($value);
|
|
|
|
|
$comma = ",";
|
|
|
|
|
}
|
|
|
|
|
return $query;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function createSET($data)
|
|
|
|
|
{
|
|
|
|
|
if (!is_array($data))
|
|
|
|
|
{
|
|
|
|
|
$this->error("Value for ?u (SET) placeholder should be an array. ".gettype($data)." passed instead.");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (!$data)
|
|
|
|
|
{
|
|
|
|
|
$this->error("Empty array for ?u (SET) placeholder.");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
$query = $comma = '';
|
|
|
|
|
foreach ($data as $key => $value)
|
|
|
|
|
{
|
|
|
|
|
$query .= $comma.$this->escapeIdent($key).'='.$this->escapeString($value);
|
|
|
|
|
$comma = ",";
|
|
|
|
|
}
|
|
|
|
|
return $query;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function error($err)
|
|
|
|
|
{
|
|
|
|
|
$err = __CLASS__.": ".$err;
|
|
|
|
|
|
|
|
|
|
if ( $this->emode == 'error' )
|
|
|
|
|
{
|
|
|
|
|
$err .= ". Error initiated in ".$this->caller().", thrown";
|
|
|
|
|
trigger_error($err,E_USER_ERROR);
|
|
|
|
|
} else {
|
|
|
|
|
throw new $this->exname($err);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function caller()
|
|
|
|
|
{
|
|
|
|
|
$trace = debug_backtrace();
|
|
|
|
|
$caller = '';
|
|
|
|
|
foreach ($trace as $t)
|
|
|
|
|
{
|
|
|
|
|
if ( isset($t['class']) && $t['class'] == __CLASS__ )
|
|
|
|
|
{
|
|
|
|
|
$caller = $t['file']." on line ".$t['line'];
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $caller;
|
|
|
|
|
}
|
|
|
|
|
}
|
