279 lines
6.4 KiB
PHP
279 lines
6.4 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Database class, Db.php
|
|
* Database management
|
|
* @category classes
|
|
*
|
|
* @author PrestaShop <support@prestashop.com>
|
|
* @copyright PrestaShop
|
|
* @license http://www.opensource.org/licenses/osl-3.0.php Open-source licence 3.0
|
|
* @version 1.3
|
|
*
|
|
*/
|
|
|
|
if (file_exists(dirname(__FILE__).'/../config/settings.inc.php'))
|
|
include_once(dirname(__FILE__).'/../config/settings.inc.php');
|
|
include_once(dirname(__FILE__).'/../classes/MySQL.php');
|
|
|
|
abstract class Db
|
|
{
|
|
/** @var string Server (eg. localhost) */
|
|
protected $_server;
|
|
|
|
/** @var string Database user (eg. root) */
|
|
protected $_user;
|
|
|
|
/** @var string Database password (eg. can be empty !) */
|
|
protected $_password;
|
|
|
|
/** @var string Database type (MySQL, PgSQL) */
|
|
protected $_type;
|
|
|
|
/** @var string Database name */
|
|
protected $_database;
|
|
|
|
/** @var mixed Ressource link */
|
|
protected $_link;
|
|
|
|
/** @var mixed SQL cached result */
|
|
protected $_result;
|
|
|
|
/** @var mixed ? */
|
|
protected static $_db;
|
|
|
|
/** @var mixed Object instance for singleton */
|
|
private static $_instance;
|
|
|
|
/**
|
|
* Get Db object instance (Singleton)
|
|
*
|
|
* @return object Db instance
|
|
*/
|
|
public static function getInstance()
|
|
{
|
|
if(!isset(self::$_instance))
|
|
self::$_instance = new MySQL();
|
|
return self::$_instance;
|
|
}
|
|
|
|
public function __destruct()
|
|
{
|
|
$this->disconnect();
|
|
}
|
|
|
|
/**
|
|
* Build a Db object
|
|
*/
|
|
public function __construct()
|
|
{
|
|
$this->_server = _DB_SERVER_;
|
|
$this->_user = _DB_USER_;
|
|
$this->_password = _DB_PASSWD_;
|
|
$this->_type = _DB_TYPE_;
|
|
$this->_database = _DB_NAME_;
|
|
$this->connect();
|
|
}
|
|
|
|
/**
|
|
* Filter SQL query within a blacklist
|
|
*
|
|
* @param string $table Table where insert/update data
|
|
* @param string $values Data to insert/update
|
|
* @param string $type INSERT or UPDATE
|
|
* @param string $where WHERE clause, only for UPDATE (optional)
|
|
* @param string $limit LIMIT clause (optional)
|
|
* @return mixed|boolean SQL query result
|
|
*/
|
|
public function autoExecute($table, $values, $type, $where = false, $limit = false)
|
|
{
|
|
if (!sizeof($values))
|
|
return true;
|
|
|
|
if (strtoupper($type) == 'INSERT')
|
|
{
|
|
$query = 'INSERT INTO `'.$table.'` (';
|
|
foreach ($values AS $key => $value)
|
|
$query .= '`'.$key.'`,';
|
|
$query = rtrim($query, ',').') VALUES (';
|
|
foreach ($values AS $key => $value)
|
|
$query .= '\''.$value.'\',';
|
|
$query = rtrim($query, ',').')';
|
|
if ($limit)
|
|
$query .= ' LIMIT '.intval($limit);
|
|
return $this->q($query);
|
|
}
|
|
elseif (strtoupper($type) == 'UPDATE')
|
|
{
|
|
$query = 'UPDATE `'.$table.'` SET ';
|
|
foreach ($values AS $key => $value)
|
|
$query .= '`'.$key.'` = \''.$value.'\',';
|
|
$query = rtrim($query, ',');
|
|
if ($where)
|
|
$query .= ' WHERE '.$where;
|
|
if ($limit)
|
|
$query .= ' LIMIT '.intval($limit);
|
|
return $this->q($query);
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
|
|
/**
|
|
* Filter SQL query within a blacklist
|
|
*
|
|
* @param string $table Table where insert/update data
|
|
* @param string $values Data to insert/update
|
|
* @param string $type INSERT or UPDATE
|
|
* @param string $where WHERE clause, only for UPDATE (optional)
|
|
* @param string $limit LIMIT clause (optional)
|
|
* @return mixed|boolean SQL query result
|
|
*/
|
|
public function autoExecuteWithNullValues($table, $values, $type, $where = false, $limit = false)
|
|
{
|
|
if (!sizeof($values))
|
|
return true;
|
|
|
|
if (strtoupper($type) == 'INSERT')
|
|
{
|
|
$query = 'INSERT INTO `'.$table.'` (';
|
|
foreach ($values AS $key => $value)
|
|
$query .= '`'.$key.'`,';
|
|
$query = rtrim($query, ',').') VALUES (';
|
|
foreach ($values AS $key => $value)
|
|
$query .= (($value === '' OR $value === NULL) ? 'NULL' : '\''.$value.'\'').',';
|
|
$query = rtrim($query, ',').')';
|
|
if ($limit)
|
|
$query .= ' LIMIT '.intval($limit);
|
|
return $this->q($query);
|
|
}
|
|
elseif (strtoupper($type) == 'UPDATE')
|
|
{
|
|
$query = 'UPDATE `'.$table.'` SET ';
|
|
foreach ($values AS $key => $value)
|
|
$query .= '`'.$key.'` = '.(($value === '' OR $value === NULL) ? 'NULL' : '\''.$value.'\'').',';
|
|
$query = rtrim($query, ',');
|
|
if ($where)
|
|
$query .= ' WHERE '.$where;
|
|
if ($limit)
|
|
$query .= ' LIMIT '.intval($limit);
|
|
return $this->q($query);
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/*********************************************************
|
|
* ABSTRACT METHODS
|
|
*********************************************************/
|
|
|
|
/**
|
|
* Open a connection
|
|
*/
|
|
abstract public function connect();
|
|
|
|
/**
|
|
* Get the ID generated from the previous INSERT operation
|
|
*/
|
|
abstract public function Insert_ID();
|
|
|
|
/**
|
|
* Get number of affected rows in previous databse operation
|
|
*/
|
|
abstract public function Affected_Rows();
|
|
|
|
/**
|
|
* Gets the number of rows in a result
|
|
*/
|
|
abstract public function NumRows();
|
|
|
|
/**
|
|
* Delete
|
|
*/
|
|
abstract public function delete ($table, $where = false, $limit = false);
|
|
/**
|
|
* Fetches a row from a result set
|
|
*/
|
|
abstract public function Execute ($query);
|
|
|
|
/**
|
|
* Fetches an array containing all of the rows from a result set
|
|
*/
|
|
abstract public function ExecuteS($query, $array = true);
|
|
|
|
/*
|
|
* Get next row for a query which doesn't return an array
|
|
*/
|
|
abstract public function nextRow($result = false);
|
|
|
|
/**
|
|
* Alias of Db::getInstance()->ExecuteS
|
|
*
|
|
* @acces string query The query to execute
|
|
* @return array Array of line returned by MySQL
|
|
*/
|
|
static public function s($query)
|
|
{
|
|
return Db::getInstance()->ExecuteS($query);
|
|
}
|
|
|
|
static public function ps($query)
|
|
{
|
|
$ret = Db::s($query);
|
|
p($ret);
|
|
return $ret;
|
|
}
|
|
|
|
static public function ds($query)
|
|
{
|
|
Db::s($query);
|
|
die();
|
|
}
|
|
|
|
/**
|
|
* Get Row and get value
|
|
*/
|
|
abstract public function getRow($query);
|
|
abstract public function getValue($query);
|
|
|
|
/**
|
|
* Returns the text of the error message from previous database operation
|
|
*/
|
|
abstract public function getMsgError();
|
|
}
|
|
|
|
/**
|
|
* Sanitize data which will be injected into SQL query
|
|
*
|
|
* @param string $string SQL data which will be injected into SQL query
|
|
* @param boolean $htmlOK Does data contain HTML code ? (optional)
|
|
* @return string Sanitized data
|
|
*/
|
|
function pSQL($string, $htmlOK = false)
|
|
{
|
|
if (_PS_MAGIC_QUOTES_GPC_)
|
|
$string = stripslashes($string);
|
|
if (!is_numeric($string))
|
|
{
|
|
$string = _PS_MYSQL_REAL_ESCAPE_STRING_ ? mysql_real_escape_string($string) : addslashes($string);
|
|
if (!$htmlOK)
|
|
$string = strip_tags(nl2br2($string));
|
|
}
|
|
|
|
return $string;
|
|
}
|
|
|
|
/**
|
|
* Convert \n to <br />
|
|
*
|
|
* @param string $string String to transform
|
|
* @return string New string
|
|
*/
|
|
function nl2br2($string)
|
|
{
|
|
return str_replace(array("\r\n", "\r", "\n"), '<br />', $string);
|
|
}
|
|
|
|
?>
|