1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376
| <?php
/**
* @file
* Database interface code for MySQL database servers.
*/
/**
* @ingroup database
* @{
*/
// Include functions shared between mysql and mysqli.
require_once './includes/database.mysql-common.inc';
/**
* Report database status.
*/
function db_status_report($phase) {
$t = get_t();
$version = db_version();
$form['mysql'] = array(
'title' => $t('MySQL database'),
'value' => ($phase == 'runtime') ? l($version, 'admin/reports/status/sql') : $version,
);
if (version_compare($version, DRUPAL_MINIMUM_MYSQL) < 0) {
$form['mysql']['severity'] = REQUIREMENT_ERROR;
$form['mysql']['description'] = $t('Your MySQL Server is too old. Drupal requires at least MySQL %version.', array('%version' => DRUPAL_MINIMUM_MYSQL));
}
return $form;
}
/**
* Returns the version of the database server currently in use.
*
* @return Database server version
*/
function db_version() {
list($version) = explode('-', mysql_get_server_info());
return $version;
}
/**
* Initialize a database connection.
*/
function db_connect($url) {
$url = parse_url($url);
// Check if MySQL support is present in PHP
if (!function_exists('mysql_connect')) {
_db_error_page('Unable to use the MySQL database because the MySQL extension for PHP is not installed. Check your <code>php.ini</code> to see how you can enable it.');
}
// Decode urlencoded information in the db connection string
$url['user'] = urldecode($url['user']);
// Test if database URL has a password.
$url['pass'] = isset($url['pass']) ? urldecode($url['pass']) : '';
$url['host'] = urldecode($url['host']);
$url['path'] = urldecode($url['path']);
// Allow for non-standard MySQL port.
if (isset($url['port'])) {
$url['host'] = $url['host'] .':'. $url['port'];
}
// - TRUE makes mysql_connect() always open a new link, even if
// mysql_connect() was called before with the same parameters.
// This is important if you are using two databases on the same
// server.
// - 2 means CLIENT_FOUND_ROWS: return the number of found
// (matched) rows, not the number of affected rows.
$connection = @mysql_connect($url['host'], $url['user'], $url['pass'], TRUE, 2);
if (!$connection || !mysql_select_db(substr($url['path'], 1))) {
// Show error screen otherwise
_db_error_page(mysql_error());
}
// Force MySQL to use the UTF-8 character set. Also set the collation, if a
// certain one has been set; otherwise, MySQL defaults to 'utf8_general_ci'
// for UTF-8.
if (!empty($GLOBALS['db_collation'])) {
mysql_query('SET NAMES utf8 COLLATE '. $GLOBALS['db_collation'], $connection);
}
else {
mysql_query('SET NAMES utf8', $connection);
}
return $connection;
}
/**
* Helper function for db_query().
*/
function _db_query($query, $debug = 0) {
global $active_db, $queries, $user;
if (variable_get('dev_query', 0)) {
list($usec, $sec) = explode(' ', microtime());
$timer = (float)$usec + (float)$sec;
// If devel.module query logging is enabled, prepend a comment with the username and calling function
// to the SQL string. This is useful when running mysql's SHOW PROCESSLIST to learn what exact
// code is issueing the slow query.
$bt = debug_backtrace();
// t() may not be available yet so we don't wrap 'Anonymous'.
$name = $user->uid ? $user->name : variable_get('anonymous', 'Anonymous');
// str_replace() to prevent SQL injection via username or anonymous name.
$name = str_replace(array('*', '/'), '', $name);
$query = '/* '. $name .' : '. $bt[2]['function'] .' */ '. $query;
}
$result = mysql_query($query, $active_db);
if (variable_get('dev_query', 0)) {
$query = $bt[2]['function'] ."\n". $query;
list($usec, $sec) = explode(' ', microtime());
$stop = (float)$usec + (float)$sec;
$diff = $stop - $timer;
$queries[] = array($query, $diff);
}
if ($debug) {
print '<p>query: '. $query .'<br />error:'. mysql_error($active_db) .'</p>';
}
if (!mysql_errno($active_db)) {
return $result;
}
else {
// Indicate to drupal_error_handler that this is a database error.
${DB_ERROR} = TRUE;
trigger_error(check_plain(mysql_error($active_db) ."\nquery: ". $query), E_USER_WARNING);
return FALSE;
}
}
/**
* Fetch one result row from the previous query as an object.
*
* @param $result
* A database query result resource, as returned from db_query().
* @return
* An object representing the next row of the result, or FALSE. The attributes
* of this object are the table fields selected by the query.
*/
function db_fetch_object($result) {
if ($result) {
return mysql_fetch_object($result);
}
}
/**
* Fetch one result row from the previous query as an array.
*
* @param $result
* A database query result resource, as returned from db_query().
* @return
* An associative array representing the next row of the result, or FALSE.
* The keys of this object are the names of the table fields selected by the
* query, and the values are the field values for this result row.
*/
function db_fetch_array($result) {
if ($result) {
return mysql_fetch_array($result, MYSQL_ASSOC);
}
}
/**
* Return an individual result field from the previous query.
*
* Only use this function if exactly one field is being selected; otherwise,
* use db_fetch_object() or db_fetch_array().
*
* @param $result
* A database query result resource, as returned from db_query().
*
* @return
* The resulting field or FALSE.
*/
function db_result($result) {
if ($result && mysql_num_rows($result) > 0) {
// The mysql_fetch_row function has an optional second parameter $row
// but that can't be used for compatibility with Oracle, DB2, etc.
$array = mysql_fetch_row($result);
return $array[0];
}
return FALSE;
}
/**
* Determine whether the previous query caused an error.
*/
function db_error() {
global $active_db;
return mysql_errno($active_db);
}
/**
* Determine the number of rows changed by the preceding query.
*/
function db_affected_rows() {
global $active_db;
return mysql_affected_rows($active_db);
}
/**
* Runs a limited-range query in the active database.
*
* Use this as a substitute for db_query() when a subset of the query is to be
* returned.
* User-supplied arguments to the query should be passed in as separate parameters
* so that they can be properly escaped to avoid SQL injection attacks.
*
* @param $query
* A string containing an SQL query.
* @param ...
* A variable number of arguments which are substituted into the query
* using printf() syntax. The query arguments can be enclosed in one
* array instead.
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
* in '') and %%.
*
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
* and TRUE values to decimal 1.
*
* @param $from
* The first result row to return.
* @param $count
* The maximum number of result rows to return.
* @return
* A database query result resource, or FALSE if the query was not executed
* correctly.
*/
function db_query_range($query) {
$args = func_get_args();
$count = array_pop($args);
$from = array_pop($args);
array_shift($args);
$query = db_prefix_tables($query);
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
$args = $args[0];
}
_db_query_callback($args, TRUE);
$query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
$query .= ' LIMIT '. (int)$from .', '. (int)$count;
return _db_query($query);
}
/**
* Runs a SELECT query and stores its results in a temporary table.
*
* Use this as a substitute for db_query() when the results need to be stored
* in a temporary table.
*
* User-supplied arguments to the query should be passed in as separate parameters
* so that they can be properly escaped to avoid SQL injection attacks.
*
* Note that if you need to know how many results were returned, you should do
* a SELECT COUNT(*) on the temporary table afterwards. db_affected_rows() does
* not give consistent result across different database types in this case.
*
* @param $query
* A string containing a normal SELECT SQL query.
* @param ...
* A variable number of arguments which are substituted into the query
* using printf() syntax. The query arguments can be enclosed in one
* array instead.
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
* in '') and %%.
*
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
* and TRUE values to decimal 1.
* @param $table
* The name of the temporary table to select into. This name will not be
* prefixed as there is no risk of collision.
*
* @return
* A database query result resource, or FALSE if the query was not executed
* correctly.
*/
function db_query_temporary($query) {
$args = func_get_args();
$tablename = array_pop($args);
array_shift($args);
$query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query));
if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
$args = $args[0];
}
_db_query_callback($args, TRUE);
$query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
return _db_query($query);
}
/**
* Returns a properly formatted Binary Large OBject value.
*
* @param $data
* Data to encode.
* @return
* Encoded data.
*/
function db_encode_blob($data) {
global $active_db;
return "'". mysql_real_escape_string($data, $active_db) ."'";
}
/**
* Returns text from a Binary Large Object value.
*
* @param $data
* Data to decode.
* @return
* Decoded data.
*/
function db_decode_blob($data) {
return $data;
}
/**
* Prepare user input for use in a database query, preventing SQL injection attacks.
*/
function db_escape_string($text) {
global $active_db;
return mysql_real_escape_string($text, $active_db);
}
/**
* Lock a table.
*/
function db_lock_table($table) {
db_query('LOCK TABLES {'. db_escape_table($table) .'} WRITE');
}
/**
* Unlock all locked tables.
*/
function db_unlock_tables() {
db_query('UNLOCK TABLES');
}
/**
* Check if a table exists.
*
* @param $table
* The name of the table.
*
* @return
* TRUE if the table exists, and FALSE if the table does not exist.
*/
function db_table_exists($table) {
return (bool) db_fetch_object(db_query("SHOW TABLES LIKE '{". db_escape_table($table) ."}'"));
}
/**
* Check if a column exists in the given table.
*
* @param $table
* The name of the table.
* @param $column
* The name of the column.
*
* @return
* TRUE if the column exists, and FALSE if the column does not exist.
*/
function db_column_exists($table, $column) {
return (bool) db_fetch_object(db_query("SHOW COLUMNS FROM {". db_escape_table($table) ."} LIKE '". db_escape_table($column) ."'"));
}
/**
* @} End of "ingroup database".
*/ |
Partager