. * **/ if (!defined('IN_CODE')) { header('HTTP/1.0 403 Forbidden'); exit("Not allowed to run this file directly."); } class dbstuff { var $querynum = 0; var $querylist = array(); var $querytimes = array(); var $link = ''; var $db = ''; var $duration = 0; var $timer = 0; var $errcallb = 'xmb_mysqli_error'; var $last_id = 0; var $last_rows = 0; /** * Establishes a connection to the MySQL server. * * @param string $dbhost * @param string $dbuser * @param string $dbpw * @param string $dbname * @param bool $pconnect Keep the connection open after the script ends. * @param bool $force_db Generate a fatal error if the $dbname database doesn't exist on the server. * @param bool $new_link Use to connect to a second database on the same server at the same time. */ function connect($dbhost='localhost', $dbuser, $dbpw, $dbname, $pconnect=FALSE, $force_db=FALSE, $new_link=FALSE) { if ($pconnect) { $this->link = mysqli_connect("p:$dbhost", $dbuser, $dbpw, $new_link); } else { $this->link = mysqli_connect($dbhost, $dbuser, $dbpw, $new_link); } if (FALSE === $this->link) { echo '
MySQL encountered the following error: '.cdataOut($error)."(errno = ".$errno.")\n'; } else { echo "
"; if ($sql != '') { echo 'In the following query: '.cdataOut($sql); } echo '
The system has failed to process your request. If you're an administrator, please set the DEBUG flag to true in config.php."; } if (LOG_MYSQL_ERRORS) { $log = "MySQL encountered the following error:\n$error\n(errno = $errno)\n"; if (strlen($sql) > 0) { if (1153 == $errno and strlen($sql) > 16000) { $log .= "In the following query (log truncated):\n" . substr($sql, 0, 16000); } else { $log .= "In the following query:\n$sql"; } } if (!ini_get('log_errors')) { ini_set('log_errors', TRUE); ini_set('error_log', 'error_log'); } error_log($log); } exit; } /** * Can be used to make any expression query-safe, but see next function. * * Example: $db->query('UPDATE a SET b = "'.$db->escape("Hello, my name is $rawinput").'"'); * * @param string $rawstring * @return string */ function escape($rawstring) { set_error_handler($this->errcallb); $return = mysqli_real_escape_string($this->link, $rawstring); restore_error_handler(); return $return; } /** * Preferred for performance when escaping any string variable. * * Note this only works when the raw value can be discarded. * * Example: * $db->escape_fast($rawinput); * $db->query('UPDATE a SET b = "Hello, my name is '.$rawinput.'"'); * * @since 1.9.11.12 * @param string $sql Read/Write Variable */ function escape_fast(&$sql) { set_error_handler($this->errcallb); $sql = mysqli_real_escape_string($this->link, $sql); restore_error_handler(); } function like_escape($rawstring) { set_error_handler($this->errcallb); $search = array('%', '_'); $replace = array('\%', '\_'); return str_replace($search, $replace, $rawstring); } /** * Executes a MySQL Query * * @param string $sql Unique MySQL query (multiple queries are not supported). The query string should not end with a semicolon. * @param bool $panic XMB will die and use dbstuff::panic() in case of any MySQL error unless this param is set to FALSE. * @return mixed Returns a MySQL resource or a bool, depending on the query type and error status. */ function query($sql, $panic = TRUE) { $this->start_timer(); $query = mysqli_query($this->link, $sql); if (FALSE === $query and $panic) { $this->panic($sql); } $this->querytimes[] = $this->stop_timer(); $this->querynum++; if (DEBUG) { if (LOG_MYSQL_ERRORS) { $this->last_id = mysqli_insert_id($this->link); $this->last_rows = mysqli_affected_rows($this->link); $query2 = mysqli_query($this->link, 'SHOW COUNT(*) WARNINGS'); if (($warnings = mysqli_data_seek($query2, 0)) > 0) { if (!ini_get('log_errors')) { ini_set('log_errors', TRUE); ini_set('error_log', 'error_log'); } if (strlen($sql) > 16000) { $output = "MySQL generated $warnings warnings in the following query (log truncated):\n" . substr($sql, 0, 16000) . "\n"; } else { $output = "MySQL generated $warnings warnings in the following query:\n$sql\n"; } $query3 = mysqli_query($this->link, 'SHOW WARNINGS'); while ($row = mysqli_fetch_array($query3, MYSQLI_ASSOC)) { $output .= var_export($row, TRUE)."\n"; } error_log($output); mysqli_free_result($query3); } mysqli_free_result($query2); } if (!defined('X_SADMIN') or X_SADMIN) { $this->querylist[] = $sql; } } return $query; } /** * Sends a MySQL query without fetching the result rows. */ function unbuffered_query($sql, $panic = TRUE) { $this->start_timer(); $query = mysqli_real_query($this->link, $sql); if (FALSE === $query and $panic) { $this->panic($sql); } $this->querynum++; if (DEBUG and (!defined('X_SADMIN') or X_SADMIN)) { $this->querylist[] = $sql; } $this->querytimes[] = $this->stop_timer(); return $query; } function fetch_tables($dbname = NULL) { if ($dbname == NULL) { $dbname = $this->db; } $this->select_db($dbname); $q = $this->query("SHOW TABLES"); while($table = $this->fetch_array($q, MYSQLI_NUM)) { $array[] = $table[0]; } return $array; } /** * Replaces result * * You cannot use mysql_result() as of PHP 7 * This function replaces that function. * By Xian */ function result($res,$row=0,$col=0) { $numrows = mysqli_num_rows($res); if ($numrows && $row <= ($numrows-1) && $row >=0) { mysqli_data_seek($res,$row); $resrow = (is_numeric($col)) ? mysqli_fetch_row($res) : mysqli_fetch_assoc($res); if (isset($resrow[$col])){ return $resrow[$col]; } } return false; } function num_rows($query) { set_error_handler($this->errcallb); $query = mysqli_num_rows($query); restore_error_handler(); return $query; } function num_fields($query) { set_error_handler($this->errcallb); $return = mysqli_num_fields($query); restore_error_handler(); return $return; } function insert_id() { if (DEBUG and LOG_MYSQL_ERRORS) { $id = $this->last_id; } else { set_error_handler($this->errcallb); $id = mysqli_insert_id($this->link); restore_error_handler(); } return $id; } function fetch_row($query) { set_error_handler($this->errcallb); $query = mysqli_fetch_row($query); restore_error_handler(); return $query; } function data_seek($query, $row) { set_error_handler($this->errcallb); $return = mysqli_data_seek($query, $row); restore_error_handler(); return $return; } function affected_rows() { if (DEBUG and LOG_MYSQL_ERRORS) { $return = $this->last_rows; } else { set_error_handler($this->errcallb); $return = mysqli_affected_rows($this->link); restore_error_handler(); } return $return; } function time($time=NULL) { if ($time === NULL) { $time = time(); } return "LPAD('".$time."', '15', '0')"; } function start_timer() { $mtime = explode(" ", microtime()); $this->timer = $mtime[1] + $mtime[0]; return true; } function stop_timer() { $mtime = explode(" ", microtime()); $endtime = $mtime[1] + $mtime[0]; $taken = ($endtime - $this->timer); $this->duration += $taken; $this->timer = 0; return $taken; } /** * Retrieve the MySQL server version number. * * @return string */ function server_version(){ return mysqli_get_server_info($this->link); } } /** * Replaces mysql_result * * You cannot use mysql_result() as of PHP 7 * This function replaces that function. * By Xian */ function mysqli_result($res,$row=0,$col=0){ $numrows = mysqli_num_rows($res); if ($numrows && $row <= ($numrows-1) && $row >=0){ mysqli_data_seek($res,$row); $resrow = (is_numeric($col)) ? mysqli_fetch_row($res) : mysqli_fetch_assoc($res); if (isset($resrow[$col])){ return $resrow[$col]; } } return false; } /** * Proper error reporting for abstracted mysqli_* function calls. * * @param int $errno * @param string $errstr * @author Robert Chapin (miqrogroove) */ function xmb_mysqli_error($errno, $errstr) { $output = ''; { $trace = debug_backtrace(); if (isset($trace[2]['function'])) { // Catch MySQL error $depth = 2; } else { // Catch syntax error $depth = 1; } $functionname = $trace[$depth]['function']; $filename = $trace[$depth]['file']; $linenum = $trace[$depth]['line']; $output = "MySQL encountered the following error: $errstr in \$db->{$functionname}() called by {$filename} on line {$linenum}"; unset($trace, $functionname, $filename, $linenum); } if (!headers_sent()) { header('HTTP/1.0 500 Internal Server Error'); } if (DEBUG And (!defined('X_SADMIN') Or X_SADMIN)) { require_once(ROOT.'include/validate.inc.php'); echo "
".cdataOut($output).""; } else { echo "
The system has failed to process your request. If you're an administrator, please set the DEBUG flag to true in config.php."; } if (LOG_MYSQL_ERRORS) { if (!ini_get('log_errors')) { ini_set('log_errors', TRUE); ini_set('error_log', 'error_log'); } error_log($output); } exit; } ?>