1 | <?php |
---|
2 | |
---|
3 | /** |
---|
4 | * @file |
---|
5 | * Database interface code for MySQL database servers using the mysqli client libraries. mysqli is included in PHP 5 by default and allows developers to use the advanced features of MySQL 4.1.x, 5.0.x and beyond. |
---|
6 | */ |
---|
7 | |
---|
8 | // Maintainers of this file should consult: |
---|
9 | // http://www.php.net/manual/en/ref.mysqli.php |
---|
10 | |
---|
11 | /** |
---|
12 | * @ingroup database |
---|
13 | * @{ |
---|
14 | */ |
---|
15 | |
---|
16 | // Include functions shared between mysql and mysqli. |
---|
17 | require_once './includes/database.mysql-common.inc'; |
---|
18 | |
---|
19 | /** |
---|
20 | * Report database status. |
---|
21 | */ |
---|
22 | function db_status_report($phase) { |
---|
23 | $t = get_t(); |
---|
24 | |
---|
25 | $version = db_version(); |
---|
26 | |
---|
27 | $form['mysql'] = array( |
---|
28 | 'title' => $t('MySQL database'), |
---|
29 | 'value' => ($phase == 'runtime') ? l($version, 'admin/reports/status/sql') : $version, |
---|
30 | ); |
---|
31 | |
---|
32 | if (version_compare($version, DRUPAL_MINIMUM_MYSQL) < 0) { |
---|
33 | $form['mysql']['severity'] = REQUIREMENT_ERROR; |
---|
34 | $form['mysql']['description'] = $t('Your MySQL Server is too old. Drupal requires at least MySQL %version.', array('%version' => DRUPAL_MINIMUM_MYSQL)); |
---|
35 | } |
---|
36 | |
---|
37 | return $form; |
---|
38 | } |
---|
39 | |
---|
40 | /** |
---|
41 | * Returns the version of the database server currently in use. |
---|
42 | * |
---|
43 | * @return Database server version |
---|
44 | */ |
---|
45 | function db_version() { |
---|
46 | global $active_db; |
---|
47 | list($version) = explode('-', mysqli_get_server_info($active_db)); |
---|
48 | return $version; |
---|
49 | } |
---|
50 | |
---|
51 | /** |
---|
52 | * Initialise a database connection. |
---|
53 | * |
---|
54 | * Note that mysqli does not support persistent connections. |
---|
55 | */ |
---|
56 | function db_connect($url) { |
---|
57 | // Check if MySQLi support is present in PHP |
---|
58 | if (!function_exists('mysqli_init') && !extension_loaded('mysqli')) { |
---|
59 | _db_error_page('Unable to use the MySQLi database because the MySQLi extension for PHP is not installed. Check your <code>php.ini</code> to see how you can enable it.'); |
---|
60 | } |
---|
61 | |
---|
62 | $url = parse_url($url); |
---|
63 | |
---|
64 | // Decode url-encoded information in the db connection string |
---|
65 | $url['user'] = urldecode($url['user']); |
---|
66 | // Test if database url has a password. |
---|
67 | $url['pass'] = isset($url['pass']) ? urldecode($url['pass']) : ''; |
---|
68 | $url['host'] = urldecode($url['host']); |
---|
69 | $url['path'] = urldecode($url['path']); |
---|
70 | if (!isset($url['port'])) { |
---|
71 | $url['port'] = NULL; |
---|
72 | } |
---|
73 | |
---|
74 | $connection = mysqli_init(); |
---|
75 | @mysqli_real_connect($connection, $url['host'], $url['user'], $url['pass'], substr($url['path'], 1), $url['port'], NULL, MYSQLI_CLIENT_FOUND_ROWS); |
---|
76 | |
---|
77 | if (mysqli_connect_errno() > 0) { |
---|
78 | _db_error_page(mysqli_connect_error()); |
---|
79 | } |
---|
80 | |
---|
81 | // Force MySQL to use the UTF-8 character set. Also set the collation, if a |
---|
82 | // certain one has been set; otherwise, MySQL defaults to 'utf8_general_ci' |
---|
83 | // for UTF-8. |
---|
84 | if (!empty($GLOBALS['db_collation'])) { |
---|
85 | mysqli_query($connection, 'SET NAMES utf8 COLLATE ' . $GLOBALS['db_collation']); |
---|
86 | } |
---|
87 | else { |
---|
88 | mysqli_query($connection, 'SET NAMES utf8'); |
---|
89 | } |
---|
90 | |
---|
91 | return $connection; |
---|
92 | } |
---|
93 | |
---|
94 | /** |
---|
95 | * Helper function for db_query(). |
---|
96 | */ |
---|
97 | function _db_query($query, $debug = 0) { |
---|
98 | global $active_db, $queries, $user; |
---|
99 | |
---|
100 | if (variable_get('dev_query', 0)) { |
---|
101 | list($usec, $sec) = explode(' ', microtime()); |
---|
102 | $timer = (float)$usec + (float)$sec; |
---|
103 | // If devel.module query logging is enabled, prepend a comment with the username and calling function |
---|
104 | // to the SQL string. This is useful when running mysql's SHOW PROCESSLIST to learn what exact |
---|
105 | // code is issueing the slow query. |
---|
106 | $bt = debug_backtrace(); |
---|
107 | // t() may not be available yet so we don't wrap 'Anonymous' |
---|
108 | $name = $user->uid ? $user->name : variable_get('anonymous', 'Anonymous'); |
---|
109 | // str_replace() to prevent SQL injection via username or anonymous name. |
---|
110 | $name = str_replace(array('*', '/'), '', $name); |
---|
111 | $query = '/* '. $name .' : '. $bt[2]['function'] .' */ '. $query; |
---|
112 | } |
---|
113 | |
---|
114 | $result = mysqli_query($active_db, $query); |
---|
115 | |
---|
116 | if (variable_get('dev_query', 0)) { |
---|
117 | $query = $bt[2]['function'] ."\n". $query; |
---|
118 | list($usec, $sec) = explode(' ', microtime()); |
---|
119 | $stop = (float)$usec + (float)$sec; |
---|
120 | $diff = $stop - $timer; |
---|
121 | $queries[] = array($query, $diff); |
---|
122 | } |
---|
123 | |
---|
124 | if ($debug) { |
---|
125 | print '<p>query: '. $query .'<br />error:'. mysqli_error($active_db) .'</p>'; |
---|
126 | } |
---|
127 | |
---|
128 | if (!mysqli_errno($active_db)) { |
---|
129 | return $result; |
---|
130 | } |
---|
131 | else { |
---|
132 | // Indicate to drupal_error_handler that this is a database error. |
---|
133 | ${DB_ERROR} = TRUE; |
---|
134 | trigger_error(check_plain(mysqli_error($active_db) ."\nquery: ". $query), E_USER_WARNING); |
---|
135 | return FALSE; |
---|
136 | } |
---|
137 | } |
---|
138 | |
---|
139 | /** |
---|
140 | * Fetch one result row from the previous query as an object. |
---|
141 | * |
---|
142 | * @param $result |
---|
143 | * A database query result resource, as returned from db_query(). |
---|
144 | * @return |
---|
145 | * An object representing the next row of the result, or FALSE. The attributes |
---|
146 | * of this object are the table fields selected by the query. |
---|
147 | */ |
---|
148 | function db_fetch_object($result) { |
---|
149 | if ($result) { |
---|
150 | $object = mysqli_fetch_object($result); |
---|
151 | return isset($object) ? $object : FALSE; |
---|
152 | } |
---|
153 | } |
---|
154 | |
---|
155 | /** |
---|
156 | * Fetch one result row from the previous query as an array. |
---|
157 | * |
---|
158 | * @param $result |
---|
159 | * A database query result resource, as returned from db_query(). |
---|
160 | * @return |
---|
161 | * An associative array representing the next row of the result, or FALSE. |
---|
162 | * The keys of this object are the names of the table fields selected by the |
---|
163 | * query, and the values are the field values for this result row. |
---|
164 | */ |
---|
165 | function db_fetch_array($result) { |
---|
166 | if ($result) { |
---|
167 | $array = mysqli_fetch_array($result, MYSQLI_ASSOC); |
---|
168 | return isset($array) ? $array : FALSE; |
---|
169 | } |
---|
170 | } |
---|
171 | |
---|
172 | /** |
---|
173 | * Return an individual result field from the previous query. |
---|
174 | * |
---|
175 | * Only use this function if exactly one field is being selected; otherwise, |
---|
176 | * use db_fetch_object() or db_fetch_array(). |
---|
177 | * |
---|
178 | * @param $result |
---|
179 | * A database query result resource, as returned from db_query(). |
---|
180 | * @return |
---|
181 | * The resulting field or FALSE. |
---|
182 | */ |
---|
183 | function db_result($result) { |
---|
184 | if ($result && mysqli_num_rows($result) > 0) { |
---|
185 | // The mysqli_fetch_row function has an optional second parameter $row |
---|
186 | // but that can't be used for compatibility with Oracle, DB2, etc. |
---|
187 | $array = mysqli_fetch_row($result); |
---|
188 | return $array[0]; |
---|
189 | } |
---|
190 | return FALSE; |
---|
191 | } |
---|
192 | |
---|
193 | /** |
---|
194 | * Determine whether the previous query caused an error. |
---|
195 | */ |
---|
196 | function db_error() { |
---|
197 | global $active_db; |
---|
198 | return mysqli_errno($active_db); |
---|
199 | } |
---|
200 | |
---|
201 | /** |
---|
202 | * Determine the number of rows changed by the preceding query. |
---|
203 | */ |
---|
204 | function db_affected_rows() { |
---|
205 | global $active_db; /* mysqli connection resource */ |
---|
206 | return mysqli_affected_rows($active_db); |
---|
207 | } |
---|
208 | |
---|
209 | /** |
---|
210 | * Runs a limited-range query in the active database. |
---|
211 | * |
---|
212 | * Use this as a substitute for db_query() when a subset of the query is to be |
---|
213 | * returned. |
---|
214 | * User-supplied arguments to the query should be passed in as separate parameters |
---|
215 | * so that they can be properly escaped to avoid SQL injection attacks. |
---|
216 | * |
---|
217 | * @param $query |
---|
218 | * A string containing an SQL query. |
---|
219 | * @param ... |
---|
220 | * A variable number of arguments which are substituted into the query |
---|
221 | * using printf() syntax. The query arguments can be enclosed in one |
---|
222 | * array instead. |
---|
223 | * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose |
---|
224 | * in '') and %%. |
---|
225 | * |
---|
226 | * NOTE: using this syntax will cast NULL and FALSE values to decimal 0, |
---|
227 | * and TRUE values to decimal 1. |
---|
228 | * |
---|
229 | * @param $from |
---|
230 | * The first result row to return. |
---|
231 | * @param $count |
---|
232 | * The maximum number of result rows to return. |
---|
233 | * @return |
---|
234 | * A database query result resource, or FALSE if the query was not executed |
---|
235 | * correctly. |
---|
236 | */ |
---|
237 | function db_query_range($query) { |
---|
238 | $args = func_get_args(); |
---|
239 | $count = array_pop($args); |
---|
240 | $from = array_pop($args); |
---|
241 | array_shift($args); |
---|
242 | |
---|
243 | $query = db_prefix_tables($query); |
---|
244 | if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax |
---|
245 | $args = $args[0]; |
---|
246 | } |
---|
247 | _db_query_callback($args, TRUE); |
---|
248 | $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); |
---|
249 | $query .= ' LIMIT '. (int)$from .', '. (int)$count; |
---|
250 | return _db_query($query); |
---|
251 | } |
---|
252 | |
---|
253 | /** |
---|
254 | * Runs a SELECT query and stores its results in a temporary table. |
---|
255 | * |
---|
256 | * Use this as a substitute for db_query() when the results need to stored |
---|
257 | * in a temporary table. Temporary tables exist for the duration of the page |
---|
258 | * request. |
---|
259 | * User-supplied arguments to the query should be passed in as separate parameters |
---|
260 | * so that they can be properly escaped to avoid SQL injection attacks. |
---|
261 | * |
---|
262 | * Note that if you need to know how many results were returned, you should do |
---|
263 | * a SELECT COUNT(*) on the temporary table afterwards. db_affected_rows() does |
---|
264 | * not give consistent result across different database types in this case. |
---|
265 | * |
---|
266 | * @param $query |
---|
267 | * A string containing a normal SELECT SQL query. |
---|
268 | * @param ... |
---|
269 | * A variable number of arguments which are substituted into the query |
---|
270 | * using printf() syntax. The query arguments can be enclosed in one |
---|
271 | * array instead. |
---|
272 | * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose |
---|
273 | * in '') and %%. |
---|
274 | * |
---|
275 | * NOTE: using this syntax will cast NULL and FALSE values to decimal 0, |
---|
276 | * and TRUE values to decimal 1. |
---|
277 | * |
---|
278 | * @param $table |
---|
279 | * The name of the temporary table to select into. This name will not be |
---|
280 | * prefixed as there is no risk of collision. |
---|
281 | * @return |
---|
282 | * A database query result resource, or FALSE if the query was not executed |
---|
283 | * correctly. |
---|
284 | */ |
---|
285 | function db_query_temporary($query) { |
---|
286 | $args = func_get_args(); |
---|
287 | $tablename = array_pop($args); |
---|
288 | array_shift($args); |
---|
289 | |
---|
290 | $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query)); |
---|
291 | if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax |
---|
292 | $args = $args[0]; |
---|
293 | } |
---|
294 | _db_query_callback($args, TRUE); |
---|
295 | $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); |
---|
296 | return _db_query($query); |
---|
297 | } |
---|
298 | |
---|
299 | /** |
---|
300 | * Returns a properly formatted Binary Large Object value. |
---|
301 | * |
---|
302 | * @param $data |
---|
303 | * Data to encode. |
---|
304 | * @return |
---|
305 | * Encoded data. |
---|
306 | */ |
---|
307 | function db_encode_blob($data) { |
---|
308 | global $active_db; |
---|
309 | return "'". mysqli_real_escape_string($active_db, $data) ."'"; |
---|
310 | } |
---|
311 | |
---|
312 | /** |
---|
313 | * Returns text from a Binary Large OBject value. |
---|
314 | * |
---|
315 | * @param $data |
---|
316 | * Data to decode. |
---|
317 | * @return |
---|
318 | * Decoded data. |
---|
319 | */ |
---|
320 | function db_decode_blob($data) { |
---|
321 | return $data; |
---|
322 | } |
---|
323 | |
---|
324 | /** |
---|
325 | * Prepare user input for use in a database query, preventing SQL injection attacks. |
---|
326 | */ |
---|
327 | function db_escape_string($text) { |
---|
328 | global $active_db; |
---|
329 | return mysqli_real_escape_string($active_db, $text); |
---|
330 | } |
---|
331 | |
---|
332 | /** |
---|
333 | * Lock a table. |
---|
334 | */ |
---|
335 | function db_lock_table($table) { |
---|
336 | db_query('LOCK TABLES {'. db_escape_table($table) .'} WRITE'); |
---|
337 | } |
---|
338 | |
---|
339 | /** |
---|
340 | * Unlock all locked tables. |
---|
341 | */ |
---|
342 | function db_unlock_tables() { |
---|
343 | db_query('UNLOCK TABLES'); |
---|
344 | } |
---|
345 | |
---|
346 | /** |
---|
347 | * Check if a table exists. |
---|
348 | * |
---|
349 | * @param $table |
---|
350 | * The name of the table. |
---|
351 | * |
---|
352 | * @return |
---|
353 | * TRUE if the table exists, and FALSE if the table does not exist. |
---|
354 | */ |
---|
355 | function db_table_exists($table) { |
---|
356 | return (bool) db_fetch_object(db_query("SHOW TABLES LIKE '{". db_escape_table($table) ."}'")); |
---|
357 | } |
---|
358 | |
---|
359 | /** |
---|
360 | * Check if a column exists in the given table. |
---|
361 | * |
---|
362 | * @param $table |
---|
363 | * The name of the table. |
---|
364 | * @param $column |
---|
365 | * The name of the column. |
---|
366 | * |
---|
367 | * @return |
---|
368 | * TRUE if the column exists, and FALSE if the column does not exist. |
---|
369 | */ |
---|
370 | function db_column_exists($table, $column) { |
---|
371 | return (bool) db_fetch_object(db_query("SHOW COLUMNS FROM {". db_escape_table($table) ."} LIKE '". db_escape_table($column) ."'")); |
---|
372 | } |
---|
373 | |
---|
374 | /** |
---|
375 | * @} End of "ingroup database". |
---|
376 | */ |
---|
377 | |
---|