Wordpress/wp-includes/wp-db.php
Matt Mullenweg 8ed932864f Better escaping from class, fixes #1394
git-svn-id: https://develop.svn.wordpress.org/trunk@2684 602fd350-edb4-49c9-b593-d223f7449a82
2005-07-02 23:31:43 +00:00

362 lines
9.9 KiB
PHP

<?php
// WordPress DB Class
// ORIGINAL CODE FROM:
// Justin Vincent (justin@visunet.ie)
// http://php.justinvincent.com
define('EZSQL_VERSION', 'WP1.25');
define('OBJECT', 'OBJECT', true);
define('ARRAY_A', 'ARRAY_A', false);
define('ARRAY_N', 'ARRAY_N', false);
if (!defined('SAVEQUERIES'))
define('SAVEQUERIES', false);
class wpdb {
var $show_errors = true;
var $num_queries = 0;
var $last_query;
var $col_info;
var $queries;
// Our tables
var $posts;
var $users;
var $categories;
var $post2cat;
var $comments;
var $links;
var $linkcategories;
var $options;
var $optiontypes;
var $optionvalues;
var $optiongroups;
var $optiongroup_options;
var $postmeta;
// ==================================================================
// DB Constructor - connects to the server and selects a database
function wpdb($dbuser, $dbpassword, $dbname, $dbhost) {
$this->dbh = @mysql_connect($dbhost, $dbuser, $dbpassword);
if (!$this->dbh) {
$this->bail("
<h1>Error establishing a database connection</h1>
<p>This either means that the username and password information in your <code>wp-config.php</code> file is incorrect or we can't contact the database server at <code>$dbhost</code>. This could mean your host's database server is down.</p>
<ul>
<li>Are you sure you have the correct username and password?</li>
<li>Are you sure that you have typed the correct hostname?</li>
<li>Are you sure that the database server is running?</li>
</ul>
<p>If you're unsure what these terms mean you should probably contact your host. If you still need help you can always visit the <a href='http://wordpress.org/support/'>WordPress Support Forums</a>.</p>
");
}
$this->select($dbname);
}
// ==================================================================
// Select a DB (if another one needs to be selected)
function select($db) {
if (!@mysql_select_db($db, $this->dbh)) {
$this->bail("
<h1>Can&#8217;t select database</h1>
<p>We were able to connect to the database server (which means your username and password is okay) but not able to select the <code>$db</code> database.</p>
<ul>
<li>Are you sure it exists?</li>
<li>On some systems the name of your database is prefixed with your username, so it would be like username_wordpress. Could that be the problem?</li>
</ul>
<p>If you don't know how to setup a database you should <strong>contact your host</strong>. If all else fails you may find help at the <a href='http://wordpress.org/support/'>WordPress Support Forums</a>.</p>");
}
}
// ====================================================================
// Format a string correctly for safe insert under all PHP conditions
function escape($str) {
if( !$this->dbh || version_compare( phpversion(), '4.3.0' ) == '-1' )
return mysql_escape_string( $string );
else
return mysql_real_escape_string( $string, $this->dbh );
}
// ==================================================================
// Print SQL/DB error.
function print_error($str = '') {
global $EZSQL_ERROR;
if (!$str) $str = mysql_error();
$EZSQL_ERROR[] =
array ('query' => $this->last_query, 'error_str' => $str);
// Is error output turned on or not..
if ( $this->show_errors ) {
// If there is an error then take note of it
print "<div id='error'>
<p class='wpdberror'><strong>WordPress database error:</strong> [$str]<br />
<code>$this->last_query</code></p>
</div>";
} else {
return false;
}
}
// ==================================================================
// Turn error handling on or off..
function show_errors() {
$this->show_errors = true;
}
function hide_errors() {
$this->show_errors = false;
}
// ==================================================================
// Kill cached query results
function flush() {
$this->last_result = null;
$this->col_info = null;
$this->last_query = null;
}
// ==================================================================
// Basic Query - see docs for more detail
function query($query) {
// initialise return
$return_val = 0;
$this->flush();
// Log how the function was called
$this->func_call = "\$db->query(\"$query\")";
// Keep track of the last query for debug..
$this->last_query = $query;
// Perform the query via std mysql_query function..
if (SAVEQUERIES)
$this->timer_start();
$this->result = @mysql_query($query, $this->dbh);
++$this->num_queries;
if (SAVEQUERIES)
$this->queries[] = array( $query, $this->timer_stop() );
// If there is an error then take note of it..
if ( mysql_error() ) {
$this->print_error();
return false;
}
if ( preg_match("/^\\s*(insert|delete|update|replace) /i",$query) ) {
$this->rows_affected = mysql_affected_rows();
// Take note of the insert_id
if ( preg_match("/^\\s*(insert|replace) /i",$query) ) {
$this->insert_id = mysql_insert_id($this->dbh);
}
// Return number of rows affected
$return_val = $this->rows_affected;
} else {
$i = 0;
while ($i < @mysql_num_fields($this->result)) {
$this->col_info[$i] = @mysql_fetch_field($this->result);
$i++;
}
$num_rows = 0;
while ( $row = @mysql_fetch_object($this->result) ) {
$this->last_result[$num_rows] = $row;
$num_rows++;
}
@mysql_free_result($this->result);
// Log number of rows the query returned
$this->num_rows = $num_rows;
// Return number of rows selected
$return_val = $this->num_rows;
}
return $return_val;
}
// ==================================================================
// Get one variable from the DB - see docs for more detail
function get_var($query=null, $x = 0, $y = 0) {
$this->func_call = "\$db->get_var(\"$query\",$x,$y)";
if ( $query )
$this->query($query);
// Extract var out of cached results based x,y vals
if ( $this->last_result[$y] ) {
$values = array_values(get_object_vars($this->last_result[$y]));
}
// If there is a value return it else return null
return (isset($values[$x]) && $values[$x]!=='') ? $values[$x] : null;
}
// ==================================================================
// Get one row from the DB - see docs for more detail
function get_row($query = null, $output = OBJECT, $y = 0) {
$this->func_call = "\$db->get_row(\"$query\",$output,$y)";
if ( $query )
$this->query($query);
if ( $output == OBJECT ) {
return $this->last_result[$y] ? $this->last_result[$y] : null;
} elseif ( $output == ARRAY_A ) {
return $this->last_result[$y] ? get_object_vars($this->last_result[$y]) : null;
} elseif ( $output == ARRAY_N ) {
return $this->last_result[$y] ? array_values(get_object_vars($this->last_result[$y])) : null;
} else {
$this->print_error(" \$db->get_row(string query, output type, int offset) -- Output type must be one of: OBJECT, ARRAY_A, ARRAY_N");
}
}
// ==================================================================
// Function to get 1 column from the cached result set based in X index
// se docs for usage and info
function get_col($query = null , $x = 0) {
if ( $query )
$this->query($query);
// Extract the column values
for ( $i=0; $i < count($this->last_result); $i++ ) {
$new_array[$i] = $this->get_var(null, $x, $i);
}
return $new_array;
}
// ==================================================================
// Return the the query as a result set - see docs for more details
function get_results($query = null, $output = OBJECT) {
$this->func_call = "\$db->get_results(\"$query\", $output)";
if ( $query )
$this->query($query);
// Send back array of objects. Each row is an object
if ( $output == OBJECT ) {
return $this->last_result;
} elseif ( $output == ARRAY_A || $output == ARRAY_N ) {
if ( $this->last_result ) {
$i = 0;
foreach( $this->last_result as $row ) {
$new_array[$i] = (array) $row;
if ( $output == ARRAY_N ) {
$new_array[$i] = array_values($new_array[$i]);
}
$i++;
}
return $new_array;
} else {
return null;
}
}
}
// ==================================================================
// Function to get column meta data info pertaining to the last query
// see docs for more info and usage
function get_col_info($info_type = 'name', $col_offset = -1) {
if ( $this->col_info ) {
if ( $col_offset == -1 ) {
$i = 0;
foreach($this->col_info as $col ) {
$new_array[$i] = $col->{$info_type};
$i++;
}
return $new_array;
} else {
return $this->col_info[$col_offset]->{$info_type};
}
}
}
function timer_start() {
$mtime = microtime();
$mtime = explode(' ', $mtime);
$this->time_start = $mtime[1] + $mtime[0];
return true;
}
function timer_stop($precision = 3) {
$mtime = microtime();
$mtime = explode(' ', $mtime);
$time_end = $mtime[1] + $mtime[0];
$time_total = $time_end - $this->time_start;
return $time_total;
}
function bail($message) { // Just wraps errors in a nice header and footer
if ( !$this->show_errors )
return false;
header( 'Content-Type: text/html; charset=utf-8');
echo <<<HEAD
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>WordPress &rsaquo; Error</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style media="screen" type="text/css">
<!--
html {
background: #eee;
}
body {
background: #fff;
color: #000;
font-family: Georgia, "Times New Roman", Times, serif;
margin-left: 25%;
margin-right: 25%;
padding: .2em 2em;
}
h1 {
color: #006;
font-size: 18px;
font-weight: lighter;
}
h2 {
font-size: 16px;
}
p, li, dt {
line-height: 140%;
padding-bottom: 2px;
}
ul, ol {
padding: 5px 5px 5px 20px;
}
#logo {
margin-bottom: 2em;
}
-->
</style>
</head>
<body>
<h1 id="logo"><img alt="WordPress" src="http://static.wordpress.org/logo.png" /></h1>
HEAD;
echo $message;
echo "</body></html>";
die();
}
}
$wpdb = new wpdb(DB_USER, DB_PASSWORD, DB_NAME, DB_HOST);
?>