summaryrefslogtreecommitdiff
path: root/public_html/class/mysql.php
diff options
context:
space:
mode:
Diffstat (limited to 'public_html/class/mysql.php')
-rw-r--r--public_html/class/mysql.php71
1 files changed, 61 insertions, 10 deletions
diff --git a/public_html/class/mysql.php b/public_html/class/mysql.php
index 0fb46bb..0844eaa 100644
--- a/public_html/class/mysql.php
+++ b/public_html/class/mysql.php
@@ -16,7 +16,7 @@ class vfsdb {
}
if ( $this->db->connect_errno() ){
- failure("<p>Can't connect to the database. MySQL gave this error code: ".$this->db->connect_errno . "</p>", '500 Server Failure', false, '<h1>Connection to MySQL server failed.</h1>');
+ failure("<p>Can't connect to the database. MySQL gave this error code: " . $this->db->connect_errno . "</p>", '500 Server Failure', false, '<h1>Connection to MySQL server failed.</h1>');
}
if ( ! $this->db->ping() ){
@@ -41,23 +41,74 @@ class vfsdb {
return true;
}
- private function _prepare($sql){
- if ( is_null($sql) || $sql == "")
+ # does a single MySQL query with output (SELECT, INSERT, UPDATE... )
+ public function doQuery($string){
+ if ( ! $this->check() )
return false;
- return $this->db->real_escape_string($sql);
+ return $this->db->query($sql);
}
- public function doQuery($string){
+ # does multiple queries WITHOUT output (INSERT, UPDATE, DELETE... )
+ public function execMultipleQueries($sql){
if ( ! $this->check() )
- failure("<p>Can't reach MySQL server. Server says: ". $this->db->error . "</p>", '500 Server Failure', false, "<h1>Can't reach MySQL server!</h1>")
+ return false;
- $sql = _prepare($string);
- if ( ! $sql )
+ $result = $this->db->multi_query($sql);
+ if ( ! $result )
return false;
- return $this->db->query($sql);
+ do {
+ if( ! $this->db->more_results() )
+ break;
+ if ( ! $this->db->next_result() ){
+ if ( $this->db->error != "" ){
+ $res->free();
+ return false;
+ }
+ }
+ } while (true);
+
+ return true;
+ }
+
+ # code by WordPress. See @link https://core.trac.wordpress.org/browser/branches/4.0/src/wp-includes/wp-db.php#L1154
+ # syntax like sprintf()
+ public function prepare( $query, $args ) {
+ if ( is_null( $query ) )
+ return;
+
+ // This is not meant to be foolproof -- but it will catch obviously incorrect usage.
+ if ( strpos( $query, '%' ) === false ) {
+ return false;
+ }
+
+ $args = func_get_args();
+ array_shift( $args );
+
+ // If args were passed as an array (as in vsprintf), move them up
+ if ( isset( $args[0] ) && is_array($args[0]) )
+ $args = $args[0];
+
+ $query = str_replace( "'%s'", '%s', $query ); // in case someone mistakenly already singlequoted it
+ $query = str_replace( '"%s"', '%s', $query ); // doublequote unquoting
+ $query = preg_replace( '|(?<!%)%f|' , '%F', $query ); // Force floats to be locale unaware
+ $query = preg_replace( '|(?<!%)%s|', "'%s'", $query ); // quote the strings, avoiding escaped strings like %%s
+
+ array_walk( $args, array( $this, '_escape_by_ref' ) );
+
+ return @vsprintf( $query, $args );
+ }
+
+ private function _escape_by_ref( &$string ){
+ if ( ! is_float( $string ) )
+ $string = $this->_real_escape( $string );
+ }
+
+ private function _real_escape( $string ){
+ return $this->db->real_escape_string($string);
}
+ # WordPress End
public function createTables(){
$user_table =
@@ -103,7 +154,7 @@ class vfsdb {
)
ENGINE=InnoDB;';
- if ( ! $this->db->query($user_table . ' ' . $files_table . ' ' . $banned_user_table) )
+ if ( ! $this->execMultipleQueries('BEGIN; '. $user_table . ' ' . $files_table . ' ' . $banned_user_table . ' END;') )
failure("<p>There was a problem during bootstrapping the database schema. " . $this->db->error . "</p>", '500 Server Failure', false, "<h1>CREATE TABLE FAILED</h1>");
}