<?php
-# Copyright (C) 2006 Jason Woofenden
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-
-require_once('code/wfpl/encode.php');
-require_once('code/wfpl/format.php');
+# This program is in the public domain within the United States. Additionally,
+# we waive copyright and related rights in the work worldwide through the CC0
+# 1.0 Universal public domain dedication, which can be found at
+# http://creativecommons.org/publicdomain/zero/1.0/
+
+
+require_once(__DIR__.'/'.'encode.php');
+require_once(__DIR__.'/'.'format.php');
# db_connect() -- connect to a mysql database
#
# the database connection handle. You'll only need this if you want to have
# multiple databases open at once.
-function db_connect($database = 'auto', $user = 'auto', $pass = 'auto', $host = 'localhost') {
+function db_enc_sql($str) {
+ return mysqli_real_escape_string(isset($GLOBALS['wfpl_db_handle']) ? $GLOBALS['wfpl_db_handle'] : null, $str);
+}
+
+function db_connect($database = 'auto', $user = 'auto', $pass = 'auto', $host = 'localhost', $encoding = 'utf8') {
if($database == 'auto') {
if(isset($GLOBALS['db_name'])) {
$database = $GLOBALS['db_name'];
}
}
- $GLOBALS['wfpl_db_handle'] = mysql_connect($host, $user, $pass);
+ $GLOBALS['wfpl_db_handle'] = mysqli_connect($host, $user, $pass);
if(!$GLOBALS['wfpl_db_handle']) {
- die('Could not connect to the database: ' . mysql_error());
+ die('Could not connect to the database: ' . mysqli_error());
}
- if(!mysql_select_db($database, $GLOBALS['wfpl_db_handle'])) {
- die("Couldn not access database \"$database\": " . mysql_error($GLOBALS['wfpl_db_handle']));
+ mysqli_set_charset($GLOBALS['wfpl_db_handle'], $encoding);
+
+ if(!mysqli_select_db($GLOBALS['wfpl_db_handle'], $database)) {
+ die("Couldn not access database \"$database\": " . mysqli_error($GLOBALS['wfpl_db_handle']));
}
return $GLOBALS['wfpl_db_handle'];
# Unless you're doing something unusual like an ALTER TABLE don't call this directly
function db_send_query($sql) {
#echo("Sending query: " . enc_html($sql) . "<br>\n");
- $result = mysql_query($sql, $GLOBALS['wfpl_db_handle']);
+ $result = mysqli_query($GLOBALS['wfpl_db_handle'], $sql);
if(!$result) {
- die(enc_html('DATABASE ERROR: ' . mysql_error($GLOBALS['wfpl_db_handle']) . ' in the following query: ' . $sql));
+ die(enc_html('DATABASE ERROR: ' . mysqli_error($GLOBALS['wfpl_db_handle']) . ' in the following query: ' . $sql));
}
return $result;
#
# %% put a % in the output
# %i put an integer in the output (strips non-numeric digits, and puts in 0 if blank)
+# %f put a floating point value in the output (strips non-numeric digits, puts in 0.0 if not valid)
# %" output double quotes, surrounding the variable which is encoded to be in there.
# %s output encoded to be in double quotes, but don't output the quotes
# %$ output argument as-is, no encoding. Make sure you quote everything from the user!
$str = substr($str, $pos + 2);
if($chr == '"') {
- $out .= '"' . enc_sql(array_shift($args)) . '"';
+ $out .= '"' . db_enc_sql(array_shift($args)) . '"';
} elseif($chr == 's') {
- $out .= enc_sql(array_shift($args));
+ $out .= db_enc_sql(array_shift($args));
} elseif($chr == 'i') {
$int = format_int(array_shift($args));
if($int == '') $int = '0';
$out .= $int;
+ } elseif($chr == 'f') {
+ $arg = array_shift($args);
+ if(is_numeric($arg)) {
+ $arg = sprintf("%f", $arg);
+ }
+ $arg = format_decimal($arg);
+ if(strlen($arg) < 1) {
+ $arg = '0.0';
+ }
+ $out .= $arg;
} elseif($chr == '$') {
$out .= array_shift($args);
} else {
}
+# helper function
function db_send_get($table, $columns, $where, $args) {
$sql = "SELECT $columns FROM $table";
if($where) {
}
+# if no results: returs []
function db_get_rows($table, $columns, $where = '') {
$args = func_get_args();
$args = array_slice($args, 3);
$result = db_send_get($table, $columns, $where, $args);
$rows = array();
- while($row = mysql_fetch_row($result)) {
+ while($row = mysqli_fetch_row($result)) {
$rows[] = $row;
}
- mysql_free_result($result);
+ mysqli_free_result($result);
return $rows;
}
# like db_get_rows, but return array of hashes.
+# if no results: returs []
function db_get_assocs($table, $columns, $where = '') {
$args = func_get_args();
$args = array_slice($args, 3);
$result = db_send_get($table, $columns, $where, $args);
$rows = array();
- while($row = mysql_fetch_assoc($result)) {
+ while($row = mysqli_fetch_assoc($result)) {
$rows[] = $row;
}
- mysql_free_result($result);
+ mysqli_free_result($result);
return $rows;
}
+# if no results: returs []
function db_get_column($table, $columns, $where = '') {
$args = func_get_args();
$args = array_slice($args, 3);
$result = db_send_get($table, $columns, $where, $args);
$column = array();
- while($row = mysql_fetch_row($result)) {
+ while($row = mysqli_fetch_row($result)) {
$column[] = $row[0];
}
- mysql_free_result($result);
+ mysqli_free_result($result);
return $column;
}
+# returns first matching row
+# if no results: returns false
function db_get_row($table, $columns, $where = '') {
$args = func_get_args();
$args = array_slice($args, 3);
$result = db_send_get($table, $columns, $where, $args);
- $row = mysql_fetch_row($result);
+ $row = mysqli_fetch_row($result);
- mysql_free_result($result);
+ mysqli_free_result($result);
return $row;
}
# like db_get_row, but return a hash.
+# if no results: returns false
function db_get_assoc($table, $columns, $where = '') {
$args = func_get_args();
$args = array_slice($args, 3);
$result = db_send_get($table, $columns, $where, $args);
- $row = mysql_fetch_assoc($result);
+ $row = mysqli_fetch_assoc($result);
- mysql_free_result($result);
+ mysqli_free_result($result);
return $row;
}
-function db_get_value($table, $columns, $where = '') {
+# if no results: returns false
+function db_get_value($table, $column, $where = '') {
$args = func_get_args();
$args = array_slice($args, 3);
- $result = db_send_get($table, $columns, $where, $args);
+ $result = db_send_get($table, $column, $where, $args);
- $value = mysql_fetch_row($result);
+ $value = mysqli_fetch_row($result);
if($value !== false) {
$value = $value[0];
}
- mysql_free_result($result);
+ mysqli_free_result($result);
return $value;
}
+# returns an integer
function db_count($table, $where = '') {
$args = func_get_args();
array_splice($args, 1, 0, array('count(*)'));
- return call_user_func_array('db_get_value', $args);
+ return (int) call_user_func_array('db_get_value', $args);
}
# call either of these ways:
# return the value mysql made up for the auto_increment field (for the last insert)
function db_auto_id() {
- return mysql_insert_id($GLOBALS['wfpl_db_handle']);
+ return mysqli_insert_id($GLOBALS['wfpl_db_handle']);
}
$sql = '';
foreach($values as $value) {
if($sql) $sql .= ',';
- $sql .= '"' . enc_sql($value) . '"';
+ $sql .= '"' . db_enc_sql($value) . '"';
}
$sql = "$command INTO $table ($columns) values($sql)";
if($sql != '') {
$sql .= ', ';
}
- $sql .= $columns[$i] . ' = "' . enc_sql($values[$i]) . '"';
+ $sql .= $columns[$i] . ' = "' . db_enc_sql($values[$i]) . '"';
}
define('DB_ORD_MAX', 2000000000);
-function db_reposition_respace($table, $field) {
- $ids = db_get_column($table, 'id', "where $field != 0 order by $field");
+function db_reposition_respace($table, $field, $where = '') {
+ if($where) {
+ $andand = " && ($where) ";
+ }
+ $ids = db_get_column($table, 'id', "where $field != 0 $andand order by $field");
$c = count($ids);
if(!$c) {
# should never happen
#
# return value is the "ord" value you should set/insert into your database
-function db_reposition($table, $row_id, $new_pos, $field = 'ord', $pretty = 'same as $table', $renumbered_already = false) {
+function db_reposition($table, $row_id, $new_pos, $field = 'ord', $pretty = 'same as $table', $where = '', $renumbered_already = false) {
if($pretty == 'same as $table') {
$pretty = $table;
}
+ if($where) {
+ $andand = " && ($where) ";
+ }
if($new_pos === 'ignored') {
# not sorted
# strategy: calculate $prev_ord and $next_ord. If there's no space between, renumber and recurse
if($new_pos == '0') {
- $row = db_get_row($table, "id,$field", "where $field != 0 order by $field limit 1");
+ $row = db_get_row($table, "id,$field", "where $field != 0 $andand order by $field limit 1");
if($row) {
list($first_row_id, $first_row_ord) = $row;
if($first_row_id == $row_id) {
$prev_ord = 0;
} else {
$new_pos = format_int_0($new_pos);
- $rows = db_get_rows($table, "id,$field", "where $field != 0 order by $field limit %i,2", $new_pos - 1);
+ $rows = db_get_rows($table, "id,$field", "where $field != 0 $andand order by $field limit %i,2", $new_pos - 1);
if(!$rows) {
message("Sorry, couldn't find the $pretty you asked to put this $pretty after. Putting it first instead.");
- return db_reposition($table, $row_id, '0', $field, $pretty);
+ return db_reposition($table, $row_id, '0', $field, $pretty, $where);
} else {
list($prev_id, $prev_ord) = $rows[0];
if($prev_id == $row_id) {
message("Programmer error in $pretty ordering code. Please tell your website administrator.");
return '' . rand(2, DB_ORD_MAX - 2); # reasonably unlikely to be the same as some other ord
}
- db_reposition_respace($table, $field);
- return db_reposition($table, $row_id, $new_pos, $field, $pretty, $renumbered_already = true);
+ db_reposition_respace($table, $field, $where);
+ return db_reposition($table, $row_id, $new_pos, $field, $pretty, $where, $renumbered_already = true);
} else {
return $prev_ord + round(($next_ord - $prev_ord) / 2);
}