X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl.git;a=blobdiff_plain;f=db.php;h=efefbda3bcfc3906ba3a03d1bc13ae3b2740967e;hp=9390035af5044822004aa9195648dcaddd7b304d;hb=15459c86d0996ab3037b1738a8be6efd378c1258;hpb=883f464e943d1588c0c4227d7f6e69dedb7b6a21 diff --git a/db.php b/db.php index 9390035..efefbda 100644 --- a/db.php +++ b/db.php @@ -2,25 +2,22 @@ # Copyright (C) 2006 Jason Woofenden # -# This file is part of wfpl. -# -# wfpl is free software; you can redistribute it and/or modify it under the -# terms of the GNU Lesser General Public License as published by the Free -# Software Foundation; either version 2.1 of the License, or (at your option) -# any later version. -# -# wfpl is distributed in the hope that it will be useful, but WITHOUT ANY -# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for -# more details. -# -# You should have received a copy of the GNU Lesser General Public License -# along with wfpl; if not, write to the Free Software Foundation, Inc., 51 -# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - - -require_once('code/wfpl/encode.php'); -require_once('code/wfpl/format.php'); +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +require_once(__DIR__.'/'.'encode.php'); +require_once(__DIR__.'/'.'format.php'); # db_connect() -- connect to a mysql database # @@ -41,7 +38,11 @@ require_once('code/wfpl/format.php'); # the database connection handle. You'll only need this if you want to have # multiple databases open at once. -function db_connect($database = 'auto', $user = 'auto', $pass = 'auto', $host = 'localhost') { +function db_enc_sql($str) { + return mysql_real_escape_string($str, $GLOBALS['wfpl_db_handle'] ? $GLOBALS['wfpl_db_handle'] : null); +} + +function db_connect($database = 'auto', $user = 'auto', $pass = 'auto', $host = 'localhost', $encoding = 'utf8') { if($database == 'auto') { if(isset($GLOBALS['db_name'])) { $database = $GLOBALS['db_name']; @@ -75,6 +76,8 @@ function db_connect($database = 'auto', $user = 'auto', $pass = 'auto', $host = die('Could not connect to the database: ' . mysql_error()); } + mysql_set_charset($encoding, $GLOBALS['wfpl_db_handle']); + if(!mysql_select_db($database, $GLOBALS['wfpl_db_handle'])) { die("Couldn not access database \"$database\": " . mysql_error($GLOBALS['wfpl_db_handle'])); } @@ -98,8 +101,10 @@ function db_send_query($sql) { # # %% put a % in the output # %i put an integer in the output (strips non-numeric digits, and puts in 0 if blank) +# %f put a floating point value in the output (strips non-numeric digits, puts in 0.0 if not valid) # %" output double quotes, surrounding the variable which is encoded to be in there. # %s output encoded to be in double quotes, but don't output the quotes +# %$ output argument as-is, no encoding. Make sure you quote everything from the user! # # complex example: db_get_rows('mytable', 'id', 'where name=%" or company like "%%%s%%"', $name, $company_partial); @@ -128,13 +133,25 @@ function _db_printf($str, $args) { $str = substr($str, $pos + 2); if($chr == '"') { - $out .= '"' . enc_sql(array_shift($args)) . '"'; + $out .= '"' . db_enc_sql(array_shift($args)) . '"'; } elseif($chr == 's') { - $out .= enc_sql(array_shift($args)); + $out .= db_enc_sql(array_shift($args)); } elseif($chr == 'i') { $int = format_int(array_shift($args)); if($int == '') $int = '0'; $out .= $int; + } elseif($chr == 'f') { + $arg = array_shift($args); + if(is_numeric($arg)) { + $arg = sprintf("%f", $arg); + } + $arg = format_decimal($arg); + if(strlen($arg) < 1) { + $arg = '0.0'; + } + $out .= $arg; + } elseif($chr == '$') { + $out .= array_shift($args); } else { $out .= $chr; } @@ -169,6 +186,22 @@ function db_get_rows($table, $columns, $where = '') { return $rows; } +# like db_get_rows, but return array of hashes. +function db_get_assocs($table, $columns, $where = '') { + $args = func_get_args(); + $args = array_slice($args, 3); + $result = db_send_get($table, $columns, $where, $args); + + $rows = array(); + while($row = mysql_fetch_assoc($result)) { + $rows[] = $row; + } + + mysql_free_result($result); + + return $rows; +} + function db_get_column($table, $columns, $where = '') { $args = func_get_args(); $args = array_slice($args, 3); @@ -196,6 +229,19 @@ function db_get_row($table, $columns, $where = '') { return $row; } +# like db_get_row, but return a hash. +function db_get_assoc($table, $columns, $where = '') { + $args = func_get_args(); + $args = array_slice($args, 3); + $result = db_send_get($table, $columns, $where, $args); + + $row = mysql_fetch_assoc($result); + + mysql_free_result($result); + + return $row; +} + function db_get_value($table, $columns, $where = '') { $args = func_get_args(); $args = array_slice($args, 3); @@ -212,7 +258,9 @@ function db_get_value($table, $columns, $where = '') { } function db_count($table, $where = '') { - return db_get_value($table, 'count(*)', $where); + $args = func_get_args(); + array_splice($args, 1, 0, array('count(*)')); + return call_user_func_array('db_get_value', $args); } # call either of these ways: @@ -228,6 +276,22 @@ function db_insert($table, $columns, $values) { db_insert_ish('INSERT', $table, $columns, $values); } + +# like db_insert() above, but instead of passing columns and data separately, +# you can pass one array with the column names as keys and the data as values +function db_insert_assoc($table, $data) { + $args = func_get_args(); + $args = array_slice($args, 2); + $columns = array(); + $values = array(); + foreach($data as $key => $value) { + $columns[] = $key; + $values[] = $value; + } + array_unshift($args, $table, join(',', $columns), $values); + call_user_func_array('db_insert', $args); +} + # same as above, except uses the "replace" command instead of "insert" function db_replace($table, $columns, $values) { if(!is_array($values)) { @@ -250,7 +314,7 @@ function db_insert_ish($command, $table, $columns, $values) { $sql = ''; foreach($values as $value) { if($sql) $sql .= ','; - $sql .= '"' . enc_sql($value) . '"'; + $sql .= '"' . db_enc_sql($value) . '"'; } $sql = "$command INTO $table ($columns) values($sql)"; @@ -258,10 +322,10 @@ function db_insert_ish($command, $table, $columns, $values) { db_send_query($sql); } -# to be consistant with the syntax of the other db functions, $values can be an +# to be consistent with the syntax of the other db functions, $values can be an # array, a single value, or multiple parameters. # -# as usual the where clause stuff is optional, but it will ofcourse update the +# as usual the where clause stuff is optional, but it will of course update the # whole table if you leave it off. # # examples: @@ -288,6 +352,7 @@ function db_update($table, $columns, $values) { $num_fields = count($columns); if(is_array($values)) { + $values = array_values($values); $args = array_slice($args, 1); } else { $values = array_slice($args, 0, $num_fields); @@ -299,7 +364,7 @@ function db_update($table, $columns, $values) { if($sql != '') { $sql .= ', '; } - $sql .= $columns[$i] . ' = "' . enc_sql($values[$i]) . '"'; + $sql .= $columns[$i] . ' = "' . db_enc_sql($values[$i]) . '"'; } @@ -311,7 +376,7 @@ function db_update($table, $columns, $values) { $args = array_slice($args, 1); $sql .= ' '; - # any left for where claus arguments? + # any left for printf arguments? if($args) { $sql .= _db_printf($where, $args); } else { @@ -323,6 +388,23 @@ function db_update($table, $columns, $values) { db_send_query($sql); } +# like db_update() above, but instead of passing columns and data separately, +# you can pass one array with the column names as keys and the data as values +function db_update_assoc($table, $data) { + $args = func_get_args(); + $args = array_slice($args, 2); + $columns = array(); + $values = array(); + foreach($data as $key => $value) { + $columns[] = $key; + $values[] = $value; + } + array_unshift($args, $values); + array_unshift($args, join(',', $columns)); + array_unshift($args, $table); + call_user_func_array('db_update', $args); +} + # pass args for printf-style where clause as usual function db_delete($table, $where = '') { $sql = "DELETE FROM $table"; @@ -340,4 +422,96 @@ function db_delete($table, $where = '') { db_send_query($sql); } -?> + +define('DB_ORD_MAX', 2000000000); + +function db_reposition_respace($table, $field, $where = '') { + if($where) { + $andand = " && ($where) "; + } + $ids = db_get_column($table, 'id', "where $field != 0 $andand order by $field"); + $c = count($ids); + if(!$c) { + # should never happen + return; + } + $inc = floor(DB_ORD_MAX / ($c + 1)); + $cur = $inc; + foreach($ids as $id) { + db_update($table, $field, $cur, 'where id=%i', $id); + $cur += $inc; + } +} + +# this function facilitates letting the user manually sort records (with (int) $field != 0) +# +# When editing a particular row, give the user a pulldown, with 0 -> first, 1 -> second, etc, and pass this integer to db_reposition (3rd parameter). The value "ignored" can be passed, and the row will be given a sort value of 0 and ignored for all sorting. +# +# $pretty is used in error messages to refer to the row, it defaults to whatever you pass for $table. +# +# return value is the "ord" value you should set/insert into your database + +function db_reposition($table, $row_id, $new_pos, $field = 'ord', $pretty = 'same as $table', $where = '', $renumbered_already = false) { + if($pretty == 'same as $table') { + $pretty = $table; + } + if($where) { + $andand = " && ($where) "; + } + + if($new_pos === 'ignored') { + # not sorted + return '0'; + } + + # strategy: calculate $prev_ord and $next_ord. If there's no space between, renumber and recurse + if($new_pos == '0') { + $row = db_get_row($table, "id,$field", "where $field != 0 $andand order by $field limit 1"); + if($row) { + list($first_row_id, $first_row_ord) = $row; + if($first_row_id == $row_id) { + # already first + return $first_row_ord; + } + $next_ord = $first_row_ord; + } else { + # this is the only row, put it in the middle + return '' + floor(DB_ORD_MAX / 2); + } + + $prev_ord = 0; + } else { + $new_pos = format_int_0($new_pos); + $rows = db_get_rows($table, "id,$field", "where $field != 0 $andand order by $field limit %i,2", $new_pos - 1); + if(!$rows) { + message("Sorry, couldn't find the $pretty you asked to put this $pretty after. Putting it first instead."); + return db_reposition($table, $row_id, '0', $field, $pretty, $where); + } else { + list($prev_id, $prev_ord) = $rows[0]; + if($prev_id == $row_id) { + # after self? this shouldn't happen + return $prev_ord; + } + if(count($rows) == 1) { + # we should be last + $next_ord = DB_ORD_MAX; + } else { + list($next_id, $next_ord) = $rows[1]; + if($next_id == $row_id) { + # after prev (already there) + return $next_ord; + } + } + } + } + if($prev_ord + 1 == $next_ord || $prev_ord == $next_ord) { # the latter should never happen + if($renumbered_already) { + message("Programmer error in $pretty ordering code. Please tell your website administrator."); + return '' . rand(2, DB_ORD_MAX - 2); # reasonably unlikely to be the same as some other ord + } + db_reposition_respace($table, $field, $where); + return db_reposition($table, $row_id, $new_pos, $field, $pretty, $where, $renumbered_already = true); + } else { + return $prev_ord + round(($next_ord - $prev_ord) / 2); + } +}