NYCPHP Meetup

NYPHP.org

[nycphp-talk] New PHundamentals Article

Dan Cech dcech at phpwerx.net
Mon Jan 5 10:59:32 EST 2004


Thanks for the code John,

It is really preferable to take care of magic_quotes_gpc at the 
beginning of the script, rather than at the time of insertion into the 
database.  By doing it that way any validation, redisplay, etc of 
submitted data can be done without needing to worry about the effects of 
magic_quotes.

 From the looks of your code it should be very easy to convert it into 
an ADOdb wrapper library.

Dan

John Lacey wrote:
> 
> 
> Jeff Siegel wrote:
> 
>> We're starting off the New Year with a new PHundamentals article 
>> entitled "Storing Data Submitted From a Form and Displaying Data from 
>> a Database."
>>
>> See: http://phundamentals.nyphp.org/
>>
> 
> Here's a file for phpTest I've modified to add SQLite support.  It 
> illustrates a way of handling different escape methods depending on 
> whether magic_quotes_gpc is on or off.
> The next step is to convert it to use ADODB.
> 
> you're welcome to post the prep_vars() snippet or whatever
> 
> John
> 
> 
> ------------------------------------------------------------------------
> 
> db_host = DB_HOST; $this->db_username = DB_USERNAME; $this->db_password 
> = DB_PASSWORD; $this->db_use_pconnect = DB_USE_PCONNECT; 
> $this->default_db = DEFAULT_DB; $this->db_type = DB_TYPE; $this->db_mode 
> = DB_MODE; // added SQLITE open database file mode $this->debug = FALSE; 
> $this->logfile = 'db_queries.txt'; if ($this->debug) { $this->fp = 
> fopen($this->logfile, 'a'); } if ($this->db_use_pconnect) { 
> $this->pconnect($this->default_db); } else { 
> $this->connect($this->default_db); } if (($this->db_type != 'mysql') && 
> ($this->db_type != 'sqlite')) { die("Invalid database type in 
> config.inc.php"); } } function affected_rows($result) { switch 
> ($this->db_type) { case 'mysql': return 
> mysql_affected_rows($this->result); case 'sqlite': return 
> sqlite_changes($this->link_id); } } function auto_insert($table_name = 
> '') { switch ($this->db_type) { case 'mysql': $value = 'NULL'; break; 
> case 'sqlite': $value = 'NULL'; break; } if ($this->debug) echo 
> "auto_insert is $value
> "; return $value; } function connect($db_name) { switch ($this->db_type) 
> { case 'mysql': $this->link_id = mysql_connect($this->db_host, 
> $this->db_username, $this->db_password) or $this->sql_error(); 
> mysql_select_db($db_name, $this->link_id) or $this->sql_error(); break; 
> case 'sqlite': $this->link_id = sqlite_open($this->default_db, 
> $this->db_mode, &$this->sqlite_error_msg) or $this->sql_error(); break; 
> } if ($this->debug) { fwrite($this->fp, $this->format_date() . " --- 
> Connected to " . $this->db_type . "---\n"); } return; } // this function 
> only used for escape in uploaded images function escape_data($data, 
> $size = 0) { switch ($this->db_type) { case 'mysql': $escaped_data = 
> addslashes($data); break; case 'sqlite': $escaped_data = 
> sqlite_escape_string($data); break; } return $escaped_data; } function 
> insert_id() { switch ($this->db_type) { case 'mysql': $insert_id = 
> mysql_insert_id($this->link_id); break; case 'sqlite': $insert_id = 
> sqlite_last_insert_rowid($this->link_id); break; } if ($this->debug) { 
> fwrite($this->fp, $this->format_date() . " Insert ID is " . $insert_id . 
> "\n"); } return $insert_id; } function fetch_array($result, $row = '0') 
> { switch ($this->db_type) { case 'mysql': return 
> mysql_fetch_array($result); case 'sqlite': return 
> sqlite_fetch_array($result); } } function fetch_object($result, $row = 
> '0') { switch ($this->db_type) { case 'mysql': return 
> mysql_fetch_object($result); case 'sqlite': if 
> (sqlite_has_more($result)) { return (object)sqlite_fetch_array($result, 
> SQLITE_ASSOC); } else { return FALSE; } } } function fetch_row($result, 
> $row = '') { switch ($this->db_type) { case 'mysql': return 
> mysql_fetch_row($result); case 'sqlite': return 
> sqlite_fetch_array($result, SQLITE_NUM); } } function format_date() { 
> switch ($this->db_type) { case 'mysql': return date('Y-m-d H:i:s'); // 
> 2001-12-06 18:00:00 case 'sqlite': return date('Y-m-d H:i:s'); } } // 
> returns an array with the field names for a given table_name function 
> list_fields($table_name) { switch ($this->db_type) { case 'mysql': 
> $fields = mysql_list_fields($this->default_db, $table_name, 
> $this->link_id); $columns = mysql_num_fields($fields); for ($i = 0; $i < 
> $columns; $i++) { $field[] = mysql_field_name($fields, $i); } break; 
> case 'sqlite': // TODO: this function only called from config_views -- 
> not used break; } // if ($this->debug) echo '
> ' . print_r($field) . '
> '; sort($field); return $field; } function num_rows($result) { switch 
> ($this->db_type) { case 'mysql': $numrows = mysql_num_rows($result); 
> break; case 'sqlite': $numrows = sqlite_num_rows($result); break; } if 
> ($this->debug) { fwrite($this->fp, $this->format_date() . " Numrows is 
> $numrows\n"); } return $numrows; } function pconnect($db_name) { switch 
> ($this->db_type) { case 'mysql': $this->link_id = 
> mysql_pconnect($this->db_host, $this->db_username, $this->db_password); 
> if (!$this->link_id) { $this->sql_error(); // database connection failed 
> } if (!mysql_select_db($db_name)) { $this->sql_error(); // unable to 
> select database } break; case 'sqlite': $this->link_id = 
> sqlite_popen($this->default_db, $this->db_mode, 
> &$this->sqlite_error_msg); if (!$this->link_id) { $this->sql_error(); } 
> break; } if ($this->debug) { fwrite($this->fp, $this->format_date() . " 
> --- Connected to " . $this->db_type . "---\n"); } } function prep_vars() 
> { $num_args = func_num_args(); $vars = array(); $magic_quotes_gpc = 
> get_magic_quotes_gpc(); switch ($this->db_type) { case 'mysql': if 
> ($magic_quotes_gpc) { for ($i = 0; $i < $num_args; $i++) { $vars[$i] = 
> func_get_arg($i); } } else { for ($i = 0; $i < $num_args; $i++) { 
> $vars[$i] = addslashes(func_get_arg($i)); } } break; case 'sqlite': if 
> ($magic_quotes_gpc) { for ($i = 0; $i < $num_args; $i++) { $vars[$i] = 
> sqlite_escape_string(stripslashes(func_get_arg($i))); } } else { for ($i 
> = 0; $i < $num_args; $i++) { $vars[$i] = 
> sqlite_escape_string(func_get_arg($i)); } } break; } return $vars; } 
> function query($sql_query) { if ($this->debug) { fwrite($this->fp, 
> $this->format_date() . " Query: $sql_query\n"); } switch 
> ($this->db_type) { case 'mysql': $result = mysql_query($sql_query, 
> $this->link_id); break; case 'sqlite': $result = 
> sqlite_query($sql_query, $this->link_id); break; } if (!$result) { 
> $this->sql_error($sql_query); } return $result; } function 
> sql_error($query = FALSE) { global $admin_email; switch ($this->db_type) 
> { case 'mysql': $this->sql_error_number = mysql_errno($this->link_id); 
> $this->sql_error_name = mysql_error($this->link_id); break; case 
> 'sqlite': $this->sql_error_name = 
> sqlite_error_string(sqlite_last_error($this->link_id)); break; } 
> $admin_blurb = (ADMIN_EMAIL) ? "site administrator <\"mailto:">" : "site 
> administrator"; echo "
> There was an SQL error. The error message is:
> *$this->sql_error_name*" . "
> Please notify the $admin_blurb.
> "; if ($this->debug) { fwrite($this->fp, $db->format_date() . " Error: 
> $this->sql_error_name\n"); } if ($query) { echo "The SQL Query that 
> failed is: *$query*"; } die(); } } ?>
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk




More information about the talk mailing list