diff options
Diffstat (limited to 'system/database/DB_driver.php')
-rw-r--r-- | system/database/DB_driver.php | 293 |
1 files changed, 211 insertions, 82 deletions
diff --git a/system/database/DB_driver.php b/system/database/DB_driver.php index bbb7b7a80..e9efc8914 100644 --- a/system/database/DB_driver.php +++ b/system/database/DB_driver.php @@ -45,7 +45,8 @@ abstract class CI_DB_driver { public $password; public $hostname; public $database; - public $dbdriver = 'mysql'; + public $dbdriver = 'mysqli'; + public $subdriver; public $dbprefix = ''; public $char_set = 'utf8'; public $dbcollat = 'utf8_general_ci'; @@ -77,6 +78,19 @@ abstract class CI_DB_driver { protected $_protect_identifiers = TRUE; protected $_reserved_identifiers = array('*'); // Identifiers that should NOT be escaped + /** + * The syntax to count rows is slightly different across different + * database engines, so this string appears in each driver and is + * used for the count_all() and count_all_results() functions. + */ + protected $_count_string = 'SELECT COUNT(*) AS '; + + /** + * Constructor + * + * @param array + * @return void + */ public function __construct($params) { if (is_array($params)) @@ -113,7 +127,7 @@ abstract class CI_DB_driver { // ---------------------------------------------------------------- // Connect to the database and set the connection ID - $this->conn_id = ($this->pconnect == FALSE) ? $this->db_connect() : $this->db_pconnect(); + $this->conn_id = ($this->pconnect === FALSE) ? $this->db_connect() : $this->db_pconnect(); // No connection resource? Check if there is a failover else throw an error if ( ! $this->conn_id) @@ -131,7 +145,7 @@ abstract class CI_DB_driver { } // Try to connect - $this->conn_id = ($this->pconnect == FALSE) ? $this->db_connect() : $this->db_pconnect(); + $this->conn_id = ($this->pconnect === FALSE) ? $this->db_connect() : $this->db_pconnect(); // If a connection is made break the foreach loop if ($this->conn_id) @@ -295,17 +309,21 @@ abstract class CI_DB_driver { * @param array An array of binding data * @return mixed */ - public function query($sql, $binds = FALSE, $return_object = TRUE) + public function query($sql, $binds = FALSE, $return_object = NULL) { - if ($sql == '') + if ($sql === '') { log_message('error', 'Invalid query: '.$sql); return ($this->db_debug) ? $this->display_error('db_invalid_query') : FALSE; } + elseif ( ! is_bool($return_object)) + { + $return_object = ! $this->is_write_type($sql); + } // Verify table prefix and replace if necessary - if ($this->dbprefix != '' && $this->swap_pre != '' && $this->dbprefix != $this->swap_pre) + if ($this->dbprefix !== '' && $this->swap_pre !== '' && $this->dbprefix !== $this->swap_pre) { $sql = preg_replace('/(\W)'.$this->swap_pre.'(\S+?)/', '\\1'.$this->dbprefix.'\\2', $sql); } @@ -319,7 +337,7 @@ abstract class CI_DB_driver { // Is query caching enabled? If the query is a "read type" // we will load the caching class and return the previously // cached query if it exists - if ($this->cache_on == TRUE && stripos($sql, 'SELECT') !== FALSE && $this->_cache_init()) + if ($this->cache_on === TRUE && $return_object === TRUE && $this->_cache_init()) { $this->load_rdriver(); if (FALSE !== ($cache = $this->CACHE->read($sql))) @@ -328,8 +346,8 @@ abstract class CI_DB_driver { } } - // Save the query for debugging - if ($this->save_queries == TRUE) + // Save the query for debugging + if ($this->save_queries === TRUE) { $this->queries[] = $sql; } @@ -340,7 +358,7 @@ abstract class CI_DB_driver { // Run the Query if (FALSE === ($this->result_id = $this->simple_query($sql))) { - if ($this->save_queries == TRUE) + if ($this->save_queries === TRUE) { $this->query_times[] = 0; } @@ -352,7 +370,7 @@ abstract class CI_DB_driver { $error = $this->error(); // Log errors - log_message('error', 'Query error: '.$error['message']); + log_message('error', 'Query error: '.$error['message'].' - Invalid query: '.$sql); if ($this->db_debug) { @@ -373,7 +391,7 @@ abstract class CI_DB_driver { $time_end = microtime(TRUE); $this->benchmark += $time_end - $time_start; - if ($this->save_queries == TRUE) + if ($this->save_queries === TRUE) { $this->query_times[] = $time_end - $time_start; } @@ -381,13 +399,11 @@ abstract class CI_DB_driver { // Increment the query counter $this->query_count++; - // Was the query a "write" type? - // If so we'll simply return true - if ($this->is_write_type($sql) === TRUE) + // Will we have a result object instantiated? If not - we'll simply return TRUE + if ($return_object !== TRUE) { - // If caching is enabled we'll auto-cleanup any - // existing files related to this particular URI - if ($this->cache_on == TRUE && $this->cache_autodel == TRUE && $this->_cache_init()) + // If caching is enabled we'll auto-cleanup any existing files related to this particular URI + if ($this->cache_on === TRUE && $this->cache_autodel === TRUE && $this->_cache_init()) { $this->CACHE->delete(); } @@ -396,8 +412,6 @@ abstract class CI_DB_driver { } // Return TRUE if we don't need to create a result object - // Currently only the Oracle driver uses this when stored - // procedures are used if ($return_object !== TRUE) { return TRUE; @@ -409,7 +423,7 @@ abstract class CI_DB_driver { // Is query caching enabled? If so, we'll serialize the // result object and save it to a cache file. - if ($this->cache_on == TRUE && $this->_cache_init()) + if ($this->cache_on === TRUE && $this->_cache_init()) { // We'll create a new instance of the result object // only without the platform specific driver since @@ -596,35 +610,53 @@ abstract class CI_DB_driver { */ public function compile_binds($sql, $binds) { - if (strpos($sql, $this->bind_marker) === FALSE) + if (empty($binds) OR empty($this->bind_marker) OR strpos($sql, $this->bind_marker) === FALSE) { return $sql; } - - if ( ! is_array($binds)) + elseif ( ! is_array($binds)) { $binds = array($binds); + $bind_count = 1; + } + else + { + // Make sure we're using numeric keys + $binds = array_values($binds); + $bind_count = count($binds); } - // Get the sql segments around the bind markers - $segments = explode($this->bind_marker, $sql); + // We'll need the marker length later + $ml = strlen($this->bind_marker); - // The count of bind should be 1 less then the count of segments - // If there are more bind arguments trim it down - if (count($binds) >= count($segments)) + // Make sure not to replace a chunk inside a string that happens to match the bind marker + if ($c = preg_match_all("/'[^']*'/i", $sql, $matches)) { - $binds = array_slice($binds, 0, count($segments)-1); + $c = preg_match_all('/'.preg_quote($this->bind_marker).'/i', + str_replace($matches[0], + str_replace($this->bind_marker, str_repeat(' ', $ml), $matches[0]), + $sql, $c), + $matches, PREG_OFFSET_CAPTURE); + + // Bind values' count must match the count of markers in the query + if ($bind_count !== $c) + { + return $sql; + } + } + elseif (($c = preg_match_all('/'.preg_quote($this->bind_marker).'/i', $sql, $matches, PREG_OFFSET_CAPTURE)) !== $bind_count) + { + return $sql; } - // Construct the binded query - $result = $segments[0]; - $i = 0; - foreach ($binds as $bind) + do { - $result .= $this->escape($bind).$segments[++$i]; + $c--; + $sql = substr_replace($sql, $this->escape($binds[$c]), $matches[0][$c][1], $ml); } + while ($c !== 0); - return $result; + return $sql; } // -------------------------------------------------------------------- @@ -752,13 +784,13 @@ abstract class CI_DB_driver { */ public function count_all($table = '') { - if ($table == '') + if ($table === '') { return 0; } $query = $this->query($this->_count_string.$this->escape_identifiers('numrows').' FROM '.$this->protect_identifiers($table, TRUE, NULL, FALSE)); - if ($query->num_rows() == 0) + if ($query->num_rows() === 0) { return 0; } @@ -837,7 +869,7 @@ abstract class CI_DB_driver { // -------------------------------------------------------------------- /** - * Fetch MySQL Field Names + * Fetch Field Names * * @param string the table name * @return array @@ -850,7 +882,7 @@ abstract class CI_DB_driver { return $this->data_cache['field_names'][$table]; } - if ($table == '') + if ($table === '') { return ($this->db_debug) ? $this->display_error('db_field_param_missing') : FALSE; } @@ -918,7 +950,7 @@ abstract class CI_DB_driver { */ public function field_data($table = '') { - if ($table == '') + if ($table === '') { return ($this->db_debug) ? $this->display_error('db_field_param_missing') : FALSE; } @@ -934,34 +966,57 @@ abstract class CI_DB_driver { * * This function escapes column and table names * - * @param string - * @return string + * @param mixed + * @return mixed */ public function escape_identifiers($item) { - if ($this->_escape_char == '') + if ($this->_escape_char === '' OR empty($item)) { return $item; } - - foreach ($this->_reserved_identifiers as $id) + elseif (is_array($item)) { - if (strpos($item, '.'.$id) !== FALSE) + foreach ($item as $key => $value) { - $item = str_replace('.', $this->_escape_char.'.', $item); + $item[$key] = $this->escape_identifiers($value); + } - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item); + return $item; + } + // Avoid breaking functions and literal values inside queries + elseif (ctype_digit($item) OR $item[0] === "'" OR strpos($item, '(') !== FALSE) + { + return $item; + } + + static $preg_ec = array(); + + if (empty($preg_ec)) + { + if (is_array($this->_escape_char)) + { + $preg_ec = array( + preg_quote($this->_escape_char[0]), preg_quote($this->_escape_char[1]), + $this->_escape_char[0], $this->_escape_char[1] + ); + } + else + { + $preg_ec[0] = $preg_ec[1] = preg_quote($this->_escape_char); + $preg_ec[2] = $preg_ec[3] = $this->_escape_char; } } - if (strpos($item, '.') !== FALSE) + foreach ($this->_reserved_identifiers as $id) { - $item = str_replace('.', $this->_escape_char.'.'.$this->_escape_char, $item); + if (strpos($item, '.'.$id) !== FALSE) + { + return preg_replace('/'.$preg_ec[0].'?([^'.$preg_ec[1].'\.]+)'.$preg_ec[1].'?\./i', $preg_ec[2].'$1'.$preg_ec[3].'.', $item); + } } - // remove duplicates if the user already included the escape - return preg_replace('/['.$this->_escape_char.']+/', $this->_escape_char, $this->_escape_char.$item.$this->_escape_char); + return preg_replace('/'.$preg_ec[0].'?([^'.$preg_ec[1].'\.]+)'.$preg_ec[1].'?(\.)?/i', $preg_ec[2].'$1'.$preg_ec[3].'$2', $item); } // -------------------------------------------------------------------- @@ -989,6 +1044,23 @@ abstract class CI_DB_driver { // -------------------------------------------------------------------- /** + * Insert statement + * + * Generates a platform-specific insert string from the supplied data + * + * @param string the table name + * @param array the insert keys + * @param array the insert values + * @return string + */ + protected function _insert($table, $keys, $values) + { + return 'INSERT INTO '.$table.' ('.implode(', ', $keys).') VALUES ('.implode(', ', $values).')'; + } + + // -------------------------------------------------------------------- + + /** * Generate an update string * * @param string the table upon which the query will be performed @@ -998,7 +1070,7 @@ abstract class CI_DB_driver { */ public function update_string($table, $data, $where) { - if ($where == '') + if ($where === '') { return FALSE; } @@ -1018,7 +1090,7 @@ abstract class CI_DB_driver { $dest = array(); foreach ($where as $key => $val) { - $prefix = (count($dest) == 0) ? '' : ' AND '; + $prefix = (count($dest) === 0) ? '' : ' AND '; $key = $this->protect_identifiers($key); if ($val !== '') @@ -1041,6 +1113,41 @@ abstract class CI_DB_driver { // -------------------------------------------------------------------- /** + * Update statement + * + * Generates a platform-specific update string from the supplied data + * + * @param string the table name + * @param array the update data + * @param array the where clause + * @param array the orderby clause + * @param array the limit clause + * @param array the like clause + * @return string + */ + protected function _update($table, $values, $where, $orderby = array(), $limit = FALSE, $like = array()) + { + foreach ($values as $key => $val) + { + $valstr[] = $key.' = '.$val; + } + + $where = empty($where) ? '' : ' WHERE '.implode(' ', $where); + + if ( ! empty($like)) + { + $where .= ($where === '' ? ' WHERE ' : ' AND ').implode(' ', $like); + } + + return 'UPDATE '.$table.' SET '.implode(', ', $valstr) + .$where + .(count($orderby) > 0 ? ' ORDER BY '.implode(', ', $orderby) : '') + .($limit ? ' LIMIT '.$limit : ''); + } + + // -------------------------------------------------------------------- + + /** * Tests whether the string has an SQL operator * * @param string @@ -1048,7 +1155,21 @@ abstract class CI_DB_driver { */ protected function _has_operator($str) { - return (bool) preg_match('/(\s|<|>|!|=|IS NULL|IS NOT NULL)/i', trim($str)); + return (bool) preg_match('/(\s|<|>|!|=|IS NULL|IS NOT NULL|BETWEEN)/i', trim($str)); + } + + // -------------------------------------------------------------------- + + /** + * Returns the SQL string operator + * + * @param string + * @return string + */ + protected function _get_operator($str) + { + return preg_match('/(=|!|<|>| IS NULL| IS NOT NULL| BETWEEN)/i', $str, $match) + ? $match[1] : FALSE; } // -------------------------------------------------------------------- @@ -1062,7 +1183,7 @@ abstract class CI_DB_driver { */ public function call_function($function) { - $driver = ($this->dbdriver == 'postgre') ? 'pg_' : $this->dbdriver.'_'; + $driver = ($this->dbdriver === 'postgre') ? 'pg_' : $this->dbdriver.'_'; if (FALSE === strpos($driver, $function)) { @@ -1116,7 +1237,6 @@ abstract class CI_DB_driver { return $this->cache_on = FALSE; } - // -------------------------------------------------------------------- /** @@ -1217,7 +1337,7 @@ abstract class CI_DB_driver { $heading = $LANG->line('db_error_heading'); - if ($native == TRUE) + if ($native === TRUE) { $message = (array) $error; } @@ -1235,7 +1355,7 @@ abstract class CI_DB_driver { if (isset($call['file']) && strpos($call['file'], BASEPATH.'database') === FALSE) { // Found it - use a relative path for safety - $message[] = 'Filename: '.str_replace(array(BASEPATH, APPPATH), '', $call['file']); + $message[] = 'Filename: '.str_replace(array(APPPATH, BASEPATH), '', $call['file']); $message[] = 'Line Number: '.$call['line']; break; } @@ -1286,34 +1406,43 @@ abstract class CI_DB_driver { $escaped_array = array(); foreach ($item as $k => $v) { - $escaped_array[$this->protect_identifiers($k)] = $this->protect_identifiers($v); + $escaped_array[$this->protect_identifiers($k)] = $this->protect_identifiers($v, $prefix_single, $protect_identifiers, $field_exists); } return $escaped_array; } + // This is basically a bug fix for queries that use MAX, MIN, etc. + // If a parenthesis is found we know that we do not need to + // escape the data or add a prefix. There's probably a more graceful + // way to deal with this, but I'm not thinking of it -- Rick + if (strpos($item, '(') !== FALSE) + { + return $item; + } + // Convert tabs or multiple spaces into single spaces - $item = preg_replace('/[\t ]+/', ' ', $item); + $item = preg_replace('/\s+/', ' ', $item); // If the item has an alias declaration we remove it and set it aside. - // Basically we remove everything to the right of the first space - if (strpos($item, ' ') !== FALSE) + // Note: strripos() is used in order to support spaces in table names + if ($offset = strripos($item, ' AS ')) { - $alias = strstr($item, ' '); - $item = substr($item, 0, - strlen($alias)); + $alias = ($protect_identifiers) + ? substr($item, $offset, 4).$this->escape_identifiers(substr($item, $offset + 4)) + : substr($item, $offset); + $item = substr($item, 0, $offset); } - else + elseif ($offset = strrpos($item, ' ')) { - $alias = ''; + $alias = ($protect_identifiers) + ? ' '.$this->escape_identifiers(substr($item, $offset + 1)) + : substr($item, $offset); + $item = substr($item, 0, $offset); } - - // This is basically a bug fix for queries that use MAX, MIN, etc. - // If a parenthesis is found we know that we do not need to - // escape the data or add a prefix. There's probably a more graceful - // way to deal with this, but I'm not thinking of it -- Rick - if (strpos($item, '(') !== FALSE) + else { - return $item.$alias; + $alias = ''; } // Break the string apart if it contains periods, then insert the table prefix @@ -1345,7 +1474,7 @@ abstract class CI_DB_driver { } // Is there a table prefix defined in the config file? If not, no need to do anything - if ($this->dbprefix != '') + if ($this->dbprefix !== '') { // We now add the table prefix based on some logic. // Do we have 4 segments (hostname.database.table.column)? @@ -1369,13 +1498,13 @@ abstract class CI_DB_driver { // This flag is set when the supplied $item does not contain a field name. // This can happen when this function is being called from a JOIN. - if ($field_exists == FALSE) + if ($field_exists === FALSE) { $i++; } // Verify table prefix and replace if necessary - if ($this->swap_pre != '' && strpos($parts[$i], $this->swap_pre) === 0) + if ($this->swap_pre !== '' && strpos($parts[$i], $this->swap_pre) === 0) { $parts[$i] = preg_replace('/^'.$this->swap_pre.'(\S+?)/', $this->dbprefix.'\\1', $parts[$i]); } @@ -1398,15 +1527,15 @@ abstract class CI_DB_driver { } // Is there a table prefix? If not, no need to insert it - if ($this->dbprefix != '') + if ($this->dbprefix !== '') { // Verify table prefix and replace if necessary - if ($this->swap_pre != '' && strpos($item, $this->swap_pre) === 0) + if ($this->swap_pre !== '' && strpos($item, $this->swap_pre) === 0) { $item = preg_replace('/^'.$this->swap_pre.'(\S+?)/', $this->dbprefix.'\\1', $item); } // Do we prefix an item with no segments? - elseif ($prefix_single == TRUE && strpos($item, $this->dbprefix) !== 0) + elseif ($prefix_single === TRUE && strpos($item, $this->dbprefix) !== 0) { $item = $this->dbprefix.$item; } |