3 * Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved
5 * This file is a part of Codendi.
7 * Codendi is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * Codendi is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with Codendi. If not, see <http://www.gnu.org/licenses/>.
21 require_once('DataAccessResult.class.php');
22 require_once('DataAccessException.class.php');
24 $GLOBALS['DEBUG_DAO_QUERY_COUNT'] = 0;
26 if(!defined('CODENDI_DB_NULL')) define('CODENDI_DB_NULL', 0);
27 if(!defined('CODENDI_DB_NOT_NULL')) define('CODENDI_DB_NOT_NULL', 1);
30 * A simple class for querying MySQL
35 * $db stores a database resource
40 * store the database name used to instantiate the connection
45 * Constucts a new DataAccess object
46 * @param $host string hostname for dbserver
47 * @param $user string dbserver user
48 * @param $pass string dbserver user password
49 * @param $db string database name
51 function DataAccess($host,$user,$pass,$db,$opt=0) {
52 $this->store = array();
53 $this->db = $this->connect($host, $user, $pass, $opt);
55 mysql_query("SET NAMES 'utf8'", $this->db);
56 if (!mysql_select_db($db,$this->db)) {
57 trigger_error(mysql_error(), E_USER_ERROR);
61 throw new DataAccessException('Unable to access the database. Please contact your administrator.');
65 protected function connect($host, $user, $pass, $opt) {
66 return mysql_connect($host, $user, $pass, true, $opt);
72 * Fetches a query resources and stores it in a local member
73 * @param $sql string the database query to run
74 * @return object DataAccessResult
76 function &fetch($sql,$params=array()) {
78 $res = $this->mysql_query_params($sql,$params,$this->db);
79 if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE']) {
80 $GLOBALS['DEBUG_DAO_QUERY_COUNT']++;
81 $GLOBALS['QUERIES'][]=$sql;
82 if (!isset($GLOBALS['DBSTORE'][md5($sql)])) {
83 $GLOBALS['DBSTORE'][md5($sql)] = array('sql' => $sql, 'nb' => 0, 'trace' => array());
85 $GLOBALS['DBSTORE'][md5($sql)]['trace'][$GLOBALS['DBSTORE'][md5($sql)]['nb']++] = array(debug_backtrace(), $time, microtime(1));
87 $dar = new DataAccessResult($this, $res);
92 * Return ID generated from the previous INSERT operation.
94 * @return int, or 0 if the previous query does not generate an AUTO_INCREMENT value, or FALSE if no MySQL connection was established
96 function lastInsertId() {
98 return mysql_insert_id($this->db);
100 return mysql_insert_id();
105 * Return number of rows affected by the last INSERT, UPDATE or DELETE.
109 function affectedRows() {
111 return mysql_affected_rows($this->db);
113 return mysql_affected_rows();
118 * Returns any MySQL errors
119 * @return string a MySQL error
123 return mysql_error($this->db);
125 return mysql_error();
130 * Quote variable to make safe
131 * @see http://php.net/mysql-real-escape-string
134 function quoteSmart($value, $params = array()) {
135 // Quote if not integer
137 $value = mysql_real_escape_string($value, $this->db);
139 $value = mysql_escape_string($value);
141 if (!is_numeric($value) || (isset($params['force_string']) && $params['force_string'])) {
142 $value = "'" . $value . "'";
148 * Safe implode function to use with SQL queries
151 function quoteSmartImplode($glue, $pieces, $params = array()) {
152 $lem = array_keys($pieces);
155 foreach ($pieces as $piece) {
159 $str.=$this->quoteSmart($piece,$params);
166 function escapeInt($v, $null = CODENDI_DB_NOT_NULL) {
168 if($null === CODENDI_DB_NULL && $v === '') {
171 if(preg_match('/^([+-]?[1-9][0-9]*|[+-]?0)$/', $v, $m)) {
177 # Parameterised query implementation for MySQL (similar PostgreSQL's PHP function pg_query_params)
178 # Example: mysql_query_params( "SELECT * FROM my_table WHERE col1=$1 AND col2=$2", array( 42, "It's ok" ) );
179 function mysql_query_params($sql,$params=array(),$database) {
180 if(!empty($params)) {
181 for ($i=1;$i<=count($params);$i++ ) {
184 return mysql_query(str_replace($args,$params,$sql),$database);
186 return mysql_query($sql,$database);