From 13969cf5406c14ba5dd5f830d7a8e2e2134e244b Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Wed, 15 Aug 2012 09:42:14 -0400
Subject: [PATCH] Skip ? in quoted values from being replaced with parameters
---
program/include/rcube_db.php | 1399 +++++++++++++++++++++++++++++++++++++--------------------
1 files changed, 902 insertions(+), 497 deletions(-)
diff --git a/program/include/rcube_db.php b/program/include/rcube_db.php
index 8fa34e6..eb1ad31 100644
--- a/program/include/rcube_db.php
+++ b/program/include/rcube_db.php
@@ -1,603 +1,1008 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| program/include/rcube_db.php |
| |
- | This file is part of the RoundCube Webmail client |
- | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland |
- | Licensed under the GNU GPL |
+ | This file is part of the Roundcube Webmail client |
+ | Copyright (C) 2005-2012, The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
- | PEAR:DB wrapper class that implements PEAR DB functions |
- | See http://pear.php.net/package/DB |
+ | Database wrapper class that implements PHP PDO functions |
| |
+-----------------------------------------------------------------------+
- | Author: David Saez Padros <david@ols.es> |
- | Thomas Bruederli <roundcube@gmail.com> |
+ | Author: Aleksander Machniak <alec@alec.pl> |
+-----------------------------------------------------------------------+
-
- $Id$
-
*/
/**
* Database independent query interface
*
- * This is a wrapper for the PEAR::DB class
+ * This is a wrapper for the PHP PDO
*
- * @package Database
- * @author David Saez Padros <david@ols.es>
- * @author Thomas Bruederli <roundcube@gmail.com>
- * @version 1.17
- * @link http://pear.php.net/package/DB
+ * @package Database
+ * @version 1.0
*/
class rcube_db
- {
- var $db_dsnw; // DSN for write operations
- var $db_dsnr; // DSN for read operations
- var $db_connected = false; // Already connected ?
- var $db_mode = ''; // Connection mode
- var $db_handle = 0; // Connection handle
- var $db_pconn = false; // Use persistent connections
- var $db_error = false;
- var $db_error_msg = '';
+{
+ protected $db_dsnw; // DSN for write operations
+ protected $db_dsnr; // DSN for read operations
+ protected $db_connected = false; // Already connected ?
+ protected $db_mode; // Connection mode
+ protected $dbh; // Connection handle
- var $a_query_results = array('dummy');
- var $last_res_id = 0;
+ protected $db_error = false;
+ protected $db_error_msg = '';
+ protected $conn_failure = false;
+ protected $a_query_results = array('dummy');
+ protected $last_res_id = 0;
+ protected $db_index = 0;
+ protected $tables;
+ protected $variables;
+
+ protected $options = array(
+ // column/table quotes
+ 'identifier_start' => '"',
+ 'identifier_end' => '"',
+ );
- /**
- * Object constructor
- *
- * @param string DSN for read/write operations
- * @param string Optional DSN for read only operations
- */
- function __construct($db_dsnw, $db_dsnr='', $pconn=false)
+ /**
+ * Factory, returns driver-specific instance of the class
+ *
+ * @param string $db_dsnw DSN for read/write operations
+ * @param string $db_dsnr Optional DSN for read only operations
+ * @param bool $pconn Enables persistent connections
+ *
+ * @return rcube_db Object instance
+ */
+ public static function factory($db_dsnw, $db_dsnr = '', $pconn = false)
{
- if ($db_dsnr=='')
- $db_dsnr=$db_dsnw;
-
- $this->db_dsnw = $db_dsnw;
- $this->db_dsnr = $db_dsnr;
- $this->db_pconn = $pconn;
-
- $dsn_array = DB::parseDSN($db_dsnw);
- $this->db_provider = $dsn_array['phptype'];
+ $driver = strtolower(substr($db_dsnw, 0, strpos($db_dsnw, ':')));
+ $driver_map = array(
+ 'sqlite2' => 'sqlite',
+ 'sybase' => 'mssql',
+ 'dblib' => 'mssql',
+ 'mysqli' => 'mysql',
+ );
+
+ $driver = isset($driver_map[$driver]) ? $driver_map[$driver] : $driver;
+ $class = "rcube_db_$driver";
+
+ if (!class_exists($class)) {
+ rcube::raise_error(array('code' => 600, 'type' => 'db',
+ 'line' => __LINE__, 'file' => __FILE__,
+ 'message' => "Configuration error. Unsupported database driver: $driver"),
+ true, true);
+ }
+
+ return new $class($db_dsnw, $db_dsnr, $pconn);
}
-
- /**
- * PHP 4 object constructor
- *
- * @see rcube_db::__construct
- */
- function rcube_db($db_dsnw, $db_dsnr='', $pconn=false)
+ /**
+ * Object constructor
+ *
+ * @param string $db_dsnw DSN for read/write operations
+ * @param string $db_dsnr Optional DSN for read only operations
+ * @param bool $pconn Enables persistent connections
+ */
+ public function __construct($db_dsnw, $db_dsnr = '', $pconn = false)
{
- $this->__construct($db_dsnw, $db_dsnr, $pconn);
+ if (empty($db_dsnr)) {
+ $db_dsnr = $db_dsnw;
+ }
+
+ $this->db_dsnw = $db_dsnw;
+ $this->db_dsnr = $db_dsnr;
+ $this->db_pconn = $pconn;
+
+ $this->db_dsnw_array = self::parse_dsn($db_dsnw);
+ $this->db_dsnr_array = self::parse_dsn($db_dsnr);
+
+ // Initialize driver class
+ $this->init();
}
-
- /**
- * Connect to specific database
- *
- * @param string DSN for DB connections
- * @return object PEAR database handle
- * @access private
- */
- function dsn_connect($dsn)
+ /**
+ * Initialization of the object with driver specific code
+ */
+ protected function init()
{
- // Use persistent connections if available
- $dbh = DB::connect($dsn, array('persistent' => $this->db_pconn));
-
- if (DB::isError($dbh))
- {
- $this->db_error = TRUE;
- $this->db_error_msg = $dbh->getMessage();
-
- raise_error(array('code' => 603, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__,
- 'message' => $this->db_error_msg), TRUE, FALSE);
-
- return FALSE;
- }
-
- else if ($this->db_provider=='sqlite')
- {
- $dsn_array = DB::parseDSN($dsn);
- if (!filesize($dsn_array['database']) && !empty($this->sqlite_initials))
- $this->_sqlite_create_database($dbh, $this->sqlite_initials);
- }
-
- return $dbh;
+ // To be used by driver classes
}
-
- /**
- * Connect to appropiate databse
- * depending on the operation
- *
- * @param string Connection mode (r|w)
- * @access public
- */
- function db_connect($mode)
+ /**
+ * Connect to specific database
+ *
+ * @param array $dsn DSN for DB connections
+ *
+ * @return PDO database handle
+ */
+ protected function dsn_connect($dsn)
{
- $this->db_mode = $mode;
+ $this->db_error = false;
+ $this->db_error_msg = null;
- // Already connected
- if ($this->db_connected)
- {
- // no replication, current connection is ok
- if ($this->db_dsnw==$this->db_dsnr)
- return;
-
- // connected to master, current connection is ok
- if ($this->db_mode=='w')
- return;
+ // Get database specific connection options
+ $dsn_string = $this->dsn_string($dsn);
+ $dsn_options = $this->dsn_options($dsn);
- // Same mode, current connection is ok
- if ($this->db_mode==$mode)
- return;
- }
-
- if ($mode=='r')
- $dsn = $this->db_dsnr;
- else
- $dsn = $this->db_dsnw;
+ if ($db_pconn) {
+ $dsn_options[PDO::ATTR_PERSISTENT] = true;
+ }
- $this->db_handle = $this->dsn_connect($dsn);
- $this->db_connected = $this->db_handle ? TRUE : FALSE;
+ // Connect
+ try {
+ // with this check we skip fatal error on PDO object creation
+ if (!class_exists('PDO', false)) {
+ throw new Exception('PDO extension not loaded. See http://php.net/manual/en/intro.pdo.php');
+ }
+
+ $this->conn_prepare($dsn);
+
+ $dbh = new PDO($dsn_string, $dsn['username'], $dsn['password'], $dsn_options);
+
+ // don't throw exceptions or warnings
+ $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
+ }
+ catch (Exception $e) {
+ $this->db_error = true;
+ $this->db_error_msg = $e->getMessage();
+
+ rcube::raise_error(array('code' => 500, 'type' => 'db',
+ 'line' => __LINE__, 'file' => __FILE__,
+ 'message' => $this->db_error_msg), true, false);
+
+ return null;
+ }
+
+ $this->conn_configure($dsn, $dbh);
+
+ return $dbh;
}
-
- /**
- * Activate/deactivate debug mode
- * (not implemented)
- */
- function set_debug($dbg = true)
- {
-
- }
-
-
- /**
- * Getter for error state
- *
- * @param boolean True on error
- */
- function is_error()
+ /**
+ * Driver-specific preparation of database connection
+ *
+ * @param array $dsn DSN for DB connections
+ */
+ protected function conn_prepare($dsn)
{
- return $this->db_error ? $this->db_error_msg : FALSE;
}
-
- /**
- * Execute a SQL query
- *
- * @param string SQL query to execute
- * @param mixed Values to be inserted in query
- * @return number Query handle identifier
- * @access public
- */
- function query()
+ /**
+ * Driver-specific configuration of database connection
+ *
+ * @param array $dsn DSN for DB connections
+ * @param PDO $dbh Connection handler
+ */
+ protected function conn_configure($dsn, $dbh)
{
- $params = func_get_args();
- $query = array_shift($params);
-
- return $this->_query($query, 0, 0, $params);
}
-
- /**
- * Execute a SQL query with limits
- *
- * @param string SQL query to execute
- * @param number Offset for LIMIT statement
- * @param number Number of rows for LIMIT statement
- * @param mixed Values to be inserted in query
- * @return number Query handle identifier
- * @access public
- */
- function limitquery()
+ /**
+ * Driver-specific database character set setting
+ *
+ * @param string $charset Character set name
+ */
+ protected function set_charset($charset)
{
- $params = func_get_args();
- $query = array_shift($params);
- $offset = array_shift($params);
- $numrows = array_shift($params);
-
- return $this->_query($query, $offset, $numrows, $params);
+ $this->query("SET NAMES 'utf8'");
}
-
- /**
- * Execute a SQL query with limits
- *
- * @param string SQL query to execute
- * @param number Offset for LIMIT statement
- * @param number Number of rows for LIMIT statement
- * @param array Values to be inserted in query
- * @return number Query handle identifier
- * @access private
- */
- function _query($query, $offset, $numrows, $params)
+ /**
+ * Connect to appropriate database depending on the operation
+ *
+ * @param string $mode Connection mode (r|w)
+ */
+ public function db_connect($mode)
{
- // Read or write ?
- if (strtolower(trim(substr($query,0,6)))=='select')
- $mode='r';
- else
- $mode='w';
-
- $this->db_connect($mode);
-
- if (!$this->db_connected)
- return FALSE;
+ // previous connection failed, don't attempt to connect again
+ if ($this->conn_failure) {
+ return;
+ }
- if ($this->db_provider == 'sqlite')
- $this->_sqlite_prepare();
+ // no replication
+ if ($this->db_dsnw == $this->db_dsnr) {
+ $mode = 'w';
+ }
- if ($numrows || $offset)
- $result = $this->db_handle->limitQuery($query,$offset,$numrows,$params);
- else
- $result = $this->db_handle->query($query, $params);
-
- // add result, even if it's an error
- return $this->_add_result($result);
+ // Already connected
+ if ($this->db_connected) {
+ // connected to db with the same or "higher" mode
+ if ($this->db_mode == 'w' || $this->db_mode == $mode) {
+ return;
+ }
+ }
+
+ $dsn = ($mode == 'r') ? $this->db_dsnr_array : $this->db_dsnw_array;
+
+ $this->dbh = $this->dsn_connect($dsn);
+ $this->db_connected = is_object($this->dbh);
+
+ // use write-master when read-only fails
+ if (!$this->db_connected && $mode == 'r') {
+ $mode = 'w';
+ $this->dbh = $this->dsn_connect($this->db_dsnw_array);
+ $this->db_connected = is_object($this->dbh);
+ }
+
+ if ($this->db_connected) {
+ $this->db_mode = $mode;
+ $this->set_charset('utf8');
+ }
+ else {
+ $this->conn_failure = true;
+ }
}
-
- /**
- * Get number of rows for a SQL query
- * If no query handle is specified, the last query will be taken as reference
- *
- * @param number Optional query handle identifier
- * @return mixed Number of rows or FALSE on failure
- * @access public
- */
- function num_rows($res_id=NULL)
+ /**
+ * Activate/deactivate debug mode
+ *
+ * @param boolean $dbg True if SQL queries should be logged
+ */
+ public function set_debug($dbg = true)
{
- if (!$this->db_handle)
- return FALSE;
-
- if ($result = $this->_get_result($res_id))
- return $result->numRows();
- else
- return FALSE;
+ $this->options['debug_mode'] = $dbg;
}
-
- /**
- * Get number of affected rows fort he last query
- *
- * @return mixed Number of rows or FALSE on failure
- * @access public
- */
- function affected_rows()
+ /**
+ * Writes debug information/query to 'sql' log file
+ *
+ * @param string $query SQL query
+ */
+ protected function debug($query)
{
- if (!$this->db_handle)
- return FALSE;
-
- return $this->db_handle->affectedRows();
+ if ($this->options['debug_mode']) {
+ rcube::write_log('sql', '[' . (++$this->db_index) . '] ' . $query . ';');
+ }
}
-
- /**
- * Get last inserted record ID
- * For Postgres databases, a sequence name is required
- *
- * @param string Sequence name for increment
- * @return mixed ID or FALSE on failure
- * @access public
- */
- function insert_id($sequence = '')
+ /**
+ * Getter for error state
+ *
+ * @param int $res_id Optional query result identifier
+ *
+ * @return string Error message
+ */
+ public function is_error($res_id = null)
{
- if (!$this->db_handle || $this->db_mode=='r')
- return FALSE;
+ if ($res_id !== null) {
+ return $this->_get_result($res_id) === false ? $this->db_error_msg : null;
+ }
- switch($this->db_provider)
- {
- case 'pgsql':
- $result = &$this->db_handle->getOne("SELECT CURRVAL('$sequence')");
- if (DB::isError($result))
- raise_error(array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__,
- 'message' => $result->getMessage()), TRUE, FALSE);
- return $result;
-
- case 'mssql':
- $result = &$this->db_handle->getOne("SELECT @@IDENTITY");
- if (DB::isError($result))
- raise_error(array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__,
- 'message' => $result->getMessage()), TRUE, FALSE);
- return $result;
-
- case 'mysql': // This is unfortuneate
- return mysql_insert_id($this->db_handle->connection);
-
- case 'mysqli':
- return mysqli_insert_id($this->db_handle->connection);
-
- case 'sqlite':
- return sqlite_last_insert_rowid($this->db_handle->connection);
-
- default:
- die("portability issue with this database, please have the developer fix");
- }
+ return $this->db_error ? $this->db_error_msg : null;
}
-
- /**
- * Get an associative array for one row
- * If no query handle is specified, the last query will be taken as reference
- *
- * @param number Optional query handle identifier
- * @return mixed Array with col values or FALSE on failure
- * @access public
- */
- function fetch_assoc($res_id=NULL)
+ /**
+ * Connection state checker
+ *
+ * @return boolean True if in connected state
+ */
+ public function is_connected()
{
- $result = $this->_get_result($res_id);
- return $this->_fetch_row($result, DB_FETCHMODE_ASSOC);
+ return !is_object($this->dbh) ? false : $this->db_connected;
}
-
- /**
- * Get an index array for one row
- * If no query handle is specified, the last query will be taken as reference
- *
- * @param number Optional query handle identifier
- * @return mixed Array with col values or FALSE on failure
- * @access public
- */
- function fetch_array($res_id=NULL)
+ /**
+ * Is database replication configured?
+ *
+ * @return bool Returns true if dsnw != dsnr
+ */
+ public function is_replicated()
{
- $result = $this->_get_result($res_id);
- return $this->_fetch_row($result, DB_FETCHMODE_ORDERED);
+ return !empty($this->db_dsnr) && $this->db_dsnw != $this->db_dsnr;
}
-
- /**
- * Get co values for a result row
- *
- * @param object Query result handle
- * @param number Fetch mode identifier
- * @return mixed Array with col values or FALSE on failure
- * @access private
- */
- function _fetch_row($result, $mode)
+ /**
+ * Get database runtime variables
+ *
+ * @param string $varname Variable name
+ * @param mixed $default Default value if variable is not set
+ *
+ * @return mixed Variable value or default
+ */
+ public function get_variable($varname, $default = null)
{
- if (!$result || DB::isError($result))
- {
- raise_error(array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__,
- 'message' => $this->db_link->getMessage()), TRUE, FALSE);
- return FALSE;
- }
- elseif (!is_object($result))
- return FALSE;
-
- return $result->fetchRow($mode);
- }
-
-
- /**
- * Formats input so it can be safely used in a query
- *
- * @param mixed Value to quote
- * @return string Quoted/converted string for use in query
- * @access public
- */
- function quote($input)
- {
- // create DB handle if not available
- if (!$this->db_handle)
- $this->db_connect('r');
-
- // escape pear identifier chars
- $rep_chars = array('?' => '\?',
- '!' => '\!',
- '&' => '\&');
-
- return $this->db_handle->quoteSmart(strtr($input, $rep_chars));
- }
-
-
- /**
- * Quotes a string so it can be safely used as a table or column name
- *
- * @param string Value to quote
- * @return string Quoted string for use in query
- * @deprecated Replaced by rcube_db::quote_identifier
- * @see rcube_db::quote_identifier
- * @access public
- */
- function quoteIdentifier($str)
- {
- return $this->quote_identifier($str);
- }
-
-
- /**
- * Quotes a string so it can be safely used as a table or column name
- *
- * @param string Value to quote
- * @return string Quoted string for use in query
- * @access public
- */
- function quote_identifier($str)
- {
- if (!$this->db_handle)
- $this->db_connect('r');
-
- return $this->db_handle->quoteIdentifier($str);
+ // to be implemented by driver class
+ return $default;
}
-
- /**
- * Escapes a string
- *
- * @param string The string to be escaped
- * @return string The escaped string
- * @access public
- */
- function escapeSimple($str)
+ /**
+ * Execute a SQL query
+ *
+ * @param string SQL query to execute
+ * @param mixed Values to be inserted in query
+ *
+ * @return number Query handle identifier
+ */
+ public function query()
{
- if (!$this->db_handle)
- $this->db_connect('r');
+ $params = func_get_args();
+ $query = array_shift($params);
- return $this->db_handle->escapeSimple($str);
+ // Support one argument of type array, instead of n arguments
+ if (count($params) == 1 && is_array($params[0])) {
+ $params = $params[0];
+ }
+
+ return $this->_query($query, 0, 0, $params);
}
-
- /*
- * Return SQL function for current time and date
- *
- * @return string SQL function to use in query
- * @access public
- */
- function now()
+ /**
+ * Execute a SQL query with limits
+ *
+ * @param string SQL query to execute
+ * @param int Offset for LIMIT statement
+ * @param int Number of rows for LIMIT statement
+ * @param mixed Values to be inserted in query
+ *
+ * @return int Query handle identifier
+ */
+ public function limitquery()
{
- switch($this->db_provider)
- {
- case 'mssql':
- return "getdate()";
+ $params = func_get_args();
+ $query = array_shift($params);
+ $offset = array_shift($params);
+ $numrows = array_shift($params);
- default:
+ return $this->_query($query, $offset, $numrows, $params);
+ }
+
+ /**
+ * Execute a SQL query with limits
+ *
+ * @param string $query SQL query to execute
+ * @param int $offset Offset for LIMIT statement
+ * @param int $numrows Number of rows for LIMIT statement
+ * @param array $params Values to be inserted in query
+ *
+ * @return int Query handle identifier
+ */
+ protected function _query($query, $offset, $numrows, $params)
+ {
+ // Read or write ?
+ $mode = preg_match('/^(select|show)/i', ltrim($query)) ? 'r' : 'w';
+
+ $this->db_connect($mode);
+
+ // check connection before proceeding
+ if (!$this->is_connected()) {
+ return null;
+ }
+
+ if ($numrows || $offset) {
+ $query = $this->set_limit($query, $numrows, $offset);
+ }
+
+ $params = (array) $params;
+
+ // Because in Roundcube we mostly use queries that are
+ // executed only once, we will not use prepared queries
+ $pos = 0;
+ $idx = 0;
+
+ while ($pos = strpos($query, '?', $pos)) {
+ if ($query[$pos+1] == '?') { // skip escaped ?
+ $pos += 2;
+ }
+ else {
+ $val = $this->quote($params[$idx++]);
+ unset($params[$idx-1]);
+ $query = substr_replace($query, $val, $pos, 1);
+ $pos += strlen($val);
+ }
+ }
+
+ // replace escaped ? back to normal
+ $query = rtrim(strtr($query, array('??' => '?')), ';');
+
+ $this->debug($query);
+
+ $query = $this->dbh->query($query);
+
+ if ($query === false) {
+ $error = $this->dbh->errorInfo();
+ $this->db_error = true;
+ $this->db_error_msg = sprintf('[%s] %s', $error[1], $error[2]);
+
+ rcube::raise_error(array('code' => 500, 'type' => 'db',
+ 'line' => __LINE__, 'file' => __FILE__,
+ 'message' => $this->db_error_msg), true, false);
+ }
+
+ // add result, even if it's an error
+ return $this->_add_result($query);
+ }
+
+ /**
+ * Get number of affected rows for the last query
+ *
+ * @param number $res_id Optional query handle identifier
+ *
+ * @return int Number of rows or false on failure
+ */
+ public function affected_rows($res_id = null)
+ {
+ if ($result = $this->_get_result($res_id)) {
+ return $result->rowCount();
+ }
+
+ return 0;
+ }
+
+ /**
+ * Get last inserted record ID
+ *
+ * @param string $table Table name (to find the incremented sequence)
+ *
+ * @return mixed ID or false on failure
+ */
+ public function insert_id($table = '')
+ {
+ if (!$this->db_connected || $this->db_mode == 'r') {
+ return false;
+ }
+
+ if ($table) {
+ // resolve table name
+ $table = $this->table_name($table);
+ }
+
+ $id = $this->dbh->lastInsertId($table);
+
+ return $id;
+ }
+
+ /**
+ * Get an associative array for one row
+ * If no query handle is specified, the last query will be taken as reference
+ *
+ * @param int $res_id Optional query handle identifier
+ *
+ * @return mixed Array with col values or false on failure
+ */
+ public function fetch_assoc($res_id = null)
+ {
+ $result = $this->_get_result($res_id);
+ return $this->_fetch_row($result, PDO::FETCH_ASSOC);
+ }
+
+ /**
+ * Get an index array for one row
+ * If no query handle is specified, the last query will be taken as reference
+ *
+ * @param int $res_id Optional query handle identifier
+ *
+ * @return mixed Array with col values or false on failure
+ */
+ public function fetch_array($res_id = null)
+ {
+ $result = $this->_get_result($res_id);
+ return $this->_fetch_row($result, PDO::FETCH_NUM);
+ }
+
+ /**
+ * Get col values for a result row
+ *
+ * @param PDOStatement $result Result handle
+ * @param int $mode Fetch mode identifier
+ *
+ * @return mixed Array with col values or false on failure
+ */
+ protected function _fetch_row($result, $mode)
+ {
+ if (!is_object($result) || !$this->is_connected()) {
+ return false;
+ }
+
+ return $result->fetch($mode);
+ }
+
+ /**
+ * Adds LIMIT,OFFSET clauses to the query
+ *
+ * @param string $query SQL query
+ * @param int $limit Number of rows
+ * @param int $offset Offset
+ *
+ * @return string SQL query
+ */
+ protected function set_limit($query, $limit = 0, $offset = 0)
+ {
+ if ($limit) {
+ $query .= ' LIMIT ' . intval($limit);
+ }
+
+ if ($offset) {
+ $query .= ' OFFSET ' . intval($offset);
+ }
+
+ return $query;
+ }
+
+ /**
+ * Returns list of tables in a database
+ *
+ * @return array List of all tables of the current database
+ */
+ public function list_tables()
+ {
+ // get tables if not cached
+ if ($this->tables === null) {
+ $q = $this->query('SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES ORDER BY TABLE_NAME');
+
+ if ($res = $this->_get_result($q)) {
+ $this->tables = $res->fetchAll(PDO::FETCH_COLUMN, 0);
+ }
+ else {
+ $this->tables = array();
+ }
+ }
+
+ return $this->tables;
+ }
+
+ /**
+ * Returns list of columns in database table
+ *
+ * @param string $table Table name
+ *
+ * @return array List of table cols
+ */
+ public function list_cols($table)
+ {
+ $q = $this->query('SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = ?',
+ array($table));
+
+ if ($res = $this->_get_result($q)) {
+ return $res->fetchAll(PDO::FETCH_COLUMN, 0);
+ }
+
+ return array();
+ }
+
+ /**
+ * Formats input so it can be safely used in a query
+ *
+ * @param mixed $input Value to quote
+ * @param string $type Type of data
+ *
+ * @return string Quoted/converted string for use in query
+ */
+ public function quote($input, $type = null)
+ {
+ // handle int directly for better performance
+ if ($type == 'integer' || $type == 'int') {
+ return intval($input);
+ }
+
+ if (is_null($input)) {
+ return 'NULL';
+ }
+
+ // create DB handle if not available
+ if (!$this->dbh) {
+ $this->db_connect('r');
+ }
+
+ if ($this->dbh) {
+ $map = array(
+ 'bool' => PDO::PARAM_BOOL,
+ 'integer' => PDO::PARAM_INT,
+ );
+ $type = isset($map[$type]) ? $map[$type] : PDO::PARAM_STR;
+ return strtr($this->dbh->quote($input, $type), array('?' => '??')); // escape ?
+ }
+
+ return 'NULL';
+ }
+
+ /**
+ * Quotes a string so it can be safely used as a table or column name
+ *
+ * @param string $str Value to quote
+ *
+ * @return string Quoted string for use in query
+ * @deprecated Replaced by rcube_db::quote_identifier
+ * @see rcube_db::quote_identifier
+ */
+ public function quoteIdentifier($str)
+ {
+ return $this->quote_identifier($str);
+ }
+
+ /**
+ * Quotes a string so it can be safely used as a table or column name
+ *
+ * @param string $str Value to quote
+ *
+ * @return string Quoted string for use in query
+ */
+ public function quote_identifier($str)
+ {
+ $start = $this->options['identifier_start'];
+ $end = $this->options['identifier_end'];
+ $name = array();
+
+ foreach (explode('.', $str) as $elem) {
+ $elem = str_replace(array($start, $end), '', $elem);
+ $name[] = $start . $elem . $end;
+ }
+
+ return implode($name, '.');
+ }
+
+ /**
+ * Return SQL function for current time and date
+ *
+ * @return string SQL function to use in query
+ */
+ public function now()
+ {
return "now()";
- }
}
-
- /**
- * Return SQL statement to convert a field value into a unix timestamp
- *
- * @param string Field name
- * @return string SQL statement to use in query
- * @access public
- */
- function unixtimestamp($field)
+ /**
+ * Return list of elements for use with SQL's IN clause
+ *
+ * @param array $arr Input array
+ * @param string $type Type of data
+ *
+ * @return string Comma-separated list of quoted values for use in query
+ */
+ public function array2list($arr, $type = null)
{
- switch($this->db_provider)
- {
- case 'pgsql':
- return "EXTRACT (EPOCH FROM $field)";
+ if (!is_array($arr)) {
+ return $this->quote($arr, $type);
+ }
- case 'mssql':
- return "datediff(s, '1970-01-01 00:00:00', $field)";
+ foreach ($arr as $idx => $item) {
+ $arr[$idx] = $this->quote($item, $type);
+ }
- default:
+ return implode(',', $arr);
+ }
+
+ /**
+ * Return SQL statement to convert a field value into a unix timestamp
+ *
+ * This method is deprecated and should not be used anymore due to limitations
+ * of timestamp functions in Mysql (year 2038 problem)
+ *
+ * @param string $field Field name
+ *
+ * @return string SQL statement to use in query
+ * @deprecated
+ */
+ public function unixtimestamp($field)
+ {
return "UNIX_TIMESTAMP($field)";
- }
}
-
- /**
- * Return SQL statement to convert from a unix timestamp
- *
- * @param string Field name
- * @return string SQL statement to use in query
- * @access public
- */
- function fromunixtime($timestamp)
+ /**
+ * Return SQL statement to convert from a unix timestamp
+ *
+ * @param int $timestamp Unix timestamp
+ *
+ * @return string Date string in db-specific format
+ */
+ public function fromunixtime($timestamp)
{
- switch($this->db_provider)
- {
- case 'mysqli':
- case 'mysql':
- case 'sqlite':
- return sprintf("FROM_UNIXTIME(%d)", $timestamp);
-
- default:
return date("'Y-m-d H:i:s'", $timestamp);
- }
}
-
- /**
- * Adds a query result and returns a handle ID
- *
- * @param object Query handle
- * @return mixed Handle ID or FALE on failure
- * @access private
- */
- function _add_result($res)
+ /**
+ * Return SQL statement for case insensitive LIKE
+ *
+ * @param string $column Field name
+ * @param string $value Search value
+ *
+ * @return string SQL statement to use in query
+ */
+ public function ilike($column, $value)
{
- // sql error occured
- if (DB::isError($res))
- {
- raise_error(array('code' => 500, 'type' => 'db', 'line' => __LINE__, 'file' => __FILE__,
- 'message' => $res->getMessage() . " Query: " . substr(preg_replace('/[\r\n]+\s*/', ' ', $res->userinfo), 0, 512)), TRUE, FALSE);
- return FALSE;
- }
- else
- {
- $res_id = sizeof($this->a_query_results);
- $this->a_query_results[$res_id] = $res;
- $this->last_res_id = $res_id;
- return $res_id;
- }
+ return $this->quote_identifier($column).' LIKE '.$this->quote($value);
}
-
- /**
- * Resolves a given handle ID and returns the according query handle
- * If no ID is specified, the last ressource handle will be returned
- *
- * @param number Handle ID
- * @return mixed Ressource handle or FALE on failure
- * @access private
- */
- function _get_result($res_id=NULL)
+ /**
+ * Abstract SQL statement for value concatenation
+ *
+ * @return string SQL statement to be used in query
+ */
+ public function concat(/* col1, col2, ... */)
{
- if ($res_id==NULL)
- $res_id = $this->last_res_id;
-
- if ($res_id && isset($this->a_query_results[$res_id]))
- return $this->a_query_results[$res_id];
- else
- return FALSE;
+ $args = func_get_args();
+ if (is_array($args[0])) {
+ $args = $args[0];
+ }
+
+ return '(' . join(' || ', $args) . ')';
}
-
- /**
- * Create a sqlite database from a file
- *
- * @param object SQLite database handle
- * @param string File path to use for DB creation
- * @access private
- */
- function _sqlite_create_database($dbh, $file_name)
+ /**
+ * Encodes non-UTF-8 characters in string/array/object (recursive)
+ *
+ * @param mixed $input Data to fix
+ *
+ * @return mixed Properly UTF-8 encoded data
+ */
+ public static function encode($input)
{
- if (empty($file_name) || !is_string($file_name))
- return;
+ if (is_object($input)) {
+ foreach (get_object_vars($input) as $idx => $value) {
+ $input->$idx = self::encode($value);
+ }
+ return $input;
+ }
+ else if (is_array($input)) {
+ foreach ($input as $idx => $value) {
+ $input[$idx] = self::encode($value);
+ }
+ return $input;
+ }
- $data = '';
- if ($fd = fopen($file_name, 'r'))
- {
- $data = fread($fd, filesize($file_name));
- fclose($fd);
- }
-
- if (strlen($data))
- sqlite_exec($dbh->connection, $data);
+ return utf8_encode($input);
}
-
- /**
- * Add some proprietary database functions to the current SQLite handle
- * in order to make it MySQL compatible
- *
- * @access private
- */
- function _sqlite_prepare()
+ /**
+ * Decodes encoded UTF-8 string/object/array (recursive)
+ *
+ * @param mixed $input Input data
+ *
+ * @return mixed Decoded data
+ */
+ public static function decode($input)
{
- include_once('include/rcube_sqlite.inc');
+ if (is_object($input)) {
+ foreach (get_object_vars($input) as $idx => $value) {
+ $input->$idx = self::decode($value);
+ }
+ return $input;
+ }
+ else if (is_array($input)) {
+ foreach ($input as $idx => $value) {
+ $input[$idx] = self::decode($value);
+ }
+ return $input;
+ }
- // we emulate via callback some missing MySQL function
- sqlite_create_function($this->db_handle->connection, "from_unixtime", "rcube_sqlite_from_unixtime");
- sqlite_create_function($this->db_handle->connection, "unix_timestamp", "rcube_sqlite_unix_timestamp");
- sqlite_create_function($this->db_handle->connection, "now", "rcube_sqlite_now");
- sqlite_create_function($this->db_handle->connection, "md5", "rcube_sqlite_md5");
+ return utf8_decode($input);
}
+ /**
+ * Adds a query result and returns a handle ID
+ *
+ * @param object $res Query handle
+ *
+ * @return int Handle ID
+ */
+ protected function _add_result($res)
+ {
+ $this->last_res_id = sizeof($this->a_query_results);
+ $this->a_query_results[$this->last_res_id] = $res;
- } // end class rcube_db
+ return $this->last_res_id;
+ }
+ /**
+ * Resolves a given handle ID and returns the according query handle
+ * If no ID is specified, the last resource handle will be returned
+ *
+ * @param int $res_id Handle ID
+ *
+ * @return mixed Resource handle or false on failure
+ */
+ protected function _get_result($res_id = null)
+ {
+ if ($res_id == null) {
+ $res_id = $this->last_res_id;
+ }
+ if (!empty($this->a_query_results[$res_id])) {
+ return $this->a_query_results[$res_id];
+ }
+
+ return false;
+ }
+
+ /**
+ * Return correct name for a specific database table
+ *
+ * @param string $table Table name
+ *
+ * @return string Translated table name
+ */
+ public function table_name($table)
+ {
+ $rcube = rcube::get_instance();
+
+ // return table name if configured
+ $config_key = 'db_table_'.$table;
+
+ if ($name = $rcube->config->get($config_key)) {
+ return $name;
+ }
+
+ return $table;
+ }
+
+ /**
+ * MDB2 DSN string parser
+ *
+ * @param string $sequence Secuence name
+ *
+ * @return array DSN parameters
+ */
+ public static function parse_dsn($dsn)
+ {
+ if (empty($dsn)) {
+ return null;
+ }
+
+ // Find phptype and dbsyntax
+ if (($pos = strpos($dsn, '://')) !== false) {
+ $str = substr($dsn, 0, $pos);
+ $dsn = substr($dsn, $pos + 3);
+ }
+ else {
+ $str = $dsn;
+ $dsn = null;
+ }
+
+ // Get phptype and dbsyntax
+ // $str => phptype(dbsyntax)
+ if (preg_match('|^(.+?)\((.*?)\)$|', $str, $arr)) {
+ $parsed['phptype'] = $arr[1];
+ $parsed['dbsyntax'] = !$arr[2] ? $arr[1] : $arr[2];
+ }
+ else {
+ $parsed['phptype'] = $str;
+ $parsed['dbsyntax'] = $str;
+ }
+
+ if (empty($dsn)) {
+ return $parsed;
+ }
+
+ // Get (if found): username and password
+ // $dsn => username:password@protocol+hostspec/database
+ if (($at = strrpos($dsn,'@')) !== false) {
+ $str = substr($dsn, 0, $at);
+ $dsn = substr($dsn, $at + 1);
+ if (($pos = strpos($str, ':')) !== false) {
+ $parsed['username'] = rawurldecode(substr($str, 0, $pos));
+ $parsed['password'] = rawurldecode(substr($str, $pos + 1));
+ }
+ else {
+ $parsed['username'] = rawurldecode($str);
+ }
+ }
+
+ // Find protocol and hostspec
+
+ // $dsn => proto(proto_opts)/database
+ if (preg_match('|^([^(]+)\((.*?)\)/?(.*?)$|', $dsn, $match)) {
+ $proto = $match[1];
+ $proto_opts = $match[2] ? $match[2] : false;
+ $dsn = $match[3];
+ }
+ // $dsn => protocol+hostspec/database (old format)
+ else {
+ if (strpos($dsn, '+') !== false) {
+ list($proto, $dsn) = explode('+', $dsn, 2);
+ }
+ if ( strpos($dsn, '//') === 0
+ && strpos($dsn, '/', 2) !== false
+ && $parsed['phptype'] == 'oci8'
+ ) {
+ //oracle's "Easy Connect" syntax:
+ //"username/password@[//]host[:port][/service_name]"
+ //e.g. "scott/tiger@//mymachine:1521/oracle"
+ $proto_opts = $dsn;
+ $pos = strrpos($proto_opts, '/');
+ $dsn = substr($proto_opts, $pos + 1);
+ $proto_opts = substr($proto_opts, 0, $pos);
+ }
+ else if (strpos($dsn, '/') !== false) {
+ list($proto_opts, $dsn) = explode('/', $dsn, 2);
+ }
+ else {
+ $proto_opts = $dsn;
+ $dsn = null;
+ }
+ }
+
+ // process the different protocol options
+ $parsed['protocol'] = (!empty($proto)) ? $proto : 'tcp';
+ $proto_opts = rawurldecode($proto_opts);
+ if (strpos($proto_opts, ':') !== false) {
+ list($proto_opts, $parsed['port']) = explode(':', $proto_opts);
+ }
+ if ($parsed['protocol'] == 'tcp') {
+ $parsed['hostspec'] = $proto_opts;
+ }
+ else if ($parsed['protocol'] == 'unix') {
+ $parsed['socket'] = $proto_opts;
+ }
+
+ // Get dabase if any
+ // $dsn => database
+ if ($dsn) {
+ // /database
+ if (($pos = strpos($dsn, '?')) === false) {
+ $parsed['database'] = rawurldecode($dsn);
+ // /database?param1=value1¶m2=value2
+ }
+ else {
+ $parsed['database'] = rawurldecode(substr($dsn, 0, $pos));
+ $dsn = substr($dsn, $pos + 1);
+ if (strpos($dsn, '&') !== false) {
+ $opts = explode('&', $dsn);
+ }
+ else { // database?param1=value1
+ $opts = array($dsn);
+ }
+ foreach ($opts as $opt) {
+ list($key, $value) = explode('=', $opt);
+ if (!array_key_exists($key, $parsed) || false === $parsed[$key]) {
+ // don't allow params overwrite
+ $parsed[$key] = rawurldecode($value);
+ }
+ }
+ }
+ }
+
+ return $parsed;
+ }
+
+ /**
+ * Returns PDO DSN string from DSN array
+ *
+ * @param array $dsn DSN parameters
+ *
+ * @return string DSN string
+ */
+ protected function dsn_string($dsn)
+ {
+ $params = array();
+ $result = $dsn['phptype'] . ':';
+
+ if ($dsn['hostspec']) {
+ $params[] = 'host=' . $dsn['hostspec'];
+ }
+
+ if ($dsn['port']) {
+ $params[] = 'port=' . $dsn['port'];
+ }
+
+ if ($dsn['database']) {
+ $params[] = 'dbname=' . $dsn['database'];
+ }
+
+ if (!empty($params)) {
+ $result .= implode(';', $params);
+ }
+
+ return $result;
+ }
+
+ /**
+ * Returns driver-specific connection options
+ *
+ * @param array $dsn DSN parameters
+ *
+ * @return array Connection options
+ */
+ protected function dsn_options($dsn)
+ {
+ $result = array();
+
+ return $result;
+ }
+}
--
Gitblit v1.9.1