Warning: Use of undefined constant DIR_JS - assumed 'DIR_JS' (this will throw an Error in a future version of PHP) in /var/www/vhosts/ilogo.in/httpdocs/contests/roadies8/includes/config.inc.php on line 58
/**
* DB.php
*
* Database functions
* $Id: DB.php,v 1.1 2003/07/28 19:35:33 Lee Semel Exp $
*
* Added fetchAll method
* TODO: add filtering
*/
Class DB {
var $conn;
var $lastSql;
var $dumpSql;
var $currentDB;
function setDumpSql($dumpSql) {
$this->dumpSql = $dumpSql;
}
function getLastSql() {
return $this->lastSql;
}
function DB() {
}
/**
* Used to check if an identifier is valid --
* table names, database names, column names, etc.
*
* @params $identifier The identifier to check
*/
function isValidMySqlIdentifier($identifier) {
$result = TRUE;
if(preg_match("/^[a-zA-Z_0-9\.]*$/",$identifier)) {
$result = TRUE;
}
return($result);
}
/**
* Escape a string of SQL so it is safe to place within a query
*
* This function must be called on every untrusted value that is used within a query.
* It will encode the string by calling mysql_escape_string
*
* This will not escape _ and % so it is unsuitable for use in a LIKE query
*
* @param $string String to be escaped
*/
function escapeSql($string) {
// Escape all characters except % and _
$escaped_string = mysql_real_escape_string($string);
return ($escaped_string);
}
/**
* Add appropriate quoting for MySQL
*
* @param $string String to be escaped and quoted
*/
function quoteSql($string) {
$escaped_string = $this->escapeSql($string);
$quoted_string = "'" . $escaped_string . "'";
return($quoted_string);
}
/**
* Escape a string of SQL so it is safe to use in a LIKE query
*
* This function is identical to escapeSQL except it also escapes % and _
*
* @param $string String to be escaped
*/
function escapeSqlLike($string) {
$escaped_string = $this->escapeSQL($string);
$escaped_string = str_replace("%","\%",$escaped_string);
$escaped_string = str_replace("_","\_",$escaped_string);
return ($escaped_string);
}
/**
* Converts a date in UNIX epoch-seconds format to YYYY-MM-DD HH:MM:SS
* suitable for using in a DATETTIME field
*
* @param $unixtime Unix epoch seconds
*/
function unixToSqlDate($unixtime) {
// getdate returns the date as an associative array
$d = getdate($unixtime);
// Assemble the array into something MySQL can understand
$mysql_date = sprintf("%04d-%02d-%02d %02d:%02d:%02d", $d['year'], $d['mon'], $d['mday'], $d['hours'], $d['minutes'], $d['seconds']);
return($mysql_date);
}
/**
* Converts a date in UNIX epoch-seconds format to HH:MM:SS
* throwing away the date portion
*
* @param $unixtime Unix epoch seconds
*/
function unixToSqlTime($unixtime) {
// getdate returns the date as an associative array
$d = getdate($unixtime);
// Assemble the array into something MySQL can understand
$mysql_time = sprintf("%02d:%02d:%02d", $d['hours'], $d['minutes'], $d['seconds']);
return($mysql_time);
}
/**
* Converts a time in the format HH:MM:SS to seconds after midnight today
* This is required to incorporate the correct time zone into the time
*/
function sqlToUnixTime($mysql_time) {
if (preg_match("/^(\d\d):(\d\d):(\d\d)$/",$mysql_time,$matches)) {
$hour = $matches[1];
$minute = $matches[2];
$second = $matches[3];
$seconds = $second + 60*($minute+60*$hour);
return mktime($hour,$minute,$second,date("n"),date("d"),date("Y"));
}
return FALSE;
}
/**
* Converts a date in the form YYYY-MM-DD HH:MM:SS or YYYY-MM-DD into UNIX epoch-seconds
* If no time is specified using HH:MM:SS, midnight is used
*
* Checks that the $mysql_date is a valid date and returns FALSE if invalid
*
* @param $mysql_date MySQL-formatted date
* @returns UNIX timestamp or FALSE if passed an invalid format
*/
function sqlToUnixDate($mysql_date){
if (preg_match("/^(\d\d\d\d)-(\d\d)-(\d\d) (\d\d):(\d\d):(\d\d)$/",$mysql_date,$matches)) {
$year = $matches[1];
$mnum = $matches[2];
$day = $matches[3];
$hour = $matches[4];
$minute = $matches[5];
$second = $matches[6];
$unix_time = mktime($hour,$minute,$second,$mnum,$day,$year);
return($unix_time);
} elseif (preg_match("/^(\d\d\d\d)-(\d\d)-(\d\d)$/",$mysql_date,$matches)) {
$year = $matches[1];
$mnum = $matches[2];
$day = $matches[3];
$unix_time = mktime(0,0,0,$mnum,$day,$year);
return($unix_time);
}
return(FALSE);
}
/**
* Set the current MySQL database
*
* @param $database The name of the database to use
* @returns void
*/
function set_database($database) {
//$this->doSQL("USE " . $database);
@mysql_select_db($database);
$this->currentDB = $database;
}
/**
* Connect to a specified database
*
* @param $host The host
* @param $port The port
* @param $username The username
* @param $password The password
* @param $database The specific database to connect to (optional)
* @returns a database connection. Triggers an error if could not connect
*/
function connect($host, $port, $username, $password, $database = "") {
$tries = 10;
do {
$conn = @mysql_pconnect($host . ":" . $port, $username, $password);
$tries--;
} while ($conn === FALSE && $tries > 0);
if ($conn === FALSE) {
$error = mysql_error();
// trigger_error ("DB.php failed to connect to MySQL database: $error",E_USER_ERROR);
}
$this->conn = $conn;
if ($database) {
$this->set_database($database);
}
return($conn);
}
/**
* Internal function to execute a query and return a result set.
*
* If an error occurs, it will attempt to unlock all tables, and will
* trigger an error using trigger_error. This will be displayed to the
* browser depending on the display_errors parameter in php.ini
*
* @param $query The query to execute
* @returns The result set, or FALSE if none
*/
function mySqlSafeQuery($query) {
$this->lastSql = $query;
$result = FALSE;
if ($this->dumpSql === TRUE) {
echo "$query
";
}
$rs = @mysql_query($query, $this->conn);
$errno = mysql_errno($this->conn);
if ($errno > 0) {
$error_text = mysql_error($this->conn);
@mysql_query("unlock tables"); # Clear any locked tables
trigger_error($error_text . ": " . $query, E_USER_ERROR);
} else {
$result = $rs;
}
return $result;
}
/**
* Executes a query and returns a result set (recordset)
*
* @param $sql Query to execute
* @returns Result set or FALSE
*/
function createRecordset($sql) {
$rs = $this->mySqlSafeQuery($sql);
return($rs);
}
/**
* Executes a query
*
* @param $sql Query to execute
* @returns TRUE or FALSE depending on success of query
*/
function doSql($sql) {
return $this->mySqlSafeQuery($sql)? TRUE : FALSE;
}
/**
* Returns the identity of the last insert
* on the given connection
*
*/
function getIdentity() {
$identity = mysql_insert_id($this->conn);
return $identity;
}
/**
* Gets the record count of a recordset
*
* @params $rs the recordset
*/
function getRecordCount($rs) {
return mysql_num_rows($rs);
}
/**
* Gets a single field (column) from a row
* in table $table where column $keys has value $values,
* also available for $keys and $value specified as arrays
*
* @returns The value or FALSE
*/
function getField($table, $keys, $values, $field) {
$result = FALSE;
if(!is_array($keys) && !is_array($values)){
$sql = "SELECT $field FROM $table WHERE $keys = " . $this->quoteSql($values);
} else {
$sql = "SELECT $field FROM $table WHERE ";
for($i=0; $i < sizeof($keys); $i++){
if($i > 0){ $sql .= " AND "; }
$sql .= $keys[$i]." = ".$this->quoteSql($values[$i]);
}
}
$rs = $this->createRecordset($sql);
$row = mysql_fetch_array($rs);
if ($row) {
$result = $row[$field];
}
return $result;
}
# Function Gets last inserted id
function getLastInsertedId($table, $fieldName)
{
$sql = "SELECT MAX($fieldName) as maxfield from $table";
$rs = $this->createRecordset($sql);
$row = mysql_fetch_array($rs);
if ($row) {
$result = $row[maxfield];
}
return $result;
}
/**
* Gets multiple fields (columns) from table $table
* If $key is specified, limits the results to rows where
* $key = $value
*
* @returns A result set or FALSE
*/
function getFields($table, $key, $value, $field_names) {
$field_names = $this->parseFields($field_names);
$connection = $this->conn;
$sql = "SELECT " . join(",", $field_names) . " FROM $table WHERE $key = " . $this->quoteSQL($value);
return $this->createRecordset($sql);
}
/**
* Updates a single field (column) from a row
* in table $table where column $key has value $value
*
* Note that no quoting is done on $table, $key, or $field,
* so these must be validated to prevent sql injection
*
* @returns FALSE if error, or TRUE
*/
function updateField($table, $key, $value, $field, $updateValue) {
$sql = "UPDATE $table SET $field = " . $this->quoteSql($updateValue);
$sql .= " WHERE $key = " . $this->quoteSQL($value);
return $this->doSQL($sql);
}
/**
* Split lists of fields -- so they can be specified conveniently in a string
*
* An internal function that takes one parameter, $list
* If it is an array, returns it as is. If it is a string,
* splits it on commas and returns an array
*
*/
function parseFields($list) {
if (is_array($list)) {
return($list);
}
$list = explode(",",$list);
for ($i=0; $igetFields($table,$key,$value,$field_names);
if($this->getRecordCount($rs)>0) {
return $this->updateFields($table,$key,$value,$field_names,$field_values);
} else {
return $this->insertFields($table,$field_names,$field_values);
}
}
/**
* Updates fields in a table
*
* Updates fields in table $table where column $key has value $value
*
* Note that no quoting is done on $table, $key, or $field_names,
* so these must be validated to prevent sql injection
*
* @param $table Table
* @param $key Column to search for $value in
* @param $value Value ot search for
* @param $field_names A string or array of field names for updating
* @param $field_values An array of field values to store
* @returns TRUE, or FALSE if error
*/
function updateFields($table, $key, $value, $field_names, $field_values) {
$sql = "UPDATE $table SET ";
$field_names = $this->parseFields($field_names);
if (!is_array($field_values)) {
trigger_error("field_values must be an array",E_USER_ERROR);
}
for ($i=0; $i 0) {
$sql .= ", ";
}
$v = $field_values[$i];
$sql .= $field_names[$i] . " = " . $this->quoteSQL($v);
}
$sql .= " WHERE $key = " . $this->quoteSQL($value);
return $this->doSQL($sql);
}
/**
* Deletes the row(s) from table $table where column $field_name = $field_value
*
* Note $table and $field_name are not quoted -- check if using user input!
*
* @returns TRUE, or FALSE if error
*/
function deleteRow($table, $field_name, $field_value) {
if(!is_array($field_name) && !is_array($field_values)){
$sql = "DELETE FROM $table WHERE $field_name = " . $this->quoteSQL($field_value);
}else{
$sql = "DELETE FROM $table WHERE ";
for($i=0; $i < sizeof($field_name); $i++){
if($i > 0){ $sql .= " AND "; }
$sql .= $field_name[$i]." = ".$this->quoteSql($field_value[$i]);
}
}
return $this->doSQL($sql);
}
/**
* Inserts fields in a table
*
* Inserts fields in table $table where column $key has value $value
*
* Note that no quoting is done on $table or $field_names,
* so these must be validated to prevent sql injection
*
* @param $table Table
* @param $field_names A string or array of field names for inserting
* @param $field_values An array of field values to store
* @returns TRUE, or FALSE if error
*/
function insertFields($table, $field_names, $field_values) {
$sql = "INSERT INTO $table (";
$valuesClause = "VALUES (";
$field_names = $this->parseFields($field_names);
if (!is_array($field_values)) {
trigger_error("field_values must be an array",E_USER_ERROR);
}
for ($i = 0; $i 0) {
$sql .= ", ";
$valuesClause .= ", ";
}
$sql .= "`".$field_names[$i]."`";
$value = $field_values[$i];
$valuesClause .= $this->quoteSQL($value);
}
$valuesClause .= ")";
$sql .= ") " . $valuesClause;
return $this->doSQL($sql);
}
/**
* Skips records
*
* @param $rs the recordset
* @param $numrecords the number of records to skip
* @returns the nunmber of records skipped
*/
function skipRecords($rs, $numrecords) {
$skipped = 0;
while ($numrecords > 0) {
$row = mysql_fetch_array($rs);
if (!$row) {
break;
}
$skipped++;
$numrecords--;
}
return($skipped);
}
/**
* Reads a column into an array
*/
function &fetchColumn($rs,$column) {
$result = array();
while ($row = mysql_fetch_array($rs)) {
$value = $row[$column];
array_push($result,$value);
}
return $result;
}
/**
* Reads several columns into an array of hashes
*/
function &fetchColumns($rs,$columns) {
$columns = $this->parseFields($columns);
$result = array();
while ($row = mysql_fetch_array($rs)) {
$resultRow = array();
for ($i=0; $iname);
}
return $fieldNames;
}
function getFieldNo($query, $field_no){
$rs = $this->createRecordset($query);
$row = mysql_fetch_array($rs);
return $row[$field_no];
}
function updateConnectionTable($table, $field, $field_fix, $value_fix, $values){
// Delete old values
$sql = "SELECT $field FROM $table WHERE $field_fix =".$this->escapeSQL($value_fix);
$rs_curr_values = $this->createRecordset($sql);
$curr_values = $this->fetchColumn($rs_curr_values, $field);
foreach($curr_values as $cv){
if(!in_array($cv, $values)){
$this->deleteRow($table, array($field, $field_fix), array($cv, $value_fix));
}
}
// Add new values in table
foreach($values as $v){
if(!$this->getField($table, array($field, $field_fix), array($v, $value_fix), $field)){
$this->insertFields($table, "$field, $field_fix", array($v, $value_fix));
}
}
}
function UpdateRecordInfos_Insert($table, $field, $value, $person){
$this->doSql("UPDATE ".$table." SET created_on = UNIX_TIMESTAMP(NOW()) WHERE $field ='$value'");
$this->doSql("UPDATE ".$table." SET created_by = '".$this->escapeSql($person)."' WHERE $field ='$value'");
}
function tableExist($table_name){
$rs = mysql_list_tables($this->currentDB);
$tables = $this->fetchAll($rs);
foreach($tables as $row){
if($row[0] == $table_name){
return TRUE;
}
}
return FALSE;
}
}
// An error handler that does nothing
function DB_doNothing() {};
?>
Fatal error: Uncaught Error: Class 'DB' not found in /var/www/vhosts/ilogo.in/httpdocs/contests/roadies8/includes/config.inc.php:113
Stack trace:
#0 /var/www/vhosts/ilogo.in/httpdocs/contests/roadies8/pagebase.php(3): require()
#1 /var/www/vhosts/ilogo.in/httpdocs/contests/roadies8/signup.html(2): require_once('/var/www/vhosts...')
#2 {main}
thrown in /var/www/vhosts/ilogo.in/httpdocs/contests/roadies8/includes/config.inc.php on line 113