db abstraction layer

1 files changed, 160 insertions, 0 deletions

diff --git a/include/dba/dba_driver.php b/include/dba/dba_driver.php
new file mode 100644
index 000000000..2f0555718
--- /dev/null
+++ b/include/dba/dba_driver.php
@@ -0,0 +1,160 @@
+<?php /** @file */
+
+function dba_factory($server,$user,$pass,$db,$install = false) {
+	$dba = null;
+
+	if(class_exists('mysqli')) {
+		require_once('include/dba/dba_mysqli.php');
+		$dba = new dba_mysqli($server,$user,$pass,$db,$install);
+	}
+	else {
+		require_once('include/dba/dba_mysql.php');
+		$dba = new dba_mysql($server,$user,$pass,$db,$install);
+	}
+	$dba->connect($server,$user,$pass,$db);
+
+	return $dba;
+}
+
+
+abstract class dba_driver {
+
+	protected $debug = 0;
+	protected $driver;
+	protected $db;
+	public  $connected = false;
+	public  $error = false;
+
+	abstract function connect($server,$user,$pass,$db);
+	abstract function q($sql);
+	abstract function escape($str);
+	abstract function close();
+
+	function __construct($server,$user,$pass,$db,$install = false) {
+		if($install)
+			$this->install($server,$user,$pass,$db);
+		$this->connect($server,$user,$pass,$db);
+	}
+
+
+	function install($server,$user,$pass,$db) {
+		$server = trim($server);
+		$user = trim($user);
+		$pass = trim($pass);
+		$db = trim($db);
+
+		if (!(strlen($server) && strlen($user))){
+			$this->connected = false;
+			$this->db = null;
+			return;
+		}
+
+		if(strlen($server) && ($server !== 'localhost') && ($server !== '127.0.0.1')) {
+			if(! dns_get_record($server, DNS_A + DNS_CNAME + DNS_PTR)) {
+				$this->error = sprintf( t('Cannot locate DNS info for database server \'%s\''), $server);
+				$this->connected = false;
+				$this->db = null;
+				return;
+			}
+		}
+	}
+
+
+}
+
+
+
+function printable($s) {
+	$s = preg_replace("~([\x01-\x08\x0E-\x0F\x10-\x1F\x7F-\xFF])~",".", $s);
+	$s = str_replace("\x00",'.',$s);
+	if(x($_SERVER,'SERVER_NAME'))
+		$s = escape_tags($s);
+	return $s;
+}
+
+// Procedural functions
+
+function dbg($state) {
+	global $db;
+	if($db)
+	$db->dbg($state);
+}
+
+
+function dbesc($str) {
+	global $db;
+	if($db && $db->connected)
+		return($db->escape($str));
+	else
+		return(str_replace("'","\\'",$str));
+}
+
+
+
+// Function: q($sql,$args);
+// Description: execute SQL query with printf style args.
+// Example: $r = q("SELECT * FROM `%s` WHERE `uid` = %d",
+//                   'user', 1);
+
+
+function q($sql) {
+
+	global $db;
+	$args = func_get_args();
+	unset($args[0]);
+
+	if($db && $db->connected) {
+		$stmt = vsprintf($sql,$args);
+		if($stmt === false)
+			logger('dba: vsprintf error: ' . print_r(debug_backtrace(),true));
+		return $db->q($stmt);
+	}
+
+	/**
+	 *
+	 * This will happen occasionally trying to store the 
+	 * session data after abnormal program termination 
+	 *
+	 */
+	logger('dba: no database: ' . print_r($args,true));
+	return false; 
+
+}
+
+/**
+ *
+ * Raw db query, no arguments
+ *
+ */
+
+
+function dbq($sql) {
+
+	global $db;
+	if($db && $db->connected)
+		$ret = $db->q($sql);
+	else
+		$ret = false;
+	return $ret;
+}
+
+
+// Caller is responsible for ensuring that any integer arguments to 
+// dbesc_array are actually integers and not malformed strings containing
+// SQL injection vectors. All integer array elements should be specifically 
+// cast to int to avoid trouble. 
+
+
+
+function dbesc_array_cb(&$item, $key) {
+	if(is_string($item))
+		$item = dbesc($item);
+}
+
+
+
+function dbesc_array(&$arr) {
+	if(is_array($arr) && count($arr)) {
+		array_walk($arr,'dbesc_array_cb');
+	}
+}