Changeset 7802

Show
Ignore:
Timestamp:
06/08/09 00:13:25 (4 years ago)
Author:
xrobau
Message:

php-sqlite3 hurts my brain.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • modules/branches/2.6/core/agi-bin/sql.php

    r7801 r7802  
    1 <?php /* $Id$ */ 
     1<?php  
     2 
     3/* $Id$ */ 
    24 
    35// SQL Abstraction Layer for AGI Applications 
     
    3537//  $db = new AGIDB($AGI); 
    3638// 
     39//  $result = $db->escape($sql) 
     40//  Escapes any characters that could confuse the database and lead to SQL injection problems. 
     41//  You should use this on ANY browser-supplied or user-supplied input. 
     42//   
    3743//  $result = $db->sql($sql, $type) 
    3844//  Returns the result of the SQL command $sql.  This will die noisily if you  
     
    8288 
    8389if (!class_exists('AGI')) { 
    84   print "WARNING: AGI Class does not exist. You've probably done something wrong. Read the documentation.\n"; 
     90  print "WARNING: AGI Class does not exist. You've probably done something wrong.\n"; 
     91  print "Running in debug mode..\n"; 
     92  $db = new AGIDB(null); 
     93  // Using sqlite_master crashes php-sqlite3 
     94  // $res = $db->sql("select `tbl_name`,`sql` from `sqlite_master` where `tbl_name`='trunks'", "BOTH", true); 
     95  // print_r($res); 
     96  $res = $db->sql("select * from `globals`", "BOTH", true); 
     97  print_r($res); 
    8598}  
    8699 
     
    114127  public $dbhandle;  
    115128 
    116   function AGIDB($AGI) {  
     129  function AGIDB($AGI=null) {  
    117130  // This gets called when 'new AGIDB(..)' is run. 
    118    
    119   $this->agi = $AGI; // Grab a copy of the AGI class. 
    120   // Load up the variables we'll need later. 
    121   $this->dbtype = $this->get_var("AMPDBENGINE"); 
    122   $this->dbhost = $this->get_var("AMPDBHOST"); 
    123   $this->dbuser = $this->get_var("AMPDBUSER"); 
    124   $this->dbpass = $this->get_var("AMPDBPASS"); 
    125   $this->dbfile = $this->get_var("AMPDBFILE"); 
    126   $this->dbname = $this->get_var("AMPDBNAME"); 
     131 
     132  if (!class_exists('AGI')) { 
     133    // Running from the command line.. Hardcode everything, don't 
     134    // use AGI 
     135    $this->dbtype = 'sqlite3'; 
     136    $this->dbfile = '/var/lib/asterisk/freepbx.db'; 
     137    $this->dbhost = 'localhost'; 
     138    $this->dbuser = 'asterisk'; 
     139    $this->dbpass = 'asterisk'; 
     140    $this->dbname = 'asterisk'; 
     141    $this->agi = null; 
     142  } else { 
     143    $this->agi = $AGI; // Grab a copy of the AGI class. 
     144    // Load up the variables we'll need later. 
     145    $this->dbtype = $this->get_var("AMPDBENGINE"); 
     146    $this->dbhost = $this->get_var("AMPDBHOST"); 
     147    $this->dbuser = $this->get_var("AMPDBUSER"); 
     148    $this->dbpass = $this->get_var("AMPDBPASS"); 
     149    $this->dbfile = $this->get_var("AMPDBFILE"); 
     150    $this->dbname = $this->get_var("AMPDBNAME"); 
     151  } 
    127152  // Don't connect to the database on startup, as you want the AGI 
    128153  // to be up and running as fast as possible. Connect on the first 
     
    227252    case "NUM": 
    228253    case "BOTH": 
     254    case "NONE": 
    229255      break; 
    230256    default: 
     
    250276      $this->numrows = mysql_num_rows($res); 
    251277      // Return the correct type. 
     278      if ($type == "NONE") { 
     279        return true; 
     280      } 
    252281      for ($i = 0; $i <= $this->numrows; $i++) { 
    253282        if ($type == "NUM") { 
     
    271300      $this->numrows = sqlite_num_rows($res); 
    272301      // Return the correct type. 
     302      if ($type == "NONE") { 
     303        return true; 
     304      } 
    273305      if ($type == "NUM") { 
    274306        $sqlresult = sqlite_fetch_all($res, SQLITE_NUM); 
     
    289321      $sql3holderRowNbr = 0; 
    290322 
     323      // If no result is required, just run the query and return the status. 
     324      if ($type == "NONE") { 
     325        $res = sqlite3_exec($this->dbhandle, $result); 
     326        if (!$res) { 
     327          $this->errstr = $result; 
     328          return false; 
     329        } else { 
     330          $this->errstr = null; 
     331          return true; 
     332        } 
     333      } 
    291334      // This next line uses the sqlite3_hack function, below, to load 
    292335      // up the $sql3holder variables. 
     
    295338      $this->debug("SQL returned $sql3holderRowNbr Rows", 4); 
    296339      if ($sql3holderRowNbr == 0) { 
    297         return null
     340        return true
    298341      } 
    299342      if ($type == "NUM") { 
     
    305348      } 
    306349    default: 
    307       $this->debug("SEVERE: Database type '".$this->db."' NOT SUPPORTED", 0); 
    308       return false; 
    309   } 
    310   } 
    311  
     350      $this->debug("SEVERE: Database type '".$this->db."' NOT SUPPORTED (sql)", 0); 
     351      return false; 
     352  } 
     353  } 
     354 
     355  function rename_table($from, $to) { 
     356  switch ($this->db) { 
     357    case "mysql": 
     358    case "sqlite": 
     359    case "sqlite3": 
     360      return $this->sql("ALTER TABLE `$from` RENAME TO `$to`", "NONE", true); 
     361    default: 
     362      $this->debug("SEVERE: Database type '".$this->db."' NOT SUPPORTED (rename_table)", 0); 
     363      return false; 
     364  } 
     365  } 
     366 
     367  function add_col($tablename, $colname, $type) { 
     368  switch ($this->db) { 
     369    case "mysql": 
     370    case "sqlite": 
     371    case "sqlite3": 
     372      return $this->sql("ALTER TABLE `$tablename` ADD COLUMN `$colname`", "NONE", true); 
     373    default: 
     374      $this->debug("SEVERE: Database type '".$this->db."' NOT SUPPORTED (rename_table)", 0); 
     375      return false; 
     376  } 
     377  } 
     378 
     379  function drop_col($tablename, $colname) { 
     380  switch ($this->db) { 
     381    case "mysql": 
     382      return $this->sql("ALTER TABLE `$tablename` DROP COLUMN `$colname`"); 
     383    case "sqlite": 
     384    case "sqlite3": 
     385    // As SQLite doesn't support much in the way of 'alter table', we need to do some fiddling. 
     386    // We need to rename the table, create a new one without the col that they want deleted, 
     387    // copy everything from the old table, then delete the old table. 
     388    // We use the magic 'sqlite_master' table to get the information about the table. 
     389      $res = $this->sql("select `tbl_name`,`sql` from sqlite_master where `tbl_name`='trunks'"); 
     390  } 
     391  } 
     392 
     393       
     394   
    312395  function get_var($value) { 
    313396        $r = $this->agi->get_variable( $value ); 
     
    320403  } 
    321404 
     405  function sql_check($sql) { 
     406  // Anything starting with ALTER is right out.  
     407  if (preg_match('/^ALTER/', $sql)) { 
     408    $this->debug("SEVERE PROGRAMMING ERROR: Do not use ALTER in SQL Queries. ". 
     409      "Use SQL Class functions. ABORTING.", 0); 
     410    exit; 
     411  } 
     412  // Make sure that at least one pair of backticks has been found. 
     413  if (!preg_match('/\`.+\`/', $sql)) { 
     414    $this->debug("SEVERE PROGRAMMING ERROR: For portability, COLUMNS must be ". 
     415      "surrounded by BACK TICKS (`), yet none were found. Continuing.", 0); 
     416  } 
     417  if (!preg_match('/\'.+\'/', $sql)) { 
     418    $this->debug("SEVERE PROGRAMMING ERROR: For portability, FIELDS must be ". 
     419      "surrounded by SINGLE QUOTES ('), yet none were found. Continuing.", 0); 
     420  } 
     421  return $sql; 
     422  } 
     423 
     424  // Escape magic characters that are important to databases 
     425  function escape($str) { 
     426  // Ensure we're connected to the database. 
     427  if ($this->dbhandle == null) { 
     428    $this->dbhandle = $this->sql_database_connect(); 
     429  } 
     430  if ($this->dbhandle == null) { 
     431    // We didn't get a valid handle after the connect, so fail. 
     432    $this->debug('SEVERE: Unable to connect to database.', 1); 
     433    return false; 
     434  } 
     435  switch ($this->db) { 
     436    case "mysql": 
     437      return mysql_real_escape_string($str, $this->dbhandle); 
     438    case "sqlite": 
     439      return sqlite_escape_string($str); 
     440    case "sqlite3": 
     441      // SQLite only needs to care about single ticks - "'". Escape 
     442      // that with another tick. 
     443      return str_replace("'", "''", $str); 
     444    default: 
     445      $this->debug("SEVERE: Database type '".$this->db."' NOT SUPPORTED (escape)", 0); 
     446      return false; 
     447  } 
     448  } 
     449   
    322450  function debug($string, $level=3) { 
    323         $this->agi->verbose($string, $level); 
    324   } 
    325  
    326   function sql_check($sql) { 
    327   return $sql; 
    328   } 
     451  if (class_exists('AGI')) { 
     452          $this->agi->verbose($string, $level); 
     453  } else { 
     454    print "$string\n"; 
     455  } 
     456  } 
     457 
     458     
    329459 
    330460} 
     
    343473  // Don't uncomment this unless you don't care about anything that 
    344474  // happens after this - phpagi WILL get confused. 
    345  
    346475  // print "VERBOSE sqlite3_hack called 4\n"; 
     476 
    347477  $i = 0; 
    348478  foreach ($data as $x) {