-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsqli.php
189 lines (177 loc) · 7.09 KB
/
sqli.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
<?php
/**
* Created by Benjaco
* https://github.com/benjaco
* License: MIT
*/
class sqli
{
/** @var $connection mysqli */
private $connection = null;
/**
* sqli constructor.
* @param $conf - array with host, username, password and database name for the mysql server
*/
function __construct($conf)
{
$this->connection = new mysqli($conf[0], $conf[1], $conf[2], $conf[3]);
}
/**
* @param $query - standard sql statement with question marks as placeholders
* @param $dataMode - string with the number of variables and length of string, types must match the parameters in the statement.
* i for integer
* d for double
* s for string
* b for blob and will be sent in packets
* @param $parameters - array of variables for the placehoders
* @return stdClass - returs a object with following propertys:
* status: true if the prepare methode is fine
* error_msg: error from the connection if the prepare methode returns false
* affected_rows: affected rows from the sql statement
* id: the id there has ben insert if sql statement was a insert statement
*/
public function push($query, $dataMode = null, $parameters = null)
{
$return = (object) array("status" => true, "error_msg" => "", "affected_rows" => 0, "id" => false);
if ($stmt = $this->connection->prepare($query)) {
$bindingparams = func_get_args();
unset($bindingparams[0]);
if (count($bindingparams) != 0) {
$bindingparams = array_values($bindingparams);
if ( strlen($bindingparams[0]) == count($bindingparams)-1 ) {
call_user_func_array(array($stmt, "bind_param"), $this->refValues($bindingparams));
} else {
$return->error_msg="Bindede vaerdiger og datamode stemmer ikke overens";
}
}
$stmt->execute();
if (substr(strtolower($query), 0, 6) == "insert") {
$return->id = $stmt->insert_id;
}
$return->affected_rows = $stmt->affected_rows;
$stmt->close();
} else {
$return->status = false;
$return->error_msg = $this->connection->error;
}
return $return;
}
/**
* @param $query - standard sql statement with question marks as placeholders
* @param $dataMode - string with the number of variables and length of string, types must match the parameters in the statement.
* i for integer
* d for double
* s for string
* b for blob and will be sent in packets
* @param $parameters - array of variables for the placehoders
* @return stdClass - returs a object with following propertys:
* status: true if the prepare methode is fine
* error_msg: error from the connection if the prepare methode returns false
* data: array of the feilds of the (first) row there has ben selected, empty array of nothing has ben selected
* count: the row count there has ben selected from the sql statement
*/
public function pull_once($query, $dataMode = null, $parameters = null)
{
$return = (object)array("status" => true, "data" => array(), "error_msg" => "", "count" => 0);
if ($stmt = $this->connection->prepare($query)) {
$bindingparams = func_get_args();
unset($bindingparams[0]);
if (count($bindingparams) != 0) {
$bindingparams = array_values($bindingparams);
if ( strlen($bindingparams[0]) == count($bindingparams)-1 ) {
call_user_func_array(array($stmt, "bind_param"), $this->refValues($bindingparams));
} else {
$return->error_msg="Bindede vaerdiger og datamode stemmer ikke overens";
}
}
$stmt->execute();
$stmt->store_result();
$return->count = $stmt->num_rows;
if($return->count){
$this->bind_array($stmt, $info);
$stmt->fetch();
$return->data = $info;
}
$stmt->close();
} else {
$return->status = false;
$return->error_msg = $this->connection->error;
}
return $return;
}
/**
* @param $query - standard sql statement with question marks as placeholders
* @param $dataMode - string with the number of variables and length of string, types must match the parameters in the statement.
* i for integer
* d for double
* s for string
* b for blob and will be sent in packets
* @param $parameters - array of variables for the placehoders
* @return stdClass - returs a object with following propertys:
* status: true if the prepare methode is fine
* error_msg: error from the connection if the prepare methode returns false
* data: array of the rows there has ben selected from the sql statement, each item is a array of the feilds
* count: the row count there has ben selected from the sql statement
*/
public function pull_multiple($query, $dataMode = null, $parameters = null)
{
$return = (object) array("status" => true, "data" => array(), "error_msg" => "", "count" => 0);
if ($stmt = $this->connection->prepare($query)) {
$bindingparams = func_get_args();
unset($bindingparams[0]);
if (count($bindingparams) != 0) {
$bindingparams = array_values($bindingparams);
if ( strlen($bindingparams[0]) == count($bindingparams)-1 ) {
call_user_func_array(array($stmt, "bind_param"), $this->refValues($bindingparams));
} else {
$return->error_msg="Bindede vaerdiger og datamode stemmer ikke overens";
}
}
$stmt->execute();
$stmt->store_result();
$return->count = $stmt->num_rows;
$this->bind_array($stmt, $info);
while ($stmt->fetch()) {
$row = array();
foreach ($info as $coll_k => $coll_v) {
$row[$coll_k] = $coll_v;
}
array_push($return->data, $row);
}
$stmt->close();
} else {
$return->status = false;
$return->error_msg = $this->connection->error;
}
return $return;
}
/**
* @param $arr
* @return stdClass
*/
private function refValues($arr)
{
if (strnatcmp(phpversion(), '5.3') >= 0) {
$refs = array();
foreach ($arr as $key => $value) {
$refs[$key] = & $arr[$key];
}
return $refs;
}
return $arr;
}
/**
* @param $stmt
* @param $row
*/
private function bind_array($stmt, &$row)
{
/** @var $stmt mysqli_stmt */
$md = $stmt->result_metadata();
$params = array();
while ($field = $md->fetch_field()) {
$params[] = & $row[$field->name];
}
call_user_func_array(array($stmt, 'bind_result'), $params);
}
}