|
|
@ -300,9 +300,8 @@ function check_email($email) {
|
|
|
|
* Clean a string, escaping any meta characters that could be
|
|
|
|
* Clean a string, escaping any meta characters that could be
|
|
|
|
* used to disrupt an SQL string. i.e. "'" => "\'" etc.
|
|
|
|
* used to disrupt an SQL string. i.e. "'" => "\'" etc.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param mixed string|array
|
|
|
|
* @param string|array parameters to escape
|
|
|
|
* @return String (or Array) of cleaned data, suitable for use within an SQL
|
|
|
|
* @return string|array of cleaned data, suitable for use within an SQL statement.
|
|
|
|
* statement.
|
|
|
|
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
function escape_string($string) {
|
|
|
|
function escape_string($string) {
|
|
|
|
global $CONF;
|
|
|
|
global $CONF;
|
|
|
@ -352,9 +351,9 @@ function escape_string($string) {
|
|
|
|
* - or -
|
|
|
|
* - or -
|
|
|
|
* $param = safeget('param', 'default')
|
|
|
|
* $param = safeget('param', 'default')
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param String parameter name.
|
|
|
|
* @param string $param parameter name.
|
|
|
|
* @param String (optional) - default value if key is not set.
|
|
|
|
* @param string $default (optional) - default value if key is not set.
|
|
|
|
* @return String
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
function safeget($param, $default="") {
|
|
|
|
function safeget($param, $default="") {
|
|
|
|
$retval=$default;
|
|
|
|
$retval=$default;
|
|
|
@ -365,12 +364,11 @@ function safeget($param, $default="") {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* safepost - similar to safeget()
|
|
|
|
* safepost - similar to safeget() but for $_POST
|
|
|
|
* @see safeget()
|
|
|
|
* @see safeget()
|
|
|
|
* @param String parameter name
|
|
|
|
* @param string $param parameter name
|
|
|
|
* @param String (optional) default value (defaults to "")
|
|
|
|
* @param string $default (optional) default value (defaults to "")
|
|
|
|
* @return String - value in $_POST[$param] or $default
|
|
|
|
* @return string - value in $_POST[$param] or $default
|
|
|
|
* same as safeget, but for $_POST
|
|
|
|
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
function safepost($param, $default="") {
|
|
|
|
function safepost($param, $default="") {
|
|
|
|
$retval=$default;
|
|
|
|
$retval=$default;
|
|
|
@ -383,9 +381,9 @@ function safepost($param, $default="") {
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* safeserver
|
|
|
|
* safeserver
|
|
|
|
* @see safeget()
|
|
|
|
* @see safeget()
|
|
|
|
* @param String $param
|
|
|
|
* @param string $param
|
|
|
|
* @param String $default (optional)
|
|
|
|
* @param string $default (optional)
|
|
|
|
* @return String value from $_SERVER[$param] or $default
|
|
|
|
* @return string value from $_SERVER[$param] or $default
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
function safeserver($param, $default="") {
|
|
|
|
function safeserver($param, $default="") {
|
|
|
|
$retval=$default;
|
|
|
|
$retval=$default;
|
|
|
@ -398,9 +396,9 @@ function safeserver($param, $default="") {
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* safecookie
|
|
|
|
* safecookie
|
|
|
|
* @see safeget()
|
|
|
|
* @see safeget()
|
|
|
|
* @param String $param
|
|
|
|
* @param string $param
|
|
|
|
* @param String $default (optional)
|
|
|
|
* @param string $default (optional)
|
|
|
|
* @return String value from $_COOKIE[$param] or $default
|
|
|
|
* @return string value from $_COOKIE[$param] or $default
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
function safecookie($param, $default="") {
|
|
|
|
function safecookie($param, $default="") {
|
|
|
|
$retval=$default;
|
|
|
|
$retval=$default;
|
|
|
@ -413,9 +411,9 @@ function safecookie($param, $default="") {
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* safesession
|
|
|
|
* safesession
|
|
|
|
* @see safeget()
|
|
|
|
* @see safeget()
|
|
|
|
* @param String $param
|
|
|
|
* @param string $param
|
|
|
|
* @param String $default (optional)
|
|
|
|
* @param string $default (optional)
|
|
|
|
* @return String value from $_SESSION[$param] or $default
|
|
|
|
* @return string value from $_SESSION[$param] or $default
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
function safesession($param, $default="") {
|
|
|
|
function safesession($param, $default="") {
|
|
|
|
$retval=$default;
|
|
|
|
$retval=$default;
|
|
|
@ -431,11 +429,11 @@ function safesession($param, $default="") {
|
|
|
|
* @param int $allow_editing
|
|
|
|
* @param int $allow_editing
|
|
|
|
* @param int $display_in_form
|
|
|
|
* @param int $display_in_form
|
|
|
|
* @param int display_in_list
|
|
|
|
* @param int display_in_list
|
|
|
|
* @param String $type
|
|
|
|
* @param string $type
|
|
|
|
* @param String PALANG_label
|
|
|
|
* @param string PALANG_label
|
|
|
|
* @param String PALANG_desc
|
|
|
|
* @param string PALANG_desc
|
|
|
|
* @param any optional $default
|
|
|
|
* @param any optional $default
|
|
|
|
* @param array optional $options
|
|
|
|
* @param array $options optional options
|
|
|
|
* @param int or $not_in_db - if array, can contain the remaining parameters as associated array
|
|
|
|
* @param int or $not_in_db - if array, can contain the remaining parameters as associated array
|
|
|
|
* @param ...
|
|
|
|
* @param ...
|
|
|
|
* @return array for $struct
|
|
|
|
* @return array for $struct
|
|
|
@ -1489,12 +1487,11 @@ function db_sqlite() {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
/**
|
|
|
|
// db_query
|
|
|
|
* @param string $query SQL to execute
|
|
|
|
// Action: Sends a query to the database and returns query result and number of rows
|
|
|
|
* @param int $ignore_errors (default 0 aka do not ignore errors)
|
|
|
|
// Call: db_query (string query)
|
|
|
|
* @return array ['result' => resource, 'rows' => int ,'error' => string]
|
|
|
|
// Optional parameter: $ignore_errors = TRUE, used by upgrade.php
|
|
|
|
*/
|
|
|
|
//
|
|
|
|
|
|
|
|
function db_query($query, $ignore_errors = 0) {
|
|
|
|
function db_query($query, $ignore_errors = 0) {
|
|
|
|
global $CONF;
|
|
|
|
global $CONF;
|
|
|
|
global $DEBUG_TEXT;
|
|
|
|
global $DEBUG_TEXT;
|
|
|
@ -1601,11 +1598,11 @@ function db_row($result) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
// db_array
|
|
|
|
* Return array from a db resource (presumably not associative).
|
|
|
|
// Action: Returns a row from a table
|
|
|
|
* @param resource $result
|
|
|
|
// Call: db_array (int result)
|
|
|
|
* @return array|null|string
|
|
|
|
//
|
|
|
|
*/
|
|
|
|
function db_array($result) {
|
|
|
|
function db_array($result) {
|
|
|
|
global $CONF;
|
|
|
|
global $CONF;
|
|
|
|
$row = "";
|
|
|
|
$row = "";
|
|
|
@ -1625,11 +1622,12 @@ function db_array($result) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
// db_assoc
|
|
|
|
* Get an associative array from a DB query resource.
|
|
|
|
// Action: Returns a row from a table
|
|
|
|
*
|
|
|
|
// Call: db_assoc(int result)
|
|
|
|
* @param resource $result
|
|
|
|
//
|
|
|
|
* @return array|null|string
|
|
|
|
|
|
|
|
*/
|
|
|
|
function db_assoc($result) {
|
|
|
|
function db_assoc($result) {
|
|
|
|
global $CONF;
|
|
|
|
global $CONF;
|
|
|
|
$row = "";
|
|
|
|
$row = "";
|
|
|
@ -1649,12 +1647,17 @@ function db_assoc($result) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
//
|
|
|
|
* Delete a row from the specified table.
|
|
|
|
// db_delete
|
|
|
|
*
|
|
|
|
// Action: Deletes a row from a specified table
|
|
|
|
* DELETE FROM $table WHERE $where = $delete $aditionalWhere
|
|
|
|
// Call: db_delete (string table, string where, string delete)
|
|
|
|
*
|
|
|
|
//
|
|
|
|
* @param string $table
|
|
|
|
|
|
|
|
* @param string $where - should never be a user supplied value
|
|
|
|
|
|
|
|
* @param string $delete
|
|
|
|
|
|
|
|
* @param string $additionalwhere (default '').
|
|
|
|
|
|
|
|
* @return int|mixed rows deleted.
|
|
|
|
|
|
|
|
*/
|
|
|
|
function db_delete($table, $where, $delete, $additionalwhere='') {
|
|
|
|
function db_delete($table, $where, $delete, $additionalwhere='') {
|
|
|
|
$table = table_by_key($table);
|
|
|
|
$table = table_by_key($table);
|
|
|
|
$query = "DELETE FROM $table WHERE " . escape_string($where) . "='" . escape_string($delete) . "' " . $additionalwhere;
|
|
|
|
$query = "DELETE FROM $table WHERE " . escape_string($where) . "='" . escape_string($delete) . "' " . $additionalwhere;
|
|
|
@ -1672,7 +1675,8 @@ function db_delete($table, $where, $delete, $additionalwhere='') {
|
|
|
|
* db_insert
|
|
|
|
* db_insert
|
|
|
|
* Action: Inserts a row from a specified table
|
|
|
|
* Action: Inserts a row from a specified table
|
|
|
|
* Call: db_insert (string table, array values [, array timestamp])
|
|
|
|
* Call: db_insert (string table, array values [, array timestamp])
|
|
|
|
* @param String - table name
|
|
|
|
*
|
|
|
|
|
|
|
|
* @param string - table name
|
|
|
|
* @param array - key/value map of data to insert into the table.
|
|
|
|
* @param array - key/value map of data to insert into the table.
|
|
|
|
* @param array (optional) - array of fields to set to now() - default: array('created', 'modified')
|
|
|
|
* @param array (optional) - array of fields to set to now() - default: array('created', 'modified')
|
|
|
|
* @return int - number of inserted rows
|
|
|
|
* @return int - number of inserted rows
|
|
|
@ -1703,11 +1707,11 @@ function db_insert($table, $values, $timestamp = array('created', 'modified')) {
|
|
|
|
* db_update
|
|
|
|
* db_update
|
|
|
|
* Action: Updates a specified table
|
|
|
|
* Action: Updates a specified table
|
|
|
|
* Call: db_update (string table, string where_col, string where_value, array values [, array timestamp])
|
|
|
|
* Call: db_update (string table, string where_col, string where_value, array values [, array timestamp])
|
|
|
|
* @param String - table name
|
|
|
|
* @param string $table - table name
|
|
|
|
* @param String - column of WHERE condition
|
|
|
|
* @param string $where_col - column of WHERE condition
|
|
|
|
* @param String - value of WHERE condition
|
|
|
|
* @param string $where_value - value of WHERE condition
|
|
|
|
* @param array - key/value map of data to insert into the table.
|
|
|
|
* @param array $values - key/value map of data to insert into the table.
|
|
|
|
* @param array (optional) - array of fields to set to now() - default: array('modified')
|
|
|
|
* @param array $timestamp (optional) - array of fields to set to now() - default: array('modified')
|
|
|
|
* @return int - number of updated rows
|
|
|
|
* @return int - number of updated rows
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
function db_update($table, $where_col, $where_value, $values, $timestamp = array('modified')) {
|
|
|
|
function db_update($table, $where_col, $where_value, $values, $timestamp = array('modified')) {
|
|
|
@ -1719,10 +1723,10 @@ function db_update($table, $where_col, $where_value, $values, $timestamp = array
|
|
|
|
* db_update_q
|
|
|
|
* db_update_q
|
|
|
|
* Action: Updates a specified table
|
|
|
|
* Action: Updates a specified table
|
|
|
|
* Call: db_update_q (string table, string where, array values [, array timestamp])
|
|
|
|
* Call: db_update_q (string table, string where, array values [, array timestamp])
|
|
|
|
* @param String - table name
|
|
|
|
* @param string $table - table name
|
|
|
|
* @param String - WHERE condition (as SQL)
|
|
|
|
* @param string $where - WHERE condition (as SQL)
|
|
|
|
* @param array - key/value map of data to insert into the table.
|
|
|
|
* @param array $values - key/value map of data to insert into the table.
|
|
|
|
* @param array (optional) - array of fields to set to now() - default: array('modified')
|
|
|
|
* @param array $timestamp (optional) - array of fields to set to now() - default: array('modified')
|
|
|
|
* @return int - number of updated rows
|
|
|
|
* @return int - number of updated rows
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
function db_update_q($table, $where, $values, $timestamp = array('modified')) {
|
|
|
|
function db_update_q($table, $where, $values, $timestamp = array('modified')) {
|
|
|
@ -1808,6 +1812,8 @@ function db_log($domain, $action, $data) {
|
|
|
|
* db_in_clause
|
|
|
|
* db_in_clause
|
|
|
|
* Action: builds and returns the "field in(x, y)" clause for database queries
|
|
|
|
* Action: builds and returns the "field in(x, y)" clause for database queries
|
|
|
|
* Call: db_in_clause (string field, array values)
|
|
|
|
* Call: db_in_clause (string field, array values)
|
|
|
|
|
|
|
|
* @param string $field
|
|
|
|
|
|
|
|
* @param array $values
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
function db_in_clause($field, $values) {
|
|
|
|
function db_in_clause($field, $values) {
|
|
|
|
return " $field IN ('"
|
|
|
|
return " $field IN ('"
|
|
|
@ -1819,10 +1825,10 @@ function db_in_clause($field, $values) {
|
|
|
|
* db_where_clause
|
|
|
|
* db_where_clause
|
|
|
|
* Action: builds and returns a WHERE clause for database queries. All given conditions will be AND'ed.
|
|
|
|
* Action: builds and returns a WHERE clause for database queries. All given conditions will be AND'ed.
|
|
|
|
* Call: db_where_clause (array $conditions, array $struct)
|
|
|
|
* Call: db_where_clause (array $conditions, array $struct)
|
|
|
|
* param array $condition: array('field' => 'value', 'field2' => 'value2, ...)
|
|
|
|
* @param array $condition - array('field' => 'value', 'field2' => 'value2, ...)
|
|
|
|
* param array $struct - field structure, used for automatic bool conversion
|
|
|
|
* @param array $struct - field structure, used for automatic bool conversion
|
|
|
|
* param string $additional_raw_where - raw sniplet to include in the WHERE part - typically needs to start with AND
|
|
|
|
* @param string $additional_raw_where - raw sniplet to include in the WHERE part - typically needs to start with AND
|
|
|
|
* param array $searchmode - operators to use (=, <, > etc.) - defaults to = if not specified for a field (see
|
|
|
|
* @param array $searchmode - operators to use (=, <, > etc.) - defaults to = if not specified for a field (see
|
|
|
|
* $allowed_operators for available operators)
|
|
|
|
* $allowed_operators for available operators)
|
|
|
|
* Note: the $searchmode operator will only be used if a $condition for that field is set.
|
|
|
|
* Note: the $searchmode operator will only be used if a $condition for that field is set.
|
|
|
|
* This also means you'll need to set a (dummy) condition for NULL and NOTNULL.
|
|
|
|
* This also means you'll need to set a (dummy) condition for NULL and NOTNULL.
|
|
|
@ -1896,7 +1902,7 @@ function db_where_clause($condition, $struct, $additional_raw_where = '', $searc
|
|
|
|
* If it's a MySQL database, then we return the name with backticks around it (`).
|
|
|
|
* If it's a MySQL database, then we return the name with backticks around it (`).
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param string database table name.
|
|
|
|
* @param string database table name.
|
|
|
|
* @return string - database table name with appropriate prefix
|
|
|
|
* @return string - database table name with appropriate prefix (and quoting if MySQL)
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
function table_by_key($table_key) {
|
|
|
|
function table_by_key($table_key) {
|
|
|
|
global $CONF;
|
|
|
|
global $CONF;
|
|
|
@ -2080,11 +2086,15 @@ function gen_show_status($show_alias) {
|
|
|
|
return $stat_string;
|
|
|
|
return $stat_string;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
|
|
* @return string
|
|
|
|
|
|
|
|
*/
|
|
|
|
function getRemoteAddr() {
|
|
|
|
function getRemoteAddr() {
|
|
|
|
$REMOTE_ADDR = 'localhost';
|
|
|
|
$REMOTE_ADDR = 'localhost';
|
|
|
|
if (isset($_SERVER['REMOTE_ADDR'])) {
|
|
|
|
if (isset($_SERVER['REMOTE_ADDR'])) {
|
|
|
|
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
|
|
|
|
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return $REMOTE_ADDR;
|
|
|
|
return $REMOTE_ADDR;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|