database.lib.php 62 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. /**
  4. * Constants definition
  5. */
  6. require_once 'database.constants.inc.php';
  7. /**
  8. * Class Database
  9. * This is the main database library for Chamilo.
  10. * Include/require it in your code to use its functionality.
  11. * Because this library contains all the basic database calls, it could be
  12. * replaced by another library for say, PostgreSQL, to actually use Chamilo
  13. * with another database (this is not ready yet because a lot of code still
  14. * uses the MySQL database functions extensively).
  15. *
  16. * If trying to replicate the database layer, don't forget to look for "sql"
  17. * named functions in main_api.lib.php
  18. *
  19. * @package chamilo.library
  20. */
  21. class Database
  22. {
  23. /* Variable use only in the installation process to log errors. See the Database::query function */
  24. static $log_queries = false;
  25. /*
  26. Accessor methods
  27. Usually, you won't need these directly but instead
  28. rely on of the get_xxx_table methods.
  29. */
  30. /**
  31. * Returns the name of the main database.
  32. */
  33. public static function get_main_database()
  34. {
  35. global $_configuration;
  36. return $_configuration['main_database'];
  37. }
  38. /**
  39. * Returns the name of the statistics database.
  40. * @todo use main_database
  41. */
  42. public static function get_statistic_database()
  43. {
  44. return self::get_main_database();
  45. }
  46. /**
  47. * Returns the name of the database where all the personal stuff of the user is stored
  48. * @todo use main_database
  49. */
  50. public static function get_user_personal_database()
  51. {
  52. return self::get_main_database();
  53. }
  54. /**
  55. * Returns the name of the current course database.
  56. * @return mixed Glued database name of false if undefined
  57. */
  58. public static function get_current_course_database()
  59. {
  60. $course_info = api_get_course_info();
  61. if (empty($course_info['dbName'])) {
  62. return false;
  63. }
  64. return $course_info['dbName'];
  65. }
  66. /**
  67. * Returns the glued name of the current course database.
  68. * @return mixed Glued database name of false if undefined
  69. */
  70. public static function get_current_course_glued_database()
  71. {
  72. $course_info = api_get_course_info();
  73. if (empty($course_info['dbNameGlu'])) {
  74. return false;
  75. }
  76. return $course_info['dbNameGlu'];
  77. }
  78. /**
  79. * The glue is the string needed between database and table.
  80. * The trick is: in multiple databases, this is a period (with backticks).
  81. * In single database, this can be e.g. an underscore so we just fake
  82. * there are multiple databases and the code can be written independent
  83. * of the single / multiple database setting.
  84. */
  85. public static function get_database_glue()
  86. {
  87. global $_configuration;
  88. return $_configuration['db_glue'];
  89. }
  90. /**
  91. * Returns the database prefix.
  92. * All created COURSE databases are prefixed with this string.
  93. *
  94. * TIP: This can be convenient if you have multiple system installations
  95. * on the same physical server.
  96. */
  97. public static function get_database_name_prefix()
  98. {
  99. global $_configuration;
  100. return $_configuration['db_prefix'];
  101. }
  102. /**
  103. * Returns the course table prefix for single database.
  104. * Not certain exactly when this is used.
  105. * Do research.
  106. * It's used in local.inc.php.
  107. */
  108. public static function get_course_table_prefix()
  109. {
  110. global $_configuration;
  111. return $_configuration['table_prefix'];
  112. }
  113. /*
  114. Table name methods
  115. Use these methods to get table names for queries,
  116. instead of constructing them yourself.
  117. Backticks automatically surround the result,
  118. e.g. COURSE_NAME.link
  119. so the queries can look cleaner.
  120. Example:
  121. $table = Database::get_course_table(TABLE_DOCUMENT);
  122. $sql_query = "SELECT * FROM $table WHERE $condition";
  123. $sql_result = Database::query($sql_query);
  124. $result = Database::fetch_array($sql_result);
  125. */
  126. /**
  127. * A more generic method than the other get_main_xxx_table methods,
  128. * This one returns the correct complete name of any table of the main
  129. * database of which you pass the short name as a parameter.
  130. * Please, define table names as constants in this library and use them
  131. * instead of directly using magic words in your tool code.
  132. *
  133. * @param string $short_table_name, the name of the table
  134. */
  135. public static function get_main_table($short_table_name)
  136. {
  137. return self::format_table_name(
  138. self::get_main_database(),
  139. $short_table_name);
  140. }
  141. /**
  142. * A more generic method than the older get_course_xxx_table methods,
  143. * This one can return the correct complete name of any course table of
  144. * which you pass the short name as a parameter.
  145. * Please, define table names as constants in this library and use them
  146. * instead of directly using magic words in your tool code.
  147. *
  148. * @param string $short_table_name, the name of the table
  149. * @param string $database_name, optional, name of the course database
  150. * - if you don't specify this, you work on the current course.
  151. */
  152. public static function get_course_table($short_table_name, $extra = null)
  153. {
  154. //forces fatal errors so we can debug more easily
  155. if (!empty($extra)) {
  156. var_dump($extra);
  157. //@todo remove this
  158. echo "<h3>Dev Message: get_course_table() doesn't have a 2nd parameter</h3>";
  159. //exit;
  160. }
  161. return self::format_table_name(self::get_main_database(), DB_COURSE_PREFIX.$short_table_name);
  162. //return self::format_glued_course_table_name(self::fix_database_parameter($database_name), $short_table_name);
  163. }
  164. /**
  165. * This generic method returns the correct and complete name of any
  166. * statistic table of which you pass the short name as a parameter.
  167. * Please, define table names as constants in this library and use them
  168. * instead of directly using magic words in your tool code.
  169. * @deprecated use get_main_table
  170. * @param string $short_table_name, the name of the table
  171. */
  172. public static function get_statistic_table($short_table_name)
  173. {
  174. return self::get_main_table($short_table_name);
  175. }
  176. /**
  177. * This generic method returns the correct and complete name of any user
  178. * table of which you pass the short name as a parameter. Please, define
  179. * table names as constants in this library and use them instead of directly
  180. * using magic words in your tool code.
  181. *
  182. * @param string $short_table_name, the name of the table
  183. */
  184. public static function get_user_personal_table($short_table_name)
  185. {
  186. return self::get_main_table($short_table_name);
  187. }
  188. public static function get_course_chat_connected_table($database_name = '')
  189. {
  190. return self::format_glued_course_table_name(self::fix_database_parameter($database_name), TABLE_CHAT_CONNECTED);
  191. }
  192. /*
  193. Query methods
  194. These methods execute a query and return the result(s).
  195. */
  196. /**
  197. * @return array a list (array) of all courses.
  198. * @todo shouldn't this be in the course.lib.php script?
  199. */
  200. public static function get_course_list()
  201. {
  202. $table = self::get_main_table(TABLE_MAIN_COURSE);
  203. return self::store_result(self::query("SELECT *, id as real_id FROM $table"));
  204. }
  205. /**
  206. * Returns an array with all database fields for the specified course.
  207. *
  208. * @param string The real (system) course code (main course table ID)
  209. * @todo shouldn't this be in the course.lib.php script?
  210. */
  211. public static function get_course_info($course_code)
  212. {
  213. $course_code = self::escape_string($course_code);
  214. $table = self::get_main_table(TABLE_MAIN_COURSE);
  215. $result = self::generate_abstract_course_field_names(
  216. self::fetch_array(self::query("SELECT *, id as real_id FROM $table WHERE code = '$course_code'")));
  217. return $result === false ? array('db_name' => '') : $result;
  218. }
  219. /**
  220. * Gets user details from the "user" table
  221. * @param $user_id (integer): the id of the user
  222. * @return $user_info (array): user_id, lname, fname, username, email, ...
  223. * @author Patrick Cool <patrick.cool@UGent.be>, expanded to get info for any user
  224. * @author Roan Embrechts, first version + converted to Database API
  225. * @version 30 September 2004
  226. * @deprecated use api_get_user_info();
  227. * @desc find all the information about a specified user. Without parameter this is the current user.
  228. * @todo shouldn't this be in the user.lib.php script?
  229. */
  230. public static function get_user_info_from_id($user_id = '')
  231. {
  232. if (empty($user_id)) {
  233. return $GLOBALS['_user'];
  234. }
  235. $table = self::get_main_table(TABLE_MAIN_USER);
  236. $user_id = self::escape_string($user_id);
  237. return self::generate_abstract_user_field_names(
  238. self::fetch_array(self::query("SELECT * FROM $table WHERE user_id = '$user_id'")));
  239. }
  240. /**
  241. * Returns course code from a given gradebook category's id
  242. * @param int Category ID
  243. * @return string Course code
  244. * @todo move this function in a gradebook-related library
  245. */
  246. public static function get_course_by_category($category_id)
  247. {
  248. $category_id = intval($category_id);
  249. $info = self::fetch_array(self::query('SELECT course_code FROM '.self::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY).' WHERE id='.$category_id), 'ASSOC');
  250. return $info ? $info['course_code'] : false;
  251. }
  252. /**
  253. * This method creates an abstraction layer between database field names
  254. * and field names expected in code.
  255. *
  256. * This approach helps when changing database names.
  257. * It's also useful now to get rid of the 'franglais'.
  258. *
  259. * @todo add more array entries to abstract course info from field names
  260. * @author Roan Embrechts
  261. *
  262. * @todo What's the use of this method. I think this is better removed.
  263. * There should be consistency in the variable names and the
  264. * use throughout the scripts
  265. * for the database name we should consistently use or db_name
  266. * or database (db_name probably being the better one)
  267. */
  268. public static function generate_abstract_course_field_names($result_array)
  269. {
  270. $visual_code = isset($result_array['visual_code']) ? $result_array['visual_code'] : null;
  271. $code = isset($result_array['code']) ? $result_array['code'] : null;
  272. $title = isset($result_array['title']) ? $result_array['title'] : null;
  273. $db_name = isset($result_array['db_name']) ? $result_array['db_name'] : null;
  274. $category_code = isset($result_array['category_code']) ? $result_array['category_code'] : null;
  275. $result_array['official_code'] = $visual_code;
  276. $result_array['visual_code'] = $visual_code;
  277. $result_array['real_code'] = $code;
  278. $result_array['system_code'] = $code;
  279. $result_array['title'] = $title;
  280. $result_array['database'] = $db_name;
  281. $result_array['faculty'] = $category_code;
  282. //$result_array['directory'] = $result_array['directory'];
  283. /*
  284. still to do: (info taken from local.inc.php)
  285. $_course['id' ] = $cData['cours_id' ]; //auto-assigned integer
  286. $_course['name' ] = $cData['title' ];
  287. $_course['official_code'] = $cData['visual_code' ]; // use in echo
  288. $_course['sysCode' ] = $cData['code' ]; // use as key in db
  289. $_course['path' ] = $cData['directory' ]; // use as key in path
  290. $_course['dbName' ] = $cData['db_name' ]; // use as key in db list
  291. $_course['dbNameGlu' ] = $_configuration['table_prefix'] . $cData['dbName'] . $_configuration['db_glue']; // use in all queries
  292. $_course['titular' ] = $cData['tutor_name' ];
  293. $_course['language' ] = $cData['course_language' ];
  294. $_course['extLink' ]['url' ] = $cData['department_url' ];
  295. $_course['extLink' ]['name'] = $cData['department_name'];
  296. $_course['categoryCode'] = $cData['faCode' ];
  297. $_course['categoryName'] = $cData['faName' ];
  298. $_course['visibility' ] = (bool) ($cData['visibility'] == 2 || $cData['visibility'] == 3);
  299. $_course['registrationAllowed'] = (bool) ($cData['visibility'] == 1 || $cData['visibility'] == 2);
  300. */
  301. return $result_array;
  302. }
  303. /**
  304. * This method creates an abstraction layer between database field names
  305. * and field names expected in code.
  306. *
  307. * This helps when changing database names.
  308. * It's also useful now to get rid of the 'franglais'.
  309. *
  310. * @todo add more array entries to abstract user info from field names
  311. * @author Roan Embrechts
  312. * @author Patrick Cool
  313. *
  314. * @todo what's the use of this function. I think this is better removed.
  315. * There should be consistency in the variable names and the use throughout the scripts
  316. */
  317. public static function generate_abstract_user_field_names($result_array) {
  318. $result_array['firstName'] = $result_array['firstname'];
  319. $result_array['lastName'] = $result_array['lastname'];
  320. $result_array['mail'] = $result_array['email'];
  321. #$result_array['picture_uri'] = $result_array['picture_uri'];
  322. #$result_array ['user_id'] = $result_array['user_id'];
  323. return $result_array;
  324. }
  325. /**
  326. * Counts the number of rows in a table
  327. * @param string $table The table of which the rows should be counted
  328. * @return int The number of rows in the given table.
  329. * @deprecated
  330. */
  331. public static function count_rows($table) {
  332. $obj = self::fetch_object(self::query("SELECT COUNT(*) AS n FROM $table")); //
  333. return $obj->n;
  334. }
  335. /*
  336. An intermediate API-layer between the system and the database server.
  337. */
  338. /**
  339. * Returns the number of affected rows in the last database operation.
  340. * @param resource $connection (optional) The database server connection, for detailed description see the method query().
  341. * @return int Returns the number of affected rows on success, and -1 if the last query failed.
  342. */
  343. public static function affected_rows($connection = null) {
  344. return self::use_default_connection($connection) ? mysql_affected_rows() : mysql_affected_rows($connection);
  345. }
  346. /**
  347. * Closes non-persistent database connection.
  348. * @param resource $connection (optional) The database server connection, for detailed description see the method query().
  349. * @return bool Returns TRUE on success or FALSE on failure.
  350. */
  351. public static function close($connection = null) {
  352. return self::use_default_connection($connection) ? mysql_close() : mysql_close($connection);
  353. }
  354. /**
  355. * Opens a connection to a database server.
  356. * @param array $parameters (optional) An array that contains the necessary parameters for accessing the server.
  357. * @return resource/boolean Returns a database connection on success or FALSE on failure.
  358. * Note: Currently the array could contain MySQL-specific parameters:
  359. * $parameters['server'], $parameters['username'], $parameters['password'],
  360. * $parameters['new_link'], $parameters['client_flags'], $parameters['persistent'].
  361. * For details see documentation about the functions mysql_connect() and mysql_pconnect().
  362. * @link http://php.net/manual/en/function.mysql-connect.php
  363. * @link http://php.net/manual/en/function.mysql-pconnect.php
  364. */
  365. public static function connect($parameters = array()) {
  366. // A MySQL-specific implementation.
  367. if (!isset($parameters['server'])) {
  368. $parameters['server'] = @ini_get('mysql.default_host');
  369. if (empty($parameters['server'])) {
  370. $parameters['server'] = 'localhost:3306';
  371. }
  372. }
  373. if (!isset($parameters['username'])) {
  374. $parameters['username'] = @ini_get('mysql.default_user');
  375. }
  376. if (!isset($parameters['password'])) {
  377. $parameters['password'] = @ini_get('mysql.default_password');
  378. }
  379. if (!isset($parameters['new_link'])) {
  380. $parameters['new_link'] = false;
  381. }
  382. if (!isset($parameters['client_flags'])) {
  383. $parameters['client_flags'] = 0;
  384. }
  385. $persistent = isset($parameters['persistent']) ? $parameters['persistent'] : null;
  386. $server = isset($parameters['server']) ? $parameters['server'] : null;
  387. $username = isset($parameters['username']) ? $parameters['username'] : null;
  388. $password = isset($parameters['password']) ? $parameters['password'] : null;
  389. $client_flag = isset($parameters['client_flags']) ? $parameters['client_flags'] : null;
  390. $new_link = isset($parameters['new_link']) ? $parameters['new_link'] : null;
  391. $client_flags = isset($parameters['client_flags']) ? $parameters['client_flags'] : null;
  392. return $persistent
  393. ? mysql_pconnect($server, $username, $password, $client_flags)
  394. : mysql_connect($server, $username, $password, $new_link, $client_flags);
  395. }
  396. /**
  397. * Returns error number from the last operation done on the database server.
  398. * @param resource $connection (optional) The database server connection,
  399. * for detailed description see the method query().
  400. * @return int Returns the error number from the last database (operation, or 0 (zero) if no error occurred.
  401. */
  402. public static function errno($connection = null) {
  403. return self::use_default_connection($connection) ? mysql_errno() : mysql_errno($connection);
  404. }
  405. /**
  406. * Returns error text from the last operation done on the database server.
  407. * @param resource $connection (optional) The database server connection, for detailed description see the method query().
  408. * @return string Returns the error text from the last database operation, or '' (empty string) if no error occurred.
  409. */
  410. public static function error($connection = null) {
  411. return self::use_default_connection($connection) ? mysql_error() : mysql_error($connection);
  412. }
  413. /**
  414. * Escape MySQL wildchars _ and % in LIKE search
  415. * @param string The string to escape
  416. * @return string The escaped string
  417. */
  418. public static function escape_sql_wildcards($in_txt)
  419. {
  420. $out_txt = api_preg_replace("/_/", "\_", $in_txt);
  421. $out_txt = api_preg_replace("/%/", "\%", $out_txt);
  422. return $out_txt;
  423. }
  424. /**
  425. * Escapes a string to insert into the database as text
  426. * @param string $string The string to escape
  427. * @param resource $connection (optional) The database server connection, for detailed description see the method query().
  428. * @param bool $addFix
  429. * @return string he escaped string
  430. * @author Yannick Warnier <yannick.warnier@beeznest.com>
  431. * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
  432. */
  433. public static function escape_string($string, $connection = null, $addFix = true)
  434. {
  435. // Fixes security problem when there's no "" or '' between a variable.
  436. // See #7440 for more info
  437. /*
  438. if ($addFix) {
  439. //$string = "__@$string@__";
  440. }
  441. */
  442. return get_magic_quotes_gpc()
  443. ? (self::use_default_connection($connection)
  444. ? mysql_real_escape_string(stripslashes($string))
  445. : mysql_real_escape_string(stripslashes($string), $connection))
  446. : (self::use_default_connection($connection)
  447. ? mysql_real_escape_string($string)
  448. : mysql_real_escape_string($string, $connection));
  449. }
  450. /**
  451. * Gets the array from a SQL result (as returned by Database::query) - help achieving database independence
  452. * @param resource The result from a call to sql_query (e.g. Database::query)
  453. * @param string Optional: "ASSOC","NUM" or "BOTH", as the constant used in mysql_fetch_array.
  454. * @return array Array of results as returned by php
  455. * @author Yannick Warnier <yannick.warnier@beeznest.com>
  456. */
  457. public static function fetch_array($result, $option = 'BOTH')
  458. {
  459. if ($result === false) { return array(); }
  460. return $option == 'ASSOC' ? mysql_fetch_array($result, MYSQL_ASSOC) : ($option == 'NUM' ? mysql_fetch_array($result, MYSQL_NUM) : mysql_fetch_array($result));
  461. }
  462. /**
  463. * Gets an associative array from a SQL result (as returned by Database::query).
  464. * This method is equivalent to calling Database::fetch_array() with 'ASSOC' value for the optional second parameter.
  465. * @param resource $result The result from a call to sql_query (e.g. Database::query).
  466. * @return array Returns an associative array that corresponds to the fetched row and moves the internal data pointer ahead.
  467. */
  468. public static function fetch_assoc($result) {
  469. return mysql_fetch_assoc($result);
  470. }
  471. /**
  472. * Gets the next row of the result of the SQL query (as returned by Database::query) in an object form
  473. * @param resource The result from a call to sql_query (e.g. Database::query)
  474. * @param string Optional class name to instanciate
  475. * @param array Optional array of parameters
  476. * @return object Object of class StdClass or the required class, containing the query result row
  477. * @author Yannick Warnier <yannick.warnier@beeznest.com>
  478. */
  479. public static function fetch_object($result, $class = null, $params = null) {
  480. return !empty($class) ? (is_array($params) ? mysql_fetch_object($result, $class, $params) : mysql_fetch_object($result, $class)) : mysql_fetch_object($result);
  481. }
  482. /**
  483. * Gets the array from a SQL result (as returned by Database::query) - help achieving database independence
  484. * @param resource The result from a call to sql_query (see Database::query()).
  485. * @return array Array of results as returned by php (mysql_fetch_row)
  486. */
  487. public static function fetch_row($result) {
  488. return mysql_fetch_row($result);
  489. }
  490. /**
  491. * Frees all the memory associated with the provided result identifier.
  492. * @return bool Returns TRUE on success or FALSE on failure.
  493. * Notes: Use this method if you are concerned about how much memory is being used for queries that return large result sets.
  494. * Anyway, all associated result memory is automatically freed at the end of the script's execution.
  495. */
  496. public static function free_result($result) {
  497. return mysql_free_result($result);
  498. }
  499. /**
  500. * Returns the database client library version.
  501. * @return strung Returns a string that represents the client library version.
  502. */
  503. public static function get_client_info() {
  504. return mysql_get_client_info();
  505. }
  506. /**
  507. * Returns a list of databases created on the server. The list may contain all of the
  508. * available database names or filtered database names by using a pattern.
  509. * @param string $pattern (optional) A pattern for filtering database names as if it was needed for the SQL's LIKE clause, for example 'chamilo_%'.
  510. * @param resource $connection (optional) The database server connection, for detailed description see the method query().
  511. * @return array Returns in an array the retrieved list of database names.
  512. */
  513. public static function get_databases($pattern = '', $connection = null) {
  514. $result = array();
  515. $query_result = Database::query(!empty($pattern) ? "SHOW DATABASES LIKE '".self::escape_string($pattern, $connection)."'" : "SHOW DATABASES", $connection);
  516. while ($row = Database::fetch_row($query_result)) {
  517. $result[] = $row[0];
  518. }
  519. return $result;
  520. }
  521. /**
  522. * Returns a list of the fields that a given table contains. The list may contain all of the available field names or filtered field names by using a pattern.
  523. * By using a special option, this method is able to return an indexed list of fields' properties, where field names are keys.
  524. * @param string $table This is the examined table.
  525. * @param string $pattern (optional) A pattern for filtering field names as if it was needed for the SQL's LIKE clause, for example 'column_%'.
  526. * @param string $database (optional) The name of the targeted database. If it is omited, the current database is assumed, see Database::select_db().
  527. * @param bool $including_properties (optional) When this option is true, the returned result has the followong format:
  528. * array(field_name_1 => array(0 => property_1, 1 => property_2, ...), fieald_name_2 => array(0 => property_1, ...), ...)
  529. * @param resource $connection (optional) The database server connection, for detailed description see the method query().
  530. * @return array Returns in an array the retrieved list of field names.
  531. */
  532. public static function get_fields($table, $pattern = '', $database = '', $including_properties = false, $connection = null) {
  533. $result = array();
  534. $query = "SHOW COLUMNS FROM `".self::escape_string($table, $connection)."`";
  535. if (!empty($database)) {
  536. $query .= " FROM `".self::escape_string($database, $connection)."`";
  537. }
  538. if (!empty($pattern)) {
  539. $query .= " LIKE '".self::escape_string($pattern, $connection)."'";
  540. }
  541. $query_result = Database::query($query, $connection);
  542. if ($including_properties) {
  543. // Making an indexed list of the fields and their properties.
  544. while ($row = Database::fetch_row($query_result)) {
  545. $result[$row[0]] = $row;
  546. }
  547. } else {
  548. // Making a plain, flat list.
  549. while ($row = Database::fetch_row($query_result)) {
  550. $result[] = $row[0];
  551. }
  552. }
  553. return $result;
  554. }
  555. /**
  556. * Returns information about the type of the current connection and the server host name.
  557. * @param resource $connection (optional) The database server connection, for detailed description see the method query().
  558. * @return string/boolean Returns string data on success or FALSE on failure.
  559. */
  560. public static function get_host_info($connection = null) {
  561. return self::use_default_connection($connection) ? mysql_get_host_info() : mysql_get_host_info($connection);
  562. }
  563. /**
  564. * Retrieves database client/server protocol version.
  565. * @param resource $connection (optional) The database server connection, for detailed description see the method query().
  566. * @return int/boolean Returns the protocol version on success or FALSE on failure.
  567. */
  568. public static function get_proto_info($connection = null) {
  569. return self::use_default_connection($connection) ? mysql_get_proto_info() : mysql_get_proto_info($connection);
  570. }
  571. /**
  572. * Retrieves the database server version.
  573. * @param resource $connection (optional) The database server connection, for detailed description see the method query().
  574. * @return string/boolean Returns the MySQL server version on success or FALSE on failure.
  575. */
  576. public static function get_server_info($connection = null) {
  577. return self::use_default_connection($connection) ? mysql_get_server_info() : mysql_get_server_info($connection);
  578. }
  579. /**
  580. * Returns a list of tables within a database. The list may contain all of the
  581. * available table names or filtered table names by using a pattern.
  582. * @param string $database (optional) The name of the examined database. If it is omited, the current database is assumed, see Database::select_db().
  583. * @param string $pattern (optional) A pattern for filtering table names as if it was needed for the SQL's LIKE clause, for example 'access_%'.
  584. * @param resource $connection (optional) The database server connection, for detailed description see the method query().
  585. * @return array Returns in an array the retrieved list of table names.
  586. */
  587. public static function get_tables($database = '', $pattern = '', $connection = null) {
  588. $result = array();
  589. $query = "SHOW TABLES";
  590. if (!empty($database)) {
  591. $query .= " FROM `".self::escape_string($database, $connection)."`";
  592. }
  593. if (!empty($pattern)) {
  594. $query .= " LIKE '".self::escape_string($pattern, $connection)."'";
  595. }
  596. $query_result = Database::query($query, $connection);
  597. while ($row = Database::fetch_row($query_result)) {
  598. $result[] = $row[0];
  599. }
  600. return $result;
  601. }
  602. /**
  603. * Gets the ID of the last item inserted into the database
  604. * This should be updated to use ADODB at some point
  605. * @param resource $connection (optional) The database server connection, for detailed description see the method query().
  606. * @return int The last ID as returned by the DB function
  607. */
  608. public static function insert_id($connection = null) {
  609. return self::use_default_connection($connection) ? mysql_insert_id() : mysql_insert_id($connection);
  610. }
  611. /**
  612. * Gets the number of rows from the last query result - help achieving database independence
  613. * @param resource The result
  614. * @return integer The number of rows contained in this result
  615. * @author Yannick Warnier <yannick.warnier@beeznest.com>
  616. **/
  617. public static function num_rows($result) {
  618. return is_resource($result) ? mysql_num_rows($result) : false;
  619. }
  620. /**
  621. * Acts as the relative *_result() function of most DB drivers and fetches a
  622. * specific line and a field
  623. * @param resource The database resource to get data from
  624. * @param integer The row number
  625. * @param string Optional field name or number
  626. * @return mixed One cell of the result, or FALSE on error
  627. */
  628. public static function result($resource, $row, $field = '') {
  629. return self::num_rows($resource) > 0 ? (!empty($field) ? mysql_result($resource, $row, $field) : mysql_result($resource, $row)) : null;
  630. }
  631. /**
  632. * Removes "__@" prefix and @__ suffix added by Database::escape_string()
  633. * See #7440 for more info
  634. * @param string $query
  635. * @return mixed
  636. */
  637. public static function fixQuery($query)
  638. {
  639. // LIKE condition
  640. $query = str_replace("'%__@", "'%", $query);
  641. $query = str_replace("@__%'", "%'", $query);
  642. $query = str_replace('@__%"', "%'", $query);
  643. $query = str_replace('"%__@', "'%", $query);
  644. // Fixing doubles
  645. $query = str_replace("__@__@", "__@", $query);
  646. $query = str_replace("@__@__", "@__", $query);
  647. $query = str_replace("'__@", "'", $query);
  648. $query = str_replace('"__@', "'", $query);
  649. $query = str_replace("__@", "'", $query);
  650. $query = str_replace("@__'", "'", $query);
  651. $query = str_replace('@__"', "'", $query);
  652. $query = str_replace("@__", "'", $query);
  653. return $query;
  654. }
  655. /**
  656. * This method returns a resource
  657. * Documentation has been added by Arthur Portugal
  658. * Some adaptations have been implemented by Ivan Tcholakov, 2009, 2010
  659. * @author Olivier Brouckaert
  660. * @param string $query The SQL query
  661. * @param resource $connection (optional) The database server (MySQL) connection.
  662. * If it is not specified, the connection opened by mysql_connect() is assumed.
  663. * If no connection is found, the server will try to create one as if mysql_connect() was called with no arguments.
  664. * If no connection is found or established, an E_WARNING level error is generated.
  665. * @param string $file (optional) On error it shows the file in which the error has been trigerred (use the "magic" constant __FILE__ as input parameter)
  666. * @param string $line (optional) On error it shows the line in which the error has been trigerred (use the "magic" constant __LINE__ as input parameter)
  667. *
  668. * @return resource The returned result from the query
  669. *
  670. * Note: The parameter $connection could be skipped. Here are examples of this method usage:
  671. * Database::query($query);
  672. * $result = Database::query($query);
  673. * Database::query($query, $connection);
  674. * $result = Database::query($query, $connection);
  675. * The following ways for calling this method are obsolete:
  676. * Database::query($query, __FILE__, __LINE__);
  677. * $result = Database::query($query, __FILE__, __LINE__);
  678. * Database::query($query, $connection, __FILE__, __LINE__);
  679. * $result = Database::query($query, $connection, __FILE__, __LINE__);
  680. */
  681. public static function query($query, $connection = null, $file = null, $line = null)
  682. {
  683. $use_default_connection = self::use_default_connection($connection);
  684. if ($use_default_connection) {
  685. // Let us do parameter shifting, thus the method would be similar
  686. // (in regard to parameter order) to the original function mysql_query().
  687. $line = $file;
  688. $file = $connection;
  689. $connection = null;
  690. }
  691. //$query = self::fixQuery($query);
  692. // Check if the table contains a c_ (means a course id)
  693. if (api_get_setting('server_type') === 'test' && strpos($query, 'c_')) {
  694. //Check if the table contains inner joins
  695. if (
  696. strpos($query, 'assoc_handle') === false &&
  697. strpos($query, 'olpc_peru_filter') === false &&
  698. strpos($query, 'allow_public_certificates') === false &&
  699. strpos($query, 'DROP TABLE IF EXISTS') === false &&
  700. strpos($query, 'thematic_advance') === false &&
  701. strpos($query, 'thematic_plan') === false &&
  702. strpos($query, 'track_c_countries') === false &&
  703. strpos($query, 'track_c_os') === false &&
  704. strpos($query, 'track_c_providers') === false &&
  705. strpos($query, 'track_c_referers') === false &&
  706. strpos($query, 'track_c_browsers') === false &&
  707. strpos($query, 'settings_current') === false &&
  708. strpos($query, 'dokeos_classic_2D') === false &&
  709. strpos($query, 'cosmic_campus') === false &&
  710. strpos($query, 'static_') === false &&
  711. strpos($query, 'public_admin') === false &&
  712. strpos($query, 'chamilo_electric_blue') === false &&
  713. strpos($query, 'wcag_anysurfer_public_pages') === false &&
  714. strpos($query, 'specific_field') === false &&
  715. strpos($query, 'down_doc_path') === false &&
  716. strpos($query, 'INNER JOIN') === false &&
  717. strpos($query, 'inner join') === false &&
  718. strpos($query, 'left join') === false &&
  719. strpos($query, 'LEFT JOIN') === false &&
  720. strpos($query, 'insert') === false &&
  721. strpos($query, 'INSERT') === false &&
  722. strpos($query, 'ALTER') === false &&
  723. strpos($query, 'alter') === false &&
  724. strpos($query, 'c_id') === false &&
  725. strpos($query, 'create table') === false &&
  726. strpos($query, 'CREATE TABLE') === false &&
  727. strpos($query, 'AUTO_INCREMENT') === false
  728. ) {
  729. //@todo remove this
  730. echo '<pre>';
  731. $message = '<h4>Dev message: please add the c_id field in this query or report this error in support.chamilo.org </h4>';
  732. $message .= $query;
  733. echo $message;
  734. echo '</pre>';
  735. //error_log($message);
  736. }
  737. }
  738. if (!($result = $use_default_connection ? mysql_query($query) : mysql_query($query, $connection))) {
  739. $backtrace = debug_backtrace(); // Retrieving information about the caller statement.
  740. if (isset($backtrace[0])) {
  741. $caller = & $backtrace[0];
  742. } else {
  743. $caller = array();
  744. }
  745. if (isset($backtrace[1])) {
  746. $owner = & $backtrace[1];
  747. } else {
  748. $owner = array();
  749. }
  750. if (empty($file)) {
  751. $file = $caller['file'];
  752. }
  753. if (empty($line) && $line !== false) {
  754. $line = $caller['line'];
  755. }
  756. $type = isset($owner['type']) ? $owner['type'] : null;
  757. $function = $owner['function'];
  758. $class = isset($owner['class']) ? $owner['class'] : null;
  759. $server_type = api_get_setting('server_type');
  760. if (!empty($line) && !empty($server_type) && $server_type != 'production') {
  761. $info = '<pre>' .
  762. '<strong>DATABASE ERROR #'.self::errno($connection).':</strong><br /> ' .
  763. self::remove_XSS(self::error($connection)) . '<br />' .
  764. '<strong>QUERY :</strong><br /> ' .
  765. self::remove_XSS($query) . '<br />' .
  766. '<strong>FILE :</strong><br /> ' .
  767. (empty($file) ? ' unknown ' : $file) . '<br />' .
  768. '<strong>LINE :</strong><br /> ' .
  769. (empty($line) ? ' unknown ' : $line) . '<br />';
  770. if (empty($type)) {
  771. if (!empty($function)) {
  772. $info .= '<strong>FUNCTION :</strong><br /> ' . $function;
  773. }
  774. } else {
  775. if (!empty($class) && !empty($function)) {
  776. $info .= '<strong>CLASS :</strong><br /> ' . $class . '<br />';
  777. $info .= '<strong>METHOD :</strong><br /> ' . $function;
  778. }
  779. }
  780. $info .= '</pre>';
  781. echo $info;
  782. }
  783. if (isset(self::$log_queries) && self::$log_queries) {
  784. error_log("---------------- SQL error ---------------- ");
  785. error_log($query);
  786. error_log('error #'.self::errno($connection));
  787. error_log('error: '.self::error($connection));
  788. $info = 'FILE: ' .(empty($file) ? ' unknown ' : $file);
  789. $info .= ' +'.(empty($line) ? ' unknown ' : $line);
  790. error_log($info);
  791. if (empty($type)) {
  792. if (!empty($function)) {
  793. $info = 'FUNCTION: ' . $function;
  794. error_log($info);
  795. }
  796. } else {
  797. if (!empty($class) && !empty($function)) {
  798. $info = 'CLASS: ' . $class.' METHOD: '.$function;
  799. error_log($info);
  800. }
  801. }
  802. error_log("---------------- end ----------------");
  803. }
  804. }
  805. return $result;
  806. }
  807. /**
  808. * Selects a database.
  809. * @param string $database_name The name of the database that is to be selected.
  810. * @param resource $connection (optional) The database server connection, for detailed description see the method query().
  811. * @return bool Returns TRUE on success or FALSE on failure.
  812. */
  813. public static function select_db($database_name, $connection = null) {
  814. return self::use_default_connection($connection) ? mysql_select_db($database_name) : mysql_select_db($database_name, $connection);
  815. }
  816. /**
  817. * Stores a query result into an array.
  818. *
  819. * @author Olivier Brouckaert
  820. * @param resource $result - the return value of the query
  821. * @param option BOTH, ASSOC, or NUM
  822. * @return array - the value returned by the query
  823. */
  824. public static function store_result($result, $option = 'BOTH') {
  825. $array = array();
  826. if ($result !== false) { // For isolation from database engine's behaviour.
  827. while ($row = self::fetch_array($result, $option)) {
  828. $array[] = $row;
  829. }
  830. }
  831. return $array;
  832. }
  833. /*
  834. Encodings and collations supported by MySQL database server
  835. */
  836. /**
  837. * Checks whether a given encoding is supported by the database server.
  838. * @param string $encoding The encoding (a system conventional id, for example 'UTF-8') to be checked.
  839. * @return bool Returns a boolean value as a check-result.
  840. * @author Ivan Tcholakov
  841. */
  842. public static function is_encoding_supported($encoding) {
  843. static $supported = array();
  844. if (!isset($supported[$encoding])) {
  845. $supported[$encoding] = false;
  846. if (strlen($db_encoding = self::to_db_encoding($encoding)) > 0) {
  847. if (self::num_rows(self::query("SHOW CHARACTER SET WHERE Charset = '".self::escape_string($db_encoding)."';")) > 0) {
  848. $supported[$encoding] = true;
  849. }
  850. }
  851. }
  852. return $supported[$encoding];
  853. }
  854. /**
  855. * Constructs a SQL clause about default character set and default collation for newly created databases and tables.
  856. * Example: Database::make_charset_clause('UTF-8', 'bulgarian') returns
  857. * DEFAULT CHARACTER SET `utf8` DEFAULT COLLATE `utf8_general_ci`
  858. * @param string $encoding (optional) The default database/table encoding (a system conventional id) to be used.
  859. * @param string $language (optional) Language (a system conventional id) used for choosing language sensitive collation (if it is possible).
  860. * @return string Returns the constructed SQL clause or empty string if $encoding is not correct or is not supported.
  861. * @author Ivan Tcholakov
  862. */
  863. public static function make_charset_clause($encoding = null, $language = null) {
  864. if (empty($encoding)) {
  865. $encoding = api_get_system_encoding();
  866. }
  867. if (empty($language)) {
  868. $language = api_get_interface_language();
  869. }
  870. $charset_clause = '';
  871. if (self::is_encoding_supported($encoding)) {
  872. $db_encoding = Database::to_db_encoding($encoding);
  873. $charset_clause .= " DEFAULT CHARACTER SET `".$db_encoding."`";
  874. $db_collation = Database::to_db_collation($encoding, $language);
  875. if (!empty($db_collation)) {
  876. $charset_clause .= " DEFAULT COLLATE `".$db_collation."`";
  877. }
  878. }
  879. return $charset_clause;
  880. }
  881. /**
  882. * Converts an encoding identificator to MySQL-specific encoding identifictor,
  883. * i.e. 'UTF-8' --> 'utf8'.
  884. * @param string $encoding The conventional encoding identificator.
  885. * @return string Returns the corresponding MySQL-specific encoding identificator if any, otherwise returns NULL.
  886. * @author Ivan Tcholakov
  887. */
  888. public static function to_db_encoding($encoding) {
  889. static $result = array();
  890. if (!isset($result[$encoding])) {
  891. $result[$encoding] = null;
  892. $encoding_map = & self::get_db_encoding_map();
  893. foreach ($encoding_map as $key => $value) {
  894. if (api_equal_encodings($encoding, $key)) {
  895. $result[$encoding] = $value;
  896. break;
  897. }
  898. }
  899. }
  900. return $result[$encoding];
  901. }
  902. /**
  903. * Converts a MySQL-specific encoding identifictor to conventional encoding identificator,
  904. * i.e. 'utf8' --> 'UTF-8'.
  905. * @param string $encoding The MySQL-specific encoding identificator.
  906. * @return string Returns the corresponding conventional encoding identificator if any, otherwise returns NULL.
  907. * @author Ivan Tcholakov
  908. */
  909. public static function from_db_encoding($db_encoding) {
  910. static $result = array();
  911. if (!isset($result[$db_encoding])) {
  912. $result[$db_encoding] = null;
  913. $encoding_map = & self::get_db_encoding_map();
  914. foreach ($encoding_map as $key => $value) {
  915. if (strtolower($db_encoding) == $value) {
  916. $result[$db_encoding] = $key;
  917. break;
  918. }
  919. }
  920. }
  921. return $result[$db_encoding];
  922. }
  923. /**
  924. * Chooses the default MySQL-specific collation from given encoding and language.
  925. * @param string $encoding A conventional encoding id, i.e. 'UTF-8'
  926. * @param string $language (optional) A conventional for the system language id, i.e. 'bulgarian'. If it is empty, the chosen collation is the default server value corresponding to the given encoding.
  927. * @return string Returns a suitable default collation, for example 'utf8_general_ci', or NULL if collation was not found.
  928. * @author Ivan Tcholakov
  929. */
  930. public static function to_db_collation($encoding, $language = null) {
  931. static $result = array();
  932. if (!isset($result[$encoding][$language])) {
  933. $result[$encoding][$language] = null;
  934. if (self::is_encoding_supported($encoding)) {
  935. $db_encoding = self::to_db_encoding($encoding);
  936. if (!empty($language)) {
  937. $lang = api_purify_language_id($language);
  938. $res = self::check_db_collation($db_encoding, $lang);
  939. if (empty($res)) {
  940. $db_collation_map = & self::get_db_collation_map();
  941. if (isset($db_collation_map[$lang])) {
  942. $res = self::check_db_collation($db_encoding, $db_collation_map[$lang]);
  943. }
  944. }
  945. if (empty($res)) {
  946. $res = self::check_db_collation($db_encoding, null);
  947. }
  948. $result[$encoding][$language] = $res;
  949. } else {
  950. $result[$encoding][$language] = self::check_db_collation($db_encoding, null);
  951. }
  952. }
  953. }
  954. return $result[$encoding][$language];
  955. }
  956. /*
  957. Private methods
  958. You should not access these from outside the class
  959. No effort is made to keep the names / results the same.
  960. */
  961. /**
  962. * Glues a course database.
  963. * glue format from local.inc.php.
  964. */
  965. private static function glue_course_database_name($database_name) {
  966. return self::get_course_table_prefix().$database_name.self::get_database_glue();
  967. }
  968. /**
  969. * @param string $database_name, can be empty to use current course db
  970. *
  971. * @return the glued parameter if it is not empty,
  972. * or the current course database (glued) if the parameter is empty.
  973. */
  974. private static function fix_database_parameter($database_name) {
  975. if (empty($database_name)) {
  976. $course_info = api_get_course_info();
  977. return $course_info['dbNameGlu'];
  978. }
  979. return self::glue_course_database_name($database_name);
  980. }
  981. /**
  982. * Structures a course database and table name to ready them
  983. * for querying. The course database parameter is considered glued:
  984. * e.g. COURSE001`.`
  985. */
  986. private static function format_glued_course_table_name($database_name_with_glue, $table) {
  987. return '`'.$database_name_with_glue.$table.'`';
  988. }
  989. /**
  990. * Structures a database and table name to ready them
  991. * for querying. The database parameter is considered not glued,
  992. * just plain e.g. COURSE001
  993. */
  994. private static function format_table_name($database, $table) {
  995. global $_configuration;
  996. if ($_configuration['single_database']) {
  997. $table_name = '`'.$database.'`.`'.$table.'`';
  998. } else {
  999. $table_name = '`'.$database.$_configuration['db_glue'].$table.'`';
  1000. }
  1001. return $table_name;
  1002. }
  1003. /**
  1004. * This private method is to be used by the other methods in this class for
  1005. * checking whether the input parameter $connection actually has been provided.
  1006. * If the input parameter connection is not a resource or if it is not FALSE (in case of error)
  1007. * then the default opened connection should be used by the called method.
  1008. * @param resource/boolean $connection The checked parameter $connection.
  1009. * @return boolean TRUE means that calling method should use the default connection.
  1010. * FALSE means that (valid) parameter $connection has been provided and it should be used.
  1011. */
  1012. private static function use_default_connection($connection) {
  1013. return !is_resource($connection) && $connection !== false;
  1014. }
  1015. /**
  1016. * This private method tackles the XSS injections. It is similar to Security::remove_XSS() and works always,
  1017. * including the time of initialization when the class Security has not been loaded yet.
  1018. * @param string The input variable to be filtered from XSS, in this class it is expected to be a string.
  1019. * @return string Returns the filtered string as a result.
  1020. */
  1021. private static function remove_XSS(& $var) {
  1022. return class_exists('Security') ? Security::remove_XSS($var) : @htmlspecialchars($var, ENT_QUOTES, api_get_system_encoding());
  1023. }
  1024. /**
  1025. * This private method encapsulates a table with relations between
  1026. * conventional and MuSQL-specific encoding identificators.
  1027. * @author Ivan Tcholakov
  1028. */
  1029. private static function & get_db_encoding_map() {
  1030. static $encoding_map = array(
  1031. 'ARMSCII-8' => 'armscii8',
  1032. 'BIG5' => 'big5',
  1033. 'BINARY' => 'binary',
  1034. 'CP866' => 'cp866',
  1035. 'EUC-JP' => 'ujis',
  1036. 'EUC-KR' => 'euckr',
  1037. 'GB2312' => 'gb2312',
  1038. 'GBK' => 'gbk',
  1039. 'ISO-8859-1' => 'latin1',
  1040. 'ISO-8859-2' => 'latin2',
  1041. 'ISO-8859-7' => 'greek',
  1042. 'ISO-8859-8' => 'hebrew',
  1043. 'ISO-8859-9' => 'latin5',
  1044. 'ISO-8859-13' => 'latin7',
  1045. 'ISO-8859-15' => 'latin1',
  1046. 'KOI8-R' => 'koi8r',
  1047. 'KOI8-U' => 'koi8u',
  1048. 'SHIFT-JIS' => 'sjis',
  1049. 'TIS-620' => 'tis620',
  1050. 'US-ASCII' => 'ascii',
  1051. 'UTF-8' => 'utf8',
  1052. 'WINDOWS-1250' => 'cp1250',
  1053. 'WINDOWS-1251' => 'cp1251',
  1054. 'WINDOWS-1252' => 'latin1',
  1055. 'WINDOWS-1256' => 'cp1256',
  1056. 'WINDOWS-1257' => 'cp1257'
  1057. );
  1058. return $encoding_map;
  1059. }
  1060. /**
  1061. * A helper language id translation table for choosing some collations.
  1062. * @author Ivan Tcholakov
  1063. */
  1064. private static function & get_db_collation_map() {
  1065. static $db_collation_map = array(
  1066. 'german' => 'german2',
  1067. 'simpl_chinese' => 'chinese',
  1068. 'trad_chinese' => 'chinese',
  1069. 'turkce' => 'turkish'
  1070. );
  1071. return $db_collation_map;
  1072. }
  1073. /**
  1074. * Constructs a MySQL-specific collation and checks whether it is supported by the database server.
  1075. * @param string $db_encoding A MySQL-specific encoding id, i.e. 'utf8'
  1076. * @param string $language A MySQL-compatible language id, i.e. 'bulgarian'
  1077. * @return string Returns a suitable default collation, for example 'utf8_general_ci', or NULL if collation was not found.
  1078. * @author Ivan Tcholakov
  1079. */
  1080. private static function check_db_collation($db_encoding, $language) {
  1081. if (empty($db_encoding)) {
  1082. return null;
  1083. }
  1084. if (empty($language)) {
  1085. $result = self::fetch_array(self::query("SHOW COLLATION WHERE Charset = '".self::escape_string($db_encoding)."' AND `Default` = 'Yes';"), 'NUM');
  1086. return $result ? $result[0] : null;
  1087. }
  1088. $collation = $db_encoding.'_'.$language.'_ci';
  1089. $query_result = self::query("SHOW COLLATION WHERE Charset = '".self::escape_string($db_encoding)."';");
  1090. while ($result = self::fetch_array($query_result, 'NUM')) {
  1091. if ($result[0] == $collation) {
  1092. return $collation;
  1093. }
  1094. }
  1095. return null;
  1096. }
  1097. /**
  1098. * Database insert
  1099. * @param string $table_name
  1100. * @param array $attributes
  1101. * @param bool $show_query
  1102. * @return bool|int
  1103. */
  1104. public static function insert($table_name, $attributes, $show_query = false)
  1105. {
  1106. if (empty($attributes) || empty($table_name)) {
  1107. return false;
  1108. }
  1109. $filtred_attributes = array();
  1110. foreach($attributes as $key => $value) {
  1111. $filtred_attributes[$key] = "'".self::escape_string($value)."'";
  1112. }
  1113. //@todo check if the field exists in the table we should use a describe of that table
  1114. $params = array_keys($filtred_attributes);
  1115. $values = array_values($filtred_attributes);
  1116. if (!empty($params) && !empty($values)) {
  1117. $sql = 'INSERT INTO '.$table_name.' ('.implode(',',$params).') VALUES ('.implode(',',$values).')';
  1118. self::query($sql);
  1119. if ($show_query) {
  1120. var_dump($sql);
  1121. error_log($sql);
  1122. }
  1123. return self::insert_id();
  1124. }
  1125. return false;
  1126. }
  1127. /**
  1128. * Experimental useful database finder
  1129. * @todo lot of stuff to do here
  1130. * @todo known issues, it doesn't work when using LIKE conditions
  1131. * @example array('where'=> array('course_code LIKE "?%"'))
  1132. * @example array('where'=> array('type = ? AND category = ?' => array('setting', 'Plugins'))
  1133. * @example array('where'=> array('name = "Julio" AND lastname = "montoya"'))
  1134. */
  1135. public static function select($columns, $table_name, $conditions = array(), $type_result = 'all', $option = 'ASSOC')
  1136. {
  1137. $conditions = self::parse_conditions($conditions);
  1138. //@todo we could do a describe here to check the columns ...
  1139. if (is_array($columns)) {
  1140. $clean_columns = implode(',', $columns);
  1141. } else {
  1142. if ($columns == '*') {
  1143. $clean_columns = '*';
  1144. } else {
  1145. $clean_columns = (string)$columns;
  1146. }
  1147. }
  1148. $sql = "SELECT $clean_columns FROM $table_name $conditions";
  1149. $result = self::query($sql);
  1150. $array = array();
  1151. if ($type_result == 'all') {
  1152. while ($row = self::fetch_array($result, $option)) {
  1153. if (isset($row['id'])) {
  1154. $array[$row['id']] = $row;
  1155. } else {
  1156. $array[] = $row;
  1157. }
  1158. }
  1159. } else {
  1160. $array = self::fetch_array($result, $option);
  1161. }
  1162. return $array;
  1163. }
  1164. /**
  1165. * Parses WHERE/ORDER conditions i.e array('where'=>array('id = ?' =>'4'), 'order'=>'id DESC'))
  1166. * @todo known issues, it doesn't work when using
  1167. * LIKE conditions example: array('where'=>array('course_code LIKE "?%"'))
  1168. * @param array $conditions
  1169. */
  1170. public static function parse_conditions($conditions)
  1171. {
  1172. if (empty($conditions)) {
  1173. return '';
  1174. }
  1175. $return_value = $where_return = '';
  1176. foreach ($conditions as $type_condition => $condition_data) {
  1177. if ($condition_data == false) {
  1178. continue;
  1179. }
  1180. $type_condition = strtolower($type_condition);
  1181. switch ($type_condition) {
  1182. case 'where':
  1183. foreach ($condition_data as $condition => $value_array) {
  1184. if (is_array($value_array)) {
  1185. $clean_values = array();
  1186. foreach($value_array as $item) {
  1187. $item = Database::escape_string($item);
  1188. $clean_values[]= $item;
  1189. }
  1190. } else {
  1191. $value_array = Database::escape_string($value_array);
  1192. $clean_values = $value_array;
  1193. }
  1194. if (!empty($condition) && $clean_values != '') {
  1195. $condition = str_replace('%',"'@percentage@'", $condition); //replace "%"
  1196. $condition = str_replace("'?'","%s", $condition);
  1197. $condition = str_replace("?","%s", $condition);
  1198. $condition = str_replace("@%s@","@-@", $condition);
  1199. $condition = str_replace("%s","'%s'", $condition);
  1200. $condition = str_replace("@-@","@%s@", $condition);
  1201. // Treat conditions as string
  1202. $condition = vsprintf($condition, $clean_values);
  1203. $condition = str_replace('@percentage@','%', $condition); //replace "%"
  1204. $where_return .= $condition;
  1205. }
  1206. }
  1207. if (!empty($where_return)) {
  1208. $return_value = " WHERE $where_return" ;
  1209. }
  1210. break;
  1211. case 'order':
  1212. $order_array = $condition_data;
  1213. if (!empty($order_array)) {
  1214. // 'order' => 'id desc, name desc'
  1215. $order_array = self::escape_string($order_array, null, false);
  1216. $new_order_array = explode(',', $order_array);
  1217. $temp_value = array();
  1218. foreach($new_order_array as $element) {
  1219. $element = explode(' ', $element);
  1220. $element = array_filter($element);
  1221. $element = array_values($element);
  1222. if (!empty($element[1])) {
  1223. $element[1] = strtolower($element[1]);
  1224. $order = 'DESC';
  1225. if (in_array($element[1], array('desc', 'asc'))) {
  1226. $order = $element[1];
  1227. }
  1228. $temp_value[]= $element[0].' '.$order.' ';
  1229. } else {
  1230. //by default DESC
  1231. $temp_value[]= $element[0].' DESC ';
  1232. }
  1233. }
  1234. if (!empty($temp_value)) {
  1235. $return_value .= ' ORDER BY '.implode(', ', $temp_value);
  1236. } else {
  1237. //$return_value .= '';
  1238. }
  1239. }
  1240. break;
  1241. case 'limit':
  1242. $limit_array = explode(',', $condition_data);
  1243. if (!empty($limit_array)) {
  1244. if (count($limit_array) > 1) {
  1245. $return_value .= ' LIMIT '.intval($limit_array[0]).' , '.intval($limit_array[1]);
  1246. } else {
  1247. $return_value .= ' LIMIT '.intval($limit_array[0]);
  1248. }
  1249. }
  1250. break;
  1251. }
  1252. }
  1253. return $return_value;
  1254. }
  1255. /**
  1256. * @param array $conditions
  1257. * @return string
  1258. */
  1259. public static function parse_where_conditions($conditions)
  1260. {
  1261. return self::parse_conditions(array('where' => $conditions));
  1262. }
  1263. /**
  1264. * Experimental useful database update
  1265. * @todo lot of stuff to do here
  1266. */
  1267. public static function delete($table_name, $where_conditions, $show_query = false)
  1268. {
  1269. $where_return = self::parse_where_conditions($where_conditions);
  1270. $sql = "DELETE FROM $table_name $where_return ";
  1271. if ($show_query) { echo $sql; echo '<br />'; }
  1272. self::query($sql);
  1273. $affected_rows = self::affected_rows();
  1274. //@todo should return affected_rows for
  1275. return $affected_rows;
  1276. }
  1277. /**
  1278. * @param string $table_name use Database::get_main_table
  1279. * @param array $attributes Values to updates
  1280. * Example: $params['name'] = 'Julio'; $params['lastname'] = 'Montoya';
  1281. * @param array $where_conditions where conditions i.e array('id = ?' =>'4')
  1282. * @param bool $show_query
  1283. * @return bool|int
  1284. */
  1285. public static function update(
  1286. $table_name,
  1287. $attributes,
  1288. $where_conditions = array(),
  1289. $show_query = false
  1290. ) {
  1291. if (!empty($table_name) && !empty($attributes)) {
  1292. $update_sql = '';
  1293. //Cleaning attributes
  1294. $count = 1;
  1295. foreach ($attributes as $key=>$value) {
  1296. if (!is_array($value)) {
  1297. $value = self::escape_string($value);
  1298. }
  1299. $update_sql .= "$key = '$value' ";
  1300. if ($count < count($attributes)) {
  1301. $update_sql.=', ';
  1302. }
  1303. $count++;
  1304. }
  1305. if (!empty($update_sql)) {
  1306. //Parsing and cleaning the where conditions
  1307. $where_return = self::parse_where_conditions($where_conditions);
  1308. $sql = "UPDATE $table_name SET $update_sql $where_return ";
  1309. if ($show_query) {
  1310. var_dump($sql);
  1311. }
  1312. self::query($sql);
  1313. $affected_rows = self::affected_rows();
  1314. return $affected_rows;
  1315. }
  1316. }
  1317. return false;
  1318. }
  1319. /**
  1320. * @deprecated Use api_get_language_isocode($language) instead.
  1321. */
  1322. public static function get_language_isocode($language) {
  1323. return api_get_language_isocode($language);
  1324. }
  1325. /**
  1326. * @deprecated Use Database::insert_id() instead.
  1327. */
  1328. public static function get_last_insert_id() {
  1329. return mysql_insert_id();
  1330. }
  1331. }