See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
define('DB_DUPLICATE_ERROR', 1062);
-define('SQL_MODE', ''); // STRICT_ALL_TABLES,NO_ZERO_IN_DATE ?
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
function set_global_connection($company=-1)
{
$_SESSION["wa_current_user"]->cur_con = $company;
$connection = $db_connections[$company];
+
+ $server = $connection["host"];
+ if (!empty($connection["port"]))
+ $server .= ":".$connection["port"];
- $db = mysql_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"]);
- mysql_select_db($connection["dbname"], $db);
+ $db = mysql_connect($server, $connection["dbuser"], $connection["dbpassword"]);
+ mysql_select_db($connection["dbname"], $db);
///// From MySql release 5.6.6 the sql_mode is no longer empty as it was prior to
///// this release. Just for safety we make it empty for all 5.6 release and higher.
///// This non empty sql_mode values can interphere with FA, so all is set empty during
$retry = 0;
} while ($retry);
- db_profile($sql);
+ if($SysPrefs->db_trail == 1)
+ $db_last_inserted_id = mysql_insert_id($db); // cache to avoid trail overwrite
- if($SysPrefs->sql_trail) {
- $db_last_inserted_id = mysql_insert_id($db); // preserve in case trail insert is done
- if ($SysPrefs->select_trail || (strstr($sql, 'SELECT') === false)) {
- mysql_query(
- "INSERT INTO ".$cur_prefix."sql_trail
- (`sql`, `result`, `msg`)
- VALUES(".db_escape($sql).",".($result ? 1 : 0).",
- ".db_escape($err_msg).")", $db);
- }
- }
+ db_profile($sql);
if ($err_msg != null || $SysPrefs->go_debug) {
$exit = $err_msg != null;
{
global $db_last_inserted_id, $SysPrefs, $db;
- return $SysPrefs->sql_trail ? $db_last_inserted_id : mysql_insert_id($db);
+ return $SysPrefs->db_trail == 1 ? $db_last_inserted_id : mysql_insert_id($db);
}
function db_num_affected_rows()
*/
function db_create_db($connection)
{
- $db = mysql_connect($connection["host"] ,
- $connection["dbuser"], $connection["dbpassword"]);
+ $server = $connection["host"];
+ if (!empty($connection["port"]))
+ $server .= ":".$connection["port"];
+ $db = mysql_connect($server, $connection["dbuser"], $connection["dbpassword"]);
if (!mysql_select_db($connection["dbname"], $db))
{