See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
define('DB_DUPLICATE_ERROR', 1062);
-define('SQL_MODE', ''); // STRICT_ALL_TABLES,NO_ZERO_IN_DATE ?
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
function set_global_connection($company=-1)
{
$_SESSION["wa_current_user"]->cur_con = $company;
$connection = $db_connections[$company];
+
+ $server = $connection["host"];
+ if (!empty($connection["port"]))
+ $server .= ":".$connection["port"];
- $db = mysql_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"]);
- mysql_select_db($connection["dbname"], $db);
+ $db = mysql_connect($server, $connection["dbuser"], $connection["dbpassword"]);
+ mysql_select_db($connection["dbname"], $db);
///// From MySql release 5.6.6 the sql_mode is no longer empty as it was prior to
///// this release. Just for safety we make it empty for all 5.6 release and higher.
///// This non empty sql_mode values can interphere with FA, so all is set empty during
///// our sessions.
///// We are, however, investigating the existing code to be compatible in the future.
- db_query("SET sql_mode = '".SQL_MODE."'");
+ db_query("SET sql_mode = '".SQL_MODE."'");
/////
$SysPrefs->refresh();
return $db;
// set current db prefix
$comp = isset($_SESSION["wa_current_user"]->cur_con) ? $_SESSION["wa_current_user"]->cur_con : 0;
- $cur_prefix = $db_connections[$comp]['tbpref'];
+ $cur_prefix = @$db_connections[$comp]['tbpref'];
$sql = str_replace(TB_PREF, $cur_prefix, $sql);
if ($SysPrefs->show_sql)
*/
function db_create_db($connection)
{
- $db = mysql_connect($connection["host"] ,
- $connection["dbuser"], $connection["dbpassword"]);
+ $server = $connection["host"];
+ if (!empty($connection["port"]))
+ $server .= ":".$connection["port"];
+ $db = mysql_connect($server, $connection["dbuser"], $connection["dbpassword"]);
if (!mysql_select_db($connection["dbname"], $db))
{