See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
define('DB_DUPLICATE_ERROR', 1062);
-define('SQL_MODE', ''); // STRICT_ALL_TABLES,NO_ZERO_IN_DATE ?
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
$db_last_inserted_id = 0;
global $db, $path_to_root, $db_connections, $SysPrefs;
include ($path_to_root . "/config_db.php");
+
if ($company == -1)
$company = user_company();
$connection = $db_connections[$company];
- $db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"]);
- mysqli_select_db($db, $connection["dbname"]);
+ $db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"], "",
+ !empty($connection["port"]) ? $connection["port"] : 3306); // default port in mysql is 3306
+
+ mysqli_select_db($db, $connection["dbname"]);
///// From mysqli release 5.6.6 the sql_mode is no longer empty as it was prior to
///// this release. Just for safety we make it empty for all 5.6 release and higher.
///// This non empty sql_mode values can interphere with FA, so all is set empty during
///// our sessions.
///// We are, however, investigating the existing code to be compatible in the future.
- db_query("SET sql_mode = '".SQL_MODE."'");
+ db_query("SET sql_mode = '".SQL_MODE."'");
/////
$SysPrefs->refresh();
return $db;
$retry = 0;
} while ($retry);
- db_profile($sql);
+ if($SysPrefs->db_trail == 1)
+ $db_last_inserted_id = mysqli_insert_id($db); // cache to avoid trail overwrite
- if($SysPrefs->sql_trail) {
- $db_last_inserted_id = mysqli_insert_id($db); // preserve in case trail insert is done
- if ($SysPrefs->select_trail || (strstr($sql, 'SELECT') === false)) {
- mysqli_query($db, "INSERT INTO ".$cur_prefix."sql_trail
- (`sql`, `result`, `msg`)
- VALUES(".db_escape($sql).",".($result ? 1 : 0).",
- ".db_escape($err_msg).")");
- }
- }
+ db_profile($sql);
if ($err_msg != null || $SysPrefs->go_debug) {
$exit = $err_msg != null;
function db_escape($value = "", $nullify = false)
{
global $db;
-
- $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
+
+ $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding);
$value = html_specials_encode($value);
//reset default if second parameter is skipped
{
global $db_last_inserted_id, $SysPrefs, $db;
- return $SysPrefs->sql_trail ? $db_last_inserted_id : mysqli_insert_id($db);
+ return $SysPrefs->db_trail == 1 ? $db_last_inserted_id : mysqli_insert_id($db);
}
function db_num_affected_rows()
return $fieldinfo->name;
}
+function db_set_collation($db, $fa_collation)
+{
+ return mysqli_query($db, "ALTER DATABASE COLLATE ".get_mysql_collation($fa_collation));
+}
+
+/*
+ Create database for FA company. If database already exists,
+ just set collation to be sure nothing weird will happen later.
+*/
function db_create_db($connection)
{
- $db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"]);
+ global $db;
+
+ $db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"], "",
+ !empty($connection["port"]) ? $connection["port"] : 3306); // default port in mysql is 3306
if (!mysqli_select_db($db, $connection["dbname"]))
{
- $sql = "CREATE DATABASE IF NOT EXISTS `" . $connection["dbname"] . "`";
+ $sql = "CREATE DATABASE IF NOT EXISTS `" . $connection["dbname"] . "`"
+ . " DEFAULT COLLATE '" . get_mysql_collation($connection["collation"]) . "'";
+
if (!mysqli_query($db, $sql) || !mysqli_select_db($db, $connection["dbname"]))
return 0;
+ } else {
+ if (!db_set_collation($db, $connection["collation"]))
+ {
+ return 0;
+ }
}
return $db;
}