X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fdb%2Fconnect_db.inc;h=5babac1bd4f3676bd5f6d2874df2e37cb6ca736f;hb=f36d4241ba673261532a1bb3c59b6b985901238e;hp=0b6e4eb919965321d48c68a67b16b1852e44d4ac;hpb=07cdb63555517eaa7ee4c51e6ba45470bc95d0b5;p=fa-stable.git
diff --git a/includes/db/connect_db.inc b/includes/db/connect_db.inc
index 0b6e4eb9..5babac1b 100644
--- a/includes/db/connect_db.inc
+++ b/includes/db/connect_db.inc
@@ -1,15 +1,23 @@
.
+***********************************************************************/
function set_global_connection()
{
- global $db;
+ global $db, $transaction_level;
+
+ cancel_transaction(); // cancel all aborted transactions if any
+ $transaction_level = 0;
- if (isset($_SESSION["wa_current_user"]) && $_SESSION["wa_current_user"]->company !='')
- $db = $_SESSION["wa_current_user"]->get_db_connection();
- else
- $db = null;
+ $db = $_SESSION["wa_current_user"]->get_db_connection();
}
$db_duplicate_error_code = 1062;
@@ -18,25 +26,32 @@ $db_duplicate_error_code = 1062;
function db_query($sql, $err_msg=null)
{
- global $db, $show_sql;
-
- //echo "
$sql
";
+ global $db, $show_sql, $sql_trail, $select_trail, $go_debug, $sql_queries, $Ajax;
+
if ($show_sql)
{
- echo "SQL..";
- echo "
";
- echo $sql;
- echo "
\n";
+ $Ajax->activate('footer_debug');
+ $sql_queries .= "$sql
\n
";
}
-
$result = mysql_query($sql, $db);
- if ($err_msg != null)
- if (function_exists('xdebug_call_file'))
- check_db_error('
At file '.xdebug_call_file().':'.xdebug_call_line().':
'.$err_msg, $sql);
- else
- check_db_error($err_msg, $sql);
+ if($sql_trail) {
+ if ($select_trail || (strstr($sql, 'SELECT') === false)) {
+ mysql_query(
+ "INSERT INTO ".TB_PREF."sql_trail
+ (`sql`, `result`, `msg`)
+ VALUES(".db_escape($sql).",".($result ? 1 : 0).",
+ ".db_escape($err_msg).")", $db);
+ }
+ }
+ if ($err_msg != null || $go_debug) {
+ $exit = $err_msg != null;
+ if (function_exists('xdebug_call_file'))
+ check_db_error('
At file '.xdebug_call_file().':'.xdebug_call_line().':
'.$err_msg, $sql, $exit);
+ else
+ check_db_error($err_msg, $sql, $exit);
+ }
return $result;
}
@@ -46,6 +61,12 @@ function db_fetch_row ($result)
return mysql_fetch_row($result);
}
+function db_fetch_assoc ($result)
+{
+
+ return mysql_fetch_assoc($result);
+}
+
function db_fetch ($result)
{
@@ -54,7 +75,7 @@ function db_fetch ($result)
function db_seek (&$result,$record)
{
- mysql_data_seek($result, $record);
+ return mysql_data_seek($result, $record);
}
function db_free_result ($result)
@@ -63,7 +84,7 @@ function db_free_result ($result)
mysql_free_result($result);
}
-function db_num_rows (&$result)
+function db_num_rows ($result)
{
return mysql_num_rows($result);
}
@@ -73,9 +94,33 @@ function db_num_fields ($result)
return mysql_num_fields($result);
}
-function db_escape ($result)
+function db_escape($value = "", $nullify = false)
{
- return mysql_escape_string($result);
+ $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
+ $value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
+
+ //reset default if second parameter is skipped
+ $nullify = ($nullify === null) ? (false) : ($nullify);
+
+ //check for null/unset/empty strings
+ if ((!isset($value)) || (is_null($value)) || ($value === "")) {
+ $value = ($nullify) ? ("NULL") : ("''");
+ } else {
+ if (is_string($value)) {
+ //value is a string and should be quoted; determine best method based on available extensions
+ if (function_exists('mysql_real_escape_string')) {
+ $value = "'" . mysql_real_escape_string($value) . "'";
+ } else {
+ $value = "'" . mysql_escape_string($value) . "'";
+ }
+ } else if (!is_numeric($value)) {
+ //value is not a string nor numeric
+ display_error("ERROR: incorrect data type send to sql query");
+ echo '
';
+ exit();
+ }
+ }
+ return $value;
}
function db_error_no ()