X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fdb%2Fconnect_db_mysqli.inc;h=87660a4f0e516d4a85ea866ca690d18d918a8b59;hb=df317147686e6577fcfa7215705d376a3939772d;hp=79e299e4e6ad9dd6e302e1cd0cca5964b6a24e81;hpb=bd8f517d30d1edd3261e26e582ddd9e11c555616;p=fa-stable.git

diff --git a/includes/db/connect_db_mysqli.inc b/includes/db/connect_db_mysqli.inc
index 79e299e4..87660a4f 100644
--- a/includes/db/connect_db_mysqli.inc
+++ b/includes/db/connect_db_mysqli.inc
@@ -10,15 +10,16 @@
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
 define('DB_DUPLICATE_ERROR', 1062);
-define('SQL_MODE', ''); // STRICT_ALL_TABLES,NO_ZERO_IN_DATE ?
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
 
 $db_last_inserted_id = 0;
 
 function set_global_connection($company=-1)
 {
-	global $db, $path_to_root, $db_connections;
+	global $db, $path_to_root, $db_connections, $SysPrefs;
 
 	include ($path_to_root . "/config_db.php");
+
 	if ($company == -1) 
 		$company = user_company();
 
@@ -28,15 +29,18 @@ function set_global_connection($company=-1)
 
 	$connection = $db_connections[$company];
 
-	$db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"]);
-		mysqli_select_db($db, $connection["dbname"]);
+	$db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"], "", 
+		!empty($connection["port"]) ? $connection["port"] : 3306); // default port in mysql is 3306
+		
+	mysqli_select_db($db, $connection["dbname"]);
 	///// From mysqli release 5.6.6 the sql_mode is no longer empty as it was prior to
 	///// this release. Just for safety we make it empty for all 5.6 release and higher.
 	///// This non empty sql_mode values can interphere with FA, so all is set empty during
 	///// our sessions.
 	///// We are, however, investigating the existing code to be compatible in the future.
-		db_query("SET sql_mode = '".SQL_MODE."'");
+	db_query("SET sql_mode = '".SQL_MODE."'");
 	/////
+	$SysPrefs->refresh();
 	return $db;
 }
 
@@ -48,7 +52,7 @@ function db_query($sql, $err_msg=null)
 
 	// set current db prefix
 	$comp = isset($_SESSION["wa_current_user"]->cur_con) ? $_SESSION["wa_current_user"]->cur_con : 0;
-	$cur_prefix = $db_connections[$comp]['tbpref'];
+	$cur_prefix = @$db_connections[$comp]['tbpref'];
 	$sql = str_replace(TB_PREF, $cur_prefix, $sql);
 
 	if ($SysPrefs->show_sql)
@@ -59,7 +63,14 @@ function db_query($sql, $err_msg=null)
 
 	db_profile(); // mysql profiling
 
-	$result = mysqli_query($db, $sql);
+	$retry = MAX_DEADLOCK_RETRY;
+	do {
+		$result = mysqli_query($db, $sql);
+		if (mysqli_errno($db) == 1213)	{ // deadlock detected
+			sleep(1); $retry--;
+		} else
+			$retry = 0;
+	} while ($retry);
 
 	db_profile($sql);
 
@@ -76,48 +87,47 @@ function db_query($sql, $err_msg=null)
 	if ($err_msg != null || $SysPrefs->go_debug) {
 		$exit = $err_msg != null;
 		if (function_exists('xdebug_call_file'))
-			check_db_error('<br>At file '.xdebug_call_file().':'.xdebug_call_line().':<br>'.$err_msg, $sql, $exit);
-		else
-			check_db_error($err_msg, $sql, $exit);
+			$err_msg = '<br>At file '.xdebug_call_file().':'.xdebug_call_line().':<br>'.$err_msg;
+		check_db_error($err_msg, $sql, $exit);
 	}
 	return $result;
 }
 
-function db_fetch_row ($result)
+function db_fetch_row($result)
 {
 	$ret = mysqli_fetch_row($result);
 	return ($ret === null ? false : $ret);
 }
 
-function db_fetch_assoc ($result)
+function db_fetch_assoc($result)
 {
 	$ret = mysqli_fetch_assoc($result);
 	return ($ret === null ? false : $ret);
 }
 
-function db_fetch ($result)
+function db_fetch($result)
 {
 	$ret = mysqli_fetch_array($result);
 	return ($ret === null ? false : $ret);
 }
 
-function db_seek (&$result,$record)
+function db_seek(&$result,$record)
 {
 	return mysqli_data_seek($result, $record);
 }
 
-function db_free_result ($result)
+function db_free_result($result)
 {
 	if ($result)
 		mysqli_free_result($result);
 }
 
-function db_num_rows ($result)
+function db_num_rows($result)
 {
 	return mysqli_num_rows($result);
 }
 
-function db_num_fields ($result)
+function db_num_fields($result)
 {
 	return mysqli_num_fields($result);
 }
@@ -125,9 +135,9 @@ function db_num_fields ($result)
 function db_escape($value = "", $nullify = false)
 {
 	global $db;
-	
-	$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
-	$value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
+
+	$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding);
+	$value = html_specials_encode($value);
 
   	//reset default if second parameter is skipped
 	$nullify = ($nullify === null) ? (false) : ($nullify);
@@ -149,7 +159,7 @@ function db_escape($value = "", $nullify = false)
 	return $value;
 }
 
-function db_error_no ()
+function db_error_no()
 {
 	global $db;
     return mysqli_errno($db);
@@ -179,16 +189,34 @@ function db_field_name($result, $n)
     return $fieldinfo->name;
 }
 
+function db_set_collation($db, $fa_collation)
+{
+	return mysqli_query($db, "ALTER DATABASE COLLATE ".get_mysql_collation($fa_collation));
+}
+
+/*
+	Create database for FA company. If database already exists,
+	just set collation to be sure nothing weird will happen later.
+*/
 function db_create_db($connection)
 {
-	$db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"]);
-	if (strncmp(db_get_version(), "5.6", 3) >= 0) 
-		db_query("SET sql_mode = ''");
+	global $db;
+
+	$db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"], "",
+		!empty($connection["port"]) ? $connection["port"] : 3306); // default port in mysql is 3306
+
 	if (!mysqli_select_db($db, $connection["dbname"]))
 	{
-		$sql = "CREATE DATABASE IF NOT EXISTS " . $connection["dbname"] . "";
+		$sql = "CREATE DATABASE IF NOT EXISTS `" . $connection["dbname"] . "`"
+			. " DEFAULT COLLATE '" . get_mysql_collation($connection["collation"]) . "'";
+
 		if (!mysqli_query($db, $sql) || !mysqli_select_db($db, $connection["dbname"]))
 			return 0;
+	} else {
+		if (!db_set_collation($db, $connection["collation"]))
+		{
+			return 0;
+		}
 	}
 	return $db;
 }