X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fdb%2Fconnect_db_mysqli.inc;h=87660a4f0e516d4a85ea866ca690d18d918a8b59;hb=df317147686e6577fcfa7215705d376a3939772d;hp=e8f5395a3c579c7b9d929fc7847236fac6babcdc;hpb=649c678c71f2827326c9761b0091bb15196f8878;p=fa-stable.git

diff --git a/includes/db/connect_db_mysqli.inc b/includes/db/connect_db_mysqli.inc
index e8f5395a..87660a4f 100644
--- a/includes/db/connect_db_mysqli.inc
+++ b/includes/db/connect_db_mysqli.inc
@@ -9,69 +9,74 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
+define('DB_DUPLICATE_ERROR', 1062);
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
+
+$db_last_inserted_id = 0;
 
 function set_global_connection($company=-1)
 {
-	global $db, $transaction_level, $path_to_root, $db_connections;
+	global $db, $path_to_root, $db_connections, $SysPrefs;
 
 	include ($path_to_root . "/config_db.php");
+
 	if ($company == -1) 
-		$company = $_SESSION["wa_current_user"]->company;
+		$company = user_company();
 
-	cancel_transaction(); // cancel all aborted transactions if any
-	$transaction_level = 0;
+	cancel_transaction(); // cancel all aborted transactions (if any)
 
 	$_SESSION["wa_current_user"]->cur_con = $company;
 
 	$connection = $db_connections[$company];
 
-	$db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"]);
-		mysqli_select_db($db, $connection["dbname"]);
+	$db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"], "", 
+		!empty($connection["port"]) ? $connection["port"] : 3306); // default port in mysql is 3306
+		
+	mysqli_select_db($db, $connection["dbname"]);
 	///// From mysqli release 5.6.6 the sql_mode is no longer empty as it was prior to
 	///// this release. Just for safety we make it empty for all 5.6 release and higher.
 	///// This non empty sql_mode values can interphere with FA, so all is set empty during
 	///// our sessions.
 	///// We are, however, investigating the existing code to be compatible in the future.
-	if (strncmp(db_get_version(), "5.6", 3) >= 0) 
-		db_query("SET sql_mode = ''");
+	db_query("SET sql_mode = '".SQL_MODE."'");
 	/////
+	$SysPrefs->refresh();
 	return $db;
 }
 
-$db_duplicate_error_code = 1062;
-
 //DB wrapper functions to change only once for whole application
 
 function db_query($sql, $err_msg=null)
 {
-	global $db, $show_sql, $sql_trail, $select_trail, $go_debug, $sql_queries, $Ajax,
-		$db_connections, $db_last_inserted_id;
-	
+	global $db, $SysPrefs, $sql_queries, $Ajax,	$db_connections, $db_last_inserted_id;
+
 	// set current db prefix
 	$comp = isset($_SESSION["wa_current_user"]->cur_con) ? $_SESSION["wa_current_user"]->cur_con : 0;
-	$cur_prefix = $db_connections[$comp]['tbpref'];
+	$cur_prefix = @$db_connections[$comp]['tbpref'];
 	$sql = str_replace(TB_PREF, $cur_prefix, $sql);
 
-	if ($show_sql)
+	if ($SysPrefs->show_sql)
 	{
 		$Ajax->activate('footer_debug');
 		$sql_queries .= "<pre>$sql</pre>\n<hr>";
 	}
 
-	// mysql profiling
-	global $profile_sql;
-	if (@$profile_sql) 
-		get_usec();
-	$result = mysqli_query($db, $sql);
-	if (@$profile_sql)
-	{
-		$profile_sql= false;
-		_vd($sql.'<br>:'.db_num_rows($result).'rows, '.get_usec());
-	}
-	
-	if($sql_trail) {
+	db_profile(); // mysql profiling
+
+	$retry = MAX_DEADLOCK_RETRY;
+	do {
+		$result = mysqli_query($db, $sql);
+		if (mysqli_errno($db) == 1213)	{ // deadlock detected
+			sleep(1); $retry--;
+		} else
+			$retry = 0;
+	} while ($retry);
+
+	db_profile($sql);
+
+	if($SysPrefs->sql_trail) {
 		$db_last_inserted_id = mysqli_insert_id($db);	// preserve in case trail insert is done
-		if ($select_trail || (strstr($sql, 'SELECT') === false)) {
+		if ($SysPrefs->select_trail || (strstr($sql, 'SELECT') === false)) {
 			mysqli_query($db, "INSERT INTO ".$cur_prefix."sql_trail
 				(`sql`, `result`, `msg`)
 				VALUES(".db_escape($sql).",".($result ? 1 : 0).",
@@ -79,51 +84,50 @@ function db_query($sql, $err_msg=null)
 		}
 	}
 
-	if ($err_msg != null || $go_debug) {
+	if ($err_msg != null || $SysPrefs->go_debug) {
 		$exit = $err_msg != null;
 		if (function_exists('xdebug_call_file'))
-			check_db_error('<br>At file '.xdebug_call_file().':'.xdebug_call_line().':<br>'.$err_msg, $sql, $exit);
-		else
-			check_db_error($err_msg, $sql, $exit);
+			$err_msg = '<br>At file '.xdebug_call_file().':'.xdebug_call_line().':<br>'.$err_msg;
+		check_db_error($err_msg, $sql, $exit);
 	}
 	return $result;
 }
 
-function db_fetch_row ($result)
+function db_fetch_row($result)
 {
 	$ret = mysqli_fetch_row($result);
 	return ($ret === null ? false : $ret);
 }
 
-function db_fetch_assoc ($result)
+function db_fetch_assoc($result)
 {
 	$ret = mysqli_fetch_assoc($result);
 	return ($ret === null ? false : $ret);
 }
 
-function db_fetch ($result)
+function db_fetch($result)
 {
 	$ret = mysqli_fetch_array($result);
 	return ($ret === null ? false : $ret);
 }
 
-function db_seek (&$result,$record)
+function db_seek(&$result,$record)
 {
 	return mysqli_data_seek($result, $record);
 }
 
-function db_free_result ($result)
+function db_free_result($result)
 {
 	if ($result)
 		mysqli_free_result($result);
 }
 
-function db_num_rows ($result)
+function db_num_rows($result)
 {
 	return mysqli_num_rows($result);
 }
 
-function db_num_fields ($result)
+function db_num_fields($result)
 {
 	return mysqli_num_fields($result);
 }
@@ -131,9 +135,9 @@ function db_num_fields ($result)
 function db_escape($value = "", $nullify = false)
 {
 	global $db;
-	
-	$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
-	$value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
+
+	$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding);
+	$value = html_specials_encode($value);
 
   	//reset default if second parameter is skipped
 	$nullify = ($nullify === null) ? (false) : ($nullify);
@@ -155,7 +159,7 @@ function db_escape($value = "", $nullify = false)
 	return $value;
 }
 
-function db_error_no ()
+function db_error_no()
 {
 	global $db;
     return mysqli_errno($db);
@@ -168,9 +172,9 @@ function db_error_msg($conn)
 
 function db_insert_id()
 {
-	global $db_last_inserted_id, $sql_trail, $db;
+	global $db_last_inserted_id, $SysPrefs, $db;
 
-	return $sql_trail ? $db_last_inserted_id : mysqli_insert_id($db);
+	return $SysPrefs->sql_trail ? $db_last_inserted_id : mysqli_insert_id($db);
 }
 
 function db_num_affected_rows()
@@ -185,16 +189,34 @@ function db_field_name($result, $n)
     return $fieldinfo->name;
 }
 
+function db_set_collation($db, $fa_collation)
+{
+	return mysqli_query($db, "ALTER DATABASE COLLATE ".get_mysql_collation($fa_collation));
+}
+
+/*
+	Create database for FA company. If database already exists,
+	just set collation to be sure nothing weird will happen later.
+*/
 function db_create_db($connection)
 {
-	$db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"]);
-	if (strncmp(db_get_version(), "5.6", 3) >= 0) 
-		db_query("SET sql_mode = ''");
+	global $db;
+
+	$db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"], "",
+		!empty($connection["port"]) ? $connection["port"] : 3306); // default port in mysql is 3306
+
 	if (!mysqli_select_db($db, $connection["dbname"]))
 	{
-		$sql = "CREATE DATABASE IF NOT EXISTS " . $connection["dbname"] . "";
+		$sql = "CREATE DATABASE IF NOT EXISTS `" . $connection["dbname"] . "`"
+			. " DEFAULT COLLATE '" . get_mysql_collation($connection["collation"]) . "'";
+
 		if (!mysqli_query($db, $sql) || !mysqli_select_db($db, $connection["dbname"]))
 			return 0;
+	} else {
+		if (!db_set_collation($db, $connection["collation"]))
+		{
+			return 0;
+		}
 	}
 	return $db;
 }
@@ -264,4 +286,14 @@ function db_set_encoding($ui_encoding=null)
 		mysqli_set_charset($db, $mysql_enc);
 }
 
-?>
\ No newline at end of file
+function db_get_charset($db)
+{
+	return mysqli_character_set_name($db);
+}
+
+function db_set_charset($db, $charset)
+{
+	global $db;
+
+	return mysqli_set_charset($db, $charset);
+}