See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
define('DB_DUPLICATE_ERROR', 1062);
-define('SQL_MODE', ''); // STRICT_ALL_TABLES,NO_ZERO_IN_DATE ?
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
function set_global_connection($company=-1)
{
- global $db, $path_to_root, $db_connections;
+ global $db, $path_to_root, $db_connections, $SysPrefs;
include ($path_to_root . "/config_db.php");
if ($company == -1)
$_SESSION["wa_current_user"]->cur_con = $company;
$connection = $db_connections[$company];
+
+ $server = $connection["host"];
+ if (!empty($connection["port"]))
+ $server .= ":".$connection["port"];
- $db = mysql_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"]);
- mysql_select_db($connection["dbname"], $db);
+ $db = mysql_connect($server, $connection["dbuser"], $connection["dbpassword"]);
+ mysql_select_db($connection["dbname"], $db);
///// From MySql release 5.6.6 the sql_mode is no longer empty as it was prior to
///// this release. Just for safety we make it empty for all 5.6 release and higher.
///// This non empty sql_mode values can interphere with FA, so all is set empty during
///// our sessions.
///// We are, however, investigating the existing code to be compatible in the future.
- db_query("SET sql_mode = '".SQL_MODE."'");
+ db_query("SET sql_mode = '".SQL_MODE."'");
/////
+ $SysPrefs->refresh();
return $db;
}
function db_query($sql, $err_msg=null)
{
- global $db, $SysPres, $sql_queries, $Ajax, $db_connections, $db_last_inserted_id;
+ global $db, $SysPrefs, $sql_queries, $Ajax, $db_connections, $db_last_inserted_id;
// set current db prefix
$comp = isset($_SESSION["wa_current_user"]->cur_con) ? $_SESSION["wa_current_user"]->cur_con : 0;
- $cur_prefix = $db_connections[$comp]['tbpref'];
+ $cur_prefix = @$db_connections[$comp]['tbpref'];
$sql = str_replace(TB_PREF, $cur_prefix, $sql);
if ($SysPrefs->show_sql)
db_profile(); // mysql profiling
- $result = mysql_query($sql, $db);
+ $retry = MAX_DEADLOCK_RETRY;
+ do {
+ $result = mysql_query($db, $sql);
+ if (mysql_errno($db) == 1213) { // deadlock detected
+ sleep(1); $retry--;
+ } else
+ $retry = 0;
+ } while ($retry);
db_profile($sql);
if ($err_msg != null || $SysPrefs->go_debug) {
$exit = $err_msg != null;
if (function_exists('xdebug_call_file'))
- check_db_error('<br>At file '.xdebug_call_file().':'.xdebug_call_line().':<br>'.$err_msg, $sql, $exit);
- else
- check_db_error($err_msg, $sql, $exit);
+ $err_msg = '<br>At file '.xdebug_call_file().':'.xdebug_call_line().':<br>'.$err_msg;
+ check_db_error($err_msg, $sql, $exit);
}
return $result;
}
-function db_fetch_row ($result)
+function db_fetch_row($result)
{
return mysql_fetch_row($result);
}
-function db_fetch_assoc ($result)
+function db_fetch_assoc($result)
{
return mysql_fetch_assoc($result);
}
-function db_fetch ($result)
+function db_fetch($result)
{
return mysql_fetch_array($result);
}
-function db_seek (&$result,$record)
+function db_seek(&$result,$record)
{
return mysql_data_seek($result, $record);
}
-function db_free_result ($result)
+function db_free_result($result)
{
if ($result)
mysql_free_result($result);
}
-function db_num_rows ($result)
+function db_num_rows($result)
{
return mysql_num_rows($result);
}
-function db_num_fields ($result)
+function db_num_fields($result)
{
return mysql_num_fields($result);
}
return $value;
}
-function db_error_no ()
+function db_error_no()
{
global $db;
return mysql_errno($db);
return mysql_field_name($result, $n);
}
+function db_set_collation($db, $fa_collation)
+{
+ return mysql_query("ALTER DATABASE COLLATE ".get_mysql_collation($fa_collation), $db);
+}
+
+/*
+ Create database for FA company. If database already exists,
+ just set collation to be sure nothing weird will happen later.
+*/
function db_create_db($connection)
{
- $db = mysql_connect($connection["host"] ,
- $connection["dbuser"], $connection["dbpassword"]);
+ $server = $connection["host"];
+ if (!empty($connection["port"]))
+ $server .= ":".$connection["port"];
+ $db = mysql_connect($server, $connection["dbuser"], $connection["dbpassword"]);
if (!mysql_select_db($connection["dbname"], $db))
{
- $sql = "CREATE DATABASE IF NOT EXISTS " . $connection["dbname"] . "";
+ $sql = "CREATE DATABASE IF NOT EXISTS `" . $connection["dbname"] . "`"
+ . " DEFAULT COLLATE '" . get_mysql_collation($connection["collation"]) . "'";
+
if (!mysql_query($sql) || !mysql_select_db($connection["dbname"], $db))
+ return 0;
+ } else
+ if (!db_set_collation($connection["collation"], $db))
return 0;
- }
+
return $db;
}
projects / fa-stable.git / blobdiff