-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathOgerDb.class.php
More file actions
344 lines (270 loc) · 9.13 KB
/
OgerDb.class.php
File metadata and controls
344 lines (270 loc) · 9.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
<?PHP
/*
#LICENSE BEGIN
**********************************************************************
* OgerArch - Archaeological Database is released under the GNU General Public License (GPL) <http://www.gnu.org/licenses>
* Copyright (C) Gerhard Öttl <gerhard.oettl@ogersoft.at>
**********************************************************************
#LICENSE END
*/
/**
* Helperclass for database handling.
* This class contains convenience methods for SQL and PDO.
*/
class OgerDb {
/// Enclose char at the begin.
/// Enclose char at the begin of table and column names to encapsulate reserved words.
/// Defaults to double quotes (") which is the ANSI SQL Standard .
public static $encNamBegin = '"';
/// Enclose char at the end.
/// Enclose char at the end of table and column names to encapsulate reserved words.
/// Defaults to double quotes (") which is the ANSI SQL Standard .
public static $encNamEnd = '"';
/// Connection resource.
/// Mainly intended for setting and using in inheriting classes.
public static $conn;
/// Debug flag.
//public static $debug = true;
public static $debug = false;
/**
* Enclose a name with database dependend encape chars.
* @param $name Name to enclose.
* @return Enclosed name.
*/
public static function encName($name) {
return static::$encNamBegin . $name . static::$encNamEnd;
}
/**
* Create a SQL string for insert or update for pepared statement.
* @param $action Sql action (INSERT or UPDATE).
* @param $tableName Table name.
* @param $fields Array with field names or associative array with fieldname => value pairs.
* @param string|array $where Optional SQL WHERE clause.
* String or array without the WHERE keyword. An array is passed to whereStmt().
* @return String with created sql command.
*/
public static function getStoreStmt($action, $tableName, $fields, $where = "", $moreStmt = "") {
if (Oger::isAssocArray($fields)) {
$fields = array_keys($fields);
}
$action = strtoupper($action);
switch ($action) {
case "INSERT":
foreach ($fields as $field) {
$fieldStmt .= ($fieldStmt ? "," : '') . static::encName($field);
$valueStmt .= ($valueStmt ? "," : '') . ":$field";
}
$stmt .= "INSERT INTO " . static::encName($tableName) . " ($fieldStmt) VALUES ($valueStmt)";
break;
case "UPDATE":
foreach ($fields as $field) {
$stmtSet .= ($stmtSet ? "," : '') . static::encName($field) . "=:$field";
}
$stmt .= "UPDATE " . static::encName($tableName) . " SET $stmtSet";
// where values only needed on update
$stmt .= " " . static::whereStmt($where);
break;
default:
throw new Exception("Unknown database store action: $action.");
}
if ($moreStmt) {
$stmt .= " $moreStmt";
}
return $stmt;
} // end of create statement
/**
* Check if parameters fit for given statement.
* Only used for debugging to get more helpful error messages for PDO::exec errors.
* Throws an exception if an error occurs and does nothing otherwise.
* @param $sql SQL statement.
* @param $values Assiziative array with key value pairs.
*/
public static function checkStmtParams($sql, $values) {
// extract keys and remove leading ":" (if any) from keys
$valKeys = array();
foreach ((array)$values as $key => $value) {
if (substr($key, 0, 1) == ":") {
$key = substr($key, 1);
}
$valKeys[$key] = $value;
}
// check for required values
$tmpMsg = "";
$delim = "";
$params = static::getStmtParamNames($sql);
foreach ($params as $param) {
if (!array_key_exists($param, $valKeys)) {
$tmpMsg .= "$delim$param";
$delim = ", ";
}
}
if ($tmpMsg) {
$msg .= "No value for param: $tmpMsg. ";
}
// check for required params
$tmpMsg = "";
$delim = "";
$params = array_flip($params);
foreach ((array)$valKeys as $key => $value) {
if (!array_key_exists($key, $params)) {
$tmpMsg .= "$delim$key";
$delim = ", ";
}
}
if ($tmpMsg) {
$msg .= "No param for value: $tmpMsg.";
}
// if errormessage than return or throw exception
if ($msg) {
$msg = "$msg Sql: $sql";
throw new Exception($msg);
}
} // eo check statement params
/**
* Get parameters from SQL statement.
* Get all named parameters from a SQL statement string that is designed for prepared statement usage.
* @param $stmt SQL statment.
* @return An array with all named parameters (placeholders) for a sql statement.
*/
public static function getStmtParamNames($stmt) {
preg_match_all("/[^a-z0-9_]:([a-z_][a-z0-9_]*)/i", $stmt, $matches);
return $matches[1];
} // eo get stmt param names
/**
* Creates a simple SQL WHERE clause designed for a prepared statement.
* For parameters @see wherePart().
* @return String with WHERE clause with the leading WHERE keyword.
*/
public static function whereStmt($params, $glueOp = "AND") {
$where = static::wherePart($params, $glueOp);
$chkWhere = trim($where);
if ($chkWhere && strtoupper(substr($chkWhere, 0, 5) != "WHERE")) {
$where = "WHERE $where";
}
return " " . $where;
}
/**
* Creates a part for the SQL WHERE clause designed for a prepared statement.
* The WHERE clause containing placeholder for named parameters.<BR>
* Remark on prepared statements (PHP 5.3):
* Looks like repared statements are always filled in as strings, even
* if they are forced to PHP numbers (for example multiplied with 1).
* So whe have to explicitly cast them in the WHERE statement if
* we need numbers.
* @param $params An array with the parameter names for the SQL WHERE clause of a SQL statement.
* If an assoziative array is given then the keys are used as parameter names.
* For every parameter a "parameterName=:parameterName" stanza is created.
* Currently only the "=" comperator is used.
* If params is a string it will be returned unchanged.
* @param string $glueOp Optional logical operator that glues together the fields.
* Defaults to "AND".
* @return String with WHERE clause, but without the leading WHERE keyword.
*/
public static function wherePart($params, $glueOp = "AND") {
if (!is_array($params)) {
return $params;
}
$stmt = '';
// if not an associative array, then make it
if (!Oger::isAssocArray($params)) {
$tmp = array();
foreach ($params as $paramName) {
$tmp[$paramName] = $paramName;
}
$params = $tmp;
}
// create where clause
foreach ($params as $colName => $val) {
$stmt .= ($stmt ? " $glueOp " : "") . static::encName($colName) . "=:";
// if the value is another array, then the key contains the real parameter name
if (is_array($val)) {
reset($val);
$stmt .= key($val);
}
else {
$stmt .= "$colName";
}
}
return $stmt;
} // end of create where
/**
* Check if values match statement placeholders and prepare sql.
*/
public static function checkedPrepare($sql, $values = array()) {
// if sql is already a prepared statemend, then we return it directly
if (is_a($sql, "PDOStatement")) {
return $sql;
}
static::checkStmtParams($sql, $values);
return static::$conn->prepare($sql);
} // eo checked prepare
/**
* Check if values match statement placeholders. Prepare and execute sql.
*/
public static function checkedExecute($sql, $values = array()) {
$pstmt = static::checkedPrepare($sql, $values);
$pstmt->execute($values);
return $pstmt;
} // eo checked execute
/**
* Get plain sql by replacing placeholder with escaped value
* Only use for debugging !!!
* False replacement possible (if searched for ":A" before searched for ":AA"), sort by length necessary !!!
* Production code should only use prepared statements with bound parameters.
*/
public static function plainSql($sql, $values = array()) {
static::checkStmtParams($sql, $values);
$params = array();
$quoted = array();
foreach ($values as $key => $val) {
$params[] = ":" . $key;
$quoted[] = static::$conn->quote($val);
}
$sql = str_replace($params, $quoted, $sql);
return $sql;
} // eo plain sql
/**
* Get value of first column of first row.
*/
public static function fetchValue1($sql, $seleVals = array()) {
$pstmt = static::checkedExecute($sql, $seleVals);
$value1 = $pstmt->fetchColumn();
$pstmt->closeCursor();
return $value1;
} // eo get value 1
/**
* Get first row.
*/
public static function fetchRow1($sql, $seleVals = array()) {
$pstmt = static::checkedExecute($sql, $seleVals);
$row1 = $pstmt->fetch(PDO::FETCH_ASSOC);
$pstmt->closeCursor();
return $row1;
} // eo get value 1
/**
* Check for valid characters in column names (driver specific).
*/
public static function columnCharsValid($colName) {
if (preg_match("/^([a-z_][a-z0-9_]*)$/i", $colName)) {
return true;
}
return false;
} // eo valid column chars
/**
* Get mysql error message from exception
*/
public static function getMyErrorMsg($ex) {
$oriMsg = $ex->getMessage();
$errMsg = $oriMsg;
switch ($ex->errorInfo[1]) {
case 1062:
$errMsg = sprintf(Oger::_("Unerlaubtes Duplikat: %s"), $oriMsg);
break;
case 1451:
$errMsg = sprintf(Oger::_("Fehler durch verknüpfte Datensätze: %s"), $oriMsg);
break;
} // eo switch
return $errMsg;
} // eo mysql error msg
} // eo class
?>