function mysqli_fetch_array_large($offset, $link, $package_size)
{
/* we are aiming for maximum compression to test MYSQLI_CLIENT_COMPRESS */
$random_char = str_repeat('a', 255);
$sql = "INSERT INTO test(label) VALUES ";
while (strlen($sql) < $package_size - 259) {
$sql .= sprintf("('%s'), ", $random_char);
}
$sql = substr($sql, 0, -2);
$len = strlen($sql);
assert($len < $package_size);
if (!@mysqli_query($link, $sql)) {
if (1153 == mysqli_errno($link) || 2006 == mysqli_errno($link) || stristr(mysqli_error($link), 'max_allowed_packet')) {
/*
myslqnd - [1153] Got a packet bigger than 'max_allowed_packet' bytes
libmysql -[2006] MySQL server has gone away
*/
return false;
}
printf("[%03d + 1] len = %d, [%d] %s\n", $offset, $len, mysqli_errno($link), mysqli_error($link));
return false;
}
/* buffered result set - let's hope we do not run into PHP memory limit... */
if (!($res = mysqli_query($link, "SELECT id, label FROM test"))) {
printf("[%03d + 2] len = %d, [%d] %s\n", $offset, $len, mysqli_errno($link), mysqli_error($link));
return false;
}
while ($row = mysqli_fetch_assoc($res)) {
if ($row['label'] != $random_char) {
printf("[%03d + 3] Wrong results - expecting '%s' got '%s', len = %d, [%d] %s\n", $offset, $random_char, $row['label'], $len, mysqli_errno($link), mysqli_error($link));
return false;
}
}
mysqli_free_result($res);
if (!($stmt = mysqli_prepare($link, "SELECT id, label FROM test"))) {
printf("[%03d + 4] len = %d, [%d] %s\n", $offset, $len, mysqli_errno($link), mysqli_error($link));
return false;
}
/* unbuffered result set */
if (!mysqli_stmt_execute($stmt)) {
printf("[%03d + 5] len = %d, [%d] %s, [%d] %s\n", $offset, $len, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt), mysqli_errno($link), mysqli_error($link));
return false;
}
$id = $label = NULL;
if (!mysqli_stmt_bind_result($stmt, $id, $label)) {
printf("[%03d + 6] len = %d, [%d] %s, [%d] %s\n", $offset, $len, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt), mysqli_errno($link), mysqli_error($link));
return false;
}
while (mysqli_stmt_fetch($stmt)) {
if ($label != $random_char) {
printf("[%03d + 7] Wrong results - expecting '%s' got '%s', len = %d, [%d] %s\n", $offset, $random_char, $label, $len, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
}
mysqli_stmt_free_result($stmt);
mysqli_stmt_close($stmt);
return true;
}
function bind_twice($link, $engine, $sql_type1, $sql_type2, $bind_type1, $bind_type2, $bind_value1, $bind_value2, $offset)
{
if (!mysqli_query($link, "DROP TABLE IF EXISTS test_mysqli_stmt_bind_param_type_juggling_table_1")) {
printf("[%03d + 1] [%d] %s\n", $offset, mysqli_errno($link), mysqli_error($link));
return false;
}
mysqli_autocommit($link, true);
$sql = sprintf("CREATE TABLE test_mysqli_stmt_bind_param_type_juggling_table_1(col1 %s, col2 %s) ENGINE=%s", $sql_type1, $sql_type2, $engine);
if (!mysqli_query($link, $sql)) {
printf("[%03d + 2] [%d] %s\n", $offset, mysqli_errno($link), mysqli_error($link));
return false;
}
if (!($stmt = mysqli_stmt_init($link))) {
printf("[%03d + 3] [%d] %s\n", $offset, mysqli_errno($link), mysqli_error($link));
return false;
}
if (!mysqli_stmt_prepare($stmt, "INSERT INTO test_mysqli_stmt_bind_param_type_juggling_table_1(col1, col2) VALUES (?, ?)")) {
printf("[%03d + 4] [%d] %s\n", $offset, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_bind_param($stmt, $bind_type1 . $bind_type2, $bind_value1, $bind_value1)) {
printf("[%03d + 5] [%d] %s\n", $offset, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_execute($stmt)) {
printf("[%03d + 6] [%d] %s\n", $offset, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_bind_param($stmt, $bind_type1 . $bind_type2, $bind_value1, $bind_value2)) {
printf("[%03d + 7] [%d] %s\n", $offset, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_execute($stmt)) {
printf("[%03d + 8] [%d] %s\n", $offset, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
mysqli_stmt_close($stmt);
if (!($res = mysqli_query($link, "SELECT col1, col2 FROM test_mysqli_stmt_bind_param_type_juggling_table_1"))) {
printf("[%03d + 9] [%d] %s\n", $offset, mysqli_errno($link), mysqli_error($link));
return false;
}
if (2 !== ($tmp = mysqli_num_rows($res))) {
printf("[%03d + 10] Expecting 2 rows, got %d rows [%d] %s\n", $offset, $tmp, mysqli_errno($link), mysqli_error($link));
}
$row = mysqli_fetch_assoc($res);
if ($row['col1'] != $bind_value1 || $row['col2'] != $bind_value1) {
printf("[%03d + 11] Expecting col1 = %s, col2 = %s got col1 = %s, col2 = %s - [%d] %s\n", $offset, $bind_value1, $bind_value1, $row['col1'], $row['col2'], mysqli_errno($link), mysqli_error($link));
return false;
}
$row = mysqli_fetch_assoc($res);
if ($row['col1'] != $bind_value1 || $row['col2'] != $bind_value2) {
printf("[%03d + 12] Expecting col1 = %s, col2 = %s got col1 = %s, col2 = %s - [%d] %s\n", $offset, $bind_value1, $bind_value2, $row['col1'], $row['col2'], mysqli_errno($link), mysqli_error($link));
return false;
}
mysqli_free_result($res);
return true;
}
function mysqli_update($db, $sql)
{
$stmt = call_user_func_array('mysqli_interpolate', func_get_args());
if (!mysqli_stmt_execute($stmt)) {
throw new mysqli_sql_exception(mysqli_stmt_error($stmt), mysqli_stmt_errno($stmt));
}
$affected = mysqli_stmt_affected_rows($stmt);
mysqli_stmt_close($stmt);
return (int) $affected;
}
function test_format($link, $format, $from, $order_by, $expected, $offset)
{
if (!($stmt = mysqli_stmt_init($link))) {
printf("[%03d] Cannot create PS, [%d] %s\n", $offset, mysqli_errno($link), mysqli_error($link));
return false;
}
if ($order_by) {
$sql = sprintf('SELECT %s AS _format FROM %s ORDER BY %s', $format, $from, $order_by);
} else {
$sql = sprintf('SELECT %s AS _format FROM %s', $format, $from);
}
if (!mysqli_stmt_prepare($stmt, $sql)) {
printf("[%03d] Cannot prepare PS, [%d] %s\n", $offset + 1, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_execute($stmt)) {
printf("[%03d] Cannot execute PS, [%d] %s\n", $offset + 2, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_store_result($stmt)) {
printf("[%03d] Cannot store result set, [%d] %s\n", $offset + 3, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!is_array($expected)) {
$result = null;
if (!mysqli_stmt_bind_result($stmt, $result)) {
printf("[%03d] Cannot bind result, [%d] %s\n", $offset + 4, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_fetch($stmt)) {
printf("[%03d] Cannot fetch result,, [%d] %s\n", $offset + 5, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if ($result !== $expected) {
printf("[%03d] Expecting %s/%s got %s/%s with %s - %s.\n", $offset + 6, gettype($expected), $expected, gettype($result), $result, $format, $sql);
}
} else {
$order_by_col = $result = null;
if (!mysqli_stmt_bind_result($stmt, $order_by_col, $result)) {
printf("[%03d] Cannot bind result, [%d] %s\n", $offset + 7, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
reset($expected);
while ((list($k, $v) = each($expected)) && mysqli_stmt_fetch($stmt)) {
if ($result !== $v) {
printf("[%03d] Row %d - expecting %s/%s got %s/%s [%s] with %s - %s.\n", $offset + 8, $k, gettype($v), $v, gettype($result), $result, $order_by_col, $format, $sql);
}
}
}
mysqli_stmt_free_result($stmt);
mysqli_stmt_close($stmt);
return true;
}
public function saveItem($dbc, $cid)
{
$query = "INSERT INTO basket(cartID,itemName,Value) VALUES(?,?,?)";
$stmt = mysqli_prepare($dbc, $query);
if (!$stmt) {
die('mysqli error: ' . mysqli_error($dbc));
}
mysqli_stmt_bind_param($stmt, "dsd", $cid, $this->name, $this->value);
if (!mysqli_execute($stmt)) {
die('stmt error: ' . mysqli_stmt_error($stmt));
}
$this->id = mysqli_stmt_insert_id($stmt);
}
function mysqli_interpolate($db, string $sql, ...$args) : mysqli_stmt
{
$argn = count($args);
$stmt = mysqli_prepare($db, $sql);
if ($stmt === false) {
throw new mysqli_sql_exception(mysqli_error($db), mysqli_errno($db));
}
if ($argn) {
$syms = str_repeat('s', $argn);
if (false === mysqli_stmt_bind_param($stmt, $syms, ...$args)) {
throw new mysqli_sql_exception(mysqli_stmt_error($stmt), mysqli_stmt_errno($stmt));
}
}
return $stmt;
}
public function insertUser($dbc)
{
require_once '../mysqli_connect.php';
//Insert info into the database
$query = "INSERT INTO users(firstName,lastName,email, password, streetAddress, postalCode, DOB, gender) VALUES (?,?,?,?,?,?,?,?)";
//Prepare mysqli statement
$stmt = mysqli_prepare($dbc, $query);
if (!$stmt) {
die('mysqli error1: ' . mysqli_error($dbc));
}
//Bind parameters
mysqli_stmt_bind_param($stmt, "ssssssds", $this->firstName, $this->lastName, $this->email, $this->password, $this->streetAddress, $this->postalCode, $this->DOB, $this->gender);
if (!mysqli_execute($stmt)) {
die('stmt error2: ' . mysqli_stmt_error($stmt));
}
$this->id = mysqli_stmt_insert_id($stmt);
}
function zerofill($offset, $link, $datatype, $insert = 1)
{
mysqli_query($link, 'ALTER TABLE test_mysqli_stmt_bind_result_zerofill_table_1 DROP zero');
$sql = sprintf('ALTER TABLE test_mysqli_stmt_bind_result_zerofill_table_1 ADD zero %s UNSIGNED ZEROFILL', $datatype);
if (!mysqli_query($link, $sql)) {
// no worries - server might not support it
return true;
}
if (!mysqli_query($link, sprintf('UPDATE test_mysqli_stmt_bind_result_zerofill_table_1 SET zero = %s', $insert))) {
printf("[%03d] UPDATE failed, [%d] %s\n", $offset, mysqli_errno($link), mysqli_error($link));
return false;
}
if (!($stmt = mysqli_prepare($link, 'SELECT zero FROM test_mysqli_stmt_bind_result_zerofill_table_1 LIMIT 1'))) {
printf("[%03d] SELECT failed, [%d] %s\n", $offset, mysqli_errno($link), mysqli_error($link));
return false;
}
$result = null;
if (!mysqli_stmt_bind_result($stmt, $result)) {
printf("[%03d] Bind failed, [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_execute($stmt) || !mysqli_stmt_fetch($stmt)) {
printf("[%03d] Execute or fetch failed, [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
$res = mysqli_stmt_result_metadata($stmt);
$meta = mysqli_fetch_fields($res);
mysqli_stmt_free_result($stmt);
$meta = $meta[0];
$length = $meta->length;
if ($length > strlen($insert)) {
$expected = str_repeat('0', $length - strlen($insert));
$expected .= $insert;
if ($expected !== $result) {
printf("[%03d] Expecting '%s' got '%s'\n", $offset, $expected, $result);
return false;
}
} else {
if ($length <= 1) {
printf("[%03d] Length reported is too small to run test\n", $offset);
return false;
}
}
return true;
}
function db_query($sql, $bind = null)
{
$db = get_var('db');
$query = false;
$stmt = mysqli_stmt_init($db);
$sql = trim($sql);
if (mysqli_stmt_prepare($stmt, $sql)) {
if (!empty($bind)) {
$types = '';
$values = array();
foreach ($bind as $key => &$value) {
$value = stripslashes($value);
if (is_numeric($value)) {
$float = floatval($value);
$types .= $float && intval($float) != $float ? 'd' : 'i';
} else {
$types .= 's';
}
$values[$key] =& $bind[$key];
}
$params = array_merge(array($stmt, $types), $bind);
call_user_func_array('mysqli_stmt_bind_param', $params);
}
if (mysqli_stmt_execute($stmt)) {
if (preg_match('/^(SELECT|SHOW)/i', $sql)) {
if (db_native_driver()) {
$query = mysqli_stmt_get_result($stmt);
mysqli_stmt_close($stmt);
} else {
return $stmt;
}
} else {
$query = TRUE;
mysqli_stmt_close($stmt);
}
} else {
trigger_error(mysqli_stmt_error($stmt), E_USER_WARNING);
}
} else {
trigger_error(mysqli_error($db), E_USER_WARNING);
}
return $query;
}
public function prepare($stmtName, $stmt, $values)
{
$prepStmt = \mysqli_prepare($this->connection, $stmt);
if (!$prepStmt) {
throw new \Exception('Prepared Statement prepare fail: ' . \mysqli_error($this->connection));
}
$types = '';
$binds = array($prepStmt, null);
for ($i = 0; $i < \count($values); $i++) {
$types .= self::getPrepareValueType($values[$i]);
$binds[] =& $values[$i];
}
$binds[1] = $types;
\call_user_func_array('mysqli_stmt_bind_param', $binds);
//you need 2 append the parameters - thats the right way to do that.
if (!mysqli_stmt_execute($prepStmt)) {
throw new \SYSTEM\LOG\ERROR("Could not execute prepare statement: " . \mysqli_stmt_error($prepStmt));
}
return new ResultMysqliPrepare($prepStmt, $this);
}
function func_test_mysqli_stmt_num_rows($stmt, $query, $expected, $offset)
{
if (!mysqli_stmt_prepare($stmt, $query)) {
printf("[%03d] [%d] %s\n", $offset, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_execute($stmt)) {
printf("[%03d] [%d] %s\n", $offset + 1, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_store_result($stmt)) {
printf("[%03d] [%d] %s\n", $offset + 2, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if ($expected !== ($tmp = mysqli_stmt_num_rows($stmt))) {
printf("[%03d] Expecting %s/%d, got %s/%d\n", $offset + 3, gettype($expected), $expected, gettype($tmp), $tmp);
}
mysqli_stmt_free_result($stmt);
return true;
}
function getSubject($q, $front = false, $back = false)
{
if (strlen($q) < 1) {
return "none";
} else {
$con = $GLOBALS["con"];
$param = $q;
$sql = "";
if ($front || $back) {
if ($front == true) {
$param = "%" . $param;
}
if ($back == true) {
$param = $param . "%";
}
$sql = "SELECT Name FROM subjects WHERE Valid=1 AND Name LIKE ? LIMIT 1";
} else {
$sql = "SELECT Name FROM subjects WHERE Valid=1 AND Name=? LIMIT 1";
}
$stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con));
mysqli_stmt_bind_param($stmt, 's', $param) or die(mysqli_stmt_error($stmt));
mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt));
mysqli_stmt_bind_result($stmt, $name);
if (mysqli_stmt_fetch($stmt)) {
return $name;
} else {
if ($back == false) {
return getSubject($q, false, true);
} else {
if ($front == false) {
return getSubject($q, true, true);
} else {
return getSubject(substr($q, 0, strlen($q) - 1), false, false);
}
}
}
}
}
function getDocID($url)
{
$con = $GLOBALS["con"];
$sql = "SELECT docID FROM documents WHERE URL=?";
$stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con));
mysqli_stmt_bind_param($stmt, 's', $url) or die(mysqli_stmt_error($stmt));
mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt));
mysqli_stmt_store_result($stmt);
if (mysqli_stmt_num_rows($stmt) < 1) {
mysqli_stmt_close($stmt);
$sql = "INSERT INTO documents (URL) VALUES (?)";
$stmt = mysqli_prepare($con, $sql) or die(mysqli_error($con));
mysqli_stmt_bind_param($stmt, 's', $url) or die(mysqli_stmt_error($stmt));
mysqli_stmt_execute($stmt) or die(mysqli_stmt_error($stmt));
mysqli_stmt_bind_result($stmt, $docID);
mysqli_stmt_fetch($stmt);
return getDocID($url);
} else {
mysqli_stmt_bind_result($stmt, $docID);
mysqli_stmt_fetch($stmt);
return $docID;
}
}
die('mysqli error: ' . mysqli_error($dbc));
}
//Bind parameters
mysqli_stmt_bind_param($stmt, "ssssssds", $firstName, $lastName, $email, $password, $streetAddress, $postalCode, $DOB, $gender);
if (!mysqli_execute($stmt)) {
die('stmt error: ' . mysqli_stmt_error($stmt));
}
//Query to get user ID
$query = "SELECT id FROM users WHERE email=?";
$stmt = mysqli_prepare($dbc, $query);
if (!$stmt) {
die('mysqli error: ' . mysqli_error($dbc));
}
mysqli_stmt_bind_param($stmt, "s", $email);
if (!mysqli_stmt_execute($stmt)) {
die('stmt error1: ' . mysqli_stmt_error($stmt));
}
mysqli_stmt_bind_result($stmt, $id);
while (mysqli_stmt_fetch($stmt)) {
$newUser = new User($id, $firstName, $lastName, $email, $password, $streetAddress, $postalCode, $DOB, $gender);
$newUser->sessionUser();
}
header('Location: WelcomePage.php');
}
function passwordChecker($p1, $p2)
{
if (strcmp($p1, $p2) != 0) {
exit("Passwords dont match, Goodbye");
} else {
return TRUE;
}
function func_mysqli_stmt_bind_datatype($link, $engine, $bind_type, $sql_type, $bind_value, $offset, $alternative = null)
{
if (!mysqli_query($link, "DROP TABLE IF EXISTS test")) {
printf("[%03d] [%d] %s\n", $offset, mysqli_errno($link), mysqli_error($link));
return false;
}
if (!mysqli_query($link, sprintf("CREATE TABLE test(id INT NOT NULL, label %s, PRIMARY KEY(id)) ENGINE = %s", $sql_type, $engine))) {
// don't bail - it might be that the server does not support the data type
return false;
}
if (!($stmt = mysqli_stmt_init($link))) {
printf("[%03d] [%d] %s\n", $offset + 1, mysqli_errno($link), mysqli_error($link));
return false;
}
if (!mysqli_stmt_prepare($stmt, "INSERT INTO test(id, label) VALUE (?, ?)")) {
printf("[%03d] [%d] %s\n", $offset + 2, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
$id = 1;
if (!mysqli_stmt_bind_param($stmt, "i" . $bind_type, $id, $bind_value)) {
printf("[%03d] [%d] %s\n", $offset + 3, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (!mysqli_stmt_execute($stmt)) {
printf("[%03d] [%d] %s\n", $offset + 4, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
mysqli_stmt_close($stmt);
if (!($res = mysqli_query($link, "SELECT id, label FROM test"))) {
printf("[%03d] [%d] %s\n", $offset + 5, mysqli_errno($link), mysqli_error($link));
return false;
}
if (!($row = mysqli_fetch_assoc($res))) {
printf("[%03d] [%d] %s\n", $offset + 5, mysqli_errno($link), mysqli_error($link));
return false;
}
if ($alternative) {
if ($row['id'] != $id || $row['label'] != $bind_value && $row['label'] != $alternative) {
printf("[%03d] Testing '%s', '%s': expecting '%s'/'%s' (%s), got '%s'/'%s'\n", $offset + 6, $bind_type, $sql_type, $id, $bind_value, gettype($bind_value), $row['id'], $row['label']);
return false;
}
} else {
if ($row['id'] != $id || $row['label'] != $bind_value) {
printf("[%03d] Testing '%s', '%s': expecting '%s'/'%s', got '%s'/'%s'\n", $offset + 6, $bind_type, $sql_type, $id, $bind_value, $row['id'], $row['label']);
return false;
}
}
mysqli_free_result($res);
return true;
}
mysqli_stmt_bind_result($stmt, $in);
while (mysqli_stmt_fetch($stmt)) {
}
mysqli_stmt_close($stmt);
}
if ($in == "") {
echo "notfound";
exit;
}
// set columns in database
$sql = "UPDATE users SET reset=?, resetexpire=? WHERE name=? AND email=?";
if ($stmt = mysqli_prepare($con, $sql)) {
mysqli_stmt_bind_param($stmt, "siss", $hashbrown[3], $tday, $u, $e);
mysqli_stmt_execute($stmt);
if (mysqli_stmt_error($stmt)) {
echo 'SQL Error: ' . mysqli_stmt_error($stmt);
}
while (mysqli_stmt_fetch($stmt)) {
}
mysqli_stmt_close($stmt);
}
// send e-mail to user with link to reset
$to = $e;
$from = "*****@*****.**";
$subject = "Bathtub Bingo - Reset Password";
$text = "Following this link to reset your password:\n";
$text .= "http://www.bathtubbingo.com/verifResetPass.php?user="******"&reset=" . $hashbrown[3];
$message = new Mail_mime();
$message->setTXTBody($text);
$body = $message->get();
$extraheaders = array("From" => $from, "Subject" => $subject);
if ('' !== ($tmp = mysqli_stmt_error($stmt))) {
printf("[004] Expecting int/0, got %s/%s\n", gettype($tmp), $tmp);
}
if (mysqli_stmt_prepare($stmt, "SELECT i_do_not_exist_believe_me FROM test ORDER BY id")) {
printf("[005] Statement should have failed!\n");
}
// set after error server?
if ('' === ($tmp = mysqli_stmt_error($stmt))) {
printf("[006] Expecting string/any non empty, got %s/%s\n", gettype($tmp), $tmp);
}
if (!mysqli_stmt_prepare($stmt, "SELECT id FROM test ORDER BY id")) {
printf("[007] [%d] %s\n", mysqli_stmt_error($stmt), mysqli_stmt_error($stmt));
}
// reset after error & success
if ('' !== ($tmp = mysqli_stmt_error($stmt))) {
printf("[008] Expecting empty string, got %s/%s\n", gettype($tmp), $tmp);
}
mysqli_kill($link, mysqli_thread_id($link));
if (true === ($tmp = mysqli_stmt_execute($stmt))) {
printf("[009] Expecting boolean/false, got %s/%s\n", gettype($tmp), $tmp);
}
// set after client error
if ('' === ($tmp = mysqli_stmt_error($stmt))) {
printf("[010] Execting string/any non empty, got %s/%s\n", gettype($tmp), $tmp);
}
mysqli_stmt_close($stmt);
if (NULL !== ($tmp = mysqli_stmt_error($stmt))) {
printf("[011] Expecting NULL, got %s/%s\n", gettype($tmp), $tmp);
}
mysqli_close($link);
print "done!";
<title>Curso Básico - PHP do Jeito Certo</title>
</head>
<body>
<h1>Consultar usuarios</h1>
<h2>Evitando SQL Injection</h2>
<?php
//importa o arquivo de conexão
require_once 'conexao.php';
//abre a conexao com o banco
$con = dbConnect();
$nome = '%Carlos%';
//consulta preparada contra SQL Injection
$sql = "SELECT id, nome, login, senha, email FROM usuarios WHERE nome LIKE ?";
$result = mysqli_prepare($con, $sql);
//Executa a consulta
if ($result) {
mysqli_stmt_bind_param($result, 's', $nome);
mysqli_stmt_execute($result);
mysqli_stmt_bind_result($result, $id, $nome, $login, $senha, $email);
while (mysqli_stmt_fetch($result)) {
echo $nome . '<br />';
}
} else {
trigger_error('Statement failed: ' . mysqli_stmt_error($result), E_USER_ERROR);
}
mysqli_stmt_close($result);
//fecha a conexao
dbClose($con);
?>
</body>
</html>
function func_mysqli_stmt_get_result($link, $engine, $bind_type, $sql_type, $bind_value, $offset, $type_hint = null)
{
if (!mysqli_query($link, "DROP TABLE IF EXISTS test_mysqli_stmt_get_result_types_table_1")) {
printf("[%04d] [%d] %s\n", $offset, mysqli_errno($link), mysqli_error($link));
return false;
}
if (!mysqli_query($link, sprintf("CREATE TABLE test_mysqli_stmt_get_result_types_table_1(id INT, label %s, PRIMARY KEY(id)) ENGINE = %s", $sql_type, $engine))) {
// don't bail - column type might not be supported by the server, ignore this
return false;
}
if (!($stmt = mysqli_stmt_init($link))) {
printf("[%04d] [%d] %s\n", $offset + 1, mysqli_errno($link), mysqli_error($link));
return false;
}
if (!mysqli_stmt_prepare($stmt, "INSERT INTO test_mysqli_stmt_get_result_types_table_1(id, label) VALUES (?, ?)")) {
printf("[%04d] [%d] %s\n", $offset + 2, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
$id = null;
if (!mysqli_stmt_bind_param($stmt, "i" . $bind_type, $id, $bind_value)) {
printf("[%04d] [%d] %s\n", $offset + 3, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
mysqli_stmt_close($stmt);
return false;
}
for ($id = 1; $id < 4; $id++) {
if (!mysqli_stmt_execute($stmt)) {
printf("[%04d] [%d] %s\n", $offset + 3 + $id, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
mysqli_stmt_close($stmt);
return false;
}
}
mysqli_stmt_close($stmt);
$stmt = mysqli_stmt_init($link);
if (!mysqli_stmt_prepare($stmt, "SELECT id, label FROM test_mysqli_stmt_get_result_types_table_1")) {
printf("[%04d] [%d] %s\n", $offset + 7, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
mysqli_stmt_close($stmt);
return false;
}
if (!mysqli_stmt_execute($stmt)) {
printf("[%04d] [%d] %s\n", $offset + 8, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
mysqli_stmt_close($stmt);
return false;
}
$result = mysqli_stmt_result_metadata($stmt);
if (!($res = mysqli_stmt_get_result($stmt))) {
printf("[%04d] [%d] %s\n", $offset + 9, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
mysqli_stmt_close($stmt);
return false;
}
$num = 0;
$fields = mysqli_fetch_fields($result);
while ($row = mysqli_fetch_assoc($res)) {
$bind_res =& $row['label'];
if (!gettype($bind_res) == 'unicode') {
if ($bind_res !== $bind_value && (!$type_hint || $type_hint !== gettype($bind_res))) {
printf("[%04d] [%d] Expecting %s/'%s' [type hint = %s], got %s/'%s'\n", $offset + 10, $num, gettype($bind_value), $bind_value, $type_hint, gettype($bind_res), $bind_res);
mysqli_free_result($res);
mysqli_stmt_close($stmt);
return false;
}
}
$num++;
}
if ($num != 3) {
printf("[%04d] [%d] %s, expecting 3 results, got only %d results\n", $offset + 11, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt), $num);
mysqli_free_result($res);
mysqli_stmt_close($stmt);
return false;
}
mysqli_free_result($res);
mysqli_stmt_close($stmt);
return true;
}
function func_mysqli_stmt_get_result_geom($link, $engine, $sql_type, $bind_value, $offset)
{
if (!mysqli_query($link, "DROP TABLE IF EXISTS test_mysqli_stmt_get_result_geom_table_1")) {
printf("[%04d] [%d] %s\n", $offset, mysqli_errno($link), mysqli_error($link));
return false;
}
if (!mysqli_query($link, sprintf("CREATE TABLE test_mysqli_stmt_get_result_geom_table_1(id INT, label %s, PRIMARY KEY(id)) ENGINE = %s", $sql_type, $engine))) {
// don't bail - column type might not be supported by the server, ignore this
return false;
}
for ($id = 1; $id < 4; $id++) {
$sql = sprintf("INSERT INTO test_mysqli_stmt_get_result_geom_table_1(id, label) VALUES (%d, %s)", $id, $bind_value);
if (!mysqli_query($link, $sql)) {
printf("[%04d] [%d] %s\n", $offset + 2 + $id, mysqli_errno($link), mysqli_error($link));
}
}
if (!($stmt = mysqli_stmt_init($link))) {
printf("[%04d] [%d] %s\n", $offset + 6, mysqli_errno($link), mysqli_error($link));
return false;
}
if (!mysqli_stmt_prepare($stmt, "SELECT id, label FROM test_mysqli_stmt_get_result_geom_table_1")) {
printf("[%04d] [%d] %s\n", $offset + 7, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
mysqli_stmt_close($stmt);
return false;
}
if (!mysqli_stmt_execute($stmt)) {
printf("[%04d] [%d] %s\n", $offset + 8, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
mysqli_stmt_close($stmt);
return false;
}
if (!($res = mysqli_stmt_get_result($stmt))) {
printf("[%04d] [%d] %s\n", $offset + 9, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
mysqli_stmt_close($stmt);
return false;
}
$result = mysqli_stmt_result_metadata($stmt);
$fields = mysqli_fetch_fields($result);
if ($fields[1]->type != MYSQLI_TYPE_GEOMETRY) {
printf("[%04d] [%d] %s wrong type %d\n", $offset + 10, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt), $fields[1]->type);
}
$num = 0;
while ($row = mysqli_fetch_assoc($res)) {
$bind_res =& $row['label'];
if (!($stmt2 = mysqli_stmt_init($link))) {
printf("[%04d] [%d] %s\n", $offset + 11, mysqli_errno($link), mysqli_error($link));
return false;
}
if (!mysqli_stmt_prepare($stmt2, "INSERT INTO test_mysqli_stmt_get_result_geom_table_1(id, label) VALUES (?, ?)")) {
printf("[%04d] [%d] %s\n", $offset + 12, mysqli_stmt_errno($stmt2), mysqli_stmt_error($stmt2));
return false;
}
$id = $row['id'] + 10;
if (!mysqli_stmt_bind_param($stmt2, "is", $id, $bind_res)) {
printf("[%04d] [%d] %s\n", $offset + 13, mysqli_stmt_errno($stmt2), mysqli_stmt_error($stmt2));
return false;
}
if (!mysqli_stmt_execute($stmt2)) {
printf("[%04d] [%d] %s\n", $offset + 14, mysqli_stmt_errno($stmt2), mysqli_stmt_error($stmt2));
return false;
}
mysqli_stmt_close($stmt2);
if (!($res_normal = mysqli_query($link, sprintf("SELECT id, label FROM test_mysqli_stmt_get_result_geom_table_1 WHERE id = %d", $row['id'] + 10)))) {
printf("[%04d] [%d] %s\n", $offset + 15, mysqli_errno($link), mysqli_error($link));
return false;
}
if (!($row_normal = mysqli_fetch_assoc($res_normal))) {
printf("[%04d] [%d] %s\n", $offset + 16, mysqli_errno($link), mysqli_error($link));
return false;
}
if ($row_normal['label'] != $bind_res) {
printf("[%04d] PS and non-PS return different data.\n", $offset + 17);
return false;
}
mysqli_free_result($res_normal);
$num++;
}
if ($num != 3) {
printf("[%04d] [%d] %s, expecting 3 results, got only %d results\n", $offset + 18, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt), $num);
mysqli_free_result($res);
mysqli_stmt_close($stmt);
return false;
}
mysqli_free_result($res);
mysqli_stmt_close($stmt);
return true;
}
/**
* if params are passed in, as an array of values, sql gets executed as
* a prepared statement. if a DataModel is passed in
* it returns a DataModelIterator of DataModel objects.
* otherwise, it returns the results of the query as an
* associative array
*
* @param string $sql
* @param array $params
* @param DataModel $o
* @throws Exception
* @return mixed array or DataModelIterator
*/
public function query($sql, $params = null, DataModel $o = null)
{
$results = array();
if (!$params) {
if ($result = $this->conn->query($sql)) {
if ($result !== true) {
while ($row = $result->fetch_assoc()) {
array_push($results, $row);
}
$result->close();
}
}
} else {
if (!($stmt = $this->conn->prepare($sql))) {
throw new Exception('Please check your sql statement : unable to prepare');
}
$stmt_params = array();
foreach ($params as $k => &$param) {
$stmt_params[$k] =& $param;
}
array_unshift($stmt_params, str_repeat('s', count($params)));
array_unshift($stmt_params, $stmt);
call_user_func_array('mysqli_stmt_bind_param', $stmt_params);
if ($stmt->execute() === false) {
throw new Exception(mysqli_stmt_error($stmt));
}
$result = $stmt->result_metadata();
$fields = array();
while ($field = mysqli_fetch_field($result)) {
$name = $field->name;
$fields[$name] =& ${$name};
}
array_unshift($fields, $stmt);
call_user_func_array('mysqli_stmt_bind_result', $fields);
array_shift($fields);
while (mysqli_stmt_fetch($stmt)) {
$temp = array();
foreach ($fields as $key => $val) {
$temp[$key] = $val;
}
array_push($results, $temp);
}
mysqli_free_result($result);
mysqli_stmt_close($stmt);
}
if ($o) {
// populate referenced data model object
$dmc = new DataModelIterator();
foreach ($results as $rec) {
$dmc->add($this->populate($o, $rec));
}
return $dmc;
} else {
// return as associative array
return $results;
}
}
if (mysqli_real_query($link, 'CREATE PROCEDURE p(IN ver_in VARCHAR(25), OUT ver_out VARCHAR(25)) BEGIN SELECT ver_in INTO ver_out; END;')) {
if (!($stmt = mysqli_prepare($link, 'CALL p(?, ?)'))) {
printf("[005] Cannot prepare CALL, [%d] %s\n", mysqli_errno($link), mysqli_error($link));
}
$ver_in = 'myversion';
$ver_out = '';
if (!mysqli_stmt_bind_param($stmt, 'ss', $ver_in, $ver_out)) {
printf("[006] Cannot bind parameter, [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
if (!mysqli_stmt_execute($stmt)) {
printf("[007] Cannot execute CALL, [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
printf("[008] More results: %s\n", mysqli_more_results($link) ? "yes" : "no");
printf("[009] Next results: %s\n", mysqli_next_result($link) ? "yes" : "no");
if (!mysqli_stmt_bind_result($stmt, $ver_out) || !mysqli_stmt_fetch($stmt)) {
printf("[010] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
if ("myversion" !== $ver_out) {
printf("[011] Results seem wrong got '%s'\n", $ver_out);
}
if (!mysqli_stmt_close($stmt)) {
printf("[012] Cannot close statement, [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
if (!($res = $link->query("SELECT 1"))) {
printf("[013] [%d] %s\n", $link->errno, $link->error);
}
} else {
printf("[004] Cannot create SP, [%d] %s.\n", mysqli_errno($link), mysqli_error($link));
}
mysqli_close($link);
print "done!";
if (!mysqli_stmt_execute($stmt_ins)) {
printf("[008 - %d] [%d] %s\n", $bits, mysqli_stmt_errno($stmt_ins), mysqli_stmt_error($stmt_ins));
break;
}
$sql = sprintf("SELECT id, BIN(bit_value) AS _bin, bit_value, bit_value + 0 AS _bit_value0, bit_null FROM test WHERE id = %s", $value);
if (!mysqli_stmt_prepare($stmt_sel, $sql) || !mysqli_stmt_execute($stmt_sel)) {
printf("[009 - %d] [%d] %s\n", $bits, mysqli_stmt_errno($stmt_sel), mysqli_stmt_error($stmt_sel));
break;
}
$row = array('id' => -1, '_bin' => -1, 'bit_value' => -1, '_bit_value0' => -1, 'bit_null' => -1);
if (!mysqli_stmt_bind_result($stmt_sel, $row['id'], $row['_bin'], $row['bit_value'], $row['_bit_value0'], $row['bit_null'])) {
printf("[010 - %d] [%d] %s\n", $bits, mysqli_stmt_errno($stmt_sel), mysqli_stmt_error($stmt_sel));
break;
}
if (!($ret = mysqli_stmt_fetch($stmt_sel))) {
printf("[011 - %d] mysqli_stmt_fetch() has failed for %d bits - ret = %s/%s, [%d] %s, [%d] %s\n", $bits, $bits, gettype($ret), $ret, mysqli_stmt_errno($stmt_sel), mysqli_stmt_error($stmt_sel), mysqli_errno($link_sel), mysqli_errno($link_sel));
break;
}
if ($value != $row['id'] || $bin != $row['_bin'] && $bin2 != $row['_bin']) {
debug_zval_dump($row);
printf("[012 - %d] Insert of %s in BIT(%d) column might have failed. id = %s, bin = %s (%s/%s)\n", $bits, $value, $bits, $row['id'], $row['_bin'], $bin, $bin2);
break;
}
if ($value != $row['bit_value']) {
debug_zval_dump($row);
printf("[013 - %d] Expecting %s got %s\n", $bits, $value, $row['bit_value']);
break;
}
if (null !== $row['bit_null']) {
debug_zval_dump($row);
printf("[014 - %d] Expecting null got %s/%s\n", $bits, gettype($row['bit_value']), $row['bit_value']);
/**
* Execute a prepared query statement helper method.
*
* @param mixed $result_class string which specifies which result class to use
* @param mixed $result_wrap_class string which specifies which class to wrap results in
*
* @return mixed MDB2_Result or integer (affected rows) on success,
* a MDB2 error on failure
* @access private
*/
function _execute($result_class = true, $result_wrap_class = false)
{
if (null === $this->statement) {
$result = parent::_execute($result_class, $result_wrap_class);
return $result;
}
$this->db->last_query = $this->query;
$this->db->debug($this->query, 'execute', array('is_manip' => $this->is_manip, 'when' => 'pre', 'parameters' => $this->values));
if ($this->db->getOption('disable_query')) {
$result = $this->is_manip ? 0 : null;
return $result;
}
$connection = $this->db->getConnection();
if (PEAR::isError($connection)) {
return $connection;
}
if (!is_object($this->statement)) {
$query = 'EXECUTE ' . $this->statement;
}
if (!empty($this->positions)) {
$paramReferences = array();
$parameters = array(0 => $this->statement, 1 => '');
$lobs = array();
$i = 0;
foreach ($this->positions as $parameter) {
if (!array_key_exists($parameter, $this->values)) {
return $this->db->raiseError(MDB2_ERROR_NOT_FOUND, null, null, 'Unable to bind to missing placeholder: ' . $parameter, __FUNCTION__);
}
$value = $this->values[$parameter];
$type = array_key_exists($parameter, $this->types) ? $this->types[$parameter] : null;
if (!is_object($this->statement)) {
if (is_resource($value) || $type == 'clob' || $type == 'blob' && $this->db->options['lob_allow_url_include']) {
if (!is_resource($value) && preg_match('/^(\\w+:\\/\\/)(.*)$/', $value, $match)) {
if ($match[1] == 'file://') {
$value = $match[2];
}
$value = @fopen($value, 'r');
$close = true;
}
if (is_resource($value)) {
$data = '';
while (!@feof($value)) {
$data .= @fread($value, $this->db->options['lob_buffer_length']);
}
if ($close) {
@fclose($value);
}
$value = $data;
}
}
$quoted = $this->db->quote($value, $type);
if (PEAR::isError($quoted)) {
return $quoted;
}
$param_query = 'SET @' . $parameter . ' = ' . $quoted;
$result = $this->db->_doQuery($param_query, true, $connection);
if (PEAR::isError($result)) {
return $result;
}
} else {
if (is_resource($value) || $type == 'clob' || $type == 'blob') {
$paramReferences[$i] = null;
// mysqli_stmt_bind_param() requires parameters to be passed by reference
$parameters[] =& $paramReferences[$i];
$parameters[1] .= 'b';
$lobs[$i] = $parameter;
} else {
$paramReferences[$i] = $this->db->quote($value, $type, false);
if (PEAR::isError($paramReferences[$i])) {
return $paramReferences[$i];
}
// mysqli_stmt_bind_param() requires parameters to be passed by reference
$parameters[] =& $paramReferences[$i];
$parameters[1] .= $this->db->datatype->mapPrepareDatatype($type);
}
++$i;
}
}
if (!is_object($this->statement)) {
$query .= ' USING @' . implode(', @', array_values($this->positions));
} else {
$result = call_user_func_array('mysqli_stmt_bind_param', $parameters);
if (false === $result) {
$err = $this->db->raiseError(null, null, null, 'Unable to bind parameters', __FUNCTION__);
return $err;
}
foreach ($lobs as $i => $parameter) {
$value = $this->values[$parameter];
$close = false;
if (!is_resource($value)) {
$close = true;
if (preg_match('/^(\\w+:\\/\\/)(.*)$/', $value, $match)) {
if ($match[1] == 'file://') {
$value = $match[2];
}
$value = @fopen($value, 'r');
} else {
$fp = @tmpfile();
@fwrite($fp, $value);
@rewind($fp);
$value = $fp;
}
}
while (!@feof($value)) {
$data = @fread($value, $this->db->options['lob_buffer_length']);
@mysqli_stmt_send_long_data($this->statement, $i, $data);
}
if ($close) {
@fclose($value);
}
}
}
}
if (!is_object($this->statement)) {
$result = $this->db->_doQuery($query, $this->is_manip, $connection);
if (PEAR::isError($result)) {
return $result;
}
if ($this->is_manip) {
$affected_rows = $this->db->_affectedRows($connection, $result);
return $affected_rows;
}
$result = $this->db->_wrapResult($result, $this->result_types, $result_class, $result_wrap_class, $this->limit, $this->offset);
} else {
//echo '<pre>'; var_dump($this->statement, mysqli_stmt_error($this->statement));exit;
if (!mysqli_stmt_execute($this->statement)) {
echo '<pre>';
var_dump($this->statement, mysqli_stmt_error($this->statement));
exit;
$err = $this->db->raiseError(null, null, null, 'Unable to execute statement', __FUNCTION__);
return $err;
}
if ($this->is_manip) {
$affected_rows = @mysqli_stmt_affected_rows($this->statement);
return $affected_rows;
}
if ($this->db->options['result_buffering']) {
@mysqli_stmt_store_result($this->statement);
}
$result = $this->db->_wrapResult($this->statement, $this->result_types, $result_class, $result_wrap_class, $this->limit, $this->offset);
}
$this->db->debug($this->query, 'execute', array('is_manip' => $this->is_manip, 'when' => 'post', 'result' => $result));
return $result;
}
printf("[019] Expecting object/mysqli_result got %s/%s, [%d] %s\n", gettype($res), $res, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
$id = $label = null;
if (!mysqli_stmt_bind_result($stmt, $id, $label)) {
printf("[020] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
$row = mysqli_fetch_assoc($res);
if (NULL !== $id || NULL !== $label) {
printf("[021] Bound variables should not have been set\n");
}
mysqli_free_result($res);
mysqli_stmt_close($stmt);
if (!($stmt = mysqli_stmt_init($link)) || !mysqli_stmt_prepare($stmt, "SELECT id, label FROM test ORDER BY id ASC LIMIT 2") || !mysqli_stmt_execute($stmt)) {
printf("[022] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
if (!is_object($res = mysqli_stmt_get_result($stmt)) || 'mysqli_result' != get_class($res)) {
printf("[023] Expecting object/mysqli_result got %s/%s, [%d] %s\n", gettype($res), $res, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
if (!in_array($res->type, array(MYSQLI_STORE_RESULT, MYSQLI_USE_RESULT))) {
printf("[024] Unknown result set type %s\n", $res->type);
}
if ($res->type !== MYSQLI_STORE_RESULT) {
printf("[025] Expecting int/%d got %s/%s", MYSQLI_STORE_RESULT, gettype($res->type), $res->type);
}
mysqli_free_result($res);
mysqli_stmt_close($stmt);
mysqli_close($link);
if (NULL !== ($res = mysqli_stmt_get_result($stmt))) {
printf("[022] Expecting NULL got %s/%s\n", gettype($res), $res);
}
print "done!";
$list[] = "<hr><div class='row'><div class='col-md-8 question'>" . $q . "</div><div class='col-md-4'><div class='row'><div class='col-md-9'><div class='razorate' data-average='" . $r . "' data-id='" . $id * 3823 . "'></div></div><div class='col-md-3'><input type='submit' class='btn btn-success faqrate' onclick='javascript:return false;' value='Rate'/></div></div></div><div class='row'><div class='col-md-12'>" . html_entity_decode($a) . "</div></div></div>";
}
} else {
while (mysqli_stmt_fetch($stmt)) {
$list[] = "<hr><div class='row'><div class='col-md-8 question'>" . $q . "</div><div class='row'><div class='col-md-offset-8 col-md-4 reqlogin'><p>To rate this answer, please <a href='../index.php'>Log In or Register</a></div></div></div><div class='row'><div class='col-md-12'>" . html_entity_decode($a) . "</div></div>";
}
}
}
} else {
$error = mysqli_stmt_error($stmt);
}
} else {
$error = mysqli_stmt_error($stmt);
}
} else {
$error = mysqli_stmt_error($stmt);
}
$mysqli->close();
$siteurl = dirname(dirname(curPageURL()));
$siteurl = explode('?', $siteurl);
$siteurl = $siteurl[0];
if (!isset($_SESSION['token']['act'])) {
$_SESSION['token']['act'] = random_token(7);
}
require_once '../php/translator/class.translation.php';
if (isset($setting[11]) && $setting[11] == 0 && isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
if (!is_file('../php/translator/lang/' . $lang . '.csv')) {
$lang = 'en';
}
} else {
}
$label = null;
if (mysqli_stmt_bind_param($stmt, "s", $label)) {
printf("[014] expected error - got ok\n");
}
while (mysqli_stmt_fetch($stmt)) {
if (1 !== ($tmp = mysqli_stmt_field_count($stmt))) {
printf("[015] Expecting int/1, got %s/%s\n", gettype($tmp), $tmp);
}
}
if (!mysqli_stmt_prepare($stmt, 'INSERT INTO test(id) VALUES (100)')) {
printf("[016] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
if (0 !== ($tmp = mysqli_stmt_field_count($stmt))) {
printf("[017] Expecting int/0, got %s/%s\n", gettype($tmp), $tmp);
}
if (!mysqli_stmt_prepare($stmt, "UPDATE test SET label = 'z' WHERE id = 1") || !mysqli_stmt_execute($stmt)) {
printf("[018] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
if (0 !== ($tmp = mysqli_stmt_field_count($stmt))) {
printf("[019] Expecting int/0, got %s/%s\n", gettype($tmp), $tmp);
}
mysqli_stmt_close($stmt);
if (mysqli_stmt_prepare($stmt, 'SELECT id FROM test')) {
printf("[020] Prepare should fail, statement has been closed\n");
}
if (!is_null($tmp = mysqli_stmt_field_count($stmt))) {
printf("[011] Expecting NULL, got %s/%s\n", gettype($tmp), $tmp);
}
mysqli_close($link);
print "done!";
/**
* 查询符合条件的记录数
* @return integer 返回记录数
*/
public function getListLength()
{
$rt = 0;
if ($this->sqlStmt["groupBy"] !== null) {
$sql = "select count(DISTINCT(" . $this->sqlStmt["groupBy"] . ")) from `{$this->tableName}`";
} else {
$sql = "select count(*) from `{$this->tableName}`";
}
if ($this->sqlStmt["whereStmt"]) {
$sql .= " where " . $this->sqlStmt["whereStmt"];
}
//查询条件
$this->lastSql = $sql;
$stmt = mysqli_prepare($this->conn, $sql);
if ($stmt) {
if ($this->sqlStmt["bindTypes"] && $this->sqlStmt["bindParams"]) {
call_user_func_array([$stmt, "bind_param"], array_merge([$this->sqlStmt["bindTypes"]], $this->arr2Reference($this->sqlStmt["bindParams"])));
}
if (mysqli_stmt_execute($stmt)) {
mysqli_stmt_bind_result($stmt, $rt);
$stmt->fetch();
$stmt->free_result();
} else {
$this->logError(mysqli_stmt_error($stmt));
}
$stmt->close();
} else {
$this->logError(mysqli_error($this->conn));
}
$this->degbugLog();
return $rt;
}
if (!($stmt = mysqli_stmt_init($link))) {
printf("[009] [%d] %s\n", mysqli_errno($link), mysqli_error($link));
}
if (!mysqli_stmt_prepare($stmt, "SELECT id, label FROM test ORDER BY id LIMIT 2")) {
printf("[010] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
if (!mysqli_stmt_execute($stmt)) {
printf("[011] [%d] %s\n", mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
$id = NULL;
$label = NULL;
if (true !== ($tmp = mysqli_stmt_bind_result($stmt, $id, $label))) {
printf("[012] Expecting boolean/true, got %s/%s\n", gettype($tmp), $tmp);
}
if (true !== ($tmp = mysqli_stmt_fetch($stmt))) {
printf("[013] Expecting boolean/true, got %s/%s, [%d] %s\n", gettype($tmp), $tmp, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
}
if (!mysqli_kill($link, mysqli_thread_id($link))) {
printf("[014] [%d] %s\n", mysqli_errno($link), mysqli_error($link));
}
if (true !== ($tmp = mysqli_stmt_fetch($stmt))) {
printf("[015] Expecting boolean/true, got %s/%s\n", gettype($tmp), $tmp);
}
mysqli_stmt_close($stmt);
if (NULL !== ($tmp = mysqli_stmt_fetch($stmt))) {
printf("[016] Expecting NULL, got %s/%s\n", gettype($tmp), $tmp);
}
mysqli_close($link);
/* Check that the function alias exists. It's a deprecated function,
but we have not announce the removal so far, therefore we need to check for it */
if (!is_null($tmp = @mysqli_stmt_fetch())) {
function testStatement($offset, $link, $sql, $expected_lib, $expected_mysqlnd, $check_mysqlnd, $compare)
{
if (!($stmt = mysqli_stmt_init($link))) {
printf("[%04d - %s] [%d] %s\n", $offset, $sql, mysqli_errno($link), mysqli_error($link));
return false;
}
if (!@mysqli_stmt_prepare($stmt, $sql)) {
/* Not all server versions will support all statements */
/* Failing to prepare is OK */
return true;
}
if (empty($expected_lib) && false !== $res) {
printf("[%04d - %s] No metadata expected\n", $offset + 1, $sql);
return false;
} else {
if (!empty($expected_lib) && false == $res) {
printf("[%04d - %s] Metadata expected\n", $offset + 2, $sql);
return false;
}
}
if (!empty($expected_lib)) {
if (!is_object($res)) {
printf("[%04d - %s] [%d] %s\n", $offset + 3, $sql, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if (get_class($res) != 'mysqli_result') {
printf("[%04d - %s] Expecting object/mysqli_result got object/%s\n", $offset + 4, $sql, get_class($res));
return false;
}
$meta = array('num_fields' => mysqli_num_fields($res), 'fetch_field' => mysqli_fetch_field($res), 'fetch_field_direct0' => mysqli_fetch_field_direct($res, 0), 'fetch_field_direct1' => @mysqli_fetch_field_direct($res, 1), 'fetch_fields' => count(mysqli_fetch_fields($res)), 'field_count' => $res->field_count, 'field_seek-1' => @mysqli_field_seek($res, -1), 'field_seek0' => mysqli_field_seek($res, 0), 'field_tell' => mysqli_field_tell($res));
if (is_object($meta['fetch_field'])) {
$meta['fetch_field']->charsetnr = 'ignore';
$meta['fetch_field']->flags = 'ignore';
}
if (is_object($meta['fetch_field_direct0'])) {
$meta['fetch_field_direct0']->charsetnr = 'ignore';
$meta['fetch_field_direct0']->flags = 'ignore';
}
if (is_object($meta['fetch_field_direct1'])) {
$meta['fetch_field_direct1']->charsetnr = 'ignore';
$meta['fetch_field_direct1']->flags = 'ignore';
}
mysqli_free_result($res);
if ($meta != $expected_lib) {
printf("[%04d - %s] Metadata differs from expected values\n", $offset + 5, $sql);
var_dump($meta);
var_dump($expected_lib);
return false;
}
}
if (function_exists('mysqli_stmt_get_result')) {
/* mysqlnd only */
if (!mysqli_stmt_execute($stmt)) {
printf("[%04d - %s] [%d] %s\n", $offset + 6, $sql, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
$res = mysqli_stmt_get_result($stmt);
if (false === $res && !empty($expected_mysqlnd)) {
printf("[%04d - %s] Expecting resultset [%d] %s\n", $offset + 7, $sql, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
} else {
if (empty($expected_mysqlnd) && false !== $res) {
printf("[%04d - %s] Unexpected resultset [%d] %s\n", $offset + 8, $sql, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
}
if (!is_object($res)) {
printf("[%04d - %s] [%d] %s\n", $offset + 9, $sql, mysqli_stmt_errno($stmt), mysqli_stmt_error($stmt));
return false;
}
if ('mysqli_result' != get_class($res)) {
printf("[%04d - %s] Expecting object/mysqli_result got object/%s\n", $offset + 10, $sql, get_class($res));
return false;
}
$meta_res = array('num_fields' => mysqli_num_fields($res), 'fetch_field' => mysqli_fetch_field($res), 'fetch_field_direct0' => mysqli_fetch_field_direct($res, 0), 'fetch_field_direct1' => @mysqli_fetch_field_direct($res, 1), 'fetch_fields' => count(mysqli_fetch_fields($res)), 'field_count' => mysqli_field_count($link), 'field_seek-1' => @mysqli_field_seek($res, -1), 'field_seek0' => mysqli_field_seek($res, 0), 'field_tell' => mysqli_field_tell($res));
if (is_object($meta_res['fetch_field'])) {
$meta_res['fetch_field']->charsetnr = 'ignore';
$meta_res['fetch_field']->flags = 'ignore';
}
if (is_object($meta_res['fetch_field_direct0'])) {
$meta_res['fetch_field_direct0']->charsetnr = 'ignore';
$meta_res['fetch_field_direct0']->flags = 'ignore';
}
if (is_object($meta_res['fetch_field_direct1'])) {
$meta_res['fetch_field_direct1']->charsetnr = 'ignore';
$meta_res['fetch_field_direct1']->flags = 'ignore';
}
mysqli_free_result($res);
if ($check_mysqlnd && $meta_res != $expected_mysqlnd) {
printf("[%04d - %s] Metadata differs from expected\n", $offset + 11, $sql);
var_dump($meta_res);
var_dump($expected_mysqlnd);
} else {
if ($meta_res['field_count'] < 1) {
printf("[%04d - %s] Metadata seems wrong, no fields?\n", $offset + 12, $sql);
var_dump($meta_res);
var_dump(mysqli_fetch_assoc($res));
}
}
if ($compare && $meta_res != $meta) {
printf("[%04d - %s] Metadata returned by mysqli_stmt_result_metadata() and mysqli_stmt_get_result() differ\n", $offset + 13, $sql);
var_dump($meta_res);
var_dump($meta);
}
}
mysqli_stmt_close($stmt);
return true;
}
