/** * {@inheritDoc} */ public function quoteTrustedValue($value) { if (function_exists('db2_escape_string')) { return '\'' . db2_escape_string($value) . '\''; } return '\'' . str_replace("'", "''", $value) . '\''; }
function quote($input, $type = \PDO::PARAM_STR) { $input = db2_escape_string($input); if ($type == \PDO::PARAM_INT) { return $input; } else { return "'" . $input . "'"; } }
/** * Quote a raw string. * * @param string $value Raw string * @return string Quoted string */ protected function _quote($value) { if (is_int($value) || is_float($value)) { return $value; } /** * Use db2_escape_string() if it is present in the IBM DB2 extension. * But some supported versions of PHP do not include this function, * so fall back to default quoting in the parent class. */ if (function_exists('db2_escape_string')) { return "'" . db2_escape_string($value) . "'"; } return parent::_quote($value); }
/** * Quote a raw string. * * @param string $value Raw string * @return string Quoted string */ protected function _quote($value) { /** * Some releases of the IBM DB2 extension appear * to be missing the db2_escape_string() method. * The method was added in ibm_db2.c revision 1.53 * according to cvs.php.net. But the function is * not present in my build of PHP 5.2.1. */ if (function_exists('db2_escape_string')) { return "'" . db2_escape_string($value) . "'"; } return parent::_quote($value); }
function checkConnection() { global $DB; if (!$this->getConfig('check_fields_result')) { return false; } $DB['TYPE'] = $this->getConfig('DB_TYPE'); if (is_null($DB['TYPE'])) { return false; } $DB['SERVER'] = $this->getConfig('DB_SERVER', 'localhost'); $DB['PORT'] = $this->getConfig('DB_PORT', '0'); $DB['DATABASE'] = $this->getConfig('DB_DATABASE', 'zabbix'); $DB['USER'] = $this->getConfig('DB_USER', 'root'); $DB['PASSWORD'] = $this->getConfig('DB_PASSWORD', ''); $DB['SCHEMA'] = $this->getConfig('DB_SCHEMA', ''); $error = ''; // during setup set debug to false to avoid displaying unwanted PHP errors in messages if (!($result = DBconnect($error))) { error($error); } else { $result = true; if (!zbx_empty($DB['SCHEMA']) && $DB['TYPE'] == ZBX_DB_DB2) { $db_schema = DBselect('SELECT schemaname FROM syscat.schemata WHERE schemaname=\'' . db2_escape_string($DB['SCHEMA']) . '\''); $result = DBfetch($db_schema); } if ($result) { $result = DBexecute('CREATE TABLE zabbix_installation_test (test_row INTEGER)'); $result &= DBexecute('DROP TABLE zabbix_installation_test'); } } DBclose(); $DB = null; return $result; }
function insertIntoRestaurant($name1, $street, $city, $state, $zip, $long, $lat, $conn, $cities) { $sql = "insert into " . userAccount . ".restaurant values('" . db2_escape_string($name1) . "', NULL, '" . db2_escape_string($street) . "', '" . db2_escape_string($city) . "', '" . db2_escape_string($state) . "', '" . db2_escape_string($zip) . "', '" . COUNTY . "', " . $long . ", " . $lat . ", db2gse.ST_Point(" . $long . ", " . $lat . ", 1))"; if (array_key_exists($city, $GLOBALS['cities'])) { //Hashmap lookup to filter unwanted cities, O(1) /* $result = db2_exec( $GLOBALS['conn'] , $sql ); if(!$result){ //log failure //$sql .= "\r\n"; saveToFile(errorFile, $sql."\r\n"); }*/ try { $result = db2_exec($GLOBALS['conn'], $sql); //saveToFile(errorFile1, $sql."\r\n"); } catch (Exception $e) { //log failure //$sql .= "\r\n"; saveToFile(errorFile1, $sql . "\r\n"); echo "Query Failed<br>"; echo "Exception: " . $e->getMessage() . "<br>"; echo db2_conn_error() . "<br>"; echo db2_conn_errormsg() . "<br>"; } } else { //log rejected city //$sql .= "\r\n"; saveToFile(errorFile2, $sql . "\r\n"); } }
/** * This function escapes a string to be used in an SQL statement. * * @access public * @override * @param string $string the string to be escaped * @param char $escape the escape character * @return string the quoted string * @throws Throwable_SQL_Exception indicates that no connection could * be found * * @see http://www.php.net/manual/en/function.db2-escape-string.php * @see http://publib.boulder.ibm.com/infocenter/db2luw/v8/index.jsp?topic=/com.ibm.db2.udb.doc/admin/c0010966.htm * @see http://www.php.net/manual/en/mbstring.supported-encodings.php */ public function quote($string, $escape = NULL) { if (!$this->is_connected()) { throw new Throwable_SQL_Exception('Message: Failed to quote/escape string. Reason: Unable to find connection.'); } $string = "'" . db2_escape_string($string) . "'"; if (is_string($escape) or !empty($escape)) { $string .= " ESCAPE '{$escape}'"; } return $string; }
/** * Escape string for safe usage in SQL queries. * Works for ibmdb2, mysql, oracle, postgresql, sqlite. * * @param array|string $var * * @return array|bool|string */ function zbx_dbstr($var) { global $DB; if (!isset($DB['TYPE'])) { return false; } switch ($DB['TYPE']) { case ZBX_DB_DB2: if (is_array($var)) { foreach ($var as $vnum => $value) { $var[$vnum] = "'" . db2_escape_string($value) . "'"; } return $var; } return "'" . db2_escape_string($var) . "'"; case ZBX_DB_MYSQL: if (is_array($var)) { foreach ($var as $vnum => $value) { $var[$vnum] = "'" . mysqli_real_escape_string($DB['DB'], $value) . "'"; } return $var; } return "'" . mysqli_real_escape_string($DB['DB'], $var) . "'"; case ZBX_DB_ORACLE: if (is_array($var)) { foreach ($var as $vnum => $value) { $var[$vnum] = "'" . preg_replace('/\'/', '\'\'', $value) . "'"; } return $var; } return "'" . preg_replace('/\'/', '\'\'', $var) . "'"; case ZBX_DB_POSTGRESQL: if (is_array($var)) { foreach ($var as $vnum => $value) { $var[$vnum] = "'" . pg_escape_string($value) . "'"; } return $var; } return "'" . pg_escape_string($var) . "'"; case ZBX_DB_SQLITE3: if (is_array($var)) { foreach ($var as $vnum => $value) { $var[$vnum] = "'" . $DB['DB']->escapeString($value) . "'"; } return $var; } return "'" . $DB['DB']->escapeString($var) . "'"; default: return false; } }
/** * Alias for addQuotes() * @param $s String: string to escape * @return string escaped string */ public function strencode($s) { // Bloody useless function // Prepends backslashes to \x00, \n, \r, \, ', " and \x1a. // But also necessary $s = db2_escape_string($s); // Wide characters are evil -- some of them look like ' $s = utf8_encode($s); // Fix its stupidity $from = array("\\\\", "\\'", '\\n', '\\t', '\\"', '\\r'); $to = array("\\", "''", "\n", "\t", '"', "\r"); $s = str_replace($from, $to, $s); // DB2 expects '', not \' escaping return $s; }
/** * Values' composer * * @param string $value * * @return string * * @throws \Comodojo\Exception\DatabaseException */ private function composeValue($value) { $value_string_pattern = "'%s'"; $value_null_pattern = 'null'; $processed_value = null; if (is_bool($value) === true) { switch ($this->model) { case 'MYSQLI': case 'MYSQL_PDO': case 'POSTGRESQL': case 'DB2': $processed_value = $value ? 'TRUE' : 'FALSE'; break; case 'DBLIB_PDO': case 'ORACLE_PDO': case 'SQLITE_PDO': default: $processed_value = !$value ? 0 : 1; break; } } elseif (is_numeric($value)) { $processed_value = $value; } elseif (is_null($value)) { $processed_value = $value_null_pattern; } else { switch ($this->model) { case 'MYSQLI': $processed_value = sprintf($value_string_pattern, $this->dbh->escape_string($value)); break; case 'POSTGRESQL': $processed_value = sprintf($value_string_pattern, pg_escape_string($value)); break; case 'DB2': $processed_value = sprintf($value_string_pattern, db2_escape_string($value)); break; case 'MYSQL_PDO': case 'ORACLE_PDO': case 'SQLITE_PDO': case 'DBLIB_PDO': $processed_value = $this->dbh->quote($value); $processed_value = $processed_value === false ? sprintf($value_string_pattern, $value) : $processed_value; break; default: $processed_value = sprintf($value_string_pattern, $value); break; } } return $processed_value; }
function CheckConnection() { global $DB; // global $ZBX_MESSAGES; $DB['TYPE'] = $this->getConfig('DB_TYPE'); if (is_null($DB['TYPE'])) { return false; } $DB['SERVER'] = $this->getConfig('DB_SERVER', 'localhost'); $DB['PORT'] = $this->getConfig('DB_PORT', '0'); $DB['DATABASE'] = $this->getConfig('DB_DATABASE', 'zabbix'); $DB['USER'] = $this->getConfig('DB_USER', 'root'); $DB['PASSWORD'] = $this->getConfig('DB_PASSWORD', ''); $DB['SCHEMA'] = $this->getConfig('DB_SCHEMA', ''); $error = ''; if (!($result = DBconnect($error))) { // if(!is_null($ZBX_MESSAGES)) array_pop($ZBX_MESSAGES); error($error); } else { $result = true; if (!zbx_empty($DB['SCHEMA']) && $DB['TYPE'] == 'IBM_DB2') { $db_schema = DBselect("SELECT schemaname FROM syscat.schemata WHERE schemaname='" . db2_escape_string($DB['SCHEMA']) . "'"); $result = DBfetch($db_schema); } if ($result) { $result = DBexecute('CREATE table zabbix_installation_test ( test_row integer )'); $result &= DBexecute('DROP table zabbix_installation_test'); } } DBclose(); if ($DB['TYPE'] == 'SQLITE3' && !zbx_is_callable(array('sem_get', 'sem_acquire', 'sem_release', 'sem_remove'))) { error('SQLite3 requires IPC functions'); $result = false; } $DB = null; return $result; }
/** * {@inheritdoc} */ public function escape($str) { if ($str == '') { return ''; } if (function_exists('db2_escape_string')) { $str = db2_escape_string($str); } else { $str = addslashes($str); } return trim($str); }
function zbx_dbstr($var) { if (is_array($var)) { foreach ($var as $vnum => $value) { $var[$vnum] = "'" . db2_escape_string($value) . "'"; } return $var; } return "'" . db2_escape_string($var) . "'"; }
public function san_sqli($indexEscFunc, $input) { /* * 0 - mysql_real_escape_string * 1 - mysqli_real_escape_string * 2 - real_escape_string (mysqli oo) * ---- DB2 * 3 - db2_escape_string * ---- PostgreSQL * 4 - pg_escape_string */ $dec = base64_decode($input); $value = strcmp($input, $dec); if ($value !== 0) { $final = $dec; } else { if (strpos($input, '/*') && strpos($input, '*/')) { $final = str_replace('/*', '', $input); $final = str_replace('*/', '', $final); } else { if (preg_match("/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t(.*)>(.*)/i", $input) > 0 || preg_match("/<(.*)S(.*)C(.*)R(.*)I(.*)P(.*)T(.*)>(.*)/i", $input) > 0) { $final = htmlentities($input); } else { $final = $input; } } } if ($indexEscFunc == 0) { return mysql_real_escape_string($final); } if ($indexEscFunc == 1) { return mysqli_real_escape_string($final); } if ($indexEscFunc == 2) { return real_escape_string($final); } if ($indexEscFunc == 3) { return db2_escape_string($final); } if ($indexEscFunc == 4) { return pg_escape_string($final); } }
function CheckConnection() { global $DB; $DB['TYPE'] = $this->getConfig('DB_TYPE'); if (is_null($DB['TYPE'])) { return false; } $DB['SERVER'] = $this->getConfig('DB_SERVER', 'localhost'); $DB['PORT'] = $this->getConfig('DB_PORT', '0'); $DB['DATABASE'] = $this->getConfig('DB_DATABASE', 'zabbix'); $DB['USER'] = $this->getConfig('DB_USER', 'root'); $DB['PASSWORD'] = $this->getConfig('DB_PASSWORD', ''); $DB['SCHEMA'] = $this->getConfig('DB_SCHEMA', ''); $error = ''; if (!($result = DBconnect($error))) { error($error); } else { $result = true; if (!zbx_empty($DB['SCHEMA']) && $DB['TYPE'] == ZBX_DB_DB2) { $db_schema = DBselect('SELECT schemaname FROM syscat.schemata WHERE schemaname=\'' . db2_escape_string($DB['SCHEMA']) . '\''); $result = DBfetch($db_schema); } if ($result) { $result = DBexecute('CREATE TABLE zabbix_installation_test (test_row INTEGER)'); $result &= DBexecute('DROP TABLE zabbix_installation_test'); } } DBclose(); if ($DB['TYPE'] == ZBX_DB_SQLITE3 && !zbx_is_callable(array('ftok', 'sem_get', 'sem_acquire', 'sem_release', 'sem_remove'))) { error('Support of SQLite3 requires PHP IPC functions'); $result = false; } $DB = null; return $result; }