/** * return var escaped to prevent database injection attacks. * * @param $par string string variable to clean */ public function clean($par) { // temporal // remove any & character //$par = str_replace( '&', '', $par ); //Stripslashes if (get_magic_quotes_gpc()) { $par = stripslashes($par); } //Quote $conex = Fishbones::getDB()->conex; $val = mysql_real_escape_string($par, $conex); return $val; }
/** * output xml doc <data><line><value>x</value></line></data> * * @param $data String the data * createa an xml document with a value node in a line node in a data root node * send that to output, and die the script * */ public function outXmlValue($value) { header("Content-Type: text/xml"); header("Cache-Control: no-store, no-cache, must-revalidate"); $domXml = new DOMDocument('1.0', 'utf-8'); $dataNode = $domXml->appendChild(new DOMElement('data')); $lineNode = $dataNode->appendChild(new DOMElement('line')); //$valueNode = $lineNode->appendChild( new DOMElement('value', $value ) ); $valueNode = $lineNode->appendChild(new DOMElement('value')); $texNode = $domXml->createTextNode($value); $valueNode->appendChild($texNode); $xmlString = $domXml->saveXML(); Fishbones::getLog()->writeOutput($xmlString); die($xmlString); }
/** * executeas a sql and return result as array * * @param string $sql sql query * * @return array|boolean numeric indexed array of associative arrays with * data value pairs, * array with one element, empty array in case of sucess but no resulset * this cast to boolena true, and iterations do nothing * boolean false on error * */ public function queryAsArray($sql) { $this->error = ''; Fishbones::getLog()->writeSql($sql); $res = mysql_query($sql, $this->conex); // query error if (!$res) { $this->transactionStarted ? $this->rollBack() : null; $error = "database query error"; $this->error = $error; Fishbones::getLog()->writeDatabaseError($error); Fishbones::getLog()->keepLog(); return false; } // query sucess with reults if (is_resource($res)) { $this->resul = array(); while ($assoc = mysql_fetch_assoc($res)) { $this->resul[] = $assoc; } return $this->resul; } // revised: just return an array // query sucess with no resulset // empty array cast to boolean false // so return array with one element. empty array, to make function result cast to true //if ( $res == true ) { //if ( $res == true ) { $this->resul = array(); //$this->resul[] = array(); return $this->resul; //} }
Fishbones::getDB()->startTransaction(); ///////////////////////////////////////////////////////////////////////////// // db query $sql = "\r\n\tSELECT \r\n\t*\r\n\tFROM items_{$groupId}\r\n\tWHERE\r\n\titem_id = {$itemId}\r\n"; $result = Fishbones::getDB()->queryAsArray($sql); if ($result === false) { Fishbones::getDB()->rollback(); Fishbones::getPump()->outXmlErrorString("database error 80"); } // check if item has been deleted if (count($result) == 0) { Fishbones::getDB()->rollback(); Fishbones::getPump()->outXmlValue("del"); } $some_data = $result['0']['some_data']; Fishbones::getLog()->writeDebug('itemCreatorId: ' . $some_data); $new_data = strrev($some_data); /////////////////////////////////////////////////////////////////////////// // update $sql = "\r\n\tUPDATE items_{$groupId} SET\r\n\r\n\tsome_data = '\${$new_data}'\r\n\t\r\n\tWHERE vote_user_id = '{$userId}'\r\n\titem_id = '{$itemId}'\r\n"; $check = Fishbones::getDB()->query($sql); if ($check === false) { Fishbones::getDB()->rollback(); Fishbones::getPump()->outXmlErrorString("Error 92"); } /////////////////////////////////////////////////////////////////////////// Fishbones::getDB()->commit(); /////////////////////////////////////////////////////////////////////////// // output Fishbones::getPump()->outXmlValue('ok');
/** * keep log file * append it to a more permanet one * @return boolean true on sucess, false on error */ public function keepLog() { if (!Fishbones::getConfig()->debugLog) { return true; } $file = fopen(Fishbones::getConfig()->currentPathToStart . Fishbones::getConfig()->currentPathToFishbones . 'logs/' . $this->keepfilename, 'at'); $logCurrentSize = filesize(Fishbones::getConfig()->currentPathToStart . Fishbones::getConfig()->currentPathToFishbones . 'logs/' . $this->keepfilename); if ($logCurrentSize > $this->keepMaxSize) { ftruncate($file, 0); } $logtext = file_get_contents(Fishbones::getConfig()->currentPathToStart . Fishbones::getConfig()->currentPathToFishbones . 'logs/' . $this->filename); fwrite($file, "=====================================================================\n"); fwrite($file, $logtext); fwrite($file, "=====================================================================\n"); fclose($file); }
<?php // fishbones starting point // this var is required // put Fish folder in a non internet accesable folder for security , and modify the path var below accordingly $pathToFishbones = 'fishbones/'; // config should come first include $pathToFishbones . 'Config.php'; // second the core classes include $pathToFishbones . 'core/Log.php'; include $pathToFishbones . 'core/DB.php'; include $pathToFishbones . 'core/Pump.php'; include $pathToFishbones . 'core/CleanVars.php'; // the Fish class include $pathToFishbones . 'core/Fishbones.php'; ///////////////////////////////////////////////////////////////////////////////// Fishbones::getConfig()->currentPathToStart = $pathToStart; Fishbones::getConfig()->currentPathToFishbones = $pathToFishbones; ///////////////////////////////////////////////////////////////////////////////// if (Fishbones::getConfig()->autoEscapeHttpRequestVars) { Fishbones::getCleanVars()->cleanHttpRequestVars(); } /////////////////////////////////////////////////////////////////////////////////
<?php // fishbones sample webservice: // // simple load data as xml. // The xml data can be used to feed a model in the client // point this to start.php $pathToStart = '../../start.php'; include $pathToStart; /////////////////////////////////////////////////////////////////////////// // read data and send as xml $sql = "\r\nSELECT some_data\r\nFROM some_table st\r\n"; // get query result as xml dom $xmlResul = Fishbones::getDB()->queryAsXmlDom($sql); // output Fishbones::getPump()->outXml($xmlResul);