/**
* return var escaped to prevent database injection attacks.
*
* @param $par string string variable to clean
*/
public function clean($par)
{
// temporal
// remove any & character
//$par = str_replace( '&', '', $par );
//Stripslashes
if (get_magic_quotes_gpc()) {
$par = stripslashes($par);
}
//Quote
$conex = Fishbones::getDB()->conex;
$val = mysql_real_escape_string($par, $conex);
return $val;
}
/**
* output xml doc <data><line><value>x</value></line></data>
*
* @param $data String the data
* createa an xml document with a value node in a line node in a data root node
* send that to output, and die the script
*
*/
public function outXmlValue($value)
{
header("Content-Type: text/xml");
header("Cache-Control: no-store, no-cache, must-revalidate");
$domXml = new DOMDocument('1.0', 'utf-8');
$dataNode = $domXml->appendChild(new DOMElement('data'));
$lineNode = $dataNode->appendChild(new DOMElement('line'));
//$valueNode = $lineNode->appendChild( new DOMElement('value', $value ) );
$valueNode = $lineNode->appendChild(new DOMElement('value'));
$texNode = $domXml->createTextNode($value);
$valueNode->appendChild($texNode);
$xmlString = $domXml->saveXML();
Fishbones::getLog()->writeOutput($xmlString);
die($xmlString);
}
/**
* executeas a sql and return result as array
*
* @param string $sql sql query
*
* @return array|boolean numeric indexed array of associative arrays with
* data value pairs,
* array with one element, empty array in case of sucess but no resulset
* this cast to boolena true, and iterations do nothing
* boolean false on error
*
*/
public function queryAsArray($sql)
{
$this->error = '';
Fishbones::getLog()->writeSql($sql);
$res = mysql_query($sql, $this->conex);
// query error
if (!$res) {
$this->transactionStarted ? $this->rollBack() : null;
$error = "database query error";
$this->error = $error;
Fishbones::getLog()->writeDatabaseError($error);
Fishbones::getLog()->keepLog();
return false;
}
// query sucess with reults
if (is_resource($res)) {
$this->resul = array();
while ($assoc = mysql_fetch_assoc($res)) {
$this->resul[] = $assoc;
}
return $this->resul;
}
// revised: just return an array
// query sucess with no resulset
// empty array cast to boolean false
// so return array with one element. empty array, to make function result cast to true
//if ( $res == true ) {
//if ( $res == true ) {
$this->resul = array();
//$this->resul[] = array();
return $this->resul;
//}
}
Fishbones::getDB()->startTransaction();
/////////////////////////////////////////////////////////////////////////////
// db query
$sql = "\r\n\tSELECT \r\n\t*\r\n\tFROM items_{$groupId}\r\n\tWHERE\r\n\titem_id = {$itemId}\r\n";
$result = Fishbones::getDB()->queryAsArray($sql);
if ($result === false) {
Fishbones::getDB()->rollback();
Fishbones::getPump()->outXmlErrorString("database error 80");
}
// check if item has been deleted
if (count($result) == 0) {
Fishbones::getDB()->rollback();
Fishbones::getPump()->outXmlValue("del");
}
$some_data = $result['0']['some_data'];
Fishbones::getLog()->writeDebug('itemCreatorId: ' . $some_data);
$new_data = strrev($some_data);
///////////////////////////////////////////////////////////////////////////
// update
$sql = "\r\n\tUPDATE items_{$groupId} SET\r\n\r\n\tsome_data = '\${$new_data}'\r\n\t\r\n\tWHERE vote_user_id = '{$userId}'\r\n\titem_id = '{$itemId}'\r\n";
$check = Fishbones::getDB()->query($sql);
if ($check === false) {
Fishbones::getDB()->rollback();
Fishbones::getPump()->outXmlErrorString("Error 92");
}
///////////////////////////////////////////////////////////////////////////
Fishbones::getDB()->commit();
///////////////////////////////////////////////////////////////////////////
// output
Fishbones::getPump()->outXmlValue('ok');
/**
* keep log file
* append it to a more permanet one
* @return boolean true on sucess, false on error
*/
public function keepLog()
{
if (!Fishbones::getConfig()->debugLog) {
return true;
}
$file = fopen(Fishbones::getConfig()->currentPathToStart . Fishbones::getConfig()->currentPathToFishbones . 'logs/' . $this->keepfilename, 'at');
$logCurrentSize = filesize(Fishbones::getConfig()->currentPathToStart . Fishbones::getConfig()->currentPathToFishbones . 'logs/' . $this->keepfilename);
if ($logCurrentSize > $this->keepMaxSize) {
ftruncate($file, 0);
}
$logtext = file_get_contents(Fishbones::getConfig()->currentPathToStart . Fishbones::getConfig()->currentPathToFishbones . 'logs/' . $this->filename);
fwrite($file, "=====================================================================\n");
fwrite($file, $logtext);
fwrite($file, "=====================================================================\n");
fclose($file);
}
<?php
// fishbones starting point
// this var is required
// put Fish folder in a non internet accesable folder for security , and modify the path var below accordingly
$pathToFishbones = 'fishbones/';
// config should come first
include $pathToFishbones . 'Config.php';
// second the core classes
include $pathToFishbones . 'core/Log.php';
include $pathToFishbones . 'core/DB.php';
include $pathToFishbones . 'core/Pump.php';
include $pathToFishbones . 'core/CleanVars.php';
// the Fish class
include $pathToFishbones . 'core/Fishbones.php';
/////////////////////////////////////////////////////////////////////////////////
Fishbones::getConfig()->currentPathToStart = $pathToStart;
Fishbones::getConfig()->currentPathToFishbones = $pathToFishbones;
/////////////////////////////////////////////////////////////////////////////////
if (Fishbones::getConfig()->autoEscapeHttpRequestVars) {
Fishbones::getCleanVars()->cleanHttpRequestVars();
}
/////////////////////////////////////////////////////////////////////////////////
<?php // fishbones sample webservice: // // simple load data as xml. // The xml data can be used to feed a model in the client // point this to start.php $pathToStart = '../../start.php'; include $pathToStart; /////////////////////////////////////////////////////////////////////////// // read data and send as xml $sql = "\r\nSELECT some_data\r\nFROM some_table st\r\n"; // get query result as xml dom $xmlResul = Fishbones::getDB()->queryAsXmlDom($sql); // output Fishbones::getPump()->outXml($xmlResul);
