Esempio n. 1
0
/**
 * The function uses prepared statements.
 * Replacement params in mysqli format
 * Makes binding and query.
 * 
 *
 * @param mysqli_connect $dbConnect  Connection to database
 *
 * @param string $query  SQL-query to database 
 * Query can use ?i, ?d, ?s, ?b, ?a types for params
 *
 * @return mysqli_result  Database result
 */
function Database_query($dbConnect, $query)
{
    // getting variables for sql-query from function's arguments
    // 2 - skip first two params of function
    $args = array_slice(func_get_args(), 2);
    // getting types of variables in sql-query
    // ?i - integer
    // ?d - double
    // ?s - string
    // ?b - blob
    // ?a - array of strings
    $matches_count = preg_match_all('/\\?([idsba])/', $query, $matches);
    if (sizeof($matches) < 2) {
        return false;
    }
    // getting params for binding
    $params = [NULL, ''];
    // [ $stmt, $types ]
    $types = '';
    foreach ($matches[1] as $i => $type) {
        if ($type != 'a') {
            $types .= $type;
            $params[] =& $args[$i];
        } else {
            // array transform
            if (!array_key_exists($i, $args)) {
                return false;
            }
            if (!is_array($args[$i])) {
                $args[$i] = [$args[$i]];
            }
            foreach ($args[$i] as $k => &$v) {
                $params[] =& $v;
            }
            $length = sizeof($args[$i]);
            $types .= str_repeat('s', $length);
            $replace = substr(str_repeat('?,', $length), 0, -1);
            if ($replace === false) {
                $replace = "''";
            }
            $query = preg_replace('/\\?a/', $replace, $query, 1);
        }
    }
    // prepare statement
    // array already transformed
    $query = preg_replace('/\\?([idsb])/', '?', $query);
    if (!($stmt = mysqli_prepare($dbConnect, $query))) {
        trigger_error(mysqli_error($dbConnect));
        return false;
    }
    // first two params
    $params[0] = $stmt;
    $params[1] = $types;
    // mysqli binding
    if ($types !== '') {
        call_user_func_array("mysqli_stmt_bind_param", $params);
    }
    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);
    Database_affectedRows(mysqli_affected_rows($dbConnect));
    Database_insertID(mysqli_insert_id($dbConnect));
    mysqli_stmt_close($stmt);
    return $result;
}
Esempio n. 2
0
function User_setSID($hsid, $id)
{
    $q = "UPDATE Users\n\t\t\t\tSET hsid = ?s\n\t\t\t\tWHERE id = ?i";
    $result = Database_query(User_db(), $q, $hsid, $id);
    if (Database_affectedRows() > 0) {
        return true;
    } else {
        return false;
    }
}
Esempio n. 3
0
/**
 * Money transaction
 */
function Orders_makeTransaction($user_id, $order_id, $value)
{
    $q = "INSERT INTO Transactions\n\t\t\t\t(order_id, user_id, value)\n\t\t\t\tVALUES \n\t\t\t\t(?i, ?i, ?d)";
    $result = Database_query(Orders_db(), $q, $order_id, $user_id, $value);
    $id = Database_insertID();
    $q = "UPDATE Users\n\t\t\t\tSET account = account + ?d\n\t\t\t\tWHERE id = ?i";
    $result = Database_query(Orders_db(), $q, $value, $user_id);
    $count = Database_affectedRows();
    if (!$id || $count == 0) {
        Database_rollbackTransaction(Orders_db());
        Database_rollbackTransaction(Orders_transactions_db());
        return getError('database_error');
    }
    return $id;
}