public function run($sql, $bind = "", $fetch_mode = "all") { $this->sql = trim($sql); $this->bind = $this->cleanup($bind); $this->error = ""; try { $pdostmt = $this->prepare($this->sql); if (is_array($this->ssp_bind)) { \ssp_do_bindings($pdostmt, $this->ssp_bind); } if (count($this->bind) > 0) { $exec = $pdostmt->execute($this->bind); } else { $exec = $pdostmt->execute(); } if ($exec !== false) { if (preg_match("/^(" . implode("|", array("select", "describe", "pragma")) . ") /i", $this->sql)) { if ($fetch_mode == 'all') { if (\cx\app\main_functions::found($this->sql, "SQL_CALC_FOUND_ROWS")) { $ret = $pdostmt->fetchAll(PDO::FETCH_ASSOC); $fsql = "SELECT FOUND_ROWS() AS totalRows"; $totalRows = $this->query($fsql)->fetch(); $this->count = $totalRows[0]; return $ret; } else { $this->count = $pdostmt->rowCount(); return $pdostmt->fetchAll(PDO::FETCH_ASSOC); } } else { return $pdostmt->fetch(PDO::FETCH_ASSOC); } } elseif (preg_match("/^(" . implode("|", array("delete", "insert", "update")) . ") /i", $this->sql)) { return $pdostmt->rowCount(); } } } catch (PDOException $e) { $this->error = $e->getMessage(); $this->debug(); return false; } }
/** * Validate current class members * @method valudate * @return bool */ public function validate_mysql() { foreach ($this->members as $field => $value) { if ($field == $this->primary_key) { continue; } $tbl = main_fn::found($this->table, "`") ? $this->table : "`{$this->table}`"; $query = "SELECT `{$field}` FROM {$tbl} LIMIT 1"; $pdostmt = $this->database->prepare($query); $pdostmt->execute(); $meta = $pdostmt->getColumnMeta(0); $type = isset($meta['native_type']) ? $meta['native_type'] : ''; $len = $meta['len']; //echo $type." : len=".$len; switch ($type) { //This should be all uppercase input. case 'SHORT': //Small INT //Small INT case 'INT24': //MED INT //MED INT case 'LONGLONG': //BIG INT or SERIAL is an alias for BIGINT UNSIGNED NOT NULL AUTO_INCREMENT UNIQUE. //BIG INT or SERIAL is an alias for BIGINT UNSIGNED NOT NULL AUTO_INCREMENT UNIQUE. case 'LONG': // Integers if (!preg_match('/^[0-9]*$/', $value)) { echo "Failed Validation: NOT a digit {$type} {$field}"; return false; } // Does not allow decimal numbers!! if (strlen($value) > $len) { echo "Failed Validation: too long {$type} {$field}"; return false; } break; case 'FLOAT': if (strlen($value) > $len) { echo "Failed Validation: too long {$type} {$field}"; return false; } if (!is_float($value)) { echo "Failed Validation: NOT a float {$type} {$field}"; return false; } break; case 'NEWDECIMAL': if (strlen($value) > $len) { echo "Failed Validation: too long {$type} {$field}"; return false; } //if (!is_float($value)) return false; //This fails so its commented out. break; case 'DOUBLE': if (strlen($value) > $len) { echo "Failed Validation: too long {$type} {$field}"; return false; } if (!is_double($value)) { echo "Failed Validation: NOT a double {$type} {$field}"; return false; } break; case 'BLOB': // Text if ($len == '4294967295' || $len == '16777215') { continue; } //Too Big to process, 16777215 MEDIUMTEXT if (strlen($value) > $len) { echo "Failed Validation: too long {$type} {$field}"; return false; } break; case 'VAR_STRING': // VARCHAR or VARBINARY // VARCHAR or VARBINARY case 'STRING': //CHAR or BINARY if (strlen($value) > $len) { echo "Failed Validation: too long {$type} {$field}"; return false; } break; case 'TIMESTAMP': case 'TIME': /** @todo strtotime check */ /** @todo strtotime check */ case 'DATE': case 'DATETIME': if (strlen($value) > $len) { echo "Failed Validation: too long {$type} {$field}"; return false; } //if (!is_Date($value)) return false; break; default: //TINYINT, Bit, Bool, or Year is the default for no meta data //if (!is_Digits($value)) return false; //This fails so its commented out. if ($len == 3) { // Tiny INT if (intval($value) > 255) { echo "Failed Validation: too long {$type} {$field}"; return false; } if (intval($value) < -127) { echo "Failed Validation: too short {$type} {$field}"; return false; } } elseif ($len == 1) { // Bit or Bool if (intval($value) > 9) { echo "Failed Validation: too long {$type} {$field}"; return false; } if (intval($value) < 0) { echo "Failed Validation: too short {$type} {$field}"; return false; } } break; } } return true; }