/**
* {@inheritDoc}
*/
public function quoteTrustedValue($value)
{
if (function_exists('db2_escape_string')) {
return '\'' . db2_escape_string($value) . '\'';
}
return '\'' . str_replace("'", "''", $value) . '\'';
}
function quote($input, $type = \PDO::PARAM_STR)
{
$input = db2_escape_string($input);
if ($type == \PDO::PARAM_INT) {
return $input;
} else {
return "'" . $input . "'";
}
}
/**
* Quote a raw string.
*
* @param string $value Raw string
* @return string Quoted string
*/
protected function _quote($value)
{
if (is_int($value) || is_float($value)) {
return $value;
}
/**
* Use db2_escape_string() if it is present in the IBM DB2 extension.
* But some supported versions of PHP do not include this function,
* so fall back to default quoting in the parent class.
*/
if (function_exists('db2_escape_string')) {
return "'" . db2_escape_string($value) . "'";
}
return parent::_quote($value);
}
/**
* Quote a raw string.
*
* @param string $value Raw string
* @return string Quoted string
*/
protected function _quote($value)
{
/**
* Some releases of the IBM DB2 extension appear
* to be missing the db2_escape_string() method.
* The method was added in ibm_db2.c revision 1.53
* according to cvs.php.net. But the function is
* not present in my build of PHP 5.2.1.
*/
if (function_exists('db2_escape_string')) {
return "'" . db2_escape_string($value) . "'";
}
return parent::_quote($value);
}
function checkConnection()
{
global $DB;
if (!$this->getConfig('check_fields_result')) {
return false;
}
$DB['TYPE'] = $this->getConfig('DB_TYPE');
if (is_null($DB['TYPE'])) {
return false;
}
$DB['SERVER'] = $this->getConfig('DB_SERVER', 'localhost');
$DB['PORT'] = $this->getConfig('DB_PORT', '0');
$DB['DATABASE'] = $this->getConfig('DB_DATABASE', 'zabbix');
$DB['USER'] = $this->getConfig('DB_USER', 'root');
$DB['PASSWORD'] = $this->getConfig('DB_PASSWORD', '');
$DB['SCHEMA'] = $this->getConfig('DB_SCHEMA', '');
$error = '';
// during setup set debug to false to avoid displaying unwanted PHP errors in messages
if (!($result = DBconnect($error))) {
error($error);
} else {
$result = true;
if (!zbx_empty($DB['SCHEMA']) && $DB['TYPE'] == ZBX_DB_DB2) {
$db_schema = DBselect('SELECT schemaname FROM syscat.schemata WHERE schemaname=\'' . db2_escape_string($DB['SCHEMA']) . '\'');
$result = DBfetch($db_schema);
}
if ($result) {
$result = DBexecute('CREATE TABLE zabbix_installation_test (test_row INTEGER)');
$result &= DBexecute('DROP TABLE zabbix_installation_test');
}
}
DBclose();
$DB = null;
return $result;
}
function insertIntoRestaurant($name1, $street, $city, $state, $zip, $long, $lat, $conn, $cities)
{
$sql = "insert into " . userAccount . ".restaurant values('" . db2_escape_string($name1) . "', NULL, '" . db2_escape_string($street) . "', '" . db2_escape_string($city) . "', '" . db2_escape_string($state) . "', '" . db2_escape_string($zip) . "', '" . COUNTY . "', " . $long . ", " . $lat . ", db2gse.ST_Point(" . $long . ", " . $lat . ", 1))";
if (array_key_exists($city, $GLOBALS['cities'])) {
//Hashmap lookup to filter unwanted cities, O(1)
/*
$result = db2_exec( $GLOBALS['conn'] , $sql );
if(!$result){
//log failure
//$sql .= "\r\n";
saveToFile(errorFile, $sql."\r\n");
}*/
try {
$result = db2_exec($GLOBALS['conn'], $sql);
//saveToFile(errorFile1, $sql."\r\n");
} catch (Exception $e) {
//log failure
//$sql .= "\r\n";
saveToFile(errorFile1, $sql . "\r\n");
echo "Query Failed<br>";
echo "Exception: " . $e->getMessage() . "<br>";
echo db2_conn_error() . "<br>";
echo db2_conn_errormsg() . "<br>";
}
} else {
//log rejected city
//$sql .= "\r\n";
saveToFile(errorFile2, $sql . "\r\n");
}
}
/**
* This function escapes a string to be used in an SQL statement.
*
* @access public
* @override
* @param string $string the string to be escaped
* @param char $escape the escape character
* @return string the quoted string
* @throws Throwable_SQL_Exception indicates that no connection could
* be found
*
* @see http://www.php.net/manual/en/function.db2-escape-string.php
* @see http://publib.boulder.ibm.com/infocenter/db2luw/v8/index.jsp?topic=/com.ibm.db2.udb.doc/admin/c0010966.htm
* @see http://www.php.net/manual/en/mbstring.supported-encodings.php
*/
public function quote($string, $escape = NULL)
{
if (!$this->is_connected()) {
throw new Throwable_SQL_Exception('Message: Failed to quote/escape string. Reason: Unable to find connection.');
}
$string = "'" . db2_escape_string($string) . "'";
if (is_string($escape) or !empty($escape)) {
$string .= " ESCAPE '{$escape}'";
}
return $string;
}
/**
* Escape string for safe usage in SQL queries.
* Works for ibmdb2, mysql, oracle, postgresql, sqlite.
*
* @param array|string $var
*
* @return array|bool|string
*/
function zbx_dbstr($var)
{
global $DB;
if (!isset($DB['TYPE'])) {
return false;
}
switch ($DB['TYPE']) {
case ZBX_DB_DB2:
if (is_array($var)) {
foreach ($var as $vnum => $value) {
$var[$vnum] = "'" . db2_escape_string($value) . "'";
}
return $var;
}
return "'" . db2_escape_string($var) . "'";
case ZBX_DB_MYSQL:
if (is_array($var)) {
foreach ($var as $vnum => $value) {
$var[$vnum] = "'" . mysqli_real_escape_string($DB['DB'], $value) . "'";
}
return $var;
}
return "'" . mysqli_real_escape_string($DB['DB'], $var) . "'";
case ZBX_DB_ORACLE:
if (is_array($var)) {
foreach ($var as $vnum => $value) {
$var[$vnum] = "'" . preg_replace('/\'/', '\'\'', $value) . "'";
}
return $var;
}
return "'" . preg_replace('/\'/', '\'\'', $var) . "'";
case ZBX_DB_POSTGRESQL:
if (is_array($var)) {
foreach ($var as $vnum => $value) {
$var[$vnum] = "'" . pg_escape_string($value) . "'";
}
return $var;
}
return "'" . pg_escape_string($var) . "'";
case ZBX_DB_SQLITE3:
if (is_array($var)) {
foreach ($var as $vnum => $value) {
$var[$vnum] = "'" . $DB['DB']->escapeString($value) . "'";
}
return $var;
}
return "'" . $DB['DB']->escapeString($var) . "'";
default:
return false;
}
}
/**
* Alias for addQuotes()
* @param $s String: string to escape
* @return string escaped string
*/
public function strencode($s)
{
// Bloody useless function
// Prepends backslashes to \x00, \n, \r, \, ', " and \x1a.
// But also necessary
$s = db2_escape_string($s);
// Wide characters are evil -- some of them look like '
$s = utf8_encode($s);
// Fix its stupidity
$from = array("\\\\", "\\'", '\\n', '\\t', '\\"', '\\r');
$to = array("\\", "''", "\n", "\t", '"', "\r");
$s = str_replace($from, $to, $s);
// DB2 expects '', not \' escaping
return $s;
}
/**
* Values' composer
*
* @param string $value
*
* @return string
*
* @throws \Comodojo\Exception\DatabaseException
*/
private function composeValue($value)
{
$value_string_pattern = "'%s'";
$value_null_pattern = 'null';
$processed_value = null;
if (is_bool($value) === true) {
switch ($this->model) {
case 'MYSQLI':
case 'MYSQL_PDO':
case 'POSTGRESQL':
case 'DB2':
$processed_value = $value ? 'TRUE' : 'FALSE';
break;
case 'DBLIB_PDO':
case 'ORACLE_PDO':
case 'SQLITE_PDO':
default:
$processed_value = !$value ? 0 : 1;
break;
}
} elseif (is_numeric($value)) {
$processed_value = $value;
} elseif (is_null($value)) {
$processed_value = $value_null_pattern;
} else {
switch ($this->model) {
case 'MYSQLI':
$processed_value = sprintf($value_string_pattern, $this->dbh->escape_string($value));
break;
case 'POSTGRESQL':
$processed_value = sprintf($value_string_pattern, pg_escape_string($value));
break;
case 'DB2':
$processed_value = sprintf($value_string_pattern, db2_escape_string($value));
break;
case 'MYSQL_PDO':
case 'ORACLE_PDO':
case 'SQLITE_PDO':
case 'DBLIB_PDO':
$processed_value = $this->dbh->quote($value);
$processed_value = $processed_value === false ? sprintf($value_string_pattern, $value) : $processed_value;
break;
default:
$processed_value = sprintf($value_string_pattern, $value);
break;
}
}
return $processed_value;
}
function CheckConnection()
{
global $DB;
// global $ZBX_MESSAGES;
$DB['TYPE'] = $this->getConfig('DB_TYPE');
if (is_null($DB['TYPE'])) {
return false;
}
$DB['SERVER'] = $this->getConfig('DB_SERVER', 'localhost');
$DB['PORT'] = $this->getConfig('DB_PORT', '0');
$DB['DATABASE'] = $this->getConfig('DB_DATABASE', 'zabbix');
$DB['USER'] = $this->getConfig('DB_USER', 'root');
$DB['PASSWORD'] = $this->getConfig('DB_PASSWORD', '');
$DB['SCHEMA'] = $this->getConfig('DB_SCHEMA', '');
$error = '';
if (!($result = DBconnect($error))) {
// if(!is_null($ZBX_MESSAGES)) array_pop($ZBX_MESSAGES);
error($error);
} else {
$result = true;
if (!zbx_empty($DB['SCHEMA']) && $DB['TYPE'] == 'IBM_DB2') {
$db_schema = DBselect("SELECT schemaname FROM syscat.schemata WHERE schemaname='" . db2_escape_string($DB['SCHEMA']) . "'");
$result = DBfetch($db_schema);
}
if ($result) {
$result = DBexecute('CREATE table zabbix_installation_test ( test_row integer )');
$result &= DBexecute('DROP table zabbix_installation_test');
}
}
DBclose();
if ($DB['TYPE'] == 'SQLITE3' && !zbx_is_callable(array('sem_get', 'sem_acquire', 'sem_release', 'sem_remove'))) {
error('SQLite3 requires IPC functions');
$result = false;
}
$DB = null;
return $result;
}
/**
* {@inheritdoc}
*/
public function escape($str)
{
if ($str == '') {
return '';
}
if (function_exists('db2_escape_string')) {
$str = db2_escape_string($str);
} else {
$str = addslashes($str);
}
return trim($str);
}
function zbx_dbstr($var)
{
if (is_array($var)) {
foreach ($var as $vnum => $value) {
$var[$vnum] = "'" . db2_escape_string($value) . "'";
}
return $var;
}
return "'" . db2_escape_string($var) . "'";
}
public function san_sqli($indexEscFunc, $input)
{
/*
* 0 - mysql_real_escape_string
* 1 - mysqli_real_escape_string
* 2 - real_escape_string (mysqli oo)
* ---- DB2
* 3 - db2_escape_string
* ---- PostgreSQL
* 4 - pg_escape_string
*/
$dec = base64_decode($input);
$value = strcmp($input, $dec);
if ($value !== 0) {
$final = $dec;
} else {
if (strpos($input, '/*') && strpos($input, '*/')) {
$final = str_replace('/*', '', $input);
$final = str_replace('*/', '', $final);
} else {
if (preg_match("/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t(.*)>(.*)/i", $input) > 0 || preg_match("/<(.*)S(.*)C(.*)R(.*)I(.*)P(.*)T(.*)>(.*)/i", $input) > 0) {
$final = htmlentities($input);
} else {
$final = $input;
}
}
}
if ($indexEscFunc == 0) {
return mysql_real_escape_string($final);
}
if ($indexEscFunc == 1) {
return mysqli_real_escape_string($final);
}
if ($indexEscFunc == 2) {
return real_escape_string($final);
}
if ($indexEscFunc == 3) {
return db2_escape_string($final);
}
if ($indexEscFunc == 4) {
return pg_escape_string($final);
}
}
function CheckConnection()
{
global $DB;
$DB['TYPE'] = $this->getConfig('DB_TYPE');
if (is_null($DB['TYPE'])) {
return false;
}
$DB['SERVER'] = $this->getConfig('DB_SERVER', 'localhost');
$DB['PORT'] = $this->getConfig('DB_PORT', '0');
$DB['DATABASE'] = $this->getConfig('DB_DATABASE', 'zabbix');
$DB['USER'] = $this->getConfig('DB_USER', 'root');
$DB['PASSWORD'] = $this->getConfig('DB_PASSWORD', '');
$DB['SCHEMA'] = $this->getConfig('DB_SCHEMA', '');
$error = '';
if (!($result = DBconnect($error))) {
error($error);
} else {
$result = true;
if (!zbx_empty($DB['SCHEMA']) && $DB['TYPE'] == ZBX_DB_DB2) {
$db_schema = DBselect('SELECT schemaname FROM syscat.schemata WHERE schemaname=\'' . db2_escape_string($DB['SCHEMA']) . '\'');
$result = DBfetch($db_schema);
}
if ($result) {
$result = DBexecute('CREATE TABLE zabbix_installation_test (test_row INTEGER)');
$result &= DBexecute('DROP TABLE zabbix_installation_test');
}
}
DBclose();
if ($DB['TYPE'] == ZBX_DB_SQLITE3 && !zbx_is_callable(array('ftok', 'sem_get', 'sem_acquire', 'sem_release', 'sem_remove'))) {
error('Support of SQLite3 requires PHP IPC functions');
$result = false;
}
$DB = null;
return $result;
}
