function sql_internal($dblink, $sql)
{
global $opt, $db, $sqldebugger;
$args = func_get_args();
unset($args[0]);
unset($args[1]);
/* as an option, you can give as second parameter an array
* with all values for the placeholder. The array has to be
* with numeric indizes.
*/
if (isset($args[2]) && is_array($args[2])) {
$tmp_args = $args[2];
unset($args);
// correct indizes
$args = array_merge(array(0), $tmp_args);
unset($tmp_args);
unset($args[0]);
}
$sqlpos = 0;
$filtered_sql = '';
// replace every &x in $sql with the placeholder or parameter
$nextarg = strpos($sql, '&');
while ($nextarg !== false) {
// & escaped?
$escapesCount = 0;
while ($nextarg - $escapesCount - 1 > 0 && substr($sql, $nextarg - $escapesCount - 1, 1) == '\\') {
$escapesCount++;
}
if ($escapesCount % 2 == 1) {
$nextarg++;
} else {
$nextchar = substr($sql, $nextarg + 1, 1);
if (is_numeric($nextchar)) {
$arglength = 0;
$arg = '';
// find next non-digit
while (preg_match('/^[0-9]{1}/', $nextchar) == 1) {
$arg .= $nextchar;
$arglength++;
$nextchar = substr($sql, $nextarg + $arglength + 1, 1);
}
// ok ... replace
$filtered_sql .= substr($sql, $sqlpos, $nextarg - $sqlpos);
$sqlpos = $nextarg + $arglength;
if (isset($args[$arg])) {
if (is_numeric($args[$arg])) {
$filtered_sql .= $args[$arg];
} else {
if (substr($sql, $sqlpos - $arglength - 1, 1) == '\'' && substr($sql, $sqlpos + 1, 1) == '\'') {
$filtered_sql .= sql_escape($args[$arg]);
} elseif (substr($sql, $sqlpos - $arglength - 1, 1) == '`' && substr($sql, $sqlpos + 1, 1) == '`') {
$filtered_sql .= sql_escape_backtick($args[$arg]);
} else {
sql_error($sql);
}
}
} else {
// NULL
if (substr($sql, $sqlpos - $arglength - 1, 1) == '\'' && substr($sql, $sqlpos + 1, 1) == '\'') {
// strip apostroph and insert NULL
$filtered_sql = substr($filtered_sql, 0, strlen($filtered_sql) - 1);
$filtered_sql .= 'NULL';
$sqlpos++;
} else {
$filtered_sql .= 'NULL';
}
}
$sqlpos++;
} else {
$arglength = 0;
$arg = '';
// find next non-alphanumeric char
// (added '_' - it is used in temptable names - following 2013/07/18)
while (preg_match('/^[a-zA-Z0-9_]{1}/', $nextchar) == 1) {
$arg .= $nextchar;
$arglength++;
$nextchar = substr($sql, $nextarg + $arglength + 1, 1);
}
// ok ... replace
$filtered_sql .= substr($sql, $sqlpos, $nextarg - $sqlpos);
if (isset($opt['db']['placeholder'][$arg])) {
if (substr($sql, $nextarg - 1, 1) != '`') {
$filtered_sql .= '`';
}
$filtered_sql .= sql_escape_backtick($opt['db']['placeholder'][$arg]);
if (substr($sql, $nextarg + $arglength + 1, 1) != '`') {
$filtered_sql .= '`';
}
} elseif (isset($db['temptables'][$arg])) {
if (substr($sql, $nextarg - 1, 1) != '`') {
$filtered_sql .= '`';
}
$filtered_sql .= sql_escape_backtick($opt['db']['placeholder']['tmpdb']) . '`.`' . sql_escape_backtick($db['temptables'][$arg]);
if (substr($sql, $nextarg + $arglength + 1, 1) != '`') {
$filtered_sql .= '`';
}
} else {
sql_error($sql);
}
$sqlpos = $nextarg + $arglength + 1;
}
}
$nextarg = strpos($sql, '&', $nextarg + 1);
}
// append the rest
$filtered_sql .= substr($sql, $sqlpos);
// strip escapes of &
$nextarg = strpos($filtered_sql, '\\&');
while ($nextarg !== false) {
$escapesCount = 0;
while ($nextarg - $escapesCount - 1 > 0 && substr($filtered_sql, $nextarg - $escapesCount - 1, 1) == '\\') {
$escapesCount++;
}
if ($escapesCount % 2 == 0) {
// strip escapes of &
$filtered_sql = substr($filtered_sql, 0, $nextarg) . '&' . substr($filtered_sql, $nextarg + 2);
$nextarg--;
}
$nextarg = strpos($filtered_sql, '\\&', $nextarg + 2);
}
//
// ok ... filtered_sql is ready for usage
//
/* todo:
- errorlogging
- LIMIT
- block DROP/DELETE
*/
if (isset($db['debug']) && $db['debug'] == true) {
require_once $opt['rootpath'] . 'lib2/sqldebugger.class.php';
$result = $sqldebugger->execute($filtered_sql, $dblink, $dblink === $db['dblink_slave'], $db['slave_server']);
if ($result === false) {
sql_error($filtered_sql);
}
} else {
// measure time
if ($opt['db']['warn']['time'] > 0) {
require_once $opt['rootpath'] . 'lib2/bench.inc.php';
$cSqlExecution = new Cbench();
$cSqlExecution->start();
}
$result = @mysql_query($filtered_sql, $dblink);
if ($result === false) {
sql_error($filtered_sql);
}
if ($opt['db']['warn']['time'] > 0) {
$cSqlExecution->stop();
if ($cSqlExecution->diff() > $opt['db']['warn']['time']) {
$ua = isset($_SERVER['HTTP_USER_AGENT']) ? "\r\n" . $_SERVER['HTTP_USER_AGENT'] : "";
sql_warn("execution took " . $cSqlExecution->diff() . " seconds" . $ua);
}
}
}
return $result;
}
static function getSqlDistanceFormula($lonFrom, $latFrom, $maxDistance, $distanceMultiplier = 1, $lonField = 'longitude', $latField = 'latitude', $tableName = 'caches')
{
$lonFrom = $lonFrom + 0;
$latFrom = $latFrom + 0;
$maxDistance = $maxDistance + 0;
$distanceMultiplier = $distanceMultiplier + 0;
if (!mb_ereg_match('^[a-zA-Z][a-zA-Z0-9_]{0,59}$', $lonField)) {
die('Fatal Error: invalid lonField');
}
if (!mb_ereg_match('^[a-zA-Z][a-zA-Z0-9_]{0,59}$', $latField)) {
die('Fatal Error: invalid latField');
}
if (!mb_ereg_match('^[a-zA-Z][a-zA-Z0-9_]{0,59}$', $tableName)) {
die('Fatal Error: invalid tableName');
}
$b1_rad = sprintf('%01.5f', (90 - $latFrom) * 3.14159 / 180);
$l1_deg = sprintf('%01.5f', $lonFrom);
$lonField = '`' . sql_escape_backtick($tableName) . '`.`' . sql_escape_backtick($lonField) . '`';
$latField = '`' . sql_escape_backtick($tableName) . '`.`' . sql_escape_backtick($latField) . '`';
$r = 6370 * $distanceMultiplier;
$retval = 'acos(cos(' . $b1_rad . ') * cos((90-' . $latField . ') * 3.14159 / 180) + sin(' . $b1_rad . ') * sin((90-' . $latField . ') * 3.14159 / 180) * cos((' . $l1_deg . '-' . $lonField . ') * 3.14159 / 180)) * ' . $r;
return $retval;
}
