function sql_internal($dblink, $sql) { global $opt, $db, $sqldebugger; $args = func_get_args(); unset($args[0]); unset($args[1]); /* as an option, you can give as second parameter an array * with all values for the placeholder. The array has to be * with numeric indizes. */ if (isset($args[2]) && is_array($args[2])) { $tmp_args = $args[2]; unset($args); // correct indizes $args = array_merge(array(0), $tmp_args); unset($tmp_args); unset($args[0]); } $sqlpos = 0; $filtered_sql = ''; // replace every &x in $sql with the placeholder or parameter $nextarg = strpos($sql, '&'); while ($nextarg !== false) { // & escaped? $escapesCount = 0; while ($nextarg - $escapesCount - 1 > 0 && substr($sql, $nextarg - $escapesCount - 1, 1) == '\\') { $escapesCount++; } if ($escapesCount % 2 == 1) { $nextarg++; } else { $nextchar = substr($sql, $nextarg + 1, 1); if (is_numeric($nextchar)) { $arglength = 0; $arg = ''; // find next non-digit while (preg_match('/^[0-9]{1}/', $nextchar) == 1) { $arg .= $nextchar; $arglength++; $nextchar = substr($sql, $nextarg + $arglength + 1, 1); } // ok ... replace $filtered_sql .= substr($sql, $sqlpos, $nextarg - $sqlpos); $sqlpos = $nextarg + $arglength; if (isset($args[$arg])) { if (is_numeric($args[$arg])) { $filtered_sql .= $args[$arg]; } else { if (substr($sql, $sqlpos - $arglength - 1, 1) == '\'' && substr($sql, $sqlpos + 1, 1) == '\'') { $filtered_sql .= sql_escape($args[$arg]); } elseif (substr($sql, $sqlpos - $arglength - 1, 1) == '`' && substr($sql, $sqlpos + 1, 1) == '`') { $filtered_sql .= sql_escape_backtick($args[$arg]); } else { sql_error($sql); } } } else { // NULL if (substr($sql, $sqlpos - $arglength - 1, 1) == '\'' && substr($sql, $sqlpos + 1, 1) == '\'') { // strip apostroph and insert NULL $filtered_sql = substr($filtered_sql, 0, strlen($filtered_sql) - 1); $filtered_sql .= 'NULL'; $sqlpos++; } else { $filtered_sql .= 'NULL'; } } $sqlpos++; } else { $arglength = 0; $arg = ''; // find next non-alphanumeric char // (added '_' - it is used in temptable names - following 2013/07/18) while (preg_match('/^[a-zA-Z0-9_]{1}/', $nextchar) == 1) { $arg .= $nextchar; $arglength++; $nextchar = substr($sql, $nextarg + $arglength + 1, 1); } // ok ... replace $filtered_sql .= substr($sql, $sqlpos, $nextarg - $sqlpos); if (isset($opt['db']['placeholder'][$arg])) { if (substr($sql, $nextarg - 1, 1) != '`') { $filtered_sql .= '`'; } $filtered_sql .= sql_escape_backtick($opt['db']['placeholder'][$arg]); if (substr($sql, $nextarg + $arglength + 1, 1) != '`') { $filtered_sql .= '`'; } } elseif (isset($db['temptables'][$arg])) { if (substr($sql, $nextarg - 1, 1) != '`') { $filtered_sql .= '`'; } $filtered_sql .= sql_escape_backtick($opt['db']['placeholder']['tmpdb']) . '`.`' . sql_escape_backtick($db['temptables'][$arg]); if (substr($sql, $nextarg + $arglength + 1, 1) != '`') { $filtered_sql .= '`'; } } else { sql_error($sql); } $sqlpos = $nextarg + $arglength + 1; } } $nextarg = strpos($sql, '&', $nextarg + 1); } // append the rest $filtered_sql .= substr($sql, $sqlpos); // strip escapes of & $nextarg = strpos($filtered_sql, '\\&'); while ($nextarg !== false) { $escapesCount = 0; while ($nextarg - $escapesCount - 1 > 0 && substr($filtered_sql, $nextarg - $escapesCount - 1, 1) == '\\') { $escapesCount++; } if ($escapesCount % 2 == 0) { // strip escapes of & $filtered_sql = substr($filtered_sql, 0, $nextarg) . '&' . substr($filtered_sql, $nextarg + 2); $nextarg--; } $nextarg = strpos($filtered_sql, '\\&', $nextarg + 2); } // // ok ... filtered_sql is ready for usage // /* todo: - errorlogging - LIMIT - block DROP/DELETE */ if (isset($db['debug']) && $db['debug'] == true) { require_once $opt['rootpath'] . 'lib2/sqldebugger.class.php'; $result = $sqldebugger->execute($filtered_sql, $dblink, $dblink === $db['dblink_slave'], $db['slave_server']); if ($result === false) { sql_error($filtered_sql); } } else { // measure time if ($opt['db']['warn']['time'] > 0) { require_once $opt['rootpath'] . 'lib2/bench.inc.php'; $cSqlExecution = new Cbench(); $cSqlExecution->start(); } $result = @mysql_query($filtered_sql, $dblink); if ($result === false) { sql_error($filtered_sql); } if ($opt['db']['warn']['time'] > 0) { $cSqlExecution->stop(); if ($cSqlExecution->diff() > $opt['db']['warn']['time']) { $ua = isset($_SERVER['HTTP_USER_AGENT']) ? "\r\n" . $_SERVER['HTTP_USER_AGENT'] : ""; sql_warn("execution took " . $cSqlExecution->diff() . " seconds" . $ua); } } } return $result; }
static function getSqlDistanceFormula($lonFrom, $latFrom, $maxDistance, $distanceMultiplier = 1, $lonField = 'longitude', $latField = 'latitude', $tableName = 'caches') { $lonFrom = $lonFrom + 0; $latFrom = $latFrom + 0; $maxDistance = $maxDistance + 0; $distanceMultiplier = $distanceMultiplier + 0; if (!mb_ereg_match('^[a-zA-Z][a-zA-Z0-9_]{0,59}$', $lonField)) { die('Fatal Error: invalid lonField'); } if (!mb_ereg_match('^[a-zA-Z][a-zA-Z0-9_]{0,59}$', $latField)) { die('Fatal Error: invalid latField'); } if (!mb_ereg_match('^[a-zA-Z][a-zA-Z0-9_]{0,59}$', $tableName)) { die('Fatal Error: invalid tableName'); } $b1_rad = sprintf('%01.5f', (90 - $latFrom) * 3.14159 / 180); $l1_deg = sprintf('%01.5f', $lonFrom); $lonField = '`' . sql_escape_backtick($tableName) . '`.`' . sql_escape_backtick($lonField) . '`'; $latField = '`' . sql_escape_backtick($tableName) . '`.`' . sql_escape_backtick($latField) . '`'; $r = 6370 * $distanceMultiplier; $retval = 'acos(cos(' . $b1_rad . ') * cos((90-' . $latField . ') * 3.14159 / 180) + sin(' . $b1_rad . ') * sin((90-' . $latField . ') * 3.14159 / 180) * cos((' . $l1_deg . '-' . $lonField . ') * 3.14159 / 180)) * ' . $r; return $retval; }