/** TAKEN FROM utils_db.php * insert or update record for given table * * returns record ID in case success or error message * * @param mixed $mysqli * @param mixed $table_name * @param mixed $table_prefix * @param mixed $record - array(fieldname=>value) - all values considered as String except when field ended with ID * fields that don't have specified prefix are ignored */ function mysql__insertupdate($database, $table_name, $table_prefix, $record) { $mysqli = server_connect(); mysql__usedatabase($mysqli, $database); $ret = null; if (substr($table_prefix, -1) !== '_') { $table_prefix = $table_prefix . '_'; } $rec_ID = intval(@$record[$table_prefix . 'ID']); $isinsert = $rec_ID < 1; if ($isinsert) { $query = "INSERT into {$table_name} ("; $query2 = ') VALUES ('; } else { $query = "UPDATE {$table_name} set "; } $params = array(); $params[0] = ''; foreach ($record as $fieldname => $value) { if (strpos($fieldname, $table_prefix) !== 0) { //ignore fields without prefix //$fieldname = $table_prefix.$fieldname; continue; } if ($isinsert) { $query = $query . $fieldname . ', '; $query2 = $query2 . '?, '; } else { if ($fieldname == $table_prefix . "ID") { continue; } $query = $query . $fieldname . '=?, '; } $dtype = substr($fieldname, -2) === 'ID' || substr($fieldname, -2) === 'Id' ? 'i' : 's'; $params[0] = $params[0] . $dtype; if ($dtype == 'i' && $value == '') { $value = null; } array_push($params, $value); } $query = substr($query, 0, strlen($query) - 2); if ($isinsert) { $query2 = substr($query2, 0, strlen($query2) - 2) . ")"; $query = $query . $query2; } else { $query = $query . " where " . $table_prefix . "ID=" . $rec_ID; } //error_log($query); //error_log(print_r($params, true)); $stmt = $mysqli->prepare($query); if ($stmt) { call_user_func_array(array($stmt, 'bind_param'), refValues($params)); if (!$stmt->execute()) { $ret = $mysqli->error; } else { $ret = $isinsert ? $stmt->insert_id : $rec_ID; } $stmt->close(); } else { $ret = $mysqli->error; } return $ret; }
/** * Read configuration parameters from config file * * Establish connection to server * Open database * * @param $db - database name * @param $dbrequired - if false only connect to server (for database list) * @return true on success */ public function init($db, $dbrequired = true) { if ($db) { $this->dbname = $db; if (!(strpos($db, HEURIST_DB_PREFIX) === 0)) { $db = HEURIST_DB_PREFIX . $db; } $this->dbname_full = $db; } else { if ($dbrequired) { $this->addError(HEURIST_INVALID_REQUEST, "Database parameter not defined"); $this->mysqli = null; return false; } } //dbutils $res = mysql_connection(HEURIST_DBSERVER_NAME, ADMIN_DBUSERNAME, ADMIN_DBUSERPSWD); if (is_array($res)) { //connection to server failed $this->addError($res[0], $res[1]); $this->mysqli = null; return false; } else { $this->mysqli = $res; if ($this->dbname_full) { $res = mysql__usedatabase($this->mysqli, $this->dbname_full); if (is_array($res)) { //open of database failed $this->addError($res[0], $res[1]); return false; } if (!$this->get_system()) { return false; } $this->start_my_session(); if (!defined('HEURIST_DBNAME')) { define('HEURIST_DBNAME', $this->dbname); define('HEURIST_DBNAME_FULL', $this->dbname_full); } //@todo - test upload and thumb folder exist and writeable if (!$this->initPathConstants()) { $this->addError(HEURIST_SYSTEM_FATAL, "Cannot access filestore directory for this database: <b>" . HEURIST_FILESTORE_DIR . "</b><br/>Either the directory does not exist (check setting in heuristConfigIni.php file), or it is not writeable by PHP (check permissions).<br>" . "On a multi-tier service, the file server may not have restarted correctly or may not have been mounted on the web server.</p>"); return false; } $this->login_verify(); //load user info from session //consts $this->defineConstants(); //@todo - we do not need to init all constans for every system init - call it as separate method } $this->is_inited = true; return true; } }