/** * The function uses prepared statements. * Replacement params in mysqli format * Makes binding and query. * * * @param mysqli_connect $dbConnect Connection to database * * @param string $query SQL-query to database * Query can use ?i, ?d, ?s, ?b, ?a types for params * * @return mysqli_result Database result */ function Database_query($dbConnect, $query) { // getting variables for sql-query from function's arguments // 2 - skip first two params of function $args = array_slice(func_get_args(), 2); // getting types of variables in sql-query // ?i - integer // ?d - double // ?s - string // ?b - blob // ?a - array of strings $matches_count = preg_match_all('/\\?([idsba])/', $query, $matches); if (sizeof($matches) < 2) { return false; } // getting params for binding $params = [NULL, '']; // [ $stmt, $types ] $types = ''; foreach ($matches[1] as $i => $type) { if ($type != 'a') { $types .= $type; $params[] =& $args[$i]; } else { // array transform if (!array_key_exists($i, $args)) { return false; } if (!is_array($args[$i])) { $args[$i] = [$args[$i]]; } foreach ($args[$i] as $k => &$v) { $params[] =& $v; } $length = sizeof($args[$i]); $types .= str_repeat('s', $length); $replace = substr(str_repeat('?,', $length), 0, -1); if ($replace === false) { $replace = "''"; } $query = preg_replace('/\\?a/', $replace, $query, 1); } } // prepare statement // array already transformed $query = preg_replace('/\\?([idsb])/', '?', $query); if (!($stmt = mysqli_prepare($dbConnect, $query))) { trigger_error(mysqli_error($dbConnect)); return false; } // first two params $params[0] = $stmt; $params[1] = $types; // mysqli binding if ($types !== '') { call_user_func_array("mysqli_stmt_bind_param", $params); } mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); Database_affectedRows(mysqli_affected_rows($dbConnect)); Database_insertID(mysqli_insert_id($dbConnect)); mysqli_stmt_close($stmt); return $result; }
function User_setSID($hsid, $id) { $q = "UPDATE Users\n\t\t\t\tSET hsid = ?s\n\t\t\t\tWHERE id = ?i"; $result = Database_query(User_db(), $q, $hsid, $id); if (Database_affectedRows() > 0) { return true; } else { return false; } }
/** * Money transaction */ function Orders_makeTransaction($user_id, $order_id, $value) { $q = "INSERT INTO Transactions\n\t\t\t\t(order_id, user_id, value)\n\t\t\t\tVALUES \n\t\t\t\t(?i, ?i, ?d)"; $result = Database_query(Orders_db(), $q, $order_id, $user_id, $value); $id = Database_insertID(); $q = "UPDATE Users\n\t\t\t\tSET account = account + ?d\n\t\t\t\tWHERE id = ?i"; $result = Database_query(Orders_db(), $q, $value, $user_id); $count = Database_affectedRows(); if (!$id || $count == 0) { Database_rollbackTransaction(Orders_db()); Database_rollbackTransaction(Orders_transactions_db()); return getError('database_error'); } return $id; }