function SqlQuery($loc, $sql) { $conn = GetSqlConnection(); $result = $conn->query($sql); if ($result == false) { DieWithBadSql($loc, $sql); } return $result; }
function SqlQuery($sql) { $conn = GetSqlConnection(); $result = $conn->query($sql); if ($result == false) { return false; } return $result; }
function SqlPrepareAndExectue($loc, $sql, $args) { $conn = GetSqlConnection(); $stmt = $conn->prepare($sql); if (!$stmt) { $msg = array("Sql Prepare Failed.", "sql=" . $sql, $conn->error); DieWithMsg($loc, $msg); } $n = count($args); $a = $args; if ($n > 10) { DieWithMsg($loc, "Too many args for Prepare and Execute."); } if ($n == 0) { $r = $stmt->bind_param(); } if ($n == 1) { $r = $stmt->bind_param("s", $a[0]); } if ($n == 2) { $r = $stmt->bind_param("ss", $a[0], $a[1]); } if ($n == 3) { $r = $stmt->bind_param("sss", $a[0], $a[1], $a[2]); } if ($n == 4) { $r = $stmt->bind_param("ssss", $a[0], $a[1], $a[2], $a[3]); } if ($n == 5) { $r = $stmt->bind_param("sssss", $a[0], $a[1], $a[2], $a[3], $a[4]); } if ($n == 6) { $r = $stmt->bind_param("ssssss", $a[0], $a[1], $a[2], $a[3], $a[4], $a[5]); } if ($n == 7) { $r = $stmt->bind_param("sssssss", $a[0], $a[1], $a[2], $a[3], $a[4], $a[5], $a[6]); } if ($n == 8) { $r = $stmt->bind_param("ssssssss", $a[0], $a[1], $a[2], $a[3], $a[4], $a[5], $a[6], $a[7]); } if ($n == 9) { $r = $stmt->bind_param("sssssssss", $a[0], $a[1], $a[2], $a[3], $a[4], $a[5], $a[6], $a[7], $a[8]); } if ($n == 10) { $r = $stmt->bind_param("ssssssssss", $a[0], $a[1], $a[2], $a[3], $a[4], $a[5], $a[6], $a[7], $a[8], $a[9]); } if (!$r) { DieWithMsg($loc, array("Bind Failure in sql=" . $sql, "NArgs=" . $n)); } $okay = $stmt->execute(); if ($okay === false) { DieWithBadSql($loc, $sql); } return $stmt; }
function StorePicture($tempfile, $delete = true) { $loc = "piclib.php->StorePicture"; $tstart = microtime(true); // Time the entire operation... // Make sure all the directories exist. CheckPicDirs(); if (empty($tempfile)) { log_error($loc, "Empty temp file!"); return false; } if (!file_exists($tempfile)) { log_error($loc, "Temp file does not exists ( " . $tempfile . ')'); return false; } $imginfo = @getimagesize($tempfile); if ($imginfo === false) { log_error($loc, 'Pic file appears unreadable. Getimagesize() failed reading ' . $tempfile); return false; } $width = $imginfo[0]; $height = $imginfo[1]; $type = $imginfo[2]; if ($type != IMG_JPG) { log_error($loc, 'Pic file does not seem to be a jpg. Output of getimagesize = ' . print_r($imginfo, true)); return false; } if ($width < 10 || $height < 10) { log_error($loc, 'Invalid Width and/or Height sizes (' . $width . ', ' . $height . ') for ' . $tempfile); return false; } $filesize = @filesize($tempfile); if ($filesize === false) { log_error($loc, 'Unable to get the file size for ' . $tempfile); return false; } if ($filesize > 10000000) { log_error($loc, 'File size for picture is too big (>10MB). Size= ' . $filesize . ', tempfile= ' . $tempfile); return false; } // All seems okay... Lets create the database entry. $sql = 'INSERT INTO Pictures (DateOfUpload, FileStatus, FileSize, Width, Height) VALUES ('; $sql .= '"' . DateTimeForSQL(UnixTimeNow()) . '"'; // DateOfUpload $sql .= ', 0'; // FileStatus $sql .= ', ' . intval($filesize); // FilsSize $sql .= ', ' . intval($width); // Width $sql .= ', ' . intval($height); // Height $sql .= ')'; $result = SqlQuery($loc, $sql); $id = GetSqlConnection()->insert_id; // Now that we have the ID, we can put the picture in it's place, and resize it. // Copy the input to the 'orig' folder. $origfile = PicPathName($id, 'orig'); if ($delete) { $result = @rename($tempfile, $origfile); } else { $result = @copy($tempfile, $origfile); } if ($result === false) { log_error($loc, 'Unable to move/copy file from ' . $tempfile . ' to ' . $origfile . '.'); return false; } // Now that we have the original in place, all the others can be resized from it. $result = PicResizeAll($id, $width, $height); if ($result === false) { return false; } // Now that all the files are in their correct places, update the file status in // the database. $sql = 'UPDATE Pictures SET FileStatus=1 WHERE PicID=' . intval($id); $result = SqlQuery($loc, $sql); $telp = (microtime(true) - $tstart) * 1000.0; log_msg($loc, "Pic ID " . $id . " Successfully Stored on server. (Elp=" . sprintf("%6.2f", $telp) . " ms.)"); return $id; }