2008-11-17 11:00:00 +00:00
|
|
|
<?php
|
|
|
|
|
2008-09-20 10:00:00 +00:00
|
|
|
class BDD
|
2008-11-17 11:00:00 +00:00
|
|
|
{
|
|
|
|
private $session;
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
private $reponse;
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
var $database;
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
var $num_rows;
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-04 11:00:00 +00:00
|
|
|
var $nodb;
|
2008-11-17 11:00:00 +00:00
|
|
|
|
2008-11-04 11:00:00 +00:00
|
|
|
function connexion($db=NULL,$h=NULL,$u=NULL,$p=NULL)
|
2008-11-17 11:00:00 +00:00
|
|
|
{
|
2008-09-20 10:00:00 +00:00
|
|
|
if($this->session) $this->deconnexion();
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-04 11:00:00 +00:00
|
|
|
global $var___db,$config;
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-09-20 10:00:00 +00:00
|
|
|
$u = pg_escape_string( empty($u)?$var___db['postgresql']['login']:$u );
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-09-20 10:00:00 +00:00
|
|
|
$p = pg_escape_string( empty($p)?$var___db['postgresql']['password']:$p );
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-09-20 10:00:00 +00:00
|
|
|
$h = pg_escape_string( empty($h)?$var___db['postgresql']['host']:$h );
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-09-20 10:00:00 +00:00
|
|
|
$db = pg_escape_string( empty($db)?$var___db['postgresql']['db']:$db );
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-09-20 10:00:00 +00:00
|
|
|
$this->session = @pg_connect("host='$h' port=5432 dbname='$db' user='$u' password='$p'");
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
if (!$this->session)
|
|
|
|
{
|
2008-09-20 10:00:00 +00:00
|
|
|
if($config['db_log']) file_log('Erreur PostgreSQL: Connexion à la base de donnée impossible.',2);
|
2008-11-16 11:00:00 +00:00
|
|
|
|
|
|
|
if(!empty($this->nodb) && function_exists($this->nodb))
|
|
|
|
{
|
|
|
|
call_user_func($this->nodb);
|
|
|
|
}
|
|
|
|
elseif(array_key_exists('no_db',$config) && function_exists($config['no_db']))
|
|
|
|
{
|
|
|
|
call_user_func($config['no_db']);
|
|
|
|
}
|
|
|
|
else die('Erreur de connexion a la base de donnee');
|
|
|
|
|
2008-11-04 11:00:00 +00:00
|
|
|
return FALSE;
|
2008-11-17 11:00:00 +00:00
|
|
|
}
|
2008-09-20 10:00:00 +00:00
|
|
|
|
|
|
|
pg_setclientencoding($this->session,'UTF8');
|
|
|
|
|
|
|
|
$this->reponse = NULL;
|
|
|
|
$this->num_rows = NULL;
|
|
|
|
$this->database = $db;
|
2008-11-17 11:00:00 +00:00
|
|
|
}
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
function deconnexion()
|
|
|
|
{
|
|
|
|
if($this->session)
|
|
|
|
{
|
2008-11-16 11:00:00 +00:00
|
|
|
$var = @pg_close($this->session);
|
2008-11-17 11:00:00 +00:00
|
|
|
$this->session = FALSE;
|
|
|
|
return $var;
|
|
|
|
}
|
|
|
|
else return FALSE;
|
|
|
|
}
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
function erreur($flag=TRUE)
|
|
|
|
{
|
|
|
|
if($this->session)
|
|
|
|
{
|
2008-09-20 10:00:00 +00:00
|
|
|
$var = pg_last_error($this->session);
|
2008-11-17 11:00:00 +00:00
|
|
|
if($flag) echo $var;
|
2008-11-04 11:00:00 +00:00
|
|
|
return($var);
|
2008-11-17 11:00:00 +00:00
|
|
|
}
|
|
|
|
else return FALSE;
|
|
|
|
}
|
|
|
|
function db($db=NULL)
|
|
|
|
{
|
|
|
|
if($this->session)
|
|
|
|
{
|
2008-11-04 11:00:00 +00:00
|
|
|
global $var___db;
|
2008-09-20 10:00:00 +00:00
|
|
|
$db = pg_escape_string( empty($db)?$var___db['postgresql']['db']:$db );
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-09-20 10:00:00 +00:00
|
|
|
$var = pg_query("\\connect $db");
|
2008-11-17 11:00:00 +00:00
|
|
|
if($var) $this->database = $db;
|
|
|
|
return $var;
|
|
|
|
}
|
|
|
|
else return FALSE;
|
|
|
|
}
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
function escape(&$var)
|
|
|
|
{
|
|
|
|
if($this->session)
|
|
|
|
{
|
2008-11-16 11:00:00 +00:00
|
|
|
$var = pg_escape_string($this->session,$var);
|
2008-09-20 10:00:00 +00:00
|
|
|
return $var;
|
2008-11-17 11:00:00 +00:00
|
|
|
}
|
|
|
|
else return FALSE;
|
|
|
|
}
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
function query($q)
|
|
|
|
{
|
|
|
|
if($this->session)
|
|
|
|
{
|
2008-11-16 11:00:00 +00:00
|
|
|
$this->reponse = pg_query($this->session,$q);
|
|
|
|
|
2008-11-04 11:00:00 +00:00
|
|
|
global $config;
|
2008-11-16 11:00:00 +00:00
|
|
|
if($config['db_injection'] == '1') $this->injection($q);
|
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
if(!$this->reponse)
|
|
|
|
{
|
2008-11-04 11:00:00 +00:00
|
|
|
if($config['db_log'] == '1')
|
|
|
|
{
|
2008-09-20 10:00:00 +00:00
|
|
|
file_log('Erreur PostgreSQL: " '.$this->erreur(FALSE).' ", avec la requète: { '.$q.' }.',1);
|
2008-11-04 11:00:00 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
echo("Requete à la base de donnée invalide");
|
|
|
|
}
|
2008-11-17 11:00:00 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
2008-11-16 11:00:00 +00:00
|
|
|
|
|
|
|
$this->num_rows = @pg_num_rows($this->reponse);
|
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
if($this->num_rows == 0)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
elseif($this->num_rows >= 1)
|
|
|
|
{
|
2008-11-16 11:00:00 +00:00
|
|
|
for($i=0; $var = pg_fetch_assoc($this->reponse); $i++)
|
2008-11-17 11:00:00 +00:00
|
|
|
{
|
|
|
|
$sortie[$i] = $var;
|
|
|
|
}
|
|
|
|
return $sortie;
|
|
|
|
}
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
else return FALSE;
|
|
|
|
}
|
|
|
|
else return FALSE;
|
|
|
|
}
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
function unique_query($q)
|
|
|
|
{
|
|
|
|
if($this->session)
|
|
|
|
{
|
2008-11-16 11:00:00 +00:00
|
|
|
$this->reponse = pg_query($this->session,$q);
|
|
|
|
|
2008-11-04 11:00:00 +00:00
|
|
|
global $config;
|
2008-11-16 11:00:00 +00:00
|
|
|
if($config['db_injection'] == '1') $this->injection($q);
|
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
if(!$this->reponse)
|
|
|
|
{
|
2008-11-04 11:00:00 +00:00
|
|
|
if($config['db_log'] == '1')
|
|
|
|
{
|
2008-09-20 10:00:00 +00:00
|
|
|
file_log('Erreur PostgreSQL: " '.$this->erreur(FALSE).' ", avec la requète: { '.$q.' }.',1);
|
2008-11-04 11:00:00 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
echo("Requete à la base de donnée invalide");
|
|
|
|
}
|
2008-11-17 11:00:00 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
2008-11-16 11:00:00 +00:00
|
|
|
|
|
|
|
$this->num_rows = @pg_num_rows($this->reponse);
|
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
if($this->num_rows == 0 || $this->num_rows > 1)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
elseif($this->num_rows == 1)
|
|
|
|
{
|
2008-11-16 11:00:00 +00:00
|
|
|
return pg_fetch_assoc($this->reponse);
|
2008-11-17 11:00:00 +00:00
|
|
|
}
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
else return FALSE;
|
|
|
|
}
|
|
|
|
else return FALSE;
|
|
|
|
}
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-11-17 11:00:00 +00:00
|
|
|
function affected()
|
|
|
|
{
|
|
|
|
if($this->session)
|
|
|
|
{
|
2008-09-20 10:00:00 +00:00
|
|
|
$affected = pg_affected_rows($this->session);
|
|
|
|
if($affected >= 0)
|
2008-11-17 11:00:00 +00:00
|
|
|
{
|
|
|
|
return $affected;
|
|
|
|
}
|
|
|
|
else return FALSE;
|
|
|
|
}
|
|
|
|
else return FALSE;
|
|
|
|
}
|
2008-11-16 11:00:00 +00:00
|
|
|
|
2008-09-20 10:00:00 +00:00
|
|
|
private function injection($q)
|
2008-11-16 11:00:00 +00:00
|
|
|
{
|
|
|
|
$var = preg_replace('#(\'|")(.*?)(?<!\\\\)\\1#us','',$q);
|
|
|
|
|
|
|
|
$find = array('union',
|
|
|
|
'\\x',
|
2008-09-20 10:00:00 +00:00
|
|
|
#'0x',
|
2008-11-16 11:00:00 +00:00
|
|
|
'"',
|
|
|
|
'\'',
|
|
|
|
'1=1',
|
|
|
|
'char(',
|
|
|
|
'chr(',
|
|
|
|
'/*',
|
|
|
|
'#',
|
|
|
|
'--',
|
|
|
|
'ascii(',
|
|
|
|
'x\'',
|
|
|
|
'%',
|
|
|
|
'hex(');
|
|
|
|
|
|
|
|
foreach($find as $string)
|
|
|
|
{
|
|
|
|
if(stripos($var,$string) !== FALSE)
|
|
|
|
{
|
|
|
|
file_log("injection sql possible avec la requète: { $q }",1);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2008-11-17 11:00:00 +00:00
|
|
|
}
|
|
|
|
?>
|