39 var $rowset = array(); |
39 var $rowset = array(); |
40 var $errhandler; |
40 var $errhandler; |
41 |
41 |
42 function enable_errorhandler() |
42 function enable_errorhandler() |
43 { |
43 { |
|
44 if ( !defined('ENANO_DEBUG') ) |
|
45 return true; |
44 // echo "DBAL: enabling error handler<br />"; |
46 // echo "DBAL: enabling error handler<br />"; |
45 if ( function_exists('debug_backtrace') ) |
47 if ( function_exists('debug_backtrace') ) |
46 { |
48 { |
47 $this->errhandler = set_error_handler('db_error_handler'); |
49 $this->errhandler = set_error_handler('db_error_handler'); |
48 } |
50 } |
49 } |
51 } |
50 |
52 |
51 function disable_errorhandler() |
53 function disable_errorhandler() |
52 { |
54 { |
|
55 if ( !defined('ENANO_DEBUG') ) |
|
56 return true; |
53 // echo "DBAL: disabling error handler<br />"; |
57 // echo "DBAL: disabling error handler<br />"; |
54 if ( $this->errhandler ) |
58 if ( $this->errhandler ) |
55 { |
59 { |
56 set_error_handler($this->errhandler); |
60 set_error_handler($this->errhandler); |
57 } |
61 } |
208 // We're in! |
212 // We're in! |
209 $this->disable_errorhandler(); |
213 $this->disable_errorhandler(); |
210 return true; |
214 return true; |
211 } |
215 } |
212 |
216 |
213 function sql_query($q) |
217 function sql_query($q, $log_query = true) |
214 { |
218 { |
215 $this->enable_errorhandler(); |
219 if ( $log_query || defined('ENANO_DEBUG') ) |
|
220 $this->enable_errorhandler(); |
216 |
221 |
217 if ( $this->debug && function_exists('debug_backtrace') ) |
222 if ( $this->debug && function_exists('debug_backtrace') ) |
218 { |
223 { |
219 $backtrace = @debug_backtrace(); |
224 $backtrace = @debug_backtrace(); |
220 if ( is_array($backtrace) ) |
225 if ( is_array($backtrace) ) |
231 } |
236 } |
232 unset($backtrace); |
237 unset($backtrace); |
233 } |
238 } |
234 |
239 |
235 $this->num_queries++; |
240 $this->num_queries++; |
236 $this->query_backtrace[] = $q; |
241 if ( $log_query || defined('ENANO_DEBUG') ) |
237 $this->latest_query = $q; |
242 { |
|
243 $this->query_backtrace[] = $q; |
|
244 $this->latest_query = $q; |
|
245 } |
238 // First make sure we have a connection |
246 // First make sure we have a connection |
239 if ( !$this->_conn ) |
247 if ( !$this->_conn ) |
240 { |
248 { |
241 $this->_die('A database connection has not yet been established.'); |
249 $this->_die('A database connection has not yet been established.'); |
242 } |
250 } |
|
251 // Start the timer |
|
252 if ( $log_query || defined('ENANO_DEBUG') ) |
|
253 $time_start = microtime_float(); |
243 // Does this query look malicious? |
254 // Does this query look malicious? |
244 if ( !$this->check_query($q) ) |
255 if ( $log_query || defined('ENANO_DEBUG') ) |
245 { |
256 { |
246 $this->report_query($q); |
257 if ( !$this->check_query($q) ) |
247 grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p><p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>'); |
258 { |
248 } |
259 $this->report_query($q); |
249 |
260 grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p><p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>'); |
250 $time_start = microtime_float(); |
261 } |
|
262 } |
|
263 |
251 $r = mysql_query($q, $this->_conn); |
264 $r = mysql_query($q, $this->_conn); |
252 $this->query_times[$q] = microtime_float() - $time_start; |
265 |
|
266 if ( $log_query ) |
|
267 $this->query_times[$q] = microtime_float() - $time_start; |
|
268 |
253 $this->latest_result = $r; |
269 $this->latest_result = $r; |
254 $this->disable_errorhandler(); |
270 |
|
271 if ( $log_query ) |
|
272 $this->disable_errorhandler(); |
255 return $r; |
273 return $r; |
256 } |
274 } |
257 |
275 |
258 function sql_unbuffered_query($q) |
276 function sql_unbuffered_query($q, $log_query = true) |
259 { |
277 { |
260 $this->enable_errorhandler(); |
278 $this->enable_errorhandler(); |
261 |
279 |
262 $this->num_queries++; |
280 $this->num_queries++; |
263 $this->query_backtrace[] = '(UNBUFFERED) ' . $q; |
281 if ( $log_query || defined('ENANO_DEBUG') ) |
|
282 $this->query_backtrace[] = '(UNBUFFERED) ' . $q; |
264 $this->latest_query = $q; |
283 $this->latest_query = $q; |
265 // First make sure we have a connection |
284 // First make sure we have a connection |
266 if ( !$this->_conn ) |
285 if ( !$this->_conn ) |
267 { |
286 { |
268 $this->_die('A database connection has not yet been established.'); |
287 $this->_die('A database connection has not yet been established.'); |