diff --git a/core/trunk/core/class/ObjectControlerAbstract.php b/core/trunk/core/class/ObjectControlerAbstract.php
index b760a3409a6e9f409d6fd643c25658c1c22f670c..59a0e342c28d6f39955cf064c8e3cb554cee74cc 100644
--- a/core/trunk/core/class/ObjectControlerAbstract.php
+++ b/core/trunk/core/class/ObjectControlerAbstract.php
@@ -111,8 +111,15 @@ abstract class ObjectControler
$values[] = '?';
$arrayValues[] = $boolValue;
} else {
- $values[] = '?';
- $arrayValues[] = $value;
+ if (
+ $value == 'CURRENT_TIMESTAMP'
+ || $value == 'SYSDATE'
+ ) {
+ $values[] = $value;
+ } else {
+ $values[] = '?';
+ $arrayValues[] = $value;
+ }
}
}
}
@@ -202,8 +209,15 @@ abstract class ObjectControler
$arrayValues[] = $boolValue;
} else {
// Character or date
- $result[] = $key . "=?";
- $arrayValues[] = $value;
+ if (
+ $value == 'CURRENT_TIMESTAMP'
+ || $value == 'SYSDATE'
+ ) {
+ $result[] = $key . "=" . $value;
+ } else {
+ $result[] = $key . "=?";
+ $arrayValues[] = $value;
+ }
}
}
}
diff --git a/core/trunk/core/class/class_db_pdo.php b/core/trunk/core/class/class_db_pdo.php
index 8503fc89b023d86aa4048ce8d6d06caec675a1ef..5899b08f85a4d76cfa152221fd848129c97bdadd 100644
--- a/core/trunk/core/class/class_db_pdo.php
+++ b/core/trunk/core/class/class_db_pdo.php
@@ -386,5 +386,35 @@ class Database extends functions
default : return ' ';
}
}
+
+ /**
+ * Test if the specified column exists in the database
+ *
+ * @param $table : Name of searched table
+ * @param $field : Name of searched field in table
+ * ==Return : true is field is founed, false is not
+ */
+ public function test_column($table, $field)
+ {
+ switch($this->driver) {
+ case 'pgsql' :
+ $stmt = $this->query(
+ "select column_name from information_schema.columns where table_name = ? and column_name = ?",
+ array($table, $field)
+ );
+ $res = $stmt->rowCount();
+ if ($res > 0) return true;
+ else return false;
+ case 'oci' :
+ $stmt = $this->query("SELECT * from USER_TAB_COLUMNS where TABLE_NAME = ? AND COLUMN_NAME = ?",
+ array($table, $field)
+ );
+ $res = $stmt->rowCount();
+ if ($res > 0) return true;
+ else return false;
+ case 'mysql' : return true; // TO DO
+ default : return false;
+ }
+ }
}
diff --git a/core/trunk/core/class/class_security.php b/core/trunk/core/class/class_security.php
index 55b1d5a4a18787ac13476f59491abfa2c569cf6f..3e8ad870babf977e3da3a8ce725cf16da7e8487a 100644
--- a/core/trunk/core/class/class_security.php
+++ b/core/trunk/core/class/class_security.php
@@ -1,6 +1,6 @@
<?php
/*
-* Copyright 2008,2009,2010 Maarch
+* Copyright 2008-2015 Maarch
*
* This file is part of Maarch Framework.
*
@@ -41,6 +41,7 @@
*/
//Requires to launch history functions
+require_once 'core/class/class_db_pdo.php';
require_once 'core/class/class_history.php';
require_once 'core/class/SecurityControler.php';
require_once 'core/where_targets.php';
@@ -54,7 +55,7 @@ require_once 'core/class/ServiceControler.php';
//require_once('lib/FirePHP/Init.php');
-class security extends dbquery
+class security extends Database
{
/**
* Gets the indice of the collection in the $_SESSION['collections'] array
@@ -298,8 +299,6 @@ class security extends dbquery
*/
public function reopen($s_UserId,$s_key)
{
- $this->connect();
-
$comp = " and cookie_key = '".$s_key."' and STATUS <> 'DEL'";
$uc = new users_controler();
$user = users_controler::get($s_login, $comp);
@@ -322,13 +321,12 @@ class security extends dbquery
) {
$_SESSION['user']['signature_path'] = $user->__get('signature_path');
$_SESSION['user']['signature_file_name'] = $user->__get('signature_file_name');
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
$query = "select path_template from "
. _DOCSERVERS_TABLE_NAME
. " where docserver_id = 'TEMPLATES'";
- $db->query($query);
- $resDs = $db->fetch_object();
+ $stmt = $db->query($query);
+ $resDs = $stmt->fetchObject();
$pathToDs = $resDs->path_template;
$_SESSION['user']['pathToSignature'] = $pathToDs . str_replace(
"#",
@@ -819,13 +817,12 @@ class security extends dbquery
$view = $this->retrieve_table_from_coll($coll_id);
}
$where_clause = $this->get_where_clause_from_coll_id($coll_id);
- $query = "select res_id from " . $view . " where res_id = " . $s_id;
+ $query = "select res_id from " . $view . " where res_id = ?";
if (!empty($where_clause)) {
$query .= " and (" . $where_clause . ") ";
}
- $this->connect();
- $this->query($query);
- if ($this->nb_result() < 1) {
+ $stmt = $this->query($query, array($s_id));
+ if ($stmt->rowCount() < 1) {
//NOT IN THE DOC PERIMETER SO TEST IT IN THE BASKETS
$basketQuery = '';
for (
@@ -851,10 +848,9 @@ class security extends dbquery
if ($basketQuery <> '') {
$basketQuery = preg_replace('/^ or/', '', $basketQuery);
$query = "select res_id from "
- . $view . " where (" . $basketQuery . ") and res_id = " . $s_id;
- $this->connect();
- $this->query($query);
- if ($this->nb_result() < 1) {
+ . $view . " where (" . $basketQuery . ") and res_id = ?";
+ $stmt = $this->query($query, array($s_id));
+ if ($stmt->rowCount() < 1) {
return false;
} else {
return true;
diff --git a/core/trunk/core/class/docserver_locations_controler.php b/core/trunk/core/class/docserver_locations_controler.php
index 32b97c1cacc4fa154ea733c298aef0ef764abb6b..7405f8b962d23ecb57a6db98b1c7e43d142f389b 100644
--- a/core/trunk/core/class/docserver_locations_controler.php
+++ b/core/trunk/core/class/docserver_locations_controler.php
@@ -385,18 +385,11 @@ class docserver_locations_controler extends ObjectControler
);
return $control;
}
- $db=new dbquery();
- $db->connect();
+ $db = new Database();
$query = "delete from " . _DOCSERVER_LOCATIONS_TABLE_NAME
- . " where docserver_location_id = '"
- . $func->protect_string_db(
- $docserverLocation->docserver_location_id
- ) . "'";
+ . " where docserver_location_id = ?";
try {
- if ($_ENV['DEBUG']) {
- functions::xecho($query) . ' // ';
- }
- $db->query($query);
+ $stmt = $db->query($query, array($docserverLocation->docserver_location_id));
} catch (Exception $e) {
$control = array(
'status' => 'ko',
@@ -405,7 +398,6 @@ class docserver_locations_controler extends ObjectControler
. ' ' . $docserverLocation->docserver_location_id
);
}
- $db->disconnect();
$control = array(
'status' => 'ok',
'value' => $docserverLocation->docserver_location_id
@@ -555,26 +547,19 @@ class docserver_locations_controler extends ObjectControler
{
if (!isset ($docserverLocationId) || empty ($docserverLocationId))
return false;
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
$query = "select docserver_location_id from "
. _DOCSERVER_LOCATIONS_TABLE_NAME
- . " where docserver_location_id = '" . $docserverLocationId
- . "'";
+ . " where docserver_location_id = ?";
try {
- if ($_ENV['DEBUG']) {
- functions::xecho($query) . ' // ';
- }
- $db->query($query);
+ $stmt = $db->query($query, array($docserverLocationId));
} catch (Exception $e) {
echo _UNKNOWN . _DOCSERVER_LOCATION . ' '
. functions::xssafe($docserverLocationId) . ' // ';
}
- if ($db->nb_result() > 0) {
- $db->disconnect();
+ if ($stmt->rowCount() > 0) {
return true;
}
- $db->disconnect();
return false;
}
@@ -588,17 +573,13 @@ class docserver_locations_controler extends ObjectControler
{
if (!isset($docserverLocationId) || empty($docserverLocationId))
return false;
- $db=new dbquery();
- $db->connect();
+ $db=new Database();
$query = "select docserver_location_id from " . _DOCSERVERS_TABLE_NAME
- . " where docserver_location_id = '" . $docserverLocationId
- . "'";
- $db->query($query);
- if ($db->nb_result()>0) {
- $db->disconnect();
+ . " where docserver_location_id = ?";
+ $stmt = $db->query($query, array($docserverLocationId));
+ if ($stmt->rowCount()>0) {
return true;
}
- $db->disconnect();
}
/**
@@ -693,24 +674,18 @@ class docserver_locations_controler extends ObjectControler
if (empty($docserverLocationId))
return null;
$docservers = array();
- $db=new dbquery();
- $db->connect();
+ $db=new Database();
$query = "select docserver_id from " . _DOCSERVERS_TABLE_NAME
- . " where docserver_location_id = '" . $docserverLocationId
- . "'";
+ . " where docserver_location_id = ?";
try{
- if ($_ENV['DEBUG']) {
- functions::xecho($query) . ' // ';
- }
- $db->query($query);
+ $stmt = $db->query($query, array($docserverLocationId));
} catch (Exception $e) {
echo _NO_DOCSERVER_LOCATION_WITH_ID . ' '
. functions::xssafe($docserverLocationId) . ' // ';
}
- while ($res = $db->fetch_object()) {
+ while ($res = $stmt->fetchObject()) {
array_push($docservers, $res->docserver_id);
}
- $db->disconnect();
return $docservers;
}
@@ -720,30 +695,25 @@ class docserver_locations_controler extends ObjectControler
*/
public function getAllId($can_be_disabled = false)
{
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
$query = "select docserver_location_id from "
. _DOCSERVER_LOCATIONS_TABLE_NAME . " ";
if (!$can_be_disabled)
$query .= " where enabled = 'Y'";
try {
- if ($_ENV['DEBUG'])
- functions::xecho($query) . ' // ';
- $db->query($query);
+ $stmt = $db->query($query);
} catch (Exception $e) {
echo _NO_DOCSERVER_LOCATION . ' // ';
}
- if ($db->nb_result() > 0) {
+ if ($stmt->rowCount() > 0) {
$result = array ();
$cptId = 0;
- while ($queryResult = $db->fetch_object()) {
+ while ($queryResult = $stmt->fetchObject()) {
$result[$cptId] = $queryResult->docserver_location_id;
$cptId++;
}
- $db->disconnect();
return $result;
} else {
- $db->disconnect();
return null;
}
}
diff --git a/core/trunk/core/class/docserver_types_controler.php b/core/trunk/core/class/docserver_types_controler.php
index 20c436bd718383cc21937674cb6f578bdc80ec76..4d93e9d8ca76721b8eb6d6da080a4868a792ab44 100644
--- a/core/trunk/core/class/docserver_types_controler.php
+++ b/core/trunk/core/class/docserver_types_controler.php
@@ -270,18 +270,17 @@ class docserver_types_controler extends ObjectControler implements ObjectControl
$control = array("status" => "ko", "value" => "", "error" => _LINK_EXISTS);
return $control;
}
- $db=new dbquery();
- $db->connect();
- $query="delete from "._DOCSERVER_TYPES_TABLE_NAME." where docserver_type_id ='".$func->protect_string_db($docserver_type->docserver_type_id)."'";
+ $db = new Database();
+
+ $stmt = $query="delete from " . _DOCSERVER_TYPES_TABLE_NAME
+ . " where docserver_type_id =?";
try {
- if ($_ENV['DEBUG']) {functions::xecho($query) . ' // ';}
- $db->query($query);
+ $db->query($query, array($docserver_type->docserver_type_id));
$ok = true;
} catch (Exception $e) {
$control = array("status" => "ko", "value" => "", "error" => _CANNOT_DELETE_DOCSERVER_TYPE_ID." ".$docserver_type->docserver_type_id);
$ok = false;
}
- $db->disconnect();
$control = array("status" => "ok", "value" => $docserver_type->docserver_type_id);
if ($_SESSION['history']['docserverstypesdel'] == "true") {
$history = new history();
@@ -409,22 +408,17 @@ class docserver_types_controler extends ObjectControler implements ObjectControl
public function docserverTypeExists($docserver_type_id) {
if (!isset ($docserver_type_id) || empty ($docserver_type_id))
return false;
- $db = new dbquery();
- $db->connect();
- $query = "select docserver_type_id from " . _DOCSERVER_TYPES_TABLE_NAME . " where docserver_type_id = '" . $docserver_type_id . "'";
+ $db = new Database();
+ $query = "select docserver_type_id from "
+ . _DOCSERVER_TYPES_TABLE_NAME . " where docserver_type_id = ?";
try {
- if ($_ENV['DEBUG']) {
- functions::xecho($query) . ' // ';
- }
- $db->query($query);
+ $stmt = $db->query($query, array($docserver_type_id));
} catch (Exception $e) {
echo _UNKNOWN . _LC_CYCLE . " " . functions::xssafe($docserver_type_id) . ' // ';
}
- if ($db->nb_result() > 0) {
- $db->disconnect();
+ if ($stmt->rowCount() > 0) {
return true;
}
- $db->disconnect();
return false;
}
@@ -437,16 +431,13 @@ class docserver_types_controler extends ObjectControler implements ObjectControl
public function docserverLinkExists($docserver_type_id) {
if (!isset($docserver_type_id) || empty($docserver_type_id))
return false;
- $db=new dbquery();
- $db->connect();
-
- $query = "select docserver_type_id from "._DOCSERVERS_TABLE_NAME." where docserver_type_id = '".$docserver_type_id."'";
- $db->query($query);
- if ($db->nb_result()>0) {
- $db->disconnect();
+ $db = new Database();
+ $query = "select docserver_type_id from "
+ . _DOCSERVERS_TABLE_NAME . " where docserver_type_id = ?";
+ $stmt = $db->query($query, array($docserver_type_id));
+ if ($stmt->rowCount()>0) {
return true;
}
- $db->disconnect();
}
/**
@@ -458,15 +449,13 @@ class docserver_types_controler extends ObjectControler implements ObjectControl
public function lcCycleStepsLinkExists($docserver_type_id) {
if (!isset($docserver_type_id) || empty($docserver_type_id))
return false;
- $db=new dbquery();
- $db->connect();
- $query = "select docserver_type_id from "._LC_CYCLE_STEPS_TABLE_NAME." where docserver_type_id = '".$docserver_type_id."'";
- $db->query($query);
- if ($db->nb_result()>0) {
- $db->disconnect();
+ $db = new Database();
+ $query = "select docserver_type_id from "
+ . _LC_CYCLE_STEPS_TABLE_NAME . " where docserver_type_id = ?";
+ $stmt = $db->query($query, array($docserver_type_id));
+ if ($stmt->rowCount()>0) {
return true;
}
- $db->disconnect();
}
/**
@@ -479,20 +468,17 @@ class docserver_types_controler extends ObjectControler implements ObjectControl
if (empty($docserver_type_id))
return null;
$docservers = array();
- $db=new dbquery();
- $db->connect();
- $query = "select docserver_id from "._DOCSERVERS_TABLE_NAME." where docserver_type_id = '".$docserver_type_id."'";
+ $db = new Database();
+ $query = "select docserver_id from "
+ . _DOCSERVERS_TABLE_NAME . " where docserver_type_id = ?";
try{
- if ($_ENV['DEBUG']) {functions::xecho($query) . ' // ';}
- $db->query($query);
+ $stmt = $db->query($query, array($docserver_type_id));
} catch (Exception $e) {
- echo _NO_TYPE_WITH_ID.' '.functions::xssafe($docserver_type_id).' // ';
+ echo _NO_TYPE_WITH_ID.' '.functions::xssafe($docserver_type_id).' // ';
}
- while($res = $db->fetch_object())
- {
+ while ($res = $stmt->fetchObject()) {
array_push($docservers, $res->docserver_id);
}
- $db->disconnect();
return $docservers;
}
@@ -501,32 +487,25 @@ class docserver_types_controler extends ObjectControler implements ObjectControl
* @return array of docservers types
*/
public function getAllId($can_be_disabled = false) {
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
$query = "select docserver_type_id from " . _DOCSERVER_TYPES_TABLE_NAME . " ";
if (!$can_be_disabled)
$query .= " where enabled = 'Y'";
try {
- if ($_ENV['DEBUG'])
- functions::xecho($query) . ' // ';
- $db->query($query);
+ $stmt = $db->query($query);
} catch (Exception $e) {
echo _NO_DOCSERVER_TYPE . ' // ';
}
- if ($db->nb_result() > 0) {
- $result = array ();
+ if ($stmt->rowCount() > 0) {
+ $result = array();
$cptId = 0;
- while ($queryResult = $db->fetch_object()) {
+ while ($queryResult = $stmt->fetchObject()) {
$result[$cptId] = $queryResult->docserver_type_id;
$cptId++;
}
- $db->disconnect();
return $result;
} else {
- $db->disconnect();
return null;
}
}
}
-
-?>
diff --git a/core/trunk/core/class/docservers_controler.php b/core/trunk/core/class/docservers_controler.php
index 8c508d99831eae26e29470767f533bd80de25374..7586aebc506509c6dba525a9a9e93af89a9c5295 100644
--- a/core/trunk/core/class/docservers_controler.php
+++ b/core/trunk/core/class/docservers_controler.php
@@ -529,13 +529,11 @@ class docservers_controler
);
return $control;
}
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
$query = "delete from " . _DOCSERVERS_TABLE_NAME
- . " where docserver_id ='"
- . $func->protect_string_db($docserver->docserver_id) . "'";
+ . " where docserver_id = ?";
try {
- $db->query($query);
+ $stmt = $db->query($query, array($docserver->docserver_id));
} catch (Exception $e) {
$control = array(
'status' => 'ko',
@@ -544,7 +542,6 @@ class docservers_controler
. ' ' . $docserver->docserver_id,
);
}
- $db->disconnect();
$control = array(
'status' => 'ok',
'value' => $docserver->docserver_id,
@@ -701,20 +698,17 @@ class docservers_controler
if (!isset($docserver_id) || empty($docserver_id)) {
return false;
}
- $db = new dbquery();
- $db->connect();
+ $db = new Database();
$query = "select docserver_id from " . _DOCSERVERS_TABLE_NAME
- . " where docserver_id = '" . $docserver_id . "'";
+ . " where docserver_id = ?";
try{
- $db->query($query);
+ $stmt = $db->query($query, array($docserver_id));
} catch (Exception $e) {
echo _UNKNOWN . _DOCSERVER . ' ' . functions::xssafe($docserver_id) . ' // ';
}
- if ($db->nb_result() > 0) {
- $db->disconnect();
+ if ($stmt->rowCount() > 0) {
return true;
}
- $db->disconnect();
return false;
}