123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379 |
- <?php
- // db settings
- $dbserver = 'localhost';
- $dbuser = 'root';
- $dbpassword = 'root';
-
- error_reporting(E_ALL);
-
- /*
- Simple protocol:
- - Inputs via POST variables.
- - Output is a string that can be evaluated into a JSON
- First element of the array contains return status.
-
- This simplified tutorial code should not be deployed without a security review.
- */
-
- @include "json.php";
-
- // set up response encoding
- header("Content-Type: text/html; charset=utf-8");
- // util
- function getPostString($inName) {
- // make sure input strings are 'clean'
- return mysql_real_escape_string(@$_POST[$inName]);
- }
-
- // used for json encoding
- $json = new Services_JSON();
-
- function echoJson($inData) {
- global $json;
- // delay in ms
- $delay = getPostString('delay');
- if (!empty($delay))
- usleep($delay * 1000);
- echo '/* ' . $json->encode($inData) . ' */';
- }
-
- function error($inMessage) {
- $inMessage = str_replace('"', '\\"', $inMessage);
- error_log($inMessage);
- //echo '/* ({error: true, message: "' . $inMessage . '"}) */';
- echoJson(array('error' => true, 'message' => $inMessage));
- exit;
- }
- function getArray($inResult, $inArray="true") {
- $o = Array();
- while ($row = ($inArray ? mysql_fetch_row($inResult) : mysql_fetch_object($inResult)))
- $o[] = $row;
- return $o;
- }
-
- // connect to DB
- mysql_connect($dbserver, $dbuser, $dbpassword);
- // select DB
- $database = getPostString("database");
- $database = ($database ? $database : $db);
- if (!mysql_select_db($database))
- error('failed to select db: ' . mysql_error());
- // select table
- $table = getPostString("table");
- $table = ($table ? $table : $dbtable);
- // cache
- $colCache = NULL;
- $pkCache = NULL;
- // set UTF8 output (MySql > 4.0)
- mysql_query("SET NAMES UTF8");
-
- // server, database, table meta data
- function getDatabases() {
- $result = mysql_query("SHOW DATABASES");
- $output = Array();
- while ($row = mysql_fetch_row($result)) {
- $r = strtolower($row[0]);
- if ($r != 'mysql' && $r != 'information_schema')
- $output[] = $row[0];
- }
- return $output;
- }
-
- function getTables() {
- global $database;
- $result = mysql_query("SHOW TABLES FROM $database");
- $output = Array();
- while ($row = mysql_fetch_row($result))
- $output[] = $row[0];
- return $output;
- }
-
- function getColumns() {
- global $table, $colCache;
- if (!$colCache) {
- $result = mysql_query("SHOW COLUMNS FROM `$table`");
- return getArray($result, false);
- $colCache = getArray($result, false);
- }
- return $colCache;
- }
-
- // returns object: $this->name, $this->index
- function getPk() {
- global $pkCache;
- if (!$pkCache) {
- $k = '';
- $columns = getColumns();
- for ($i=0; $i < count($columns); $i++) {
- $c = $columns[$i];
- if ($c->Key == 'PRI') {
- $k = $c->Field;
- break;
- }
- }
- $pkCache->index = $i;
- $pkCache->name = $k;
- }
- return $pkCache;
- }
-
- function getTableInfo() {
- global $table, $database;
- $c = getColumns();
- $r = rowcount();
- return array("count" => $r, "columns" => $c, "database" => $database, "table" => $table);
- }
-
- function getOldPostPkValue() {
- $pk = getPk();
- return getPostString('_o' . $pk->index);
- }
-
- function getNewPostPkValue() {
- $pk = getPk();
- return getPostString('_' . $pk->index);
- }
-
- function getPostColumns() {
- $columns = getColumns();
- for ($i=0, $a=array(), $p; (($p=getPostString("_".$i)) != ''); $i++) {
- $r = new stdClass();
- $r->name = $columns[$i]->Field;
- $r->value = $p;
- $a[] = $r;
- }
- return $a;
- }
-
- function getOrderBy() {
- $ob = getPostString("orderby");
- if (is_numeric($ob)) {
- $columns = getColumns();
- $ob = $columns[intval($ob)-1]->Field;
- }
- return $ob;
- }
-
- function getWhere() {
- $w = getPostString("where");
- return ($w ? " WHERE $w" : "");
- }
-
- // basic operations
- function rowcount() {
- global $table;
- $query = "SELECT COUNT(*) FROM `$table`" . getWhere();
- $result = mysql_query($query);
- if (!$result)
- error("failed to perform query: $query. " . mysql_error());
- if ($row = mysql_fetch_row($result))
- return $row[0];
- else
- return 0;
- }
-
- function select($inQuery = '') {
- global $table;
- // built limit clause
- $lim = (int)getPostString("limit");
- $off = (int)getPostString("offset");
- $limit = ($lim || $off ? " LIMIT $off, $lim" : "");
- // build order by clause
- $desc = (boolean)getPostString("desc");
- $ob = getOrderBy();
- $orderby = ($ob ? " ORDER BY `" . $ob . "`" . ($desc ? " DESC" : "") : "");
- // build query
- $query = ($inQuery ? $inQuery : "SELECT * FROM `$table`" . getWhere() . $orderby . $limit);
- // execute query
- if (!$result = mysql_query($query))
- error("failed to perform query: $query. " . mysql_error());
- // fetch each result row
- return getArray($result);
- }
- function reflectRow() {
- global $table;
- $pk = getPk();
- $key = getNewPostPkValue();
- $where = "`$pk->name`=\"$key\"";
- return select("SELECT * FROM `$table` WHERE $where LIMIT 1");
- }
-
- function update() {
- // build set clause
- for ($i=0, $set = array(), $cols = getPostColumns(), $v; ($v=$cols[$i]); $i++)
- $set[] = "`$v->name` = '$v->value'";
- $set = implode(', ', $set);
- // our table
- global $table;
- // build query
- $pk = getPk();
- $pkValue = getOldPostPkValue();
- $query = "UPDATE `$table` SET $set WHERE `$pk->name` = '$pkValue' LIMIT 1";
- // execute query
- if (!mysql_query($query))
- error("failed to perform query: [$query]. " .
- "MySql says: [" . mysql_error() ."]");
- else {
- return reflectRow();
- }
- }
-
- function insert() {
- global $table;
- // build values clause
- for ($i=0, $values = array(), $cols = getPostColumns(), $v; ($v=$cols[$i]); $i++)
- $values[] = $v->value;
- $values = '"' . implode('", "', $values) . '"';
- // build query
- $query = "INSERT INTO `$table` VALUES($values)";
- // execute query
- if (!mysql_query($query))
- error("failed to perform query: [$query]. " .
- "MySql says: [" . mysql_error() ."]");
- else {
- return reflectRow();
- }
- }
-
- function delete() {
- global $table;
- // build query
- $n = getPostString("count");
- $pk = getPk();
- for ($i = 0, $deleted=array(); $i < $n; $i++) {
- $key = getPostString("_$i");
- array_push($deleted, $key);
- $query = "DELETE FROM `$table` WHERE `$pk->name`=\"$key\" LIMIT 1";
- // execute query
- if (!mysql_query($query) || mysql_affected_rows() != 1)
- error("failed to perform query: [$query]. " .
- "Affected rows: " . mysql_affected_rows() .". " .
- "MySql says: [" . mysql_error() ."]");
- }
- return $deleted;
- }
-
- // find (full text search)
- function findData($inFindCol, $inFind, $inOrderBy, $inFullText) {
- global $table;
- $where = ($inFullText ? "WHERE MATCH(`$inFindCol`) AGAINST ('$inFind')" : "WHERE $inFindCol LIKE '$inFind'");
- $query = "SELECT * FROM $table $where $inOrderBy";
- $result = mysql_query($query);
- // return rows
- return getArray($result);
- }
-
- // binary search through sorted data, supports start point ($inFindFrom) and direction ($inFindForward)
- function findRow($inData, $inFindFrom=-1, $inFindForward) {
- $b = -1;
- $l = count($inData);
- if (!$inData)
- return $b;
- if (!$inFindFrom==-1 || $l < 2)
- $b = 0;
- else {
- // binary search
- $t = $l-1;
- $b = 0;
- while ($b <= $t) {
- $p = floor(($b+$t)/2);
- $d = $inData[$p][0];
- if ($d < $inFindFrom)
- $b = $p + 1;
- else if ($d > $inFindFrom)
- $t = $p - 1;
- else {
- $b = $p;
- break;
- }
- }
- if ($inFindFrom == $inData[$b][0]) {
- // add or subtract 1
- $b = ($inFindForward ? ($b+1 > $l-1 ? 0 : $b+1) : ($b-1 < 0 ? $l-1 : $b-1) );
- }
- else if (!$inFindForward)
- // subtract 1
- $b = ($b-1 < 0 ? $l-1 : $b-1);
- }
- return $inData[$b][0];
- }
-
- function buildFindWhere($inFindData, $inKey, $inCol) {
- $o = Array();
- foreach($inFindData as $row)
- $o[] = $inCol . "='" . $row[$inKey] . "'";
- return (count($o) ? ' WHERE ' . implode(' OR ', $o) : '');
- }
-
- function find($inFindCol, $inFind='', $inOb='', $inFindFrom=0, $inFindForward=true, $inFullText=true) {
- global $table;
- // build order by clause
- $desc = (boolean)getPostString("desc");
- if (!$inOb)
- $inOb = getOrderBy();
- if ($inOb)
- $inOb = "`" . $inOb . "`" ;
- $orderby = ($inOb ? " ORDER BY $inOb " . ($desc ? " DESC" : "") : "");
- // update inputs from post
- if (!$inFind)
- $inFind = getPostString('findText');
- if (!$inFindCol)
- $inFindCol = getPostString('findCol');
- if (empty($inFindFrom))
- $inFindFrom = getPostString('findFrom');
- $ff = getPostString('findForward');
- if ($ff)
- $inFindForward = (strtolower($ff) == 'true' ? true : false);
- $ft = getPostString('findFullText');
- if ($ft)
- $inFullText = (strtolower($ft) == 'true' ? true : false);
-
- // get find data
- $f = findData($inFindCol, $inFind, $orderby, $inFullText);
- $pk = getPk();
- // execute query
- $where = buildFindWhere($f, $pk->index, 'f');
- $query = "SELECT Row, f FROM (SELECT @row := @row + 1 AS Row, $pk->name as f FROM `$table` $orderby) AS tempTable $where";
- mysql_query('SET @row = -1;');
- if (!$result = mysql_query($query))
- error("failed to perform query: $query. " . mysql_error());
-
- // return row number
- return findRow(getArray($result), $inFindFrom, $inFindForward);
- }
-
- // our command list
- $cmds = array(
- "count" => "rowcount",
- "select" => "select",
- "update" => "update",
- "insert" => "insert",
- "delete" => "delete",
- "find" => "find",
- "databases" => "getDatabases",
- "tables" => "getTables",
- "columns" => "getColumns",
- "info" => "getTableInfo"
- );
-
- // process input params
- $cmd = @$_POST["command"];
-
- //$cmd="select";
-
- // dispatch command
- $func = @$cmds[$cmd];
- if (function_exists($func))
- echoJson(call_user_func($func));
- else
- error("bad command");
- ?>
|