[!!!][TASK] Remove deprecated code from sysext core
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Database / DatabaseConnection.php
1 <?php
2 namespace TYPO3\CMS\Core\Database;
3
4 /**
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Utility\GeneralUtility;
18
19 /**
20 * Contains the class "DatabaseConnection" containing functions for building SQL queries
21 * and mysqli wrappers, thus providing a foundational API to all database
22 * interaction.
23 * This class is instantiated globally as $TYPO3_DB in TYPO3 scripts.
24 *
25 * TYPO3 "database wrapper" class (new in 3.6.0)
26 * This class contains
27 * - abstraction functions for executing INSERT/UPDATE/DELETE/SELECT queries ("Query execution"; These are REQUIRED for all future connectivity to the database, thus ensuring DBAL compliance!)
28 * - functions for building SQL queries (INSERT/UPDATE/DELETE/SELECT) ("Query building"); These are transitional functions for building SQL queries in a more automated way. Use these to build queries instead of doing it manually in your code!
29 * - mysqli wrapper functions; These are transitional functions. By a simple search/replace you should be able to substitute all mysql*() calls with $GLOBALS['TYPO3_DB']->sql*() and your application will work out of the box. YOU CANNOT (legally) use any mysqli functions not found as wrapper functions in this class!
30 * See the Project Coding Guidelines (doc_core_cgl) for more instructions on best-practise
31 *
32 * This class is not in itself a complete database abstraction layer but can be extended to be a DBAL (by extensions, see "dbal" for example)
33 * ALL connectivity to the database in TYPO3 must be done through this class!
34 * The points of this class are:
35 * - To direct all database calls through this class so it becomes possible to implement DBAL with extensions.
36 * - To keep it very easy to use for developers used to MySQL in PHP - and preserve as much performance as possible when TYPO3 is used with MySQL directly...
37 * - To create an interface for DBAL implemented by extensions; (Eg. making possible escaping characters, clob/blob handling, reserved words handling)
38 * - Benchmarking the DB bottleneck queries will become much easier; Will make it easier to find optimization possibilities.
39 *
40 * USE:
41 * In all TYPO3 scripts the global variable $TYPO3_DB is an instance of this class. Use that.
42 * Eg. $GLOBALS['TYPO3_DB']->sql_fetch_assoc()
43 *
44 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
45 */
46 class DatabaseConnection {
47
48 /**
49 * The AND constraint in where clause
50 *
51 * @var string
52 */
53 const AND_Constraint = 'AND';
54
55 /**
56 * The OR constraint in where clause
57 *
58 * @var string
59 */
60 const OR_Constraint = 'OR';
61
62 // Set "TRUE" or "1" if you want database errors outputted. Set to "2" if you also want successful database actions outputted.
63 /**
64 * @var bool
65 */
66 public $debugOutput = FALSE;
67
68 // Internally: Set to last built query (not necessarily executed...)
69 /**
70 * @var string
71 */
72 public $debug_lastBuiltQuery = '';
73
74 // Set "TRUE" if you want the last built query to be stored in $debug_lastBuiltQuery independent of $this->debugOutput
75 /**
76 * @var bool
77 */
78 public $store_lastBuiltQuery = FALSE;
79
80 // Set this to 1 to get queries explained (devIPmask must match). Set the value to 2 to the same but disregarding the devIPmask.
81 // There is an alternative option to enable explain output in the admin panel under "TypoScript", which will produce much nicer output, but only works in FE.
82 /**
83 * @var bool
84 */
85 public $explainOutput = 0;
86
87 /**
88 * @var string Database host to connect to
89 */
90 protected $databaseHost = '';
91
92 /**
93 * @var int Database port to connect to
94 */
95 protected $databasePort = 3306;
96
97 /**
98 * @var string|NULL Database socket to connect to
99 */
100 protected $databaseSocket = NULL;
101
102 /**
103 * @var string Database name to connect to
104 */
105 protected $databaseName = '';
106
107 /**
108 * @var string Database user to connect with
109 */
110 protected $databaseUsername = '';
111
112 /**
113 * @var string Database password to connect with
114 */
115 protected $databaseUserPassword = '';
116
117 /**
118 * @var bool TRUE if database connection should be persistent
119 * @see http://php.net/manual/de/mysqli.persistconns.php
120 */
121 protected $persistentDatabaseConnection = FALSE;
122
123 /**
124 * @var bool TRUE if connection between client and sql server is compressed
125 */
126 protected $connectionCompression = FALSE;
127
128 /**
129 * The charset for the connection; will be passed on to
130 * mysqli_set_charset during connection initialization.
131 *
132 * @var string
133 */
134 protected $connectionCharset = 'utf8';
135
136 /**
137 * @var array List of commands executed after connection was established
138 */
139 protected $initializeCommandsAfterConnect = array();
140
141 /**
142 * @var bool TRUE if database connection is established
143 */
144 protected $isConnected = FALSE;
145
146 /**
147 * @var \mysqli $link Default database link object
148 */
149 protected $link = NULL;
150
151 // Default character set, applies unless character set or collation are explicitly set
152 /**
153 * @var string
154 */
155 public $default_charset = 'utf8';
156
157 /**
158 * @var array<PostProcessQueryHookInterface>
159 */
160 protected $preProcessHookObjects = array();
161
162 /**
163 * @var array<PreProcessQueryHookInterface>
164 */
165 protected $postProcessHookObjects = array();
166
167
168 /**
169 * Initialize the database connection
170 *
171 * @return void
172 */
173 public function initialize() {
174 // Intentionally blank as this will be overloaded by DBAL
175 }
176
177 /************************************
178 *
179 * Query execution
180 *
181 * These functions are the RECOMMENDED DBAL functions for use in your applications
182 * Using these functions will allow the DBAL to use alternative ways of accessing data (contrary to if a query is returned!)
183 * They compile a query AND execute it immediately and then return the result
184 * This principle heightens our ability to create various forms of DBAL of the functions.
185 * Generally: We want to return a result pointer/object, never queries.
186 * Also, having the table name together with the actual query execution allows us to direct the request to other databases.
187 *
188 **************************************/
189
190 /**
191 * Creates and executes an INSERT SQL-statement for $table from the array with field/value pairs $fields_values.
192 * Using this function specifically allows us to handle BLOB and CLOB fields depending on DB
193 *
194 * @param string $table Table name
195 * @param array $fields_values Field values as key=>value pairs. Values will be escaped internally. Typically you would fill an array like "$insertFields" with 'fieldname'=>'value' and pass it to this function as argument.
196 * @param bool $no_quote_fields See fullQuoteArray()
197 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
198 */
199 public function exec_INSERTquery($table, $fields_values, $no_quote_fields = FALSE) {
200 $res = $this->query($this->INSERTquery($table, $fields_values, $no_quote_fields));
201 if ($this->debugOutput) {
202 $this->debug('exec_INSERTquery');
203 }
204 foreach ($this->postProcessHookObjects as $hookObject) {
205 /** @var $hookObject PostProcessQueryHookInterface */
206 $hookObject->exec_INSERTquery_postProcessAction($table, $fields_values, $no_quote_fields, $this);
207 }
208 return $res;
209 }
210
211 /**
212 * Creates and executes an INSERT SQL-statement for $table with multiple rows.
213 *
214 * @param string $table Table name
215 * @param array $fields Field names
216 * @param array $rows Table rows. Each row should be an array with field values mapping to $fields
217 * @param bool $no_quote_fields See fullQuoteArray()
218 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
219 */
220 public function exec_INSERTmultipleRows($table, array $fields, array $rows, $no_quote_fields = FALSE) {
221 $res = $this->query($this->INSERTmultipleRows($table, $fields, $rows, $no_quote_fields));
222 if ($this->debugOutput) {
223 $this->debug('exec_INSERTmultipleRows');
224 }
225 foreach ($this->postProcessHookObjects as $hookObject) {
226 /** @var $hookObject PostProcessQueryHookInterface */
227 $hookObject->exec_INSERTmultipleRows_postProcessAction($table, $fields, $rows, $no_quote_fields, $this);
228 }
229 return $res;
230 }
231
232 /**
233 * Creates and executes an UPDATE SQL-statement for $table where $where-clause (typ. 'uid=...') from the array with field/value pairs $fields_values.
234 * Using this function specifically allow us to handle BLOB and CLOB fields depending on DB
235 *
236 * @param string $table Database tablename
237 * @param string $where WHERE clause, eg. "uid=1". NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself!
238 * @param array $fields_values Field values as key=>value pairs. Values will be escaped internally. Typically you would fill an array like "$updateFields" with 'fieldname'=>'value' and pass it to this function as argument.
239 * @param bool $no_quote_fields See fullQuoteArray()
240 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
241 */
242 public function exec_UPDATEquery($table, $where, $fields_values, $no_quote_fields = FALSE) {
243 $res = $this->query($this->UPDATEquery($table, $where, $fields_values, $no_quote_fields));
244 if ($this->debugOutput) {
245 $this->debug('exec_UPDATEquery');
246 }
247 foreach ($this->postProcessHookObjects as $hookObject) {
248 /** @var $hookObject PostProcessQueryHookInterface */
249 $hookObject->exec_UPDATEquery_postProcessAction($table, $where, $fields_values, $no_quote_fields, $this);
250 }
251 return $res;
252 }
253
254 /**
255 * Creates and executes a DELETE SQL-statement for $table where $where-clause
256 *
257 * @param string $table Database tablename
258 * @param string $where WHERE clause, eg. "uid=1". NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself!
259 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
260 */
261 public function exec_DELETEquery($table, $where) {
262 $res = $this->query($this->DELETEquery($table, $where));
263 if ($this->debugOutput) {
264 $this->debug('exec_DELETEquery');
265 }
266 foreach ($this->postProcessHookObjects as $hookObject) {
267 /** @var $hookObject PostProcessQueryHookInterface */
268 $hookObject->exec_DELETEquery_postProcessAction($table, $where, $this);
269 }
270 return $res;
271 }
272
273 /**
274 * Creates and executes a SELECT SQL-statement
275 * Using this function specifically allow us to handle the LIMIT feature independently of DB.
276 *
277 * @param string $select_fields List of fields to select from the table. This is what comes right after "SELECT ...". Required value.
278 * @param string $from_table Table(s) from which to select. This is what comes right after "FROM ...". Required value.
279 * @param string $where_clause Additional WHERE clauses put in the end of the query. NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself! DO NOT PUT IN GROUP BY, ORDER BY or LIMIT!
280 * @param string $groupBy Optional GROUP BY field(s), if none, supply blank string.
281 * @param string $orderBy Optional ORDER BY field(s), if none, supply blank string.
282 * @param string $limit Optional LIMIT value ([begin,]max), if none, supply blank string.
283 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
284 */
285 public function exec_SELECTquery($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $limit = '') {
286 $query = $this->SELECTquery($select_fields, $from_table, $where_clause, $groupBy, $orderBy, $limit);
287 $res = $this->query($query);
288 if ($this->debugOutput) {
289 $this->debug('exec_SELECTquery');
290 }
291 if ($this->explainOutput) {
292 $this->explain($query, $from_table, $res->num_rows);
293 }
294 foreach ($this->postProcessHookObjects as $hookObject) {
295 /** @var $hookObject PostProcessQueryHookInterface */
296 $hookObject->exec_SELECTquery_postProcessAction($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $limit = '', $this);
297 }
298 return $res;
299 }
300
301 /**
302 * Creates and executes a SELECT query, selecting fields ($select) from two/three tables joined
303 * Use $mm_table together with $local_table or $foreign_table to select over two tables. Or use all three tables to select the full MM-relation.
304 * The JOIN is done with [$local_table].uid <--> [$mm_table].uid_local / [$mm_table].uid_foreign <--> [$foreign_table].uid
305 * The function is very useful for selecting MM-relations between tables adhering to the MM-format used by TCE (TYPO3 Core Engine). See the section on $GLOBALS['TCA'] in Inside TYPO3 for more details.
306 *
307 * @param string $select Field list for SELECT
308 * @param string $local_table Tablename, local table
309 * @param string $mm_table Tablename, relation table
310 * @param string $foreign_table Tablename, foreign table
311 * @param string $whereClause Optional additional WHERE clauses put in the end of the query. NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself! DO NOT PUT IN GROUP BY, ORDER BY or LIMIT! You have to prepend 'AND ' to this parameter yourself!
312 * @param string $groupBy Optional GROUP BY field(s), if none, supply blank string.
313 * @param string $orderBy Optional ORDER BY field(s), if none, supply blank string.
314 * @param string $limit Optional LIMIT value ([begin,]max), if none, supply blank string.
315 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
316 * @see exec_SELECTquery()
317 */
318 public function exec_SELECT_mm_query($select, $local_table, $mm_table, $foreign_table, $whereClause = '', $groupBy = '', $orderBy = '', $limit = '') {
319 $foreign_table_as = $foreign_table == $local_table ? $foreign_table . str_replace('.', '', uniqid('_join', TRUE)) : '';
320 $mmWhere = $local_table ? $local_table . '.uid=' . $mm_table . '.uid_local' : '';
321 $mmWhere .= ($local_table and $foreign_table) ? ' AND ' : '';
322 $tables = ($local_table ? $local_table . ',' : '') . $mm_table;
323 if ($foreign_table) {
324 $mmWhere .= ($foreign_table_as ?: $foreign_table) . '.uid=' . $mm_table . '.uid_foreign';
325 $tables .= ',' . $foreign_table . ($foreign_table_as ? ' AS ' . $foreign_table_as : '');
326 }
327 return $this->exec_SELECTquery($select, $tables, $mmWhere . ' ' . $whereClause, $groupBy, $orderBy, $limit);
328 }
329
330 /**
331 * Executes a select based on input query parts array
332 *
333 * @param array $queryParts Query parts array
334 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
335 * @see exec_SELECTquery()
336 */
337 public function exec_SELECT_queryArray($queryParts) {
338 return $this->exec_SELECTquery($queryParts['SELECT'], $queryParts['FROM'], $queryParts['WHERE'], $queryParts['GROUPBY'], $queryParts['ORDERBY'], $queryParts['LIMIT']);
339 }
340
341 /**
342 * Creates and executes a SELECT SQL-statement AND traverse result set and returns array with records in.
343 *
344 * @param string $select_fields See exec_SELECTquery()
345 * @param string $from_table See exec_SELECTquery()
346 * @param string $where_clause See exec_SELECTquery()
347 * @param string $groupBy See exec_SELECTquery()
348 * @param string $orderBy See exec_SELECTquery()
349 * @param string $limit See exec_SELECTquery()
350 * @param string $uidIndexField If set, the result array will carry this field names value as index. Requires that field to be selected of course!
351 * @return array|NULL Array of rows, or NULL in case of SQL error
352 */
353 public function exec_SELECTgetRows($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $limit = '', $uidIndexField = '') {
354 $res = $this->exec_SELECTquery($select_fields, $from_table, $where_clause, $groupBy, $orderBy, $limit);
355 if ($this->debugOutput) {
356 $this->debug('exec_SELECTquery');
357 }
358 if (!$this->sql_error()) {
359 $output = array();
360 if ($uidIndexField) {
361 while ($tempRow = $this->sql_fetch_assoc($res)) {
362 $output[$tempRow[$uidIndexField]] = $tempRow;
363 }
364 } else {
365 while ($output[] = $this->sql_fetch_assoc($res)) {
366
367 }
368 array_pop($output);
369 }
370 $this->sql_free_result($res);
371 } else {
372 $output = NULL;
373 }
374 return $output;
375 }
376
377 /**
378 * Creates and executes a SELECT SQL-statement AND gets a result set and returns an array with a single record in.
379 * LIMIT is automatically set to 1 and can not be overridden.
380 *
381 * @param string $select_fields List of fields to select from the table.
382 * @param string $from_table Table(s) from which to select.
383 * @param string $where_clause Optional additional WHERE clauses put in the end of the query. NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself!
384 * @param string $groupBy Optional GROUP BY field(s), if none, supply blank string.
385 * @param string $orderBy Optional ORDER BY field(s), if none, supply blank string.
386 * @param bool $numIndex If set, the result will be fetched with sql_fetch_row, otherwise sql_fetch_assoc will be used.
387 * @return array|FALSE|NULL Single row, FALSE on empty result, NULL on error
388 */
389 public function exec_SELECTgetSingleRow($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $numIndex = FALSE) {
390 $res = $this->exec_SELECTquery($select_fields, $from_table, $where_clause, $groupBy, $orderBy, '1');
391 if ($this->debugOutput) {
392 $this->debug('exec_SELECTquery');
393 }
394 $output = NULL;
395 if ($res !== FALSE) {
396 if ($numIndex) {
397 $output = $this->sql_fetch_row($res);
398 } else {
399 $output = $this->sql_fetch_assoc($res);
400 }
401 $this->sql_free_result($res);
402 }
403 return $output;
404 }
405
406 /**
407 * Counts the number of rows in a table.
408 *
409 * @param string $field Name of the field to use in the COUNT() expression (e.g. '*')
410 * @param string $table Name of the table to count rows for
411 * @param string $where (optional) WHERE statement of the query
412 * @return mixed Number of rows counter (integer) or FALSE if something went wrong (boolean)
413 */
414 public function exec_SELECTcountRows($field, $table, $where = '') {
415 $count = FALSE;
416 $resultSet = $this->exec_SELECTquery('COUNT(' . $field . ')', $table, $where);
417 if ($resultSet !== FALSE) {
418 list($count) = $this->sql_fetch_row($resultSet);
419 $count = (int)$count;
420 $this->sql_free_result($resultSet);
421 }
422 return $count;
423 }
424
425 /**
426 * Truncates a table.
427 *
428 * @param string $table Database tablename
429 * @return mixed Result from handler
430 */
431 public function exec_TRUNCATEquery($table) {
432 $res = $this->query($this->TRUNCATEquery($table));
433 if ($this->debugOutput) {
434 $this->debug('exec_TRUNCATEquery');
435 }
436 foreach ($this->postProcessHookObjects as $hookObject) {
437 /** @var $hookObject PostProcessQueryHookInterface */
438 $hookObject->exec_TRUNCATEquery_postProcessAction($table, $this);
439 }
440 return $res;
441 }
442
443 /**
444 * Central query method. Also checks if there is a database connection.
445 * Use this to execute database queries instead of directly calling $this->link->query()
446 *
447 * @param string $query The query to send to the database
448 * @return bool|\mysqli_result
449 */
450 protected function query($query) {
451 if (!$this->isConnected) {
452 $this->connectDB();
453 }
454 return $this->link->query($query);
455 }
456
457 /**************************************
458 *
459 * Query building
460 *
461 **************************************/
462 /**
463 * Creates an INSERT SQL-statement for $table from the array with field/value pairs $fields_values.
464 *
465 * @param string $table See exec_INSERTquery()
466 * @param array $fields_values See exec_INSERTquery()
467 * @param bool $no_quote_fields See fullQuoteArray()
468 * @return string|NULL Full SQL query for INSERT, NULL if $fields_values is empty
469 */
470 public function INSERTquery($table, $fields_values, $no_quote_fields = FALSE) {
471 // Table and fieldnames should be "SQL-injection-safe" when supplied to this
472 // function (contrary to values in the arrays which may be insecure).
473 if (!is_array($fields_values) || count($fields_values) === 0) {
474 return NULL;
475 }
476 foreach ($this->preProcessHookObjects as $hookObject) {
477 $hookObject->INSERTquery_preProcessAction($table, $fields_values, $no_quote_fields, $this);
478 }
479 // Quote and escape values
480 $fields_values = $this->fullQuoteArray($fields_values, $table, $no_quote_fields, TRUE);
481 // Build query
482 $query = 'INSERT INTO ' . $table . ' (' . implode(',', array_keys($fields_values)) . ') VALUES ' . '(' . implode(',', $fields_values) . ')';
483 // Return query
484 if ($this->debugOutput || $this->store_lastBuiltQuery) {
485 $this->debug_lastBuiltQuery = $query;
486 }
487 return $query;
488 }
489
490 /**
491 * Creates an INSERT SQL-statement for $table with multiple rows.
492 *
493 * @param string $table Table name
494 * @param array $fields Field names
495 * @param array $rows Table rows. Each row should be an array with field values mapping to $fields
496 * @param bool $no_quote_fields See fullQuoteArray()
497 * @return string|NULL Full SQL query for INSERT, NULL if $rows is empty
498 */
499 public function INSERTmultipleRows($table, array $fields, array $rows, $no_quote_fields = FALSE) {
500 // Table and fieldnames should be "SQL-injection-safe" when supplied to this
501 // function (contrary to values in the arrays which may be insecure).
502 if (count($rows) === 0) {
503 return NULL;
504 }
505 foreach ($this->preProcessHookObjects as $hookObject) {
506 /** @var $hookObject PreProcessQueryHookInterface */
507 $hookObject->INSERTmultipleRows_preProcessAction($table, $fields, $rows, $no_quote_fields, $this);
508 }
509 // Build query
510 $query = 'INSERT INTO ' . $table . ' (' . implode(', ', $fields) . ') VALUES ';
511 $rowSQL = array();
512 foreach ($rows as $row) {
513 // Quote and escape values
514 $row = $this->fullQuoteArray($row, $table, $no_quote_fields);
515 $rowSQL[] = '(' . implode(', ', $row) . ')';
516 }
517 $query .= implode(', ', $rowSQL);
518 // Return query
519 if ($this->debugOutput || $this->store_lastBuiltQuery) {
520 $this->debug_lastBuiltQuery = $query;
521 }
522 return $query;
523 }
524
525 /**
526 * Creates an UPDATE SQL-statement for $table where $where-clause (typ. 'uid=...') from the array with field/value pairs $fields_values.
527 *
528 *
529 * @param string $table See exec_UPDATEquery()
530 * @param string $where See exec_UPDATEquery()
531 * @param array $fields_values See exec_UPDATEquery()
532 * @param bool $no_quote_fields
533 * @throws \InvalidArgumentException
534 * @return string Full SQL query for UPDATE
535 */
536 public function UPDATEquery($table, $where, $fields_values, $no_quote_fields = FALSE) {
537 // Table and fieldnames should be "SQL-injection-safe" when supplied to this
538 // function (contrary to values in the arrays which may be insecure).
539 if (is_string($where)) {
540 foreach ($this->preProcessHookObjects as $hookObject) {
541 /** @var $hookObject PreProcessQueryHookInterface */
542 $hookObject->UPDATEquery_preProcessAction($table, $where, $fields_values, $no_quote_fields, $this);
543 }
544 $fields = array();
545 if (is_array($fields_values) && count($fields_values)) {
546 // Quote and escape values
547 $nArr = $this->fullQuoteArray($fields_values, $table, $no_quote_fields, TRUE);
548 foreach ($nArr as $k => $v) {
549 $fields[] = $k . '=' . $v;
550 }
551 }
552 // Build query
553 $query = 'UPDATE ' . $table . ' SET ' . implode(',', $fields) . ((string)$where !== '' ? ' WHERE ' . $where : '');
554 if ($this->debugOutput || $this->store_lastBuiltQuery) {
555 $this->debug_lastBuiltQuery = $query;
556 }
557 return $query;
558 } else {
559 throw new \InvalidArgumentException('TYPO3 Fatal Error: "Where" clause argument for UPDATE query was not a string in $this->UPDATEquery() !', 1270853880);
560 }
561 }
562
563 /**
564 * Creates a DELETE SQL-statement for $table where $where-clause
565 *
566 * @param string $table See exec_DELETEquery()
567 * @param string $where See exec_DELETEquery()
568 * @return string Full SQL query for DELETE
569 * @throws \InvalidArgumentException
570 */
571 public function DELETEquery($table, $where) {
572 if (is_string($where)) {
573 foreach ($this->preProcessHookObjects as $hookObject) {
574 /** @var $hookObject PreProcessQueryHookInterface */
575 $hookObject->DELETEquery_preProcessAction($table, $where, $this);
576 }
577 // Table and fieldnames should be "SQL-injection-safe" when supplied to this function
578 $query = 'DELETE FROM ' . $table . ((string)$where !== '' ? ' WHERE ' . $where : '');
579 if ($this->debugOutput || $this->store_lastBuiltQuery) {
580 $this->debug_lastBuiltQuery = $query;
581 }
582 return $query;
583 } else {
584 throw new \InvalidArgumentException('TYPO3 Fatal Error: "Where" clause argument for DELETE query was not a string in $this->DELETEquery() !', 1270853881);
585 }
586 }
587
588 /**
589 * Creates a SELECT SQL-statement
590 *
591 * @param string $select_fields See exec_SELECTquery()
592 * @param string $from_table See exec_SELECTquery()
593 * @param string $where_clause See exec_SELECTquery()
594 * @param string $groupBy See exec_SELECTquery()
595 * @param string $orderBy See exec_SELECTquery()
596 * @param string $limit See exec_SELECTquery()
597 * @return string Full SQL query for SELECT
598 */
599 public function SELECTquery($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $limit = '') {
600 foreach ($this->preProcessHookObjects as $hookObject) {
601 /** @var $hookObject PreProcessQueryHookInterface */
602 $hookObject->SELECTquery_preProcessAction($select_fields, $from_table, $where_clause, $groupBy, $orderBy, $limit, $this);
603 }
604 // Table and fieldnames should be "SQL-injection-safe" when supplied to this function
605 // Build basic query
606 $query = 'SELECT ' . $select_fields . ' FROM ' . $from_table . ((string)$where_clause !== '' ? ' WHERE ' . $where_clause : '');
607 // Group by
608 $query .= (string)$groupBy !== '' ? ' GROUP BY ' . $groupBy : '';
609 // Order by
610 $query .= (string)$orderBy !== '' ? ' ORDER BY ' . $orderBy : '';
611 // Group by
612 $query .= (string)$limit !== '' ? ' LIMIT ' . $limit : '';
613 // Return query
614 if ($this->debugOutput || $this->store_lastBuiltQuery) {
615 $this->debug_lastBuiltQuery = $query;
616 }
617 return $query;
618 }
619
620 /**
621 * Creates a SELECT SQL-statement to be used as subquery within another query.
622 * BEWARE: This method should not be overriden within DBAL to prevent quoting from happening.
623 *
624 * @param string $select_fields List of fields to select from the table.
625 * @param string $from_table Table from which to select.
626 * @param string $where_clause Conditional WHERE statement
627 * @return string Full SQL query for SELECT
628 */
629 public function SELECTsubquery($select_fields, $from_table, $where_clause) {
630 // Table and fieldnames should be "SQL-injection-safe" when supplied to this function
631 // Build basic query:
632 $query = 'SELECT ' . $select_fields . ' FROM ' . $from_table . ((string)$where_clause !== '' ? ' WHERE ' . $where_clause : '');
633 // Return query
634 if ($this->debugOutput || $this->store_lastBuiltQuery) {
635 $this->debug_lastBuiltQuery = $query;
636 }
637 return $query;
638 }
639
640 /**
641 * Creates a TRUNCATE TABLE SQL-statement
642 *
643 * @param string $table See exec_TRUNCATEquery()
644 * @return string Full SQL query for TRUNCATE TABLE
645 */
646 public function TRUNCATEquery($table) {
647 foreach ($this->preProcessHookObjects as $hookObject) {
648 /** @var $hookObject PreProcessQueryHookInterface */
649 $hookObject->TRUNCATEquery_preProcessAction($table, $this);
650 }
651 // Table should be "SQL-injection-safe" when supplied to this function
652 // Build basic query:
653 $query = 'TRUNCATE TABLE ' . $table;
654 // Return query:
655 if ($this->debugOutput || $this->store_lastBuiltQuery) {
656 $this->debug_lastBuiltQuery = $query;
657 }
658 return $query;
659 }
660
661 /**
662 * Returns a WHERE clause that can find a value ($value) in a list field ($field)
663 * For instance a record in the database might contain a list of numbers,
664 * "34,234,5" (with no spaces between). This query would be able to select that
665 * record based on the value "34", "234" or "5" regardless of their position in
666 * the list (left, middle or right).
667 * The value must not contain a comma (,)
668 * Is nice to look up list-relations to records or files in TYPO3 database tables.
669 *
670 * @param string $field Field name
671 * @param string $value Value to find in list
672 * @param string $table Table in which we are searching (for DBAL detection of quoteStr() method)
673 * @return string WHERE clause for a query
674 * @throws \InvalidArgumentException
675 */
676 public function listQuery($field, $value, $table) {
677 $value = (string)$value;
678 if (strpos($value, ',') !== FALSE) {
679 throw new \InvalidArgumentException('$value must not contain a comma (,) in $this->listQuery() !', 1294585862);
680 }
681 $pattern = $this->quoteStr($value, $table);
682 $where = 'FIND_IN_SET(\'' . $pattern . '\',' . $field . ')';
683 return $where;
684 }
685
686 /**
687 * Returns a WHERE clause which will make an AND or OR search for the words in the $searchWords array in any of the fields in array $fields.
688 *
689 * @param array $searchWords Array of search words
690 * @param array $fields Array of fields
691 * @param string $table Table in which we are searching (for DBAL detection of quoteStr() method)
692 * @param string $constraint How multiple search words have to match ('AND' or 'OR')
693 * @return string WHERE clause for search
694 */
695 public function searchQuery($searchWords, $fields, $table, $constraint = self::AND_Constraint) {
696 switch ($constraint) {
697 case self::OR_Constraint:
698 $constraint = 'OR';
699 break;
700 default:
701 $constraint = 'AND';
702 }
703
704 $queryParts = array();
705 foreach ($searchWords as $sw) {
706 $like = ' LIKE \'%' . $this->quoteStr($sw, $table) . '%\'';
707 $queryParts[] = $table . '.' . implode(($like . ' OR ' . $table . '.'), $fields) . $like;
708 }
709 $query = '(' . implode(') ' . $constraint . ' (', $queryParts) . ')';
710
711 return $query;
712 }
713
714 /**************************************
715 *
716 * Prepared Query Support
717 *
718 **************************************/
719 /**
720 * Creates a SELECT prepared SQL statement.
721 *
722 * @param string $select_fields See exec_SELECTquery()
723 * @param string $from_table See exec_SELECTquery()
724 * @param string $where_clause See exec_SELECTquery()
725 * @param string $groupBy See exec_SELECTquery()
726 * @param string $orderBy See exec_SELECTquery()
727 * @param string $limit See exec_SELECTquery()
728 * @param array $input_parameters An array of values with as many elements as there are bound parameters in the SQL statement being executed. All values are treated as \TYPO3\CMS\Core\Database\PreparedStatement::PARAM_AUTOTYPE.
729 * @return \TYPO3\CMS\Core\Database\PreparedStatement Prepared statement
730 */
731 public function prepare_SELECTquery($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $limit = '', array $input_parameters = array()) {
732 $query = $this->SELECTquery($select_fields, $from_table, $where_clause, $groupBy, $orderBy, $limit);
733 /** @var $preparedStatement \TYPO3\CMS\Core\Database\PreparedStatement */
734 $preparedStatement = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Database\\PreparedStatement', $query, $from_table, array());
735 // Bind values to parameters
736 foreach ($input_parameters as $key => $value) {
737 $preparedStatement->bindValue($key, $value, PreparedStatement::PARAM_AUTOTYPE);
738 }
739 // Return prepared statement
740 return $preparedStatement;
741 }
742
743 /**
744 * Creates a SELECT prepared SQL statement based on input query parts array
745 *
746 * @param array $queryParts Query parts array
747 * @param array $input_parameters An array of values with as many elements as there are bound parameters in the SQL statement being executed. All values are treated as \TYPO3\CMS\Core\Database\PreparedStatement::PARAM_AUTOTYPE.
748 * @return \TYPO3\CMS\Core\Database\PreparedStatement Prepared statement
749 */
750 public function prepare_SELECTqueryArray(array $queryParts, array $input_parameters = array()) {
751 return $this->prepare_SELECTquery($queryParts['SELECT'], $queryParts['FROM'], $queryParts['WHERE'], $queryParts['GROUPBY'], $queryParts['ORDERBY'], $queryParts['LIMIT'], $input_parameters);
752 }
753
754 /**
755 * Prepares a prepared query.
756 *
757 * @param string $query The query to execute
758 * @param array $queryComponents The components of the query to execute
759 * @return \mysqli_stmt|object MySQLi statement / DBAL object
760 * @internal This method may only be called by \TYPO3\CMS\Core\Database\PreparedStatement
761 */
762 public function prepare_PREPAREDquery($query, array $queryComponents) {
763 if (!$this->isConnected) {
764 $this->connectDB();
765 }
766 $stmt = $this->link->stmt_init();
767 $success = $stmt->prepare($query);
768 if ($this->debugOutput) {
769 $this->debug('stmt_execute', $query);
770 }
771 return $success ? $stmt : NULL;
772 }
773
774 /**************************************
775 *
776 * Various helper functions
777 *
778 * Functions recommended to be used for
779 * - escaping values,
780 * - cleaning lists of values,
781 * - stripping of excess ORDER BY/GROUP BY keywords
782 *
783 **************************************/
784 /**
785 * Escaping and quoting values for SQL statements.
786 *
787 * @param string $str Input string
788 * @param string $table Table name for which to quote string. Just enter the table that the field-value is selected from (and any DBAL will look up which handler to use and then how to quote the string!).
789 * @param bool $allowNull Whether to allow NULL values
790 * @return string Output string; Wrapped in single quotes and quotes in the string (" / ') and \ will be backslashed (or otherwise based on DBAL handler)
791 * @see quoteStr()
792 */
793 public function fullQuoteStr($str, $table, $allowNull = FALSE) {
794 if (!$this->isConnected) {
795 $this->connectDB();
796 }
797 if ($allowNull && $str === NULL) {
798 return 'NULL';
799 }
800
801 return '\'' . $this->link->real_escape_string($str) . '\'';
802 }
803
804 /**
805 * Will fullquote all values in the one-dimensional array so they are ready to "implode" for an sql query.
806 *
807 * @param array $arr Array with values (either associative or non-associative array)
808 * @param string $table Table name for which to quote
809 * @param bool|array $noQuote List/array of keys NOT to quote (eg. SQL functions) - ONLY for associative arrays
810 * @param bool $allowNull Whether to allow NULL values
811 * @return array The input array with the values quoted
812 * @see cleanIntArray()
813 */
814 public function fullQuoteArray($arr, $table, $noQuote = FALSE, $allowNull = FALSE) {
815 if (is_string($noQuote)) {
816 $noQuote = explode(',', $noQuote);
817 } elseif (!is_array($noQuote)) {
818 $noQuote = FALSE;
819 }
820 foreach ($arr as $k => $v) {
821 if ($noQuote === FALSE || !in_array($k, $noQuote)) {
822 $arr[$k] = $this->fullQuoteStr($v, $table, $allowNull);
823 }
824 }
825 return $arr;
826 }
827
828 /**
829 * Substitution for PHP function "addslashes()"
830 * Use this function instead of the PHP addslashes() function when you build queries - this will prepare your code for DBAL.
831 * NOTICE: You must wrap the output of this function in SINGLE QUOTES to be DBAL compatible. Unless you have to apply the single quotes yourself you should rather use ->fullQuoteStr()!
832 *
833 * @param string $str Input string
834 * @param string $table Table name for which to quote string. Just enter the table that the field-value is selected from (and any DBAL will look up which handler to use and then how to quote the string!).
835 * @return string Output string; Quotes (" / ') and \ will be backslashed (or otherwise based on DBAL handler)
836 * @see quoteStr()
837 */
838 public function quoteStr($str, $table) {
839 if (!$this->isConnected) {
840 $this->connectDB();
841 }
842 return $this->link->real_escape_string($str);
843 }
844
845 /**
846 * Escaping values for SQL LIKE statements.
847 *
848 * @param string $str Input string
849 * @param string $table Table name for which to escape string. Just enter the table that the field-value is selected from (and any DBAL will look up which handler to use and then how to quote the string!).
850 * @return string Output string; % and _ will be escaped with \ (or otherwise based on DBAL handler)
851 * @see quoteStr()
852 */
853 public function escapeStrForLike($str, $table) {
854 return addcslashes($str, '_%');
855 }
856
857 /**
858 * Will convert all values in the one-dimensional array to integers.
859 * Useful when you want to make sure an array contains only integers before imploding them in a select-list.
860 *
861 * @param array $arr Array with values
862 * @return array The input array with all values cast to (int)
863 * @see cleanIntList()
864 */
865 public function cleanIntArray($arr) {
866 return array_map('intval', $arr);
867 }
868
869 /**
870 * Will force all entries in the input comma list to integers
871 * Useful when you want to make sure a commalist of supposed integers really contain only integers; You want to know that when you don't trust content that could go into an SQL statement.
872 *
873 * @param string $list List of comma-separated values which should be integers
874 * @return string The input list but with every value cast to (int)
875 * @see cleanIntArray()
876 */
877 public function cleanIntList($list) {
878 return implode(',', GeneralUtility::intExplode(',', $list));
879 }
880
881 /**
882 * Removes the prefix "ORDER BY" from the input string.
883 * This function is used when you call the exec_SELECTquery() function and want to pass the ORDER BY parameter by can't guarantee that "ORDER BY" is not prefixed.
884 * Generally; This function provides a work-around to the situation where you cannot pass only the fields by which to order the result.
885 *
886 * @param string $str eg. "ORDER BY title, uid
887 * @return string eg. "title, uid
888 * @see exec_SELECTquery(), stripGroupBy()
889 */
890 public function stripOrderBy($str) {
891 return preg_replace('/^(?:ORDER[[:space:]]*BY[[:space:]]*)+/i', '', trim($str));
892 }
893
894 /**
895 * Removes the prefix "GROUP BY" from the input string.
896 * This function is used when you call the SELECTquery() function and want to pass the GROUP BY parameter by can't guarantee that "GROUP BY" is not prefixed.
897 * Generally; This function provides a work-around to the situation where you cannot pass only the fields by which to order the result.
898 *
899 * @param string $str eg. "GROUP BY title, uid
900 * @return string eg. "title, uid
901 * @see exec_SELECTquery(), stripOrderBy()
902 */
903 public function stripGroupBy($str) {
904 return preg_replace('/^(?:GROUP[[:space:]]*BY[[:space:]]*)+/i', '', trim($str));
905 }
906
907 /**
908 * Takes the last part of a query, eg. "... uid=123 GROUP BY title ORDER BY title LIMIT 5,2" and splits each part into a table (WHERE, GROUPBY, ORDERBY, LIMIT)
909 * Work-around function for use where you know some userdefined end to an SQL clause is supplied and you need to separate these factors.
910 *
911 * @param string $str Input string
912 * @return array
913 */
914 public function splitGroupOrderLimit($str) {
915 // Prepending a space to make sure "[[:space:]]+" will find a space there
916 // for the first element.
917 $str = ' ' . $str;
918 // Init output array:
919 $wgolParts = array(
920 'WHERE' => '',
921 'GROUPBY' => '',
922 'ORDERBY' => '',
923 'LIMIT' => ''
924 );
925 // Find LIMIT
926 $reg = array();
927 if (preg_match('/^(.*)[[:space:]]+LIMIT[[:space:]]+([[:alnum:][:space:],._]+)$/i', $str, $reg)) {
928 $wgolParts['LIMIT'] = trim($reg[2]);
929 $str = $reg[1];
930 }
931 // Find ORDER BY
932 $reg = array();
933 if (preg_match('/^(.*)[[:space:]]+ORDER[[:space:]]+BY[[:space:]]+([[:alnum:][:space:],._]+)$/i', $str, $reg)) {
934 $wgolParts['ORDERBY'] = trim($reg[2]);
935 $str = $reg[1];
936 }
937 // Find GROUP BY
938 $reg = array();
939 if (preg_match('/^(.*)[[:space:]]+GROUP[[:space:]]+BY[[:space:]]+([[:alnum:][:space:],._]+)$/i', $str, $reg)) {
940 $wgolParts['GROUPBY'] = trim($reg[2]);
941 $str = $reg[1];
942 }
943 // Rest is assumed to be "WHERE" clause
944 $wgolParts['WHERE'] = $str;
945 return $wgolParts;
946 }
947
948 /**
949 * Returns the date and time formats compatible with the given database table.
950 *
951 * @param string $table Table name for which to return an empty date. Just enter the table that the field-value is selected from (and any DBAL will look up which handler to use and then how date and time should be formatted).
952 * @return array
953 */
954 public function getDateTimeFormats($table) {
955 return array(
956 'date' => array(
957 'empty' => '0000-00-00',
958 'format' => 'Y-m-d'
959 ),
960 'datetime' => array(
961 'empty' => '0000-00-00 00:00:00',
962 'format' => 'Y-m-d H:i:s'
963 )
964 );
965 }
966
967 /**************************************
968 *
969 * MySQL(i) wrapper functions
970 * (For use in your applications)
971 *
972 **************************************/
973 /**
974 * Executes query
975 * MySQLi query() wrapper function
976 * Beware: Use of this method should be avoided as it is experimentally supported by DBAL. You should consider
977 * using exec_SELECTquery() and similar methods instead.
978 *
979 * @param string $query Query to execute
980 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
981 */
982 public function sql_query($query) {
983 $res = $this->query($query);
984 if ($this->debugOutput) {
985 $this->debug('sql_query', $query);
986 }
987 return $res;
988 }
989
990 /**
991 * Returns the error status on the last query() execution
992 *
993 * @return string MySQLi error string.
994 */
995 public function sql_error() {
996 return $this->link->error;
997 }
998
999 /**
1000 * Returns the error number on the last query() execution
1001 *
1002 * @return int MySQLi error number
1003 */
1004 public function sql_errno() {
1005 return $this->link->errno;
1006 }
1007
1008 /**
1009 * Returns the number of selected rows.
1010 *
1011 * @param bool|\mysqli_result|object $res MySQLi result object / DBAL object
1012 * @return int Number of resulting rows
1013 */
1014 public function sql_num_rows($res) {
1015 if ($this->debug_check_recordset($res)) {
1016 return $res->num_rows;
1017 } else {
1018 return FALSE;
1019 }
1020 }
1021
1022 /**
1023 * Returns an associative array that corresponds to the fetched row, or FALSE if there are no more rows.
1024 * MySQLi fetch_assoc() wrapper function
1025 *
1026 * @param bool|\mysqli_result|object $res MySQLi result object / DBAL object
1027 * @return array|boolean Associative array of result row.
1028 */
1029 public function sql_fetch_assoc($res) {
1030 if ($this->debug_check_recordset($res)) {
1031 $result = $res->fetch_assoc();
1032 if ($result === NULL) {
1033 // Needed for compatibility
1034 $result = FALSE;
1035 }
1036 return $result;
1037 } else {
1038 return FALSE;
1039 }
1040 }
1041
1042 /**
1043 * Returns an array that corresponds to the fetched row, or FALSE if there are no more rows.
1044 * The array contains the values in numerical indices.
1045 * MySQLi fetch_row() wrapper function
1046 *
1047 * @param bool|\mysqli_result|object $res MySQLi result object / DBAL object
1048 * @return array|boolean Array with result rows.
1049 */
1050 public function sql_fetch_row($res) {
1051 if ($this->debug_check_recordset($res)) {
1052 $result = $res->fetch_row();
1053 if ($result === NULL) {
1054 // Needed for compatibility
1055 $result = FALSE;
1056 }
1057 return $result;
1058 } else {
1059 return FALSE;
1060 }
1061 }
1062
1063 /**
1064 * Free result memory
1065 * free_result() wrapper function
1066 *
1067 * @param bool|\mysqli_result|object $res MySQLi result object / DBAL object
1068 * @return bool Returns TRUE on success or FALSE on failure.
1069 */
1070 public function sql_free_result($res) {
1071 if ($this->debug_check_recordset($res) && is_object($res)) {
1072 $res->free();
1073 return TRUE;
1074 } else {
1075 return FALSE;
1076 }
1077 }
1078
1079 /**
1080 * Get the ID generated from the previous INSERT operation
1081 *
1082 * @return int The uid of the last inserted record.
1083 */
1084 public function sql_insert_id() {
1085 return $this->link->insert_id;
1086 }
1087
1088 /**
1089 * Returns the number of rows affected by the last INSERT, UPDATE or DELETE query
1090 *
1091 * @return int Number of rows affected by last query
1092 */
1093 public function sql_affected_rows() {
1094 return $this->link->affected_rows;
1095 }
1096
1097 /**
1098 * Move internal result pointer
1099 *
1100 * @param bool|\mysqli_result|object $res MySQLi result object / DBAL object
1101 * @param int $seek Seek result number.
1102 * @return bool Returns TRUE on success or FALSE on failure.
1103 */
1104 public function sql_data_seek($res, $seek) {
1105 if ($this->debug_check_recordset($res)) {
1106 return $res->data_seek($seek);
1107 } else {
1108 return FALSE;
1109 }
1110 }
1111
1112 /**
1113 * Get the type of the specified field in a result
1114 * mysql_field_type() wrapper function
1115 *
1116 * @param bool|\mysqli_result|object $res MySQLi result object / DBAL object
1117 * @param int $pointer Field index.
1118 * @return string Returns the name of the specified field index, or FALSE on error
1119 */
1120 public function sql_field_type($res, $pointer) {
1121 // mysql_field_type compatibility map
1122 // taken from: http://www.php.net/manual/en/mysqli-result.fetch-field-direct.php#89117
1123 // Constant numbers see http://php.net/manual/en/mysqli.constants.php
1124 $mysql_data_type_hash = array(
1125 1=>'tinyint',
1126 2=>'smallint',
1127 3=>'int',
1128 4=>'float',
1129 5=>'double',
1130 7=>'timestamp',
1131 8=>'bigint',
1132 9=>'mediumint',
1133 10=>'date',
1134 11=>'time',
1135 12=>'datetime',
1136 13=>'year',
1137 16=>'bit',
1138 //252 is currently mapped to all text and blob types (MySQL 5.0.51a)
1139 253=>'varchar',
1140 254=>'char',
1141 246=>'decimal'
1142 );
1143 if ($this->debug_check_recordset($res)) {
1144 $metaInfo = $res->fetch_field_direct($pointer);
1145 if ($metaInfo === FALSE) {
1146 return FALSE;
1147 }
1148 return $mysql_data_type_hash[$metaInfo->type];
1149 } else {
1150 return FALSE;
1151 }
1152 }
1153
1154 /**
1155 * Open a (persistent) connection to a MySQL server
1156 *
1157 * @return bool|void
1158 * @throws \RuntimeException
1159 */
1160 public function sql_pconnect() {
1161 if ($this->isConnected) {
1162 return $this->link;
1163 }
1164
1165 if (!extension_loaded('mysqli')) {
1166 throw new \RuntimeException(
1167 'Database Error: PHP mysqli extension not loaded. This is a must have for TYPO3 CMS!',
1168 1271492607
1169 );
1170 }
1171
1172 $host = $this->persistentDatabaseConnection
1173 ? 'p:' . $this->databaseHost
1174 : $this->databaseHost;
1175
1176 $this->link = mysqli_init();
1177 $connected = $this->link->real_connect(
1178 $host,
1179 $this->databaseUsername,
1180 $this->databaseUserPassword,
1181 NULL,
1182 (int)$this->databasePort,
1183 $this->databaseSocket,
1184 $this->connectionCompression ? MYSQLI_CLIENT_COMPRESS : 0
1185 );
1186
1187 if ($connected) {
1188 $this->isConnected = TRUE;
1189
1190 if ($this->link->set_charset($this->connectionCharset) === FALSE) {
1191 GeneralUtility::sysLog(
1192 'Error setting connection charset to "' . $this->connectionCharset . '"',
1193 'Core',
1194 GeneralUtility::SYSLOG_SEVERITY_ERROR
1195 );
1196 }
1197
1198 foreach ($this->initializeCommandsAfterConnect as $command) {
1199 if ($this->query($command) === FALSE) {
1200 GeneralUtility::sysLog(
1201 'Could not initialize DB connection with query "' . $command . '": ' . $this->sql_error(),
1202 'Core',
1203 GeneralUtility::SYSLOG_SEVERITY_ERROR
1204 );
1205 }
1206 }
1207 $this->setSqlMode();
1208 $this->checkConnectionCharset();
1209 } else {
1210 // @TODO: This should raise an exception. Would be useful especially to work during installation.
1211 $error_msg = $this->link->connect_error;
1212 $this->link = NULL;
1213 GeneralUtility::sysLog(
1214 'Could not connect to MySQL server ' . $host . ' with user ' . $this->databaseUsername . ': ' . $error_msg,
1215 'Core',
1216 GeneralUtility::SYSLOG_SEVERITY_FATAL
1217 );
1218 }
1219 return $this->link;
1220 }
1221
1222 /**
1223 * Fixes the SQL mode by unsetting NO_BACKSLASH_ESCAPES if found.
1224 *
1225 * @return void
1226 */
1227 protected function setSqlMode() {
1228 $resource = $this->sql_query('SELECT @@SESSION.sql_mode;');
1229 if ($resource) {
1230 $result = $this->sql_fetch_row($resource);
1231 if (isset($result[0]) && $result[0] && strpos($result[0], 'NO_BACKSLASH_ESCAPES') !== FALSE) {
1232 $modes = array_diff(GeneralUtility::trimExplode(',', $result[0]), array('NO_BACKSLASH_ESCAPES'));
1233 $query = 'SET sql_mode=\'' . $this->link->real_escape_string(implode(',', $modes)) . '\';';
1234 $this->sql_query($query);
1235 GeneralUtility::sysLog(
1236 'NO_BACKSLASH_ESCAPES could not be removed from SQL mode: ' . $this->sql_error(),
1237 'Core',
1238 GeneralUtility::SYSLOG_SEVERITY_ERROR
1239 );
1240 }
1241 }
1242 }
1243
1244 /**
1245 * Select a SQL database
1246 *
1247 * @return bool Returns TRUE on success or FALSE on failure.
1248 */
1249 public function sql_select_db() {
1250 if (!$this->isConnected) {
1251 $this->connectDB();
1252 }
1253
1254 $ret = $this->link->select_db($this->databaseName);
1255 if (!$ret) {
1256 GeneralUtility::sysLog(
1257 'Could not select MySQL database ' . $this->databaseName . ': ' . $this->sql_error(),
1258 'Core',
1259 GeneralUtility::SYSLOG_SEVERITY_FATAL
1260 );
1261 }
1262 return $ret;
1263 }
1264
1265 /**************************************
1266 *
1267 * SQL admin functions
1268 * (For use in the Install Tool and Extension Manager)
1269 *
1270 **************************************/
1271 /**
1272 * Listing databases from current MySQL connection. NOTICE: It WILL try to select those databases and thus break selection of current database.
1273 * This is only used as a service function in the (1-2-3 process) of the Install Tool.
1274 * In any case a lookup should be done in the _DEFAULT handler DBMS then.
1275 * Use in Install Tool only!
1276 *
1277 * @return array Each entry represents a database name
1278 * @throws \RuntimeException
1279 */
1280 public function admin_get_dbs() {
1281 $dbArr = array();
1282 $db_list = $this->query("SELECT SCHEMA_NAME FROM information_schema.SCHEMATA");
1283 if ($db_list === FALSE) {
1284 throw new \RuntimeException(
1285 'MySQL Error: Cannot get tablenames: "' . $this->sql_error() . '"!',
1286 1378457171
1287 );
1288 } else {
1289 while ($row = $db_list->fetch_object()) {
1290 try {
1291 $this->setDatabaseName($row->SCHEMA_NAME);
1292 if ($this->sql_select_db()) {
1293 $dbArr[] = $row->SCHEMA_NAME;
1294 }
1295 } catch (\RuntimeException $exception) {
1296 // The exception happens if we cannot connect to the database
1297 // (usually due to missing permissions). This is ok here.
1298 // We catch the exception, skip the database and continue.
1299 }
1300 }
1301 }
1302 return $dbArr;
1303 }
1304
1305 /**
1306 * Returns the list of tables from the default database, TYPO3_db (quering the DBMS)
1307 * In a DBAL this method should 1) look up all tables from the DBMS of
1308 * the _DEFAULT handler and then 2) add all tables *configured* to be managed by other handlers
1309 *
1310 * @return array Array with tablenames as key and arrays with status information as value
1311 */
1312 public function admin_get_tables() {
1313 $whichTables = array();
1314 $tables_result = $this->query('SHOW TABLE STATUS FROM `' . $this->databaseName . '`');
1315 if ($tables_result !== FALSE) {
1316 while ($theTable = $tables_result->fetch_assoc()) {
1317 $whichTables[$theTable['Name']] = $theTable;
1318 }
1319 $tables_result->free();
1320 }
1321 return $whichTables;
1322 }
1323
1324 /**
1325 * Returns information about each field in the $table (quering the DBMS)
1326 * In a DBAL this should look up the right handler for the table and return compatible information
1327 * This function is important not only for the Install Tool but probably for
1328 * DBALs as well since they might need to look up table specific information
1329 * in order to construct correct queries. In such cases this information should
1330 * probably be cached for quick delivery.
1331 *
1332 * @param string $tableName Table name
1333 * @return array Field information in an associative array with fieldname => field row
1334 */
1335 public function admin_get_fields($tableName) {
1336 $output = array();
1337 $columns_res = $this->query('SHOW COLUMNS FROM `' . $tableName . '`');
1338 if ($columns_res !== FALSE) {
1339 while ($fieldRow = $columns_res->fetch_assoc()) {
1340 $output[$fieldRow['Field']] = $fieldRow;
1341 }
1342 $columns_res->free();
1343 }
1344 return $output;
1345 }
1346
1347 /**
1348 * Returns information about each index key in the $table (quering the DBMS)
1349 * In a DBAL this should look up the right handler for the table and return compatible information
1350 *
1351 * @param string $tableName Table name
1352 * @return array Key information in a numeric array
1353 */
1354 public function admin_get_keys($tableName) {
1355 $output = array();
1356 $keyRes = $this->query('SHOW KEYS FROM `' . $tableName . '`');
1357 if ($keyRes !== FALSE) {
1358 while ($keyRow = $keyRes->fetch_assoc()) {
1359 $output[] = $keyRow;
1360 }
1361 $keyRes->free();
1362 }
1363 return $output;
1364 }
1365
1366 /**
1367 * Returns information about the character sets supported by the current DBM
1368 * This function is important not only for the Install Tool but probably for
1369 * DBALs as well since they might need to look up table specific information
1370 * in order to construct correct queries. In such cases this information should
1371 * probably be cached for quick delivery.
1372 *
1373 * This is used by the Install Tool to convert tables with non-UTF8 charsets
1374 * Use in Install Tool only!
1375 *
1376 * @return array Array with Charset as key and an array of "Charset", "Description", "Default collation", "Maxlen" as values
1377 */
1378 public function admin_get_charsets() {
1379 $output = array();
1380 $columns_res = $this->query('SHOW CHARACTER SET');
1381 if ($columns_res !== FALSE) {
1382 while ($row = $columns_res->fetch_assoc()) {
1383 $output[$row['Charset']] = $row;
1384 }
1385 $columns_res->free();
1386 }
1387 return $output;
1388 }
1389
1390 /**
1391 * mysqli() wrapper function, used by the Install Tool and EM for all queries regarding management of the database!
1392 *
1393 * @param string $query Query to execute
1394 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
1395 */
1396 public function admin_query($query) {
1397 $res = $this->query($query);
1398 if ($this->debugOutput) {
1399 $this->debug('admin_query', $query);
1400 }
1401 return $res;
1402 }
1403
1404 /******************************
1405 *
1406 * Connect handling
1407 *
1408 ******************************/
1409
1410 /**
1411 * Set database host
1412 *
1413 * @param string $host
1414 */
1415 public function setDatabaseHost($host = 'localhost') {
1416 $this->disconnectIfConnected();
1417 $this->databaseHost = $host;
1418 }
1419
1420 /**
1421 * Set database port
1422 *
1423 * @param int $port
1424 */
1425 public function setDatabasePort($port = 3306) {
1426 $this->disconnectIfConnected();
1427 $this->databasePort = (int)$port;
1428 }
1429
1430 /**
1431 * Set database socket
1432 *
1433 * @param string|NULL $socket
1434 */
1435 public function setDatabaseSocket($socket = NULL) {
1436 $this->disconnectIfConnected();
1437 $this->databaseSocket = $socket;
1438 }
1439
1440 /**
1441 * Set database name
1442 *
1443 * @param string $name
1444 */
1445 public function setDatabaseName($name) {
1446 $this->disconnectIfConnected();
1447 $this->databaseName = $name;
1448 }
1449
1450 /**
1451 * Set database username
1452 *
1453 * @param string $username
1454 */
1455 public function setDatabaseUsername($username) {
1456 $this->disconnectIfConnected();
1457 $this->databaseUsername = $username;
1458 }
1459
1460 /**
1461 * Set database password
1462 *
1463 * @param string $password
1464 */
1465 public function setDatabasePassword($password) {
1466 $this->disconnectIfConnected();
1467 $this->databaseUserPassword = $password;
1468 }
1469
1470 /**
1471 * Set persistent database connection
1472 *
1473 * @param bool $persistentDatabaseConnection
1474 * @see http://php.net/manual/de/mysqli.persistconns.php
1475 */
1476 public function setPersistentDatabaseConnection($persistentDatabaseConnection) {
1477 $this->disconnectIfConnected();
1478 $this->persistentDatabaseConnection = (bool)$persistentDatabaseConnection;
1479 }
1480
1481 /**
1482 * Set connection compression. Might be an advantage, if SQL server is not on localhost
1483 *
1484 * @param bool $connectionCompression TRUE if connection should be compressed
1485 */
1486 public function setConnectionCompression($connectionCompression) {
1487 $this->disconnectIfConnected();
1488 $this->connectionCompression = (bool)$connectionCompression;
1489 }
1490
1491 /**
1492 * Set commands to be fired after connection was established
1493 *
1494 * @param array $commands List of SQL commands to be executed after connect
1495 */
1496 public function setInitializeCommandsAfterConnect(array $commands) {
1497 $this->disconnectIfConnected();
1498 $this->initializeCommandsAfterConnect = $commands;
1499 }
1500
1501 /**
1502 * Set the charset that should be used for the MySQL connection.
1503 * The given value will be passed on to mysqli_set_charset().
1504 *
1505 * The default value of this setting is utf8.
1506 *
1507 * @param string $connectionCharset The connection charset that will be passed on to mysqli_set_charset() when connecting the database. Default is utf8.
1508 * @return void
1509 */
1510 public function setConnectionCharset($connectionCharset = 'utf8') {
1511 $this->disconnectIfConnected();
1512 $this->connectionCharset = $connectionCharset;
1513 }
1514
1515 /**
1516 * Connects to database for TYPO3 sites:
1517 *
1518 * @throws \RuntimeException
1519 * @throws \UnexpectedValueException
1520 * @internal param string $user Username to connect with.
1521 * @return void
1522 */
1523 public function connectDB() {
1524 // Early return if connected already
1525 if ($this->isConnected) {
1526 return;
1527 }
1528
1529 if (!$this->databaseName) {
1530 throw new \RuntimeException(
1531 'TYPO3 Fatal Error: No database selected!',
1532 1270853882
1533 );
1534 }
1535
1536 if ($this->sql_pconnect()) {
1537 if (!$this->sql_select_db()) {
1538 throw new \RuntimeException(
1539 'TYPO3 Fatal Error: Cannot connect to the current database, "' . $this->databaseName . '"!',
1540 1270853883
1541 );
1542 }
1543 } else {
1544 throw new \RuntimeException(
1545 'TYPO3 Fatal Error: The current username, password or host was not accepted when the connection to the database was attempted to be established!',
1546 1270853884
1547 );
1548 }
1549
1550 // Prepare user defined objects (if any) for hooks which extend query methods
1551 $this->preProcessHookObjects = array();
1552 $this->postProcessHookObjects = array();
1553 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_db.php']['queryProcessors'])) {
1554 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_db.php']['queryProcessors'] as $classRef) {
1555 $hookObject = GeneralUtility::getUserObj($classRef);
1556 if (!(
1557 $hookObject instanceof PreProcessQueryHookInterface
1558 || $hookObject instanceof PostProcessQueryHookInterface
1559 )) {
1560 throw new \UnexpectedValueException(
1561 '$hookObject must either implement interface TYPO3\\CMS\\Core\\Database\\PreProcessQueryHookInterface or interface TYPO3\\CMS\\Core\\Database\\PostProcessQueryHookInterface',
1562 1299158548
1563 );
1564 }
1565 if ($hookObject instanceof PreProcessQueryHookInterface) {
1566 $this->preProcessHookObjects[] = $hookObject;
1567 }
1568 if ($hookObject instanceof PostProcessQueryHookInterface) {
1569 $this->postProcessHookObjects[] = $hookObject;
1570 }
1571 }
1572 }
1573 }
1574
1575 /**
1576 * Checks if database is connected
1577 *
1578 * @return bool
1579 */
1580 public function isConnected() {
1581 // We think we're still connected
1582 if ($this->isConnected) {
1583 // Check if this is really the case or if the database server has gone away for some reason
1584 $this->isConnected = $this->link->ping();
1585 }
1586 return $this->isConnected;
1587 }
1588
1589 /**
1590 * Checks if the current connection character set has the same value
1591 * as the connectionCharset variable.
1592 *
1593 * To determine the character set these MySQL session variables are
1594 * checked: character_set_client, character_set_results and
1595 * character_set_connection.
1596 *
1597 * If the character set does not match or if the session variables
1598 * can not be read a RuntimeException is thrown.
1599 *
1600 * @return void
1601 * @throws \RuntimeException
1602 */
1603 protected function checkConnectionCharset() {
1604 $sessionResult = $this->sql_query('SHOW SESSION VARIABLES LIKE \'character_set%\'');
1605
1606 if ($sessionResult === FALSE) {
1607 GeneralUtility::sysLog(
1608 'Error while retrieving the current charset session variables from the database: ' . $this->sql_error(),
1609 'Core',
1610 GeneralUtility::SYSLOG_SEVERITY_ERROR
1611 );
1612 throw new \RuntimeException(
1613 'TYPO3 Fatal Error: Could not determine the current charset of the database.',
1614 1381847136
1615 );
1616 }
1617
1618 $charsetVariables = array();
1619 while (($row = $this->sql_fetch_row($sessionResult)) !== FALSE) {
1620 $variableName = $row[0];
1621 $variableValue = $row[1];
1622 $charsetVariables[$variableName] = $variableValue;
1623 }
1624 $this->sql_free_result($sessionResult);
1625
1626 // These variables are set with the "Set names" command which was
1627 // used in the past. This is why we check them.
1628 $charsetRequiredVariables = array(
1629 'character_set_client',
1630 'character_set_results',
1631 'character_set_connection',
1632 );
1633
1634 $hasValidCharset = TRUE;
1635 foreach ($charsetRequiredVariables as $variableName) {
1636 if (empty($charsetVariables[$variableName])) {
1637 GeneralUtility::sysLog(
1638 'A required session variable is missing in the current MySQL connection: ' . $variableName,
1639 'Core',
1640 GeneralUtility::SYSLOG_SEVERITY_ERROR
1641 );
1642 throw new \RuntimeException(
1643 'TYPO3 Fatal Error: Could not determine the value of the database session variable: ' . $variableName,
1644 1381847779
1645 );
1646 }
1647
1648 if ($charsetVariables[$variableName] !== $this->connectionCharset) {
1649 $hasValidCharset = FALSE;
1650 break;
1651 }
1652 }
1653
1654 if (!$hasValidCharset) {
1655 throw new \RuntimeException(
1656 'It looks like the character set ' . $this->connectionCharset . ' is not used for this connection even though it is configured as connection charset. ' .
1657 'This TYPO3 installation is using the $GLOBALS[\'TYPO3_CONF_VARS\'][\'SYS\'][\'setDBinit\'] property with the following value: "' .
1658 $GLOBALS['TYPO3_CONF_VARS']['SYS']['setDBinit'] . '". Please make sure that this command does not overwrite the configured charset. ' .
1659 'Please note that for the TYPO3 database everything other than utf8 is unsupported since version 4.7.',
1660 1389697515
1661 );
1662 }
1663 }
1664
1665 /**
1666 * Disconnect from database if connected
1667 *
1668 * @return void
1669 */
1670 protected function disconnectIfConnected() {
1671 if ($this->isConnected) {
1672 $this->link->close();
1673 $this->isConnected = FALSE;
1674 }
1675 }
1676
1677 /**
1678 * Returns current database handle
1679 *
1680 * @return \mysqli|NULL
1681 */
1682 public function getDatabaseHandle() {
1683 return $this->link;
1684 }
1685
1686 /**
1687 * Set current database handle, usually \mysqli
1688 *
1689 * @param \mysqli $handle
1690 */
1691 public function setDatabaseHandle($handle) {
1692 $this->link = $handle;
1693 }
1694
1695 /******************************
1696 *
1697 * Debugging
1698 *
1699 ******************************/
1700 /**
1701 * Debug function: Outputs error if any
1702 *
1703 * @param string $func Function calling debug()
1704 * @param string $query Last query if not last built query
1705 * @return void
1706 */
1707 public function debug($func, $query = '') {
1708 $error = $this->sql_error();
1709 if ($error || (int)$this->debugOutput === 2) {
1710 \TYPO3\CMS\Core\Utility\DebugUtility::debug(
1711 array(
1712 'caller' => 'TYPO3\\CMS\\Core\\Database\\DatabaseConnection::' . $func,
1713 'ERROR' => $error,
1714 'lastBuiltQuery' => $query ? $query : $this->debug_lastBuiltQuery,
1715 'debug_backtrace' => \TYPO3\CMS\Core\Utility\DebugUtility::debugTrail()
1716 ),
1717 $func,
1718 is_object($GLOBALS['error']) && @is_callable(array($GLOBALS['error'], 'debug'))
1719 ? ''
1720 : 'DB Error'
1721 );
1722 }
1723 }
1724
1725 /**
1726 * Checks if record set is valid and writes debugging information into devLog if not.
1727 *
1728 * @param bool|\mysqli_result|object MySQLi result object / DBAL object
1729 * @return bool TRUE if the record set is valid, FALSE otherwise
1730 */
1731 public function debug_check_recordset($res) {
1732 if ($res !== FALSE) {
1733 return TRUE;
1734 }
1735 $msg = 'Invalid database result detected';
1736 $trace = debug_backtrace();
1737 array_shift($trace);
1738 $cnt = count($trace);
1739 for ($i = 0; $i < $cnt; $i++) {
1740 // Complete objects are too large for the log
1741 if (isset($trace['object'])) {
1742 unset($trace['object']);
1743 }
1744 }
1745 $msg .= ': function TYPO3\\CMS\\Core\\Database\\DatabaseConnection->' . $trace[0]['function'] . ' called from file ' . substr($trace[0]['file'], (strlen(PATH_site) + 2)) . ' in line ' . $trace[0]['line'];
1746 GeneralUtility::sysLog(
1747 $msg . '. Use a devLog extension to get more details.',
1748 'Core/t3lib_db',
1749 GeneralUtility::SYSLOG_SEVERITY_ERROR
1750 );
1751 // Send to devLog if enabled
1752 if (TYPO3_DLOG) {
1753 $debugLogData = array(
1754 'SQL Error' => $this->sql_error(),
1755 'Backtrace' => $trace
1756 );
1757 if ($this->debug_lastBuiltQuery) {
1758 $debugLogData = array('SQL Query' => $this->debug_lastBuiltQuery) + $debugLogData;
1759 }
1760 GeneralUtility::devLog($msg . '.', 'Core/t3lib_db', 3, $debugLogData);
1761 }
1762 return FALSE;
1763 }
1764
1765 /**
1766 * Explain select queries
1767 * If $this->explainOutput is set, SELECT queries will be explained here. Only queries with more than one possible result row will be displayed.
1768 * The output is either printed as raw HTML output or embedded into the TS admin panel (checkbox must be enabled!)
1769 *
1770 * TODO: Feature is not DBAL-compliant
1771 *
1772 * @param string $query SQL query
1773 * @param string $from_table Table(s) from which to select. This is what comes right after "FROM ...". Required value.
1774 * @param int $row_count Number of resulting rows
1775 * @return bool TRUE if explain was run, FALSE otherwise
1776 */
1777 protected function explain($query, $from_table, $row_count) {
1778 $debugAllowedForIp = GeneralUtility::cmpIP(
1779 GeneralUtility::getIndpEnv('REMOTE_ADDR'),
1780 $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']
1781 );
1782 if (
1783 (int)$this->explainOutput == 1
1784 || ((int)$this->explainOutput == 2 && $debugAllowedForIp)
1785 ) {
1786 // Raw HTML output
1787 $explainMode = 1;
1788 } elseif ((int)$this->explainOutput == 3 && is_object($GLOBALS['TT'])) {
1789 // Embed the output into the TS admin panel
1790 $explainMode = 2;
1791 } else {
1792 return FALSE;
1793 }
1794 $error = $this->sql_error();
1795 $trail = \TYPO3\CMS\Core\Utility\DebugUtility::debugTrail();
1796 $explain_tables = array();
1797 $explain_output = array();
1798 $res = $this->sql_query('EXPLAIN ' . $query, $this->link);
1799 if (is_a($res, '\\mysqli_result')) {
1800 while ($tempRow = $this->sql_fetch_assoc($res)) {
1801 $explain_output[] = $tempRow;
1802 $explain_tables[] = $tempRow['table'];
1803 }
1804 $this->sql_free_result($res);
1805 }
1806 $indices_output = array();
1807 // Notice: Rows are skipped if there is only one result, or if no conditions are set
1808 if (
1809 $explain_output[0]['rows'] > 1
1810 || GeneralUtility::inList('ALL', $explain_output[0]['type'])
1811 ) {
1812 // Only enable output if it's really useful
1813 $debug = TRUE;
1814 foreach ($explain_tables as $table) {
1815 $tableRes = $this->sql_query('SHOW TABLE STATUS LIKE \'' . $table . '\'');
1816 $isTable = $this->sql_num_rows($tableRes);
1817 if ($isTable) {
1818 $res = $this->sql_query('SHOW INDEX FROM ' . $table, $this->link);
1819 if (is_a($res, '\\mysqli_result')) {
1820 while ($tempRow = $this->sql_fetch_assoc($res)) {
1821 $indices_output[] = $tempRow;
1822 }
1823 $this->sql_free_result($res);
1824 }
1825 }
1826 $this->sql_free_result($tableRes);
1827 }
1828 } else {
1829 $debug = FALSE;
1830 }
1831 if ($debug) {
1832 if ($explainMode) {
1833 $data = array();
1834 $data['query'] = $query;
1835 $data['trail'] = $trail;
1836 $data['row_count'] = $row_count;
1837 if ($error) {
1838 $data['error'] = $error;
1839 }
1840 if (count($explain_output)) {
1841 $data['explain'] = $explain_output;
1842 }
1843 if (count($indices_output)) {
1844 $data['indices'] = $indices_output;
1845 }
1846 if ($explainMode == 1) {
1847 \TYPO3\CMS\Core\Utility\DebugUtility::debug($data, 'Tables: ' . $from_table, 'DB SQL EXPLAIN');
1848 } elseif ($explainMode == 2) {
1849 $GLOBALS['TT']->setTSselectQuery($data);
1850 }
1851 }
1852 return TRUE;
1853 }
1854 return FALSE;
1855 }
1856
1857 /**
1858 * Serialize destructs current connection
1859 *
1860 * @return array All protected properties that should be saved
1861 */
1862 public function __sleep() {
1863 $this->disconnectIfConnected();
1864 return array(
1865 'debugOutput',
1866 'explainOutput',
1867 'databaseHost',
1868 'databasePort',
1869 'databaseSocket',
1870 'databaseName',
1871 'databaseUsername',
1872 'databaseUserPassword',
1873 'persistentDatabaseConnection',
1874 'connectionCompression',
1875 'initializeCommandsAfterConnect',
1876 'default_charset',
1877 );
1878 }
1879 }