[!!!][BUGFIX] Database API: Cast bool values to integer for MySQL
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Database / DatabaseConnection.php
1 <?php
2 namespace TYPO3\CMS\Core\Database;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Utility\GeneralUtility;
18
19 /**
20 * Contains the class "DatabaseConnection" containing functions for building SQL queries
21 * and mysqli wrappers, thus providing a foundational API to all database
22 * interaction.
23 * This class is instantiated globally as $TYPO3_DB in TYPO3 scripts.
24 *
25 * TYPO3 "database wrapper" class (new in 3.6.0)
26 * This class contains
27 * - abstraction functions for executing INSERT/UPDATE/DELETE/SELECT queries ("Query execution"; These are REQUIRED for all future connectivity to the database, thus ensuring DBAL compliance!)
28 * - functions for building SQL queries (INSERT/UPDATE/DELETE/SELECT) ("Query building"); These are transitional functions for building SQL queries in a more automated way. Use these to build queries instead of doing it manually in your code!
29 * - mysqli wrapper functions; These are transitional functions. By a simple search/replace you should be able to substitute all mysql*() calls with $GLOBALS['TYPO3_DB']->sql*() and your application will work out of the box. YOU CANNOT (legally) use any mysqli functions not found as wrapper functions in this class!
30 * See the Project Coding Guidelines (doc_core_cgl) for more instructions on best-practise
31 *
32 * This class is not in itself a complete database abstraction layer but can be extended to be a DBAL (by extensions, see "dbal" for example)
33 * ALL connectivity to the database in TYPO3 must be done through this class!
34 * The points of this class are:
35 * - To direct all database calls through this class so it becomes possible to implement DBAL with extensions.
36 * - To keep it very easy to use for developers used to MySQL in PHP - and preserve as much performance as possible when TYPO3 is used with MySQL directly...
37 * - To create an interface for DBAL implemented by extensions; (Eg. making possible escaping characters, clob/blob handling, reserved words handling)
38 * - Benchmarking the DB bottleneck queries will become much easier; Will make it easier to find optimization possibilities.
39 *
40 * USE:
41 * In all TYPO3 scripts the global variable $TYPO3_DB is an instance of this class. Use that.
42 * Eg. $GLOBALS['TYPO3_DB']->sql_fetch_assoc()
43 */
44 class DatabaseConnection {
45
46 /**
47 * The AND constraint in where clause
48 *
49 * @var string
50 */
51 const AND_Constraint = 'AND';
52
53 /**
54 * The OR constraint in where clause
55 *
56 * @var string
57 */
58 const OR_Constraint = 'OR';
59
60 /**
61 * Set "TRUE" or "1" if you want database errors outputted. Set to "2" if you also want successful database actions outputted.
62 *
63 * @var bool|int
64 */
65 public $debugOutput = FALSE;
66
67 /**
68 * Internally: Set to last built query (not necessarily executed...)
69 *
70 * @var string
71 */
72 public $debug_lastBuiltQuery = '';
73
74 /**
75 * Set "TRUE" if you want the last built query to be stored in $debug_lastBuiltQuery independent of $this->debugOutput
76 *
77 * @var bool
78 */
79 public $store_lastBuiltQuery = FALSE;
80
81 /**
82 * Set this to 1 to get queries explained (devIPmask must match). Set the value to 2 to the same but disregarding the devIPmask.
83 * There is an alternative option to enable explain output in the admin panel under "TypoScript", which will produce much nicer output, but only works in FE.
84 *
85 * @var bool
86 */
87 public $explainOutput = 0;
88
89 /**
90 * @var string Database host to connect to
91 */
92 protected $databaseHost = '';
93
94 /**
95 * @var int Database port to connect to
96 */
97 protected $databasePort = 3306;
98
99 /**
100 * @var string|NULL Database socket to connect to
101 */
102 protected $databaseSocket = NULL;
103
104 /**
105 * @var string Database name to connect to
106 */
107 protected $databaseName = '';
108
109 /**
110 * @var string Database user to connect with
111 */
112 protected $databaseUsername = '';
113
114 /**
115 * @var string Database password to connect with
116 */
117 protected $databaseUserPassword = '';
118
119 /**
120 * @var bool TRUE if database connection should be persistent
121 * @see http://php.net/manual/de/mysqli.persistconns.php
122 */
123 protected $persistentDatabaseConnection = FALSE;
124
125 /**
126 * @var bool TRUE if connection between client and sql server is compressed
127 */
128 protected $connectionCompression = FALSE;
129
130 /**
131 * The charset for the connection; will be passed on to
132 * mysqli_set_charset during connection initialization.
133 *
134 * @var string
135 */
136 protected $connectionCharset = 'utf8';
137
138 /**
139 * @var array List of commands executed after connection was established
140 */
141 protected $initializeCommandsAfterConnect = array();
142
143 /**
144 * @var bool TRUE if database connection is established
145 */
146 protected $isConnected = FALSE;
147
148 /**
149 * @var \mysqli $link Default database link object
150 */
151 protected $link = NULL;
152
153 /**
154 * Default character set, applies unless character set or collation are explicitly set
155 *
156 * @var string
157 */
158 public $default_charset = 'utf8';
159
160 /**
161 * @var array<PostProcessQueryHookInterface>
162 */
163 protected $preProcessHookObjects = array();
164
165 /**
166 * @var array<PreProcessQueryHookInterface>
167 */
168 protected $postProcessHookObjects = array();
169
170 /**
171 * the date and time formats compatible with the database in general
172 *
173 * @var array
174 */
175 static protected $dateTimeFormats = array(
176 'date' => array(
177 'empty' => '0000-00-00',
178 'format' => 'Y-m-d'
179 ),
180 'datetime' => array(
181 'empty' => '0000-00-00 00:00:00',
182 'format' => 'Y-m-d H:i:s'
183 )
184 );
185
186 /**
187 * Initialize the database connection
188 *
189 * @return void
190 */
191 public function initialize() {
192 // Intentionally blank as this will be overloaded by DBAL
193 }
194
195 /************************************
196 *
197 * Query execution
198 *
199 * These functions are the RECOMMENDED DBAL functions for use in your applications
200 * Using these functions will allow the DBAL to use alternative ways of accessing data (contrary to if a query is returned!)
201 * They compile a query AND execute it immediately and then return the result
202 * This principle heightens our ability to create various forms of DBAL of the functions.
203 * Generally: We want to return a result pointer/object, never queries.
204 * Also, having the table name together with the actual query execution allows us to direct the request to other databases.
205 *
206 **************************************/
207
208 /**
209 * Creates and executes an INSERT SQL-statement for $table from the array with field/value pairs $fields_values.
210 * Using this function specifically allows us to handle BLOB and CLOB fields depending on DB
211 *
212 * @param string $table Table name
213 * @param array $fields_values Field values as key=>value pairs. Values will be escaped internally. Typically you would fill an array like "$insertFields" with 'fieldname'=>'value' and pass it to this function as argument.
214 * @param bool|array|string $no_quote_fields See fullQuoteArray()
215 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
216 */
217 public function exec_INSERTquery($table, $fields_values, $no_quote_fields = FALSE) {
218 $res = $this->query($this->INSERTquery($table, $fields_values, $no_quote_fields));
219 if ($this->debugOutput) {
220 $this->debug('exec_INSERTquery');
221 }
222 foreach ($this->postProcessHookObjects as $hookObject) {
223 /** @var $hookObject PostProcessQueryHookInterface */
224 $hookObject->exec_INSERTquery_postProcessAction($table, $fields_values, $no_quote_fields, $this);
225 }
226 return $res;
227 }
228
229 /**
230 * Creates and executes an INSERT SQL-statement for $table with multiple rows.
231 *
232 * @param string $table Table name
233 * @param array $fields Field names
234 * @param array $rows Table rows. Each row should be an array with field values mapping to $fields
235 * @param bool|array|string $no_quote_fields See fullQuoteArray()
236 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
237 */
238 public function exec_INSERTmultipleRows($table, array $fields, array $rows, $no_quote_fields = FALSE) {
239 $res = $this->query($this->INSERTmultipleRows($table, $fields, $rows, $no_quote_fields));
240 if ($this->debugOutput) {
241 $this->debug('exec_INSERTmultipleRows');
242 }
243 foreach ($this->postProcessHookObjects as $hookObject) {
244 /** @var $hookObject PostProcessQueryHookInterface */
245 $hookObject->exec_INSERTmultipleRows_postProcessAction($table, $fields, $rows, $no_quote_fields, $this);
246 }
247 return $res;
248 }
249
250 /**
251 * Creates and executes an UPDATE SQL-statement for $table where $where-clause (typ. 'uid=...') from the array with field/value pairs $fields_values.
252 * Using this function specifically allow us to handle BLOB and CLOB fields depending on DB
253 *
254 * @param string $table Database tablename
255 * @param string $where WHERE clause, eg. "uid=1". NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself!
256 * @param array $fields_values Field values as key=>value pairs. Values will be escaped internally. Typically you would fill an array like "$updateFields" with 'fieldname'=>'value' and pass it to this function as argument.
257 * @param bool|array|string $no_quote_fields See fullQuoteArray()
258 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
259 */
260 public function exec_UPDATEquery($table, $where, $fields_values, $no_quote_fields = FALSE) {
261 $res = $this->query($this->UPDATEquery($table, $where, $fields_values, $no_quote_fields));
262 if ($this->debugOutput) {
263 $this->debug('exec_UPDATEquery');
264 }
265 foreach ($this->postProcessHookObjects as $hookObject) {
266 /** @var $hookObject PostProcessQueryHookInterface */
267 $hookObject->exec_UPDATEquery_postProcessAction($table, $where, $fields_values, $no_quote_fields, $this);
268 }
269 return $res;
270 }
271
272 /**
273 * Creates and executes a DELETE SQL-statement for $table where $where-clause
274 *
275 * @param string $table Database tablename
276 * @param string $where WHERE clause, eg. "uid=1". NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself!
277 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
278 */
279 public function exec_DELETEquery($table, $where) {
280 $res = $this->query($this->DELETEquery($table, $where));
281 if ($this->debugOutput) {
282 $this->debug('exec_DELETEquery');
283 }
284 foreach ($this->postProcessHookObjects as $hookObject) {
285 /** @var $hookObject PostProcessQueryHookInterface */
286 $hookObject->exec_DELETEquery_postProcessAction($table, $where, $this);
287 }
288 return $res;
289 }
290
291 /**
292 * Creates and executes a SELECT SQL-statement
293 * Using this function specifically allow us to handle the LIMIT feature independently of DB.
294 *
295 * @param string $select_fields List of fields to select from the table. This is what comes right after "SELECT ...". Required value.
296 * @param string $from_table Table(s) from which to select. This is what comes right after "FROM ...". Required value.
297 * @param string $where_clause Additional WHERE clauses put in the end of the query. NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself! DO NOT PUT IN GROUP BY, ORDER BY or LIMIT!
298 * @param string $groupBy Optional GROUP BY field(s), if none, supply blank string.
299 * @param string $orderBy Optional ORDER BY field(s), if none, supply blank string.
300 * @param string $limit Optional LIMIT value ([begin,]max), if none, supply blank string.
301 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
302 */
303 public function exec_SELECTquery($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $limit = '') {
304 $query = $this->SELECTquery($select_fields, $from_table, $where_clause, $groupBy, $orderBy, $limit);
305 $res = $this->query($query);
306 if ($this->debugOutput) {
307 $this->debug('exec_SELECTquery');
308 }
309 if ($this->explainOutput) {
310 $this->explain($query, $from_table, $res->num_rows);
311 }
312 foreach ($this->postProcessHookObjects as $hookObject) {
313 /** @var $hookObject PostProcessQueryHookInterface */
314 $hookObject->exec_SELECTquery_postProcessAction($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $limit = '', $this);
315 }
316 return $res;
317 }
318
319 /**
320 * Creates and executes a SELECT query, selecting fields ($select) from two/three tables joined
321 * Use $mm_table together with $local_table or $foreign_table to select over two tables. Or use all three tables to select the full MM-relation.
322 * The JOIN is done with [$local_table].uid <--> [$mm_table].uid_local / [$mm_table].uid_foreign <--> [$foreign_table].uid
323 * The function is very useful for selecting MM-relations between tables adhering to the MM-format used by TCE (TYPO3 Core Engine). See the section on $GLOBALS['TCA'] in Inside TYPO3 for more details.
324 *
325 * @param string $select Field list for SELECT
326 * @param string $local_table Tablename, local table
327 * @param string $mm_table Tablename, relation table
328 * @param string $foreign_table Tablename, foreign table
329 * @param string $whereClause Optional additional WHERE clauses put in the end of the query. NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself! DO NOT PUT IN GROUP BY, ORDER BY or LIMIT! You have to prepend 'AND ' to this parameter yourself!
330 * @param string $groupBy Optional GROUP BY field(s), if none, supply blank string.
331 * @param string $orderBy Optional ORDER BY field(s), if none, supply blank string.
332 * @param string $limit Optional LIMIT value ([begin,]max), if none, supply blank string.
333 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
334 * @see exec_SELECTquery()
335 */
336 public function exec_SELECT_mm_query($select, $local_table, $mm_table, $foreign_table, $whereClause = '', $groupBy = '', $orderBy = '', $limit = '') {
337 $foreign_table_as = $foreign_table == $local_table ? $foreign_table . str_replace('.', '', uniqid('_join', TRUE)) : '';
338 $mmWhere = $local_table ? $local_table . '.uid=' . $mm_table . '.uid_local' : '';
339 $mmWhere .= ($local_table and $foreign_table) ? ' AND ' : '';
340 $tables = ($local_table ? $local_table . ',' : '') . $mm_table;
341 if ($foreign_table) {
342 $mmWhere .= ($foreign_table_as ?: $foreign_table) . '.uid=' . $mm_table . '.uid_foreign';
343 $tables .= ',' . $foreign_table . ($foreign_table_as ? ' AS ' . $foreign_table_as : '');
344 }
345 return $this->exec_SELECTquery($select, $tables, $mmWhere . ' ' . $whereClause, $groupBy, $orderBy, $limit);
346 }
347
348 /**
349 * Executes a select based on input query parts array
350 *
351 * @param array $queryParts Query parts array
352 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
353 * @see exec_SELECTquery()
354 */
355 public function exec_SELECT_queryArray($queryParts) {
356 return $this->exec_SELECTquery($queryParts['SELECT'], $queryParts['FROM'], $queryParts['WHERE'], $queryParts['GROUPBY'], $queryParts['ORDERBY'], $queryParts['LIMIT']);
357 }
358
359 /**
360 * Creates and executes a SELECT SQL-statement AND traverse result set and returns array with records in.
361 *
362 * @param string $select_fields List of fields to select from the table. This is what comes right after "SELECT ...". Required value.
363 * @param string $from_table Table(s) from which to select. This is what comes right after "FROM ...". Required value.
364 * @param string $where_clause Additional WHERE clauses put in the end of the query. NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself! DO NOT PUT IN GROUP BY, ORDER BY or LIMIT!
365 * @param string $groupBy Optional GROUP BY field(s), if none, supply blank string.
366 * @param string $orderBy Optional ORDER BY field(s), if none, supply blank string.
367 * @param string $limit Optional LIMIT value ([begin,]max), if none, supply blank string.
368 * @param string $uidIndexField If set, the result array will carry this field names value as index. Requires that field to be selected of course!
369 * @return array|NULL Array of rows, or NULL in case of SQL error
370 * @see exec_SELECTquery()
371 * @throws \InvalidArgumentException
372 */
373 public function exec_SELECTgetRows($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $limit = '', $uidIndexField = '') {
374 $res = $this->exec_SELECTquery($select_fields, $from_table, $where_clause, $groupBy, $orderBy, $limit);
375 if ($this->sql_error()) {
376 $this->sql_free_result($res);
377 return NULL;
378 }
379 $output = array();
380 $firstRecord = TRUE;
381 while ($record = $this->sql_fetch_assoc($res)) {
382 if ($uidIndexField) {
383 if ($firstRecord) {
384 $firstRecord = FALSE;
385 if (!array_key_exists($uidIndexField, $record)) {
386 $this->sql_free_result($res);
387 throw new \InvalidArgumentException('The given $uidIndexField "' . $uidIndexField . '" is not available in the result.', 1432933855);
388 }
389 }
390 $output[$record[$uidIndexField]] = $record;
391 } else {
392 $output[] = $record;
393 }
394 }
395 $this->sql_free_result($res);
396 return $output;
397 }
398
399 /**
400 * Creates and executes a SELECT SQL-statement AND gets a result set and returns an array with a single record in.
401 * LIMIT is automatically set to 1 and can not be overridden.
402 *
403 * @param string $select_fields List of fields to select from the table.
404 * @param string $from_table Table(s) from which to select.
405 * @param string $where_clause Optional additional WHERE clauses put in the end of the query. NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself!
406 * @param string $groupBy Optional GROUP BY field(s), if none, supply blank string.
407 * @param string $orderBy Optional ORDER BY field(s), if none, supply blank string.
408 * @param bool $numIndex If set, the result will be fetched with sql_fetch_row, otherwise sql_fetch_assoc will be used.
409 * @return array|FALSE|NULL Single row, FALSE on empty result, NULL on error
410 */
411 public function exec_SELECTgetSingleRow($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $numIndex = FALSE) {
412 $res = $this->exec_SELECTquery($select_fields, $from_table, $where_clause, $groupBy, $orderBy, '1');
413 $output = NULL;
414 if ($res !== FALSE) {
415 if ($numIndex) {
416 $output = $this->sql_fetch_row($res);
417 } else {
418 $output = $this->sql_fetch_assoc($res);
419 }
420 $this->sql_free_result($res);
421 }
422 return $output;
423 }
424
425 /**
426 * Counts the number of rows in a table.
427 *
428 * @param string $field Name of the field to use in the COUNT() expression (e.g. '*')
429 * @param string $table Name of the table to count rows for
430 * @param string $where (optional) WHERE statement of the query
431 * @return mixed Number of rows counter (int) or FALSE if something went wrong (bool)
432 */
433 public function exec_SELECTcountRows($field, $table, $where = '1=1') {
434 $count = FALSE;
435 $resultSet = $this->exec_SELECTquery('COUNT(' . $field . ')', $table, $where);
436 if ($resultSet !== FALSE) {
437 list($count) = $this->sql_fetch_row($resultSet);
438 $count = (int)$count;
439 $this->sql_free_result($resultSet);
440 }
441 return $count;
442 }
443
444 /**
445 * Truncates a table.
446 *
447 * @param string $table Database tablename
448 * @return mixed Result from handler
449 */
450 public function exec_TRUNCATEquery($table) {
451 $res = $this->query($this->TRUNCATEquery($table));
452 if ($this->debugOutput) {
453 $this->debug('exec_TRUNCATEquery');
454 }
455 foreach ($this->postProcessHookObjects as $hookObject) {
456 /** @var $hookObject PostProcessQueryHookInterface */
457 $hookObject->exec_TRUNCATEquery_postProcessAction($table, $this);
458 }
459 return $res;
460 }
461
462 /**
463 * Central query method. Also checks if there is a database connection.
464 * Use this to execute database queries instead of directly calling $this->link->query()
465 *
466 * @param string $query The query to send to the database
467 * @return bool|\mysqli_result
468 */
469 protected function query($query) {
470 if (!$this->isConnected) {
471 $this->connectDB();
472 }
473 return $this->link->query($query);
474 }
475
476 /**************************************
477 *
478 * Query building
479 *
480 **************************************/
481 /**
482 * Creates an INSERT SQL-statement for $table from the array with field/value pairs $fields_values.
483 *
484 * @param string $table See exec_INSERTquery()
485 * @param array $fields_values See exec_INSERTquery()
486 * @param bool|array|string $no_quote_fields See fullQuoteArray()
487 * @return string|NULL Full SQL query for INSERT, NULL if $fields_values is empty
488 */
489 public function INSERTquery($table, $fields_values, $no_quote_fields = FALSE) {
490 // Table and fieldnames should be "SQL-injection-safe" when supplied to this
491 // function (contrary to values in the arrays which may be insecure).
492 if (!is_array($fields_values) || empty($fields_values)) {
493 return NULL;
494 }
495 foreach ($this->preProcessHookObjects as $hookObject) {
496 $hookObject->INSERTquery_preProcessAction($table, $fields_values, $no_quote_fields, $this);
497 }
498 // Quote and escape values
499 $fields_values = $this->fullQuoteArray($fields_values, $table, $no_quote_fields, TRUE);
500 // Build query
501 $query = 'INSERT INTO ' . $table . ' (' . implode(',', array_keys($fields_values)) . ') VALUES ' . '(' . implode(',', $fields_values) . ')';
502 // Return query
503 if ($this->debugOutput || $this->store_lastBuiltQuery) {
504 $this->debug_lastBuiltQuery = $query;
505 }
506 return $query;
507 }
508
509 /**
510 * Creates an INSERT SQL-statement for $table with multiple rows.
511 *
512 * @param string $table Table name
513 * @param array $fields Field names
514 * @param array $rows Table rows. Each row should be an array with field values mapping to $fields
515 * @param bool|array|string $no_quote_fields See fullQuoteArray()
516 * @return string|NULL Full SQL query for INSERT, NULL if $rows is empty
517 */
518 public function INSERTmultipleRows($table, array $fields, array $rows, $no_quote_fields = FALSE) {
519 // Table and fieldnames should be "SQL-injection-safe" when supplied to this
520 // function (contrary to values in the arrays which may be insecure).
521 if (empty($rows)) {
522 return NULL;
523 }
524 foreach ($this->preProcessHookObjects as $hookObject) {
525 /** @var $hookObject PreProcessQueryHookInterface */
526 $hookObject->INSERTmultipleRows_preProcessAction($table, $fields, $rows, $no_quote_fields, $this);
527 }
528 // Build query
529 $query = 'INSERT INTO ' . $table . ' (' . implode(', ', $fields) . ') VALUES ';
530 $rowSQL = array();
531 foreach ($rows as $row) {
532 // Quote and escape values
533 $row = $this->fullQuoteArray($row, $table, $no_quote_fields);
534 $rowSQL[] = '(' . implode(', ', $row) . ')';
535 }
536 $query .= implode(', ', $rowSQL);
537 // Return query
538 if ($this->debugOutput || $this->store_lastBuiltQuery) {
539 $this->debug_lastBuiltQuery = $query;
540 }
541 return $query;
542 }
543
544 /**
545 * Creates an UPDATE SQL-statement for $table where $where-clause (typ. 'uid=...') from the array with field/value pairs $fields_values.
546 *
547 *
548 * @param string $table See exec_UPDATEquery()
549 * @param string $where See exec_UPDATEquery()
550 * @param array $fields_values See exec_UPDATEquery()
551 * @param bool|array|string $no_quote_fields See fullQuoteArray()
552 * @throws \InvalidArgumentException
553 * @return string Full SQL query for UPDATE
554 */
555 public function UPDATEquery($table, $where, $fields_values, $no_quote_fields = FALSE) {
556 // Table and fieldnames should be "SQL-injection-safe" when supplied to this
557 // function (contrary to values in the arrays which may be insecure).
558 if (is_string($where)) {
559 foreach ($this->preProcessHookObjects as $hookObject) {
560 /** @var $hookObject PreProcessQueryHookInterface */
561 $hookObject->UPDATEquery_preProcessAction($table, $where, $fields_values, $no_quote_fields, $this);
562 }
563 $fields = array();
564 if (is_array($fields_values) && !empty($fields_values)) {
565 // Quote and escape values
566 $nArr = $this->fullQuoteArray($fields_values, $table, $no_quote_fields, TRUE);
567 foreach ($nArr as $k => $v) {
568 $fields[] = $k . '=' . $v;
569 }
570 }
571 // Build query
572 $query = 'UPDATE ' . $table . ' SET ' . implode(',', $fields) . ((string)$where !== '' ? ' WHERE ' . $where : '');
573 if ($this->debugOutput || $this->store_lastBuiltQuery) {
574 $this->debug_lastBuiltQuery = $query;
575 }
576 return $query;
577 } else {
578 throw new \InvalidArgumentException('TYPO3 Fatal Error: "Where" clause argument for UPDATE query was not a string in $this->UPDATEquery() !', 1270853880);
579 }
580 }
581
582 /**
583 * Creates a DELETE SQL-statement for $table where $where-clause
584 *
585 * @param string $table See exec_DELETEquery()
586 * @param string $where See exec_DELETEquery()
587 * @return string Full SQL query for DELETE
588 * @throws \InvalidArgumentException
589 */
590 public function DELETEquery($table, $where) {
591 if (is_string($where)) {
592 foreach ($this->preProcessHookObjects as $hookObject) {
593 /** @var $hookObject PreProcessQueryHookInterface */
594 $hookObject->DELETEquery_preProcessAction($table, $where, $this);
595 }
596 // Table and fieldnames should be "SQL-injection-safe" when supplied to this function
597 $query = 'DELETE FROM ' . $table . ((string)$where !== '' ? ' WHERE ' . $where : '');
598 if ($this->debugOutput || $this->store_lastBuiltQuery) {
599 $this->debug_lastBuiltQuery = $query;
600 }
601 return $query;
602 } else {
603 throw new \InvalidArgumentException('TYPO3 Fatal Error: "Where" clause argument for DELETE query was not a string in $this->DELETEquery() !', 1270853881);
604 }
605 }
606
607 /**
608 * Creates a SELECT SQL-statement
609 *
610 * @param string $select_fields See exec_SELECTquery()
611 * @param string $from_table See exec_SELECTquery()
612 * @param string $where_clause See exec_SELECTquery()
613 * @param string $groupBy See exec_SELECTquery()
614 * @param string $orderBy See exec_SELECTquery()
615 * @param string $limit See exec_SELECTquery()
616 * @return string Full SQL query for SELECT
617 */
618 public function SELECTquery($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $limit = '') {
619 foreach ($this->preProcessHookObjects as $hookObject) {
620 /** @var $hookObject PreProcessQueryHookInterface */
621 $hookObject->SELECTquery_preProcessAction($select_fields, $from_table, $where_clause, $groupBy, $orderBy, $limit, $this);
622 }
623 // Table and fieldnames should be "SQL-injection-safe" when supplied to this function
624 // Build basic query
625 $query = 'SELECT ' . $select_fields . ' FROM ' . $from_table . ((string)$where_clause !== '' ? ' WHERE ' . $where_clause : '');
626 // Group by
627 $query .= (string)$groupBy !== '' ? ' GROUP BY ' . $groupBy : '';
628 // Order by
629 $query .= (string)$orderBy !== '' ? ' ORDER BY ' . $orderBy : '';
630 // Group by
631 $query .= (string)$limit !== '' ? ' LIMIT ' . $limit : '';
632 // Return query
633 if ($this->debugOutput || $this->store_lastBuiltQuery) {
634 $this->debug_lastBuiltQuery = $query;
635 }
636 return $query;
637 }
638
639 /**
640 * Creates a SELECT SQL-statement to be used as subquery within another query.
641 * BEWARE: This method should not be overriden within DBAL to prevent quoting from happening.
642 *
643 * @param string $select_fields List of fields to select from the table.
644 * @param string $from_table Table from which to select.
645 * @param string $where_clause Conditional WHERE statement
646 * @return string Full SQL query for SELECT
647 */
648 public function SELECTsubquery($select_fields, $from_table, $where_clause) {
649 // Table and fieldnames should be "SQL-injection-safe" when supplied to this function
650 // Build basic query:
651 $query = 'SELECT ' . $select_fields . ' FROM ' . $from_table . ((string)$where_clause !== '' ? ' WHERE ' . $where_clause : '');
652 // Return query
653 if ($this->debugOutput || $this->store_lastBuiltQuery) {
654 $this->debug_lastBuiltQuery = $query;
655 }
656 return $query;
657 }
658
659 /**
660 * Creates a TRUNCATE TABLE SQL-statement
661 *
662 * @param string $table See exec_TRUNCATEquery()
663 * @return string Full SQL query for TRUNCATE TABLE
664 */
665 public function TRUNCATEquery($table) {
666 foreach ($this->preProcessHookObjects as $hookObject) {
667 /** @var $hookObject PreProcessQueryHookInterface */
668 $hookObject->TRUNCATEquery_preProcessAction($table, $this);
669 }
670 // Table should be "SQL-injection-safe" when supplied to this function
671 // Build basic query:
672 $query = 'TRUNCATE TABLE ' . $table;
673 // Return query:
674 if ($this->debugOutput || $this->store_lastBuiltQuery) {
675 $this->debug_lastBuiltQuery = $query;
676 }
677 return $query;
678 }
679
680 /**
681 * Returns a WHERE clause that can find a value ($value) in a list field ($field)
682 * For instance a record in the database might contain a list of numbers,
683 * "34,234,5" (with no spaces between). This query would be able to select that
684 * record based on the value "34", "234" or "5" regardless of their position in
685 * the list (left, middle or right).
686 * The value must not contain a comma (,)
687 * Is nice to look up list-relations to records or files in TYPO3 database tables.
688 *
689 * @param string $field Field name
690 * @param string $value Value to find in list
691 * @param string $table Table in which we are searching (for DBAL detection of quoteStr() method)
692 * @return string WHERE clause for a query
693 * @throws \InvalidArgumentException
694 */
695 public function listQuery($field, $value, $table) {
696 $value = (string)$value;
697 if (strpos($value, ',') !== FALSE) {
698 throw new \InvalidArgumentException('$value must not contain a comma (,) in $this->listQuery() !', 1294585862);
699 }
700 $pattern = $this->quoteStr($value, $table);
701 $where = 'FIND_IN_SET(\'' . $pattern . '\',' . $field . ')';
702 return $where;
703 }
704
705 /**
706 * Returns a WHERE clause which will make an AND or OR search for the words in the $searchWords array in any of the fields in array $fields.
707 *
708 * @param array $searchWords Array of search words
709 * @param array $fields Array of fields
710 * @param string $table Table in which we are searching (for DBAL detection of quoteStr() method)
711 * @param string $constraint How multiple search words have to match ('AND' or 'OR')
712 * @return string WHERE clause for search
713 */
714 public function searchQuery($searchWords, $fields, $table, $constraint = self::AND_Constraint) {
715 switch ($constraint) {
716 case self::OR_Constraint:
717 $constraint = 'OR';
718 break;
719 default:
720 $constraint = 'AND';
721 }
722
723 $queryParts = array();
724 foreach ($searchWords as $sw) {
725 $like = ' LIKE \'%' . $this->quoteStr($sw, $table) . '%\'';
726 $queryParts[] = $table . '.' . implode(($like . ' OR ' . $table . '.'), $fields) . $like;
727 }
728 $query = '(' . implode(') ' . $constraint . ' (', $queryParts) . ')';
729
730 return $query;
731 }
732
733 /**************************************
734 *
735 * Prepared Query Support
736 *
737 **************************************/
738 /**
739 * Creates a SELECT prepared SQL statement.
740 *
741 * @param string $select_fields See exec_SELECTquery()
742 * @param string $from_table See exec_SELECTquery()
743 * @param string $where_clause See exec_SELECTquery()
744 * @param string $groupBy See exec_SELECTquery()
745 * @param string $orderBy See exec_SELECTquery()
746 * @param string $limit See exec_SELECTquery()
747 * @param array $input_parameters An array of values with as many elements as there are bound parameters in the SQL statement being executed. All values are treated as \TYPO3\CMS\Core\Database\PreparedStatement::PARAM_AUTOTYPE.
748 * @return \TYPO3\CMS\Core\Database\PreparedStatement Prepared statement
749 */
750 public function prepare_SELECTquery($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $limit = '', array $input_parameters = array()) {
751 $query = $this->SELECTquery($select_fields, $from_table, $where_clause, $groupBy, $orderBy, $limit);
752 /** @var $preparedStatement \TYPO3\CMS\Core\Database\PreparedStatement */
753 $preparedStatement = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Database\PreparedStatement::class, $query, $from_table, array());
754 // Bind values to parameters
755 foreach ($input_parameters as $key => $value) {
756 $preparedStatement->bindValue($key, $value, PreparedStatement::PARAM_AUTOTYPE);
757 }
758 // Return prepared statement
759 return $preparedStatement;
760 }
761
762 /**
763 * Creates a SELECT prepared SQL statement based on input query parts array
764 *
765 * @param array $queryParts Query parts array
766 * @param array $input_parameters An array of values with as many elements as there are bound parameters in the SQL statement being executed. All values are treated as \TYPO3\CMS\Core\Database\PreparedStatement::PARAM_AUTOTYPE.
767 * @return \TYPO3\CMS\Core\Database\PreparedStatement Prepared statement
768 */
769 public function prepare_SELECTqueryArray(array $queryParts, array $input_parameters = array()) {
770 return $this->prepare_SELECTquery($queryParts['SELECT'], $queryParts['FROM'], $queryParts['WHERE'], $queryParts['GROUPBY'], $queryParts['ORDERBY'], $queryParts['LIMIT'], $input_parameters);
771 }
772
773 /**
774 * Prepares a prepared query.
775 *
776 * @param string $query The query to execute
777 * @param array $queryComponents The components of the query to execute
778 * @return \mysqli_stmt|object MySQLi statement / DBAL object
779 * @internal This method may only be called by \TYPO3\CMS\Core\Database\PreparedStatement
780 */
781 public function prepare_PREPAREDquery($query, array $queryComponents) {
782 if (!$this->isConnected) {
783 $this->connectDB();
784 }
785 $stmt = $this->link->stmt_init();
786 $success = $stmt->prepare($query);
787 if ($this->debugOutput) {
788 $this->debug('stmt_execute', $query);
789 }
790 return $success ? $stmt : NULL;
791 }
792
793 /**************************************
794 *
795 * Various helper functions
796 *
797 * Functions recommended to be used for
798 * - escaping values,
799 * - cleaning lists of values,
800 * - stripping of excess ORDER BY/GROUP BY keywords
801 *
802 **************************************/
803 /**
804 * Escaping and quoting values for SQL statements.
805 *
806 * @param string $str Input string
807 * @param string $table Table name for which to quote string. Just enter the table that the field-value is selected from (and any DBAL will look up which handler to use and then how to quote the string!).
808 * @param bool $allowNull Whether to allow NULL values
809 * @return string Output string; Wrapped in single quotes and quotes in the string (" / ') and \ will be backslashed (or otherwise based on DBAL handler)
810 * @see quoteStr()
811 */
812 public function fullQuoteStr($str, $table, $allowNull = FALSE) {
813 if (!$this->isConnected) {
814 $this->connectDB();
815 }
816 if ($allowNull && $str === NULL) {
817 return 'NULL';
818 }
819 if (is_bool($str)) {
820 $str = (int)$str;
821 }
822
823 return '\'' . $this->link->real_escape_string($str) . '\'';
824 }
825
826 /**
827 * Will fullquote all values in the one-dimensional array so they are ready to "implode" for an sql query.
828 *
829 * @param array $arr Array with values (either associative or non-associative array)
830 * @param string $table Table name for which to quote
831 * @param bool|array $noQuote List/array of keys NOT to quote (eg. SQL functions) - ONLY for associative arrays
832 * @param bool $allowNull Whether to allow NULL values
833 * @return array The input array with the values quoted
834 * @see cleanIntArray()
835 */
836 public function fullQuoteArray($arr, $table, $noQuote = FALSE, $allowNull = FALSE) {
837 if (is_string($noQuote)) {
838 $noQuote = explode(',', $noQuote);
839 } elseif (!is_array($noQuote)) {
840 $noQuote = FALSE;
841 }
842 foreach ($arr as $k => $v) {
843 if ($noQuote === FALSE || !in_array($k, $noQuote)) {
844 $arr[$k] = $this->fullQuoteStr($v, $table, $allowNull);
845 }
846 }
847 return $arr;
848 }
849
850 /**
851 * Substitution for PHP function "addslashes()"
852 * Use this function instead of the PHP addslashes() function when you build queries - this will prepare your code for DBAL.
853 * NOTICE: You must wrap the output of this function in SINGLE QUOTES to be DBAL compatible. Unless you have to apply the single quotes yourself you should rather use ->fullQuoteStr()!
854 *
855 * @param string $str Input string
856 * @param string $table Table name for which to quote string. Just enter the table that the field-value is selected from (and any DBAL will look up which handler to use and then how to quote the string!).
857 * @return string Output string; Quotes (" / ') and \ will be backslashed (or otherwise based on DBAL handler)
858 * @see quoteStr()
859 */
860 public function quoteStr($str, $table) {
861 if (!$this->isConnected) {
862 $this->connectDB();
863 }
864 return $this->link->real_escape_string($str);
865 }
866
867 /**
868 * Escaping values for SQL LIKE statements.
869 *
870 * @param string $str Input string
871 * @param string $table Table name for which to escape string. Just enter the table that the field-value is selected from (and any DBAL will look up which handler to use and then how to quote the string!).
872 * @return string Output string; % and _ will be escaped with \ (or otherwise based on DBAL handler)
873 * @see quoteStr()
874 */
875 public function escapeStrForLike($str, $table) {
876 return addcslashes($str, '_%');
877 }
878
879 /**
880 * Will convert all values in the one-dimensional array to integers.
881 * Useful when you want to make sure an array contains only integers before imploding them in a select-list.
882 *
883 * @param array $arr Array with values
884 * @return array The input array with all values cast to (int)
885 * @see cleanIntList()
886 */
887 public function cleanIntArray($arr) {
888 return array_map('intval', $arr);
889 }
890
891 /**
892 * Will force all entries in the input comma list to integers
893 * Useful when you want to make sure a commalist of supposed integers really contain only integers; You want to know that when you don't trust content that could go into an SQL statement.
894 *
895 * @param string $list List of comma-separated values which should be integers
896 * @return string The input list but with every value cast to (int)
897 * @see cleanIntArray()
898 */
899 public function cleanIntList($list) {
900 return implode(',', GeneralUtility::intExplode(',', $list));
901 }
902
903 /**
904 * Removes the prefix "ORDER BY" from the input string.
905 * This function is used when you call the exec_SELECTquery() function and want to pass the ORDER BY parameter by can't guarantee that "ORDER BY" is not prefixed.
906 * Generally; This function provides a work-around to the situation where you cannot pass only the fields by which to order the result.
907 *
908 * @param string $str eg. "ORDER BY title, uid
909 * @return string eg. "title, uid
910 * @see exec_SELECTquery(), stripGroupBy()
911 */
912 public function stripOrderBy($str) {
913 return preg_replace('/^(?:ORDER[[:space:]]*BY[[:space:]]*)+/i', '', trim($str));
914 }
915
916 /**
917 * Removes the prefix "GROUP BY" from the input string.
918 * This function is used when you call the SELECTquery() function and want to pass the GROUP BY parameter by can't guarantee that "GROUP BY" is not prefixed.
919 * Generally; This function provides a work-around to the situation where you cannot pass only the fields by which to order the result.
920 *
921 * @param string $str eg. "GROUP BY title, uid
922 * @return string eg. "title, uid
923 * @see exec_SELECTquery(), stripOrderBy()
924 */
925 public function stripGroupBy($str) {
926 return preg_replace('/^(?:GROUP[[:space:]]*BY[[:space:]]*)+/i', '', trim($str));
927 }
928
929 /**
930 * Takes the last part of a query, eg. "... uid=123 GROUP BY title ORDER BY title LIMIT 5,2" and splits each part into a table (WHERE, GROUPBY, ORDERBY, LIMIT)
931 * Work-around function for use where you know some userdefined end to an SQL clause is supplied and you need to separate these factors.
932 *
933 * @param string $str Input string
934 * @return array
935 */
936 public function splitGroupOrderLimit($str) {
937 // Prepending a space to make sure "[[:space:]]+" will find a space there
938 // for the first element.
939 $str = ' ' . $str;
940 // Init output array:
941 $wgolParts = array(
942 'WHERE' => '',
943 'GROUPBY' => '',
944 'ORDERBY' => '',
945 'LIMIT' => ''
946 );
947 // Find LIMIT
948 $reg = array();
949 if (preg_match('/^(.*)[[:space:]]+LIMIT[[:space:]]+([[:alnum:][:space:],._]+)$/i', $str, $reg)) {
950 $wgolParts['LIMIT'] = trim($reg[2]);
951 $str = $reg[1];
952 }
953 // Find ORDER BY
954 $reg = array();
955 if (preg_match('/^(.*)[[:space:]]+ORDER[[:space:]]+BY[[:space:]]+([[:alnum:][:space:],._]+)$/i', $str, $reg)) {
956 $wgolParts['ORDERBY'] = trim($reg[2]);
957 $str = $reg[1];
958 }
959 // Find GROUP BY
960 $reg = array();
961 if (preg_match('/^(.*)[[:space:]]+GROUP[[:space:]]+BY[[:space:]]+([[:alnum:][:space:],._]+)$/i', $str, $reg)) {
962 $wgolParts['GROUPBY'] = trim($reg[2]);
963 $str = $reg[1];
964 }
965 // Rest is assumed to be "WHERE" clause
966 $wgolParts['WHERE'] = $str;
967 return $wgolParts;
968 }
969
970 /**
971 * Returns the date and time formats compatible with the given database table.
972 *
973 * @param string $table Table name for which to return an empty date. Just enter the table that the field-value is selected from (and any DBAL will look up which handler to use and then how date and time should be formatted).
974 * @return array
975 */
976 public function getDateTimeFormats($table) {
977 return self::$dateTimeFormats;
978 }
979
980 /**************************************
981 *
982 * MySQL(i) wrapper functions
983 * (For use in your applications)
984 *
985 **************************************/
986 /**
987 * Executes query
988 * MySQLi query() wrapper function
989 * Beware: Use of this method should be avoided as it is experimentally supported by DBAL. You should consider
990 * using exec_SELECTquery() and similar methods instead.
991 *
992 * @param string $query Query to execute
993 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
994 */
995 public function sql_query($query) {
996 $res = $this->query($query);
997 if ($this->debugOutput) {
998 $this->debug('sql_query', $query);
999 }
1000 return $res;
1001 }
1002
1003 /**
1004 * Returns the error status on the last query() execution
1005 *
1006 * @return string MySQLi error string.
1007 */
1008 public function sql_error() {
1009 return $this->link->error;
1010 }
1011
1012 /**
1013 * Returns the error number on the last query() execution
1014 *
1015 * @return int MySQLi error number
1016 */
1017 public function sql_errno() {
1018 return $this->link->errno;
1019 }
1020
1021 /**
1022 * Returns the number of selected rows.
1023 *
1024 * @param bool|\mysqli_result|object $res MySQLi result object / DBAL object
1025 * @return int Number of resulting rows
1026 */
1027 public function sql_num_rows($res) {
1028 if ($this->debug_check_recordset($res)) {
1029 return $res->num_rows;
1030 } else {
1031 return FALSE;
1032 }
1033 }
1034
1035 /**
1036 * Returns an associative array that corresponds to the fetched row, or FALSE if there are no more rows.
1037 * MySQLi fetch_assoc() wrapper function
1038 *
1039 * @param bool|\mysqli_result|object $res MySQLi result object / DBAL object
1040 * @return array|boolean Associative array of result row.
1041 */
1042 public function sql_fetch_assoc($res) {
1043 if ($this->debug_check_recordset($res)) {
1044 $result = $res->fetch_assoc();
1045 if ($result === NULL) {
1046 // Needed for compatibility
1047 $result = FALSE;
1048 }
1049 return $result;
1050 } else {
1051 return FALSE;
1052 }
1053 }
1054
1055 /**
1056 * Returns an array that corresponds to the fetched row, or FALSE if there are no more rows.
1057 * The array contains the values in numerical indices.
1058 * MySQLi fetch_row() wrapper function
1059 *
1060 * @param bool|\mysqli_result|object $res MySQLi result object / DBAL object
1061 * @return array|boolean Array with result rows.
1062 */
1063 public function sql_fetch_row($res) {
1064 if ($this->debug_check_recordset($res)) {
1065 $result = $res->fetch_row();
1066 if ($result === NULL) {
1067 // Needed for compatibility
1068 $result = FALSE;
1069 }
1070 return $result;
1071 } else {
1072 return FALSE;
1073 }
1074 }
1075
1076 /**
1077 * Free result memory
1078 * free_result() wrapper function
1079 *
1080 * @param bool|\mysqli_result|object $res MySQLi result object / DBAL object
1081 * @return bool Returns TRUE on success or FALSE on failure.
1082 */
1083 public function sql_free_result($res) {
1084 if ($this->debug_check_recordset($res) && is_object($res)) {
1085 $res->free();
1086 return TRUE;
1087 } else {
1088 return FALSE;
1089 }
1090 }
1091
1092 /**
1093 * Get the ID generated from the previous INSERT operation
1094 *
1095 * @return int The uid of the last inserted record.
1096 */
1097 public function sql_insert_id() {
1098 return $this->link->insert_id;
1099 }
1100
1101 /**
1102 * Returns the number of rows affected by the last INSERT, UPDATE or DELETE query
1103 *
1104 * @return int Number of rows affected by last query
1105 */
1106 public function sql_affected_rows() {
1107 return $this->link->affected_rows;
1108 }
1109
1110 /**
1111 * Move internal result pointer
1112 *
1113 * @param bool|\mysqli_result|object $res MySQLi result object / DBAL object
1114 * @param int $seek Seek result number.
1115 * @return bool Returns TRUE on success or FALSE on failure.
1116 */
1117 public function sql_data_seek($res, $seek) {
1118 if ($this->debug_check_recordset($res)) {
1119 return $res->data_seek($seek);
1120 } else {
1121 return FALSE;
1122 }
1123 }
1124
1125 /**
1126 * Get the type of the specified field in a result
1127 * mysql_field_type() wrapper function
1128 *
1129 * @param bool|\mysqli_result|object $res MySQLi result object / DBAL object
1130 * @param int $pointer Field index.
1131 * @return string Returns the name of the specified field index, or FALSE on error
1132 */
1133 public function sql_field_type($res, $pointer) {
1134 // mysql_field_type compatibility map
1135 // taken from: http://www.php.net/manual/en/mysqli-result.fetch-field-direct.php#89117
1136 // Constant numbers see http://php.net/manual/en/mysqli.constants.php
1137 $mysql_data_type_hash = array(
1138 1=>'tinyint',
1139 2=>'smallint',
1140 3=>'int',
1141 4=>'float',
1142 5=>'double',
1143 7=>'timestamp',
1144 8=>'bigint',
1145 9=>'mediumint',
1146 10=>'date',
1147 11=>'time',
1148 12=>'datetime',
1149 13=>'year',
1150 16=>'bit',
1151 //252 is currently mapped to all text and blob types (MySQL 5.0.51a)
1152 253=>'varchar',
1153 254=>'char',
1154 246=>'decimal'
1155 );
1156 if ($this->debug_check_recordset($res)) {
1157 $metaInfo = $res->fetch_field_direct($pointer);
1158 if ($metaInfo === FALSE) {
1159 return FALSE;
1160 }
1161 return $mysql_data_type_hash[$metaInfo->type];
1162 } else {
1163 return FALSE;
1164 }
1165 }
1166
1167 /**
1168 * Open a (persistent) connection to a MySQL server
1169 *
1170 * @return bool|void
1171 * @throws \RuntimeException
1172 */
1173 public function sql_pconnect() {
1174 if ($this->isConnected) {
1175 return $this->link;
1176 }
1177
1178 if (!extension_loaded('mysqli')) {
1179 throw new \RuntimeException(
1180 'Database Error: PHP mysqli extension not loaded. This is a must have for TYPO3 CMS!',
1181 1271492607
1182 );
1183 }
1184
1185 $host = $this->persistentDatabaseConnection
1186 ? 'p:' . $this->databaseHost
1187 : $this->databaseHost;
1188
1189 $this->link = mysqli_init();
1190 $connected = $this->link->real_connect(
1191 $host,
1192 $this->databaseUsername,
1193 $this->databaseUserPassword,
1194 NULL,
1195 (int)$this->databasePort,
1196 $this->databaseSocket,
1197 $this->connectionCompression ? MYSQLI_CLIENT_COMPRESS : 0
1198 );
1199
1200 if ($connected) {
1201 $this->isConnected = TRUE;
1202
1203 if ($this->link->set_charset($this->connectionCharset) === FALSE) {
1204 GeneralUtility::sysLog(
1205 'Error setting connection charset to "' . $this->connectionCharset . '"',
1206 'core',
1207 GeneralUtility::SYSLOG_SEVERITY_ERROR
1208 );
1209 }
1210
1211 foreach ($this->initializeCommandsAfterConnect as $command) {
1212 if ($this->query($command) === FALSE) {
1213 GeneralUtility::sysLog(
1214 'Could not initialize DB connection with query "' . $command . '": ' . $this->sql_error(),
1215 'core',
1216 GeneralUtility::SYSLOG_SEVERITY_ERROR
1217 );
1218 }
1219 }
1220 $this->checkConnectionCharset();
1221 } else {
1222 // @todo This should raise an exception. Would be useful especially to work during installation.
1223 $error_msg = $this->link->connect_error;
1224 $this->link = NULL;
1225 GeneralUtility::sysLog(
1226 'Could not connect to MySQL server ' . $host . ' with user ' . $this->databaseUsername . ': ' . $error_msg,
1227 'core',
1228 GeneralUtility::SYSLOG_SEVERITY_FATAL
1229 );
1230 }
1231 return $this->link;
1232 }
1233
1234 /**
1235 * Select a SQL database
1236 *
1237 * @return bool Returns TRUE on success or FALSE on failure.
1238 */
1239 public function sql_select_db() {
1240 if (!$this->isConnected) {
1241 $this->connectDB();
1242 }
1243
1244 $ret = $this->link->select_db($this->databaseName);
1245 if (!$ret) {
1246 GeneralUtility::sysLog(
1247 'Could not select MySQL database ' . $this->databaseName . ': ' . $this->sql_error(),
1248 'core',
1249 GeneralUtility::SYSLOG_SEVERITY_FATAL
1250 );
1251 }
1252 return $ret;
1253 }
1254
1255 /**************************************
1256 *
1257 * SQL admin functions
1258 * (For use in the Install Tool and Extension Manager)
1259 *
1260 **************************************/
1261 /**
1262 * Listing databases from current MySQL connection. NOTICE: It WILL try to select those databases and thus break selection of current database.
1263 * This is only used as a service function in the (1-2-3 process) of the Install Tool.
1264 * In any case a lookup should be done in the _DEFAULT handler DBMS then.
1265 * Use in Install Tool only!
1266 *
1267 * @return array Each entry represents a database name
1268 * @throws \RuntimeException
1269 */
1270 public function admin_get_dbs() {
1271 $dbArr = array();
1272 $db_list = $this->query("SELECT SCHEMA_NAME FROM information_schema.SCHEMATA");
1273 if ($db_list === FALSE) {
1274 throw new \RuntimeException(
1275 'MySQL Error: Cannot get tablenames: "' . $this->sql_error() . '"!',
1276 1378457171
1277 );
1278 } else {
1279 while ($row = $db_list->fetch_object()) {
1280 try {
1281 $this->setDatabaseName($row->SCHEMA_NAME);
1282 if ($this->sql_select_db()) {
1283 $dbArr[] = $row->SCHEMA_NAME;
1284 }
1285 } catch (\RuntimeException $exception) {
1286 // The exception happens if we cannot connect to the database
1287 // (usually due to missing permissions). This is ok here.
1288 // We catch the exception, skip the database and continue.
1289 }
1290 }
1291 }
1292 return $dbArr;
1293 }
1294
1295 /**
1296 * Returns the list of tables from the default database, TYPO3_db (quering the DBMS)
1297 * In a DBAL this method should 1) look up all tables from the DBMS of
1298 * the _DEFAULT handler and then 2) add all tables *configured* to be managed by other handlers
1299 *
1300 * @return array Array with tablenames as key and arrays with status information as value
1301 */
1302 public function admin_get_tables() {
1303 $whichTables = array();
1304 $tables_result = $this->query('SHOW TABLE STATUS FROM `' . $this->databaseName . '`');
1305 if ($tables_result !== FALSE) {
1306 while ($theTable = $tables_result->fetch_assoc()) {
1307 $whichTables[$theTable['Name']] = $theTable;
1308 }
1309 $tables_result->free();
1310 }
1311 return $whichTables;
1312 }
1313
1314 /**
1315 * Returns information about each field in the $table (quering the DBMS)
1316 * In a DBAL this should look up the right handler for the table and return compatible information
1317 * This function is important not only for the Install Tool but probably for
1318 * DBALs as well since they might need to look up table specific information
1319 * in order to construct correct queries. In such cases this information should
1320 * probably be cached for quick delivery.
1321 *
1322 * @param string $tableName Table name
1323 * @return array Field information in an associative array with fieldname => field row
1324 */
1325 public function admin_get_fields($tableName) {
1326 $output = array();
1327 $columns_res = $this->query('SHOW FULL COLUMNS FROM `' . $tableName . '`');
1328 if ($columns_res !== FALSE) {
1329 while ($fieldRow = $columns_res->fetch_assoc()) {
1330 $output[$fieldRow['Field']] = $fieldRow;
1331 }
1332 $columns_res->free();
1333 }
1334 return $output;
1335 }
1336
1337 /**
1338 * Returns information about each index key in the $table (quering the DBMS)
1339 * In a DBAL this should look up the right handler for the table and return compatible information
1340 *
1341 * @param string $tableName Table name
1342 * @return array Key information in a numeric array
1343 */
1344 public function admin_get_keys($tableName) {
1345 $output = array();
1346 $keyRes = $this->query('SHOW KEYS FROM `' . $tableName . '`');
1347 if ($keyRes !== FALSE) {
1348 while ($keyRow = $keyRes->fetch_assoc()) {
1349 $output[] = $keyRow;
1350 }
1351 $keyRes->free();
1352 }
1353 return $output;
1354 }
1355
1356 /**
1357 * Returns information about the character sets supported by the current DBM
1358 * This function is important not only for the Install Tool but probably for
1359 * DBALs as well since they might need to look up table specific information
1360 * in order to construct correct queries. In such cases this information should
1361 * probably be cached for quick delivery.
1362 *
1363 * This is used by the Install Tool to convert tables with non-UTF8 charsets
1364 * Use in Install Tool only!
1365 *
1366 * @return array Array with Charset as key and an array of "Charset", "Description", "Default collation", "Maxlen" as values
1367 */
1368 public function admin_get_charsets() {
1369 $output = array();
1370 $columns_res = $this->query('SHOW CHARACTER SET');
1371 if ($columns_res !== FALSE) {
1372 while ($row = $columns_res->fetch_assoc()) {
1373 $output[$row['Charset']] = $row;
1374 }
1375 $columns_res->free();
1376 }
1377 return $output;
1378 }
1379
1380 /**
1381 * mysqli() wrapper function, used by the Install Tool and EM for all queries regarding management of the database!
1382 *
1383 * @param string $query Query to execute
1384 * @return bool|\mysqli_result|object MySQLi result object / DBAL object
1385 */
1386 public function admin_query($query) {
1387 $res = $this->query($query);
1388 if ($this->debugOutput) {
1389 $this->debug('admin_query', $query);
1390 }
1391 return $res;
1392 }
1393
1394 /******************************
1395 *
1396 * Connect handling
1397 *
1398 ******************************/
1399
1400 /**
1401 * Set database host
1402 *
1403 * @param string $host
1404 */
1405 public function setDatabaseHost($host = 'localhost') {
1406 $this->disconnectIfConnected();
1407 $this->databaseHost = $host;
1408 }
1409
1410 /**
1411 * Set database port
1412 *
1413 * @param int $port
1414 */
1415 public function setDatabasePort($port = 3306) {
1416 $this->disconnectIfConnected();
1417 $this->databasePort = (int)$port;
1418 }
1419
1420 /**
1421 * Set database socket
1422 *
1423 * @param string|NULL $socket
1424 */
1425 public function setDatabaseSocket($socket = NULL) {
1426 $this->disconnectIfConnected();
1427 $this->databaseSocket = $socket;
1428 }
1429
1430 /**
1431 * Set database name
1432 *
1433 * @param string $name
1434 */
1435 public function setDatabaseName($name) {
1436 $this->disconnectIfConnected();
1437 $this->databaseName = $name;
1438 }
1439
1440 /**
1441 * Set database username
1442 *
1443 * @param string $username
1444 */
1445 public function setDatabaseUsername($username) {
1446 $this->disconnectIfConnected();
1447 $this->databaseUsername = $username;
1448 }
1449
1450 /**
1451 * Set database password
1452 *
1453 * @param string $password
1454 */
1455 public function setDatabasePassword($password) {
1456 $this->disconnectIfConnected();
1457 $this->databaseUserPassword = $password;
1458 }
1459
1460 /**
1461 * Set persistent database connection
1462 *
1463 * @param bool $persistentDatabaseConnection
1464 * @see http://php.net/manual/de/mysqli.persistconns.php
1465 */
1466 public function setPersistentDatabaseConnection($persistentDatabaseConnection) {
1467 $this->disconnectIfConnected();
1468 $this->persistentDatabaseConnection = (bool)$persistentDatabaseConnection;
1469 }
1470
1471 /**
1472 * Set connection compression. Might be an advantage, if SQL server is not on localhost
1473 *
1474 * @param bool $connectionCompression TRUE if connection should be compressed
1475 */
1476 public function setConnectionCompression($connectionCompression) {
1477 $this->disconnectIfConnected();
1478 $this->connectionCompression = (bool)$connectionCompression;
1479 }
1480
1481 /**
1482 * Set commands to be fired after connection was established
1483 *
1484 * @param array $commands List of SQL commands to be executed after connect
1485 */
1486 public function setInitializeCommandsAfterConnect(array $commands) {
1487 $this->disconnectIfConnected();
1488 $this->initializeCommandsAfterConnect = $commands;
1489 }
1490
1491 /**
1492 * Set the charset that should be used for the MySQL connection.
1493 * The given value will be passed on to mysqli_set_charset().
1494 *
1495 * The default value of this setting is utf8.
1496 *
1497 * @param string $connectionCharset The connection charset that will be passed on to mysqli_set_charset() when connecting the database. Default is utf8.
1498 * @return void
1499 */
1500 public function setConnectionCharset($connectionCharset = 'utf8') {
1501 $this->disconnectIfConnected();
1502 $this->connectionCharset = $connectionCharset;
1503 }
1504
1505 /**
1506 * Connects to database for TYPO3 sites:
1507 *
1508 * @throws \RuntimeException
1509 * @throws \UnexpectedValueException
1510 * @return void
1511 */
1512 public function connectDB() {
1513 // Early return if connected already
1514 if ($this->isConnected) {
1515 return;
1516 }
1517
1518 if (!$this->databaseName) {
1519 throw new \RuntimeException(
1520 'TYPO3 Fatal Error: No database selected!',
1521 1270853882
1522 );
1523 }
1524
1525 if ($this->sql_pconnect()) {
1526 if (!$this->sql_select_db()) {
1527 throw new \RuntimeException(
1528 'TYPO3 Fatal Error: Cannot connect to the current database, "' . $this->databaseName . '"!',
1529 1270853883
1530 );
1531 }
1532 } else {
1533 throw new \RuntimeException(
1534 'TYPO3 Fatal Error: The current username, password or host was not accepted when the connection to the database was attempted to be established!',
1535 1270853884
1536 );
1537 }
1538
1539 // Prepare user defined objects (if any) for hooks which extend query methods
1540 $this->preProcessHookObjects = array();
1541 $this->postProcessHookObjects = array();
1542 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_db.php']['queryProcessors'])) {
1543 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_db.php']['queryProcessors'] as $classRef) {
1544 $hookObject = GeneralUtility::getUserObj($classRef);
1545 if (!(
1546 $hookObject instanceof PreProcessQueryHookInterface
1547 || $hookObject instanceof PostProcessQueryHookInterface
1548 )) {
1549 throw new \UnexpectedValueException(
1550 '$hookObject must either implement interface TYPO3\\CMS\\Core\\Database\\PreProcessQueryHookInterface or interface TYPO3\\CMS\\Core\\Database\\PostProcessQueryHookInterface',
1551 1299158548
1552 );
1553 }
1554 if ($hookObject instanceof PreProcessQueryHookInterface) {
1555 $this->preProcessHookObjects[] = $hookObject;
1556 }
1557 if ($hookObject instanceof PostProcessQueryHookInterface) {
1558 $this->postProcessHookObjects[] = $hookObject;
1559 }
1560 }
1561 }
1562 }
1563
1564 /**
1565 * Checks if database is connected
1566 *
1567 * @return bool
1568 */
1569 public function isConnected() {
1570 // We think we're still connected
1571 if ($this->isConnected) {
1572 // Check if this is really the case or if the database server has gone away for some reason
1573 $this->isConnected = $this->link->ping();
1574 }
1575 return $this->isConnected;
1576 }
1577
1578 /**
1579 * Checks if the current connection character set has the same value
1580 * as the connectionCharset variable.
1581 *
1582 * To determine the character set these MySQL session variables are
1583 * checked: character_set_client, character_set_results and
1584 * character_set_connection.
1585 *
1586 * If the character set does not match or if the session variables
1587 * can not be read a RuntimeException is thrown.
1588 *
1589 * @return void
1590 * @throws \RuntimeException
1591 */
1592 protected function checkConnectionCharset() {
1593 $sessionResult = $this->sql_query('SHOW SESSION VARIABLES LIKE \'character_set%\'');
1594
1595 if ($sessionResult === FALSE) {
1596 GeneralUtility::sysLog(
1597 'Error while retrieving the current charset session variables from the database: ' . $this->sql_error(),
1598 'core',
1599 GeneralUtility::SYSLOG_SEVERITY_ERROR
1600 );
1601 throw new \RuntimeException(
1602 'TYPO3 Fatal Error: Could not determine the current charset of the database.',
1603 1381847136
1604 );
1605 }
1606
1607 $charsetVariables = array();
1608 while (($row = $this->sql_fetch_row($sessionResult)) !== FALSE) {
1609 $variableName = $row[0];
1610 $variableValue = $row[1];
1611 $charsetVariables[$variableName] = $variableValue;
1612 }
1613 $this->sql_free_result($sessionResult);
1614
1615 // These variables are set with the "Set names" command which was
1616 // used in the past. This is why we check them.
1617 $charsetRequiredVariables = array(
1618 'character_set_client',
1619 'character_set_results',
1620 'character_set_connection',
1621 );
1622
1623 $hasValidCharset = TRUE;
1624 foreach ($charsetRequiredVariables as $variableName) {
1625 if (empty($charsetVariables[$variableName])) {
1626 GeneralUtility::sysLog(
1627 'A required session variable is missing in the current MySQL connection: ' . $variableName,
1628 'core',
1629 GeneralUtility::SYSLOG_SEVERITY_ERROR
1630 );
1631 throw new \RuntimeException(
1632 'TYPO3 Fatal Error: Could not determine the value of the database session variable: ' . $variableName,
1633 1381847779
1634 );
1635 }
1636
1637 if ($charsetVariables[$variableName] !== $this->connectionCharset) {
1638 $hasValidCharset = FALSE;
1639 break;
1640 }
1641 }
1642
1643 if (!$hasValidCharset) {
1644 throw new \RuntimeException(
1645 'It looks like the character set ' . $this->connectionCharset . ' is not used for this connection even though it is configured as connection charset. ' .
1646 'This TYPO3 installation is using the $GLOBALS[\'TYPO3_CONF_VARS\'][\'SYS\'][\'setDBinit\'] property with the following value: "' .
1647 $GLOBALS['TYPO3_CONF_VARS']['SYS']['setDBinit'] . '". Please make sure that this command does not overwrite the configured charset. ' .
1648 'Please note that for the TYPO3 database everything other than utf8 is unsupported since version 4.7.',
1649 1389697515
1650 );
1651 }
1652 }
1653
1654 /**
1655 * Disconnect from database if connected
1656 *
1657 * @return void
1658 */
1659 protected function disconnectIfConnected() {
1660 if ($this->isConnected) {
1661 $this->link->close();
1662 $this->isConnected = FALSE;
1663 }
1664 }
1665
1666 /**
1667 * Returns current database handle
1668 *
1669 * @return \mysqli|NULL
1670 */
1671 public function getDatabaseHandle() {
1672 return $this->link;
1673 }
1674
1675 /**
1676 * Set current database handle, usually \mysqli
1677 *
1678 * @param \mysqli $handle
1679 */
1680 public function setDatabaseHandle($handle) {
1681 $this->link = $handle;
1682 }
1683
1684 /**
1685 * Get the MySQL server version
1686 *
1687 * @return string
1688 */
1689 public function getServerVersion() {
1690 return $this->link->server_info;
1691 }
1692
1693 /******************************
1694 *
1695 * Debugging
1696 *
1697 ******************************/
1698 /**
1699 * Debug function: Outputs error if any
1700 *
1701 * @param string $func Function calling debug()
1702 * @param string $query Last query if not last built query
1703 * @return void
1704 */
1705 public function debug($func, $query = '') {
1706 $error = $this->sql_error();
1707 if ($error || (int)$this->debugOutput === 2) {
1708 \TYPO3\CMS\Core\Utility\DebugUtility::debug(
1709 array(
1710 'caller' => \TYPO3\CMS\Core\Database\DatabaseConnection::class . '::' . $func,
1711 'ERROR' => $error,
1712 'lastBuiltQuery' => $query ? $query : $this->debug_lastBuiltQuery,
1713 'debug_backtrace' => \TYPO3\CMS\Core\Utility\DebugUtility::debugTrail()
1714 ),
1715 $func,
1716 is_object($GLOBALS['error']) && @is_callable(array($GLOBALS['error'], 'debug'))
1717 ? ''
1718 : 'DB Error'
1719 );
1720 }
1721 }
1722
1723 /**
1724 * Checks if record set is valid and writes debugging information into devLog if not.
1725 *
1726 * @param bool|\mysqli_result|object MySQLi result object / DBAL object
1727 * @return bool TRUE if the record set is valid, FALSE otherwise
1728 */
1729 public function debug_check_recordset($res) {
1730 if ($res !== FALSE) {
1731 return TRUE;
1732 }
1733 $msg = 'Invalid database result detected';
1734 $trace = debug_backtrace();
1735 array_shift($trace);
1736 $cnt = count($trace);
1737 for ($i = 0; $i < $cnt; $i++) {
1738 // Complete objects are too large for the log
1739 if (isset($trace['object'])) {
1740 unset($trace['object']);
1741 }
1742 }
1743 $msg .= ': function TYPO3\\CMS\\Core\\Database\\DatabaseConnection->' . $trace[0]['function'] . ' called from file ' . substr($trace[0]['file'], (strlen(PATH_site) + 2)) . ' in line ' . $trace[0]['line'];
1744 GeneralUtility::sysLog(
1745 $msg . '. Use a devLog extension to get more details.',
1746 'core',
1747 GeneralUtility::SYSLOG_SEVERITY_ERROR
1748 );
1749 // Send to devLog if enabled
1750 if (TYPO3_DLOG) {
1751 $debugLogData = array(
1752 'SQL Error' => $this->sql_error(),
1753 'Backtrace' => $trace
1754 );
1755 if ($this->debug_lastBuiltQuery) {
1756 $debugLogData = array('SQL Query' => $this->debug_lastBuiltQuery) + $debugLogData;
1757 }
1758 GeneralUtility::devLog($msg . '.', 'Core/t3lib_db', 3, $debugLogData);
1759 }
1760 return FALSE;
1761 }
1762
1763 /**
1764 * Explain select queries
1765 * If $this->explainOutput is set, SELECT queries will be explained here. Only queries with more than one possible result row will be displayed.
1766 * The output is either printed as raw HTML output or embedded into the TS admin panel (checkbox must be enabled!)
1767 *
1768 * @todo Feature is not DBAL-compliant
1769 *
1770 * @param string $query SQL query
1771 * @param string $from_table Table(s) from which to select. This is what comes right after "FROM ...". Required value.
1772 * @param int $row_count Number of resulting rows
1773 * @return bool TRUE if explain was run, FALSE otherwise
1774 */
1775 protected function explain($query, $from_table, $row_count) {
1776 $debugAllowedForIp = GeneralUtility::cmpIP(
1777 GeneralUtility::getIndpEnv('REMOTE_ADDR'),
1778 $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']
1779 );
1780 if (
1781 (int)$this->explainOutput == 1
1782 || ((int)$this->explainOutput == 2 && $debugAllowedForIp)
1783 ) {
1784 // Raw HTML output
1785 $explainMode = 1;
1786 } elseif ((int)$this->explainOutput == 3 && is_object($GLOBALS['TT'])) {
1787 // Embed the output into the TS admin panel
1788 $explainMode = 2;
1789 } else {
1790 return FALSE;
1791 }
1792 $error = $this->sql_error();
1793 $trail = \TYPO3\CMS\Core\Utility\DebugUtility::debugTrail();
1794 $explain_tables = array();
1795 $explain_output = array();
1796 $res = $this->sql_query('EXPLAIN ' . $query, $this->link);
1797 if (is_a($res, '\\mysqli_result')) {
1798 while ($tempRow = $this->sql_fetch_assoc($res)) {
1799 $explain_output[] = $tempRow;
1800 $explain_tables[] = $tempRow['table'];
1801 }
1802 $this->sql_free_result($res);
1803 }
1804 $indices_output = array();
1805 // Notice: Rows are skipped if there is only one result, or if no conditions are set
1806 if (
1807 $explain_output[0]['rows'] > 1
1808 || GeneralUtility::inList('ALL', $explain_output[0]['type'])
1809 ) {
1810 // Only enable output if it's really useful
1811 $debug = TRUE;
1812 foreach ($explain_tables as $table) {
1813 $tableRes = $this->sql_query('SHOW TABLE STATUS LIKE \'' . $table . '\'');
1814 $isTable = $this->sql_num_rows($tableRes);
1815 if ($isTable) {
1816 $res = $this->sql_query('SHOW INDEX FROM ' . $table, $this->link);
1817 if (is_a($res, '\\mysqli_result')) {
1818 while ($tempRow = $this->sql_fetch_assoc($res)) {
1819 $indices_output[] = $tempRow;
1820 }
1821 $this->sql_free_result($res);
1822 }
1823 }
1824 $this->sql_free_result($tableRes);
1825 }
1826 } else {
1827 $debug = FALSE;
1828 }
1829 if ($debug) {
1830 if ($explainMode) {
1831 $data = array();
1832 $data['query'] = $query;
1833 $data['trail'] = $trail;
1834 $data['row_count'] = $row_count;
1835 if ($error) {
1836 $data['error'] = $error;
1837 }
1838 if (!empty($explain_output)) {
1839 $data['explain'] = $explain_output;
1840 }
1841 if (!empty($indices_output)) {
1842 $data['indices'] = $indices_output;
1843 }
1844 if ($explainMode == 1) {
1845 \TYPO3\CMS\Core\Utility\DebugUtility::debug($data, 'Tables: ' . $from_table, 'DB SQL EXPLAIN');
1846 } elseif ($explainMode == 2) {
1847 $GLOBALS['TT']->setTSselectQuery($data);
1848 }
1849 }
1850 return TRUE;
1851 }
1852 return FALSE;
1853 }
1854
1855 /**
1856 * Serialize destructs current connection
1857 *
1858 * @return array All protected properties that should be saved
1859 */
1860 public function __sleep() {
1861 $this->disconnectIfConnected();
1862 return array(
1863 'debugOutput',
1864 'explainOutput',
1865 'databaseHost',
1866 'databasePort',
1867 'databaseSocket',
1868 'databaseName',
1869 'databaseUsername',
1870 'databaseUserPassword',
1871 'persistentDatabaseConnection',
1872 'connectionCompression',
1873 'initializeCommandsAfterConnect',
1874 'default_charset',
1875 );
1876 }
1877
1878 }