Nystic 2.0

[Brent]

Here is a simple dbms that I made.

Code: Select all

<?php
class db
{
    function connect()
    {
        include($_SERVER['DOCUMENT_ROOT'] . '/config.inc.php');
        switch($type)
        {
            case "mysql":
                mysql_connect($host, $user, $pass) or die("Could not connect: " . mysql_error());
                mysql_select_db($name) or die(mysql_error());
                break;
            case "mssql":                mssql_connect($host, $user, $pass) or die("Could not connect!");
                mssql_select_db($name);
                break;
            case "oracle":
                $_SESSION['con'] = oci_connect($host, $user, $pass, $name);
                break;
        }
    }
    function query($q)
    {
        include($_SERVER['DOCUMENT_ROOT'] . '/config.inc.php');
        switch($type)
        {
            case "mysql":
                return mysql_query($q);
                break;
            case "mssql":
                return mssql_query($q);
                break;
            case "oracle":
                return oci_parse($_SESSION['con'], $q);
                break;
        }
    }
    function numrows($q)
    {
        include($_SERVER['DOCUMENT_ROOT'] . '/config.inc.php');
        switch($type)
        {
            case "mysql":
                return mysql_num_rows($q);
                break;
            case "mssql":
                return mssql_num_rows($q);
                break;
            case "oracle":
                return oci_num_rows($q);
                break;
        }
    }
    function fetcharray($q)
    {
        include($_SERVER['DOCUMENT_ROOT'] . '/config.inc.php');
        switch($type)
        {
            case "mysql":
                return mysql_fetch_array($q);
                break;
            case "mssql":
                return mssql_fetch_array($q);
                break;
            case "oracle":
                return oci_fetch_array($q);
                break;
        }
    }
    /* Use this before inserting into database */
    function sanitize($dirty)
    {
        $dirty = trim($dirty);
        $dirty = htmlspecialchars($dirty);
        include($_SERVER['DOCUMENT_ROOT'] . '/config.inc.php');
        switch($type)
        {
            case "mysql":
                $dirty = mysql_real_escape_string($dirty);
                break;
            case "mssql":
                $dirty = mysql_real_escape_string($dirty);
                break;
            case "oracle":
                $dirty = mysql_real_escape_string($dirty);
                break;
        }
        return $dirty;
    }
    /* Use this before displaying database data */
    function scrub($dirty)
    {
        $dirty = stripslashes($dirty);
        return $dirty;
    }
}
?>


Save that as dbms.php.

Create a file called config.inc.php and put it in the site root.

Put the following code inside:

Code: Select all

<?php
/* Config File  */
$host="your_host";
$name="your_db"; 
$user="your_user";
$pass="your_pass";
$pfix="your_db_prefix";
$type="db_type";
?>

Replace your_host with your database host.
Replace your_db with your database name.
Replace your_user with your database username.
Replace your_pass with your database password.
Replace your_db_prefix with the table prefix.
Replace db_type with either mysql, mssql, or oracle.

In the the files you want to access the database. Include the dbms file. Then add the following code:

Code: Select all

$db &= new db;
$db->connect();
$db->query("SELECT * FROM...");   

Replace SELECT * FROM... with the query you want to perform. Check the dbms php file for more functions.

Use your new dbms wisely.

[Roswell]

mysql_real_escape_string() requires an active MySQL database connection, so using it for mssql, etc. won't work too well

[Brent]

mysql_real_escape_string() requires an active MySQL database connection, so using it for mssql, etc. won't work too well

Meh. Is there an equivalent for the other database systems?

[Roswell]

You'd probably be better off writing your own, or at the very least just using add_slashes().

[Roswell]

I got bored so here you go.

Code: Select all

<?php
/*
Function Name: sanitize
Function Purpose: Sanitize variables for use in SQL queries
Function Arguments
    (string) input
        String for sanitizing
Returns: Santizied Value
*/
function sanitize($input)
{
    $input = trim($input);
    if(!is_numeric($input))
    {
        if(get_magic_quotes_gpc())
        {
            $input = stripslashes($input);
        }
        $input = str_replace("\x00", "\\x00", $input);
        $input = str_replace("\n", "\\n", $input);
        $input = str_replace("\r", "\\r", $input);
        $input = str_replace("\x1a", "\\x18", $input);
    }
    return($input);
}
/*
Function Name: type_auth
Function Purpose: Determine type of variable
Function Arguments
    (string) input
        String for detection
    (mixed) type
        The type we are authenticating for
            Values:
                1 || anum
                    Alphanumeric
                2 || int
                    Integer
Returns:
    true
        Variable is expected type
    false
        Variable is not expected type
Additional Notes:
    Note that performance of preg_replace has a lot to be desired. While
    strspn() is an alternative, many argue against its effectiveness.
*/
function type_auth($input, $mode)
{
    if($mode == "1" || $mode == "anum")
    {
        return (!preg_match("/^([-a-z0-9])+$/i", $str)) ? false: true;
    }
    else if($mode == "2" || $mode == "int")
    {
        return (!is_numeric($input)) ? false: true;
    }
}
?>

[Brent]

I got bored so here you go.

Sweet thanks. I'll apply it later.

[omoi]

You'd probably be better off writing your own, or at the very least just using add_slashes().

what about stripslashes?

[Roswell]

You use that when you output