Posted by Steve on 10/18/06 15:45

".:[ ikciu ]:." <no@mail.com> wrote in message
news:eh5hrn$rpk$1@news.dialog.net.pl...
| Hmm Steve <no.one@example.com> wrote:
|
| > either post YOUR apache error log or just post the browser error
| > message (which is my real concern). as i said, i've supressed by sql
| > execute statements. all errors are handled to my satisfaction in the
| > source i gave. if you find a way to compromise data integrity and/or
| > security, i'd love to hear how you did it. if the only thing you can
| > get to blow up is the sorting mechanism by fucking with the query
| > string in the url, i'm not interested...but even then, the results
| > are less than disasterous...they get only a message on the screen
| > saying that 'no records can be found'.
|
| i cant do it, i have no your class for db handle, so just move it on the
| free php server give the link and later look at error log - you will see

anything else you want? here's the class:

<?
class db
{
static private $_instance = null;
static private $_lastStatement = '';

private function __clone(){}

private function __construct(){}

static function connect($server, $user, $password, $catalog = null)
{
try
{
mysql_connect($server, $user, $password);
if (!is_null($catalog)){ mysql_select_db($catalog); }
} catch (exception $ex) {
print "<pre>\r\n" . $ex->getMessage() . "\r\n" .
' in file ' . $ex->getFile() . "\r\n" .
' on line ' . $ex->getLine() . "\r\n" .
'</pre>';
return false;
}
return true;
}

static function getInstance()
{
if (is_null(self::$_instance)){ self::$_instance = new db(); }
return self::$_instance;
}

static function getLastStatement(){ return self::$_lastStatement; }

static function decode($string)
{
$translation = get_html_translation_table(HTML_ENTITIES);
$translation = array_flip($translation);
$string = strtr($string, $translation);
return $string;
}

static function describe($table)
{
$columns = array();
$records = self::execute('DESCRIBE ' . $table);
foreach ($records as $record)
{
foreach ($record as $column => $property)
{
if ($column == 'FIELD'){ continue; }
$columns[$record['FIELD']][$column] = $property;
}
}
return $columns;
}

static function encode($string)
{
$translation = get_html_translation_table(HTML_ENTITIES);
$string = strtr($string, $translation);
return $string;
}

static function execute($sql, $decode = false, $returnNewId = false)
{
self::$_lastStatement = $sql;
$array = array();
$key = 0;
$records = mysql_query($sql);
$fieldCount = @mysql_num_fields($records);
$translation = get_html_translation_table(HTML_ENTITIES);
$translation = array_flip($translation);
while ($row = @mysql_fetch_array($records, MYSQL_NUM))
{
for ($i = 0; $i < $fieldCount; $i++)
{
$value = $row[$i];
if ($decode){ $value = strtr($value, $translation); }
$array[$key][strtoupper(@mysql_field_name($records, $i))] = $value;
}
$key++;
}
if ($returnNewId)
{
$array = array();
$array[0]['ID'] = mysql_insert_id();
}
@mysql_free_result($records);
return $array;
}

static function prepare($string, $encode = false)
{
if ($encode){ $string = self::encode($string); }
$string = stripslashes(str_replace("'", "''", $string));
return $string;
}
}
?>

[Back to original message]