mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 984 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60903 Commits
367 Branches
Tree: 6312c0df69
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6312c0df69'
${ noResults }
nextcloud/lib/private/legacy/OC_DB.php

OC_DB.php 6.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  4.  *

  5.  * @author Andreas Fischer <bantu@owncloud.com>

  6.  * @author Bart Visscher <bartv@thisnet.nl>

  7.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  8.  * @author Joas Schilling <coding@schilljs.com>

  9.  * @author Jörn Friedrich Dreyer <jfd@butonic.de>

  10.  * @author Lukas Reschke <lukas@statuscode.ch>

  11.  * @author Morris Jobke <hey@morrisjobke.de>

  12.  * @author Robin Appelman <robin@icewind.nl>

  13.  * @author Thomas Müller <thomas.mueller@tmit.eu>

  14.  * @author Vincent Petry <vincent@nextcloud.com>

  15.  *

  16.  * @license AGPL-3.0

  17.  *

  18.  * This code is free software: you can redistribute it and/or modify

  19.  * it under the terms of the GNU Affero General Public License, version 3,

  20.  * as published by the Free Software Foundation.

  21.  *

  22.  * This program is distributed in the hope that it will be useful,

  23.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  24.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  25.  * GNU Affero General Public License for more details.

  26.  *

  27.  * You should have received a copy of the GNU Affero General Public License, version 3,

  28.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  29.  *

  30.  */

  31. class OC_DB {

  32. 

  33. 	/**

  34. 	 * Prepare a SQL query

  35. 	 * @param string $query Query string

  36. 	 * @param int|null $limit

  37. 	 * @param int|null $offset

  38. 	 * @param bool|null $isManipulation

  39. 	 * @throws \OC\DatabaseException

  40. 	 * @return OC_DB_StatementWrapper prepared SQL query

  41. 	 * @deprecated 21.0.0 Please use \OCP\IDBConnection::getQueryBuilder() instead

  42. 	 *

  43. 	 * SQL query via Doctrine prepare(), needs to be execute()'d!

  44. 	 */

  45. 	public static function prepare($query, $limit = null, $offset = null, $isManipulation = null) {

  46. 		$connection = \OC::$server->getDatabaseConnection();

  47. 

  48. 		if ($isManipulation === null) {

  49. 			//try to guess, so we return the number of rows on manipulations

  50. 			$isManipulation = self::isManipulation($query);

  51. 		}

  52. 

  53. 		// return the result

  54. 		try {

  55. 			$result = $connection->prepare($query, $limit, $offset);

  56. 		} catch (\Doctrine\DBAL\Exception $e) {

  57. 			throw new \OC\DatabaseException($e->getMessage());

  58. 		}

  59. 		// differentiate between query and manipulation

  60. 		return new OC_DB_StatementWrapper($result, $isManipulation);

  61. 	}

  62. 

  63. 	/**

  64. 	 * tries to guess the type of statement based on the first 10 characters

  65. 	 * the current check allows some whitespace but does not work with IF EXISTS or other more complex statements

  66. 	 *

  67. 	 * @param string $sql

  68. 	 * @return bool

  69. 	 */

  70. 	public static function isManipulation($sql) {

  71. 		$sql = trim($sql);

  72. 		$selectOccurrence = stripos($sql, 'SELECT');

  73. 		if ($selectOccurrence === 0) {

  74. 			return false;

  75. 		}

  76. 		$insertOccurrence = stripos($sql, 'INSERT');

  77. 		if ($insertOccurrence === 0) {

  78. 			return true;

  79. 		}

  80. 		$updateOccurrence = stripos($sql, 'UPDATE');

  81. 		if ($updateOccurrence === 0) {

  82. 			return true;

  83. 		}

  84. 		$deleteOccurrence = stripos($sql, 'DELETE');

  85. 		if ($deleteOccurrence === 0) {

  86. 			return true;

  87. 		}

  88. 

  89. 		// This is triggered with "SHOW VERSION" and some more, so until we made a list, we keep this out.

  90. 		// \OC::$server->getLogger()->logException(new \Exception('Can not detect if query is manipulating: ' . $sql));

  91. 

  92. 		return false;

  93. 	}

  94. 

  95. 	/**

  96. 	 * execute a prepared statement, on error write log and throw exception

  97. 	 * @param mixed $stmt OC_DB_StatementWrapper,

  98. 	 *					  an array with 'sql' and optionally 'limit' and 'offset' keys

  99. 	 *					.. or a simple sql query string

  100. 	 * @param array $parameters

  101. 	 * @return OC_DB_StatementWrapper

  102. 	 * @throws \OC\DatabaseException

  103. 	 * @deprecated 21.0.0 Please use \OCP\IDBConnection::getQueryBuilder() instead

  104. 	 */

  105. 	public static function executeAudited($stmt, array $parameters = []) {

  106. 		if (is_string($stmt)) {

  107. 			// convert to an array with 'sql'

  108. 			if (stripos($stmt, 'LIMIT') !== false) { //OFFSET requires LIMIT, so we only need to check for LIMIT

  109. 				// TODO try to convert LIMIT OFFSET notation to parameters

  110. 				$message = 'LIMIT and OFFSET are forbidden for portability reasons,'

  111. 						 . ' pass an array with \'limit\' and \'offset\' instead';

  112. 				throw new \OC\DatabaseException($message);

  113. 			}

  114. 			$stmt = ['sql' => $stmt, 'limit' => null, 'offset' => null];

  115. 		}

  116. 		if (is_array($stmt)) {

  117. 			// convert to prepared statement

  118. 			if (! array_key_exists('sql', $stmt)) {

  119. 				$message = 'statement array must at least contain key \'sql\'';

  120. 				throw new \OC\DatabaseException($message);

  121. 			}

  122. 			if (! array_key_exists('limit', $stmt)) {

  123. 				$stmt['limit'] = null;

  124. 			}

  125. 			if (! array_key_exists('limit', $stmt)) {

  126. 				$stmt['offset'] = null;

  127. 			}

  128. 			$stmt = self::prepare($stmt['sql'], $stmt['limit'], $stmt['offset']);

  129. 		}

  130. 		self::raiseExceptionOnError($stmt, 'Could not prepare statement');

  131. 		if ($stmt instanceof OC_DB_StatementWrapper) {

  132. 			$result = $stmt->execute($parameters);

  133. 			self::raiseExceptionOnError($result, 'Could not execute statement');

  134. 		} else {

  135. 			if (is_object($stmt)) {

  136. 				$message = 'Expected a prepared statement or array got ' . get_class($stmt);

  137. 			} else {

  138. 				$message = 'Expected a prepared statement or array got ' . gettype($stmt);

  139. 			}

  140. 			throw new \OC\DatabaseException($message);

  141. 		}

  142. 		return $result;

  143. 	}

  144. 

  145. 	/**

  146. 	 * check if a result is an error and throws an exception, works with \Doctrine\DBAL\Exception

  147. 	 * @param mixed $result

  148. 	 * @param string $message

  149. 	 * @return void

  150. 	 * @throws \OC\DatabaseException

  151. 	 */

  152. 	public static function raiseExceptionOnError($result, $message = null) {

  153. 		if ($result === false) {

  154. 			if ($message === null) {

  155. 				$message = self::getErrorMessage();

  156. 			} else {

  157. 				$message .= ', Root cause:' . self::getErrorMessage();

  158. 			}

  159. 			throw new \OC\DatabaseException($message);

  160. 		}

  161. 	}

  162. 

  163. 	/**

  164. 	 * returns the error code and message as a string for logging

  165. 	 * works with DoctrineException

  166. 	 * @return string

  167. 	 */

  168. 	public static function getErrorMessage() {

  169. 		$connection = \OC::$server->getDatabaseConnection();

  170. 		return $connection->getError();

  171. 	}

  172. 

  173. 	/**

  174. 	 * Checks if a table exists in the database - the database prefix will be prepended

  175. 	 *

  176. 	 * @param string $table

  177. 	 * @return bool

  178. 	 * @throws \OC\DatabaseException

  179. 	 */

  180. 	public static function tableExists($table) {

  181. 		$connection = \OC::$server->getDatabaseConnection();

  182. 		return $connection->tableExists($table);

  183. 	}

  184. }