188 lines
5.9 KiB
PHP
188 lines
5.9 KiB
PHP
|
<?php
|
||
|
// Datenbank-Verbindungsparameter
|
||
|
require_once ('config.php');
|
||
|
|
||
|
define ('DB_QUEUE_TABLE', TAB_PREFIX . 'queue');
|
||
|
define ('DB_PRODUCTS_TABLE', TAB_PREFIX . 'products');
|
||
|
define ('DB_USER_TABLE', TAB_PREFIX . 'user');
|
||
|
define ('DB_ROOM_TABLE', TAB_PREFIX . 'room');
|
||
|
define ('DB_RESTTABLES_TABLE', TAB_PREFIX . 'resttables');
|
||
|
define ('DB_PRODTYPE_TABLE', TAB_PREFIX . 'prodtype');
|
||
|
define ('DB_BILL_TABLE', TAB_PREFIX . 'bill');
|
||
|
define ('DB_PRICELEVEL_TABLE', TAB_PREFIX . 'pricelevel');
|
||
|
define ('DB_CONFIG_TABLE', TAB_PREFIX . 'config');
|
||
|
define ('DB_CLOSING_TABLE', TAB_PREFIX . 'closing');
|
||
|
define ('DB_PRINTJOB_TABLE', TAB_PREFIX . 'printjob');
|
||
|
|
||
|
define ('DB_HIST_TABLE', TAB_PREFIX . 'hist');
|
||
|
define ('DB_HIST_PROD_TABLE', TAB_PREFIX . 'histprod');
|
||
|
define ('DB_HIST_CONFIG_TABLE', TAB_PREFIX . 'histconfig');
|
||
|
define ('DB_HIST_USER_TABLE', TAB_PREFIX . 'histuser');
|
||
|
define ('DB_HIST_ACTIONS_TABLE', TAB_PREFIX . 'histactions');
|
||
|
|
||
|
define ('DB_HIST_PAYMENT_TABLE', TAB_PREFIX . 'payment');
|
||
|
define ('DB_BILLPRODUCTS_TABLE', TAB_PREFIX . 'billproducts');
|
||
|
|
||
|
class DbUtils {
|
||
|
function openDbAndReturnPdo () {
|
||
|
$dsn = 'mysql: host=' . MYSQL_HOST . '; dbname=' . MYSQL_DB;
|
||
|
$user = MYSQL_USER;
|
||
|
$password = MYSQL_PASSWORD;
|
||
|
$pdo = null;
|
||
|
try {
|
||
|
$pdo = new PDO($dsn, $user, $password);
|
||
|
$pdo ->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||
|
}
|
||
|
catch (PDOException $e) {
|
||
|
echo 'Connection failed: ' . $e->getMessage();
|
||
|
}
|
||
|
return $pdo;
|
||
|
}
|
||
|
|
||
|
function testDbAccess($host,$dbname,$user,$pass) {
|
||
|
$dsn = 'mysql: host=' . $host . '; dbname=' . $dbname;
|
||
|
$user = $user;
|
||
|
$password = $pass;
|
||
|
$pdo = null;
|
||
|
try {
|
||
|
$pdo = new PDO($dsn, $user, $password);
|
||
|
$pdo ->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||
|
}
|
||
|
catch (PDOException $e) {
|
||
|
//
|
||
|
}
|
||
|
if ($pdo != null) {
|
||
|
return true;
|
||
|
} else {
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
function performSqlCommand($sqlCommand) {
|
||
|
$sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand);
|
||
|
|
||
|
$con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
|
||
|
// Check connection
|
||
|
|
||
|
if (mysqli_connect_errno())
|
||
|
{
|
||
|
echo "Failed to connect to MySQL: " . mysqli_connect_error();
|
||
|
}
|
||
|
|
||
|
$result = mysqli_query($con,$sqlCommand);
|
||
|
// Execute query
|
||
|
if ($result)
|
||
|
{
|
||
|
//echo "SQL command could be executed successful";
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
echo "Error executing SQL command: " . mysqli_error($con);
|
||
|
}
|
||
|
|
||
|
mysqli_close($con);
|
||
|
return $result;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* A prepared statement has several advantages. In this SW it is mainly
|
||
|
* used to avoid quoting of strings
|
||
|
*/
|
||
|
function performPreparedStatementCreateClosing($closingTime,$remark) {
|
||
|
date_default_timezone_set('Europe/Berlin');
|
||
|
$closingTime = date('Y-m-d H:i:s');
|
||
|
$closingEntrySql = $this->resolveTablenamesInSqlString("INSERT INTO `%closing%` (`id` , `closingdate`,`remark`) VALUES (NULL , ?,?)");
|
||
|
|
||
|
$mysqli = new mysqli(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
|
||
|
if ($mysqli->connect_errno) {
|
||
|
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
|
||
|
}
|
||
|
|
||
|
if (!($stmt = $mysqli->prepare($closingEntrySql))) {
|
||
|
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
|
||
|
}
|
||
|
|
||
|
if (!$stmt->bind_param("ss", $closingTime, $remark)) {
|
||
|
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
|
||
|
}
|
||
|
|
||
|
if (!$stmt->execute()) {
|
||
|
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
|
||
|
}
|
||
|
$id = mysqli_insert_id($mysqli);
|
||
|
$stmt->close();
|
||
|
mysqli_close($mysqli);
|
||
|
return $id;
|
||
|
}
|
||
|
|
||
|
function performSqlCommandRetLastId($sqlCommand) {
|
||
|
$sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand);
|
||
|
|
||
|
$con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
|
||
|
// Check connection
|
||
|
|
||
|
if (mysqli_connect_errno())
|
||
|
{
|
||
|
echo "Failed to connect to MySQL: " . mysqli_connect_error();
|
||
|
}
|
||
|
|
||
|
$result = mysqli_query($con,$sqlCommand);
|
||
|
// Execute query
|
||
|
if ($result)
|
||
|
{
|
||
|
//echo "SQL command could be executed successful";
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
echo "Error executing SQL command: " . mysqli_error($con);
|
||
|
}
|
||
|
|
||
|
$id = mysqli_insert_id($con);
|
||
|
|
||
|
mysqli_close($con);
|
||
|
return array("result" => $result, "id" => $id);
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Filter out escape sequences. The method requires an open db connection
|
||
|
*/
|
||
|
function filterString($aString) {
|
||
|
$mysqli = new mysqli(MYSQL_HOST, MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
|
||
|
|
||
|
/* check connection */
|
||
|
if (mysqli_connect_errno()) {
|
||
|
exit();
|
||
|
}
|
||
|
$filteredString = $mysqli->real_escape_string($aString);
|
||
|
$mysqli->close();
|
||
|
return $filteredString;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* To use sql strings that are easy to read the table names are used
|
||
|
* without variables. But since the user can specify a prefix for all
|
||
|
* tables the substitution must be done somewhere. This is the function
|
||
|
* that replaces the %TABLE% by $prefix_table
|
||
|
*/
|
||
|
function resolveTablenamesInSqlString($sqlString) {
|
||
|
$out = str_replace("%queue%",DB_QUEUE_TABLE,$sqlString);
|
||
|
$out = str_replace("%products%",DB_PRODUCTS_TABLE,$out);
|
||
|
$out = str_replace("%user%",DB_USER_TABLE,$out);
|
||
|
$out = str_replace("%room%",DB_ROOM_TABLE,$out);
|
||
|
$out = str_replace("%resttables%",DB_RESTTABLES_TABLE,$out);
|
||
|
$out = str_replace("%bill%",DB_BILL_TABLE,$out);
|
||
|
$out = str_replace("%pricelevel%",DB_PRICELEVEL_TABLE,$out);
|
||
|
$out = str_replace("%config%",DB_CONFIG_TABLE,$out);
|
||
|
$out = str_replace("%closing%",DB_CLOSING_TABLE,$out);
|
||
|
$out = str_replace("%printjobs%",DB_PRINTJOB_TABLE,$out);
|
||
|
$out = str_replace("%hist%",DB_HIST_TABLE,$out);
|
||
|
$out = str_replace("%histprod%",DB_HIST_PROD_TABLE,$out);
|
||
|
$out = str_replace("%histconfig%",DB_HIST_CONFIG_TABLE,$out);
|
||
|
$out = str_replace("%histuser%",DB_HIST_USER_TABLE,$out);
|
||
|
$out = str_replace("%histactions%",DB_HIST_ACTIONS_TABLE,$out);
|
||
|
$out = str_replace("%payment%",DB_HIST_PAYMENT_TABLE,$out);
|
||
|
$out = str_replace("%billproducts%",DB_BILLPRODUCTS_TABLE,$out);
|
||
|
return (str_replace("%prodtype%",DB_PRODTYPE_TABLE,$out));
|
||
|
}
|
||
|
}
|
||
|
?>
|