ordersprinter/webapp/php/dbutils.php

<?php
// Datenbank-Verbindungsparameter
require_once ('config.php');

define ('DB_QUEUE_TABLE', TAB_PREFIX . 'queue');
define ('DB_PRODUCTS_TABLE', TAB_PREFIX . 'products');
define ('DB_USER_TABLE', TAB_PREFIX . 'user');
define ('DB_ROOM_TABLE', TAB_PREFIX . 'room');
define ('DB_RESTTABLES_TABLE', TAB_PREFIX . 'resttables');
define ('DB_PRODTYPE_TABLE', TAB_PREFIX . 'prodtype');
define ('DB_TABLEMAPS_TABLE', TAB_PREFIX . 'tablemaps');
define ('DB_TABLEPOS_TABLE', TAB_PREFIX . 'tablepos');
define ('DB_BILL_TABLE', TAB_PREFIX . 'bill');
define ('DB_PRICELEVEL_TABLE', TAB_PREFIX . 'pricelevel');
define ('DB_CONFIG_TABLE', TAB_PREFIX . 'config');
define ('DB_CLOSING_TABLE', TAB_PREFIX . 'closing');
define ('DB_PRINTJOB_TABLE', TAB_PREFIX . 'printjob');
define ('DB_WORK_TABLE', TAB_PREFIX . 'work');
define ('DB_COMMENTS_TABLE', TAB_PREFIX . 'comments');
define ('DB_LOGO_TABLE', TAB_PREFIX . 'logo');
define ('DB_EXTRAS_TABLE', TAB_PREFIX . 'extras');
define ('DB_EXTRASPRODS_TABLE', TAB_PREFIX . 'extrasprods');

define ('DB_HIST_TABLE', TAB_PREFIX . 'hist');
define ('DB_HIST_PROD_TABLE', TAB_PREFIX . 'histprod');
define ('DB_HIST_CONFIG_TABLE', TAB_PREFIX . 'histconfig');
define ('DB_HIST_USER_TABLE', TAB_PREFIX . 'histuser');
define ('DB_HIST_ACTIONS_TABLE', TAB_PREFIX . 'histactions');

define ('DB_HIST_PAYMENT_TABLE', TAB_PREFIX . 'payment');
define ('DB_BILLPRODUCTS_TABLE', TAB_PREFIX . 'billproducts');
define ('DB_RESERVATIONS_TABLE', TAB_PREFIX . 'reservations');
define ('DB_QUEUEEXTRAS_TABLE', TAB_PREFIX . 'queueextras');
define ('DB_RATINGS_TABLE', TAB_PREFIX . 'ratings');

class DbUtils {
	private static $timezone = null;
	private static $prefix = null;
	
	public static function overruleTimeZone($timezone) {
		self::$timezone = $timezone;
	}
	public static function overrulePrefix($prefix) {
		self::$prefix = $prefix;
	}
	
	public static function openDbAndReturnPdoStatic () {
		$dsn = 'mysql:host=' . MYSQL_HOST . ';dbname=' . MYSQL_DB;
		$user = MYSQL_USER;
		$password = MYSQL_PASSWORD;
		$pdo = null;
		try {
			$pdo = new PDO($dsn, $user, $password);
			$pdo ->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
		}
		catch (PDOException $e) {
			echo 'Connection failed: ' . $e->getMessage();
		}
		return $pdo;
	}
	function openDbAndReturnPdo () {
		$dsn = 'mysql:host=' . MYSQL_HOST . ';dbname=' . MYSQL_DB;
		$user = MYSQL_USER;
		$password = MYSQL_PASSWORD;
		$pdo = null;
		try {
			$pdo = new PDO($dsn, $user, $password);
			$pdo ->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
		}
		catch (PDOException $e) {
			echo 'Connection failed: ' . $e->getMessage();
		}
		return $pdo;
	}
	
	function testDbAccess($host,$dbname,$user,$pass) {
		$dsn = 'mysql:host=' . $host . ';dbname=' . $dbname;
		$user = $user;
		$password = $pass;
		$pdo = null;
		try {
			$pdo = new PDO($dsn, $user, $password);
			$pdo ->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
		}
		catch (PDOException $e) {
			//
		}
		if ($pdo != null) {
			return true;
		} else {
			return false;
		}
	}
	
	function performSqlCommand($sqlCommand) {
		$sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand);
		
		$con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
		// Check connection
		
		if (mysqli_connect_errno())
		{
			echo "Failed to connect to MySQL: " . mysqli_connect_error();
		}
		
		$result = mysqli_query($con,$sqlCommand);
		// Execute query
		if ($result)
		{
			//echo "SQL command could be executed successful";
		}
		else
		{
			echo "Error executing SQL command: " . mysqli_error($con);
		}
		
		mysqli_close($con);
		return $result;
	}

	/*
	 * A prepared statement has several advantages. In this SW it is mainly 
	 * used to avoid quoting of strings
	 */
	function performPreparedStatementCreateClosing($closingTime,$remark) {
		date_default_timezone_set(self::getTimeZone());
		$closingTime = date('Y-m-d H:i:s');
		$closingEntrySql = $this->resolveTablenamesInSqlString("INSERT INTO `%closing%` (`id` , `closingdate`,`remark`) VALUES (NULL , ?,?)");
		
		$mysqli = new mysqli(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
		if ($mysqli->connect_errno) {
			echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
		}
		
		if (!($stmt = $mysqli->prepare($closingEntrySql))) {
			echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
		}
		
		if (!$stmt->bind_param("ss", $closingTime, $remark)) {
			echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
		}
		
		if (!$stmt->execute()) {
			echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
		}
		$id = mysqli_insert_id($mysqli);
		$stmt->close();
		mysqli_close($mysqli);
		return $id;
	}
	
	function performSqlCommandRetLastId($sqlCommand) {
		$sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand);
	
		$con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
		// Check connection
	
		if (mysqli_connect_errno())
		{
			echo "Failed to connect to MySQL: " . mysqli_connect_error();
		}
	
		$result = mysqli_query($con,$sqlCommand);
		// Execute query
		if ($result)
		{
			//echo "SQL command could be executed successful";
		}
		else
		{
			echo "Error executing SQL command: " . mysqli_error($con);
		}
	
		$id = mysqli_insert_id($con);
	
		mysqli_close($con);
		return array("result" => $result, "id" => $id);
	}
	
	/*
	 * Filter out escape sequences. The method requires an open db connection
	 */
	function filterString($aString) {
		$mysqli = new mysqli(MYSQL_HOST, MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);
		
		/* check connection */
		if (mysqli_connect_errno()) {
			exit();
		}
		$filteredString = $mysqli->real_escape_string($aString);
		$mysqli->close();
		return $filteredString;
	}
	
	/*
	 * To use sql strings that are easy to read the table names are used
	 * without variables. But since the user can specify a prefix for all
	 * tables the substitution must be done somewhere. This is the function
	 * that replaces the %TABLE% by $prefix_table
	 */
	public static function substTableAlias($sqlString) {
		$prefix = TAB_PREFIX;
		if (!is_null(self::$prefix)) {
			$prefix = self::$prefix;
		}
		
		$out = str_replace("%queue%",$prefix . 'queue',$sqlString);
		$out = str_replace("%products%",$prefix . 'products',$out);
		$out = str_replace("%user%",$prefix . 'user',$out);
		$out = str_replace("%room%",$prefix . 'room',$out);
		$out = str_replace("%resttables%",$prefix . 'resttables',$out);
		$out = str_replace("%bill%",$prefix . 'bill',$out);	
		$out = str_replace("%tablemaps%",$prefix . "tablemaps",$out);
		$out = str_replace("%tablepos%",$prefix . "tablepos",$out);
		
		$out = str_replace("%pricelevel%",$prefix . 'pricelevel',$out);
		$out = str_replace("%config%",$prefix . 'config',$out);
		$out = str_replace("%closing%",$prefix . 'closing',$out);
		$out = str_replace("%printjobs%",$prefix . 'printjob',$out);
		
		$out = str_replace("%hist%",$prefix . 'hist',$out);
		$out = str_replace("%histprod%",$prefix . 'histprod',$out);
		$out = str_replace("%histconfig%",$prefix . 'histconfig',$out);
		$out = str_replace("%histuser%",$prefix . 'histuser',$out);
		$out = str_replace("%histactions%",$prefix . 'histactions',$out);
		$out = str_replace("%payment%",$prefix . 'payment',$out);
		$out = str_replace("%billproducts%", $prefix . 'billproducts',$out);
		$out = str_replace("%work%",$prefix . 'work',$out);
		$out = str_replace("%comments%",$prefix . 'comments',$out);
		
		$out = str_replace("%reservations%",$prefix . 'reservations',$out);
		$out = str_replace("%logo%",$prefix . 'logo',$out);
		$out = str_replace("%extras%", $prefix . 'extras',$out);
		$out = str_replace("%extrasprods%",$prefix . 'extrasprods', $out);
		$out = str_replace("%queueextras%",$prefix . 'queueextras', $out);
		$out = str_replace("%ratings%",$prefix . 'ratings', $out);
		return (str_replace("%prodtype%",$prefix . 'prodtype',$out));			
	}
	
	public function resolveTablenamesInSqlString($sqlString) {
		return DbUtils::substTableAlias($sqlString);
	}
	
	public static function getTimeZone() {
		if (is_null(self::$timezone)) {
			if(session_id() == '') {
				session_start();
			}
			if (isset($_SESSION['timezone'])) {
				return $_SESSION['timezone'];
			} else {
				return "Europe/Berlin";
			}
		} else {
			return self::$timezone;
		}
	}
}
?>
Webapplikation 1.0 2020-11-19 22:44:19 +01:00			`<?php`
			`// Datenbank-Verbindungsparameter`
			`require_once ('config.php');`

			`define ('DB_QUEUE_TABLE', TAB_PREFIX . 'queue');`
			`define ('DB_PRODUCTS_TABLE', TAB_PREFIX . 'products');`
			`define ('DB_USER_TABLE', TAB_PREFIX . 'user');`
			`define ('DB_ROOM_TABLE', TAB_PREFIX . 'room');`
			`define ('DB_RESTTABLES_TABLE', TAB_PREFIX . 'resttables');`
			`define ('DB_PRODTYPE_TABLE', TAB_PREFIX . 'prodtype');`
OrderSprinter 1.1.0 2020-11-19 22:47:44 +01:00			`define ('DB_TABLEMAPS_TABLE', TAB_PREFIX . 'tablemaps');`
			`define ('DB_TABLEPOS_TABLE', TAB_PREFIX . 'tablepos');`
Webapplikation 1.0 2020-11-19 22:44:19 +01:00			`define ('DB_BILL_TABLE', TAB_PREFIX . 'bill');`
			`define ('DB_PRICELEVEL_TABLE', TAB_PREFIX . 'pricelevel');`
			`define ('DB_CONFIG_TABLE', TAB_PREFIX . 'config');`
			`define ('DB_CLOSING_TABLE', TAB_PREFIX . 'closing');`
			`define ('DB_PRINTJOB_TABLE', TAB_PREFIX . 'printjob');`
OrderSprinter 1.1.0 2020-11-19 22:47:44 +01:00			`define ('DB_WORK_TABLE', TAB_PREFIX . 'work');`
			`define ('DB_COMMENTS_TABLE', TAB_PREFIX . 'comments');`
			`define ('DB_LOGO_TABLE', TAB_PREFIX . 'logo');`
			`define ('DB_EXTRAS_TABLE', TAB_PREFIX . 'extras');`
			`define ('DB_EXTRASPRODS_TABLE', TAB_PREFIX . 'extrasprods');`
Webapplikation 1.0 2020-11-19 22:44:19 +01:00
			`define ('DB_HIST_TABLE', TAB_PREFIX . 'hist');`
			`define ('DB_HIST_PROD_TABLE', TAB_PREFIX . 'histprod');`
			`define ('DB_HIST_CONFIG_TABLE', TAB_PREFIX . 'histconfig');`
			`define ('DB_HIST_USER_TABLE', TAB_PREFIX . 'histuser');`
			`define ('DB_HIST_ACTIONS_TABLE', TAB_PREFIX . 'histactions');`

			`define ('DB_HIST_PAYMENT_TABLE', TAB_PREFIX . 'payment');`
			`define ('DB_BILLPRODUCTS_TABLE', TAB_PREFIX . 'billproducts');`
OrderSprinter 1.1.0 2020-11-19 22:47:44 +01:00			`define ('DB_RESERVATIONS_TABLE', TAB_PREFIX . 'reservations');`
			`define ('DB_QUEUEEXTRAS_TABLE', TAB_PREFIX . 'queueextras');`
			`define ('DB_RATINGS_TABLE', TAB_PREFIX . 'ratings');`
Webapplikation 1.0 2020-11-19 22:44:19 +01:00
			`class DbUtils {`
OrderSprinter 1.1.0 2020-11-19 22:47:44 +01:00			`private static $timezone = null;`
			`private static $prefix = null;`

			`public static function overruleTimeZone($timezone) {`
			`self::$timezone = $timezone;`
			`}`
			`public static function overrulePrefix($prefix) {`
			`self::$prefix = $prefix;`
			`}`

			`public static function openDbAndReturnPdoStatic () {`
			`$dsn = 'mysql:host=' . MYSQL_HOST . ';dbname=' . MYSQL_DB;`
			`$user = MYSQL_USER;`
			`$password = MYSQL_PASSWORD;`
			`$pdo = null;`
			`try {`
			`$pdo = new PDO($dsn, $user, $password);`
			`$pdo ->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);`
			`}`
			`catch (PDOException $e) {`
			`echo 'Connection failed: ' . $e->getMessage();`
			`}`
			`return $pdo;`
			`}`
Webapplikation 1.0 2020-11-19 22:44:19 +01:00			`function openDbAndReturnPdo () {`
OrderSprinter 1.1.0 2020-11-19 22:47:44 +01:00			`$dsn = 'mysql:host=' . MYSQL_HOST . ';dbname=' . MYSQL_DB;`
Webapplikation 1.0 2020-11-19 22:44:19 +01:00			`$user = MYSQL_USER;`
			`$password = MYSQL_PASSWORD;`
			`$pdo = null;`
			`try {`
			`$pdo = new PDO($dsn, $user, $password);`
			`$pdo ->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);`
			`}`
			`catch (PDOException $e) {`
			`echo 'Connection failed: ' . $e->getMessage();`
			`}`
			`return $pdo;`
			`}`

			`function testDbAccess($host,$dbname,$user,$pass) {`
OrderSprinter 1.1.0 2020-11-19 22:47:44 +01:00			`$dsn = 'mysql:host=' . $host . ';dbname=' . $dbname;`
Webapplikation 1.0 2020-11-19 22:44:19 +01:00			`$user = $user;`
			`$password = $pass;`
			`$pdo = null;`
			`try {`
			`$pdo = new PDO($dsn, $user, $password);`
			`$pdo ->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);`
			`}`
			`catch (PDOException $e) {`
			`//`
			`}`
			`if ($pdo != null) {`
			`return true;`
			`} else {`
			`return false;`
			`}`
			`}`

			`function performSqlCommand($sqlCommand) {`
			`$sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand);`

			`$con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);`
			`// Check connection`

			`if (mysqli_connect_errno())`
			`{`
			`echo "Failed to connect to MySQL: " . mysqli_connect_error();`
			`}`

			`$result = mysqli_query($con,$sqlCommand);`
			`// Execute query`
			`if ($result)`
			`{`
			`//echo "SQL command could be executed successful";`
			`}`
			`else`
			`{`
			`echo "Error executing SQL command: " . mysqli_error($con);`
			`}`

			`mysqli_close($con);`
			`return $result;`
			`}`

			`/*`
			`* A prepared statement has several advantages. In this SW it is mainly`
			`* used to avoid quoting of strings`
			`*/`
			`function performPreparedStatementCreateClosing($closingTime,$remark) {`
OrderSprinter 1.1.0 2020-11-19 22:47:44 +01:00			`date_default_timezone_set(self::getTimeZone());`
Webapplikation 1.0 2020-11-19 22:44:19 +01:00			`$closingTime = date('Y-m-d H:i:s');`
			$closingEntrySql = $this->resolveTablenamesInSqlString("INSERT INTO `%closing%` (`id` , `closingdate`,`remark`) VALUES (NULL , ?,?)");

			`$mysqli = new mysqli(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);`
			`if ($mysqli->connect_errno) {`
			`echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;`
			`}`

			`if (!($stmt = $mysqli->prepare($closingEntrySql))) {`
			`echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;`
			`}`

			`if (!$stmt->bind_param("ss", $closingTime, $remark)) {`
			`echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;`
			`}`

			`if (!$stmt->execute()) {`
			`echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;`
			`}`
			`$id = mysqli_insert_id($mysqli);`
			`$stmt->close();`
			`mysqli_close($mysqli);`
			`return $id;`
			`}`

			`function performSqlCommandRetLastId($sqlCommand) {`
			`$sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand);`

			`$con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);`
			`// Check connection`

			`if (mysqli_connect_errno())`
			`{`
			`echo "Failed to connect to MySQL: " . mysqli_connect_error();`
			`}`

			`$result = mysqli_query($con,$sqlCommand);`
			`// Execute query`
			`if ($result)`
			`{`
			`//echo "SQL command could be executed successful";`
			`}`
			`else`
			`{`
			`echo "Error executing SQL command: " . mysqli_error($con);`
			`}`

			`$id = mysqli_insert_id($con);`

			`mysqli_close($con);`
			`return array("result" => $result, "id" => $id);`
			`}`

			`/*`
			`* Filter out escape sequences. The method requires an open db connection`
			`*/`
			`function filterString($aString) {`
			`$mysqli = new mysqli(MYSQL_HOST, MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB);`

			`/* check connection */`
			`if (mysqli_connect_errno()) {`
			`exit();`
			`}`
			`$filteredString = $mysqli->real_escape_string($aString);`
			`$mysqli->close();`
			`return $filteredString;`
			`}`

			`/*`
			`* To use sql strings that are easy to read the table names are used`
			`* without variables. But since the user can specify a prefix for all`
			`* tables the substitution must be done somewhere. This is the function`
			`* that replaces the %TABLE% by $prefix_table`
			`*/`
OrderSprinter 1.1.0 2020-11-19 22:47:44 +01:00			`public static function substTableAlias($sqlString) {`
			`$prefix = TAB_PREFIX;`
			`if (!is_null(self::$prefix)) {`
			`$prefix = self::$prefix;`
			`}`

			`$out = str_replace("%queue%",$prefix . 'queue',$sqlString);`
			`$out = str_replace("%products%",$prefix . 'products',$out);`
			`$out = str_replace("%user%",$prefix . 'user',$out);`
			`$out = str_replace("%room%",$prefix . 'room',$out);`
			`$out = str_replace("%resttables%",$prefix . 'resttables',$out);`
			`$out = str_replace("%bill%",$prefix . 'bill',$out);`
			`$out = str_replace("%tablemaps%",$prefix . "tablemaps",$out);`
			`$out = str_replace("%tablepos%",$prefix . "tablepos",$out);`

			`$out = str_replace("%pricelevel%",$prefix . 'pricelevel',$out);`
			`$out = str_replace("%config%",$prefix . 'config',$out);`
			`$out = str_replace("%closing%",$prefix . 'closing',$out);`
			`$out = str_replace("%printjobs%",$prefix . 'printjob',$out);`

			`$out = str_replace("%hist%",$prefix . 'hist',$out);`
			`$out = str_replace("%histprod%",$prefix . 'histprod',$out);`
			`$out = str_replace("%histconfig%",$prefix . 'histconfig',$out);`
			`$out = str_replace("%histuser%",$prefix . 'histuser',$out);`
			`$out = str_replace("%histactions%",$prefix . 'histactions',$out);`
			`$out = str_replace("%payment%",$prefix . 'payment',$out);`
			`$out = str_replace("%billproducts%", $prefix . 'billproducts',$out);`
			`$out = str_replace("%work%",$prefix . 'work',$out);`
			`$out = str_replace("%comments%",$prefix . 'comments',$out);`

			`$out = str_replace("%reservations%",$prefix . 'reservations',$out);`
			`$out = str_replace("%logo%",$prefix . 'logo',$out);`
			`$out = str_replace("%extras%", $prefix . 'extras',$out);`
			`$out = str_replace("%extrasprods%",$prefix . 'extrasprods', $out);`
			`$out = str_replace("%queueextras%",$prefix . 'queueextras', $out);`
			`$out = str_replace("%ratings%",$prefix . 'ratings', $out);`
			`return (str_replace("%prodtype%",$prefix . 'prodtype',$out));`
			`}`

			`public function resolveTablenamesInSqlString($sqlString) {`
			`return DbUtils::substTableAlias($sqlString);`
			`}`

			`public static function getTimeZone() {`
			`if (is_null(self::$timezone)) {`
			`if(session_id() == '') {`
			`session_start();`
			`}`
			`if (isset($_SESSION['timezone'])) {`
			`return $_SESSION['timezone'];`
			`} else {`
			`return "Europe/Berlin";`
			`}`
			`} else {`
			`return self::$timezone;`
			`}`
Webapplikation 1.0 2020-11-19 22:44:19 +01:00			`}`
			`}`
			`?>`