setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { echo 'Connection failed: ' . $e->getMessage(); } return $pdo; } function testDbAccess($host,$dbname,$user,$pass) { $dsn = 'mysql: host=' . $host . '; dbname=' . $dbname; $user = $user; $password = $pass; $pdo = null; try { $pdo = new PDO($dsn, $user, $password); $pdo ->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { // } if ($pdo != null) { return true; } else { return false; } } function performSqlCommand($sqlCommand) { $sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand); $con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $result = mysqli_query($con,$sqlCommand); // Execute query if ($result) { //echo "SQL command could be executed successful"; } else { echo "Error executing SQL command: " . mysqli_error($con); } mysqli_close($con); return $result; } /* * A prepared statement has several advantages. In this SW it is mainly * used to avoid quoting of strings */ function performPreparedStatementCreateClosing($closingTime,$remark) { date_default_timezone_set('Europe/Berlin'); $closingTime = date('Y-m-d H:i:s'); $closingEntrySql = $this->resolveTablenamesInSqlString("INSERT INTO `%closing%` (`id` , `closingdate`,`remark`) VALUES (NULL , ?,?)"); $mysqli = new mysqli(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB); if ($mysqli->connect_errno) { echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error; } if (!($stmt = $mysqli->prepare($closingEntrySql))) { echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error; } if (!$stmt->bind_param("ss", $closingTime, $remark)) { echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error; } if (!$stmt->execute()) { echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error; } $id = mysqli_insert_id($mysqli); $stmt->close(); mysqli_close($mysqli); return $id; } function performSqlCommandRetLastId($sqlCommand) { $sqlCommand = $this->resolveTablenamesInSqlString($sqlCommand); $con=mysqli_connect(MYSQL_HOST,MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $result = mysqli_query($con,$sqlCommand); // Execute query if ($result) { //echo "SQL command could be executed successful"; } else { echo "Error executing SQL command: " . mysqli_error($con); } $id = mysqli_insert_id($con); mysqli_close($con); return array("result" => $result, "id" => $id); } /* * Filter out escape sequences. The method requires an open db connection */ function filterString($aString) { $mysqli = new mysqli(MYSQL_HOST, MYSQL_USER,MYSQL_PASSWORD,MYSQL_DB); /* check connection */ if (mysqli_connect_errno()) { exit(); } $filteredString = $mysqli->real_escape_string($aString); $mysqli->close(); return $filteredString; } /* * To use sql strings that are easy to read the table names are used * without variables. But since the user can specify a prefix for all * tables the substitution must be done somewhere. This is the function * that replaces the %TABLE% by $prefix_table */ function resolveTablenamesInSqlString($sqlString) { $out = str_replace("%queue%",DB_QUEUE_TABLE,$sqlString); $out = str_replace("%products%",DB_PRODUCTS_TABLE,$out); $out = str_replace("%user%",DB_USER_TABLE,$out); $out = str_replace("%room%",DB_ROOM_TABLE,$out); $out = str_replace("%resttables%",DB_RESTTABLES_TABLE,$out); $out = str_replace("%bill%",DB_BILL_TABLE,$out); $out = str_replace("%pricelevel%",DB_PRICELEVEL_TABLE,$out); $out = str_replace("%config%",DB_CONFIG_TABLE,$out); $out = str_replace("%closing%",DB_CLOSING_TABLE,$out); $out = str_replace("%printjobs%",DB_PRINTJOB_TABLE,$out); $out = str_replace("%hist%",DB_HIST_TABLE,$out); $out = str_replace("%histprod%",DB_HIST_PROD_TABLE,$out); $out = str_replace("%histconfig%",DB_HIST_CONFIG_TABLE,$out); $out = str_replace("%histuser%",DB_HIST_USER_TABLE,$out); $out = str_replace("%histactions%",DB_HIST_ACTIONS_TABLE,$out); $out = str_replace("%payment%",DB_HIST_PAYMENT_TABLE,$out); $out = str_replace("%billproducts%",DB_BILLPRODUCTS_TABLE,$out); return (str_replace("%prodtype%",DB_PRODTYPE_TABLE,$out)); } } ?>