Location: PHPKode > projects > EXtensible Production Suite (XPS) > xpsdev/core/models/database.php
<?php
//========================================================================
// XPS
//========================================================================

class Database 
{

    private $conn = ''; //PDO conntection
    private $dsn;
    private $user;
    private $password;
    private $db_type;
    private $prefix;
	private $trans = true;
	public  $ERROR = '';

    function __construct($dsn='', $user='', $password='', $db_type='', $prefix='') 
	{
        $this->dsn = $dsn;
        $this->user = $user;
        $this->password = $password;
        $this->db_type = $db_type;
        $this->prefix = $prefix;
		$this->connect();
	}

    private function connect() 
	{
        try 
		{
            $this->conn = new PDO($this->dsn, $this->user, $this->password);
            $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);  //throws any error as an exception
        } 
		catch (PDOException $e) 
		{
            $this->ERROR.=  $e->getMessage() . '<br/>';
            //die($this->ERROR);
        }
    }

    function disconnect() 
	{
        $this->conn = null;
    }

	/**
	* Does an INSERT, UPDATE, or DELETE on the database
	*
	* @access public
	* @param $statement the PDO prepared statement
	* @author Brian Cook <hide@address.com>
	* @return boolean
	*/
    private function execute($statement) 
	{
    	try 
		{
	        // if statement is a string it needs to be "prepared"
	        $this->conn->beginTransaction();
			
			if(is_string($statement)) 
			{
	            $statement = $this->conn->prepare($statement);			
	        } 	        
			$statement->execute();
			$this->conn->commit();
	        return true;
        }
		catch (PDOException $e) 
		{
			echo $e->getMessage() . '<br/>';
			$this->conn->rollBack();
			
			return false;
		}
    }

	/**
	* Does a SELECT statement on the database
	*
	* @access public
	* @param $statement the PDO prepared statement
	* @author Brian Cook <hide@address.com>
	* @return $recordset the SELECTed recordset.
	*/
    private function select($statement) 
	{
        //returns recordset
        try 
		{
            if(is_string($statement)) 
			{ //SQL
                $statement = $this->conn->prepare($statement);
            }
            $statement->execute();
            return $statement->fetchAll();
        } 
		catch (PDOException $e) 
		{
            $this->ERROR.= $e->getMessage().'<br />';
            return false;
        }
    }

	/**
	* Retrieves an SQL statement from an XML file.
	*
	* @access private
	* @param $id the identification value for the SQL statement.
	* @author Brian Cook <hide@address.com>
	* @return $sql_statement_node->item(0)->nodeValue the SQL statement.
	*/
	private function get_sql_statement($id, $file_location)
	{
		$dom = new DOMDocument;
		$dom->preserveWhiteSpace = false;
		
		if($file_location == 'core')
		{
			$dom->load(CONFIGS . '/sql_statements.xml');
		}
		else
		{
			$dom->load(MODULES . '/' . $file_location . '/configs/sql_statements.xml');
		}
			
		$xpath = new DOMXPath($dom);
			
		$sql_statement_node = $xpath->query('//sql_statement[@id="'.$id.'"]/sql[@db_lang="'.$this->db_type.'"]');
				
		if((count($sql_statement_node) <= 0) or ($sql_statement_node->item(0) == NULL))
		{
				$sql_statement_node = $xpath->query('//sql_statement[@id="'.$id.'"]/sql[@db_lang="default"]'); 		 
		}
				
		switch($this->db_type)
		{
		 	case 'oracle':
		 		$replacement = $this->prefix . '.';
		 		break;
		 		
		 	default:
		 		$replacement = '';
				break;		 
		}
				
		if(count($sql_statement_node) > 0)
	 	{
			
			$sql = $sql_statement_node->item(0)->nodeValue;
			return str_replace('{table_prefix}', $replacement, $sql);
	 	}
	 	else
	 	{
	 	 	//return //insert code to get error message here
	 		return false; 
	 	}
	}    

    /**
	* Prepares a SQL statement to be executed by PDO
	*
	* @access public
	* @param $sql The SQL statement
	* @param $params An array of parameters to bind to the values in the SQL statement
	* @author heidtc <hide@address.com>, Brian Cook <hide@address.com>
	* @return $statement The prepared statement
	*/	
	private function get_prepared_statement($sql, $params=array())
	{
	 	$statement = $this->conn->prepare($sql);

	 	foreach($params as $key => $val)
	 	{
			$statement->bindParam(':'.$key, $$val);//the double $ is on purpose
	 	}
	
		foreach($params as $val)
	 	{
			$$val = $val;//the double $ is on purpose
	 	}

		return $statement;
	}
	
	/**
	* Retrieves a count() for the number of records that would be found by executing a SQL statement
	*
	* @access public
	* @param $id The identification of the SQL statement stored in an XML file
	* @param $params An array of parameters to bind to the values in the SQL statement
	* @author Brian Cook <hide@address.com>
	* @return $rs[0]['RECORD_COUNT'] The integer value for the count.
	*/
	public function get_count($file_location, $params=array())
	{
		$sql = $this->get_sql_statement('count_table', $file_location);

		$new_sql = str_replace('{table_name}', $params['table_name'], $sql);

		$statement = $this->get_prepared_statement($new_sql, $params);
		$rs = $this->select($statement);

		return $rs[0]['SOME_COUNT'];
	}
	
	/**
	* Gets a recordset.
	*
	* @access public
	* @param $id the identification value for the SQL statement.
	* @param $params an associative array of table names for keys with values.
	* @author Brian Cook <hide@address.com>
	* @return recordset the database recordset.
	*/
	public function get_recordset($id, $file_location, $params=array())
	{

		$sql = $this->get_sql_statement($id, $file_location);
		
		if((array_key_exists('LIMIT', $params)) and (array_key_exists('OFFSET', $params)))
		{
			$sql = $this->set_offset($sql, $params);
			unset($params['LIMIT'], $params['OFFSET'], $params['ORDER_BY']);		 
		}

		$statement = $this->get_prepared_statement($sql, $params);

		$recordset = $this->select($statement);
		
		$recordset = $this->format_recordset($recordset);

		return $recordset;
	}
	
	/**
	* Executes a predefined SQL statement.
	*
	* @access private
	* @param $id the identification value for the SQL statement.
	* @param $params an associative array of table names for keys with values.
	* @author Brian Cook <hide@address.com>
	* @return boolean true if no errors and false if error encountered.
	*/
	public function execute_sql($id, $file_location, $params=array())
	{
		$db_lang = '';
		$sql = $this->get_sql_statement($id, $file_location);
		$params = $this->format_params($params);		
		$statement = $this->get_prepared_statement($sql, $params);
		$bool = $this->execute($statement);

		return $bool;
	}

	//this might be used for file i/o
	public function fetch_statement($id, $file_location, $params=array())
	{
	 	$sql = $this->get_sql_statement($id, $file_location);

		$statement = $this->get_prepared_statement($sql, $params);
	 	
	 	$bool = $this->execute($statement);
	 	$row = $statement->fetch();
	 	$output = stream_get_contents($row[0]);
	 
	 	return $output;	
	 }

	/*************************************
	* Retrieves the x,y coordinates of a widget
	*
	* @access	public
	* @param	$params['WIDGET_ID'] the id of the widget
	* @author	Brian Cook <hide@address.com>
	* @return	$position the x,y coordinates of the widget
	*************************************/
	 public function get_position($params=array())
	 {
	 	$position = array();
		 
		$sql = $this->get_sql_statement('get_position', 'core');

		$statement = $this->get_prepared_statement($sql, $params);
		
		$coords = $this->select($statement);
		$position['x'] = $coords['POSITION_X'];
		$position['y'] = $coords['POSITION_Y'];
		
		return $position;
	 }

	/*************************************
	* Sets the x,y coordinates of a widget
	* 
	* @access	public
	* @param	$params['WIDGET_ID'] the id of the widget
	* @param	$params['POSITION_X'] the x coordinate of the widget
	* @param	$params['POSITION_Y'] the y coordinate of the widget
	* @return	boolean
	*************************************/
	public function set_position($params=array())
	{
		$sql = $this->get_sql_statement('set_position', 'core');
		
	 	$statement = $this->get_prepared_statement($sql, $params);
	 	
	 	$bool = $this->execute($statement);
	 	
	 	return $bool;
	}

	/*************************************
	* Sets the offset for page numbering
	* 
	* @access	public
	* @param	$params['LIMIT'] the limit of items per page
	* @param	$params['OFFSET'] determines current page being viewed
	* @return	modified $sql
	*************************************/
	public function set_offset($sql, $params)
	{
		$new_sql = str_replace('{LIMIT}', $params['LIMIT'], $sql);
		$new_sql = str_replace('{OFFSET}', $params['OFFSET'], $new_sql);
		$new_sql = str_replace('{ORDER_BY}', $params['ORDER_BY'], $new_sql);
		
		return $new_sql;
	}
	
	/*************************************
	* Strips html markup from params before inserting into a database
	*
	* @access	private
	* @author	Brian Cook < hide@address.com >
	* @param	$params an array of values to be bound in a sql statement
	* @return	$params the modified params array
	*************************************/
	private function format_params($params)
	{
		foreach($params as $key => $val)
		{
		 	$params[$key] = htmlentities($val);
		}
		return $params;
	}
	
	/*************************************
	* Converts all recordset HTML entities to their applicable characters
	*
	* @access	private
	* @author	Brian Cook < hide@address.com >
	* @param	$recordset a list of records returned from the database
	* @return	$recordset the modified recordset array
	*************************************/
	private function format_recordset($recordset)
	{
		if(is_array($recordset))
		{
			foreach($recordset as $key => $val)
			{
				foreach($val as $key1 => $val1)
				{
			 		$recordset[$key][$key1] = html_entity_decode($val1);
				}
			}
		}
		return $recordset;
	}
	
	public function execute_sql_line($sql)
	{
	 	$statement = $this->get_prepared_statement($sql, array());
		return $this->execute($statement);
	}
}
?>
Return current item: EXtensible Production Suite (XPS)