Pseudo-MSSQL PDO for PHP.

[sagenessamerda]

Why to use it?

• It's safe against SQL Injection;
• It's easier to use than the original PDO;
• You don't need to use mssql_fetch_array or mssql_free_result, since its automatic;
• More organization in your PHP scripts.

Code:

PHP Code:

<?php
class MSSQL
{
    public $query = null;
    public $fetch = null;
    protected $fetca;
    protected $mfetc;
    
    public function __construct ($fetch = false, $multi = false)
    {
        $fetch ? $this->fetca = true : $this->fetca = false;
        $multi ? $this->mfetc = true : $this->mfetc = false;
    }
    
    private function escape($arg)
    {
        foreach ($arg as $value)
        {
            is_numeric($value) ? $return[] = $value : $return[] = "N'".str_replace("'", "''", $value)."'";
        }
        return $return;
    }
    
    public function query()
    {
        if (!func_num_args()) return false;
        
        $arg = func_get_args();
        
        $query = $arg[0];
        unset($arg[0]);
        
        if (count($arg)) $query = vsprintf($query, $this->escape($arg));
        
        $this->query = mssql_query($query);
        
        if ($this->fetca):
            if ($this->mfetc):
                while ($fetch = mssql_fetch_array($this->query))
                    $this->fetch[] = $fetch;
            else:
                $this->fetch[] = $fetch;
            endif;
        endif;
        
        mssql_free_result($this->query);
        
        return true;
    }
    
    public function m_fetch()
    {
        $return = null;
        
        $i = 0;
        
        while(isset($this->fetch[$i])):
            $return[] = $this->fetch[$i];
            $i++;
        endwhile;
        
        return $return;
    }
}
?>

Examples:

PHP Code:

require("mssql.php");
mssql_pconnect(MSSQL_HOST, MSSQL_USER, MSSQL_PASS);

#A Simple query without args but with multiple fetch results:
function GetBannedAccs()
{
    $query = "SELECT [account] FROM ACCOUNT_DBF.dbo.ACCOUNT_TBL_DETAIL where BlockTime=99999999";
    
    $mssql = new mssql(true, true);

    return $mssql->query($query) ? $mssql->m_fetch() : false;
}

#A Simple query without fetch results and with 1 arg:
function UnBanByAcc($account)
{
    $query = "UPDATE ACCOUNT_DBF.dbo.ACCOUNT_TBL_DETAIL SET BlockTime=20041111 WHERE account=%s";
        
    $mssql = new mssql();
    return $mssql->query($query, $account);
}

#Query with 1 arg and only 1 fetch result:
function GetAccount($charname)
{
    $return = null;
    
    $query = "SELECT [account] FROM [CHARACTER_01_DBF].[dbo].[CHARACTER_TBL] where m_szName = %s";
        
    $mssql = new mssql(true);

    return $mssql->query($query, $charname) ? $mssql->fetch[0] : false;
} 


[MentaL]

[spikensbror]

Finally!
Someone who understands and can code real php!
Does not belong here though on further thought.
Try at the Coders' Paradise section.

[ShadowDragon]

I agree with Spiken, you've got some real php skill, but nothing classifies this as specifically flyff other than the table names in the example queries.
Not saying it wouldn't be helpful for people learning to make a server though.

[spikensbror]

Also some input on it.
It lacks in the aspect that it doesn't pool or actually interfaces with the connection at all which can be quite a hassle if working on multi-user database servers.

[Mootie]

It's kind of short and basic. The code is pretty clean though. I recommend you look into hexing strings for mssql input. It's much safer and more flexible. My PHP MSSQL interface works as follows:

PHP Code:

<?
class xAccountDB extends xDatabase
{                           
    public function __construct()
    {
        $this->dbName = "ACCOUNT_DBF"; 
    }     
 
    public function CanLogin($ip)
    {
        $query = sprintf("SELECT [Attempts], [Time] FROM [dbo].[LoginAttempts] WHERE [IP] = %s", ToHex($ip));
        $this->Query($query);
        if($this->Fetch($obj))    
        {
            if($obj->Time + 60*15 < time())
            {
                $query = sprintf("DELETE [dbo].[LoginAttempts] WHERE [IP] = %s", ToHex($ip));    
                $this->Query($query);     
                return TRUE;    
            }
            return ($obj->Attempts < 5);                   
    }          
        return TRUE;
    }     

    public function UserLogin($username, $password)
    {
        $query = sprintf("SELECT [account] FROM [dbo].[ACCOUNT_TBL] WHERE [account] = %s AND [password] = %s", ToHex($username), ToHex(md5('kikugalanet'.$password)));
        $this->Query($query);
        if($this->Fetch($obj))
            return TRUE;
        else
            return FALSE;
    }        
}
?>

xDatabase class:

PHP Code:

<?
class xDatabase
{                             
    private $db = NULL;   
    private $result = NULL;
    protected $dbName = "";
    
    
    public function __construct() 
    {
        
    }         
    
    public function Connect()
    {                                  
        if($this->db != NULL)
            return;
           
        $this->db = mssql_connect(MSSQL_HOST, $this->dbName . 'xDBA', sha1(MSSQL_PASSKEY . $this->dbName), TRUE);    
        if(!is_resource($this->db))      
        {                
            $GLOBALS['Error']->Trigger(ERR_FATAL, __FILE__, __LINE__, __FUNCTION__, $this->dbName);
            return FALSE;
        }                    
        return TRUE; 
    }
    
    public function Query($string, $raw = FALSE)
    {
        $this->Connect();
        if(is_resource($this->result))      
            mssql_free_result($this->result);             
        if((strstr($string, ";") || strstr($string, "%") || strstr($string, "'")) && $raw == FALSE)    
        {
            $GLOBALS['Error']->Trigger(ERR_WARNING, __FILE__, __LINE__, __FUNCTION__, $string);
            return FALSE;
        }    
        $this->result = mssql_query($string, $this->db);   
        return is_resource($this->result);
    }
    
    public function Fetch(&$ret, $type=OBJ)
    {
        if(!is_resource($this->result))
        {            
            $GLOBALS['Error']->Trigger(ERR_WARNING, __FILE__, __LINE__, __FUNCTION__, '');
            return FALSE;
        }
        if($type == OBJ)
        {
            $ret = mssql_fetch_object($this->result);
            return is_object($ret);
    }
        elseif($type == ARR)
        {
            $ret = mssql_fetch_array($this->result);   
            return is_array($ret);
    }   
        
    return FALSE;
    }

    public function __destruct() 
    {                           
        if(is_resource($this->db))      
            mssql_close($this->db);  
        if(is_resource($this->result))      
            mssql_free_result($this->result);      
    }              
    
}
?>

My apologies that some of the spacing/parenthesis didn't copy right. I don't mean to 1-up you, my interface is far from complete in itself, but it may give you some ideas on future features to add to yours.

Also note that PHP is kinda simplistic and a huge pain to optimize. I recommend ASP.NET for MSSQL interactions.

[GlaphanKing]

That's an interesting approach using the Hex strings.

And no I'm not being sarcastic, it's a professional opinion.

[ShadowDragon]

I haven't really taken the time to do OOP PHP lol
I can properly understand the coding and I see how it would be useful, but I'm mostly just lazy
creating classes and thinking them through just takes more effort lol

[caja]

In my opinion oop makes the things faster and its really easy if someone explains you well.
Also classes and objects are not a problem if you organize it.
Posted via Mobile Device

[ShadowDragon]

well, it's not that I can't read and understand the OOP structure, I just mean I'm too lazy to build my own from scratch lol