It's kind of short and basic. The code is pretty clean though. I recommend you look into hexing strings for mssql input. It's much safer and more flexible. My PHP MSSQL interface works as follows:
PHP Code:
<?
class xAccountDB extends xDatabase
{
public function __construct()
{
$this->dbName = "ACCOUNT_DBF";
}
public function CanLogin($ip)
{
$query = sprintf("SELECT [Attempts], [Time] FROM [dbo].[LoginAttempts] WHERE [IP] = %s", ToHex($ip));
$this->Query($query);
if($this->Fetch($obj))
{
if($obj->Time + 60*15 < time())
{
$query = sprintf("DELETE [dbo].[LoginAttempts] WHERE [IP] = %s", ToHex($ip));
$this->Query($query);
return TRUE;
}
return ($obj->Attempts < 5);
}
return TRUE;
}
public function UserLogin($username, $password)
{
$query = sprintf("SELECT [account] FROM [dbo].[ACCOUNT_TBL] WHERE [account] = %s AND [password] = %s", ToHex($username), ToHex(md5('kikugalanet'.$password)));
$this->Query($query);
if($this->Fetch($obj))
return TRUE;
else
return FALSE;
}
}
?>
xDatabase class:
PHP Code:
<?
class xDatabase
{
private $db = NULL;
private $result = NULL;
protected $dbName = "";
public function __construct()
{
}
public function Connect()
{
if($this->db != NULL)
return;
$this->db = mssql_connect(MSSQL_HOST, $this->dbName . 'xDBA', sha1(MSSQL_PASSKEY . $this->dbName), TRUE);
if(!is_resource($this->db))
{
$GLOBALS['Error']->Trigger(ERR_FATAL, __FILE__, __LINE__, __FUNCTION__, $this->dbName);
return FALSE;
}
return TRUE;
}
public function Query($string, $raw = FALSE)
{
$this->Connect();
if(is_resource($this->result))
mssql_free_result($this->result);
if((strstr($string, ";") || strstr($string, "%") || strstr($string, "'")) && $raw == FALSE)
{
$GLOBALS['Error']->Trigger(ERR_WARNING, __FILE__, __LINE__, __FUNCTION__, $string);
return FALSE;
}
$this->result = mssql_query($string, $this->db);
return is_resource($this->result);
}
public function Fetch(&$ret, $type=OBJ)
{
if(!is_resource($this->result))
{
$GLOBALS['Error']->Trigger(ERR_WARNING, __FILE__, __LINE__, __FUNCTION__, '');
return FALSE;
}
if($type == OBJ)
{
$ret = mssql_fetch_object($this->result);
return is_object($ret);
}
elseif($type == ARR)
{
$ret = mssql_fetch_array($this->result);
return is_array($ret);
}
return FALSE;
}
public function __destruct()
{
if(is_resource($this->db))
mssql_close($this->db);
if(is_resource($this->result))
mssql_free_result($this->result);
}
}
?>
My apologies that some of the spacing/parenthesis didn't copy right. I don't mean to 1-up you, my interface is far from complete in itself, but it may give you some ideas on future features to add to yours.
Also note that PHP is kinda simplistic and a huge pain to optimize. I recommend ASP.NET for MSSQL interactions.