silverstripe-framework/model/connect/PDOConnector.php
John 8577ad1280 NEW Added SSL support for MySQLi Connector (fixes #7242)
Modified MySQLiConnector.php to parse SSL environment variables
Modifed MySQLDatabaseConfigurationHelper.php to check SSL variables when testing initial connection

Minor: Modified PDOConnector.php to change typo

TODO: Add Documentation
2017-08-03 22:36:11 +08:00

444 lines
11 KiB
PHP

<?php
/**
* PDO driver database connector
* @package framework
* @subpackage model
*/
class PDOConnector extends DBConnector {
/**
* Should ATTR_EMULATE_PREPARES flag be used to emulate prepared statements?
*
* @config
* @var boolean
*/
private static $emulate_prepare = false;
/**
* Default strong SSL cipher to be used
*
* @config
* @var string
*/
private static $ssl_cipher_default = 'DHE-RSA-AES256-SHA';
/**
* The PDO connection instance
*
* @var PDO
*/
protected $pdoConnection = null;
/**
* Name of the currently selected database
*
* @var string
*/
protected $databaseName = null;
/**
* If available, the row count of the last executed statement
*
* @var int|null
*/
protected $rowCount = null;
/**
* Error generated by the errorInfo() method of the last PDOStatement
*
* @var array|null
*/
protected $lastStatementError = null;
/**
* List of prepared statements, cached by SQL string
*
* @var array
*/
protected $cachedStatements = array();
/**
* Flush all prepared statements
*/
public function flushStatements() {
$this->cachedStatements = array();
}
/**
* Retrieve a prepared statement for a given SQL string, or return an already prepared version if
* one exists for the given query
*
* @param string $sql
* @return PDOStatement
*/
public function getOrPrepareStatement($sql) {
// Return cached statements
if(isset($this->cachedStatements[$sql])) {
return $this->cachedStatements[$sql];
}
// Generate new statement
$statement = $this->pdoConnection->prepare(
$sql,
array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)
);
// Only cache select statements
if(preg_match('/^(\s*)select\b/i', $sql)) {
$this->cachedStatements[$sql] = $statement;
}
return $statement;
}
/**
* Is PDO running in emulated mode
*
* @return boolean
*/
public static function is_emulate_prepare() {
return Config::inst()->get('PDOConnector', 'emulate_prepare');
}
public function connect($parameters, $selectDB = false) {
$this->flushStatements();
// Build DSN string
// Note that we don't select the database here until explicitly
// requested via selectDatabase
$driver = $parameters['driver'] . ":";
$dsn = array();
// Typically this is false, but some drivers will request this
if($selectDB) {
// Specify complete file path immediately following driver (SQLLite3)
if(!empty($parameters['filepath'])) {
$dsn[] = $parameters['filepath'];
} elseif(!empty($parameters['database'])) {
// Some databases require a selected database at connection (SQLite3, Azure)
if($parameters['driver'] === 'sqlsrv') {
$dsn[] = "Database={$parameters['database']}";
} else {
$dsn[] = "dbname={$parameters['database']}";
}
}
}
// Syntax for sql server is slightly different
if($parameters['driver'] === 'sqlsrv') {
$server = $parameters['server'];
if (!empty($parameters['port'])) {
$server .= ",{$parameters['port']}";
}
$dsn[] = "Server=$server";
} elseif ($parameters['driver'] === 'dblib') {
$server = $parameters['server'];
if (!empty($parameters['port'])) {
$server .= ":{$parameters['port']}";
}
$dsn[] = "host={$server}";
} else {
if (!empty($parameters['server'])) {
// Use Server instead of host for sqlsrv
$dsn[] = "host={$parameters['server']}";
}
if (!empty($parameters['port'])) {
$dsn[] = "port={$parameters['port']}";
}
}
// Connection charset and collation
$connCharset = Config::inst()->get('MySQLDatabase', 'connection_charset');
$connCollation = Config::inst()->get('MySQLDatabase', 'connection_collation');
// Set charset if given and not null. Can explicitly set to empty string to omit
if($parameters['driver'] !== 'sqlsrv') {
$charset = isset($parameters['charset'])
? $parameters['charset']
: $connCharset;
if (!empty($charset)) $dsn[] = "charset=$charset";
}
// Connection commands to be run on every re-connection
if(!isset($charset)) {
$charset = $connCharset;
}
$options = array();
if($parameters['driver'] == 'mysql') {
$options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET NAMES ' . $charset . ' COLLATE ' . $connCollation;
// Set SSL options if they are defined
if(
array_key_exists('ssl_key', $parameters) &&
array_key_exists('ssl_cert', $parameters)) {
$options[PDO::MYSQL_ATTR_SSL_KEY] = $parameters['ssl_key'];
$options[PDO::MYSQL_ATTR_SSL_CERT] = $parameters['ssl_cert'];
if(array_key_exists('ssl_ca', $parameters)) {
$options[PDO::MYSQL_ATTR_SSL_CA] = $parameters['ssl_ca'];
}
// use default cipher if not provided
$options[PDO::MYSQL_ATTR_SSL_CIPHER] = $parameters['ssl_cipher'] ?: Config::inst()->get('PDOConnector', 'ssl_cipher_default');
}
}
if(self::is_emulate_prepare()) {
$options[PDO::ATTR_EMULATE_PREPARES] = true;
}
// May throw a PDOException if fails
$this->pdoConnection = new PDO(
$driver.implode(';', $dsn),
empty($parameters['username']) ? '' : $parameters['username'],
empty($parameters['password']) ? '' : $parameters['password'],
$options
);
// Show selected DB if requested
if($this->pdoConnection && $selectDB && !empty($parameters['database'])) {
$this->databaseName = $parameters['database'];
}
}
public function getVersion() {
return @$this->pdoConnection->getAttribute(PDO::ATTR_SERVER_VERSION);
}
public function escapeString($value) {
$value = $this->quoteString($value);
// Since the PDO library quotes the value, we should remove this to maintain
// consistency with MySQLDatabase::escapeString
if (preg_match('/^\'(?<value>.*)\'$/', $value, $matches)) {
$value = $matches['value'];
}
return $value;
}
public function quoteString($value) {
return $this->pdoConnection->quote($value);
}
/**
* Invoked before any query is executed
*
* @param string $sql
*/
protected function beforeQuery($sql) {
// Reset state
$this->rowCount = 0;
$this->lastStatementError = null;
// Flush if necessary
if($this->isQueryDDL($sql)) {
$this->flushStatements();
}
}
/**
* Executes a query that doesn't return a resultset
*
* @param string $sql The SQL query to execute
* @param integer $errorLevel For errors to this query, raise PHP errors
* using this error level.
* @return int
*/
public function exec($sql, $errorLevel = E_USER_ERROR) {
$this->beforeQuery($sql);
// Directly exec this query
$result = $this->pdoConnection->exec($sql);
// Check for errors
if($this->hasError($this->pdoConnection)) {
$this->databaseError($this->getLastError(), $errorLevel, $sql);
return null;
}
return $this->rowCount = $result;
}
public function query($sql, $errorLevel = E_USER_ERROR) {
$this->beforeQuery($sql);
// Directly query against connection
$statement = $this->pdoConnection->query($sql);
// Generate results
return $this->prepareResults($statement, $errorLevel, $sql);
}
/**
* Determines the PDO::PARAM_* type for a given PHP type string
* @param string $phpType Type of object in PHP
* @return integer PDO Parameter constant value
*/
public function getPDOParamType($phpType) {
switch($phpType) {
case 'boolean':
return PDO::PARAM_BOOL;
case 'NULL':
return PDO::PARAM_NULL;
case 'integer':
return PDO::PARAM_INT;
case 'object': // Allowed if the object or resource has a __toString method
case 'resource':
case 'float': // Not actually returnable from get_type
case 'double':
case 'string':
return PDO::PARAM_STR;
case 'blob':
return PDO::PARAM_LOB;
case 'array':
case 'unknown type':
default:
user_error("Cannot bind parameter as it is an unsupported type ($phpType)", E_USER_ERROR);
}
}
/**
* Bind all parameters to a PDOStatement
*
* @param PDOStatement $statement
* @param array $parameters
*/
public function bindParameters(PDOStatement $statement, $parameters) {
// Bind all parameters
for($index = 0; $index < count($parameters); $index++) {
$value = $parameters[$index];
$phpType = gettype($value);
// Allow overriding of parameter type using an associative array
if($phpType === 'array') {
$phpType = $value['type'];
$value = $value['value'];
}
// Check type of parameter
$type = $this->getPDOParamType($phpType);
if($type === PDO::PARAM_STR) $value = strval($value);
// Bind this value
$statement->bindValue($index+1, $value, $type);
}
}
public function preparedQuery($sql, $parameters, $errorLevel = E_USER_ERROR) {
$this->beforeQuery($sql);
// Prepare statement
$statement = $this->getOrPrepareStatement($sql);
// Bind and invoke statement safely
if($statement) {
$this->bindParameters($statement, $parameters);
$statement->execute($parameters);
}
// Generate results
return $this->prepareResults($statement, $errorLevel, $sql);
}
/**
* Given a PDOStatement that has just been executed, generate results
* and report any errors
*
* @param PDOStatement $statement
* @param int $errorLevel
* @param string $sql
* @param array $parameters
* @return \PDOQuery
*/
protected function prepareResults($statement, $errorLevel, $sql, $parameters = array()) {
// Record row-count and errors of last statement
if($this->hasError($statement)) {
$this->lastStatementError = $statement->errorInfo();
} elseif($statement) {
// Count and return results
$this->rowCount = $statement->rowCount();
return new PDOQuery($statement);
}
// Ensure statement is closed
if($statement) {
$statement->closeCursor();
unset($statement);
}
// Report any errors
if($parameters) {
$parameters = $this->parameterValues($parameters);
}
$this->databaseError($this->getLastError(), $errorLevel, $sql, $parameters);
return null;
}
/**
* Determine if a resource has an attached error
*
* @param PDOStatement|PDO $resource the resource to check
* @return boolean Flag indicating true if the resource has an error
*/
protected function hasError($resource) {
// No error if no resource
if(empty($resource)) {
return false;
}
// If the error code is empty the statement / connection has not been run yet
$code = $resource->errorCode();
if(empty($code)) {
return false;
}
// Skip 'ok' and undefined 'warning' types.
// @see http://docstore.mik.ua/orelly/java-ent/jenut/ch08_06.htm
return $code !== '00000' && $code !== '01000';
}
public function getLastError() {
$error = null;
if ($this->lastStatementError) {
$error = $this->lastStatementError;
} elseif($this->hasError($this->pdoConnection)) {
$error = $this->pdoConnection->errorInfo();
}
if ($error) {
return sprintf("%s-%s: %s", $error[0], $error[1], $error[2]);
}
}
public function getGeneratedID($table) {
return $this->pdoConnection->lastInsertId();
}
public function affectedRows() {
return $this->rowCount;
}
public function selectDatabase($name) {
$this->exec("USE \"{$name}\"");
$this->databaseName = $name;
return true;
}
public function getSelectedDatabase() {
return $this->databaseName;
}
public function unloadDatabase() {
$this->databaseName = null;
}
public function isActive() {
return $this->databaseName && $this->pdoConnection;
}
}