Looking at the code, you may wish to consider using the mysqli_* functions in future releases. On the PHP functions website they're strongly discouraging people from using mysql_* functions and to instead use the mysqli_* equivalent.

For some reason, I can't do $db->get_var("Select count(*) from table_name where id=1 ") (Replacing, of course, table_name with the name of my table, and id with the id.

Note: it's not because of bad SQL, as I ran the SQL in Microsoft SQL Server Management Studio, and it worked just fine.

EZ SQL outputs no errors (even to the php log), but returns null. Trying $db->debug() outputs that it got my query, but under Row it says dt not defined. I could not find reference to this error anywhere.

Note 2: This same query works fine with the mySqli class (and mySql database).

Hello,

It seems that the ine ez_sql_mysqli.php module, in the the query function has a problem.

If the num_queries var is more than 500, the disconnect() function is called, then the quick_connect().

The problem is that the disconnect() function does only a close() on the database, with no killing of the thread.

In fact, the new connection creates a new thread, and so on... till the MySQL refuses the connection and hangs with a timeout.

Is there any solution to that (of cours, if we delete the code keeping alive, it works) ?

Thanks by advance.

Galawa

Solution:

in function: function select
add: if ( $encoding == '') $encoding = $this->encoding;
before: if($encoding!='')

in mysqli/ez_sql_mysqli.php and mysql/ez_sql_mysql.php you need to add lock|unlock to the preg_match function in query() function, otherwise when using LOCK in a mysql statement the script simply fails with no error messages.

There's a bug in the PDO class: once you raise an error (eg try to insert data into a table that doesn't exist) all subsequent queries fail

Example:

// init the PDO connection, then :

// valid query :
var_dump( $db->query( "SHOW TABLES" ) );
// Works, shows correct result

// invalid query :
var_dump( $db->query( "INSERT INTO omgblah VALUES (value1, value2, value3)" ) );
// Doesn't work, throws a warning and returns false as expected

// valid query :
var_dump( $db->query( "SHOW TABLES" ) );
// Unexpectedly still throws warning + returns false

The problem sits in ez_sql_pdo.php, function query(). Once an error has been catched, it prevents subsequent queries from completing.

I'm not sure how to fix this, I'm lost between PDO's exec vs execute vs query ...

diff --git a/postgresql/ez_sql_postgresql.php b/postgresql/ez_sql_postgresql.php
index 36aae74..8143b4d 100755
--- a/postgresql/ez_sql_postgresql.php
+++ b/postgresql/ez_sql_postgresql.php
@@ -13,7 +13,7 @@
* ezSQL error strings - PostgreSQL
*/

•   global ezsql_postgresql_str;
  

•   global $ezsql_postgresql_str;
  
  $ezsql_postgresql_str = array
  (
  

  @@ -287,4 +287,4 @@
  }
  }

•   }
  

  \ No newline at end of file

•   }
  

Getting no results on selects with this version of mysqli. Older versions worked ok.

Sorry, i've not find out the way to solve correctly a query with ezSQL if the query contain a Reserved MySQL Word.
So, as example:
INSERT INTO content (id, asset_id, title, alias, fulltext) .....
as fulltext is a reserved mysql word, ezSQL return trigger error.
I've try to modify the ezsql core file, but without success until now.

I am using ezSQL for database queries and connection and sometimes it gives data and sometimes it return no results.

Here is the debug code

Query [3] -- [SELECT * FROM table WHERE `id`=4]
Query Result..

No Results

Database table have records and it return records if i run file after few minutes.

get_var, and get_row are generating this error using sqlite3 (PHP 5.4.19)

Warning: Creating default object from empty value in ez_sql_sqlite3.php on line 178

$query = $db->query("CREATE USER..."); // if success to create.
if($query) ... // I can not use if(...), because it will return int 0.
if($query !== false) //Maybe i can do this, right?

thank you ezSQL

PHP error:
PHP Fatal error: Call to undefined method ezSQL_sqlsrv::count() in C:\inetpub\wwwroot\bx\UI\includes\ez_sql_sqlsrv.php on line 182

Reference to:
$this->count(true, true); (line 182 of ez_sql_sqlsrv.php)

php -v outputs:

PHP 5.6.15 (cli) (built: Oct 29 2015 12:40:34) Copyright (c) 1997-2015 The PHP Group Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies

Hey everyone,

For some of you, it may be exceedingly simple, but for someone unfamiliar with it as myself, I am trying to learn to use Composer, and to continue to use the ezSQL class in my projects.

I have found the ezSQL Package at Packagist (https://packagist.org/packages/jv2222/ezsql) and have installed it (I think), but it would be great is the ReadMe or Wiki could be extended to detail how to do this, and how ezSQL should be invoked in a Composer-based build.

Just a suggestion - not a bug.

Luke

Hi,

To prevent PHP warning with EzSQL Postgre, I had to add this on line #240 :

$this->col_info[$i] = new stdclass();

Hope that helps,
Nicolas

We've been using ezSQL (mysql) on a app for several years now and never had any problems at until recently. We found that over the past few months, every so often the server would get wiped out by a memory issue - the server has a significant amount of memory, so it seemed odd.

After investigation, we found that a cache file would be responsible. Most cache files are significantly smaller than < 0.5MB, but every so often, one cache file balloons over an arbitary period of time. We don't know what triggers it, but it grows, and grows and grows (the speed depends on how big the query result is), until it gets called, and the massive (sometimes 150MB+ file) gets called by the application, and then of course it stalls the whole apache server. The cache file is not the same file name, query or hash - it appears to happen at complete random.

Deleting the huge file restores the server to working state immediately, and the file re-caches immediately, perfectly.

The ballooned file contents are curious. They do contain the correct serialised results, but then these contents are repeated, over and over and over. It's like the file is being written to, but never sealed, then written to again with identical content.

It only appears to affect one cache file at a time. There are often thousands of cache files in the folder.

A friend who has looked at the code thinks that it could be down to two processes writing to the file at exactly the same time. He says the chances of this happening (because the file isn't locked) are raised if the queries take a particularly long time to execute. Even more curiously, the file content in some cases appears to repeat exactly 1024 times (although I can't confirm how many times that has happened)

I cannot find any other mention of this issue online, but at the moment we think this 'clash' idea could be real, and our very temporary solution is deleting any cache file over 1Mb at a set interval using a cron to prevent escalation.

Justin, or anyone else who might know, might you be able to confirm this is likely to be our issue, or do you think can we rule it out?

Andy.

when setting $this->dbh->query("SET NAMES '".$encoding."'"); in select a
$this->dbh->set_charset('".$encoding."'); would be fine.
http://www.php.net/manual/en/mysqlinfo.concepts.charset.php
br wolf

Hi

Currently there is no consistent way across classes to specify a port.

• cubrid and postgresql constructor functions accept a port number as argument
• other classes don't explicitly accept a port argument. In these, some DB engines (mysql, mssql) accept a "hostname:port" notation (eg "localhost:3306") but some others (mysqli, pdo, sqlsrv) need specific stuff
• depending on the DB engine, you cannot simply use ezSQL at the moment if you use a non standard port

I'm willing to fix this inconsistency and to submit a pull request but I'm seeking for approval before I start coding :)

My idea would be to accept the "hostname:port" notation in all classes, to preserve the number and order of arguments in all constructors as they are now (and not to break any script that would update after you commit the PR)

Any thoughts?

I had previously added this to the discussion for #27, but now that has been merged in, the discussion is lost, so think it should now have it's own issue. Original comment:

This also brings up the issue of error suppressing. I'm not a fan of it at all, but in some cases, ezSQL does some checking of it's own for errors and then manually uses trigger_error to throw one up. An example being:

if ( $str = @$this->dbh->error )
{
    $is_insert = true;
    $this->register_error($str);
    $this->show_errors ? trigger_error($str,E_USER_WARNING) : null;
    return false;
}

However, this issue was difficult to track down because of:

while ( $row = @$this->result->fetch_object() )

There is no error checking that ezSQL does. The error should have been saying trying to call fetch_object on a non-object (or something similar).

I don't think this use of error suppressing is justified. It makes things really difficult to debug. Especially when it's a bug with ezSQL and not anything else.

There's concern that if we remove error suppression from this example line, that lots of people will then get notice warnings.

However, if an error (not a notice) is triggered here, there is a genuine issue with the way someone is using ezSQL, and they need to be made aware of that. Other than painstakingly debugging their code, and then ezSQL.

Hello all,
$db->query("INSERT INTO cont (id, fulltext)
as fulltext is a reserved mysql word, ezSQL return SQL error

Hello,
I'm using ezSql and i have a mysql database.
I want to print on screen row count.
How can i do it.

Thanks

Hi, do you have any plans to add memcached support?

According to the PRW http://www.phptherightway.com/ and other PSR the source code in not compliant ! Planning a refactoring??

I'm ready to contribute!!

Star+1

When testing ezSQL on PHP7 I noticed following warning:
PHP Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; ezSQLcore has a deprecated constructor in shared/ez_sql_core.php

Scenario:
An association table called "userinventory" that has two columns, both are foreign keys: userId and ingredientId. There is no autoincrement column.

Query: INSERT INTO userinventory (userid, ingredientid) VALUES (179, 3), (179, 5);

This query does not work in ezSql because ezSql attempts to get the insertID - and there is not one. The error message is:

Warning: pg_query(): Query failed: ERROR: lastval is not yet defined in this session in ..../ez_sql/postgresql/ez_sql_postgresql.php on line 220

Warning: pg_fetch_row() expects parameter 1 to be resource, boolean given in ..../ez_sql/postgresql/ez_sql_postgresql.php on line 221

Just a suggestion to make two shortcut functions named replace and insert as used in WordPress:

function replace( $table, $data, $format = null ) {
        if ( ! in_array( strtoupper( $type ), array( 'REPLACE', 'INSERT' ) ) ) {
            return false;
        }

        $data = $this->process_fields( $table, $data, $format );
        if ( false === $data ) {
            return false;
        }

        $formats = $values = array();
        foreach ( $data as $value ) {
            $formats[] = $value['format'];
            $values[]  = $value['value'];
        }

        $fields  = '`' . implode( '`, `', array_keys( $data ) ) . '`';
        $formats = implode( ', ', $formats );

        $sql = "$type INTO `$table` ($fields) VALUES ($formats)";

        $this->check_current_query = false;
        return $this->query( $this->prepare( $sql, $values ) );
}

The usage would be;

$replace_review_snapshot = $this->db->replace($product_reviews_table, array(
                'id' => 1,
                'my_review' => $data['info']['something'],
                'my_name' => mysql_real_escape_string($data['info']['my_name']) ,
                'my_stars' => $data['info']['couting'],
            ) , array(
                '%d',
                '%s',
                '%s',
                '%d'
            ));

I just spent several hours debugging this.
turns out there is logic in ezsql that detects if a query is a select (in all drivers), and in that case it fetches the rows.
preg_match("/^(insert|delete|update|start|replace|truncate|drop|create|alter|begin|commit|rollback|set|lock|unlock|call)/i",$query) )

if the query is unrecognized (like grant queries) it will assume it's a select and will try to read the resulting data.
since ezsql really likes to hide the errors with @ for every operation, this results in php exiting silently.

the solution is as simple as adding grant to the regexp above, but I think the logic should be reversed:
if something is a select, fetch the data (IE: it has select in the query start).

Has their been any work done to protect from SQL injection in ezSQL? I've seen safeSQL? (I think that is what it is.) Is that all that is out there? And, if so, why isn't this built directly into ezSQL?

A typo error was introduced in 2.17 or commit (6cca79) with proposed resolution below:

-           return return "ordinal_position, column_name, data_type, column_default, is_nullable, character_maximum_length, numeric_precision FROM information_schema.columns WHERE table_name = '$tbl_name' AND table_schema='$this->dbname' ORDER BY ordinal_position";
+           return "ordinal_position, column_name, data_type, column_default, is_nullable, character_maximum_length, numeric_precision FROM information_schema.columns WHERE table_name = '$tbl_name' AND table_schema='$this->dbname' ORDER BY ordinal_position";

patch

(the title of this issue is descriptive enough :] )

[EDITED] What is the right way to use UoW (unit of work) with EzSQL?

The transactions are useful features of modern DBO, please show how to implement that

Actually this question is opened on Laravel
laravel/ideas#495

Hi,

I like the ezsql and will use in my all projects from now.. but i have one request... please add a prepare function which is also used in the wordpress.... for queires.. i am also pasting this function here..

//USAGE
    $sTemp  = "INSERT INTO best_cms (";
    $sTemp .= "pagename,pagedetail,status ";//4
    $sTemp .= ") VALUES (";
    $sTemp .= " %s, %s, %s";
    $sTemp .= ")";
  $sQuery = $wpdb->prepare($sTemp,'temp', '<p>temp\'</p>', 1);
  $aResult = $wpdb->query($sQuery);

//FUNCTION NEED TO ADD IN ez_sql_mysql.php

    /**
     * Prepares a SQL query for safe execution. Uses sprintf()-like syntax.
     *
     * The following directives can be used in the query format string:
     *   %d (integer)
     *   %f (float)
     *   %s (string)
     *   %% (literal percentage sign - no argument needed)
     *
     * All of %d, %f, and %s are to be left unquoted in the query string and they need an argument passed for them.
     * Literals (%) as parts of the query must be properly written as %%.
     *
     * This function only supports a small subset of the sprintf syntax; it only supports %d (integer), %f (float), and %s (string).
     * Does not support sign, padding, alignment, width or precision specifiers.
     * Does not support argument numbering/swapping.
     *
     * May be called like {@link http://php.net/sprintf sprintf()} or like {@link http://php.net/vsprintf vsprintf()}.
     *
     * Both %d and %s should be left unquoted in the query string.
     *
     * <code>
     * wpdb::prepare( "SELECT * FROM `table` WHERE `column` = %s AND `field` = %d", 'foo', 1337 )
     * wpdb::prepare( "SELECT DATE_FORMAT(`field`, '%%c') FROM `table` WHERE `column` = %s", 'foo' );
     * </code>
     *
     * @param string $query Query statement with sprintf()-like placeholders
     * @param array|mixed $args The array of variables to substitute into the query's placeholders if being called like
     *  {@link http://php.net/vsprintf vsprintf()}, or the first variable to substitute into the query's placeholders if
     *  being called like {@link http://php.net/sprintf sprintf()}.
     * @param mixed $args,... further variables to substitute into the query's placeholders if being called like
     *  {@link http://php.net/sprintf sprintf()}.
     * @return null|false|string Sanitized query string, null if there is no query, false if there is an error and string
     *  if there was something to prepare
     */
function prepare( $query, $args ) {
        if ( is_null( $query ) )
            return;

        $args = func_get_args();
        array_shift( $args );
        // If args were passed as an array (as in vsprintf), move them up
        if ( isset( $args[0] ) && is_array($args[0]) )
            $args = $args[0];
        $query = str_replace( "'%s'", '%s', $query ); // in case someone mistakenly already singlequoted it
        $query = str_replace( '"%s"', '%s', $query ); // doublequote unquoting
        $query = preg_replace( '|(?<!%)%f|' , '%F', $query ); // Force floats to be locale unaware
        $query = preg_replace( '|(?<!%)%s|', "'%s'", $query ); // quote the strings, avoiding escaped strings like %%s
        array_walk( $args, array( $this, 'escape_by_ref' ) );
        return @vsprintf( $query, $args );
    }

    /**
     * Escapes content by reference for insertion into the database, for security
     *
     * @return void
     */
    function escape_by_ref( &$string ) {
        if ( ! is_float( $string ) )
            $string = $this->escape( $string );
    }   

Need to declare $rows_affected in ez_sql_mysql.php. Otherwise, PHP will generate an Undefined property notice when trying to read $db->rows_affected.

Hi!

I think should be more usable a distribution targetted for specific driver (like MySQL) encapsuled into one file:

ezsql.mysql.pack.php

that contain "core" and "mysql"

is the best for me...

It would be great to have some methods/functions integrated to this library that allow us to get the current MySQL database version/info like the server_version.

Hello, I am upgrading an app that uses EZSQL v1.26. I was using ez_results.php v1.16, which I thought was part of the EZSQL package. I do not see an ez_results class in the new code. Was this dropped? If yes, any particular concerns?

Deprecated: Function eregi_replace() is deprecated in ez_sql_mssql.class.php on line 356
Deprecated: Function eregi() is deprecated in ez_sql_mssql.class.php on line 364

The class should be re-written for php 7.0 full compatibility

delete this, sorry...

I think that information on what is returned if an error occurs should be added to the help page/wiki.

The test $this->num_queries >= 500 on line 207 of mysqli/ez_sql_mysqli.php will be true for each query as soon as the the 500 limit has been passed.

Suggestion: the test $this->num_queries % 500 == 499 will be true each 500st query.

Created sqlsrv tree off of root to support the microsoft support sql server driver (tested on v3.0) ...
Will append in my next post if someone wants to include it with the distribution or improve upon it.

Support Windows Authentication if you do not put data in the UN/PW fields.

supercedes #37

e.g. http://php.net/manual/en/mysqli.prepare.php and http://php.net/manual/en/mysqli.quickstart.prepared-statements.php

I'm trying to INSERT json-encoded array in the TEXT field with ez_sql_mysql wrapper. I'm using escape() function for every string variable before it passes to the query. My string contains Unicode characters, so my array encoded like this: ["","'bar'",""baz"","&blong&","\u00e9"].

Now I found that all my slashes is missing.

I have searched through the code and found root cause of problems: wrong call of stripslahes() function at 177 line of the ez_sql_mysql.php:
return mysql_real_escape_string(stripslahes($str));

I have deleted stripslashes() call and now all works fine!

-- edit -- I'm out of my mind, that didn't make sense. Apologies for opening a useless issue :)

Hi guys,

Our company was needing to run a migration system that had a lot of queries (mostly inserts and selects). Everything was wrapped in a large transaction.

It took a lot to be able to fix the problem and, in the end, we discovered a bug in ezsql (mysq conector).

The system automatically disconnects and reconnects if the number of queries is greater than 500. This is good because it makes the system stable but it forces an implicit ROLLBACK if a transaction is in progress.

Therefore, you should create a check to disable this disconnection if a transaction is still running.

Thank you. Keep up the good work. :)

Sincerely,
Renan Gomes
Project Manger at GeoRanker.com
http://www.georanker.com
http://apidocs.georanker.com

Hi, I'm new in github and I'm not sure if I can ask this question here..

It's about the $db->escape() function; Where should I use it? Always that I get data from a user form (via GET or POST) ???

It's really secure to use this function to avoid all Sql Injection attempts ?

Thanks!
Raúl.

Hi

ive been using your class now for a while and had no issues at all, this morning however ive stumbled across a slight issue that i think might be a bug. Its to do with multiple inserts not working correctly.

I believe the issue might be around this area of the query function in the mysql class. If there is a mysql error you return false and assign the errors which is fine but prior to this you set the $is_insert variable to true which has no real effect on anything as far as i can see. now if there is no error you set the $is_insert to false.

    // Perform the query via std mysql_query function..
            $this->result = @mysql_query($query,$this->dbh);

            // If there is an error then take note of it..
            if ( $str = @mysql_error($this->dbh) )
            {
                $is_insert = true;
                $this->register_error($str);
                $this->show_errors ? trigger_error($str,E_USER_WARNING) : null;
                return false;
            }

            // Query was an insert, delete, update, replace
            $is_insert = false;
            if ( preg_match("/^(insert|delete|update|replace|truncate|drop|create|alter)\s+/i",$query) )
            {
                $this->rows_affected = @mysql_affected_rows($this->dbh);

                // Take note of the insert_id
                if ( preg_match("/^(insert|replace)\s+/i",$query) )
                {
                    $this->insert_id = @mysql_insert_id($this->dbh);
                }

                // Return number fo rows affected
                $return_val = $this->rows_affected;
            }

when you then perform the preg_match on the query and go into that section of the code you run a check to see if this is a insert or a replace it its a insert you set the insert_id but you dont change the value of the $is_insert variable and this seems to cause a issue basically im running a query that looks like this.

INSERT INTO rmp_service_bookings SET
                        fk_service_type_id = '136',
                        fk_comp_id = '791',
                        booked_by_fk_user_id = '7',
                        datetime_added = NOW(),
                        live = 0

now im actually running the same query 20 times depending on how many bookings of that service there are, then im using the insert_id that should be generated to insert a record into another table the insert looks like this.

INSERT INTO rmp_service_campaigns_bookings SET
                                            fk_campaign_id = '949',
                                            fk_booking_id = '11198',
                                            fk_user_created_id = '7',
                                            created = NOW(),
                                            updated = NOW()

now when i first run this only 2 booking ever appeared in the second table and I wasnt sure why, after i logged out the queries that were being run I could see that it was only ever inserting the one query. Now when i turned off use_disk_cache this seemed to solve the issue. Should insert statements actually be cached like this?

When i looked further down the query function i saw the following

// disk caching of queries $this->store_cache($query,$is_insert);

After looking at the store_cache function i could see that the it uses the $is_insert variable passed to it to check the cache. now when i leave the setup as it was prior to turning off use_disk_cache only 2 bookings where inserted after that none of the others were done. The issue appears to be with the insert_id always coming back as the same thing, now when i disable disk_cache everything works as expected and this insert_id increases correctly and all the items appear in the database as expected.

So the question is should the $is_insert be being set to true, as when i update the query function with the following

    // Take note of the insert_id
                if ( preg_match("/^(insert|replace)\s+/i",$query) )
                {
                                        //check if this is a insert and set to true
                    if ( preg_match("/^(insert)\s+/i",$query))
                        $is_insert = true;
                    $this->insert_id = @mysql_insert_id($this->dbh);
                }

the issue that i have is fixed without having to turn the disk cache off.

thanks

There has to be a bug in the latest ez_sql_mysqli.php file, when I upgrade to the latest version, some queries return No Results, when there should be results, as soon as I replace it with an older version of ez_sql_mysqli.php, the results are returned as expected.

Hi, after inserting new row to MsSQL database, $db->insert_id returns nothing.

if ( preg_match("/^(insert|replace)\s+/i",$query) )
{
    $identityresultset = @sqlsrv_query($this->dbh, "select SCOPE_IDENTITY() AS id");

    if ($identityresultset != false )
    {
        $identityrow = @sqlsrv_fetch($identityresultset);

        $this->insert_id = $identityrow[0];
    }
}

$identityresultset returns resource, $identityrow returns bool(true)

I use ezSQL with Oracle, and I'm not sure if this is an issue with other databases or not. If I perform a query like this -

select count(*) from table where name like 'W%'
I would get :
PHP Notice: Undefined property: stdClass::$max_length in /home/jadu/public_html/a/lib/db/ez_sql_core.php on line 451

I took a look at 451 - and when selecting count(*) there is no "max_length", its actually "size" when this query runs.

I've altered ez_sql_core.php and changed line 451 to this if statement, the the problem went away. There's probably a better way to do this, but I was in a hurry to hack together a fix.

if (!isset($this->col_info[$i]->max_length)) {
echo "{$this->col_info[$i]->type} {$this->col_info[$i]->size}
{$this->col_info[$i]->name}";
} else {
echo "{$this->col_info[$i]->type} {$this->col_info[$i]->max_length}
{$this->col_info[$i]->name}";
}