Development

Changeset 8665

You must first sign up to be able to contribute.

Changeset 8665

Show
Ignore:
Timestamp:
04/28/08 23:14:08 (4 months ago)
Author:
FabianLange
Message:

refactored sfMySQLSessionStorage and added sfMySQLiSessionStorage as proposed in #3394.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/1.1/lib/storage/sfMySQLSessionStorage.class.php

    r8506 r8665  
    1919 * @author     Fabien Potencier <fabien.potencier@symfony-project.com> 
    2020 * @author     Sean Kerr <sean@code-box.org> 
     21 * @author     Julien Garand <julien.garand@gmail.com> 
    2122 * @version    SVN: $Id$ 
    2223 */ 
     
    3940 
    4041    // cleanup the session id, just in case 
    41     $id = mysql_real_escape_string($id, $this->db->getResource()); 
     42    $id = $this->db_escape($id); 
    4243 
    4344    // delete the record associated with this id 
    44     $sql = 'DELETE FROM '.$db_table.' WHERE '.$db_id_col.' = \''.$id.'\''
    45  
    46     if (@mysql_query($sql, $this->db->getResource())) 
     45    $sql = "DELETE FROM $db_table WHERE $db_id_col = '$id'"
     46 
     47    if ($this->db_query($sql)) 
    4748    { 
    4849      return true; 
     
    5051 
    5152    // failed to destroy session 
    52     throw new sfDatabaseException(sprintf('sfMySQLSessionStorage cannot destroy session id "%s" (%s).', $id, mysql_error())); 
     53    throw new sfDatabaseException(sprintf('% cannot destroy session id "%s" (%s).', get_class($this), $id, mysql_error())); 
    5354  } 
    5455 
     
    6869    $db_time_col = $this->options['db_time_col']; 
    6970 
    70     // delete the record associated with this id 
    71     $sql = 'DELETE FROM '.$db_table.' WHERE '.$db_time_col.' < '.(time() - $lifetime); 
    72  
    73     if (!@mysql_query($sql, $this->db->getResource())) 
    74     { 
    75       throw new sfDatabaseException(sprintf('sfMySQLSessionStorage cannot delete old sessions (%s).', mysql_error())); 
     71    // delete the record older than the authorised session life time  
     72    $lifetime = $this->db_escape($lifetime); // We never know... 
     73    $sql = "DELETE FROM $db_table 'WHERE $db_time_col + INTERVAL $lifetime SECOND < NOW()"; 
     74 
     75    if (!$this->db_query($sql)) 
     76    { 
     77      throw new sfDatabaseException(sprintf('% cannot delete old sessions (%s).', get_class($this), mysql_error())); 
    7678    } 
    7779 
     
    9799 
    98100    // cleanup the session id, just in case 
    99     $id = mysql_real_escape_string($id, $this->db->getResource()); 
     101    $id = $this->db_escape($id); 
    100102 
    101103    // delete the record associated with this id 
    102     $sql = 'SELECT '.$db_data_col.' FROM '.$db_table.' WHERE '.$db_id_col.' = \''.$id.'\''
    103  
    104     $result = @mysql_query($sql, $this->db->getResource()); 
    105  
    106     if ($result != false && @mysql_num_rows($result) == 1) 
     104    $sql = "SELECT $db_data_col FROM $db_table WHERE $db_id_col = '$id'"
     105 
     106    $result = $this->db_query($sql); 
     107 
     108    if ($result != false && $this->db_num_rows($result) == 1) 
    107109    { 
    108110      // found the session 
    109       $data = mysql_fetch_row($result); 
     111      $data = $this->db_fetch_row($result); 
    110112 
    111113      return $data[0]; 
     
    114116    { 
    115117      // session does not exist, create it 
    116       $sql = 'INSERT INTO '.$db_table.' ('.$db_id_col.', '.$db_data_col.', '.$db_time_col.') VALUES (\''.$id.'\', \'\', '.time().')'
    117  
    118       if (@mysql_query($sql, $this->db->getResource())) 
     118      $sql = "INSERT INTO $db_table ($db_id_col, $db_data_col, $db_time_col) VALUES ('$id', '', NOW())"
     119 
     120      if ($this->db_query($sql)) 
    119121      { 
    120122        return ''; 
     
    122124 
    123125      // can't create record 
    124       throw new sfDatabaseException(sprintf('sfMySQLSessionStorage cannot create new record for id "%s" (%s).', $id, mysql_error())); 
     126      throw new sfDatabaseException(sprintf('% cannot create new record for id "%s" (%s).', get_class($this), $id, mysql_error())); 
    125127    } 
    126128  } 
     
    145147 
    146148    // cleanup the session id and data, just in case 
    147     $id   = mysql_real_escape_string($id, $this->db->getResource()); 
    148     $data = mysql_real_escape_string($data, $this->db->getResource()); 
    149  
    150     // delete the record associated with this id 
    151     $sql = 'UPDATE '.$db_table.' SET '.$db_data_col.' = \''.$data.'\', '.$db_time_col.' = '.time().' WHERE '.$db_id_col.' = \''.$id.'\''
    152  
    153     if (@mysql_query($sql, $this->db->getResource())) 
     149    $id   = $this->db_escape($id); 
     150    $data = $this->db_escape($data); 
     151 
     152    // update the record associated with this id 
     153    $sql = "UPDATE $db_table SET $db_data_col='$data', $db_time_col=NOW() WHERE $db_id_col='$id'"
     154 
     155    if ($this->db_query($sql)) 
    154156    { 
    155157      return true; 
     
    157159 
    158160    // failed to write session data 
    159     throw new sfDatabaseException(sprintf('sfMySQLSessionStorage cannot write session data for id "%s" (%s).', $id, mysql_error())); 
     161    throw new sfDatabaseException(sprintf('% cannot write session data for id "%s" (%s).', get_class($this), $id, mysql_error())); 
     162  } 
     163 
     164  /*! 
     165   * Execute an SQL Query 
     166   * 
     167   * @param $query (string) The query to execute 
     168   * @return (mixed) The result of the query 
     169   */ 
     170  protected function db_query($query) 
     171  { 
     172    return @mysql_query($query, $this->db->getResource()); 
     173  } 
     174 
     175  /*! 
     176   * Escape a string before using it in a query statement 
     177   * 
     178   * @param $string (string) The string to escape 
     179   * @return (string) The escaped string 
     180   */ 
     181  protected function db_escape($string) 
     182  { 
     183    return mysql_real_escape_string($string, $this->db->getResource()); 
     184  } 
     185 
     186  /*! 
     187   * Count the rows in a query result 
     188   * 
     189   * @param $result (resource) Result of a query 
     190   * @return (int) Number of rows 
     191   */ 
     192  protected function db_num_rows($result) 
     193  { 
     194    return mysql_num_rows($result); 
     195  } 
     196 
     197  /*! 
     198   * Extract a row from a query result set 
     199   * 
     200   * @param $result (resource) Result of a query 
     201   * @return (array) Extracted row as an indexed array 
     202   */ 
     203  protected function db_fetch_row($result) 
     204  { 
     205    return mysql_fetch_row($result); 
    160206  } 
    161207}