5495 created queryDButf8() function to handle the installer's utf8 ch…

…ecking, and fixed a couple mysql query error in step 3 and 6 of the mysql install
atutor · Oct 4, 2014 · 81f968f · 81f968f
1 parent 9349b20
commit 81f968f
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 6 deletions.
diff --git a/include/install/install.inc.php b/include/install/install.inc.php
@@ -459,11 +459,12 @@ function create_and_switch_db($db_host, $db_port, $db_login, $db_pwd, $tb_prefix
 		/* Check if the database that existed is in UTF-8, if not, ask for retry */
 		at_db_select($db_name, $db);
 		$sql = "SHOW CREATE DATABASE `%s`";
-		$row = queryDB($sql, array($db_name));
-		
+		$row = queryDButf8($sql, array($db_name), true, true, $db);
+
 		if (!preg_match('/CHARACTER SET utf8/i', $row['Create Database'])){
 			$sql2 = 'ALTER DATABASE `%s` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci';
-			$result2 = queryDB($sql2, array($db_name));
+			$result2 = queryDButf8($sql2, array($db_name),false, true, $db);
+
 			if ($result2 == 0){
 				if ($in_plain_msg) {
 					$errors[] = 'Database <b>'.$db_name.'</b> is not in UTF8.  Please set the database character set to UTF8 before continuing by using the following query: <br /> ALTER DATABASE `'.$db_name.'` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci.  <br />To use ALTER DATABASE, you need the ALTER privilege on the database.  You can also check the MySQL manual <a href="http://dev.mysql.com/doc/refman/4.1/en/alter-database.html" target="mysql_window">here</a>.';
@@ -475,4 +476,4 @@ function create_and_switch_db($db_host, $db_port, $db_login, $db_pwd, $tb_prefix
 	}
 	return $db;
 }
-?>
+?>
diff --git a/include/lib/mysql_connect.inc.php b/include/lib/mysql_connect.inc.php
@@ -124,7 +124,55 @@ function queryDB($query, $params=array(), $oneRow = false, $sanitize = true, $ca
     return execute_sql($sql, $oneRow, $callback_func, $array_type);
 
 }
+function queryDButf8($query, $params=array(), $oneRow = true, $sanitize, $db, $array_type = MYSQL_ASSOC) {
+    global $msg, $addslashes;
 
+    if ($sanitize) {
+        foreach($params as $i=>$value) {
+         if(defined('MYSQLI_ENABLED')){  
+             $value = $addslashes(htmlspecialchars_decode($value, ENT_QUOTES));  
+             $params[$i] = $db->real_escape_string($value);
+            }else {
+             $params[$i] = $addslashes($value);           
+            }
+        }
+    }
+
+    $sql = vsprintf($query, $params);
+
+    if(defined('MYSQLI_ENABLED')){
+           $result = $db->query($sql) or (error_log(print_r($db->error . "\nSQL: " . $sql, true), 0) and $msg->addError($displayErrorMessage));                
+
+    }else{
+           $result = mysql_query($sql, $db) or (error_log(print_r(mysql_error(), true), 0) and $msg->addError($displayErrorMessage));
+    }
+    if ($oneRow) {
+          if(defined('MYSQLI_ENABLED')){            
+            $row = $result->fetch_array($array_type);              
+
+          }else {
+            $row = mysql_fetch_array($result, $array_type);              
+          }
+
+        // Check that there are no more than 1 row expected.
+          if(defined('MYSQLI_ENABLED')){
+               if ($result->fetch_array($array_type)) {
+                $msg->addError($displayErrorMessage);
+                return at_affected_rows($db);
+                }           
+          }else{
+              if (mysql_fetch_array($result, $array_type)) {
+                $msg->addError($displayErrorMessage);
+                return at_affected_rows($db);
+                }            
+          }
+
+        unset($result);
+        return ($row) ? $row : array();
+    } else{
+        return $result;
+    }
+}
 function sqlout($sql){
     //output the sql with variable values inserted
     global $sqlout;

diff --git a/install/include/step3.php b/install/include/step3.php
@@ -21,7 +21,7 @@
     if(defined('MYSQLI_ENABLED')){
  	    $db = at_db_connect($_POST['step2']['db_host'],$_POST['step2']['db_port'],$_POST['step2']['db_login'],urldecode($_POST['step2']['db_password']), $_POST['step2']['db_name']);   
     }else{
-	    $db = at_db_connect($_POST['step2']['db_host'],$_POST['step2']['db_port'],$_POST['step2']['db_login'],urldecode($_POST['step2']['db_password']));
+	    $db = at_db_connect($_POST['step2']['db_host'],$_POST['step2']['db_port'],$_POST['step2']['db_login'],urldecode($_POST['step2']['db_password']), '');
 	    at_db_select($_POST['step2']['db_name'], $db);
     }
 

diff --git a/install/include/step6.php b/install/include/step6.php
@@ -171,7 +171,8 @@
 			if ($_POST['step1']['old_path'] != '') {
 				$db     = at_db_connect($_POST['step1']['db_host'], $_POST['step1']['db_port'], $_POST['step1']['db_login'], urldecode($_POST['step1']['db_password']));
 			} else {
-				$db     = at_db_connect($_POST['step2']['db_host'], $_POST['step2']['db_port'], $_POST['step2']['db_login'], urldecode($_POST['step2']['db_password']));
+				$db     = at_db_connect($_POST['step2']['db_host'], $_POST['step2']['db_port'], $_POST['step2']['db_login'], urldecode($_POST['step2']['db_password']), '');
+
 			}
 
 			$row = at_db_version($db);