Index: trunk/kernel/include/db.class.php =================================================================== diff -u -r912 -r1566 --- trunk/kernel/include/db.class.php (.../db.class.php) (revision 912) +++ trunk/kernel/include/db.class.php (.../db.class.php) (revision 1566) @@ -256,7 +256,7 @@ { $sql .= ' '.$this->getLimitClause(0,1); $ret = $this->Query($sql); - if(!$ret) return $ret; + if(!$ret) return false; return array_shift($ret); } @@ -396,5 +396,65 @@ break; } } + + /** + * Returns last error code occured + * + * @return int + */ + function getErrorCode() + { + return $this->errorCode; + } + + /** + * Returns last error message + * + * @return string + * @access public + */ + function getErrorMsg() + { + return $this->errorMessage; + } + + /** + * Correctly quotes a string so that all strings are escaped. We prefix and append + * to the string single-quotes. + * An example is $db->qstr("Don't bother",magic_quotes_runtime()); + * + * @param s the string to quote + * @param [magic_quotes] if $s is GET/POST var, set to get_magic_quotes_gpc(). + * This undoes the stupidity of magic quotes for GPC. + * + * @return quoted string to be sent back to database + */ + function qstr($s,$magic_quotes=false) + { + $replaceQuote = "\\'"; + if (!$magic_quotes) + { + if ($replaceQuote[0] == '\\') + { + // only since php 4.0.5 + $s = str_replace(array('\\',"\0"),array('\\\\',"\\\0"),$s); + //$s = str_replace("\0","\\\0", str_replace('\\','\\\\',$s)); + } + return "'".str_replace("'",$replaceQuote,$s)."'"; + } + + // undo magic quotes for " + $s = str_replace('\\"','"',$s); + + if($replaceQuote == "\\'") // ' already quoted, no need to change anything + { + return "'$s'"; + } + else // change \' to '' for sybase/mssql + { + $s = str_replace('\\\\','\\',$s); + return "'".str_replace("\\'",$replaceQuote,$s)."'"; + } + } } ?> \ No newline at end of file