change mysqli -> PDO, prepared statements
This commit is contained in:
parent
258edc97f7
commit
c58ab04d1b
58
index.php
58
index.php
|
@ -3,7 +3,7 @@ require_once './conf.php';
|
|||
|
||||
define("SHORTER_NAME", "shortr");
|
||||
define("SHORTER_VERSION", "v0.1");
|
||||
define("HASH_LENGTH", 4);
|
||||
define("HASH_LENGTH", 8);
|
||||
define("CHARSET", "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
|
||||
|
||||
$url = "";
|
||||
|
@ -11,19 +11,17 @@ $link = "";
|
|||
$callback = "NO";
|
||||
|
||||
function db_connect() {
|
||||
if (!$mysqli = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME)) {
|
||||
return false;
|
||||
}
|
||||
return $mysqli;
|
||||
$dbh = new PDO('mysql:host='. DB_HOST . ';dbname='. DB_NAME , DB_USER, DB_PASS);
|
||||
return $dbh;
|
||||
}
|
||||
|
||||
function count_urls($mysqli) {
|
||||
$count = mysqli_num_rows(mysqli_query($mysqli, "SELECT * FROM ". DB_TABLE));
|
||||
return $count;
|
||||
function count_urls($dbh) {
|
||||
$sth = $dbh->query("SELECT id FROM ". DB_TABLE);
|
||||
return $sth->fetchColumn();
|
||||
}
|
||||
|
||||
function generate_short($url, $mysqli) {
|
||||
$url = mysqli_real_escape_string($mysqli, $url);
|
||||
function generate_short($url, $dbh) {
|
||||
|
||||
if(!preg_match("/^((https?|ftp)[:\/\/].*\/{2,})/i",$url)) {
|
||||
return false;
|
||||
}
|
||||
|
@ -35,30 +33,48 @@ function generate_short($url, $mysqli) {
|
|||
} else {
|
||||
$clientip = $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
$result = mysqli_query($mysqli, "SELECT id FROM " . DB_TABLE . " WHERE url='$url'");
|
||||
if ($row = mysqli_fetch_assoc($result)) {
|
||||
|
||||
|
||||
$sth = $dbh->prepare("SELECT id FROM " . DB_TABLE . " WHERE url=?");
|
||||
$sth->bindParam(1, $url, PDO::PARAM_STR);
|
||||
$sth->execute();
|
||||
if ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
|
||||
$hash = $row['id'];
|
||||
} else {
|
||||
|
||||
$charset = str_shuffle(CHARSET);
|
||||
$hash = substr($charset, 0, HASH_LENGTH);
|
||||
while (mysqli_num_rows(mysqli_query($mysqli, "SELECT * FROM " . DB_TABLE . " WHERE id='$hash'")) > 0) {
|
||||
|
||||
$sth = $dbh->prepare("SELECT COUNT(*) FROM " . DB_TABLE . " WHERE id=?");
|
||||
$sth->bindParam(1, $hash, PDO::PARAM_STR, HASH_LENGTH);
|
||||
$sth->execute();
|
||||
|
||||
while ($sth->fetchColumn() > 0) {
|
||||
$hash = substr($charset, 0, HASH_LENGTH);
|
||||
$sth->bindParam(1, $hash, PDO::PARAM_STR, HASH_LENGTH);
|
||||
$sth->execute();
|
||||
}
|
||||
$result = mysqli_query($mysqli, "INSERT INTO " . DB_TABLE . " (id, url, ip, count) VALUES ('$hash', '$url', '$clientip', '0')");
|
||||
if (!mysqli_affected_rows($mysqli)) {
|
||||
|
||||
$sth = $dbh->prepare("INSERT INTO " . DB_TABLE . " (id, url, ip, count) VALUES (?, ?, ?, '0')");
|
||||
$sth->bindParam(1, $hash, PDO::PARAM_STR, HASH_LENGTH);
|
||||
$sth->bindParam(2, $url, PDO::PARAM_STR);
|
||||
$sth->bindParam(3, $clientip, PDO::PARAM_STR, 255);
|
||||
if (!$sth->execute()) {
|
||||
print "FAILURE INSERTING\n";
|
||||
}
|
||||
}
|
||||
return $hash;
|
||||
}
|
||||
|
||||
function find_short($hash, $mysqli) {
|
||||
$hash = mysqli_real_escape_string($mysqli, $hash);
|
||||
$result = mysqli_query($mysqli, "SELECT * FROM " . DB_TABLE . " WHERE id='$hash'");
|
||||
if ($row = mysqli_fetch_assoc($result)) {
|
||||
function find_short($hash, $dbh) {
|
||||
$sth = $dbh->prepare("SELECT * FROM " . DB_TABLE . " WHERE id=?");
|
||||
$sth->bindParam(1, $hash, PDO::PARAM_STR, HASH_LENGTH);
|
||||
$sth->execute();
|
||||
if ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
|
||||
$link = $row['url'];
|
||||
mysqli_query($mysqli, "UPDATE " . DB_TABLE . " SET count='" . ($row['count'] + 1) . "' WHERE id='" . $row['id'] . "'");
|
||||
|
||||
$sth = $dbh->prepare("UPDATE " . DB_TABLE . " SET count = count + 1 WHERE id=?");
|
||||
$sth->bindParam(1, $row['id'], PDO::PARAM_STR, HASH_LENGTH);
|
||||
$sth->execute();
|
||||
} else {
|
||||
$link = false;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue