i want study the connection database and security user lever. but failerany body help me, where the problem is.here the code
<?php/********************************************************************************* * Filename: common.php * PHP 4.0 *********************************************************************************/error_reporting (E_ALL ^ E_NOTICE);//===============================// Database Connection Definition//-------------------------------//Philmar Online Rent-a-Car Connection begininclude("./db_mysql.inc");define("DATABASE_NAME","car");define("DATABASE_USER","root");define("DATABASE_PASSWORD","");define("DATABASE_HOST","localhost");// Database Initialize$db = new DB_Sql();$db->Database = DATABASE_NAME;$db->User = DATABASE_USER;$db->Password = DATABASE_PASSWORD;$db->Host = DATABASE_HOST;// Philmar Online Rent-a-Car Connection end//===============================// Site Initialization//-------------------------------// Obtain the path where this site is located on the server//-------------------------------$app_path = ".";//-------------------------------// Create Header and Footer Path variables//-------------------------------$header_filename = "Header.html";$footer_filename = "Footer.html";//===============================//===============================// Common functions//-------------------------------// Convert non-standard characters to HTML//-------------------------------function tohtml($strValue){ return htmlspecialchars($strValue);}//-------------------------------// Convert value to URL//-------------------------------function tourl($strValue){ return urlencode($strValue);}//-------------------------------// Obtain specific URL Parameter from URL string//-------------------------------function get_param($param_name){ global $HTTP_POST_VARS; global $HTTP_GET_VARS; $param_value = ""; if(isset($HTTP_POST_VARS[$param_name])) $param_value = $HTTP_POST_VARS[$param_name]; else if(isset($HTTP_GET_VARS[$param_name])) $param_value = $HTTP_GET_VARS[$param_name]; return $param_value;}function get_session($param_name){ global $HTTP_POST_VARS; global $HTTP_GET_VARS; global ${$param_name}; $param_value = ""; if(!isset($HTTP_POST_VARS[$param_name]) && !isset($HTTP_GET_VARS[$param_name]) && session_is_registered($param_name)) $param_value = ${$param_name}; return $param_value;}function set_session($param_name, $param_value){ global ${$param_name}; if(session_is_registered($param_name)) session_unregister($param_name); ${$param_name} = $param_value; session_register($param_name);}function is_number($string_value){ if(is_numeric($string_value) || !strlen($string_value)) return true; else return false;}//-------------------------------// Convert value for use with SQL statament//-------------------------------function tosql($value, $type){ if(!strlen($value)) return "NULL"; else if($type == "Number") return str_replace (",", ".", doubleval($value)); else { if(get_magic_quotes_gpc() == 0) { $value = str_replace("'","''",$value); $value = str_replace("\\","\\\\",$value); } else { $value = str_replace("\\'","''",$value); $value = str_replace("\\\"","\"",$value); } return "'" . $value . "'"; }}function strip($value){ if(get_magic_quotes_gpc() == 0) return $value; else return stripslashes($value);}function db_fill_array($sql_query){ global $db; $db_fill = new DB_Sql(); $db_fill->Database = $db->Database; $db_fill->User = $db->User; $db_fill->Password = $db->Password; $db_fill->Host = $db->Host; $db_fill->query($sql_query); if ($db_fill->next_record()) { do { $ar_lookup[$db_fill->f(0)] = $db_fill->f(1); } while ($db_fill->next_record()); return $ar_lookup; } else return false;}//-------------------------------// Deprecated function - use get_db_value($sql)//-------------------------------function dlookup($table_name, $field_name, $where_condition){ $sql = "SELECT " . $field_name . " FROM " . $table_name . " WHERE " . $where_condition; return get_db_value($sql);}//-------------------------------// Lookup field in the database based on SQL query//-------------------------------function get_db_value($sql){ global $db; $db_look = new DB_Sql(); $db_look->Database = $db->Database; $db_look->User = $db->User; $db_look->Password = $db->Password; $db_look->Host = $db->Host; $db_look->query($sql); if($db_look->next_record()) return $db_look->f(0); else return "";}//-------------------------------// Obtain Checkbox value depending on field type//-------------------------------function get_checkbox_value($value, $checked_value, $unchecked_value, $type){ if(!strlen($value)) return tosql($unchecked_value, $type); else return tosql($checked_value, $type);}//-------------------------------// Obtain lookup value from array containing List Of Values//-------------------------------function get_lov_value($value, $array){ $return_result = ""; if(sizeof($array) % 2 != 0) $array_length = sizeof($array) - 1; else $array_length = sizeof($array); for($i = 0; $i < $array_length; $i = $i + 2) { if($value == $array[$i]) $return_result = $array[$i+1]; } return $return_result;}//-------------------------------// Verify user's security level and redirect to login page if needed//-------------------------------function check_security($security_level){ global $UserRights; if(!session_is_registered("UserID")) header ("Location: Login.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode(getenv("REQUEST_URI"))); else if(!session_is_registered("UserRights") || $UserRights < $security_level) header ("Location: Login.php?querystring=" . urlencode(getenv("QUERY_STRING")) . "&ret_page=" . urlencode(getenv("REQUEST_URI")));}//===============================// GlobalFuncs begin// GlobalFuncs end//===============================?>and -------<?phpclass DB_Sql { /* public: connection parameters */ var $Host = ""; <--------------------------------------// necessary for me include data here!!!!!! var $Database = ""; var $User = ""; var $Password = ""; /* public: configuration parameters */ var $Auto_Free = 0; ## Set to 1 for automatic mysql_free_result() var $Debug = 0; ## Set to 1 for debugging messages. var $Halt_On_Error = "yes"; ## "yes" (halt with message), "no" (ignore errors quietly), "report" (ignore errror, but spit a warning) var $Seq_Table = "db_sequence"; /* public: result array and current row number */ var $Record = array(); var $Row; /* public: current error number and error text */ var $Errno = 0; var $Error = ""; /* public: this is an api revision, not a CVS revision. */ var $type = "mysql"; var $revision = "1.2"; /* private: link and query handles */ var $Link_ID = 0; var $Query_ID = 0; /* public: constructor */ function DB_Sql($query = "") { $this->query($query); } /* public: some trivial reporting */ function link_id() { return $this->Link_ID; } function query_id() { return $this->Query_ID; } /* public: connection management */ function connect($Database = "", $Host = "", $User = "", $Password = "") <---------- // necessary for me include data here!!!!!!{ /* Handle defaults */ if ("" == $Database) $Database = $this->Database; if ("" == $Host) $Host = $this->Host; if ("" == $User) $User = $this->User; if ("" == $Password) $Password = $this->Password; /* establish connection, select database */ if ( 0 == $this->Link_ID ) { $this->Link_ID=mysql_pconnect($Host, $User, $Password); if (!$this->Link_ID) { $this->halt("connect($Host, $User, \$Password) failed."); return 0; } if (!@mysql_select_db($Database,$this->Link_ID)) { $this->halt("cannot use database ".$this->Database); return 0; } } return $this->Link_ID; } /* public: discard the query result */ function free() { @mysql_free_result($this->Query_ID); $this->Query_ID = 0; } /* public: perform a query */ function query($Query_String) { /* No empty queries, please, since PHP4 chokes on them. */ if ($Query_String == "") /* The empty query string is passed on from the constructor, * when calling the class without a query, e.g. in situations * like these: '$db = new DB_Sql_Subclass;' */ return 0; if (!$this->connect()) { return 0; /* we already complained in connect() about that. */ }; # New query, discard previous result. if ($this->Query_ID) { $this->free(); } if ($this->Debug) printf("Debug: query = %s<br>\n", $Query_String); $this->Query_ID = @mysql_query($Query_String,$this->Link_ID); $this->Row = 0; $this->Errno = mysql_errno(); $this->Error = mysql_error(); if (!$this->Query_ID) { $this->halt("Invalid SQL: ".$Query_String); } # Will return nada if it fails. That's fine. return $this->Query_ID; } /* public: walk result set */ function next_record() { if (!$this->Query_ID) { $this->halt("next_record called with no query pending."); return 0; } $this->Record = @mysql_fetch_array($this->Query_ID); $this->Row += 1; $this->Errno = mysql_errno(); $this->Error = mysql_error(); $stat = is_array($this->Record); if (!$stat && $this->Auto_Free) { $this->free(); } return $stat; } /* public: position in result set */ function seek($pos = 0) { $status = @mysql_data_seek($this->Query_ID, $pos); if ($status) $this->Row = $pos; else { $this->halt("seek($pos) failed: result has ".$this->num_rows()." rows"); /* half assed attempt to save the day, * but do not consider this documented or even * desireable behaviour. */ @mysql_data_seek($this->Query_ID, $this->num_rows()); $this->Row = $this->num_rows; return 0; } return 1; } /* public: table locking */ function lock($table, $mode="write") { $this->connect(); $query="lock tables "; if (is_array($table)) { while (list($key,$value)=each($table)) { if ($key=="read" && $key!=0) { $query.="$value read, "; } else { $query.="$value $mode, "; } } $query=substr($query,0,-2); } else { $query.="$table $mode"; } $res = @mysql_query($query, $this->Link_ID); if (!$res) { $this->halt("lock($table, $mode) failed."); return 0; } return $res; } function unlock() { $this->connect(); $res = @mysql_query("unlock tables"); if (!$res) { $this->halt("unlock() failed."); return 0; } return $res; } /* public: evaluate the result (size, width) */ function affected_rows() { return @mysql_affected_rows($this->Link_ID); } function num_rows() { return @mysql_num_rows($this->Query_ID); } function num_fields() { return @mysql_num_fields($this->Query_ID); } /* public: shorthand notation */ function nf() { return $this->num_rows(); } function np() { print $this->num_rows(); } function f($Name) { if(isset($this->Record[$Name])) return $this->Record[$Name]; else return ""; } function p($Name) { print $this->Record[$Name]; } /* public: sequence numbers */ function nextid($seq_name) { $this->connect(); if ($this->lock($this->Seq_Table)) { /* get sequence number (locked) and increment */ $q = sprintf("select nextid from %s where seq_name = '%s'", $this->Seq_Table, $seq_name); $id = @mysql_query($q, $this->Link_ID); $res = @mysql_fetch_array($id); /* No current value, make one */ if (!is_array($res)) { $currentid = 0; $q = sprintf("insert into %s values('%s', %s)", $this->Seq_Table, $seq_name, $currentid); $id = @mysql_query($q, $this->Link_ID); } else { $currentid = $res["nextid"]; } $nextid = $currentid + 1; $q = sprintf("update %s set nextid = '%s' where seq_name = '%s'", $this->Seq_Table, $nextid, $seq_name); $id = @mysql_query($q, $this->Link_ID); $this->unlock(); } else { $this->halt("cannot lock ".$this->Seq_Table." - has it been created?"); return 0; } return $nextid; } /* public: return table metadata */ function metadata($table='',$full=false) { $count = 0; $id = 0; $res = array(); /* * Due to compatibility problems with Table we changed the behavior * of metadata(); * depending on $full, metadata returns the following values: * * - full is false (default): * $result[]: * [0]["table"] table name * [0]["name"] field name * [0]["type"] field type * [0]["len"] field length * [0]["flags"] field flags * * - full is true * $result[]: * ["num_fields"] number of metadata records * [0]["table"] table name * [0]["name"] field name * [0]["type"] field type * [0]["len"] field length * [0]["flags"] field flags * ["meta"][field name] index of field named "field name" * The last one is used, if you have a field name, but no index. * Test: if (isset($result['meta']['myfield'])) { ... */ // if no $table specified, assume that we are working with a query // result if ($table) { $this->connect(); $id = @mysql_list_fields($this->Database, $table); if (!$id) $this->halt("Metadata query failed."); } else { $id = $this->Query_ID; if (!$id) $this->halt("No query specified."); } $count = @mysql_num_fields($id); // made this IF due to performance (one if is faster than $count if's) if (!$full) { for ($i=0; $i<$count; $i++) { $res[$i]["table"] = @mysql_field_table ($id, $i); $res[$i]["name"] = @mysql_field_name ($id, $i); $res[$i]["type"] = @mysql_field_type ($id, $i); $res[$i]["len"] = @mysql_field_len ($id, $i); $res[$i]["flags"] = @mysql_field_flags ($id, $i); } } else { // full $res["num_fields"]= $count; for ($i=0; $i<$count; $i++) { $res[$i]["table"] = @mysql_field_table ($id, $i); $res[$i]["name"] = @mysql_field_name ($id, $i); $res[$i]["type"] = @mysql_field_type ($id, $i); $res[$i]["len"] = @mysql_field_len ($id, $i); $res[$i]["flags"] = @mysql_field_flags ($id, $i); $res["meta"][$res[$i]["name"]] = $i; } } // free the result only if we were called on a table if ($table) @mysql_free_result($id); return $res; } /* private: error handling */ function halt($msg) { $this->Error = @mysql_error($this->Link_ID); $this->Errno = @mysql_errno($this->Link_ID); if ($this->Halt_On_Error == "no") return; $this->haltmsg($msg); if ($this->Halt_On_Error != "report") die("Session halted."); } function haltmsg($msg) { printf("</td></tr></table><b>Database error:</b> %s<br>\n", $msg); printf("<b>MySQL Error</b>: %s (%s)<br>\n", $this->Errno, $this->Error); } function table_names() { $this->query("SHOW TABLES"); $i=0; while ($info=mysql_fetch_row($this->Query_ID)) { $return[$i]["table_name"]= $info[0]; $return[$i]["tablespace_name"]=$this->Database; $return[$i]["database"]=$this->Database; $i++; } return $return; }}?>
