Skip to content

Commit 647798c

Browse files
feulffeulf
committed
added PDO security
1 parent 3bfa32c commit 647798c

6 files changed

Lines changed: 176 additions & 78 deletions

File tree

composer.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
{
2+
"require":
3+
{
4+
"rain/db" : "dev-master"
5+
}
6+
}

library/conf.db.php renamed to config/db.php

File renamed without changes.

graph/line.php

Lines changed: 35 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,31 +1,45 @@
11
<?php
22

3-
require_once "../library/mysql.class.php";
3+
require "../vendor/autoload.php";
44
require_once "../library/functions.php";
5-
6-
7-
$db = new mysql;
8-
$db->connect() or die("db connection error");
5+
use Rain\DB;
6+
DB::configure('config_dir', dirname(__DIR__) .'/config/');
7+
DB::init();
98

109
$test = get('test')=='loop'?'loop':'assign';
1110
$type = get('type')=='memory'?'memory':'execution_time';
12-
$template_tested = $db->get_list( "SELECT template_engine FROM template_benchmark WHERE test='$test' GROUP BY template_engine ORDER BY template_engine", "template_engine", "template_engine" );
13-
14-
if( $template_selected = get( 'template' ) ){
15-
$where = "WHERE test='$test' AND (";
16-
$i=0;
17-
foreach( $template_selected as $tpl => $on ){
18-
$where .= $i==0?" template_engine='$tpl'":" OR template_engine='$tpl'";
19-
$i=1;
20-
}
21-
$where .= ")";
22-
}
23-
else
24-
$where = "WHERE test='$test'";
11+
$template_tested = DB::getAllArray("SELECT template_engine
12+
FROM template_benchmark
13+
WHERE test=:test
14+
GROUP BY template_engine
15+
ORDER BY template_engine",
16+
array(':test'=>$test),
17+
"template_engine",
18+
"template_engine" );
2519

26-
$rows = $db->get_list( "SELECT template_engine, n, avg(execution_time) AS execution_time, round(avg(memory)/1024) AS memory FROM template_benchmark $where GROUP BY template_engine, n ORDER BY n, template_engine" );
27-
$template_show = $db->get_list( "SELECT template_engine, avg(execution_time) AS execution_time FROM template_benchmark $where GROUP BY template_engine ORDER BY n, template_engine", "template_engine", "template_engine" );
28-
$nrows = $db->get_list( "SELECT n FROM template_benchmark $where GROUP BY n" );
20+
$rows = DB::getAllArray( "SELECT template_engine,
21+
n,
22+
avg(execution_time) AS execution_time,
23+
round(avg(memory)/1024) AS memory
24+
FROM template_benchmark
25+
WHERE test=:test
26+
GROUP BY template_engine, n
27+
ORDER BY n, template_engine",
28+
array(':test'=>$test));
29+
$template_show = DB::getAllArray( "SELECT template_engine,
30+
avg(execution_time) AS execution_time
31+
FROM template_benchmark
32+
WHERE test=:test
33+
GROUP BY template_engine
34+
ORDER BY n, template_engine",
35+
array(":test"=>$test),
36+
"template_engine", "template_engine" );
37+
$nrows = DB::getAllArray("SELECT n
38+
FROM template_benchmark
39+
WHERE test=:test
40+
GROUP BY n",
41+
array(':test'=>$test)
42+
);
2943

3044
$color = array('#3366cc','#dc3912','#ff9900','#109618','#990099','#0099c6','#dd4477' );
3145
$nc = sizeof($color);

graph/pie.php

Lines changed: 42 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,32 +1,53 @@
11
<?php
22

3-
require_once "../library/mysql.class.php";
3+
require "../vendor/autoload.php";
44
require_once "../library/functions.php";
5+
use Rain\DB;
6+
DB::configure('config_dir', dirname(__DIR__) .'/config/');
7+
DB::init();
58

6-
$db = new mysql;
7-
$db->connect() or die("db connection error");
8-
99
$test = get('test')=='loop'?'loop':'assign';
1010
$type = get('type')=='memory'?'memory':'execution_time';
11-
$summary = $db->get_list( "SELECT template_engine AS name, avg(execution_time) AS execution_time, avg(memory) AS memory FROM template_benchmark WHERE test='$test' GROUP BY template_engine ORDER BY template_engine" );
11+
$summary = DB::getAllArray( "SELECT template_engine AS name,
12+
avg(execution_time) AS execution_time,
13+
avg(memory) AS memory
14+
FROM template_benchmark
15+
WHERE test=:test
16+
GROUP BY template_engine
17+
ORDER BY template_engine",
18+
array(':test'=>$test)
19+
);
1220

13-
$template_tested = $db->get_list( "SELECT template_engine FROM template_benchmark WHERE test='$test' GROUP BY template_engine ORDER BY template_engine", "template_engine", "template_engine" );
21+
$template_tested = DB::getAllArray("SELECT template_engine
22+
FROM template_benchmark
23+
WHERE test=:test
24+
GROUP BY template_engine
25+
ORDER BY template_engine",
26+
array(':test'=>$test),
27+
"template_engine", "template_engine" );
1428

15-
if( $template_selected = get( 'template' ) ){
16-
$where = "WHERE test='$test' AND (";
17-
$i=0;
18-
foreach( $template_selected as $tpl => $on ){
19-
$where .= $i==0?" template_engine='$tpl'":" OR template_engine='$tpl'";
20-
$i=1;
21-
}
22-
$where .= ")";
23-
}
24-
else
25-
$where = "WHERE test='$test'";
26-
27-
$rows = $db->get_list( "SELECT template_engine, n, avg(execution_time) AS execution_time, avg(memory) AS memory FROM template_benchmark $where GROUP BY template_engine, n ORDER BY n, template_engine" );
28-
$template_show = $db->get_list( "SELECT template_engine, avg(execution_time) AS execution_time FROM template_benchmark $where GROUP BY template_engine ORDER BY n, template_engine", "template_engine", "template_engine" );
29-
$nrows = $db->get_list( "SELECT n FROM template_benchmark $where GROUP BY n" );
29+
$rows = DB::getAllArray("SELECT template_engine,
30+
n,
31+
avg(execution_time) AS execution_time,
32+
avg(memory) AS memory
33+
FROM template_benchmark
34+
WHERE test=:test
35+
GROUP BY template_engine, n
36+
ORDER BY n, template_engine",
37+
array(':test'=>$test));
38+
$template_show = DB::getAllArray("SELECT template_engine,
39+
avg(execution_time) AS execution_time
40+
FROM template_benchmark
41+
WHERE test=:test
42+
GROUP BY template_engine
43+
ORDER BY n, template_engine",
44+
array(':test'=>$test),
45+
"template_engine", "template_engine");
46+
$nrows = DB::getAllArray("SELECT n
47+
FROM template_benchmark
48+
WHERE test=:test
49+
GROUP BY n",
50+
array(':test'=>$test));
3051

3152
$color = array('#3366cc','#dc3912','#ff9900','#109618','#990099','#0099c6','#dd4477' );
3253
$color_sel = "colors:[";

index.php

Lines changed: 54 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -7,50 +7,76 @@
77
* Distributed under MIT license http://www.opensource.org/licenses/mit-license.php
88
*/
99

10-
1110
session_start();
11+
require "vendor/autoload.php";
1212

1313
if(isset($_SESSION['working'])) {
1414
header("Refresh: 30; url=index.php");
1515
echo 'Benchmarking currently in progress. The results will appear here once the test has completed.' . "\n";
1616
exit();
1717
}
1818

19-
require_once "library/mysql.class.php";
2019
require_once "library/functions.php";
2120
require_once "library/config.php";
2221

23-
$db = new mysql;
24-
$db->connect() or die("db connection error");
22+
use Rain\DB;
23+
24+
DB::init();
2525

2626
$test = get('test')=='loop'?'loop':'assign';
2727

28-
$summary = $db->get_list( "SELECT template_engine AS name, avg(execution_time) AS execution_time, avg(memory) AS memory FROM template_benchmark WHERE test='$test' GROUP BY template_engine ORDER BY execution_time" );
29-
30-
$last_update = $db->get_field( "time", "SELECT time FROM template_test_counter LIMIT 1" );
28+
$summary = DB::getAll("SELECT template_engine AS name,
29+
avg(execution_time) AS execution_time,
30+
avg(memory) AS memory
31+
FROM template_benchmark
32+
WHERE test=:test
33+
GROUP BY template_engine
34+
ORDER BY execution_time",
35+
array(":test"=>$test)
36+
);
37+
38+
$last_update = DB::getField("SELECT time
39+
FROM template_test_counter
40+
LIMIT 1");
3141
$last_update_date = date( "M d Y", $last_update );
3242
$last_update_time = date( "h:i A", $last_update );
3343

34-
$db = new mysql;
35-
$db->connect() or die("db connection error");
36-
$template_tested = (array) $db->get_list( "SELECT template_engine FROM template_benchmark WHERE test='$test' GROUP BY template_engine ORDER BY template_engine", "template_engine", "template_engine" );
37-
38-
if( $template_selected = get( 'template' ) ){
39-
$where = "WHERE test='$test' AND (";
40-
$i=0;
41-
foreach( $template_selected as $tpl => $on ){
42-
$where .= $i==0?" template_engine='$tpl'":" OR template_engine='$tpl'";
43-
$i=1;
44-
}
45-
$where .= ")";
46-
}
47-
else
48-
$where = "WHERE test='$test'";
49-
50-
51-
$rows = $db->get_list( "SELECT template_engine, n, avg(execution_time) AS execution_time, avg(memory) AS memory FROM template_benchmark $where GROUP BY template_engine, n ORDER BY n, execution_time, template_engine" );
52-
$template_show = $db->get_list( "SELECT template_engine, avg(execution_time) AS execution_time FROM template_benchmark $where GROUP BY template_engine ORDER BY n, execution_time, template_engine", "template_engine", "template_engine" );
53-
$nrows = $db->get_list( "SELECT n FROM template_benchmark $where GROUP BY n" );
44+
45+
46+
$template_tested = DB::getAll("SELECT template_engine
47+
FROM template_benchmark
48+
WHERE test=:test
49+
GROUP BY template_engine
50+
ORDER BY template_engine",
51+
array(":test"=>$test),
52+
"template_engine",
53+
"template_engine" );
54+
55+
56+
$rows = DB::getAllArray( 'SELECT template_engine,
57+
n,
58+
avg(execution_time) AS execution_time,
59+
avg(memory) AS memory
60+
FROM template_benchmark
61+
WHERE test=:test
62+
GROUP BY template_engine, n
63+
ORDER BY n, execution_time, template_engine',
64+
array(":test"=>$test)
65+
);
66+
$template_show = DB::getAllArray("SELECT template_engine,
67+
avg(execution_time) AS execution_time
68+
FROM template_benchmark
69+
WHERE test=:test
70+
GROUP BY template_engine
71+
ORDER BY n, execution_time, template_engine",
72+
array(':test'=>$test),
73+
"template_engine",
74+
"template_engine");
75+
$nrows = DB::getAllArray( "SELECT n
76+
FROM template_benchmark
77+
WHERE test=:test
78+
GROUP BY n",
79+
array(':test'=>$test));
5480
?>
5581
<html>
5682
<head>
@@ -100,6 +126,7 @@
100126
<div id="selector">
101127
<form action="index.php">
102128
<?php
129+
103130
$sel = "";
104131
foreach( $template_tested as $template ){
105132
if( isset($template_show[ $template ] ))

test.php

Lines changed: 39 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,10 @@
1212
session_start();
1313

1414
require_once "library/functions.php";
15-
require_once "library/mysql.class.php";
16-
require_once "library/config.php";
15+
require "vendor/autoload.php";
1716

18-
$db = new mysql;
19-
$db->connect() or die("db connection error");
17+
18+
DB::init();
2019

2120
//install / reset?
2221
if(isset($_GET['reset']) || !isset($_SESSION['working'])) {
@@ -26,7 +25,7 @@
2625
//no more installs!
2726
$_SESSION['working'] = 1;
2827

29-
$vars = $db->get_row("SELECT * FROM template_test_counter");
28+
$vars = DB::getRow("SELECT * FROM template_test_counter");
3029

3130
$test = $vars['test'];
3231
$template_number = $vars['template_number'];
@@ -73,7 +72,10 @@
7372
memory used: <b>'.$mem.'</b>';
7473

7574
//save to db
76-
$db->query("INSERT INTO template_benchmark (template_engine,test,n,execution_time,memory) VALUES('$template_engine', '$test','$n', '$exc', '$mem')");
75+
DB::query("INSERT INTO template_benchmark (template_engine,test,n,execution_time,memory)
76+
VALUES (:template_engine, :test, :n, :exc, :mem)",
77+
array(':template_engine'=>$template_engine, ':test'=>$test, ':n'=>$test, ':exc'=>$exc, ':mem'=> $mem)
78+
);
7779

7880
//+1 cycle
7981
$execution_number++;
@@ -88,12 +90,30 @@
8890
if($test_number >= count($n_values)) {
8991
if($test == 'assign') {
9092
$template_number = $test_number = $execution_number = 0;
91-
$db->query("UPDATE `template_test_counter` SET `test` = 'loop', `template_number` = '$template_number', `test_number` = '$test_number', `execution_number` = '$execution_number'");
93+
DB::query("UPDATE template_test_counter
94+
SET test=:test,
95+
template_number=:template_number,
96+
test_number=:test_number,
97+
execution_number=:execution_number",
98+
array(':test'=>'loop',
99+
':template_number'=> $template_number,
100+
':test_number'=>$test_number,
101+
':execution_number'=>$execution_number,)
102+
);
92103
header("Refresh: 0.1; url=test.php");
93104
exit;
94105
}else{
95106
header("Refresh: 0.1; url=save.php");
96-
$db->query("UPDATE `template_test_counter` SET `test` = '$test', `template_number` = '$template_number', `test_number` = '$test_number', `execution_number` = '$execution_number'");
107+
DB::query("UPDATE template_test_counter
108+
SET test=:test,
109+
template_number=:template_number,
110+
test_number=:test_number,
111+
execution_number=:execution_number",
112+
array(':test'=>$test,
113+
':template_number'=>$template_number,
114+
':test_number'=>$test_number,
115+
':execution_number'=>$execution_number,
116+
));
97117
$template_number = $test_number = $execution_number = 0;
98118
unset($_SESSION['working']);
99119
exit;
@@ -102,7 +122,17 @@
102122
}
103123
}
104124

105-
$db->query("UPDATE `template_test_counter` SET `test` = '$test', `template_number` = '$template_number', `test_number` = '$test_number', `execution_number` = '$execution_number', time=UNIX_TIMESTAMP()");
125+
DB::query("UPDATE template_test_counter
126+
SET test=:test,
127+
template_number=:template_number,
128+
test_number=:test_number,
129+
execution_number=execution_number,
130+
time=UNIX_TIMESTAMP()",
131+
array('test'=>$test,
132+
'template_number'=>$template_number,
133+
'test_number'=>$test_number,
134+
'execution_number'=>$execution_number)
135+
);
106136

107137
header("Refresh: 0.1; url=test.php?test=$test");
108138
echo $html;

0 commit comments

Comments
 (0)