You are here

Home » API reference » Drupal driver for SQL Server and SQL Azure 7 » database.inc » DatabaseConnection_sqlsrv

public function DatabaseConnection_sqlsrv::__construct in Drupal driver for SQL Server and SQL Azure 7

Same name and namespace in other branches
  1. 7.3 sqlsrv/database.inc \DatabaseConnection_sqlsrv::__construct()
  2. 7.2 sqlsrv/database.inc \DatabaseConnection_sqlsrv::__construct()

Override of DatabaseConnection::databaseType().

@status complete

Overrides DatabaseConnection::__construct

File

sqlsrv/database.inc, line 42
Database interface code for Microsoft SQL Server.

Class

DatabaseConnection_sqlsrv

Code

public function __construct(array $connection_options = array()) {

  // Store connection options for future reference.
  $this->connectionOptions =& $connection_options;

  // We don't need a specific PDOStatement class here, we simulate it using
  // DatabaseStatement_sqlsrv below.
  $this->statementClass = NULL;

  // This driver defaults to transaction support, except if explicitly passed FALSE.
  $this->transactionSupport = !isset($connection_options['transactions']) || $connection_options['transactions'] !== FALSE;

  // Build the DSN.
  $options = array();
  $options[] = 'Server=' . $connection_options['host'] . (!empty($connection_options['port']) ? ',' . $connection_options['port'] : '');

  // We might not have a database in the
  // connection options, for example, during
  // database creation in Install.
  if (!empty($connection_options['database'])) {
    $options[] = 'Database=' . $connection_options['database'];
  }
  $dsn = 'sqlsrv:' . implode(';', $options);

  // Allow PDO options to be overridden.
  $connection_options['pdo'] = array();

  // This PDO options are INSECURE, but will overcome the following issues:
  // (1) Duplicate placeholders
  // (2) > 2100 parameter limit
  // (3) Using expressions for group by with parameters are not detected as equal.
  // This options are not applied by default, they are just stored in the connection
  // options and applied when needed. See {Statement} class.
  // The security of parameterized queries is not in effect when you use PDO::ATTR_EMULATE_PREPARES => true.
  // Your application should ensure that the data that is bound to the parameter(s) does not contain malicious
  // Transact-SQL code.
  $connection_options['pdo'] += array(
    // We run the statements in "direct mode" because the way PDO prepares
    // statement in non-direct mode cause temporary tables to be destroyed
    // at the end of the statement.
    PDO::SQLSRV_ATTR_DIRECT_QUERY => TRUE,
    // We ask PDO to perform the placeholders replacement itself because
    // SQL Server is not able to detect duplicated placeholders in
    // complex statements.
    // E.g. This query is going to fail because SQL Server cannot
    // detect that length1 and length2 are equals.
    // SELECT SUBSTRING(title, 1, :length1)
    // FROM node
    // GROUP BY SUBSTRING(title, 1, :length2);
    // This is only going to work in PDO 3 but doesn't hurt in PDO 2.
    PDO::ATTR_EMULATE_PREPARES => TRUE,
  );

  // Launch the connection to the server.
  parent::__construct($dsn, $connection_options['username'], $connection_options['password'], $connection_options['pdo']);
  $this
    ->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

  // Fetch the name of the user-bound schema. It is the schema that SQL Server
  // will use for non-qualified tables.
  $this
    ->schema()->defaultSchema = $this
    ->schema()
    ->GetDefaultSchema();
}