ix some errors about whether to display table name or not at the top of the page
This commit is contained in:
Loïc Chapeaux
@@ -104,7 +104,7 @@ if ($sql_query != '') {
|
||||
if (get_magic_quotes_gpc() == 1) {
|
||||
$sql_query = addslashes($sql_query);
|
||||
}
|
||||
if (eregi('^(DROP|CREATE) +(TABLE|DATABASE) +(.+)', $sql_query)) {
|
||||
if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
|
||||
$reload = 'true';
|
||||
}
|
||||
include('./sql.php3');
|
||||
@@ -122,7 +122,7 @@ if ($sql_query != '') {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!isset($reload) && eregi('^(DROP|CREATE) +(TABLE|DATABASE) +(.+)', $a_sql_query)) {
|
||||
if (!isset($reload) && eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $a_sql_query)) {
|
||||
$reload = 'true';
|
||||
}
|
||||
} // end for
|
||||
|
||||
@@ -60,8 +60,7 @@ A:hover.nav {font-family: <?php echo $right_font_family; ?>; color: #FF0000}
|
||||
<?php
|
||||
if (isset($db)) {
|
||||
echo '<h1> ' . $strDatabase . ' ' . htmlspecialchars($db);
|
||||
if (!empty($table)
|
||||
&& (!isset($btnDrop) || $btnDrop == $strNo)) {
|
||||
if (!empty($table)) {
|
||||
echo ' - ' . $strTable . ' ' . htmlspecialchars($table);
|
||||
}
|
||||
echo '</h1>' . "\n";
|
||||
|
||||
12
sql.php3
12
sql.php3
@@ -79,7 +79,7 @@ if (isset($btnDrop) && $btnDrop == $strNo) {
|
||||
*/
|
||||
$do_confirm = ($cfgConfirm
|
||||
&& !isset($btnDrop)
|
||||
&& eregi('DROP +(TABLE|DATABASE)|ALTER TABLE +[[:alnum:]_`]* +DROP|DELETE FROM', $sql_query));
|
||||
&& eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)|ALTER TABLE +[[:alnum:]_`]* +DROP|DELETE FROM', $sql_query));
|
||||
if ($do_confirm) {
|
||||
if (get_magic_quotes_gpc()) {
|
||||
$stripped_sql_query = stripslashes($sql_query);
|
||||
@@ -208,6 +208,16 @@ else {
|
||||
|
||||
// No rows returned -> move back to the calling page
|
||||
if ($num_rows < 1 || $is_affected) {
|
||||
if (isset($strYes)) {
|
||||
if (isset($table)
|
||||
&& (eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?TABLE[[:space:]]+`?' . $table . '`?[[:space:]]*$', $sql_query))) {
|
||||
unset($table);
|
||||
}
|
||||
if (isset($db)
|
||||
&& (eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE[[:space:]]+`?' . $db . '`?[[:space:]]*$', $sql_query))) {
|
||||
unset($db);
|
||||
}
|
||||
}
|
||||
if (file_exists('./' . $goto)) {
|
||||
if ($is_delete) {
|
||||
$message = $strDeletedRows . ' ' . $num_rows;
|
||||
|
||||
@@ -38,15 +38,19 @@ unset($sql_query);
|
||||
/**
|
||||
* Selects the db that will be used during this script execution
|
||||
*/
|
||||
$is_db = @mysql_select_db($db);
|
||||
// Not a valid db name -> back to the welcome page
|
||||
if (!$is_db) {
|
||||
if (!empty($db)) {
|
||||
$is_db = @mysql_select_db($db);
|
||||
}
|
||||
if (empty($db) || !$is_db) {
|
||||
header('Location: ' . $cfgPmaAbsoluteUri . 'main.php3?lang=' . $lang . '&server=' . $server . '&reload=true');
|
||||
exit();
|
||||
}
|
||||
$is_table = @mysql_query('SHOW TABLES LIKE \'' . sql_addslashes($table, TRUE) . '\'');
|
||||
// Not a valid table name -> back to the db_details.php3
|
||||
if (!@mysql_numrows($is_table)) {
|
||||
if (!empty($table)) {
|
||||
$is_table = @mysql_query('SHOW TABLES LIKE \'' . sql_addslashes($table, TRUE) . '\'');
|
||||
}
|
||||
if (empty($table) || !@mysql_numrows($is_table)) {
|
||||
header('Location: ' . $cfgPmaAbsoluteUri . 'db_details.php3?lang=' . $lang . '&server=' . $server . '&db=' . urlencode($db) . '&reload=true');
|
||||
exit();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user