User was unable to insert values containing quotes.

ChangeLog

@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
 $Id$
 $Source$
 
+2003-03-03 Alexander M. Turek  <rabus@users.sourceforge.net>
+    * tbl_replace_fields.php3: Bugfix: User was unable to insert values
+      containing quotes.
+
 2003-03-03 Marc Delisle  <lem9@users.sourceforge.net>
     * badwords.txt: bug 692874: "date" is not a reserved word
 

tbl_replace_fields.php3

@@ -2,24 +2,24 @@
 /* $Id$ */
 // vim: expandtab sw=4 ts=4 sts=4:
 
-        // note: grab_globals has extracted the fields from _FILES
-        //       or HTTP_POST_FILES
+// note: grab_globals has extracted the fields from _FILES
+//       or HTTP_POST_FILES
 
-        // f i e l d    u p l o a d e d    f r o m    a    f i l e
+// f i e l d    u p l o a d e d    f r o m    a    f i l e
 
-        // garvin: original if-clause checked, whether input was stored in a possible fields_upload_XX var.
-        // Now check, if the field is set. If it is empty or a malicious file, do not alter fields contents.
-        // If an empty or invalid file is specified, the binary data gets deleter. Maybe a nice
-        // new text-variable is appropriate to document this behaviour.
+// garvin: original if-clause checked, whether input was stored in a possible fields_upload_XX var.
+// Now check, if the field is set. If it is empty or a malicious file, do not alter fields contents.
+// If an empty or invalid file is specified, the binary data gets deleter. Maybe a nice
+// new text-variable is appropriate to document this behaviour.
 
-        // garvin: security cautions! You could trick the form and submit any file the webserver has access to
-        // for upload to a binary field. Shouldn't be that easy! ;)
+// garvin: security cautions! You could trick the form and submit any file the webserver has access to
+// for upload to a binary field. Shouldn't be that easy! ;)
 
-        // garvin: default is to advance to the field-value parsing. Will only be set to true when a
-        // binary file is uploaded, thus bypassing further manipulation of $val.
+// garvin: default is to advance to the field-value parsing. Will only be set to true when a
+// binary file is uploaded, thus bypassing further manipulation of $val.
 
-        $check_stop = false;
-        if (isset(${"fields_upload_" . $key}) && ${"fields_upload_" . $key} != 'none'){
+$check_stop = false;
+if (isset(${"fields_upload_" . $key}) && ${"fields_upload_" . $key} != 'none'){
     // garvin: This fields content is a blob-file upload.
 
     if (!empty(${"fields_upload_" . $key})) {
@@ -52,10 +52,10 @@
     }
     // garvin: else: Post-field contains no data. Blob-fields are preserved, see below. ($protected$)
 
-        }
+}
 
-        if (!$check_stop) {
-        // f i e l d    v a l u e    i n    t h e    f o r m
+if (!$check_stop) {
+// f i e l d    v a l u e    i n    t h e    f o r m
     if (isset($fields_type[$key])) $type = $fields_type[$key];
     else $type = '';
     switch (strtolower($val)) {
@@ -122,11 +122,7 @@
             }
             break;
         default:
-                    if (get_magic_quotes_gpc()) {
-                        $val = "'" . str_replace('\\"', '"', $val) . "'";
-                    } else {
             $val = "'" . PMA_sqlAddslashes($val) . "'";
-                    }
             break;
     } // end switch
 
@@ -137,5 +133,5 @@
         && $val=="''") {
         $val = 'NULL';
     }
-        }  // end else (field value in the form)
+}  // end else (field value in the form)
 ?>