nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed bug #438895 (No mixed " and ' possible)

Browse Source
This commit is contained in:
Loïc Chapeaux
2001-07-06 22:20:22 +00:00
parent b831016e10
commit 512c5a11f5
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
sql.php3
View File

@@ -23,8 +23,8 @@ if(isset($btnDrop) && $btnDrop == $strNo) {
exit; exit;
} }
// Check if table should be dropped // Check if table should be dropped or if a record should be deleted
$is_drop_sql_query = eregi("DROP +(TABLE|DATABASE)|ALTER TABLE +[[:alnum:]_]* +DROP|DELETE FROM", $sql_query); // Get word "drop" $is_drop_sql_query = eregi("DROP +(TABLE|DATABASE)|ALTER TABLE +[[:alnum:]_]* +DROP|DELETE FROM", $sql_query);
if(!$cfgConfirm) if(!$cfgConfirm)
$btnDrop = $strYes; $btnDrop = $strYes;
@@ -35,6 +35,11 @@ if($is_drop_sql_query && !isset($btnDrop)) {
} else { } else {
$stripped_sql_query = $sql_query; $stripped_sql_query = $sql_query;
} }
// loic1: fix bugs when the query contains js instructions and html tags
$stripped_sql_query = str_replace('\\"', '"', $stripped_sql_query);
$stripped_sql_query = str_replace('<', '&lt;', $stripped_sql_query);
$stripped_sql_query = str_replace('>', '&gt;', $stripped_sql_query);
include("./header.inc.php3"); include("./header.inc.php3");
echo $strDoYouReally.$stripped_sql_query."?<br>"; echo $strDoYouReally.$stripped_sql_query."?<br>";
?> ?>