nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug 638352

Browse Source
This commit is contained in:
Marc Delisle
2002-11-14 16:12:16 +00:00
parent f7fb4c903d
commit 56de653bfd
1 changed files with 10 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
sql.php3
View File

@@ -8,7 +8,6 @@
require('./libraries/grab_globals.lib.php3'); require('./libraries/grab_globals.lib.php3');
require('./libraries/common.lib.php3'); require('./libraries/common.lib.php3');
/** /**
* Defines the url to return to in case of error in a sql statement * Defines the url to return to in case of error in a sql statement
*/ */
@@ -82,11 +81,9 @@ if (isset($btnDrop) || isset($navig)) {
* Reformat the query * Reformat the query
*/ */
$sql_query = (get_magic_quotes_gpc() ? stripslashes($sql_query) : $sql_query); $parsed_sql = PMA_SQP_parse((get_magic_quotes_gpc() ? stripslashes($sql_query) : $sql_query));
$parsed_sql = PMA_SQP_parse($sql_query);
$is_select = eregi('^SELECT[[:space:]]+', $sql_query); $is_select = eregi('^SELECT[[:space:]]+', $sql_query);
$analyzed_sql = PMA_SQP_analyze($parsed_sql); $analyzed_sql = PMA_SQP_analyze($parsed_sql);
$sql_query = PMA_SQP_formatHtml($parsed_sql, 'query_only'); $sql_query = PMA_SQP_formatHtml($parsed_sql, 'query_only');
// If the query is a Select, extract the db and table names and modify // If the query is a Select, extract the db and table names and modify
@@ -170,11 +167,9 @@ if (!$cfg['Confirm']
} }
if ($do_confirm) { if ($do_confirm) {
if (get_magic_quotes_gpc()) { // already stripped at beginning of script
$stripped_sql_query = stripslashes($sql_query); //$stripped_sql_query = (get_magic_quotes_gpc() ? stripslashes($sql_query) : $sql_query);
} else {
$stripped_sql_query = $sql_query; $stripped_sql_query = $sql_query;
}
include('./header.inc.php3'); include('./header.inc.php3');
echo $strDoYouReally . '&nbsp;:<br />' . "\n"; echo $strDoYouReally . '&nbsp;:<br />' . "\n";
echo '<tt>' . htmlspecialchars($stripped_sql_query) . '</tt>&nbsp;?<br/>' . "\n"; echo '<tt>' . htmlspecialchars($stripped_sql_query) . '</tt>&nbsp;?<br/>' . "\n";
@@ -185,7 +180,7 @@ if ($do_confirm) {
<input type="hidden" name="server" value="<?php echo $server; ?>" /> <input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" /> <input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo isset($table) ? $table : ''; ?>" /> <input type="hidden" name="table" value="<?php echo isset($table) ? $table : ''; ?>" />
<input type="hidden" name="sql_query" value="<?php echo urlencode($sql_query); ?>" /> <input type="hidden" name="sql_query" value="<?php echo urlencode(addslashes($sql_query)); ?>" />
<input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? $zero_rows : ''; ?>" /> <input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? $zero_rows : ''; ?>" />
<input type="hidden" name="goto" value="<?php echo $goto; ?>" /> <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
<input type="hidden" name="back" value="<?php echo isset($back) ? $back : ''; ?>" /> <input type="hidden" name="back" value="<?php echo isset($back) ? $back : ''; ?>" />
@@ -205,9 +200,11 @@ if ($do_confirm) {
else { else {
if (!isset($sql_query)) { if (!isset($sql_query)) {
$sql_query = ''; $sql_query = '';
} else if (get_magic_quotes_gpc()) {
$sql_query = stripslashes($sql_query);
} }
// already stripped at beginning of script
// else if (get_magic_quotes_gpc()) {
// $sql_query = stripslashes($sql_query);
//}
// Defines some variables // Defines some variables
// loic1: A table has to be created -> left frame should be reloaded // loic1: A table has to be created -> left frame should be reloaded
if ((!isset($reload) || $reload == 0) if ((!isset($reload) || $reload == 0)