bug 434608

ChangeLog

@@ -6,6 +6,7 @@ $Id$
 $Source$
 
 2001-06-27  Marc Delisle  <lem9@users.sourceforge.net>
+	* add function tbl_name() to protect table names like 00001_Files
 	* bug 434608: support db names with special characters (MySQL >= 3.23.6)
 	(lib.inc.php3, db_create.php3, db_details.php3, tbl_addfield.php3,
 	 tbl_alter.php3, user_details.php3 (incomplete))

lib.inc.php3

@@ -303,7 +303,8 @@ function display_table ($dt_result, $is_simple = false) {
 
   $primary = false;
   if(!$is_simple && !empty($table) && !empty($db)) {
-    $result = mysql_query("SELECT COUNT(*) as total FROM " .db_name($db).".$table") or mysql_die();
+    $result = mysql_query("SELECT COUNT(*) as total FROM " .db_name($db).
+	"." . tbl_name($table)) or mysql_die();
     $row = mysql_fetch_array($result);
     $total = $row["total"];
   }
@@ -917,6 +918,14 @@ function db_name ($db) {
         else return $db;
 }
 
+function tbl_name ($tbl) {
+        if (MYSQL_MAJOR_VERSION >= "3.23"
+            && intval(MYSQL_MINOR_VERSION) >= 6) {
+                return "`" . $tbl . "`";
+        }
+        else return $tbl;
+}
+
 include ("./defines.inc.php3");
 
 } // $__LIB_INC__

tbl_addfield.php3

@@ -63,7 +63,8 @@ if(isset($submit))
     }
 
     $sql_query = "ALTER TABLE $table ADD $query";
-    $result = mysql_query("ALTER TABLE ".db_name($db).".$table ADD $query");
+    $result = mysql_query("ALTER TABLE ".db_name($db)."."
+	. tbl_name($table) . " ADD $query");
 
     $primary = '';
     

tbl_alter.php3

@@ -23,7 +23,7 @@ if(isset($submit))
      $query = stripslashes($query);
    }
    //optimization fix - 2 May 2001 - Robbat2
-   $sql_query = "ALTER TABLE ".db_name($db).".$table CHANGE $query";
+   $sql_query = "ALTER TABLE ".db_name($db).".".tbl_name($table)." CHANGE $query";
    $result = mysql_query($sql_query) or mysql_die();
    $message = "$strTable $table $strHasBeenAltered";
    include("./tbl_properties.php3");
@@ -31,7 +31,8 @@ if(isset($submit))
 }
 else
 {
-    $result = mysql_query("SHOW FIELDS FROM ".db_name($db).".$table LIKE '$field'") or mysql_die();
+    $result = mysql_query("SHOW FIELDS FROM ".db_name($db).".".
+	tbl_name($table) . " LIKE '$field'") or mysql_die();
     $num_fields = mysql_num_rows($result);
     $action = "tbl_alter.php3";
     include("./tbl_properties.inc.php3");

user_details.php3

@@ -298,7 +298,8 @@ function grant_operations()
 <?php
 
     if (isset($dbgrant) && isset($tablegrant)) {
-       $result = mysql_query("SHOW COLUMNS FROM ".db_name($dbgrant).".$tablegrant");
+       $result = mysql_query("SHOW COLUMNS FROM ".db_name($dbgrant)."." .
+	tbl_name($tablegrant));
        if (@mysql_num_rows($result))
            while ($row = mysql_fetch_row($result))
                echo "<option>" . $row[0] . "</option>\n";
@@ -400,7 +401,8 @@ function table_grants($host, $user, $dbcheck = false)
         # Revoke
         $query = "server=$server&lang=$lang&db=mysql&table=user";
         $revoke_url  = "sql.php3";
-        $revoke_url .= "?sql_query=".urlencode("REVOKE $priv ON ".db_name($db).".$table FROM '$user'@'$host'");
+        $revoke_url .= "?sql_query=".urlencode("REVOKE $priv ON ".
+		db_name($db)."." . tbl_name($table) . " FROM '$user'@'$host'");
         $revoke_url .= "&$query";
         $revoke_url .= "&zero_rows=" . urlencode("$strRevokeMessage <font color=#002E80>$user@$host</font>");
         $revoke_url .= "&goto=$self";
@@ -408,7 +410,8 @@ function table_grants($host, $user, $dbcheck = false)
         # Revoke GRANT OPTION
         $revoke_grant_url  = "sql.php3";
         $revoke_grant_url .= "?sql_query="
-	 .urlencode("REVOKE GRANT OPTION ON ".db_name($db).".$table FROM '$user'@'$host'");
+	 .urlencode("REVOKE GRANT OPTION ON ".
+		db_name($db)."." . tbl_name($table) . " FROM '$user'@'$host'");
         $revoke_grant_url .= "&$query";
         $revoke_grant_url .= "&zero_rows=" . urlencode("$strRevokeGrantMessage <font color=#002E80>$user@$host</font>");
         $revoke_grant_url .= "&goto=$self";