fixes for HTML entities in field/table/db names

This commit is contained in:
Michal Čihař
2003-03-26 14:02:16 +00:00
parent be41dc5bc5
commit b4cadaf745
10 changed files with 23 additions and 17 deletions

View File

@@ -487,7 +487,7 @@ for ($i = 0; $i < $fields_cnt; $i++) {
// Removes automatic MySQL escape format
$enum_atom = str_replace('\'\'', '\'', str_replace('\\\\', '\\', $enum[$j]));
echo ' ';
echo '<option value="' . urlencode($enum_atom) . '"';
echo '<option value="' . htmlspecialchars($enum_atom) . '"';
if ($data == $enum_atom
|| ($data == '' && (!isset($primary_key) || $row_table_def['Null'] != 'YES')
&& isset($row_table_def['Default']) && $enum_atom == $row_table_def['Default'])) {
@@ -549,7 +549,7 @@ for ($i = 0; $i < $fields_cnt; $i++) {
// Removes automatic MySQL escape format
$subset = str_replace('\'\'', '\'', str_replace('\\\\', '\\', $subset));
echo ' ';
echo '<option value="'. urlencode($subset) . '"';
echo '<option value="'. htmlspecialchars($subset) . '"';
if (isset($vset[$subset]) && $vset[$subset]) {
echo ' selected="selected"';
}