nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed bug #444352 (Data Missing/POST Error)

Browse Source
This commit is contained in:
Loïc Chapeaux
2001-09-23 15:31:50 +00:00
parent 3994cdc76b
commit e726fe785d
25 changed files with 416 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@@ -9,7 +9,11 @@ $Source$
* config.inc.php3; Documentation.html; db_details.php3; tbl_dump.php3; * config.inc.php3; Documentation.html; db_details.php3; tbl_dump.php3;
tbl_properties.php3; libraries/functions.php3; libraries/zip.lib.php3: tbl_properties.php3; libraries/functions.php3; libraries/zip.lib.php3:
improved the zip dump feature. improved the zip dump feature.
* lang/*: added $strZip where it was missing. * lang/swedish.inc.php3: updated thanks to David Nordenberg.
* lang/*: added $strZip where it was missing and $strNoQuery in all the
translations.
* most of the scripts were updated to fix bug #444352 (Data
Missing/POST Error).
2001-09-23 Armel Fauveau <armel.fauveau@globalis-ms.com> 2001-09-23 Armel Fauveau <armel.fauveau@globalis-ms.com>
* add zip dump feature * add zip dump feature

14
db_create.php3
View File

@@ -10,14 +10,22 @@ $js_to_run = 'functions.js';
require('./header.inc.php3'); require('./header.inc.php3');
/**
* Defines the url to return to in case of error in a sql statement
*/
$err_url = 'main.php3'
. '?lang=' . $lang
. '&server=' . $server;
/** /**
* Ensures the db name is valid * Ensures the db name is valid
*/ */
if (get_magic_quotes_gpc()) { if (get_magic_quotes_gpc()) {
$db = stripslashes($db); $db = stripslashes($db);
} }
if (MYSQL_INT_VERSION < 32306) { if (MYSQL_INT_VERSION < 32306) {
check_reserved_words($db); check_reserved_words($db, $err_url);
} }
@@ -25,7 +33,7 @@ if (MYSQL_INT_VERSION < 32306) {
* Executes the db creation sql query * Executes the db creation sql query
*/ */
$local_query = 'CREATE DATABASE ' . backquote($db); $local_query = 'CREATE DATABASE ' . backquote($db);
$result = mysql_query('CREATE DATABASE ' . backquote($db)) or mysql_die('', $local_query, FALSE); $result = mysql_query('CREATE DATABASE ' . backquote($db)) or mysql_die('', $local_query, FALSE, $err_url);
/** /**

29
db_details.php3
View File

@@ -3,12 +3,29 @@
/** /**
* Gets some core libraries, ensures the database exists (else move to the * Gets some core libraries
* "parent" script) and diplays headers
*/ */
require('./libraries/grab_globals.lib.php3'); require('./libraries/grab_globals.lib.php3');
require('./libraries/common.lib.php3'); require('./libraries/common.lib.php3');
require('./libraries/bookmark.lib.php3'); require('./libraries/bookmark.lib.php3');
/**
* Defines the urls to return to in case of error in a sql statement
*/
$err_url_0 = 'main.php3'
. '?lang=' . $lang
. '&server=' . $server;
$err_url = 'db_details.php3'
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db);
/**
* Ensures the database exists (else move to the "parent" script) and diplays
* headers
*/
// Not a valid db name -> back to the welcome page // Not a valid db name -> back to the welcome page
if (!empty($db)) { if (!empty($db)) {
$is_db = @mysql_select_db($db); $is_db = @mysql_select_db($db);
@@ -57,7 +74,7 @@ if (MYSQL_INT_VERSION >= 32303) {
// Special speedup for newer MySQL Versions (in 4.0 format changed) // Special speedup for newer MySQL Versions (in 4.0 format changed)
if ($cfgSkipLockedTables == TRUE && MYSQL_INT_VERSION >= 32330) { if ($cfgSkipLockedTables == TRUE && MYSQL_INT_VERSION >= 32330) {
$local_query = 'SHOW OPEN TABLES FROM ' . backquote($db); $local_query = 'SHOW OPEN TABLES FROM ' . backquote($db);
$result = mysql_query($query) or mysql_die('', $local_query); $result = mysql_query($query) or mysql_die('', $local_query, '', $err_url_0);
// Blending out tables in use // Blending out tables in use
if ($result != FALSE && mysql_num_rows($result) > 0) { if ($result != FALSE && mysql_num_rows($result) > 0) {
while ($tmp = mysql_fetch_array($result)) { while ($tmp = mysql_fetch_array($result)) {
@@ -70,12 +87,12 @@ if (MYSQL_INT_VERSION >= 32303) {
if (isset($sot_cache)) { if (isset($sot_cache)) {
$local_query = 'SHOW TABLES FROM ' . backquote($db); $local_query = 'SHOW TABLES FROM ' . backquote($db);
$result = mysql_query($query) or mysql_die('', $local_query); $result = mysql_query($query) or mysql_die('', $local_query, '', $err_url_0);
if ($result != FALSE && mysql_num_rows($result) > 0) { if ($result != FALSE && mysql_num_rows($result) > 0) {
while ($tmp = mysql_fetch_array($result)) { while ($tmp = mysql_fetch_array($result)) {
if (!isset($sot_cache[$tmp[0]])) { if (!isset($sot_cache[$tmp[0]])) {
$local_query = 'SHOW TABLE STATUS FROM ' . backquote($db) . ' LIKE \'' . addslashes($tmp[0]) . '\''; $local_query = 'SHOW TABLE STATUS FROM ' . backquote($db) . ' LIKE \'' . addslashes($tmp[0]) . '\'';
$sts_result = mysql_query($local_query) or mysql_die('', $local_query); $sts_result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url_0);
$sts_tmp = mysql_fetch_array($sts_result); $sts_tmp = mysql_fetch_array($sts_result);
$tables[] = $sts_tmp; $tables[] = $sts_tmp;
} else { // table in use } else { // table in use
@@ -90,7 +107,7 @@ if (MYSQL_INT_VERSION >= 32303) {
} }
if (!isset($sot_ready)) { if (!isset($sot_ready)) {
$local_query = 'SHOW TABLE STATUS FROM ' . backquote($db); $local_query = 'SHOW TABLE STATUS FROM ' . backquote($db);
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url_0);
if ($result != FALSE && mysql_num_rows($result) > 0) { if ($result != FALSE && mysql_num_rows($result) > 0) {
while ($sts_tmp = mysql_fetch_array($result)) { while ($sts_tmp = mysql_fetch_array($result)) {
$tables[] = $sts_tmp; $tables[] = $sts_tmp;

17
db_printview.php3
View File

@@ -9,6 +9,15 @@ require('./libraries/grab_globals.lib.php3');
require('./header.inc.php3'); require('./header.inc.php3');
/**
* Defines the url to return to in case of error in a sql statement
*/
$err_url = 'db_details.php3'
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db);
/** /**
* Gets the list of the table in the current db and informations about these * Gets the list of the table in the current db and informations about these
* tables if possible * tables if possible
@@ -18,7 +27,7 @@ if (MYSQL_INT_VERSION >= 32303) {
// Special speedup for newer MySQL Versions (in 4.0 format changed) // Special speedup for newer MySQL Versions (in 4.0 format changed)
if ($cfgSkipLockedTables == TRUE && MYSQL_INT_VERSION >= 32330) { if ($cfgSkipLockedTables == TRUE && MYSQL_INT_VERSION >= 32330) {
$local_query = 'SHOW OPEN TABLES FROM ' . backquote($db); $local_query = 'SHOW OPEN TABLES FROM ' . backquote($db);
$result = mysql_query($query) or mysql_die('', $local_query); $result = mysql_query($query) or mysql_die('', $local_query, '', $err_url);
// Blending out tables in use // Blending out tables in use
if ($result != FALSE && mysql_num_rows($result) > 0) { if ($result != FALSE && mysql_num_rows($result) > 0) {
while ($tmp = mysql_fetch_array($result)) { while ($tmp = mysql_fetch_array($result)) {
@@ -31,12 +40,12 @@ if (MYSQL_INT_VERSION >= 32303) {
if (isset($sot_cache)) { if (isset($sot_cache)) {
$local_query = 'SHOW TABLES FROM ' . backquote($db); $local_query = 'SHOW TABLES FROM ' . backquote($db);
$result = mysql_query($query) or mysql_die('', $local_query); $result = mysql_query($query) or mysql_die('', $local_query, '', $err_url);
if ($result != FALSE && mysql_num_rows($result) > 0) { if ($result != FALSE && mysql_num_rows($result) > 0) {
while ($tmp = mysql_fetch_array($result)) { while ($tmp = mysql_fetch_array($result)) {
if (!isset($sot_cache[$tmp[0]])) { if (!isset($sot_cache[$tmp[0]])) {
$local_query = 'SHOW TABLE STATUS FROM ' . backquote($db) . ' LIKE \'' . addslashes($tmp[0]) . '\''; $local_query = 'SHOW TABLE STATUS FROM ' . backquote($db) . ' LIKE \'' . addslashes($tmp[0]) . '\'';
$sts_result = mysql_query($local_query) or mysql_die('', $local_query); $sts_result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url);
$sts_tmp = mysql_fetch_array($sts_result); $sts_tmp = mysql_fetch_array($sts_result);
$tables[] = $sts_tmp; $tables[] = $sts_tmp;
} else { // table in use } else { // table in use
@@ -51,7 +60,7 @@ if (MYSQL_INT_VERSION >= 32303) {
} }
if (!isset($sot_ready)) { if (!isset($sot_ready)) {
$local_query = 'SHOW TABLE STATUS FROM ' . backquote($db); $local_query = 'SHOW TABLE STATUS FROM ' . backquote($db);
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url);
if ($result != FALSE && mysql_num_rows($result) > 0) { if ($result != FALSE && mysql_num_rows($result) > 0) {
while ($sts_tmp = mysql_fetch_array($result)) { while ($sts_tmp = mysql_fetch_array($result)) {
$tables[] = $sts_tmp; $tables[] = $sts_tmp;

5
db_stats.php3
View File

@@ -13,6 +13,9 @@ require('./header.inc.php3');
*/ */
if ((!empty($submit_mult) && isset($selected_db)) if ((!empty($submit_mult) && isset($selected_db))
|| isset($btnDrop)) { || isset($btnDrop)) {
$err_url = 'db_stats.php3'
. '?lang=' . $lang
. '&server=' . $server;
$action = 'db_stats.php3'; $action = 'db_stats.php3';
$show_query = 'y'; $show_query = 'y';
include('./mult_submits.inc.php3'); include('./mult_submits.inc.php3');
@@ -66,7 +69,7 @@ function pmaDbCmp($a, $b)
if ($server > 0) { if ($server > 0) {
// Get the valid databases list // Get the valid databases list
$num_dbs = count($dblist); $num_dbs = count($dblist);
$dbs = @mysql_list_dbs() or mysql_die('', 'mysql_list_dbs()'); $dbs = @mysql_list_dbs() or mysql_die('', 'mysql_list_dbs()', '', 'main.php3?lang' . $lang . '&server=' . $server);
while ($a_db = mysql_fetch_object($dbs)) { while ($a_db = mysql_fetch_object($dbs)) {
if (!$num_dbs) { if (!$num_dbs) {
$dblist[] = $a_db->Database; $dblist[] = $a_db->Database;

2
left.php3
View File

@@ -36,7 +36,7 @@ if ($server > 0) {
} // end if } // end if
// 2. no $cfgServers[n]['only_db'] // 2. no $cfgServers[n]['only_db']
else { else {
$dbs = mysql_list_dbs() or mysql_die('', 'mysql_list_dbs()', FALSE, FALSE); $dbs = mysql_list_dbs() or mysql_die('', 'mysql_list_dbs()', FALSE, '');
$num_dbs = @mysql_num_rows($dbs); $num_dbs = @mysql_num_rows($dbs);
$real_num_dbs = 0; $real_num_dbs = 0;
for ($i = 0; $i < $num_dbs; $i++) { for ($i = 0; $i < $num_dbs; $i++) {

29
libraries/build_dump.lib.php3
View File

@@ -35,6 +35,7 @@ if (!defined('__LIB_BUILD_DUMP__')){
* @param string the database name * @param string the database name
* @param string the table name * @param string the table name
* @param string the end of line sequence * @param string the end of line sequence
* @param string the url to go back in case of error
* *
* @return string the CREATE statement on success * @return string the CREATE statement on success
* *
@@ -46,7 +47,7 @@ if (!defined('__LIB_BUILD_DUMP__')){
* *
* @access public * @access public
*/ */
function get_table_def($db, $table, $crlf) function get_table_def($db, $table, $crlf, $error_url)
{ {
global $drop; global $drop;
global $use_backquotes; global $use_backquotes;
@@ -78,7 +79,7 @@ if (!defined('__LIB_BUILD_DUMP__')){
$schema_create .= 'CREATE TABLE ' . html_format(backquote($table), $use_backquotes) . ' (' . $crlf; $schema_create .= 'CREATE TABLE ' . html_format(backquote($table), $use_backquotes) . ' (' . $crlf;
$local_query = 'SHOW FIELDS FROM ' . backquote($db) . '.' . backquote($table); $local_query = 'SHOW FIELDS FROM ' . backquote($db) . '.' . backquote($table);
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $error_url);
while ($row = mysql_fetch_array($result)) { while ($row = mysql_fetch_array($result)) {
$schema_create .= ' ' . html_format(backquote($row['Field'], $use_backquotes)) . ' ' . $row['Type']; $schema_create .= ' ' . html_format(backquote($row['Field'], $use_backquotes)) . ' ' . $row['Type'];
if (isset($row['Default']) && $row['Default'] != '') { if (isset($row['Default']) && $row['Default'] != '') {
@@ -96,7 +97,7 @@ if (!defined('__LIB_BUILD_DUMP__')){
$schema_create = ereg_replace(',' . $crlf . '$', '', $schema_create); $schema_create = ereg_replace(',' . $crlf . '$', '', $schema_create);
$local_query = 'SHOW KEYS FROM ' . backquote($db) . '.' . backquote($table); $local_query = 'SHOW KEYS FROM ' . backquote($db) . '.' . backquote($table);
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $error_url);
while ($row = mysql_fetch_array($result)) while ($row = mysql_fetch_array($result))
{ {
$kname = $row['Key_name']; $kname = $row['Key_name'];
@@ -154,6 +155,7 @@ if (!defined('__LIB_BUILD_DUMP__')){
* @param string the name of the handler (function) to use at the end * @param string the name of the handler (function) to use at the end
* of every row. This handler must accept one parameter * of every row. This handler must accept one parameter
* ($sql_insert) * ($sql_insert)
* @param string the url to go back in case of error
* *
* @return boolean always true * @return boolean always true
* *
@@ -166,12 +168,12 @@ if (!defined('__LIB_BUILD_DUMP__')){
* *
* @author staybyte * @author staybyte
*/ */
function get_table_content_fast($db, $table, $add_query = '', $handler) function get_table_content_fast($db, $table, $add_query = '', $handler, $error_url)
{ {
global $use_backquotes; global $use_backquotes;
$local_query = 'SELECT * FROM ' . backquote($db) . '.' . backquote($table) . $add_query; $local_query = 'SELECT * FROM ' . backquote($db) . '.' . backquote($table) . $add_query;
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $error_url);
if ($result != FALSE) { if ($result != FALSE) {
$fields_cnt = mysql_num_fields($result); $fields_cnt = mysql_num_fields($result);
@@ -265,6 +267,7 @@ if (!defined('__LIB_BUILD_DUMP__')){
* @param string the name of the handler (function) to use at the end * @param string the name of the handler (function) to use at the end
* of every row. This handler must accept one parameter * of every row. This handler must accept one parameter
* ($sql_insert) * ($sql_insert)
* @param string the url to go back in case of error
* *
* @return boolean always true * @return boolean always true
* *
@@ -275,12 +278,12 @@ if (!defined('__LIB_BUILD_DUMP__')){
* *
* @see get_table_content() * @see get_table_content()
*/ */
function get_table_content_old($db, $table, $add_query = '', $handler) function get_table_content_old($db, $table, $add_query = '', $handler, $error_url)
{ {
global $use_backquotes; global $use_backquotes;
$local_query = 'SELECT * FROM ' . backquote($db) . '.' . backquote($table) . $add_query; $local_query = 'SELECT * FROM ' . backquote($db) . '.' . backquote($table) . $add_query;
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $error_url);
$i = 0; $i = 0;
$isFirstRow = TRUE; $isFirstRow = TRUE;
$fields_cnt = mysql_num_fields($result); $fields_cnt = mysql_num_fields($result);
@@ -363,6 +366,7 @@ if (!defined('__LIB_BUILD_DUMP__')){
* @param string the name of the handler (function) to use at the end * @param string the name of the handler (function) to use at the end
* of every row. This handler must accept one parameter * of every row. This handler must accept one parameter
* ($sql_insert) * ($sql_insert)
* @param string the url to go back in case of error
* *
* @access public * @access public
* *
@@ -370,7 +374,7 @@ if (!defined('__LIB_BUILD_DUMP__')){
* *
* @author staybyte * @author staybyte
*/ */
function get_table_content($db, $table, $limit_from = 0, $limit_to = 0, $handler) function get_table_content($db, $table, $limit_from = 0, $limit_to = 0, $handler, $error_url)
{ {
// Defines the offsets to use // Defines the offsets to use
if ($limit_from > 0) { if ($limit_from > 0) {
@@ -386,9 +390,9 @@ if (!defined('__LIB_BUILD_DUMP__')){
// Call the working function depending on the php version // Call the working function depending on the php version
if (PHP_INT_VERSION >= 40005) { if (PHP_INT_VERSION >= 40005) {
get_table_content_fast($db, $table, $add_query, $handler); get_table_content_fast($db, $table, $add_query, $handler, $error_url);
} else { } else {
get_table_content_old($db, $table, $add_query, $handler); get_table_content_old($db, $table, $add_query, $handler, $error_url);
} }
} // end of the 'get_table_content()' function } // end of the 'get_table_content()' function
@@ -407,6 +411,7 @@ if (!defined('__LIB_BUILD_DUMP__')){
* @param string the optionnal "enclosed by" character * @param string the optionnal "enclosed by" character
* @param string the handler (function) to call. It must accept one * @param string the handler (function) to call. It must accept one
* parameter ($sql_insert) * parameter ($sql_insert)
* @param string the url to go back in case of error
* *
* @global string whether to obtain an excel compatible csv format or a * @global string whether to obtain an excel compatible csv format or a
* simple csv one * simple csv one
@@ -415,7 +420,7 @@ if (!defined('__LIB_BUILD_DUMP__')){
* *
* @access public * @access public
*/ */
function get_table_csv($db, $table, $limit_from = 0, $limit_to = 0, $sep, $enc_by, $esc_by, $handler) function get_table_csv($db, $table, $limit_from = 0, $limit_to = 0, $sep, $enc_by, $esc_by, $handler, $error_url)
{ {
global $what; global $what;
@@ -461,7 +466,7 @@ if (!defined('__LIB_BUILD_DUMP__')){
// Gets the data from the database // Gets the data from the database
$local_query = 'SELECT * FROM ' . backquote($db) . '.' . backquote($table) . $add_query; $local_query = 'SELECT * FROM ' . backquote($db) . '.' . backquote($table) . $add_query;
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $error_url);
$fields_cnt = mysql_num_fields($result); $fields_cnt = mysql_num_fields($result);
// Format the data // Format the data

28
libraries/common.lib.php3
View File

@@ -154,12 +154,12 @@ if (!defined('__LIB_COMMON__')){
* @param string the error mesage * @param string the error mesage
* @param string the sql query that failed * @param string the sql query that failed
* @param boolean whether to show a "modify" link or not * @param boolean whether to show a "modify" link or not
* @param boolean whether to show a "back" link or not * @param string the "back" link url (full path is not required)
* *
* @access public * @access public
*/ */
function mysql_die($error_message = '', $the_query = '', function mysql_die($error_message = '', $the_query = '',
$is_modify_link = TRUE, $is_back_link = TRUE) $is_modify_link = TRUE, $back_url = '')
{ {
if (!$error_message) { if (!$error_message) {
$error_message = mysql_error(); $error_message = mysql_error();
@@ -193,9 +193,8 @@ if (!defined('__LIB_COMMON__')){
echo ' ' . $GLOBALS['strMySQLSaid'] . '<br />' . "\n"; echo ' ' . $GLOBALS['strMySQLSaid'] . '<br />' . "\n";
echo '<pre>' . "\n" . $error_message . "\n" . '</pre>' . "\n"; echo '<pre>' . "\n" . $error_message . "\n" . '</pre>' . "\n";
echo '</p>' . "\n"; echo '</p>' . "\n";
if ($is_back_link) { if (!empty($back_url)) {
$hist = (isset($GLOBALS['btnDrop'])) ? -2 : -1; echo '<a href="' . $back_url . '">' . $GLOBALS['strBack'] . '</a>';
echo '<a href="#" onclick="window.history.go(' . $hist . '); return false">' . $GLOBALS['strBack'] . '</a>';
} }
echo "\n"; echo "\n";
@@ -208,7 +207,7 @@ if (!defined('__LIB_COMMON__')){
* Use mysql_connect() or mysql_pconnect()? * Use mysql_connect() or mysql_pconnect()?
*/ */
$connect_func = ($cfgPersistentConnections) ? 'mysql_pconnect' : 'mysql_connect'; $connect_func = ($cfgPersistentConnections) ? 'mysql_pconnect' : 'mysql_connect';
$dblist = array(); $dblist = array();
/** /**
@@ -368,7 +367,7 @@ if (!defined('__LIB_COMMON__')){
. $cfgServer['host'] . $server_port . $server_socket . ', ' . $cfgServer['host'] . $server_port . $server_socket . ', '
. $cfgServer['stduser'] . ', ' . $cfgServer['stduser'] . ', '
. $cfgServer['stdpass'] . ')'; . $cfgServer['stdpass'] . ')';
mysql_die($conn_error, $local_query, FALSE, FALSE); mysql_die($conn_error, $local_query, FALSE);
} else if (PHP_INT_VERSION >= 40000) { } else if (PHP_INT_VERSION >= 40000) {
@ini_set('track_errors', $bkp_track_err); @ini_set('track_errors', $bkp_track_err);
} }
@@ -380,7 +379,7 @@ if (!defined('__LIB_COMMON__')){
. 'WHERE ' . 'WHERE '
. 'User = \'' . $PHP_AUTH_USER . '\' ' . 'User = \'' . $PHP_AUTH_USER . '\' '
. 'AND Password = PASSWORD(\'' . $PHP_AUTH_PW . '\')'; . 'AND Password = PASSWORD(\'' . $PHP_AUTH_PW . '\')';
$rs = mysql_query($auth_query, $dbh) or mysql_die('', $auth_query, FALSE, FALSE); $rs = mysql_query($auth_query, $dbh) or mysql_die('', $auth_query, FALSE);
// Invalid login -> relog // Invalid login -> relog
if (@mysql_numrows($rs) <= 0) { if (@mysql_numrows($rs) <= 0) {
@@ -405,10 +404,10 @@ if (!defined('__LIB_COMMON__')){
if ($row['Select_priv'] != 'Y') { if ($row['Select_priv'] != 'Y') {
// lem9: User can be blank (anonymous user) // lem9: User can be blank (anonymous user)
$local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE Select_priv = \'Y\' AND (User = \'' . $PHP_AUTH_USER . '\' OR User = \'\')'; $local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE Select_priv = \'Y\' AND (User = \'' . $PHP_AUTH_USER . '\' OR User = \'\')';
$rs = mysql_query($local_query) or mysql_die('', $local_query, FALSE, FALSE); $rs = mysql_query($local_query) or mysql_die('', $local_query, FALSE);
if (@mysql_numrows($rs) <= 0) { if (@mysql_numrows($rs) <= 0) {
$local_query = 'SELECT DISTINCT Db FROM mysql.tables_priv WHERE Table_priv LIKE \'%Select%\' AND User = \'' . $PHP_AUTH_USER . '\''; $local_query = 'SELECT DISTINCT Db FROM mysql.tables_priv WHERE Table_priv LIKE \'%Select%\' AND User = \'' . $PHP_AUTH_USER . '\'';
$rs = mysql_query($local_query) or mysql_die('', $local_query, FALSE, FALSE); $rs = mysql_query($local_query) or mysql_die('', $local_query, FALSE);
if (@mysql_numrows($rs) <= 0) { if (@mysql_numrows($rs) <= 0) {
auth(); auth();
} else { } else {
@@ -485,7 +484,7 @@ if (!defined('__LIB_COMMON__')){
. $cfgServer['host'] . $server_port . $server_socket . ', ' . $cfgServer['host'] . $server_port . $server_socket . ', '
. $cfgServer['user'] . ', ' . $cfgServer['user'] . ', '
. $cfgServer['password'] . ')'; . $cfgServer['password'] . ')';
mysql_die($conn_error, $local_query, FALSE, FALSE); mysql_die($conn_error, $local_query, FALSE);
} else if (PHP_INT_VERSION >= 40000) { } else if (PHP_INT_VERSION >= 40000) {
@ini_set('track_errors', $bkp_track_err); @ini_set('track_errors', $bkp_track_err);
} }
@@ -759,6 +758,8 @@ window.parent.frames['nav'].location.replace('<?php echo $reload_url; ?>');
} else if ($edit_target != '') { } else if ($edit_target != '') {
$edit_link = '<a href="db_details.php3?lang=' . $GLOBALS['lang'] . '&server=' . urlencode($GLOBALS['server']) . '&db=' . urlencode($GLOBALS['db']) . '&sql_query=' . urlencode($GLOBALS['sql_query']) . '&show_query=y">' . $GLOBALS['strEdit'] . '</a>'; $edit_link = '<a href="db_details.php3?lang=' . $GLOBALS['lang'] . '&server=' . urlencode($GLOBALS['server']) . '&db=' . urlencode($GLOBALS['db']) . '&sql_query=' . urlencode($GLOBALS['sql_query']) . '&show_query=y">' . $GLOBALS['strEdit'] . '</a>';
} }
}
if (!empty($edit_target)) {
echo ' ' . $GLOBALS['strSQLQuery'] . '&nbsp;:&nbsp;[' . $edit_link . ']<br />' . "\n"; echo ' ' . $GLOBALS['strSQLQuery'] . '&nbsp;:&nbsp;[' . $edit_link . ']<br />' . "\n";
} else { } else {
echo ' ' . $GLOBALS['strSQLQuery'] . '&nbsp;:<br />' . "\n"; echo ' ' . $GLOBALS['strSQLQuery'] . '&nbsp;:<br />' . "\n";
@@ -848,6 +849,7 @@ window.parent.frames['nav'].location.replace('<?php echo $reload_url; ?>');
* releases < 3.23.6) * releases < 3.23.6)
* *
* @param string the name to check * @param string the name to check
* @param string the url to go back in case of error
* *
* @return boolean true if the name is valid (no return else) * @return boolean true if the name is valid (no return else)
* *
@@ -855,7 +857,7 @@ window.parent.frames['nav'].location.replace('<?php echo $reload_url; ?>');
* *
* @author Dell'Aiera Pol; Olivier Blin * @author Dell'Aiera Pol; Olivier Blin
*/ */
function check_reserved_words($the_name) function check_reserved_words($the_name, $error_url)
{ {
// The name contains caracters <> a-z, A-Z and "_" -> not a reserved // The name contains caracters <> a-z, A-Z and "_" -> not a reserved
// word // word
@@ -876,7 +878,7 @@ window.parent.frames['nav'].location.replace('<?php echo $reload_url; ?>');
$word_cnt = count($word_list); $word_cnt = count($word_list);
for ($i = 0; $i < $word_cnt; $i++) { for ($i = 0; $i < $word_cnt; $i++) {
if (strtolower($the_name) == $word_list[$i]) { if (strtolower($the_name) == $word_list[$i]) {
mysql_die(sprintf($GLOBALS['strInvalidName'], $the_name), '', FALSE, TRUE); mysql_die(sprintf($GLOBALS['strInvalidName'], $the_name), '', FALSE, $error_url);
} // end if } // end if
} // end for } // end for
} // end if } // end if

9
libraries/display_tbl.lib.php3
View File

@@ -42,6 +42,8 @@ if (!defined('__LIB_DISPLAY_TBL__')){
* @global integer the total number of rows returned by the sql query * @global integer the total number of rows returned by the sql query
* without any programmatically appended "LIMIT" clause * without any programmatically appended "LIMIT" clause
* @global array the properties of the fields returned by the query * @global array the properties of the fields returned by the query
* @global string the url to return to in case of error in a sql
* statement
* *
* @access private * @access private
* *
@@ -51,6 +53,7 @@ if (!defined('__LIB_DISPLAY_TBL__')){
{ {
global $db, $table; global $db, $table;
global $unlim_num_rows, $fields_meta; global $unlim_num_rows, $fields_meta;
global $err_url;
// 1. Initializes the $do_display array // 1. Initializes the $do_display array
$do_display = array(); $do_display = array();
@@ -138,11 +141,11 @@ if (!defined('__LIB_DISPLAY_TBL__')){
else if (($do_display['nav_bar'] == '1' || $do_display['sort_lnk'] == '1') else if (($do_display['nav_bar'] == '1' || $do_display['sort_lnk'] == '1')
&& (!empty($db) && !empty($table))) { && (!empty($db) && !empty($table))) {
$local_query = 'SELECT COUNT(*) AS total FROM ' . backquote($db) . '.' . backquote($table); $local_query = 'SELECT COUNT(*) AS total FROM ' . backquote($db) . '.' . backquote($table);
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url);
$the_total = mysql_result($result, 0, 'total'); $the_total = mysql_result($result, 0, 'total');
mysql_free_result($result); mysql_free_result($result);
} }
// 4. If navigation bar or sorting fields names urls should be // 4. If navigation bar or sorting fields names urls should be
// displayed but there is only one row, change these settings to // displayed but there is only one row, change these settings to
// false // false
@@ -420,7 +423,7 @@ if (!defined('__LIB_DISPLAY_TBL__')){
if ($is_display['sort_lnk'] == '1') { if ($is_display['sort_lnk'] == '1') {
$is_join = eregi('(.*)[[:space:]]+FROM[[:space:]]+.*[[:space:]]+JOIN', $sql_query, $select_stt); $is_join = eregi('(.*)[[:space:]]+FROM[[:space:]]+.*[[:space:]]+JOIN', $sql_query, $select_stt);
} else { } else {
$is_join = FALSE; $is_join = FALSE;
} }
for ($i = 0; $i < $fields_cnt; $i++) { for ($i = 0; $i < $fields_cnt; $i++) {

20
main.php3
View File

@@ -45,7 +45,7 @@ echo "\n";
// Don't display server info if $server == 0 (no server selected) // Don't display server info if $server == 0 (no server selected)
if ($server > 0) { if ($server > 0) {
$local_query = 'SELECT VERSION() as version, USER() as user'; $local_query = 'SELECT VERSION() as version, USER() as user';
$res = mysql_query($local_query) or mysql_die('', $local_query, FALSE, FALSE); $res = mysql_query($local_query) or mysql_die('', $local_query, FALSE, '');
echo '<p><b>MySQL ' . mysql_result($res, 0, 'version') . ' ' . $strRunning . ' ' . $cfgServer['host']; echo '<p><b>MySQL ' . mysql_result($res, 0, 'version') . ' ' . $strRunning . ' ' . $cfgServer['host'];
if (!empty($cfgServer['port'])) { if (!empty($cfgServer['port'])) {
echo ':' . $cfgServer['port']; echo ':' . $cfgServer['port'];
@@ -61,7 +61,7 @@ if ($server > 0) {
* Reload mysql (flush privileges) * Reload mysql (flush privileges)
*/ */
if (($server > 0) && isset($mode) && ($mode == 'reload')) { if (($server > 0) && isset($mode) && ($mode == 'reload')) {
$result = mysql_query('FLUSH PRIVILEGES') or mysql_die('', 'FLUSH PRIVILEGES', FALSE); $result = mysql_query('FLUSH PRIVILEGES') or mysql_die('', 'FLUSH PRIVILEGES', FALSE, 'main.php3?lang=' . $lang . '&server=' . $server);
echo '<p><b>'; echo '<p><b>';
if ($result != 0) { if ($result != 0) {
echo $strMySQLReloaded; echo $strMySQLReloaded;
@@ -178,7 +178,7 @@ if ($server > 0
. $cfgServer['host'] . $server_port . $server_socket . ', ' . $cfgServer['host'] . $server_port . $server_socket . ', '
. $cfgServer['stduser'] . ', ' . $cfgServer['stduser'] . ', '
. $cfgServer['stdpass'] . ')'; . $cfgServer['stdpass'] . ')';
mysql_die($conn_error, $local_query, FALSE, FALSE); mysql_die($conn_error, $local_query, FALSE, '');
} else if (PHP_INT_VERSION >= 40000) { } else if (PHP_INT_VERSION >= 40000) {
@ini_set('track_errors', $bkp_track_err); @ini_set('track_errors', $bkp_track_err);
} }
@@ -218,7 +218,7 @@ if ($server > 0
. $cfgServer['host'] . $server_port . $server_socket . ', ' . $cfgServer['host'] . $server_port . $server_socket . ', '
. $cfgServer['user'] . ', ' . $cfgServer['user'] . ', '
. $cfgServer['password'] . ')'; . $cfgServer['password'] . ')';
mysql_die($conn_error, $local_query, FALSE, FALSE); mysql_die($conn_error, $local_query, FALSE, '');
} else if (PHP_INT_VERSION >= 40000) { } else if (PHP_INT_VERSION >= 40000) {
@ini_set('track_errors', $bkp_track_err); @ini_set('track_errors', $bkp_track_err);
} }
@@ -265,7 +265,7 @@ if ($server > 0
<tr> <tr>
<td valign="baseline"><img src="images/item.gif" width="7" height="7" alt="item" /></td> <td valign="baseline"><img src="images/item.gif" width="7" height="7" alt="item" /></td>
<td> <td>
<a href="sql.php3?<?php echo $common_url_query; ?>&db=mysql&sql_query=<?php echo urlencode('SHOW STATUS'); ?>"> <a href="sql.php3?<?php echo $common_url_query; ?>&db=mysql&sql_query=<?php echo urlencode('SHOW STATUS'); ?>&goto=main.php3">
<?php echo $strMySQLShowStatus; ?></a>&nbsp; <?php echo $strMySQLShowStatus; ?></a>&nbsp;
<?php echo show_docu('manual_Reference.html#SHOW') . "\n"; ?> <?php echo show_docu('manual_Reference.html#SHOW') . "\n"; ?>
</td> </td>
@@ -273,7 +273,7 @@ if ($server > 0
<tr> <tr>
<td valign="baseline"><img src="images/item.gif" width="7" height="7" alt="item" /></td> <td valign="baseline"><img src="images/item.gif" width="7" height="7" alt="item" /></td>
<td> <td>
<a href="sql.php3?<?php echo $common_url_query; ?>&db=mysql&sql_query=<?php echo urlencode('SHOW VARIABLES'); ?>"> <a href="sql.php3?<?php echo $common_url_query; ?>&db=mysql&sql_query=<?php echo urlencode('SHOW VARIABLES'); ?>&goto=main.php3">
<?php echo $strMySQLShowVars;?></a>&nbsp; <?php echo $strMySQLShowVars;?></a>&nbsp;
<?php echo show_docu('manual_Performance.html#Performance') . "\n"; ?> <?php echo show_docu('manual_Performance.html#Performance') . "\n"; ?>
</td> </td>
@@ -286,7 +286,7 @@ if ($server > 0
<tr> <tr>
<td valign="baseline"><img src="images/item.gif" width="7" height="7" alt="item" /></td> <td valign="baseline"><img src="images/item.gif" width="7" height="7" alt="item" /></td>
<td> <td>
<a href="sql.php3?<?php echo $common_url_query; ?>&db=mysql&sql_query=<?php echo urlencode('SHOW PROCESSLIST'); ?>"> <a href="sql.php3?<?php echo $common_url_query; ?>&db=mysql&sql_query=<?php echo urlencode('SHOW PROCESSLIST'); ?>&goto=main.php3">
<?php echo $strMySQLShowProcess; ?></a>&nbsp; <?php echo $strMySQLShowProcess; ?></a>&nbsp;
<?php echo show_docu('manual_Reference.html#SHOW') . "\n"; ?> <?php echo show_docu('manual_Reference.html#SHOW') . "\n"; ?>
</td> </td>
@@ -367,7 +367,7 @@ if ($server > 0
<tr> <tr>
<td valign="baseline"><img src="images/item.gif" width="7" height="7" alt="item" /></td> <td valign="baseline"><img src="images/item.gif" width="7" height="7" alt="item" /></td>
<td> <td>
<a href="sql.php3?<?php echo $common_url_query; ?>&db=mysql&sql_query=<?php echo urlencode('SHOW STATUS'); ?>"> <a href="sql.php3?<?php echo $common_url_query; ?>&db=mysql&sql_query=<?php echo urlencode('SHOW STATUS'); ?>&goto=main.php3">
<?php echo $strMySQLShowStatus; ?></a>&nbsp; <?php echo $strMySQLShowStatus; ?></a>&nbsp;
<?php echo show_docu('manual_Reference.html#SHOW') . "\n"; ?> <?php echo show_docu('manual_Reference.html#SHOW') . "\n"; ?>
</td> </td>
@@ -376,7 +376,7 @@ if ($server > 0
<tr> <tr>
<td valign="baseline"><img src="images/item.gif" width="7" height="7" alt="item" /></td> <td valign="baseline"><img src="images/item.gif" width="7" height="7" alt="item" /></td>
<td> <td>
<a href="sql.php3?<?php echo $common_url_query; ?>&db=mysql&sql_query=<?php echo urlencode('SHOW VARIABLES'); ?>"> <a href="sql.php3?<?php echo $common_url_query; ?>&db=mysql&sql_query=<?php echo urlencode('SHOW VARIABLES'); ?>&goto=main.php3">
<?php echo $strMySQLShowVars; ?></a>&nbsp; <?php echo $strMySQLShowVars; ?></a>&nbsp;
<?php echo show_docu('manual_Performance.html#Performance') . "\n"; ?> <?php echo show_docu('manual_Performance.html#Performance') . "\n"; ?>
</td> </td>
@@ -385,7 +385,7 @@ if ($server > 0
<tr> <tr>
<td valign="baseline"><img src="images/item.gif" width="7" height="7" alt="item" /></td> <td valign="baseline"><img src="images/item.gif" width="7" height="7" alt="item" /></td>
<td> <td>
<a href="sql.php3?<?php echo $common_url_query; ?>&db=mysql&sql_query=<?php echo urlencode('SHOW PROCESSLIST'); ?>"> <a href="sql.php3?<?php echo $common_url_query; ?>&db=mysql&sql_query=<?php echo urlencode('SHOW PROCESSLIST'); ?>&goto=main.php3">
<?php echo $strMySQLShowProcess; ?></a>&nbsp; <?php echo $strMySQLShowProcess; ?></a>&nbsp;
<?php echo show_docu('manual_Reference.html#SHOW') . "\n"; ?> <?php echo show_docu('manual_Reference.html#SHOW') . "\n"; ?>
</td> </td>

4
mult_submits.inc.php3
View File

@@ -141,13 +141,13 @@ else if ((get_magic_quotes_gpc() && stripslashes($btnDrop) == $strYes)
if ($query_type != 'drop_db') { if ($query_type != 'drop_db') {
mysql_select_db($db); mysql_select_db($db);
} }
$result = @mysql_query($a_query) or mysql_die('', $a_query, FALSE); $result = @mysql_query($a_query) or mysql_die('', $a_query, FALSE, $err_url);
} // end if } // end if
} // end for } // end for
if ($query_type == 'drop_tbl' || $query_type == 'drop_fld') { if ($query_type == 'drop_tbl' || $query_type == 'drop_fld') {
mysql_select_db($db); mysql_select_db($db);
$result = @mysql_query($sql_query) or mysql_die('', '', FALSE); $result = @mysql_query($sql_query) or mysql_die('', '', FALSE, $err_url);
} }
show_message($strSuccess); show_message($strSuccess);

189
read_dump.php3
View File

@@ -8,7 +8,6 @@
* Last revision: September 11, 2001 - loic1 * Last revision: September 11, 2001 - loic1
* *
* @param string the sql commands * @param string the sql commands
* @param string the end of command line delimiter
* @param integer the MySQL release number (because certains php3 versions * @param integer the MySQL release number (because certains php3 versions
* can't get the value of a constant from within a function) * can't get the value of a constant from within a function)
* *
@@ -16,7 +15,7 @@
* *
* @access public * @access public
*/ */
function split_sql_file($sql, $delimiter, $release) function split_sql_file($sql, $release)
{ {
$sql = trim($sql); $sql = trim($sql);
$sql_len = strlen($sql); $sql_len = strlen($sql);
@@ -24,7 +23,6 @@ function split_sql_file($sql, $delimiter, $release)
$ret = array(); $ret = array();
$string_start = ''; $string_start = '';
$in_string = FALSE; $in_string = FALSE;
$in_comment = FALSE;
for ($i = 0; $i < $sql_len; ++$i) { for ($i = 0; $i < $sql_len; ++$i) {
$char = $sql[$i]; $char = $sql[$i];
@@ -32,59 +30,51 @@ function split_sql_file($sql, $delimiter, $release)
// We are in a string, check for not escaped end of strings except for // We are in a string, check for not escaped end of strings except for
// backquotes than cannot be escaped // backquotes than cannot be escaped
if ($in_string) { if ($in_string) {
while (1) { for (;;) {
$i = strpos($sql, $string_start, $i); $i = strpos($sql, $string_start, $i);
// No end of string found -> add the current substring to the // No end of string found -> add the current substring to the
// returned array // returned array
if (!$i) { if (!$i) {
$ret[] = $sql; $ret[] = $sql;
return $ret; return $ret;
} }
// It's trully the end of the string -> move to the next // Backquotes or no backslashes before (double) quote(s): it's
// character // trully the end of the string -> exit the loop
else if (($string_start == '`') else if ($string_start == '`' || $sql[$i-1] != '\\') {
|| (($i > 1 && $sql[$i-1] . $sql[$i-2] != '\\\\')
|| ($sql[0] != '\\'))) {
$string_start = ''; $string_start = '';
$in_string = FALSE; $in_string = FALSE;
break; break;
} // end if... elseif }
} // end while // Backslashes before (double) quote(s) end of string...
} // end if ($in_string) else {
// ... first checks for escaped backslashes
$j = 2;
$escaped_backslash = FALSE;
while ($i-$j > 0 && $sql[$i-$j] == '\\') {
$escaped_backslash = !$escaped_backslash;
$j++;
}
// ... if escaped backslashes: it's trully the end of the
// string -> exit the loop
if ($escaped_backslash) {
$string_start = '';
$in_string = FALSE;
break;
}
// ... else loop
else {
$i++;
}
} // end if...elseif...else
} // end for
} // end if (in string)
// We are in a comment, add the parsed part to the returned array and // We are not in a string, first check for delimiter...
// move to the next end of line else if ($char == ';') {
else if ($in_comment) { // if delimiter found, add the parsed part to the
// comment starting position in string depends on the comment type // returned array
$ret_end = (($sql[$i-1] == '#') ? $i-1 : $i-3);
if (ereg('[^[:space:]]+', substr($sql, 0, $ret_end))) {
$ret[] = substr($sql, 0, $ret_end);
}
// if no "\n" exits in the remaining string, checks for "\r" (Mac
// eol style)
$eol_to_find = (strpos($sql, "\012", $i)) ? "\012" : "\015";
$sql = strstr($sql, $eol_to_find);
if ($sql == '' || empty($sql[1])) {
// The submited statement(s) end(s) by a comment -> stop
// parsing
return $ret;
} else {
$sql = ltrim(substr($sql, 1));
$sql_len = strlen($sql);
if ($sql_len) {
$i = -1;
$in_comment = FALSE;
} else {
// The submited statement(s) end(s) here
return $ret;
} // end if...else
} // end if...else
} // end if ($in_comment)
// If delimiter found, add the parsed part to the returned array
else if ($char == $delimiter) {
$ret[] = substr($sql, 0, $i); $ret[] = substr($sql, 0, $i);
$sql = ltrim(substr($sql, min($i + 2, $sql_len))); $sql = ltrim(substr($sql, min($i + 1, $sql_len)));
$sql_len = strlen($sql); $sql_len = strlen($sql);
if ($sql_len) { if ($sql_len) {
$i = -1; $i = -1;
@@ -92,32 +82,45 @@ function split_sql_file($sql, $delimiter, $release)
// The submited statement(s) end(s) here // The submited statement(s) end(s) here
return $ret; return $ret;
} }
} // end if ($char == $delimiter) } // end else if (is delimiter)
// We are neither in a string nor in a comment, and nor the current // ... then check for start of a string,...
// character is a delimiter... else if (($char == '"') || ($char == '\'') || ($char == '`')) {
else { $in_string = TRUE;
// ... first check for start of strings... $string_start = $char;
if (($char == '"') || ($char == '\'') || ($char == '`')) { } // end else if (is start of string)
$in_string = TRUE;
$string_start = $char; // ... for start of a comment (and remove this comment if found)...
} else if ($char == '#'
// ... then check for start of a comment... || ($char == ' ' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '--')) {
else if ($char == '#' // starting position of the comment depends on the comment type
|| ($char == ' ' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '--')) { $start_of_comment = (($sql[$i] == '#') ? $i : $i-2);
$in_comment = TRUE; // if no "\n" exits in the remaining string, checks for "\r"
} // (Mac eol style)
// ... and finally disactivate the "/*!...*/" syntax if $end_of_comment = (strpos(' ' . $sql, "\012", $i+2))
// MySQL < 3.22.07 ? strpos(' ' . $sql, "\012", $i+2)
else if ($release < 32270 : strpos(' ' . $sql, "\015", $i+2);
&& ($char == '!' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '/*')) { if (!$end_of_comment) {
$sql[$i] = ' '; // no eol found after '#', so we are at end of dump -> stop
} // parsing
} // end else return $ret;
} else {
$sql = substr($sql, 0, $start_of_comment)
. ltrim(substr($sql, $end_of_comment));
$sql_len = strlen($sql);
$i--;
} // end if...else
} // end else if (is comment)
// ... and finally disactivate the "/*!...*/" syntax if MySQL < 3.22.07
else if ($release < 32270
&& ($char == '!' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '/*')) {
$sql[$i] = ' ';
} // end else if
} // end for } // end for
// add any rest to the returned array // add any rest to the returned array
if (!empty($sql)) { if (!empty($sql) && ereg('[^[:space:]]+', $sql)) {
$ret[] = $sql; $ret[] = $sql;
} }
return $ret; return $ret;
@@ -138,6 +141,20 @@ require('./libraries/grab_globals.lib.php3');
require('./libraries/common.lib.php3'); require('./libraries/common.lib.php3');
/**
* Defines the url to return to in case of error in a sql statement
*/
if (!isset($goto)
|| ($goto != 'db_details.php3' && $goto != 'tbl_properties.php3')) {
$goto = 'db_details.php3';
}
$err_url = $goto
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db)
. (($goto == 'tbl_properties.php3') ? '&table=' . urlencode($table) : '');
/** /**
* Set up default values for some variables and * Set up default values for some variables and
*/ */
@@ -172,8 +189,6 @@ if (!empty($id_bookmark)) {
*/ */
// Gets the query from a file if required // Gets the query from a file if required
if ($sql_file != 'none') { if ($sql_file != 'none') {
// loic1: php < 4.05 for windows seems not to list the regexp test
// if (ereg('^php[0-9A-Za-z_.-]+$', basename($sql_file))) {
if (file_exists($sql_file)) { if (file_exists($sql_file)) {
$sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file)); $sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file));
if (get_magic_quotes_runtime() == 1) { if (get_magic_quotes_runtime() == 1) {
@@ -203,7 +218,7 @@ if (!$cfgAllowUserDropDatabase
$result = @mysql_query('USE mysql'); $result = @mysql_query('USE mysql');
if (mysql_error()) { if (mysql_error()) {
include('./header.inc.php3'); include('./header.inc.php3');
mysql_die($strNoDropDatabases); mysql_die($strNoDropDatabases, '', '', $err_url);
} }
} }
define('PMA_CHK_DROP', 1); define('PMA_CHK_DROP', 1);
@@ -213,7 +228,7 @@ define('PMA_CHK_DROP', 1);
* Executes the query * Executes the query
*/ */
if ($sql_query != '') { if ($sql_query != '') {
$pieces = split_sql_file($sql_query, ';', MYSQL_INT_VERSION); $pieces = split_sql_file($sql_query, MYSQL_INT_VERSION);
$pieces_count = count($pieces); $pieces_count = count($pieces);
// Copy of the cleaned sql statement for display purpose only (see near the // Copy of the cleaned sql statement for display purpose only (see near the
@@ -226,13 +241,11 @@ if ($sql_query != '') {
// Only one query to run // Only one query to run
if ($pieces_count == 1 && !empty($pieces[0]) && $view_bookmark == 0) { if ($pieces_count == 1 && !empty($pieces[0]) && $view_bookmark == 0) {
// loic1: remove non alphabetic characters from the beginning of the
// query
// $sql_query = trim($pieces[0]);
$sql_query = eregi_replace('^[^a-aA-Z]', '', $pieces[0]);
// sql.php3 will stripslash the query if get_magic_quotes_gpc // sql.php3 will stripslash the query if get_magic_quotes_gpc
if (get_magic_quotes_gpc() == 1) { if (get_magic_quotes_gpc() == 1) {
$sql_query = addslashes($sql_query); $sql_query = addslashes($pieces[0]);
} else {
$sql_query = $pieces[0];
} }
if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) { if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
$reload = 1; $reload = 1;
@@ -244,13 +257,11 @@ if ($sql_query != '') {
// Runs multiple queries // Runs multiple queries
else if (mysql_select_db($db)) { else if (mysql_select_db($db)) {
for ($i = 0; $i < $pieces_count; $i++) { for ($i = 0; $i < $pieces_count; $i++) {
$a_sql_query = trim($pieces[$i]); $a_sql_query = $pieces[$i];
if (!empty($a_sql_query) && $a_sql_query[0] != '#') { $result = mysql_query($a_sql_query);
$result = mysql_query($a_sql_query); if ($result == FALSE) { // readdump failed
if ($result == FALSE) { // readdump failed $my_die = $a_sql_query;
$my_die = $a_sql_query; break;
break;
}
} }
if (!isset($reload) && eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $a_sql_query)) { if (!isset($reload) && eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $a_sql_query)) {
$reload = 1; $reload = 1;
@@ -267,17 +278,15 @@ if ($sql_query != '') {
$js_to_run = 'functions.js'; $js_to_run = 'functions.js';
require('./header.inc.php3'); require('./header.inc.php3');
if (isset($my_die)) { if (isset($my_die)) {
mysql_die('', $my_die); mysql_die('', $my_die, '', $err_url);
} }
// Be nice with bandwidth... // Be nice with bandwidth...
if ($sql_query_cpy == '') { if (!empty($sql_query_cpy)) {
$message = "$strSuccess&nbsp:<br />$strTheContent ($pieces_count $strInstructions)&nbsp;"; $message = "$strSuccess&nbsp:<br />$strTheContent ($pieces_count $strInstructions)&nbsp;";
} else { } else if (!empty($sql_query_cpy)) {
$message = $strSuccess; $message = $strSuccess;
} } else {
if (!isset($goto) $message = $strNoQuery;
|| ($goto != 'db_details.php3' && $goto != 'tbl_properties.php3')) {
$goto = 'db_details.php3';
} }
require('./' . $goto); require('./' . $goto);
?> ?>

28
sql.php3
View File

@@ -9,6 +9,21 @@ require('./libraries/grab_globals.lib.php3');
require('./libraries/common.lib.php3'); require('./libraries/common.lib.php3');
/**
* Defines the url to return to in case of error in a sql statement
*/
if (empty($goto)) {
$goto = (empty($table)) ? 'db_details.php3' : 'tbl_properties.php3';
}
if (!isset($err_url)) {
$err_url = $goto
. '?lang=' . $lang
. '&server=' . $server
. (isset($db) ? '&db=' . urlencode($db) : '')
. (($goto != 'db_details.php3' && isset($table)) ? '&table=' . urlencode($table) : '');
}
/** /**
* Check rights in case of DROP DATABASE * Check rights in case of DROP DATABASE
* *
@@ -25,7 +40,7 @@ if (!defined('PMA_CHK_DROP')
$result = @mysql_query('USE mysql'); $result = @mysql_query('USE mysql');
if (mysql_error()) { if (mysql_error()) {
include('./header.inc.php3'); include('./header.inc.php3');
mysql_die($strNoDropDatabases); mysql_die($strNoDropDatabases, '', '', $err_url);
} // end if } // end if
} // end if } // end if
@@ -56,9 +71,7 @@ if (isset($btnDrop) || isset($navig)) {
/** /**
* Sets or modifies the $goto variable if required * Sets or modifies the $goto variable if required
*/ */
if (empty($goto)) { if ($goto == 'sql.php3') {
$goto = (empty($table)) ? 'db_details.php3' : 'tbl_properties.php3';
} else if ($goto == 'sql.php3') {
$goto = 'sql.php3' $goto = 'sql.php3'
. '?lang=' . $lang . '?lang=' . $lang
. '&server=' . $server . '&server=' . $server
@@ -120,7 +133,7 @@ if ($do_confirm) {
<input type="hidden" name="table" value="<?php echo isset($table) ? $table : ''; ?>" /> <input type="hidden" name="table" value="<?php echo isset($table) ? $table : ''; ?>" />
<input type="hidden" name="sql_query" value="<?php echo urlencode($sql_query); ?>" /> <input type="hidden" name="sql_query" value="<?php echo urlencode($sql_query); ?>" />
<input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? $zero_rows : ''; ?>" /> <input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? $zero_rows : ''; ?>" />
<input type="hidden" name="goto" value="<?php echo isset($goto) ? $goto : ''; ?>" /> <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
<input type="hidden" name="back" value="<?php echo isset($back) ? $back : ''; ?>" /> <input type="hidden" name="back" value="<?php echo isset($back) ? $back : ''; ?>" />
<input type="hidden" name="reload" value="<?php echo isset($reload) ? $reload : 0; ?>" /> <input type="hidden" name="reload" value="<?php echo isset($reload) ? $reload : 0; ?>" />
<input type="hidden" name="show_query" value="<?php echo isset($show_query) ? $show_query : ''; ?>" /> <input type="hidden" name="show_query" value="<?php echo isset($show_query) ? $show_query : ''; ?>" />
@@ -141,7 +154,6 @@ else {
} else if (get_magic_quotes_gpc()) { } else if (get_magic_quotes_gpc()) {
$sql_query = stripslashes($sql_query); $sql_query = stripslashes($sql_query);
} }
// Defines some variables // Defines some variables
// loic1: A table have to be created -> left frame should be reloaded // loic1: A table have to be created -> left frame should be reloaded
if ((!isset($reload) || $reload == 0) if ((!isset($reload) || $reload == 0)
@@ -214,7 +226,7 @@ else {
if (mysql_error()) { if (mysql_error()) {
$error = mysql_error(); $error = mysql_error();
include('./header.inc.php3'); include('./header.inc.php3');
mysql_die($error, $full_sql_query); mysql_die($error, $full_sql_query, '', $err_url);
} }
// Gets the number of rows affected/returned // Gets the number of rows affected/returned
@@ -299,7 +311,7 @@ else {
include('./header.inc.php3'); include('./header.inc.php3');
include('./libraries/bookmark.lib.php3'); include('./libraries/bookmark.lib.php3');
// Gets the list of fields properties // Gets the list of fields properties
while ($field = mysql_fetch_field($result)) { while ($field = mysql_fetch_field($result)) {
$fields_meta[] = $field; $fields_meta[] = $field;
} }

22
tbl_addfield.php3
View File

@@ -12,6 +12,16 @@ if (isset($submit)) {
require('./header.inc.php3'); require('./header.inc.php3');
/**
* Defines the url to return to in case of error in a sql statement
*/
$err_url = 'tbl_properties.php3'
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db)
. '&table=' . urlencode($table);
/** /**
* The form used to define the field to add has been submitted * The form used to define the field to add has been submitted
*/ */
@@ -25,7 +35,7 @@ if (isset($submit)) {
$field_name[$i] = stripslashes($field_name[$i]); $field_name[$i] = stripslashes($field_name[$i]);
} }
if (MYSQL_INT_VERSION < 32306) { if (MYSQL_INT_VERSION < 32306) {
check_reserved_words($field_name[$i]); check_reserved_words($field_name[$i], $err_url);
} }
$query .= backquote($field_name[$i]) . ' ' . $field_type[$i]; $query .= backquote($field_name[$i]) . ' ' . $field_type[$i];
@@ -92,7 +102,7 @@ if (isset($submit)) {
$query = ereg_replace(', ADD $', '', $query); $query = ereg_replace(', ADD $', '', $query);
$sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' ADD ' . $query; $sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' ADD ' . $query;
$result = mysql_query($sql_query) or mysql_die(); $result = mysql_query($sql_query) or mysql_die('', '', '', $err_url);
$sql_query_cpy = $sql_query . ';'; $sql_query_cpy = $sql_query . ';';
// Builds the primary keys statements and updates the table // Builds the primary keys statements and updates the table
@@ -106,7 +116,7 @@ if (isset($submit)) {
$primary = ereg_replace(', $', '', $primary); $primary = ereg_replace(', $', '', $primary);
if (!empty($primary)) { if (!empty($primary)) {
$sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' ADD PRIMARY KEY (' . $primary . ')'; $sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' ADD PRIMARY KEY (' . $primary . ')';
$result = mysql_query($sql_query) or mysql_die(); $result = mysql_query($sql_query) or mysql_die('', '', '', $err_url);
$sql_query_cpy .= "\n" . $sql_query . ';'; $sql_query_cpy .= "\n" . $sql_query . ';';
} }
} // end if } // end if
@@ -122,7 +132,7 @@ if (isset($submit)) {
$index = ereg_replace(', $', '', $index); $index = ereg_replace(', $', '', $index);
if (!empty($index)) { if (!empty($index)) {
$sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' ADD INDEX (' . $index . ')'; $sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' ADD INDEX (' . $index . ')';
$result = mysql_query($sql_query) or mysql_die(); $result = mysql_query($sql_query) or mysql_die('', '', '', $err_url);
$sql_query_cpy .= "\n" . $sql_query . ';'; $sql_query_cpy .= "\n" . $sql_query . ';';
} }
} // end if } // end if
@@ -138,7 +148,7 @@ if (isset($submit)) {
$unique = ereg_replace(', $', '', $unique); $unique = ereg_replace(', $', '', $unique);
if (!empty($unique)) { if (!empty($unique)) {
$sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' ADD UNIQUE (' . $unique . ')'; $sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' ADD UNIQUE (' . $unique . ')';
$result = mysql_query($sql_query) or mysql_die(); $result = mysql_query($sql_query) or mysql_die('', '', '', $err_url);
$sql_query_cpy .= "\n" . $sql_query . ';'; $sql_query_cpy .= "\n" . $sql_query . ';';
} }
} // end if } // end if
@@ -155,7 +165,7 @@ if (isset($submit)) {
$fulltext = ereg_replace(', $', '', $fulltext); $fulltext = ereg_replace(', $', '', $fulltext);
if (!empty($fulltext)) { if (!empty($fulltext)) {
$sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' ADD FULLTEXT (' . $fulltext . ')'; $sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' ADD FULLTEXT (' . $fulltext . ')';
$result = mysql_query($sql_query) or mysql_die(); $result = mysql_query($sql_query) or mysql_die('', '', '', $err_url);
$sql_query_cpy .= "\n" . $sql_query . ';'; $sql_query_cpy .= "\n" . $sql_query . ';';
} }
} // end if } // end if

16
tbl_alter.php3
View File

@@ -14,6 +14,16 @@ if (!isset($submit_mult)) {
} }
/**
* Defines the url to return to in case of error in a sql statement
*/
$err_url = 'tbl_properties.php3'
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db)
. '&table=' . urlencode($table);
/** /**
* Modifications have been submitted -> updates the table * Modifications have been submitted -> updates the table
*/ */
@@ -27,7 +37,7 @@ if (isset($submit)) {
} }
if (MYSQL_INT_VERSION < 32306) { if (MYSQL_INT_VERSION < 32306) {
check_reserved_words($field_name[$i]); check_reserved_words($field_name[$i], $err_url);
} }
// Some fields have been urlencoded or double quotes have been translated // Some fields have been urlencoded or double quotes have been translated
@@ -75,7 +85,7 @@ if (isset($submit)) {
// Optimization fix - 2 May 2001 - Robbat2 // Optimization fix - 2 May 2001 - Robbat2
$sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' CHANGE ' . $query; $sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' CHANGE ' . $query;
$result = mysql_query($sql_query) or mysql_die(); $result = mysql_query($sql_query) or mysql_die('', '', '', $err_url);
$message = $strTable . ' ' . htmlspecialchars($table) . ' ' . $strHasBeenAltered; $message = $strTable . ' ' . htmlspecialchars($table) . ' ' . $strHasBeenAltered;
$btnDrop = 'Fake'; $btnDrop = 'Fake';
include('./tbl_properties.php3'); include('./tbl_properties.php3');
@@ -102,7 +112,7 @@ else {
$field = sql_addslashes($selected[$i], TRUE); $field = sql_addslashes($selected[$i], TRUE);
} }
$local_query = 'SHOW FIELDS FROM ' . backquote($db) . '.' . backquote($table) . " LIKE '$field'"; $local_query = 'SHOW FIELDS FROM ' . backquote($db) . '.' . backquote($table) . " LIKE '$field'";
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url);
$fields_meta[] = mysql_fetch_array($result); $fields_meta[] = mysql_fetch_array($result);
mysql_free_result($result); mysql_free_result($result);
} }

26
tbl_change.php3
View File

@@ -17,6 +17,23 @@ if (get_magic_quotes_gpc()) {
} }
/**
* Defines the url to return to in case of error in a sql statement
*/
if (!isset($goto)) {
$goto = 'db_details.php3';
}
if ($goto != 'db_details.php3' && $goto != 'tbl_properties.php3') {
$err_url = $goto;
} else {
$err_url = $goto
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db)
. (($goto == 'tbl_properties.php3') ? '&table=' . urlencode($table) : '');
}
/** /**
* Get the list of the fields of the current table * Get the list of the fields of the current table
*/ */
@@ -24,13 +41,13 @@ mysql_select_db($db);
$table_def = mysql_query('SHOW FIELDS FROM ' . backquote($table)); $table_def = mysql_query('SHOW FIELDS FROM ' . backquote($table));
if (isset($primary_key)) { if (isset($primary_key)) {
$local_query = 'SELECT * FROM ' . backquote($table) . ' WHERE ' . $primary_key; $local_query = 'SELECT * FROM ' . backquote($table) . ' WHERE ' . $primary_key;
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url);
$row = mysql_fetch_array($result); $row = mysql_fetch_array($result);
} }
else else
{ {
$local_query = 'SELECT * FROM ' . backquote($table) . ' LIMIT 1'; $local_query = 'SELECT * FROM ' . backquote($table) . ' LIMIT 1';
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url);
unset($row); unset($row);
} }
@@ -42,13 +59,14 @@ else
<!-- Change table properties form --> <!-- Change table properties form -->
<form method="post" action="tbl_replace.php3"> <form method="post" action="tbl_replace.php3">
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" /> <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" /> <input type="hidden" name="db" value="<?php echo $db; ?>" />
<input type="hidden" name="table" value="<?php echo $table; ?>" /> <input type="hidden" name="table" value="<?php echo $table; ?>" />
<input type="hidden" name="goto" value="<?php echo $goto; ?>" /> <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
<input type="hidden" name="sql_query" value="<?php echo isset($sql_query) ? urlencode($sql_query) : ''; ?>" />
<input type="hidden" name="pos" value="<?php echo isset($pos) ? $pos : 0; ?>" /> <input type="hidden" name="pos" value="<?php echo isset($pos) ? $pos : 0; ?>" />
<input type="hidden" name="err_url" value="<?php echo urlencode($err_url); ?>" />
<input type="hidden" name="sql_query" value="<?php echo isset($sql_query) ? urlencode($sql_query) : ''; ?>" />
<?php <?php
if (isset($primary_key)) { if (isset($primary_key)) {
?> ?>

26
tbl_copy.php3
View File

@@ -18,7 +18,7 @@ function my_handler($sql_insert = '')
global $sql_insert_data; global $sql_insert_data;
$sql_insert = eregi_replace('INSERT INTO (`?)' . $table . '(`?)', 'INSERT INTO ' . $target, $sql_insert); $sql_insert = eregi_replace('INSERT INTO (`?)' . $table . '(`?)', 'INSERT INTO ' . $target, $sql_insert);
$result = mysql_query($sql_insert) or mysql_die('', $sql_insert); $result = mysql_query($sql_insert) or mysql_die('', $sql_insert, '', $GLOBALS['err_url']);
$sql_insert_data .= $sql_insert . ';' . "\n"; $sql_insert_data .= $sql_insert . ';' . "\n";
} // end of the 'my_handler' function } // end of the 'my_handler' function
@@ -32,6 +32,16 @@ $js_to_run = 'functions.js';
require('./header.inc.php3'); require('./header.inc.php3');
/**
* Defines the url to return to in case of error in a sql statement
*/
$err_url = 'tbl_properties.php3'
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db)
. '&table=' . urlencode($table);
/** /**
* Selects the database to work with * Selects the database to work with
*/ */
@@ -54,8 +64,8 @@ if (isset($new_name) && trim($new_name) != '') {
$new_name = stripslashes($new_name); $new_name = stripslashes($new_name);
} }
if (MYSQL_INT_VERSION < 32306) { if (MYSQL_INT_VERSION < 32306) {
check_reserved_words($db); check_reserved_words($db, $err_url);
check_reserved_words($table); check_reserved_words($table, $err_url);
} }
$source = backquote($db) . '.' . backquote($table); $source = backquote($db) . '.' . backquote($table);
@@ -63,9 +73,9 @@ if (isset($new_name) && trim($new_name) != '') {
include('./libraries/build_dump.lib.php3'); include('./libraries/build_dump.lib.php3');
$sql_structure = get_table_def($db, $table, "\n"); $sql_structure = get_table_def($db, $table, "\n", $err_url);
$sql_structure = eregi_replace('^CREATE TABLE (`?)' . $table . '(`?)', 'CREATE TABLE ' . $target, $sql_structure); $sql_structure = eregi_replace('^CREATE TABLE (`?)' . $table . '(`?)', 'CREATE TABLE ' . $target, $sql_structure);
$result = mysql_query($sql_structure) or mysql_die('', $sql_structure); $result = mysql_query($sql_structure) or mysql_die('', $sql_structure, '', $err_url);
if (isset($sql_query)) { if (isset($sql_query)) {
$sql_query .= "\n" . $sql_structure . ';'; $sql_query .= "\n" . $sql_structure . ';';
} else { } else {
@@ -77,11 +87,11 @@ if (isset($new_name) && trim($new_name) != '') {
// speedup copy table - staybyte - 22. Juni 2001 // speedup copy table - staybyte - 22. Juni 2001
if (MYSQL_INT_VERSION >= 32300) { if (MYSQL_INT_VERSION >= 32300) {
$sql_insert_data = 'INSERT INTO ' . $target . ' SELECT * FROM ' . backquote($table); $sql_insert_data = 'INSERT INTO ' . $target . ' SELECT * FROM ' . backquote($table);
$result = mysql_query($sql_insert_data) or mysql_die('', $sql_insert_data); $result = mysql_query($sql_insert_data) or mysql_die('', $sql_insert_data, '', $err_url);
} // end MySQL >= 3.23 } // end MySQL >= 3.23
else { else {
$sql_insert_data = ''; $sql_insert_data = '';
get_table_content($db, $table, 0, 0, 'my_handler'); get_table_content($db, $table, 0, 0, 'my_handler', $err_url);
} // end MySQL < 3.23 } // end MySQL < 3.23
$sql_query .= "\n\n" . $sql_insert_data; $sql_query .= "\n\n" . $sql_insert_data;
} }
@@ -95,7 +105,7 @@ if (isset($new_name) && trim($new_name) != '') {
* No new name for the table! * No new name for the table!
*/ */
else { else {
mysql_die($strTableEmpty); mysql_die($strTableEmpty, '', '', $err_url);
} }

20
tbl_create.php3
View File

@@ -12,6 +12,16 @@ if (isset($submit)) {
require('./header.inc.php3'); require('./header.inc.php3');
/**
* Defines the url to return to in case of error in a sql statement
*/
$err_url = 'tbl_properties.php3'
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db)
. '&table=' . urlencode($table);
/** /**
* Selects the database to work with * Selects the database to work with
*/ */
@@ -34,7 +44,7 @@ if (isset($submit)) {
$field_name[$i] = stripslashes($field_name[$i]); $field_name[$i] = stripslashes($field_name[$i]);
} }
if (MYSQL_INT_VERSION < 32306) { if (MYSQL_INT_VERSION < 32306) {
check_reserved_words($field_name[$i]); check_reserved_words($field_name[$i], $err_url);
} }
$query = backquote($field_name[$i]) . ' ' . $field_type[$i]; $query = backquote($field_name[$i]) . ' ' . $field_type[$i];
if ($field_length[$i] != '') { if ($field_length[$i] != '') {
@@ -180,7 +190,7 @@ if (isset($submit)) {
} }
// Executes the query // Executes the query
$result = mysql_query($sql_query) or mysql_die(); $result = mysql_query($sql_query) or mysql_die('', '', '', $err_url);
$sql_query = $query_cpy . ';'; $sql_query = $query_cpy . ';';
unset($query_cpy); unset($query_cpy);
$message = $strTable . ' ' . htmlspecialchars($table) . ' ' . $strHasBeenCreated; $message = $strTable . ' ' . htmlspecialchars($table) . ' ' . $strHasBeenCreated;
@@ -198,11 +208,11 @@ else {
} }
// No table name // No table name
if (!isset($table) || trim($table) == '') { if (!isset($table) || trim($table) == '') {
mysql_die($strTableEmpty); mysql_die($strTableEmpty, '', '', $err_url);
} }
// No valid number of fields // No valid number of fields
else if (empty($num_fields) || !is_int($num_fields)) { else if (empty($num_fields) || !is_int($num_fields)) {
mysql_die($strFieldsEmpty); mysql_die($strFieldsEmpty, '', '', $err_url);
} }
// Table name and number of fields are valid -> show the form // Table name and number of fields are valid -> show the form
else { else {
@@ -211,7 +221,7 @@ else {
$table = stripslashes($table); $table = stripslashes($table);
} }
if (MYSQL_INT_VERSION < 32306) { if (MYSQL_INT_VERSION < 32306) {
check_reserved_words($table); check_reserved_words($table, $err_url);
} }
$action = 'tbl_create.php3'; $action = 'tbl_create.php3';

16
tbl_dump.php3
View File

@@ -66,6 +66,16 @@ require('./libraries/build_dump.lib.php3');
require('./libraries/zip.lib.php3'); require('./libraries/zip.lib.php3');
/**
* Defines the url to return to in case of error in a sql statement
*/
$err_url = 'tbl_properties.php3'
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db)
. (isset($table) ? '&table=' . urlencode($table) : '');
/** /**
* Increase time limit for script execution and initializes some variables * Increase time limit for script execution and initializes some variables
*/ */
@@ -196,7 +206,7 @@ else {
. $crlf . '#' . $crlf . $crlf . '#' . $crlf
. '# ' . $strTableStructure . ' ' . $formatted_table_name . $crlf . '# ' . $strTableStructure . ' ' . $formatted_table_name . $crlf
. '#' . $crlf . $crlf . '#' . $crlf . $crlf
. get_table_def($db, $table, $crlf) . ';' . $crlf; . get_table_def($db, $table, $crlf, $err_url) . ';' . $crlf;
} }
// At least data // At least data
if (($what == 'data') || ($what == 'dataonly')) { if (($what == 'data') || ($what == 'dataonly')) {
@@ -207,7 +217,7 @@ else {
if (!isset($limit_from) || !isset($limit_to)) { if (!isset($limit_from) || !isset($limit_to)) {
$limit_from = $limit_to = 0; $limit_from = $limit_to = 0;
} }
get_table_content($db, $table, $limit_from, $limit_to, 'my_handler'); get_table_content($db, $table, $limit_from, $limit_to, 'my_handler', $err_url);
$dump_buffer .= $tmp_buffer; $dump_buffer .= $tmp_buffer;
} // end if } // end if
$i++; $i++;
@@ -235,7 +245,7 @@ else {
} // end if } // end if
$tmp_buffer = ''; $tmp_buffer = '';
get_table_csv($db, $table, $limit_from, $limit_to, $separator, $enclosed, $escaped, 'my_csvhandler'); get_table_csv($db, $table, $limit_from, $limit_to, $separator, $enclosed, $escaped, 'my_csvhandler', $err_url);
$dump_buffer .= $tmp_buffer; $dump_buffer .= $tmp_buffer;
} // end 'csv case } // end 'csv case
} // end building the dump } // end building the dump

18
tbl_printview.php3
View File

@@ -9,6 +9,16 @@ require('./libraries/grab_globals.lib.php3');
require('./header.inc.php3'); require('./header.inc.php3');
/**
* Defines the url to return to in case of error in a sql statement
*/
$err_url = 'tbl_properties.php3'
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db)
. '&table=' . urlencode($table);
/** /**
* Selects the database * Selects the database
*/ */
@@ -21,13 +31,13 @@ mysql_select_db($db);
// The 'show table' statement works correct since 3.23.03 // The 'show table' statement works correct since 3.23.03
if (MYSQL_INT_VERSION >= 32303) { if (MYSQL_INT_VERSION >= 32303) {
$local_query = 'SHOW TABLE STATUS LIKE \'' . sql_addslashes($table, TRUE) . '\''; $local_query = 'SHOW TABLE STATUS LIKE \'' . sql_addslashes($table, TRUE) . '\'';
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url);
$showtable = mysql_fetch_array($result); $showtable = mysql_fetch_array($result);
$num_rows = (isset($showtable['Rows']) ? $showtable['Rows'] : 0); $num_rows = (isset($showtable['Rows']) ? $showtable['Rows'] : 0);
$show_comment = (isset($showtable['Comment']) ? $showtable['Comment'] : ''); $show_comment = (isset($showtable['Comment']) ? $showtable['Comment'] : '');
} else { } else {
$local_query = 'SELECT COUNT(*) AS count FROM ' . backquote($table); $local_query = 'SELECT COUNT(*) AS count FROM ' . backquote($table);
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url);
$showtable = array(); $showtable = array();
$num_rows = mysql_result($result, 0, 'count'); $num_rows = mysql_result($result, 0, 'count');
$show_comment = ''; $show_comment = '';
@@ -39,7 +49,7 @@ mysql_free_result($result);
* Gets table keys and retains them * Gets table keys and retains them
*/ */
$local_query = 'SHOW KEYS FROM ' . backquote($table); $local_query = 'SHOW KEYS FROM ' . backquote($table);
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url);
$primary = ''; $primary = '';
$prev_key = ''; $prev_key = '';
$prev_seq = 0; $prev_seq = 0;
@@ -71,7 +81,7 @@ mysql_free_result($result);
* Gets fields properties * Gets fields properties
*/ */
$local_query = 'SHOW FIELDS FROM ' . backquote($table); $local_query = 'SHOW FIELDS FROM ' . backquote($table);
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url);
$fields_cnt = mysql_num_rows($result); $fields_cnt = mysql_num_rows($result);

37
tbl_properties.php3
View File

@@ -3,12 +3,31 @@
/** /**
* Gets some core libraries, ensures the database and the table exist (else * Gets some core libraries
* move to the "parent" script) and diplays headers
*/ */
require('./libraries/grab_globals.lib.php3'); require('./libraries/grab_globals.lib.php3');
require('./libraries/common.lib.php3'); require('./libraries/common.lib.php3');
require('./libraries/bookmark.lib.php3'); require('./libraries/bookmark.lib.php3');
/**
* Defines the urls to return to in case of error in a sql statement
*/
$err_url_0 = 'db_details.php3'
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db);
$err_url = 'tbl_properties.php3'
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db)
. '&table=' . urlencode($table);
/**
* Ensures the database and the table exist (else move to the "parent" script)
* and diplays headers
*/
// Not a valid db name -> back to the welcome page // Not a valid db name -> back to the welcome page
if (!empty($db)) { if (!empty($db)) {
$is_db = @mysql_select_db($db); $is_db = @mysql_select_db($db);
@@ -86,17 +105,17 @@ if (isset($submitcomment)) {
} }
if (empty($prev_comment) || urldecode($prev_comment) != $comment) { if (empty($prev_comment) || urldecode($prev_comment) != $comment) {
$local_query = 'ALTER TABLE ' . backquote($table) . ' COMMENT = \'' . sql_addslashes($comment) . '\''; $local_query = 'ALTER TABLE ' . backquote($table) . ' COMMENT = \'' . sql_addslashes($comment) . '\'';
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url);
} }
} }
if (isset($submittype)) { if (isset($submittype)) {
$local_query = 'ALTER TABLE ' . backquote($table) . ' TYPE = ' . $tbl_type; $local_query = 'ALTER TABLE ' . backquote($table) . ' TYPE = ' . $tbl_type;
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url);
} }
if (isset($submitorderby) && !empty($order_field)) { if (isset($submitorderby) && !empty($order_field)) {
$order_field = backquote(urldecode($order_field)); $order_field = backquote(urldecode($order_field));
$local_query = 'ALTER TABLE ' . backquote($table) . 'ORDER BY ' . $order_field; $local_query = 'ALTER TABLE ' . backquote($table) . 'ORDER BY ' . $order_field;
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url);
} }
@@ -107,14 +126,14 @@ if (isset($submitorderby) && !empty($order_field)) {
// The 'show table' statement works correct since 3.23.03 // The 'show table' statement works correct since 3.23.03
if (MYSQL_INT_VERSION >= 32303) { if (MYSQL_INT_VERSION >= 32303) {
$local_query = 'SHOW TABLE STATUS LIKE \'' . sql_addslashes($table, TRUE) . '\''; $local_query = 'SHOW TABLE STATUS LIKE \'' . sql_addslashes($table, TRUE) . '\'';
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url_0);
$showtable = mysql_fetch_array($result); $showtable = mysql_fetch_array($result);
$tbl_type = strtoupper($showtable['Type']); $tbl_type = strtoupper($showtable['Type']);
$num_rows = (isset($showtable['Rows']) ? $showtable['Rows'] : 0); $num_rows = (isset($showtable['Rows']) ? $showtable['Rows'] : 0);
$show_comment = (isset($showtable['Comment']) ? $showtable['Comment'] : ''); $show_comment = (isset($showtable['Comment']) ? $showtable['Comment'] : '');
} else { } else {
$local_query = 'SELECT COUNT(*) AS count FROM ' . backquote($table); $local_query = 'SELECT COUNT(*) AS count FROM ' . backquote($table);
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url_0);
$showtable = array(); $showtable = array();
$num_rows = mysql_result($result, 0, 'count'); $num_rows = mysql_result($result, 0, 'count');
$show_comment = ''; $show_comment = '';
@@ -171,7 +190,7 @@ if (!empty($show_comment)) {
// 2. Gets table keys and retains them // 2. Gets table keys and retains them
$local_query = 'SHOW KEYS FROM ' . backquote($table); $local_query = 'SHOW KEYS FROM ' . backquote($table);
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url_0);
$primary = ''; $primary = '';
$prev_key = ''; $prev_key = '';
$prev_seq = 0; $prev_seq = 0;
@@ -201,7 +220,7 @@ mysql_free_result($result);
// 3. Get fields // 3. Get fields
$local_query = 'SHOW FIELDS FROM ' . backquote($table); $local_query = 'SHOW FIELDS FROM ' . backquote($table);
$result = mysql_query($local_query) or mysql_die('', $local_query); $result = mysql_query($local_query) or mysql_die('', $local_query, '', $err_url_0);
$fields_cnt = mysql_num_rows($result); $fields_cnt = mysql_num_rows($result);

16
tbl_rename.php3
View File

@@ -10,6 +10,16 @@ $js_to_run = 'functions.js';
require('./libraries/common.lib.php3'); require('./libraries/common.lib.php3');
/**
* Defines the url to return to in case of error in a sql statement
*/
$err_url = 'tbl_properties.php3'
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db)
. '&table=' . urlencode($table);
/** /**
* A new name has been submitted -> do the work * A new name has been submitted -> do the work
*/ */
@@ -20,13 +30,13 @@ if (isset($new_name) && trim($new_name) != '') {
$new_name = stripslashes($new_name); $new_name = stripslashes($new_name);
} }
if (MYSQL_INT_VERSION < 32306) { if (MYSQL_INT_VERSION < 32306) {
check_reserved_words($new_name); check_reserved_words($new_name, $err_url);
} }
include('./header.inc.php3'); include('./header.inc.php3');
mysql_select_db($db); mysql_select_db($db);
$sql_query = 'ALTER TABLE ' . backquote($old_name) . ' RENAME ' . backquote($new_name); $sql_query = 'ALTER TABLE ' . backquote($old_name) . ' RENAME ' . backquote($new_name);
$result = mysql_query($sql_query) or mysql_die(); $result = mysql_query($sql_query) or mysql_die('', '', '', $err_url);
$message = sprintf($strRenameTableOK, $old_name, $table); $message = sprintf($strRenameTableOK, $old_name, $table);
$reload = 1; $reload = 1;
} }
@@ -37,7 +47,7 @@ if (isset($new_name) && trim($new_name) != '') {
*/ */
else { else {
include('./header.inc.php3'); include('./header.inc.php3');
mysql_die($strTableEmpty); mysql_die($strTableEmpty, '', '', $err_url);
} }

16
tbl_replace.php3
View File

@@ -25,6 +25,12 @@ if ($goto == 'sql.php3') {
. '&pos=' . $pos . '&pos=' . $pos
. '&sql_query=' . urlencode($sql_query); . '&sql_query=' . urlencode($sql_query);
} }
// Defines the url to return in case of failure of the query
if (isset($url_err)) {
$url_err = urldecode($url_err);
} else {
$url_err = $goto;
}
// Resets tables defined in the configuration file // Resets tables defined in the configuration file
reset($fields); reset($fields);
reset($funcs); reset($funcs);
@@ -102,11 +108,11 @@ if (isset($primary_key) && ($submit_type != $strInsertAsNewRow)) {
} // end while } // end while
// Builds the sql upate query // Builds the sql upate query
$valuelist = ereg_replace(', $', '', $valuelist); $valuelist = ereg_replace(', $', '', $valuelist);
if (!empty($valuelist)) { if (!empty($valuelist)) {
$query = 'UPDATE ' . backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key $query = 'UPDATE ' . backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key
. ((MYSQL_INT_VERSION >= 32300) ? ' LIMIT 1' : ''); . ((MYSQL_INT_VERSION >= 32300) ? ' LIMIT 1' : '');
$message = $strAffectedRows . '&nbsp;'; $message = $strAffectedRows . '&nbsp;';
} }
// No change -> move back to the calling script // No change -> move back to the calling script
else { else {
@@ -199,7 +205,7 @@ $result = mysql_query($query);
if (!$result) { if (!$result) {
$error = mysql_error(); $error = mysql_error();
include('./header.inc.php3'); include('./header.inc.php3');
mysql_die($error); mysql_die($error, '', '', $url_err);
} else { } else {
if (@mysql_affected_rows()) { if (@mysql_affected_rows()) {
$message .= @mysql_affected_rows(); $message .= @mysql_affected_rows();

12
tbl_select.php3
View File

@@ -9,6 +9,16 @@ require('./libraries/grab_globals.lib.php3');
require('./libraries/common.lib.php3'); require('./libraries/common.lib.php3');
/**
* Defines the url to return to in case of error in a sql statement
*/
$err_url = $goto
. '?lang=' . $lang
. '&server=' . $server
. '&db=' . urlencode($db)
. '&table=' . urlencode($table);
/** /**
* Not selection yet required -> displays the selection form * Not selection yet required -> displays the selection form
*/ */
@@ -16,7 +26,7 @@ if (!isset($param) || $param[0] == '') {
include('./header.inc.php3'); include('./header.inc.php3');
$result = @mysql_list_fields($db, $table); $result = @mysql_list_fields($db, $table);
if (!$result) { if (!$result) {
mysql_die('', 'mysql_list_fields(' . $db . ', ' . $table . ')'); mysql_die('', 'mysql_list_fields(' . $db . ', ' . $table . ')', '', $err_url);
} }
else { else {
// Gets the list and number of fields // Gets the list and number of fields

22
user_details.php3
View File

@@ -9,6 +9,16 @@ require('./libraries/grab_globals.lib.php3');
require('./libraries/common.lib.php3'); require('./libraries/common.lib.php3');
/**
* Defines the url to return to in case of error in a sql statement
*/
$err_url = 'user_details.php3'
. '?lang=' . $lang
. '&server=' . $server
. '&db=mysql'
. '&table=user';
/** /**
* Displays the table of grants for an user * Displays the table of grants for an user
* *
@@ -707,7 +717,7 @@ function check_rights()
{ {
$result = @mysql_query('USE mysql'); $result = @mysql_query('USE mysql');
if (mysql_error()) { if (mysql_error()) {
mysql_die($GLOBALS['strNoRights'], '', FALSE, FALSE); mysql_die($GLOBALS['strNoRights'], '', FALSE, '');
} }
return true; return true;
@@ -1054,7 +1064,7 @@ else if (isset($submit_addUser)) {
$sql_query = 'INSERT INTO mysql.user ' $sql_query = 'INSERT INTO mysql.user '
. 'SET host = \'' . sql_addslashes($host) . '\', user = \'' . sql_addslashes($pma_user) . '\', password = ' . (empty($pma_pw) ? '\'\'' : 'PASSWORD(\'' . sql_addslashes($pma_pw) . '\')') . 'SET host = \'' . sql_addslashes($host) . '\', user = \'' . sql_addslashes($pma_user) . '\', password = ' . (empty($pma_pw) ? '\'\'' : 'PASSWORD(\'' . sql_addslashes($pma_pw) . '\')')
. ', ' . $sql_query; . ', ' . $sql_query;
$result = @mysql_query($sql_query) or mysql_die('', '', FALSE); $result = @mysql_query($sql_query) or mysql_die('', '', FALSE, $err_url);
unset($host); unset($host);
unset($pma_user); unset($pma_user);
show_message($strAddUserMessage . '<br />' . $strRememberReload); show_message($strAddUserMessage . '<br />' . $strRememberReload);
@@ -1126,7 +1136,7 @@ else if (isset($submit_updProfile)) {
// Updates profile // Updates profile
$sql_query = 'UPDATE user SET ' . $sql_query . $common_where; $sql_query = 'UPDATE user SET ' . $sql_query . $common_where;
$sql_query_cpy = $sql_query; $sql_query_cpy = $sql_query;
$result = @mysql_query($sql_query) or mysql_die('', '', FALSE); $result = @mysql_query($sql_query) or mysql_die('', '', FALSE, $err_url . '&host=' . urlencode($host) . '&pma_user=' . urlencode($pma_user) . '&edit=1');
// Updates grants // Updates grants
if (isset($new_server) || isset($new_user)) { if (isset($new_server) || isset($new_user)) {
@@ -1189,7 +1199,7 @@ else if (isset($submit_chgPriv)) {
$sql_query = 'UPDATE user SET ' $sql_query = 'UPDATE user SET '
. $sql_query . $sql_query
. ' WHERE host = \'' . sql_addslashes($host) . '\' AND user = \'' . sql_addslashes($pma_user) . '\''; . ' WHERE host = \'' . sql_addslashes($host) . '\' AND user = \'' . sql_addslashes($pma_user) . '\'';
$result = @mysql_query($sql_query) or mysql_die('', '', FALSE); $result = @mysql_query($sql_query) or mysql_die('', '', FALSE, $err_url . '&host=' . urlencode($host) . '&pma_user=' . urlencode($pma_user) . '&edit=1');
show_message(sprintf($strUpdatePrivMessage, '<span style="color: #002E80">' . $pma_user . '@' . $host . '</span>') . '<br />' . $strRememberReload); show_message(sprintf($strUpdatePrivMessage, '<span style="color: #002E80">' . $pma_user . '@' . $host . '</span>') . '<br />' . $strRememberReload);
} }
@@ -1237,7 +1247,7 @@ else if (isset($grants) && $grants) {
$sql_query .= ' TO ' . '\'' . sql_addslashes($pma_user) . '\'' . '@' . '\'' . sql_addslashes($host) . '\''; $sql_query .= ' TO ' . '\'' . sql_addslashes($pma_user) . '\'' . '@' . '\'' . sql_addslashes($host) . '\'';
$sql_query = 'GRANT ' . $sql_query; $sql_query = 'GRANT ' . $sql_query;
$result = @mysql_query($sql_query) or mysql_die('', '', FALSE); $result = @mysql_query($sql_query) or mysql_die('', '', FALSE, $err_url . '&host=' . urlencode($host) . '&pma_user=' . urlencode($pma_user) . '&grants=1');
show_message($strAddPrivMessage); show_message($strAddPrivMessage);
} // end if } // end if
} }
@@ -1281,7 +1291,7 @@ else {
if (!isset($pma_user)) { if (!isset($pma_user)) {
$pma_user = FALSE; $pma_user = FALSE;
} }
table_users($host, $pma_user) or mysql_die($strNoUsersFound, '', FALSE, FALSE); table_users($host, $pma_user) or mysql_die($strNoUsersFound, '', FALSE, '');
normal_operations(); normal_operations();
} }