Added backquotes and slashed some values
This commit is contained in:
Loïc Chapeaux
@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
|
||||
$Id$
|
||||
$Source$
|
||||
|
||||
2002-05-05 Lo<4C>c Chapeaux <lolo@phpheaven.net>
|
||||
* tbl_relation.php3; libraries/display_tbl.lib.php3: added backquotes and
|
||||
slashed some values.
|
||||
|
||||
2002-05-06 Marc Delisle <lem9@users.sourceforge.net>
|
||||
* lang/romanian.inc.php3 updates thanks to Valics Lehel
|
||||
* lang/*, tbl_relation.php3, Documentation.html,
|
||||
|
||||
@@ -923,31 +923,30 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')){
|
||||
} else if ($row[$pointer] != '') {
|
||||
$vertical_display['data'][$row_no][$i] = ' <td align="right" valign="top" bgcolor="' . $bgcolor . '">';
|
||||
if (isset($map[$meta->name])) {
|
||||
// Field to display from the foreign table?
|
||||
// Field to display from the foreign table?
|
||||
if (!empty($map[$meta->name][2])) {
|
||||
$dispsql = 'SELECT ' . $map[$meta->name][2]
|
||||
. ' FROM ' . PMA_backquote($map[$meta->name][0])
|
||||
. ' WHERE ' . $map[$meta->name][1]
|
||||
. ' = ' . $row[$pointer];
|
||||
$dispresult = mysql_query($dispsql);
|
||||
if (mysql_num_rows($dispresult) > 0) {
|
||||
$disprow = mysql_fetch_row($dispresult);
|
||||
$dispval = $disprow[0];
|
||||
}
|
||||
else {
|
||||
$dispval = $GLOBALS['strLinkNotFound'];
|
||||
}
|
||||
$dispsql = 'SELECT ' . PMA_backquote($map[$meta->name][2])
|
||||
. ' FROM ' . PMA_backquote($map[$meta->name][0])
|
||||
. ' WHERE ' . PMA_backquote($map[$meta->name][1])
|
||||
. ' = ' . $row[$pointer];
|
||||
$dispresult = mysql_query($dispsql);
|
||||
if ($dispresult && mysql_num_rows($dispresult) > 0) {
|
||||
$dispval = mysql_result($dispresult, 0);
|
||||
}
|
||||
else {
|
||||
$dispval = $GLOBALS['strLinkNotFound'];
|
||||
}
|
||||
}
|
||||
else {
|
||||
$dispval = '';
|
||||
}
|
||||
$title = (!empty($dispval))? ' title="' . $dispval . '"': '';
|
||||
$dispval = '';
|
||||
} // end if... else...
|
||||
$title = (!empty($dispval))? ' title="' . htmlspecialchars($dispval) . '"' : '';
|
||||
|
||||
$vertical_display['data'][$row_no][$i] .= '<a href="sql.php3?'
|
||||
. 'lang=' . $lang . '&server=' . $server
|
||||
. '&db=' . urlencode($db) . '&table=' . urlencode($map[$meta->name][0])
|
||||
. '&pos=0&session_max_rows=' . $session_max_rows . '&dontlimitchars=' . $dontlimitchars
|
||||
. '&sql_query=' . urlencode('SELECT * FROM ' . PMA_backquote($map[$meta->name][0]) . ' WHERE ' . $map[$meta->name][1] . ' = ' . $row[$pointer]) . '"' . $title . '>'
|
||||
. '&sql_query=' . urlencode('SELECT * FROM ' . PMA_backquote($map[$meta->name][0]) . ' WHERE ' . PMA_backquote($map[$meta->name][1]) . ' = ' . $row[$pointer]) . '"' . $title . '>'
|
||||
. $row[$pointer] . '</a>';
|
||||
} else {
|
||||
$vertical_display['data'][$row_no][$i] .= $row[$pointer];
|
||||
@@ -1013,33 +1012,32 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')){
|
||||
$row[$pointer] = ereg_replace("((\015\012)|(\015)|(\012))", '<br />', $row[$pointer]);
|
||||
}
|
||||
$vertical_display['data'][$row_no][$i] = ' <td valign="top" bgcolor="' . $bgcolor . '">';
|
||||
if (isset($map[$meta->name])) {
|
||||
|
||||
// Field to display from the foreign table?
|
||||
if (isset($map[$meta->name])) {
|
||||
// Field to display from the foreign table?
|
||||
if (!empty($map[$meta->name][2])) {
|
||||
$dispsql = 'SELECT ' . $map[$meta->name][2]
|
||||
. ' FROM ' . PMA_backquote($map[$meta->name][0])
|
||||
. ' WHERE ' . $map[$meta->name][1]
|
||||
. ' = \'' . $row[$pointer] . '\'';
|
||||
$dispresult = @mysql_query($dispsql);
|
||||
if (mysql_num_rows($dispresult) > 0) {
|
||||
$disprow = mysql_fetch_row($dispresult);
|
||||
$dispval = $disprow[0];
|
||||
}
|
||||
else {
|
||||
$dispval = $GLOBALS['strLinkNotFound'];
|
||||
}
|
||||
$dispsql = 'SELECT ' . PMA_backquote($map[$meta->name][2])
|
||||
. ' FROM ' . PMA_backquote($map[$meta->name][0])
|
||||
. ' WHERE ' . PMA_backquote($map[$meta->name][1])
|
||||
. ' = \'' . PMA_sqlAddslashes($row[$pointer]) . '\'';
|
||||
$dispresult = @mysql_query($dispsql);
|
||||
if ($dispresult && mysql_num_rows($dispresult) > 0) {
|
||||
$dispval = mysql_result($dispresult, 0);
|
||||
}
|
||||
else {
|
||||
$dispval = $GLOBALS['strLinkNotFound'];
|
||||
}
|
||||
}
|
||||
else {
|
||||
$dispval = '';
|
||||
}
|
||||
$title = (!empty($dispval))? ' title="' . $dispval . '"': '';
|
||||
$title = (!empty($dispval))? ' title="' . htmlspecialchars($dispval) . '"' : '';
|
||||
|
||||
$vertical_display['data'][$row_no][$i] .= '<a href="sql.php3?'
|
||||
. 'lang=' . $lang . '&server=' . $server
|
||||
. '&db=' . urlencode($db) . '&table=' . urlencode($map[$meta->name][0])
|
||||
. '&pos=0&session_max_rows=' . $session_max_rows . '&dontlimitchars=' . $dontlimitchars
|
||||
. '&sql_query=' . urlencode('SELECT * FROM ' . PMA_backquote($map[$meta->name][0]) . ' WHERE ' . $map[$meta->name][1] . ' = \'' . PMA_sqlAddslashes($relation_id) . '\'') . '"' . $title . '>'
|
||||
. '&sql_query=' . urlencode('SELECT * FROM ' . PMA_backquote($map[$meta->name][0]) . ' WHERE ' . PMA_backquote($map[$meta->name][1]) . ' = \'' . PMA_sqlAddslashes($relation_id) . '\'') . '"' . $title . '>'
|
||||
. $row[$pointer] . '</a>';
|
||||
} else {
|
||||
$vertical_display['data'][$row_no][$i] .= $row[$pointer];
|
||||
@@ -1356,15 +1354,12 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')){
|
||||
|
||||
if (!empty($cfg['Server']['relation'])) {
|
||||
// find tables
|
||||
// $tabs = '(\'' . join('\',\'', spliti('`? *((on [^,]+)?,|(NATURAL )?(inner|left|right)( outer)? join) *`?',
|
||||
// eregi_replace('^.*FROM +`?|`? *(on [^,]+)?(WHERE.*)?$', '', $sql_query))) . '\')';
|
||||
$pattern = '`?[[:space:]]+(((ON|on)[[:space:]]+[^,]+)?,|((NATURAL|natural)[[:space:]]+)?(INNER|inner|LEFT|left|RIGHT|right)([[:space:]]+(OUTER|outer))?[[:space:]]+(JOIN|join))[[:space:]]*`?';
|
||||
$target = eregi_replace('^.*[[:space:]]+FROM[[:space:]]+`?|`?[[:space:]]*(ON[[:space:]]+[^,]+)?(WHERE[[:space:]]+.*)?$', '', $sql_query);
|
||||
$tabs = '(\'' . join('\',\'', split($pattern, $target)) . '\')';
|
||||
|
||||
$local_query = 'SELECT master_field, foreign_table, foreign_field,'
|
||||
. 'foreign_display_field'
|
||||
. ' FROM ' . $cfg['Server']['relation']
|
||||
$local_query = 'SELECT master_field, foreign_table, foreign_field, foreign_display_field'
|
||||
. ' FROM ' . PMA_backquote($cfg['Server']['relation'])
|
||||
. ' WHERE master_table IN ' . $tabs;
|
||||
$result = @mysql_query($local_query);
|
||||
if ($result) {
|
||||
|
||||
@@ -17,7 +17,7 @@ require('./tbl_properties_table_info.php3');
|
||||
if (!empty($cfg['Server']['relation'])
|
||||
&& isset($submit_rel) && $submit_rel == 'true') {
|
||||
// first check if there is a entry allready
|
||||
$upd_query = 'SELECT master_field, foreign_table, foreign_field FROM ' . $cfg['Server']['relation']
|
||||
$upd_query = 'SELECT master_field, foreign_table, foreign_field FROM ' . PMA_backquote($cfg['Server']['relation'])
|
||||
. ' WHERE master_table = \'' . PMA_sqlAddslashes($table) . '\'';
|
||||
$upd_rs = mysql_query($upd_query) or PMA_mysqlDie('', $upd_query, '', $err_url_0);
|
||||
|
||||
@@ -29,7 +29,7 @@ if (!empty($cfg['Server']['relation'])
|
||||
if ($value != 'nix') {
|
||||
if (!isset($existrel[$key])) {
|
||||
$for = explode('.', $destination[$key]);
|
||||
$upd_query = 'INSERT INTO ' . $cfg['Server']['relation']
|
||||
$upd_query = 'INSERT INTO ' . PMA_backquote($cfg['Server']['relation'])
|
||||
. '(master_table, master_field, foreign_table, foreign_field)'
|
||||
. ' values('
|
||||
. '\'' . PMA_sqlAddslashes($table) . '\', '
|
||||
@@ -39,14 +39,14 @@ if (!empty($cfg['Server']['relation'])
|
||||
$upd_rs = mysql_query($upd_query) or PMA_mysqlDie('', $upd_query, '', $err_url_0);
|
||||
} else if ($existrel[$key] != $value) {
|
||||
$for = explode('.', $destination[$key]);
|
||||
$upd_query = 'UPDATE ' . $cfg['Server']['relation'] . ' SET'
|
||||
$upd_query = 'UPDATE ' . PMA_backquote($cfg['Server']['relation']) . ' SET'
|
||||
. ' foreign_table = \'' . PMA_sqlAddslashes($for[0]) . '\', foreign_field = \'' . PMA_sqlAddslashes($for[1]) . '\' '
|
||||
. ' WHERE master_table = \'' . PMA_sqlAddslashes($table) . '\' AND master_field = \'' . PMA_sqlAddslashes($key) . '\'';
|
||||
$upd_rs = mysql_query($upd_query) or PMA_mysqlDie('', $upd_query, '', $err_url_0);
|
||||
} // end if... else....
|
||||
} else if (isset($existrel[$key])) {
|
||||
$for = explode('.', $destination[$key]);
|
||||
$upd_query = 'DELETE FROM ' . $cfg['Server']['relation']
|
||||
$upd_query = 'DELETE FROM ' . PMA_backquote($cfg['Server']['relation'])
|
||||
. ' WHERE master_table = \'' . PMA_sqlAddslashes($table) . '\' AND master_field = \'' . PMA_sqlAddslashes($key) . '\'';
|
||||
$upd_rs = mysql_query($upd_query) or PMA_mysqlDie('', $upd_query, '', $err_url_0);
|
||||
} // end if... else....
|
||||
@@ -93,7 +93,7 @@ if ($cfg['Server']['relation']) {
|
||||
// create Array of Relations (Mike Beck)
|
||||
if ($rel_work) {
|
||||
$rel_query = 'SELECT master_field, concat(foreign_table, \'.\', foreign_field) AS rel'
|
||||
. ' FROM ' . $cfg['Server']['relation']
|
||||
. ' FROM ' . PMA_backquote($cfg['Server']['relation'])
|
||||
. ' WHERE master_table = \'' . PMA_sqlAddslashes($table) . '\'';
|
||||
$relations = @mysql_query($rel_query) or PMA_mysqlDie('', $rel_query, '', $err_url);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user