nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added backquotes and slashed some values

Browse Source
This commit is contained in:
Loïc Chapeaux
2002-05-07 19:52:03 +00:00
parent d68a962d51
commit fb6bf9763d
3 changed files with 42 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
$Id$ $Id$
$Source$ $Source$
2002-05-05 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* tbl_relation.php3; libraries/display_tbl.lib.php3: added backquotes and
slashed some values.
2002-05-06 Marc Delisle <lem9@users.sourceforge.net> 2002-05-06 Marc Delisle <lem9@users.sourceforge.net>
* lang/romanian.inc.php3 updates thanks to Valics Lehel * lang/romanian.inc.php3 updates thanks to Valics Lehel
* lang/*, tbl_relation.php3, Documentation.html, * lang/*, tbl_relation.php3, Documentation.html,

71
libraries/display_tbl.lib.php3
View File

@@ -923,31 +923,30 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')){
} else if ($row[$pointer] != '') { } else if ($row[$pointer] != '') {
$vertical_display['data'][$row_no][$i] = ' <td align="right" valign="top" bgcolor="' . $bgcolor . '">'; $vertical_display['data'][$row_no][$i] = ' <td align="right" valign="top" bgcolor="' . $bgcolor . '">';
if (isset($map[$meta->name])) { if (isset($map[$meta->name])) {
// Field to display from the foreign table? // Field to display from the foreign table?
if (!empty($map[$meta->name][2])) { if (!empty($map[$meta->name][2])) {
$dispsql = 'SELECT ' . $map[$meta->name][2] $dispsql = 'SELECT ' . PMA_backquote($map[$meta->name][2])
. ' FROM ' . PMA_backquote($map[$meta->name][0]) . ' FROM ' . PMA_backquote($map[$meta->name][0])
. ' WHERE ' . $map[$meta->name][1] . ' WHERE ' . PMA_backquote($map[$meta->name][1])
. ' = ' . $row[$pointer]; . ' = ' . $row[$pointer];
$dispresult = mysql_query($dispsql); $dispresult = mysql_query($dispsql);
if (mysql_num_rows($dispresult) > 0) { if ($dispresult && mysql_num_rows($dispresult) > 0) {
$disprow = mysql_fetch_row($dispresult); $dispval = mysql_result($dispresult, 0);
$dispval = $disprow[0]; }
} else {
else { $dispval = $GLOBALS['strLinkNotFound'];
$dispval = $GLOBALS['strLinkNotFound']; }
}
} }
else { else {
$dispval = ''; $dispval = '';
} } // end if... else...
$title = (!empty($dispval))? ' title="' . $dispval . '"': ''; $title = (!empty($dispval))? ' title="' . htmlspecialchars($dispval) . '"' : '';
$vertical_display['data'][$row_no][$i] .= '<a href="sql.php3?' $vertical_display['data'][$row_no][$i] .= '<a href="sql.php3?'
. 'lang=' . $lang . '&amp;server=' . $server . 'lang=' . $lang . '&amp;server=' . $server
. '&amp;db=' . urlencode($db) . '&amp;table=' . urlencode($map[$meta->name][0]) . '&amp;db=' . urlencode($db) . '&amp;table=' . urlencode($map[$meta->name][0])
. '&amp;pos=0&amp;session_max_rows=' . $session_max_rows . '&amp;dontlimitchars=' . $dontlimitchars . '&amp;pos=0&amp;session_max_rows=' . $session_max_rows . '&amp;dontlimitchars=' . $dontlimitchars
. '&amp;sql_query=' . urlencode('SELECT * FROM ' . PMA_backquote($map[$meta->name][0]) . ' WHERE ' . $map[$meta->name][1] . ' = ' . $row[$pointer]) . '"' . $title . '>' . '&amp;sql_query=' . urlencode('SELECT * FROM ' . PMA_backquote($map[$meta->name][0]) . ' WHERE ' . PMA_backquote($map[$meta->name][1]) . ' = ' . $row[$pointer]) . '"' . $title . '>'
. $row[$pointer] . '</a>'; . $row[$pointer] . '</a>';
} else { } else {
$vertical_display['data'][$row_no][$i] .= $row[$pointer]; $vertical_display['data'][$row_no][$i] .= $row[$pointer];
@@ -1013,33 +1012,32 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')){
$row[$pointer] = ereg_replace("((\015\012)|(\015)|(\012))", '<br />', $row[$pointer]); $row[$pointer] = ereg_replace("((\015\012)|(\015)|(\012))", '<br />', $row[$pointer]);
} }
$vertical_display['data'][$row_no][$i] = ' <td valign="top" bgcolor="' . $bgcolor . '">'; $vertical_display['data'][$row_no][$i] = ' <td valign="top" bgcolor="' . $bgcolor . '">';
if (isset($map[$meta->name])) {
// Field to display from the foreign table? if (isset($map[$meta->name])) {
// Field to display from the foreign table?
if (!empty($map[$meta->name][2])) { if (!empty($map[$meta->name][2])) {
$dispsql = 'SELECT ' . $map[$meta->name][2] $dispsql = 'SELECT ' . PMA_backquote($map[$meta->name][2])
. ' FROM ' . PMA_backquote($map[$meta->name][0]) . ' FROM ' . PMA_backquote($map[$meta->name][0])
. ' WHERE ' . $map[$meta->name][1] . ' WHERE ' . PMA_backquote($map[$meta->name][1])
. ' = \'' . $row[$pointer] . '\''; . ' = \'' . PMA_sqlAddslashes($row[$pointer]) . '\'';
$dispresult = @mysql_query($dispsql); $dispresult = @mysql_query($dispsql);
if (mysql_num_rows($dispresult) > 0) { if ($dispresult && mysql_num_rows($dispresult) > 0) {
$disprow = mysql_fetch_row($dispresult); $dispval = mysql_result($dispresult, 0);
$dispval = $disprow[0]; }
} else {
else { $dispval = $GLOBALS['strLinkNotFound'];
$dispval = $GLOBALS['strLinkNotFound']; }
}
} }
else { else {
$dispval = ''; $dispval = '';
} }
$title = (!empty($dispval))? ' title="' . $dispval . '"': ''; $title = (!empty($dispval))? ' title="' . htmlspecialchars($dispval) . '"' : '';
$vertical_display['data'][$row_no][$i] .= '<a href="sql.php3?' $vertical_display['data'][$row_no][$i] .= '<a href="sql.php3?'
. 'lang=' . $lang . '&amp;server=' . $server . 'lang=' . $lang . '&amp;server=' . $server
. '&amp;db=' . urlencode($db) . '&amp;table=' . urlencode($map[$meta->name][0]) . '&amp;db=' . urlencode($db) . '&amp;table=' . urlencode($map[$meta->name][0])
. '&amp;pos=0&amp;session_max_rows=' . $session_max_rows . '&amp;dontlimitchars=' . $dontlimitchars . '&amp;pos=0&amp;session_max_rows=' . $session_max_rows . '&amp;dontlimitchars=' . $dontlimitchars
. '&amp;sql_query=' . urlencode('SELECT * FROM ' . PMA_backquote($map[$meta->name][0]) . ' WHERE ' . $map[$meta->name][1] . ' = \'' . PMA_sqlAddslashes($relation_id) . '\'') . '"' . $title . '>' . '&amp;sql_query=' . urlencode('SELECT * FROM ' . PMA_backquote($map[$meta->name][0]) . ' WHERE ' . PMA_backquote($map[$meta->name][1]) . ' = \'' . PMA_sqlAddslashes($relation_id) . '\'') . '"' . $title . '>'
. $row[$pointer] . '</a>'; . $row[$pointer] . '</a>';
} else { } else {
$vertical_display['data'][$row_no][$i] .= $row[$pointer]; $vertical_display['data'][$row_no][$i] .= $row[$pointer];
@@ -1356,15 +1354,12 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')){
if (!empty($cfg['Server']['relation'])) { if (!empty($cfg['Server']['relation'])) {
// find tables // find tables
// $tabs = '(\'' . join('\',\'', spliti('`? *((on [^,]+)?,|(NATURAL )?(inner|left|right)( outer)? join) *`?',
// eregi_replace('^.*FROM +`?|`? *(on [^,]+)?(WHERE.*)?$', '', $sql_query))) . '\')';
$pattern = '`?[[:space:]]+(((ON|on)[[:space:]]+[^,]+)?,|((NATURAL|natural)[[:space:]]+)?(INNER|inner|LEFT|left|RIGHT|right)([[:space:]]+(OUTER|outer))?[[:space:]]+(JOIN|join))[[:space:]]*`?'; $pattern = '`?[[:space:]]+(((ON|on)[[:space:]]+[^,]+)?,|((NATURAL|natural)[[:space:]]+)?(INNER|inner|LEFT|left|RIGHT|right)([[:space:]]+(OUTER|outer))?[[:space:]]+(JOIN|join))[[:space:]]*`?';
$target = eregi_replace('^.*[[:space:]]+FROM[[:space:]]+`?|`?[[:space:]]*(ON[[:space:]]+[^,]+)?(WHERE[[:space:]]+.*)?$', '', $sql_query); $target = eregi_replace('^.*[[:space:]]+FROM[[:space:]]+`?|`?[[:space:]]*(ON[[:space:]]+[^,]+)?(WHERE[[:space:]]+.*)?$', '', $sql_query);
$tabs = '(\'' . join('\',\'', split($pattern, $target)) . '\')'; $tabs = '(\'' . join('\',\'', split($pattern, $target)) . '\')';
$local_query = 'SELECT master_field, foreign_table, foreign_field,' $local_query = 'SELECT master_field, foreign_table, foreign_field, foreign_display_field'
. 'foreign_display_field' . ' FROM ' . PMA_backquote($cfg['Server']['relation'])
. ' FROM ' . $cfg['Server']['relation']
. ' WHERE master_table IN ' . $tabs; . ' WHERE master_table IN ' . $tabs;
$result = @mysql_query($local_query); $result = @mysql_query($local_query);
if ($result) { if ($result) {

10
tbl_relation.php3
View File

@@ -17,7 +17,7 @@ require('./tbl_properties_table_info.php3');
if (!empty($cfg['Server']['relation']) if (!empty($cfg['Server']['relation'])
&& isset($submit_rel) && $submit_rel == 'true') { && isset($submit_rel) && $submit_rel == 'true') {
// first check if there is a entry allready // first check if there is a entry allready
$upd_query = 'SELECT master_field, foreign_table, foreign_field FROM ' . $cfg['Server']['relation'] $upd_query = 'SELECT master_field, foreign_table, foreign_field FROM ' . PMA_backquote($cfg['Server']['relation'])
. ' WHERE master_table = \'' . PMA_sqlAddslashes($table) . '\''; . ' WHERE master_table = \'' . PMA_sqlAddslashes($table) . '\'';
$upd_rs = mysql_query($upd_query) or PMA_mysqlDie('', $upd_query, '', $err_url_0); $upd_rs = mysql_query($upd_query) or PMA_mysqlDie('', $upd_query, '', $err_url_0);
@@ -29,7 +29,7 @@ if (!empty($cfg['Server']['relation'])
if ($value != 'nix') { if ($value != 'nix') {
if (!isset($existrel[$key])) { if (!isset($existrel[$key])) {
$for = explode('.', $destination[$key]); $for = explode('.', $destination[$key]);
$upd_query = 'INSERT INTO ' . $cfg['Server']['relation'] $upd_query = 'INSERT INTO ' . PMA_backquote($cfg['Server']['relation'])
. '(master_table, master_field, foreign_table, foreign_field)' . '(master_table, master_field, foreign_table, foreign_field)'
. ' values(' . ' values('
. '\'' . PMA_sqlAddslashes($table) . '\', ' . '\'' . PMA_sqlAddslashes($table) . '\', '
@@ -39,14 +39,14 @@ if (!empty($cfg['Server']['relation'])
$upd_rs = mysql_query($upd_query) or PMA_mysqlDie('', $upd_query, '', $err_url_0); $upd_rs = mysql_query($upd_query) or PMA_mysqlDie('', $upd_query, '', $err_url_0);
} else if ($existrel[$key] != $value) { } else if ($existrel[$key] != $value) {
$for = explode('.', $destination[$key]); $for = explode('.', $destination[$key]);
$upd_query = 'UPDATE ' . $cfg['Server']['relation'] . ' SET' $upd_query = 'UPDATE ' . PMA_backquote($cfg['Server']['relation']) . ' SET'
. ' foreign_table = \'' . PMA_sqlAddslashes($for[0]) . '\', foreign_field = \'' . PMA_sqlAddslashes($for[1]) . '\' ' . ' foreign_table = \'' . PMA_sqlAddslashes($for[0]) . '\', foreign_field = \'' . PMA_sqlAddslashes($for[1]) . '\' '
. ' WHERE master_table = \'' . PMA_sqlAddslashes($table) . '\' AND master_field = \'' . PMA_sqlAddslashes($key) . '\''; . ' WHERE master_table = \'' . PMA_sqlAddslashes($table) . '\' AND master_field = \'' . PMA_sqlAddslashes($key) . '\'';
$upd_rs = mysql_query($upd_query) or PMA_mysqlDie('', $upd_query, '', $err_url_0); $upd_rs = mysql_query($upd_query) or PMA_mysqlDie('', $upd_query, '', $err_url_0);
} // end if... else.... } // end if... else....
} else if (isset($existrel[$key])) { } else if (isset($existrel[$key])) {
$for = explode('.', $destination[$key]); $for = explode('.', $destination[$key]);
$upd_query = 'DELETE FROM ' . $cfg['Server']['relation'] $upd_query = 'DELETE FROM ' . PMA_backquote($cfg['Server']['relation'])
. ' WHERE master_table = \'' . PMA_sqlAddslashes($table) . '\' AND master_field = \'' . PMA_sqlAddslashes($key) . '\''; . ' WHERE master_table = \'' . PMA_sqlAddslashes($table) . '\' AND master_field = \'' . PMA_sqlAddslashes($key) . '\'';
$upd_rs = mysql_query($upd_query) or PMA_mysqlDie('', $upd_query, '', $err_url_0); $upd_rs = mysql_query($upd_query) or PMA_mysqlDie('', $upd_query, '', $err_url_0);
} // end if... else.... } // end if... else....
@@ -93,7 +93,7 @@ if ($cfg['Server']['relation']) {
// create Array of Relations (Mike Beck) // create Array of Relations (Mike Beck)
if ($rel_work) { if ($rel_work) {
$rel_query = 'SELECT master_field, concat(foreign_table, \'.\', foreign_field) AS rel' $rel_query = 'SELECT master_field, concat(foreign_table, \'.\', foreign_field) AS rel'
. ' FROM ' . $cfg['Server']['relation'] . ' FROM ' . PMA_backquote($cfg['Server']['relation'])
. ' WHERE master_table = \'' . PMA_sqlAddslashes($table) . '\''; . ' WHERE master_table = \'' . PMA_sqlAddslashes($table) . '\'';
$relations = @mysql_query($rel_query) or PMA_mysqlDie('', $rel_query, '', $err_url); $relations = @mysql_query($rel_query) or PMA_mysqlDie('', $rel_query, '', $err_url);