mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-09 16:17:48 +02:00
Code Issues Releases Wiki Activity

Change escape_string to quote

Browse Source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@747 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
2009-06-22 00:53:51 +00:00
parent e905f856aa
commit 36a3656089
14 changed files with 97 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
adminer/event.inc.php
View File

@@ -7,18 +7,18 @@ if ($_POST && !$error) {
query_redirect("DROP EVENT " . idf_escape($_GET["event"]), substr($SELF, 0, -1), lang('Event has been dropped.'));
} elseif (in_array($_POST["INTERVAL_FIELD"], $intervals) && in_array($_POST["STATUS"], $statuses)) {
$schedule = "\nON SCHEDULE " . ($_POST["INTERVAL_VALUE"]
? "EVERY '" . $dbh->escape_string($_POST["INTERVAL_VALUE"]) . "' $_POST[INTERVAL_FIELD]"
. ($_POST["STARTS"] ? " STARTS '" . $dbh->escape_string($_POST["STARTS"]) . "'" : "")
. ($_POST["ENDS"] ? " ENDS '" . $dbh->escape_string($_POST["ENDS"]) . "'" : "") //! ALTER EVENT doesn't drop ENDS - MySQL bug #39173
: "AT '" . $dbh->escape_string($_POST["STARTS"]) . "'"
? "EVERY " . $dbh->quote($_POST["INTERVAL_VALUE"]) . " $_POST[INTERVAL_FIELD]"
. ($_POST["STARTS"] ? " STARTS " . $dbh->quote($_POST["STARTS"]) : "")
. ($_POST["ENDS"] ? " ENDS " . $dbh->quote($_POST["ENDS"]) : "") //! ALTER EVENT doesn't drop ENDS - MySQL bug #39173
: "AT " . $dbh->quote($_POST["STARTS"])
) . " ON COMPLETION" . ($_POST["ON_COMPLETION"] ? "" : " NOT") . " PRESERVE"
;
query_redirect((strlen($_GET["event"])
? "ALTER EVENT " . idf_escape($_GET["event"]) . $schedule
. ($_GET["event"] != $_POST["EVENT_NAME"] ? "\nRENAME TO " . idf_escape($_POST["EVENT_NAME"]) : "")
: "CREATE EVENT " . idf_escape($_POST["EVENT_NAME"]) . $schedule
) . "\n$_POST[STATUS] COMMENT '" . $dbh->escape_string($_POST["EVENT_COMMENT"])
. "' DO\n$_POST[EVENT_DEFINITION]"
) . "\n$_POST[STATUS] COMMENT " . $dbh->quote($_POST["EVENT_COMMENT"])
. " DO\n$_POST[EVENT_DEFINITION]"
, substr($SELF, 0, -1), (strlen($_GET["event"]) ? lang('Event has been altered.') : lang('Event has been created.')));
}
}
@@ -28,7 +28,7 @@ $row = array();
if ($_POST) {
$row = $_POST;
} elseif (strlen($_GET["event"])) {
$result = $dbh->query("SELECT * FROM information_schema.EVENTS WHERE EVENT_SCHEMA = '" . $dbh->escape_string($_GET["db"]) . "' AND EVENT_NAME = '" . $dbh->escape_string($_GET["event"]) . "'");
$result = $dbh->query("SELECT * FROM information_schema.EVENTS WHERE EVENT_SCHEMA = " . $dbh->quote($_GET["db"]) . " AND EVENT_NAME = " . $dbh->quote($_GET["event"]));
$row = $result->fetch_assoc();
$row["STATUS"] = $statuses[$row["STATUS"]];
$result->free();