mirror of
https://github.com/vrana/adminer.git
synced 2025-08-18 20:31:19 +02:00
Change escape_string to quote
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@747 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
@@ -73,29 +73,29 @@ function process_input($name, $field) {
|
||||
} elseif ($field["type"] == "enum" || $field["auto_increment"] ? !strlen($value) : $function == "NULL") {
|
||||
return "NULL";
|
||||
} elseif ($field["type"] == "enum") {
|
||||
return (isset($_GET["default"]) ? "'" . $dbh->escape_string($value) . "'" : intval($value));
|
||||
return (isset($_GET["default"]) ? $dbh->quote($value) : intval($value));
|
||||
} elseif ($field["type"] == "set") {
|
||||
return (isset($_GET["default"]) ? "'" . implode(",", array_map(array($dbh, 'escape_string'), (array) $value)) . "'" : array_sum((array) $value));
|
||||
return (isset($_GET["default"]) ? "'" . implode(",", array_map('escape_string', (array) $value)) . "'" : array_sum((array) $value));
|
||||
} elseif (preg_match('~binary|blob~', $field["type"])) {
|
||||
$file = get_file($idf);
|
||||
if (!is_string($file)) {
|
||||
return false; //! report errors
|
||||
}
|
||||
return "_binary'" . (is_string($file) ? $dbh->escape_string($file) : "") . "'";
|
||||
return "_binary" . (is_string($file) ? $dbh->quote($file) : "");
|
||||
} elseif ($field["type"] == "timestamp" && $value == "CURRENT_TIMESTAMP") {
|
||||
return $value;
|
||||
} elseif (preg_match('~^(now|uuid)$~', $function)) {
|
||||
return "$function()";
|
||||
} elseif (preg_match('~^[+-]$~', $function)) {
|
||||
return idf_escape($name) . " $function '" . $dbh->escape_string($value) . "'";
|
||||
return idf_escape($name) . " $function " . $dbh->quote($value);
|
||||
} elseif (preg_match('~^[+-] interval$~', $function)) {
|
||||
return idf_escape($name) . " $function " . (preg_match("~^([0-9]+|'[0-9.: -]') [A-Z_]+$~i", $value) ? $value : "'" . $dbh->escape_string($value) . "'");
|
||||
return idf_escape($name) . " $function " . (preg_match("~^([0-9]+|'[0-9.: -]') [A-Z_]+$~i", $value) ? $value : $dbh->quote($value));
|
||||
} elseif (preg_match('~^(addtime|subtime)$~', $function)) {
|
||||
return "$function(" . idf_escape($name) . ", '" . $dbh->escape_string($value) . "')";
|
||||
return "$function(" . idf_escape($name) . ", " . $dbh->quote($value) . ")";
|
||||
} elseif (preg_match('~^(md5|sha1|password)$~', $function)) {
|
||||
return "$function('" . $dbh->escape_string($value) . "')";
|
||||
return "$function(" . $dbh->quote($value) . ")";
|
||||
} else {
|
||||
return "'" . $dbh->escape_string($value) . "'";
|
||||
return $dbh->quote($value);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -116,7 +116,7 @@ function process_type($field, $collate = "COLLATE") {
|
||||
return " $field[type]"
|
||||
. ($field["length"] && !preg_match('~^date|time$~', $field["type"]) ? "(" . process_length($field["length"]) . ")" : "")
|
||||
. (preg_match('~int|float|double|decimal~', $field["type"]) && in_array($field["unsigned"], $unsigned) ? " $field[unsigned]" : "")
|
||||
. (preg_match('~char|text|enum|set~', $field["type"]) && $field["collation"] ? " $collate '" . $dbh->escape_string($field["collation"]) . "'" : "")
|
||||
. (preg_match('~char|text|enum|set~', $field["type"]) && $field["collation"] ? " $collate " . $dbh->quote($field["collation"]) : "")
|
||||
;
|
||||
}
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ function dump_table($table, $style, $is_view = false) {
|
||||
}
|
||||
if ($style == "CREATE+ALTER" && !$is_view) {
|
||||
// create procedure which iterates over original columns and adds new and removes old
|
||||
$query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = '" . $dbh->escape_string($table) . "' ORDER BY ORDINAL_POSITION";
|
||||
$query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = " . $dbh->quote($table) . " ORDER BY ORDINAL_POSITION";
|
||||
?>
|
||||
DELIMITER ;;
|
||||
CREATE PROCEDURE adminer_alter () BEGIN
|
||||
@@ -38,27 +38,27 @@ CREATE PROCEDURE adminer_alter () BEGIN
|
||||
DECLARE _column_comment varchar(255);
|
||||
DECLARE done, set_after bool DEFAULT 0;
|
||||
DECLARE add_columns text DEFAULT '<?php
|
||||
$fields = array();
|
||||
$result = $dbh->query($query);
|
||||
$after = "";
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
$row["default"] = (isset($row["COLUMN_DEFAULT"]) ? "'" . $dbh->escape_string($row["COLUMN_DEFAULT"]) . "'" : "NULL");
|
||||
$row["after"] = $dbh->escape_string($after); //! rgt AFTER lft, lft AFTER id doesn't work
|
||||
$row["alter"] = $dbh->escape_string(idf_escape($row["COLUMN_NAME"])
|
||||
. " $row[COLUMN_TYPE]"
|
||||
. ($row["COLLATION_NAME"] ? " COLLATE $row[COLLATION_NAME]" : "")
|
||||
. (isset($row["COLUMN_DEFAULT"]) ? " DEFAULT $row[default]" : "")
|
||||
. ($row["IS_NULLABLE"] == "YES" ? "" : " NOT NULL")
|
||||
. ($row["EXTRA"] ? " $row[EXTRA]" : "")
|
||||
. ($row["COLUMN_COMMENT"] ? " COMMENT '" . $dbh->escape_string($row["COLUMN_COMMENT"]) . "'" : "")
|
||||
. ($after ? " AFTER " . idf_escape($after) : " FIRST")
|
||||
);
|
||||
echo ", ADD $row[alter]";
|
||||
$fields[] = $row;
|
||||
$after = $row["COLUMN_NAME"];
|
||||
}
|
||||
$result->free();
|
||||
?>';
|
||||
$fields = array();
|
||||
$result = $dbh->query($query);
|
||||
$after = "";
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
$row["default"] = (isset($row["COLUMN_DEFAULT"]) ? $dbh->quote($row["COLUMN_DEFAULT"]) : "NULL");
|
||||
$row["after"] = $dbh->quote($after); //! rgt AFTER lft, lft AFTER id doesn't work
|
||||
$row["alter"] = escape_string(idf_escape($row["COLUMN_NAME"])
|
||||
. " $row[COLUMN_TYPE]"
|
||||
. ($row["COLLATION_NAME"] ? " COLLATE $row[COLLATION_NAME]" : "")
|
||||
. (isset($row["COLUMN_DEFAULT"]) ? " DEFAULT $row[default]" : "")
|
||||
. ($row["IS_NULLABLE"] == "YES" ? "" : " NOT NULL")
|
||||
. ($row["EXTRA"] ? " $row[EXTRA]" : "")
|
||||
. ($row["COLUMN_COMMENT"] ? " COMMENT " . $dbh->quote($row["COLUMN_COMMENT"]) : "")
|
||||
. ($after ? " AFTER " . idf_escape($after) : " FIRST")
|
||||
);
|
||||
echo ", ADD $row[alter]";
|
||||
$fields[] = $row;
|
||||
$after = $row["COLUMN_NAME"];
|
||||
}
|
||||
$result->free();
|
||||
?>';
|
||||
DECLARE columns CURSOR FOR <?php echo $query; ?>;
|
||||
DECLARE CONTINUE HANDLER FOR NOT FOUND SET done = 1;
|
||||
SET @alter_table = '';
|
||||
@@ -68,15 +68,15 @@ $result->free();
|
||||
IF NOT done THEN
|
||||
SET set_after = 1;
|
||||
CASE _column_name<?php
|
||||
foreach ($fields as $row) {
|
||||
echo "
|
||||
WHEN '" . $dbh->escape_string($row["COLUMN_NAME"]) . "' THEN
|
||||
foreach ($fields as $row) {
|
||||
echo "
|
||||
WHEN " . $dbh->quote($row["COLUMN_NAME"]) . " THEN
|
||||
SET add_columns = REPLACE(add_columns, ', ADD $row[alter]', '');
|
||||
IF NOT (_column_default <=> $row[default]) OR _is_nullable != '$row[IS_NULLABLE]' OR _collation_name != '$row[COLLATION_NAME]' OR _column_type != '$row[COLUMN_TYPE]' OR _extra != '$row[EXTRA]' OR _column_comment != '" . $dbh->escape_string($row["COLUMN_COMMENT"]) . "' OR after != '$row[after]' THEN
|
||||
IF NOT (_column_default <=> $row[default]) OR _is_nullable != '$row[IS_NULLABLE]' OR _collation_name != '$row[COLLATION_NAME]' OR _column_type != '$row[COLUMN_TYPE]' OR _extra != '$row[EXTRA]' OR _column_comment != " . $dbh->quote($row["COLUMN_COMMENT"]) . " OR after != $row[after] THEN
|
||||
SET @alter_table = CONCAT(@alter_table, ', MODIFY $row[alter]');
|
||||
END IF;"; //! don't replace in comment
|
||||
}
|
||||
?>
|
||||
}
|
||||
?>
|
||||
|
||||
ELSE
|
||||
SET @alter_table = CONCAT(@alter_table, ', DROP ', _column_name);
|
||||
@@ -121,12 +121,12 @@ function dump_data($table, $style, $select = "") {
|
||||
$insert = "INSERT INTO " . idf_escape($table) . " (" . implode(", ", array_map('idf_escape', array_keys($row))) . ") VALUES";
|
||||
$row2 = array();
|
||||
foreach ($row as $key => $val) {
|
||||
$row2[$key] = (isset($val) ? "'" . $dbh->escape_string($val) . "'" : "NULL");
|
||||
$row2[$key] = (isset($val) ? $dbh->quote($val) : "NULL");
|
||||
}
|
||||
if ($style == "INSERT+UPDATE") {
|
||||
$set = array();
|
||||
foreach ($row as $key => $val) {
|
||||
$set[] = idf_escape($key) . " = " . (isset($val) ? "'" . $dbh->escape_string($val) . "'" : "NULL");
|
||||
$set[] = idf_escape($key) . " = " . (isset($val) ? $dbh->quote($val) : "NULL");
|
||||
}
|
||||
echo "$insert (" . implode(", ", $row2) . ") ON DUPLICATE KEY UPDATE " . implode(", ", $set) . ";\n";
|
||||
} else {
|
||||
|
||||
@@ -67,7 +67,7 @@ function where($where) {
|
||||
$return = array();
|
||||
foreach ((array) $where["where"] as $key => $val) {
|
||||
$key = bracket_escape($key, "back");
|
||||
$return[] = (preg_match('~^[A-Z0-9_]+\\(`(?:[^`]+|``)+`\\)$~', $key) ? $key : idf_escape($key)) . " = BINARY '" . $dbh->escape_string($val) . "'"; //! enum and set, columns looking like functions
|
||||
$return[] = (preg_match('~^[A-Z0-9_]+\\(`(?:[^`]+|``)+`\\)$~', $key) ? $key : idf_escape($key)) . " = BINARY " . $dbh->quote($val); //! enum and set, columns looking like functions
|
||||
}
|
||||
foreach ((array) $where["null"] as $key) {
|
||||
$key = bracket_escape($key, "back");
|
||||
|
||||
@@ -28,6 +28,10 @@ if (extension_loaded("mysqli")) {
|
||||
return $row[$field];
|
||||
}
|
||||
|
||||
function quote($string) {
|
||||
return "'" . parent::escape_string($string) . "'";
|
||||
}
|
||||
|
||||
// minification compatibility start
|
||||
function select_db($database) {
|
||||
return parent::select_db($database);
|
||||
@@ -51,10 +55,6 @@ if (extension_loaded("mysqli")) {
|
||||
function next_result() {
|
||||
return parent::next_result();
|
||||
}
|
||||
|
||||
function escape_string($string) {
|
||||
return parent::escape_string($string);
|
||||
}
|
||||
}
|
||||
|
||||
class Min_Result {
|
||||
@@ -103,6 +103,10 @@ if (extension_loaded("mysqli")) {
|
||||
return (bool) $this->_link;
|
||||
}
|
||||
|
||||
function quote($string) {
|
||||
return "'" . mysql_real_escape_string($string, $this->_link) . "'";
|
||||
}
|
||||
|
||||
function select_db($database) {
|
||||
return mysql_select_db($database, $this->_link);
|
||||
}
|
||||
@@ -138,10 +142,6 @@ if (extension_loaded("mysqli")) {
|
||||
}
|
||||
return mysql_result($result->_result, 0, $field);
|
||||
}
|
||||
|
||||
function escape_string($string) {
|
||||
return mysql_real_escape_string($string, $this->_link);
|
||||
}
|
||||
}
|
||||
|
||||
class Min_Result {
|
||||
@@ -224,7 +224,7 @@ function get_databases() {
|
||||
|
||||
function table_status($table) {
|
||||
global $dbh;
|
||||
$result = $dbh->query("SHOW TABLE STATUS LIKE '" . $dbh->escape_string(addcslashes($table, "%_")) . "'");
|
||||
$result = $dbh->query("SHOW TABLE STATUS LIKE " . $dbh->quote(addcslashes($table, "%_")));
|
||||
$return = $result->fetch_assoc(); // ()-> is not supported in PHP 4
|
||||
$result->free();
|
||||
return $return;
|
||||
@@ -320,6 +320,11 @@ function collations() {
|
||||
return $return;
|
||||
}
|
||||
|
||||
function escape_string($val) {
|
||||
global $dbh;
|
||||
return substr($dbh->quote($val), 1, -1);
|
||||
}
|
||||
|
||||
function table_comment(&$row) {
|
||||
if ($row["Engine"] == "InnoDB") {
|
||||
// ignore internal comment, unnecessary since MySQL 5.1.21
|
||||
|
||||
@@ -55,8 +55,8 @@ if (extension_loaded('pdo')) {
|
||||
return $row[$field];
|
||||
}
|
||||
|
||||
function escape_string($string) {
|
||||
return substr($this->quote($string), 1, -1);
|
||||
function quote($string) {
|
||||
return parent::quote($string);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user