mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-08 23:57:29 +02:00
Code Issues Releases Wiki Activity

Allow editing function results

Browse Source
This commit is contained in:
Jakub Vrana
2013-01-23 03:29:58 -08:00
parent 15e83e9396
commit 51b7104342
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adminer/include/functions.inc.php
View File

@@ -335,8 +335,10 @@ function unique_array($row, $indexes) {
function where($where, $fields = array()) { function where($where, $fields = array()) {
global $jush; global $jush;
$return = array(); $return = array();
$function_pattern = '(^[\w\(]+' . str_replace("_", ".*", preg_quote(idf_escape("_"))) . '\)+$)'; //! columns looking like functions
foreach ((array) $where["where"] as $key => $val) { foreach ((array) $where["where"] as $key => $val) {
$return[] = idf_escape(bracket_escape($key, 1)) // 1 - back $key = bracket_escape($key, 1); // 1 - back
$return[] = (preg_match($function_pattern, $key) ? $key : idf_escape($key)) //! SQL injection
. (($jush == "sql" && ereg('\\.', $val)) || $jush == "mssql" ? " LIKE " . exact_value(addcslashes($val, "%_\\")) : " = " . unconvert_field($fields[$key], exact_value($val))) // LIKE because of floats, but slow with ints, in MS SQL because of text . (($jush == "sql" && ereg('\\.', $val)) || $jush == "mssql" ? " LIKE " . exact_value(addcslashes($val, "%_\\")) : " = " . unconvert_field($fields[$key], exact_value($val))) // LIKE because of floats, but slow with ints, in MS SQL because of text
; //! enum and set ; //! enum and set
} }