diff --git a/abstraction.inc.php b/abstraction.inc.php index 3d65a42d..40be40f6 100644 --- a/abstraction.inc.php +++ b/abstraction.inc.php @@ -80,7 +80,7 @@ if (extension_loaded("mysqli")) { // minification compatibility end } - $mysql = new Min_MySQLi; + $dbh = new Min_MySQLi; } elseif (extension_loaded("mysql")) { class Min_MySQL { @@ -168,7 +168,7 @@ if (extension_loaded("mysqli")) { } } - $mysql = new Min_MySQL; + $dbh = new Min_MySQL; } elseif (extension_loaded("pdo_mysql")) { class Min_PDO_MySQL extends PDO { @@ -255,7 +255,7 @@ if (extension_loaded("mysqli")) { } } - $mysql = new Min_PDO_MySQL; + $dbh = new Min_PDO_MySQL; } else { page_header(lang('No MySQL extension'), lang('None of supported PHP extensions (%s) are available.', 'MySQLi, MySQL, PDO_MySQL'), null); diff --git a/auth.inc.php b/auth.inc.php index 7a92b16f..629df69c 100644 --- a/auth.inc.php +++ b/auth.inc.php @@ -66,7 +66,7 @@ $username = &$_SESSION["usernames"][$_GET["server"]]; if (!isset($username)) { $username = $_GET["username"]; } -if (!isset($username) || !$mysql->connect($_GET["server"], $username, $_SESSION["passwords"][$_GET["server"]])) { +if (!isset($username) || !$dbh->connect($_GET["server"], $username, $_SESSION["passwords"][$_GET["server"]])) { auth_error(); exit; } diff --git a/call.inc.php b/call.inc.php index 950fd7f8..715a1251 100644 --- a/call.inc.php +++ b/call.inc.php @@ -22,25 +22,25 @@ if (!$error && $_POST) { $val = "''"; } if (isset($out[$key])) { - $mysql->query("SET @" . idf_escape($field["field"]) . " = " . $val); + $dbh->query("SET @" . idf_escape($field["field"]) . " = " . $val); } } $call[] = (isset($out[$key]) ? "@" . idf_escape($field["field"]) : $val); } - $result = $mysql->multi_query((isset($_GET["callf"]) ? "SELECT" : "CALL") . " " . idf_escape($_GET["call"]) . "(" . implode(", ", $call) . ")"); + $result = $dbh->multi_query((isset($_GET["callf"]) ? "SELECT" : "CALL") . " " . idf_escape($_GET["call"]) . "(" . implode(", ", $call) . ")"); if (!$result) { - echo "

" . htmlspecialchars($mysql->error) . "

\n"; + echo "

" . htmlspecialchars($dbh->error) . "

\n"; } else { do { - $result = $mysql->store_result(); + $result = $dbh->store_result(); if (is_object($result)) { select($result); } else { - echo "

" . lang('Routine has been called, %d row(s) affected.', $mysql->affected_rows) . "

\n"; + echo "

" . lang('Routine has been called, %d row(s) affected.', $dbh->affected_rows) . "

\n"; } - } while ($mysql->next_result()); + } while ($dbh->next_result()); if ($out) { - select($mysql->query("SELECT " . implode(", ", $out))); + select($dbh->query("SELECT " . implode(", ", $out))); } } } diff --git a/connect.inc.php b/connect.inc.php index 76ce440c..97de7c3d 100644 --- a/connect.inc.php +++ b/connect.inc.php @@ -1,6 +1,6 @@ query("SET SQL_QUOTE_SHOW_CREATE=1"); -if (!(strlen($_GET["db"]) ? $mysql->select_db($_GET["db"]) : isset($_GET["sql"]) || isset($_GET["dump"]) || isset($_GET["database"]) || isset($_GET["processlist"]) || isset($_GET["privileges"]) || isset($_GET["user"]))) { +$dbh->query("SET SQL_QUOTE_SHOW_CREATE=1"); +if (!(strlen($_GET["db"]) ? $dbh->select_db($_GET["db"]) : isset($_GET["sql"]) || isset($_GET["dump"]) || isset($_GET["database"]) || isset($_GET["processlist"]) || isset($_GET["privileges"]) || isset($_GET["user"]))) { if (strlen($_GET["db"])) { unset($_SESSION["databases"][$_GET["server"]]); } @@ -11,10 +11,10 @@ if (!(strlen($_GET["db"]) ? $mysql->select_db($_GET["db"]) : isset($_GET["sql"]) echo '

' . lang('Create new database') . "

\n"; echo '

' . lang('Privileges') . "

\n"; echo '

' . lang('Process list') . "

\n"; - echo "

" . lang('MySQL version: %s through PHP extension %s', "server_info < 4.1 ? " class='binary'" : "") . ">$mysql->server_info", "$mysql->extension") . "

\n"; - echo "

" . lang('Logged as: %s', "" . htmlspecialchars($mysql->result($mysql->query("SELECT USER()"))) . "") . "

\n"; + echo "

" . lang('MySQL version: %s through PHP extension %s', "server_info < 4.1 ? " class='binary'" : "") . ">$dbh->server_info", "$dbh->extension") . "

\n"; + echo "

" . lang('Logged as: %s', "" . htmlspecialchars($dbh->result($dbh->query("SELECT USER()"))) . "") . "

\n"; } page_footer("db"); exit; } -$mysql->query("SET CHARACTER SET utf8"); +$dbh->query("SET CHARACTER SET utf8"); diff --git a/create.inc.php b/create.inc.php index 6c5a991a..2718e9e7 100644 --- a/create.inc.php +++ b/create.inc.php @@ -31,9 +31,9 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"] $fields[] = (!strlen($_GET["create"]) ? "" : (strlen($field["orig"]) ? "CHANGE " . idf_escape($field["orig"]) . " " : "ADD ")) . idf_escape($field["field"]) . process_type($field) . ($field["null"] ? " NULL" : " NOT NULL") // NULL for timestamp - . (strlen($_GET["create"]) && strlen($field["orig"]) && isset($orig_fields[$field["orig"]]["default"]) && $field["type"] != "timestamp" ? " DEFAULT '" . $mysql->escape_string($orig_fields[$field["orig"]]["default"]) . "'" : "") //! timestamp + . (strlen($_GET["create"]) && strlen($field["orig"]) && isset($orig_fields[$field["orig"]]["default"]) && $field["type"] != "timestamp" ? " DEFAULT '" . $dbh->escape_string($orig_fields[$field["orig"]]["default"]) . "'" : "") //! timestamp . ($key == $_POST["auto_increment_col"] ? " AUTO_INCREMENT$auto_increment_index" : "") - . " COMMENT '" . $mysql->escape_string($field["comment"]) . "'" + . " COMMENT '" . $dbh->escape_string($field["comment"]) . "'" . (strlen($_GET["create"]) ? " $after" : "") ; $after = "AFTER " . idf_escape($field["field"]); @@ -41,10 +41,10 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"] $fields[] = "DROP " . idf_escape($field["orig"]); } } - $status = ($_POST["Engine"] ? " ENGINE='" . $mysql->escape_string($_POST["Engine"]) . "'" : "") - . ($_POST["Collation"] ? " COLLATE '" . $mysql->escape_string($_POST["Collation"]) . "'" : "") + $status = ($_POST["Engine"] ? " ENGINE='" . $dbh->escape_string($_POST["Engine"]) . "'" : "") + . ($_POST["Collation"] ? " COLLATE '" . $dbh->escape_string($_POST["Collation"]) . "'" : "") . (strlen($_POST["Auto_increment"]) ? " AUTO_INCREMENT=" . intval($_POST["Auto_increment"]) : "") - . " COMMENT='" . $mysql->escape_string($_POST["Comment"]) . "'" + . " COMMENT='" . $dbh->escape_string($_POST["Comment"]) . "'" ; if (in_array($_POST["partition_by"], $partition_by)) { $partitions = array(); @@ -55,7 +55,7 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"] } } $status .= " PARTITION BY $_POST[partition_by]($_POST[partition])" . ($partitions ? " (" . implode(", ", $partitions) . ")" : ($_POST["partitions"] ? " PARTITIONS " . intval($_POST["partitions"]) : "")); - } elseif ($mysql->server_info >= 5.1 && strlen($_GET["create"])) { + } elseif ($dbh->server_info >= 5.1 && strlen($_GET["create"])) { $status .= " REMOVE PARTITIONING"; } $location = $SELF . "table=" . urlencode($_POST["name"]); @@ -69,7 +69,7 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"] page_header((strlen($_GET["create"]) ? lang('Alter table') : lang('Create table')), $error, array("table" => $_GET["create"]), $_GET["create"]); $engines = array(); -$result = $mysql->query("SHOW ENGINES"); +$result = $dbh->query("SHOW ENGINES"); while ($row = $result->fetch_assoc()) { if ($row["Support"] == "YES" || $row["Support"] == "DEFAULT") { $engines[] = $row["Engine"]; @@ -88,14 +88,14 @@ if ($_POST) { table_comment($row); $row["name"] = $_GET["create"]; $row["fields"] = array_values($orig_fields); - if ($mysql->server_info >= 5.1) { - $from = "FROM information_schema.PARTITIONS WHERE TABLE_SCHEMA = '" . $mysql->escape_string($_GET["db"]) . "' AND TABLE_NAME = '" . $mysql->escape_string($_GET["create"]) . "'"; - $result = $mysql->query("SELECT PARTITION_METHOD, PARTITION_ORDINAL_POSITION, PARTITION_EXPRESSION $from ORDER BY PARTITION_ORDINAL_POSITION DESC LIMIT 1"); + if ($dbh->server_info >= 5.1) { + $from = "FROM information_schema.PARTITIONS WHERE TABLE_SCHEMA = '" . $dbh->escape_string($_GET["db"]) . "' AND TABLE_NAME = '" . $dbh->escape_string($_GET["create"]) . "'"; + $result = $dbh->query("SELECT PARTITION_METHOD, PARTITION_ORDINAL_POSITION, PARTITION_EXPRESSION $from ORDER BY PARTITION_ORDINAL_POSITION DESC LIMIT 1"); list($row["partition_by"], $row["partitions"], $row["partition"]) = $result->fetch_row(); $result->free(); $row["partition_names"] = array(); $row["partition_values"] = array(); - $result = $mysql->query("SELECT PARTITION_NAME, PARTITION_DESCRIPTION $from AND PARTITION_NAME != '' ORDER BY PARTITION_ORDINAL_POSITION"); + $result = $dbh->query("SELECT PARTITION_NAME, PARTITION_DESCRIPTION $from AND PARTITION_NAME != '' ORDER BY PARTITION_ORDINAL_POSITION"); while ($row1 = $result->fetch_assoc()) { $row["partition_names"][] = $row1["PARTITION_NAME"]; $row["partition_values"][] = $row1["PARTITION_DESCRIPTION"]; @@ -146,7 +146,7 @@ function column_comments_click(checked) { />

server_info >= 5.1) { +if ($dbh->server_info >= 5.1) { $partition_table = ereg('RANGE|LIST', $row["partition_by"]); ?>
diff --git a/database.inc.php b/database.inc.php index a9206a50..aeb89093 100644 --- a/database.inc.php +++ b/database.inc.php @@ -5,8 +5,8 @@ if ($_POST && !$error) { query_redirect("DROP DATABASE " . idf_escape($_GET["db"]), substr(preg_replace('~db=[^&]*&~', '', $SELF), 0, -1), lang('Database has been dropped.')); } elseif ($_GET["db"] !== $_POST["name"]) { unset($_SESSION["databases"][$_GET["server"]]); - if (query_redirect("CREATE DATABASE " . idf_escape($_POST["name"]) . ($_POST["collation"] ? " COLLATE '" . $mysql->escape_string($_POST["collation"]) . "'" : ""), $SELF . "db=" . urlencode($_POST["name"]), lang('Database has been created.'), !strlen($_GET["db"]))) { - $result = $mysql->query("SHOW TABLES"); + if (query_redirect("CREATE DATABASE " . idf_escape($_POST["name"]) . ($_POST["collation"] ? " COLLATE '" . $dbh->escape_string($_POST["collation"]) . "'" : ""), $SELF . "db=" . urlencode($_POST["name"]), lang('Database has been created.'), !strlen($_GET["db"]))) { + $result = $dbh->query("SHOW TABLES"); while ($row = $result->fetch_row()) { if (!queries("RENAME TABLE " . idf_escape($row[0]) . " TO " . idf_escape($_POST["name"]) . "." . idf_escape($row[0]))) { break; @@ -14,7 +14,7 @@ if ($_POST && !$error) { } $result->free(); if (!$row) { - $mysql->query("DROP DATABASE " . idf_escape($_GET["db"])); + $dbh->query("DROP DATABASE " . idf_escape($_GET["db"])); } query_redirect(queries(), preg_replace('~db=[^&]*&~', '', $SELF) . "db=" . urlencode($_POST["name"]), lang('Database has been renamed.'), !$row, false, $row); } @@ -22,7 +22,7 @@ if ($_POST && !$error) { if (!$_POST["collation"]) { redirect(substr($SELF, 0, -1)); } - query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE '" . $mysql->escape_string($_POST["collation"]) . "'", substr($SELF, 0, -1), lang('Database has been altered.')); + query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE '" . $dbh->escape_string($_POST["collation"]) . "'", substr($SELF, 0, -1), lang('Database has been altered.')); } } page_header(strlen($_GET["db"]) ? lang('Alter database') : lang('Create database'), $error, array(), $_GET["db"]); @@ -35,7 +35,7 @@ if ($_POST) { $collate = $_POST["collation"]; } else { if (!strlen($_GET["db"])) { - $result = $mysql->query("SHOW GRANTS"); + $result = $dbh->query("SHOW GRANTS"); while ($row = $result->fetch_row()) { if (preg_match('~ ON (`(([^\\\\`]+|``|\\\\.)*)%`\\.\\*)?~', $row[0], $match) && $match[1]) { $name = stripcslashes(idf_unescape($match[2])); @@ -43,8 +43,8 @@ if ($_POST) { } } $result->free(); - } elseif (($result = $mysql->query("SHOW CREATE DATABASE " . idf_escape($_GET["db"])))) { - $create = $mysql->result($result, 1); + } elseif (($result = $dbh->query("SHOW CREATE DATABASE " . idf_escape($_GET["db"])))) { + $create = $dbh->result($result, 1); if (preg_match('~ COLLATE ([^ ]+)~', $create, $match)) { $collate = $match[1]; } elseif (preg_match('~ CHARACTER SET ([^ ]+)~', $create, $match)) { diff --git a/design.inc.php b/design.inc.php index 41a92741..3ece5026 100644 --- a/design.inc.php +++ b/design.inc.php @@ -59,7 +59,7 @@ function toggle(id) { } function page_footer($missing = false) { - global $SELF, $mysql; + global $SELF, $dbh; ?> @@ -92,7 +92,7 @@ function page_footer($missing = false) { query("SHOW TABLE STATUS"); + $result = $dbh->query("SHOW TABLE STATUS"); if (!$result->num_rows) { echo "

" . lang('No tables.') . "

\n"; } else { diff --git a/download.inc.php b/download.inc.php index 8ac7d4ed..1fd2179f 100644 --- a/download.inc.php +++ b/download.inc.php @@ -1,3 +1,3 @@ result($mysql->query("SELECT " . idf_escape($_GET["field"]) . " FROM " . idf_escape($_GET["download"]) . " WHERE " . implode(" AND ", where($_GET)) . " LIMIT 1")); +echo $dbh->result($dbh->query("SELECT " . idf_escape($_GET["field"]) . " FROM " . idf_escape($_GET["download"]) . " WHERE " . implode(" AND ", where($_GET)) . " LIMIT 1")); diff --git a/dump.inc.php b/dump.inc.php index 32d633fa..9c175283 100644 --- a/dump.inc.php +++ b/dump.inc.php @@ -15,37 +15,37 @@ if ($_POST) { $max_packet = 1048576; // default, minimum is 1024 echo "SET NAMES utf8;\n"; echo "SET foreign_key_checks = 0;\n"; - echo "SET time_zone = '" . $mysql->escape_string($mysql->result($mysql->query("SELECT @@time_zone"))) . "';\n"; + echo "SET time_zone = '" . $dbh->escape_string($dbh->result($dbh->query("SELECT @@time_zone"))) . "';\n"; echo "\n"; } foreach ($_POST["databases"] as $db => $style) { $db = bracket_escape($db, "back"); - if ($mysql->select_db($db)) { - if ($_POST["format"] != "csv" && ereg('CREATE', $style) && ($result = $mysql->query("SHOW CREATE DATABASE " . idf_escape($db)))) { + if ($dbh->select_db($db)) { + if ($_POST["format"] != "csv" && ereg('CREATE', $style) && ($result = $dbh->query("SHOW CREATE DATABASE " . idf_escape($db)))) { if ($style == "DROP, CREATE") { echo "DROP DATABASE IF EXISTS " . idf_escape($db) . ";\n"; } - $create = $mysql->result($result, 1); + $create = $dbh->result($result, 1); echo ($style == "CREATE, ALTER" ? preg_replace('~^CREATE DATABASE ~', '\\0IF NOT EXISTS ', $create) : $create) . ";\n"; $result->free(); } if ($style && $_POST["format"] != "csv") { echo "USE " . idf_escape($db) . ";\n\n"; $out = ""; - if ($mysql->server_info >= 5) { + if ($dbh->server_info >= 5) { foreach (array("FUNCTION", "PROCEDURE") as $routine) { - $result = $mysql->query("SHOW $routine STATUS WHERE Db = '" . $mysql->escape_string($db) . "'"); + $result = $dbh->query("SHOW $routine STATUS WHERE Db = '" . $dbh->escape_string($db) . "'"); while ($row = $result->fetch_assoc()) { - $out .= $mysql->result($mysql->query("SHOW CREATE $routine " . idf_escape($row["Name"])), 2) . ";;\n\n"; + $out .= $dbh->result($dbh->query("SHOW CREATE $routine " . idf_escape($row["Name"])), 2) . ";;\n\n"; } $result->free(); } } - if ($mysql->server_info >= 5.1) { - $result = $mysql->query("SHOW EVENTS"); + if ($dbh->server_info >= 5.1) { + $result = $dbh->query("SHOW EVENTS"); while ($row = $result->fetch_assoc()) { - $out .= $mysql->result($mysql->query("SHOW CREATE EVENT " . idf_escape($row["Name"])), 3) . ";;\n\n"; + $out .= $dbh->result($dbh->query("SHOW CREATE EVENT " . idf_escape($row["Name"])), 3) . ";;\n\n"; } $result->free(); } @@ -54,7 +54,7 @@ if ($_POST) { if (($style || strlen($_GET["db"])) && (array_filter((array) $_POST["tables"]) || array_filter((array) $_POST["data"]))) { $views = array(); - $result = $mysql->query("SHOW TABLE STATUS"); + $result = $dbh->query("SHOW TABLE STATUS"); while ($row = $result->fetch_assoc()) { $key = (strlen($_GET["db"]) ? bracket_escape($row["Name"]) : 0); if ($_POST["tables"][$key] || $_POST["data"][$key]) { @@ -80,7 +80,7 @@ if ($_POST) { } } - if ($mysql->server_info >= 5 && $style == "CREATE, ALTER" && $_POST["format"] != "csv") { + if ($dbh->server_info >= 5 && $style == "CREATE, ALTER" && $_POST["format"] != "csv") { $query = "SELECT TABLE_NAME, ENGINE, TABLE_COLLATION, TABLE_COMMENT FROM information_schema.TABLES WHERE TABLE_SCHEMA = DATABASE()"; ?> DELIMITER ;; @@ -95,11 +95,11 @@ CREATE PROCEDURE phpminadmin_drop () BEGIN FETCH tables INTO _table_name, _engine, _table_collation, _table_comment; IF NOT done THEN CASE _table_namequery($query); +$result = $dbh->query($query); while ($row = $result->fetch_assoc()) { - $comment = $mysql->escape_string($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]); + $comment = $dbh->escape_string($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]); echo " - WHEN '" . $mysql->escape_string($row["TABLE_NAME"]) . "' THEN + WHEN '" . $dbh->escape_string($row["TABLE_NAME"]) . "' THEN " . (isset($row["ENGINE"]) ? "IF _engine != '$row[ENGINE]' OR _table_collation != '$row[TABLE_COLLATION]' OR _table_comment != '$comment' THEN ALTER TABLE " . idf_escape($row["TABLE_NAME"]) . " ENGINE=$row[ENGINE] COLLATE=$row[TABLE_COLLATION] COMMENT='$comment'; END IF" : "BEGIN END") . ";"; @@ -151,7 +151,7 @@ foreach (array('', 'USE', 'DROP, CREATE', 'CREATE', 'CREATE, ALTER') as $val) { } echo "\n"; foreach ((strlen($_GET["db"]) ? array($_GET["db"]) : get_databases()) as $db) { - if ($db != "information_schema" || $mysql->server_info < 5) { + if ($db != "information_schema" || $dbh->server_info < 5) { echo "" . htmlspecialchars($db) . ""; foreach (array('', 'USE', 'DROP, CREATE', 'CREATE', 'CREATE, ALTER') as $val) { echo '"; @@ -170,7 +170,7 @@ foreach (array('', 'TRUNCATE, INSERT', 'INSERT', 'UPDATE') as $val) { } echo "\n"; $views = ""; -$result = $mysql->query(strlen($_GET["db"]) ? "SHOW TABLE STATUS" : "SELECT 'Engine'"); +$result = $dbh->query(strlen($_GET["db"]) ? "SHOW TABLE STATUS" : "SELECT 'Engine'"); odd(''); while ($row = $result->fetch_assoc()) { $print = "" . htmlspecialchars($row["Name"]) . ""; diff --git a/edit.inc.php b/edit.inc.php index 32eccf85..3db1db00 100644 --- a/edit.inc.php +++ b/edit.inc.php @@ -53,7 +53,7 @@ if ($_POST) { } $row = array(); if ($select) { - $result = $mysql->query("SELECT " . implode(", ", $select) . " FROM " . idf_escape($_GET["edit"]) . " WHERE " . implode(" AND ", $where) . " LIMIT 1"); + $result = $dbh->query("SELECT " . implode(", ", $select) . " FROM " . idf_escape($_GET["edit"]) . " WHERE " . implode(" AND ", $where) . " LIMIT 1"); $row = $result->fetch_assoc(); $result->free(); } @@ -76,7 +76,7 @@ if ($fields) { if (isset($_GET["default"]) && $field["type"] == "timestamp") { if (!isset($create) && !$_POST) { //! disable sql_mode NO_FIELD_OPTIONS - $create = $mysql->result($mysql->query("SHOW CREATE TABLE " . idf_escape($_GET["edit"])), 1); + $create = $dbh->result($dbh->query("SHOW CREATE TABLE " . idf_escape($_GET["edit"])), 1); } $checked = ($_POST ? $_POST["on_update"][bracket_escape($name)] : preg_match("~\n\\s*" . preg_quote(idf_escape($name), '~') . " timestamp.* on update CURRENT_TIMESTAMP~i", $create)); echo ''; diff --git a/editing.inc.php b/editing.inc.php index facbe5c3..e246faa6 100644 --- a/editing.inc.php +++ b/editing.inc.php @@ -55,7 +55,7 @@ function input($name, $field, $value) { } function process_input($name, $field) { - global $mysql; + global $dbh; $idf = bracket_escape($name); $function = $_POST["function"][$idf]; $value = $_POST["fields"][$idf]; @@ -64,25 +64,25 @@ function process_input($name, $field) { } elseif ($field["type"] == "enum" || $field["auto_increment"] ? !strlen($value) : $function == "NULL") { return "NULL"; } elseif ($field["type"] == "enum") { - return (isset($_GET["default"]) ? "'" . $mysql->escape_string($value) . "'" : intval($value)); + return (isset($_GET["default"]) ? "'" . $dbh->escape_string($value) . "'" : intval($value)); } elseif ($field["type"] == "set") { - return (isset($_GET["default"]) ? "'" . implode(",", array_map(array($mysql, 'escape_string'), (array) $value)) . "'" : array_sum((array) $value)); + return (isset($_GET["default"]) ? "'" . implode(",", array_map(array($dbh, 'escape_string'), (array) $value)) . "'" : array_sum((array) $value)); } elseif (preg_match('~binary|blob~', $field["type"])) { $file = get_file($idf); if (!is_string($file)) { return false; //! report errors } - return "_binary'" . (is_string($file) ? $mysql->escape_string($file) : "") . "'"; + return "_binary'" . (is_string($file) ? $dbh->escape_string($file) : "") . "'"; } elseif ($field["type"] == "timestamp" && $value == "CURRENT_TIMESTAMP") { return $value; } elseif (preg_match('~^(now|uuid)$~', $function)) { return "$function()"; } elseif (preg_match('~^(\\+|-)$~', $function)) { - return idf_escape($name) . " $function '" . $mysql->escape_string($value) . "'"; + return idf_escape($name) . " $function '" . $dbh->escape_string($value) . "'"; } elseif (preg_match('~^(md5|sha1|password)$~', $function)) { - return "$function('" . $mysql->escape_string($value) . "')"; + return "$function('" . $dbh->escape_string($value) . "')"; } else { - return "'" . $mysql->escape_string($value) . "'"; + return "'" . $dbh->escape_string($value) . "'"; } } @@ -96,11 +96,11 @@ function edit_type($key, $field, $collations) { } function process_type($field, $collate = "COLLATE") { - global $mysql, $enum_length, $unsigned; + global $dbh, $enum_length, $unsigned; return " $field[type]" . ($field["length"] && !preg_match('~^date|time$~', $field["type"]) ? "(" . process_length($field["length"]) . ")" : "") . (preg_match('~int|float|double|decimal~', $field["type"]) && in_array($field["unsigned"], $unsigned) ? " $field[unsigned]" : "") - . (preg_match('~char|text|enum|set~', $field["type"]) && $field["collation"] ? " $collate '" . $mysql->escape_string($field["collation"]) . "'" : "") + . (preg_match('~char|text|enum|set~', $field["type"]) && $field["collation"] ? " $collate '" . $dbh->escape_string($field["collation"]) . "'" : "") ; } @@ -254,11 +254,11 @@ function normalize_enum($match) { } function routine($name, $type) { - global $mysql, $enum_length, $inout; + global $dbh, $enum_length, $inout; $aliases = array("bit" => "tinyint", "bool" => "tinyint", "boolean" => "tinyint", "integer" => "int", "double precision" => "float", "real" => "float", "dec" => "decimal", "numeric" => "decimal", "fixed" => "decimal", "national char" => "char", "national varchar" => "varchar"); $type_pattern = "([a-z]+)(?:\\s*\\(((?:[^'\")]*|$enum_length)+)\\))?\\s*(zerofill\\s*)?(unsigned(?:\\s+zerofill)?)?(?:\\s*(?:CHARSET|CHARACTER\\s+SET)\\s*['\"]?([^'\"\\s]+)['\"]?)?"; $pattern = "\\s*(" . ($type == "FUNCTION" ? "" : implode("|", $inout)) . ")?\\s*(?:`((?:[^`]+|``)*)`\\s*|\\b(\\S+)\\s+)$type_pattern"; - $create = $mysql->result($mysql->query("SHOW CREATE $type " . idf_escape($name)), 2); + $create = $dbh->result($dbh->query("SHOW CREATE $type " . idf_escape($name)), 2); preg_match("~\\(((?:$pattern\\s*,?)*)\\)" . ($type == "FUNCTION" ? "\\s*RETURNS\\s+$type_pattern" : "") . "\\s*(.*)~is", $create, $match); $fields = array(); preg_match_all("~$pattern\\s*,?~is", $match[1], $matches, PREG_SET_ORDER); diff --git a/event.inc.php b/event.inc.php index a4e31bf1..b5078727 100644 --- a/event.inc.php +++ b/event.inc.php @@ -7,17 +7,17 @@ if ($_POST && !$error) { query_redirect("DROP EVENT " . idf_escape($_GET["event"]), substr($SELF, 0, -1), lang('Event has been dropped.')); } elseif (in_array($_POST["INTERVAL_FIELD"], $intervals) && in_array($_POST["STATUS"], $statuses)) { $schedule = " ON SCHEDULE " . ($_POST["INTERVAL_VALUE"] - ? "EVERY '" . $mysql->escape_string($_POST["INTERVAL_VALUE"]) . "' $_POST[INTERVAL_FIELD]" - . ($_POST["STARTS"] ? " STARTS '" . $mysql->escape_string($_POST["STARTS"]) . "'" : "") - . ($_POST["ENDS"] ? " ENDS '" . $mysql->escape_string($_POST["ENDS"]) . "'" : "") //! ALTER EVENT doesn't drop ENDS - MySQL bug #39173 - : "AT '" . $mysql->escape_string($_POST["STARTS"]) . "'" + ? "EVERY '" . $dbh->escape_string($_POST["INTERVAL_VALUE"]) . "' $_POST[INTERVAL_FIELD]" + . ($_POST["STARTS"] ? " STARTS '" . $dbh->escape_string($_POST["STARTS"]) . "'" : "") + . ($_POST["ENDS"] ? " ENDS '" . $dbh->escape_string($_POST["ENDS"]) . "'" : "") //! ALTER EVENT doesn't drop ENDS - MySQL bug #39173 + : "AT '" . $dbh->escape_string($_POST["STARTS"]) . "'" ) . " ON COMPLETION" . ($_POST["ON_COMPLETION"] ? "" : " NOT") . " PRESERVE" ; query_redirect((strlen($_GET["event"]) ? "ALTER EVENT " . idf_escape($_GET["event"]) . $schedule . ($_GET["event"] != $_POST["EVENT_NAME"] ? " RENAME TO " . idf_escape($_POST["EVENT_NAME"]) : "") : "CREATE EVENT " . idf_escape($_POST["EVENT_NAME"]) . $schedule - ) . " $_POST[STATUS] COMMENT '" . $mysql->escape_string($_POST["EVENT_COMMENT"]) + ) . " $_POST[STATUS] COMMENT '" . $dbh->escape_string($_POST["EVENT_COMMENT"]) . "' DO $_POST[EVENT_DEFINITION]" , substr($SELF, 0, -1), (strlen($_GET["event"]) ? lang('Event has been altered.') : lang('Event has been created.'))); } @@ -28,7 +28,7 @@ $row = array(); if ($_POST) { $row = $_POST; } elseif (strlen($_GET["event"])) { - $result = $mysql->query("SELECT * FROM information_schema.EVENTS WHERE EVENT_SCHEMA = '" . $mysql->escape_string($_GET["db"]) . "' AND EVENT_NAME = '" . $mysql->escape_string($_GET["event"]) . "'"); + $result = $dbh->query("SELECT * FROM information_schema.EVENTS WHERE EVENT_SCHEMA = '" . $dbh->escape_string($_GET["db"]) . "' AND EVENT_NAME = '" . $dbh->escape_string($_GET["event"]) . "'"); $row = $result->fetch_assoc(); $row["STATUS"] = $statuses[$row["STATUS"]]; $result->free(); diff --git a/export.inc.php b/export.inc.php index bfb039c9..f8357684 100644 --- a/export.inc.php +++ b/export.inc.php @@ -9,25 +9,25 @@ function dump_csv($row) { } function dump_table($table, $style, $is_view = false) { - global $mysql; + global $dbh; if ($_POST["format"] == "csv") { echo "\xef\xbb\xbf"; if ($style) { dump_csv(array_keys(fields($table))); } } elseif ($style) { - $result = $mysql->query("SHOW CREATE TABLE " . idf_escape($table)); + $result = $dbh->query("SHOW CREATE TABLE " . idf_escape($table)); if ($result) { if ($style == "DROP, CREATE") { echo "DROP " . ($is_view ? "VIEW" : "TABLE") . " IF EXISTS " . idf_escape($table) . ";\n"; } - $create = $mysql->result($result, 1); + $create = $dbh->result($result, 1); $result->free(); echo ($style != "CREATE, ALTER" ? $create : ($is_view ? substr_replace($create, " OR REPLACE", 6, 0) : substr_replace($create, " IF NOT EXISTS", 12, 0))) . ";\n\n"; } - if ($mysql->server_info >= 5) { + if ($dbh->server_info >= 5) { if ($style == "CREATE, ALTER" && !$is_view) { - $query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = '" . $mysql->escape_string($table) . "' ORDER BY ORDINAL_POSITION"; + $query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = '" . $dbh->escape_string($table) . "' ORDER BY ORDINAL_POSITION"; ?> DELIMITER ;; CREATE PROCEDURE phpminadmin_alter () BEGIN @@ -39,18 +39,18 @@ CREATE PROCEDURE phpminadmin_alter () BEGIN DECLARE done, set_after bool DEFAULT 0; DECLARE add_columns text DEFAULT 'query($query); +$result = $dbh->query($query); $after = ""; while ($row = $result->fetch_assoc()) { - $row["default"] = (isset($row["COLUMN_DEFAULT"]) ? "'" . $mysql->escape_string($row["COLUMN_DEFAULT"]) . "'" : "NULL"); - $row["after"] = $mysql->escape_string($after); //! rgt AFTER lft, lft AFTER id doesn't work - $row["alter"] = $mysql->escape_string(idf_escape($row["COLUMN_NAME"]) + $row["default"] = (isset($row["COLUMN_DEFAULT"]) ? "'" . $dbh->escape_string($row["COLUMN_DEFAULT"]) . "'" : "NULL"); + $row["after"] = $dbh->escape_string($after); //! rgt AFTER lft, lft AFTER id doesn't work + $row["alter"] = $dbh->escape_string(idf_escape($row["COLUMN_NAME"]) . " $row[COLUMN_TYPE]" . ($row["COLLATION_NAME"] ? " COLLATE $row[COLLATION_NAME]" : "") . (isset($row["COLUMN_DEFAULT"]) ? " DEFAULT $row[default]" : "") . ($row["IS_NULLABLE"] == "YES" ? "" : " NOT NULL") . ($row["EXTRA"] ? " $row[EXTRA]" : "") - . ($row["COLUMN_COMMENT"] ? " COMMENT '" . $mysql->escape_string($row["COLUMN_COMMENT"]) . "'" : "") + . ($row["COLUMN_COMMENT"] ? " COMMENT '" . $dbh->escape_string($row["COLUMN_COMMENT"]) . "'" : "") . ($after ? " AFTER " . idf_escape($after) : " FIRST") ); echo ", ADD $row[alter]"; @@ -70,9 +70,9 @@ $result->free(); CASE _column_nameescape_string($row["COLUMN_NAME"]) . "' THEN + WHEN '" . $dbh->escape_string($row["COLUMN_NAME"]) . "' THEN SET add_columns = REPLACE(add_columns, ', ADD $row[alter]', ''); - IF NOT (_column_default <=> $row[default]) OR _is_nullable != '$row[IS_NULLABLE]' OR _collation_name != '$row[COLLATION_NAME]' OR _column_type != '$row[COLUMN_TYPE]' OR _extra != '$row[EXTRA]' OR _column_comment != '" . $mysql->escape_string($row["COLUMN_COMMENT"]) . "' OR after != '$row[after]' THEN + IF NOT (_column_default <=> $row[default]) OR _is_nullable != '$row[IS_NULLABLE]' OR _collation_name != '$row[COLLATION_NAME]' OR _column_type != '$row[COLUMN_TYPE]' OR _extra != '$row[EXTRA]' OR _column_comment != '" . $dbh->escape_string($row["COLUMN_COMMENT"]) . "' OR after != '$row[after]' THEN SET @alter_table = CONCAT(@alter_table, ', MODIFY $row[alter]'); END IF;"; //! don't replace in comment } @@ -103,7 +103,7 @@ DROP PROCEDURE phpminadmin_alter; //! indexes } - $result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string(addcslashes($table, "%_")) . "'"); + $result = $dbh->query("SHOW TRIGGERS LIKE '" . $dbh->escape_string(addcslashes($table, "%_")) . "'"); if ($result->num_rows) { echo "DELIMITER ;;\n\n"; while ($row = $result->fetch_assoc()) { @@ -117,12 +117,12 @@ DROP PROCEDURE phpminadmin_alter; } function dump_data($table, $style, $from = "") { - global $mysql, $max_packet; + global $dbh, $max_packet; if ($style) { if ($_POST["format"] != "csv" && $style == "TRUNCATE, INSERT") { echo "TRUNCATE " . idf_escape($table) . ";\n"; } - $result = $mysql->query("SELECT * " . ($from ? $from : "FROM " . idf_escape($table))); //! enum and set as numbers, binary as _binary, microtime + $result = $dbh->query("SELECT * " . ($from ? $from : "FROM " . idf_escape($table))); //! enum and set as numbers, binary as _binary, microtime if ($result) { $insert = "INSERT INTO " . idf_escape($table) . " VALUES "; $length = 0; @@ -132,13 +132,13 @@ function dump_data($table, $style, $from = "") { } elseif ($style == "UPDATE") { $set = array(); foreach ($row as $key => $val) { - $row[$key] = (isset($val) ? "'" . $mysql->escape_string($val) . "'" : "NULL"); - $set[] = idf_escape($key) . " = " . (isset($val) ? "'" . $mysql->escape_string($val) . "'" : "NULL"); + $row[$key] = (isset($val) ? "'" . $dbh->escape_string($val) . "'" : "NULL"); + $set[] = idf_escape($key) . " = " . (isset($val) ? "'" . $dbh->escape_string($val) . "'" : "NULL"); } echo "INSERT INTO " . idf_escape($table) . " (" . implode(", ", array_map('idf_escape', array_keys($row))) . ") VALUES (" . implode(", ", $row) . ") ON DUPLICATE KEY UPDATE " . implode(", ", $set) . ";\n"; } else { foreach ($row as $key => $val) { - $row[$key] = (isset($val) ? "'" . $mysql->escape_string($val) . "'" : "NULL"); + $row[$key] = (isset($val) ? "'" . $dbh->escape_string($val) . "'" : "NULL"); } $s = "(" . implode(", ", $row) . ")"; if (!$length) { diff --git a/foreign.inc.php b/foreign.inc.php index 8100a60b..8fb9c1d3 100644 --- a/foreign.inc.php +++ b/foreign.inc.php @@ -20,7 +20,7 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["change"] && !$_POST["change- page_header(lang('Foreign key'), $error, array("table" => $_GET["foreign"]), $_GET["foreign"]); $tables = array(); -$result = $mysql->query("SHOW TABLE STATUS"); +$result = $dbh->query("SHOW TABLE STATUS"); while ($row = $result->fetch_assoc()) { if ($row["Engine"] == "InnoDB") { $tables[] = $row["Name"]; diff --git a/functions.inc.php b/functions.inc.php index c5a01df1..31fa4b8f 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -29,9 +29,9 @@ function optionlist($options, $selected = null) { } function get_vals($query) { - global $mysql; + global $dbh; $return = array(); - $result = $mysql->query($query); + $result = $dbh->query($query); if ($result) { while ($row = $result->fetch_row()) { $return[] = $row[0]; @@ -51,17 +51,17 @@ function get_databases() { } function table_status($table) { - global $mysql; - $result = $mysql->query("SHOW TABLE STATUS LIKE '" . $mysql->escape_string(addcslashes($table, "%_")) . "'"); + global $dbh; + $result = $dbh->query("SHOW TABLE STATUS LIKE '" . $dbh->escape_string(addcslashes($table, "%_")) . "'"); $return = $result->fetch_assoc(); $result->free(); return $return; } function fields($table) { - global $mysql; + global $dbh; $return = array(); - $result = $mysql->query("SHOW FULL COLUMNS FROM " . idf_escape($table)); + $result = $dbh->query("SHOW FULL COLUMNS FROM " . idf_escape($table)); if ($result) { while ($row = $result->fetch_assoc()) { preg_match('~^([^( ]+)(?:\\((.+)\\))?( unsigned)?( zerofill)?$~', $row["Type"], $match); @@ -85,9 +85,9 @@ function fields($table) { } function indexes($table) { - global $mysql; + global $dbh; $return = array(); - $result = $mysql->query("SHOW INDEX FROM " . idf_escape($table)); + $result = $dbh->query("SHOW INDEX FROM " . idf_escape($table)); if ($result) { while ($row = $result->fetch_assoc()) { $return[$row["Key_name"]]["type"] = ($row["Key_name"] == "PRIMARY" ? "PRIMARY" : ($row["Index_type"] == "FULLTEXT" ? "FULLTEXT" : ($row["Non_unique"] ? "INDEX" : "UNIQUE"))); @@ -100,12 +100,12 @@ function indexes($table) { } function foreign_keys($table) { - global $mysql, $on_actions; + global $dbh, $on_actions; static $pattern = '(?:[^`]+|``)+'; $return = array(); - $result = $mysql->query("SHOW CREATE TABLE " . idf_escape($table)); + $result = $dbh->query("SHOW CREATE TABLE " . idf_escape($table)); if ($result) { - $create_table = $mysql->result($result, 1); + $create_table = $dbh->result($result, 1); $result->free(); preg_match_all("~CONSTRAINT `($pattern)` FOREIGN KEY \\(((?:`$pattern`,? ?)+)\\) REFERENCES `($pattern)`(?:\\.`($pattern)`)? \\(((?:`$pattern`,? ?)+)\\)(?: ON DELETE (" . implode("|", $on_actions) . "))?(?: ON UPDATE (" . implode("|", $on_actions) . "))?~", $create_table, $matches, PREG_SET_ORDER); foreach ($matches as $match) { @@ -125,8 +125,8 @@ function foreign_keys($table) { } function view($name) { - global $mysql; - return array("select" => preg_replace('~^(?:[^`]+|`[^`]*`)* AS ~U', '', $mysql->result($mysql->query("SHOW CREATE VIEW " . idf_escape($name)), 1))); + global $dbh; + return array("select" => preg_replace('~^(?:[^`]+|`[^`]*`)* AS ~U', '', $dbh->result($dbh->query("SHOW CREATE VIEW " . idf_escape($name)), 1))); } function unique_idf($row, $indexes) { @@ -150,11 +150,11 @@ function unique_idf($row, $indexes) { } function where($where) { - global $mysql; + global $dbh; $return = array(); foreach ((array) $where["where"] as $key => $val) { $key = bracket_escape($key, "back"); - $return[] = (preg_match('~^[A-Z0-9_]+\\(`(?:[^`]+|``)+`\\)$~', $key) ? $key : idf_escape($key)) . " = BINARY '" . $mysql->escape_string($val) . "'"; //! enum and set, columns looking like functions + $return[] = (preg_match('~^[A-Z0-9_]+\\(`(?:[^`]+|``)+`\\)$~', $key) ? $key : idf_escape($key)) . " = BINARY '" . $dbh->escape_string($val) . "'"; //! enum and set, columns looking like functions } foreach ((array) $where["null"] as $key) { $key = bracket_escape($key, "back"); @@ -169,9 +169,9 @@ function process_length($length) { } function collations() { - global $mysql; + global $dbh; $return = array(); - $result = $mysql->query("SHOW COLLATION"); + $result = $dbh->query("SHOW COLLATION"); while ($row = $result->fetch_assoc()) { if ($row["Default"] && $return[$row["Charset"]]) { array_unshift($return[$row["Charset"]], $row["Collation"]); @@ -195,14 +195,14 @@ function redirect($location, $message = null) { } function query_redirect($query, $location, $message, $redirect = true, $execute = true, $failed = false) { - global $mysql, $error, $SELF; + global $dbh, $error, $SELF; $id = "sql-" . count($_SESSION["messages"]); $sql = ($query ? " " . lang('SQL command') . "' : ""); if ($execute) { - $failed = !$mysql->query($query); + $failed = !$dbh->query($query); } if ($failed) { - $error = htmlspecialchars($mysql->error) . $sql; + $error = htmlspecialchars($dbh->error) . $sql; return false; } if ($redirect) { @@ -212,13 +212,13 @@ function query_redirect($query, $location, $message, $redirect = true, $execute } function queries($query = null) { - global $mysql; + global $dbh; static $queries = array(); if (!isset($query)) { return implode(";\n", $queries); } $queries[] = $query; - return $mysql->query($query); + return $dbh->query($query); } function remove_from_uri($param = "") { diff --git a/index.php b/index.php index 3e8d8814..b49063b7 100644 --- a/index.php +++ b/index.php @@ -174,7 +174,7 @@ if (isset($_GET["download"])) { echo '

' . lang('Database schema') . "

\n"; echo "

" . lang('Tables and views') . "

\n"; - $result = $mysql->query("SHOW TABLE STATUS"); + $result = $dbh->query("SHOW TABLE STATUS"); if (!$result->num_rows) { echo "

" . lang('No tables.') . "

\n"; } else { @@ -198,10 +198,10 @@ if (isset($_GET["download"])) { } $result->free(); - if ($mysql->server_info >= 5) { + if ($dbh->server_info >= 5) { echo '

' . lang('Create view') . "

\n"; echo "

" . lang('Routines') . "

\n"; - $result = $mysql->query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = '" . $mysql->escape_string($_GET["db"]) . "'"); + $result = $dbh->query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = '" . $dbh->escape_string($_GET["db"]) . "'"); if ($result->num_rows) { echo "\n"; while ($row = $result->fetch_assoc()) { @@ -217,7 +217,7 @@ if (isset($_GET["download"])) { echo '

' . lang('Create procedure') . ' ' . lang('Create function') . "

\n"; } - if ($mysql->server_info >= 5.1 && ($result = $mysql->query("SHOW EVENTS"))) { + if ($dbh->server_info >= 5.1 && ($result = $dbh->query("SHOW EVENTS"))) { echo "

" . lang('Events') . "

\n"; if ($result->num_rows) { echo "
\n"; diff --git a/privileges.inc.php b/privileges.inc.php index be4dac5d..c026b378 100644 --- a/privileges.inc.php +++ b/privileges.inc.php @@ -1,7 +1,7 @@ ' . lang('Create user') . "

"; -$result = $mysql->query("SELECT User, Host FROM mysql.user ORDER BY Host, User"); +$result = $dbh->query("SELECT User, Host FROM mysql.user ORDER BY Host, User"); if (!$result) { ?>

@@ -12,7 +12,7 @@ if (!$result) {

query("SELECT SUBSTRING_INDEX(CURRENT_USER, '@', 1) AS User, SUBSTRING_INDEX(CURRENT_USER, '@', -1) AS Host"); + $result = $dbh->query("SELECT SUBSTRING_INDEX(CURRENT_USER, '@', 1) AS User, SUBSTRING_INDEX(CURRENT_USER, '@', -1) AS Host"); } echo "
\n"; echo "\n"; diff --git a/processlist.inc.php b/processlist.inc.php index f4f1c6a8..aea5c2c4 100644 --- a/processlist.inc.php +++ b/processlist.inc.php @@ -14,7 +14,7 @@ page_header(lang('Process list'), $error);
 " . lang('Username') . "" . lang('Server') . "
query("SHOW PROCESSLIST"); +$result = $dbh->query("SHOW PROCESSLIST"); for ($i=0; $row = $result->fetch_assoc(); $i++) { if (!$i) { echo "\n"; diff --git a/schema.inc.php b/schema.inc.php index 2f557d5f..0f2ef703 100644 --- a/schema.inc.php +++ b/schema.inc.php @@ -14,7 +14,7 @@ $base_left = -1; $schema = array(); $referenced = array(); $lefts = array(); -$result = $mysql->query("SHOW TABLE STATUS"); +$result = $dbh->query("SHOW TABLE STATUS"); while ($row = $result->fetch_assoc()) { if (!isset($row["Engine"])) { // view continue; diff --git a/select.inc.php b/select.inc.php index 63f25662..34648001 100644 --- a/select.inc.php +++ b/select.inc.php @@ -34,17 +34,17 @@ foreach ((array) $_GET["columns"] as $key => $val) { $where = array(); foreach ($indexes as $i => $index) { if ($index["type"] == "FULLTEXT" && strlen($_GET["fulltext"][$i])) { - $where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . $mysql->escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")"; + $where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . $dbh->escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")"; } } foreach ((array) $_GET["where"] as $val) { if (strlen("$val[col]$val[val]") && in_array($val["op"], $operators)) { if ($val["op"] == "AGAINST") { - $where[] = "MATCH (" . idf_escape($val["col"]) . ") AGAINST ('" . $mysql->escape_string($val["val"]) . "' IN BOOLEAN MODE)"; + $where[] = "MATCH (" . idf_escape($val["col"]) . ") AGAINST ('" . $dbh->escape_string($val["val"]) . "' IN BOOLEAN MODE)"; } elseif (ereg('IN$', $val["op"]) && !strlen($in = process_length($val["val"]))) { $where[] = "0"; } else { - $cond = " $val[op]" . (ereg('NULL$', $val["op"]) ? "" : (ereg('IN$', $val["op"]) ? " ($in)" : " '" . $mysql->escape_string($val["val"]) . "'")); //! this searches in numeric values too + $cond = " $val[op]" . (ereg('NULL$', $val["op"]) ? "" : (ereg('IN$', $val["op"]) ? " ($in)" : " '" . $dbh->escape_string($val["val"]) . "'")); //! this searches in numeric values too if (strlen($val["col"])) { $where[] = idf_escape($val["col"]) . $cond; } else { @@ -102,7 +102,7 @@ if ($_POST && !$error) { // nothing } elseif ($_POST["all"]) { $result = queries($command . ($where ? " WHERE " . implode(" AND ", $where) : "")); - $affected = $mysql->affected_rows; + $affected = $dbh->affected_rows; } else { foreach ((array) $_POST["check"] as $val) { parse_str($val, $check); @@ -110,7 +110,7 @@ if ($_POST && !$error) { if (!$result) { break; } - $affected += $mysql->affected_rows; + $affected += $dbh->affected_rows; } } query_redirect(queries(), remove_from_uri("page"), lang('%d item(s) have been affected.', $affected), $result, false, !$result); @@ -127,13 +127,13 @@ if ($_POST && !$error) { $cols = " (" . implode(", ", array_map('idf_escape', $matches2[1])) . ")"; } else { foreach ($matches2[1] as $col) { - $row[] = (!strlen($col) ? "NULL" : "'" . $mysql->escape_string(str_replace('""', '"', preg_replace('~^".*"$~s', '', $col))) . "'"); + $row[] = (!strlen($col) ? "NULL" : "'" . $dbh->escape_string(str_replace('""', '"', preg_replace('~^".*"$~s', '', $col))) . "'"); } $rows[] = "(" . implode(", ", $row) . ")"; } } $result = queries("INSERT INTO " . idf_escape($_GET["select"]) . "$cols VALUES " . implode(", ", $rows)); - query_redirect(queries(), remove_from_uri("page"), lang('%d row(s) has been imported.', $mysql->affected_rows), $result, false, !$result); + query_redirect(queries(), remove_from_uri("page"), lang('%d row(s) has been imported.', $dbh->affected_rows), $result, false, !$result); } else { $error = lang('Unable to upload a file.'); } @@ -149,7 +149,7 @@ echo '\n"; if (!$columns) { - echo "

" . lang('Unable to select the table') . ($fields ? "" : ": " . htmlspecialchars($mysql->error)) . ".

\n"; + echo "

" . lang('Unable to select the table') . ($fields ? "" : ": " . htmlspecialchars($dbh->error)) . ".

\n"; } else { echo "\n"; ?> @@ -255,9 +255,9 @@ for (var i=0; > i; i++) { $query = "SELECT " . ($select ? (count($group) < count($select) ? "SQL_CALC_FOUND_ROWS " : "") . implode(", ", $select) : "*") . " $from"; echo "

" . htmlspecialchars($query) . " " . lang('Edit') . "

\n"; - $result = $mysql->query($query); + $result = $dbh->query($query); if (!$result) { - echo "

" . htmlspecialchars($mysql->error) . "

\n"; + echo "

" . htmlspecialchars($dbh->error) . "

\n"; } else { echo "\n"; if (!$result->num_rows) { @@ -315,7 +315,7 @@ for (var i=0; > i; i++) { echo "
 " . implode("", array_keys($row)) . "
\n"; echo "

"; - $found_rows = (intval($limit) ? $mysql->result($mysql->query(count($group) < count($select) ? " SELECT FOUND_ROWS()" : "SELECT COUNT(*) FROM " . idf_escape($_GET["select"]) . ($where ? " WHERE " . implode(" AND ", $where) : ""))) : $result->num_rows); + $found_rows = (intval($limit) ? $dbh->result($dbh->query(count($group) < count($select) ? " SELECT FOUND_ROWS()" : "SELECT COUNT(*) FROM " . idf_escape($_GET["select"]) . ($where ? " WHERE " . implode(" AND ", $where) : ""))) : $result->num_rows); if (intval($limit) && $found_rows > $limit) { $max_page = floor(($found_rows - 1) / $limit); echo lang('Page') . ":"; diff --git a/sql.inc.php b/sql.inc.php index d100ffdb..be8b7168 100644 --- a/sql.inc.php +++ b/sql.inc.php @@ -27,23 +27,23 @@ if (!$error && $_POST) { echo "

" . htmlspecialchars(substr($query, 0, $match[0][1])) . "
\n"; flush(); //! don't allow changing of character_set_results, convert encoding of displayed query - if (!$mysql->multi_query(substr($query, 0, $match[0][1]))) { - echo "

" . lang('Error in query') . ": " . htmlspecialchars($mysql->error) . "

\n"; + if (!$dbh->multi_query(substr($query, 0, $match[0][1]))) { + echo "

" . lang('Error in query') . ": " . htmlspecialchars($dbh->error) . "

\n"; if ($_POST["error_stops"]) { break; } } else { do { - $result = $mysql->store_result(); + $result = $dbh->store_result(); if (is_object($result)) { select($result); } else { if (preg_match("~^$space*(CREATE|DROP)$space+(DATABASE|SCHEMA)\\b~isU", $query)) { unset($_SESSION["databases"][$_GET["server"]]); } - echo "

" . lang('Query executed OK, %d row(s) affected.', $mysql->affected_rows) . "

\n"; + echo "

" . lang('Query executed OK, %d row(s) affected.', $dbh->affected_rows) . "

\n"; } - } while ($mysql->next_result()); + } while ($dbh->next_result()); } $query = substr($query, $match[0][1] + strlen($match[0][0])); $offset = 0; diff --git a/table.inc.php b/table.inc.php index 5754b677..682730bd 100644 --- a/table.inc.php +++ b/table.inc.php @@ -1,7 +1,7 @@ query("SHOW COLUMNS FROM " . idf_escape($_GET["table"])); +$result = $dbh->query("SHOW COLUMNS FROM " . idf_escape($_GET["table"])); if (!$result) { - $error = htmlspecialchars($mysql->error); + $error = htmlspecialchars($dbh->error); } page_header(lang('Table') . ": " . htmlspecialchars($_GET["table"]), $error); @@ -61,9 +61,9 @@ if ($result) { } } -if ($mysql->server_info >= 5) { +if ($dbh->server_info >= 5) { echo "

" . lang('Triggers') . "

\n"; - $result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string(addcslashes($_GET["table"], "%_")) . "'"); + $result = $dbh->query("SHOW TRIGGERS LIKE '" . $dbh->escape_string(addcslashes($_GET["table"], "%_")) . "'"); if ($result->num_rows) { echo "\n"; while ($row = $result->fetch_assoc()) { diff --git a/trigger.inc.php b/trigger.inc.php index 52e09f77..eed14f7e 100644 --- a/trigger.inc.php +++ b/trigger.inc.php @@ -19,7 +19,7 @@ $row = array("Trigger" => "$_GET[trigger]_bi"); if ($_POST) { $row = $_POST; } elseif (strlen($_GET["name"])) { - $result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string(addcslashes($_GET["trigger"], "%_")) . "'"); + $result = $dbh->query("SHOW TRIGGERS LIKE '" . $dbh->escape_string(addcslashes($_GET["trigger"], "%_")) . "'"); while ($row = $result->fetch_assoc()) { if ($row["Trigger"] === $_GET["name"]) { break; diff --git a/user.inc.php b/user.inc.php index 0488afcb..b7dc681c 100644 --- a/user.inc.php +++ b/user.inc.php @@ -1,6 +1,6 @@ query("SHOW PRIVILEGES"); +$result = $dbh->query("SHOW PRIVILEGES"); while ($row = $result->fetch_assoc()) { foreach (explode(",", $row["Context"]) as $context) { $privileges[$context][$row["Privilege"]] = $row["Comment"]; @@ -35,7 +35,7 @@ if ($_POST) { } $grants = array(); $old_pass = ""; -if (isset($_GET["host"]) && ($result = $mysql->query("SHOW GRANTS FOR '" . $mysql->escape_string($_GET["user"]) . "'@'" . $mysql->escape_string($_GET["host"]) . "'"))) { //! Use information_schema for MySQL 5 - column names in column privileges are not escaped +if (isset($_GET["host"]) && ($result = $dbh->query("SHOW GRANTS FOR '" . $dbh->escape_string($_GET["user"]) . "'@'" . $dbh->escape_string($_GET["host"]) . "'"))) { //! Use information_schema for MySQL 5 - column names in column privileges are not escaped while ($row = $result->fetch_row()) { if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match)) { //! escape the part between ON and TO if ($match[1] == "ALL PRIVILEGES") { @@ -64,14 +64,14 @@ if (isset($_GET["host"]) && ($result = $mysql->query("SHOW GRANTS FOR '" . $mysq } if ($_POST && !$error) { - $old_user = (isset($_GET["host"]) ? $mysql->escape_string($_GET["user"]) . "'@'" . $mysql->escape_string($_GET["host"]) : ""); - $new_user = $mysql->escape_string($_POST["user"]) . "'@'" . $mysql->escape_string($_POST["host"]); - $pass = $mysql->escape_string($_POST["pass"]); + $old_user = (isset($_GET["host"]) ? $dbh->escape_string($_GET["user"]) . "'@'" . $dbh->escape_string($_GET["host"]) : ""); + $new_user = $dbh->escape_string($_POST["user"]) . "'@'" . $dbh->escape_string($_POST["host"]); + $pass = $dbh->escape_string($_POST["pass"]); if ($_POST["drop"]) { query_redirect("DROP USER '$old_user'", $SELF . "privileges=", lang('User has been dropped.')); - } elseif ($old_user == $new_user || $mysql->query(($mysql->server_info < 5 ? "GRANT USAGE ON *.* TO" : "CREATE USER") . " '$new_user' IDENTIFIED BY" . ($_POST["hashed"] ? " PASSWORD" : "") . " '$pass'")) { + } elseif ($old_user == $new_user || $dbh->query(($dbh->server_info < 5 ? "GRANT USAGE ON *.* TO" : "CREATE USER") . " '$new_user' IDENTIFIED BY" . ($_POST["hashed"] ? " PASSWORD" : "") . " '$pass'")) { if ($old_user == $new_user) { - $mysql->query("SET PASSWORD FOR '$new_user' = " . ($_POST["hashed"] ? "'$pass'" : "PASSWORD('$pass')")); + $dbh->query("SET PASSWORD FOR '$new_user' = " . ($_POST["hashed"] ? "'$pass'" : "PASSWORD('$pass')")); } $revoke = array(); foreach ($new_grants as $object => $grant) { @@ -88,23 +88,23 @@ if ($_POST && !$error) { unset($grants[$object]); } if (preg_match('~^(.+)(\\(.*\\))?$~U', $object, $match) && ( - ($grant && !$mysql->query("GRANT " . implode("$match[2], ", $grant) . "$match[2] ON $match[1] TO '$new_user'")) //! SQL injection - || ($revoke && !$mysql->query("REVOKE " . implode("$match[2], ", $revoke) . "$match[2] ON $match[1] FROM '$new_user'")) + ($grant && !$dbh->query("GRANT " . implode("$match[2], ", $grant) . "$match[2] ON $match[1] TO '$new_user'")) //! SQL injection + || ($revoke && !$dbh->query("REVOKE " . implode("$match[2], ", $revoke) . "$match[2] ON $match[1] FROM '$new_user'")) )) { - $error = htmlspecialchars($mysql->error); + $error = htmlspecialchars($dbh->error); if ($old_user != $new_user) { - $mysql->query("DROP USER '$new_user'"); + $dbh->query("DROP USER '$new_user'"); } break; } } if (!$error) { if (isset($_GET["host"]) && $old_user != $new_user) { - $mysql->query("DROP USER '$old_user'"); + $dbh->query("DROP USER '$old_user'"); } elseif (!isset($_GET["grant"])) { foreach ($grants as $object => $revoke) { if (preg_match('~^(.+)(\\(.*\\))?$~U', $object, $match)) { - $mysql->query("REVOKE " . implode("$match[2], ", array_keys($revoke)) . "$match[2] ON $match[1] FROM '$new_user'"); + $dbh->query("REVOKE " . implode("$match[2], ", array_keys($revoke)) . "$match[2] ON $match[1] FROM '$new_user'"); } } } @@ -112,7 +112,7 @@ if ($_POST && !$error) { } } if (!$error) { - $error = htmlspecialchars($mysql->error); + $error = htmlspecialchars($dbh->error); } } page_header((isset($_GET["host"]) ? lang('Username') . ": " . htmlspecialchars("$_GET[user]@$_GET[host]") : lang('Create user')), $error, array("privileges" => lang('Privileges')));