mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-10 16:44:17 +02:00
Code Issues Releases Wiki Activity

Use bracket_escape function

Browse Source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1499 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
2010-04-26 16:22:58 +00:00
parent 6fffbbdd30
commit 66ff15318a
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adminer/include/functions.inc.php
View File

@@ -209,7 +209,9 @@ function unique_array($row, $indexes) {
function where($where) { function where($where) {
$return = array(); $return = array();
foreach ((array) $where["where"] as $key => $val) { foreach ((array) $where["where"] as $key => $val) {
$return[] = idf_escape($key) . (ereg('\\.', $val) ? " LIKE " . exact_value(addcslashes($val, "%_")) : " = " . exact_value($val)); // LIKE because of floats, but slow with ints //! enum and set $return[] = idf_escape(bracket_escape($key, 1)) // 1 - back
. (ereg('\\.', $val) ? " LIKE " . exact_value(addcslashes($val, "%_")) : " = " . exact_value($val)) // LIKE because of floats, but slow with ints
; //! enum and set
} }
foreach ((array) $where["null"] as $key) { foreach ((array) $where["null"] as $key) {
$return[] = idf_escape($key) . " IS NULL"; $return[] = idf_escape($key) . " IS NULL";

4
adminer/select.inc.php
View File

@@ -111,8 +111,8 @@ if ($_POST && !$error) {
foreach ($_POST["val"] as $unique_idf => $row) { foreach ($_POST["val"] as $unique_idf => $row) {
$set = array(); $set = array();
foreach ($row as $key => $val) { foreach ($row as $key => $val) {
$key = bracket_escape($key, 1); $key = bracket_escape($key, 1); // 1 - back
$set[] = idf_escape($key) . " = " . $connection->quote($adminer->editVal($val, $fields[$key])); // 1 - back $set[] = idf_escape($key) . " = " . $connection->quote($adminer->editVal($val, $fields[$key]));
} }
$result = queries("UPDATE" . limit1(idf_escape($TABLE) . " SET " . implode(", ", $set) . " WHERE " . where_check($unique_idf) . ($where ? " AND " . implode(" AND ", $where) : ""))); // can change row on a different page without unique key $result = queries("UPDATE" . limit1(idf_escape($TABLE) . " SET " . implode(", ", $set) . " WHERE " . where_check($unique_idf) . ($where ? " AND " . implode(" AND ", $where) : ""))); // can change row on a different page without unique key
if (!$result) { if (!$result) {