mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-12 01:24:17 +02:00
Code Issues Releases Wiki Activity

Rename real_escape_string() to escape_string()

Browse Source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@101 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
2007-07-10 14:16:44 +00:00
parent 06d4b9c8db
commit b272a0da01
7 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
abstraction.inc.php
View File

@@ -71,7 +71,7 @@ if (extension_loaded("mysqli")) {
return mysql_select_db($database, $this->_link);
}
function real_escape_string($string) {
function escape_string($string) {
return mysql_real_escape_string($string, $this->_link);
}
}

12
create.inc.php
View File

@@ -30,10 +30,10 @@ if ($_POST && !$error && !$_POST["add"]) {
. idf_escape($field["field"]) . " $field[type]"
. ($field["length"] ? "(" . (preg_match("~^\\s*(?:$length)(?:\\s*,\\s*(?:$length))*\\s*\$~", $field["length"]) && preg_match_all("~$length~", $field["length"], $matches) ? implode(",", $matches[0]) : intval($field["length"])) . ")" : "")
. (preg_match('~int|float|double|decimal~', $field["type"]) && in_array($field["unsigned"], $unsigned) ? " $field[unsigned]" : "")
. (preg_match('~char|text|enum|set~', $field["type"]) && $field["collation"] ? " COLLATE '" . $mysql->real_escape_string($field["collation"]) . "'" : "")
. (preg_match('~char|text|enum|set~', $field["type"]) && $field["collation"] ? " COLLATE '" . $mysql->escape_string($field["collation"]) . "'" : "")
. ($field["null"] ? "" : " NOT NULL")
. ($key == $_POST["auto_increment"] ? " AUTO_INCREMENT$auto_increment_index" : "")
. " COMMENT '" . $mysql->real_escape_string($field["comment"]) . "'"
. " COMMENT '" . $mysql->escape_string($field["comment"]) . "'"
. (strlen($_GET["create"]) && !strlen($field["orig"]) ? $after : "")
;
$after = "AFTER " . idf_escape($field["field"]);
@@ -41,9 +41,9 @@ if ($_POST && !$error && !$_POST["add"]) {
$fields[] = "DROP " . idf_escape($field["orig"]);
}
}
$status = ($_POST["Engine"] ? " ENGINE='" . $mysql->real_escape_string($_POST["Engine"]) . "'" : "")
. ($_POST["Collation"] ? " COLLATE '" . $mysql->real_escape_string($_POST["Collation"]) . "'" : "")
. " COMMENT='" . $mysql->real_escape_string($_POST["Comment"]) . "'"
$status = ($_POST["Engine"] ? " ENGINE='" . $mysql->escape_string($_POST["Engine"]) . "'" : "")
. ($_POST["Collation"] ? " COLLATE '" . $mysql->escape_string($_POST["Collation"]) . "'" : "")
. " COMMENT='" . $mysql->escape_string($_POST["Comment"]) . "'"
;
if (strlen($_GET["create"])) {
$query = "ALTER TABLE " . idf_escape($_GET["create"]) . " " . implode(", ", $fields) . ", RENAME TO " . idf_escape($_POST["name"]) . ", $status";
@@ -73,7 +73,7 @@ if ($_POST) {
$row["fields"][$row["auto_increment"]]["auto_increment"] = true;
}
} elseif (strlen($_GET["create"])) {
$result = $mysql->query("SHOW TABLE STATUS LIKE '" . $mysql->real_escape_string($_GET["create"]) . "'");
$result = $mysql->query("SHOW TABLE STATUS LIKE '" . $mysql->escape_string($_GET["create"]) . "'");
$row = $result->fetch_assoc();
$row["name"] = $_GET["create"];
$row["fields"] = array_values(fields($_GET["create"]));

4
database.inc.php
View File

@@ -5,7 +5,7 @@ if ($_POST && !$error) {
redirect(substr(preg_replace('~(\\?)db=[^&]*&|&db=[^&]*~', '\\1', $SELF), 0, -1), lang('Database has been dropped.'));
}
} elseif ($_GET["db"] !== $_POST["name"]) {
if ($mysql->query("CREATE DATABASE " . idf_escape($_POST["name"]) . ($_POST["collation"] ? " COLLATE '" . $mysql->real_escape_string($_POST["collation"]) . "'" : ""))) {
if ($mysql->query("CREATE DATABASE " . idf_escape($_POST["name"]) . ($_POST["collation"] ? " COLLATE '" . $mysql->escape_string($_POST["collation"]) . "'" : ""))) {
if (!strlen($_GET["db"])) {
redirect(preg_replace('~(\\?)db=[^&]*&|&db=[^&]*~', '\\1', $SELF) . "db=" . urlencode($_POST["name"]), lang('Database has been created.'));
}
@@ -21,7 +21,7 @@ if ($_POST && !$error) {
redirect(preg_replace('~(\\?)db=[^&]*&|&db=[^&]*~', '\\1', $SELF) . "db=" . urlencode($_POST["name"]), lang('Database has been renamed.'));
}
}
} elseif (!$_POST["collation"] || $mysql->query("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE '" . $mysql->real_escape_string($_POST["collation"]) . "'")) {
} elseif (!$_POST["collation"] || $mysql->query("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE '" . $mysql->escape_string($_POST["collation"]) . "'")) {
redirect(substr($SELF, 0, -1), ($_POST["collation"] ? lang('Database has been altered.') : null));
}
$error = $mysql->error;

8
functions.inc.php
View File

@@ -108,7 +108,7 @@ function where() {
global $mysql;
$return = array();
foreach ((array) $_GET["where"] as $key => $val) {
$return[] = idf_escape(bracket_escape($key, "back")) . " = BINARY '" . $mysql->real_escape_string($val) . "'"; //! enum and set
$return[] = idf_escape(bracket_escape($key, "back")) . " = BINARY '" . $mysql->escape_string($val) . "'"; //! enum and set
}
foreach ((array) $_GET["null"] as $key) {
$return[] = idf_escape(bracket_escape($key, "back")) . " IS NULL";
@@ -294,7 +294,7 @@ function process_input($name, $field) {
if (preg_match('~char|text|set|binary|blob~', $field["type"]) ? $_POST["null"][$name] : !strlen($return)) {
$return = "NULL";
} elseif ($field["type"] == "enum") {
$return = (isset($_GET["default"]) ? "'" . $mysql->real_escape_string($return) . "'" : intval($return));
$return = (isset($_GET["default"]) ? "'" . $mysql->escape_string($return) . "'" : intval($return));
} elseif ($field["type"] == "set") {
$return = (isset($_GET["default"]) ? "'" . implode(",", array_map(array($mysql, 'real_escape_string'), (array) $return)) . "'" : array_sum((array) $return));
} elseif (preg_match('~binary|blob~', $field["type"])) {
@@ -302,9 +302,9 @@ function process_input($name, $field) {
if (!is_string($file) && !$field["null"]) {
return false; //! report errors, also empty $_POST (too big POST data, not only FILES)
}
$return = "_binary'" . (is_string($file) ? $mysql->real_escape_string($file) : "") . "'";
$return = "_binary'" . (is_string($file) ? $mysql->escape_string($file) : "") . "'";
} else {
$return = "'" . $mysql->real_escape_string($return) . "'";
$return = "'" . $mysql->escape_string($return) . "'";
}
return $return;
}

2
index.php
View File

@@ -51,7 +51,7 @@ if (isset($_GET["dump"])) {
page_header(htmlspecialchars(lang('Database') . ": " . $_GET["db"]));
echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n";
if ($mysql->server_info >= 5) {
$result = $mysql->query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = '" . $mysql->real_escape_string($_GET["db"]) . "'");
$result = $mysql->query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = '" . $mysql->escape_string($_GET["db"]) . "'");
if ($result->num_rows) {
echo "<h2>" . lang('Routines') . "</h2>\n";
echo "<table border='0' cellspacing='0' cellpadding='2'>\n";

6
select.inc.php
View File

@@ -30,7 +30,7 @@ if (!$columns) {
foreach ($indexes as $i => $index) {
if ($index["type"] == "FULLTEXT") {
if (strlen($_GET["fulltext"][$i])) {
$where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . $mysql->real_escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")";
$where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . $mysql->escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")";
}
echo "(<i>" . implode("</i>, <i>", $index["columns"]) . "</i>) AGAINST";
echo ' <input name="fulltext[' . $i . ']" value="' . htmlspecialchars($_GET["fulltext"][$i]) . '" />';
@@ -42,7 +42,7 @@ if (!$columns) {
$i = 0;
foreach ((array) $_GET["where"] as $val) {
if (strlen($val["col"]) && in_array($val["op"], $operators)) {
$where[] = idf_escape($val["col"]) . " $val[op]" . ($val["op"] != "IS NULL" ? " '" . $mysql->real_escape_string($val["val"]) . "'" : "");
$where[] = idf_escape($val["col"]) . " $val[op]" . ($val["op"] != "IS NULL" ? " '" . $mysql->escape_string($val["val"]) . "'" : "");
echo "<div><select name='where[$i][col]'><option></option>" . optionlist($columns, $val["col"], "not_vals") . "</select>";
echo "<select name='where[$i][op]' onchange=\"where_change(this);\">" . optionlist($operators, $val["op"], "not_vals") . "</select>";
echo "<input name='where[$i][val]' value=\"" . htmlspecialchars($val["val"]) . "\" /></div>\n";
@@ -104,7 +104,7 @@ for (var i=0; <?php echo $i; ?> > i; i++) {
$childs = array();
if ($mysql->server_info >= 5) {
// would be possible in earlier versions too, but only by examining all tables (in all databases)
$result1 = $mysql->query("SELECT * FROM information_schema.KEY_COLUMN_USAGE WHERE REFERENCED_TABLE_SCHEMA = '" . $mysql->real_escape_string($_GET["db"]) . "' AND REFERENCED_TABLE_NAME = '" . $mysql->real_escape_string($_GET["select"]) . "' ORDER BY ORDINAL_POSITION");
$result1 = $mysql->query("SELECT * FROM information_schema.KEY_COLUMN_USAGE WHERE REFERENCED_TABLE_SCHEMA = '" . $mysql->escape_string($_GET["db"]) . "' AND REFERENCED_TABLE_NAME = '" . $mysql->escape_string($_GET["select"]) . "' ORDER BY ORDINAL_POSITION");
while ($row1 = $result1->fetch_assoc()) {
$childs[$row1["CONSTRAINT_NAME"]][0] = $row1["TABLE_SCHEMA"];
$childs[$row1["CONSTRAINT_NAME"]][1] = $row1["TABLE_NAME"];

2
table.inc.php
View File

@@ -45,7 +45,7 @@ if (!$result) {
}
if ($mysql->server_info >= 5) {
$result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->real_escape_string($_GET["table"]) . "'");
$result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string($_GET["table"]) . "'");
if ($result->num_rows) {
echo "<h3>" . lang('Triggers') . "</h3>\n";
echo "<table border='0' cellspacing='0' cellpadding='2'>\n";