From c48a017e0eb2ddb53e8b10d712619ec7e4f639e8 Mon Sep 17 00:00:00 2001
From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Tue, 2 Sep 2008 12:39:04 +0000
Subject: [PATCH] Print SQL query by error

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@479 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---
 createv.inc.php     |  8 ++------
 database.inc.php    |  9 +++------
 design.inc.php      |  4 ++--
 functions.inc.php   | 13 +++++++++----
 procedure.inc.php   |  8 ++------
 processlist.inc.php |  2 +-
 select.inc.php      |  2 +-
 table.inc.php       |  2 +-
 todo.txt            |  2 +-
 trigger.inc.php     |  8 ++------
 user.inc.php        |  4 ++--
 11 files changed, 26 insertions(+), 36 deletions(-)

diff --git a/createv.inc.php b/createv.inc.php
index 2f284a23..43fe31bb 100644
--- a/createv.inc.php
+++ b/createv.inc.php
@@ -1,13 +1,9 @@
 <?php
 $dropped = false;
 if ($_POST && !$error) {
-	if (strlen($_GET["createv"]) && ($_POST["dropped"] || $mysql->query("DROP VIEW " . idf_escape($_GET["createv"])))) {
-		if ($_POST["drop"]) {
-			redirect(substr($SELF, 0, -1), lang('View has been dropped.'));
-		}
-		$dropped = true;
+	if (strlen($_GET["createv"])) {
+		$dropped = query_redirect("DROP VIEW " . idf_escape($_GET["createv"]), substr($SELF, 0, -1), lang('View has been dropped.'), $_POST["drop"], !$_POST["dropped"]);
 	}
-	$error = $mysql->error;
 	if (!$_POST["drop"]) {
 		query_redirect("CREATE VIEW " . idf_escape($_POST["name"]) . " AS " . $_POST["select"], $SELF . "view=" . urlencode($_POST["name"]), (strlen($_GET["createv"]) ? lang('View has been altered.') : lang('View has been created.')));
 	}
diff --git a/database.inc.php b/database.inc.php
index e1519f31..776960b0 100644
--- a/database.inc.php
+++ b/database.inc.php
@@ -4,11 +4,8 @@ if ($_POST && !$error) {
 		unset($_SESSION["databases"][$_GET["server"]]);
 		query_redirect("DROP DATABASE " . idf_escape($_GET["db"]), substr(preg_replace('~db=[^&]*&~', '', $SELF), 0, -1), lang('Database has been dropped.'));
 	} elseif ($_GET["db"] !== $_POST["name"]) {
-		if ($mysql->query("CREATE DATABASE " . idf_escape($_POST["name"]) . ($_POST["collation"] ? " COLLATE '" . $mysql->escape_string($_POST["collation"]) . "'" : ""))) {
-			unset($_SESSION["databases"][$_GET["server"]]);
-			if (!strlen($_GET["db"])) {
-				redirect($SELF . "db=" . urlencode($_POST["name"]), lang('Database has been created.'));
-			}
+		unset($_SESSION["databases"][$_GET["server"]]);
+		if (query_redirect("CREATE DATABASE " . idf_escape($_POST["name"]) . ($_POST["collation"] ? " COLLATE '" . $mysql->escape_string($_POST["collation"]) . "'" : ""), $SELF . "db=" . urlencode($_POST["name"]), lang('Database has been created.'), !strlen($_GET["db"]))) {
 			$result = $mysql->query("SHOW TABLES");
 			while ($row = $result->fetch_row()) {
 				if (!$mysql->query("RENAME TABLE " . idf_escape($row[0]) . " TO " . idf_escape($_POST["name"]) . "." . idf_escape($row[0]))) {
@@ -20,8 +17,8 @@ if ($_POST && !$error) {
 				$mysql->query("DROP DATABASE " . idf_escape($_GET["db"]));
 				redirect(preg_replace('~db=[^&]*&~', '', $SELF) . "db=" . urlencode($_POST["name"]), lang('Database has been renamed.'));
 			}
+			$error = htmlspecialchars($mysql->error);
 		}
-		$error = $mysql->error;
 	} else {
 		if (!$_POST["collation"]) {
 			redirect(substr($SELF, 0, -1));
diff --git a/design.inc.php b/design.inc.php
index a87f49f6..a0705412 100644
--- a/design.inc.php
+++ b/design.inc.php
@@ -35,7 +35,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
 	}
 	echo "<h2>$title" . (strlen($title2) ? ": " . htmlspecialchars($title2) : "") . "</h2>\n";
 	if ($_SESSION["messages"]) {
-		echo "<p class='message'>" . implode("<br />", $_SESSION["messages"]) . "</p>\n";
+		echo "<p class='message'>" . implode("</p>\n<p class='message'>", $_SESSION["messages"]) . "</p>\n";
 		$_SESSION["messages"] = array();
 	}
 	if (!$_SESSION["tokens"][$_GET["server"]]["?logout"]) {
@@ -45,7 +45,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
 		session_write_close();
 	}
 	if ($error) {
-		echo "<p class='error'>" . htmlspecialchars($error) . "</p>\n";
+		echo "<p class='error'>$error</p>\n";
 	}
 }
 
diff --git a/functions.inc.php b/functions.inc.php
index 76ea8eee..2a24d66f 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -195,12 +195,17 @@ function redirect($location, $message = null) {
 	exit;
 }
 
-function query_redirect($query, $location, $message) {
+function query_redirect($query, $location, $message, $redirect = true, $execute = true) {
 	global $mysql, $error, $SELF;
-	if ($mysql->query($query)) {
-		redirect($location, $message . "<br /><code class='jush-sql'>" . htmlspecialchars($query) . '</code> - <a href="' . htmlspecialchars($SELF) . 'sql=' . urlencode($query) . '">' . lang('edit') . '</a>');
+	$sql = ' <a href="' . htmlspecialchars($SELF) . 'sql=' . urlencode($query) . '">' . lang('SQL command') . "</a>";
+	if ($execute && !$mysql->query($query)) {
+		$error = htmlspecialchars($mysql->error) . $sql;
+		return false;
 	}
-	$error = $mysql->error;
+	if ($redirect) {
+		redirect($location, $message . $sql);
+	}
+	return true;
 }
 
 function remove_from_uri($param = "") {
diff --git a/procedure.inc.php b/procedure.inc.php
index 25724be4..26d5e114 100644
--- a/procedure.inc.php
+++ b/procedure.inc.php
@@ -3,13 +3,9 @@ $routine = (isset($_GET["function"]) ? "FUNCTION" : "PROCEDURE");
 
 $dropped = false;
 if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"] && !$_POST["down"]) {
-	if (strlen($_GET["procedure"]) && ($_POST["dropped"] || $mysql->query("DROP $routine " . idf_escape($_GET["procedure"])))) {
-		if ($_POST["drop"]) {
-			redirect(substr($SELF, 0, -1), lang('Routine has been dropped.'));
-		}
-		$dropped = true;
+	if (strlen($_GET["procedure"])) {
+		$dropped = query_redirect("DROP $routine " . idf_escape($_GET["procedure"]), substr($SELF, 0, -1), lang('Routine has been dropped.'), $_POST["drop"], !$_POST["dropped"]);
 	}
-	$error = $mysql->error;
 	if (!$_POST["drop"]) {
 		$set = array();
 		$fields = array_filter((array) $_POST["fields"], 'strlen');
diff --git a/processlist.inc.php b/processlist.inc.php
index 913e773e..4175f151 100644
--- a/processlist.inc.php
+++ b/processlist.inc.php
@@ -9,7 +9,7 @@ if ($_POST && !$error) {
 	if ($killed || !$_POST["kill"]) {
 		redirect($SELF . "processlist=", lang('%d process(es) has been killed.', $killed));
 	}
-	$error = $mysql->error;
+	$error = htmlspecialchars($mysql->error);
 }
 page_header(lang('Process list'), $error);
 ?>
diff --git a/select.inc.php b/select.inc.php
index ad6d738e..cc353d6b 100644
--- a/select.inc.php
+++ b/select.inc.php
@@ -105,7 +105,7 @@ if ($_POST && !$error) {
 	if ($result) {
 		redirect(remove_from_uri("page"), lang('%d item(s) have been deleted.', $deleted));
 	}
-	$error = $mysql->error;
+	$error = htmlspecialchars($mysql->error);
 }
 page_header(lang('Select') . ": " . htmlspecialchars($_GET["select"]), ($error ? lang('Error during deleting') . ": $error" : ""));
 
diff --git a/table.inc.php b/table.inc.php
index be90bba5..caaba99c 100644
--- a/table.inc.php
+++ b/table.inc.php
@@ -1,7 +1,7 @@
 <?php
 $result = $mysql->query("SHOW COLUMNS FROM " . idf_escape($_GET["table"]));
 if (!$result) {
-	$error = $mysql->error;
+	$error = htmlspecialchars($mysql->error);
 }
 page_header(lang('Table') . ": " . htmlspecialchars($_GET["table"]), $error);
 
diff --git a/todo.txt b/todo.txt
index 67366683..7b31013e 100644
--- a/todo.txt
+++ b/todo.txt
@@ -11,6 +11,6 @@ Transactions in export
 Compress export and import
 Partitioning (MySQL 5.1)
 Create view options
-Utilize query_redirect - createv, database, procedure, trigger, select
+Utilize query_redirect - select
 ? Execution time in sql.inc.php
 ? Save token also to cookie - for session expiration and login in other window
diff --git a/trigger.inc.php b/trigger.inc.php
index 7b742303..425ecffa 100644
--- a/trigger.inc.php
+++ b/trigger.inc.php
@@ -4,13 +4,9 @@ $trigger_event = array("INSERT", "UPDATE", "DELETE");
 
 $dropped = false;
 if ($_POST && !$error) {
-	if (strlen($_GET["name"]) && ($_POST["dropped"] || $mysql->query("DROP TRIGGER " . idf_escape($_GET["name"])))) {
-		if ($_POST["drop"]) {
-			redirect($SELF . "table=" . urlencode($_GET["trigger"]), lang('Trigger has been dropped.'));
-		}
-		$dropped = true;
+	if (strlen($_GET["name"])) {
+		$dropped = query_redirect("DROP TRIGGER " . idf_escape($_GET["name"]), $SELF . "table=" . urlencode($_GET["trigger"]), lang('Trigger has been dropped.'), $_POST["drop"], !$_POST["dropped"]);
 	}
-	$error = $mysql->error;
 	if (!$_POST["drop"]) {
 		if (in_array($_POST["Timing"], $trigger_time) && in_array($_POST["Event"], $trigger_event)) {
 			query_redirect("CREATE TRIGGER " . idf_escape($_POST["Trigger"]) . " $_POST[Timing] $_POST[Event] ON " . idf_escape($_GET["trigger"]) . " FOR EACH ROW $_POST[Statement]", $SELF . "table=" . urlencode($_GET["trigger"]), (strlen($_GET["name"]) ? lang('Trigger has been altered.') : lang('Trigger has been created.')));
diff --git a/user.inc.php b/user.inc.php
index 10f56a50..ca54b0fa 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -91,7 +91,7 @@ if ($_POST && !$error) {
 			($grant && !$mysql->query("GRANT " . implode("$match[2], ", $grant) . "$match[2] ON $match[1] TO '$new_user'")) //! SQL injection
 			|| ($revoke && !$mysql->query("REVOKE " . implode("$match[2], ", $revoke) . "$match[2] ON $match[1] FROM '$new_user'"))
 			)) {
-				$error = $mysql->error;
+				$error = htmlspecialchars($mysql->error);
 				if ($old_user != $new_user) {
 					$mysql->query("DROP USER '$new_user'");
 				}
@@ -112,7 +112,7 @@ if ($_POST && !$error) {
 		}
 	}
 	if (!$error) {
-		$error = $mysql->error;
+		$error = htmlspecialchars($mysql->error);
 	}
 }
 page_header((isset($_GET["host"]) ? lang('Username') . ": " . htmlspecialchars("$_GET[user]@$_GET[host]") : lang('Create user')), $error, array("privileges" => lang('Privileges')));