Updated e-mail address
[phpmyadmin/crack.git] / tbl_replace.php3
blobd8b91a931dae3373ba193c29d8cfa7296ee66961
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
6 /**
7 * Gets some core libraries
8 */
9 require('./libraries/grab_globals.lib.php3');
10 require('./libraries/common.lib.php3');
13 /**
14 * Initializes some variables
16 // Defines the url to return in case of success of the query
17 if (isset($sql_query)) {
18 $sql_query = urldecode($sql_query);
20 if (!isset($dontlimitchars)) {
21 $dontlimitchars = 0;
23 $is_gotofile = FALSE;
24 if (isset($after_insert) && $after_insert == 'new_insert') {
25 $goto = 'tbl_change.php3?'
26 . PMA_generate_common_url($db, $table, '&')
27 . '&goto=' . urlencode($goto)
28 . '&pos=' . $pos
29 . '&session_max_rows=' . $session_max_rows
30 . '&disp_direction=' . $disp_direction
31 . '&repeat_cells=' . $repeat_cells
32 . '&dontlimitchars=' . $dontlimitchars
33 . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
34 } else if ($goto == 'sql.php3') {
35 $goto = 'sql.php3?'
36 . PMA_generate_common_url($db, $table, '&')
37 . '&pos=' . $pos
38 . '&session_max_rows=' . $session_max_rows
39 . '&disp_direction=' . $disp_direction
40 . '&repeat_cells=' . $repeat_cells
41 . '&dontlimitchars=' . $dontlimitchars
42 . '&sql_query=' . urlencode($sql_query);
43 } else if (!empty($goto)) {
44 // Security checkings
45 $is_gotofile = ereg_replace('^([^?]+).*$', '\\1', $goto);
46 if (!@file_exists('./' . $is_gotofile)) {
47 $goto = (empty($table)) ? 'db_details.php3' : 'tbl_properties.php3';
48 $is_gotofile = TRUE;
49 } else {
50 $is_gotofile = ($is_gotofile == $goto);
54 // Defines the url to return in case of failure of the query
55 if (isset($err_url)) {
56 $err_url = urldecode($err_url);
57 } else {
58 $err_url = str_replace('&', '&amp;', $goto)
59 . (empty($primary_key) ? '' : '&amp;primary_key=' . $primary_key);
62 // Resets tables defined in the configuration file
63 reset($fields);
64 if (isset($funcs)) {
65 reset($funcs);
68 // Misc
69 if (get_magic_quotes_gpc()) {
70 $submit_type = stripslashes($submit_type);
72 $seen_binary = FALSE;
74 /**
75 * Prepares the update of a row
77 if (isset($primary_key) && ($submit_type != $strInsertAsNewRow)) {
78 // Restore the "primary key" to a convenient format
79 $primary_key = urldecode($primary_key);
81 // Defines the SET part of the sql query
82 $valuelist = '';
84 while (list($key, $val) = each($fields)) {
85 $encoded_key = $key;
86 $key = urldecode($key);
88 include('./tbl_replace_fields.php3');
90 // No change for this column and no MySQL function is used -> next column
91 if (empty($funcs[$encoded_key])
92 && isset($fields_prev) && isset($fields_prev[$encoded_key])
93 && ("'" . PMA_sqlAddslashes(urldecode($fields_prev[$encoded_key])) . "'" == $val)) {
94 continue;
96 else if (!empty($val)) {
97 if (empty($funcs[$encoded_key])) {
98 $valuelist .= PMA_backquote($key) . ' = ' . $val . ', ';
99 } else if ($val == '\'\''
100 && (ereg('^(NOW|CURDATE|CURTIME|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$', $funcs[$encoded_key]))) {
101 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . '(), ';
102 } else {
103 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . "($val), ";
106 } // end while
108 // Builds the sql update query
109 $valuelist = ereg_replace(', $', '', $valuelist);
110 if (!empty($valuelist)) {
111 $query = 'UPDATE ' . PMA_backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key
112 . ((PMA_MYSQL_INT_VERSION >= 32300) ? ' LIMIT 1' : '');
113 $message = $strAffectedRows . '&nbsp;';
115 // No change -> move back to the calling script
116 else {
117 $message = $strNoModification;
118 if ($is_gotofile) {
119 $js_to_run = 'functions.js';
120 include('./header.inc.php3');
121 include('./' . ereg_replace('\.\.*', '.', $goto));
122 } else {
123 header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&message=' . urlencode($message));
125 exit();
127 } // end row update
131 * Prepares the insert of a row
133 else {
134 $fieldlist = '';
135 $valuelist = '';
136 while (list($key, $val) = each($fields)) {
137 $encoded_key = $key;
138 $key = urldecode($key);
139 $fieldlist .= PMA_backquote($key) . ', ';
141 include('./tbl_replace_fields.php3');
143 if (empty($funcs[$encoded_key])) {
144 $valuelist .= $val . ', ';
145 } else if (($val == '\'\''
146 && ereg('^(UNIX_TIMESTAMP|RAND|LAST_INSERT_ID)$', $funcs[$encoded_key]))
147 || ereg('^(NOW|CURDATE|CURTIME|USER)$', $funcs[$encoded_key])) {
148 $valuelist .= $funcs[$encoded_key] . '(), ';
149 } else {
150 $valuelist .= $funcs[$encoded_key] . '(' . $val . '), ';
152 } // end while
154 // Builds the sql insert query
155 $fieldlist = ereg_replace(', $', '', $fieldlist);
156 $valuelist = ereg_replace(', $', '', $valuelist);
157 $query = 'INSERT INTO ' . PMA_backquote($table) . ' (' . $fieldlist . ') VALUES (' . $valuelist . ')';
158 $message = $strInsertedRows . '&nbsp;';
159 } // end row insertion
163 * Executes the sql query and get the result, then move back to the calling
164 * page
166 PMA_mysql_select_db($db);
167 $sql_query = $query . ';';
168 $result = PMA_mysql_query($query);
169 if (!$result) {
170 $error = PMA_mysql_error();
171 include('./header.inc.php3');
172 PMA_mysqlDie($error, '', '', $err_url);
173 } else {
174 if (@mysql_affected_rows()) {
175 $message .= @mysql_affected_rows();
176 } else {
177 $message = $strModifications;
179 if ($is_gotofile) {
180 if ($goto == 'db_details.php3' && !empty($table)) {
181 unset($table);
183 $js_to_run = 'functions.js';
184 include('./header.inc.php3');
185 include('./' . ereg_replace('\.\.*', '.', $goto));
186 } else {
187 // I don't understand this one:
188 //$add_query = (strpos(' ' . $goto, 'tbl_change') ? '&disp_query=' . urlencode($sql_query) : '');
190 // if we have seen binary,
191 // we do not append the query to the Location so it won't be displayed
192 // on the resulting page
193 $add_query = (!$seen_binary ? '&disp_query=' . urlencode($sql_query) : '');
194 header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . $add_query);
196 exit();
197 } // end if