tbl_replace.php3

   1 <?php
   2 /* $Id$ */
   3 // vim: expandtab sw=4 ts=4 sts=4:
   4
   5
   6 /**
   7  * Gets some core libraries
   8  */
   9 require('./libraries/grab_globals.lib.php3');
  10 require('./libraries/common.lib.php3');
  11
  12
  13 /**
  14  * Initializes some variables
  15  */
  16 // Defines the url to return in case of success of the query
  17 if (isset($sql_query)) {
  18     $sql_query = urldecode($sql_query);
  19 }
  20 if (!isset($dontlimitchars)) {
  21     $dontlimitchars = 0;
  22 }
  23 $is_gotofile = FALSE;
  24 if (isset($after_insert) && $after_insert == 'new_insert') {
  25     $goto = 'tbl_change.php3?'
  26           . PMA_generate_common_url($db, $table, '&')
  27           . '&goto=' . urlencode($goto)
  28           . '&pos=' . $pos
  29           . '&session_max_rows=' . $session_max_rows
  30           . '&disp_direction=' . $disp_direction
  31           . '&repeat_cells=' . $repeat_cells
  32           . '&dontlimitchars=' . $dontlimitchars
  33           . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
  34 } else if ($goto == 'sql.php3') {
  35     $goto = 'sql.php3?'
  36           . PMA_generate_common_url($db, $table, '&')
  37           . '&pos=' . $pos
  38           . '&session_max_rows=' . $session_max_rows
  39           . '&disp_direction=' . $disp_direction
  40           . '&repeat_cells=' . $repeat_cells
  41           . '&dontlimitchars=' . $dontlimitchars
  42           . '&sql_query=' . urlencode($sql_query);
  43 } else if (!empty($goto)) {
  44     // Security checkings
  45     $is_gotofile     = ereg_replace('^([^?]+).*$', '\\1', $goto);
  46     if (!@file_exists('./' . $is_gotofile)) {
  47         $goto        = (empty($table)) ? 'db_details.php3' : 'tbl_properties.php3';
  48         $is_gotofile = TRUE;
  49     } else {
  50         $is_gotofile = ($is_gotofile == $goto);
  51     }
  52 }
  53
  54 // Defines the url to return in case of failure of the query
  55 if (isset($err_url)) {
  56     $err_url = urldecode($err_url);
  57 } else {
  58     $err_url = str_replace('&', '&amp;', $goto)
  59              . (empty($primary_key) ? '' : '&amp;primary_key=' . $primary_key);
  60 }
  61
  62 // Resets tables defined in the configuration file
  63 reset($fields);
  64 if (isset($funcs)) {
  65     reset($funcs);
  66 }
  67
  68 // Misc
  69 if (get_magic_quotes_gpc()) {
  70     $submit_type = stripslashes($submit_type);
  71 }
  72 $seen_binary = FALSE;
  73
  74 /**
  75  * Prepares the update of a row
  76  */
  77 if (isset($primary_key) && ($submit_type != $strInsertAsNewRow)) {
  78     // Restore the "primary key" to a convenient format
  79     $primary_key = urldecode($primary_key);
  80
  81     // Defines the SET part of the sql query
  82     $valuelist = '';
  83
  84     while (list($key, $val) = each($fields)) {
  85         $encoded_key = $key;
  86         $key         = urldecode($key);
  87
  88         include('./tbl_replace_fields.php3');
  89
  90         // No change for this column and no MySQL function is used -> next column
  91         if (empty($funcs[$encoded_key])
  92             && isset($fields_prev) && isset($fields_prev[$encoded_key])
  93             && ("'" . PMA_sqlAddslashes(urldecode($fields_prev[$encoded_key])) . "'" == $val)) {
  94             continue;
  95         }
  96         else if (!empty($val)) {
  97             if (empty($funcs[$encoded_key])) {
  98                 $valuelist .= PMA_backquote($key) . ' = ' . $val . ', ';
  99             } else if ($val == '\'\''
 100                        && (ereg('^(NOW|CURDATE|CURTIME|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$', $funcs[$encoded_key]))) {
 101                 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . '(), ';
 102             } else {
 103                 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . "($val), ";
 104             }
 105         }
 106     } // end while
 107
 108     // Builds the sql update query
 109     $valuelist    = ereg_replace(', $', '', $valuelist);
 110     if (!empty($valuelist)) {
 111         $query    = 'UPDATE ' . PMA_backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key
 112                   . ((PMA_MYSQL_INT_VERSION >= 32300) ? ' LIMIT 1' : '');
 113         $message  = $strAffectedRows . '&nbsp;';
 114     }
 115     // No change -> move back to the calling script
 116     else {
 117         $message = $strNoModification;
 118         if ($is_gotofile) {
 119             $js_to_run = 'functions.js';
 120             include('./header.inc.php3');
 121             include('./' . ereg_replace('\.\.*', '.', $goto));
 122         } else {
 123             header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&message=' . urlencode($message));
 124         }
 125         exit();
 126     }
 127 } // end row update
 128
 129
 130 /**
 131  *  Prepares the insert of a row
 132  */
 133 else {
 134     $fieldlist = '';
 135     $valuelist = '';
 136     while (list($key, $val) = each($fields)) {
 137         $encoded_key = $key;
 138         $key         = urldecode($key);
 139         $fieldlist   .= PMA_backquote($key) . ', ';
 140
 141         include('./tbl_replace_fields.php3');
 142
 143         if (empty($funcs[$encoded_key])) {
 144             $valuelist .= $val . ', ';
 145         } else if (($val == '\'\''
 146                    && ereg('^(UNIX_TIMESTAMP|RAND|LAST_INSERT_ID)$', $funcs[$encoded_key]))
 147                    || ereg('^(NOW|CURDATE|CURTIME|USER)$', $funcs[$encoded_key])) {
 148             $valuelist .= $funcs[$encoded_key] . '(), ';
 149         } else {
 150             $valuelist .= $funcs[$encoded_key] . '(' . $val . '), ';
 151         }
 152     } // end while
 153
 154     // Builds the sql insert query
 155     $fieldlist = ereg_replace(', $', '', $fieldlist);
 156     $valuelist = ereg_replace(', $', '', $valuelist);
 157     $query     = 'INSERT INTO ' . PMA_backquote($table) . ' (' . $fieldlist . ') VALUES (' . $valuelist . ')';
 158     $message   = $strInsertedRows . '&nbsp;';
 159 } // end row insertion
 160
 161
 162 /**
 163  * Executes the sql query and get the result, then move back to the calling
 164  * page
 165  */
 166 PMA_mysql_select_db($db);
 167 $sql_query = $query . ';';
 168 $result    = PMA_mysql_query($query);
 169 if (!$result) {
 170     $error = PMA_mysql_error();
 171     include('./header.inc.php3');
 172     PMA_mysqlDie($error, '', '', $err_url);
 173 } else {
 174     if (@mysql_affected_rows()) {
 175         $message .= @mysql_affected_rows();
 176     } else {
 177         $message = $strModifications;
 178     }
 179     if ($is_gotofile) {
 180         if ($goto == 'db_details.php3' && !empty($table)) {
 181             unset($table);
 182         }
 183         $js_to_run = 'functions.js';
 184         include('./header.inc.php3');
 185         include('./' . ereg_replace('\.\.*', '.', $goto));
 186     } else {
 187         // I don't understand this one:
 188         //$add_query = (strpos(' ' . $goto, 'tbl_change') ? '&disp_query=' . urlencode($sql_query) : '');
 189
 190         // if we have seen binary,
 191         // we do not append the query to the Location so it won't be displayed
 192         // on the resulting page
 193         $add_query = (!$seen_binary ? '&disp_query=' . urlencode($sql_query) : '');
 194         header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . $add_query);
 195     }
 196     exit();
 197 } // end if
 198 ?>