search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update
[phpmyadmin/crack.git] / tbl_replace.php3
blob5d66fbf7948046512d3de54e541d47c439615a4f
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5
6 /**
7 * Gets some core libraries
8 */
9 require('./libraries/grab_globals.lib.php3');
10 require('./libraries/common.lib.php3');
11
12
13 /**
14 * Initializes some variables
15 */
16 // Defines the url to return in case of success of the query
17 if (isset($sql_query)) {
18 $sql_query = urldecode($sql_query);
19 }
20 if (!isset($dontlimitchars)) {
21 $dontlimitchars = 0;
22 }
23 $is_gotofile = FALSE;
24 if (isset($after_insert) && $after_insert == 'new_insert') {
25 $goto = 'tbl_change.php3'
26 . '?lang=' . $lang
27 . '&convcharset=' . $convcharset
28 . '&server=' . $server
29 . '&db=' . urlencode($db)
30 . '&table=' . urlencode($table)
31 . '&goto=' . urlencode($goto)
32 . '&pos=' . $pos
33 . '&session_max_rows=' . $session_max_rows
34 . '&disp_direction=' . $disp_direction
35 . '&repeat_cells=' . $repeat_cells
36 . '&dontlimitchars=' . $dontlimitchars
37 . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
38 } else if ($goto == 'sql.php3') {
39 $goto = 'sql.php3?'
40 . 'lang=' . $lang
41 . '&convcharset=' . $convcharset
42 . '&server=' . $server
43 . '&db=' . urlencode($db)
44 . '&table=' . urlencode($table)
45 . '&pos=' . $pos
46 . '&session_max_rows=' . $session_max_rows
47 . '&disp_direction=' . $disp_direction
48 . '&repeat_cells=' . $repeat_cells
49 . '&dontlimitchars=' . $dontlimitchars
50 . '&sql_query=' . urlencode($sql_query);
51 } else if (!empty($goto)) {
52 // Security checkings
53 $is_gotofile = ereg_replace('^([^?]+).*$', '\\1', $goto);
54 if (!@file_exists('./' . $is_gotofile)) {
55 $goto = (empty($table)) ? 'db_details.php3' : 'tbl_properties.php3';
56 $is_gotofile = TRUE;
57 } else {
58 $is_gotofile = ($is_gotofile == $goto);
59 }
60 }
61
62 // Defines the url to return in case of failure of the query
63 if (isset($err_url)) {
64 $err_url = urldecode($err_url);
65 } else {
66 $err_url = str_replace('&', '&amp;', $goto)
67 . (empty($primary_key) ? '' : '&amp;primary_key=' . $primary_key);
68 }
69
70 // Resets tables defined in the configuration file
71 reset($fields);
72 if (isset($funcs)) {
73 reset($funcs);
74 }
75
76 // Misc
77 if (get_magic_quotes_gpc()) {
78 $submit_type = stripslashes($submit_type);
79 }
80
81
82 /**
83 * Prepares the update of a row
84 */
85 if (isset($primary_key) && ($submit_type != $strInsertAsNewRow)) {
86 // Restore the "primary key" to a convenient format
87 $primary_key = urldecode($primary_key);
88
89 // Defines the SET part of the sql query
90 $valuelist = '';
91 while (list($key, $val) = each($fields)) {
92 $encoded_key = $key;
93 $key = urldecode($key);
94
95 switch (strtolower($val)) {
96 case 'null':
97 break;
98 case '$enum$':
99 // if we have an enum, then construct the value
100 $f = 'field_' . md5($key);
101 if (!empty($$f)) {
102 $val = implode(',', $$f);
103 if ($val == 'null') {
104 // void
105 } else {
106 $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
107 }
108 } else {
109 $val = "''";
110 }
111 break;
112 case '$set$':
113 // if we have a set, then construct the value
114 $f = 'field_' . md5($key);
115 if (!empty($$f)) {
116 $val = implode(',', $$f);
117 $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
118 } else {
119 $val = "''";
120 }
121 break;
122 case '$foreign$':
123 // if we have a foreign key, then construct the value
124 $f = 'field_' . md5($key);
125 if (!empty($$f)) {
126 $val = implode(',', $$f);
127 if ($val == 'null') {
128 // void
129 } else {
130 $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
131 }
132 } else {
133 $val = "''";
134 }
135 break;
136 default:
137 if (get_magic_quotes_gpc()) {
138 $val = "'" . str_replace('\\"', '"', $val) . "'";
139 } else {
140 $val = "'" . PMA_sqlAddslashes($val) . "'";
141 }
142 break;
143 } // end switch
144
145 // Was the Null checkbox checked for this field?
146 // (if there is a value, we ignore the Null checkbox: this could
147 // be possible if Javascript is disabled in the browser)
148 if (isset($fields_null) && isset($fields_null[$encoded_key])
149 && $val=="''") {
150 $val = 'NULL';
151 }
152
153 // No change for this column and no MySQL function is used -> next column
154 if (empty($funcs[$encoded_key])
155 && isset($fields_prev) && isset($fields_prev[$encoded_key])
156 && ("'" . PMA_sqlAddslashes(urldecode($fields_prev[$encoded_key])) . "'" == $val)) {
157 continue;
158 }
159 else if (!empty($val)) {
160 if (empty($funcs[$encoded_key])) {
161 $valuelist .= PMA_backquote($key) . ' = ' . $val . ', ';
162 } else if ($val == '\'\''
163 && (ereg('^(NOW|CURDATE|CURTIME|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$', $funcs[$encoded_key]))) {
164 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . '(), ';
165 } else {
166 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . "($val), ";
167 }
168 }
169 } // end while
170
171 // Builds the sql update query
172 $valuelist = ereg_replace(', $', '', $valuelist);
173 if (!empty($valuelist)) {
174 $query = 'UPDATE ' . PMA_backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key
175 . ((PMA_MYSQL_INT_VERSION >= 32300) ? ' LIMIT 1' : '');
176 $message = $strAffectedRows . '&nbsp;';
177 }
178 // No change -> move back to the calling script
179 else {
180 $message = $strNoModification;
181 if ($is_gotofile) {
182 $js_to_run = 'functions.js';
183 include('./header.inc.php3');
184 include('./' . ereg_replace('\.\.*', '.', $goto));
185 } else {
186 header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&message=' . urlencode($message));
187 }
188 exit();
189 }
190 } // end row update
191
192
193 /**
194 * Prepares the insert of a row
195 */
196 else {
197 $fieldlist = '';
198 $valuelist = '';
199 while (list($key, $val) = each($fields)) {
200 $encoded_key = $key;
201 $key = urldecode($key);
202 $fieldlist .= PMA_backquote($key) . ', ';
203
204 switch (strtolower($val)) {
205 case 'null':
206 break;
207 case '$enum$':
208 // if we have a set, then construct the value
209 $f = 'field_' . md5($key);
210 if (!empty($$f)) {
211 $val = implode(',', $$f);
212 if ($val == 'null') {
213 // void
214 } else {
215 $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
216 }
217 } else {
218 $val = "''";
219 }
220 break;
221 case '$set$':
222 // if we have a set, then construct the value
223 $f = 'field_' . md5($key);
224 if (!empty($$f)) {
225 $val = implode(',', $$f);
226 $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
227 } else {
228 $val = "''";
229 }
230 break;
231 case '$foreign$':
232 // if we have a foreign key, then construct the value
233 $f = 'field_' . md5($key);
234 if (!empty($$f)) {
235 $val = implode(',', $$f);
236 if ($val == 'null') {
237 // void
238 } else {
239 $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
240 }
241 } else {
242 $val = "''";
243 }
244 break;
245 default:
246 if (get_magic_quotes_gpc()) {
247 $val = "'" . str_replace('\\"', '"', $val) . "'";
248 } else {
249 $val = "'" . PMA_sqlAddslashes($val) . "'";
250 }
251 break;
252 } // end switch
253
254 // Was the Null checkbox checked for this field?
255 // (if there is a value, we ignore the Null checkbox: this could
256 // be possible if Javascript is disabled in the browser)
257 if (isset($fields_null) && isset($fields_null[$encoded_key])
258 && $val=="''") {
259 $val = 'NULL';
260 }
261
262 if (empty($funcs[$encoded_key])) {
263 $valuelist .= $val . ', ';
264 } else if (($val == '\'\''
265 && ereg('^(UNIX_TIMESTAMP|RAND|LAST_INSERT_ID)$', $funcs[$encoded_key]))
266 || ereg('^(NOW|CURDATE|CURTIME|USER)$', $funcs[$encoded_key])) {
267 $valuelist .= $funcs[$encoded_key] . '(), ';
268 } else {
269 $valuelist .= $funcs[$encoded_key] . '(' . $val . '), ';
270 }
271 } // end while
272
273 // Builds the sql insert query
274 $fieldlist = ereg_replace(', $', '', $fieldlist);
275 $valuelist = ereg_replace(', $', '', $valuelist);
276 $query = 'INSERT INTO ' . PMA_backquote($table) . ' (' . $fieldlist . ') VALUES (' . $valuelist . ')';
277 $message = $strInsertedRows . '&nbsp;';
278 } // end row insertion
279
280
281 /**
282 * Executes the sql query and get the result, then move back to the calling
283 * page
284 */
285 PMA_mysql_select_db($db);
286 $sql_query = $query . ';';
287 $result = PMA_mysql_query($query);
288
289 if (!$result) {
290 $error = PMA_mysql_error();
291 include('./header.inc.php3');
292 PMA_mysqlDie($error, '', '', $err_url);
293 } else {
294 if (@mysql_affected_rows()) {
295 $message .= @mysql_affected_rows();
296 } else {
297 $message = $strModifications;
298 }
299 if ($is_gotofile) {
300 if ($goto == 'db_details.php3' && !empty($table)) {
301 unset($table);
302 }
303 $js_to_run = 'functions.js';
304 include('./header.inc.php3');
305 include('./' . ereg_replace('\.\.*', '.', $goto));
306 } else {
307 $add_query = (strpos(' ' . $goto, 'tbl_change') ? '&disp_query=' . urlencode($sql_query) : '');
308 header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&message=' . urlencode($message) . $add_query);
309 }
310 exit();
311 } // end if
312 ?>
Drizzle / GSOC 2011