tbl_replace.php3

   1 <?php
   2 /* $Id$ */
   3 // vim: expandtab sw=4 ts=4 sts=4:
   4
   5
   6 /**
   7  * Gets some core libraries
   8  */
   9 require('./libraries/grab_globals.lib.php3');
  10 require('./libraries/common.lib.php3');
  11
  12
  13 /**
  14  * Initializes some variables
  15  */
  16 // Defines the url to return in case of success of the query
  17 if (isset($sql_query)) {
  18     $sql_query = urldecode($sql_query);
  19 }
  20 if (!isset($dontlimitchars)) {
  21     $dontlimitchars = 0;
  22 }
  23 $is_gotofile = FALSE;
  24 if (isset($after_insert) && $after_insert == 'new_insert') {
  25     $goto = 'tbl_change.php3?'
  26           . PMA_generate_common_url($db, $table, '&')
  27           . '&goto=' . urlencode($goto)
  28           . '&pos=' . $pos
  29           . '&session_max_rows=' . $session_max_rows
  30           . '&disp_direction=' . $disp_direction
  31           . '&repeat_cells=' . $repeat_cells
  32           . '&dontlimitchars=' . $dontlimitchars
  33           . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
  34 } else if ($goto == 'sql.php3') {
  35     $goto = 'sql.php3?'
  36           . PMA_generate_common_url($db, $table, '&')
  37           . '&pos=' . $pos
  38           . '&session_max_rows=' . $session_max_rows
  39           . '&disp_direction=' . $disp_direction
  40           . '&repeat_cells=' . $repeat_cells
  41           . '&dontlimitchars=' . $dontlimitchars
  42           . '&sql_query=' . urlencode($sql_query);
  43 } else if (!empty($goto)) {
  44     // Security checkings
  45     $is_gotofile     = ereg_replace('^([^?]+).*$', '\\1', $goto);
  46     if (!@file_exists('./' . $is_gotofile)) {
  47         $goto        = (empty($table)) ? 'db_details.php3' : 'tbl_properties.php3';
  48         $is_gotofile = TRUE;
  49     } else {
  50         $is_gotofile = ($is_gotofile == $goto);
  51     }
  52 }
  53
  54 // Defines the url to return in case of failure of the query
  55 if (isset($err_url)) {
  56     $err_url = urldecode($err_url);
  57 } else {
  58     $err_url = str_replace('&', '&amp;', $goto)
  59              . (empty($primary_key) ? '' : '&amp;primary_key=' . $primary_key);
  60 }
  61
  62 // Resets tables defined in the configuration file
  63 reset($fields);
  64 if (isset($funcs)) {
  65     reset($funcs);
  66 }
  67
  68 // Misc
  69 $seen_binary = FALSE;
  70
  71 /**
  72  * Prepares the update of a row
  73  */
  74 if (isset($primary_key) && ($submit_type != $strInsertAsNewRow)) {
  75     // Restore the "primary key" to a convenient format
  76     $primary_key = urldecode($primary_key);
  77
  78     // Defines the SET part of the sql query
  79     $valuelist = '';
  80
  81     while (list($key, $val) = each($fields)) {
  82         $encoded_key = $key;
  83         $key         = urldecode($key);
  84
  85         include('./tbl_replace_fields.php3');
  86
  87         // No change for this column and no MySQL function is used -> next column
  88         if (empty($funcs[$encoded_key])
  89             && isset($fields_prev) && isset($fields_prev[$encoded_key])
  90             && ("'" . PMA_sqlAddslashes(urldecode($fields_prev[$encoded_key])) . "'" == $val)) {
  91             continue;
  92         }
  93         else if (!empty($val)) {
  94             if (empty($funcs[$encoded_key])) {
  95                 $valuelist .= PMA_backquote($key) . ' = ' . $val . ', ';
  96             } else if ($val == '\'\''
  97                        && (ereg('^(NOW|CURDATE|CURTIME|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$', $funcs[$encoded_key]))) {
  98                 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . '(), ';
  99             } else {
 100                 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . "($val), ";
 101             }
 102         }
 103     } // end while
 104
 105     // Builds the sql update query
 106     $valuelist    = ereg_replace(', $', '', $valuelist);
 107     if (!empty($valuelist)) {
 108         $query    = 'UPDATE ' . PMA_backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key
 109                   . ((PMA_MYSQL_INT_VERSION >= 32300) ? ' LIMIT 1' : '');
 110         $message  = $strAffectedRows . '&nbsp;';
 111     }
 112     // No change -> move back to the calling script
 113     else {
 114         $message = $strNoModification;
 115         if ($is_gotofile) {
 116             $js_to_run = 'functions.js';
 117             include('./header.inc.php3');
 118             include('./' . ereg_replace('\.\.*', '.', $goto));
 119         } else {
 120             header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&message=' . urlencode($message));
 121         }
 122         exit();
 123     }
 124 } // end row update
 125
 126
 127 /**
 128  *  Prepares the insert of a row
 129  */
 130 else {
 131     $fieldlist = '';
 132     $valuelist = '';
 133     while (list($key, $val) = each($fields)) {
 134         $encoded_key = $key;
 135         $key         = urldecode($key);
 136         $fieldlist   .= PMA_backquote($key) . ', ';
 137
 138         include('./tbl_replace_fields.php3');
 139
 140         if (empty($funcs[$encoded_key])) {
 141             $valuelist .= $val . ', ';
 142         } else if (($val == '\'\''
 143                    && ereg('^(UNIX_TIMESTAMP|RAND|LAST_INSERT_ID)$', $funcs[$encoded_key]))
 144                    || ereg('^(NOW|CURDATE|CURTIME|USER)$', $funcs[$encoded_key])) {
 145             $valuelist .= $funcs[$encoded_key] . '(), ';
 146         } else {
 147             $valuelist .= $funcs[$encoded_key] . '(' . $val . '), ';
 148         }
 149     } // end while
 150
 151     // Builds the sql insert query
 152     $fieldlist = ereg_replace(', $', '', $fieldlist);
 153     $valuelist = ereg_replace(', $', '', $valuelist);
 154     $query     = 'INSERT INTO ' . PMA_backquote($table) . ' (' . $fieldlist . ') VALUES (' . $valuelist . ')';
 155     $message   = $strInsertedRows . '&nbsp;';
 156 } // end row insertion
 157
 158
 159 /**
 160  * Executes the sql query and get the result, then move back to the calling
 161  * page
 162  */
 163 PMA_mysql_select_db($db);
 164 $sql_query = $query . ';';
 165 $result    = PMA_mysql_query($query);
 166 if (!$result) {
 167     $error = PMA_mysql_error();
 168     include('./header.inc.php3');
 169     PMA_mysqlDie($error, '', '', $err_url);
 170 } else {
 171     if (@mysql_affected_rows()) {
 172         $message .= @mysql_affected_rows();
 173     } else {
 174         $message = $strModifications;
 175     }
 176     if ($is_gotofile) {
 177         if ($goto == 'db_details.php3' && !empty($table)) {
 178             unset($table);
 179         }
 180         $js_to_run = 'functions.js';
 181         include('./header.inc.php3');
 182         include('./' . ereg_replace('\.\.*', '.', $goto));
 183     } else {
 184         // I don't understand this one:
 185         //$add_query = (strpos(' ' . $goto, 'tbl_change') ? '&disp_query=' . urlencode($sql_query) : '');
 186
 187         // if we have seen binary,
 188         // we do not append the query to the Location so it won't be displayed
 189         // on the resulting page
 190         $add_query = (!$seen_binary ? '&disp_query=' . urlencode($sql_query) : '');
 191         header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . $add_query);
 192     }
 193     exit();
 194 } // end if
 195 ?>