tbl_replace.php3

   1 <?php
   2 /* $Id$ */
   3 // vim: expandtab sw=4 ts=4 sts=4:
   4
   5
   6 /**
   7  * Gets some core libraries
   8  */
   9 require('./libraries/grab_globals.lib.php3');
  10 require('./libraries/common.lib.php3');
  11
  12
  13 /**
  14  * Initializes some variables
  15  */
  16 // Defines the url to return in case of success of the query
  17 if (isset($sql_query)) {
  18     $sql_query = urldecode($sql_query);
  19 }
  20 if (!isset($dontlimitchars)) {
  21     $dontlimitchars = 0;
  22 }
  23 $is_gotofile = FALSE;
  24 if (isset($after_insert) && $after_insert == 'new_insert') {
  25     $goto = 'tbl_change.php3'
  26           . '?lang=' . $lang
  27           . '&convcharset=' . $convcharset
  28           . '&server=' . $server
  29           . '&db=' . urlencode($db)
  30           . '&table=' . urlencode($table)
  31           . '&goto=' . urlencode($goto)
  32           . '&pos=' . $pos
  33           . '&session_max_rows=' . $session_max_rows
  34           . '&disp_direction=' . $disp_direction
  35           . '&repeat_cells=' . $repeat_cells
  36           . '&dontlimitchars=' . $dontlimitchars
  37           . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
  38 } else if ($goto == 'sql.php3') {
  39     $goto = 'sql.php3?'
  40           . 'lang=' . $lang
  41           . '&convcharset=' . $convcharset
  42           . '&server=' . $server
  43           . '&db=' . urlencode($db)
  44           . '&table=' . urlencode($table)
  45           . '&pos=' . $pos
  46           . '&session_max_rows=' . $session_max_rows
  47           . '&disp_direction=' . $disp_direction
  48           . '&repeat_cells=' . $repeat_cells
  49           . '&dontlimitchars=' . $dontlimitchars
  50           . '&sql_query=' . urlencode($sql_query);
  51 } else if (!empty($goto)) {
  52     // Security checkings
  53     $is_gotofile     = ereg_replace('^([^?]+).*$', '\\1', $goto);
  54     if (!@file_exists('./' . $is_gotofile)) {
  55         $goto        = (empty($table)) ? 'db_details.php3' : 'tbl_properties.php3';
  56         $is_gotofile = TRUE;
  57     } else {
  58         $is_gotofile = ($is_gotofile == $goto);
  59     }
  60 }
  61
  62 // Defines the url to return in case of failure of the query
  63 if (isset($err_url)) {
  64     $err_url = urldecode($err_url);
  65 } else {
  66     $err_url = str_replace('&', '&amp;', $goto)
  67              . (empty($primary_key) ? '' : '&amp;primary_key=' . $primary_key);
  68 }
  69
  70 // Resets tables defined in the configuration file
  71 reset($fields);
  72 if (isset($funcs)) {
  73     reset($funcs);
  74 }
  75
  76 // Misc
  77 if (get_magic_quotes_gpc()) {
  78     $submit_type = stripslashes($submit_type);
  79 }
  80
  81
  82 /**
  83  * Prepares the update of a row
  84  */
  85 if (isset($primary_key) && ($submit_type != $strInsertAsNewRow)) {
  86     // Restore the "primary key" to a convenient format
  87     $primary_key = urldecode($primary_key);
  88
  89     // Defines the SET part of the sql query
  90     $valuelist = '';
  91     while (list($key, $val) = each($fields)) {
  92         $encoded_key = $key;
  93         $key         = urldecode($key);
  94
  95         switch (strtolower($val)) {
  96             case 'null':
  97                 break;
  98             case '$enum$':
  99                 // if we have an enum, then construct the value
 100                 $f = 'field_' . md5($key);
 101                 if (!empty($$f)) {
 102                     $val     = implode(',', $$f);
 103                     if ($val == 'null') {
 104                         // void
 105                     } else {
 106                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 107                     }
 108                 } else {
 109                     $val     = "''";
 110                 }
 111                 break;
 112             case '$set$':
 113                 // if we have a set, then construct the value
 114                 $f = 'field_' . md5($key);
 115                 if (!empty($$f)) {
 116                     $val = implode(',', $$f);
 117                     $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 118                 } else {
 119                     $val = "''";
 120                 }
 121                 break;
 122             case '$foreign$':
 123                 // if we have a foreign key, then construct the value
 124                 $f = 'field_' . md5($key);
 125                 if (!empty($$f)) {
 126                     $val     = implode(',', $$f);
 127                     if ($val == 'null') {
 128                         // void
 129                     } else {
 130                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 131                     }
 132                 } else {
 133                     $val     = "''";
 134                 }
 135                 break;
 136             default:
 137                 if (get_magic_quotes_gpc()) {
 138                     $val = "'" . str_replace('\\"', '"', $val) . "'";
 139                 } else {
 140                     $val = "'" . PMA_sqlAddslashes($val) . "'";
 141                 }
 142                 break;
 143         } // end switch
 144
 145         // Was the Null checkbox checked for this field?
 146         if (isset($fields_null) && isset($fields_null[$encoded_key])) {
 147             $val = 'NULL';
 148         }
 149
 150         // No change for this column and no MySQL function is used -> next column
 151         if (empty($funcs[$encoded_key])
 152             && isset($fields_prev) && isset($fields_prev[$encoded_key])
 153             && ("'" . PMA_sqlAddslashes(urldecode($fields_prev[$encoded_key])) . "'" == $val)) {
 154             continue;
 155         }
 156         else if (!empty($val)) {
 157             if (empty($funcs[$encoded_key])) {
 158                 $valuelist .= PMA_backquote($key) . ' = ' . $val . ', ';
 159             } else if ($val == '\'\''
 160                        && (ereg('^(NOW|CURDATE|CURTIME|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$', $funcs[$encoded_key]))) {
 161                 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . '(), ';
 162             } else {
 163                 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . "($val), ";
 164             }
 165         }
 166     } // end while
 167
 168     // Builds the sql upate query
 169     $valuelist    = ereg_replace(', $', '', $valuelist);
 170     if (!empty($valuelist)) {
 171         $query    = 'UPDATE ' . PMA_backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key
 172                   . ((PMA_MYSQL_INT_VERSION >= 32300) ? ' LIMIT 1' : '');
 173         $message  = $strAffectedRows . '&nbsp;';
 174     }
 175     // No change -> move back to the calling script
 176     else {
 177         $message = $strNoModification;
 178         if ($is_gotofile) {
 179             $js_to_run = 'functions.js';
 180             include('./header.inc.php3');
 181             include('./' . ereg_replace('\.\.*', '.', $goto));
 182         } else {
 183             header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&message=' . urlencode($message));
 184         }
 185         exit();
 186     }
 187 } // end row update
 188
 189
 190 /**
 191  *  Prepares the insert of a row
 192  */
 193 else {
 194     $fieldlist = '';
 195     $valuelist = '';
 196     while (list($key, $val) = each($fields)) {
 197         $encoded_key = $key;
 198         $key         = urldecode($key);
 199         $fieldlist   .= PMA_backquote($key) . ', ';
 200
 201         switch (strtolower($val)) {
 202             case 'null':
 203                 break;
 204             case '$enum$':
 205                 // if we have a set, then construct the value
 206                 $f = 'field_' . md5($key);
 207                 if (!empty($$f)) {
 208                     $val     = implode(',', $$f);
 209                     if ($val == 'null') {
 210                         // void
 211                     } else {
 212                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 213                     }
 214                 } else {
 215                     $val     = "''";
 216                 }
 217                 break;
 218             case '$set$':
 219                 // if we have a set, then construct the value
 220                 $f = 'field_' . md5($key);
 221                 if (!empty($$f)) {
 222                     $val = implode(',', $$f);
 223                     $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 224                 } else {
 225                     $val = "''";
 226                 }
 227                 break;
 228             case '$foreign$':
 229                 // if we have a foreign key, then construct the value
 230                 $f = 'field_' . md5($key);
 231                 if (!empty($$f)) {
 232                     $val     = implode(',', $$f);
 233                     if ($val == 'null') {
 234                         // void
 235                     } else {
 236                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 237                     }
 238                 } else {
 239                     $val     = "''";
 240                 }
 241                 break;
 242             default:
 243                 if (get_magic_quotes_gpc()) {
 244                     $val = "'" . str_replace('\\"', '"', $val) . "'";
 245                 } else {
 246                     $val = "'" . PMA_sqlAddslashes($val) . "'";
 247                 }
 248                 break;
 249         } // end switch
 250
 251         // Was the Null checkbox checked for this field?
 252         if (isset($fields_null) && isset($fields_null[$encoded_key])) {
 253             $val = 'NULL';
 254         }
 255
 256         if (empty($funcs[$encoded_key])) {
 257             $valuelist .= $val . ', ';
 258         } else if (($val == '\'\''
 259                    && ereg('^(UNIX_TIMESTAMP|RAND|LAST_INSERT_ID)$', $funcs[$encoded_key]))
 260                    || ereg('^(NOW|CURDATE|CURTIME|USER)$', $funcs[$encoded_key])) {
 261             $valuelist .= $funcs[$encoded_key] . '(), ';
 262         } else {
 263             $valuelist .= $funcs[$encoded_key] . '(' . $val . '), ';
 264         }
 265     } // end while
 266
 267     // Builds the sql insert query
 268     $fieldlist = ereg_replace(', $', '', $fieldlist);
 269     $valuelist = ereg_replace(', $', '', $valuelist);
 270     $query     = 'INSERT INTO ' . PMA_backquote($table) . ' (' . $fieldlist . ') VALUES (' . $valuelist . ')';
 271     $message   = $strInsertedRows . '&nbsp;';
 272 } // end row insertion
 273
 274
 275 /**
 276  * Executes the sql query and get the result, then move back to the calling
 277  * page
 278  */
 279 PMA_mysql_select_db($db);
 280 $sql_query = $query . ';';
 281 $result    = PMA_mysql_query($query);
 282
 283 if (!$result) {
 284     $error = PMA_mysql_error();
 285     include('./header.inc.php3');
 286     PMA_mysqlDie($error, '', '', $err_url);
 287 } else {
 288     if (@mysql_affected_rows()) {
 289         $message .= @mysql_affected_rows();
 290     } else {
 291         $message = $strModifications;
 292     }
 293     if ($is_gotofile) {
 294         if ($goto == 'db_details.php3' && !empty($table)) {
 295             unset($table);
 296         }
 297         $js_to_run = 'functions.js';
 298         include('./header.inc.php3');
 299         include('./' . ereg_replace('\.\.*', '.', $goto));
 300     } else {
 301         $add_query = (strpos(' ' . $goto, 'tbl_change') ? '&disp_query=' . urlencode($sql_query) : '');
 302         header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&message=' . urlencode($message) . $add_query);
 303     }
 304     exit();
 305 } // end if
 306 ?>