bug #1798646 [display] Character + in query wrongly interpreted
[phpmyadmin/crack.git] / tbl_addfield.php
blobc5ae997e75de7b6b4f04a2a14a073763a65e4d18
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
5 * @version $Id$
6 */
8 /**
9 * Get some core libraries
11 require_once './libraries/common.inc.php';
12 require_once './libraries/Table.class.php';
14 $js_to_run = 'functions.js';
15 require_once './libraries/header.inc.php';
17 // Check parameters
18 PMA_checkParameters(array('db', 'table'));
21 /**
22 * Defines the url to return to in case of error in a sql statement
24 $err_url = 'tbl_sql.php?' . PMA_generate_common_url($db, $table);
26 /**
27 * The form used to define the field to add has been submitted
29 $abort = false;
30 if (isset($submit_num_fields)) {
31 if (isset($orig_after_field)) {
32 $after_field = $orig_after_field;
34 if (isset($orig_field_where)) {
35 $field_where = $orig_field_where;
37 $num_fields = $orig_num_fields + $added_fields;
38 $regenerate = TRUE;
39 } elseif (isset($do_save_data)) {
40 $query = '';
42 // Transforms the radio button field_key into 3 arrays
43 $field_cnt = count($field_name);
44 for ($i = 0; $i < $field_cnt; ++$i) {
45 if (isset(${'field_key_' . $i})) {
46 if (${'field_key_' . $i} == 'primary_' . $i) {
47 $field_primary[] = $i;
49 if (${'field_key_' . $i} == 'index_' . $i) {
50 $field_index[] = $i;
52 if (${'field_key_' . $i} == 'unique_' . $i) {
53 $field_unique[] = $i;
55 } // end if
56 } // end for
57 // Builds the field creation statement and alters the table
59 for ($i = 0; $i < $field_cnt; ++$i) {
60 // '0' is also empty for php :-(
61 if (empty($field_name[$i]) && $field_name[$i] != '0') {
62 continue;
65 $query .= PMA_Table::generateFieldSpec($field_name[$i], $field_type[$i], $field_length[$i], $field_attribute[$i], isset($field_collation[$i]) ? $field_collation[$i] : '', $field_null[$i], $field_default[$i], isset($field_default_current_timestamp[$i]), $field_extra[$i], isset($field_comments[$i]) ? $field_comments[$i] : '', $field_primary, $i);
67 if ($field_where != 'last') {
68 // Only the first field can be added somewhere other than at the end
69 if ($i == 0) {
70 if ($field_where == 'first') {
71 $query .= ' FIRST';
72 } else {
73 $query .= ' AFTER ' . PMA_backquote(urldecode($after_field));
75 } else {
76 $query .= ' AFTER ' . PMA_backquote($field_name[$i-1]);
79 $query .= ', ADD ';
80 } // end for
81 $query = preg_replace('@, ADD $@', '', $query);
83 // To allow replication, we first select the db to use and then run queries
84 // on this db.
85 PMA_DBI_select_db($db) or PMA_mysqlDie(PMA_getError(), 'USE ' . PMA_backquotes($db), '', $err_url);
86 $sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' ADD ' . $query;
87 $error_create = FALSE;
88 PMA_DBI_try_query($sql_query) or $error_create = TRUE;
90 if ($error_create == false) {
92 $sql_query_cpy = $sql_query . ';';
94 // Builds the primary keys statements and updates the table
95 $primary = '';
96 if (isset($field_primary)) {
97 $primary_cnt = count($field_primary);
98 for ($i = 0; $i < $primary_cnt; $i++) {
99 $j = $field_primary[$i];
100 if (isset($field_name[$j]) && strlen($field_name[$j])) {
101 $primary .= PMA_backquote($field_name[$j]) . ', ';
103 } // end for
104 $primary = preg_replace('@, $@', '', $primary);
105 if (strlen($primary)) {
106 $sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' ADD PRIMARY KEY (' . $primary . ');';
107 $result = PMA_DBI_query($sql_query);
108 $sql_query_cpy .= "\n" . $sql_query . ';';
110 } // end if
112 // Builds the indexes statements and updates the table
113 $index = '';
114 if (isset($field_index)) {
115 $index_cnt = count($field_index);
116 for ($i = 0; $i < $index_cnt; $i++) {
117 $j = $field_index[$i];
118 if (isset($field_name[$j]) && strlen($field_name[$j])) {
119 $index .= PMA_backquote($field_name[$j]) . ', ';
121 } // end for
122 $index = preg_replace('@, $@', '', $index);
123 if (strlen($index)) {
124 $sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' ADD INDEX (' . $index . ')';
125 $result = PMA_DBI_query($sql_query);
126 $sql_query_cpy .= "\n" . $sql_query . ';';
128 } // end if
130 // Builds the uniques statements and updates the table
131 $unique = '';
132 if (isset($field_unique)) {
133 $unique_cnt = count($field_unique);
134 for ($i = 0; $i < $unique_cnt; $i++) {
135 $j = $field_unique[$i];
136 if (isset($field_name[$j]) && strlen($field_name[$j])) {
137 $unique .= PMA_backquote($field_name[$j]) . ', ';
139 } // end for
140 $unique = preg_replace('@, $@', '', $unique);
141 if (strlen($unique)) {
142 $sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' ADD UNIQUE (' . $unique . ')';
143 $result = PMA_DBI_query($sql_query);
144 $sql_query_cpy .= "\n" . $sql_query . ';';
146 } // end if
149 // Builds the fulltext statements and updates the table
150 $fulltext = '';
151 if (isset($field_fulltext)) {
152 $fulltext_cnt = count($field_fulltext);
153 for ($i = 0; $i < $fulltext_cnt; $i++) {
154 $j = $field_fulltext[$i];
155 $fulltext .= PMA_backquote($field_name[$j]) . ', ';
156 } // end for
157 $fulltext = preg_replace('@, $@', '', $fulltext);
158 if (strlen($fulltext)) {
159 $sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' ADD FULLTEXT (' . $fulltext . ')';
160 $result = PMA_DBI_query($sql_query);
161 $sql_query_cpy .= "\n" . $sql_query . ';';
163 } // end if
165 // garvin: If comments were sent, enable relation stuff
166 require_once './libraries/relation.lib.php';
167 require_once './libraries/transformations.lib.php';
169 $cfgRelation = PMA_getRelationsParam();
171 // garvin: Update comment table, if a comment was set.
172 if (isset($field_comments) && is_array($field_comments) && $cfgRelation['commwork'] && PMA_MYSQL_INT_VERSION < 40100) {
173 foreach ($field_comments AS $fieldindex => $fieldcomment) {
174 if (isset($field_name[$fieldindex]) && strlen($field_name[$fieldindex])) {
175 PMA_setComment($db, $table, $field_name[$fieldindex], $fieldcomment, '', 'pmadb');
180 // garvin: Update comment table for mime types [MIME]
181 if (isset($field_mimetype) && is_array($field_mimetype) && $cfgRelation['commwork'] && $cfgRelation['mimework'] && $cfg['BrowseMIME']) {
182 foreach ($field_mimetype AS $fieldindex => $mimetype) {
183 if (isset($field_name[$fieldindex]) && strlen($field_name[$fieldindex])) {
184 PMA_setMIME($db, $table, $field_name[$fieldindex], $mimetype, $field_transformation[$fieldindex], $field_transformation_options[$fieldindex]);
189 // Go back to the structure sub-page
190 $sql_query = $sql_query_cpy;
191 unset($sql_query_cpy);
192 $message = $strTable . ' ' . htmlspecialchars($table) . ' ' . $strHasBeenAltered;
193 $active_page = 'tbl_structure.php';
194 require './tbl_structure.php';
195 } else {
196 PMA_mysqlDie('', '', '', $err_url, FALSE);
197 // garvin: An error happened while inserting/updating a table definition.
198 // to prevent total loss of that data, we embed the form once again.
199 // The variable $regenerate will be used to restore data in libraries/tbl_properties.inc.php
200 $num_fields = $orig_num_fields;
201 if (isset($orig_after_field)) {
202 $after_field = $orig_after_field;
204 if (isset($orig_field_where)) {
205 $field_where = $orig_field_where;
207 $regenerate = true;
209 } // end do alter table
212 * Displays the form used to define the new field
214 if ($abort == FALSE) {
216 * Gets tables informations
218 require_once './libraries/tbl_common.php';
219 require_once './libraries/tbl_info.inc.php';
221 * Displays top menu links
223 $active_page = 'tbl_structure.php';
224 require_once './libraries/tbl_links.inc.php';
226 * Display the form
228 $action = 'tbl_addfield.php';
229 require_once './libraries/tbl_properties.inc.php';
231 // Diplays the footer
232 echo "\n";
233 require_once './libraries/footer.inc.php';