Fixed for quotes, HTML entities and other weird characters in db/table name.
[phpmyadmin/crack.git] / tbl_addfield.php3
blob2e512d3e1cdfe0f6bc4142cc2dfd11e374696f3f
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
6 /**
7 * Get some core libraries
8 */
9 require('./libraries/grab_globals.lib.php3');
10 $js_to_run = 'functions.js';
11 require('./header.inc.php3');
14 /**
15 * Defines the url to return to in case of error in a sql statement
17 $err_url = 'tbl_properties.php3?' . PMA_generate_common_url($db, $table);
20 /**
21 * The form used to define the field to add has been submitted
23 $abort = false;
24 if (isset($submit)) {
25 $query = '';
27 // Transforms the radio button field_key into 3 arrays
28 $field_cnt = count($field_name);
29 for ($i = 0; $i < $field_cnt; ++$i) {
30 if (isset(${'field_key_' . $i})) {
31 if (${'field_key_' . $i} == 'primary_' . $i) {
32 $field_primary[] = $i;
34 if (${'field_key_' . $i} == 'index_' . $i) {
35 $field_index[] = $i;
37 if (${'field_key_' . $i} == 'unique_' . $i) {
38 $field_unique[] = $i;
40 } // end if
41 } // end for
42 // Builds the field creation statement and alters the table
43 for ($i = 0; $i < $field_cnt; ++$i) {
44 if (empty($field_name[$i])) {
45 continue;
47 if (PMA_MYSQL_INT_VERSION < 32306) {
48 PMA_checkReservedWords($field_name[$i], $err_url);
51 $query .= PMA_backquote($field_name[$i]) . ' ' . $field_type[$i];
52 if ($field_length[$i] != ''
53 && !eregi('^(DATE|DATETIME|TIME|TINYBLOB|TINYTEXT|BLOB|TEXT|MEDIUMBLOB|MEDIUMTEXT|LONGBLOB|LONGTEXT)$', $field_type[$i])) {
54 $query .= '(' . $field_length[$i] . ')';
56 if ($field_attribute[$i] != '') {
57 $query .= ' ' . $field_attribute[$i];
59 if ($field_default[$i] != '') {
60 if (strtoupper($field_default[$i]) == 'NULL') {
61 $query .= ' DEFAULT NULL';
62 } else {
63 $query .= ' DEFAULT \'' . PMA_sqlAddslashes($field_default[$i]) . '\'';
66 if ($field_null[$i] != '') {
67 $query .= ' ' . $field_null[$i];
69 if ($field_extra[$i] != '') {
70 $query .= ' ' . $field_extra[$i];
71 // An auto_increment field must be use as a primary key
72 if ($field_extra[$i] == 'AUTO_INCREMENT' && isset($field_primary)) {
73 $primary_cnt = count($field_primary);
74 for ($j = 0; $j < $primary_cnt && $field_primary[$j] != $i; $j++) {
75 // void
76 } // end for
77 if ($field_primary[$j] == $i) {
78 $query .= ' PRIMARY KEY';
79 unset($field_primary[$j]);
80 } // end if
81 } // end if (auto_increment)
84 if ($after_field != '--end--') {
85 // Only the first field can be added somewhere else than at the end
86 if ($i == 0) {
87 if ($after_field == '--first--') {
88 $query .= ' FIRST';
89 } else {
90 $query .= ' AFTER ' . PMA_backquote(urldecode($after_field));
92 } else {
93 $query .= ' AFTER ' . PMA_backquote($field_name[$i-1]);
96 $query .= ', ADD ';
97 } // end for
98 $query = ereg_replace(', ADD $', '', $query);
100 // To allow replication, we first select the db to use and then run queries
101 // on this db.
102 $sql_query = 'USE ' . PMA_backquote($db);
103 $result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', '', $err_url);
104 $sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' ADD ' . $query;
105 $error_create = false;
106 $result = PMA_mysql_query($sql_query) or $error_create = true;
108 if ($error_create == false) {
110 $sql_query_cpy = $sql_query . ';';
112 // Builds the primary keys statements and updates the table
113 $primary = '';
114 if (isset($field_primary)) {
115 $primary_cnt = count($field_primary);
116 for ($i = 0; $i < $primary_cnt; $i++) {
117 $j = $field_primary[$i];
118 if (!empty($field_name[$j])) {
119 $primary .= PMA_backquote($field_name[$j]) . ', ';
121 } // end for
122 $primary = ereg_replace(', $', '', $primary);
123 if (!empty($primary)) {
124 $sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' ADD PRIMARY KEY (' . $primary . ')';
125 $result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', '', $err_url);
126 $sql_query_cpy .= "\n" . $sql_query . ';';
128 } // end if
130 // Builds the indexes statements and updates the table
131 $index = '';
132 if (isset($field_index)) {
133 $index_cnt = count($field_index);
134 for ($i = 0; $i < $index_cnt; $i++) {
135 $j = $field_index[$i];
136 if (!empty($field_name[$j])) {
137 $index .= PMA_backquote($field_name[$j]) . ', ';
139 } // end for
140 $index = ereg_replace(', $', '', $index);
141 if (!empty($index)) {
142 $sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' ADD INDEX (' . $index . ')';
143 $result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', '', $err_url);
144 $sql_query_cpy .= "\n" . $sql_query . ';';
146 } // end if
148 // Builds the uniques statements and updates the table
149 $unique = '';
150 if (isset($field_unique)) {
151 $unique_cnt = count($field_unique);
152 for ($i = 0; $i < $unique_cnt; $i++) {
153 $j = $field_unique[$i];
154 if (!empty($field_name[$j])) {
155 $unique .= PMA_backquote($field_name[$j]) . ', ';
157 } // end for
158 $unique = ereg_replace(', $', '', $unique);
159 if (!empty($unique)) {
160 $sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' ADD UNIQUE (' . $unique . ')';
161 $result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', '', $err_url);
162 $sql_query_cpy .= "\n" . $sql_query . ';';
164 } // end if
167 // Builds the fulltext statements and updates the table
168 $fulltext = '';
169 if (PMA_MYSQL_INT_VERSION >= 32323 && isset($field_fulltext)) {
170 $fulltext_cnt = count($field_fulltext);
171 for ($i = 0; $i < $fulltext_cnt; $i++) {
172 $j = $field_fulltext[$i];
173 $fulltext .= PMA_backquote($field_name[$j]) . ', ';
174 } // end for
175 $fulltext = ereg_replace(', $', '', $fulltext);
176 if (!empty($fulltext)) {
177 $sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' ADD FULLTEXT (' . $fulltext . ')';
178 $result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', '', $err_url);
179 $sql_query_cpy .= "\n" . $sql_query . ';';
181 } // end if
183 // garvin: If comments were sent, enable relation stuff
184 require('./libraries/relation.lib.php3');
185 require('./libraries/transformations.lib.php3');
187 $cfgRelation = PMA_getRelationsParam();
189 // garvin: Update comment table, if a comment was set.
190 if (isset($field_comments) && is_array($field_comments) && $cfgRelation['commwork']) {
191 @reset($field_comments);
192 while(list($fieldindex, $fieldcomment) = each($field_comments)) {
193 PMA_setComment($db, $table, $field_name[$fieldindex], $fieldcomment);
197 // garvin: Update comment table for mime types [MIME]
198 if (isset($field_mimetype) && is_array($field_mimetype) && $cfgRelation['commwork'] && $cfgRelation['mimework'] && $cfg['BrowseMIME']) {
199 @reset($field_mimetype);
200 while(list($fieldindex, $mimetype) = each($field_mimetype)) {
201 PMA_setMIME($db, $table, $field_name[$fieldindex], $mimetype, $field_transformation[$fieldindex], $field_transformation_options[$fieldindex]);
205 // Go back to the structure sub-page
206 $sql_query = $sql_query_cpy;
207 unset($sql_query_cpy);
208 $message = $strTable . ' ' . htmlspecialchars($table) . ' ' . $strHasBeenAltered;
209 include('./tbl_properties_structure.php3');
210 exit();
211 } else {
212 PMA_mysqlDie('', '', '', $err_url, FALSE);
213 // garvin: An error happened while inserting/updating a table definition.
214 // to prevent total loss of that data, we embed the form once again.
215 // The variable $regenerate will be used to restore data in tbl_properties.inc.php3
216 $num_fields = $orig_num_fields;
217 if (isset($orig_after_field)) {
218 $after_field = $orig_after_field;
220 $regenerate = true;
222 } // end do alter table
225 * Displays the form used to define the new field
227 if ($abort == FALSE) {
228 $action = 'tbl_addfield.php3';
229 include('./tbl_properties.inc.php3');
231 // Diplays the footer
232 echo "\n";
233 include('./footer.inc.php3');