tbl_replace.php3

   1 <?php
   2 /* $Id$ */
   3 // vim: expandtab sw=4 ts=4 sts=4:
   4
   5
   6 /**
   7  * Gets some core libraries
   8  */
   9 require('./libraries/grab_globals.lib.php3');
  10 require('./libraries/common.lib.php3');
  11
  12
  13 /**
  14  * Initializes some variables
  15  */
  16 // Defines the url to return in case of success of the query
  17 if (isset($sql_query)) {
  18     $sql_query = urldecode($sql_query);
  19 }
  20 if (!isset($dontlimitchars)) {
  21     $dontlimitchars = 0;
  22 }
  23 $is_gotofile = FALSE;
  24 if (isset($after_insert) && $after_insert == 'new_insert') {
  25     $goto = 'tbl_change.php3?'
  26           . PMA_generate_common_url($db, $table, '&')
  27           . '&goto=' . urlencode($goto)
  28           . '&pos=' . $pos
  29           . '&session_max_rows=' . $session_max_rows
  30           . '&disp_direction=' . $disp_direction
  31           . '&repeat_cells=' . $repeat_cells
  32           . '&dontlimitchars=' . $dontlimitchars
  33           . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
  34 } else if ($goto == 'sql.php3') {
  35     $goto = 'sql.php3?'
  36           . PMA_generate_common_url($db, $table, '&')
  37           . '&pos=' . $pos
  38           . '&session_max_rows=' . $session_max_rows
  39           . '&disp_direction=' . $disp_direction
  40           . '&repeat_cells=' . $repeat_cells
  41           . '&dontlimitchars=' . $dontlimitchars
  42           . '&sql_query=' . urlencode($sql_query);
  43 } else if (!empty($goto)) {
  44     // Security checkings
  45     $is_gotofile     = ereg_replace('^([^?]+).*$', '\\1', $goto);
  46     if (!@file_exists('./' . $is_gotofile)) {
  47         $goto        = (empty($table)) ? 'db_details.php3' : 'tbl_properties.php3';
  48         $is_gotofile = TRUE;
  49     } else {
  50         $is_gotofile = ($is_gotofile == $goto);
  51     }
  52 }
  53
  54 // Defines the url to return in case of failure of the query
  55 if (isset($err_url)) {
  56     $err_url = urldecode($err_url);
  57 } else {
  58     $err_url = str_replace('&', '&amp;', $goto)
  59              . (empty($primary_key) ? '' : '&amp;primary_key=' . $primary_key);
  60 }
  61
  62 // Resets tables defined in the configuration file
  63 reset($fields);
  64 if (isset($funcs)) {
  65     reset($funcs);
  66 }
  67
  68 // Misc
  69 if (get_magic_quotes_gpc()) {
  70     $submit_type = stripslashes($submit_type);
  71 }
  72
  73
  74 /**
  75  * Prepares the update of a row
  76  */
  77 if (isset($primary_key) && ($submit_type != $strInsertAsNewRow)) {
  78     // Restore the "primary key" to a convenient format
  79     $primary_key = urldecode($primary_key);
  80
  81     // Defines the SET part of the sql query
  82     $valuelist = '';
  83     while (list($key, $val) = each($fields)) {
  84         $encoded_key = $key;
  85         $key         = urldecode($key);
  86
  87         switch (strtolower($val)) {
  88             case 'null':
  89                 break;
  90             case '$enum$':
  91                 // if we have an enum, then construct the value
  92                 $f = 'field_' . md5($key);
  93                 if (!empty($$f)) {
  94                     $val     = implode(',', $$f);
  95                     if ($val == 'null') {
  96                         // void
  97                     } else {
  98                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
  99                     }
 100                 } else {
 101                     $val     = "''";
 102                 }
 103                 break;
 104             case '$set$':
 105                 // if we have a set, then construct the value
 106                 $f = 'field_' . md5($key);
 107                 if (!empty($$f)) {
 108                     $val = implode(',', $$f);
 109                     $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 110                 } else {
 111                     $val = "''";
 112                 }
 113                 break;
 114             case '$foreign$':
 115                 // if we have a foreign key, then construct the value
 116                 $f = 'field_' . md5($key);
 117                 if (!empty($$f)) {
 118                     $val     = implode(',', $$f);
 119                     if ($val == 'null') {
 120                         // void
 121                     } else {
 122                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 123                     }
 124                 } else {
 125                     $val     = "''";
 126                 }
 127                 break;
 128             default:
 129                 if (get_magic_quotes_gpc()) {
 130                     $val = "'" . str_replace('\\"', '"', $val) . "'";
 131                 } else {
 132                     $val = "'" . PMA_sqlAddslashes($val) . "'";
 133                 }
 134                 break;
 135         } // end switch
 136
 137         // Was the Null checkbox checked for this field?
 138         // (if there is a value, we ignore the Null checkbox: this could
 139         // be possible if Javascript is disabled in the browser)
 140         if (isset($fields_null) && isset($fields_null[$encoded_key])
 141             && $val=="''") {
 142             $val = 'NULL';
 143         }
 144
 145         // No change for this column and no MySQL function is used -> next column
 146         if (empty($funcs[$encoded_key])
 147             && isset($fields_prev) && isset($fields_prev[$encoded_key])
 148             && ("'" . PMA_sqlAddslashes(urldecode($fields_prev[$encoded_key])) . "'" == $val)) {
 149             continue;
 150         }
 151         else if (!empty($val)) {
 152             if (empty($funcs[$encoded_key])) {
 153                 $valuelist .= PMA_backquote($key) . ' = ' . $val . ', ';
 154             } else if ($val == '\'\''
 155                        && (ereg('^(NOW|CURDATE|CURTIME|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$', $funcs[$encoded_key]))) {
 156                 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . '(), ';
 157             } else {
 158                 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . "($val), ";
 159             }
 160         }
 161     } // end while
 162
 163     // Builds the sql update query
 164     $valuelist    = ereg_replace(', $', '', $valuelist);
 165     if (!empty($valuelist)) {
 166         $query    = 'UPDATE ' . PMA_backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key
 167                   . ((PMA_MYSQL_INT_VERSION >= 32300) ? ' LIMIT 1' : '');
 168         $message  = $strAffectedRows . '&nbsp;';
 169     }
 170     // No change -> move back to the calling script
 171     else {
 172         $message = $strNoModification;
 173         if ($is_gotofile) {
 174             $js_to_run = 'functions.js';
 175             include('./header.inc.php3');
 176             include('./' . ereg_replace('\.\.*', '.', $goto));
 177         } else {
 178             header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&message=' . urlencode($message));
 179         }
 180         exit();
 181     }
 182 } // end row update
 183
 184
 185 /**
 186  *  Prepares the insert of a row
 187  */
 188 else {
 189     $fieldlist = '';
 190     $valuelist = '';
 191     while (list($key, $val) = each($fields)) {
 192         $encoded_key = $key;
 193         $key         = urldecode($key);
 194         $fieldlist   .= PMA_backquote($key) . ', ';
 195
 196         switch (strtolower($val)) {
 197             case 'null':
 198                 break;
 199             case '$enum$':
 200                 // if we have a set, then construct the value
 201                 $f = 'field_' . md5($key);
 202                 if (!empty($$f)) {
 203                     $val     = implode(',', $$f);
 204                     if ($val == 'null') {
 205                         // void
 206                     } else {
 207                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 208                     }
 209                 } else {
 210                     $val     = "''";
 211                 }
 212                 break;
 213             case '$set$':
 214                 // if we have a set, then construct the value
 215                 $f = 'field_' . md5($key);
 216                 if (!empty($$f)) {
 217                     $val = implode(',', $$f);
 218                     $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 219                 } else {
 220                     $val = "''";
 221                 }
 222                 break;
 223             case '$foreign$':
 224                 // if we have a foreign key, then construct the value
 225                 $f = 'field_' . md5($key);
 226                 if (!empty($$f)) {
 227                     $val     = implode(',', $$f);
 228                     if ($val == 'null') {
 229                         // void
 230                     } else {
 231                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 232                     }
 233                 } else {
 234                     $val     = "''";
 235                 }
 236                 break;
 237             default:
 238                 if (get_magic_quotes_gpc()) {
 239                     $val = "'" . str_replace('\\"', '"', $val) . "'";
 240                 } else {
 241                     $val = "'" . PMA_sqlAddslashes($val) . "'";
 242                 }
 243                 break;
 244         } // end switch
 245
 246         // Was the Null checkbox checked for this field?
 247         // (if there is a value, we ignore the Null checkbox: this could
 248         // be possible if Javascript is disabled in the browser)
 249         if (isset($fields_null) && isset($fields_null[$encoded_key])
 250             && $val=="''") {
 251             $val = 'NULL';
 252         }
 253
 254         if (empty($funcs[$encoded_key])) {
 255             $valuelist .= $val . ', ';
 256         } else if (($val == '\'\''
 257                    && ereg('^(UNIX_TIMESTAMP|RAND|LAST_INSERT_ID)$', $funcs[$encoded_key]))
 258                    || ereg('^(NOW|CURDATE|CURTIME|USER)$', $funcs[$encoded_key])) {
 259             $valuelist .= $funcs[$encoded_key] . '(), ';
 260         } else {
 261             $valuelist .= $funcs[$encoded_key] . '(' . $val . '), ';
 262         }
 263     } // end while
 264
 265     // Builds the sql insert query
 266     $fieldlist = ereg_replace(', $', '', $fieldlist);
 267     $valuelist = ereg_replace(', $', '', $valuelist);
 268     $query     = 'INSERT INTO ' . PMA_backquote($table) . ' (' . $fieldlist . ') VALUES (' . $valuelist . ')';
 269     $message   = $strInsertedRows . '&nbsp;';
 270 } // end row insertion
 271
 272
 273 /**
 274  * Executes the sql query and get the result, then move back to the calling
 275  * page
 276  */
 277 PMA_mysql_select_db($db);
 278 $sql_query = $query . ';';
 279 $result    = PMA_mysql_query($query);
 280
 281 if (!$result) {
 282     $error = PMA_mysql_error();
 283     include('./header.inc.php3');
 284     PMA_mysqlDie($error, '', '', $err_url);
 285 } else {
 286     if (@mysql_affected_rows()) {
 287         $message .= @mysql_affected_rows();
 288     } else {
 289         $message = $strModifications;
 290     }
 291     if ($is_gotofile) {
 292         if ($goto == 'db_details.php3' && !empty($table)) {
 293             unset($table);
 294         }
 295         $js_to_run = 'functions.js';
 296         include('./header.inc.php3');
 297         include('./' . ereg_replace('\.\.*', '.', $goto));
 298     } else {
 299         $add_query = (strpos(' ' . $goto, 'tbl_change') ? '&disp_query=' . urlencode($sql_query) : '');
 300         header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&message=' . urlencode($message) . $add_query);
 301     }
 302     exit();
 303 } // end if
 304 ?>