tbl_replace.php3

   1 <?php
   2 /* $Id$ */
   3
   4
   5 /**
   6  * Gets some core libraries
   7  */
   8 require('./libraries/grab_globals.lib.php3');
   9 require('./libraries/common.lib.php3');
  10
  11
  12 /**
  13  * Initializes some variables
  14  */
  15 // Defines the url to return in case of success of the query
  16 if (isset($sql_query)) {
  17     $sql_query = urldecode($sql_query);
  18 }
  19 if (!isset($dontlimitchars)) {
  20     $dontlimitchars = 0;
  21 }
  22 $is_gotofile = FALSE;
  23 if (isset($after_insert) && $after_insert == 'new_insert') {
  24     $goto = 'tbl_change.php3'
  25           . '?lang=' . $lang
  26           . '&convcharset=' . $convcharset
  27           . '&server=' . $server
  28           . '&db=' . urlencode($db)
  29           . '&table=' . urlencode($table)
  30           . '&goto=' . urlencode($goto)
  31           . '&pos=' . $pos
  32           . '&session_max_rows=' . $session_max_rows
  33           . '&disp_direction=' . $disp_direction
  34           . '&repeat_cells=' . $repeat_cells
  35           . '&dontlimitchars=' . $dontlimitchars
  36           . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
  37 } else if ($goto == 'sql.php3') {
  38     $goto = 'sql.php3?'
  39           . 'lang=' . $lang
  40           . '&convcharset=' . $convcharset
  41           . '&server=' . $server
  42           . '&db=' . urlencode($db)
  43           . '&table=' . urlencode($table)
  44           . '&pos=' . $pos
  45           . '&session_max_rows=' . $session_max_rows
  46           . '&disp_direction=' . $disp_direction
  47           . '&repeat_cells=' . $repeat_cells
  48           . '&dontlimitchars=' . $dontlimitchars
  49           . '&sql_query=' . urlencode($sql_query);
  50 } else if (!empty($goto)) {
  51     // Security checkings
  52     $is_gotofile     = ereg_replace('^([^?]+).*$', '\\1', $goto);
  53     if (!@file_exists('./' . $is_gotofile)) {
  54         $goto        = (empty($table)) ? 'db_details.php3' : 'tbl_properties.php3';
  55         $is_gotofile = TRUE;
  56     } else {
  57         $is_gotofile = ($is_gotofile == $goto);
  58     }
  59 }
  60
  61 // Defines the url to return in case of failure of the query
  62 if (isset($err_url)) {
  63     $err_url = urldecode($err_url);
  64 } else {
  65     $err_url = str_replace('&', '&amp;', $goto)
  66              . (empty($primary_key) ? '' : '&amp;primary_key=' . $primary_key);
  67 }
  68
  69 // Resets tables defined in the configuration file
  70 reset($fields);
  71 if (isset($funcs)) {
  72     reset($funcs);
  73 }
  74
  75 // Misc
  76 if (get_magic_quotes_gpc()) {
  77     $submit_type = stripslashes($submit_type);
  78 }
  79
  80
  81 /**
  82  * Prepares the update of a row
  83  */
  84 if (isset($primary_key) && ($submit_type != $strInsertAsNewRow)) {
  85     // Restore the "primary key" to a convenient format
  86     $primary_key = urldecode($primary_key);
  87
  88     // Defines the SET part of the sql query
  89     $valuelist = '';
  90     while (list($key, $val) = each($fields)) {
  91         $encoded_key = $key;
  92         $key         = urldecode($key);
  93
  94         switch (strtolower($val)) {
  95             case 'null':
  96                 break;
  97             case '$enum$':
  98                 // if we have an enum, then construct the value
  99                 $f = 'field_' . md5($key);
 100                 if (!empty($$f)) {
 101                     $val     = implode(',', $$f);
 102                     if ($val == 'null') {
 103                         // void
 104                     } else {
 105                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 106                     }
 107                 } else {
 108                     $val     = "''";
 109                 }
 110                 break;
 111             case '$set$':
 112                 // if we have a set, then construct the value
 113                 $f = 'field_' . md5($key);
 114                 if (!empty($$f)) {
 115                     $val = implode(',', $$f);
 116                     $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 117                 } else {
 118                     $val = "''";
 119                 }
 120                 break;
 121             case '$foreign$':
 122                 // if we have a foreign key, then construct the value
 123                 $f = 'field_' . md5($key);
 124                 if (!empty($$f)) {
 125                     $val     = implode(',', $$f);
 126                     if ($val == 'null') {
 127                         // void
 128                     } else {
 129                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 130                     }
 131                 } else {
 132                     $val     = "''";
 133                 }
 134                 break;
 135             default:
 136                 if (get_magic_quotes_gpc()) {
 137                     $val = "'" . str_replace('\\"', '"', $val) . "'";
 138                 } else {
 139                     $val = "'" . PMA_sqlAddslashes($val) . "'";
 140                 }
 141                 break;
 142         } // end switch
 143
 144         // Was the Null checkbox checked for this field?
 145         if (isset($fields_null) && isset($fields_null[$encoded_key])) {
 146             $val = 'NULL';
 147         }
 148
 149         // No change for this column and no MySQL function is used -> next column
 150         if (empty($funcs[$encoded_key])
 151             && isset($fields_prev) && isset($fields_prev[$encoded_key])
 152             && ("'" . PMA_sqlAddslashes(urldecode($fields_prev[$encoded_key])) . "'" == $val)) {
 153             continue;
 154         }
 155         else if (!empty($val)) {
 156             if (empty($funcs[$encoded_key])) {
 157                 $valuelist .= PMA_backquote($key) . ' = ' . $val . ', ';
 158             } else if ($val == '\'\''
 159                        && (ereg('^(NOW|CURDATE|CURTIME|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$', $funcs[$encoded_key]))) {
 160                 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . '(), ';
 161             } else {
 162                 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . "($val), ";
 163             }
 164         }
 165     } // end while
 166
 167     // Builds the sql upate query
 168     $valuelist    = ereg_replace(', $', '', $valuelist);
 169     if (!empty($valuelist)) {
 170         $query    = 'UPDATE ' . PMA_backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key
 171                   . ((PMA_MYSQL_INT_VERSION >= 32300) ? ' LIMIT 1' : '');
 172         $message  = $strAffectedRows . '&nbsp;';
 173     }
 174     // No change -> move back to the calling script
 175     else {
 176         $message = $strNoModification;
 177         if ($is_gotofile) {
 178             $js_to_run = 'functions.js';
 179             include('./header.inc.php3');
 180             include('./' . ereg_replace('\.\.*', '.', $goto));
 181         } else {
 182             header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&message=' . urlencode($message));
 183         }
 184         exit();
 185     }
 186 } // end row update
 187
 188
 189 /**
 190  *  Prepares the insert of a row
 191  */
 192 else {
 193     $fieldlist = '';
 194     $valuelist = '';
 195     while (list($key, $val) = each($fields)) {
 196         $encoded_key = $key;
 197         $key         = urldecode($key);
 198         $fieldlist   .= PMA_backquote($key) . ', ';
 199
 200         switch (strtolower($val)) {
 201             case 'null':
 202                 break;
 203             case '$enum$':
 204                 // if we have a set, then construct the value
 205                 $f = 'field_' . md5($key);
 206                 if (!empty($$f)) {
 207                     $val     = implode(',', $$f);
 208                     if ($val == 'null') {
 209                         // void
 210                     } else {
 211                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 212                     }
 213                 } else {
 214                     $val     = "''";
 215                 }
 216                 break;
 217             case '$set$':
 218                 // if we have a set, then construct the value
 219                 $f = 'field_' . md5($key);
 220                 if (!empty($$f)) {
 221                     $val = implode(',', $$f);
 222                     $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 223                 } else {
 224                     $val = "''";
 225                 }
 226                 break;
 227             case '$foreign$':
 228                 // if we have a foreign key, then construct the value
 229                 $f = 'field_' . md5($key);
 230                 if (!empty($$f)) {
 231                     $val     = implode(',', $$f);
 232                     if ($val == 'null') {
 233                         // void
 234                     } else {
 235                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
 236                     }
 237                 } else {
 238                     $val     = "''";
 239                 }
 240                 break;
 241             default:
 242                 if (get_magic_quotes_gpc()) {
 243                     $val = "'" . str_replace('\\"', '"', $val) . "'";
 244                 } else {
 245                     $val = "'" . PMA_sqlAddslashes($val) . "'";
 246                 }
 247                 break;
 248         } // end switch
 249
 250         // Was the Null checkbox checked for this field?
 251         if (isset($fields_null) && isset($fields_null[$encoded_key])) {
 252             $val = 'NULL';
 253         }
 254
 255         if (empty($funcs[$encoded_key])) {
 256             $valuelist .= $val . ', ';
 257         } else if (($val == '\'\''
 258                    && ereg('^(UNIX_TIMESTAMP|RAND|LAST_INSERT_ID)$', $funcs[$encoded_key]))
 259                    || ereg('^(NOW|CURDATE|CURTIME|USER)$', $funcs[$encoded_key])) {
 260             $valuelist .= $funcs[$encoded_key] . '(), ';
 261         } else {
 262             $valuelist .= $funcs[$encoded_key] . '(' . $val . '), ';
 263         }
 264     } // end while
 265
 266     // Builds the sql insert query
 267     $fieldlist = ereg_replace(', $', '', $fieldlist);
 268     $valuelist = ereg_replace(', $', '', $valuelist);
 269     $query     = 'INSERT INTO ' . PMA_backquote($table) . ' (' . $fieldlist . ') VALUES (' . $valuelist . ')';
 270     $message   = $strInsertedRows . '&nbsp;';
 271 } // end row insertion
 272
 273
 274 /**
 275  * Executes the sql query and get the result, then move back to the calling
 276  * page
 277  */
 278 PMA_mysql_select_db($db);
 279 $sql_query = $query . ';';
 280 $result    = PMA_mysql_query($query);
 281
 282 if (!$result) {
 283     $error = PMA_mysql_error();
 284     include('./header.inc.php3');
 285     PMA_mysqlDie($error, '', '', $err_url);
 286 } else {
 287     if (@mysql_affected_rows()) {
 288         $message .= @mysql_affected_rows();
 289     } else {
 290         $message = $strModifications;
 291     }
 292     if ($is_gotofile) {
 293         if ($goto == 'db_details.php3' && !empty($table)) {
 294             unset($table);
 295         }
 296         $js_to_run = 'functions.js';
 297         include('./header.inc.php3');
 298         include('./' . ereg_replace('\.\.*', '.', $goto));
 299     } else {
 300         $add_query = (strpos(' ' . $goto, 'tbl_change') ? '&disp_query=' . urlencode($sql_query) : '');
 301         header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&message=' . urlencode($message) . $add_query);
 302     }
 303     exit();
 304 } // end if
 305 ?>