search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
2.5.3-rc2
[phpmyadmin/crack.git] / tbl_replace.php3
blob26280a5f6ce44b0f3a3d8e5d068e0bef7f4a7d5f
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5
6 /**
7 * Gets some core libraries
8 */
9 require('./libraries/grab_globals.lib.php3');
10 require('./libraries/common.lib.php3');
11
12 // Check parameters
13 PMA_checkParameters(array('db','table','goto'));
14
15 /**
16 * Initializes some variables
17 */
18 // Defines the url to return in case of success of the query
19 if (isset($sql_query)) {
20 $sql_query = urldecode($sql_query);
21 }
22 if (!isset($dontlimitchars)) {
23 $dontlimitchars = 0;
24 }
25 $is_gotofile = FALSE;
26 if (isset($after_insert) && $after_insert == 'new_insert') {
27 $goto = 'tbl_change.php3?'
28 . PMA_generate_common_url($db, $table, '&')
29 . '&goto=' . urlencode($goto)
30 . '&pos=' . $pos
31 . '&session_max_rows=' . $session_max_rows
32 . '&disp_direction=' . $disp_direction
33 . '&repeat_cells=' . $repeat_cells
34 . '&dontlimitchars=' . $dontlimitchars
35 . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
36 } else if ($goto == 'sql.php3') {
37 $goto = 'sql.php3?'
38 . PMA_generate_common_url($db, $table, '&')
39 . '&pos=' . $pos
40 . '&session_max_rows=' . $session_max_rows
41 . '&disp_direction=' . $disp_direction
42 . '&repeat_cells=' . $repeat_cells
43 . '&dontlimitchars=' . $dontlimitchars
44 . '&sql_query=' . urlencode($sql_query);
45 } else if (!empty($goto)) {
46 // Security checkings
47 $is_gotofile = ereg_replace('^([^?]+).*$', '\\1', $goto);
48 if (!@file_exists('./' . $is_gotofile)) {
49 $goto = (empty($table)) ? 'db_details.php3' : 'tbl_properties.php3';
50 $is_gotofile = TRUE;
51 } else {
52 $is_gotofile = ($is_gotofile == $goto);
53 }
54 }
55
56 // Defines the url to return in case of failure of the query
57 if (isset($err_url)) {
58 $err_url = urldecode($err_url);
59 } else {
60 $err_url = str_replace('&', '&amp;', $goto)
61 . (empty($primary_key) ? '' : '&amp;primary_key=' . $primary_key);
62 }
63
64 // Resets tables defined in the configuration file
65 reset($fields);
66 if (isset($funcs)) {
67 reset($funcs);
68 }
69
70 // Misc
71 $seen_binary = FALSE;
72
73 /**
74 * Prepares the update of a row
75 */
76 if (isset($primary_key) && ($submit_type != $strInsertAsNewRow)) {
77 // Restore the "primary key" to a convenient format
78 $primary_key = urldecode($primary_key);
79
80 // Defines the SET part of the sql query
81 $valuelist = '';
82
83 while (list($key, $val) = each($fields)) {
84 $encoded_key = $key;
85 $key = urldecode($key);
86
87 include('./tbl_replace_fields.php3');
88
89 // No change for this column and no MySQL function is used -> next column
90 if (empty($funcs[$encoded_key])
91 && isset($fields_prev) && isset($fields_prev[$encoded_key])
92 && ("'" . PMA_sqlAddslashes(urldecode($fields_prev[$encoded_key])) . "'" == $val)) {
93 continue;
94 }
95 else if (!empty($val)) {
96 if (empty($funcs[$encoded_key])) {
97 $valuelist .= PMA_backquote($key) . ' = ' . $val . ', ';
98 } else if ($val == '\'\''
99 && (ereg('^(NOW|CURDATE|CURTIME|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$', $funcs[$encoded_key]))) {
100 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . '(), ';
101 } else {
102 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . "($val), ";
103 }
104 }
105 } // end while
106
107 // Builds the sql update query
108 $valuelist = ereg_replace(', $', '', $valuelist);
109 if (!empty($valuelist)) {
110 PMA_mysql_select_db($db);
111 $query = 'UPDATE ' . PMA_backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key
112 . ((PMA_MYSQL_INT_VERSION >= 32300) ? ' LIMIT 1' : '');
113 $message = $strAffectedRows . '&nbsp;';
114 }
115 // No change -> move back to the calling script
116 else {
117 $message = $strNoModification;
118 if ($is_gotofile) {
119 $js_to_run = 'functions.js';
120 include('./header.inc.php3');
121 include('./' . ereg_replace('\.\.*', '.', $goto));
122 } else {
123 header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . '&disp_query=');
124 }
125 exit();
126 }
127 } // end row update
128
129
130 /**
131 * Prepares the insert of a row
132 */
133 else {
134 PMA_mysql_select_db($db);
135
136 $fieldlist = '';
137 $valuelist = '';
138
139 // garvin: Get, if sent, any protected fields to insert them here:
140 if (isset($fields_type) && is_array($fields_type) && isset($primary_key)) {
141 $prot_local_query = 'SELECT * FROM ' . PMA_backquote($table) . ' WHERE ' . urldecode($primary_key);
142 $prot_result = PMA_mysql_query($prot_local_query) or PMA_mysqlDie('', $prot_local_query, '', $err_url);
143 $prot_row = PMA_mysql_fetch_array($prot_result);
144 }
145
146 while (list($key, $val) = each($fields)) {
147 $encoded_key = $key;
148 $key = urldecode($key);
149 $fieldlist .= PMA_backquote($key) . ', ';
150
151 include('./tbl_replace_fields.php3');
152
153 if (empty($funcs[$encoded_key])) {
154 $valuelist .= $val . ', ';
155 } else if (($val == '\'\''
156 && ereg('^(UNIX_TIMESTAMP|RAND|LAST_INSERT_ID)$', $funcs[$encoded_key]))
157 || ereg('^(NOW|CURDATE|CURTIME|USER)$', $funcs[$encoded_key])) {
158 $valuelist .= $funcs[$encoded_key] . '(), ';
159 } else {
160 $valuelist .= $funcs[$encoded_key] . '(' . $val . '), ';
161 }
162 } // end while
163
164 // Builds the sql insert query
165 $fieldlist = ereg_replace(', $', '', $fieldlist);
166 $valuelist = ereg_replace(', $', '', $valuelist);
167 $query = 'INSERT INTO ' . PMA_backquote($table) . ' (' . $fieldlist . ') VALUES (' . $valuelist . ')';
168 $message = $strInsertedRows . '&nbsp;';
169 } // end row insertion
170
171
172 /**
173 * Executes the sql query and get the result, then move back to the calling
174 * page
175 */
176 $sql_query = $query . ';';
177 $result = PMA_mysql_query($query);
178 if (!$result) {
179 $error = PMA_mysql_error();
180 include('./header.inc.php3');
181 PMA_mysqlDie($error, '', '', $err_url);
182 } else {
183 if (@mysql_affected_rows()) {
184 $message .= @mysql_affected_rows();
185 } else {
186 $message = $strModifications;
187 }
188 $insert_id = mysql_insert_id();
189 if ($insert_id != 0) {
190 $message .= '<br />'.$strInsertedRowId . '&nbsp;' . $insert_id;
191 }
192 if ($is_gotofile) {
193 if ($goto == 'db_details.php3' && !empty($table)) {
194 unset($table);
195 }
196 $js_to_run = 'functions.js';
197 $active_page = $goto;
198 include('./header.inc.php3');
199 include('./' . ereg_replace('\.\.*', '.', $goto));
200 } else {
201 // I don't understand this one:
202 //$add_query = (strpos(' ' . $goto, 'tbl_change') ? '&disp_query=' . urlencode($sql_query) : '');
203
204 // if we have seen binary,
205 // we do not append the query to the Location so it won't be displayed
206 // on the resulting page
207 $add_query = (!$seen_binary ? '&disp_query=' . urlencode($sql_query) : '');
208 header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . $add_query);
209 }
210 exit();
211 } // end if
212 ?>
Drizzle / GSOC 2011