PageRenderTime 53ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 1ms

/db/tbl_replace.php

https://gitlab.com/a.loskutnikov/sitimobile
PHP | 270 lines | 211 code | 23 blank | 36 comment | 79 complexity | 2d765f73d801285fcf48b26e1832c5cb MD5 | raw file
    

  1. <?php
    2. 

  2. /* $Id: tbl_replace.php,v 1.51.2.2 2002/06/08 18:23:54 rabus Exp $ */
    3. 

  3. 

  4. 

  5. /**
    6. 

  6.  * Gets some core libraries
    7. 

  7.  */
    8. 

  8. require('./libraries/grab_globals.lib.php');
    9. 

  9. require('./libraries/common.lib.php');
    10. 

  10. 

  11. 

  12. /**
    13. 

  13.  * Initializes some variables
    14. 

  14.  */
    15. 

  15. // Defines the url to return in case of success of the query
    16. 

  16. if (isset($sql_query)) {
    17. 

  17.     $sql_query = urldecode($sql_query);
    18. 

  18. }
    19. 

  19. $is_gotofile = FALSE;
    20. 

  20. if (isset($after_insert) && $after_insert == 'new_insert') {
    21. 

  21.     $goto = 'tbl_change.php'
    22. 

  22.           . '?lang=' . $lang
    23. 

  23.           . '&server=' . $server
    24. 

  24.           . '&db=' . urlencode($db)
    25. 

  25.           . '&table=' . urlencode($table)
    26. 

  26.           . '&goto=' . urlencode($goto)
    27. 

  27.           . '&pos=' . $pos
    28. 

  28.           . '&session_max_rows=' . $session_max_rows
    29. 

  29.           . '&disp_direction=' . $disp_direction
    30. 

  30.           . '&repeat_cells=' . $repeat_cells
    31. 

  31.           . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
    32. 

  32. } else if ($goto == 'sql.php') {
    33. 

  33.     $goto = 'sql.php?'
    34. 

  34.           . 'lang=' . $lang
    35. 

  35.           . '&server=' . $server
    36. 

  36.           . '&db=' . urlencode($db)
    37. 

  37.           . '&table=' . urlencode($table)
    38. 

  38.           . '&pos=' . $pos
    39. 

  39.           . '&session_max_rows=' . $session_max_rows
    40. 

  40.           . '&disp_direction=' . $disp_direction
    41. 

  41.           . '&repeat_cells=' . $repeat_cells
    42. 

  42.           . '&sql_query=' . urlencode($sql_query);
    43. 

  43. } else if (!empty($goto)) {
    44. 

  44.     // Security checkings
    45. 

  45.     $is_gotofile     = ereg_replace('^([^?]+).*$', '\\1', $goto);
    46. 

  46.     if (!@file_exists('./' . $is_gotofile)) {
    47. 

  47.         $goto        = (empty($table)) ? 'db_details.php' : 'tbl_properties.php';
    48. 

  48.         $is_gotofile = TRUE;
    49. 

  49.     } else {
    50. 

  50.         $is_gotofile = ($is_gotofile == $goto);
    51. 

  51.     }
    52. 

  52. }
    53. 

  53. 

  54. // Defines the url to return in case of failure of the query
    55. 

  55. if (isset($err_url)) {
    56. 

  56.     $err_url = urldecode($err_url);
    57. 

  57. } else {
    58. 

  58.     $err_url = str_replace('&', '&amp;', $goto)
    59. 

  59.              . (empty($primary_key) ? '' : '&amp;primary_key=' . $primary_key);
    60. 

  60. }
    61. 

  61. 

  62. // Resets tables defined in the configuration file
    63. 

  63. reset($fields);
    64. 

  64. if (isset($funcs)) {
    65. 

  65.     reset($funcs);
    66. 

  66. }
    67. 

  67. 

  68. // Misc
    69. 

  69. if (get_magic_quotes_gpc()) {
    70. 

  70.     $submit_type = stripslashes($submit_type);
    71. 

  71. }
    72. 

  72. 

  73. 

  74. /**
    75. 

  75.  * Prepares the update of a row
    76. 

  76.  */
    77. 

  77. if (isset($primary_key) && ($submit_type != $strInsertAsNewRow)) {
    78. 

  78.     // Restore the "primary key" to a convenient format
    79. 

  79.     $primary_key = urldecode($primary_key);
    80. 

  80. 

  81.     // Defines the SET part of the sql query
    82. 

  82.     $valuelist = '';
    83. 

  83.     while (list($key, $val) = each($fields)) {
    84. 

  84.         $encoded_key = $key;
    85. 

  85.         $key         = urldecode($key);
    86. 

  86. 

  87.         switch (strtolower($val)) {
    88. 

  88.             case 'null':
    89. 

  89.                 break;
    90. 

  90.             case '$enum$':
    91. 

  91.                 // if we have an enum, then construct the value
    92. 

  92.                 $f = 'field_' . md5($key);
    93. 

  93.                 if (!empty($$f)) {
    94. 

  94.                     $val     = implode(',', $$f);
    95. 

  95.                     if ($val == 'null') {
    96. 

  96.                         // void
    97. 

  97.                     } else {
    98. 

  98.                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
    99. 

  99.                     }
    100. 

  100.                 } else {
    101. 

  101.                     $val     = "''";
    102. 

  102.                 }
    103. 

  103.                 break;
    104. 

  104.             case '$set$':
    105. 

  105.                 // if we have a set, then construct the value
    106. 

  106.                 $f = 'field_' . md5($key);
    107. 

  107.                 if (!empty($$f)) {
    108. 

  108.                     $val = implode(',', $$f);
    109. 

  109.                     $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
    110. 

  110.                 } else {
    111. 

  111.                     $val = "''";
    112. 

  112.                 }
    113. 

  113.                 break;
    114. 

  114.             default:
    115. 

  115.                 if (get_magic_quotes_gpc()) {
    116. 

  116.                     $val = "'" . str_replace('\\"', '"', $val) . "'";
    117. 

  117.                 } else {
    118. 

  118.                     $val = "'" . PMA_sqlAddslashes($val) . "'";
    119. 

  119.                 }
    120. 

  120.                 break;
    121. 

  121.         } // end switch
    122. 

  122. 

  123.         // Was the Null checkbox checked for this field?
    124. 

  124.         if (isset($fields_null) && isset($fields_null[$encoded_key])) {
    125. 

  125.             $val = 'NULL';
    126. 

  126.         }
    127. 

  127. 

  128.         // No change for this column and no MySQL function is used -> next column
    129. 

  129.         if (empty($funcs[$encoded_key])
    130. 

  130.             && isset($fields_prev) && isset($fields_prev[$encoded_key])
    131. 

  131.             && ("'" . PMA_sqlAddslashes(urldecode($fields_prev[$encoded_key])) . "'" == $val)) {
    132. 

  132.             continue;
    133. 

  133.         }
    134. 

  134.         else if (!empty($val)) {
    135. 

  135.             if (empty($funcs[$encoded_key])) {
    136. 

  136.                 $valuelist .= PMA_backquote($key) . ' = ' . $val . ', ';
    137. 

  137.             } else if ($val == '\'\''
    138. 

  138.                        && (ereg('^(NOW|CURDATE|CURTIME|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$', $funcs[$encoded_key]))) {
    139. 

  139.                 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . '(), ';
    140. 

  140.             } else {
    141. 

  141.                 $valuelist .= PMA_backquote($key) . ' = ' . $funcs[$encoded_key] . "($val), ";
    142. 

  142.             }
    143. 

  143.         }
    144. 

  144.     } // end while
    145. 

  145. 

  146.     // Builds the sql upate query
    147. 

  147.     $valuelist    = ereg_replace(', $', '', $valuelist);
    148. 

  148.     if (!empty($valuelist)) {
    149. 

  149.         $query    = 'UPDATE ' . PMA_backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key
    150. 

  150.                   . ((PMA_MYSQL_INT_VERSION >= 32300) ? ' LIMIT 1' : '');
    151. 

  151.         $message  = $strAffectedRows . '&nbsp;';
    152. 

  152.     }
    153. 

  153.     // No change -> move back to the calling script
    154. 

  154.     else {
    155. 

  155.         $message = $strNoModification;
    156. 

  156.         if ($is_gotofile) {
    157. 

  157.             $js_to_run = 'functions.js';
    158. 

  158.             include('./header.inc.php');
    159. 

  159.             include('./' . ereg_replace('\.\.*', '.', $goto));
    160. 

  160.         } else {
    161. 

  161.             header('Location: ' . $cfgPmaAbsoluteUri . $goto . '&message=' . urlencode($message));
    162. 

  162.         }
    163. 

  163.         exit();
    164. 

  164.     }
    165. 

  165. } // end row update
    166. 

  166. 

  167. 

  168. /**
    169. 

  169.  *  Prepares the insert of a row
    170. 

  170.  */
    171. 

  171. else {
    172. 

  172.     $fieldlist = '';
    173. 

  173.     $valuelist = '';
    174. 

  174.     while (list($key, $val) = each($fields)) {
    175. 

  175.         $encoded_key = $key;
    176. 

  176.         $key         = urldecode($key);
    177. 

  177.         $fieldlist   .= PMA_backquote($key) . ', ';
    178. 

  178. 

  179.         switch (strtolower($val)) {
    180. 

  180.             case 'null':
    181. 

  181.                 break;
    182. 

  182.             case '$enum$':
    183. 

  183.                 // if we have a set, then construct the value
    184. 

  184.                 $f = 'field_' . md5($key);
    185. 

  185.                 if (!empty($$f)) {
    186. 

  186.                     $val     = implode(',', $$f);
    187. 

  187.                     if ($val == 'null') {
    188. 

  188.                         // void
    189. 

  189.                     } else {
    190. 

  190.                         $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
    191. 

  191.                     }
    192. 

  192.                 } else {
    193. 

  193.                     $val     = "''";
    194. 

  194.                 }
    195. 

  195.                 break;
    196. 

  196.             case '$set$':
    197. 

  197.                 // if we have a set, then construct the value
    198. 

  198.                 $f = 'field_' . md5($key);
    199. 

  199.                 if (!empty($$f)) {
    200. 

  200.                     $val = implode(',', $$f);
    201. 

  201.                     $val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
    202. 

  202.                 } else {
    203. 

  203.                     $val = "''";
    204. 

  204.                 }
    205. 

  205.                 break;
    206. 

  206.             default:
    207. 

  207.                 if (get_magic_quotes_gpc()) {
    208. 

  208.                     $val = "'" . str_replace('\\"', '"', $val) . "'";
    209. 

  209.                 } else {
    210. 

  210.                     $val = "'" . PMA_sqlAddslashes($val) . "'";
    211. 

  211.                 }
    212. 

  212.                 break;
    213. 

  213.         } // end switch
    214. 

  214. 

  215.         // Was the Null checkbox checked for this field?
    216. 

  216.         if (isset($fields_null) && isset($fields_null[$encoded_key])) {
    217. 

  217.             $val = 'NULL';
    218. 

  218.         }
    219. 

  219. 

  220.         if (empty($funcs[$encoded_key])) {
    221. 

  221.             $valuelist .= $val . ', ';
    222. 

  222.         } else if (($val == '\'\''
    223. 

  223.                    && ereg('^(UNIX_TIMESTAMP|RAND|LAST_INSERT_ID)$', $funcs[$encoded_key]))
    224. 

  224.                    || ereg('^(NOW|CURDATE|CURTIME|USER)$', $funcs[$encoded_key])) {
    225. 

  225.             $valuelist .= $funcs[$encoded_key] . '(), ';
    226. 

  226.         } else {
    227. 

  227.             $valuelist .= $funcs[$encoded_key] . '(' . $val . '), ';
    228. 

  228.         }
    229. 

  229.     } // end while
    230. 

  230. 

  231.     // Builds the sql insert query
    232. 

  232.     $fieldlist = ereg_replace(', $', '', $fieldlist);
    233. 

  233.     $valuelist = ereg_replace(', $', '', $valuelist);
    234. 

  234.     $query     = 'INSERT INTO ' . PMA_backquote($table) . ' (' . $fieldlist . ') VALUES (' . $valuelist . ')';
    235. 

  235.     $message   = $strInsertedRows . '&nbsp;';
    236. 

  236. } // end row insertion
    237. 

  237. 

  238. 

  239. /**
    240. 

  240.  * Executes the sql query and get the result, then move back to the calling
    241. 

  241.  * page
    242. 

  242.  */
    243. 

  243. mysql_select_db($db);
    244. 

  244. $sql_query = $query . ';';
    245. 

  245. $result    = mysql_query($query);
    246. 

  246. 

  247. if (!$result) {
    248. 

  248.     $error = mysql_error();
    249. 

  249.     include('./header.inc.php');
    250. 

  250.     PMA_mysqlDie($error, '', '', $err_url);
    251. 

  251. } else {
    252. 

  252.     if (@mysql_affected_rows()) {
    253. 

  253.         $message .= @mysql_affected_rows();
    254. 

  254.     } else {
    255. 

  255.         $message = $strModifications;
    256. 

  256.     }
    257. 

  257.     if ($is_gotofile) {
    258. 

  258.         if ($goto == 'db_details.php' && !empty($table)) {
    259. 

  259.             unset($table);
    260. 

  260.         }
    261. 

  261.         $js_to_run = 'functions.js';
    262. 

  262.         include('./header.inc.php');
    263. 

  263.         include('./' . ereg_replace('\.\.*', '.', $goto));
    264. 

  264.     } else {
    265. 

  265.         $add_query = (strpos(' ' . $goto, 'tbl_change') ? '&disp_query=' . urlencode($sql_query) : '');
    266. 

  266.         header('Location: ' . $cfgPmaAbsoluteUri . $goto . '&message=' . urlencode($message) . $add_query);
    267. 

  267.     }
    268. 

  268.     exit();
    269. 

  269. } // end if
    270. 

  270. ?>
    271. 

  271.