Ejemplo n.º 1
0
function sql_internal($dblink, $sql)
{
    global $opt, $db, $sqldebugger;
    $args = func_get_args();
    unset($args[0]);
    unset($args[1]);
    /* as an option, you can give as second parameter an array
     * with all values for the placeholder. The array has to be
     * with numeric indizes.
     */
    if (isset($args[2]) && is_array($args[2])) {
        $tmp_args = $args[2];
        unset($args);
        // correct indizes
        $args = array_merge(array(0), $tmp_args);
        unset($tmp_args);
        unset($args[0]);
    }
    $sqlpos = 0;
    $filtered_sql = '';
    // replace every &x in $sql with the placeholder or parameter
    $nextarg = strpos($sql, '&');
    while ($nextarg !== false) {
        // & escaped?
        $escapesCount = 0;
        while ($nextarg - $escapesCount - 1 > 0 && substr($sql, $nextarg - $escapesCount - 1, 1) == '\\') {
            $escapesCount++;
        }
        if ($escapesCount % 2 == 1) {
            $nextarg++;
        } else {
            $nextchar = substr($sql, $nextarg + 1, 1);
            if (is_numeric($nextchar)) {
                $arglength = 0;
                $arg = '';
                // find next non-digit
                while (preg_match('/^[0-9]{1}/', $nextchar) == 1) {
                    $arg .= $nextchar;
                    $arglength++;
                    $nextchar = substr($sql, $nextarg + $arglength + 1, 1);
                }
                // ok ... replace
                $filtered_sql .= substr($sql, $sqlpos, $nextarg - $sqlpos);
                $sqlpos = $nextarg + $arglength;
                if (isset($args[$arg])) {
                    if (is_numeric($args[$arg])) {
                        $filtered_sql .= $args[$arg];
                    } else {
                        if (substr($sql, $sqlpos - $arglength - 1, 1) == '\'' && substr($sql, $sqlpos + 1, 1) == '\'') {
                            $filtered_sql .= sql_escape($args[$arg]);
                        } elseif (substr($sql, $sqlpos - $arglength - 1, 1) == '`' && substr($sql, $sqlpos + 1, 1) == '`') {
                            $filtered_sql .= sql_escape_backtick($args[$arg]);
                        } else {
                            sql_error($sql);
                        }
                    }
                } else {
                    // NULL
                    if (substr($sql, $sqlpos - $arglength - 1, 1) == '\'' && substr($sql, $sqlpos + 1, 1) == '\'') {
                        // strip apostroph and insert NULL
                        $filtered_sql = substr($filtered_sql, 0, strlen($filtered_sql) - 1);
                        $filtered_sql .= 'NULL';
                        $sqlpos++;
                    } else {
                        $filtered_sql .= 'NULL';
                    }
                }
                $sqlpos++;
            } else {
                $arglength = 0;
                $arg = '';
                // find next non-alphanumeric char
                // (added '_' - it is used in temptable names - following 2013/07/18)
                while (preg_match('/^[a-zA-Z0-9_]{1}/', $nextchar) == 1) {
                    $arg .= $nextchar;
                    $arglength++;
                    $nextchar = substr($sql, $nextarg + $arglength + 1, 1);
                }
                // ok ... replace
                $filtered_sql .= substr($sql, $sqlpos, $nextarg - $sqlpos);
                if (isset($opt['db']['placeholder'][$arg])) {
                    if (substr($sql, $nextarg - 1, 1) != '`') {
                        $filtered_sql .= '`';
                    }
                    $filtered_sql .= sql_escape_backtick($opt['db']['placeholder'][$arg]);
                    if (substr($sql, $nextarg + $arglength + 1, 1) != '`') {
                        $filtered_sql .= '`';
                    }
                } elseif (isset($db['temptables'][$arg])) {
                    if (substr($sql, $nextarg - 1, 1) != '`') {
                        $filtered_sql .= '`';
                    }
                    $filtered_sql .= sql_escape_backtick($opt['db']['placeholder']['tmpdb']) . '`.`' . sql_escape_backtick($db['temptables'][$arg]);
                    if (substr($sql, $nextarg + $arglength + 1, 1) != '`') {
                        $filtered_sql .= '`';
                    }
                } else {
                    sql_error($sql);
                }
                $sqlpos = $nextarg + $arglength + 1;
            }
        }
        $nextarg = strpos($sql, '&', $nextarg + 1);
    }
    // append the rest
    $filtered_sql .= substr($sql, $sqlpos);
    // strip escapes of &
    $nextarg = strpos($filtered_sql, '\\&');
    while ($nextarg !== false) {
        $escapesCount = 0;
        while ($nextarg - $escapesCount - 1 > 0 && substr($filtered_sql, $nextarg - $escapesCount - 1, 1) == '\\') {
            $escapesCount++;
        }
        if ($escapesCount % 2 == 0) {
            // strip escapes of &
            $filtered_sql = substr($filtered_sql, 0, $nextarg) . '&' . substr($filtered_sql, $nextarg + 2);
            $nextarg--;
        }
        $nextarg = strpos($filtered_sql, '\\&', $nextarg + 2);
    }
    //
    // ok ... filtered_sql is ready for usage
    //
    /* todo:
           - errorlogging
           - LIMIT
           - block DROP/DELETE
       */
    if (isset($db['debug']) && $db['debug'] == true) {
        require_once $opt['rootpath'] . 'lib2/sqldebugger.class.php';
        $result = $sqldebugger->execute($filtered_sql, $dblink, $dblink === $db['dblink_slave'], $db['slave_server']);
        if ($result === false) {
            sql_error($filtered_sql);
        }
    } else {
        // measure time
        if ($opt['db']['warn']['time'] > 0) {
            $cSqlExecution = new CBench();
            $cSqlExecution->start();
        }
        $result = @mysql_query($filtered_sql, $dblink);
        if ($result === false) {
            sql_error($filtered_sql);
        }
        if ($opt['db']['warn']['time'] > 0) {
            $cSqlExecution->stop();
            if ($cSqlExecution->diff() > $opt['db']['warn']['time']) {
                $ua = isset($_SERVER['HTTP_USER_AGENT']) ? "\r\n" . $_SERVER['HTTP_USER_AGENT'] : "";
                sql_warn("execution took " . $cSqlExecution->diff() . " seconds" . $ua);
            }
        }
    }
    return $result;
}
Ejemplo n.º 2
0
 public function execute($sql, $dblink, $bQuerySlave, $sServer)
 {
     global $db;
     if (count($this->commands) >= 1000) {
         $this->cancel = true;
         return mysql_query($sql, $dblink);
     }
     $command = array();
     $command['sql'] = $sql;
     $command['explain'] = array();
     $command['result'] = array();
     $command['warnings'] = array();
     $command['runtime'] = 0;
     $command['affected'] = 0;
     $command['count'] = -1;
     $command['mode'] = $db['mode'];
     $command['slave'] = $bQuerySlave;
     $command['server'] = $sServer;
     $command['dblink'] = '' . $dblink;
     $bUseExplain = false;
     $sql = trim($sql);
     $sqlexplain = $sql;
     if (strtoupper(substr($sqlexplain, 0, 7)) == 'DELETE ') {
         $sqlexplain = $this->strip_from($sqlexplain);
     } elseif (strtoupper(substr($sqlexplain, 0, 12)) == 'INSERT INTO ' || strtoupper(substr($sqlexplain, 0, 19)) == 'INSERT IGNORE INTO ') {
         $sqlexplain = $this->strip_temptable($sqlexplain);
     } elseif (strtoupper(substr($sqlexplain, 0, 23)) == 'CREATE TEMPORARY TABLE ') {
         $sqlexplain = $this->strip_temptable($sqlexplain);
     }
     if (strtoupper(substr($sqlexplain, 0, 7)) == 'SELECT ') {
         // we can use EXPLAIN
         $c = 0;
         $rs = mysql_query($sqlexplain, $dblink);
         $command['count'] = sql_num_rows($rs);
         while ($r = sql_fetch_assoc($rs)) {
             if ($c == 25) {
                 break;
             }
             $command['result'][] = $r;
             $c++;
         }
         sql_free_result($rs);
         $rs = mysql_query('EXPLAIN EXTENDED ' . $sqlexplain, $dblink);
         while ($r = sql_fetch_assoc($rs)) {
             $command['explain'][] = $r;
         }
         sql_free_result($rs);
     }
     // dont use query cache!
     $sql = $this->insert_nocache($sql);
     $bSqlExecution = new CBench();
     $bSqlExecution->start();
     $rsResult = mysql_query($sql, $dblink);
     $bSqlExecution->stop();
     $bError = $rsResult == false;
     $command['affected'] = mysql_affected_rows($dblink);
     $rs = mysql_query('SHOW WARNINGS', $dblink);
     while ($r = sql_fetch_assoc($rs)) {
         $command['warnings'][] = $r['Message'];
     }
     $command['runtime'] = $bSqlExecution->Diff();
     $this->commands[] = $command;
     return $rsResult;
 }
Ejemplo n.º 3
0
function tpl_BuildTemplate($dbdisconnect = true)
{
    global $sql_debug, $sqldbg_cmdNo;
    if (isset($sql_debug) && $sql_debug) {
        if (!isset($sqldbg_cmdNo) || $sqldbg_cmdNo == 0) {
            echo 'No SQL commands on this page.';
        }
        die;
    }
    //template handling vars
    global $style, $stylepath, $tplname, $vars, $langpath, $locale, $opt, $oc_nodeid, $translate, $usr;
    //language specific expression
    global $error_pagenotexist;
    //only for debbuging
    global $b, $bScriptExecution;
    // country dropdown
    global $tpl_usercountries;
    tpl_set_var('screen_css_time', filemtime($opt['rootpath'] . "resource2/" . $style . "/css/style_screen.css"));
    tpl_set_var('screen_msie_css_time', filemtime($opt['rootpath'] . "resource2/" . $style . "/css/style_screen_msie.css"));
    tpl_set_var('print_css_time', filemtime($opt['rootpath'] . "resource2/" . $style . "/css/style_print.css"));
    if (isset($bScriptExecution)) {
        $bScriptExecution->Stop();
        tpl_set_var('scripttime', sprintf('%1.3f', $bScriptExecution->Diff()));
    } else {
        tpl_set_var('scripttime', sprintf('%1.3f', 0));
    }
    tpl_set_var('sponsorbottom', $opt['page']['sponsor']['bottom']);
    if (isset($opt['locale'][$locale]['page']['subtitle1'])) {
        $opt['page']['subtitle1'] = $opt['locale'][$locale]['page']['subtitle1'];
    }
    if (isset($opt['locale'][$locale]['page']['subtitle2'])) {
        $opt['page']['subtitle2'] = $opt['locale'][$locale]['page']['subtitle2'];
    }
    tpl_set_var('opt_page_subtitle1', $opt['page']['subtitle1']);
    tpl_set_var('opt_page_subtitle2', $opt['page']['subtitle2']);
    tpl_set_var('opt_page_title', $opt['page']['title']);
    if ($opt['logic']['license']['disclaimer']) {
        if (isset($opt['locale'][$locale]['page']['license_url'])) {
            $lurl = $opt['locale'][$locale]['page']['license_url'];
        } else {
            $lurl = $opt['locale']['EN']['page']['license_url'];
        }
        if (isset($opt['locale'][$locale]['page']['license'])) {
            $ltext = $opt['locale'][$locale]['page']['license'];
        } else {
            $ltext = $opt['locale']['EN']['page']['license'];
        }
        $ltext = mb_ereg_replace('%1', $lurl, $ltext);
        $ltext = mb_ereg_replace('{site}', $opt['page']['sitename'], $ltext);
        $ld = '<p class="sidebar-maintitle">' . $translate->t('Datalicense', '', '', 0) . '</p>' . '<div style="margin:20px 0 16px 0; width:100%; text-align:center;">' . $ltext . '</div>';
        tpl_set_var('license_disclaimer', $ld);
    } else {
        tpl_set_var('license_disclaimer', '');
    }
    $bTemplateBuild = new CBench();
    $bTemplateBuild->Start();
    //set {functionsbox}
    global $page_functions, $functionsbox_start_tag, $functionsbox_middle_tag, $functionsbox_end_tag;
    if (isset($page_functions)) {
        $functionsbox = $functionsbox_start_tag;
        foreach ($page_functions as $func) {
            if ($functionsbox != $functionsbox_start_tag) {
                $functionsbox .= $functionsbox_middle_tag;
            }
            $functionsbox .= $func;
        }
        $functionsbox .= $functionsbox_end_tag;
        tpl_set_var('functionsbox', $functionsbox);
    }
    /* prepare user country selection
     */
    $tpl_usercountries = [];
    $rsUserCountries = sql("SELECT `countries_options`.`country`,\n                        IF(`countries_options`.`nodeId`='&1', 1, IF(`countries_options`.`nodeId`!=0, 2, 3)) AS `group`,\n                        IFNULL(`sys_trans_text`.`text`, `countries`.`name`) AS `name`\n                   FROM `countries_options`\n             INNER JOIN `countries` ON `countries_options`.`country`=`countries`.`short`\n              LEFT JOIN `sys_trans` ON `countries`.`trans_id`=`sys_trans`.`id`\n              LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&2'\n                  WHERE `countries_options`.`display`=1\n               ORDER BY `group` ASC,\n                        IFNULL(`sys_trans_text`.`text`, `countries`.`name`) ASC", $oc_nodeid, $locale);
    while ($rUserCountries = sql_fetch_assoc($rsUserCountries)) {
        $tpl_usercountries[] = $rUserCountries;
    }
    sql_free_result($rsUserCountries);
    //include language specific expressions, so that they are available in the template code
    include $langpath . '/expressions.inc.php';
    //load main template
    tpl_set_var('backgroundimage', '<div id="bg1">&nbsp;</div><div id="bg2">&nbsp;</div>');
    tpl_set_var('bodystyle', '');
    if (isset($_REQUEST['print']) && $_REQUEST['print'] == 'y') {
        $sCode = read_file($stylepath . '/main_print.tpl.php');
    } else {
        if (isset($_REQUEST['popup']) && $_REQUEST['popup'] == 'y') {
            $sCode = read_file($stylepath . '/popup.tpl.php');
        } else {
            $sCode = read_file($stylepath . '/main.tpl.php');
        }
    }
    $sCode = '?>' . $sCode;
    //does template exist?
    if (!file_exists($stylepath . '/' . $tplname . '.tpl.php')) {
        //set up the error template
        $error = true;
        tpl_set_var('error_msg', htmlspecialchars($error_pagenotexist, ENT_COMPAT, 'UTF-8'));
        tpl_set_var('tplname', $tplname);
        $tplname = 'error';
    }
    //read the template
    $sTemplate = read_file($stylepath . '/' . $tplname . '.tpl.php');
    $sCode = mb_ereg_replace('{template}', $sTemplate, $sCode);
    //process translations
    $sCode = tpl_do_translation($sCode);
    //process the template replacements
    $sCode = tpl_do_replace($sCode);
    // fixing path issue
    $sCode = str_replace('lib2/smarty/ocplugins/', 'src/Oc/SmartyPlugins/', $sCode);
    //store the cookie
    write_cookie_settings();
    //send http-no-caching-header
    http_write_no_cache();
    // write UTF8-Header
    header('Content-type: text/html; charset=utf-8');
    //run the template code
    eval($sCode);
    //disconnect the database
    if ($dbdisconnect) {
        db_disconnect();
    }
}
Ejemplo n.º 4
0
function sql_internal($_dblink, $sql, $bSlave)
{
    global $opt;
    global $sql_debug, $sql_warntime;
    global $sql_replacements;
    global $sqlcommands;
    global $dblink_slave;
    $args = func_get_args();
    unset($args[0], $args[1], $args[2]);
    /* as an option, you can give as second parameter an array
     * with all values for the placeholder. The array has to be
     * with numeric indizes.
     */
    if (isset($args[3]) && is_array($args[3])) {
        $tmp_args = $args[3];
        unset($args);
        // correct indizes
        $args = array_merge([0], $tmp_args);
        unset($tmp_args);
        unset($args[0]);
    }
    $sqlpos = 0;
    $filtered_sql = '';
    // $sql von vorne bis hinten durchlaufen und alle &x ersetzen
    $nextarg = mb_strpos($sql, '&');
    while ($nextarg !== false) {
        // muss dieses & ersetzt werden, oder ist es escaped?
        $escapesCount = 0;
        while ($nextarg - $escapesCount - 1 > 0 && mb_substr($sql, $nextarg - $escapesCount - 1, 1) == '\\') {
            $escapesCount++;
        }
        if ($escapesCount % 2 == 1) {
            $nextarg++;
        } else {
            $nextchar = mb_substr($sql, $nextarg + 1, 1);
            if (is_numeric($nextchar)) {
                $arglength = 0;
                $arg = '';
                // nächstes Zeichen das keine Zahl ist herausfinden
                while (mb_ereg_match('^[0-9]{1}', $nextchar) == 1) {
                    $arg .= $nextchar;
                    $arglength++;
                    $nextchar = mb_substr($sql, $nextarg + $arglength + 1, 1);
                }
                // ok ... ersetzen
                $filtered_sql .= mb_substr($sql, $sqlpos, $nextarg - $sqlpos);
                $sqlpos = $nextarg + $arglength;
                if (isset($args[$arg])) {
                    if (is_numeric($args[$arg])) {
                        $filtered_sql .= $args[$arg];
                    } else {
                        if (mb_substr($sql, $sqlpos - $arglength - 1, 1) == '\'' && mb_substr($sql, $sqlpos + 1, 1) == '\'') {
                            $filtered_sql .= sql_escape($args[$arg]);
                        } elseif (mb_substr($sql, $sqlpos - $arglength - 1, 1) == '`' && mb_substr($sql, $sqlpos + 1, 1) == '`') {
                            $filtered_sql .= sql_escape($args[$arg]);
                        } else {
                            sql_error();
                        }
                    }
                } else {
                    // NULL
                    if (mb_substr($sql, $sqlpos - $arglength - 1, 1) == '\'' && mb_substr($sql, $sqlpos + 1, 1) == '\'') {
                        // Anführungszeichen weg machen und NULL einsetzen
                        $filtered_sql = mb_substr($filtered_sql, 0, mb_strlen($filtered_sql) - 1);
                        $filtered_sql .= 'NULL';
                        $sqlpos++;
                    } else {
                        $filtered_sql .= 'NULL';
                    }
                }
                $sqlpos++;
            } else {
                $arglength = 0;
                $arg = '';
                // nächstes Zeichen das kein Buchstabe/Zahl ist herausfinden
                while (mb_ereg_match('^[a-zA-Z0-9]{1}', $nextchar) == 1) {
                    $arg .= $nextchar;
                    $arglength++;
                    $nextchar = mb_substr($sql, $nextarg + $arglength + 1, 1);
                }
                // ok ... ersetzen
                $filtered_sql .= mb_substr($sql, $sqlpos, $nextarg - $sqlpos);
                if (isset($sql_replacements[$arg])) {
                    $filtered_sql .= $sql_replacements[$arg];
                } else {
                    sql_error();
                }
                $sqlpos = $nextarg + $arglength + 1;
            }
        }
        $nextarg = mb_strpos($sql, '&', $nextarg + 1);
    }
    // rest anhängen
    $filtered_sql .= mb_substr($sql, $sqlpos);
    // \& durch & ersetzen
    $nextarg = mb_strpos($filtered_sql, '\\&');
    while ($nextarg !== false) {
        $escapesCount = 0;
        while ($nextarg - $escapesCount - 1 > 0 && mb_substr($filtered_sql, $nextarg - $escapesCount - 1, 1) == '\\') {
            $escapesCount++;
        }
        if ($escapesCount % 2 == 0) {
            // \& ersetzen durch &
            $filtered_sql = mb_substr($filtered_sql, 0, $nextarg) . '&' . mb_substr($filtered_sql, $nextarg + 2);
            $nextarg--;
        }
        $nextarg = mb_strpos($filtered_sql, '\\&', $nextarg + 2);
    }
    //
    // ok ... hier ist filtered_sql fertig
    //
    /* todo:
           - errorlogging
           - LIMIT
           - DROP/DELETE ggf. blocken
       */
    if (isset($sql_debug) && $sql_debug == true) {
        require_once $opt['rootpath'] . 'lib/sqldebugger.inc.php';
        $result = sqldbg_execute($filtered_sql, $bSlave);
        if ($result === false) {
            sql_error();
        }
    } else {
        // Zeitmessung für die Ausführung
        $cSqlExecution = new CBench();
        $cSqlExecution->start();
        $result = mysql_query($filtered_sql, $_dblink);
        if ($result === false) {
            sql_error();
        }
        $cSqlExecution->stop();
        if ($sql_warntime > 0 && $cSqlExecution->diff() > $sql_warntime) {
            $ua = isset($_SERVER['HTTP_USER_AGENT']) ? "\r\n" . $_SERVER['HTTP_USER_AGENT'] : "";
            sql_warn("execution took " . $cSqlExecution->diff() . " seconds" . $ua);
        }
    }
    return $result;
}
Ejemplo n.º 5
0
function sqldbg_execute($sql, $bSlave)
{
    global $dblink;
    global $sqldbg_cmdNo;
    global $sqldbg_sumTimes;
    $sqldbg_cmdNo++;
    echo '<p class="sqlno"><span class="white">/*</span> SQL command ' . $sqldbg_cmdNo . ' ';
    if ($bSlave) {
        echo '<span class="slave_title">(slave)</span>';
    }
    echo '<span class="white">*/</span>';
    echo '</p>';
    echo '<p class="sqlcommand">';
    if ($bSlave) {
        echo '<span class="slave_sql">';
    }
    echo htmlspecialchars($sql, ENT_COMPAT, 'UTF-8');
    if ($bSlave) {
        echo '</span>';
    }
    echo ' ;</p>';
    echo '<div class="comments"><div class="white">/*</div><br>';
    // Explains
    $bUseExplain = true;
    $sqlexplain = $sql;
    $usebr = false;
    if (mb_strtoupper(mb_substr($sqlexplain, 0, 6)) == 'ALTER ') {
        $bUseExplain = false;
    } else {
        if (mb_strtoupper(mb_substr($sqlexplain, 0, 7)) == 'DELETE ') {
            $sqlexplain = sqldbg_strip_from($sqlexplain);
        } else {
            if (mb_strtoupper(mb_substr($sqlexplain, 0, 12)) == 'INSERT INTO ' || mb_strtoupper(mb_substr($sqlexplain, 0, 19)) == 'INSERT IGNORE INTO ') {
                $sqlexplain = sqldbg_strip_temptable($sqlexplain);
                if ($sqlexplain == '') {
                    $bUseExplain = false;
                }
            } else {
                if (mb_strtoupper(mb_substr($sqlexplain, 0, 7)) == 'INSERT ') {
                    $bUseExplain = false;
                } else {
                    if (mb_strtoupper(mb_substr($sqlexplain, 0, 7)) == 'UPDATE ') {
                        $bUseExplain = false;
                    } else {
                        if (mb_strtoupper(mb_substr($sqlexplain, 0, 11)) == 'DROP TABLE ') {
                            $bUseExplain = false;
                        } else {
                            if (mb_strtoupper(mb_substr($sqlexplain, 0, 23)) == 'CREATE TEMPORARY TABLE ') {
                                $sqlexplain = sqldbg_strip_temptable($sqlexplain);
                                if ($sqlexplain == '') {
                                    $bUseExplain = false;
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    if ($bUseExplain == true) {
        $bFirstLine = true;
        $nLine = 0;
        $rs = mysql_query($sqlexplain, $dblink);
        echo '<div class="selrows">Number of selected rows: ' . mysql_num_rows($rs) . '</div>';
        echo '<table class="firstresultrow" border="1">';
        while ($r = sql_fetch_assoc($rs)) {
            $usebr = true;
            $nLine++;
            if ($bFirstLine == true) {
                echo '<tr>' . "\n";
                foreach ($r as $field => $value) {
                    echo '<th>' . htmlspecialchars($field, ENT_COMPAT, 'UTF-8') . '</th>' . "\n";
                }
                echo '</tr>' . "\n";
            }
            if ($bFirstLine) {
                echo '<tr>';
            } else {
                echo '<tr class="result">';
            }
            foreach ($r as $value) {
                echo '<td>' . htmlspecialchars($value != null ? $value : 'NULL', ENT_COMPAT, 'UTF-8') . '</td>';
            }
            echo '</tr>' . "\n";
            if ($nLine == 25) {
                break;
            }
            $bFirstLine = false;
        }
        echo '</table>';
        mysql_free_result($rs);
        echo '<table class="explain" border="1">';
        $bFirstLine = true;
        $rs = mysql_query('EXPLAIN EXTENDED ' . $sqlexplain);
        while ($r = sql_fetch_assoc($rs)) {
            if ($bFirstLine == true) {
                echo '<tr>';
                foreach ($r as $field => $value) {
                    echo '<th>' . htmlspecialchars($field, ENT_COMPAT, 'UTF-8') . '</th>';
                }
                echo '</tr>' . "\n";
                $bFirstLine = false;
            }
            echo '<tr>';
            foreach ($r as $value) {
                echo '<td>' . htmlspecialchars($value != null ? mb_ereg_replace('\\*/', '* /', $value) : 'NULL', ENT_COMPAT, 'UTF-8') . '</td>';
            }
            echo '</tr>' . "\n";
        }
        echo '</table>';
        $usebr = true;
    }
    // dont use query cache!
    $sql = sqldbg_insert_nocache($sql);
    $bSqlExecution = new CBench();
    $bSqlExecution->start();
    $rsResult = mysql_query($sql, $dblink);
    $bError = $rsResult == false;
    $bSqlExecution->stop();
    $sqldbg_sumTimes += $bSqlExecution->Diff();
    if ($bError == true) {
        echo '<div class="error">Error while executing SQL command!</div>';
        echo '<div class="errormsg">';
        echo '<table>';
        $rs = mysql_query('SHOW WARNINGS', $dblink);
        while ($r = sql_fetch_assoc($rs)) {
            echo '<tr><td>' . htmlspecialchars($r['Message'], ENT_COMPAT, 'UTF-8') . '</td></tr>';
        }
        echo '</table>';
        echo '</div>';
    }
    echo '<div class="runtime">Runtime: ' . sprintf('%01.5f', $bSqlExecution->Diff()) . ' sek.</div>';
    echo '<div class="affectedrows">Number of affected rows: ' . mysql_affected_rows($dblink) . '</div>';
    echo '<div class="white">*/</div></div>';
    return $rsResult;
}