}
if (!isset($global_dd[$campo]['name'])) {
$global_dd[$campo]['name'] = null;
}
$sql_fix .= "ALTER TABLE {$data->name} ADD COLUMN " . genColumnSQL($data->dd[$campo], $dbtype, $global_dd[$campo]['name'] === $data->key) . ";\n";
}
}
}
} else {
$tables_output .= "{$green}<br/>";
}
}
break;
case 'exec':
if (isset($_REQUEST['sqlcmd'])) {
$sqlcmd = almdata::escape($_REQUEST['sqlcmd']);
} else {
$sqlcmd = '';
}
if (!isset($_REQUEST['fix'])) {
$output .= '<form><input type="hidden" name="action" value="exec"/><textarea name="sqlcmd" cols="80">' . $sqlcmd . '</textarea><br/><input type="submit" value="Ejecutar SQL"></form>';
} else {
$output .= "SQL Aplicado: " . $sqlcmd;
}
if ($sqlcmd) {
$data = new Data();
$data->execSql($sqlcmd);
$sqldata = $data->getArray();
$output .= "<pre>" . print_r($sqldata, 1) . "</pre>";
}
break;
<?php
if ($this->database) {
$tmpvar = almdata::escape($tmpvar);
}
switch ($type) {
case 'varchar':
$type = 'string';
break;
case 'numeric':
$tmpvar = number_format((double) str_replace(',', '', $tmpvar), 2, '.', '');
$type = 'float';
break;
case 'int':
case 'smallint':
case 'serial':
$tmpvar = (int) str_replace(',', '', $tmpvar);
$type = 'int';
break;
default:
$type = 'string';
}
settype($tmpvar, $type);
#if ($type == 'string') {
if ($type == 'string' && !$allow_js) {
$tmpvar = preg_replace("/<script[^>]*?>.*?<\\/script>/i", "", $tmpvar);
}
if ($type == 'string' && !$html) {
$tmpvar = strip_tags($tmpvar, ALM_ALLOW_TAGS);
}
break;
case 'bool':
case 'boolean':
$value = isset($this->request[$column['name']]) ? $this->request[$column['name']] : '0';
$value = !$value || $value == 'false' || $value == '0' ? '0' : '1';
$values .= $column['name'] . "=" . "'" . $value . "'";
break;
case 'date':
case 'datenull':
$value = $this->request[$column['name']];
if (isset($value) && $value != '0-00-0') {
$value = almdata::escape($this->request[$column['name']]);
$values .= $column['name'] . "= '" . $value . "'";
} else {
$values .= $column['name'] . "=NULL";
}
break;
default:
if (isset($this->request[$column['name']])) {
$value = $this->escaped ? $this->request[$column['name']] : almdata::escape($this->request[$column['name']]);
$values .= $column['name'] . "=" . "'" . $value . "'";
} else {
$values .= $column['name'] . "=NULL";
}
break;
}
$n++;
if ($maxcols && $n + $skipped_cols >= $maxcols) {
break;
}
}
/**
* "escapea" una cadena para poder usarla de manera segura en comando sql
* @param string $var cadena a "escapear"
* @return string escaped string, lista para usar en sql
*/
function escape($var)
{
return almdata::escape($var);
}
