function dbkiss_filter_id($id)
{
if (preg_match('#^[_a-z][a-z0-9_\\-]*$#i', $id)) {
return $id;
}
return false;
}
$get = get(array('table' => 'string', 'pk' => 'string', 'id' => 'string'));
$get['table'] = html_once($get['table']);
$get['pk'] = html_once($get['pk']);
$title_edit = sprintf('Edit row (%s=%s)', $get['pk'], $get['id']);
$title = ' > ' . $get['table'] . ' > ' . $title_edit;
if (!dbkiss_filter_id($get['table'])) {
error('Invalid table name');
}
if (!dbkiss_filter_id($get['pk'])) {
error('Invalid pk');
}
$row = false;
if (!error()) {
$table_enq = quote_table($get['table']);
$test = db_row("SELECT * FROM {$table_enq}");
if ($test) {
if (!array_key_exists($get['pk'], $test)) {
error('Invalid pk');
}
}
if (!error()) {
$table_enq = quote_table($get['table']);
$query = db_bind("SELECT * FROM {$table_enq} WHERE {$get['pk']} = %0", $get['id']);
$query = db_limit($query, 0, 2);
}
$_GET['table'] = htmlspecialchars($_GET['table']);
$_GET['pk'] = htmlspecialchars($_GET['pk']);
$title_edit = sprintf('Edit (%s=%s)', $_GET['pk'], $_GET['id']);
$title = ' > ' . $_GET['table'] . ' > ' . $title_edit;
if (!dbkiss_filter_id($_GET['table'])) {
error('Invalid table name');
}
if ($_pkeys) {
foreach ($_pkeys as $key) {
if (!dbkiss_filter_id($key)) {
error('Invalid pk');
}
}
} else {
if (!dbkiss_filter_id($_pk)) {
error('Invalid pk');
}
}
$row = false;
if (!error()) {
$table_enq = quote_table($_GET['table']);
$test = db_row("SELECT * FROM {$table_enq}");
if ($test) {
if ($_pkeys) {
foreach ($_pkeys as $key) {
if (!array_key_exists($key, $test)) {
error('Invalid pk');
}
}
} else {
