function get_num_rows(client $client, $table_name) { //TODO: check client's cookie (setting) not to do all these selects if (false) { return ""; } $query = "select count(*) from " . $table_name . ";"; $res = odbc_exec($client->get_connection(), $query); if ($res === false) { return "unknown"; } else { return format_num_rows(odbc_result($res, 1)); } }
function get_report(client $client, $table_name, $show, $rownum) { if ($table_name == null) { return "Bad table name."; } //TODO check table_name is one word //compile query $colnames = odbc_exec($client->get_connection(), "SELECT column_name, data_type, data_length FROM ALL_TAB_COLUMNS WHERE table_name = '" . strtoupper($table_name) . "';"); if ($colnames === false) { return "Unable to get table fields."; } $query = "SELECT "; $i = 0; while (odbc_fetch_row($colnames)) { if (isset($show) && isset($show[$i]) && $show[$i] == true) { if ($query != "SELECT ") { $query .= ", "; } $query .= odbc_result($colnames, 1); } $i += 1; } $query .= " FROM " . $table_name . " WHERE rownum <= ?;"; //prepare statement $statement = odbc_prepare($client->get_connection(), $query); if ($statement === false) { return $query . "\n\n" . get_odbc_error(); } $items = array(); $items[] = (int) $rownum; $result = odbc_execute($statement, $items); if ($result === false) { return $query . "\n\n" . get_odbc_error(); } return $statement; }
return false; } if ($add_length && $add_precision) { return $type . "(" . $precision . "," . $length . ")"; } else { if ($add_length) { return $type . "(" . $length . ")"; } else { if ($add_precision) { return $type . "(" . $precision . ")"; } } } return $type; } if (odbc_exec($client->get_connection(), "COMMIT;") === false) { die(get_odbc_error()); } if (odbc_exec($client->get_connection(), "SET TRANSACTION NAME 'edit_table_fields_transaction';") === false) { die(get_odbc_error()); } $rollback_needed = false; $rollback_error_message = ""; //check if existing fields were not changed //"SELECT column_name, data_type, data_precision, data_length, nullable, CONSTRAINT_TYPE, column_id FROM ALL_TAB_COLUMNS acol LEFT JOIN (select CONSTRAINT_TYPE, COLUMN_NAME as c2 from user_constraints uc inner join USER_IND_COLUMNS cols ON uc.index_name = cols.index_name) ON column_name = c2 where table_name='".strtoupper(totally_escape($target))."' ORDER BY column_id ASC" $colnames = odbc_exec($client->get_connection(), get_columns_info_query(strtoupper($table_name))); $idx = 1; $drop_primary_key = false; $make_unique_fields_list = array(); //"" while (odbc_fetch_row($colnames)) {
//check POST $table_name = null; $fields_count = 0; $foreign_keys_count = 0; if ($_POST) { $table_name = totally_escape($_POST["table_name"]); $fields_count = $_POST["fields_count"]; $foreign_keys_count = $_POST["foreign_keys_count"]; } if ($table_name == null) { die("false: bad table_name"); } //prepare statement $types_arr = sql_types_array(); //TODO: test table_name is one word or something if (odbc_exec($client->get_connection(), "COMMIT;") === false) { die(get_odbc_error()); } if (odbc_exec($client->get_connection(), "SET TRANSACTION NAME 'create_table_fields_transaction';") === false) { die(get_odbc_error()); } $rollback_needed = false; $rollback_error_message = ""; $query = "CREATE TABLE " . totally_escape($table_name) . " (\n"; /* for($i=1; $i<$fields_count; ++$i) $query .= "?, "; $query .= "?);"; */ $has_precision = array("NUMBER", "FLOAT", "INTERVAL YEAR TO MONTH", "INTERVAL DAY TO SECOND"); $has_length = array("NUMBER" => 38, "VARCHAR2" => 4000, "CHAR" => 2000, "TIMESTAMP" => -1, "INTERVAL DAY TO SECOND" => -1, "TIMESTAMP WITH TIME ZONE" => -1, "TIMESTAMP WITH LOCAL TIME ZONE" => -1, "RAW" => -1, "NCHAR" => 2000, "NVARCHAR2" => 4000); $first = true;
$fields_count = $_POST["fields_count"]; $rowid = totally_escape($_POST["rowid"]); } if ($table_name == null) { die("false"); } //TODO check table_name is one word //prepare statement if ($rowid == null) { $query = "INSERT INTO " . $table_name . " VALUES("; for ($i = 1; $i < $fields_count; ++$i) { $query .= "?, "; } $query .= "?);"; } else { $colnames = odbc_exec($client->get_connection(), "SELECT column_name, data_type, data_length FROM ALL_TAB_COLUMNS WHERE table_name = '" . strtoupper($table_name) . "';"); $q2 = ""; for ($i = 1; $i <= $fields_count; ++$i) { if (!odbc_fetch_row($colnames)) { die("false"); } if ($i < $fields_count) { $q2 .= odbc_result($colnames, 1) . " = ?,\n"; } else { $q2 .= odbc_result($colnames, 1) . " = ?\n"; } } $query = "UPDATE " . $table_name . " SET " . $q2 . " WHERE ROWID = ?;"; } $statement = odbc_prepare($client->get_connection(), $query); if ($statement === false) {
<?php //check auth include_once "../functions/client.php"; include_once "../functions/utils.php"; $client = new client(); if (!$client->logged_in()) { die("false"); } //check POST $table_name = null; $rowid = null; if ($_POST) { $table_name = totally_escape($_POST["target"]); $rowid = totally_escape($_POST["rowid"]); } if ($table_name == null || $rowid == null) { die("false"); } //TODO check table_name is one word //prepare statement $query = "DELETE FROM " . $table_name . " WHERE ROWID = ?;"; $statement = odbc_prepare($client->get_connection(), $query); if ($statement === false) { die($query . "\n\n" . get_odbc_error()); } $items = array($rowid); $result = odbc_execute($statement, $items); if ($result === false) { die($query . "\n\n" . get_odbc_error()); } echo "true";