コード例 #1
0
 function table_backup($table)
 {
     global $db;
     $this->write($fh, "DROP TABLE IF EXISTS " . sql_backquote($table) . ";\n");
     $create_table = $db->get_results("SHOW CREATE TABLE {$table}", ARRAY_N);
     if ($create_table) {
         $this->write($create_table[0][1] . " ;\n");
         $table_data = $db->get_results("SELECT * FROM {$table}", ARRAY_A);
         if ($table_data) {
             $search = array("", "\n", "\r", "");
             $replace = array('\\0', '\\n', '\\r', '\\Z');
             foreach ($table_data as $row) {
                 $entries = 'INSERT INTO ' . sql_backquote($table) . ' VALUES (';
                 $values = array();
                 foreach ($row as $key => $value) {
                     if ($ints[strtolower($key)]) {
                         $values[] = $value;
                     } else {
                         $values[] = "'" . str_replace($search, $replace, sql_addslashes($value)) . "'";
                     }
                 }
                 $this->write(" \n" . $entries . implode(', ', $values) . ') ;');
             }
         }
     } else {
         $this->error(sprintf("Error with SHOW CREATE TABLE for %s.", $table));
     }
 }
コード例 #2
0
ファイル: tbl_replace.php プロジェクト: CMMCO/Intranet
             break;
         case '$set$':
             // if we have a set, then construct the value
             $f = 'field_' . md5($key);
             if (!empty(${$f})) {
                 $val = implode(',', ${$f});
                 $val = "'" . sql_addslashes(urldecode($val)) . "'";
             } else {
                 $val = "''";
             }
             break;
         default:
             if (get_magic_quotes_gpc()) {
                 $val = "'" . str_replace('\\"', '"', $val) . "'";
             } else {
                 $val = "'" . sql_addslashes($val) . "'";
             }
             break;
     }
     // end switch
     if (empty($funcs[$encoded_key])) {
         $valuelist .= $val . ', ';
     } else {
         if ($val == '\'\'' && ereg('^(NOW|CURDATE|CURTIME|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$', $funcs[$encoded_key])) {
             $valuelist .= $funcs[$encoded_key] . '(), ';
         } else {
             $valuelist .= $funcs[$encoded_key] . "({$val}), ";
         }
     }
 }
 // end while
コード例 #3
0
ファイル: tbl_select.php プロジェクト: CMMCO/Intranet
     $sql_query .= ' WHERE ' . (get_magic_quotes_gpc() ? stripslashes($where) : $where);
 } else {
     $sql_query .= ' WHERE 1';
     for ($i = 0; $i < count($fields); $i++) {
         if (!empty($fields) && $fields[$i] != '') {
             if (strtoupper($fields[$i]) == 'NULL' || strtoupper($fields[$i]) == 'NOT NULL') {
                 $quot = '';
                 $cmp = 'IS';
             } else {
                 if ($types[$i] == 'string' || $types[$i] == 'blob') {
                     $quot = '\'';
                     $cmp = 'LIKE';
                     if (get_magic_quotes_gpc()) {
                         $fields[$i] = stripslashes($fields[$i]);
                     }
                     $fields[$i] = sql_addslashes($fields[$i], TRUE);
                 } else {
                     if ($types[$i] == 'date' || $types[$i] == 'time') {
                         $quot = '\'';
                         $cmp = '=';
                     } else {
                         if (strstr($fields[$i], '%')) {
                             $quot = '\'';
                             $cmp = 'LIKE';
                         } else {
                             if (substr($fields[$i], 0, 1) == '<' || substr($fields[$i], 0, 1) == '>') {
                                 $quot = '';
                                 $cmp = '';
                             } else {
                                 $quot = '';
                                 $cmp = '=';
コード例 #4
0
ファイル: tbl_properties.php プロジェクト: CMMCO/Intranet
        if (empty($prev_comment) || urldecode($prev_comment) != str_replace('&quot;', '"', $comment)) {
            $local_query = 'ALTER TABLE ' . backquote($table) . ' COMMENT = \'' . sql_addslashes($comment) . '\'';
            $result = mysql_query($local_query) or mysql_die('', $local_query);
        }
    }
    if (isset($submittype)) {
        $local_query = 'ALTER TABLE ' . backquote($table) . ' TYPE = ' . $tbl_type;
        $result = mysql_query($local_query) or mysql_die('', $local_query);
    }
    if (isset($submitorderby) && !empty($order_field)) {
        $order_field = backquote(urldecode($order_field));
        $local_query = 'ALTER TABLE ' . backquote($table) . 'ORDER BY ' . $order_field;
        $result = mysql_query($local_query) or mysql_die('', $local_query);
    }
    // Get table type and comments and displays first browse links
    $local_query = 'SHOW TABLE STATUS LIKE \'' . sql_addslashes($table, TRUE) . '\'';
    $result = mysql_query($local_query) or mysql_die('', $local_query);
    $showtable = mysql_fetch_array($result);
    $tbl_type = strtoupper($showtable['Type']);
    if (isset($showtable['Rows']) && $showtable['Rows'] > 0) {
        echo "\n";
        ?>
<!-- first browse links --> 
<p>
    [ <a href="sql.php?<?php 
        echo $url_query;
        ?>
&sql_query=<?php 
        echo urlencode('SELECT * FROM ' . backquote($table));
        ?>
&pos=0">
コード例 #5
0
ファイル: tbl_addfield.php プロジェクト: CMMCO/Intranet
         $query .= '(' . stripslashes($field_length[$i]) . ')';
     } else {
         $query .= '(' . $field_length[$i] . ')';
     }
 }
 if ($field_attribute[$i] != '') {
     $query .= ' ' . $field_attribute[$i];
 }
 if ($field_default[$i] != '') {
     if (strtoupper($field_default[$i]) == 'NULL') {
         $query .= ' DEFAULT NULL';
     } else {
         if (get_magic_quotes_gpc()) {
             $query .= ' DEFAULT \'' . sql_addslashes(stripslashes($field_default[$i])) . '\'';
         } else {
             $query .= ' DEFAULT \'' . sql_addslashes($field_default[$i]) . '\'';
         }
     }
 }
 if ($field_null[$i] != '') {
     $query .= ' ' . $field_null[$i];
 }
 if ($field_extra[$i] != '') {
     $query .= ' ' . $field_extra[$i];
 }
 if ($after_field != '--end--') {
     // Only the first field can be added somewhere else than at the end
     if ($i == 0) {
         if ($after_field == '--first--') {
             $query .= ' FIRST';
         } else {
コード例 #6
0
ファイル: vars.php プロジェクト: mndrwd/freedomeditor
             iframe($ftpacc['rmimpsc'] . "?sl1=" . $_GET['sl1']);
             echo "<hr>";
         }
     }
 }
 if ($_GET['ac'] == "imp") {
     iframe($db_tool['scrdir'] . "/dbtool_imp.php?sl1=" . $_GET['sl1']);
     echo "<hr>";
 }
 if ($_GET['ac'] == "opti") {
     if ($_GET['sl1'] == "all") {
         foreach ($tableyi as $tabul) {
             $sql[] = "OPTIMIZE TABLE `" . sql_addslashes($tabul) . "`";
         }
     } elseif ($_GET['sl1'] != "all") {
         $sql[] = "OPTIMIZE TABLE `" . sql_addslashes($_GET['sl1']) . "` ";
     }
     foreach ($sql as $slq) {
         $qryrsl = mysqli_query($slq);
         echo mysqli_error($connection);
         echo "\"" . $slq . "\" ";
         if ($qryrsl) {
             echo "successfully executed @ local db<p>";
         }
     }
 }
 if (!$_GET['sl1'] == "") {
     echo "<hr>";
     echo "<b>LOCAL SERVER</b><br>";
     if (file_exists($fname)) {
         echo "| <a href=\"" . $db_tool['scrdir'] . "/dl.php?fn1=" . $db_tool['bkpth'] . "/" . $db_tool['mysqldb'] . "&fn2=" . $filename . "\">Download sql file</a> ";
コード例 #7
0
ファイル: functions.php プロジェクト: kashifnasim/nexexcel
function make_sql($table, $sql_drop_table = true)
{
    /*
    	Reads the Database table in $table and creates
    	SQL Statements for recreating structure and data
    */
    $sql_statements = "";
    // Add SQL statement to drop existing table
    /*
    		//$sql_statements .= "\n";
    		$sql_statements .= "\n";
    		$sql_statements .= "#\n";
    		$sql_statements .= "# Delete any existing table " . backquote($table) . "\n";
    		$sql_statements .= "#\n";
    		//$sql_statements .= "\n";*/
    if ($sql_drop_table) {
        $sql_statements .= "DROP TABLE IF EXISTS " . backquote($table) . ";\n";
    }
    // Table structure
    // Comment in SQL-file
    //$sql_statements .= "\n";
    //$sql_statements .= "\n";
    //$sql_statements .= "#\n";
    //$sql_statements .= "# Table structure of table " . backquote($table) . "\n";
    //$sql_statements .= "#\n";
    //$sql_statements .= "\n";
    // Get table structure
    $query = "SHOW CREATE TABLE " . backquote($table);
    $result = mysql_query($query, $GLOBALS["db_connect"]);
    if ($result == FALSE) {
        log_msg(date("H:i:s") . ": Error getting table structure of {$table}!\n", 20);
        log_msg("          " . mysql_errno() . ": " . mysql_error() . "\n", 20);
    } else {
        if (mysql_num_rows($result) > 0) {
            $sql_create_arr = mysql_fetch_array($result);
            $sql_statements .= $sql_create_arr[1];
        }
        mysql_free_result($result);
        $sql_statements .= " ;";
    }
    // ($result == FALSE)
    // Table data contents
    // Get table contents
    $query = "SELECT * FROM " . backquote($table);
    $result = mysql_query($query, $GLOBALS["db_connect"]);
    if ($result == FALSE) {
        log_msg(date("H:i:s") . ": Error getting records of {$table}!\n", 30);
        log_msg("          " . mysql_errno() . ": " . mysql_error() . "\n", 30);
    } else {
        $fields_cnt = mysql_num_fields($result);
        $rows_cnt = mysql_num_rows($result);
    }
    // if ($result == FALSE)
    // Comment in SQL-file
    //$sql_statements .= "\n";
    //$sql_statements .= "\n";
    //$sql_statements .= "#\n";
    $sql_statements .= "# Data contents of table " . $table . " (" . $rows_cnt . " records)\n";
    //$sql_statements .= "#\n";
    // Checks whether the field is an integer or not
    for ($j = 0; $j < $fields_cnt; $j++) {
        $field_set[$j] = backquote(mysql_field_name($result, $j));
        $type = mysql_field_type($result, $j);
        if ($type == 'tinyint' || $type == 'smallint' || $type == 'mediumint' || $type == 'int' || $type == 'bigint') {
            $field_num[$j] = TRUE;
        } else {
            $field_num[$j] = FALSE;
        }
    }
    // end for
    // Sets the scheme
    $_entries = 'INSERT INTO ' . backquote($table) . ' VALUES';
    $sql_statements .= "\n" . $_entries;
    $entries = "\n (";
    $search = array("", "\n", "\r", "");
    //\x08\\x09, not required
    $replace = array('\\0', '\\n', '\\r', '\\Z');
    $current_row = 0;
    $_entries_count = 0;
    while ($row = mysql_fetch_row($result)) {
        $current_row++;
        for ($j = 0; $j < $fields_cnt; $j++) {
            if (!isset($row[$j])) {
                $values[] = 'NULL';
            } else {
                if ($row[$j] == '0' || $row[$j] != '') {
                    // a number
                    if ($field_num[$j]) {
                        $values[] = $row[$j];
                    } else {
                        $values[] = "'" . str_replace($search, $replace, sql_addslashes($row[$j])) . "'";
                    }
                    //if ($field_num[$j])
                } else {
                    $values[] = "''";
                }
            }
            // if (!isset($row[$j]))
        }
        // for ($j = 0; $j < $fields_cnt; $j++)
        $sql_statements .= $entries . implode(', ', $values) . ')';
        $_entries_count++;
        //break in processes of 100 rows
        if ($_entries_count % 100 == 0) {
            $sql_statements .= ";\n" . $_entries;
        } else {
            $sql_statements .= ",";
        }
        unset($values);
    }
    // while ($row = mysql_fetch_row($result))
    mysql_free_result($result);
    if (endsWith($sql_statements, ",")) {
        $sql_statements = substr($sql_statements, 0, strlen($sql_statements) - 1);
    } else {
        if (endsWith($sql_statements, $_entries)) {
            $sql_statements = substr($sql_statements, 0, strlen($sql_statements) - strlen($_entries));
        }
    }
    $sql_statements .= ";\n";
    // Create footer/closing comment in SQL-file
    //$sql_statements .= "\n";
    //$sql_statements .= "#\n";
    //$sql_statements .= "# End of data contents of table " . $table . "\n";
    //$sql_statements .= "# --------------------------------------------------------\n";
    //$sql_statements .= "\n";
    return $sql_statements;
}
コード例 #8
0
ファイル: main.php プロジェクト: CMMCO/Intranet
 $local_query = 'SELECT * FROM mysql.user WHERE User = \'' . sql_addslashes($cfgServer['user']) . '\'';
 $rs_usr = mysql_query($local_query, $stdlink) or mysql_die('', $local_query, FALSE);
 $result_usr = mysql_fetch_array($rs_usr);
 $create = $result_usr['Create_priv'] == 'Y';
 $db_to_create = '';
 // Does user have Create priv on a inexistant db?
 // if yes, show him in the dialog the first inexistant db name that we
 // find, in most cases it's probably the one he just dropped :)
 // (Note: we only get here after a browser reload, I don't know why)
 if (!$create) {
     $userlink = @mysql_connect($cfgServer['host'] . $server_port . $server_socket, $cfgServer['user'], $cfgServer['password']);
     if ($userlink == FALSE) {
         $local_query = 'mysql_connect(' . $cfgServer['host'] . $server_port . $server_socket . ', ' . $cfgServer['user'] . ', ' . $cfgServer['password'] . ')';
         mysql_die('', $local_query, FALSE, FALSE);
     }
     $local_query = 'SELECT Db FROM mysql.db WHERE User = \'' . sql_addslashes($cfgServer['user']) . '\'';
     $rs_usr = mysql_query($local_query, $stdlink) or mysql_die('', $local_query, FALSE);
     while ($row = mysql_fetch_array($rs_usr)) {
         if (!mysql_select_db($row['Db'], $userlink)) {
             $db_to_create = $row['Db'];
             $create = TRUE;
             break;
         }
     }
 }
 // The user is allowed to create a db '
 if ($create) {
     echo "\n";
     ?>
 <!-- db creation form -->
 <tr>
コード例 #9
0
ファイル: ldi_check.php プロジェクト: CMMCO/Intranet
if (isset($btnLDI) && $textfile != 'none') {
    if (!isset($replace)) {
        $replace = '';
    }
    // Formats the data posted to this script
    $textfile = sql_addslashes($textfile);
    if (get_magic_quotes_gpc()) {
        $field_terminater = stripslashes($field_terminater);
        $enclosed = sql_addslashes(stripslashes(str_replace('&quot;', '"', $enclosed)));
        $escaped = sql_addslashes(stripslashes($escaped));
        $line_terminator = stripslashes($line_terminator);
        $column_name = sql_addslashes(stripslashes($column_name));
    } else {
        $enclosed = sql_addslashes(str_replace('&quot;', '"', $enclosed));
        $escaped = sql_addslashes($escaped);
        $column_name = sql_addslashes($column_name);
    }
    // Builds the query
    $query = 'LOAD DATA LOCAL INFILE \'' . $textfile . '\'';
    if (!empty($replace)) {
        $query .= ' ' . $replace;
    }
    $query .= ' INTO TABLE ' . backquote($into_table);
    if (isset($field_terminater)) {
        $query .= ' FIELDS TERMINATED BY \'' . $field_terminater . '\'';
    }
    if (isset($enclose_option) && strlen($enclose_option) > 0) {
        $query .= ' OPTIONALLY';
    }
    if (strlen($enclosed) > 0) {
        $query .= ' ENCLOSED BY \'' . $enclosed . '\'';
コード例 #10
0
ファイル: tbl_alter.php プロジェクト: CMMCO/Intranet
            $query .= ' DEFAULT \'' . sql_addslashes($field_default[0]) . '\'';
        }
    }
    if ($field_null[0] != '') {
        $query .= ' ' . $field_null[0];
    }
    if ($field_extra[0] != '') {
        $query .= ' ' . $field_extra[0];
    }
    // Optimization fix - 2 May 2001 - Robbat2
    $sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' CHANGE ' . $query;
    $result = mysql_query($sql_query) or mysql_die();
    $message = $strTable . ' ' . htmlspecialchars($table) . ' ' . $strHasBeenAltered;
    include './tbl_properties.php';
    exit;
} else {
    if (get_magic_quotes_gpc()) {
        $field = sql_addslashes(stripslashes($field), TRUE);
    } else {
        $field = sql_addslashes($field, TRUE);
    }
    $local_query = 'SHOW FIELDS FROM ' . backquote($db) . '.' . backquote($table) . " LIKE '{$field}'";
    $result = mysql_query($local_query) or mysql_die('', $local_query);
    $num_fields = mysql_num_rows($result);
    $action = 'tbl_alter.php';
    include './tbl_properties.inc.php';
}
/**
 * Displays the footer
 */
require './footer.inc.php';
コード例 #11
0
ファイル: tbl_create.php プロジェクト: CMMCO/Intranet
    }
    // end for
    $unique = ereg_replace(', $', '', $unique);
    if (!empty($unique)) {
        $unique = ', UNIQUE (' . $unique . ')';
    }
    $query_keys = $primary . $index . $unique;
    $query_keys = ereg_replace(', $', '', $query_keys);
    // Builds the 'create table' statement
    $sql_query = 'CREATE TABLE ' . backquote($table) . ' (' . $query . ' ' . $query_keys . ')';
    // Adds table type (2 May 2001 - Robbat2)
    if (!empty($tbl_type) && $tbl_type != 'Default') {
        $sql_query .= ' TYPE = ' . $tbl_type;
    }
    if (MYSQL_INT_VERSION >= 32300 && !empty($comment)) {
        $sql_query .= ' comment = \'' . sql_addslashes($comment) . '\'';
    }
    // Executes the query
    $result = mysql_query($sql_query) or mysql_die();
    $message = $strTable . ' ' . htmlspecialchars($table) . ' ' . $strHasBeenCreated;
    include './tbl_properties.php';
    exit;
} else {
    if (isset($num_fields)) {
        $num_fields = intval($num_fields);
    }
    // No table name
    if (!isset($table) || trim($table) == '') {
        mysql_die($strTableEmpty);
    } else {
        if (empty($num_fields) || !is_int($num_fields)) {
コード例 #12
0
ファイル: lib.inc.php プロジェクト: CMMCO/Intranet
 /**
  * Deletes a bookmark
  *
  * @param   string   the current database name
  * @param   array    the bookmark parameters for the current user
  * @param   integer  the id of the bookmark to get
  */
 function delete_bookmarks($db, $cfgBookmark, $id)
 {
     $query = 'DELETE FROM ' . backquote($cfgBookmark['db']) . '.' . backquote($cfgBookmark['table']) . ' WHERE user = \'' . sql_addslashes($cfgBookmark['user']) . '\'' . ' AND id = ' . $id;
     if (isset($GLOBALS['dbh'])) {
         $result = mysql_query($query, $GLOBALS['dbh']);
     } else {
         $result = mysql_query($query);
     }
 }