if (!$error1 and !$error2) { if (!$error3) { echo '<status>success</status>'; } else { echo '<status>' . $error3 . '</status>'; } echo '<permissions>' . $qc . '</permissions>'; echo '<users>' . $grexe['users'] . '</users>'; echo '<comment>' . $comment . '</comment>'; } else { echo '<status>' . $error1 . $error2 . '</status>'; } } break; case 'createTable': $tableAllowed = tableAllowed($dbTable); if ($tableAllowed) { $columns = stripslashes(sqlinjection_free($_POST['columns'])); $maxRs = sqlinjection_free($_POST['maxRs']); $dbTable = sqlinjection_free($_POST['dbTable']); $asObj = sqlinjection_free($_POST['role']); if ($asObj == 'INDIVIDUAL') { $asObj = 'u' . $_SESSION['uid']; } else { $asObj = 'o' . $asObj; } $comment = " COMMENT '{w" . $asObj . ",{*}}'"; $query = "CREATE TABLE " . $dbTable . "(`index` INT(" . $maxRs . ") UNIQUE AUTO_INCREMENT" . $comment . "," . $columns . ") COMMENT='al:" . sqlinjection_free($_SESSION['function'][$_POST['role']]['aL']) . ",o:" . substr($asObj, 1) . "'"; $result = mysql_query($query, $dbc); $error1 = mysql_error($dbc); if (!$error1) {
$dbtUpdate['tables'][$dbTable]['op']['permitColUsers'][$colName] = $comment; if (!$error3) { echo '<status>success</status>'; } else { echo '<status>' . $error3 . '</status>'; } echo '<permissions>' . $qc . '</permissions>'; echo '<users>' . $grexe['users'] . '</users>'; echo '<comment>' . $comment . '</comment>'; } else { echo '<status>' . $error1 . $error2 . '</status>'; } } break; case 'createTable': $tableAllowed = tableAllowed($nTable | $dbTable); if ($tableAllowed) { $columns = $columns ? $columns : stripslashes(sqlinjection_free($_POST['columns'])); $maxRs = $maxRs ? $maxRs : sqlinjection_free($_POST['maxRs']); $nTable = $nTable ? $nTable : sqlinjection_free($_POST['dbTable']); $asObj = sqlinjection_free($_POST['role']); if ($asObj == 'INDIVIDUAL') { $asObj = 'u' . $_SESSION['uid']; } else { $asObj = 'o' . $asObj; } $comment = " COMMENT '{w" . $asObj . ",{*}}'"; $query = "CREATE TABLE " . $nTable . "(`index` INT(" . $maxRs . ") UNIQUE AUTO_INCREMENT" . $comment . ", " . $columns . ") COMMENT = 'al:" . sqlinjection_free($_SESSION['function'][$_POST['role']]['aL']) . ",o:" . substr($asObj, 1) . "'"; $result = mysql_query($query, $dbc); $error1 = mysql_error($dbc); if (!$error1) {
} onload=dbTableExecuter.init; </script> </head> <body> <div id="dbTableExecuterBdy" class="gdgBody"> <?php if (!$userAuthorizationInfo) { if ($result || $liveDBTable['liveD']) { if (!$authorizeTransit and !$sm) { echo "<span>U r not authorized to view the table ~:|~</span>"; } else { include 'dbTableExecuterOpener.php'; } } else { if (tableAllowed($dbTable)) { include 'dbTableExecuterCreator.php'; } else { echo "<span class='display' id='dbTableExecuter'>Table don exist n u r not authorized to create table with this name.</span></body></html>"; } } } else { echo $userAuthorizationInfo; } ?> </div> </body> </html> <?php /* $spv=shm_put_var($dbtShmId, $dbtKey, $liveDBTable);