<?php $TABLE = $_GET["edit"]; $table_status = table_status($TABLE); $where = isset($_GET["select"]) ? count($_POST["check"]) == 1 ? where_check($_POST["check"][0]) : "" : where($_GET); $update = isset($_GET["select"]) ? $_POST["edit"] : $where; $fields = fields($TABLE); foreach ($fields as $name => $field) { if (!isset($field["privileges"][$update ? "update" : "insert"]) || $adminer->fieldName($field) == "") { unset($fields[$name]); } } if ($_POST && !$error && !isset($_GET["select"])) { $location = $_POST["referer"]; if ($_POST["insert"]) { // continue edit or insert $location = $update ? null : $_SERVER["REQUEST_URI"]; } elseif (!ereg('^.+&select=.+$', $location)) { $location = ME . "select=" . urlencode($TABLE); } if (isset($_POST["delete"])) { query_redirect("DELETE" . limit1("FROM " . table($TABLE), " WHERE {$where}"), $location, array(lang('Item has been deleted.'), 'success')); } else { $set = array(); foreach ($fields as $name => $field) { $val = process_input($field); if ($val !== false && $val !== null) { $set[idf_escape($name)] = $update ? "\n" . idf_escape($name) . " = {$val}" : $val; } } if ($update) {
<?php $TABLE = $_GET["edit"]; $fields = fields($TABLE); $where = isset($_GET["select"]) ? count($_POST["check"]) == 1 ? where_check($_POST["check"][0], $fields) : "" : where($_GET, $fields); $update = isset($_GET["select"]) ? $_POST["edit"] : $where; foreach ($fields as $name => $field) { if (!isset($field["privileges"][$update ? "update" : "insert"]) || $adminer->fieldName($field) == "") { unset($fields[$name]); } } if ($_POST && !$error && !isset($_GET["select"])) { $location = $_POST["referer"]; if ($_POST["insert"]) { // continue edit or insert $location = $update ? null : $_SERVER["REQUEST_URI"]; } elseif (!preg_match('~^.+&select=.+$~', $location)) { $location = ME . "select=" . urlencode($TABLE); } $indexes = indexes($TABLE); $unique_array = unique_array($_GET["where"], $indexes); $query_where = "\nWHERE {$where}"; if (isset($_POST["delete"])) { queries_adminer_redirect($location, lang('Item has been deleted.'), $driver->delete($TABLE, $query_where, !$unique_array)); } else { $set = array(); foreach ($fields as $name => $field) { $val = process_input($field); if ($val !== false && $val !== null) { $set[idf_escape($name)] = $val; }
} elseif (!$_POST["import"]) { // modify if (!$_POST["val"]) { $error = lang('Double click on a value to modify it.'); } else { $result = true; $affected = 0; foreach ($_POST["val"] as $unique_idf => $row) { $set = array(); foreach ($row as $key => $val) { $key = bracket_escape($key, 1); // 1 - back $set[] = idf_escape($key) . " = " . (ereg('char|text', $fields[$key]["type"]) || $val != "" ? $adminer->processInput($fields[$key], $val) : "NULL"); } $query = table($TABLE) . " SET " . implode(", ", $set); $where2 = " WHERE " . where_check($unique_idf) . ($where ? " AND " . implode(" AND ", $where) : ""); $result = queries("UPDATE" . ($is_group ? " {$query}{$where2}" : limit1($query, $where2))); // can change row on a different page without unique key if (!$result) { break; } $affected += $connection->affected_rows; } queries_redirect(remove_from_uri(), lang('%d item(s) have been affected.', $affected), $result); } } elseif (is_string($file = get_file("csv_file", true))) { //! character set cookie("adminer_import", "output=" . urlencode($adminer_import["output"]) . "&format=" . urlencode($_POST["separator"])); $result = true; $cols = array_keys($fields); preg_match_all('~(?>"[^"]*"|[^"\\r\\n]+)+~', $file, $matches);
} } elseif (!$_POST["import"]) { // modify if (!$_POST["val"]) { $error = lang('Ctrl+click on a value to modify it.'); } else { $result = true; $affected = 0; foreach ($_POST["val"] as $unique_idf => $row) { $set = array(); foreach ($row as $key => $val) { $key = bracket_escape($key, 1); // 1 - back $set[idf_escape($key)] = preg_match('~char|text~', $fields[$key]["type"]) || $val != "" ? $adminer->processInput($fields[$key], $val) : "NULL"; } $result = $driver->update($TABLE, $set, " WHERE " . ($where ? implode(" AND ", $where) . " AND " : "") . where_check($unique_idf, $fields), !($is_group || $unselected === array()), " "); if (!$result) { break; } $affected += $connection->affected_rows; } queries_adminer_redirect(remove_from_uri(), lang('%d item(s) have been affected.', $affected), $result); } } elseif (!is_string($file = get_file("csv_file", true))) { $error = upload_error($file); } elseif (!preg_match('~~u', $file)) { $error = lang('File must be in UTF-8 encoding.'); } else { cookie("adminer_import", "output=" . urlencode($adminer_import["output"]) . "&format=" . urlencode($_POST["separator"])); $result = true; $cols = array_keys($fields);