function _updateMySQL()
{
global $TABLE_PREFIX, $schema;
$escapedTableName = mysql_escape($_REQUEST['tableName']);
// get current column name and type
$oldColumnName = $_REQUEST['fieldname'];
$newColumnName = $_REQUEST['newFieldname'];
$oldColumnType = getMysqlColumnType($_REQUEST['tableName'], $oldColumnName);
$newColumnType = getColumnTypeFor($newColumnName, $_REQUEST['type'], @$_REQUEST['customColumnType']);
// create/alter/remove MySQL columns
$isOldColumn = $oldColumnType;
$isNewColumn = $newColumnType != 'none' && $newColumnType != '';
$doEraseColumn = $isOldColumn && !$isNewColumn;
$doCreateColumn = !$oldColumnType && $isNewColumn;
$doAlterColumn = $isOldColumn && $isNewColumn;
// remove existing index (if any) - always dropping/recreating indexes ensure they match renamed fields, etc
list($oldIndexName, $oldIndexColList) = getIndexNameAndColumnListForField($oldColumnName, $oldColumnType);
$indexExists = (bool) mysql_get_query("SHOW INDEX FROM `{$escapedTableName}` WHERE Key_name = '{$oldIndexName}'");
if ($indexExists) {
mysql_query("DROP INDEX `{$oldIndexName}` ON `{$escapedTableName}`") or die("Error dropping index `{$newIndexName}`:" . htmlencode(mysql_error()));
}
// update table: create, alter, or erase field
if ($doCreateColumn) {
// create field
$query = "ALTER TABLE `" . mysql_escape($_REQUEST['tableName']) . "`\n ADD COLUMN `" . mysql_escape($newColumnName) . "` {$newColumnType}";
$result = mysql_query($query) or die("There was an error creating the MySQL Column, the error was:\n\n" . mysql_error());
} else {
if ($doAlterColumn) {
// change field type
$result = mysql_query("ALTER TABLE `" . mysql_escape($_REQUEST['tableName']) . "`\n CHANGE COLUMN `" . mysql_escape($oldColumnName) . "`\n `" . mysql_escape($newColumnName) . "` {$newColumnType}") or die("There was an error changing the MySQL Column, the error was:\n\n" . mysql_error() . "\n");
} else {
if ($doEraseColumn) {
// erase mysql field
$query = "ALTER TABLE `" . mysql_escape($_REQUEST['tableName']) . "`\n DROP COLUMN `" . mysql_escape($oldColumnName) . "`";
$result = mysql_query($query) or die("There was an error removing the MySQL Column, the error was:\n\n" . mysql_error() . "\n");
}
}
}
// add/re-create index if required
if (@$_REQUEST['indexed']) {
list($newIndexName, $newIndexColList) = getIndexNameAndColumnListForField($newColumnName, $newColumnType);
$result = mysql_query("CREATE INDEX `{$newIndexName}` ON `{$escapedTableName}` {$newIndexColList}") or die("Error creating index `{$newIndexName}`:" . htmlencode(mysql_error()));
}
// update uploads table (rename upload field if it was changed)
$uploadFieldRenamed = $_REQUEST['type'] == 'upload' && $oldColumnName && $oldColumnName != $newColumnName;
if ($uploadFieldRenamed) {
$tableNameWithoutPrefix = getTableNameWithoutPrefix($_REQUEST['tableName']);
$query = "UPDATE `{$TABLE_PREFIX}uploads`";
$query .= " SET fieldName='" . mysql_escape($newColumnName) . "'";
$query .= " WHERE fieldName='" . mysql_escape($oldColumnName) . "' AND";
$query .= " tableName='" . mysql_escape($tableNameWithoutPrefix) . "'";
mysql_query($query) or die("There was an error updating the uploads database:\n\n" . htmlencode(mysql_error()) . "\n");
}
}
function eraseField()
{
global $TABLE_PREFIX, $schema;
//
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
//
disableInDemoMode('', 'ajax');
$tableName = $_REQUEST['tableName'];
$fieldname = $_REQUEST['fieldname'];
if (!$tableName) {
die("no tableName specified!\n");
}
if (!$fieldname) {
die("no tableName specified!\n");
}
// erase from schema
unset($schema[$fieldname]);
saveSchema($tableName, $schema);
// erase from mySQL
$columnType = getMysqlColumnType($tableName, $fieldname);
if ($columnType != '') {
$result = mysql_query("ALTER TABLE `" . mysql_escape($tableName) . "`\n DROP COLUMN `" . mysql_escape($fieldname) . "`") or die("There was an error removing the MySQL Column, the error was:\n\n" . htmlencode(mysql_error()) . "\n");
}
// expire uploads (mark files for erasing by blanking out fieldname - they get erased when upload form is submitted)
$tableNameWithoutPrefix = getTableNameWithoutPrefix($tableName);
$query = "UPDATE `{$TABLE_PREFIX}uploads`";
$query .= " SET fieldName = ''";
$query .= " WHERE fieldName = '" . mysql_escape($fieldname) . "' AND";
$query .= " tableName = '" . mysql_escape($tableNameWithoutPrefix) . "'";
mysql_query($query) or die("There was an error erasing old uploads:\n\n" . htmlencode(mysql_error()) . "\n");
// this function is called via ajax. Output is returned as errors via javascript alert. Output nothing on success.
exit;
}