<input type="submit" name="sho" value="<?php echo $sholbl; ?> "> <p> <input type="hidden" name="off" value="<?php echo $nof; ?> "> <input type="submit" name="p" value=" < "> <input type="submit" name="n" value=" > "> <p> <input type="submit" name="del" value="<?php echo $dellbl; ?> " onclick="return confirm('<?php echo $dellbl; ?> , <?php echo $cfmmsg; ?> ')" > </th></tr> </table></form> <p> <?php } Condition($in, $op, $st, $co); Events($dlim, $in, $op, $st, $co); include_once "inc/footer.php";
function GenQuery($tbl, $do = 's', $col = '*', $ord = '', $lim = '', $rawin = array(), $rawop = array(), $rawst = array(), $rawco = array(), $jn = '') { global $debug; $tbl = pg_escape_string($tbl); # Mitigate SQL injection $ord = pg_escape_string($ord); $lim = pg_escape_string($lim); $in = array_map('pg_escape_string', $rawin); $op = array_map('pg_escape_string', $rawop); $st = array_map('pg_escape_string', $rawst); $co = array_map('pg_escape_string', $rawco); if ($do == 'i') { $qry = "INSERT INTO {$tbl} (" . implode(',', $in) . ") VALUES ('" . implode("','", $st) . "')"; } elseif ($do == 'u') { if ($in[0]) { $x = 0; foreach ($in as $c) { $o = array_key_exists($x, $op) ? $op[$x] : '='; # Use '=' if no operator is set if ($c) { $s[] = "{$c} {$o} '{$st[$x]}'"; } $x++; } $qry = "UPDATE {$tbl} SET " . implode(',', $s) . " WHERE {$col} {$ord} '{$lim}'"; } } elseif ($do == 'b') { $qry = "SELECT datname FROM pg_database WHERE datistemplate = false and datname {$col} '{$tbl}'"; } elseif ($do == 'p') { $qry = "DROP DATABASE {$tbl}"; } elseif ($do == 'h') { $qry = "SELECT relname from pg_stat_user_tables ORDER BY relname"; } elseif ($do == 't') { $qry = "TRUNCATE {$tbl}"; } elseif ($do == 'o') { $qry = "VACUUM {$tbl}"; } elseif ($do == 'c') { $qry = "SELECT column_name,data_type,is_nullable,column_default from INFORMATION_SCHEMA.COLUMNS where table_name = '{$tbl}' ORDER BY ordinal_position"; } elseif ($do == 'r') { $qry = "VACUUM FULL {$tbl}"; } elseif ($do == 'v') { $qry = "SELECT VERSION()"; } elseif ($do == 'x') { $qry = "SELECT procpid,usename,datname FROM pg_stat_activity"; } else { $l = $lim ? "LIMIT {$lim}" : ""; if (strstr($ord, 'ifname')) { $desc = strpos($ord, 'desc') ? " desc" : ""; $ord = $desc ? substr($ord, 0, -5) : $ord; # Cut away desc for proper handling below $oar = explode(".", $ord); # Handle table in join queries $icol = ($oar[0] == 'ifname' or $oar[0] == 'nbrifname') ? 'ifname' : "{$oar['0']}.ifname"; $dcol = ($oar[0] == 'ifname' or $oar[0] == 'nbrifname') ? 'device' : "{$oar['0']}.device"; $od = "ORDER BY {$dcol} {$desc},substring({$icol} from '.*/')"; #TODO rework? GH:$od = "ORDER BY $dcol $desc,SUBSTRING_INDEX($icol, '/', 1), case when SUBSTRING_INDEX($icol, '/', -1) ~ '^\d+$' then cast(SUBSTRING_INDEX($icol, '/', -1) as bigint) else 0 end"; } elseif ($ord) { $od = "ORDER BY {$ord}"; } else { $od = ""; } $w = Condition($in, $op, $st, $co, 2); if (isset($_SESSION['view']) and $_SESSION['view'] and (strstr($jn, 'JOIN devices') or $tbl == 'devices')) { $viewq = explode(' ', $_SESSION['view']); $w = ($w ? "{$w} AND " : "WHERE ") . AdOpVal($viewq[0], $viewq[1], $viewq[2]); } if ($do == 'd') { $qry = "DELETE FROM {$tbl} WHERE ctid IN (SELECT ctid FROM {$tbl} {$w} {$od} {$l})"; } elseif ($do == 's') { $qry = "SELECT {$col} FROM {$tbl} {$jn} {$w} {$od} {$l}"; } else { $cal = ''; $hav = ''; if (strpos($col, ';')) { $xcol = explode(";", $col); $col = $xcol[0]; if ($xcol[1] != '-') { $cal = ", {$xcol['1']}"; } if (array_key_exists(2, $xcol) and $xcol[2]) { $hav = "having({$xcol['2']})"; } } $qry = "SELECT {$col},count(*) as cnt{$cal} FROM {$tbl} {$jn} {$w} GROUP BY {$col} {$hav} {$od} {$l}"; } } if ($debug) { echo "<div class=\"textpad code warn\" style=\"width:600px\">"; debug_print_backtrace(); echo "<p><a href=\"System-Export.php?act=c&query=" . urlencode($qry) . "\">{$qry}</a></div>\n"; } return $qry; }
</script> <?PHP }elseif($fmt == 'svg'){ if( !isset($_GET['print']) ){echo "<h2>SVG Map</h2>";} Map(); WriteSVG( Condition($in,$op,$st,$co,1) ); ?> <embed width="<?= $xm ?>" height="<?= $ym ?>" src="map/map_<?= $_SESSION[user] ?>.svg" name="SVG Map" type="image/svg+xml" style="display:block;margin-left:auto;margin-right:auto;border:1px solid black"> <?php }else{ if($fmt){ if( !isset($_GET['print']) ){ echo "<h2><a href=\"Reports-Combination.php?map=1\"><img src=\"img/16/chrt.png\" title=\"$sholbl $cmblbl Report\"></a> PNG Map</h2>"; } Map(); WritePNG( Condition($in,$op,$st,$co,1) ); }else{ if( !isset($_GET['print']) ){echo "<h3>PNG Map ($laslbl)</h3>";} } if (file_exists("map/map_$_SESSION[user].php")) { ?> <img style="display:block;margin-left:auto;margin-right:auto;border:1px solid black" usemap="#net" src="map/map_<?= $_SESSION['user'] ?>.php"> <map name="net"> <?= $imgmap ?> </map> <?php } } include_once ("inc/footer.php");
function GenQuery($tbl, $do = 's', $col = '*', $ord = '', $lim = '', $rawin = array(), $rawop = array(), $rawst = array(), $rawco = array(), $jn = '') { global $debug; $tbl = mysql_real_escape_string($tbl); # Mitigate SQL injection $ord = mysql_real_escape_string($ord); $lim = mysql_real_escape_string($lim); $in = array_map('mysql_real_escape_string', $rawin); $op = array_map('mysql_real_escape_string', $rawop); $st = array_map('mysql_real_escape_string', $rawst); $co = array_map('mysql_real_escape_string', $rawco); if ($do == 'i') { $qry = "INSERT INTO {$tbl} (" . implode(',', $in) . ") VALUES ('" . implode("','", $st) . "')"; } elseif ($do == 'u') { if ($in[0]) { $x = 0; foreach ($in as $c) { $o = array_key_exists($x, $op) ? $op[$x] : '='; # Use '=' if no operator is set if ($c) { $s[] = "{$c} {$o} '{$st[$x]}'"; } $x++; } $qry = "UPDATE {$tbl} SET " . implode(',', $s) . " WHERE {$col} {$ord} '{$lim}'"; } } elseif ($do == 'b') { $qry = "SHOW DATABASES {$col} '{$tbl}'"; } elseif ($do == 'p') { $qry = "DROP DATABASE {$tbl}"; } elseif ($do == 'h') { $qry = "SHOW TABLES {$tbl}"; } elseif ($do == 't') { $qry = "TRUNCATE {$tbl}"; } elseif ($do == 'o') { $qry = "OPTIMIZE TABLE {$tbl}"; } elseif ($do == 'c') { $qry = "SHOW COLUMNS FROM {$tbl}"; } elseif ($do == 'r') { $qry = "REPAIR TABLE {$tbl}"; } elseif ($do == 'v') { $qry = "SELECT VERSION()"; } elseif ($do == 'x') { $qry = "SHOW processlist"; } else { $l = $lim ? "LIMIT {$lim}" : ""; if (strstr($ord, 'ifname')) { $desc = strpos($ord, 'desc') ? " desc" : ""; $ord = $desc ? substr($ord, 0, -5) : $ord; # Cut away desc for proper handling below $oar = explode(".", $ord); # Handle table in join queries $icol = ($oar[0] == 'ifname' or $oar[0] == 'nbrifname') ? 'ifname' : "{$oar['0']}.ifname"; $dcol = ($oar[0] == 'ifname' or $oar[0] == 'nbrifname') ? 'device' : "{$oar['0']}.device"; $od = "ORDER BY {$dcol} {$desc},SUBSTRING_INDEX({$icol}, '/', 1), SUBSTRING_INDEX({$icol}, '/', -1)*1+0"; } elseif ($ord) { $od = "ORDER BY {$ord}"; } else { $od = ""; } $w = Condition($in, $op, $st, $co, 2); if (isset($_SESSION['view']) and $_SESSION['view'] and (strstr($jn, 'JOIN devices') or $tbl == 'devices')) { $viewq = explode(' ', $_SESSION['view']); $w = ($w ? "{$w} AND " : "WHERE ") . AdOpVal($viewq[0], $viewq[1], $viewq[2]); } if ($do == 'd') { $qry = "DELETE FROM {$tbl} {$w} {$od} {$l}"; } elseif ($do == 's') { $qry = "SELECT {$col} FROM {$tbl} {$jn} {$w} {$od} {$l}"; } else { $cal = ''; $hav = ''; if (strpos($col, ';')) { $xcol = explode(";", $col); $col = $xcol[0]; if ($xcol[1] != '-') { $cal = ", {$xcol['1']}"; } if (array_key_exists(2, $xcol) and $xcol[2]) { $hav = "having({$xcol['2']})"; } } $qry = "SELECT {$col},count(*) as cnt{$cal} FROM {$tbl} {$jn} {$w} GROUP BY {$col} {$hav} {$od} {$l}"; } } if ($debug) { echo "<div class=\"textpad code warn\" style=\"width:600px\">"; debug_print_backtrace(); echo "<p><a href=\"System-Export.php?act=c&query=" . urlencode($qry) . "\">{$qry}</a></div>\n"; } return $qry; }