function get_num_rows(client $client, $table_name)
{
//TODO: check client's cookie (setting) not to do all these selects
if (false) {
return "";
}
$query = "select count(*) from " . $table_name . ";";
$res = odbc_exec($client->get_connection(), $query);
if ($res === false) {
return "unknown";
} else {
return format_num_rows(odbc_result($res, 1));
}
}
function get_report(client $client, $table_name, $show, $rownum)
{
if ($table_name == null) {
return "Bad table name.";
}
//TODO check table_name is one word
//compile query
$colnames = odbc_exec($client->get_connection(), "SELECT column_name, data_type, data_length FROM ALL_TAB_COLUMNS WHERE table_name = '" . strtoupper($table_name) . "';");
if ($colnames === false) {
return "Unable to get table fields.";
}
$query = "SELECT ";
$i = 0;
while (odbc_fetch_row($colnames)) {
if (isset($show) && isset($show[$i]) && $show[$i] == true) {
if ($query != "SELECT ") {
$query .= ", ";
}
$query .= odbc_result($colnames, 1);
}
$i += 1;
}
$query .= " FROM " . $table_name . " WHERE rownum <= ?;";
//prepare statement
$statement = odbc_prepare($client->get_connection(), $query);
if ($statement === false) {
return $query . "\n\n" . get_odbc_error();
}
$items = array();
$items[] = (int) $rownum;
$result = odbc_execute($statement, $items);
if ($result === false) {
return $query . "\n\n" . get_odbc_error();
}
return $statement;
}
return false;
}
if ($add_length && $add_precision) {
return $type . "(" . $precision . "," . $length . ")";
} else {
if ($add_length) {
return $type . "(" . $length . ")";
} else {
if ($add_precision) {
return $type . "(" . $precision . ")";
}
}
}
return $type;
}
if (odbc_exec($client->get_connection(), "COMMIT;") === false) {
die(get_odbc_error());
}
if (odbc_exec($client->get_connection(), "SET TRANSACTION NAME 'edit_table_fields_transaction';") === false) {
die(get_odbc_error());
}
$rollback_needed = false;
$rollback_error_message = "";
//check if existing fields were not changed
//"SELECT column_name, data_type, data_precision, data_length, nullable, CONSTRAINT_TYPE, column_id FROM ALL_TAB_COLUMNS acol LEFT JOIN (select CONSTRAINT_TYPE, COLUMN_NAME as c2 from user_constraints uc inner join USER_IND_COLUMNS cols ON uc.index_name = cols.index_name) ON column_name = c2 where table_name='".strtoupper(totally_escape($target))."' ORDER BY column_id ASC"
$colnames = odbc_exec($client->get_connection(), get_columns_info_query(strtoupper($table_name)));
$idx = 1;
$drop_primary_key = false;
$make_unique_fields_list = array();
//""
while (odbc_fetch_row($colnames)) {
//check POST
$table_name = null;
$fields_count = 0;
$foreign_keys_count = 0;
if ($_POST) {
$table_name = totally_escape($_POST["table_name"]);
$fields_count = $_POST["fields_count"];
$foreign_keys_count = $_POST["foreign_keys_count"];
}
if ($table_name == null) {
die("false: bad table_name");
}
//prepare statement
$types_arr = sql_types_array();
//TODO: test table_name is one word or something
if (odbc_exec($client->get_connection(), "COMMIT;") === false) {
die(get_odbc_error());
}
if (odbc_exec($client->get_connection(), "SET TRANSACTION NAME 'create_table_fields_transaction';") === false) {
die(get_odbc_error());
}
$rollback_needed = false;
$rollback_error_message = "";
$query = "CREATE TABLE " . totally_escape($table_name) . " (\n";
/*
for($i=1; $i<$fields_count; ++$i) $query .= "?, ";
$query .= "?);";
*/
$has_precision = array("NUMBER", "FLOAT", "INTERVAL YEAR TO MONTH", "INTERVAL DAY TO SECOND");
$has_length = array("NUMBER" => 38, "VARCHAR2" => 4000, "CHAR" => 2000, "TIMESTAMP" => -1, "INTERVAL DAY TO SECOND" => -1, "TIMESTAMP WITH TIME ZONE" => -1, "TIMESTAMP WITH LOCAL TIME ZONE" => -1, "RAW" => -1, "NCHAR" => 2000, "NVARCHAR2" => 4000);
$first = true;
$fields_count = $_POST["fields_count"];
$rowid = totally_escape($_POST["rowid"]);
}
if ($table_name == null) {
die("false");
}
//TODO check table_name is one word
//prepare statement
if ($rowid == null) {
$query = "INSERT INTO " . $table_name . " VALUES(";
for ($i = 1; $i < $fields_count; ++$i) {
$query .= "?, ";
}
$query .= "?);";
} else {
$colnames = odbc_exec($client->get_connection(), "SELECT column_name, data_type, data_length FROM ALL_TAB_COLUMNS WHERE table_name = '" . strtoupper($table_name) . "';");
$q2 = "";
for ($i = 1; $i <= $fields_count; ++$i) {
if (!odbc_fetch_row($colnames)) {
die("false");
}
if ($i < $fields_count) {
$q2 .= odbc_result($colnames, 1) . " = ?,\n";
} else {
$q2 .= odbc_result($colnames, 1) . " = ?\n";
}
}
$query = "UPDATE " . $table_name . " SET " . $q2 . " WHERE ROWID = ?;";
}
$statement = odbc_prepare($client->get_connection(), $query);
if ($statement === false) {
<?php
//check auth
include_once "../functions/client.php";
include_once "../functions/utils.php";
$client = new client();
if (!$client->logged_in()) {
die("false");
}
//check POST
$table_name = null;
$rowid = null;
if ($_POST) {
$table_name = totally_escape($_POST["target"]);
$rowid = totally_escape($_POST["rowid"]);
}
if ($table_name == null || $rowid == null) {
die("false");
}
//TODO check table_name is one word
//prepare statement
$query = "DELETE FROM " . $table_name . " WHERE ROWID = ?;";
$statement = odbc_prepare($client->get_connection(), $query);
if ($statement === false) {
die($query . "\n\n" . get_odbc_error());
}
$items = array($rowid);
$result = odbc_execute($statement, $items);
if ($result === false) {
die($query . "\n\n" . get_odbc_error());
}
echo "true";
