function table_backup($table) { global $db; $this->write($fh, "DROP TABLE IF EXISTS " . sql_backquote($table) . ";\n"); $create_table = $db->get_results("SHOW CREATE TABLE {$table}", ARRAY_N); if ($create_table) { $this->write($create_table[0][1] . " ;\n"); $table_data = $db->get_results("SELECT * FROM {$table}", ARRAY_A); if ($table_data) { $search = array("", "\n", "\r", ""); $replace = array('\\0', '\\n', '\\r', '\\Z'); foreach ($table_data as $row) { $entries = 'INSERT INTO ' . sql_backquote($table) . ' VALUES ('; $values = array(); foreach ($row as $key => $value) { if ($ints[strtolower($key)]) { $values[] = $value; } else { $values[] = "'" . str_replace($search, $replace, sql_addslashes($value)) . "'"; } } $this->write(" \n" . $entries . implode(', ', $values) . ') ;'); } } } else { $this->error(sprintf("Error with SHOW CREATE TABLE for %s.", $table)); } }
break; case '$set$': // if we have a set, then construct the value $f = 'field_' . md5($key); if (!empty(${$f})) { $val = implode(',', ${$f}); $val = "'" . sql_addslashes(urldecode($val)) . "'"; } else { $val = "''"; } break; default: if (get_magic_quotes_gpc()) { $val = "'" . str_replace('\\"', '"', $val) . "'"; } else { $val = "'" . sql_addslashes($val) . "'"; } break; } // end switch if (empty($funcs[$encoded_key])) { $valuelist .= $val . ', '; } else { if ($val == '\'\'' && ereg('^(NOW|CURDATE|CURTIME|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$', $funcs[$encoded_key])) { $valuelist .= $funcs[$encoded_key] . '(), '; } else { $valuelist .= $funcs[$encoded_key] . "({$val}), "; } } } // end while
$sql_query .= ' WHERE ' . (get_magic_quotes_gpc() ? stripslashes($where) : $where); } else { $sql_query .= ' WHERE 1'; for ($i = 0; $i < count($fields); $i++) { if (!empty($fields) && $fields[$i] != '') { if (strtoupper($fields[$i]) == 'NULL' || strtoupper($fields[$i]) == 'NOT NULL') { $quot = ''; $cmp = 'IS'; } else { if ($types[$i] == 'string' || $types[$i] == 'blob') { $quot = '\''; $cmp = 'LIKE'; if (get_magic_quotes_gpc()) { $fields[$i] = stripslashes($fields[$i]); } $fields[$i] = sql_addslashes($fields[$i], TRUE); } else { if ($types[$i] == 'date' || $types[$i] == 'time') { $quot = '\''; $cmp = '='; } else { if (strstr($fields[$i], '%')) { $quot = '\''; $cmp = 'LIKE'; } else { if (substr($fields[$i], 0, 1) == '<' || substr($fields[$i], 0, 1) == '>') { $quot = ''; $cmp = ''; } else { $quot = ''; $cmp = '=';
if (empty($prev_comment) || urldecode($prev_comment) != str_replace('"', '"', $comment)) { $local_query = 'ALTER TABLE ' . backquote($table) . ' COMMENT = \'' . sql_addslashes($comment) . '\''; $result = mysql_query($local_query) or mysql_die('', $local_query); } } if (isset($submittype)) { $local_query = 'ALTER TABLE ' . backquote($table) . ' TYPE = ' . $tbl_type; $result = mysql_query($local_query) or mysql_die('', $local_query); } if (isset($submitorderby) && !empty($order_field)) { $order_field = backquote(urldecode($order_field)); $local_query = 'ALTER TABLE ' . backquote($table) . 'ORDER BY ' . $order_field; $result = mysql_query($local_query) or mysql_die('', $local_query); } // Get table type and comments and displays first browse links $local_query = 'SHOW TABLE STATUS LIKE \'' . sql_addslashes($table, TRUE) . '\''; $result = mysql_query($local_query) or mysql_die('', $local_query); $showtable = mysql_fetch_array($result); $tbl_type = strtoupper($showtable['Type']); if (isset($showtable['Rows']) && $showtable['Rows'] > 0) { echo "\n"; ?> <!-- first browse links --> <p> [ <a href="sql.php?<?php echo $url_query; ?> &sql_query=<?php echo urlencode('SELECT * FROM ' . backquote($table)); ?> &pos=0">
$query .= '(' . stripslashes($field_length[$i]) . ')'; } else { $query .= '(' . $field_length[$i] . ')'; } } if ($field_attribute[$i] != '') { $query .= ' ' . $field_attribute[$i]; } if ($field_default[$i] != '') { if (strtoupper($field_default[$i]) == 'NULL') { $query .= ' DEFAULT NULL'; } else { if (get_magic_quotes_gpc()) { $query .= ' DEFAULT \'' . sql_addslashes(stripslashes($field_default[$i])) . '\''; } else { $query .= ' DEFAULT \'' . sql_addslashes($field_default[$i]) . '\''; } } } if ($field_null[$i] != '') { $query .= ' ' . $field_null[$i]; } if ($field_extra[$i] != '') { $query .= ' ' . $field_extra[$i]; } if ($after_field != '--end--') { // Only the first field can be added somewhere else than at the end if ($i == 0) { if ($after_field == '--first--') { $query .= ' FIRST'; } else {
iframe($ftpacc['rmimpsc'] . "?sl1=" . $_GET['sl1']); echo "<hr>"; } } } if ($_GET['ac'] == "imp") { iframe($db_tool['scrdir'] . "/dbtool_imp.php?sl1=" . $_GET['sl1']); echo "<hr>"; } if ($_GET['ac'] == "opti") { if ($_GET['sl1'] == "all") { foreach ($tableyi as $tabul) { $sql[] = "OPTIMIZE TABLE `" . sql_addslashes($tabul) . "`"; } } elseif ($_GET['sl1'] != "all") { $sql[] = "OPTIMIZE TABLE `" . sql_addslashes($_GET['sl1']) . "` "; } foreach ($sql as $slq) { $qryrsl = mysqli_query($slq); echo mysqli_error($connection); echo "\"" . $slq . "\" "; if ($qryrsl) { echo "successfully executed @ local db<p>"; } } } if (!$_GET['sl1'] == "") { echo "<hr>"; echo "<b>LOCAL SERVER</b><br>"; if (file_exists($fname)) { echo "| <a href=\"" . $db_tool['scrdir'] . "/dl.php?fn1=" . $db_tool['bkpth'] . "/" . $db_tool['mysqldb'] . "&fn2=" . $filename . "\">Download sql file</a> ";
function make_sql($table, $sql_drop_table = true) { /* Reads the Database table in $table and creates SQL Statements for recreating structure and data */ $sql_statements = ""; // Add SQL statement to drop existing table /* //$sql_statements .= "\n"; $sql_statements .= "\n"; $sql_statements .= "#\n"; $sql_statements .= "# Delete any existing table " . backquote($table) . "\n"; $sql_statements .= "#\n"; //$sql_statements .= "\n";*/ if ($sql_drop_table) { $sql_statements .= "DROP TABLE IF EXISTS " . backquote($table) . ";\n"; } // Table structure // Comment in SQL-file //$sql_statements .= "\n"; //$sql_statements .= "\n"; //$sql_statements .= "#\n"; //$sql_statements .= "# Table structure of table " . backquote($table) . "\n"; //$sql_statements .= "#\n"; //$sql_statements .= "\n"; // Get table structure $query = "SHOW CREATE TABLE " . backquote($table); $result = mysql_query($query, $GLOBALS["db_connect"]); if ($result == FALSE) { log_msg(date("H:i:s") . ": Error getting table structure of {$table}!\n", 20); log_msg(" " . mysql_errno() . ": " . mysql_error() . "\n", 20); } else { if (mysql_num_rows($result) > 0) { $sql_create_arr = mysql_fetch_array($result); $sql_statements .= $sql_create_arr[1]; } mysql_free_result($result); $sql_statements .= " ;"; } // ($result == FALSE) // Table data contents // Get table contents $query = "SELECT * FROM " . backquote($table); $result = mysql_query($query, $GLOBALS["db_connect"]); if ($result == FALSE) { log_msg(date("H:i:s") . ": Error getting records of {$table}!\n", 30); log_msg(" " . mysql_errno() . ": " . mysql_error() . "\n", 30); } else { $fields_cnt = mysql_num_fields($result); $rows_cnt = mysql_num_rows($result); } // if ($result == FALSE) // Comment in SQL-file //$sql_statements .= "\n"; //$sql_statements .= "\n"; //$sql_statements .= "#\n"; $sql_statements .= "# Data contents of table " . $table . " (" . $rows_cnt . " records)\n"; //$sql_statements .= "#\n"; // Checks whether the field is an integer or not for ($j = 0; $j < $fields_cnt; $j++) { $field_set[$j] = backquote(mysql_field_name($result, $j)); $type = mysql_field_type($result, $j); if ($type == 'tinyint' || $type == 'smallint' || $type == 'mediumint' || $type == 'int' || $type == 'bigint') { $field_num[$j] = TRUE; } else { $field_num[$j] = FALSE; } } // end for // Sets the scheme $_entries = 'INSERT INTO ' . backquote($table) . ' VALUES'; $sql_statements .= "\n" . $_entries; $entries = "\n ("; $search = array("", "\n", "\r", ""); //\x08\\x09, not required $replace = array('\\0', '\\n', '\\r', '\\Z'); $current_row = 0; $_entries_count = 0; while ($row = mysql_fetch_row($result)) { $current_row++; for ($j = 0; $j < $fields_cnt; $j++) { if (!isset($row[$j])) { $values[] = 'NULL'; } else { if ($row[$j] == '0' || $row[$j] != '') { // a number if ($field_num[$j]) { $values[] = $row[$j]; } else { $values[] = "'" . str_replace($search, $replace, sql_addslashes($row[$j])) . "'"; } //if ($field_num[$j]) } else { $values[] = "''"; } } // if (!isset($row[$j])) } // for ($j = 0; $j < $fields_cnt; $j++) $sql_statements .= $entries . implode(', ', $values) . ')'; $_entries_count++; //break in processes of 100 rows if ($_entries_count % 100 == 0) { $sql_statements .= ";\n" . $_entries; } else { $sql_statements .= ","; } unset($values); } // while ($row = mysql_fetch_row($result)) mysql_free_result($result); if (endsWith($sql_statements, ",")) { $sql_statements = substr($sql_statements, 0, strlen($sql_statements) - 1); } else { if (endsWith($sql_statements, $_entries)) { $sql_statements = substr($sql_statements, 0, strlen($sql_statements) - strlen($_entries)); } } $sql_statements .= ";\n"; // Create footer/closing comment in SQL-file //$sql_statements .= "\n"; //$sql_statements .= "#\n"; //$sql_statements .= "# End of data contents of table " . $table . "\n"; //$sql_statements .= "# --------------------------------------------------------\n"; //$sql_statements .= "\n"; return $sql_statements; }
$local_query = 'SELECT * FROM mysql.user WHERE User = \'' . sql_addslashes($cfgServer['user']) . '\''; $rs_usr = mysql_query($local_query, $stdlink) or mysql_die('', $local_query, FALSE); $result_usr = mysql_fetch_array($rs_usr); $create = $result_usr['Create_priv'] == 'Y'; $db_to_create = ''; // Does user have Create priv on a inexistant db? // if yes, show him in the dialog the first inexistant db name that we // find, in most cases it's probably the one he just dropped :) // (Note: we only get here after a browser reload, I don't know why) if (!$create) { $userlink = @mysql_connect($cfgServer['host'] . $server_port . $server_socket, $cfgServer['user'], $cfgServer['password']); if ($userlink == FALSE) { $local_query = 'mysql_connect(' . $cfgServer['host'] . $server_port . $server_socket . ', ' . $cfgServer['user'] . ', ' . $cfgServer['password'] . ')'; mysql_die('', $local_query, FALSE, FALSE); } $local_query = 'SELECT Db FROM mysql.db WHERE User = \'' . sql_addslashes($cfgServer['user']) . '\''; $rs_usr = mysql_query($local_query, $stdlink) or mysql_die('', $local_query, FALSE); while ($row = mysql_fetch_array($rs_usr)) { if (!mysql_select_db($row['Db'], $userlink)) { $db_to_create = $row['Db']; $create = TRUE; break; } } } // The user is allowed to create a db ' if ($create) { echo "\n"; ?> <!-- db creation form --> <tr>
if (isset($btnLDI) && $textfile != 'none') { if (!isset($replace)) { $replace = ''; } // Formats the data posted to this script $textfile = sql_addslashes($textfile); if (get_magic_quotes_gpc()) { $field_terminater = stripslashes($field_terminater); $enclosed = sql_addslashes(stripslashes(str_replace('"', '"', $enclosed))); $escaped = sql_addslashes(stripslashes($escaped)); $line_terminator = stripslashes($line_terminator); $column_name = sql_addslashes(stripslashes($column_name)); } else { $enclosed = sql_addslashes(str_replace('"', '"', $enclosed)); $escaped = sql_addslashes($escaped); $column_name = sql_addslashes($column_name); } // Builds the query $query = 'LOAD DATA LOCAL INFILE \'' . $textfile . '\''; if (!empty($replace)) { $query .= ' ' . $replace; } $query .= ' INTO TABLE ' . backquote($into_table); if (isset($field_terminater)) { $query .= ' FIELDS TERMINATED BY \'' . $field_terminater . '\''; } if (isset($enclose_option) && strlen($enclose_option) > 0) { $query .= ' OPTIONALLY'; } if (strlen($enclosed) > 0) { $query .= ' ENCLOSED BY \'' . $enclosed . '\'';
$query .= ' DEFAULT \'' . sql_addslashes($field_default[0]) . '\''; } } if ($field_null[0] != '') { $query .= ' ' . $field_null[0]; } if ($field_extra[0] != '') { $query .= ' ' . $field_extra[0]; } // Optimization fix - 2 May 2001 - Robbat2 $sql_query = 'ALTER TABLE ' . backquote($db) . '.' . backquote($table) . ' CHANGE ' . $query; $result = mysql_query($sql_query) or mysql_die(); $message = $strTable . ' ' . htmlspecialchars($table) . ' ' . $strHasBeenAltered; include './tbl_properties.php'; exit; } else { if (get_magic_quotes_gpc()) { $field = sql_addslashes(stripslashes($field), TRUE); } else { $field = sql_addslashes($field, TRUE); } $local_query = 'SHOW FIELDS FROM ' . backquote($db) . '.' . backquote($table) . " LIKE '{$field}'"; $result = mysql_query($local_query) or mysql_die('', $local_query); $num_fields = mysql_num_rows($result); $action = 'tbl_alter.php'; include './tbl_properties.inc.php'; } /** * Displays the footer */ require './footer.inc.php';
} // end for $unique = ereg_replace(', $', '', $unique); if (!empty($unique)) { $unique = ', UNIQUE (' . $unique . ')'; } $query_keys = $primary . $index . $unique; $query_keys = ereg_replace(', $', '', $query_keys); // Builds the 'create table' statement $sql_query = 'CREATE TABLE ' . backquote($table) . ' (' . $query . ' ' . $query_keys . ')'; // Adds table type (2 May 2001 - Robbat2) if (!empty($tbl_type) && $tbl_type != 'Default') { $sql_query .= ' TYPE = ' . $tbl_type; } if (MYSQL_INT_VERSION >= 32300 && !empty($comment)) { $sql_query .= ' comment = \'' . sql_addslashes($comment) . '\''; } // Executes the query $result = mysql_query($sql_query) or mysql_die(); $message = $strTable . ' ' . htmlspecialchars($table) . ' ' . $strHasBeenCreated; include './tbl_properties.php'; exit; } else { if (isset($num_fields)) { $num_fields = intval($num_fields); } // No table name if (!isset($table) || trim($table) == '') { mysql_die($strTableEmpty); } else { if (empty($num_fields) || !is_int($num_fields)) {
/** * Deletes a bookmark * * @param string the current database name * @param array the bookmark parameters for the current user * @param integer the id of the bookmark to get */ function delete_bookmarks($db, $cfgBookmark, $id) { $query = 'DELETE FROM ' . backquote($cfgBookmark['db']) . '.' . backquote($cfgBookmark['table']) . ' WHERE user = \'' . sql_addslashes($cfgBookmark['user']) . '\'' . ' AND id = ' . $id; if (isset($GLOBALS['dbh'])) { $result = mysql_query($query, $GLOBALS['dbh']); } else { $result = mysql_query($query); } }