Git
Threads by month
- ----- 2026 -----
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- 9 participants
- 39110 discussions
[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3RC1-6308-g49a3978
by Michal Čihař 27 Jun '11
by Michal Čihař 27 Jun '11
27 Jun '11
The branch, master has been updated
via 49a39787c3d44817c4c9056e0488d420a0e000ab (commit)
via 9129444381fef0d9b57466219f21deae8fc95582 (commit)
via 0c4148a68e38274e199fc9ab72d616b48b382529 (commit)
via 31df8ebb5dd444fc40d566407d9b2a00eee8d1b9 (commit)
via d3b67a35a0df4969273529501788c68b4fddcc24 (commit)
via edf46c8022020099ac953b2e16f36f4f99687d87 (commit)
via e21d6073e46d41afbf0a09ba9bd38cd19f37e968 (commit)
from 12348ee826d45dd2ae7f1c5b055f71e888395f2a (commit)
- Log -----------------------------------------------------------------
commit 49a39787c3d44817c4c9056e0488d420a0e000ab
Merge: 0c4148a68e38274e199fc9ab72d616b48b382529 9129444381fef0d9b57466219f21deae8fc95582
Author: Michal Čihař <mcihar(a)suse.cz>
Date: Mon Jun 27 16:10:48 2011 +0200
Merge remote-tracking branch 'origin/QA_3_4'
commit 0c4148a68e38274e199fc9ab72d616b48b382529
Merge: 12348ee826d45dd2ae7f1c5b055f71e888395f2a 31df8ebb5dd444fc40d566407d9b2a00eee8d1b9
Author: Michal Čihař <mcihar(a)suse.cz>
Date: Mon Jun 27 16:08:55 2011 +0200
Merge remote-tracking branch 'origin/QA_3_4'
-----------------------------------------------------------------------
Summary of changes:
tbl_structure.php | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tbl_structure.php b/tbl_structure.php
index 4bb3a03..081b4b5 100644
--- a/tbl_structure.php
+++ b/tbl_structure.php
@@ -258,7 +258,7 @@ while ($row = PMA_DBI_fetch_assoc($fields_rs)) {
// for the case ENUM('–','“')
$type = htmlspecialchars($type);
if(strlen($type) > $GLOBALS['cfg']['LimitChars']) {
- $type = '<abbr title="' . htmlspecialchars($type) . '">' . substr($type, 0, $GLOBALS['cfg']['LimitChars']) . '</abbr>';
+ $type = '<abbr title="' . $type . '">' . substr($type, 0, $GLOBALS['cfg']['LimitChars']) . '</abbr>';
}
$type_nowrap = '';
hooks/post-receive
--
phpMyAdmin
1
0
[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_4, updated. RELEASE_3_4_3RC1-20-g9129444
by Michal Čihař 27 Jun '11
by Michal Čihař 27 Jun '11
27 Jun '11
The branch, QA_3_4 has been updated
via 9129444381fef0d9b57466219f21deae8fc95582 (commit)
from 31df8ebb5dd444fc40d566407d9b2a00eee8d1b9 (commit)
- Log -----------------------------------------------------------------
commit 9129444381fef0d9b57466219f21deae8fc95582
Author: Michal Čihař <mcihar(a)suse.cz>
Date: Mon Jun 27 16:09:22 2011 +0200
Avoid double escaping
-----------------------------------------------------------------------
Summary of changes:
tbl_structure.php | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tbl_structure.php b/tbl_structure.php
index 077dbcf..7d380b4 100644
--- a/tbl_structure.php
+++ b/tbl_structure.php
@@ -252,7 +252,7 @@ while ($row = PMA_DBI_fetch_assoc($fields_rs)) {
// for the case ENUM('–','“')
$type = htmlspecialchars($type);
if(strlen($type) > $GLOBALS['cfg']['LimitChars']) {
- $type = '<abbr title="' . htmlspecialchars($type) . '">' . substr($type, 0, $GLOBALS['cfg']['LimitChars']) . '</abbr>';
+ $type = '<abbr title="' . $type . '">' . substr($type, 0, $GLOBALS['cfg']['LimitChars']) . '</abbr>';
}
$type_nowrap = '';
hooks/post-receive
--
phpMyAdmin
1
0
[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_4, updated. RELEASE_3_4_3RC1-19-g31df8eb
by Michal Čihař 27 Jun '11
by Michal Čihař 27 Jun '11
27 Jun '11
The branch, QA_3_4 has been updated
via 31df8ebb5dd444fc40d566407d9b2a00eee8d1b9 (commit)
via d3b67a35a0df4969273529501788c68b4fddcc24 (commit)
via e21d6073e46d41afbf0a09ba9bd38cd19f37e968 (commit)
from edf46c8022020099ac953b2e16f36f4f99687d87 (commit)
- Log -----------------------------------------------------------------
commit 31df8ebb5dd444fc40d566407d9b2a00eee8d1b9
Merge: edf46c8022020099ac953b2e16f36f4f99687d87 d3b67a35a0df4969273529501788c68b4fddcc24
Author: Michal Čihař <mcihar(a)suse.cz>
Date: Mon Jun 27 16:08:11 2011 +0200
Merge branch 'MAINT_3_4_3' into QA_3_4
-----------------------------------------------------------------------
Summary of changes:
hooks/post-receive
--
phpMyAdmin
1
0
[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3RC1-6301-g12348ee
by Michal Čihař 27 Jun '11
by Michal Čihař 27 Jun '11
27 Jun '11
The branch, master has been updated
via 12348ee826d45dd2ae7f1c5b055f71e888395f2a (commit)
via c9c9fdf49dfde051ce4b94ed8b9f6acc86e25a62 (commit)
from 6a422caf527226740155c7e3682f2f3c61a85696 (commit)
- Log -----------------------------------------------------------------
commit 12348ee826d45dd2ae7f1c5b055f71e888395f2a
Author: Michal Čihař <mcihar(a)suse.cz>
Date: Mon Jun 27 14:50:16 2011 +0200
Fix escaping on LIKE queries
All these need special variant of PMA_sqlAddSlashes.
commit c9c9fdf49dfde051ce4b94ed8b9f6acc86e25a62
Author: Michal Čihař <mcihar(a)suse.cz>
Date: Mon Jun 27 14:48:15 2011 +0200
Consistent capitalisation of PMA_sqlAddSlashes
-----------------------------------------------------------------------
Summary of changes:
db_operations.php | 4 +-
db_printview.php | 2 +-
db_routines.php | 6 +-
db_search.php | 6 +-
db_tracking.php | 4 +-
import.php | 2 +-
libraries/List_Database.class.php | 4 +-
libraries/RecentTable.class.php | 2 +-
libraries/Table.class.php | 136 ++++++++++----------
libraries/Tracker.class.php | 76 ++++++------
libraries/blobstreaming.lib.php | 8 +-
libraries/bookmark.lib.php | 14 +-
libraries/common.lib.php | 12 +-
libraries/database_interface.lib.php | 16 ++--
libraries/db_events.inc.php | 2 +-
libraries/db_info.inc.php | 2 +-
libraries/db_routines.lib.php | 6 +-
libraries/db_table_exists.lib.php | 2 +-
libraries/display_tbl.lib.php | 2 +-
libraries/export/sql.php | 8 +-
libraries/import.lib.php | 2 +-
libraries/import/docsql.php | 20 ++--
libraries/import/ldi.php | 6 +-
libraries/relation.lib.php | 64 +++++-----
libraries/relation_cleanup.lib.php | 64 +++++-----
libraries/schema/Dia_Relation_Schema.class.php | 4 +-
libraries/schema/Eps_Relation_Schema.class.php | 4 +-
libraries/schema/Export_Relation_Schema.class.php | 4 +-
libraries/schema/Pdf_Relation_Schema.class.php | 6 +-
libraries/schema/Svg_Relation_Schema.class.php | 4 +-
libraries/schema/User_Schema.class.php | 42 +++---
libraries/schema/Visio_Relation_Schema.class.php | 4 +-
libraries/server_synchronize.lib.php | 6 +-
libraries/tbl_replace_fields.inc.php | 6 +-
libraries/transformations.lib.php | 34 +++---
libraries/user_preferences.lib.php | 12 +-
pmd_display_field.php | 16 ++--
pmd_pdf.php | 10 +-
pmd_relation_new.php | 12 +-
pmd_relation_upd.php | 12 +-
pmd_save_pos.php | 16 ++--
server_privileges.php | 102 ++++++++--------
server_replication.php | 8 +-
sql.php | 2 +-
tbl_alter.php | 2 +-
tbl_create.php | 6 +-
tbl_operations.php | 6 +-
tbl_relation.php | 46 ++++----
tbl_replace.php | 4 +-
tbl_select.php | 8 +-
tbl_tracking.php | 6 +-
test/PMA_quoting_slashing_test.php | 16 ++--
user_password.php | 2 +-
53 files changed, 435 insertions(+), 435 deletions(-)
diff --git a/db_operations.php b/db_operations.php
index dd6255c..190f9b6 100644
--- a/db_operations.php
+++ b/db_operations.php
@@ -232,7 +232,7 @@ if (strlen($db) && (! empty($db_rename) || ! empty($db_copy))) {
// to avoid selecting alternatively the current and new db
// we would need to modify the CREATE definitions to qualify
// the db name
- $event_names = PMA_DBI_fetch_result('SELECT EVENT_NAME FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' . PMA_sqlAddslashes($db,true) . '\';');
+ $event_names = PMA_DBI_fetch_result('SELECT EVENT_NAME FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' . PMA_sqlAddSlashes($db,true) . '\';');
if ($event_names) {
foreach($event_names as $event_name) {
PMA_DBI_select_db($db);
@@ -586,7 +586,7 @@ if ($cfgRelation['pdfwork'] && $num_tables > 0) { ?>
$test_query = '
SELECT *
FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages']) . '
- WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
$test_rs = PMA_query_as_controluser($test_query, null, PMA_DBI_QUERY_STORE);
/*
diff --git a/db_printview.php b/db_printview.php
index 3b02b86..e253411 100644
--- a/db_printview.php
+++ b/db_printview.php
@@ -53,7 +53,7 @@ if ($cfg['SkipLockedTables'] == true) {
if ($result != false && PMA_DBI_num_rows($result) > 0) {
while ($tmp = PMA_DBI_fetch_row($result)) {
if (! isset($sot_cache[$tmp[0]])) {
- $sts_result = PMA_DBI_query('SHOW TABLE STATUS FROM ' . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddSlashes($tmp[0]) . '\';');
+ $sts_result = PMA_DBI_query('SHOW TABLE STATUS FROM ' . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddSlashes($tmp[0], true) . '\';');
$sts_tmp = PMA_DBI_fetch_assoc($sts_result);
$tables[] = $sts_tmp;
} else { // table in use
diff --git a/db_routines.php b/db_routines.php
index 4b0b23f..b9417fd 100644
--- a/db_routines.php
+++ b/db_routines.php
@@ -253,8 +253,8 @@ if (! empty($_REQUEST['execute_routine']) && ! empty($_REQUEST['routine_name']))
$routine_name = htmlspecialchars(PMA_backquote($_GET['routine_name']));
$routine_type = PMA_DBI_fetch_value("SELECT ROUTINE_TYPE "
. "FROM INFORMATION_SCHEMA.ROUTINES "
- . "WHERE ROUTINE_SCHEMA='" . PMA_sqlAddslashes($db) . "' "
- . "AND SPECIFIC_NAME='" . PMA_sqlAddslashes($_GET['routine_name']) . "';");
+ . "WHERE ROUTINE_SCHEMA='" . PMA_sqlAddSlashes($db) . "' "
+ . "AND SPECIFIC_NAME='" . PMA_sqlAddSlashes($_GET['routine_name']) . "';");
if (! empty($routine_type) && $create_proc = PMA_DBI_get_definition($db, $routine_type, $_GET['routine_name'])) {
$create_proc = '<textarea cols="40" rows="15" style="width: 100%;">' . htmlspecialchars($create_proc) . '</textarea>';
if ($GLOBALS['is_ajax_request']) {
@@ -347,7 +347,7 @@ if (! empty($_REQUEST['execute_routine']) && ! empty($_REQUEST['routine_name']))
$extra_data = array();
if ($message->isSuccess()) {
$columns = "`SPECIFIC_NAME`, `ROUTINE_NAME`, `ROUTINE_TYPE`, `DTD_IDENTIFIER`, `ROUTINE_DEFINITION`";
- $where = "ROUTINE_SCHEMA='" . PMA_sqlAddslashes($db) . "' AND ROUTINE_NAME='" . PMA_sqlAddslashes($_REQUEST['routine_name']) . "'";
+ $where = "ROUTINE_SCHEMA='" . PMA_sqlAddSlashes($db) . "' AND ROUTINE_NAME='" . PMA_sqlAddSlashes($_REQUEST['routine_name']) . "'";
$routine = PMA_DBI_fetch_single_row("SELECT $columns FROM `INFORMATION_SCHEMA`.`ROUTINES` WHERE $where;");
$extra_data['name'] = htmlspecialchars(strtoupper($_REQUEST['routine_name']));
$extra_data['new_row'] = PMA_RTN_getRowForRoutinesList($routine, 0, true);
diff --git a/db_search.php b/db_search.php
index ea50569..69350cd 100644
--- a/db_search.php
+++ b/db_search.php
@@ -61,11 +61,11 @@ if (empty($_REQUEST['search_str']) || ! is_string($_REQUEST['search_str'])) {
$searched = htmlspecialchars($_REQUEST['search_str']);
// For "as regular expression" (search option 4), we should not treat
// this as an expression that contains a LIKE (second parameter of
- // PMA_sqlAddslashes()).
+ // PMA_sqlAddSlashes()).
//
// Usage example: If user is seaching for a literal $ in a regexp search,
// he should enter \$ as the value.
- $search_str = PMA_sqlAddslashes($_REQUEST['search_str'], ($search_option == 4 ? false : true));
+ $search_str = PMA_sqlAddSlashes($_REQUEST['search_str'], ($search_option == 4 ? false : true));
}
$tables_selected = array();
@@ -84,7 +84,7 @@ if (isset($_REQUEST['selectall'])) {
if (empty($_REQUEST['field_str']) || ! is_string($_REQUEST['field_str'])) {
unset($field_str);
} else {
- $field_str = PMA_sqlAddslashes($_REQUEST['field_str'], true);
+ $field_str = PMA_sqlAddSlashes($_REQUEST['field_str'], true);
}
/**
diff --git a/db_tracking.php b/db_tracking.php
index c0421d6..3a9b695 100644
--- a/db_tracking.php
+++ b/db_tracking.php
@@ -67,7 +67,7 @@ require_once './libraries/db_links.inc.php';
$all_tables_query = ' SELECT table_name, MAX(version) as version FROM ' .
PMA_backquote($GLOBALS['cfg']['Server']['pmadb']) . '.' .
PMA_backquote($GLOBALS['cfg']['Server']['tracking']) .
- ' WHERE ' . PMA_backquote('db_name') . ' = \'' . PMA_sqlAddslashes($_REQUEST['db']) . '\' ' .
+ ' WHERE ' . PMA_backquote('db_name') . ' = \'' . PMA_sqlAddSlashes($_REQUEST['db']) . '\' ' .
' GROUP BY '. PMA_backquote('table_name') .
' ORDER BY '. PMA_backquote('table_name') .' ASC';
@@ -110,7 +110,7 @@ if (PMA_DBI_num_rows($all_tables_result) > 0) {
$table_query = ' SELECT * FROM ' .
PMA_backquote($GLOBALS['cfg']['Server']['pmadb']) . '.' .
PMA_backquote($GLOBALS['cfg']['Server']['tracking']) .
- ' WHERE `db_name` = \'' . PMA_sqlAddslashes($_REQUEST['db']) . '\' AND `table_name` = \'' . PMA_sqlAddslashes($table_name) . '\' AND `version` = \'' . $version_number . '\'';
+ ' WHERE `db_name` = \'' . PMA_sqlAddSlashes($_REQUEST['db']) . '\' AND `table_name` = \'' . PMA_sqlAddSlashes($table_name) . '\' AND `version` = \'' . $version_number . '\'';
$table_result = PMA_query_as_controluser($table_query);
$version_data = PMA_DBI_fetch_array($table_result);
diff --git a/import.php b/import.php
index 6506dc8..afc513c 100644
--- a/import.php
+++ b/import.php
@@ -153,7 +153,7 @@ if (!empty($id_bookmark)) {
case 0: // bookmarked query that have to be run
$import_text = PMA_Bookmark_get($db, $id_bookmark, 'id', isset($action_bookmark_all));
if (isset($bookmark_variable) && !empty($bookmark_variable)) {
- $import_text = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '${1}' . PMA_sqlAddslashes($bookmark_variable) . '${2}', $import_text);
+ $import_text = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '${1}' . PMA_sqlAddSlashes($bookmark_variable) . '${2}', $import_text);
}
// refresh left frame on changes in table or db structure
diff --git a/libraries/List_Database.class.php b/libraries/List_Database.class.php
index 2349852..bf1d468 100644
--- a/libraries/List_Database.class.php
+++ b/libraries/List_Database.class.php
@@ -423,7 +423,7 @@ require_once './libraries/List.class.php';
SELECT DISTINCT `Db` FROM `mysql`.`db`
WHERE `Select_priv` = 'Y'
AND `User`
- IN ('" . PMA_sqlAddslashes($GLOBALS['cfg']['Server']['user']) . "', '')";
+ IN ('" . PMA_sqlAddSlashes($GLOBALS['cfg']['Server']['user']) . "', '')";
$tmp_mydbs = PMA_DBI_fetch_result($local_query, null, null,
$GLOBALS['controllink']);
if ($tmp_mydbs) {
@@ -471,7 +471,7 @@ require_once './libraries/List.class.php';
} // end if
// 2. get allowed dbs from the "mysql.tables_priv" table
- $local_query = 'SELECT DISTINCT Db FROM mysql.tables_priv WHERE Table_priv LIKE \'%Select%\' AND User = \'' . PMA_sqlAddslashes($GLOBALS['cfg']['Server']['user']) . '\'';
+ $local_query = 'SELECT DISTINCT Db FROM mysql.tables_priv WHERE Table_priv LIKE \'%Select%\' AND User = \'' . PMA_sqlAddSlashes($GLOBALS['cfg']['Server']['user']) . '\'';
$rs = PMA_DBI_try_query($local_query, $GLOBALS['controllink']);
if ($rs && @PMA_DBI_num_rows($rs)) {
while ($row = PMA_DBI_fetch_assoc($rs)) {
diff --git a/libraries/RecentTable.class.php b/libraries/RecentTable.class.php
index 5a53a41..f844bbc 100644
--- a/libraries/RecentTable.class.php
+++ b/libraries/RecentTable.class.php
@@ -99,7 +99,7 @@ class PMA_RecentTable
$username = $GLOBALS['cfg']['Server']['user'];
$sql_query =
" REPLACE INTO " . $this->pma_table . " (`username`, `tables`)" .
- " VALUES ('" . $username . "', '" . PMA_sqlAddslashes(json_encode($this->tables)) . "')";
+ " VALUES ('" . $username . "', '" . PMA_sqlAddSlashes(json_encode($this->tables)) . "')";
$success = PMA_DBI_try_query($sql_query, $GLOBALS['controllink']);
diff --git a/libraries/Table.class.php b/libraries/Table.class.php
index baa677f..0acd2d9 100644
--- a/libraries/Table.class.php
+++ b/libraries/Table.class.php
@@ -378,7 +378,7 @@ class PMA_Table
} elseif ($type == 'BIT') {
$query .= ' DEFAULT b\'' . preg_replace('/[^01]/', '0', $default_value) . '\'';
} else {
- $query .= ' DEFAULT \'' . PMA_sqlAddslashes($default_value) . '\'';
+ $query .= ' DEFAULT \'' . PMA_sqlAddSlashes($default_value) . '\'';
}
break;
case 'NULL' :
@@ -421,7 +421,7 @@ class PMA_Table
} // end if (auto_increment)
}
if (!empty($comment)) {
- $query .= " COMMENT '" . PMA_sqlAddslashes($comment) . "'";
+ $query .= " COMMENT '" . PMA_sqlAddSlashes($comment) . "'";
}
return $query;
} // end function
@@ -549,14 +549,14 @@ class PMA_Table
$where_parts = array();
foreach ($where_fields as $_where => $_value) {
$where_parts[] = PMA_backquote($_where) . ' = \''
- . PMA_sqlAddslashes($_value) . '\'';
+ . PMA_sqlAddSlashes($_value) . '\'';
}
$new_parts = array();
$new_value_parts = array();
foreach ($new_fields as $_where => $_value) {
$new_parts[] = PMA_backquote($_where);
- $new_value_parts[] = PMA_sqlAddslashes($_value);
+ $new_value_parts[] = PMA_sqlAddSlashes($_value);
}
$table_copy_query = '
@@ -574,7 +574,7 @@ class PMA_Table
$value_parts = array();
foreach ($table_copy_row as $_key => $_val) {
if (isset($row_fields[$_key]) && $row_fields[$_key] == 'cc') {
- $value_parts[] = PMA_sqlAddslashes($_val);
+ $value_parts[] = PMA_sqlAddSlashes($_val);
}
}
@@ -805,10 +805,10 @@ class PMA_Table
// Move old entries from PMA-DBs to new table
if ($GLOBALS['cfgRelation']['commwork']) {
$remove_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['column_info'])
- . ' SET table_name = \'' . PMA_sqlAddslashes($target_table) . '\', '
- . ' db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ . ' SET table_name = \'' . PMA_sqlAddSlashes($target_table) . '\', '
+ . ' db_name = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($source_table) . '\'';
PMA_query_as_controluser($remove_query);
unset($remove_query);
}
@@ -818,28 +818,28 @@ class PMA_Table
if ($GLOBALS['cfgRelation']['displaywork']) {
$table_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['table_info'])
- . ' SET db_name = \'' . PMA_sqlAddslashes($target_db) . '\', '
- . ' table_name = \'' . PMA_sqlAddslashes($target_table) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ . ' SET db_name = \'' . PMA_sqlAddSlashes($target_db) . '\', '
+ . ' table_name = \'' . PMA_sqlAddSlashes($target_table) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($source_table) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
if ($GLOBALS['cfgRelation']['relwork']) {
$table_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['relation'])
- . ' SET foreign_table = \'' . PMA_sqlAddslashes($target_table) . '\','
- . ' foreign_db = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' WHERE foreign_db = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND foreign_table = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ . ' SET foreign_table = \'' . PMA_sqlAddSlashes($target_table) . '\','
+ . ' foreign_db = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' WHERE foreign_db = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND foreign_table = \'' . PMA_sqlAddSlashes($source_table) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
$table_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['relation'])
- . ' SET master_table = \'' . PMA_sqlAddslashes($target_table) . '\','
- . ' master_db = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ . ' SET master_table = \'' . PMA_sqlAddSlashes($target_table) . '\','
+ . ' master_db = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($source_table) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
@@ -853,24 +853,24 @@ class PMA_Table
if ($GLOBALS['cfgRelation']['pdfwork']) {
$table_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['table_coords'])
- . ' SET table_name = \'' . PMA_sqlAddslashes($target_table) . '\','
- . ' db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ . ' SET table_name = \'' . PMA_sqlAddSlashes($target_table) . '\','
+ . ' db_name = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($source_table) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
/*
$pdf_query = 'SELECT pdf_page_number '
. ' FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($target_table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($target_table) . '\'';
$pdf_rs = PMA_query_as_controluser($pdf_query);
while ($pdf_copy_row = PMA_DBI_fetch_assoc($pdf_rs)) {
$table_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['pdf_pages'])
- . ' SET db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND page_nr = \'' . PMA_sqlAddslashes($pdf_copy_row['pdf_page_number']) . '\'';
+ . ' SET db_name = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND page_nr = \'' . PMA_sqlAddSlashes($pdf_copy_row['pdf_page_number']) . '\'';
$tb_rs = PMA_query_as_controluser($table_query);
unset($table_query);
unset($tb_rs);
@@ -880,10 +880,10 @@ class PMA_Table
if ($GLOBALS['cfgRelation']['designerwork']) {
$table_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['designer_coords'])
- . ' SET table_name = \'' . PMA_sqlAddslashes($target_table) . '\','
- . ' db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ . ' SET table_name = \'' . PMA_sqlAddSlashes($target_table) . '\','
+ . ' db_name = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($source_table) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
@@ -900,8 +900,8 @@ class PMA_Table
column_name, ' . PMA_backquote('comment') . ($GLOBALS['cfgRelation']['mimework'] ? ', mimetype, transformation, transformation_options' : '') . '
FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['column_info']) . '
WHERE
- db_name = \'' . PMA_sqlAddslashes($source_db) . '\' AND
- table_name = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ db_name = \'' . PMA_sqlAddSlashes($source_db) . '\' AND
+ table_name = \'' . PMA_sqlAddSlashes($source_table) . '\'';
$comments_copy_rs = PMA_query_as_controluser($comments_copy_query);
// Write every comment as new copied entry. [MIME]
@@ -909,13 +909,13 @@ class PMA_Table
$new_comment_query = 'REPLACE INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['column_info'])
. ' (db_name, table_name, column_name, ' . PMA_backquote('comment') . ($GLOBALS['cfgRelation']['mimework'] ? ', mimetype, transformation, transformation_options' : '') . ') '
. ' VALUES('
- . '\'' . PMA_sqlAddslashes($target_db) . '\','
- . '\'' . PMA_sqlAddslashes($target_table) . '\','
- . '\'' . PMA_sqlAddslashes($comments_copy_row['column_name']) . '\''
- . ($GLOBALS['cfgRelation']['mimework'] ? ',\'' . PMA_sqlAddslashes($comments_copy_row['comment']) . '\','
- . '\'' . PMA_sqlAddslashes($comments_copy_row['mimetype']) . '\','
- . '\'' . PMA_sqlAddslashes($comments_copy_row['transformation']) . '\','
- . '\'' . PMA_sqlAddslashes($comments_copy_row['transformation_options']) . '\'' : '')
+ . '\'' . PMA_sqlAddSlashes($target_db) . '\','
+ . '\'' . PMA_sqlAddSlashes($target_table) . '\','
+ . '\'' . PMA_sqlAddSlashes($comments_copy_row['column_name']) . '\''
+ . ($GLOBALS['cfgRelation']['mimework'] ? ',\'' . PMA_sqlAddSlashes($comments_copy_row['comment']) . '\','
+ . '\'' . PMA_sqlAddSlashes($comments_copy_row['mimetype']) . '\','
+ . '\'' . PMA_sqlAddSlashes($comments_copy_row['transformation']) . '\','
+ . '\'' . PMA_sqlAddSlashes($comments_copy_row['transformation_options']) . '\'' : '')
. ')';
PMA_query_as_controluser($new_comment_query);
} // end while
@@ -1065,10 +1065,10 @@ class PMA_Table
$remove_query = '
UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. PMA_backquote($GLOBALS['cfgRelation']['column_info']) . '
- SET `db_name` = \'' . PMA_sqlAddslashes($new_db) . '\',
- `table_name` = \'' . PMA_sqlAddslashes($new_name) . '\'
- WHERE `db_name` = \'' . PMA_sqlAddslashes($old_db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($old_name) . '\'';
+ SET `db_name` = \'' . PMA_sqlAddSlashes($new_db) . '\',
+ `table_name` = \'' . PMA_sqlAddSlashes($new_name) . '\'
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($old_db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($old_name) . '\'';
PMA_query_as_controluser($remove_query);
unset($remove_query);
}
@@ -1077,10 +1077,10 @@ class PMA_Table
$table_query = '
UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. PMA_backquote($GLOBALS['cfgRelation']['table_info']) . '
- SET `db_name` = \'' . PMA_sqlAddslashes($new_db) . '\',
- `table_name` = \'' . PMA_sqlAddslashes($new_name) . '\'
- WHERE `db_name` = \'' . PMA_sqlAddslashes($old_db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($old_name) . '\'';
+ SET `db_name` = \'' . PMA_sqlAddSlashes($new_db) . '\',
+ `table_name` = \'' . PMA_sqlAddSlashes($new_name) . '\'
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($old_db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($old_name) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
@@ -1089,19 +1089,19 @@ class PMA_Table
$table_query = '
UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. PMA_backquote($GLOBALS['cfgRelation']['relation']) . '
- SET `foreign_db` = \'' . PMA_sqlAddslashes($new_db) . '\',
- `foreign_table` = \'' . PMA_sqlAddslashes($new_name) . '\'
- WHERE `foreign_db` = \'' . PMA_sqlAddslashes($old_db) . '\'
- AND `foreign_table` = \'' . PMA_sqlAddslashes($old_name) . '\'';
+ SET `foreign_db` = \'' . PMA_sqlAddSlashes($new_db) . '\',
+ `foreign_table` = \'' . PMA_sqlAddSlashes($new_name) . '\'
+ WHERE `foreign_db` = \'' . PMA_sqlAddSlashes($old_db) . '\'
+ AND `foreign_table` = \'' . PMA_sqlAddSlashes($old_name) . '\'';
PMA_query_as_controluser($table_query);
$table_query = '
UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. PMA_backquote($GLOBALS['cfgRelation']['relation']) . '
- SET `master_db` = \'' . PMA_sqlAddslashes($new_db) . '\',
- `master_table` = \'' . PMA_sqlAddslashes($new_name) . '\'
- WHERE `master_db` = \'' . PMA_sqlAddslashes($old_db) . '\'
- AND `master_table` = \'' . PMA_sqlAddslashes($old_name) . '\'';
+ SET `master_db` = \'' . PMA_sqlAddSlashes($new_db) . '\',
+ `master_table` = \'' . PMA_sqlAddSlashes($new_name) . '\'
+ WHERE `master_db` = \'' . PMA_sqlAddSlashes($old_db) . '\'
+ AND `master_table` = \'' . PMA_sqlAddSlashes($old_name) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
@@ -1110,10 +1110,10 @@ class PMA_Table
$table_query = '
UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. PMA_backquote($GLOBALS['cfgRelation']['table_coords']) . '
- SET `db_name` = \'' . PMA_sqlAddslashes($new_db) . '\',
- `table_name` = \'' . PMA_sqlAddslashes($new_name) . '\'
- WHERE `db_name` = \'' . PMA_sqlAddslashes($old_db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($old_name) . '\'';
+ SET `db_name` = \'' . PMA_sqlAddSlashes($new_db) . '\',
+ `table_name` = \'' . PMA_sqlAddSlashes($new_name) . '\'
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($old_db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($old_name) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
@@ -1122,10 +1122,10 @@ class PMA_Table
$table_query = '
UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. PMA_backquote($GLOBALS['cfgRelation']['designer_coords']) . '
- SET `db_name` = \'' . PMA_sqlAddslashes($new_db) . '\',
- `table_name` = \'' . PMA_sqlAddslashes($new_name) . '\'
- WHERE `db_name` = \'' . PMA_sqlAddslashes($old_db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($old_name) . '\'';
+ SET `db_name` = \'' . PMA_sqlAddSlashes($new_db) . '\',
+ `table_name` = \'' . PMA_sqlAddSlashes($new_name) . '\'
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($old_db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($old_name) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
@@ -1252,7 +1252,7 @@ class PMA_Table
$sql_query =
" REPLACE INTO " . $pma_table .
" VALUES ('" . $username . "', '" . $this->db_name . "', '" .
- $this->name . "', '" . PMA_sqlAddslashes(json_encode($this->uiprefs)) . "')";
+ $this->name . "', '" . PMA_sqlAddSlashes(json_encode($this->uiprefs)) . "')";
$success = PMA_DBI_try_query($sql_query, $GLOBALS['controllink']);
diff --git a/libraries/Tracker.class.php b/libraries/Tracker.class.php
index 35ab7f4..da9a56a 100644
--- a/libraries/Tracker.class.php
+++ b/libraries/Tracker.class.php
@@ -219,8 +219,8 @@ class PMA_Tracker
$sql_query =
" SELECT tracking_active FROM " . self::$pma_table .
- " WHERE " . PMA_backquote('db_name') . " = '" . PMA_sqlAddslashes($dbname) . "' " .
- " AND " . PMA_backquote('table_name') . " = '" . PMA_sqlAddslashes($tablename) . "' " .
+ " WHERE " . PMA_backquote('db_name') . " = '" . PMA_sqlAddSlashes($dbname) . "' " .
+ " AND " . PMA_backquote('table_name') . " = '" . PMA_sqlAddSlashes($tablename) . "' " .
" ORDER BY version DESC";
$row = PMA_DBI_fetch_array(PMA_query_as_controluser($sql_query));
@@ -331,15 +331,15 @@ class PMA_Tracker
"tracking " .
") " .
"values (
- '" . PMA_sqlAddslashes($dbname) . "',
- '" . PMA_sqlAddslashes($tablename) . "',
- '" . PMA_sqlAddslashes($version) . "',
- '" . PMA_sqlAddslashes($date) . "',
- '" . PMA_sqlAddslashes($date) . "',
- '" . PMA_sqlAddslashes($snapshot) . "',
- '" . PMA_sqlAddslashes($create_sql) . "',
- '" . PMA_sqlAddslashes("\n") . "',
- '" . PMA_sqlAddslashes($tracking_set) . "' )";
+ '" . PMA_sqlAddSlashes($dbname) . "',
+ '" . PMA_sqlAddSlashes($tablename) . "',
+ '" . PMA_sqlAddSlashes($version) . "',
+ '" . PMA_sqlAddSlashes($date) . "',
+ '" . PMA_sqlAddSlashes($date) . "',
+ '" . PMA_sqlAddSlashes($snapshot) . "',
+ '" . PMA_sqlAddSlashes($create_sql) . "',
+ '" . PMA_sqlAddSlashes("\n") . "',
+ '" . PMA_sqlAddSlashes($tracking_set) . "' )";
$result = PMA_query_as_controluser($sql_query);
@@ -366,7 +366,7 @@ class PMA_Tracker
{
$sql_query =
"/*NOTRACK*/\n" .
- "DELETE FROM " . self::$pma_table . " WHERE `db_name` = '" . PMA_sqlAddslashes($dbname) . "' AND `table_name` = '" . PMA_sqlAddslashes($tablename) . "'";
+ "DELETE FROM " . self::$pma_table . " WHERE `db_name` = '" . PMA_sqlAddSlashes($dbname) . "' AND `table_name` = '" . PMA_sqlAddSlashes($tablename) . "'";
$result = PMA_query_as_controluser($sql_query);
return $result;
@@ -421,15 +421,15 @@ class PMA_Tracker
"tracking " .
") " .
"values (
- '" . PMA_sqlAddslashes($dbname) . "',
- '" . PMA_sqlAddslashes('') . "',
- '" . PMA_sqlAddslashes($version) . "',
- '" . PMA_sqlAddslashes($date) . "',
- '" . PMA_sqlAddslashes($date) . "',
- '" . PMA_sqlAddslashes('') . "',
- '" . PMA_sqlAddslashes($create_sql) . "',
- '" . PMA_sqlAddslashes("\n") . "',
- '" . PMA_sqlAddslashes($tracking_set) . "' )";
+ '" . PMA_sqlAddSlashes($dbname) . "',
+ '" . PMA_sqlAddSlashes('') . "',
+ '" . PMA_sqlAddSlashes($version) . "',
+ '" . PMA_sqlAddSlashes($date) . "',
+ '" . PMA_sqlAddSlashes($date) . "',
+ '" . PMA_sqlAddSlashes('') . "',
+ '" . PMA_sqlAddSlashes($create_sql) . "',
+ '" . PMA_sqlAddSlashes("\n") . "',
+ '" . PMA_sqlAddSlashes($tracking_set) . "' )";
$result = PMA_query_as_controluser($sql_query);
@@ -455,9 +455,9 @@ class PMA_Tracker
$sql_query =
" UPDATE " . self::$pma_table .
" SET `tracking_active` = '" . $new_state . "' " .
- " WHERE `db_name` = '" . PMA_sqlAddslashes($dbname) . "' " .
- " AND `table_name` = '" . PMA_sqlAddslashes($tablename) . "' " .
- " AND `version` = '" . PMA_sqlAddslashes($version) . "' ";
+ " WHERE `db_name` = '" . PMA_sqlAddSlashes($dbname) . "' " .
+ " AND `table_name` = '" . PMA_sqlAddSlashes($tablename) . "' " .
+ " AND `version` = '" . PMA_sqlAddSlashes($version) . "' ";
$result = PMA_query_as_controluser($sql_query);
@@ -491,7 +491,7 @@ class PMA_Tracker
$new_data_processed = '';
if (is_array($new_data)) {
foreach ($new_data as $data) {
- $new_data_processed .= '# log ' . $date . ' ' . $data['username'] . PMA_sqlAddslashes($data['statement']) . "\n";
+ $new_data_processed .= '# log ' . $date . ' ' . $data['username'] . PMA_sqlAddSlashes($data['statement']) . "\n";
}
} else {
$new_data_processed = $new_data;
@@ -500,9 +500,9 @@ class PMA_Tracker
$sql_query =
" UPDATE " . self::$pma_table .
" SET `" . $save_to . "` = '" . $new_data_processed . "' " .
- " WHERE `db_name` = '" . PMA_sqlAddslashes($dbname) . "' " .
- " AND `table_name` = '" . PMA_sqlAddslashes($tablename) . "' " .
- " AND `version` = '" . PMA_sqlAddslashes($version) . "' ";
+ " WHERE `db_name` = '" . PMA_sqlAddSlashes($dbname) . "' " .
+ " AND `table_name` = '" . PMA_sqlAddSlashes($tablename) . "' " .
+ " AND `version` = '" . PMA_sqlAddSlashes($version) . "' ";
$result = PMA_query_as_controluser($sql_query);
@@ -559,8 +559,8 @@ class PMA_Tracker
{
$sql_query =
" SELECT MAX(version) FROM " . self::$pma_table .
- " WHERE `db_name` = '" . PMA_sqlAddslashes($dbname) . "' " .
- " AND `table_name` = '" . PMA_sqlAddslashes($tablename) . "' ";
+ " WHERE `db_name` = '" . PMA_sqlAddSlashes($dbname) . "' " .
+ " AND `table_name` = '" . PMA_sqlAddSlashes($tablename) . "' ";
if ($statement != "") {
$sql_query .= " AND FIND_IN_SET('" . $statement . "',tracking) > 0" ;
@@ -593,11 +593,11 @@ class PMA_Tracker
self::init();
}
$sql_query = " SELECT * FROM " . self::$pma_table .
- " WHERE `db_name` = '" . PMA_sqlAddslashes($dbname) . "' ";
+ " WHERE `db_name` = '" . PMA_sqlAddSlashes($dbname) . "' ";
if (! empty($tablename)) {
- $sql_query .= " AND `table_name` = '" . PMA_sqlAddslashes($tablename) ."' ";
+ $sql_query .= " AND `table_name` = '" . PMA_sqlAddSlashes($tablename) ."' ";
}
- $sql_query .= " AND `version` = '" . PMA_sqlAddslashes($version) ."' ".
+ $sql_query .= " AND `version` = '" . PMA_sqlAddSlashes($version) ."' ".
" ORDER BY `version` DESC ";
$mixed = PMA_DBI_fetch_array(PMA_query_as_controluser($sql_query));
@@ -959,12 +959,12 @@ class PMA_Tracker
$sql_query =
" /*NOTRACK*/\n" .
" UPDATE " . self::$pma_table .
- " SET " . PMA_backquote($save_to) ." = CONCAT( " . PMA_backquote($save_to) . ",'\n" . PMA_sqlAddslashes($query) . "') ," .
+ " SET " . PMA_backquote($save_to) ." = CONCAT( " . PMA_backquote($save_to) . ",'\n" . PMA_sqlAddSlashes($query) . "') ," .
" `date_updated` = '" . $date . "' ";
// If table was renamed we have to change the tablename attribute in pma_tracking too
if ($result['identifier'] == 'RENAME TABLE') {
- $sql_query .= ', `table_name` = \'' . PMA_sqlAddslashes($result['tablename_after_rename']) . '\' ';
+ $sql_query .= ', `table_name` = \'' . PMA_sqlAddSlashes($result['tablename_after_rename']) . '\' ';
}
// Save the tracking information only for
@@ -974,9 +974,9 @@ class PMA_Tracker
// we want to track
$sql_query .=
" WHERE FIND_IN_SET('" . $result['identifier'] . "',tracking) > 0" .
- " AND `db_name` = '" . PMA_sqlAddslashes($dbname) . "' " .
- " AND `table_name` = '" . PMA_sqlAddslashes($result['tablename']) . "' " .
- " AND `version` = '" . PMA_sqlAddslashes($version) . "' ";
+ " AND `db_name` = '" . PMA_sqlAddSlashes($dbname) . "' " .
+ " AND `table_name` = '" . PMA_sqlAddSlashes($result['tablename']) . "' " .
+ " AND `version` = '" . PMA_sqlAddSlashes($version) . "' ";
$result = PMA_query_as_controluser($sql_query);
}
diff --git a/libraries/blobstreaming.lib.php b/libraries/blobstreaming.lib.php
index c7250dc..d9893dd 100644
--- a/libraries/blobstreaming.lib.php
+++ b/libraries/blobstreaming.lib.php
@@ -387,7 +387,7 @@ function PMA_BS_IsTablePBMSEnabled($db_name, $tbl_name, $tbl_type)
// This information should be cached rather than selecting it each time.
//$query = "SELECT count(*) FROM information_schema.TABLES T, pbms.pbms_enabled E where T.table_schema = ". PMA_backquote($db_name) . " and T.table_name = ". PMA_backquote($tbl_name) . " and T.engine = E.name";
- $query = "SELECT count(*) FROM pbms.pbms_enabled E where E.name = '" . PMA_sqlAddslashes($tbl_type) . "'";
+ $query = "SELECT count(*) FROM pbms.pbms_enabled E where E.name = '" . PMA_sqlAddSlashes($tbl_type) . "'";
$result = PMA_DBI_query($query);
$data = PMA_DBI_fetch_row($result);
@@ -439,7 +439,7 @@ function PMA_BS_SetContentType($db_name, $bsTable, $blobReference, $contentType)
// This is a really ugly way to do this but currently there is nothing better.
// In a future version of PBMS the system tables will be redesigned to make this
// more efficient.
- $query = "SELECT Repository_id, Repo_blob_offset FROM pbms_reference WHERE Blob_url='" . PMA_sqlAddslashes($blobReference) . "'";
+ $query = "SELECT Repository_id, Repo_blob_offset FROM pbms_reference WHERE Blob_url='" . PMA_sqlAddSlashes($blobReference) . "'";
//error_log(" PMA_BS_SetContentType: $query\n", 3, "/tmp/mylog");
$result = PMA_DBI_query($query);
//error_log(" $query\n", 3, "/tmp/mylog");
@@ -451,9 +451,9 @@ function PMA_BS_SetContentType($db_name, $bsTable, $blobReference, $contentType)
$result = PMA_DBI_query($query);
if (PMA_DBI_num_rows($result) == 0) {
- $query = "INSERT into pbms_metadata Values( ". $data['Repository_id'] . ", " . $data['Repo_blob_offset'] . ", 'Content_type', '" . PMA_sqlAddslashes($contentType) . "')";
+ $query = "INSERT into pbms_metadata Values( ". $data['Repository_id'] . ", " . $data['Repo_blob_offset'] . ", 'Content_type', '" . PMA_sqlAddSlashes($contentType) . "')";
} else {
- $query = "UPDATE pbms_metadata SET name = 'Content_type', Value = '" . PMA_sqlAddslashes($contentType) . "' $where";
+ $query = "UPDATE pbms_metadata SET name = 'Content_type', Value = '" . PMA_sqlAddSlashes($contentType) . "' $where";
}
//error_log("$query\n", 3, "/tmp/mylog");
PMA_DBI_query($query);
diff --git a/libraries/bookmark.lib.php b/libraries/bookmark.lib.php
index 5492cbf..9ff7d1b 100644
--- a/libraries/bookmark.lib.php
+++ b/libraries/bookmark.lib.php
@@ -58,13 +58,13 @@ function PMA_Bookmark_getList($db)
}
$query = 'SELECT label, id FROM '. PMA_backquote($cfgBookmark['db']) . '.' . PMA_backquote($cfgBookmark['table'])
- . ' WHERE dbase = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND user = \'' . PMA_sqlAddslashes($cfgBookmark['user']) . '\''
+ . ' WHERE dbase = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND user = \'' . PMA_sqlAddSlashes($cfgBookmark['user']) . '\''
. ' ORDER BY label';
$per_user = PMA_DBI_fetch_result($query, 'id', 'label', $controllink, PMA_DBI_QUERY_STORE);
$query = 'SELECT label, id FROM '. PMA_backquote($cfgBookmark['db']) . '.' . PMA_backquote($cfgBookmark['table'])
- . ' WHERE dbase = \'' . PMA_sqlAddslashes($db) . '\''
+ . ' WHERE dbase = \'' . PMA_sqlAddSlashes($db) . '\''
. ' AND user = \'\''
. ' ORDER BY label';
$global = PMA_DBI_fetch_result($query, 'id', 'label', $controllink, PMA_DBI_QUERY_STORE);
@@ -107,10 +107,10 @@ function PMA_Bookmark_get($db, $id, $id_field = 'id', $action_bookmark_all = fal
}
$query = 'SELECT query FROM ' . PMA_backquote($cfgBookmark['db']) . '.' . PMA_backquote($cfgBookmark['table'])
- . ' WHERE dbase = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE dbase = \'' . PMA_sqlAddSlashes($db) . '\'';
if (!$action_bookmark_all) {
- $query .= ' AND (user = \'' . PMA_sqlAddslashes($cfgBookmark['user']) . '\'';
+ $query .= ' AND (user = \'' . PMA_sqlAddSlashes($cfgBookmark['user']) . '\'';
if (!$exact_user_match) {
$query .= ' OR user = \'\'';
}
@@ -146,7 +146,7 @@ function PMA_Bookmark_save($fields, $all_users = false)
}
$query = 'INSERT INTO ' . PMA_backquote($cfgBookmark['db']) . '.' . PMA_backquote($cfgBookmark['table'])
- . ' (id, dbase, user, query, label) VALUES (NULL, \'' . PMA_sqlAddslashes($fields['dbase']) . '\', \'' . ($all_users ? '' : PMA_sqlAddslashes($fields['user'])) . '\', \'' . PMA_sqlAddslashes(urldecode($fields['query'])) . '\', \'' . PMA_sqlAddslashes($fields['label']) . '\')';
+ . ' (id, dbase, user, query, label) VALUES (NULL, \'' . PMA_sqlAddSlashes($fields['dbase']) . '\', \'' . ($all_users ? '' : PMA_sqlAddSlashes($fields['user'])) . '\', \'' . PMA_sqlAddSlashes(urldecode($fields['query'])) . '\', \'' . PMA_sqlAddSlashes($fields['label']) . '\')';
return PMA_DBI_query($query, $controllink);
} // end of the 'PMA_Bookmark_save()' function
@@ -172,7 +172,7 @@ function PMA_Bookmark_delete($db, $id)
}
$query = 'DELETE FROM ' . PMA_backquote($cfgBookmark['db']) . '.' . PMA_backquote($cfgBookmark['table'])
- . ' WHERE (user = \'' . PMA_sqlAddslashes($cfgBookmark['user']) . '\''
+ . ' WHERE (user = \'' . PMA_sqlAddSlashes($cfgBookmark['user']) . '\''
. ' OR user = \'\')'
. ' AND id = ' . $id;
return PMA_DBI_try_query($query, $controllink);
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index 7dcbea0..61f3102 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -161,7 +161,7 @@ function PMA_displayMaximumUploadSize($max_upload_size)
*
* @access public
*/
-function PMA_sqlAddslashes($a_string = '', $is_like = false, $crlf = false, $php_code = false)
+function PMA_sqlAddSlashes($a_string = '', $is_like = false, $crlf = false, $php_code = false)
{
if ($is_like) {
$a_string = str_replace('\\', '\\\\\\\\', $a_string);
@@ -182,7 +182,7 @@ function PMA_sqlAddslashes($a_string = '', $is_like = false, $crlf = false, $php
}
return $a_string;
-} // end of the 'PMA_sqlAddslashes()' function
+} // end of the 'PMA_sqlAddSlashes()' function
/**
@@ -1996,7 +1996,7 @@ function PMA_getUniqueCondition($handle, $fields_cnt, $fields_meta, $row, $force
$condition .= "= b'" . PMA_printable_bit_value($row[$i], $meta->length) . "' AND";
} else {
$condition .= '= \''
- . PMA_sqlAddslashes($row[$i], false, true) . '\' AND';
+ . PMA_sqlAddSlashes($row[$i], false, true) . '\' AND';
}
}
if ($meta->primary_key > 0) {
@@ -3082,7 +3082,7 @@ function PMA_currentUserHasPrivilege($priv, $db = null, $tbl = null)
'SCHEMA_PRIVILEGES',
$username,
$priv,
- PMA_sqlAddslashes($db)))) {
+ PMA_sqlAddSlashes($db)))) {
return true;
}
} else {
@@ -3098,8 +3098,8 @@ function PMA_currentUserHasPrivilege($priv, $db = null, $tbl = null)
'TABLE_PRIVILEGES',
$username,
$priv,
- PMA_sqlAddslashes($db),
- PMA_sqlAddslashes($tbl)))) {
+ PMA_sqlAddSlashes($db),
+ PMA_sqlAddSlashes($tbl)))) {
return true;
}
}
diff --git a/libraries/database_interface.lib.php b/libraries/database_interface.lib.php
index d9f19f3..50ae58b 100644
--- a/libraries/database_interface.lib.php
+++ b/libraries/database_interface.lib.php
@@ -323,7 +323,7 @@ function PMA_DBI_get_tables_full($database, $table = false, $tbl_is_group = fals
// added BINARY in the WHERE clause to force a case sensitive
// comparison (if we are looking for the db Aa we don't want
// to find the db aa)
- $this_databases = array_map('PMA_sqlAddslashes', $databases);
+ $this_databases = array_map('PMA_sqlAddSlashes', $databases);
$sql = '
SELECT *,
@@ -992,7 +992,7 @@ function PMA_DBI_postConnect($link, $is_controluser = false)
if (!PMA_DRIZZLE) {
if (! empty($GLOBALS['collation_connection'])) {
PMA_DBI_query("SET CHARACTER SET 'utf8';", $link, PMA_DBI_QUERY_STORE);
- PMA_DBI_query("SET collation_connection = '" . PMA_sqlAddslashes($GLOBALS['collation_connection']) . "';", $link, PMA_DBI_QUERY_STORE);
+ PMA_DBI_query("SET collation_connection = '" . PMA_sqlAddSlashes($GLOBALS['collation_connection']) . "';", $link, PMA_DBI_QUERY_STORE);
} else {
PMA_DBI_query("SET NAMES 'utf8' COLLATE 'utf8_general_ci';", $link, PMA_DBI_QUERY_STORE);
}
@@ -1373,14 +1373,14 @@ function PMA_DBI_get_triggers($db, $table = '', $delimiter = '//')
// Note: in http://dev.mysql.com/doc/refman/5.0/en/faqs-triggers.html
// their example uses WHERE TRIGGER_SCHEMA='dbname' so let's use this
// instead of WHERE EVENT_OBJECT_SCHEMA='dbname'
- $query = "SELECT TRIGGER_SCHEMA, TRIGGER_NAME, EVENT_MANIPULATION, EVENT_OBJECT_TABLE, ACTION_TIMING, ACTION_STATEMENT, EVENT_OBJECT_SCHEMA, EVENT_OBJECT_TABLE FROM information_schema.TRIGGERS WHERE TRIGGER_SCHEMA= '" . PMA_sqlAddslashes($db,true) . "';";
+ $query = "SELECT TRIGGER_SCHEMA, TRIGGER_NAME, EVENT_MANIPULATION, EVENT_OBJECT_TABLE, ACTION_TIMING, ACTION_STATEMENT, EVENT_OBJECT_SCHEMA, EVENT_OBJECT_TABLE FROM information_schema.TRIGGERS WHERE TRIGGER_SCHEMA= '" . PMA_sqlAddSlashes($db,true) . "';";
if (! empty($table)) {
- $query .= " AND EVENT_OBJECT_TABLE = '" . PMA_sqlAddslashes($table, true) . "';";
+ $query .= " AND EVENT_OBJECT_TABLE = '" . PMA_sqlAddSlashes($table, true) . "';";
}
} else {
- $query = "SHOW TRIGGERS FROM " . PMA_backquote(PMA_sqlAddslashes($db,true));
+ $query = "SHOW TRIGGERS FROM " . PMA_backquote(PMA_sqlAddSlashes($db,true));
if (! empty($table)) {
- $query .= " LIKE '" . PMA_sqlAddslashes($table, true) . "';";
+ $query .= " LIKE '" . PMA_sqlAddSlashes($table, true) . "';";
}
}
@@ -1424,8 +1424,8 @@ function PMA_isView($db, $view_name)
$result = PMA_DBI_fetch_result(
"SELECT TABLE_NAME
FROM information_schema.VIEWS
- WHERE TABLE_SCHEMA = '" . PMA_sqlAddslashes($db) . "'
- AND TABLE_NAME = '" . PMA_sqlAddslashes($view_name) . "'");
+ WHERE TABLE_SCHEMA = '" . PMA_sqlAddSlashes($db) . "'
+ AND TABLE_NAME = '" . PMA_sqlAddSlashes($view_name) . "'");
if ($result) {
return true;
diff --git a/libraries/db_events.inc.php b/libraries/db_events.inc.php
index 4aa68a8..adf265e 100644
--- a/libraries/db_events.inc.php
+++ b/libraries/db_events.inc.php
@@ -8,7 +8,7 @@ if (! defined('PHPMYADMIN')) {
exit;
}
-$events = PMA_DBI_fetch_result('SELECT EVENT_NAME, EVENT_TYPE FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' . PMA_sqlAddslashes($db,true) . '\';');
+$events = PMA_DBI_fetch_result('SELECT EVENT_NAME, EVENT_TYPE FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' . PMA_sqlAddSlashes($db,true) . '\';');
$conditional_class_add = '';
$conditional_class_drop = '';
diff --git a/libraries/db_info.inc.php b/libraries/db_info.inc.php
index 9d6dcf6..eebad23 100644
--- a/libraries/db_info.inc.php
+++ b/libraries/db_info.inc.php
@@ -130,7 +130,7 @@ if (true === $cfg['SkipLockedTables']) {
if (! isset($sot_cache[$tmp[0]])) {
$sts_result = PMA_DBI_query(
'SHOW TABLE STATUS FROM ' . PMA_backquote($db)
- . ' LIKE \'' . PMA_sqlAddSlashes($tmp[0]) . '\';');
+ . ' LIKE \'' . PMA_sqlAddSlashes($tmp[0], true) . '\';');
$sts_tmp = PMA_DBI_fetch_assoc($sts_result);
PMA_DBI_free_result($sts_result);
unset($sts_result);
diff --git a/libraries/db_routines.lib.php b/libraries/db_routines.lib.php
index dde8b79..7591d39 100644
--- a/libraries/db_routines.lib.php
+++ b/libraries/db_routines.lib.php
@@ -186,8 +186,8 @@ function PMA_RTN_getRoutineDataFromName($db, $name, $all = true)
$fields = "SPECIFIC_NAME, ROUTINE_TYPE, DTD_IDENTIFIER, "
. "ROUTINE_DEFINITION, IS_DETERMINISTIC, SQL_DATA_ACCESS, "
. "ROUTINE_COMMENT, SECURITY_TYPE";
- $where = "ROUTINE_SCHEMA='" . PMA_sqlAddslashes($db) . "' "
- . "AND SPECIFIC_NAME='" . PMA_sqlAddslashes($name) . "'";
+ $where = "ROUTINE_SCHEMA='" . PMA_sqlAddSlashes($db) . "' "
+ . "AND SPECIFIC_NAME='" . PMA_sqlAddSlashes($name) . "'";
$query = "SELECT $fields FROM INFORMATION_SCHEMA.ROUTINES WHERE $where;";
$routine = PMA_DBI_fetch_single_row($query);
@@ -1127,7 +1127,7 @@ function PMA_RTN_getRoutinesList()
* Get the routines
*/
$columns = "`SPECIFIC_NAME`, `ROUTINE_NAME`, `ROUTINE_TYPE`, `DTD_IDENTIFIER`, `ROUTINE_DEFINITION`";
- $where = "ROUTINE_SCHEMA='" . PMA_sqlAddslashes($db) . "'";
+ $where = "ROUTINE_SCHEMA='" . PMA_sqlAddSlashes($db) . "'";
$routines = PMA_DBI_fetch_result("SELECT $columns FROM `INFORMATION_SCHEMA`.`ROUTINES` WHERE $where;");
/**
* Conditional classes switch the list on or off
diff --git a/libraries/db_table_exists.lib.php b/libraries/db_table_exists.lib.php
index 8eb93e4..97b7ec8 100644
--- a/libraries/db_table_exists.lib.php
+++ b/libraries/db_table_exists.lib.php
@@ -46,7 +46,7 @@ if (empty($is_table) && !defined('PMA_SUBMIT_MULT') && ! defined('TABLE_MAY_BE_A
if (! $is_table) {
$_result = PMA_DBI_try_query(
- 'SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, true) . '\';',
+ 'SHOW TABLES LIKE \'' . PMA_sqlAddSlashes($table, true) . '\';',
null, PMA_DBI_QUERY_STORE);
$is_table = @PMA_DBI_num_rows($_result);
PMA_DBI_free_result($_result);
diff --git a/libraries/display_tbl.lib.php b/libraries/display_tbl.lib.php
index 0b63a1e..8fd73de 100644
--- a/libraries/display_tbl.lib.php
+++ b/libraries/display_tbl.lib.php
@@ -1587,7 +1587,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
// do not wrap if date field type
$nowrap = ((preg_match('@DATE|TIME@i', $meta->type) || $bool_nowrap) ? ' nowrap' : '');
- $where_comparison = ' = \'' . PMA_sqlAddslashes($row[$i]) . '\'';
+ $where_comparison = ' = \'' . PMA_sqlAddSlashes($row[$i]) . '\'';
$vertical_display['data'][$row_no][$i] = '<td ' . PMA_prepare_row_data($class, $condition_field, $analyzed_sql, $meta, $map, $row[$i], $transform_function, $default_function, $nowrap, $where_comparison, $transform_options, $is_field_truncated);
} else {
diff --git a/libraries/export/sql.php b/libraries/export/sql.php
index ed61a07..3b0d968 100644
--- a/libraries/export/sql.php
+++ b/libraries/export/sql.php
@@ -595,7 +595,7 @@ function PMA_exportDBFooter($db)
$delimiter = '$$';
if (PMA_MYSQL_INT_VERSION > 50100) {
- $event_names = PMA_DBI_fetch_result('SELECT EVENT_NAME FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' . PMA_sqlAddslashes($db,true) . '\';');
+ $event_names = PMA_DBI_fetch_result('SELECT EVENT_NAME FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' . PMA_sqlAddSlashes($db,true) . '\';');
} else {
$event_names = array();
}
@@ -690,7 +690,7 @@ function PMA_getTableDef($db, $table, $crlf, $error_url, $show_dates = false, $a
$new_crlf = $crlf;
// need to use PMA_DBI_QUERY_STORE with PMA_DBI_num_rows() in mysqli
- $result = PMA_DBI_query('SHOW TABLE STATUS FROM ' . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddslashes($table) . '\'', null, PMA_DBI_QUERY_STORE);
+ $result = PMA_DBI_query('SHOW TABLE STATUS FROM ' . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddSlashes($table, true) . '\'', null, PMA_DBI_QUERY_STORE);
if ($result != false) {
if (PMA_DBI_num_rows($result) > 0) {
$tmpres = PMA_DBI_fetch_assoc($result);
@@ -1184,10 +1184,10 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query)
}
// detection of 'bit' works only on mysqli extension
} elseif ($fields_meta[$j]->type == 'bit') {
- $values[] = "b'" . PMA_sqlAddslashes(PMA_printable_bit_value($row[$j], $fields_meta[$j]->length)) . "'";
+ $values[] = "b'" . PMA_sqlAddSlashes(PMA_printable_bit_value($row[$j], $fields_meta[$j]->length)) . "'";
// something else -> treat as a string
} else {
- $values[] = '\'' . str_replace($search, $replace, PMA_sqlAddslashes($row[$j])) . '\'';
+ $values[] = '\'' . str_replace($search, $replace, PMA_sqlAddSlashes($row[$j])) . '\'';
} // end if
} // end for
diff --git a/libraries/import.lib.php b/libraries/import.lib.php
index 75e65a0..e2cbdd2 100644
--- a/libraries/import.lib.php
+++ b/libraries/import.lib.php
@@ -987,7 +987,7 @@ function PMA_buildSQL($db_name, &$tables, &$analyses = NULL, &$additional_sql =
}
$tempSQLStr .= (($is_varchar) ? "'" : "");
- $tempSQLStr .= PMA_sqlAddslashes((string)$tables[$i][ROWS][$j][$k]);
+ $tempSQLStr .= PMA_sqlAddSlashes((string)$tables[$i][ROWS][$j][$k]);
$tempSQLStr .= (($is_varchar) ? "'" : "");
if ($k != ($num_cols - 1)) {
diff --git a/libraries/import/docsql.php b/libraries/import/docsql.php
index 3ac799f..4ba089a 100644
--- a/libraries/import/docsql.php
+++ b/libraries/import/docsql.php
@@ -68,10 +68,10 @@ if ($data === true && !$error && !$timeout_passed) {
' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . '
(db_name, table_name, column_name, ' . PMA_backquote('comment') . ')
VALUES (
- \'' . PMA_sqlAddslashes($GLOBALS['db']) . '\',
- \'' . PMA_sqlAddslashes(trim($tab)) . '\',
- \'' . PMA_sqlAddslashes(trim($inf[0])) . '\',
- \'' . PMA_sqlAddslashes(trim($inf[1])) . '\')';
+ \'' . PMA_sqlAddSlashes($GLOBALS['db']) . '\',
+ \'' . PMA_sqlAddSlashes(trim($tab)) . '\',
+ \'' . PMA_sqlAddSlashes(trim($inf[0])) . '\',
+ \'' . PMA_sqlAddSlashes(trim($inf[1])) . '\')';
PMA_importRunQuery($qry, $qry . '-- ' . htmlspecialchars($tab) . '.' . htmlspecialchars($inf[0]), true);
} // end inf[1] exists
if (!empty($inf[2]) && strlen(trim($inf[2])) > 0) {
@@ -81,12 +81,12 @@ if ($data === true && !$error && !$timeout_passed) {
' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation']) . '
(master_db, master_table, master_field, foreign_db, foreign_table, foreign_field)
VALUES (
- \'' . PMA_sqlAddslashes($GLOBALS['db']) . '\',
- \'' . PMA_sqlAddslashes(trim($tab)) . '\',
- \'' . PMA_sqlAddslashes(trim($inf[0])) . '\',
- \'' . PMA_sqlAddslashes($GLOBALS['db']) . '\',
- \'' . PMA_sqlAddslashes(trim($for[0])) . '\',
- \'' . PMA_sqlAddslashes(trim($for[1])) . '\')';
+ \'' . PMA_sqlAddSlashes($GLOBALS['db']) . '\',
+ \'' . PMA_sqlAddSlashes(trim($tab)) . '\',
+ \'' . PMA_sqlAddSlashes(trim($inf[0])) . '\',
+ \'' . PMA_sqlAddSlashes($GLOBALS['db']) . '\',
+ \'' . PMA_sqlAddSlashes(trim($for[0])) . '\',
+ \'' . PMA_sqlAddSlashes(trim($for[1])) . '\')';
PMA_importRunQuery($qry, $qry . '-- ' . htmlspecialchars($tab) . '.' . htmlspecialchars($inf[0]) . '(' . htmlspecialchars($inf[2]) . ')', true);
} // end inf[2] exists
} // End lines loop
diff --git a/libraries/import/ldi.php b/libraries/import/ldi.php
index 56dabf9..fe5264c 100644
--- a/libraries/import/ldi.php
+++ b/libraries/import/ldi.php
@@ -63,7 +63,7 @@ $sql = 'LOAD DATA';
if (isset($ldi_local_option)) {
$sql .= ' LOCAL';
}
-$sql .= ' INFILE \'' . PMA_sqlAddslashes($import_file) . '\'';
+$sql .= ' INFILE \'' . PMA_sqlAddSlashes($import_file) . '\'';
if (isset($ldi_replace)) {
$sql .= ' REPLACE';
} elseif (isset($ldi_ignore)) {
@@ -75,10 +75,10 @@ if (strlen($ldi_terminated) > 0) {
$sql .= ' FIELDS TERMINATED BY \'' . $ldi_terminated . '\'';
}
if (strlen($ldi_enclosed) > 0) {
- $sql .= ' ENCLOSED BY \'' . PMA_sqlAddslashes($ldi_enclosed) . '\'';
+ $sql .= ' ENCLOSED BY \'' . PMA_sqlAddSlashes($ldi_enclosed) . '\'';
}
if (strlen($ldi_escaped) > 0) {
- $sql .= ' ESCAPED BY \'' . PMA_sqlAddslashes($ldi_escaped) . '\'';
+ $sql .= ' ESCAPED BY \'' . PMA_sqlAddSlashes($ldi_escaped) . '\'';
}
if (strlen($ldi_new_line) > 0){
if ($ldi_new_line == 'auto') {
diff --git a/libraries/relation.lib.php b/libraries/relation.lib.php
index 9ac5282..c2acd8e 100644
--- a/libraries/relation.lib.php
+++ b/libraries/relation.lib.php
@@ -380,10 +380,10 @@ function PMA_getForeigners($db, $table, $column = '', $source = 'both')
`foreign_table`,
`foreign_field`
FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation']) . '
- WHERE `master_db` = \'' . PMA_sqlAddslashes($db) . '\'
- AND `master_table` = \'' . PMA_sqlAddslashes($table) . '\' ';
+ WHERE `master_db` = \'' . PMA_sqlAddSlashes($db) . '\'
+ AND `master_table` = \'' . PMA_sqlAddSlashes($table) . '\' ';
if (strlen($column)) {
- $rel_query .= ' AND `master_field` = \'' . PMA_sqlAddslashes($column) . '\'';
+ $rel_query .= ' AND `master_field` = \'' . PMA_sqlAddSlashes($column) . '\'';
}
$foreign = PMA_DBI_fetch_result($rel_query, 'master_field', null, $GLOBALS['controllink']);
}
@@ -473,8 +473,8 @@ function PMA_getDisplayField($db, $table)
$disp_query = '
SELECT `display_field`
FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_info']) . '
- WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($table) . '\'';
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($table) . '\'';
$row = PMA_DBI_fetch_single_row($disp_query, 'ASSOC', $GLOBALS['controllink']);
if (isset($row['display_field'])) {
@@ -545,7 +545,7 @@ function PMA_getDbComment($db)
$com_qry = "
SELECT `comment`
FROM " . PMA_backquote($cfgRelation['db']) . "." . PMA_backquote($cfgRelation['column_info']) . "
- WHERE db_name = '" . PMA_sqlAddslashes($db) . "'
+ WHERE db_name = '" . PMA_sqlAddSlashes($db) . "'
AND table_name = ''
AND column_name = '(db_comment)'";
$com_rs = PMA_query_as_controluser($com_qry, true, PMA_DBI_QUERY_STORE);
@@ -613,17 +613,17 @@ function PMA_setDbComment($db, $comment = '')
" . PMA_backquote($cfgRelation['db']) . "." . PMA_backquote($cfgRelation['column_info']) . "
(`db_name`, `table_name`, `column_name`, `comment`)
VALUES (
- '" . PMA_sqlAddslashes($db) . "',
+ '" . PMA_sqlAddSlashes($db) . "',
'',
'(db_comment)',
- '" . PMA_sqlAddslashes($comment) . "')
+ '" . PMA_sqlAddSlashes($comment) . "')
ON DUPLICATE KEY UPDATE
- `comment` = '" . PMA_sqlAddslashes($comment) . "'";
+ `comment` = '" . PMA_sqlAddSlashes($comment) . "'";
} else {
$upd_query = '
DELETE FROM
' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . '
- WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\'
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($db) . '\'
AND `table_name` = \'\'
AND `column_name` = \'(db_comment)\'';
}
@@ -686,11 +686,11 @@ function PMA_setHistory($db, $table, $username, $sqlquery)
`timevalue`,
`sqlquery`)
VALUES
- (\'' . PMA_sqlAddslashes($username) . '\',
- \'' . PMA_sqlAddslashes($db) . '\',
- \'' . PMA_sqlAddslashes($table) . '\',
+ (\'' . PMA_sqlAddSlashes($username) . '\',
+ \'' . PMA_sqlAddSlashes($db) . '\',
+ \'' . PMA_sqlAddSlashes($table) . '\',
NOW(),
- \'' . PMA_sqlAddslashes($sqlquery) . '\')');
+ \'' . PMA_sqlAddSlashes($sqlquery) . '\')');
} // end of 'PMA_setHistory()' function
/**
@@ -713,7 +713,7 @@ function PMA_getHistory($username)
`table`,
`sqlquery`
FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['history']) . '
- WHERE `username` = \'' . PMA_sqlAddslashes($username) . '\'
+ WHERE `username` = \'' . PMA_sqlAddSlashes($username) . '\'
ORDER BY `id` DESC';
return PMA_DBI_fetch_result($hist_query, null, null, $GLOBALS['controllink']);
@@ -930,9 +930,9 @@ function PMA_getForeignData($foreigners, $field, $override_total, $foreign_filte
. (($foreign_display == false) ? '' : ', ' . PMA_backquote($foreign_display));
$f_query_from = ' FROM ' . PMA_backquote($foreign_db) . '.' . PMA_backquote($foreign_table);
$f_query_filter = empty($foreign_filter) ? '' : ' WHERE ' . PMA_backquote($foreign_field)
- . ' LIKE "%' . PMA_sqlAddslashes($foreign_filter, true) . '%"'
+ . ' LIKE "%' . PMA_sqlAddSlashes($foreign_filter, true) . '%"'
. (($foreign_display == false) ? '' : ' OR ' . PMA_backquote($foreign_display)
- . ' LIKE "%' . PMA_sqlAddslashes($foreign_filter, true) . '%"'
+ . ' LIKE "%' . PMA_sqlAddSlashes($foreign_filter, true) . '%"'
);
$f_query_order = ($foreign_display == false) ? '' :' ORDER BY ' . PMA_backquote($foreign_table) . '.' . PMA_backquote($foreign_display);
$f_query_limit = isset($foreign_limit) ? $foreign_limit : '';
@@ -999,8 +999,8 @@ function PMA_getRelatives($from)
$rel_query = 'SELECT *'
. ' FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db'])
. '.' . PMA_backquote($GLOBALS['cfgRelation']['relation'])
- . ' WHERE ' . $from . '_db = \'' . PMA_sqlAddslashes($GLOBALS['db']) . '\''
- . ' AND ' . $to . '_db = \'' . PMA_sqlAddslashes($GLOBALS['db']) . '\''
+ . ' WHERE ' . $from . '_db = \'' . PMA_sqlAddSlashes($GLOBALS['db']) . '\''
+ . ' AND ' . $to . '_db = \'' . PMA_sqlAddSlashes($GLOBALS['db']) . '\''
. ' AND ' . $from . '_table IN ' . $in_know
. ' AND ' . $to . '_table IN ' . $in_left;
$relations = @PMA_DBI_query($rel_query, $GLOBALS['controllink']);
@@ -1038,26 +1038,26 @@ function PMA_REL_renameField($db, $table, $field, $new_name)
if ($cfgRelation['displaywork']) {
$table_query = 'UPDATE ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' SET display_field = \'' . PMA_sqlAddslashes($new_name) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND display_field = \'' . PMA_sqlAddslashes($field) . '\'';
+ . ' SET display_field = \'' . PMA_sqlAddSlashes($new_name) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND display_field = \'' . PMA_sqlAddSlashes($field) . '\'';
PMA_query_as_controluser($table_query);
}
if ($cfgRelation['relwork']) {
$table_query = 'UPDATE ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' SET master_field = \'' . PMA_sqlAddslashes($new_name) . '\''
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND master_field = \'' . PMA_sqlAddslashes($field) . '\'';
+ . ' SET master_field = \'' . PMA_sqlAddSlashes($new_name) . '\''
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND master_field = \'' . PMA_sqlAddSlashes($field) . '\'';
PMA_query_as_controluser($table_query);
$table_query = 'UPDATE ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' SET foreign_field = \'' . PMA_sqlAddslashes($new_name) . '\''
- . ' WHERE foreign_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND foreign_table = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND foreign_field = \'' . PMA_sqlAddslashes($field) . '\'';
+ . ' SET foreign_field = \'' . PMA_sqlAddSlashes($new_name) . '\''
+ . ' WHERE foreign_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND foreign_table = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND foreign_field = \'' . PMA_sqlAddSlashes($field) . '\'';
PMA_query_as_controluser($table_query);
} // end if relwork
}
@@ -1077,7 +1077,7 @@ function PMA_REL_create_page($newpage, $cfgRelation, $db, $query_default_option)
}
$ins_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages'])
. ' (db_name, page_descr)'
- . ' VALUES (\'' . PMA_sqlAddslashes($db) . '\', \'' . PMA_sqlAddslashes($newpage) . '\')';
+ . ' VALUES (\'' . PMA_sqlAddSlashes($db) . '\', \'' . PMA_sqlAddSlashes($newpage) . '\')';
PMA_query_as_controluser($ins_query, false, $query_default_option);
return PMA_DBI_insert_id(isset($GLOBALS['controllink']) ? $GLOBALS['controllink'] : '');
}
diff --git a/libraries/relation_cleanup.lib.php b/libraries/relation_cleanup.lib.php
index a03cf1f..3546fbb 100644
--- a/libraries/relation_cleanup.lib.php
+++ b/libraries/relation_cleanup.lib.php
@@ -22,31 +22,31 @@ function PMA_relationsCleanupColumn($db, $table, $column)
if ($cfgRelation['commwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND column_name = \'' . PMA_sqlAddslashes($column) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND column_name = \'' . PMA_sqlAddSlashes($column) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['displaywork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND display_field = \'' . PMA_sqlAddslashes($column) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND display_field = \'' . PMA_sqlAddSlashes($column) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['relwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND master_field = \'' . PMA_sqlAddslashes($column) . '\'';
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND master_field = \'' . PMA_sqlAddSlashes($column) . '\'';
PMA_query_as_controluser($remove_query);
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE foreign_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND foreign_table = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND foreign_field = \'' . PMA_sqlAddslashes($column) . '\'';
+ . ' WHERE foreign_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND foreign_table = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND foreign_field = \'' . PMA_sqlAddSlashes($column) . '\'';
PMA_query_as_controluser($remove_query);
}
}
@@ -63,41 +63,41 @@ function PMA_relationsCleanupTable($db, $table)
if ($cfgRelation['commwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['displaywork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['pdfwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['designerwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['designer_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['relwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($table) . '\'';
PMA_query_as_controluser($remove_query);
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE foreign_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND foreign_table = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE foreign_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND foreign_table = \'' . PMA_sqlAddSlashes($table) . '\'';
PMA_query_as_controluser($remove_query);
}
}
@@ -113,45 +113,45 @@ function PMA_relationsCleanupDatabase($db)
if ($cfgRelation['commwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['bookmarkwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['bookmark'])
- . ' WHERE dbase = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE dbase = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['displaywork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['pdfwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['designerwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['designer_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['relwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE foreign_db = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE foreign_db = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
}
}
diff --git a/libraries/schema/Dia_Relation_Schema.class.php b/libraries/schema/Dia_Relation_Schema.class.php
index e2f5236..bccf214 100644
--- a/libraries/schema/Dia_Relation_Schema.class.php
+++ b/libraries/schema/Dia_Relation_Schema.class.php
@@ -240,8 +240,8 @@ class Table_Stats
$sql = 'SELECT x, y FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($tableName) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($tableName) . '\''
. ' AND pdf_page_number = ' . $pageNumber;
$result = PMA_query_as_controluser($sql, false, PMA_DBI_QUERY_STORE);
if (!$result || !PMA_DBI_num_rows($result)) {
diff --git a/libraries/schema/Eps_Relation_Schema.class.php b/libraries/schema/Eps_Relation_Schema.class.php
index 7dbec6d..50ea7e3 100644
--- a/libraries/schema/Eps_Relation_Schema.class.php
+++ b/libraries/schema/Eps_Relation_Schema.class.php
@@ -427,8 +427,8 @@ class Table_Stats
// x and y
$sql = 'SELECT x, y FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($tableName) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($tableName) . '\''
. ' AND pdf_page_number = ' . $pageNumber;
$result = PMA_query_as_controluser($sql, false, PMA_DBI_QUERY_STORE);
diff --git a/libraries/schema/Export_Relation_Schema.class.php b/libraries/schema/Export_Relation_Schema.class.php
index 6c9cca7..bfdb063 100644
--- a/libraries/schema/Export_Relation_Schema.class.php
+++ b/libraries/schema/Export_Relation_Schema.class.php
@@ -162,7 +162,7 @@ class PMA_Export_Relation_Schema
global $cfgRelation;
// Get All tables
$tab_sql = 'SELECT table_name FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
. ' AND pdf_page_number = ' . $pageNumber;
$tab_rs = PMA_query_as_controluser($tab_sql, null, PMA_DBI_QUERY_STORE);
@@ -170,7 +170,7 @@ class PMA_Export_Relation_Schema
$this->dieSchema('',__('This page does not contain any tables!'));
}
while ($curr_table = @PMA_DBI_fetch_assoc($tab_rs)) {
- $alltables[] = PMA_sqlAddslashes($curr_table['table_name']);
+ $alltables[] = PMA_sqlAddSlashes($curr_table['table_name']);
}
return $alltables;
}
diff --git a/libraries/schema/Pdf_Relation_Schema.class.php b/libraries/schema/Pdf_Relation_Schema.class.php
index d6f212f..abdcf6c�schema/Pdf_Relation_Schema.class.php b/libraries/schema/Pdf_Relation_Schema.class.php��uote($cfgRelation['table_coords'])��y);��true);���);��nsform_function, $default_function, $nowrap, $where_comparison, $transform_options, $is_field_truncated);��'label']) . '\')';���+��6�������� ������������
������
!������
!������Ru�����Ru���xd�V�+������������Ru�����������"�nU�+�����������nU�+���Ru����nU�+��O�Ru�����������_�V�+���nU�+���P�V�+���T�V�+���Y�V�+���4pU�+����������xd�V�+������������Ru�����������`�Ru�����nU�+���!������!������Ru�����Ru����-kV�+����������p�Ru����������"�nU�+�����������nU�+���Ru����nU�+��O�Ru���@�Ru���8�Ru���ˏU�+���p�����������Ru����nU�+���4pU�+������������������p�Ru����������@�Ru�����nU�+����������G�������H���I�������J���K�����������M���N���O�������P����Ru�����Ru���H�AV�+�����������Ru����������"�nU�+�����������nU�+���Ru����������0_�V�+���nU�+���p�V�+��� V�+���P�V�+���T�V�+���Y�V�+���4pU�+����������H�AV�+�����������Ru����������P�Ru�����nU�+��8�AV�+�����������Ru������������Ru�����nU�+��(�AV�+�����������Ru������������Ru�����nU�+���AV�+�����������Ru������������Ru�����nU�+�� ��������^�V�+���nU�+����������Y�V�+��`�Ru������������h V�+���nU�+����������T�V�+����Ru�����������yh V�+���nU�+����������P�V�+����Ru�����������Zh V�+���nU�+��� V�+���p�V�+��� V�+���P�V�+���t�V�+���T�V�+���Y�V�+���4pU�+�����������]
V�+����������0�Ru������������Ru�����nU�+��#���%�������'�������)�������*���-���.���0���3�������5���6���7���8���:���<���=����Ru�����Ru���p��U�+����������P�Ru�����������"�nU�+�����������������8�V�+���nU�+���t�V�+���y�V�+���4pU�+��������������������������c���f���ݵU�+����Ru���p��U�+����������P�Ru����������� �Ru�����nU�+���%� ����wq�-������s��,~9��u]�� 4Q��U^Qʉ���u������*ēv�r�U�+������������Ru���F�RW�+��F�RW�+���������?ŸU�+�����������Ru�����Ru�����Ru���ݵU�+���nU�+���ďU�+����Ru���B�RW�+����Ru���O�Ru����\�U�+����Ru�������������������B�RW�+������������Ru�����nU������������ 100644
--- a/libraries/schema/Pdf_Relation_Schema.class.php
+++ b/libraries/schema/Pdf_Relation_Schema.class.php
@@ -219,7 +219,7 @@ class PMA_PDF extends TCPDF
global $cfgRelation, $db, $pdf_page_number, $with_doc;
if ($with_doc) {
$test_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
. ' AND page_nr = \'' . $pdf_page_number . '\'';
$test_rs = PMA_query_as_controluser($test_query);
$pages = @PMA_DBI_fetch_assoc($test_rs);
@@ -510,8 +510,8 @@ class Table_Stats
}
$sql = 'SELECT x, y FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($tableName) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($tableName) . '\''
. ' AND pdf_page_number = ' . $pageNumber;
$result = PMA_query_as_controluser($sql, false, PMA_DBI_QUERY_STORE);
if (!$result || !PMA_DBI_num_rows($result)) {
diff --git a/libraries/schema/Svg_Relation_Schema.class.php b/libraries/schema/Svg_Relation_Schema.class.php
index 73d67e9..c845efe 100644
--- a/libraries/schema/Svg_Relation_Schema.class.php
+++ b/libraries/schema/Svg_Relation_Schema.class.php
@@ -397,8 +397,8 @@ class Table_Stats
// x and y
$sql = 'SELECT x, y FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($tableName) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($tableName) . '\''
. ' AND pdf_page_number = ' . $pageNumber;
$result = PMA_query_as_controluser($sql, false, PMA_DBI_QUERY_STORE);
diff --git a/libraries/schema/User_Schema.class.php b/libraries/schema/User_Schema.class.php
index 98216fe..641acf4 100644
--- a/libraries/schema/User_Schema.class.php
+++ b/libraries/schema/User_Schema.class.php
@@ -134,7 +134,7 @@ class PMA_User_Schema
{
global $db,$table,$query_default_option,$cfgRelation;
$page_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
$page_rs = PMA_query_as_controluser($page_query, false, $query_default_option);
if ($page_rs && PMA_DBI_num_rows($page_rs) > 0) {
?>
@@ -207,8 +207,8 @@ class PMA_User_Schema
<h2><?php echo __('Select Tables') ;?></h2>
<?php
$page_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND pdf_page_number = \'' . PMA_sqlAddslashes($this->chosenPage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($this->chosenPage) . '\'';
$page_rs = PMA_query_as_controluser($page_query, false, $query_default_option);
$array_sh_page = array();
while ($temp_sh_page = @PMA_DBI_fetch_assoc($page_rs)) {
@@ -540,9 +540,9 @@ class PMA_User_Schema
{
foreach ($delrow as $current_row) {
$del_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' ' . "\n"
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' . "\n"
- . ' AND table_name = \'' . PMA_sqlAddslashes($current_row) . '\'' . "\n"
- . ' AND pdf_page_number = \'' . PMA_sqlAddslashes($chpage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'' . "\n"
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($current_row) . '\'' . "\n"
+ . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($chpage) . '\'';
echo $del_query;
PMA_query_as_controluser($del_query, false, $query_default_option);
}
@@ -585,8 +585,8 @@ class PMA_User_Schema
public function deleteCoordinates($db, $cfgRelation, $choosePage, $query_default_option)
{
$query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND pdf_page_number = \'' . PMA_sqlAddslashes($choosePage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($choosePage) . '\'';
PMA_query_as_controluser($query, false, $query_default_option);
}
@@ -602,8 +602,8 @@ class PMA_User_Schema
public function deletePages($db, $cfgRelation, $choosePage, $query_default_option)
{
$query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND page_nr = \'' . PMA_sqlAddslashes($choosePage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND page_nr = \'' . PMA_sqlAddSlashes($choosePage) . '\'';
PMA_query_as_controluser($query, false, $query_default_option);
}
@@ -734,7 +734,7 @@ class PMA_User_Schema
*/
$insert_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' '
. '(db_name, table_name, pdf_page_number, x, y) '
- . 'VALUES (\'' . PMA_sqlAddslashes($db) . '\', \'' . PMA_sqlAddslashes($current_table) . '\',' . $pageNumber . ',' . $pos_x . ',' . $pos_y . ')';
+ . 'VALUES (\'' . PMA_sqlAddSlashes($db) . '\', \'' . PMA_sqlAddSlashes($current_table) . '\',' . $pageNumber . ',' . $pos_x . ',' . $pos_y . ')';
PMA_query_as_controluser($insert_query, false, $query_default_option);
/*
@@ -787,28 +787,28 @@ class PMA_User_Schema
}
if (isset($arrvalue['name']) && $arrvalue['name'] != '--') {
$test_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($arrvalue['name']) . '\''
- . ' AND pdf_page_number = \'' . PMA_sqlAddslashes($this->chosenPage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($arrvalue['name']) . '\''
+ . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($this->chosenPage) . '\'';
$test_rs = PMA_query_as_controluser($test_query, false, $query_default_option);
//echo $test_query;
if ($test_rs && PMA_DBI_num_rows($test_rs) > 0) {
if (isset($arrvalue['delete']) && $arrvalue['delete'] == 'y') {
$ch_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($arrvalue['name']) . '\''
- . ' AND pdf_page_number = \'' . PMA_sqlAddslashes($this->chosenPage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($arrvalue['name']) . '\''
+ . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($this->chosenPage) . '\'';
} else {
$ch_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' '
. 'SET x = ' . $arrvalue['x'] . ', y= ' . $arrvalue['y']
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($arrvalue['name']) . '\''
- . ' AND pdf_page_number = \'' . PMA_sqlAddslashes($this->chosenPage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($arrvalue['name']) . '\''
+ . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($this->chosenPage) . '\'';
}
} else {
$ch_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' '
. '(db_name, table_name, pdf_page_number, x, y) '
- . 'VALUES (\'' . PMA_sqlAddslashes($db) . '\', \'' . PMA_sqlAddslashes($arrvalue['name']) . '\', \'' . PMA_sqlAddslashes($this->chosenPage) . '\',' . $arrvalue['x'] . ',' . $arrvalue['y'] . ')';
+ . 'VALUES (\'' . PMA_sqlAddSlashes($db) . '\', \'' . PMA_sqlAddSlashes($arrvalue['name']) . '\', \'' . PMA_sqlAddSlashes($this->chosenPage) . '\',' . $arrvalue['x'] . ',' . $arrvalue['y'] . ')';
}
//echo $ch_query;
PMA_query_as_controluser($ch_query, false, $query_default_option);
diff --git a/libraries/schema/Visio_Relation_Schema.class.php b/libraries/schema/Visio_Relation_Schema.class.php
index 663c7e8..011e73e 100644
--- a/libraries/schema/Visio_Relation_Schema.class.php
+++ b/libraries/schema/Visio_Relation_Schema.class.php
@@ -243,8 +243,8 @@ class Table_Stats
// x and y
$sql = 'SELECT x, y FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($tableName) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($tableName) . '\''
. ' AND pdf_page_number = ' . $pageNumber;
$result = PMA_query_as_controluser($sql, false, PMA_DBI_QUERY_STORE);
diff --git a/libraries/server_synchronize.lib.php b/libraries/server_synchronize.lib.php
index 1d73f13..8f276be 100644
--- a/libraries/server_synchronize.lib.php
+++ b/libraries/server_synchronize.lib.php
@@ -560,11 +560,11 @@ function PMA_insertIntoTargetTable($matching_table, $src_db, $trg_db, $src_link,
}
$insert_query .= ") VALUES(";
if (sizeof($table_fields[$matching_table_index]) == 1) {
- $insert_query .= "'" . PMA_sqlAddslashes($result[0]) . "'";
+ $insert_query .= "'" . PMA_sqlAddSlashes($result[0]) . "'";
} else {
for ($field_index = 0; $field_index < sizeof($table_fields[$matching_table_index]); $field_index++) {
if (isset($result[0][$table_fields[$matching_table_index][$field_index]])) {
- $insert_query .= "'" . PMA_sqlAddslashes($result[0][$table_fields[$matching_table_index][$field_index]]) . "'";
+ $insert_query .= "'" . PMA_sqlAddSlashes($result[0][$table_fields[$matching_table_index][$field_index]]) . "'";
} else {
$insert_query .= "'NULL'";
}
@@ -660,7 +660,7 @@ function PMA_populateTargetTables($src_db, $trg_db, $src_link, $trg_link, $uncom
$insert_query .= '(';
$key_of_last_value = count($one_row) - 1;
foreach($one_row as $key => $value) {
- $insert_query .= "'" . PMA_sqlAddslashes($value) . "'";
+ $insert_query .= "'" . PMA_sqlAddSlashes($value) . "'";
if ($key < $key_of_last_value) {
$insert_query .= ",";
}
diff --git a/libraries/tbl_replace_fields.inc.php b/libraries/tbl_replace_fields.inc.php
index 71bbfbc..32da9c0 100644
--- a/libraries/tbl_replace_fields.inc.php
+++ b/libraries/tbl_replace_fields.inc.php
@@ -69,7 +69,7 @@ if (false !== $possibly_uploaded_val) {
} elseif ($type == 'set') {
if (! empty($_REQUEST['fields']['multi_edit'][$rownumber][$key])) {
$val = implode(',', $_REQUEST['fields']['multi_edit'][$rownumber][$key]);
- $val = "'" . PMA_sqlAddslashes($val) . "'";
+ $val = "'" . PMA_sqlAddSlashes($val) . "'";
}
} elseif ($type == 'protected') {
// here we are in protected mode (asked in the config)
@@ -87,9 +87,9 @@ if (false !== $possibly_uploaded_val) {
}
} elseif ($type == 'bit') {
$val = preg_replace('/[^01]/', '0', $val);
- $val = "b'" . PMA_sqlAddslashes($val) . "'";
+ $val = "b'" . PMA_sqlAddSlashes($val) . "'";
} elseif (! (($type == 'datetime' || $type == 'timestamp') && $val == 'CURRENT_TIMESTAMP')) {
- $val = "'" . PMA_sqlAddslashes($val) . "'";
+ $val = "'" . PMA_sqlAddSlashes($val) . "'";
}
// Was the Null checkbox checked for this field?
diff --git a/libraries/transformations.lib.php b/libraries/transformations.lib.php
index 98d0b14..e58ecf8 100644
--- a/libraries/transformations.lib.php
+++ b/libraries/transformations.lib.php
@@ -137,8 +137,8 @@ function PMA_getMIME($db, $table, $strict = false)
`transformation`,
`transformation_options`
FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . '
- WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($table) . '\'
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($table) . '\'
AND ( `mimetype` != \'\'' . (!$strict ? '
OR `transformation` != \'\'
OR `transformation_options` != \'\'' : '') . ')';
@@ -171,9 +171,9 @@ function PMA_setMIME($db, $table, $key, $mimetype, $transformation,
SELECT `mimetype`,
`comment`
FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . '
- WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($table) . '\'
- AND `column_name` = \'' . PMA_sqlAddslashes($key) . '\'';
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($table) . '\'
+ AND `column_name` = \'' . PMA_sqlAddSlashes($key) . '\'';
$test_rs = PMA_query_as_controluser($test_qry, true, PMA_DBI_QUERY_STORE);
if ($test_rs && PMA_DBI_num_rows($test_rs) > 0) {
@@ -185,27 +185,27 @@ function PMA_setMIME($db, $table, $key, $mimetype, $transformation,
|| strlen($transformation_options) || strlen($row['comment']))) {
$upd_query = '
UPDATE ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . '
- SET `mimetype` = \'' . PMA_sqlAddslashes($mimetype) . '\',
- `transformation` = \'' . PMA_sqlAddslashes($transformation) . '\',
- `transformation_options` = \'' . PMA_sqlAddslashes($transformation_options) . '\'';
+ SET `mimetype` = \'' . PMA_sqlAddSlashes($mimetype) . '\',
+ `transformation` = \'' . PMA_sqlAddSlashes($transformation) . '\',
+ `transformation_options` = \'' . PMA_sqlAddSlashes($transformation_options) . '\'';
} else {
$upd_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']);
}
$upd_query .= '
- WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($table) . '\'
- AND `column_name` = \'' . PMA_sqlAddslashes($key) . '\'';
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($table) . '\'
+ AND `column_name` = \'' . PMA_sqlAddSlashes($key) . '\'';
} elseif (strlen($mimetype) || strlen($transformation)
|| strlen($transformation_options)) {
$upd_query = 'INSERT INTO ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info'])
. ' (db_name, table_name, column_name, mimetype, transformation, transformation_options) '
. ' VALUES('
- . '\'' . PMA_sqlAddslashes($db) . '\','
- . '\'' . PMA_sqlAddslashes($table) . '\','
- . '\'' . PMA_sqlAddslashes($key) . '\','
- . '\'' . PMA_sqlAddslashes($mimetype) . '\','
- . '\'' . PMA_sqlAddslashes($transformation) . '\','
- . '\'' . PMA_sqlAddslashes($transformation_options) . '\')';
+ . '\'' . PMA_sqlAddSlashes($db) . '\','
+ . '\'' . PMA_sqlAddSlashes($table) . '\','
+ . '\'' . PMA_sqlAddSlashes($key) . '\','
+ . '\'' . PMA_sqlAddSlashes($mimetype) . '\','
+ . '\'' . PMA_sqlAddSlashes($transformation) . '\','
+ . '\'' . PMA_sqlAddSlashes($transformation_options) . '\')';
}
if (isset($upd_query)){
diff --git a/libraries/user_preferences.lib.php b/libraries/user_preferences.lib.php
index 632e3e2..2246a4d 100644
--- a/libraries/user_preferences.lib.php
+++ b/libraries/user_preferences.lib.php
@@ -52,7 +52,7 @@ function PMA_load_userprefs()
$query = '
SELECT `config_data`, UNIX_TIMESTAMP(`timevalue`) ts
FROM ' . $query_table . '
- WHERE `username` = \'' . PMA_sqlAddslashes($cfgRelation['user']) . '\'';
+ WHERE `username` = \'' . PMA_sqlAddSlashes($cfgRelation['user']) . '\'';
$row = PMA_DBI_fetch_single_row($query, 'ASSOC', $GLOBALS['controllink']);
return array(
@@ -90,20 +90,20 @@ function PMA_save_userprefs(array $config_array)
$query = '
SELECT `username`
FROM ' . $query_table . '
- WHERE `username` = \'' . PMA_sqlAddslashes($cfgRelation['user']) . '\'';
+ WHERE `username` = \'' . PMA_sqlAddSlashes($cfgRelation['user']) . '\'';
$has_config = PMA_DBI_fetch_value($query, 0, 0, $GLOBALS['controllink']);
$config_data = json_encode($config_array);
if ($has_config) {
$query = '
UPDATE ' . $query_table . '
- SET `config_data` = \'' . PMA_sqlAddslashes($config_data) . '\'
- WHERE `username` = \'' . PMA_sqlAddslashes($cfgRelation['user']) . '\'';
+ SET `config_data` = \'' . PMA_sqlAddSlashes($config_data) . '\'
+ WHERE `username` = \'' . PMA_sqlAddSlashes($cfgRelation['user']) . '\'';
} else {
$query = '
INSERT INTO ' . $query_table . ' (`username`, `config_data`)
- VALUES (\'' . PMA_sqlAddslashes($cfgRelation['user']) . '\',
- \'' . PMA_sqlAddslashes($config_data) . '\')';
+ VALUES (\'' . PMA_sqlAddSlashes($cfgRelation['user']) . '\',
+ \'' . PMA_sqlAddSlashes($config_data) . '\')';
}
if (isset($_SESSION['cache'][$cache_key]['userprefs'])) {
unset($_SESSION['cache'][$cache_key]['userprefs']);
diff --git a/pmd_display_field.php b/pmd_display_field.php
index 21ef7f2..0e51cd7 100644
--- a/pmd_display_field.php
+++ b/pmd_display_field.php
@@ -19,21 +19,21 @@ if ($cfgRelation['displaywork']) {
if ($disp) {
if ($display_field != $disp) {
$upd_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' SET display_field = \'' . PMA_sqlAddslashes($display_field) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' SET display_field = \'' . PMA_sqlAddSlashes($display_field) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
} else {
$upd_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
}
} elseif ($display_field != '') {
$upd_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
. '(db_name, table_name, display_field) '
. ' VALUES('
- . '\'' . PMA_sqlAddslashes($db) . '\','
- . '\'' . PMA_sqlAddslashes($table) . '\','
- . '\'' . PMA_sqlAddslashes($display_field) . '\')';
+ . '\'' . PMA_sqlAddSlashes($db) . '\','
+ . '\'' . PMA_sqlAddSlashes($table) . '\','
+ . '\'' . PMA_sqlAddSlashes($display_field) . '\')';
}
if (isset($upd_query)) {
diff --git a/pmd_pdf.php b/pmd_pdf.php
index 4972ae2..d697dd5 100644
--- a/pmd_pdf.php
+++ b/pmd_pdf.php
@@ -22,7 +22,7 @@ if (isset($mode)) {
$pmd_table = PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['designer_coords']);
$pma_table = PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']);
- $scale_q = PMA_sqlAddslashes($scale);
+ $scale_q = PMA_sqlAddSlashes($scale);
if ('create_export' == $mode) {
/*
@@ -38,10 +38,10 @@ if (isset($mode)) {
}
}
- $pdf_page_number_q = PMA_sqlAddslashes($pdf_page_number);
+ $pdf_page_number_q = PMA_sqlAddSlashes($pdf_page_number);
if ('export' == $mode) {
- $sql = "REPLACE INTO " . $pma_table . " (db_name, table_name, pdf_page_number, x, y) SELECT db_name, table_name, " . $pdf_page_number_q . ", ROUND(x/" . $scale_q . ") , ROUND(y/" . $scale_q . ") y FROM " . $pmd_table . " WHERE db_name = '" . PMA_sqlAddslashes($db) . "'";
+ $sql = "REPLACE INTO " . $pma_table . " (db_name, table_name, pdf_page_number, x, y) SELECT db_name, table_name, " . $pdf_page_number_q . ", ROUND(x/" . $scale_q . ") , ROUND(y/" . $scale_q . ") y FROM " . $pmd_table . " WHERE db_name = '" . PMA_sqlAddSlashes($db) . "'";
PMA_query_as_controluser($sql,true,PMA_DBI_QUERY_STORE);
}
@@ -56,7 +56,7 @@ if (isset($mode)) {
AND
' . $pmd_table . '.`table_name` = ' . $pma_table . '.`table_name`
AND
- ' . $pmd_table . '.`db_name`=\''. PMA_sqlAddslashes($db) .'\'
+ ' . $pmd_table . '.`db_name`=\''. PMA_sqlAddSlashes($db) .'\'
AND pdf_page_number = ' . $pdf_page_number_q . ';', true, PMA_DBI_QUERY_STORE);
}
}
@@ -83,7 +83,7 @@ $choices = array();
$table_info_result = PMA_query_as_controluser('SELECT * FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'');
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'');
if (PMA_DBI_num_rows($table_info_result) > 0) {
echo '<p>' . __('Page') . ':';
diff --git a/pmd_relation_new.php b/pmd_relation_new.php
index da92e97..a104cc1 100644
--- a/pmd_relation_new.php
+++ b/pmd_relation_new.php
@@ -73,12 +73,12 @@ if (PMA_foreignkey_supported($type_T1) && PMA_foreignkey_supported($type_T2) &&
$q = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['relation'])
. '(master_db, master_table, master_field, foreign_db, foreign_table, foreign_field)'
. ' values('
- . '\'' . PMA_sqlAddslashes($db) . '\', '
- . '\'' . PMA_sqlAddslashes($T2) . '\', '
- . '\'' . PMA_sqlAddslashes($F2) . '\', '
- . '\'' . PMA_sqlAddslashes($db) . '\', '
- . '\'' . PMA_sqlAddslashes($T1) . '\','
- . '\'' . PMA_sqlAddslashes($F1) . '\')';
+ . '\'' . PMA_sqlAddSlashes($db) . '\', '
+ . '\'' . PMA_sqlAddSlashes($T2) . '\', '
+ . '\'' . PMA_sqlAddSlashes($F2) . '\', '
+ . '\'' . PMA_sqlAddSlashes($db) . '\', '
+ . '\'' . PMA_sqlAddSlashes($T1) . '\','
+ . '\'' . PMA_sqlAddSlashes($F1) . '\')';
if (PMA_query_as_controluser($q , false, PMA_DBI_QUERY_STORE)) {
PMD_return_new(1, __('Internal relation added'));
diff --git a/pmd_relation_upd.php b/pmd_relation_upd.php
index 6b4b92b..58c9135 100644
--- a/pmd_relation_upd.php
+++ b/pmd_relation_upd.php
@@ -44,12 +44,12 @@ if ($try_to_delete_internal_relation) {
PMA_query_as_controluser('DELETE FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. $cfg['Server']['relation'].' WHERE '
- . 'master_db = \'' . PMA_sqlAddslashes($DB2) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($T2) . '\''
- . ' AND master_field = \'' . PMA_sqlAddslashes($F2) . '\''
- . ' AND foreign_db = \'' . PMA_sqlAddslashes($DB1) . '\''
- . ' AND foreign_table = \'' . PMA_sqlAddslashes($T1) . '\''
- . ' AND foreign_field = \'' . PMA_sqlAddslashes($F1) . '\''
+ . 'master_db = \'' . PMA_sqlAddSlashes($DB2) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($T2) . '\''
+ . ' AND master_field = \'' . PMA_sqlAddSlashes($F2) . '\''
+ . ' AND foreign_db = \'' . PMA_sqlAddSlashes($DB1) . '\''
+ . ' AND foreign_table = \'' . PMA_sqlAddSlashes($T1) . '\''
+ . ' AND foreign_field = \'' . PMA_sqlAddSlashes($F1) . '\''
, false, PMA_DBI_QUERY_STORE);
}
PMD_return_upd(1, __('Relation deleted'));
diff --git a/pmd_save_pos.php b/pmd_save_pos.php
index fb9d1eb..6fefe63 100644
--- a/pmd_save_pos.php
+++ b/pmd_save_pos.php
@@ -20,18 +20,18 @@ foreach ($t_x as $key => $value) {
$KEY = empty($IS_AJAX) ? urldecode($key) : $key; // table name decode (post PDF exp/imp)
list($DB,$TAB) = explode(".", $KEY);
PMA_query_as_controluser('DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['designer_coords']) . '
- WHERE `db_name` = \'' . PMA_sqlAddslashes($DB) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($TAB) . '\'', true, PMA_DBI_QUERY_STORE);
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($DB) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($TAB) . '\'', true, PMA_DBI_QUERY_STORE);
PMA_query_as_controluser('INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['designer_coords']) . '
(db_name, table_name, x, y, v, h)
VALUES ('
- . '\'' . PMA_sqlAddslashes($DB) . '\', '
- . '\'' . PMA_sqlAddslashes($TAB) . '\', '
- . '\'' . PMA_sqlAddslashes($t_x[$key]) . '\', '
- . '\'' . PMA_sqlAddslashes($t_y[$key]) . '\', '
- . '\'' . PMA_sqlAddslashes($t_v[$key]) . '\', '
- . '\'' . PMA_sqlAddslashes($t_h[$key]) . '\''
+ . '\'' . PMA_sqlAddSlashes($DB) . '\', '
+ . '\'' . PMA_sqlAddSlashes($TAB) . '\', '
+ . '\'' . PMA_sqlAddSlashes($t_x[$key]) . '\', '
+ . '\'' . PMA_sqlAddSlashes($t_y[$key]) . '\', '
+ . '\'' . PMA_sqlAddSlashes($t_v[$key]) . '\', '
+ . '\'' . PMA_sqlAddSlashes($t_h[$key]) . '\''
. ')', true, PMA_DBI_QUERY_STORE);
}
//----------------------------------------------------------------------------
diff --git a/server_privileges.php b/server_privileges.php
index cedbcef..7cd802f 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -166,8 +166,8 @@ function PMA_RangeOfUsers($initial = '')
// strtolower() is used because the User field
// might be BINARY, so LIKE would be case sensitive
if (!empty($initial)) {
- $ret = " WHERE `User` LIKE '" . PMA_sqlAddslashes($initial) . "%'"
- . " OR `User` LIKE '" . PMA_sqlAddslashes(strtolower($initial)) . "%'";
+ $ret = " WHERE `User` LIKE '" . PMA_sqlAddSlashes($initial, true) . "%'"
+ . " OR `User` LIKE '" . PMA_sqlAddSlashes(strtolower($initial), true) . "%'";
} else {
$ret = '';
}
@@ -340,23 +340,23 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = true)
if ($db == '*') {
$sql_query =
"SELECT * FROM `mysql`.`user`"
- ." WHERE `User` = '" . PMA_sqlAddslashes($username) . "'"
- ." AND `Host` = '" . PMA_sqlAddslashes($hostname) . "';";
+ ." WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'"
+ ." AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "';";
} elseif ($table == '*') {
$sql_query =
"SELECT * FROM `mysql`.`db`"
- ." WHERE `User` = '" . PMA_sqlAddslashes($username) . "'"
- ." AND `Host` = '" . PMA_sqlAddslashes($hostname) . "'"
+ ." WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'"
+ ." AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "'"
." AND '" . PMA_unescape_mysql_wildcards($db) . "'"
." LIKE `Db`;";
} else {
$sql_query =
"SELECT `Table_priv`"
." FROM `mysql`.`tables_priv`"
- ." WHERE `User` = '" . PMA_sqlAddslashes($username) . "'"
- ." AND `Host` = '" . PMA_sqlAddslashes($hostname) . "'"
+ ." WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'"
+ ." AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "'"
." AND `Db` = '" . PMA_unescape_mysql_wildcards($db) . "'"
- ." AND `Table_name` = '" . PMA_sqlAddslashes($table) . "';";
+ ." AND `Table_name` = '" . PMA_sqlAddSlashes($table) . "';";
}
$row = PMA_DBI_fetch_single_row($sql_query);
}
@@ -420,13 +420,13 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = true)
'SELECT `Column_name`, `Column_priv`'
.' FROM `mysql`.`columns_priv`'
.' WHERE `User`'
- .' = \'' . PMA_sqlAddslashes($username) . "'"
+ .' = \'' . PMA_sqlAddSlashes($username) . "'"
.' AND `Host`'
- .' = \'' . PMA_sqlAddslashes($hostname) . "'"
+ .' = \'' . PMA_sqlAddSlashes($hostname) . "'"
.' AND `Db`'
- .' = \'' . PMA_sqlAddslashes(PMA_unescape_mysql_wildcards($db)) . "'"
+ .' = \'' . PMA_sqlAddSlashes(PMA_unescape_mysql_wildcards($db)) . "'"
.' AND `Table_name`'
- .' = \'' . PMA_sqlAddslashes($table) . '\';');
+ .' = \'' . PMA_sqlAddSlashes($table) . '\';');
while ($row1 = PMA_DBI_fetch_row($res)) {
$row1[1] = explode(',', $row1[1]);
@@ -809,9 +809,9 @@ function PMA_displayLoginInformationFields($mode = 'new')
if (isset($_REQUEST['change_copy'])) {
$user_host_condition =
' WHERE `User`'
- .' = \'' . PMA_sqlAddslashes($old_username) . "'"
+ .' = \'' . PMA_sqlAddSlashes($old_username) . "'"
.' AND `Host`'
- .' = \'' . PMA_sqlAddslashes($old_hostname) . '\';';
+ .' = \'' . PMA_sqlAddSlashes($old_hostname) . '\';';
$row = PMA_DBI_fetch_single_row('SELECT * FROM `mysql`.`user` ' . $user_host_condition);
if (! $row) {
PMA_Message::notice(__('No user found.'))->display();
@@ -855,8 +855,8 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
break;
}
$sql = "SELECT '1' FROM `mysql`.`user`"
- . " WHERE `User` = '" . PMA_sqlAddslashes($username) . "'"
- . " AND `Host` = '" . PMA_sqlAddslashes($hostname) . "';";
+ . " WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'"
+ . " AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "';";
if (PMA_DBI_fetch_value($sql) == 1) {
$message = PMA_Message::error(__('The user %s already exists!'));
$message->addParam('[i]\'' . $username . '\'@\'' . $hostname . '\'[/i]');
@@ -864,17 +864,17 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
$_add_user_error = true;
} else {
- $create_user_real = 'CREATE USER \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\'';
+ $create_user_real = 'CREATE USER \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\'';
$real_sql_query =
'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO \''
- . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\'';
+ . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\'';
if ($pred_password != 'none' && $pred_password != 'keep') {
$sql_query = $real_sql_query . ' IDENTIFIED BY \'***\'';
- $real_sql_query .= ' IDENTIFIED BY \'' . PMA_sqlAddslashes($pma_pw) . '\'';
+ $real_sql_query .= ' IDENTIFIED BY \'' . PMA_sqlAddSlashes($pma_pw) . '\'';
if (isset($create_user_real)) {
$create_user_show = $create_user_real . ' IDENTIFIED BY \'***\'';
- $create_user_real .= ' IDENTIFIED BY \'' . PMA_sqlAddslashes($pma_pw) . '\'';
+ $create_user_real .= ' IDENTIFIED BY \'' . PMA_sqlAddSlashes($pma_pw) . '\'';
}
} else {
if ($pred_password == 'keep' && !empty($password)) {
@@ -949,7 +949,7 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
case '1' :
// Create database with same name and grant all privileges
$q = 'CREATE DATABASE IF NOT EXISTS '
- . PMA_backquote(PMA_sqlAddslashes($username)) . ';';
+ . PMA_backquote(PMA_sqlAddSlashes($username)) . ';';
$sql_query .= $q;
if (! PMA_DBI_try_query($q)) {
$message = PMA_Message::rawError(PMA_DBI_getError());
@@ -968,8 +968,8 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
}
$q = 'GRANT ALL PRIVILEGES ON '
- . PMA_backquote(PMA_sqlAddslashes($username)) . '.* TO \''
- . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . PMA_backquote(PMA_sqlAddSlashes($username)) . '.* TO \''
+ . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
$sql_query .= $q;
if (! PMA_DBI_try_query($q)) {
$message = PMA_Message::rawError(PMA_DBI_getError());
@@ -978,8 +978,8 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
case '2' :
// Grant all privileges on wildcard name (username\_%)
$q = 'GRANT ALL PRIVILEGES ON '
- . PMA_backquote(PMA_sqlAddslashes($username) . '\_%') . '.* TO \''
- . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . PMA_backquote(PMA_sqlAddSlashes($username) . '\_%') . '.* TO \''
+ . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
$sql_query .= $q;
if (! PMA_DBI_try_query($q)) {
$message = PMA_Message::rawError(PMA_DBI_getError());
@@ -988,8 +988,8 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
case '3' :
// Grant all privileges on the specified database to the new user
$q = 'GRANT ALL PRIVILEGES ON '
- . PMA_backquote(PMA_sqlAddslashes($dbname)) . '.* TO \''
- . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . PMA_backquote(PMA_sqlAddSlashes($dbname)) . '.* TO \''
+ . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
$sql_query .= $q;
if (! PMA_DBI_try_query($q)) {
$message = PMA_Message::rawError(PMA_DBI_getError());
@@ -1024,15 +1024,15 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
if (isset($_REQUEST['change_copy'])) {
$user_host_condition =
' WHERE `User`'
- .' = \'' . PMA_sqlAddslashes($old_username) . "'"
+ .' = \'' . PMA_sqlAddSlashes($old_username) . "'"
.' AND `Host`'
- .' = \'' . PMA_sqlAddslashes($old_hostname) . '\';';
+ .' = \'' . PMA_sqlAddSlashes($old_hostname) . '\';';
$res = PMA_DBI_query('SELECT * FROM `mysql`.`db`' . $user_host_condition);
while ($row = PMA_DBI_fetch_assoc($res)) {
$queries[] =
'GRANT ' . join(', ', PMA_extractPrivInfo($row))
.' ON ' . PMA_backquote($row['Db']) . '.*'
- .' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\''
+ .' TO \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\''
. ($row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION;' : ';');
}
PMA_DBI_free_result($res);
@@ -1046,13 +1046,13 @@ if (isset($_REQUEST['change_copy'])) {
'SELECT `Column_name`, `Column_priv`'
.' FROM `mysql`.`columns_priv`'
.' WHERE `User`'
- .' = \'' . PMA_sqlAddslashes($old_username) . "'"
+ .' = \'' . PMA_sqlAddSlashes($old_username) . "'"
.' AND `Host`'
- .' = \'' . PMA_sqlAddslashes($old_hostname) . '\''
+ .' = \'' . PMA_sqlAddSlashes($old_hostname) . '\''
.' AND `Db`'
- .' = \'' . PMA_sqlAddslashes($row['Db']) . "'"
+ .' = \'' . PMA_sqlAddSlashes($row['Db']) . "'"
.' AND `Table_name`'
- .' = \'' . PMA_sqlAddslashes($row['Table_name']) . "'"
+ .' = \'' . PMA_sqlAddSlashes($row['Table_name']) . "'"
.';',
null, PMA_DBI_QUERY_STORE);
@@ -1096,7 +1096,7 @@ if (isset($_REQUEST['change_copy'])) {
$queries[] =
'GRANT ' . join(', ', $tmp_privs1)
. ' ON ' . PMA_backquote($row['Db']) . '.' . PMA_backquote($row['Table_name'])
- . ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\''
+ . ' TO \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\''
. (in_array('Grant', explode(',', $row['Table_priv'])) ? ' WITH GRANT OPTION;' : ';');
}
}
@@ -1110,11 +1110,11 @@ if (!empty($update_privs)) {
$sql_query0 =
'REVOKE ALL PRIVILEGES ON ' . $db_and_table
- . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . ' FROM \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
if (! isset($Grant_priv) || $Grant_priv != 'Y') {
$sql_query1 =
'REVOKE GRANT OPTION ON ' . $db_and_table
- . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . ' FROM \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
} else {
$sql_query1 = '';
}
@@ -1125,7 +1125,7 @@ if (!empty($update_privs)) {
$sql_query2 =
'GRANT ' . join(', ', PMA_extractPrivInfo())
. ' ON ' . $db_and_table
- . ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\'';
+ . ' TO \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\'';
/**
* @todo similar code appears twice in this script
@@ -1186,10 +1186,10 @@ if (isset($_REQUEST['revokeall'])) {
$sql_query0 =
'REVOKE ALL PRIVILEGES ON ' . $db_and_table
- . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . ' FROM \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
$sql_query1 =
'REVOKE GRANT OPTION ON ' . $db_and_table
- . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . ' FROM \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
PMA_DBI_query($sql_query0);
if (! PMA_DBI_try_query($sql_query1)) {
@@ -1229,8 +1229,8 @@ if (isset($_REQUEST['change_pw'])) {
. 'PASSWORD';
// in $sql_query which will be displayed, hide the password
- $sql_query = 'SET PASSWORD FOR \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $pma_pw) . '\')');
- $local_query = 'SET PASSWORD FOR \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddslashes($pma_pw) . '\')');
+ $sql_query = 'SET PASSWORD FOR \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . preg_replace('@.@s', '*', $pma_pw) . '\')');
+ $local_query = 'SET PASSWORD FOR \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddSlashes($pma_pw) . '\')');
PMA_DBI_try_query($local_query)
or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, false, $err_url);
$message = PMA_Message::success(__('The password for %s was changed successfully.'));
@@ -1254,7 +1254,7 @@ if (isset($_REQUEST['delete']) || (isset($_REQUEST['change_copy']) && $_REQUEST[
foreach ($selected_usr as $each_user) {
list($this_user, $this_host) = explode('&#27;', $each_user);
$queries[] = '# ' . sprintf(__('Deleting %s'), '\'' . $this_user . '\'@\'' . $this_host . '\'') . ' ...';
- $queries[] = 'DROP USER \'' . PMA_sqlAddslashes($this_user) . '\'@\'' . PMA_sqlAddslashes($this_host) . '\';';
+ $queries[] = 'DROP USER \'' . PMA_sqlAddSlashes($this_user) . '\'@\'' . PMA_sqlAddSlashes($this_host) . '\';';
if (isset($_REQUEST['drop_users_db'])) {
$queries[] = 'DROP DATABASE IF EXISTS ' . PMA_backquote($this_user) . ';';
@@ -1451,7 +1451,7 @@ if (isset($viewing_mode) && $viewing_mode == 'db') {
if (isset($_REQUEST['export'])) {
echo '<h2>' . __('User') . ' \'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'</h2>';
echo '<textarea cols="' . $GLOBALS['cfg']['TextareaCols'] . '" rows="' . $GLOBALS['cfg']['TextareaRows'] . '">';
- $grants = PMA_DBI_fetch_result("SHOW GRANTS FOR '" . PMA_sqlAddslashes($username) . "'@'" . PMA_sqlAddslashes($hostname) . "'");
+ $grants = PMA_DBI_fetch_result("SHOW GRANTS FOR '" . PMA_sqlAddSlashes($username) . "'@'" . PMA_sqlAddSlashes($hostname) . "'");
foreach($grants as $one_grant) {
echo $one_grant . ";\n\n";
}
@@ -1756,8 +1756,8 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
$sql = "SELECT '1' FROM `mysql`.`user`"
- . " WHERE `User` = '" . PMA_sqlAddslashes($username) . "'"
- . " AND `Host` = '" . PMA_sqlAddslashes($hostname) . "';";
+ . " WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'"
+ . " AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "';";
$user_does_not_exists = (bool) ! PMA_DBI_fetch_value($sql);
unset($sql);
if ($user_does_not_exists) {
@@ -1809,9 +1809,9 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
$user_host_condition =
' WHERE `User`'
- . ' = \'' . PMA_sqlAddslashes($username) . "'"
+ . ' = \'' . PMA_sqlAddSlashes($username) . "'"
. ' AND `Host`'
- . ' = \'' . PMA_sqlAddslashes($hostname) . "'";
+ . ' = \'' . PMA_sqlAddSlashes($hostname) . "'";
// table body
// get data
@@ -1888,7 +1888,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
$user_host_condition .=
' AND `Db`'
- .' LIKE \'' . PMA_sqlAddslashes($dbname) . "'";
+ .' LIKE \'' . PMA_sqlAddSlashes($dbname, true) . "'";
$tables_to_search_for_users = array(
'columns_priv',
@@ -2209,7 +2209,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
$sql_query =
'(SELECT ' . $list_of_privileges . ', `Db`'
.' FROM `mysql`.`db`'
- .' WHERE \'' . PMA_sqlAddslashes($checkprivs) . "'"
+ .' WHERE \'' . PMA_sqlAddSlashes($checkprivs) . "'"
.' LIKE `Db`'
.' AND NOT (' . $list_of_compared_privileges. ')) '
.'UNION '
diff --git a/server_replication.php b/server_replication.php
index 511af06..5576914 100644
--- a/server_replication.php
+++ b/server_replication.php
@@ -40,10 +40,10 @@ if (! $is_superuser) {
if (isset($GLOBALS['sr_take_action'])) {
$refresh = false;
if (isset($GLOBALS['slave_changemaster'])) {
- $_SESSION['replication']['m_username'] = $sr['username'] = PMA_sqlAddslashes($GLOBALS['username']);
- $_SESSION['replication']['m_password'] = $sr['pma_pw'] = PMA_sqlAddslashes($GLOBALS['pma_pw']);
- $_SESSION['replication']['m_hostname'] = $sr['hostname'] = PMA_sqlAddslashes($GLOBALS['hostname']);
- $_SESSION['replication']['m_port'] = $sr['port'] = PMA_sqlAddslashes($GLOBALS['port']);
+ $_SESSION['replication']['m_username'] = $sr['username'] = PMA_sqlAddSlashes($GLOBALS['username']);
+ $_SESSION['replication']['m_password'] = $sr['pma_pw'] = PMA_sqlAddSlashes($GLOBALS['pma_pw']);
+ $_SESSION['replication']['m_hostname'] = $sr['hostname'] = PMA_sqlAddSlashes($GLOBALS['hostname']);
+ $_SESSION['replication']['m_port'] = $sr['port'] = PMA_sqlAddSlashes($GLOBALS['port']);
$_SESSION['replication']['m_correct'] = '';
$_SESSION['replication']['sr_action_status'] = 'error';
$_SESSION['replication']['sr_action_info'] = __('Unknown error');
diff --git a/sql.php b/sql.php
index 7da775a..10985b6 100644
--- a/sql.php
+++ b/sql.php
@@ -175,7 +175,7 @@ if(isset($_REQUEST['set_col_order']) && $_REQUEST['set_col_order'] == true) {
// (needed for browsing from DefaultTabTable)
if (empty($sql_query) && strlen($table) && strlen($db)) {
require_once './libraries/bookmark.lib.php';
- $book_sql_query = PMA_Bookmark_get($db, '\'' . PMA_sqlAddslashes($table) . '\'',
+ $book_sql_query = PMA_Bookmark_get($db, '\'' . PMA_sqlAddSlashes($table) . '\'',
'label', false, true);
if (! empty($book_sql_query)) {
diff --git a/tbl_alter.php b/tbl_alter.php
index 743e925..316c48e 100644
--- a/tbl_alter.php
+++ b/tbl_alter.php
@@ -170,7 +170,7 @@ if ($abort == false) {
* @todo optimize in case of multiple fields to modify
*/
for ($i = 0; $i < $selected_cnt; $i++) {
- $_REQUEST['field'] = PMA_sqlAddslashes($selected[$i], true);
+ $_REQUEST['field'] = PMA_sqlAddSlashes($selected[$i], true);
$result = PMA_DRIZZLE
? PMA_DBI_query('SHOW COLUMNS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db) . ' WHERE Field = \'' . $_REQUEST['field'] . '\';')
: PMA_DBI_query('SHOW FULL COLUMNS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db) . ' LIKE \'' . $_REQUEST['field'] . '\';');
diff --git a/tbl_create.php b/tbl_create.php
index b141fc1..e3e743b 100644
--- a/tbl_create.php
+++ b/tbl_create.php
@@ -184,10 +184,10 @@ if (isset($_REQUEST['do_save_data'])) {
$sql_query .= PMA_generateCharsetQueryPart($_REQUEST['tbl_collation']);
}
if (!empty($_REQUEST['comment'])) {
- $sql_query .= ' COMMENT = \'' . PMA_sqlAddslashes($_REQUEST['comment']) . '\'';
+ $sql_query .= ' COMMENT = \'' . PMA_sqlAddSlashes($_REQUEST['comment']) . '\'';
}
if (!empty($_REQUEST['partition_definition'])) {
- $sql_query .= ' ' . PMA_sqlAddslashes($_REQUEST['partition_definition']);
+ $sql_query .= ' ' . PMA_sqlAddSlashes($_REQUEST['partition_definition']);
}
$sql_query .= ';';
@@ -231,7 +231,7 @@ if (isset($_REQUEST['do_save_data'])) {
$is_show_stats = $cfg['ShowStats'];
$tbl_stats_result = PMA_DBI_query('SHOW TABLE STATUS FROM '
- . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddSlashes($table) . '\';');
+ . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddSlashes($table, true) . '\';');
$tbl_stats = PMA_DBI_fetch_assoc($tbl_stats_result);
PMA_DBI_free_result($tbl_stats_result);
unset($tbl_stats_result);
diff --git a/tbl_operations.php b/tbl_operations.php
index 8b49259..2205a4f 100644
--- a/tbl_operations.php
+++ b/tbl_operations.php
@@ -102,7 +102,7 @@ if (isset($_REQUEST['submitoptions'])) {
}
if (isset($_REQUEST['comment'])
&& urldecode($_REQUEST['prev_comment']) !== $_REQUEST['comment']) {
- $table_alters[] = 'COMMENT = \'' . PMA_sqlAddslashes($_REQUEST['comment']) . '\'';
+ $table_alters[] = 'COMMENT = \'' . PMA_sqlAddSlashes($_REQUEST['comment']) . '\'';
}
if (! empty($_REQUEST['new_tbl_type'])
&& strtolower($_REQUEST['new_tbl_type']) !== strtolower($tbl_type)) {
@@ -156,13 +156,13 @@ if (isset($_REQUEST['submitoptions'])) {
if (($is_myisam_or_aria || $is_innodb || $is_pbxt)
&& ! empty($_REQUEST['new_auto_increment'])
&& (! isset($auto_increment) || $_REQUEST['new_auto_increment'] !== $auto_increment)) {
- $table_alters[] = 'auto_increment = ' . PMA_sqlAddslashes($_REQUEST['new_auto_increment']);
+ $table_alters[] = 'auto_increment = ' . PMA_sqlAddSlashes($_REQUEST['new_auto_increment']);
}
if (($is_myisam_or_aria || $is_innodb || $is_pbxt)
&& ! empty($_REQUEST['new_row_format'])
&& (! isset($row_format) || strtolower($_REQUEST['new_row_format']) !== strtolower($row_format))) {
- $table_alters[] = 'ROW_FORMAT = ' . PMA_sqlAddslashes($_REQUEST['new_row_format']);
+ $table_alters[] = 'ROW_FORMAT = ' . PMA_sqlAddSlashes($_REQUEST['new_row_format']);
}
if (count($table_alters) > 0) {
diff --git a/tbl_relation.php b/tbl_relation.php
index 6d82cc3..e3f4338 100644
--- a/tbl_relation.php
+++ b/tbl_relation.php
@@ -143,26 +143,26 @@ if (isset($destination) && $cfgRelation['relwork']) {
$upd_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['relation'])
. '(master_db, master_table, master_field, foreign_db, foreign_table, foreign_field)'
. ' values('
- . '\'' . PMA_sqlAddslashes($db) . '\', '
- . '\'' . PMA_sqlAddslashes($table) . '\', '
- . '\'' . PMA_sqlAddslashes($master_field) . '\', '
- . '\'' . PMA_sqlAddslashes($foreign_db) . '\', '
- . '\'' . PMA_sqlAddslashes($foreign_table) . '\','
- . '\'' . PMA_sqlAddslashes($foreign_field) . '\')';
+ . '\'' . PMA_sqlAddSlashes($db) . '\', '
+ . '\'' . PMA_sqlAddSlashes($table) . '\', '
+ . '\'' . PMA_sqlAddSlashes($master_field) . '\', '
+ . '\'' . PMA_sqlAddSlashes($foreign_db) . '\', '
+ . '\'' . PMA_sqlAddSlashes($foreign_table) . '\','
+ . '\'' . PMA_sqlAddSlashes($foreign_field) . '\')';
} elseif ($existrel[$master_field]['foreign_db'] . '.' .$existrel[$master_field]['foreign_table'] . '.' . $existrel[$master_field]['foreign_field'] != $foreign_string) {
$upd_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['relation']) . ' SET'
- . ' foreign_db = \'' . PMA_sqlAddslashes($foreign_db) . '\', '
- . ' foreign_table = \'' . PMA_sqlAddslashes($foreign_table) . '\', '
- . ' foreign_field = \'' . PMA_sqlAddslashes($foreign_field) . '\' '
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND master_field = \'' . PMA_sqlAddslashes($master_field) . '\'';
+ . ' foreign_db = \'' . PMA_sqlAddSlashes($foreign_db) . '\', '
+ . ' foreign_table = \'' . PMA_sqlAddSlashes($foreign_table) . '\', '
+ . ' foreign_field = \'' . PMA_sqlAddSlashes($foreign_field) . '\' '
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND master_field = \'' . PMA_sqlAddSlashes($master_field) . '\'';
} // end if... else....
} elseif (isset($existrel[$master_field])) {
$upd_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND master_field = \'' . PMA_sqlAddslashes($master_field) . '\'';
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND master_field = \'' . PMA_sqlAddSlashes($master_field) . '\'';
} // end if... else....
if ($upd_query) {
PMA_query_as_controluser($upd_query);
@@ -299,21 +299,21 @@ if ($cfgRelation['displaywork'] && isset($display_field)) {
if ($disp) {
if ($display_field != '') {
$upd_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' SET display_field = \'' . PMA_sqlAddslashes($display_field) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' SET display_field = \'' . PMA_sqlAddSlashes($display_field) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
} else {
$upd_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
}
} elseif ($display_field != '') {
$upd_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
. '(db_name, table_name, display_field) '
. ' VALUES('
- . '\'' . PMA_sqlAddslashes($db) . '\','
- . '\'' . PMA_sqlAddslashes($table) . '\','
- . '\'' . PMA_sqlAddslashes($display_field) . '\')';
+ . '\'' . PMA_sqlAddSlashes($db) . '\','
+ . '\'' . PMA_sqlAddSlashes($table) . '\','
+ . '\'' . PMA_sqlAddSlashes($display_field) . '\')';
}
if ($upd_query) {
diff --git a/tbl_replace.php b/tbl_replace.php
index 2876b50..b0c71e6 100644
--- a/tbl_replace.php
+++ b/tbl_replace.php
@@ -218,7 +218,7 @@ foreach ($loop_array as $rownumber => $where_clause) {
// if the most recent BLOB reference exists, set it as a field value
if (!is_null($bs_reference)) {
- $val = "'" . PMA_sqlAddslashes($bs_reference) . "'";
+ $val = "'" . PMA_sqlAddSlashes($bs_reference) . "'";
}
}
}
@@ -256,7 +256,7 @@ foreach ($loop_array as $rownumber => $where_clause) {
$query_values[] = PMA_backquote($me_fields_name[$key]) . ' = ' . $cur_value;
} elseif (empty($me_funcs[$key])
&& isset($me_fields_prev[$key])
- && ("'" . PMA_sqlAddslashes($me_fields_prev[$key]) . "'" == $val)) {
+ && ("'" . PMA_sqlAddSlashes($me_fields_prev[$key]) . "'" == $val)) {
// No change for this column and no MySQL function is used -> next column
continue;
} elseif (! empty($val)) {
diff --git a/tbl_select.php b/tbl_select.php
index 875182d..33b7e48 100644
--- a/tbl_select.php
+++ b/tbl_select.php
@@ -355,9 +355,9 @@ else {
$parens_open = '';
$parens_close = '';
}
- $enum_where = '\'' . PMA_sqlAddslashes($fields[$i][0]) . '\'';
+ $enum_where = '\'' . PMA_sqlAddSlashes($fields[$i][0]) . '\'';
for ($e = 1; $e < $enum_selected_count; $e++) {
- $enum_where .= ', \'' . PMA_sqlAddslashes($fields[$i][$e]) . '\'';
+ $enum_where .= ', \'' . PMA_sqlAddSlashes($fields[$i][$e]) . '\'';
}
$w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' ' . $parens_open . $enum_where . $parens_close;
@@ -389,7 +389,7 @@ else {
// quote values one by one
$values = explode(',', $fields[$i]);
foreach ($values as &$value)
- $value = $quot . PMA_sqlAddslashes(trim($value)) . $quot;
+ $value = $quot . PMA_sqlAddSlashes(trim($value)) . $quot;
if ($func_type == 'BETWEEN' || $func_type == 'NOT BETWEEN')
$w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' ' . (isset($values[0]) ? $values[0] : '') . ' AND ' . (isset($values[1]) ? $values[1] : '');
@@ -397,7 +397,7 @@ else {
$w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' (' . implode(',', $values) . ')';
}
else {
- $w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' ' . $quot . PMA_sqlAddslashes($fields[$i]) . $quot;;
+ $w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' ' . $quot . PMA_sqlAddSlashes($fields[$i]) . $quot;;
}
} // end if
diff --git a/tbl_tracking.php b/tbl_tracking.php
index a708f0a..b612885 100644
--- a/tbl_tracking.php
+++ b/tbl_tracking.php
@@ -584,7 +584,7 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) {
$sql_query = " SELECT DISTINCT db_name, table_name FROM " .
PMA_backquote($GLOBALS['cfg']['Server']['pmadb']) . "." .
PMA_backquote($GLOBALS['cfg']['Server']['tracking']) .
- " WHERE " . PMA_backquote('db_name') . " = '" . PMA_sqlAddslashes($GLOBALS['db']) . "' " .
+ " WHERE " . PMA_backquote('db_name') . " = '" . PMA_sqlAddSlashes($GLOBALS['db']) . "' " .
" ORDER BY ". PMA_backquote('db_name') . ", " . PMA_backquote('table_name');
$sql_result = PMA_query_as_controluser($sql_query);
@@ -624,8 +624,8 @@ if (PMA_DBI_num_rows($sql_result) > 0) {
$sql_query = " SELECT * FROM " .
PMA_backquote($GLOBALS['cfg']['Server']['pmadb']) . "." .
PMA_backquote($GLOBALS['cfg']['Server']['tracking']) .
- " WHERE " . PMA_backquote('db_name') . " = '" . PMA_sqlAddslashes($_REQUEST['db']) . "' ".
- " AND " . PMA_backquote('table_name') . " = '" . PMA_sqlAddslashes($_REQUEST['table']) ."' ".
+ " WHERE " . PMA_backquote('db_name') . " = '" . PMA_sqlAddSlashes($_REQUEST['db']) . "' ".
+ " AND " . PMA_backquote('table_name') . " = '" . PMA_sqlAddSlashes($_REQUEST['table']) ."' ".
" ORDER BY ". PMA_backquote('version') . " DESC ";
$sql_result = PMA_query_as_controluser($sql_query);
diff --git a/test/PMA_quoting_slashing_test.php b/test/PMA_quoting_slashing_test.php
index f801025..c918390 100644
--- a/test/PMA_quoting_slashing_test.php
+++ b/test/PMA_quoting_slashing_test.php
@@ -31,14 +31,14 @@ class PMA_quoting_slashing_test extends PHPUnit_Framework_TestCase
public function testAddSlashes() {
$string = "\'test''\''\'\r\t\n";
- $this->assertEquals("\\\\\\\\\'test\'\'\\\\\\\\\'\'\\\\\\\\\'\\r\\t\\n", PMA_sqlAddslashes($string, true, true, true));
- $this->assertEquals("\\\\\\\\''test''''\\\\\\\\''''\\\\\\\\''\\r\\t\\n", PMA_sqlAddslashes($string, true, true, false));
- $this->assertEquals("\\\\\\\\\'test\'\'\\\\\\\\\'\'\\\\\\\\\'\r\t\n", PMA_sqlAddslashes($string, true, false, true));
- $this->assertEquals("\\\\\\\\''test''''\\\\\\\\''''\\\\\\\\''\r\t\n", PMA_sqlAddslashes($string, true, false, false));
- $this->assertEquals("\\\\\'test\'\'\\\\\'\'\\\\\'\\r\\t\\n", PMA_sqlAddslashes($string, false, true, true));
- $this->assertEquals("\\\\''test''''\\\\''''\\\\''\\r\\t\\n", PMA_sqlAddslashes($string, false, true, false));
- $this->assertEquals("\\\\\'test\'\'\\\\\'\'\\\\\'\r\t\n", PMA_sqlAddslashes($string, false, false, true));
- $this->assertEquals("\\\\''test''''\\\\''''\\\\''\r\t\n", PMA_sqlAddslashes($string, false, false, false));
+ $this->assertEquals("\\\\\\\\\'test\'\'\\\\\\\\\'\'\\\\\\\\\'\\r\\t\\n", PMA_sqlAddSlashes($string, true, true, true));
+ $this->assertEquals("\\\\\\\\''test''''\\\\\\\\''''\\\\\\\\''\\r\\t\\n", PMA_sqlAddSlashes($string, true, true, false));
+ $this->assertEquals("\\\\\\\\\'test\'\'\\\\\\\\\'\'\\\\\\\\\'\r\t\n", PMA_sqlAddSlashes($string, true, false, true));
+ $this->assertEquals("\\\\\\\\''test''''\\\\\\\\''''\\\\\\\\''\r\t\n", PMA_sqlAddSlashes($string, true, false, false));
+ $this->assertEquals("\\\\\'test\'\'\\\\\'\'\\\\\'\\r\\t\\n", PMA_sqlAddSlashes($string, false, true, true));
+ $this->assertEquals("\\\\''test''''\\\\''''\\\\''\\r\\t\\n", PMA_sqlAddSlashes($string, false, true, false));
+ $this->assertEquals("\\\\\'test\'\'\\\\\'\'\\\\\'\r\t\n", PMA_sqlAddSlashes($string, false, false, true));
+ $this->assertEquals("\\\\''test''''\\\\''''\\\\''\r\t\n", PMA_sqlAddSlashes($string, false, false, false));
}
/**
diff --git a/user_password.php b/user_password.php
index a8ff8da..a4eeffe 100644
--- a/user_password.php
+++ b/user_password.php
@@ -76,7 +76,7 @@ if (isset($_REQUEST['nopass'])) {
}
$sql_query = 'SET password = ' . (($password == '') ? '\'\'' : $hashing_function . '(\'***\')');
- $local_query = 'SET password = ' . (($password == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddslashes($password) . '\')');
+ $local_query = 'SET password = ' . (($password == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddSlashes($password) . '\')');
$result = @PMA_DBI_try_query($local_query)
or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, false, $err_url);
hooks/post-receive
--
phpMyAdmin
1
0
[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3RC1-6299-g6a422ca
by Michal Čihař 27 Jun '11
by Michal Čihař 27 Jun '11
27 Jun '11
The branch, master has been updated
via 6a422caf527226740155c7e3682f2f3c61a85696 (commit)
from 44fd261fa64da13bfe363ea01cb79219849aee10 (commit)
- Log -----------------------------------------------------------------
commit 6a422caf527226740155c7e3682f2f3c61a85696
Author: Michal Čihař <mcihar(a)suse.cz>
Date: Mon Jun 27 14:46:04 2011 +0200
Proper escaping while checking for table (bug#3323066)
-----------------------------------------------------------------------
Summary of changes:
libraries/database_interface.lib.php | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libraries/database_interface.lib.php b/libraries/database_interface.lib.php
index 2625fe9..d9f19f3 100644
--- a/libraries/database_interface.lib.php
+++ b/libraries/database_interface.lib.php
@@ -383,7 +383,7 @@ function PMA_DBI_get_tables_full($database, $table = false, $tbl_is_group = fals
if ($table || (true === $tbl_is_group)) {
$sql = 'SHOW TABLE STATUS FROM '
. PMA_backquote($each_database)
- .' LIKE \'' . PMA_escape_mysql_wildcards(PMA_sqlAddSlashes($table)) . '%\'';
+ .' LIKE \'' . PMA_escape_mysql_wildcards(PMA_sqlAddSlashes($table, true)) . '%\'';
} else {
$sql = 'SHOW TABLE STATUS FROM '
. PMA_backquote($each_database);
hooks/post-receive
--
phpMyAdmin
1
0
[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3RC1-6298-g44fd261
by Michal Čihař 27 Jun '11
by Michal Čihař 27 Jun '11
27 Jun '11
The branch, master has been updated
via 44fd261fa64da13bfe363ea01cb79219849aee10 (commit)
via 78ee628312d43ccb6cb3a2f95ae98ade2eef478c (commit)
from 5e05e80086c8621ce0abf8442005d2f44b93b0e3 (commit)
- Log -----------------------------------------------------------------
commit 44fd261fa64da13bfe363ea01cb79219849aee10
Merge: 78ee628312d43ccb6cb3a2f95ae98ade2eef478c 5e05e80086c8621ce0abf8442005d2f44b93b0e3
Author: Michal Čihař <mcihar(a)suse.cz>
Date: Mon Jun 27 14:36:09 2011 +0200
Merge branch 'master' of ssh://phpmyadmin.git.sourceforge.net/gitroot/phpmyadmin/phpmyadmin
commit 78ee628312d43ccb6cb3a2f95ae98ade2eef478c
Author: Michal Čihař <mcihar(a)suse.cz>
Date: Mon Jun 27 14:34:06 2011 +0200
Use cache to skip blobstreaming check if server does not support it
-----------------------------------------------------------------------
Summary of changes:
libraries/blobstreaming.lib.php | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/libraries/blobstreaming.lib.php b/libraries/blobstreaming.lib.php
index fc5265b..c7250dc 100644
--- a/libraries/blobstreaming.lib.php
+++ b/libraries/blobstreaming.lib.php
@@ -47,6 +47,10 @@ function initPBMSDatabase()
*/
function checkBLOBStreamingPlugins()
{
+ if (PMA_cacheGet('skip_blobstreaming', true) === true) {
+ return false;
+ }
+
// load PMA configuration
$PMA_Config = $GLOBALS['PMA_Config'];
hooks/post-receive
--
phpMyAdmin
1
0
[Phpmyadmin-git] [SCM] phpMyAdmin branch, MAINT_3_4_3, updated. RELEASE_3_4_3RC1-8-gd3b67a3
by Marc Delisle 27 Jun '11
by Marc Delisle 27 Jun '11
27 Jun '11
The branch, MAINT_3_4_3 has been updated
via d3b67a35a0df4969273529501788c68b4fddcc24 (commit)
via e21d6073e46d41afbf0a09ba9bd38cd19f37e968 (commit)
from 79d924add8c5e2070f7ab0301e1c98ac42fee806 (commit)
- Log -----------------------------------------------------------------
commit d3b67a35a0df4969273529501788c68b4fddcc24
Merge: e21d6073e46d41afbf0a09ba9bd38cd19f37e968 79d924add8c5e2070f7ab0301e1c98ac42fee806
Author: Marc Delisle <marc(a)infomarc.info>
Date: Mon Jun 27 08:23:05 2011 -0400
Merge branch 'MAINT_3_4_3' of ssh://phpmyadmin.git.sourceforge.net/gitroot/phpmyadmin/phpmyadmin into MAINT_3_4_3
commit e21d6073e46d41afbf0a09ba9bd38cd19f37e968
Author: Marc Delisle <marc(a)infomarc.info>
Date: Mon Jun 27 08:20:21 2011 -0400
3.4.3 release
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 2 +-
Documentation.html | 4 ++--
README | 2 +-
libraries/Config.class.php | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index a3a7ff6..cb3ba9a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,7 @@
phpMyAdmin - ChangeLog
======================
-3.4.3.0 (not yet released)
+3.4.3.0 (2011-06-27)
- bug #3311170 [sync] Missing helper icons in Synchronize
- patch #3304473 [setup] Redefine a lable that was wrong
- bug #3304544 [parser] master is not a reserved word
diff --git a/Documentation.html b/Documentation.html
index fb2a881..576c1f0 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -9,7 +9,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>phpMyAdmin 3.4.3-rc1 - Documentation</title>
+ <title>phpMyAdmin 3.4.3 - Documentation</title>
<link rel="stylesheet" type="text/css" href="docs.css" />
</head>
@@ -17,7 +17,7 @@ vim: expandtab ts=4 sw=4 sts=4 tw=78
<div id="header">
<h1>
<a href="http://www.phpmyadmin.net/">php<span class="myadmin">MyAdmin</span></a>
- 3.4.3-rc1
+ 3.4.3
Documentation
</h1>
</div>
diff --git a/README b/README
index 53a08eb..02ad016 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
phpMyAdmin - Readme
===================
-Version 3.4.3-rc1
+Version 3.4.3
A set of PHP-scripts to manage MySQL over the web.
diff --git a/libraries/Config.class.php b/libraries/Config.class.php
index 7081f83..cd1a0bf 100644
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -96,7 +96,7 @@ class PMA_Config
*/
function checkSystem()
{
- $this->set('PMA_VERSION', '3.4.3-rc1');
+ $this->set('PMA_VERSION', '3.4.3');
/**
* @deprecated
*/
hooks/post-receive
--
phpMyAdmin
1
0
[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3RC1-6296-g5e05e80
by Marc Delisle 27 Jun '11
by Marc Delisle 27 Jun '11
27 Jun '11
The branch, master has been updated
via 5e05e80086c8621ce0abf8442005d2f44b93b0e3 (commit)
from 29e778d8e225d74aa714e6780af0fed033db5e4a (commit)
- Log -----------------------------------------------------------------
commit 5e05e80086c8621ce0abf8442005d2f44b93b0e3
Author: Marc Delisle <marc(a)infomarc.info>
Date: Mon Jun 27 08:21:46 2011 -0400
3.4.3 release
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 34d07c5..d9d455e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -31,7 +31,7 @@ phpMyAdmin - ChangeLog
- bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes
- bug #3323101 [parser] Invalid escape sequence in SQL parser
-3.4.3.0 (not yet released)
+3.4.3.0 (2011-06-27)
- bug #3311170 [sync] Missing helper icons in Synchronize
- patch #3304473 [setup] Redefine a lable that was wrong
- bug #3304544 [parser] master is not a reserved word
hooks/post-receive
--
phpMyAdmin
1
0
[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_4, updated. RELEASE_3_4_3RC1-16-gedf46c8
by Marc Delisle 27 Jun '11
by Marc Delisle 27 Jun '11
27 Jun '11
The branch, QA_3_4 has been updated
via edf46c8022020099ac953b2e16f36f4f99687d87 (commit)
from 43c7f939c31e9304cacbbc456d999d9d6afc8682 (commit)
- Log -----------------------------------------------------------------
commit edf46c8022020099ac953b2e16f36f4f99687d87
Author: Marc Delisle <marc(a)infomarc.info>
Date: Mon Jun 27 08:21:06 2011 -0400
3.4.3 release
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 70dab96..71db213 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,7 +5,7 @@ phpMyAdmin - ChangeLog
- bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes
- bug #3323101 [parser] Invalid escape sequence in SQL parser
-3.4.3.0 (not yet released)
+3.4.3.0 (2011-06-27)
- bug #3311170 [sync] Missing helper icons in Synchronize
- patch #3304473 [setup] Redefine a lable that was wrong
- bug #3304544 [parser] master is not a reserved word
hooks/post-receive
--
phpMyAdmin
1
0
[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3RC1-6295-g29e778d
by Michal Čihař 27 Jun '11
by Michal Čihař 27 Jun '11
27 Jun '11
The branch, master has been updated
via 29e778d8e225d74aa714e6780af0fed033db5e4a (commit)
via 43c7f939c31e9304cacbbc456d999d9d6afc8682 (commit)
via 79d924add8c5e2070f7ab0301e1c98ac42fee806 (commit)
from 7f9797bc6af1dc2348b5b748b557e387ec164319 (commit)
- Log -----------------------------------------------------------------
commit 29e778d8e225d74aa714e6780af0fed033db5e4a
Merge: 7f9797bc6af1dc2348b5b748b557e387ec164319 43c7f939c31e9304cacbbc456d999d9d6afc8682
Author: Michal Čihař <mcihar(a)suse.cz>
Date: Mon Jun 27 13:56:29 2011 +0200
Merge remote-tracking branch 'origin/QA_3_4'
-----------------------------------------------------------------------
Summary of changes:
tbl_structure.php | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tbl_structure.php b/tbl_structure.php
index 5406e9f..4bb3a03 100644
--- a/tbl_structure.php
+++ b/tbl_structure.php
@@ -258,7 +258,7 @@ while ($row = PMA_DBI_fetch_assoc($fields_rs)) {
// for the case ENUM('–','“')
$type = htmlspecialchars($type);
if(strlen($type) > $GLOBALS['cfg']['LimitChars']) {
- $type = '<abbr title="full text">' . substr($type, 0, $GLOBALS['cfg']['LimitChars']) . '</abbr>';
+ $type = '<abbr title="' . htmlspecialchars($type) . '">' . substr($type, 0, $GLOBALS['cfg']['LimitChars']) . '</abbr>';
}
$type_nowrap = '';
hooks/post-receive
--
phpMyAdmin
1
0