[Phpmyadmin-devel] Re: Using single quotes for better performances

webmaster at trafficg.com webmaster at trafficg.com
Fri Jul 20 02:02:56 CEST 2001 

Re:

>>> Quick example of the way to face the bug #439565:
> - create a table with one column of type TEXT or VARCHAR(20);
> - insert a record with the value: 'say "hello"' (with the doubles quotes)
> - now browse the table and try to modify/delete this record with the links
>   displayed at the browse screen.<<


Hi All

if this problem is just about 'tick' characters then here is a function that
will sort is out, this function will fix queries like

insert into symbolic (name) values(''say "hello"'')

where the inner tick characters need escaping, the function will turn the
query in to this

insert into symbolic (name) values('\'say "hello"\'')


***** change these lines in db_readdump *****

// sql.php will stripslash the query if get_magic_quotes_gpc
    if (get_magic_quotes_gpc() == 1) $sql_query = addslashes($sql_query);
    include("./sql.php");

****** to this **********

// sql.php will stripslash the query if get_magic_quotes_gpc
//    if (get_magic_quotes_gpc() == 1) $sql_query = addslashes($sql_query);
      $sql_query = do_ticks($sql_query);
    include("./sql.php");



********** Include this function ***********


function do_ticks($sql)
{
$tok = split (",",$sql);
$sql = "";
$t = count($tok);
for ($j=0; $j<$t; $j++)
{
$parts = split ("'",$tok[0]);
$c = count($parts);
if($c > 3)
{
    for ($i=0; $i<$c; $i++)
    {
        if($i > 0 && $i < $c - 2)
        {
            $parts[$i] .= "\\'";
        }
        else
        {
            $parts[$i] .= "'";
        }
    }
    $sql .= implode ("",$parts);
    if($t == 1) $sql = substr ($sql, 0, strlen($sql)-1);
    $sql .= ",";
}
else
{
$sql .= implode ("",$parts).",";
}
}
$sql = substr ($sql, 0, strlen($sql)-1);
return($sql);
}


Hope this helps
Pete Kelly





----- Original Message -----
From: "Loïc" <loic-div at ifrance.com>
To: "phpMyAdmin" <phpmyadmin-devel at lists.sourceforge.net>
Sent: Thursday, July 19, 2001 10:14 PM
Subject: [Phpmyadmin-devel] Re: Using single quotes for better performances


> Hi Alain & list!
>
> Quick example of the way to face the bug #439565:
> - create a table with one column of type TEXT or VARCHAR(20);
> - insert a record with the value: 'say "hello"' (with the doubles quotes)
> - now browse the table and try to modify/delete this record with the links
>   displayed at the browse screen.
>
> That's all folks ;)
>
> Regards,
> Loïc
>
>
>
____________________________________________________________________________
__
> ifrance.com, l'email gratuit le plus complet de l'Internet !
> vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
> http://www.ifrance.com/_reloc/email.emailif
>
>
>
> _______________________________________________
> Phpmyadmin-devel mailing list
> Phpmyadmin-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
>
>

More information about the Developers mailing list