[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3RC1-6301-g12348ee
Michal Čihař
nijel at users.sourceforge.net
Mon Jun 27 14:50:48 CEST 2011
The branch, master has been updated
via 12348ee826d45dd2ae7f1c5b055f71e888395f2a (commit)
via c9c9fdf49dfde051ce4b94ed8b9f6acc86e25a62 (commit)
from 6a422caf527226740155c7e3682f2f3c61a85696 (commit)
- Log -----------------------------------------------------------------
commit 12348ee826d45dd2ae7f1c5b055f71e888395f2a
Author: Michal Čihař <mcihar at suse.cz>
Date: Mon Jun 27 14:50:16 2011 +0200
Fix escaping on LIKE queries
All these need special variant of PMA_sqlAddSlashes.
commit c9c9fdf49dfde051ce4b94ed8b9f6acc86e25a62
Author: Michal Čihař <mcihar at suse.cz>
Date: Mon Jun 27 14:48:15 2011 +0200
Consistent capitalisation of PMA_sqlAddSlashes
-----------------------------------------------------------------------
Summary of changes:
db_operations.php | 4 +-
db_printview.php | 2 +-
db_routines.php | 6 +-
db_search.php | 6 +-
db_tracking.php | 4 +-
import.php | 2 +-
libraries/List_Database.class.php | 4 +-
libraries/RecentTable.class.php | 2 +-
libraries/Table.class.php | 136 ++++++++++----------
libraries/Tracker.class.php | 76 ++++++------
libraries/blobstreaming.lib.php | 8 +-
libraries/bookmark.lib.php | 14 +-
libraries/common.lib.php | 12 +-
libraries/database_interface.lib.php | 16 ++--
libraries/db_events.inc.php | 2 +-
libraries/db_info.inc.php | 2 +-
libraries/db_routines.lib.php | 6 +-
libraries/db_table_exists.lib.php | 2 +-
libraries/display_tbl.lib.php | 2 +-
libraries/export/sql.php | 8 +-
libraries/import.lib.php | 2 +-
libraries/import/docsql.php | 20 ++--
libraries/import/ldi.php | 6 +-
libraries/relation.lib.php | 64 +++++-----
libraries/relation_cleanup.lib.php | 64 +++++-----
libraries/schema/Dia_Relation_Schema.class.php | 4 +-
libraries/schema/Eps_Relation_Schema.class.php | 4 +-
libraries/schema/Export_Relation_Schema.class.php | 4 +-
libraries/schema/Pdf_Relation_Schema.class.php | 6 +-
libraries/schema/Svg_Relation_Schema.class.php | 4 +-
libraries/schema/User_Schema.class.php | 42 +++---
libraries/schema/Visio_Relation_Schema.class.php | 4 +-
libraries/server_synchronize.lib.php | 6 +-
libraries/tbl_replace_fields.inc.php | 6 +-
libraries/transformations.lib.php | 34 +++---
libraries/user_preferences.lib.php | 12 +-
pmd_display_field.php | 16 ++--
pmd_pdf.php | 10 +-
pmd_relation_new.php | 12 +-
pmd_relation_upd.php | 12 +-
pmd_save_pos.php | 16 ++--
server_privileges.php | 102 ++++++++--------
server_replication.php | 8 +-
sql.php | 2 +-
tbl_alter.php | 2 +-
tbl_create.php | 6 +-
tbl_operations.php | 6 +-
tbl_relation.php | 46 ++++----
tbl_replace.php | 4 +-
tbl_select.php | 8 +-
tbl_tracking.php | 6 +-
test/PMA_quoting_slashing_test.php | 16 ++--
user_password.php | 2 +-
53 files changed, 435 insertions(+), 435 deletions(-)
diff --git a/db_operations.php b/db_operations.php
index dd6255c..190f9b6 100644
--- a/db_operations.php
+++ b/db_operations.php
@@ -232,7 +232,7 @@ if (strlen($db) && (! empty($db_rename) || ! empty($db_copy))) {
// to avoid selecting alternatively the current and new db
// we would need to modify the CREATE definitions to qualify
// the db name
- $event_names = PMA_DBI_fetch_result('SELECT EVENT_NAME FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' . PMA_sqlAddslashes($db,true) . '\';');
+ $event_names = PMA_DBI_fetch_result('SELECT EVENT_NAME FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' . PMA_sqlAddSlashes($db,true) . '\';');
if ($event_names) {
foreach($event_names as $event_name) {
PMA_DBI_select_db($db);
@@ -586,7 +586,7 @@ if ($cfgRelation['pdfwork'] && $num_tables > 0) { ?>
$test_query = '
SELECT *
FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages']) . '
- WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
$test_rs = PMA_query_as_controluser($test_query, null, PMA_DBI_QUERY_STORE);
/*
diff --git a/db_printview.php b/db_printview.php
index 3b02b86..e253411 100644
--- a/db_printview.php
+++ b/db_printview.php
@@ -53,7 +53,7 @@ if ($cfg['SkipLockedTables'] == true) {
if ($result != false && PMA_DBI_num_rows($result) > 0) {
while ($tmp = PMA_DBI_fetch_row($result)) {
if (! isset($sot_cache[$tmp[0]])) {
- $sts_result = PMA_DBI_query('SHOW TABLE STATUS FROM ' . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddSlashes($tmp[0]) . '\';');
+ $sts_result = PMA_DBI_query('SHOW TABLE STATUS FROM ' . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddSlashes($tmp[0], true) . '\';');
$sts_tmp = PMA_DBI_fetch_assoc($sts_result);
$tables[] = $sts_tmp;
} else { // table in use
diff --git a/db_routines.php b/db_routines.php
index 4b0b23f..b9417fd 100644
--- a/db_routines.php
+++ b/db_routines.php
@@ -253,8 +253,8 @@ if (! empty($_REQUEST['execute_routine']) && ! empty($_REQUEST['routine_name']))
$routine_name = htmlspecialchars(PMA_backquote($_GET['routine_name']));
$routine_type = PMA_DBI_fetch_value("SELECT ROUTINE_TYPE "
. "FROM INFORMATION_SCHEMA.ROUTINES "
- . "WHERE ROUTINE_SCHEMA='" . PMA_sqlAddslashes($db) . "' "
- . "AND SPECIFIC_NAME='" . PMA_sqlAddslashes($_GET['routine_name']) . "';");
+ . "WHERE ROUTINE_SCHEMA='" . PMA_sqlAddSlashes($db) . "' "
+ . "AND SPECIFIC_NAME='" . PMA_sqlAddSlashes($_GET['routine_name']) . "';");
if (! empty($routine_type) && $create_proc = PMA_DBI_get_definition($db, $routine_type, $_GET['routine_name'])) {
$create_proc = '<textarea cols="40" rows="15" style="width: 100%;">' . htmlspecialchars($create_proc) . '</textarea>';
if ($GLOBALS['is_ajax_request']) {
@@ -347,7 +347,7 @@ if (! empty($_REQUEST['execute_routine']) && ! empty($_REQUEST['routine_name']))
$extra_data = array();
if ($message->isSuccess()) {
$columns = "`SPECIFIC_NAME`, `ROUTINE_NAME`, `ROUTINE_TYPE`, `DTD_IDENTIFIER`, `ROUTINE_DEFINITION`";
- $where = "ROUTINE_SCHEMA='" . PMA_sqlAddslashes($db) . "' AND ROUTINE_NAME='" . PMA_sqlAddslashes($_REQUEST['routine_name']) . "'";
+ $where = "ROUTINE_SCHEMA='" . PMA_sqlAddSlashes($db) . "' AND ROUTINE_NAME='" . PMA_sqlAddSlashes($_REQUEST['routine_name']) . "'";
$routine = PMA_DBI_fetch_single_row("SELECT $columns FROM `INFORMATION_SCHEMA`.`ROUTINES` WHERE $where;");
$extra_data['name'] = htmlspecialchars(strtoupper($_REQUEST['routine_name']));
$extra_data['new_row'] = PMA_RTN_getRowForRoutinesList($routine, 0, true);
diff --git a/db_search.php b/db_search.php
index ea50569..69350cd 100644
--- a/db_search.php
+++ b/db_search.php
@@ -61,11 +61,11 @@ if (empty($_REQUEST['search_str']) || ! is_string($_REQUEST['search_str'])) {
$searched = htmlspecialchars($_REQUEST['search_str']);
// For "as regular expression" (search option 4), we should not treat
// this as an expression that contains a LIKE (second parameter of
- // PMA_sqlAddslashes()).
+ // PMA_sqlAddSlashes()).
//
// Usage example: If user is seaching for a literal $ in a regexp search,
// he should enter \$ as the value.
- $search_str = PMA_sqlAddslashes($_REQUEST['search_str'], ($search_option == 4 ? false : true));
+ $search_str = PMA_sqlAddSlashes($_REQUEST['search_str'], ($search_option == 4 ? false : true));
}
$tables_selected = array();
@@ -84,7 +84,7 @@ if (isset($_REQUEST['selectall'])) {
if (empty($_REQUEST['field_str']) || ! is_string($_REQUEST['field_str'])) {
unset($field_str);
} else {
- $field_str = PMA_sqlAddslashes($_REQUEST['field_str'], true);
+ $field_str = PMA_sqlAddSlashes($_REQUEST['field_str'], true);
}
/**
diff --git a/db_tracking.php b/db_tracking.php
index c0421d6..3a9b695 100644
--- a/db_tracking.php
+++ b/db_tracking.php
@@ -67,7 +67,7 @@ require_once './libraries/db_links.inc.php';
$all_tables_query = ' SELECT table_name, MAX(version) as version FROM ' .
PMA_backquote($GLOBALS['cfg']['Server']['pmadb']) . '.' .
PMA_backquote($GLOBALS['cfg']['Server']['tracking']) .
- ' WHERE ' . PMA_backquote('db_name') . ' = \'' . PMA_sqlAddslashes($_REQUEST['db']) . '\' ' .
+ ' WHERE ' . PMA_backquote('db_name') . ' = \'' . PMA_sqlAddSlashes($_REQUEST['db']) . '\' ' .
' GROUP BY '. PMA_backquote('table_name') .
' ORDER BY '. PMA_backquote('table_name') .' ASC';
@@ -110,7 +110,7 @@ if (PMA_DBI_num_rows($all_tables_result) > 0) {
$table_query = ' SELECT * FROM ' .
PMA_backquote($GLOBALS['cfg']['Server']['pmadb']) . '.' .
PMA_backquote($GLOBALS['cfg']['Server']['tracking']) .
- ' WHERE `db_name` = \'' . PMA_sqlAddslashes($_REQUEST['db']) . '\' AND `table_name` = \'' . PMA_sqlAddslashes($table_name) . '\' AND `version` = \'' . $version_number . '\'';
+ ' WHERE `db_name` = \'' . PMA_sqlAddSlashes($_REQUEST['db']) . '\' AND `table_name` = \'' . PMA_sqlAddSlashes($table_name) . '\' AND `version` = \'' . $version_number . '\'';
$table_result = PMA_query_as_controluser($table_query);
$version_data = PMA_DBI_fetch_array($table_result);
diff --git a/import.php b/import.php
index 6506dc8..afc513c 100644
--- a/import.php
+++ b/import.php
@@ -153,7 +153,7 @@ if (!empty($id_bookmark)) {
case 0: // bookmarked query that have to be run
$import_text = PMA_Bookmark_get($db, $id_bookmark, 'id', isset($action_bookmark_all));
if (isset($bookmark_variable) && !empty($bookmark_variable)) {
- $import_text = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '${1}' . PMA_sqlAddslashes($bookmark_variable) . '${2}', $import_text);
+ $import_text = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '${1}' . PMA_sqlAddSlashes($bookmark_variable) . '${2}', $import_text);
}
// refresh left frame on changes in table or db structure
diff --git a/libraries/List_Database.class.php b/libraries/List_Database.class.php
index 2349852..bf1d468 100644
--- a/libraries/List_Database.class.php
+++ b/libraries/List_Database.class.php
@@ -423,7 +423,7 @@ require_once './libraries/List.class.php';
SELECT DISTINCT `Db` FROM `mysql`.`db`
WHERE `Select_priv` = 'Y'
AND `User`
- IN ('" . PMA_sqlAddslashes($GLOBALS['cfg']['Server']['user']) . "', '')";
+ IN ('" . PMA_sqlAddSlashes($GLOBALS['cfg']['Server']['user']) . "', '')";
$tmp_mydbs = PMA_DBI_fetch_result($local_query, null, null,
$GLOBALS['controllink']);
if ($tmp_mydbs) {
@@ -471,7 +471,7 @@ require_once './libraries/List.class.php';
} // end if
// 2. get allowed dbs from the "mysql.tables_priv" table
- $local_query = 'SELECT DISTINCT Db FROM mysql.tables_priv WHERE Table_priv LIKE \'%Select%\' AND User = \'' . PMA_sqlAddslashes($GLOBALS['cfg']['Server']['user']) . '\'';
+ $local_query = 'SELECT DISTINCT Db FROM mysql.tables_priv WHERE Table_priv LIKE \'%Select%\' AND User = \'' . PMA_sqlAddSlashes($GLOBALS['cfg']['Server']['user']) . '\'';
$rs = PMA_DBI_try_query($local_query, $GLOBALS['controllink']);
if ($rs && @PMA_DBI_num_rows($rs)) {
while ($row = PMA_DBI_fetch_assoc($rs)) {
diff --git a/libraries/RecentTable.class.php b/libraries/RecentTable.class.php
index 5a53a41..f844bbc 100644
--- a/libraries/RecentTable.class.php
+++ b/libraries/RecentTable.class.php
@@ -99,7 +99,7 @@ class PMA_RecentTable
$username = $GLOBALS['cfg']['Server']['user'];
$sql_query =
" REPLACE INTO " . $this->pma_table . " (`username`, `tables`)" .
- " VALUES ('" . $username . "', '" . PMA_sqlAddslashes(json_encode($this->tables)) . "')";
+ " VALUES ('" . $username . "', '" . PMA_sqlAddSlashes(json_encode($this->tables)) . "')";
$success = PMA_DBI_try_query($sql_query, $GLOBALS['controllink']);
diff --git a/libraries/Table.class.php b/libraries/Table.class.php
index baa677f..0acd2d9 100644
--- a/libraries/Table.class.php
+++ b/libraries/Table.class.php
@@ -378,7 +378,7 @@ class PMA_Table
} elseif ($type == 'BIT') {
$query .= ' DEFAULT b\'' . preg_replace('/[^01]/', '0', $default_value) . '\'';
} else {
- $query .= ' DEFAULT \'' . PMA_sqlAddslashes($default_value) . '\'';
+ $query .= ' DEFAULT \'' . PMA_sqlAddSlashes($default_value) . '\'';
}
break;
case 'NULL' :
@@ -421,7 +421,7 @@ class PMA_Table
} // end if (auto_increment)
}
if (!empty($comment)) {
- $query .= " COMMENT '" . PMA_sqlAddslashes($comment) . "'";
+ $query .= " COMMENT '" . PMA_sqlAddSlashes($comment) . "'";
}
return $query;
} // end function
@@ -549,14 +549,14 @@ class PMA_Table
$where_parts = array();
foreach ($where_fields as $_where => $_value) {
$where_parts[] = PMA_backquote($_where) . ' = \''
- . PMA_sqlAddslashes($_value) . '\'';
+ . PMA_sqlAddSlashes($_value) . '\'';
}
$new_parts = array();
$new_value_parts = array();
foreach ($new_fields as $_where => $_value) {
$new_parts[] = PMA_backquote($_where);
- $new_value_parts[] = PMA_sqlAddslashes($_value);
+ $new_value_parts[] = PMA_sqlAddSlashes($_value);
}
$table_copy_query = '
@@ -574,7 +574,7 @@ class PMA_Table
$value_parts = array();
foreach ($table_copy_row as $_key => $_val) {
if (isset($row_fields[$_key]) && $row_fields[$_key] == 'cc') {
- $value_parts[] = PMA_sqlAddslashes($_val);
+ $value_parts[] = PMA_sqlAddSlashes($_val);
}
}
@@ -805,10 +805,10 @@ class PMA_Table
// Move old entries from PMA-DBs to new table
if ($GLOBALS['cfgRelation']['commwork']) {
$remove_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['column_info'])
- . ' SET table_name = \'' . PMA_sqlAddslashes($target_table) . '\', '
- . ' db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ . ' SET table_name = \'' . PMA_sqlAddSlashes($target_table) . '\', '
+ . ' db_name = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($source_table) . '\'';
PMA_query_as_controluser($remove_query);
unset($remove_query);
}
@@ -818,28 +818,28 @@ class PMA_Table
if ($GLOBALS['cfgRelation']['displaywork']) {
$table_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['table_info'])
- . ' SET db_name = \'' . PMA_sqlAddslashes($target_db) . '\', '
- . ' table_name = \'' . PMA_sqlAddslashes($target_table) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ . ' SET db_name = \'' . PMA_sqlAddSlashes($target_db) . '\', '
+ . ' table_name = \'' . PMA_sqlAddSlashes($target_table) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($source_table) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
if ($GLOBALS['cfgRelation']['relwork']) {
$table_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['relation'])
- . ' SET foreign_table = \'' . PMA_sqlAddslashes($target_table) . '\','
- . ' foreign_db = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' WHERE foreign_db = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND foreign_table = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ . ' SET foreign_table = \'' . PMA_sqlAddSlashes($target_table) . '\','
+ . ' foreign_db = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' WHERE foreign_db = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND foreign_table = \'' . PMA_sqlAddSlashes($source_table) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
$table_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['relation'])
- . ' SET master_table = \'' . PMA_sqlAddslashes($target_table) . '\','
- . ' master_db = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ . ' SET master_table = \'' . PMA_sqlAddSlashes($target_table) . '\','
+ . ' master_db = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($source_table) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
@@ -853,24 +853,24 @@ class PMA_Table
if ($GLOBALS['cfgRelation']['pdfwork']) {
$table_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['table_coords'])
- . ' SET table_name = \'' . PMA_sqlAddslashes($target_table) . '\','
- . ' db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ . ' SET table_name = \'' . PMA_sqlAddSlashes($target_table) . '\','
+ . ' db_name = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($source_table) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
/*
$pdf_query = 'SELECT pdf_page_number '
. ' FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($target_table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($target_table) . '\'';
$pdf_rs = PMA_query_as_controluser($pdf_query);
while ($pdf_copy_row = PMA_DBI_fetch_assoc($pdf_rs)) {
$table_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['pdf_pages'])
- . ' SET db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND page_nr = \'' . PMA_sqlAddslashes($pdf_copy_row['pdf_page_number']) . '\'';
+ . ' SET db_name = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND page_nr = \'' . PMA_sqlAddSlashes($pdf_copy_row['pdf_page_number']) . '\'';
$tb_rs = PMA_query_as_controluser($table_query);
unset($table_query);
unset($tb_rs);
@@ -880,10 +880,10 @@ class PMA_Table
if ($GLOBALS['cfgRelation']['designerwork']) {
$table_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['designer_coords'])
- . ' SET table_name = \'' . PMA_sqlAddslashes($target_table) . '\','
- . ' db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($source_db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ . ' SET table_name = \'' . PMA_sqlAddSlashes($target_table) . '\','
+ . ' db_name = \'' . PMA_sqlAddSlashes($target_db) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($source_db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($source_table) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
@@ -900,8 +900,8 @@ class PMA_Table
column_name, ' . PMA_backquote('comment') . ($GLOBALS['cfgRelation']['mimework'] ? ', mimetype, transformation, transformation_options' : '') . '
FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['column_info']) . '
WHERE
- db_name = \'' . PMA_sqlAddslashes($source_db) . '\' AND
- table_name = \'' . PMA_sqlAddslashes($source_table) . '\'';
+ db_name = \'' . PMA_sqlAddSlashes($source_db) . '\' AND
+ table_name = \'' . PMA_sqlAddSlashes($source_table) . '\'';
$comments_copy_rs = PMA_query_as_controluser($comments_copy_query);
// Write every comment as new copied entry. [MIME]
@@ -909,13 +909,13 @@ class PMA_Table
$new_comment_query = 'REPLACE INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['column_info'])
. ' (db_name, table_name, column_name, ' . PMA_backquote('comment') . ($GLOBALS['cfgRelation']['mimework'] ? ', mimetype, transformation, transformation_options' : '') . ') '
. ' VALUES('
- . '\'' . PMA_sqlAddslashes($target_db) . '\','
- . '\'' . PMA_sqlAddslashes($target_table) . '\','
- . '\'' . PMA_sqlAddslashes($comments_copy_row['column_name']) . '\''
- . ($GLOBALS['cfgRelation']['mimework'] ? ',\'' . PMA_sqlAddslashes($comments_copy_row['comment']) . '\','
- . '\'' . PMA_sqlAddslashes($comments_copy_row['mimetype']) . '\','
- . '\'' . PMA_sqlAddslashes($comments_copy_row['transformation']) . '\','
- . '\'' . PMA_sqlAddslashes($comments_copy_row['transformation_options']) . '\'' : '')
+ . '\'' . PMA_sqlAddSlashes($target_db) . '\','
+ . '\'' . PMA_sqlAddSlashes($target_table) . '\','
+ . '\'' . PMA_sqlAddSlashes($comments_copy_row['column_name']) . '\''
+ . ($GLOBALS['cfgRelation']['mimework'] ? ',\'' . PMA_sqlAddSlashes($comments_copy_row['comment']) . '\','
+ . '\'' . PMA_sqlAddSlashes($comments_copy_row['mimetype']) . '\','
+ . '\'' . PMA_sqlAddSlashes($comments_copy_row['transformation']) . '\','
+ . '\'' . PMA_sqlAddSlashes($comments_copy_row['transformation_options']) . '\'' : '')
. ')';
PMA_query_as_controluser($new_comment_query);
} // end while
@@ -1065,10 +1065,10 @@ class PMA_Table
$remove_query = '
UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. PMA_backquote($GLOBALS['cfgRelation']['column_info']) . '
- SET `db_name` = \'' . PMA_sqlAddslashes($new_db) . '\',
- `table_name` = \'' . PMA_sqlAddslashes($new_name) . '\'
- WHERE `db_name` = \'' . PMA_sqlAddslashes($old_db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($old_name) . '\'';
+ SET `db_name` = \'' . PMA_sqlAddSlashes($new_db) . '\',
+ `table_name` = \'' . PMA_sqlAddSlashes($new_name) . '\'
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($old_db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($old_name) . '\'';
PMA_query_as_controluser($remove_query);
unset($remove_query);
}
@@ -1077,10 +1077,10 @@ class PMA_Table
$table_query = '
UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. PMA_backquote($GLOBALS['cfgRelation']['table_info']) . '
- SET `db_name` = \'' . PMA_sqlAddslashes($new_db) . '\',
- `table_name` = \'' . PMA_sqlAddslashes($new_name) . '\'
- WHERE `db_name` = \'' . PMA_sqlAddslashes($old_db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($old_name) . '\'';
+ SET `db_name` = \'' . PMA_sqlAddSlashes($new_db) . '\',
+ `table_name` = \'' . PMA_sqlAddSlashes($new_name) . '\'
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($old_db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($old_name) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
@@ -1089,19 +1089,19 @@ class PMA_Table
$table_query = '
UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. PMA_backquote($GLOBALS['cfgRelation']['relation']) . '
- SET `foreign_db` = \'' . PMA_sqlAddslashes($new_db) . '\',
- `foreign_table` = \'' . PMA_sqlAddslashes($new_name) . '\'
- WHERE `foreign_db` = \'' . PMA_sqlAddslashes($old_db) . '\'
- AND `foreign_table` = \'' . PMA_sqlAddslashes($old_name) . '\'';
+ SET `foreign_db` = \'' . PMA_sqlAddSlashes($new_db) . '\',
+ `foreign_table` = \'' . PMA_sqlAddSlashes($new_name) . '\'
+ WHERE `foreign_db` = \'' . PMA_sqlAddSlashes($old_db) . '\'
+ AND `foreign_table` = \'' . PMA_sqlAddSlashes($old_name) . '\'';
PMA_query_as_controluser($table_query);
$table_query = '
UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. PMA_backquote($GLOBALS['cfgRelation']['relation']) . '
- SET `master_db` = \'' . PMA_sqlAddslashes($new_db) . '\',
- `master_table` = \'' . PMA_sqlAddslashes($new_name) . '\'
- WHERE `master_db` = \'' . PMA_sqlAddslashes($old_db) . '\'
- AND `master_table` = \'' . PMA_sqlAddslashes($old_name) . '\'';
+ SET `master_db` = \'' . PMA_sqlAddSlashes($new_db) . '\',
+ `master_table` = \'' . PMA_sqlAddSlashes($new_name) . '\'
+ WHERE `master_db` = \'' . PMA_sqlAddSlashes($old_db) . '\'
+ AND `master_table` = \'' . PMA_sqlAddSlashes($old_name) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
@@ -1110,10 +1110,10 @@ class PMA_Table
$table_query = '
UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. PMA_backquote($GLOBALS['cfgRelation']['table_coords']) . '
- SET `db_name` = \'' . PMA_sqlAddslashes($new_db) . '\',
- `table_name` = \'' . PMA_sqlAddslashes($new_name) . '\'
- WHERE `db_name` = \'' . PMA_sqlAddslashes($old_db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($old_name) . '\'';
+ SET `db_name` = \'' . PMA_sqlAddSlashes($new_db) . '\',
+ `table_name` = \'' . PMA_sqlAddSlashes($new_name) . '\'
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($old_db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($old_name) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
@@ -1122,10 +1122,10 @@ class PMA_Table
$table_query = '
UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. PMA_backquote($GLOBALS['cfgRelation']['designer_coords']) . '
- SET `db_name` = \'' . PMA_sqlAddslashes($new_db) . '\',
- `table_name` = \'' . PMA_sqlAddslashes($new_name) . '\'
- WHERE `db_name` = \'' . PMA_sqlAddslashes($old_db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($old_name) . '\'';
+ SET `db_name` = \'' . PMA_sqlAddSlashes($new_db) . '\',
+ `table_name` = \'' . PMA_sqlAddSlashes($new_name) . '\'
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($old_db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($old_name) . '\'';
PMA_query_as_controluser($table_query);
unset($table_query);
}
@@ -1252,7 +1252,7 @@ class PMA_Table
$sql_query =
" REPLACE INTO " . $pma_table .
" VALUES ('" . $username . "', '" . $this->db_name . "', '" .
- $this->name . "', '" . PMA_sqlAddslashes(json_encode($this->uiprefs)) . "')";
+ $this->name . "', '" . PMA_sqlAddSlashes(json_encode($this->uiprefs)) . "')";
$success = PMA_DBI_try_query($sql_query, $GLOBALS['controllink']);
diff --git a/libraries/Tracker.class.php b/libraries/Tracker.class.php
index 35ab7f4..da9a56a 100644
--- a/libraries/Tracker.class.php
+++ b/libraries/Tracker.class.php
@@ -219,8 +219,8 @@ class PMA_Tracker
$sql_query =
" SELECT tracking_active FROM " . self::$pma_table .
- " WHERE " . PMA_backquote('db_name') . " = '" . PMA_sqlAddslashes($dbname) . "' " .
- " AND " . PMA_backquote('table_name') . " = '" . PMA_sqlAddslashes($tablename) . "' " .
+ " WHERE " . PMA_backquote('db_name') . " = '" . PMA_sqlAddSlashes($dbname) . "' " .
+ " AND " . PMA_backquote('table_name') . " = '" . PMA_sqlAddSlashes($tablename) . "' " .
" ORDER BY version DESC";
$row = PMA_DBI_fetch_array(PMA_query_as_controluser($sql_query));
@@ -331,15 +331,15 @@ class PMA_Tracker
"tracking " .
") " .
"values (
- '" . PMA_sqlAddslashes($dbname) . "',
- '" . PMA_sqlAddslashes($tablename) . "',
- '" . PMA_sqlAddslashes($version) . "',
- '" . PMA_sqlAddslashes($date) . "',
- '" . PMA_sqlAddslashes($date) . "',
- '" . PMA_sqlAddslashes($snapshot) . "',
- '" . PMA_sqlAddslashes($create_sql) . "',
- '" . PMA_sqlAddslashes("\n") . "',
- '" . PMA_sqlAddslashes($tracking_set) . "' )";
+ '" . PMA_sqlAddSlashes($dbname) . "',
+ '" . PMA_sqlAddSlashes($tablename) . "',
+ '" . PMA_sqlAddSlashes($version) . "',
+ '" . PMA_sqlAddSlashes($date) . "',
+ '" . PMA_sqlAddSlashes($date) . "',
+ '" . PMA_sqlAddSlashes($snapshot) . "',
+ '" . PMA_sqlAddSlashes($create_sql) . "',
+ '" . PMA_sqlAddSlashes("\n") . "',
+ '" . PMA_sqlAddSlashes($tracking_set) . "' )";
$result = PMA_query_as_controluser($sql_query);
@@ -366,7 +366,7 @@ class PMA_Tracker
{
$sql_query =
"/*NOTRACK*/\n" .
- "DELETE FROM " . self::$pma_table . " WHERE `db_name` = '" . PMA_sqlAddslashes($dbname) . "' AND `table_name` = '" . PMA_sqlAddslashes($tablename) . "'";
+ "DELETE FROM " . self::$pma_table . " WHERE `db_name` = '" . PMA_sqlAddSlashes($dbname) . "' AND `table_name` = '" . PMA_sqlAddSlashes($tablename) . "'";
$result = PMA_query_as_controluser($sql_query);
return $result;
@@ -421,15 +421,15 @@ class PMA_Tracker
"tracking " .
") " .
"values (
- '" . PMA_sqlAddslashes($dbname) . "',
- '" . PMA_sqlAddslashes('') . "',
- '" . PMA_sqlAddslashes($version) . "',
- '" . PMA_sqlAddslashes($date) . "',
- '" . PMA_sqlAddslashes($date) . "',
- '" . PMA_sqlAddslashes('') . "',
- '" . PMA_sqlAddslashes($create_sql) . "',
- '" . PMA_sqlAddslashes("\n") . "',
- '" . PMA_sqlAddslashes($tracking_set) . "' )";
+ '" . PMA_sqlAddSlashes($dbname) . "',
+ '" . PMA_sqlAddSlashes('') . "',
+ '" . PMA_sqlAddSlashes($version) . "',
+ '" . PMA_sqlAddSlashes($date) . "',
+ '" . PMA_sqlAddSlashes($date) . "',
+ '" . PMA_sqlAddSlashes('') . "',
+ '" . PMA_sqlAddSlashes($create_sql) . "',
+ '" . PMA_sqlAddSlashes("\n") . "',
+ '" . PMA_sqlAddSlashes($tracking_set) . "' )";
$result = PMA_query_as_controluser($sql_query);
@@ -455,9 +455,9 @@ class PMA_Tracker
$sql_query =
" UPDATE " . self::$pma_table .
" SET `tracking_active` = '" . $new_state . "' " .
- " WHERE `db_name` = '" . PMA_sqlAddslashes($dbname) . "' " .
- " AND `table_name` = '" . PMA_sqlAddslashes($tablename) . "' " .
- " AND `version` = '" . PMA_sqlAddslashes($version) . "' ";
+ " WHERE `db_name` = '" . PMA_sqlAddSlashes($dbname) . "' " .
+ " AND `table_name` = '" . PMA_sqlAddSlashes($tablename) . "' " .
+ " AND `version` = '" . PMA_sqlAddSlashes($version) . "' ";
$result = PMA_query_as_controluser($sql_query);
@@ -491,7 +491,7 @@ class PMA_Tracker
$new_data_processed = '';
if (is_array($new_data)) {
foreach ($new_data as $data) {
- $new_data_processed .= '# log ' . $date . ' ' . $data['username'] . PMA_sqlAddslashes($data['statement']) . "\n";
+ $new_data_processed .= '# log ' . $date . ' ' . $data['username'] . PMA_sqlAddSlashes($data['statement']) . "\n";
}
} else {
$new_data_processed = $new_data;
@@ -500,9 +500,9 @@ class PMA_Tracker
$sql_query =
" UPDATE " . self::$pma_table .
" SET `" . $save_to . "` = '" . $new_data_processed . "' " .
- " WHERE `db_name` = '" . PMA_sqlAddslashes($dbname) . "' " .
- " AND `table_name` = '" . PMA_sqlAddslashes($tablename) . "' " .
- " AND `version` = '" . PMA_sqlAddslashes($version) . "' ";
+ " WHERE `db_name` = '" . PMA_sqlAddSlashes($dbname) . "' " .
+ " AND `table_name` = '" . PMA_sqlAddSlashes($tablename) . "' " .
+ " AND `version` = '" . PMA_sqlAddSlashes($version) . "' ";
$result = PMA_query_as_controluser($sql_query);
@@ -559,8 +559,8 @@ class PMA_Tracker
{
$sql_query =
" SELECT MAX(version) FROM " . self::$pma_table .
- " WHERE `db_name` = '" . PMA_sqlAddslashes($dbname) . "' " .
- " AND `table_name` = '" . PMA_sqlAddslashes($tablename) . "' ";
+ " WHERE `db_name` = '" . PMA_sqlAddSlashes($dbname) . "' " .
+ " AND `table_name` = '" . PMA_sqlAddSlashes($tablename) . "' ";
if ($statement != "") {
$sql_query .= " AND FIND_IN_SET('" . $statement . "',tracking) > 0" ;
@@ -593,11 +593,11 @@ class PMA_Tracker
self::init();
}
$sql_query = " SELECT * FROM " . self::$pma_table .
- " WHERE `db_name` = '" . PMA_sqlAddslashes($dbname) . "' ";
+ " WHERE `db_name` = '" . PMA_sqlAddSlashes($dbname) . "' ";
if (! empty($tablename)) {
- $sql_query .= " AND `table_name` = '" . PMA_sqlAddslashes($tablename) ."' ";
+ $sql_query .= " AND `table_name` = '" . PMA_sqlAddSlashes($tablename) ."' ";
}
- $sql_query .= " AND `version` = '" . PMA_sqlAddslashes($version) ."' ".
+ $sql_query .= " AND `version` = '" . PMA_sqlAddSlashes($version) ."' ".
" ORDER BY `version` DESC ";
$mixed = PMA_DBI_fetch_array(PMA_query_as_controluser($sql_query));
@@ -959,12 +959,12 @@ class PMA_Tracker
$sql_query =
" /*NOTRACK*/\n" .
" UPDATE " . self::$pma_table .
- " SET " . PMA_backquote($save_to) ." = CONCAT( " . PMA_backquote($save_to) . ",'\n" . PMA_sqlAddslashes($query) . "') ," .
+ " SET " . PMA_backquote($save_to) ." = CONCAT( " . PMA_backquote($save_to) . ",'\n" . PMA_sqlAddSlashes($query) . "') ," .
" `date_updated` = '" . $date . "' ";
// If table was renamed we have to change the tablename attribute in pma_tracking too
if ($result['identifier'] == 'RENAME TABLE') {
- $sql_query .= ', `table_name` = \'' . PMA_sqlAddslashes($result['tablename_after_rename']) . '\' ';
+ $sql_query .= ', `table_name` = \'' . PMA_sqlAddSlashes($result['tablename_after_rename']) . '\' ';
}
// Save the tracking information only for
@@ -974,9 +974,9 @@ class PMA_Tracker
// we want to track
$sql_query .=
" WHERE FIND_IN_SET('" . $result['identifier'] . "',tracking) > 0" .
- " AND `db_name` = '" . PMA_sqlAddslashes($dbname) . "' " .
- " AND `table_name` = '" . PMA_sqlAddslashes($result['tablename']) . "' " .
- " AND `version` = '" . PMA_sqlAddslashes($version) . "' ";
+ " AND `db_name` = '" . PMA_sqlAddSlashes($dbname) . "' " .
+ " AND `table_name` = '" . PMA_sqlAddSlashes($result['tablename']) . "' " .
+ " AND `version` = '" . PMA_sqlAddSlashes($version) . "' ";
$result = PMA_query_as_controluser($sql_query);
}
diff --git a/libraries/blobstreaming.lib.php b/libraries/blobstreaming.lib.php
index c7250dc..d9893dd 100644
--- a/libraries/blobstreaming.lib.php
+++ b/libraries/blobstreaming.lib.php
@@ -387,7 +387,7 @@ function PMA_BS_IsTablePBMSEnabled($db_name, $tbl_name, $tbl_type)
// This information should be cached rather than selecting it each time.
//$query = "SELECT count(*) FROM information_schema.TABLES T, pbms.pbms_enabled E where T.table_schema = ". PMA_backquote($db_name) . " and T.table_name = ". PMA_backquote($tbl_name) . " and T.engine = E.name";
- $query = "SELECT count(*) FROM pbms.pbms_enabled E where E.name = '" . PMA_sqlAddslashes($tbl_type) . "'";
+ $query = "SELECT count(*) FROM pbms.pbms_enabled E where E.name = '" . PMA_sqlAddSlashes($tbl_type) . "'";
$result = PMA_DBI_query($query);
$data = PMA_DBI_fetch_row($result);
@@ -439,7 +439,7 @@ function PMA_BS_SetContentType($db_name, $bsTable, $blobReference, $contentType)
// This is a really ugly way to do this but currently there is nothing better.
// In a future version of PBMS the system tables will be redesigned to make this
// more efficient.
- $query = "SELECT Repository_id, Repo_blob_offset FROM pbms_reference WHERE Blob_url='" . PMA_sqlAddslashes($blobReference) . "'";
+ $query = "SELECT Repository_id, Repo_blob_offset FROM pbms_reference WHERE Blob_url='" . PMA_sqlAddSlashes($blobReference) . "'";
//error_log(" PMA_BS_SetContentType: $query\n", 3, "/tmp/mylog");
$result = PMA_DBI_query($query);
//error_log(" $query\n", 3, "/tmp/mylog");
@@ -451,9 +451,9 @@ function PMA_BS_SetContentType($db_name, $bsTable, $blobReference, $contentType)
$result = PMA_DBI_query($query);
if (PMA_DBI_num_rows($result) == 0) {
- $query = "INSERT into pbms_metadata Values( ". $data['Repository_id'] . ", " . $data['Repo_blob_offset'] . ", 'Content_type', '" . PMA_sqlAddslashes($contentType) . "')";
+ $query = "INSERT into pbms_metadata Values( ". $data['Repository_id'] . ", " . $data['Repo_blob_offset'] . ", 'Content_type', '" . PMA_sqlAddSlashes($contentType) . "')";
} else {
- $query = "UPDATE pbms_metadata SET name = 'Content_type', Value = '" . PMA_sqlAddslashes($contentType) . "' $where";
+ $query = "UPDATE pbms_metadata SET name = 'Content_type', Value = '" . PMA_sqlAddSlashes($contentType) . "' $where";
}
//error_log("$query\n", 3, "/tmp/mylog");
PMA_DBI_query($query);
diff --git a/libraries/bookmark.lib.php b/libraries/bookmark.lib.php
index 5492cbf..9ff7d1b 100644
--- a/libraries/bookmark.lib.php
+++ b/libraries/bookmark.lib.php
@@ -58,13 +58,13 @@ function PMA_Bookmark_getList($db)
}
$query = 'SELECT label, id FROM '. PMA_backquote($cfgBookmark['db']) . '.' . PMA_backquote($cfgBookmark['table'])
- . ' WHERE dbase = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND user = \'' . PMA_sqlAddslashes($cfgBookmark['user']) . '\''
+ . ' WHERE dbase = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND user = \'' . PMA_sqlAddSlashes($cfgBookmark['user']) . '\''
. ' ORDER BY label';
$per_user = PMA_DBI_fetch_result($query, 'id', 'label', $controllink, PMA_DBI_QUERY_STORE);
$query = 'SELECT label, id FROM '. PMA_backquote($cfgBookmark['db']) . '.' . PMA_backquote($cfgBookmark['table'])
- . ' WHERE dbase = \'' . PMA_sqlAddslashes($db) . '\''
+ . ' WHERE dbase = \'' . PMA_sqlAddSlashes($db) . '\''
. ' AND user = \'\''
. ' ORDER BY label';
$global = PMA_DBI_fetch_result($query, 'id', 'label', $controllink, PMA_DBI_QUERY_STORE);
@@ -107,10 +107,10 @@ function PMA_Bookmark_get($db, $id, $id_field = 'id', $action_bookmark_all = fal
}
$query = 'SELECT query FROM ' . PMA_backquote($cfgBookmark['db']) . '.' . PMA_backquote($cfgBookmark['table'])
- . ' WHERE dbase = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE dbase = \'' . PMA_sqlAddSlashes($db) . '\'';
if (!$action_bookmark_all) {
- $query .= ' AND (user = \'' . PMA_sqlAddslashes($cfgBookmark['user']) . '\'';
+ $query .= ' AND (user = \'' . PMA_sqlAddSlashes($cfgBookmark['user']) . '\'';
if (!$exact_user_match) {
$query .= ' OR user = \'\'';
}
@@ -146,7 +146,7 @@ function PMA_Bookmark_save($fields, $all_users = false)
}
$query = 'INSERT INTO ' . PMA_backquote($cfgBookmark['db']) . '.' . PMA_backquote($cfgBookmark['table'])
- . ' (id, dbase, user, query, label) VALUES (NULL, \'' . PMA_sqlAddslashes($fields['dbase']) . '\', \'' . ($all_users ? '' : PMA_sqlAddslashes($fields['user'])) . '\', \'' . PMA_sqlAddslashes(urldecode($fields['query'])) . '\', \'' . PMA_sqlAddslashes($fields['label']) . '\')';
+ . ' (id, dbase, user, query, label) VALUES (NULL, \'' . PMA_sqlAddSlashes($fields['dbase']) . '\', \'' . ($all_users ? '' : PMA_sqlAddSlashes($fields['user'])) . '\', \'' . PMA_sqlAddSlashes(urldecode($fields['query'])) . '\', \'' . PMA_sqlAddSlashes($fields['label']) . '\')';
return PMA_DBI_query($query, $controllink);
} // end of the 'PMA_Bookmark_save()' function
@@ -172,7 +172,7 @@ function PMA_Bookmark_delete($db, $id)
}
$query = 'DELETE FROM ' . PMA_backquote($cfgBookmark['db']) . '.' . PMA_backquote($cfgBookmark['table'])
- . ' WHERE (user = \'' . PMA_sqlAddslashes($cfgBookmark['user']) . '\''
+ . ' WHERE (user = \'' . PMA_sqlAddSlashes($cfgBookmark['user']) . '\''
. ' OR user = \'\')'
. ' AND id = ' . $id;
return PMA_DBI_try_query($query, $controllink);
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index 7dcbea0..61f3102 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -161,7 +161,7 @@ function PMA_displayMaximumUploadSize($max_upload_size)
*
* @access public
*/
-function PMA_sqlAddslashes($a_string = '', $is_like = false, $crlf = false, $php_code = false)
+function PMA_sqlAddSlashes($a_string = '', $is_like = false, $crlf = false, $php_code = false)
{
if ($is_like) {
$a_string = str_replace('\\', '\\\\\\\\', $a_string);
@@ -182,7 +182,7 @@ function PMA_sqlAddslashes($a_string = '', $is_like = false, $crlf = false, $php
}
return $a_string;
-} // end of the 'PMA_sqlAddslashes()' function
+} // end of the 'PMA_sqlAddSlashes()' function
/**
@@ -1996,7 +1996,7 @@ function PMA_getUniqueCondition($handle, $fields_cnt, $fields_meta, $row, $force
$condition .= "= b'" . PMA_printable_bit_value($row[$i], $meta->length) . "' AND";
} else {
$condition .= '= \''
- . PMA_sqlAddslashes($row[$i], false, true) . '\' AND';
+ . PMA_sqlAddSlashes($row[$i], false, true) . '\' AND';
}
}
if ($meta->primary_key > 0) {
@@ -3082,7 +3082,7 @@ function PMA_currentUserHasPrivilege($priv, $db = null, $tbl = null)
'SCHEMA_PRIVILEGES',
$username,
$priv,
- PMA_sqlAddslashes($db)))) {
+ PMA_sqlAddSlashes($db)))) {
return true;
}
} else {
@@ -3098,8 +3098,8 @@ function PMA_currentUserHasPrivilege($priv, $db = null, $tbl = null)
'TABLE_PRIVILEGES',
$username,
$priv,
- PMA_sqlAddslashes($db),
- PMA_sqlAddslashes($tbl)))) {
+ PMA_sqlAddSlashes($db),
+ PMA_sqlAddSlashes($tbl)))) {
return true;
}
}
diff --git a/libraries/database_interface.lib.php b/libraries/database_interface.lib.php
index d9f19f3..50ae58b 100644
--- a/libraries/database_interface.lib.php
+++ b/libraries/database_interface.lib.php
@@ -323,7 +323,7 @@ function PMA_DBI_get_tables_full($database, $table = false, $tbl_is_group = fals
// added BINARY in the WHERE clause to force a case sensitive
// comparison (if we are looking for the db Aa we don't want
// to find the db aa)
- $this_databases = array_map('PMA_sqlAddslashes', $databases);
+ $this_databases = array_map('PMA_sqlAddSlashes', $databases);
$sql = '
SELECT *,
@@ -992,7 +992,7 @@ function PMA_DBI_postConnect($link, $is_controluser = false)
if (!PMA_DRIZZLE) {
if (! empty($GLOBALS['collation_connection'])) {
PMA_DBI_query("SET CHARACTER SET 'utf8';", $link, PMA_DBI_QUERY_STORE);
- PMA_DBI_query("SET collation_connection = '" . PMA_sqlAddslashes($GLOBALS['collation_connection']) . "';", $link, PMA_DBI_QUERY_STORE);
+ PMA_DBI_query("SET collation_connection = '" . PMA_sqlAddSlashes($GLOBALS['collation_connection']) . "';", $link, PMA_DBI_QUERY_STORE);
} else {
PMA_DBI_query("SET NAMES 'utf8' COLLATE 'utf8_general_ci';", $link, PMA_DBI_QUERY_STORE);
}
@@ -1373,14 +1373,14 @@ function PMA_DBI_get_triggers($db, $table = '', $delimiter = '//')
// Note: in http://dev.mysql.com/doc/refman/5.0/en/faqs-triggers.html
// their example uses WHERE TRIGGER_SCHEMA='dbname' so let's use this
// instead of WHERE EVENT_OBJECT_SCHEMA='dbname'
- $query = "SELECT TRIGGER_SCHEMA, TRIGGER_NAME, EVENT_MANIPULATION, EVENT_OBJECT_TABLE, ACTION_TIMING, ACTION_STATEMENT, EVENT_OBJECT_SCHEMA, EVENT_OBJECT_TABLE FROM information_schema.TRIGGERS WHERE TRIGGER_SCHEMA= '" . PMA_sqlAddslashes($db,true) . "';";
+ $query = "SELECT TRIGGER_SCHEMA, TRIGGER_NAME, EVENT_MANIPULATION, EVENT_OBJECT_TABLE, ACTION_TIMING, ACTION_STATEMENT, EVENT_OBJECT_SCHEMA, EVENT_OBJECT_TABLE FROM information_schema.TRIGGERS WHERE TRIGGER_SCHEMA= '" . PMA_sqlAddSlashes($db,true) . "';";
if (! empty($table)) {
- $query .= " AND EVENT_OBJECT_TABLE = '" . PMA_sqlAddslashes($table, true) . "';";
+ $query .= " AND EVENT_OBJECT_TABLE = '" . PMA_sqlAddSlashes($table, true) . "';";
}
} else {
- $query = "SHOW TRIGGERS FROM " . PMA_backquote(PMA_sqlAddslashes($db,true));
+ $query = "SHOW TRIGGERS FROM " . PMA_backquote(PMA_sqlAddSlashes($db,true));
if (! empty($table)) {
- $query .= " LIKE '" . PMA_sqlAddslashes($table, true) . "';";
+ $query .= " LIKE '" . PMA_sqlAddSlashes($table, true) . "';";
}
}
@@ -1424,8 +1424,8 @@ function PMA_isView($db, $view_name)
$result = PMA_DBI_fetch_result(
"SELECT TABLE_NAME
FROM information_schema.VIEWS
- WHERE TABLE_SCHEMA = '" . PMA_sqlAddslashes($db) . "'
- AND TABLE_NAME = '" . PMA_sqlAddslashes($view_name) . "'");
+ WHERE TABLE_SCHEMA = '" . PMA_sqlAddSlashes($db) . "'
+ AND TABLE_NAME = '" . PMA_sqlAddSlashes($view_name) . "'");
if ($result) {
return true;
diff --git a/libraries/db_events.inc.php b/libraries/db_events.inc.php
index 4aa68a8..adf265e 100644
--- a/libraries/db_events.inc.php
+++ b/libraries/db_events.inc.php
@@ -8,7 +8,7 @@ if (! defined('PHPMYADMIN')) {
exit;
}
-$events = PMA_DBI_fetch_result('SELECT EVENT_NAME, EVENT_TYPE FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' . PMA_sqlAddslashes($db,true) . '\';');
+$events = PMA_DBI_fetch_result('SELECT EVENT_NAME, EVENT_TYPE FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' . PMA_sqlAddSlashes($db,true) . '\';');
$conditional_class_add = '';
$conditional_class_drop = '';
diff --git a/libraries/db_info.inc.php b/libraries/db_info.inc.php
index 9d6dcf6..eebad23 100644
--- a/libraries/db_info.inc.php
+++ b/libraries/db_info.inc.php
@@ -130,7 +130,7 @@ if (true === $cfg['SkipLockedTables']) {
if (! isset($sot_cache[$tmp[0]])) {
$sts_result = PMA_DBI_query(
'SHOW TABLE STATUS FROM ' . PMA_backquote($db)
- . ' LIKE \'' . PMA_sqlAddSlashes($tmp[0]) . '\';');
+ . ' LIKE \'' . PMA_sqlAddSlashes($tmp[0], true) . '\';');
$sts_tmp = PMA_DBI_fetch_assoc($sts_result);
PMA_DBI_free_result($sts_result);
unset($sts_result);
diff --git a/libraries/db_routines.lib.php b/libraries/db_routines.lib.php
index dde8b79..7591d39 100644
--- a/libraries/db_routines.lib.php
+++ b/libraries/db_routines.lib.php
@@ -186,8 +186,8 @@ function PMA_RTN_getRoutineDataFromName($db, $name, $all = true)
$fields = "SPECIFIC_NAME, ROUTINE_TYPE, DTD_IDENTIFIER, "
. "ROUTINE_DEFINITION, IS_DETERMINISTIC, SQL_DATA_ACCESS, "
. "ROUTINE_COMMENT, SECURITY_TYPE";
- $where = "ROUTINE_SCHEMA='" . PMA_sqlAddslashes($db) . "' "
- . "AND SPECIFIC_NAME='" . PMA_sqlAddslashes($name) . "'";
+ $where = "ROUTINE_SCHEMA='" . PMA_sqlAddSlashes($db) . "' "
+ . "AND SPECIFIC_NAME='" . PMA_sqlAddSlashes($name) . "'";
$query = "SELECT $fields FROM INFORMATION_SCHEMA.ROUTINES WHERE $where;";
$routine = PMA_DBI_fetch_single_row($query);
@@ -1127,7 +1127,7 @@ function PMA_RTN_getRoutinesList()
* Get the routines
*/
$columns = "`SPECIFIC_NAME`, `ROUTINE_NAME`, `ROUTINE_TYPE`, `DTD_IDENTIFIER`, `ROUTINE_DEFINITION`";
- $where = "ROUTINE_SCHEMA='" . PMA_sqlAddslashes($db) . "'";
+ $where = "ROUTINE_SCHEMA='" . PMA_sqlAddSlashes($db) . "'";
$routines = PMA_DBI_fetch_result("SELECT $columns FROM `INFORMATION_SCHEMA`.`ROUTINES` WHERE $where;");
/**
* Conditional classes switch the list on or off
diff --git a/libraries/db_table_exists.lib.php b/libraries/db_table_exists.lib.php
index 8eb93e4..97b7ec8 100644
--- a/libraries/db_table_exists.lib.php
+++ b/libraries/db_table_exists.lib.php
@@ -46,7 +46,7 @@ if (empty($is_table) && !defined('PMA_SUBMIT_MULT') && ! defined('TABLE_MAY_BE_A
if (! $is_table) {
$_result = PMA_DBI_try_query(
- 'SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, true) . '\';',
+ 'SHOW TABLES LIKE \'' . PMA_sqlAddSlashes($table, true) . '\';',
null, PMA_DBI_QUERY_STORE);
$is_table = @PMA_DBI_num_rows($_result);
PMA_DBI_free_result($_result);
diff --git a/libraries/display_tbl.lib.php b/libraries/display_tbl.lib.php
index 0b63a1e..8fd73de 100644
--- a/libraries/display_tbl.lib.php
+++ b/libraries/display_tbl.lib.php
@@ -1587,7 +1587,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
// do not wrap if date field type
$nowrap = ((preg_match('@DATE|TIME at i', $meta->type) || $bool_nowrap) ? ' nowrap' : '');
- $where_comparison = ' = \'' . PMA_sqlAddslashes($row[$i]) . '\'';
+ $where_comparison = ' = \'' . PMA_sqlAddSlashes($row[$i]) . '\'';
$vertical_display['data'][$row_no][$i] = '<td ' . PMA_prepare_row_data($class, $condition_field, $analyzed_sql, $meta, $map, $row[$i], $transform_function, $default_function, $nowrap, $where_comparison, $transform_options, $is_field_truncated);
} else {
diff --git a/libraries/export/sql.php b/libraries/export/sql.php
index ed61a07..3b0d968 100644
--- a/libraries/export/sql.php
+++ b/libraries/export/sql.php
@@ -595,7 +595,7 @@ function PMA_exportDBFooter($db)
$delimiter = '$$';
if (PMA_MYSQL_INT_VERSION > 50100) {
- $event_names = PMA_DBI_fetch_result('SELECT EVENT_NAME FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' . PMA_sqlAddslashes($db,true) . '\';');
+ $event_names = PMA_DBI_fetch_result('SELECT EVENT_NAME FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' . PMA_sqlAddSlashes($db,true) . '\';');
} else {
$event_names = array();
}
@@ -690,7 +690,7 @@ function PMA_getTableDef($db, $table, $crlf, $error_url, $show_dates = false, $a
$new_crlf = $crlf;
// need to use PMA_DBI_QUERY_STORE with PMA_DBI_num_rows() in mysqli
- $result = PMA_DBI_query('SHOW TABLE STATUS FROM ' . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddslashes($table) . '\'', null, PMA_DBI_QUERY_STORE);
+ $result = PMA_DBI_query('SHOW TABLE STATUS FROM ' . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddSlashes($table, true) . '\'', null, PMA_DBI_QUERY_STORE);
if ($result != false) {
if (PMA_DBI_num_rows($result) > 0) {
$tmpres = PMA_DBI_fetch_assoc($result);
@@ -1184,10 +1184,10 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query)
}
// detection of 'bit' works only on mysqli extension
} elseif ($fields_meta[$j]->type == 'bit') {
- $values[] = "b'" . PMA_sqlAddslashes(PMA_printable_bit_value($row[$j], $fields_meta[$j]->length)) . "'";
+ $values[] = "b'" . PMA_sqlAddSlashes(PMA_printable_bit_value($row[$j], $fields_meta[$j]->length)) . "'";
// something else -> treat as a string
} else {
- $values[] = '\'' . str_replace($search, $replace, PMA_sqlAddslashes($row[$j])) . '\'';
+ $values[] = '\'' . str_replace($search, $replace, PMA_sqlAddSlashes($row[$j])) . '\'';
} // end if
} // end for
diff --git a/libraries/import.lib.php b/libraries/import.lib.php
index 75e65a0..e2cbdd2 100644
--- a/libraries/import.lib.php
+++ b/libraries/import.lib.php
@@ -987,7 +987,7 @@ function PMA_buildSQL($db_name, &$tables, &$analyses = NULL, &$additional_sql =
}
$tempSQLStr .= (($is_varchar) ? "'" : "");
- $tempSQLStr .= PMA_sqlAddslashes((string)$tables[$i][ROWS][$j][$k]);
+ $tempSQLStr .= PMA_sqlAddSlashes((string)$tables[$i][ROWS][$j][$k]);
$tempSQLStr .= (($is_varchar) ? "'" : "");
if ($k != ($num_cols - 1)) {
diff --git a/libraries/import/docsql.php b/libraries/import/docsql.php
index 3ac799f..4ba089a 100644
--- a/libraries/import/docsql.php
+++ b/libraries/import/docsql.php
@@ -68,10 +68,10 @@ if ($data === true && !$error && !$timeout_passed) {
' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . '
(db_name, table_name, column_name, ' . PMA_backquote('comment') . ')
VALUES (
- \'' . PMA_sqlAddslashes($GLOBALS['db']) . '\',
- \'' . PMA_sqlAddslashes(trim($tab)) . '\',
- \'' . PMA_sqlAddslashes(trim($inf[0])) . '\',
- \'' . PMA_sqlAddslashes(trim($inf[1])) . '\')';
+ \'' . PMA_sqlAddSlashes($GLOBALS['db']) . '\',
+ \'' . PMA_sqlAddSlashes(trim($tab)) . '\',
+ \'' . PMA_sqlAddSlashes(trim($inf[0])) . '\',
+ \'' . PMA_sqlAddSlashes(trim($inf[1])) . '\')';
PMA_importRunQuery($qry, $qry . '-- ' . htmlspecialchars($tab) . '.' . htmlspecialchars($inf[0]), true);
} // end inf[1] exists
if (!empty($inf[2]) && strlen(trim($inf[2])) > 0) {
@@ -81,12 +81,12 @@ if ($data === true && !$error && !$timeout_passed) {
' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation']) . '
(master_db, master_table, master_field, foreign_db, foreign_table, foreign_field)
VALUES (
- \'' . PMA_sqlAddslashes($GLOBALS['db']) . '\',
- \'' . PMA_sqlAddslashes(trim($tab)) . '\',
- \'' . PMA_sqlAddslashes(trim($inf[0])) . '\',
- \'' . PMA_sqlAddslashes($GLOBALS['db']) . '\',
- \'' . PMA_sqlAddslashes(trim($for[0])) . '\',
- \'' . PMA_sqlAddslashes(trim($for[1])) . '\')';
+ \'' . PMA_sqlAddSlashes($GLOBALS['db']) . '\',
+ \'' . PMA_sqlAddSlashes(trim($tab)) . '\',
+ \'' . PMA_sqlAddSlashes(trim($inf[0])) . '\',
+ \'' . PMA_sqlAddSlashes($GLOBALS['db']) . '\',
+ \'' . PMA_sqlAddSlashes(trim($for[0])) . '\',
+ \'' . PMA_sqlAddSlashes(trim($for[1])) . '\')';
PMA_importRunQuery($qry, $qry . '-- ' . htmlspecialchars($tab) . '.' . htmlspecialchars($inf[0]) . '(' . htmlspecialchars($inf[2]) . ')', true);
} // end inf[2] exists
} // End lines loop
diff --git a/libraries/import/ldi.php b/libraries/import/ldi.php
index 56dabf9..fe5264c 100644
--- a/libraries/import/ldi.php
+++ b/libraries/import/ldi.php
@@ -63,7 +63,7 @@ $sql = 'LOAD DATA';
if (isset($ldi_local_option)) {
$sql .= ' LOCAL';
}
-$sql .= ' INFILE \'' . PMA_sqlAddslashes($import_file) . '\'';
+$sql .= ' INFILE \'' . PMA_sqlAddSlashes($import_file) . '\'';
if (isset($ldi_replace)) {
$sql .= ' REPLACE';
} elseif (isset($ldi_ignore)) {
@@ -75,10 +75,10 @@ if (strlen($ldi_terminated) > 0) {
$sql .= ' FIELDS TERMINATED BY \'' . $ldi_terminated . '\'';
}
if (strlen($ldi_enclosed) > 0) {
- $sql .= ' ENCLOSED BY \'' . PMA_sqlAddslashes($ldi_enclosed) . '\'';
+ $sql .= ' ENCLOSED BY \'' . PMA_sqlAddSlashes($ldi_enclosed) . '\'';
}
if (strlen($ldi_escaped) > 0) {
- $sql .= ' ESCAPED BY \'' . PMA_sqlAddslashes($ldi_escaped) . '\'';
+ $sql .= ' ESCAPED BY \'' . PMA_sqlAddSlashes($ldi_escaped) . '\'';
}
if (strlen($ldi_new_line) > 0){
if ($ldi_new_line == 'auto') {
diff --git a/libraries/relation.lib.php b/libraries/relation.lib.php
index 9ac5282..c2acd8e 100644
--- a/libraries/relation.lib.php
+++ b/libraries/relation.lib.php
@@ -380,10 +380,10 @@ function PMA_getForeigners($db, $table, $column = '', $source = 'both')
`foreign_table`,
`foreign_field`
FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation']) . '
- WHERE `master_db` = \'' . PMA_sqlAddslashes($db) . '\'
- AND `master_table` = \'' . PMA_sqlAddslashes($table) . '\' ';
+ WHERE `master_db` = \'' . PMA_sqlAddSlashes($db) . '\'
+ AND `master_table` = \'' . PMA_sqlAddSlashes($table) . '\' ';
if (strlen($column)) {
- $rel_query .= ' AND `master_field` = \'' . PMA_sqlAddslashes($column) . '\'';
+ $rel_query .= ' AND `master_field` = \'' . PMA_sqlAddSlashes($column) . '\'';
}
$foreign = PMA_DBI_fetch_result($rel_query, 'master_field', null, $GLOBALS['controllink']);
}
@@ -473,8 +473,8 @@ function PMA_getDisplayField($db, $table)
$disp_query = '
SELECT `display_field`
FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_info']) . '
- WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($table) . '\'';
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($table) . '\'';
$row = PMA_DBI_fetch_single_row($disp_query, 'ASSOC', $GLOBALS['controllink']);
if (isset($row['display_field'])) {
@@ -545,7 +545,7 @@ function PMA_getDbComment($db)
$com_qry = "
SELECT `comment`
FROM " . PMA_backquote($cfgRelation['db']) . "." . PMA_backquote($cfgRelation['column_info']) . "
- WHERE db_name = '" . PMA_sqlAddslashes($db) . "'
+ WHERE db_name = '" . PMA_sqlAddSlashes($db) . "'
AND table_name = ''
AND column_name = '(db_comment)'";
$com_rs = PMA_query_as_controluser($com_qry, true, PMA_DBI_QUERY_STORE);
@@ -613,17 +613,17 @@ function PMA_setDbComment($db, $comment = '')
" . PMA_backquote($cfgRelation['db']) . "." . PMA_backquote($cfgRelation['column_info']) . "
(`db_name`, `table_name`, `column_name`, `comment`)
VALUES (
- '" . PMA_sqlAddslashes($db) . "',
+ '" . PMA_sqlAddSlashes($db) . "',
'',
'(db_comment)',
- '" . PMA_sqlAddslashes($comment) . "')
+ '" . PMA_sqlAddSlashes($comment) . "')
ON DUPLICATE KEY UPDATE
- `comment` = '" . PMA_sqlAddslashes($comment) . "'";
+ `comment` = '" . PMA_sqlAddSlashes($comment) . "'";
} else {
$upd_query = '
DELETE FROM
' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . '
- WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\'
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($db) . '\'
AND `table_name` = \'\'
AND `column_name` = \'(db_comment)\'';
}
@@ -686,11 +686,11 @@ function PMA_setHistory($db, $table, $username, $sqlquery)
`timevalue`,
`sqlquery`)
VALUES
- (\'' . PMA_sqlAddslashes($username) . '\',
- \'' . PMA_sqlAddslashes($db) . '\',
- \'' . PMA_sqlAddslashes($table) . '\',
+ (\'' . PMA_sqlAddSlashes($username) . '\',
+ \'' . PMA_sqlAddSlashes($db) . '\',
+ \'' . PMA_sqlAddSlashes($table) . '\',
NOW(),
- \'' . PMA_sqlAddslashes($sqlquery) . '\')');
+ \'' . PMA_sqlAddSlashes($sqlquery) . '\')');
} // end of 'PMA_setHistory()' function
/**
@@ -713,7 +713,7 @@ function PMA_getHistory($username)
`table`,
`sqlquery`
FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['history']) . '
- WHERE `username` = \'' . PMA_sqlAddslashes($username) . '\'
+ WHERE `username` = \'' . PMA_sqlAddSlashes($username) . '\'
ORDER BY `id` DESC';
return PMA_DBI_fetch_result($hist_query, null, null, $GLOBALS['controllink']);
@@ -930,9 +930,9 @@ function PMA_getForeignData($foreigners, $field, $override_total, $foreign_filte
. (($foreign_display == false) ? '' : ', ' . PMA_backquote($foreign_display));
$f_query_from = ' FROM ' . PMA_backquote($foreign_db) . '.' . PMA_backquote($foreign_table);
$f_query_filter = empty($foreign_filter) ? '' : ' WHERE ' . PMA_backquote($foreign_field)
- . ' LIKE "%' . PMA_sqlAddslashes($foreign_filter, true) . '%"'
+ . ' LIKE "%' . PMA_sqlAddSlashes($foreign_filter, true) . '%"'
. (($foreign_display == false) ? '' : ' OR ' . PMA_backquote($foreign_display)
- . ' LIKE "%' . PMA_sqlAddslashes($foreign_filter, true) . '%"'
+ . ' LIKE "%' . PMA_sqlAddSlashes($foreign_filter, true) . '%"'
);
$f_query_order = ($foreign_display == false) ? '' :' ORDER BY ' . PMA_backquote($foreign_table) . '.' . PMA_backquote($foreign_display);
$f_query_limit = isset($foreign_limit) ? $foreign_limit : '';
@@ -999,8 +999,8 @@ function PMA_getRelatives($from)
$rel_query = 'SELECT *'
. ' FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db'])
. '.' . PMA_backquote($GLOBALS['cfgRelation']['relation'])
- . ' WHERE ' . $from . '_db = \'' . PMA_sqlAddslashes($GLOBALS['db']) . '\''
- . ' AND ' . $to . '_db = \'' . PMA_sqlAddslashes($GLOBALS['db']) . '\''
+ . ' WHERE ' . $from . '_db = \'' . PMA_sqlAddSlashes($GLOBALS['db']) . '\''
+ . ' AND ' . $to . '_db = \'' . PMA_sqlAddSlashes($GLOBALS['db']) . '\''
. ' AND ' . $from . '_table IN ' . $in_know
. ' AND ' . $to . '_table IN ' . $in_left;
$relations = @PMA_DBI_query($rel_query, $GLOBALS['controllink']);
@@ -1038,26 +1038,26 @@ function PMA_REL_renameField($db, $table, $field, $new_name)
if ($cfgRelation['displaywork']) {
$table_query = 'UPDATE ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' SET display_field = \'' . PMA_sqlAddslashes($new_name) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND display_field = \'' . PMA_sqlAddslashes($field) . '\'';
+ . ' SET display_field = \'' . PMA_sqlAddSlashes($new_name) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND display_field = \'' . PMA_sqlAddSlashes($field) . '\'';
PMA_query_as_controluser($table_query);
}
if ($cfgRelation['relwork']) {
$table_query = 'UPDATE ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' SET master_field = \'' . PMA_sqlAddslashes($new_name) . '\''
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND master_field = \'' . PMA_sqlAddslashes($field) . '\'';
+ . ' SET master_field = \'' . PMA_sqlAddSlashes($new_name) . '\''
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND master_field = \'' . PMA_sqlAddSlashes($field) . '\'';
PMA_query_as_controluser($table_query);
$table_query = 'UPDATE ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' SET foreign_field = \'' . PMA_sqlAddslashes($new_name) . '\''
- . ' WHERE foreign_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND foreign_table = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND foreign_field = \'' . PMA_sqlAddslashes($field) . '\'';
+ . ' SET foreign_field = \'' . PMA_sqlAddSlashes($new_name) . '\''
+ . ' WHERE foreign_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND foreign_table = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND foreign_field = \'' . PMA_sqlAddSlashes($field) . '\'';
PMA_query_as_controluser($table_query);
} // end if relwork
}
@@ -1077,7 +1077,7 @@ function PMA_REL_create_page($newpage, $cfgRelation, $db, $query_default_option)
}
$ins_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages'])
. ' (db_name, page_descr)'
- . ' VALUES (\'' . PMA_sqlAddslashes($db) . '\', \'' . PMA_sqlAddslashes($newpage) . '\')';
+ . ' VALUES (\'' . PMA_sqlAddSlashes($db) . '\', \'' . PMA_sqlAddSlashes($newpage) . '\')';
PMA_query_as_controluser($ins_query, false, $query_default_option);
return PMA_DBI_insert_id(isset($GLOBALS['controllink']) ? $GLOBALS['controllink'] : '');
}
diff --git a/libraries/relation_cleanup.lib.php b/libraries/relation_cleanup.lib.php
index a03cf1f..3546fbb 100644
--- a/libraries/relation_cleanup.lib.php
+++ b/libraries/relation_cleanup.lib.php
@@ -22,31 +22,31 @@ function PMA_relationsCleanupColumn($db, $table, $column)
if ($cfgRelation['commwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND column_name = \'' . PMA_sqlAddslashes($column) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND column_name = \'' . PMA_sqlAddSlashes($column) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['displaywork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND display_field = \'' . PMA_sqlAddslashes($column) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND display_field = \'' . PMA_sqlAddSlashes($column) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['relwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND master_field = \'' . PMA_sqlAddslashes($column) . '\'';
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND master_field = \'' . PMA_sqlAddSlashes($column) . '\'';
PMA_query_as_controluser($remove_query);
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE foreign_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND foreign_table = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND foreign_field = \'' . PMA_sqlAddslashes($column) . '\'';
+ . ' WHERE foreign_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND foreign_table = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND foreign_field = \'' . PMA_sqlAddSlashes($column) . '\'';
PMA_query_as_controluser($remove_query);
}
}
@@ -63,41 +63,41 @@ function PMA_relationsCleanupTable($db, $table)
if ($cfgRelation['commwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['displaywork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['pdfwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['designerwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['designer_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['relwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($table) . '\'';
PMA_query_as_controluser($remove_query);
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE foreign_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND foreign_table = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE foreign_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND foreign_table = \'' . PMA_sqlAddSlashes($table) . '\'';
PMA_query_as_controluser($remove_query);
}
}
@@ -113,45 +113,45 @@ function PMA_relationsCleanupDatabase($db)
if ($cfgRelation['commwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['bookmarkwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['bookmark'])
- . ' WHERE dbase = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE dbase = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['displaywork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['pdfwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['designerwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['designer_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
}
if ($cfgRelation['relwork']) {
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
$remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE foreign_db = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE foreign_db = \'' . PMA_sqlAddSlashes($db) . '\'';
PMA_query_as_controluser($remove_query);
}
}
diff --git a/libraries/schema/Dia_Relation_Schema.class.php b/libraries/schema/Dia_Relation_Schema.class.php
index e2f5236..bccf214 100644
--- a/libraries/schema/Dia_Relation_Schema.class.php
+++ b/libraries/schema/Dia_Relation_Schema.class.php
@@ -240,8 +240,8 @@ class Table_Stats
$sql = 'SELECT x, y FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($tableName) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($tableName) . '\''
. ' AND pdf_page_number = ' . $pageNumber;
$result = PMA_query_as_controluser($sql, false, PMA_DBI_QUERY_STORE);
if (!$result || !PMA_DBI_num_rows($result)) {
diff --git a/libraries/schema/Eps_Relation_Schema.class.php b/libraries/schema/Eps_Relation_Schema.class.php
index 7dbec6d..50ea7e3 100644
--- a/libraries/schema/Eps_Relation_Schema.class.php
+++ b/libraries/schema/Eps_Relation_Schema.class.php
@@ -427,8 +427,8 @@ class Table_Stats
// x and y
$sql = 'SELECT x, y FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($tableName) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($tableName) . '\''
. ' AND pdf_page_number = ' . $pageNumber;
$result = PMA_query_as_controluser($sql, false, PMA_DBI_QUERY_STORE);
diff --git a/libraries/schema/Export_Relation_Schema.class.php b/libraries/schema/Export_Relation_Schema.class.php
index 6c9cca7..bfdb063 100644
--- a/libraries/schema/Export_Relation_Schema.class.php
+++ b/libraries/schema/Export_Relation_Schema.class.php
@@ -162,7 +162,7 @@ class PMA_Export_Relation_Schema
global $cfgRelation;
// Get All tables
$tab_sql = 'SELECT table_name FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
. ' AND pdf_page_number = ' . $pageNumber;
$tab_rs = PMA_query_as_controluser($tab_sql, null, PMA_DBI_QUERY_STORE);
@@ -170,7 +170,7 @@ class PMA_Export_Relation_Schema
$this->dieSchema('',__('This page does not contain any tables!'));
}
while ($curr_table = @PMA_DBI_fetch_assoc($tab_rs)) {
- $alltables[] = PMA_sqlAddslashes($curr_table['table_name']);
+ $alltables[] = PMA_sqlAddSlashes($curr_table['table_name']);
}
return $alltables;
}
diff --git a/libraries/schema/Pdf_Relation_Schema.class.php b/libraries/schema/Pdf_Relation_Schema.class.php
index d6f212f..abdcf6c schema/Pdf_Relation_Schema.class.php b/libraries/schema/Pdf_Relation_Schema.class.php uote($cfgRelation['table_coords']) y); true); ); nsform_function, $default_function, $nowrap, $where_comparison, $transform_options, $is_field_truncated); 'label']) . '\')'; + 6 è è! è! ÎRuÿ ÎRuÿ xdV+ ÄRuÿ "±nU+ ÎnU+ ÎRuÿ ð°nU+ OÎRuÿ À_ïV+ ó¸nU+ PïV+ ØTïV+ ¨YïV+ È4pU+ xdV+ ÄRuÿ `ÃRuÿ ëÍnU+ à! à! ÎRuÿ ÎRuÿ È-kV+ pÅRuÿ "±nU+ ÎnU+ ÎRuÿ ð°nU+ OÎRuÿ @ÎRuÿ 8ÎRuÿ ËU+ p ÎRuÿ ó¸nU+ È4pU+ pÅRuÿ @ÄRuÿ ëÍnU+ G H I J K M N O P ÎRuÿ ÎRuÿ HåAV+ ÇRuÿ "±nU+ ÎnU+ ÎRuÿ 0_ïV+ ó¸nU+ pV+ V+ PïV+ ØTïV+ ¨YïV+ È4pU+ HåAV+ ÇRuÿ PÅRuÿ ëÍnU+ 8åAV+ ÇRuÿ ÅRuÿ ëÍnU+ (åAV+ ÇRuÿ °ÅRuÿ ëÍnU+ åAV+ ÇRuÿ àÅRuÿ ëÍnU+ ¨^ïV+ ó¸nU+ ¨YïV+ `ÀRuÿ hV+ æ·nU+ ØTïV+ ÆRuÿ yhV+ æ·nU+ PïV+ °ÆRuÿ ZhV+ æ·nU+ ØV+ pV+ V+ PïV+ ØtV+ ØTïV+ ¨YïV+ È4pU+ à]V+ 0ÈRuÿ ÇRuÿ ëÍnU+ # % ' ) * - . 0 3 5 6 7 8 : < = ÎRuÿ ÎRuÿ péU+ PÉRuÿ "±nU+ 8V+ ó¸nU+ ØtV+ yV+ È4pU+ c f ݵU+ ÎRuÿ péU+ PÉRuÿ ÈRuÿ ëÍnU+ Ó%°æ§ìwqÒ-øÒ êÓïs¨Ó,~9×u]ÞÓ 4Q ÷U^Qʧ ¶uª¹ñìò*Äv´r»U+ ÀÏRuÿ FRW+ FRW+ ?ŸU+ ÏRuÿ àÆRuÿ ÊRuÿ ݵU+ æ·nU+ èÄU+ ÑRuÿ BRW+ ÐÏRuÿ OÎRuÿ õ\U+ ÎRuÿ ÿÿÿÿÿÿÿÿBRW+ ÎRuÿ ëÍnU 100644
--- a/libraries/schema/Pdf_Relation_Schema.class.php
+++ b/libraries/schema/Pdf_Relation_Schema.class.php
@@ -219,7 +219,7 @@ class PMA_PDF extends TCPDF
global $cfgRelation, $db, $pdf_page_number, $with_doc;
if ($with_doc) {
$test_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
. ' AND page_nr = \'' . $pdf_page_number . '\'';
$test_rs = PMA_query_as_controluser($test_query);
$pages = @PMA_DBI_fetch_assoc($test_rs);
@@ -510,8 +510,8 @@ class Table_Stats
}
$sql = 'SELECT x, y FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($tableName) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($tableName) . '\''
. ' AND pdf_page_number = ' . $pageNumber;
$result = PMA_query_as_controluser($sql, false, PMA_DBI_QUERY_STORE);
if (!$result || !PMA_DBI_num_rows($result)) {
diff --git a/libraries/schema/Svg_Relation_Schema.class.php b/libraries/schema/Svg_Relation_Schema.class.php
index 73d67e9..c845efe 100644
--- a/libraries/schema/Svg_Relation_Schema.class.php
+++ b/libraries/schema/Svg_Relation_Schema.class.php
@@ -397,8 +397,8 @@ class Table_Stats
// x and y
$sql = 'SELECT x, y FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($tableName) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($tableName) . '\''
. ' AND pdf_page_number = ' . $pageNumber;
$result = PMA_query_as_controluser($sql, false, PMA_DBI_QUERY_STORE);
diff --git a/libraries/schema/User_Schema.class.php b/libraries/schema/User_Schema.class.php
index 98216fe..641acf4 100644
--- a/libraries/schema/User_Schema.class.php
+++ b/libraries/schema/User_Schema.class.php
@@ -134,7 +134,7 @@ class PMA_User_Schema
{
global $db,$table,$query_default_option,$cfgRelation;
$page_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'';
$page_rs = PMA_query_as_controluser($page_query, false, $query_default_option);
if ($page_rs && PMA_DBI_num_rows($page_rs) > 0) {
?>
@@ -207,8 +207,8 @@ class PMA_User_Schema
<h2><?php echo __('Select Tables') ;?></h2>
<?php
$page_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND pdf_page_number = \'' . PMA_sqlAddslashes($this->chosenPage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($this->chosenPage) . '\'';
$page_rs = PMA_query_as_controluser($page_query, false, $query_default_option);
$array_sh_page = array();
while ($temp_sh_page = @PMA_DBI_fetch_assoc($page_rs)) {
@@ -540,9 +540,9 @@ class PMA_User_Schema
{
foreach ($delrow as $current_row) {
$del_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' ' . "\n"
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' . "\n"
- . ' AND table_name = \'' . PMA_sqlAddslashes($current_row) . '\'' . "\n"
- . ' AND pdf_page_number = \'' . PMA_sqlAddslashes($chpage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'' . "\n"
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($current_row) . '\'' . "\n"
+ . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($chpage) . '\'';
echo $del_query;
PMA_query_as_controluser($del_query, false, $query_default_option);
}
@@ -585,8 +585,8 @@ class PMA_User_Schema
public function deleteCoordinates($db, $cfgRelation, $choosePage, $query_default_option)
{
$query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND pdf_page_number = \'' . PMA_sqlAddslashes($choosePage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($choosePage) . '\'';
PMA_query_as_controluser($query, false, $query_default_option);
}
@@ -602,8 +602,8 @@ class PMA_User_Schema
public function deletePages($db, $cfgRelation, $choosePage, $query_default_option)
{
$query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND page_nr = \'' . PMA_sqlAddslashes($choosePage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND page_nr = \'' . PMA_sqlAddSlashes($choosePage) . '\'';
PMA_query_as_controluser($query, false, $query_default_option);
}
@@ -734,7 +734,7 @@ class PMA_User_Schema
*/
$insert_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' '
. '(db_name, table_name, pdf_page_number, x, y) '
- . 'VALUES (\'' . PMA_sqlAddslashes($db) . '\', \'' . PMA_sqlAddslashes($current_table) . '\',' . $pageNumber . ',' . $pos_x . ',' . $pos_y . ')';
+ . 'VALUES (\'' . PMA_sqlAddSlashes($db) . '\', \'' . PMA_sqlAddSlashes($current_table) . '\',' . $pageNumber . ',' . $pos_x . ',' . $pos_y . ')';
PMA_query_as_controluser($insert_query, false, $query_default_option);
/*
@@ -787,28 +787,28 @@ class PMA_User_Schema
}
if (isset($arrvalue['name']) && $arrvalue['name'] != '--') {
$test_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($arrvalue['name']) . '\''
- . ' AND pdf_page_number = \'' . PMA_sqlAddslashes($this->chosenPage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($arrvalue['name']) . '\''
+ . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($this->chosenPage) . '\'';
$test_rs = PMA_query_as_controluser($test_query, false, $query_default_option);
//echo $test_query;
if ($test_rs && PMA_DBI_num_rows($test_rs) > 0) {
if (isset($arrvalue['delete']) && $arrvalue['delete'] == 'y') {
$ch_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($arrvalue['name']) . '\''
- . ' AND pdf_page_number = \'' . PMA_sqlAddslashes($this->chosenPage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($arrvalue['name']) . '\''
+ . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($this->chosenPage) . '\'';
} else {
$ch_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' '
. 'SET x = ' . $arrvalue['x'] . ', y= ' . $arrvalue['y']
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($arrvalue['name']) . '\''
- . ' AND pdf_page_number = \'' . PMA_sqlAddslashes($this->chosenPage) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($arrvalue['name']) . '\''
+ . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($this->chosenPage) . '\'';
}
} else {
$ch_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' '
. '(db_name, table_name, pdf_page_number, x, y) '
- . 'VALUES (\'' . PMA_sqlAddslashes($db) . '\', \'' . PMA_sqlAddslashes($arrvalue['name']) . '\', \'' . PMA_sqlAddslashes($this->chosenPage) . '\',' . $arrvalue['x'] . ',' . $arrvalue['y'] . ')';
+ . 'VALUES (\'' . PMA_sqlAddSlashes($db) . '\', \'' . PMA_sqlAddSlashes($arrvalue['name']) . '\', \'' . PMA_sqlAddSlashes($this->chosenPage) . '\',' . $arrvalue['x'] . ',' . $arrvalue['y'] . ')';
}
//echo $ch_query;
PMA_query_as_controluser($ch_query, false, $query_default_option);
diff --git a/libraries/schema/Visio_Relation_Schema.class.php b/libraries/schema/Visio_Relation_Schema.class.php
index 663c7e8..011e73e 100644
--- a/libraries/schema/Visio_Relation_Schema.class.php
+++ b/libraries/schema/Visio_Relation_Schema.class.php
@@ -243,8 +243,8 @@ class Table_Stats
// x and y
$sql = 'SELECT x, y FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($tableName) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($tableName) . '\''
. ' AND pdf_page_number = ' . $pageNumber;
$result = PMA_query_as_controluser($sql, false, PMA_DBI_QUERY_STORE);
diff --git a/libraries/server_synchronize.lib.php b/libraries/server_synchronize.lib.php
index 1d73f13..8f276be 100644
--- a/libraries/server_synchronize.lib.php
+++ b/libraries/server_synchronize.lib.php
@@ -560,11 +560,11 @@ function PMA_insertIntoTargetTable($matching_table, $src_db, $trg_db, $src_link,
}
$insert_query .= ") VALUES(";
if (sizeof($table_fields[$matching_table_index]) == 1) {
- $insert_query .= "'" . PMA_sqlAddslashes($result[0]) . "'";
+ $insert_query .= "'" . PMA_sqlAddSlashes($result[0]) . "'";
} else {
for ($field_index = 0; $field_index < sizeof($table_fields[$matching_table_index]); $field_index++) {
if (isset($result[0][$table_fields[$matching_table_index][$field_index]])) {
- $insert_query .= "'" . PMA_sqlAddslashes($result[0][$table_fields[$matching_table_index][$field_index]]) . "'";
+ $insert_query .= "'" . PMA_sqlAddSlashes($result[0][$table_fields[$matching_table_index][$field_index]]) . "'";
} else {
$insert_query .= "'NULL'";
}
@@ -660,7 +660,7 @@ function PMA_populateTargetTables($src_db, $trg_db, $src_link, $trg_link, $uncom
$insert_query .= '(';
$key_of_last_value = count($one_row) - 1;
foreach($one_row as $key => $value) {
- $insert_query .= "'" . PMA_sqlAddslashes($value) . "'";
+ $insert_query .= "'" . PMA_sqlAddSlashes($value) . "'";
if ($key < $key_of_last_value) {
$insert_query .= ",";
}
diff --git a/libraries/tbl_replace_fields.inc.php b/libraries/tbl_replace_fields.inc.php
index 71bbfbc..32da9c0 100644
--- a/libraries/tbl_replace_fields.inc.php
+++ b/libraries/tbl_replace_fields.inc.php
@@ -69,7 +69,7 @@ if (false !== $possibly_uploaded_val) {
} elseif ($type == 'set') {
if (! empty($_REQUEST['fields']['multi_edit'][$rownumber][$key])) {
$val = implode(',', $_REQUEST['fields']['multi_edit'][$rownumber][$key]);
- $val = "'" . PMA_sqlAddslashes($val) . "'";
+ $val = "'" . PMA_sqlAddSlashes($val) . "'";
}
} elseif ($type == 'protected') {
// here we are in protected mode (asked in the config)
@@ -87,9 +87,9 @@ if (false !== $possibly_uploaded_val) {
}
} elseif ($type == 'bit') {
$val = preg_replace('/[^01]/', '0', $val);
- $val = "b'" . PMA_sqlAddslashes($val) . "'";
+ $val = "b'" . PMA_sqlAddSlashes($val) . "'";
} elseif (! (($type == 'datetime' || $type == 'timestamp') && $val == 'CURRENT_TIMESTAMP')) {
- $val = "'" . PMA_sqlAddslashes($val) . "'";
+ $val = "'" . PMA_sqlAddSlashes($val) . "'";
}
// Was the Null checkbox checked for this field?
diff --git a/libraries/transformations.lib.php b/libraries/transformations.lib.php
index 98d0b14..e58ecf8 100644
--- a/libraries/transformations.lib.php
+++ b/libraries/transformations.lib.php
@@ -137,8 +137,8 @@ function PMA_getMIME($db, $table, $strict = false)
`transformation`,
`transformation_options`
FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . '
- WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($table) . '\'
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($table) . '\'
AND ( `mimetype` != \'\'' . (!$strict ? '
OR `transformation` != \'\'
OR `transformation_options` != \'\'' : '') . ')';
@@ -171,9 +171,9 @@ function PMA_setMIME($db, $table, $key, $mimetype, $transformation,
SELECT `mimetype`,
`comment`
FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . '
- WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($table) . '\'
- AND `column_name` = \'' . PMA_sqlAddslashes($key) . '\'';
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($table) . '\'
+ AND `column_name` = \'' . PMA_sqlAddSlashes($key) . '\'';
$test_rs = PMA_query_as_controluser($test_qry, true, PMA_DBI_QUERY_STORE);
if ($test_rs && PMA_DBI_num_rows($test_rs) > 0) {
@@ -185,27 +185,27 @@ function PMA_setMIME($db, $table, $key, $mimetype, $transformation,
|| strlen($transformation_options) || strlen($row['comment']))) {
$upd_query = '
UPDATE ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . '
- SET `mimetype` = \'' . PMA_sqlAddslashes($mimetype) . '\',
- `transformation` = \'' . PMA_sqlAddslashes($transformation) . '\',
- `transformation_options` = \'' . PMA_sqlAddslashes($transformation_options) . '\'';
+ SET `mimetype` = \'' . PMA_sqlAddSlashes($mimetype) . '\',
+ `transformation` = \'' . PMA_sqlAddSlashes($transformation) . '\',
+ `transformation_options` = \'' . PMA_sqlAddSlashes($transformation_options) . '\'';
} else {
$upd_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']);
}
$upd_query .= '
- WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($table) . '\'
- AND `column_name` = \'' . PMA_sqlAddslashes($key) . '\'';
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($db) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($table) . '\'
+ AND `column_name` = \'' . PMA_sqlAddSlashes($key) . '\'';
} elseif (strlen($mimetype) || strlen($transformation)
|| strlen($transformation_options)) {
$upd_query = 'INSERT INTO ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info'])
. ' (db_name, table_name, column_name, mimetype, transformation, transformation_options) '
. ' VALUES('
- . '\'' . PMA_sqlAddslashes($db) . '\','
- . '\'' . PMA_sqlAddslashes($table) . '\','
- . '\'' . PMA_sqlAddslashes($key) . '\','
- . '\'' . PMA_sqlAddslashes($mimetype) . '\','
- . '\'' . PMA_sqlAddslashes($transformation) . '\','
- . '\'' . PMA_sqlAddslashes($transformation_options) . '\')';
+ . '\'' . PMA_sqlAddSlashes($db) . '\','
+ . '\'' . PMA_sqlAddSlashes($table) . '\','
+ . '\'' . PMA_sqlAddSlashes($key) . '\','
+ . '\'' . PMA_sqlAddSlashes($mimetype) . '\','
+ . '\'' . PMA_sqlAddSlashes($transformation) . '\','
+ . '\'' . PMA_sqlAddSlashes($transformation_options) . '\')';
}
if (isset($upd_query)){
diff --git a/libraries/user_preferences.lib.php b/libraries/user_preferences.lib.php
index 632e3e2..2246a4d 100644
--- a/libraries/user_preferences.lib.php
+++ b/libraries/user_preferences.lib.php
@@ -52,7 +52,7 @@ function PMA_load_userprefs()
$query = '
SELECT `config_data`, UNIX_TIMESTAMP(`timevalue`) ts
FROM ' . $query_table . '
- WHERE `username` = \'' . PMA_sqlAddslashes($cfgRelation['user']) . '\'';
+ WHERE `username` = \'' . PMA_sqlAddSlashes($cfgRelation['user']) . '\'';
$row = PMA_DBI_fetch_single_row($query, 'ASSOC', $GLOBALS['controllink']);
return array(
@@ -90,20 +90,20 @@ function PMA_save_userprefs(array $config_array)
$query = '
SELECT `username`
FROM ' . $query_table . '
- WHERE `username` = \'' . PMA_sqlAddslashes($cfgRelation['user']) . '\'';
+ WHERE `username` = \'' . PMA_sqlAddSlashes($cfgRelation['user']) . '\'';
$has_config = PMA_DBI_fetch_value($query, 0, 0, $GLOBALS['controllink']);
$config_data = json_encode($config_array);
if ($has_config) {
$query = '
UPDATE ' . $query_table . '
- SET `config_data` = \'' . PMA_sqlAddslashes($config_data) . '\'
- WHERE `username` = \'' . PMA_sqlAddslashes($cfgRelation['user']) . '\'';
+ SET `config_data` = \'' . PMA_sqlAddSlashes($config_data) . '\'
+ WHERE `username` = \'' . PMA_sqlAddSlashes($cfgRelation['user']) . '\'';
} else {
$query = '
INSERT INTO ' . $query_table . ' (`username`, `config_data`)
- VALUES (\'' . PMA_sqlAddslashes($cfgRelation['user']) . '\',
- \'' . PMA_sqlAddslashes($config_data) . '\')';
+ VALUES (\'' . PMA_sqlAddSlashes($cfgRelation['user']) . '\',
+ \'' . PMA_sqlAddSlashes($config_data) . '\')';
}
if (isset($_SESSION['cache'][$cache_key]['userprefs'])) {
unset($_SESSION['cache'][$cache_key]['userprefs']);
diff --git a/pmd_display_field.php b/pmd_display_field.php
index 21ef7f2..0e51cd7 100644
--- a/pmd_display_field.php
+++ b/pmd_display_field.php
@@ -19,21 +19,21 @@ if ($cfgRelation['displaywork']) {
if ($disp) {
if ($display_field != $disp) {
$upd_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' SET display_field = \'' . PMA_sqlAddslashes($display_field) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' SET display_field = \'' . PMA_sqlAddSlashes($display_field) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
} else {
$upd_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
}
} elseif ($display_field != '') {
$upd_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
. '(db_name, table_name, display_field) '
. ' VALUES('
- . '\'' . PMA_sqlAddslashes($db) . '\','
- . '\'' . PMA_sqlAddslashes($table) . '\','
- . '\'' . PMA_sqlAddslashes($display_field) . '\')';
+ . '\'' . PMA_sqlAddSlashes($db) . '\','
+ . '\'' . PMA_sqlAddSlashes($table) . '\','
+ . '\'' . PMA_sqlAddSlashes($display_field) . '\')';
}
if (isset($upd_query)) {
diff --git a/pmd_pdf.php b/pmd_pdf.php
index 4972ae2..d697dd5 100644
--- a/pmd_pdf.php
+++ b/pmd_pdf.php
@@ -22,7 +22,7 @@ if (isset($mode)) {
$pmd_table = PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['designer_coords']);
$pma_table = PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']);
- $scale_q = PMA_sqlAddslashes($scale);
+ $scale_q = PMA_sqlAddSlashes($scale);
if ('create_export' == $mode) {
/*
@@ -38,10 +38,10 @@ if (isset($mode)) {
}
}
- $pdf_page_number_q = PMA_sqlAddslashes($pdf_page_number);
+ $pdf_page_number_q = PMA_sqlAddSlashes($pdf_page_number);
if ('export' == $mode) {
- $sql = "REPLACE INTO " . $pma_table . " (db_name, table_name, pdf_page_number, x, y) SELECT db_name, table_name, " . $pdf_page_number_q . ", ROUND(x/" . $scale_q . ") , ROUND(y/" . $scale_q . ") y FROM " . $pmd_table . " WHERE db_name = '" . PMA_sqlAddslashes($db) . "'";
+ $sql = "REPLACE INTO " . $pma_table . " (db_name, table_name, pdf_page_number, x, y) SELECT db_name, table_name, " . $pdf_page_number_q . ", ROUND(x/" . $scale_q . ") , ROUND(y/" . $scale_q . ") y FROM " . $pmd_table . " WHERE db_name = '" . PMA_sqlAddSlashes($db) . "'";
PMA_query_as_controluser($sql,true,PMA_DBI_QUERY_STORE);
}
@@ -56,7 +56,7 @@ if (isset($mode)) {
AND
' . $pmd_table . '.`table_name` = ' . $pma_table . '.`table_name`
AND
- ' . $pmd_table . '.`db_name`=\''. PMA_sqlAddslashes($db) .'\'
+ ' . $pmd_table . '.`db_name`=\''. PMA_sqlAddSlashes($db) .'\'
AND pdf_page_number = ' . $pdf_page_number_q . ';', true, PMA_DBI_QUERY_STORE);
}
}
@@ -83,7 +83,7 @@ $choices = array();
$table_info_result = PMA_query_as_controluser('SELECT * FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'');
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'');
if (PMA_DBI_num_rows($table_info_result) > 0) {
echo '<p>' . __('Page') . ':';
diff --git a/pmd_relation_new.php b/pmd_relation_new.php
index da92e97..a104cc1 100644
--- a/pmd_relation_new.php
+++ b/pmd_relation_new.php
@@ -73,12 +73,12 @@ if (PMA_foreignkey_supported($type_T1) && PMA_foreignkey_supported($type_T2) &&
$q = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['relation'])
. '(master_db, master_table, master_field, foreign_db, foreign_table, foreign_field)'
. ' values('
- . '\'' . PMA_sqlAddslashes($db) . '\', '
- . '\'' . PMA_sqlAddslashes($T2) . '\', '
- . '\'' . PMA_sqlAddslashes($F2) . '\', '
- . '\'' . PMA_sqlAddslashes($db) . '\', '
- . '\'' . PMA_sqlAddslashes($T1) . '\','
- . '\'' . PMA_sqlAddslashes($F1) . '\')';
+ . '\'' . PMA_sqlAddSlashes($db) . '\', '
+ . '\'' . PMA_sqlAddSlashes($T2) . '\', '
+ . '\'' . PMA_sqlAddSlashes($F2) . '\', '
+ . '\'' . PMA_sqlAddSlashes($db) . '\', '
+ . '\'' . PMA_sqlAddSlashes($T1) . '\','
+ . '\'' . PMA_sqlAddSlashes($F1) . '\')';
if (PMA_query_as_controluser($q , false, PMA_DBI_QUERY_STORE)) {
PMD_return_new(1, __('Internal relation added'));
diff --git a/pmd_relation_upd.php b/pmd_relation_upd.php
index 6b4b92b..58c9135 100644
--- a/pmd_relation_upd.php
+++ b/pmd_relation_upd.php
@@ -44,12 +44,12 @@ if ($try_to_delete_internal_relation) {
PMA_query_as_controluser('DELETE FROM '
. PMA_backquote($GLOBALS['cfgRelation']['db']) . '.'
. $cfg['Server']['relation'].' WHERE '
- . 'master_db = \'' . PMA_sqlAddslashes($DB2) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($T2) . '\''
- . ' AND master_field = \'' . PMA_sqlAddslashes($F2) . '\''
- . ' AND foreign_db = \'' . PMA_sqlAddslashes($DB1) . '\''
- . ' AND foreign_table = \'' . PMA_sqlAddslashes($T1) . '\''
- . ' AND foreign_field = \'' . PMA_sqlAddslashes($F1) . '\''
+ . 'master_db = \'' . PMA_sqlAddSlashes($DB2) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($T2) . '\''
+ . ' AND master_field = \'' . PMA_sqlAddSlashes($F2) . '\''
+ . ' AND foreign_db = \'' . PMA_sqlAddSlashes($DB1) . '\''
+ . ' AND foreign_table = \'' . PMA_sqlAddSlashes($T1) . '\''
+ . ' AND foreign_field = \'' . PMA_sqlAddSlashes($F1) . '\''
, false, PMA_DBI_QUERY_STORE);
}
PMD_return_upd(1, __('Relation deleted'));
diff --git a/pmd_save_pos.php b/pmd_save_pos.php
index fb9d1eb..6fefe63 100644
--- a/pmd_save_pos.php
+++ b/pmd_save_pos.php
@@ -20,18 +20,18 @@ foreach ($t_x as $key => $value) {
$KEY = empty($IS_AJAX) ? urldecode($key) : $key; // table name decode (post PDF exp/imp)
list($DB,$TAB) = explode(".", $KEY);
PMA_query_as_controluser('DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['designer_coords']) . '
- WHERE `db_name` = \'' . PMA_sqlAddslashes($DB) . '\'
- AND `table_name` = \'' . PMA_sqlAddslashes($TAB) . '\'', true, PMA_DBI_QUERY_STORE);
+ WHERE `db_name` = \'' . PMA_sqlAddSlashes($DB) . '\'
+ AND `table_name` = \'' . PMA_sqlAddSlashes($TAB) . '\'', true, PMA_DBI_QUERY_STORE);
PMA_query_as_controluser('INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['designer_coords']) . '
(db_name, table_name, x, y, v, h)
VALUES ('
- . '\'' . PMA_sqlAddslashes($DB) . '\', '
- . '\'' . PMA_sqlAddslashes($TAB) . '\', '
- . '\'' . PMA_sqlAddslashes($t_x[$key]) . '\', '
- . '\'' . PMA_sqlAddslashes($t_y[$key]) . '\', '
- . '\'' . PMA_sqlAddslashes($t_v[$key]) . '\', '
- . '\'' . PMA_sqlAddslashes($t_h[$key]) . '\''
+ . '\'' . PMA_sqlAddSlashes($DB) . '\', '
+ . '\'' . PMA_sqlAddSlashes($TAB) . '\', '
+ . '\'' . PMA_sqlAddSlashes($t_x[$key]) . '\', '
+ . '\'' . PMA_sqlAddSlashes($t_y[$key]) . '\', '
+ . '\'' . PMA_sqlAddSlashes($t_v[$key]) . '\', '
+ . '\'' . PMA_sqlAddSlashes($t_h[$key]) . '\''
. ')', true, PMA_DBI_QUERY_STORE);
}
//----------------------------------------------------------------------------
diff --git a/server_privileges.php b/server_privileges.php
index cedbcef..7cd802f 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -166,8 +166,8 @@ function PMA_RangeOfUsers($initial = '')
// strtolower() is used because the User field
// might be BINARY, so LIKE would be case sensitive
if (!empty($initial)) {
- $ret = " WHERE `User` LIKE '" . PMA_sqlAddslashes($initial) . "%'"
- . " OR `User` LIKE '" . PMA_sqlAddslashes(strtolower($initial)) . "%'";
+ $ret = " WHERE `User` LIKE '" . PMA_sqlAddSlashes($initial, true) . "%'"
+ . " OR `User` LIKE '" . PMA_sqlAddSlashes(strtolower($initial), true) . "%'";
} else {
$ret = '';
}
@@ -340,23 +340,23 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = true)
if ($db == '*') {
$sql_query =
"SELECT * FROM `mysql`.`user`"
- ." WHERE `User` = '" . PMA_sqlAddslashes($username) . "'"
- ." AND `Host` = '" . PMA_sqlAddslashes($hostname) . "';";
+ ." WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'"
+ ." AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "';";
} elseif ($table == '*') {
$sql_query =
"SELECT * FROM `mysql`.`db`"
- ." WHERE `User` = '" . PMA_sqlAddslashes($username) . "'"
- ." AND `Host` = '" . PMA_sqlAddslashes($hostname) . "'"
+ ." WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'"
+ ." AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "'"
." AND '" . PMA_unescape_mysql_wildcards($db) . "'"
." LIKE `Db`;";
} else {
$sql_query =
"SELECT `Table_priv`"
." FROM `mysql`.`tables_priv`"
- ." WHERE `User` = '" . PMA_sqlAddslashes($username) . "'"
- ." AND `Host` = '" . PMA_sqlAddslashes($hostname) . "'"
+ ." WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'"
+ ." AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "'"
." AND `Db` = '" . PMA_unescape_mysql_wildcards($db) . "'"
- ." AND `Table_name` = '" . PMA_sqlAddslashes($table) . "';";
+ ." AND `Table_name` = '" . PMA_sqlAddSlashes($table) . "';";
}
$row = PMA_DBI_fetch_single_row($sql_query);
}
@@ -420,13 +420,13 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = true)
'SELECT `Column_name`, `Column_priv`'
.' FROM `mysql`.`columns_priv`'
.' WHERE `User`'
- .' = \'' . PMA_sqlAddslashes($username) . "'"
+ .' = \'' . PMA_sqlAddSlashes($username) . "'"
.' AND `Host`'
- .' = \'' . PMA_sqlAddslashes($hostname) . "'"
+ .' = \'' . PMA_sqlAddSlashes($hostname) . "'"
.' AND `Db`'
- .' = \'' . PMA_sqlAddslashes(PMA_unescape_mysql_wildcards($db)) . "'"
+ .' = \'' . PMA_sqlAddSlashes(PMA_unescape_mysql_wildcards($db)) . "'"
.' AND `Table_name`'
- .' = \'' . PMA_sqlAddslashes($table) . '\';');
+ .' = \'' . PMA_sqlAddSlashes($table) . '\';');
while ($row1 = PMA_DBI_fetch_row($res)) {
$row1[1] = explode(',', $row1[1]);
@@ -809,9 +809,9 @@ function PMA_displayLoginInformationFields($mode = 'new')
if (isset($_REQUEST['change_copy'])) {
$user_host_condition =
' WHERE `User`'
- .' = \'' . PMA_sqlAddslashes($old_username) . "'"
+ .' = \'' . PMA_sqlAddSlashes($old_username) . "'"
.' AND `Host`'
- .' = \'' . PMA_sqlAddslashes($old_hostname) . '\';';
+ .' = \'' . PMA_sqlAddSlashes($old_hostname) . '\';';
$row = PMA_DBI_fetch_single_row('SELECT * FROM `mysql`.`user` ' . $user_host_condition);
if (! $row) {
PMA_Message::notice(__('No user found.'))->display();
@@ -855,8 +855,8 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
break;
}
$sql = "SELECT '1' FROM `mysql`.`user`"
- . " WHERE `User` = '" . PMA_sqlAddslashes($username) . "'"
- . " AND `Host` = '" . PMA_sqlAddslashes($hostname) . "';";
+ . " WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'"
+ . " AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "';";
if (PMA_DBI_fetch_value($sql) == 1) {
$message = PMA_Message::error(__('The user %s already exists!'));
$message->addParam('[i]\'' . $username . '\'@\'' . $hostname . '\'[/i]');
@@ -864,17 +864,17 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
$_add_user_error = true;
} else {
- $create_user_real = 'CREATE USER \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\'';
+ $create_user_real = 'CREATE USER \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\'';
$real_sql_query =
'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO \''
- . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\'';
+ . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\'';
if ($pred_password != 'none' && $pred_password != 'keep') {
$sql_query = $real_sql_query . ' IDENTIFIED BY \'***\'';
- $real_sql_query .= ' IDENTIFIED BY \'' . PMA_sqlAddslashes($pma_pw) . '\'';
+ $real_sql_query .= ' IDENTIFIED BY \'' . PMA_sqlAddSlashes($pma_pw) . '\'';
if (isset($create_user_real)) {
$create_user_show = $create_user_real . ' IDENTIFIED BY \'***\'';
- $create_user_real .= ' IDENTIFIED BY \'' . PMA_sqlAddslashes($pma_pw) . '\'';
+ $create_user_real .= ' IDENTIFIED BY \'' . PMA_sqlAddSlashes($pma_pw) . '\'';
}
} else {
if ($pred_password == 'keep' && !empty($password)) {
@@ -949,7 +949,7 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
case '1' :
// Create database with same name and grant all privileges
$q = 'CREATE DATABASE IF NOT EXISTS '
- . PMA_backquote(PMA_sqlAddslashes($username)) . ';';
+ . PMA_backquote(PMA_sqlAddSlashes($username)) . ';';
$sql_query .= $q;
if (! PMA_DBI_try_query($q)) {
$message = PMA_Message::rawError(PMA_DBI_getError());
@@ -968,8 +968,8 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
}
$q = 'GRANT ALL PRIVILEGES ON '
- . PMA_backquote(PMA_sqlAddslashes($username)) . '.* TO \''
- . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . PMA_backquote(PMA_sqlAddSlashes($username)) . '.* TO \''
+ . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
$sql_query .= $q;
if (! PMA_DBI_try_query($q)) {
$message = PMA_Message::rawError(PMA_DBI_getError());
@@ -978,8 +978,8 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
case '2' :
// Grant all privileges on wildcard name (username\_%)
$q = 'GRANT ALL PRIVILEGES ON '
- . PMA_backquote(PMA_sqlAddslashes($username) . '\_%') . '.* TO \''
- . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . PMA_backquote(PMA_sqlAddSlashes($username) . '\_%') . '.* TO \''
+ . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
$sql_query .= $q;
if (! PMA_DBI_try_query($q)) {
$message = PMA_Message::rawError(PMA_DBI_getError());
@@ -988,8 +988,8 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
case '3' :
// Grant all privileges on the specified database to the new user
$q = 'GRANT ALL PRIVILEGES ON '
- . PMA_backquote(PMA_sqlAddslashes($dbname)) . '.* TO \''
- . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . PMA_backquote(PMA_sqlAddSlashes($dbname)) . '.* TO \''
+ . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
$sql_query .= $q;
if (! PMA_DBI_try_query($q)) {
$message = PMA_Message::rawError(PMA_DBI_getError());
@@ -1024,15 +1024,15 @@ if (isset($_REQUEST['adduser_submit']) || isset($_REQUEST['change_copy'])) {
if (isset($_REQUEST['change_copy'])) {
$user_host_condition =
' WHERE `User`'
- .' = \'' . PMA_sqlAddslashes($old_username) . "'"
+ .' = \'' . PMA_sqlAddSlashes($old_username) . "'"
.' AND `Host`'
- .' = \'' . PMA_sqlAddslashes($old_hostname) . '\';';
+ .' = \'' . PMA_sqlAddSlashes($old_hostname) . '\';';
$res = PMA_DBI_query('SELECT * FROM `mysql`.`db`' . $user_host_condition);
while ($row = PMA_DBI_fetch_assoc($res)) {
$queries[] =
'GRANT ' . join(', ', PMA_extractPrivInfo($row))
.' ON ' . PMA_backquote($row['Db']) . '.*'
- .' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\''
+ .' TO \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\''
. ($row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION;' : ';');
}
PMA_DBI_free_result($res);
@@ -1046,13 +1046,13 @@ if (isset($_REQUEST['change_copy'])) {
'SELECT `Column_name`, `Column_priv`'
.' FROM `mysql`.`columns_priv`'
.' WHERE `User`'
- .' = \'' . PMA_sqlAddslashes($old_username) . "'"
+ .' = \'' . PMA_sqlAddSlashes($old_username) . "'"
.' AND `Host`'
- .' = \'' . PMA_sqlAddslashes($old_hostname) . '\''
+ .' = \'' . PMA_sqlAddSlashes($old_hostname) . '\''
.' AND `Db`'
- .' = \'' . PMA_sqlAddslashes($row['Db']) . "'"
+ .' = \'' . PMA_sqlAddSlashes($row['Db']) . "'"
.' AND `Table_name`'
- .' = \'' . PMA_sqlAddslashes($row['Table_name']) . "'"
+ .' = \'' . PMA_sqlAddSlashes($row['Table_name']) . "'"
.';',
null, PMA_DBI_QUERY_STORE);
@@ -1096,7 +1096,7 @@ if (isset($_REQUEST['change_copy'])) {
$queries[] =
'GRANT ' . join(', ', $tmp_privs1)
. ' ON ' . PMA_backquote($row['Db']) . '.' . PMA_backquote($row['Table_name'])
- . ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\''
+ . ' TO \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\''
. (in_array('Grant', explode(',', $row['Table_priv'])) ? ' WITH GRANT OPTION;' : ';');
}
}
@@ -1110,11 +1110,11 @@ if (!empty($update_privs)) {
$sql_query0 =
'REVOKE ALL PRIVILEGES ON ' . $db_and_table
- . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . ' FROM \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
if (! isset($Grant_priv) || $Grant_priv != 'Y') {
$sql_query1 =
'REVOKE GRANT OPTION ON ' . $db_and_table
- . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . ' FROM \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
} else {
$sql_query1 = '';
}
@@ -1125,7 +1125,7 @@ if (!empty($update_privs)) {
$sql_query2 =
'GRANT ' . join(', ', PMA_extractPrivInfo())
. ' ON ' . $db_and_table
- . ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\'';
+ . ' TO \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\'';
/**
* @todo similar code appears twice in this script
@@ -1186,10 +1186,10 @@ if (isset($_REQUEST['revokeall'])) {
$sql_query0 =
'REVOKE ALL PRIVILEGES ON ' . $db_and_table
- . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . ' FROM \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
$sql_query1 =
'REVOKE GRANT OPTION ON ' . $db_and_table
- . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\';';
+ . ' FROM \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\';';
PMA_DBI_query($sql_query0);
if (! PMA_DBI_try_query($sql_query1)) {
@@ -1229,8 +1229,8 @@ if (isset($_REQUEST['change_pw'])) {
. 'PASSWORD';
// in $sql_query which will be displayed, hide the password
- $sql_query = 'SET PASSWORD FOR \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . preg_replace('@. at s', '*', $pma_pw) . '\')');
- $local_query = 'SET PASSWORD FOR \'' . PMA_sqlAddslashes($username) . '\'@\'' . PMA_sqlAddslashes($hostname) . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddslashes($pma_pw) . '\')');
+ $sql_query = 'SET PASSWORD FOR \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . preg_replace('@. at s', '*', $pma_pw) . '\')');
+ $local_query = 'SET PASSWORD FOR \'' . PMA_sqlAddSlashes($username) . '\'@\'' . PMA_sqlAddSlashes($hostname) . '\' = ' . (($pma_pw == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddSlashes($pma_pw) . '\')');
PMA_DBI_try_query($local_query)
or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, false, $err_url);
$message = PMA_Message::success(__('The password for %s was changed successfully.'));
@@ -1254,7 +1254,7 @@ if (isset($_REQUEST['delete']) || (isset($_REQUEST['change_copy']) && $_REQUEST[
foreach ($selected_usr as $each_user) {
list($this_user, $this_host) = explode('', $each_user);
$queries[] = '# ' . sprintf(__('Deleting %s'), '\'' . $this_user . '\'@\'' . $this_host . '\'') . ' ...';
- $queries[] = 'DROP USER \'' . PMA_sqlAddslashes($this_user) . '\'@\'' . PMA_sqlAddslashes($this_host) . '\';';
+ $queries[] = 'DROP USER \'' . PMA_sqlAddSlashes($this_user) . '\'@\'' . PMA_sqlAddSlashes($this_host) . '\';';
if (isset($_REQUEST['drop_users_db'])) {
$queries[] = 'DROP DATABASE IF EXISTS ' . PMA_backquote($this_user) . ';';
@@ -1451,7 +1451,7 @@ if (isset($viewing_mode) && $viewing_mode == 'db') {
if (isset($_REQUEST['export'])) {
echo '<h2>' . __('User') . ' \'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'</h2>';
echo '<textarea cols="' . $GLOBALS['cfg']['TextareaCols'] . '" rows="' . $GLOBALS['cfg']['TextareaRows'] . '">';
- $grants = PMA_DBI_fetch_result("SHOW GRANTS FOR '" . PMA_sqlAddslashes($username) . "'@'" . PMA_sqlAddslashes($hostname) . "'");
+ $grants = PMA_DBI_fetch_result("SHOW GRANTS FOR '" . PMA_sqlAddSlashes($username) . "'@'" . PMA_sqlAddSlashes($hostname) . "'");
foreach($grants as $one_grant) {
echo $one_grant . ";\n\n";
}
@@ -1756,8 +1756,8 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
$sql = "SELECT '1' FROM `mysql`.`user`"
- . " WHERE `User` = '" . PMA_sqlAddslashes($username) . "'"
- . " AND `Host` = '" . PMA_sqlAddslashes($hostname) . "';";
+ . " WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'"
+ . " AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "';";
$user_does_not_exists = (bool) ! PMA_DBI_fetch_value($sql);
unset($sql);
if ($user_does_not_exists) {
@@ -1809,9 +1809,9 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
$user_host_condition =
' WHERE `User`'
- . ' = \'' . PMA_sqlAddslashes($username) . "'"
+ . ' = \'' . PMA_sqlAddSlashes($username) . "'"
. ' AND `Host`'
- . ' = \'' . PMA_sqlAddslashes($hostname) . "'";
+ . ' = \'' . PMA_sqlAddSlashes($hostname) . "'";
// table body
// get data
@@ -1888,7 +1888,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
$user_host_condition .=
' AND `Db`'
- .' LIKE \'' . PMA_sqlAddslashes($dbname) . "'";
+ .' LIKE \'' . PMA_sqlAddSlashes($dbname, true) . "'";
$tables_to_search_for_users = array(
'columns_priv',
@@ -2209,7 +2209,7 @@ if (empty($_REQUEST['adduser']) && (! isset($checkprivs) || ! strlen($checkprivs
$sql_query =
'(SELECT ' . $list_of_privileges . ', `Db`'
.' FROM `mysql`.`db`'
- .' WHERE \'' . PMA_sqlAddslashes($checkprivs) . "'"
+ .' WHERE \'' . PMA_sqlAddSlashes($checkprivs) . "'"
.' LIKE `Db`'
.' AND NOT (' . $list_of_compared_privileges. ')) '
.'UNION '
diff --git a/server_replication.php b/server_replication.php
index 511af06..5576914 100644
--- a/server_replication.php
+++ b/server_replication.php
@@ -40,10 +40,10 @@ if (! $is_superuser) {
if (isset($GLOBALS['sr_take_action'])) {
$refresh = false;
if (isset($GLOBALS['slave_changemaster'])) {
- $_SESSION['replication']['m_username'] = $sr['username'] = PMA_sqlAddslashes($GLOBALS['username']);
- $_SESSION['replication']['m_password'] = $sr['pma_pw'] = PMA_sqlAddslashes($GLOBALS['pma_pw']);
- $_SESSION['replication']['m_hostname'] = $sr['hostname'] = PMA_sqlAddslashes($GLOBALS['hostname']);
- $_SESSION['replication']['m_port'] = $sr['port'] = PMA_sqlAddslashes($GLOBALS['port']);
+ $_SESSION['replication']['m_username'] = $sr['username'] = PMA_sqlAddSlashes($GLOBALS['username']);
+ $_SESSION['replication']['m_password'] = $sr['pma_pw'] = PMA_sqlAddSlashes($GLOBALS['pma_pw']);
+ $_SESSION['replication']['m_hostname'] = $sr['hostname'] = PMA_sqlAddSlashes($GLOBALS['hostname']);
+ $_SESSION['replication']['m_port'] = $sr['port'] = PMA_sqlAddSlashes($GLOBALS['port']);
$_SESSION['replication']['m_correct'] = '';
$_SESSION['replication']['sr_action_status'] = 'error';
$_SESSION['replication']['sr_action_info'] = __('Unknown error');
diff --git a/sql.php b/sql.php
index 7da775a..10985b6 100644
--- a/sql.php
+++ b/sql.php
@@ -175,7 +175,7 @@ if(isset($_REQUEST['set_col_order']) && $_REQUEST['set_col_order'] == true) {
// (needed for browsing from DefaultTabTable)
if (empty($sql_query) && strlen($table) && strlen($db)) {
require_once './libraries/bookmark.lib.php';
- $book_sql_query = PMA_Bookmark_get($db, '\'' . PMA_sqlAddslashes($table) . '\'',
+ $book_sql_query = PMA_Bookmark_get($db, '\'' . PMA_sqlAddSlashes($table) . '\'',
'label', false, true);
if (! empty($book_sql_query)) {
diff --git a/tbl_alter.php b/tbl_alter.php
index 743e925..316c48e 100644
--- a/tbl_alter.php
+++ b/tbl_alter.php
@@ -170,7 +170,7 @@ if ($abort == false) {
* @todo optimize in case of multiple fields to modify
*/
for ($i = 0; $i < $selected_cnt; $i++) {
- $_REQUEST['field'] = PMA_sqlAddslashes($selected[$i], true);
+ $_REQUEST['field'] = PMA_sqlAddSlashes($selected[$i], true);
$result = PMA_DRIZZLE
? PMA_DBI_query('SHOW COLUMNS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db) . ' WHERE Field = \'' . $_REQUEST['field'] . '\';')
: PMA_DBI_query('SHOW FULL COLUMNS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db) . ' LIKE \'' . $_REQUEST['field'] . '\';');
diff --git a/tbl_create.php b/tbl_create.php
index b141fc1..e3e743b 100644
--- a/tbl_create.php
+++ b/tbl_create.php
@@ -184,10 +184,10 @@ if (isset($_REQUEST['do_save_data'])) {
$sql_query .= PMA_generateCharsetQueryPart($_REQUEST['tbl_collation']);
}
if (!empty($_REQUEST['comment'])) {
- $sql_query .= ' COMMENT = \'' . PMA_sqlAddslashes($_REQUEST['comment']) . '\'';
+ $sql_query .= ' COMMENT = \'' . PMA_sqlAddSlashes($_REQUEST['comment']) . '\'';
}
if (!empty($_REQUEST['partition_definition'])) {
- $sql_query .= ' ' . PMA_sqlAddslashes($_REQUEST['partition_definition']);
+ $sql_query .= ' ' . PMA_sqlAddSlashes($_REQUEST['partition_definition']);
}
$sql_query .= ';';
@@ -231,7 +231,7 @@ if (isset($_REQUEST['do_save_data'])) {
$is_show_stats = $cfg['ShowStats'];
$tbl_stats_result = PMA_DBI_query('SHOW TABLE STATUS FROM '
- . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddSlashes($table) . '\';');
+ . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddSlashes($table, true) . '\';');
$tbl_stats = PMA_DBI_fetch_assoc($tbl_stats_result);
PMA_DBI_free_result($tbl_stats_result);
unset($tbl_stats_result);
diff --git a/tbl_operations.php b/tbl_operations.php
index 8b49259..2205a4f 100644
--- a/tbl_operations.php
+++ b/tbl_operations.php
@@ -102,7 +102,7 @@ if (isset($_REQUEST['submitoptions'])) {
}
if (isset($_REQUEST['comment'])
&& urldecode($_REQUEST['prev_comment']) !== $_REQUEST['comment']) {
- $table_alters[] = 'COMMENT = \'' . PMA_sqlAddslashes($_REQUEST['comment']) . '\'';
+ $table_alters[] = 'COMMENT = \'' . PMA_sqlAddSlashes($_REQUEST['comment']) . '\'';
}
if (! empty($_REQUEST['new_tbl_type'])
&& strtolower($_REQUEST['new_tbl_type']) !== strtolower($tbl_type)) {
@@ -156,13 +156,13 @@ if (isset($_REQUEST['submitoptions'])) {
if (($is_myisam_or_aria || $is_innodb || $is_pbxt)
&& ! empty($_REQUEST['new_auto_increment'])
&& (! isset($auto_increment) || $_REQUEST['new_auto_increment'] !== $auto_increment)) {
- $table_alters[] = 'auto_increment = ' . PMA_sqlAddslashes($_REQUEST['new_auto_increment']);
+ $table_alters[] = 'auto_increment = ' . PMA_sqlAddSlashes($_REQUEST['new_auto_increment']);
}
if (($is_myisam_or_aria || $is_innodb || $is_pbxt)
&& ! empty($_REQUEST['new_row_format'])
&& (! isset($row_format) || strtolower($_REQUEST['new_row_format']) !== strtolower($row_format))) {
- $table_alters[] = 'ROW_FORMAT = ' . PMA_sqlAddslashes($_REQUEST['new_row_format']);
+ $table_alters[] = 'ROW_FORMAT = ' . PMA_sqlAddSlashes($_REQUEST['new_row_format']);
}
if (count($table_alters) > 0) {
diff --git a/tbl_relation.php b/tbl_relation.php
index 6d82cc3..e3f4338 100644
--- a/tbl_relation.php
+++ b/tbl_relation.php
@@ -143,26 +143,26 @@ if (isset($destination) && $cfgRelation['relwork']) {
$upd_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['relation'])
. '(master_db, master_table, master_field, foreign_db, foreign_table, foreign_field)'
. ' values('
- . '\'' . PMA_sqlAddslashes($db) . '\', '
- . '\'' . PMA_sqlAddslashes($table) . '\', '
- . '\'' . PMA_sqlAddslashes($master_field) . '\', '
- . '\'' . PMA_sqlAddslashes($foreign_db) . '\', '
- . '\'' . PMA_sqlAddslashes($foreign_table) . '\','
- . '\'' . PMA_sqlAddslashes($foreign_field) . '\')';
+ . '\'' . PMA_sqlAddSlashes($db) . '\', '
+ . '\'' . PMA_sqlAddSlashes($table) . '\', '
+ . '\'' . PMA_sqlAddSlashes($master_field) . '\', '
+ . '\'' . PMA_sqlAddSlashes($foreign_db) . '\', '
+ . '\'' . PMA_sqlAddSlashes($foreign_table) . '\','
+ . '\'' . PMA_sqlAddSlashes($foreign_field) . '\')';
} elseif ($existrel[$master_field]['foreign_db'] . '.' .$existrel[$master_field]['foreign_table'] . '.' . $existrel[$master_field]['foreign_field'] != $foreign_string) {
$upd_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['relation']) . ' SET'
- . ' foreign_db = \'' . PMA_sqlAddslashes($foreign_db) . '\', '
- . ' foreign_table = \'' . PMA_sqlAddslashes($foreign_table) . '\', '
- . ' foreign_field = \'' . PMA_sqlAddslashes($foreign_field) . '\' '
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND master_field = \'' . PMA_sqlAddslashes($master_field) . '\'';
+ . ' foreign_db = \'' . PMA_sqlAddSlashes($foreign_db) . '\', '
+ . ' foreign_table = \'' . PMA_sqlAddSlashes($foreign_table) . '\', '
+ . ' foreign_field = \'' . PMA_sqlAddSlashes($foreign_field) . '\' '
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND master_field = \'' . PMA_sqlAddSlashes($master_field) . '\'';
} // end if... else....
} elseif (isset($existrel[$master_field])) {
$upd_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['relation'])
- . ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND master_table = \'' . PMA_sqlAddslashes($table) . '\''
- . ' AND master_field = \'' . PMA_sqlAddslashes($master_field) . '\'';
+ . ' WHERE master_db = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND master_table = \'' . PMA_sqlAddSlashes($table) . '\''
+ . ' AND master_field = \'' . PMA_sqlAddSlashes($master_field) . '\'';
} // end if... else....
if ($upd_query) {
PMA_query_as_controluser($upd_query);
@@ -299,21 +299,21 @@ if ($cfgRelation['displaywork'] && isset($display_field)) {
if ($disp) {
if ($display_field != '') {
$upd_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' SET display_field = \'' . PMA_sqlAddslashes($display_field) . '\''
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' SET display_field = \'' . PMA_sqlAddSlashes($display_field) . '\''
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
} else {
$upd_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
- . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
- . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
+ . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''
+ . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\'';
}
} elseif ($display_field != '') {
$upd_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
. '(db_name, table_name, display_field) '
. ' VALUES('
- . '\'' . PMA_sqlAddslashes($db) . '\','
- . '\'' . PMA_sqlAddslashes($table) . '\','
- . '\'' . PMA_sqlAddslashes($display_field) . '\')';
+ . '\'' . PMA_sqlAddSlashes($db) . '\','
+ . '\'' . PMA_sqlAddSlashes($table) . '\','
+ . '\'' . PMA_sqlAddSlashes($display_field) . '\')';
}
if ($upd_query) {
diff --git a/tbl_replace.php b/tbl_replace.php
index 2876b50..b0c71e6 100644
--- a/tbl_replace.php
+++ b/tbl_replace.php
@@ -218,7 +218,7 @@ foreach ($loop_array as $rownumber => $where_clause) {
// if the most recent BLOB reference exists, set it as a field value
if (!is_null($bs_reference)) {
- $val = "'" . PMA_sqlAddslashes($bs_reference) . "'";
+ $val = "'" . PMA_sqlAddSlashes($bs_reference) . "'";
}
}
}
@@ -256,7 +256,7 @@ foreach ($loop_array as $rownumber => $where_clause) {
$query_values[] = PMA_backquote($me_fields_name[$key]) . ' = ' . $cur_value;
} elseif (empty($me_funcs[$key])
&& isset($me_fields_prev[$key])
- && ("'" . PMA_sqlAddslashes($me_fields_prev[$key]) . "'" == $val)) {
+ && ("'" . PMA_sqlAddSlashes($me_fields_prev[$key]) . "'" == $val)) {
// No change for this column and no MySQL function is used -> next column
continue;
} elseif (! empty($val)) {
diff --git a/tbl_select.php b/tbl_select.php
index 875182d..33b7e48 100644
--- a/tbl_select.php
+++ b/tbl_select.php
@@ -355,9 +355,9 @@ else {
$parens_open = '';
$parens_close = '';
}
- $enum_where = '\'' . PMA_sqlAddslashes($fields[$i][0]) . '\'';
+ $enum_where = '\'' . PMA_sqlAddSlashes($fields[$i][0]) . '\'';
for ($e = 1; $e < $enum_selected_count; $e++) {
- $enum_where .= ', \'' . PMA_sqlAddslashes($fields[$i][$e]) . '\'';
+ $enum_where .= ', \'' . PMA_sqlAddSlashes($fields[$i][$e]) . '\'';
}
$w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' ' . $parens_open . $enum_where . $parens_close;
@@ -389,7 +389,7 @@ else {
// quote values one by one
$values = explode(',', $fields[$i]);
foreach ($values as &$value)
- $value = $quot . PMA_sqlAddslashes(trim($value)) . $quot;
+ $value = $quot . PMA_sqlAddSlashes(trim($value)) . $quot;
if ($func_type == 'BETWEEN' || $func_type == 'NOT BETWEEN')
$w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' ' . (isset($values[0]) ? $values[0] : '') . ' AND ' . (isset($values[1]) ? $values[1] : '');
@@ -397,7 +397,7 @@ else {
$w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' (' . implode(',', $values) . ')';
}
else {
- $w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' ' . $quot . PMA_sqlAddslashes($fields[$i]) . $quot;;
+ $w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' ' . $quot . PMA_sqlAddSlashes($fields[$i]) . $quot;;
}
} // end if
diff --git a/tbl_tracking.php b/tbl_tracking.php
index a708f0a..b612885 100644
--- a/tbl_tracking.php
+++ b/tbl_tracking.php
@@ -584,7 +584,7 @@ if (isset($_REQUEST['report']) || isset($_REQUEST['report_export'])) {
$sql_query = " SELECT DISTINCT db_name, table_name FROM " .
PMA_backquote($GLOBALS['cfg']['Server']['pmadb']) . "." .
PMA_backquote($GLOBALS['cfg']['Server']['tracking']) .
- " WHERE " . PMA_backquote('db_name') . " = '" . PMA_sqlAddslashes($GLOBALS['db']) . "' " .
+ " WHERE " . PMA_backquote('db_name') . " = '" . PMA_sqlAddSlashes($GLOBALS['db']) . "' " .
" ORDER BY ". PMA_backquote('db_name') . ", " . PMA_backquote('table_name');
$sql_result = PMA_query_as_controluser($sql_query);
@@ -624,8 +624,8 @@ if (PMA_DBI_num_rows($sql_result) > 0) {
$sql_query = " SELECT * FROM " .
PMA_backquote($GLOBALS['cfg']['Server']['pmadb']) . "." .
PMA_backquote($GLOBALS['cfg']['Server']['tracking']) .
- " WHERE " . PMA_backquote('db_name') . " = '" . PMA_sqlAddslashes($_REQUEST['db']) . "' ".
- " AND " . PMA_backquote('table_name') . " = '" . PMA_sqlAddslashes($_REQUEST['table']) ."' ".
+ " WHERE " . PMA_backquote('db_name') . " = '" . PMA_sqlAddSlashes($_REQUEST['db']) . "' ".
+ " AND " . PMA_backquote('table_name') . " = '" . PMA_sqlAddSlashes($_REQUEST['table']) ."' ".
" ORDER BY ". PMA_backquote('version') . " DESC ";
$sql_result = PMA_query_as_controluser($sql_query);
diff --git a/test/PMA_quoting_slashing_test.php b/test/PMA_quoting_slashing_test.php
index f801025..c918390 100644
--- a/test/PMA_quoting_slashing_test.php
+++ b/test/PMA_quoting_slashing_test.php
@@ -31,14 +31,14 @@ class PMA_quoting_slashing_test extends PHPUnit_Framework_TestCase
public function testAddSlashes() {
$string = "\'test''\''\'\r\t\n";
- $this->assertEquals("\\\\\\\\\'test\'\'\\\\\\\\\'\'\\\\\\\\\'\\r\\t\\n", PMA_sqlAddslashes($string, true, true, true));
- $this->assertEquals("\\\\\\\\''test''''\\\\\\\\''''\\\\\\\\''\\r\\t\\n", PMA_sqlAddslashes($string, true, true, false));
- $this->assertEquals("\\\\\\\\\'test\'\'\\\\\\\\\'\'\\\\\\\\\'\r\t\n", PMA_sqlAddslashes($string, true, false, true));
- $this->assertEquals("\\\\\\\\''test''''\\\\\\\\''''\\\\\\\\''\r\t\n", PMA_sqlAddslashes($string, true, false, false));
- $this->assertEquals("\\\\\'test\'\'\\\\\'\'\\\\\'\\r\\t\\n", PMA_sqlAddslashes($string, false, true, true));
- $this->assertEquals("\\\\''test''''\\\\''''\\\\''\\r\\t\\n", PMA_sqlAddslashes($string, false, true, false));
- $this->assertEquals("\\\\\'test\'\'\\\\\'\'\\\\\'\r\t\n", PMA_sqlAddslashes($string, false, false, true));
- $this->assertEquals("\\\\''test''''\\\\''''\\\\''\r\t\n", PMA_sqlAddslashes($string, false, false, false));
+ $this->assertEquals("\\\\\\\\\'test\'\'\\\\\\\\\'\'\\\\\\\\\'\\r\\t\\n", PMA_sqlAddSlashes($string, true, true, true));
+ $this->assertEquals("\\\\\\\\''test''''\\\\\\\\''''\\\\\\\\''\\r\\t\\n", PMA_sqlAddSlashes($string, true, true, false));
+ $this->assertEquals("\\\\\\\\\'test\'\'\\\\\\\\\'\'\\\\\\\\\'\r\t\n", PMA_sqlAddSlashes($string, true, false, true));
+ $this->assertEquals("\\\\\\\\''test''''\\\\\\\\''''\\\\\\\\''\r\t\n", PMA_sqlAddSlashes($string, true, false, false));
+ $this->assertEquals("\\\\\'test\'\'\\\\\'\'\\\\\'\\r\\t\\n", PMA_sqlAddSlashes($string, false, true, true));
+ $this->assertEquals("\\\\''test''''\\\\''''\\\\''\\r\\t\\n", PMA_sqlAddSlashes($string, false, true, false));
+ $this->assertEquals("\\\\\'test\'\'\\\\\'\'\\\\\'\r\t\n", PMA_sqlAddSlashes($string, false, false, true));
+ $this->assertEquals("\\\\''test''''\\\\''''\\\\''\r\t\n", PMA_sqlAddSlashes($string, false, false, false));
}
/**
diff --git a/user_password.php b/user_password.php
index a8ff8da..a4eeffe 100644
--- a/user_password.php
+++ b/user_password.php
@@ -76,7 +76,7 @@ if (isset($_REQUEST['nopass'])) {
}
$sql_query = 'SET password = ' . (($password == '') ? '\'\'' : $hashing_function . '(\'***\')');
- $local_query = 'SET password = ' . (($password == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddslashes($password) . '\')');
+ $local_query = 'SET password = ' . (($password == '') ? '\'\'' : $hashing_function . '(\'' . PMA_sqlAddSlashes($password) . '\')');
$result = @PMA_DBI_try_query($local_query)
or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, false, $err_url);
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list