diff --git a/create.inc.php b/create.inc.php
index 625dba5a..de1fdec0 100644
--- a/create.inc.php
+++ b/create.inc.php
@@ -123,7 +123,7 @@ for (var i=1; >= i; i++) {
document.getElementById('form')['fields[' + i + '][type]'].onchange();
}
-document.write(' checked="checked" onclick="column_comments_click(this.checked);" />');
+document.write('');
function column_comments_click(checked) {
for (var i=0; >= i; i++) {
document.getElementById('comment-' + i).style.display = (checked ? '' : 'none');
diff --git a/functions.inc.php b/functions.inc.php
index 0520fc24..e43df2ab 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -251,19 +251,19 @@ function input($name, $field, $value) {
}
preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches);
foreach ($matches[1] as $i => $val) {
- $val = str_replace("''", "'", $val);
+ $val = stripcslashes(str_replace("''", "'", $val));
$id = "field-$name-" . ($i+1);
$checked = (is_int($value) ? $value == $i+1 : $value === $val); //! '' collide with NULL in $_GET["default"]
- echo ' ';
+ echo ' ';
}
if ($field["null"]) {
$id = "field-$name-";
- echo ' ';
+ echo ' ';
}
} elseif ($field["type"] == "set") { //! 64 bits
preg_match_all("~'((?:[^']*|'')+)'~", $field["length"], $matches);
foreach ($matches[1] as $i => $val) {
- $val = str_replace("''", "'", $val);
+ $val = stripcslashes(str_replace("''", "'", $val));
$id = "field-$name-" . ($i+1);
$checked = (is_int($value) ? ($value >> $i) & 1 : in_array($val, explode(",", $value), true));
echo ' ';
@@ -277,7 +277,7 @@ function input($name, $field, $value) {
}
if ($field["null"] && preg_match('~char|text|set|binary|blob~', $field["type"])) {
$id = "null-$name";
- echo '';
+ echo '';
}
}
diff --git a/select.inc.php b/select.inc.php
index b3a2acfb..1b0d7425 100644
--- a/select.inc.php
+++ b/select.inc.php
@@ -34,7 +34,7 @@ if (!$columns) {
}
echo "(" . implode(", ", $index["columns"]) . ") AGAINST";
echo ' ';
- echo "";
+ echo "";
echo "
\n";
}
}
@@ -73,12 +73,12 @@ for (var i=0; > i; i++) {
if (in_array($val, $columns, true)) {
$order[] = idf_escape($val) . (isset($_GET["desc"][$key]) ? " DESC" : "");
echo "