From 5003ad5075d1afbae16deefeb2234e5d8d3df943 Mon Sep 17 00:00:00 2001 From: jakubvrana Date: Fri, 13 Jul 2007 07:09:58 +0000 Subject: [PATCH] Escape LIKE git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@157 7c3ca157-0c34-0410-bff1-cbf682f78f5c --- create.inc.php | 2 +- functions.inc.php | 5 +++++ table.inc.php | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/create.inc.php b/create.inc.php index 31ddda7f..67d9f54f 100644 --- a/create.inc.php +++ b/create.inc.php @@ -73,7 +73,7 @@ if ($_POST) { $row["fields"][$row["auto_increment"] - 1]["auto_increment"] = true; } } elseif (strlen($_GET["create"])) { - $result = $mysql->query("SHOW TABLE STATUS LIKE '" . $mysql->escape_string($_GET["create"]) . "'"); + $result = table_status($_GET["create"]); $row = $result->fetch_assoc(); $row["name"] = $_GET["create"]; $row["fields"] = array_values(fields($_GET["create"])); diff --git a/functions.inc.php b/functions.inc.php index ed9e3b88..fb13011a 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -40,6 +40,11 @@ function get_vals($query) { return $return; } +function table_status($table) { + global $mysql; + return $mysql->query("SHOW TABLE STATUS LIKE '" . $mysql->escape_string(addcslashes($table, "%_")) . "'"); +} + function fields($table) { global $mysql; $return = array(); diff --git a/table.inc.php b/table.inc.php index ba116467..25380260 100644 --- a/table.inc.php +++ b/table.inc.php @@ -51,7 +51,7 @@ if (!$result) { } if ($mysql->server_info >= 5) { - $result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string($_GET["table"]) . "'"); + $result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string(addcslashes($_GET["table"], "%_")) . "'"); if ($result->num_rows) { echo "

" . lang('Triggers') . "

\n"; echo "\n";