beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Don't quote collation (MS SQL 2005)

Browse source
This commit is contained in:
Jakub Vrana 2010-10-16 15:31:25 +02:00
parent 14ca6f0931
commit 5875f6db0c
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
adminer/database.inc.php
View file

@ -28,7 +28,7 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c
if (!$_POST["collation"]) {
redirect(substr(ME, 0, -1));
}
query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE " . q($_POST["collation"]), substr(ME, 0, -1), lang('Database has been altered.'));
query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE $_POST[collation]", substr(ME, 0, -1), lang('Database has been altered.')); //! SQL injection - quotes are not allowed in MS SQL 2005
}
}

4
adminer/drivers/mssql.inc.php
View file

@ -383,7 +383,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
}
function create_database($db, $collation) {
return queries("CREATE DATABASE " . idf_escape($db) . ($collation ? " COLLATE " . idf_escape($collation) : ""));
return queries("CREATE DATABASE " . idf_escape($db) . ($collation ? " COLLATE $collation" : ""));
}
function drop_databases($databases) {
@ -392,7 +392,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
function rename_database($name, $collation) {
if ($collation) {
queries("ALTER DATABASE " . idf_escape(DB) . " COLLATE " . idf_escape($collation));
queries("ALTER DATABASE " . idf_escape(DB) . " COLLATE $collation");
}
queries("ALTER DATABASE " . idf_escape(DB) . " MODIFY NAME = " . idf_escape($name));
return true; //! false negative "The database name 'test2' has been set."