From 66ff15318ad593146e18f4bde0dd7fbfede00e9b Mon Sep 17 00:00:00 2001 From: jakubvrana Date: Mon, 26 Apr 2010 16:22:58 +0000 Subject: [PATCH] Use bracket_escape function git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1499 7c3ca157-0c34-0410-bff1-cbf682f78f5c --- adminer/include/functions.inc.php | 4 +++- adminer/select.inc.php | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php index 46482b01..f7a30a71 100644 --- a/adminer/include/functions.inc.php +++ b/adminer/include/functions.inc.php @@ -209,7 +209,9 @@ function unique_array($row, $indexes) { function where($where) { $return = array(); foreach ((array) $where["where"] as $key => $val) { - $return[] = idf_escape($key) . (ereg('\\.', $val) ? " LIKE " . exact_value(addcslashes($val, "%_")) : " = " . exact_value($val)); // LIKE because of floats, but slow with ints //! enum and set + $return[] = idf_escape(bracket_escape($key, 1)) // 1 - back + . (ereg('\\.', $val) ? " LIKE " . exact_value(addcslashes($val, "%_")) : " = " . exact_value($val)) // LIKE because of floats, but slow with ints + ; //! enum and set } foreach ((array) $where["null"] as $key) { $return[] = idf_escape($key) . " IS NULL"; diff --git a/adminer/select.inc.php b/adminer/select.inc.php index 3a890772..02f26ac9 100644 --- a/adminer/select.inc.php +++ b/adminer/select.inc.php @@ -111,8 +111,8 @@ if ($_POST && !$error) { foreach ($_POST["val"] as $unique_idf => $row) { $set = array(); foreach ($row as $key => $val) { - $key = bracket_escape($key, 1); - $set[] = idf_escape($key) . " = " . $connection->quote($adminer->editVal($val, $fields[$key])); // 1 - back + $key = bracket_escape($key, 1); // 1 - back + $set[] = idf_escape($key) . " = " . $connection->quote($adminer->editVal($val, $fields[$key])); } $result = queries("UPDATE" . limit1(idf_escape($TABLE) . " SET " . implode(", ", $set) . " WHERE " . where_check($unique_idf) . ($where ? " AND " . implode(" AND ", $where) : ""))); // can change row on a different page without unique key if (!$result) {