beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Escape identifier

Browse source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@748 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana 2009-06-22 05:19:26 +00:00
parent 36a3656089
commit 7b57b5d4b8
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
adminer/create.inc.php
View file

@ -52,10 +52,10 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"]
if ($_POST["partition_by"] == 'RANGE' || $_POST["partition_by"] == 'LIST') {
foreach (array_filter($_POST["partition_names"]) as $key => $val) {
$value = $_POST["partition_values"][$key];
$partitions[] = "\nPARTITION $val VALUES " . ($_POST["partition_by"] == 'RANGE' ? "LESS THAN" : "IN") . (strlen($value) ? " ($value)" : " MAXVALUE"); //! SQL injection
$partitions[] = "\nPARTITION " . idf_escape($val) . " VALUES " . ($_POST["partition_by"] == 'RANGE' ? "LESS THAN" : "IN") . (strlen($value) ? " ($value)" : " MAXVALUE"); //! SQL injection
}
}
$status .= "\nPARTITION BY $_POST[partition_by]($_POST[partition])" . ($partitions ? " (" . implode(",", $partitions) . "\n)" : ($_POST["partitions"] ? " PARTITIONS " . intval($_POST["partitions"]) : ""));
$status .= "\nPARTITION BY $_POST[partition_by]($_POST[partition])" . ($partitions ? " (" . implode(",", $partitions) . "\n)" : ($_POST["partitions"] ? " PARTITIONS " . intval($_POST["partitions"]) : "")); // $_POST["partition"] can be expression, not only column
} elseif ($dbh->server_info >= 5.1 && strlen($_GET["create"])) {
$status .= "\nREMOVE PARTITIONING";
}