From 7e644b43465d7cb534ed33062eb2d11340d2344a Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Wed, 13 Oct 2010 18:04:40 +0200 Subject: [PATCH] Save bytes ($connection->quote shortcut) --- adminer/create.inc.php | 2 +- adminer/database.inc.php | 2 +- adminer/drivers/mssql.inc.php | 32 ++++++++++++------------------- adminer/drivers/mysql.inc.php | 28 ++++++++++----------------- adminer/drivers/oracle.inc.php | 17 ++++++---------- adminer/drivers/pgsql.inc.php | 27 ++++++++++---------------- adminer/drivers/sqlite.inc.php | 21 ++++++++------------ adminer/dump.inc.php | 8 ++++---- adminer/event.inc.php | 12 ++++++------ adminer/include/adminer.inc.php | 7 +++---- adminer/include/editing.inc.php | 9 ++++----- adminer/include/export.inc.php | 15 +++++++-------- adminer/include/functions.inc.php | 12 ++++++++---- adminer/select.inc.php | 2 +- adminer/user.inc.php | 8 ++++---- editor/include/adminer.inc.php | 10 ++++------ 16 files changed, 89 insertions(+), 123 deletions(-) diff --git a/adminer/create.inc.php b/adminer/create.inc.php index 29f6b4f9..f7a23ea1 100644 --- a/adminer/create.inc.php +++ b/adminer/create.inc.php @@ -117,7 +117,7 @@ if ($_POST) { $row["fields"][] = $field; } if (support("partitioning")) { - $from = "FROM information_schema.PARTITIONS WHERE TABLE_SCHEMA = " . $connection->quote(DB) . " AND TABLE_NAME = " . $connection->quote($TABLE); + $from = "FROM information_schema.PARTITIONS WHERE TABLE_SCHEMA = " . q(DB) . " AND TABLE_NAME = " . q($TABLE); $result = $connection->query("SELECT PARTITION_METHOD, PARTITION_ORDINAL_POSITION, PARTITION_EXPRESSION $from ORDER BY PARTITION_ORDINAL_POSITION LIMIT 1"); list($row["partition_by"], $row["partitions"], $row["partition"]) = $result->fetch_row(); $row["partition_names"] = array(); diff --git a/adminer/database.inc.php b/adminer/database.inc.php index b13b1b26..8f61bbd2 100644 --- a/adminer/database.inc.php +++ b/adminer/database.inc.php @@ -28,7 +28,7 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c if (!$_POST["collation"]) { redirect(substr(ME, 0, -1)); } - query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE " . $connection->quote($_POST["collation"]), substr(ME, 0, -1), lang('Database has been altered.')); + query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE " . q($_POST["collation"]), substr(ME, 0, -1), lang('Database has been altered.')); } } diff --git a/adminer/drivers/mssql.inc.php b/adminer/drivers/mssql.inc.php index 956978d5..5f0dce39 100644 --- a/adminer/drivers/mssql.inc.php +++ b/adminer/drivers/mssql.inc.php @@ -264,7 +264,7 @@ if (isset($_GET["mssql"])) { function db_collation($db, $collations) { global $connection; - return $connection->result("SELECT collation_name FROM sys.databases WHERE name = " . $connection->quote($db)); + return $connection->result("SELECT collation_name FROM sys.databases WHERE name = " . q($db)); } function engines() { @@ -277,8 +277,7 @@ if (isset($_GET["mssql"])) { } function tables_list() { - global $connection; - return get_key_vals("SELECT name, type_desc FROM sys.all_objects WHERE schema_id = SCHEMA_ID(" . $connection->quote(get_schema()) . ") AND type IN ('S', 'U', 'V') ORDER BY name"); + return get_key_vals("SELECT name, type_desc FROM sys.all_objects WHERE schema_id = SCHEMA_ID(" . q(get_schema()) . ") AND type IN ('S', 'U', 'V') ORDER BY name"); } function count_tables($databases) { @@ -292,9 +291,8 @@ if (isset($_GET["mssql"])) { } function table_status($name = "") { - global $connection; $return = array(); - foreach (get_rows("SELECT name AS Name, type_desc AS Engine FROM sys.all_objects WHERE schema_id = SCHEMA_ID(" . $connection->quote(get_schema()) . ") AND type IN ('S', 'U', 'V')" . ($name != "" ? " AND name = " . $connection->quote($name) : "")) as $row) { + foreach (get_rows("SELECT name AS Name, type_desc AS Engine FROM sys.all_objects WHERE schema_id = SCHEMA_ID(" . q(get_schema()) . ") AND type IN ('S', 'U', 'V')" . ($name != "" ? " AND name = " . q($name) : "")) as $row) { if ($name != "") { return $row; } @@ -312,14 +310,13 @@ if (isset($_GET["mssql"])) { } function fields($table, $hidden = false) { - global $connection; $return = array(); foreach (get_rows("SELECT c.*, t.name type, d.definition [default] FROM sys.all_columns c JOIN sys.all_objects o ON c.object_id = o.object_id JOIN sys.types t ON c.user_type_id = t.user_type_id LEFT JOIN sys.default_constraints d ON c.default_object_id = d.parent_column_id -WHERE o.schema_id = SCHEMA_ID(" . $connection->quote(get_schema()) . ") AND o.type IN ('S', 'U', 'V') AND o.name = " . $connection->quote($table) +WHERE o.schema_id = SCHEMA_ID(" . q(get_schema()) . ") AND o.type IN ('S', 'U', 'V') AND o.name = " . q($table) ) as $row) { $type = $row["type"]; $length = (ereg("char|binary", $type) ? $row["max_length"] : ($type == "decimal" ? "$row[precision],$row[scale]" : "")); @@ -350,7 +347,7 @@ WHERE o.schema_id = SCHEMA_ID(" . $connection->quote(get_schema()) . ") AND o.ty FROM sys.indexes INNER JOIN sys.index_columns ON indexes.object_id = index_columns.object_id AND indexes.index_id = index_columns.index_id INNER JOIN sys.columns ON index_columns.object_id = columns.object_id AND index_columns.column_id = columns.column_id -WHERE OBJECT_NAME(indexes.object_id) = " . $connection2->quote($table) +WHERE OBJECT_NAME(indexes.object_id) = " . q($table) ); if ($result) { while ($row = $result->fetch_assoc()) { @@ -364,7 +361,7 @@ WHERE OBJECT_NAME(indexes.object_id) = " . $connection2->quote($table) function view($name) { global $connection; - return array("select" => preg_replace('~^(?:[^`]|`[^`]*`)*\\s+AS\\s+~isU', '', $connection->result("SELECT view_definition FROM information_schema.views WHERE table_schema = SCHEMA_NAME() AND table_name = " . $connection->quote($name)))); + return array("select" => preg_replace('~^(?:[^`]|`[^`]*`)*\\s+AS\\s+~isU', '', $connection->result("SELECT view_definition FROM information_schema.views WHERE table_schema = SCHEMA_NAME() AND table_name = " . q($name)))); } function collations() { @@ -385,8 +382,7 @@ WHERE OBJECT_NAME(indexes.object_id) = " . $connection2->quote($table) } function exact_value($val) { - global $connection; - return $connection->quote($val); + return q($val); } function create_database($db, $collation) { @@ -410,7 +406,6 @@ WHERE OBJECT_NAME(indexes.object_id) = " . $connection2->quote($table) } function alter_table($table, $name, $fields, $foreign, $comment, $engine, $collation, $auto_increment, $partitioning) { - global $connection; $alter = array(); foreach ($fields as $field) { $column = idf_escape($field[0]); @@ -424,7 +419,7 @@ WHERE OBJECT_NAME(indexes.object_id) = " . $connection2->quote($table) } else { unset($val[6]); //! identity can't be removed if ($column != $val[0]) { - queries("EXEC sp_rename " . $connection->quote(table($table) . ".$column") . ", " . $connection->quote(idf_unescape($val[0])) . ", 'COLUMN'"); + queries("EXEC sp_rename " . q(table($table) . ".$column") . ", " . q(idf_unescape($val[0])) . ", 'COLUMN'"); } $alter["ALTER COLUMN " . implode("", $val)][] = ""; } @@ -434,7 +429,7 @@ WHERE OBJECT_NAME(indexes.object_id) = " . $connection2->quote($table) return queries("CREATE TABLE " . table($name) . " (" . implode(",", (array) $alter["ADD"]) . "\n)"); } if ($table != $name) { - queries("EXEC sp_rename " . $connection->quote(table($table)) . ", " . $connection->quote($name)); + queries("EXEC sp_rename " . q(table($table)) . ", " . q($name)); } foreach ($alter as $key => $val) { if (!queries("ALTER TABLE " . idf_escape($name) . " $key" . implode(",", $val))) { @@ -503,9 +498,8 @@ WHERE OBJECT_NAME(indexes.object_id) = " . $connection2->quote($table) } function foreign_keys($table) { - global $connection; $return = array(); - foreach (get_rows("EXEC sp_fkeys @fktable_name = " . $connection->quote($table)) as $row) { + foreach (get_rows("EXEC sp_fkeys @fktable_name = " . q($table)) as $row) { $foreign_key = &$return[$row["FK_NAME"]]; $foreign_key["table"] = $row["PKTABLE_NAME"]; $foreign_key["source"][] = $row["FKCOLUMN_NAME"]; @@ -531,14 +525,13 @@ WHERE OBJECT_NAME(indexes.object_id) = " . $connection2->quote($table) } function trigger($name) { - global $connection; $rows = get_rows("SELECT s.name [Trigger], CASE WHEN OBJECTPROPERTY(s.id, 'ExecIsInsertTrigger') = 1 THEN 'INSERT' WHEN OBJECTPROPERTY(s.id, 'ExecIsUpdateTrigger') = 1 THEN 'UPDATE' WHEN OBJECTPROPERTY(s.id, 'ExecIsDeleteTrigger') = 1 THEN 'DELETE' END [Event], CASE WHEN OBJECTPROPERTY(s.id, 'ExecIsInsteadOfTrigger') = 1 THEN 'INSTEAD OF' ELSE 'AFTER' END [Timing], c.text FROM sysobjects s JOIN syscomments c ON s.id = c.id -WHERE s.xtype = 'TR' AND s.name = " . $connection->quote($name) +WHERE s.xtype = 'TR' AND s.name = " . q($name) ); // triggers are not schema-scoped $return = reset($rows); if ($return) { @@ -548,14 +541,13 @@ WHERE s.xtype = 'TR' AND s.name = " . $connection->quote($name) } function triggers($table) { - global $connection; $return = array(); foreach (get_rows("SELECT sys1.name, CASE WHEN OBJECTPROPERTY(sys1.id, 'ExecIsInsertTrigger') = 1 THEN 'INSERT' WHEN OBJECTPROPERTY(sys1.id, 'ExecIsUpdateTrigger') = 1 THEN 'UPDATE' WHEN OBJECTPROPERTY(sys1.id, 'ExecIsDeleteTrigger') = 1 THEN 'DELETE' END [Event], CASE WHEN OBJECTPROPERTY(sys1.id, 'ExecIsInsteadOfTrigger') = 1 THEN 'INSTEAD OF' ELSE 'AFTER' END [Timing] FROM sysobjects sys1 JOIN sysobjects sys2 ON sys1.parent_obj = sys2.id -WHERE sys1.xtype = 'TR' AND sys2.name = " . $connection->quote($table) +WHERE sys1.xtype = 'TR' AND sys2.name = " . q($table) ) as $row) { // triggers are not schema-scoped $return[$row["name"]] = array($row["Timing"], $row["Event"]); } diff --git a/adminer/drivers/mysql.inc.php b/adminer/drivers/mysql.inc.php index 48b653ff..52614eca 100644 --- a/adminer/drivers/mysql.inc.php +++ b/adminer/drivers/mysql.inc.php @@ -349,9 +349,8 @@ if (!defined("DRIVER")) { * @return array */ function table_status($name = "") { - global $connection; $return = array(); - foreach (get_rows("SHOW TABLE STATUS" . ($name != "" ? " LIKE " . $connection->quote(addcslashes($name, "%_")) : "")) as $row) { + foreach (get_rows("SHOW TABLE STATUS" . ($name != "" ? " LIKE " . q(addcslashes($name, "%_")) : "")) as $row) { if ($row["Engine"] == "InnoDB") { // ignore internal comment, unnecessary since MySQL 5.1.21 $row["Comment"] = preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["Comment"]); @@ -503,8 +502,7 @@ if (!defined("DRIVER")) { * @return string */ function exact_value($val) { - global $connection; - return $connection->quote($val) . " COLLATE utf8_bin"; + return q($val) . " COLLATE utf8_bin"; } /** Create database @@ -512,9 +510,8 @@ if (!defined("DRIVER")) { * @return string */ function create_database($db, $collation) { - global $connection; set_session("databases", null); - return queries("CREATE DATABASE " . idf_escape($db) . ($collation ? " COLLATE " . $connection->quote($collation) : "")); + return queries("CREATE DATABASE " . idf_escape($db) . ($collation ? " COLLATE " . q($collation) : "")); } /** Drop databases @@ -579,7 +576,6 @@ if (!defined("DRIVER")) { * @return bool */ function alter_table($table, $name, $fields, $foreign, $comment, $engine, $collation, $auto_increment, $partitioning) { - global $connection; $alter = array(); foreach ($fields as $field) { $alter[] = ($field[1] @@ -588,9 +584,9 @@ if (!defined("DRIVER")) { ); } $alter = array_merge($alter, $foreign); - $status = "COMMENT=" . $connection->quote($comment) - . ($engine ? " ENGINE=" . $connection->quote($engine) : "") - . ($collation ? " COLLATE " . $connection->quote($collation) : "") + $status = "COMMENT=" . q($comment) + . ($engine ? " ENGINE=" . q($engine) : "") + . ($collation ? " COLLATE " . q($collation) : "") . ($auto_increment != "" ? " AUTO_INCREMENT=$auto_increment" : "") . $partitioning ; @@ -659,8 +655,7 @@ if (!defined("DRIVER")) { * @return array array("Trigger" => , "Timing" => , "Event" => , "Statement" => ) */ function trigger($name) { - global $connection; - $rows = get_rows("SHOW TRIGGERS WHERE `Trigger` = " . $connection->quote($name)); + $rows = get_rows("SHOW TRIGGERS WHERE `Trigger` = " . q($name)); return reset($rows); } @@ -669,9 +664,8 @@ if (!defined("DRIVER")) { * @return array array($name => array($timing, $event)) */ function triggers($table) { - global $connection; $return = array(); - foreach (get_rows("SHOW TRIGGERS LIKE " . $connection->quote(addcslashes($table, "%_"))) as $row) { + foreach (get_rows("SHOW TRIGGERS LIKE " . q(addcslashes($table, "%_"))) as $row) { $return[$row["Trigger"]] = array($row["Timing"], $row["Event"]); } return $return; @@ -725,8 +719,7 @@ if (!defined("DRIVER")) { } function routines() { - global $connection; - return get_rows("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = " . $connection->quote(DB)); + return get_rows("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = " . q(DB)); } /** Begin transaction @@ -841,9 +834,8 @@ if (!defined("DRIVER")) { * @return string */ function trigger_sql($table, $style) { - global $connection; $return = ""; - foreach (get_rows("SHOW TRIGGERS LIKE " . $connection->quote(addcslashes($table, "%_"))) as $row) { + foreach (get_rows("SHOW TRIGGERS LIKE " . q(addcslashes($table, "%_"))) as $row) { $return .= "\n" . ($style == 'CREATE+ALTER' ? "DROP TRIGGER IF EXISTS " . idf_escape($row["Trigger"]) . ";;\n" : "") . "CREATE TRIGGER " . idf_escape($row["Trigger"]) . " $row[Timing] $row[Event] ON " . table($row["Table"]) . " FOR EACH ROW\n$row[Statement];;\n"; } diff --git a/adminer/drivers/oracle.inc.php b/adminer/drivers/oracle.inc.php index 5fbde342..cbdb61d5 100644 --- a/adminer/drivers/oracle.inc.php +++ b/adminer/drivers/oracle.inc.php @@ -175,8 +175,7 @@ if (isset($_GET["oracle"])) { } function tables_list() { - global $connection; - return get_key_vals("SELECT table_name, 'table' FROM all_tables WHERE tablespace_name = " . $connection->quote(DB) . " + return get_key_vals("SELECT table_name, 'table' FROM all_tables WHERE tablespace_name = " . q(DB) . " UNION SELECT view_name, 'view' FROM user_views" ); //! views don't have schema } @@ -186,10 +185,9 @@ UNION SELECT view_name, 'view' FROM user_views" } function table_status($name = "") { - global $connection; $return = array(); - $search = $connection->quote($name); - foreach (get_rows('SELECT table_name "Name", \'table\' "Engine" FROM all_tables WHERE tablespace_name = ' . $connection->quote(DB) . ($name != "" ? " AND table_name = $search" : "") . " + $search = q($name); + foreach (get_rows('SELECT table_name "Name", \'table\' "Engine" FROM all_tables WHERE tablespace_name = ' . q(DB) . ($name != "" ? " AND table_name = $search" : "") . " UNION SELECT view_name, 'view' FROM user_views" . ($name != "" ? " WHERE view_name = $search" : "") ) as $row) { if ($name != "") { @@ -209,9 +207,8 @@ UNION SELECT view_name, 'view' FROM user_views" . ($name != "" ? " WHERE view_na } function fields($table, $hidden = false) { - global $connection; $return = array(); - foreach (get_rows("SELECT * FROM all_tab_columns WHERE table_name = " . $connection->quote($table) . " ORDER BY column_id") as $row) { + foreach (get_rows("SELECT * FROM all_tab_columns WHERE table_name = " . q($table) . " ORDER BY column_id") as $row) { $type = $row["DATA_TYPE"]; $length = "$row[DATA_PRECISION],$row[DATA_SCALE]"; if ($length == ",") { @@ -239,8 +236,7 @@ UNION SELECT view_name, 'view' FROM user_views" . ($name != "" ? " WHERE view_na } function view($name) { - global $connection; - $rows = get_rows('SELECT text "select" FROM user_views WHERE view_name = ' . $connection->quote($name)); + $rows = get_rows('SELECT text "select" FROM user_views WHERE view_name = ' . q($name)); return reset($rows); } @@ -258,8 +254,7 @@ UNION SELECT view_name, 'view' FROM user_views" . ($name != "" ? " WHERE view_na } function exact_value($val) { - global $connection; - return $connection->quote($val); + return q($val); } function explain($connection, $query) { diff --git a/adminer/drivers/pgsql.inc.php b/adminer/drivers/pgsql.inc.php index fa165581..38d484e4 100644 --- a/adminer/drivers/pgsql.inc.php +++ b/adminer/drivers/pgsql.inc.php @@ -198,13 +198,12 @@ if (isset($_GET["pgsql"])) { } function table_status($name = "") { - global $connection; $return = array(); foreach (get_rows("SELECT relname AS \"Name\", CASE relkind WHEN 'r' THEN '' ELSE 'view' END AS \"Engine\", pg_relation_size(oid) AS \"Data_length\", pg_total_relation_size(oid) - pg_relation_size(oid) AS \"Index_length\", obj_description(oid, 'pg_class') AS \"Comment\" FROM pg_class WHERE relkind IN ('r','v') AND relnamespace = (SELECT oid FROM pg_namespace WHERE nspname = current_schema())" - . ($name != "" ? " AND relname = " . $connection->quote($name) : "") + . ($name != "" ? " AND relname = " . q($name) : "") ) as $row) { //! Index_length, Auto_increment $return[$row["Name"]] = $row; } @@ -220,14 +219,13 @@ AND relnamespace = (SELECT oid FROM pg_namespace WHERE nspname = current_schema( } function fields($table, $hidden = false) { - global $connection; $return = array(); foreach (get_rows("SELECT a.attname AS field, format_type(a.atttypid, a.atttypmod) AS full_type, d.adsrc AS default, a.attnotnull, col_description(c.oid, a.attnum) AS comment FROM pg_class c JOIN pg_namespace n ON c.relnamespace = n.oid JOIN pg_attribute a ON c.oid = a.attrelid LEFT JOIN pg_attrdef d ON c.oid = d.adrelid AND a.attnum = d.adnum -WHERE c.relname = " . $connection->quote($table) . " +WHERE c.relname = " . q($table) . " AND n.nspname = current_schema() AND NOT a.attisdropped " . ($hidden ? "" : "AND a.attnum > 0") . " @@ -251,7 +249,7 @@ ORDER BY a.attnum < 0, a.attnum" $connection2 = $connection; } $return = array(); - $table_oid = $connection2->result("SELECT oid FROM pg_class WHERE relname = " . $connection2->quote($table)); + $table_oid = $connection2->result("SELECT oid FROM pg_class WHERE relname = " . q($table)); $columns = get_key_vals("SELECT attnum, attname FROM pg_attribute WHERE attrelid = $table_oid AND attnum > 0", $connection2); foreach (get_rows("SELECT relname, indisunique, indisprimary, indkey FROM pg_index i, pg_class ci WHERE i.indrelid = $table_oid AND ci.oid = i.indexrelid") as $row) { $return[$row["relname"]]["type"] = ($row["indisprimary"] == "t" ? "PRIMARY" : ($row["indisunique"] == "t" ? "UNIQUE" : "INDEX")); @@ -265,14 +263,13 @@ ORDER BY a.attnum < 0, a.attnum" } function foreign_keys($table) { - global $connection; $return = array(); foreach (get_rows("SELECT tc.constraint_name, kcu.column_name, rc.update_rule AS on_update, rc.delete_rule AS on_delete, ccu.table_name AS table, ccu.column_name AS ref FROM information_schema.table_constraints tc LEFT JOIN information_schema.key_column_usage kcu USING (constraint_catalog, constraint_schema, constraint_name) LEFT JOIN information_schema.referential_constraints rc USING (constraint_catalog, constraint_schema, constraint_name) LEFT JOIN information_schema.constraint_column_usage ccu ON rc.unique_constraint_catalog = ccu.constraint_catalog AND rc.unique_constraint_schema = ccu.constraint_schema AND rc.unique_constraint_name = ccu.constraint_name -WHERE tc.constraint_type = 'FOREIGN KEY' AND tc.table_name = " . $connection->quote($table)) as $row) { //! there can be more unique_constraint_name +WHERE tc.constraint_type = 'FOREIGN KEY' AND tc.table_name = " . q($table)) as $row) { //! there can be more unique_constraint_name $foreign_key = &$return[$row["constraint_name"]]; if (!$foreign_key) { $foreign_key = $row; @@ -285,7 +282,7 @@ WHERE tc.constraint_type = 'FOREIGN KEY' AND tc.table_name = " . $connection->qu function view($name) { global $connection; - return array("select" => $connection->result("SELECT pg_get_viewdef(" . $connection->quote($name) . ")")); + return array("select" => $connection->result("SELECT pg_get_viewdef(" . q($name) . ")")); } function collations() { @@ -307,8 +304,7 @@ WHERE tc.constraint_type = 'FOREIGN KEY' AND tc.table_name = " . $connection->qu } function exact_value($val) { - global $connection; - return $connection->quote($val); + return q($val); } function create_database($db, $collation) { @@ -331,7 +327,6 @@ WHERE tc.constraint_type = 'FOREIGN KEY' AND tc.table_name = " . $connection->qu } function alter_table($table, $name, $fields, $foreign, $comment, $engine, $collation, $auto_increment, $partitioning) { - global $connection; $alter = array(); $queries = array(); foreach ($fields as $field) { @@ -372,10 +367,10 @@ WHERE tc.constraint_type = 'FOREIGN KEY' AND tc.table_name = " . $connection->qu $queries[] = "ALTER TABLE " . table($table) . " RENAME TO " . table($name); } if ($table != "" || $comment != "") { - $queries[] = "COMMENT ON TABLE " . table($name) . " IS " . $connection->quote($comment); + $queries[] = "COMMENT ON TABLE " . table($name) . " IS " . q($comment); } if ($auto_increment != "") { - //! $queries[] = "SELECT setval(pg_get_serial_sequence(" . $connection->quote($name) . ", ), $auto_increment)"; + //! $queries[] = "SELECT setval(pg_get_serial_sequence(" . q($name) . ", ), $auto_increment)"; } foreach ($queries as $query) { if (!queries($query)) { @@ -430,15 +425,13 @@ WHERE tc.constraint_type = 'FOREIGN KEY' AND tc.table_name = " . $connection->qu } function trigger($name) { - global $connection; - $rows = get_rows('SELECT trigger_name AS "Trigger", condition_timing AS "Timing", event_manipulation AS "Event", \'FOR EACH \' || action_orientation AS "Type", action_statement AS "Statement" FROM information_schema.triggers WHERE event_object_table = ' . $connection->quote($_GET["trigger"]) . ' AND trigger_name = ' . $connection->quote($name)); + $rows = get_rows('SELECT trigger_name AS "Trigger", condition_timing AS "Timing", event_manipulation AS "Event", \'FOR EACH \' || action_orientation AS "Type", action_statement AS "Statement" FROM information_schema.triggers WHERE event_object_table = ' . q($_GET["trigger"]) . ' AND trigger_name = ' . q($name)); return reset($rows); } function triggers($table) { - global $connection; $return = array(); - foreach (get_rows("SELECT * FROM information_schema.triggers WHERE event_object_table = " . $connection->quote($table)) as $row) { + foreach (get_rows("SELECT * FROM information_schema.triggers WHERE event_object_table = " . q($table)) as $row) { $return[$row["trigger_name"]] = array($row["condition_timing"], $row["event_manipulation"]); } return $return; diff --git a/adminer/drivers/sqlite.inc.php b/adminer/drivers/sqlite.inc.php index ad9b9508..6faa565e 100644 --- a/adminer/drivers/sqlite.inc.php +++ b/adminer/drivers/sqlite.inc.php @@ -249,9 +249,8 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) { } function table_status($name = "") { - global $connection; $return = array(); - foreach (get_rows("SELECT name AS Name, type AS Engine FROM sqlite_master WHERE type IN ('table', 'view')" . ($name != "" ? " AND name = " . $connection->quote($name) : "")) as $row) { + foreach (get_rows("SELECT name AS Name, type AS Engine FROM sqlite_master WHERE type IN ('table', 'view')" . ($name != "" ? " AND name = " . q($name) : "")) as $row) { $row["Auto_increment"] = ""; $return[$row["Name"]] = $row; } @@ -326,7 +325,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) { function view($name) { global $connection; - return array("select" => preg_replace('~^(?:[^`"[]+|`[^`]*`|"[^"]*")* AS\\s+~iU', '', $connection->result("SELECT sql FROM sqlite_master WHERE name = " . $connection->quote($name)))); //! identifiers may be inside [] + return array("select" => preg_replace('~^(?:[^`"[]+|`[^`]*`|"[^"]*")* AS\\s+~iU', '', $connection->result("SELECT sql FROM sqlite_master WHERE name = " . q($name)))); //! identifiers may be inside [] } function collations() { @@ -343,8 +342,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) { } function exact_value($val) { - global $connection; - return $connection->quote($val); + return q($val); } function create_database($db, $collation) { @@ -384,7 +382,6 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) { } function alter_table($table, $name, $fields, $foreign, $comment, $engine, $collation, $auto_increment, $partitioning) { - global $connection; $alter = array(); foreach ($fields as $field) { if ($field[1]) { @@ -405,7 +402,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) { return false; } if ($auto_increment) { - queries("UPDATE sqlite_sequence SET seq = $auto_increment WHERE name = " . $connection->quote($name)); // ignores error + queries("UPDATE sqlite_sequence SET seq = $auto_increment WHERE name = " . q($name)); // ignores error } return true; } @@ -437,14 +434,13 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) { function trigger($name) { global $connection; - preg_match('~^CREATE\\s+TRIGGER\\s*(?:[^`"\\s]+|`[^`]*`|"[^"]*")+\\s*([a-z]+)\\s+([a-z]+)\\s+ON\\s*(?:[^`"\\s]+|`[^`]*`|"[^"]*")+\\s*(?:FOR\\s*EACH\\s*ROW\\s)?(.*)~is', $connection->result("SELECT sql FROM sqlite_master WHERE name = " . $connection->quote($name)), $match); + preg_match('~^CREATE\\s+TRIGGER\\s*(?:[^`"\\s]+|`[^`]*`|"[^"]*")+\\s*([a-z]+)\\s+([a-z]+)\\s+ON\\s*(?:[^`"\\s]+|`[^`]*`|"[^"]*")+\\s*(?:FOR\\s*EACH\\s*ROW\\s)?(.*)~is', $connection->result("SELECT sql FROM sqlite_master WHERE name = " . q($name)), $match); return array("Timing" => strtoupper($match[1]), "Event" => strtoupper($match[2]), "Trigger" => $name, "Statement" => $match[3]); } function triggers($table) { - global $connection; $return = array(); - foreach (get_rows("SELECT * FROM sqlite_master WHERE type = 'trigger' AND tbl_name = " . $connection->quote($table)) as $row) { + foreach (get_rows("SELECT * FROM sqlite_master WHERE type = 'trigger' AND tbl_name = " . q($table)) as $row) { preg_match('~^CREATE\\s+TRIGGER\\s*(?:[^`"\\s]+|`[^`]*`|"[^"]*")+\\s*([a-z]+)\\s*([a-z]+)~i', $row["sql"], $match); $return[$row["name"]] = array($match[1], $match[2]); } @@ -505,7 +501,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) { function create_sql($table, $auto_increment) { global $connection; - return $connection->result("SELECT sql FROM sqlite_master WHERE type = 'table' AND name = " . $connection->quote($table)); + return $connection->result("SELECT sql FROM sqlite_master WHERE type = 'table' AND name = " . q($table)); } function truncate_sql($table) { @@ -516,8 +512,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) { } function trigger_sql($table, $style) { - global $connection; - return implode(get_vals("SELECT sql || ';;\n' FROM sqlite_master WHERE type = 'trigger' AND name = " . $connection->quote($table))); + return implode(get_vals("SELECT sql || ';;\n' FROM sqlite_master WHERE type = 'trigger' AND name = " . q($table))); } function show_variables() { diff --git a/adminer/dump.inc.php b/adminer/dump.inc.php index fa015f3e..be2a1603 100644 --- a/adminer/dump.inc.php +++ b/adminer/dump.inc.php @@ -13,7 +13,7 @@ if ($_POST) { " . ($jush != "sql" ? "" : "SET NAMES utf8; SET foreign_key_checks = 0; -SET time_zone = " . $connection->quote($connection->result("SELECT @@time_zone")) . "; +SET time_zone = " . q($connection->result("SELECT @@time_zone")) . "; SET sql_mode = 'NO_AUTO_VALUE_ON_ZERO'; "); @@ -45,7 +45,7 @@ SET sql_mode = 'NO_AUTO_VALUE_ON_ZERO'; $out = ""; if ($_POST["routines"]) { foreach (array("FUNCTION", "PROCEDURE") as $routine) { - $result = $connection->query("SHOW $routine STATUS WHERE Db = " . $connection->quote($db)); + $result = $connection->query("SHOW $routine STATUS WHERE Db = " . q($db)); if ($result) { while ($row = $result->fetch_assoc()) { $out .= ($style != 'DROP+CREATE' ? "DROP $routine IF EXISTS " . idf_escape($row["Name"]) . ";;\n" : "") @@ -126,9 +126,9 @@ CREATE PROCEDURE adminer_alter (INOUT alter_command text) BEGIN IF NOT done THEN CASE _table_name"; foreach (get_rows($query) as $row) { - $comment = $connection->quote($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]); + $comment = q($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]); echo " - WHEN " . $connection->quote($row["TABLE_NAME"]) . " THEN + WHEN " . q($row["TABLE_NAME"]) . " THEN " . (isset($row["ENGINE"]) ? "IF _engine != '$row[ENGINE]' OR _table_collation != '$row[TABLE_COLLATION]' OR _table_comment != $comment THEN ALTER TABLE " . idf_escape($row["TABLE_NAME"]) . " ENGINE=$row[ENGINE] COLLATE=$row[TABLE_COLLATION] COMMENT=$comment; END IF" : "BEGIN END") . ";"; diff --git a/adminer/event.inc.php b/adminer/event.inc.php index 3cba3520..fe17ef5d 100644 --- a/adminer/event.inc.php +++ b/adminer/event.inc.php @@ -8,17 +8,17 @@ if ($_POST && !$error) { query_redirect("DROP EVENT " . idf_escape($EVENT), substr(ME, 0, -1), lang('Event has been dropped.')); } elseif (in_array($_POST["INTERVAL_FIELD"], $intervals) && isset($statuses[$_POST["STATUS"]])) { $schedule = "\nON SCHEDULE " . ($_POST["INTERVAL_VALUE"] - ? "EVERY " . $connection->quote($_POST["INTERVAL_VALUE"]) . " $_POST[INTERVAL_FIELD]" - . ($_POST["STARTS"] ? " STARTS " . $connection->quote($_POST["STARTS"]) : "") - . ($_POST["ENDS"] ? " ENDS " . $connection->quote($_POST["ENDS"]) : "") //! ALTER EVENT doesn't drop ENDS - MySQL bug #39173 - : "AT " . $connection->quote($_POST["STARTS"]) + ? "EVERY " . q($_POST["INTERVAL_VALUE"]) . " $_POST[INTERVAL_FIELD]" + . ($_POST["STARTS"] ? " STARTS " . q($_POST["STARTS"]) : "") + . ($_POST["ENDS"] ? " ENDS " . q($_POST["ENDS"]) : "") //! ALTER EVENT doesn't drop ENDS - MySQL bug #39173 + : "AT " . q($_POST["STARTS"]) ) . " ON COMPLETION" . ($_POST["ON_COMPLETION"] ? "" : " NOT") . " PRESERVE" ; query_redirect(($EVENT != "" ? "ALTER EVENT " . idf_escape($EVENT) . $schedule . ($EVENT != $_POST["EVENT_NAME"] ? "\nRENAME TO " . idf_escape($_POST["EVENT_NAME"]) : "") : "CREATE EVENT " . idf_escape($_POST["EVENT_NAME"]) . $schedule - ) . "\n" . $statuses[$_POST["STATUS"]] . " COMMENT " . $connection->quote($_POST["EVENT_COMMENT"]) + ) . "\n" . $statuses[$_POST["STATUS"]] . " COMMENT " . q($_POST["EVENT_COMMENT"]) . " DO\n$_POST[EVENT_DEFINITION]" , substr(ME, 0, -1), ($EVENT != "" ? lang('Event has been altered.') : lang('Event has been created.'))); } @@ -30,7 +30,7 @@ $row = array(); if ($_POST) { $row = $_POST; } elseif ($EVENT != "") { - $rows = get_rows("SELECT * FROM information_schema.EVENTS WHERE EVENT_SCHEMA = " . $connection->quote(DB) . " AND EVENT_NAME = " . $connection->quote($EVENT)); + $rows = get_rows("SELECT * FROM information_schema.EVENTS WHERE EVENT_SCHEMA = " . q(DB) . " AND EVENT_NAME = " . q($EVENT)); $row = reset($rows); } ?> diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php index 1f16a6ee..a0eb80d8 100644 --- a/adminer/include/adminer.inc.php +++ b/adminer/include/adminer.inc.php @@ -304,11 +304,11 @@ document.getElementById('username').focus(); * @return array expressions to join by AND */ function selectSearchProcess($fields, $indexes) { - global $connection, $jush; + global $jush; $return = array(); foreach ($indexes as $i => $index) { if ($index["type"] == "FULLTEXT" && $_GET["fulltext"][$i] != "") { - $return[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST (" . $connection->quote($_GET["fulltext"][$i]) . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")"; + $return[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST (" . q($_GET["fulltext"][$i]) . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")"; } } foreach ((array) $_GET["where"] as $val) { @@ -436,9 +436,8 @@ document.getElementById('username').focus(); * @return string expression to use in a query */ function processInput($field, $value, $function = "") { - global $connection; $name = $field["field"]; - $return = $connection->quote($value); + $return = q($value); if (ereg('^(now|getdate|uuid)$', $function)) { $return = "$function()"; } elseif (ereg('^current_(date|timestamp)$', $function)) { diff --git a/adminer/include/editing.inc.php b/adminer/include/editing.inc.php index f4a3d90e..38bc423f 100644 --- a/adminer/include/editing.inc.php +++ b/adminer/include/editing.inc.php @@ -139,11 +139,11 @@ function process_length($length) { * @return string */ function process_type($field, $collate = "COLLATE") { - global $connection, $unsigned; + global $unsigned; return " $field[type]" . ($field["length"] != "" ? "(" . process_length($field["length"]) . ")" : "") . (ereg('int|float|double|decimal', $field["type"]) && in_array($field["unsigned"], $unsigned) ? " $field[unsigned]" : "") - . (ereg('char|text|enum|set', $field["type"]) && $field["collation"] ? " $collate " . $connection->quote($field["collation"]) : "") + . (ereg('char|text|enum|set', $field["type"]) && $field["collation"] ? " $collate " . q($field["collation"]) : "") ; } @@ -153,14 +153,13 @@ function process_type($field, $collate = "COLLATE") { * @return array array("field", "type", "NULL", "DEFAULT", "ON UPDATE", "COMMENT", "AUTO_INCREMENT") */ function process_field($field, $type_field) { - global $connection; return array( idf_escape($field["field"]), process_type($type_field), ($field["null"] ? " NULL" : " NOT NULL"), // NULL for timestamp - (isset($field["default"]) ? " DEFAULT " . ($field["type"] == "timestamp" && eregi("^CURRENT_TIMESTAMP$", $field["default"]) ? $field["default"] : $connection->quote($field["default"])) : ""), + (isset($field["default"]) ? " DEFAULT " . ($field["type"] == "timestamp" && eregi("^CURRENT_TIMESTAMP$", $field["default"]) ? $field["default"] : q($field["default"])) : ""), ($field["on_update"] ? " ON UPDATE $field[on_update]" : ""), - (support("comment") && $field["comment"] != "" ? " COMMENT " . $connection->quote($field["comment"]) : ""), + (support("comment") && $field["comment"] != "" ? " COMMENT " . q($field["comment"]) : ""), ($field["auto_increment"] ? auto_increment() : null), ); } diff --git a/adminer/include/export.inc.php b/adminer/include/export.inc.php index 50c2d2be..250557b7 100644 --- a/adminer/include/export.inc.php +++ b/adminer/include/export.inc.php @@ -10,7 +10,6 @@ function tar_file($filename, $contents) { } function dump_table($table, $style, $is_view = false) { - global $connection; if ($_POST["format"] != "sql") { echo "\xef\xbb\xbf"; // UTF-8 byte order mark if ($style) { @@ -30,7 +29,7 @@ function dump_table($table, $style, $is_view = false) { } if ($style == "CREATE+ALTER" && !$is_view) { // create procedure which iterates over original columns and adds new and removes old - $query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = " . $connection->quote($table) . " ORDER BY ORDINAL_POSITION"; + $query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = " . q($table) . " ORDER BY ORDINAL_POSITION"; echo "DELIMITER ;; CREATE PROCEDURE adminer_alter (INOUT alter_command text) BEGIN DECLARE _column_name, _collation_name, after varchar(64) DEFAULT ''; @@ -44,15 +43,15 @@ CREATE PROCEDURE adminer_alter (INOUT alter_command text) BEGIN $after = ""; foreach (get_rows($query) as $row) { $default = $row["COLUMN_DEFAULT"]; - $row["default"] = (isset($default) ? $connection->quote($default) : "NULL"); - $row["after"] = $connection->quote($after); //! rgt AFTER lft, lft AFTER id doesn't work + $row["default"] = (isset($default) ? q($default) : "NULL"); + $row["after"] = q($after); //! rgt AFTER lft, lft AFTER id doesn't work $row["alter"] = escape_string(idf_escape($row["COLUMN_NAME"]) . " $row[COLUMN_TYPE]" . ($row["COLLATION_NAME"] ? " COLLATE $row[COLLATION_NAME]" : "") . (isset($default) ? " DEFAULT " . ($default == "CURRENT_TIMESTAMP" ? $default : $row["default"]) : "") . ($row["IS_NULLABLE"] == "YES" ? "" : " NOT NULL") . ($row["EXTRA"] ? " $row[EXTRA]" : "") - . ($row["COLUMN_COMMENT"] ? " COMMENT " . $connection->quote($row["COLUMN_COMMENT"]) : "") + . ($row["COLUMN_COMMENT"] ? " COMMENT " . q($row["COLUMN_COMMENT"]) : "") . ($after ? " AFTER " . idf_escape($after) : " FIRST") ); echo ", ADD $row[alter]"; @@ -71,9 +70,9 @@ CREATE PROCEDURE adminer_alter (INOUT alter_command text) BEGIN CASE _column_name"; foreach ($fields as $row) { echo " - WHEN " . $connection->quote($row["COLUMN_NAME"]) . " THEN + WHEN " . q($row["COLUMN_NAME"]) . " THEN SET add_columns = REPLACE(add_columns, ', ADD $row[alter]', ''); - IF NOT (_column_default <=> $row[default]) OR _is_nullable != '$row[IS_NULLABLE]' OR _collation_name != '$row[COLLATION_NAME]' OR _column_type != " . $connection->quote($row["COLUMN_TYPE"]) . " OR _extra != '$row[EXTRA]' OR _column_comment != " . $connection->quote($row["COLUMN_COMMENT"]) . " OR after != $row[after] THEN + IF NOT (_column_default <=> $row[default]) OR _is_nullable != '$row[IS_NULLABLE]' OR _collation_name != '$row[COLLATION_NAME]' OR _column_type != " . q($row["COLUMN_TYPE"]) . " OR _extra != '$row[EXTRA]' OR _column_comment != " . q($row["COLUMN_COMMENT"]) . " OR after != $row[after] THEN SET @alter_table = CONCAT(@alter_table, ', MODIFY $row[alter]'); END IF;"; //! don't replace in comment } @@ -122,7 +121,7 @@ function dump_data($table, $style, $select = "") { $insert = "INSERT INTO " . table($table) . " (" . implode(", ", array_map('idf_escape', array_keys($row))) . ") VALUES"; } foreach ($row as $key => $val) { - $row[$key] = (isset($val) ? (ereg('int|float|double|decimal', $fields[$key]["type"]) ? $val : $connection->quote($val)) : "NULL"); //! columns looking like functions + $row[$key] = (isset($val) ? (ereg('int|float|double|decimal', $fields[$key]["type"]) ? $val : q($val)) : "NULL"); //! columns looking like functions } $s = implode(",\t", $row); if ($style == "INSERT+UPDATE") { diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php index b83d3472..9903b0e6 100644 --- a/adminer/include/functions.inc.php +++ b/adminer/include/functions.inc.php @@ -22,8 +22,7 @@ function idf_unescape($idf) { * @return string */ function escape_string($val) { - global $connection; - return substr($connection->quote($val), 1, -1); + return substr(q($val), 1, -1); } /** Disable magic_quotes_gpc @@ -149,6 +148,11 @@ function ini_bool($ini) { return (eregi('^(on|true|yes)$', $val) || (int) $val); // boolean values set by php_value are strings } +function q($string) { + global $connection; + return $connection->quote($string); +} + /** Get list of values from database * @param string * @param mixed @@ -609,7 +613,7 @@ function input($field, $value, $function) { * @return string */ function process_input($field) { - global $connection, $adminer; + global $adminer; $idf = bracket_escape($field["field"]); $function = $_POST["function"][$idf]; $value = $_POST["fields"][$idf]; @@ -639,7 +643,7 @@ function process_input($field) { if (!is_string($file)) { return false; //! report errors } - return $connection->quote($file); + return q($file); } return $adminer->processInput($field, $value, $function); } diff --git a/adminer/select.inc.php b/adminer/select.inc.php index 23af29b4..079c1d33 100644 --- a/adminer/select.inc.php +++ b/adminer/select.inc.php @@ -153,7 +153,7 @@ if ($_POST && !$error) { } else { $set = array(); foreach ($matches2[1] as $i => $col) { - $set[idf_escape($cols[$i])] = ($col == "" && $fields[$cols[$i]]["null"] ? "NULL" : $connection->quote(str_replace('""', '"', preg_replace('~^"|"$~', '', $col)))); + $set[idf_escape($cols[$i])] = ($col == "" && $fields[$cols[$i]]["null"] ? "NULL" : q(str_replace('""', '"', preg_replace('~^"|"$~', '', $col)))); } $result = insert_update($TABLE, $set, $primary); if (!$result) { diff --git a/adminer/user.inc.php b/adminer/user.inc.php index 44856778..b79a99a4 100644 --- a/adminer/user.inc.php +++ b/adminer/user.inc.php @@ -26,7 +26,7 @@ if ($_POST) { } $grants = array(); $old_pass = ""; -if (isset($_GET["host"]) && ($result = $connection->query("SHOW GRANTS FOR " . $connection->quote($USER) . "@" . $connection->quote($_GET["host"])))) { //! use information_schema for MySQL 5 - column names in column privileges are not escaped +if (isset($_GET["host"]) && ($result = $connection->query("SHOW GRANTS FOR " . q($USER) . "@" . q($_GET["host"])))) { //! use information_schema for MySQL 5 - column names in column privileges are not escaped while ($row = $result->fetch_row()) { if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match) && preg_match_all('~ *([^(,]*[^ ,(])( *\\([^)]+\\))?~', $match[1], $matches, PREG_SET_ORDER)) { //! escape the part between ON and TO foreach ($matches as $val) { @@ -45,9 +45,9 @@ if (isset($_GET["host"]) && ($result = $connection->query("SHOW GRANTS FOR " . $ } if ($_POST && !$error) { - $old_user = (isset($_GET["host"]) ? $connection->quote($USER) . "@" . $connection->quote($_GET["host"]) : "''"); - $new_user = $connection->quote($_POST["user"]) . "@" . $connection->quote($_POST["host"]); // if $_GET["host"] is not set then $new_user is always different - $pass = $connection->quote($_POST["pass"]); + $old_user = (isset($_GET["host"]) ? q($USER) . "@" . q($_GET["host"]) : "''"); + $new_user = q($_POST["user"]) . "@" . q($_POST["host"]); // if $_GET["host"] is not set then $new_user is always different + $pass = q($_POST["pass"]); if ($_POST["drop"]) { query_redirect("DROP USER $old_user", ME . "privileges=", lang('User has been dropped.')); } else { diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php index b60e1394..d32a6573 100644 --- a/editor/include/adminer.inc.php +++ b/editor/include/adminer.inc.php @@ -61,13 +61,12 @@ document.getElementById('username').focus(); } function backwardKeys($table, $tableName) { - global $connection; $return = array(); foreach (get_rows("SELECT TABLE_NAME, CONSTRAINT_NAME, COLUMN_NAME, REFERENCED_COLUMN_NAME FROM information_schema.KEY_COLUMN_USAGE -WHERE TABLE_SCHEMA = " . $connection->quote($this->database()) . " -AND REFERENCED_TABLE_SCHEMA = " . $connection->quote($this->database()) . " -AND REFERENCED_TABLE_NAME = " . $connection->quote($table) . " +WHERE TABLE_SCHEMA = " . q($this->database()) . " +AND REFERENCED_TABLE_SCHEMA = " . q($this->database()) . " +AND REFERENCED_TABLE_NAME = " . q($table) . " ORDER BY ORDINAL_POSITION") as $row) { //! requires MySQL 5 $return[$row["TABLE_NAME"]]["keys"][$row["CONSTRAINT_NAME"]][$row["COLUMN_NAME"]] = $row["REFERENCED_COLUMN_NAME"]; } @@ -404,7 +403,6 @@ ORDER BY ORDINAL_POSITION") as $row) { //! requires MySQL 5 } function processInput($field, $value, $function = "") { - global $connection; if ($function == "now") { return "$function()"; } @@ -412,7 +410,7 @@ ORDER BY ORDINAL_POSITION") as $row) { //! requires MySQL 5 if (ereg('date|timestamp', $field["type"]) && preg_match('(^' . str_replace('\\$1', '(?P[0-9]*)', preg_replace('~(\\\\\\$([2-6]))~', '(?P[0-9]{1,2})', preg_quote(lang('$1-$3-$5')))) . '(.*))', $value, $match)) { $return = ($match["p1"] != "" ? $match["p1"] : ($match["p2"] != "" ? ($match["p2"] < 70 ? 20 : 19) . $match["p2"] : gmdate("Y"))) . "-$match[p3]$match[p4]-$match[p5]$match[p6]" . end($match); } - $return = $connection->quote($return); + $return = q($return); if (!ereg('varchar|text', $field["type"]) && $field["full_type"] != "tinyint(1)" && $value == "") { $return = "NULL"; } elseif (ereg('^(md5|sha1)$', $function)) {