$error
\n"; } elseif ($_POST && is_string($query = (isset($_POST["query"]) ? $_POST["query"] : get_file("sql_file")))) { $delimiter = ";"; $offset = 0; $empty = true; while (rtrim($query)) { if (!$offset && preg_match('~^\\s*DELIMITER\\s+(.+)~i', $query, $match)) { $delimiter = preg_quote($match[1], '~'); $query = substr($query, strlen($match[0])); } elseif (preg_match("~$delimiter|['`\"]|\$~", $query, $match, PREG_OFFSET_CAPTURE, $offset)) { if ($match[0][0] && $match[0][0] != $delimiter) { preg_match('~\\G([^\\\\' . $match[0][0] . ']*|\\\\.)+(' . $match[0][0] . '|$)~s', $query, $match, PREG_OFFSET_CAPTURE, $match[0][1] + 1); $offset = $match[0][1] + strlen($match[0][0]); } else { $empty = false; echo "" . htmlspecialchars(substr($query, 0, $match[0][1])) . "\n"; $result = mysql_query(substr($query, 0, $match[0][1])); $query = substr($query, $match[0][1] + strlen($match[0][0])); $offset = 0; if (!$result) { echo "
" . lang('Error in query') . ": " . htmlspecialchars(mysql_error()) . "
\n"; } elseif ($result === true) { /* more secure but less user-friendly if (token_delete()) { $token = token(); } */ echo " \n"; } else { select($result); } } } } if ($empty) { echo " \n"; } } elseif ($_GET["sql"] == "upload") { echo "" . lang('Unable to upload a file.') . "
\n"; } ?> " . lang('File uploads are disabled.') . "\n"; } else { ?>