// Some security stuff...
if (!defined('__SECURITY')) {
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php';
require($INC);
}
fwrite($fp, "Module=".$GLOBALS['module']."\n");
$GLOBALS['sql_first_entry'] = true;
} // END - if
- fwrite($fp, $F."(LINE=".$L."|NUM=".SQL_NUMROWS($result)."|AFFECTED=".SQL_AFFECTEDROWS()."|QUERYTIME:".$queryTime."): ".str_replace('\r', "", str_replace('\n', " ", $sql_string))."\n");
+ fwrite($fp, $F."(LINE=".$L."|NUM=".SQL_NUMROWS($result)."|AFFECTED=".SQL_AFFECTEDROWS()."|QUERYTIME:".$queryTime."): ".str_replace('\r', '', str_replace('\n', " ", $sql_string))."\n");
fclose($fp);
} // END - if
// Do we need to update cache/db counter?
//* DEBUG: */ echo "DB=".getConfig('db_hits').",CACHE=".getConfig('cache_hits')."<br />\n";
- if ((GET_EXT_VERSION("cache") >= "0.0.7") && (getConfig('db_hits') > 0) && (getConfig('cache_hits') > 0) && (isCacheInstanceValid())) {
+ if ((GET_EXT_VERSION('cache') >= '0.0.7') && (getConfig('db_hits') > 0) && (getConfig('cache_hits') > 0) && (isCacheInstanceValid())) {
// Add new hits
incrementConfigEntry('db_hits', getConfig('db_hits_run'));
// Update counter for db/cache
- UPDATE_CONFIG(array("db_hits", "cache_hits"), array(getConfig(('db_hits')), getConfig(('cache_hits'))));
+ updateConfiguration(array('db_hits', 'cache_hits'), array(getConfig(('db_hits')), getConfig(('cache_hits'))));
} // END - if
// Close database link and forget the link
}
// SQL string escaping
-function SQL_QUERY_ESC ($qstring, $data, $F, $L, $run=true, $strip=true) {
+function SQL_QUERY_ESC ($qstring, $data, $F, $L, $run=true, $strip=true, $secure=true) {
// Link is there?
if (!SQL_IS_LINK_UP()) return false;
$strip = "false";
}
+ if ($secure === true) {
+ $secure = "true";
+ } else {
+ $secure = "false";
+ }
+
$eval = "\$query = sprintf(\"".$qstring."\"";
foreach ($data as $var) {
if ((!empty($var)) || ($var === 0)) {
- $eval .= ", SQL_ESCAPE(\"".$var."\",true,".$strip.")";
+ $eval .= ", SQL_ESCAPE(\"".$var."\", ".$secure.", ".$strip.")";
} else {
$eval .= ", ''";
}
// Debugging
//
//* DEBUG: */ $fp = fopen(constant('PATH')."inc/cache/escape_debug.log", 'a') or app_die(__FILE__, __LINE__, "Cannot write debug.log!");
- //* DEBUG: */ fwrite($fp, $F."(".$L."): ".str_replace("\r", "", str_replace("\n", " ", $eval))."\n");
+ //* DEBUG: */ fwrite($fp, $F."(".$L."): ".str_replace("\r", '', str_replace("\n", " ", $eval))."\n");
//* DEBUG: */ fclose($fp);
// Run the code
// Extract table name
$tableArray = explode(" ", $sql);
- $tableName = str_replace("`", "", $tableArray[2]);
+ $tableName = str_replace("`", '', $tableArray[2]);
// Shall we add/drop?
if (((ereg("ADD", $sql)) || (ereg("DROP", $sql))) && ($noIndex)) {
// And column name as well
- $columnName = str_replace("`", "", $tableArray[4]);
+ $columnName = str_replace("`", '', $tableArray[4]);
// Get column information
$result = SQL_QUERY_ESC("SHOW COLUMNS FROM %s LIKE '%s'",
// 123 4 4 3 3 4 432 23 4 4 3 3 4 4321
if (((SQL_NUMROWS($result) == 0) && (ereg("ADD", $sql))) || ((SQL_NUMROWS($result) == 1) && (ereg("DROP", $sql)))) {
// Do the query
- //* DEBUG: */ print __LINE__.":".$sql."<br />\n";
+ //* DEBUG: */ print __LINE__.':'.$sql."<br />\n";
$result = SQL_QUERY($sql, $F, $L, false);
} // END - if
} elseif ((constant('_TABLE_TYPE') == "InnoDB") && (ereg("FULLTEXT", $sql))) {
//* DEBUG: */ DEBUG_LOG(__FUNCTION__, __LINE__, sprintf("Skipped FULLTEXT: sql=%s,file=%s,line=%s", $sql, $F, $L));
} elseif (!$noIndex) {
// And column name as well
- $columnName = str_replace("`", "", $tableArray[4]);
+ $columnName = str_replace("`", '', $tableArray[4]);
// Is this "UNIQUE" or so? FULLTEXT has been handled the elseif() block above
if (in_array(strtoupper($columnName), array("INDEX", "UNIQUE", "KEY", "FULLTEXT"))) {
$begin = 1; $columnName = ",";
while (strpos($columnName, ",") !== false) {
// Use last
- $columnName = str_replace("`", "", $tableArray[count($tableArray) - $begin]);
- //* DEBUG: */ print __LINE__.":".$columnName."----------------".$begin."<br />\n";
+ $columnName = str_replace("`", '', $tableArray[count($tableArray) - $begin]);
+ //* DEBUG: */ print __LINE__.':'.$columnName."----------------".$begin."<br />\n";
// Remove brackes
- $columnName = str_replace("(", "", str_replace(")", "", $columnName));
- //* DEBUG: */ print __LINE__.":".$columnName."----------------".$begin."<br />\n";
+ $columnName = str_replace("(", '', str_replace(")", '', $columnName));
+ //* DEBUG: */ print __LINE__.':'.$columnName."----------------".$begin."<br />\n";
// Continue
$begin++;
// Shall we run it?
if (!$skip) {
// Send it to the SQL_QUERY() function
- //* DEBUG: */ print __LINE__.":".$sql."<br />\n";
+ //* DEBUG: */ print __LINE__.':'.$sql."<br />\n";
$result = SQL_QUERY($sql, $F, $L, false);
} // END - if
} else {
// Other ALTER TABLE query
- //* DEBUG: */ print __LINE__.":".$sql."<br />\n";
+ //* DEBUG: */ print __LINE__.':'.$sql."<br />\n";
$result = SQL_QUERY($sql, $F, $L, false);
}