Escape LIKE

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@157 7c3ca157-0c34-0410-bff1-cbf682f78f5c

diff --git a/create.inc.php b/create.inc.php
index 31ddda7f04a9a2f2d0b9da68ec47baf3c5fd5d13..67d9f54f6f48e7fd801ff25269dec5c6c352fcb8 100644 (file)
--- a/create.inc.php
+++ b/create.inc.php
@@ -73,7 +73,7 @@ if ($_POST) {
                $row["fields"][$row["auto_increment"] - 1]["auto_increment"] = true;
        }
 } elseif (strlen($_GET["create"])) {
-       $result = $mysql->query("SHOW TABLE STATUS LIKE '" . $mysql->escape_string($_GET["create"]) . "'");
+       $result = table_status($_GET["create"]);
        $row = $result->fetch_assoc();
        $row["name"] = $_GET["create"];
        $row["fields"] = array_values(fields($_GET["create"]));

diff --git a/functions.inc.php b/functions.inc.php
index ed9e3b88f4dcbd4bcab4222a357946a81893844d..fb13011aaa5b421968e1d9836ad5126635555421 100644 (file)
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -40,6 +40,11 @@ function get_vals($query) {
        return $return;
 }
 
+function table_status($table) {
+       global $mysql;
+       return $mysql->query("SHOW TABLE STATUS LIKE '" . $mysql->escape_string(addcslashes($table, "%_")) . "'");
+}
+
 function fields($table) {
        global $mysql;
        $return = array();

diff --git a/table.inc.php b/table.inc.php
index ba1164677edaeb0645ee7d22d968a30ce2c4be8f..253802608375ce26b8b70fd90632cc8019c6fbc6 100644 (file)
--- a/table.inc.php
+++ b/table.inc.php
@@ -51,7 +51,7 @@ if (!$result) {
 }
 
 if ($mysql->server_info >= 5) {
-       $result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string($_GET["table"]) . "'");
+       $result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string(addcslashes($_GET["table"], "%_")) . "'");
        if ($result->num_rows) {
                echo "<h3>" . lang('Triggers') . "</h3>\n";
                echo "<table border='0' cellspacing='0' cellpadding='2'>\n";