Better query parsing

author jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>

Tue, 15 Apr 2008 15:42:21 +0000 (15:42 +0000)

committer jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>

Tue, 15 Apr 2008 15:42:21 +0000 (15:42 +0000)
author jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Tue, 15 Apr 2008 15:42:21 +0000 (15:42 +0000)
committer jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Tue, 15 Apr 2008 15:42:21 +0000 (15:42 +0000)
diff --git a/sql.inc.php b/sql.inc.php

index 3ccc316f08f0ccf29594d8ef4dfa63d19d4114dd..182fdb54bffdd2d8e193ac73a07168bb55a159fe 100644 (file)
--- a/sql.inc.php
+++ b/sql.inc.php
@@ -13,9 +13,9 @@ if (!$error && $_POST && is_string($query = (isset($_POST["query"]) ? $_POST["qu
                 if (!$offset && preg_match('~^\\s*DELIMITER\\s+(.+)~i', $query, $match)) {
                         $delimiter = preg_quote($match[1], '~');
                         $query = substr($query, strlen($match[0]));
-               } elseif (preg_match("~$delimiter|['`\"]|/\\*|-- |\$~", $query, $match, PREG_OFFSET_CAPTURE, $offset)) {
+               } elseif (preg_match("~$delimiter|['`\"]|/\\*|-- |#|\$~", $query, $match, PREG_OFFSET_CAPTURE, $offset)) {
                         if ($match[0][0] && $match[0][0] != $delimiter) {
-                               $pattern = ($match[0][0] == "-- " ? '~.*~' : ($match[0][0] == "/*" ? '~.*\\*/~sU' : '~\\G([^\\\\' . $match[0][0] . ']+|\\\\.)*(' . $match[0][0] . '|$)~s'));
+                               $pattern = ($match[0][0] == "-- " || $match[0][0] == "#" ? '~.*~' : ($match[0][0] == "/*" ? '~.*\\*/~sU' : '~\\G([^\\\\' . $match[0][0] . ']+|\\\\.)*(' . $match[0][0] . '|$)~s'));
                                 preg_match($pattern, $query, $match, PREG_OFFSET_CAPTURE, $match[0][1] + 1);
                                 $offset = $match[0][1] + strlen($match[0][0]);
                         } else {
@@ -30,7 +30,7 @@ if (!$error && $_POST && is_string($query = (isset($_POST["query"]) ? $_POST["qu
                                                 if (is_object($result)) {
                                                         select($result);
                                                 } else {
-                                                       if (preg_match("~^\\s*(CREATE|DROP)(\\s+|/\\*.*\\*/|-- [^\n]*\n)+DATABASE\\b~sU", $query)) {
+                                                       if (preg_match("~^\\s*(CREATE|DROP)(\\s+|/\\*.*\\*/|(#|-- )[^\n]*\n)+DATABASE\\b~isU", $query)) {
                                                                 unset($_SESSION["databases"][$_GET["server"]]);
                                                         }
                                                         echo "<p class='message'>" . lang('Query executed OK, %d row(s) affected.', $mysql->affected_rows) . "</p>\n";
author	jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
	Tue, 15 Apr 2008 15:42:21 +0000 (15:42 +0000)
committer	jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
	Tue, 15 Apr 2008 15:42:21 +0000 (15:42 +0000)