Print SQL query by error

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@479 7c3ca157-0c34-0410-bff1-cbf682f78f5c

diff --git a/createv.inc.php b/createv.inc.php
index 2f284a23936472efc4ff7a39957665653c2c9fbb..43fe31bb24b67d0fee66008b5e80bb34b0f54479 100644 (file)
--- a/createv.inc.php
+++ b/createv.inc.php
@@ -1,13 +1,9 @@
 <?php
 $dropped = false;
 if ($_POST && !$error) {
-       if (strlen($_GET["createv"]) && ($_POST["dropped"] || $mysql->query("DROP VIEW " . idf_escape($_GET["createv"])))) {
-               if ($_POST["drop"]) {
-                       redirect(substr($SELF, 0, -1), lang('View has been dropped.'));
-               }
-               $dropped = true;
+       if (strlen($_GET["createv"])) {
+               $dropped = query_redirect("DROP VIEW " . idf_escape($_GET["createv"]), substr($SELF, 0, -1), lang('View has been dropped.'), $_POST["drop"], !$_POST["dropped"]);
        }
-       $error = $mysql->error;
        if (!$_POST["drop"]) {
                query_redirect("CREATE VIEW " . idf_escape($_POST["name"]) . " AS " . $_POST["select"], $SELF . "view=" . urlencode($_POST["name"]), (strlen($_GET["createv"]) ? lang('View has been altered.') : lang('View has been created.')));
        }

diff --git a/database.inc.php b/database.inc.php
index e1519f31c6ad4f214e7cfeb1537a16c79de72cb9..776960b0a8690f0e314245dadffcdcd31e71315f 100644 (file)
--- a/database.inc.php
+++ b/database.inc.php
@@ -4,11 +4,8 @@ if ($_POST && !$error) {
                unset($_SESSION["databases"][$_GET["server"]]);
                query_redirect("DROP DATABASE " . idf_escape($_GET["db"]), substr(preg_replace('~db=[^&]*&~', '', $SELF), 0, -1), lang('Database has been dropped.'));
        } elseif ($_GET["db"] !== $_POST["name"]) {
-               if ($mysql->query("CREATE DATABASE " . idf_escape($_POST["name"]) . ($_POST["collation"] ? " COLLATE '" . $mysql->escape_string($_POST["collation"]) . "'" : ""))) {
-                       unset($_SESSION["databases"][$_GET["server"]]);
-                       if (!strlen($_GET["db"])) {
-                               redirect($SELF . "db=" . urlencode($_POST["name"]), lang('Database has been created.'));
-                       }
+               unset($_SESSION["databases"][$_GET["server"]]);
+               if (query_redirect("CREATE DATABASE " . idf_escape($_POST["name"]) . ($_POST["collation"] ? " COLLATE '" . $mysql->escape_string($_POST["collation"]) . "'" : ""), $SELF . "db=" . urlencode($_POST["name"]), lang('Database has been created.'), !strlen($_GET["db"]))) {
                        $result = $mysql->query("SHOW TABLES");
                        while ($row = $result->fetch_row()) {
                                if (!$mysql->query("RENAME TABLE " . idf_escape($row[0]) . " TO " . idf_escape($_POST["name"]) . "." . idf_escape($row[0]))) {
@@ -20,8 +17,8 @@ if ($_POST && !$error) {
                                $mysql->query("DROP DATABASE " . idf_escape($_GET["db"]));
                                redirect(preg_replace('~db=[^&]*&~', '', $SELF) . "db=" . urlencode($_POST["name"]), lang('Database has been renamed.'));
                        }
+                       $error = htmlspecialchars($mysql->error);
                }
-               $error = $mysql->error;
        } else {
                if (!$_POST["collation"]) {
                        redirect(substr($SELF, 0, -1));

diff --git a/design.inc.php b/design.inc.php
index a87f49f62d5852b1dd76d096108b15ead6e679a4..a0705412374a6f3c5256671ba647d72e4028d869 100644 (file)
--- a/design.inc.php
+++ b/design.inc.php
@@ -35,7 +35,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
        }
        echo "<h2>$title" . (strlen($title2) ? ": " . htmlspecialchars($title2) : "") . "</h2>\n";
        if ($_SESSION["messages"]) {
-               echo "<p class='message'>" . implode("<br />", $_SESSION["messages"]) . "</p>\n";
+               echo "<p class='message'>" . implode("</p>\n<p class='message'>", $_SESSION["messages"]) . "</p>\n";
                $_SESSION["messages"] = array();
        }
        if (!$_SESSION["tokens"][$_GET["server"]]["?logout"]) {
@@ -45,7 +45,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
                session_write_close();
        }
        if ($error) {
-               echo "<p class='error'>" . htmlspecialchars($error) . "</p>\n";
+               echo "<p class='error'>$error</p>\n";
        }
 }
 

diff --git a/functions.inc.php b/functions.inc.php
index 76ea8eee6b7ea11e2919ea9dc23960c5564a5f33..2a24d66f5d0646be8a4ebbf84c1a73178f846dbf 100644 (file)
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -195,12 +195,17 @@ function redirect($location, $message = null) {
        exit;
 }
 
-function query_redirect($query, $location, $message) {
+function query_redirect($query, $location, $message, $redirect = true, $execute = true) {
        global $mysql, $error, $SELF;
-       if ($mysql->query($query)) {
-               redirect($location, $message . "<br /><code class='jush-sql'>" . htmlspecialchars($query) . '</code> - <a href="' . htmlspecialchars($SELF) . 'sql=' . urlencode($query) . '">' . lang('edit') . '</a>');
+       $sql = ' <a href="' . htmlspecialchars($SELF) . 'sql=' . urlencode($query) . '">' . lang('SQL command') . "</a>";
+       if ($execute && !$mysql->query($query)) {
+               $error = htmlspecialchars($mysql->error) . $sql;
+               return false;
        }
-       $error = $mysql->error;
+       if ($redirect) {
+               redirect($location, $message . $sql);
+       }
+       return true;
 }
 
 function remove_from_uri($param = "") {

diff --git a/procedure.inc.php b/procedure.inc.php
index 25724be4e70d9fea20c8d834a81ecbf2984f204e..26d5e11447354d395047ffafed81ce7475b710fe 100644 (file)
--- a/procedure.inc.php
+++ b/procedure.inc.php
@@ -3,13 +3,9 @@ $routine = (isset($_GET["function"]) ? "FUNCTION" : "PROCEDURE");
 
 $dropped = false;
 if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"] && !$_POST["down"]) {
-       if (strlen($_GET["procedure"]) && ($_POST["dropped"] || $mysql->query("DROP $routine " . idf_escape($_GET["procedure"])))) {
-               if ($_POST["drop"]) {
-                       redirect(substr($SELF, 0, -1), lang('Routine has been dropped.'));
-               }
-               $dropped = true;
+       if (strlen($_GET["procedure"])) {
+               $dropped = query_redirect("DROP $routine " . idf_escape($_GET["procedure"]), substr($SELF, 0, -1), lang('Routine has been dropped.'), $_POST["drop"], !$_POST["dropped"]);
        }
-       $error = $mysql->error;
        if (!$_POST["drop"]) {
                $set = array();
                $fields = array_filter((array) $_POST["fields"], 'strlen');

diff --git a/processlist.inc.php b/processlist.inc.php
index 913e773e2927b8d05562894001e3d7dcdc2f12eb..4175f151a74f39476f6b2a32cc2a4b48612e16be 100644 (file)
--- a/processlist.inc.php
+++ b/processlist.inc.php
@@ -9,7 +9,7 @@ if ($_POST && !$error) {
        if ($killed || !$_POST["kill"]) {
                redirect($SELF . "processlist=", lang('%d process(es) has been killed.', $killed));
        }
-       $error = $mysql->error;
+       $error = htmlspecialchars($mysql->error);
 }
 page_header(lang('Process list'), $error);
 ?>

diff --git a/select.inc.php b/select.inc.php
index ad6d738e308b2884111b4543ed44ac249749ade4..cc353d6b7a983fcbaf7ddd78e1846fb2a38cc0a3 100644 (file)
--- a/select.inc.php
+++ b/select.inc.php
@@ -105,7 +105,7 @@ if ($_POST && !$error) {
        if ($result) {
                redirect(remove_from_uri("page"), lang('%d item(s) have been deleted.', $deleted));
        }
-       $error = $mysql->error;
+       $error = htmlspecialchars($mysql->error);
 }
 page_header(lang('Select') . ": " . htmlspecialchars($_GET["select"]), ($error ? lang('Error during deleting') . ": $error" : ""));
 

diff --git a/table.inc.php b/table.inc.php
index be90bba52c04d3a7099568e9ac40b99fa02bd7fe..caaba99c9bf7cca54f429ac059f282adf7d2e000 100644 (file)
--- a/table.inc.php
+++ b/table.inc.php
@@ -1,7 +1,7 @@
 <?php
 $result = $mysql->query("SHOW COLUMNS FROM " . idf_escape($_GET["table"]));
 if (!$result) {
-       $error = $mysql->error;
+       $error = htmlspecialchars($mysql->error);
 }
 page_header(lang('Table') . ": " . htmlspecialchars($_GET["table"]), $error);
 

diff --git a/todo.txt b/todo.txt
index 673666837a5b9eceb8bea07d70d71f491cb2e43b..7b31013e8f04ca683bb0cc981ed17b7d9072f454 100644 (file)
--- a/todo.txt
+++ b/todo.txt
@@ -11,6 +11,6 @@ Transactions in export
 Compress export and import
 Partitioning (MySQL 5.1)
 Create view options
-Utilize query_redirect - createv, database, procedure, trigger, select
+Utilize query_redirect - select
 ? Execution time in sql.inc.php
 ? Save token also to cookie - for session expiration and login in other window

diff --git a/trigger.inc.php b/trigger.inc.php
index 7b742303d067dfb055ca798b8ca90a627c11d333..425ecffa4ef962588225105a28ccc2a152de68c3 100644 (file)
--- a/trigger.inc.php
+++ b/trigger.inc.php
@@ -4,13 +4,9 @@ $trigger_event = array("INSERT", "UPDATE", "DELETE");
 
 $dropped = false;
 if ($_POST && !$error) {
-       if (strlen($_GET["name"]) && ($_POST["dropped"] || $mysql->query("DROP TRIGGER " . idf_escape($_GET["name"])))) {
-               if ($_POST["drop"]) {
-                       redirect($SELF . "table=" . urlencode($_GET["trigger"]), lang('Trigger has been dropped.'));
-               }
-               $dropped = true;
+       if (strlen($_GET["name"])) {
+               $dropped = query_redirect("DROP TRIGGER " . idf_escape($_GET["name"]), $SELF . "table=" . urlencode($_GET["trigger"]), lang('Trigger has been dropped.'), $_POST["drop"], !$_POST["dropped"]);
        }
-       $error = $mysql->error;
        if (!$_POST["drop"]) {
                if (in_array($_POST["Timing"], $trigger_time) && in_array($_POST["Event"], $trigger_event)) {
                        query_redirect("CREATE TRIGGER " . idf_escape($_POST["Trigger"]) . " $_POST[Timing] $_POST[Event] ON " . idf_escape($_GET["trigger"]) . " FOR EACH ROW $_POST[Statement]", $SELF . "table=" . urlencode($_GET["trigger"]), (strlen($_GET["name"]) ? lang('Trigger has been altered.') : lang('Trigger has been created.')));

diff --git a/user.inc.php b/user.inc.php
index 10f56a5047ee8f96177eb6eb81234ce2bc94c059..ca54b0fa787905e562df5c7e17363a4bb12033fb 100644 (file)
--- a/user.inc.php
+++ b/user.inc.php
@@ -91,7 +91,7 @@ if ($_POST && !$error) {
                        ($grant && !$mysql->query("GRANT " . implode("$match[2], ", $grant) . "$match[2] ON $match[1] TO '$new_user'")) //! SQL injection
                        || ($revoke && !$mysql->query("REVOKE " . implode("$match[2], ", $revoke) . "$match[2] ON $match[1] FROM '$new_user'"))
                        )) {
-                               $error = $mysql->error;
+                               $error = htmlspecialchars($mysql->error);
                                if ($old_user != $new_user) {
                                        $mysql->query("DROP USER '$new_user'");
                                }
@@ -112,7 +112,7 @@ if ($_POST && !$error) {
                }
        }
        if (!$error) {
-               $error = $mysql->error;
+               $error = htmlspecialchars($mysql->error);
        }
 }
 page_header((isset($_GET["host"]) ? lang('Username') . ": " . htmlspecialchars("$_GET[user]@$_GET[host]") : lang('Create user')), $error, array("privileges" => lang('Privileges')));