diff options
author | Marc Delisle <marc@infomarc.info> | 2004-09-04 00:16:03 +0400 |
---|---|---|
committer | Marc Delisle <marc@infomarc.info> | 2004-09-04 00:16:03 +0400 |
commit | 2814c4ce81b07924d112ef86df44cf6773dbbe66 (patch) | |
tree | 03879697194dd3cfe8ea2370407ba051bc9ef549 /server_privileges.php | |
parent | 6111ce7d4500e0610256e8fe1caf87daa61e4b14 (diff) |
remove remaining charset introducers
Diffstat (limited to 'server_privileges.php')
-rw-r--r-- | server_privileges.php | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/server_privileges.php b/server_privileges.php index a5dec0f2db..a8a2094bd4 100644 --- a/server_privileges.php +++ b/server_privileges.php @@ -152,11 +152,11 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent = $username = $GLOBALS['username']; $hostname = $GLOBALS['hostname']; if ($db == '*') { - $sql_query = 'SELECT * FROM `user` WHERE `User` = ' . PMA_charsetIntroducerCollate(PMA_sqlAddslashes($username)) . ' AND `Host` = ' . PMA_charsetIntroducerCollate($hostname) . ';'; + $sql_query = 'SELECT * FROM `user` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ';'; } else if ($table == '*') { - $sql_query = 'SELECT * FROM `db` WHERE `User` = ' . PMA_charsetIntroducerCollate(PMA_sqlAddslashes($username)) . ' AND `Host` = ' . PMA_charsetIntroducerCollate($hostname) . ' AND `Db` =' . PMA_charsetIntroducerCollate($db) . ';'; + $sql_query = 'SELECT * FROM `db` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('Db') . ' = ' . PMA_convert_using($db, 'quoted') . ';'; } else { - $sql_query = 'SELECT `Table_priv` FROM `tables_priv` WHERE `User` = ' . PMA_charsetIntroducerCollate(PMA_sqlAddslashes($username)) . ' AND `Host` = ' . PMA_charsetIntroducerCollate($hostname) . ' AND `Db` =' . PMA_charsetIntroducerCollate($db) . ' AND `Table_name` = ' . PMA_charsetIntroducerCollate($table) . ';'; + $sql_query = 'SELECT `Table_priv` FROM `tables_priv` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' .PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('Db') . ' = ' . PMA_convert_using($db, 'quoted') . ' AND ' . PMA_convert_using('Table_name') . ' = ' . PMA_convert_using($table, 'quoted') . ';'; } $res = PMA_DBI_query($sql_query); $row = PMA_DBI_fetch_assoc($res); @@ -209,7 +209,8 @@ function PMA_displayPrivTable($db = '*', $table = '*', $submit = TRUE, $indent = unset($res, $row1); } if (!empty($columns)) { - $res = PMA_DBI_QUERY('SELECT `Column_name`, `Column_priv` FROM `columns_priv` WHERE `User` = ' . PMA_charsetIntroducerCollate(PMA_sqlAddslashes($username)) . ' AND `Host` = ' . PMA_charsetIntroducerCollate($hostname) . ' AND `Db` =' . PMA_charsetIntroducerCollate($db) . ' AND `Table_name` = ' . PMA_charsetIntroducerCollate($table) . ';'); + $res = PMA_DBI_QUERY('SELECT `Column_name`, `Column_priv` FROM `columns_priv` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ' AND ' . PMA_convert_using('Db') . ' = ' . PMA_convert_using($db, 'quoted') . ' AND ' . PMA_convert_using('Table_name') . ' = ' . PMA_convert_using($table, 'quoted') . ';'); + while ($row1 = PMA_DBI_fetch_row($res)) { $row1[1] = explode(',', $row1[1]); foreach ($row1[1] as $current) { @@ -543,7 +544,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0) * Changes / copies a user, part I */ if (!empty($change_copy)) { - $user_host_condition = ' WHERE `User` = ' . PMA_charsetIntroducerCollate(PMA_sqlAddslashes($old_username)) . ' AND `Host` = ' . PMA_charsetIntroducerCollate($old_hostname) . ';'; + $user_host_condition = ' WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($old_username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($old_hostname, 'quoted') . ';'; $res = PMA_DBI_query('SELECT * FROM `mysql`.`user` ' . $user_host_condition); if (!$res) { $message = $strNoUsersFound; @@ -591,7 +592,7 @@ if (!empty($adduser_submit) || !empty($change_copy)) { unset($row); break; } - $res = PMA_DBI_query('SELECT "foo" FROM `user` WHERE `User` = ' . PMA_charsetIntroducerCollate(PMA_sqlAddslashes($username)) . ' AND `Host` = ' . PMA_charsetIntroducerCollate($hostname) . ';'); + $res = PMA_DBI_query('SELECT "foo" FROM `user` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ';'); if (PMA_DBI_affected_rows() == 1) { PMA_DBI_free_result($res); $message = sprintf($strUserAlreadyExists, '<i>\'' . $username . '\'@\'' . $hostname . '\'</i>'); @@ -656,16 +657,16 @@ if (!empty($adduser_submit) || !empty($change_copy)) { * Changes / copies a user, part III */ if (!empty($change_copy)) { - $user_host_condition = ' WHERE `User` = ' . PMA_charsetIntroducerCollate(PMA_sqlAddslashes($old_username)) . ' AND `Host` = ' . PMA_charsetIntroducerCollate($old_hostname) . ';'; + $user_host_condition = ' WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($old_username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($old_hostname, 'quoted') . ';'; $res = PMA_DBI_query('SELECT * FROM `mysql`.`db`' . $user_host_condition ); while ($row = PMA_DBI_fetch_assoc($res)) { $queries[] = 'GRANT ' . join(', ', PMA_extractPrivInfo($row)) . ' ON `' . $row['Db'] . '`.* TO "' . PMA_sqlAddslashes($username) . '"@"' . $hostname . '"' . ($row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION' : '') . ';'; } PMA_DBI_free_result($res); - $res = PMA_DBI_query('SELECT `Db`, `Table_name`, `Table_priv` FROM `mysql`.`tables_priv`' . $user_host_condition, $userlink); + $res = PMA_DBI_query('SELECT `Db`, `Table_name`, `Table_priv` FROM `mysql`.`tables_priv`' . $user_host_condition, $userlink, PMA_DBI_QUERY_STORE); while ($row = PMA_DBI_fetch_assoc($res)) { - $res2 = PMA_DBI_QUERY('SELECT `Column_name`, `Column_priv` FROM `mysql`.`columns_priv` WHERE `User` = ' . PMA_charsetIntroducerCollate(PMA_sqlAddslashes($old_username)) . ' AND `Host` = ' . PMA_charsetIntroducerCollate($old_hostname) . ' AND `Db` =' . PMA_charsetIntroducerCollate($row['Db']) . ' AND `Table_name` = ' . PMA_charsetIntroducerCollate($row['Table_name']) . ';'); + $res2 = PMA_DBI_QUERY('SELECT `Column_name`, `Column_priv` FROM `mysql`.`columns_priv` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($old_username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($old_hostname, 'quoted') . ' AND ' . PMA_convert_using('Db') . ' = ' . PMA_convert_using($row['Db'], 'quoted') . ' AND ' . PMA_convert_using('Table_name') . ' = ' . PMA_convert_using($row['Table_name'], 'quoted') . ';', NULL, PMA_DBI_QUERY_STORE); $tmp_privs1 = PMA_extractPrivInfo($row); $tmp_privs2 = array( @@ -831,11 +832,11 @@ if (!empty($delete) || (!empty($change_copy) && $mode < 4)) { } unset($res); } - $queries[] = 'DELETE FROM `user` WHERE `User` = ' . PMA_charsetIntroducerCollate(PMA_sqlAddslashes($this_user)) . ' AND `Host` = ' . PMA_charsetIntroducerCollate($this_host) . ';'; + $queries[] = 'DELETE FROM `user` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($this_user), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($this_host, 'quoted') . ';'; if ($mode != 2) { // If we REVOKE the table grants, we should not need to modify the // `db`, `tables_priv` and `columns_priv` tables manually... - $user_host_condition = ' WHERE `User` = ' . PMA_charsetIntroducerCollate(PMA_sqlAddslashes($this_user)) . ' AND `Host` = ' . PMA_charsetIntroducerCollate($this_host) . ';'; + $user_host_condition = ' WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($this_user), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($this_host, 'quoted') . ';'; $queries[] = 'DELETE FROM `db`' . $user_host_condition; $queries[] = 'DELETE FROM `tables_priv`' . $user_host_condition; $queries[] = 'DELETE FROM `columns_priv`' . $user_host_condition; @@ -1043,7 +1044,7 @@ if (empty($adduser) && empty($checkprivs)) { } } echo '</h2>' . "\n"; - $res = PMA_DBI_query('SELECT "foo" FROM `user` WHERE `User` = ' . PMA_charsetIntroducerCollate(PMA_sqlAddslashes($username)) . ' AND `Host` = ' . PMA_charsetIntroducerCollate($hostname) . ';'); + $res = PMA_DBI_query('SELECT "foo" FROM `user` WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted') . ';'); if (PMA_DBI_affected_rows($userlink) < 1) { echo $strUserNotFound; require_once('./footer.inc.php'); @@ -1077,11 +1078,11 @@ if (empty($adduser) && empty($checkprivs)) { . ' <th> ' . (empty($dbname) ? $strTblPrivileges : $strColumnPrivileges) . ' </th>' . "\n" . ' <th colspan="2"> ' . $strAction . ' </th>' . "\n" . ' </tr>' . "\n"; - $user_host_condition = ' WHERE `User` = ' . PMA_charsetIntroducerCollate(PMA_sqlAddslashes($username)) . ' AND `Host` = ' . PMA_charsetIntroducerCollate($hostname); + $user_host_condition = ' WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($username), 'quoted') . ' AND ' . PMA_convert_using('Host') . ' = ' . PMA_convert_using($hostname, 'quoted'); if (empty($dbname)) { $sql_query = 'SELECT * FROM `db`' . $user_host_condition . ' ORDER BY `Db` ASC;'; } else { - $sql_query = 'SELECT `Table_name`, `Table_priv`, IF(`Column_priv` = ' . (PMA_MYSQL_INT_VERSION >= 40100 ? '_latin1 ' : '') . ' "", 0, 1) AS "Column_priv" FROM `tables_priv`' . $user_host_condition . ' AND `Db` = ' . PMA_charsetIntroducerCollate($dbname) . ' ORDER BY `Table_name` ASC;'; + $sql_query = 'SELECT `Table_name`, `Table_priv`, IF(`Column_priv` = ' . (PMA_MYSQL_INT_VERSION >= 40100 ? '_latin1 ' : '') . ' "", 0, 1) AS "Column_priv" FROM `tables_priv`' . $user_host_condition . ' AND ' . PMA_convert_using('Db') . ' = ' . PMA_convert_using($dbname, 'quoted') . ' ORDER BY `Table_name` ASC;'; } $res = PMA_DBI_query($sql_query, NULL, PMA_DBI_QUERY_STORE); if (PMA_DBI_affected_rows() == 0) { |