iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

erweitert 

git-svn-id: svn://svn.cccv.de/engel-system@128 29ba0400-6e00-0410-a75a-ca02368028f8
This commit is contained in:
cookie 2006-04-19 21:02:00 +00:00
parent e26c8ad1ac
commit f7b658be9b
1 changed files with 22 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
www-ssl/inc/funktion_db.php
View File

@ -32,9 +32,9 @@ if( !function_exists("db_query"))
function db_query( $SQL, $comment) function db_query( $SQL, $comment)
{ {
global $con, $Page; global $con, $Page;
$Diff = "";
//commed anlyse udn daten sicherung //commed anlyse udn daten sicherung
$Diff = "";
if( strpos( "#$SQL", "UPDATE") > 0) if( strpos( "#$SQL", "UPDATE") > 0)
{ {
//Tabellen name ermitteln //Tabellen name ermitteln
@ -48,24 +48,24 @@ if( !function_exists("db_query"))
//WHERE ermitteln //WHERE ermitteln
$Where_Start = strpos( $SQL, "WHERE"); $Where_Start = strpos( $SQL, "WHERE");
$Where = substr( $SQL, $Where_Start); $Where = substr( $SQL, $Where_Start);
// sicherheitsprüfung !!!!
if( $Where_Start == 0) $Where = ";"; if( $Where_Start == 0) $Where = ";";
//Daten auslesen if( strlen( $Where) < 2)
{
$Diff = "can't show, too mutch data (no filter was set)";
$querry_erg = mysql_query($SQL, $con);
}
else
{
$Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where"); $Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where");
//execute command //execute command
$querry_erg = mysql_query($SQL, $con); $querry_erg = mysql_query($SQL, $con);
//Daten auslesen
$Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where"); $Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where");
} }
}
elseif( strpos( "#$SQL", "DELETE") > 0) elseif( strpos( "#$SQL", "DELETE") > 0)
{ {
$TableWhere = substr( $SQL, 6); $TableWhere = substr( $SQL, 6);
//Daten auslesen
$Diff .= Ausgabe_Daten( "SELECT * $TableWhere"); $Diff .= Ausgabe_Daten( "SELECT * $TableWhere");
//execute command //execute command
@ -73,7 +73,8 @@ if( !function_exists("db_query"))
} }
elseif( strpos( "#$SQL", "INSERT") > 0) elseif( strpos( "#$SQL", "INSERT") > 0)
{ {
echo "##### LOG: INSERT #####"; //execute command
$querry_erg = mysql_query($SQL, $con);
} }
else else
{ {
@ -81,16 +82,14 @@ if( !function_exists("db_query"))
$querry_erg = mysql_query($SQL, $con); $querry_erg = mysql_query($SQL, $con);
} }
//abschneiden wenn zu lang $SQLCommand = "SQL:<br>". htmlentities( $SQL, ENT_QUOTES);
if( strlen( $Where) < 2) $Diff = "can't show, too mutch data (no filter was set)"; if( strlen($Diff) > 0)
// if( strlen( $Diff) > 5120) $Diff = "too mutch (len ". strlen( $Diff). "bytes)"; $SQLCommand .= "<br><br>Diff:<br>$Diff";
$SQLCommand = "SQL:<br>". htmlentities( $SQL, ENT_QUOTES). "<br><br>Diff:<br>$Diff";
$Commend = htmlentities( ($Page["Name"]. ": ". $comment), ENT_QUOTES); $Commend = htmlentities( ($Page["Name"]. ": ". $comment), ENT_QUOTES);
//LOG commands in DB //LOG commands in DB
$SQL_SEC = "INSERT INTO `ChangeLog` ( `UID` , `SQLCommad` , `Commend` ) ". $SQL_SEC = "INSERT INTO `ChangeLog` ( `UID` , `SQLCommad` , `Commend` ) ".
" VALUES ( ". " VALUES ( '". $_SESSION['UID']. "', ".
"'". $_SESSION['UID']. "', ".
"'". mysql_escape_string( $SQLCommand). "', ". "'". mysql_escape_string( $SQLCommand). "', ".
"'". mysql_escape_string( $Commend). "' );"; "'". mysql_escape_string( $Commend). "' );";
$erg = mysql_query($SQL_SEC, $con); $erg = mysql_query($SQL_SEC, $con);