Menu
▾
▴
[Tikiwiki-cvs] tiki/lib/wiki-plugins wikiplugin_sql.php,1.8.2.2,1.8.2.3
|
From: <sy...@us...> - 2005-05-25 11:33:33
|
Update of /cvsroot/tikiwiki/tiki/lib/wiki-plugins In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv14867/lib/wiki-plugins Modified Files: Tag: BRANCH-1-9 wikiplugin_sql.php Log Message: backport form old head the possibility to add params ex: {SQL(db=>local, 0=>, 1=>5)} SELECT * from users_users WHERE login=? or userId=?{SQL} Index: wikiplugin_sql.php =================================================================== RCS file: /cvsroot/tikiwiki/tiki/lib/wiki-plugins/wikiplugin_sql.php,v retrieving revision 1.8.2.2 retrieving revision 1.8.2.3 diff -u -d -r1.8.2.2 -r1.8.2.3 --- wikiplugin_sql.php 3 Jan 2005 19:28:28 -0000 1.8.2.2 +++ wikiplugin_sql.php 25 May 2005 11:33:18 -0000 1.8.2.3 @@ -16,15 +16,34 @@ global $$perm_name; if ($$perm_name != 'y') { - return (''); + return (tra('You do not have permission to use this feature')); } + $bindvars = array(); + if ($nb = preg_match_all("/\?/", $data, $out)) { + foreach($params as $key => $value) { + if (ereg("^[0-9]*$", $key)) { + if (strpos($value, "$") === 0) { + $value = substr($value, 1); + global $$value; + $bindvars[$key] = $$value; + } + else { + $bindvars[$key] = $value; + } + } + } + if (count($bindvars) != $nb) { + return tra('Missing db param'); + } + } + $ret = ''; $sql_oke = true; $dbmsg = ''; if ($db == 'local') { - $result = $tikilib->query($data,array()); + $result = $tikilib->query($data,$bindvars); } else { $dsnsqlplugin = $tikilib->get_dsn_by_name($db); @@ -51,7 +70,7 @@ $dbmsg = "<div>$dberror</div>"; $sql_oke = false; } else { - $result=$dbsqlplugin->Execute($data); + $result=$dbsqlplugin->Execute($data, $bindvars); if (!$result) { $dberror = $dbsqlplugin->ErrorMsg(); $dbmsg = "<div>$dberror</div>"; |