version 1.99, 2003/12/11 12:27:42 |
version 1.100, 2003/12/15 14:33:04 |
|
|
* http://platon.sk/projects/phpMyEdit/ |
* http://platon.sk/projects/phpMyEdit/ |
*/ |
*/ |
|
|
/* $Platon: phpMyEdit/phpMyEdit.class.php,v 1.98 2003/12/10 21:16:16 nepto Exp $ */ |
/* $Platon: phpMyEdit/phpMyEdit.class.php,v 1.99 2003/12/11 12:27:42 nepto Exp $ */ |
|
|
/* This is a generic table editing program. The table and fields to be |
/* This is a generic table editing program. The table and fields to be |
edited are defined in the calling program. |
edited are defined in the calling program. |
Line 1134 function phpMyEdit_form_control(theForm) |
|
Line 1134 function phpMyEdit_form_control(theForm) |
|
} /* }}} */ |
} /* }}} */ |
|
|
/** |
/** |
|
* Substitutes variables in string |
|
* (this is very simple but secure eval() replacement) |
|
*/ |
|
function substituteVars($str, $subst_ar) /* {{{ */ |
|
{ |
|
$array = preg_split('/\\$(\w+)/', $str, -1, PREG_SPLIT_DELIM_CAPTURE); |
|
for ($i = 1; $i < count($array); $i += 2) { |
|
if (isset($subst_ar[$array[$i]])) |
|
$array[$i] = $subst_ar[$array[$i]]; |
|
} |
|
return join('', $array); |
|
} /* }}} */ |
|
|
|
/** |
* Print URL |
* Print URL |
*/ |
*/ |
function urlDisplay($k, $value, $css, $key) /* {{{ */ |
function urlDisplay($k, $value, $css, $key) /* {{{ */ |
Line 1144 function phpMyEdit_form_control(theForm) |
|
Line 1158 function phpMyEdit_form_control(theForm) |
|
$url = 'rec='.$key.'&fm='.$this->fm.'&fl='.$this->fl; |
$url = 'rec='.$key.'&fm='.$this->fm.'&fl='.$this->fl; |
$url .= '&qfn='.rawurlencode($this->qfn).$this->qfn; |
$url .= '&qfn='.rawurlencode($this->qfn).$this->qfn; |
$url .= '&'.$this->get_sfn_cgi_vars().$this->cgi['persist']; |
$url .= '&'.$this->get_sfn_cgi_vars().$this->cgi['persist']; |
|
$ar = array( |
|
'key' => $key, |
|
'name' => $name, |
|
'value' => $value, |
|
'css' => $css, |
|
'page' => $page, |
|
'url' => $url |
|
); |
$urllink = isset($this->fdd[$k]['URL']) |
$urllink = isset($this->fdd[$k]['URL']) |
? eval('return "'.$this->fdd[$k]['URL'].'";') |
? $this->substituteVars($this->fdd[$k]['URL'], $ar) |
: $value; |
: $value; |
$urldisp = isset($this->fdd[$k]['URLdisp']) |
$urldisp = isset($this->fdd[$k]['URLdisp']) |
? eval('return "'.$this->fdd[$k]['URLdisp'].'";') |
? $this->substituteVars($this->fdd[$k]['URLdisp'], $ar) |
: $value; |
: $value; |
$target = isset($this->fdd[$k]['URLtarget']) |
$target = isset($this->fdd[$k]['URLtarget']) |
? 'target="'.htmlspecialchars($this->fdd[$k]['URLtarget']).'" ' |
? 'target="'.htmlspecialchars($this->fdd[$k]['URLtarget']).'" ' |
Line 2206 function phpMyEdit_form_control(theForm) |
|
Line 2228 function phpMyEdit_form_control(theForm) |
|
$val = $newvals[$this->fds[$k]]; |
$val = $newvals[$this->fds[$k]]; |
$val_as = addslashes($val); |
$val_as = addslashes($val); |
$val_qas = '"'.addslashes($val).'"'; |
$val_qas = '"'.addslashes($val).'"'; |
$vals_quoted[$k] = stripslashes(eval('return "'.addslashes($this->fdd[$k]['sqlw']).'";')); |
$vals_quoted[$k] = $this->substituteVars( |
|
$this->fdd[$k]['sqlw'], array( |
|
'val_qas' => $val_qas, |
|
'val_as' => $val_as, |
|
'val' => $val |
|
)); |
} else { |
} else { |
$vals_quoted[$k] = addslashes($newvals[$this->fds[$k]]); |
$vals_quoted[$k] = addslashes($newvals[$this->fds[$k]]); |
$vals_quoted[$k] = "'".$vals_quoted[$k]."'"; |
$vals_quoted[$k] = "'".$vals_quoted[$k]."'"; |
Line 2270 function phpMyEdit_form_control(theForm) |
|
Line 2297 function phpMyEdit_form_control(theForm) |
|
$val = $newvals[$this->fds[$k]]; |
$val = $newvals[$this->fds[$k]]; |
$val_as = addslashes($val); |
$val_as = addslashes($val); |
$val_qas = '"'.addslashes($val).'"'; |
$val_qas = '"'.addslashes($val).'"'; |
$newValue = stripslashes(eval('return "'.addslashes($this->fdd[$k]['sqlw']).'";')); |
$newValue = $this->substituteVars( |
|
$this->fdd[$k]['sqlw'], array( |
|
'val_qas' => $val_qas, |
|
'val_as' => $val_as, |
|
'val' => $val |
|
)); |
} else { |
} else { |
$newValue = $newvals[$this->fds[$k]]; |
$newValue = $newvals[$this->fds[$k]]; |
$newValue = "'".addslashes($newValue)."'"; |
$newValue = "'".addslashes($newValue)."'"; |