diff --git a/www-ssl/inc/funktion_db.php b/www-ssl/inc/funktion_db.php
index 0c54c2d3..6533c215 100644
--- a/www-ssl/inc/funktion_db.php
+++ b/www-ssl/inc/funktion_db.php
@@ -32,9 +32,9 @@ if( !function_exists("db_query"))
function db_query( $SQL, $comment)
{
global $con, $Page;
+ $Diff = "";
//commed anlyse udn daten sicherung
- $Diff = "";
if( strpos( "#$SQL", "UPDATE") > 0)
{
//Tabellen name ermitteln
@@ -48,24 +48,24 @@ if( !function_exists("db_query"))
//WHERE ermitteln
$Where_Start = strpos( $SQL, "WHERE");
$Where = substr( $SQL, $Where_Start);
-
- // sicherheitsprüfung !!!!
if( $Where_Start == 0) $Where = ";";
-
- //Daten auslesen
- $Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where");
-
- //execute command
- $querry_erg = mysql_query($SQL, $con);
-
- //Daten auslesen
- $Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where");
+
+ if( strlen( $Where) < 2)
+ {
+ $Diff = "can't show, too mutch data (no filter was set)";
+ $querry_erg = mysql_query($SQL, $con);
+ }
+ else
+ {
+ $Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where");
+ //execute command
+ $querry_erg = mysql_query($SQL, $con);
+ $Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where");
+ }
}
elseif( strpos( "#$SQL", "DELETE") > 0)
{
$TableWhere = substr( $SQL, 6);
-
- //Daten auslesen
$Diff .= Ausgabe_Daten( "SELECT * $TableWhere");
//execute command
@@ -73,7 +73,8 @@ if( !function_exists("db_query"))
}
elseif( strpos( "#$SQL", "INSERT") > 0)
{
- echo "##### LOG: INSERT #####";
+ //execute command
+ $querry_erg = mysql_query($SQL, $con);
}
else
{
@@ -81,18 +82,16 @@ if( !function_exists("db_query"))
$querry_erg = mysql_query($SQL, $con);
}
- //abschneiden wenn zu lang
- if( strlen( $Where) < 2) $Diff = "can't show, too mutch data (no filter was set)";
-// if( strlen( $Diff) > 5120) $Diff = "too mutch (len ". strlen( $Diff). "bytes)";
+ $SQLCommand = "SQL:
". htmlentities( $SQL, ENT_QUOTES);
+ if( strlen($Diff) > 0)
+ $SQLCommand .= "
Diff:
$Diff";
- $SQLCommand = "SQL:
". htmlentities( $SQL, ENT_QUOTES). "
Diff:
$Diff";
$Commend = htmlentities( ($Page["Name"]. ": ". $comment), ENT_QUOTES);
//LOG commands in DB
$SQL_SEC = "INSERT INTO `ChangeLog` ( `UID` , `SQLCommad` , `Commend` ) ".
- " VALUES ( ".
- "'". $_SESSION['UID']. "', ".
- "'". mysql_escape_string( $SQLCommand). "', ".
- "'". mysql_escape_string( $Commend). "' );";
+ " VALUES ( '". $_SESSION['UID']. "', ".
+ "'". mysql_escape_string( $SQLCommand). "', ".
+ "'". mysql_escape_string( $Commend). "' );";
$erg = mysql_query($SQL_SEC, $con);
echo mysql_error($con);
return $querry_erg;