diff --git a/www-ssl/inc/funktion_db.php b/www-ssl/inc/funktion_db.php index 0c54c2d3..6533c215 100644 --- a/www-ssl/inc/funktion_db.php +++ b/www-ssl/inc/funktion_db.php @@ -32,9 +32,9 @@ if( !function_exists("db_query")) function db_query( $SQL, $comment) { global $con, $Page; + $Diff = ""; //commed anlyse udn daten sicherung - $Diff = ""; if( strpos( "#$SQL", "UPDATE") > 0) { //Tabellen name ermitteln @@ -48,24 +48,24 @@ if( !function_exists("db_query")) //WHERE ermitteln $Where_Start = strpos( $SQL, "WHERE"); $Where = substr( $SQL, $Where_Start); - - // sicherheitsprüfung !!!! if( $Where_Start == 0) $Where = ";"; - - //Daten auslesen - $Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where"); - - //execute command - $querry_erg = mysql_query($SQL, $con); - - //Daten auslesen - $Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where"); + + if( strlen( $Where) < 2) + { + $Diff = "can't show, too mutch data (no filter was set)"; + $querry_erg = mysql_query($SQL, $con); + } + else + { + $Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where"); + //execute command + $querry_erg = mysql_query($SQL, $con); + $Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where"); + } } elseif( strpos( "#$SQL", "DELETE") > 0) { $TableWhere = substr( $SQL, 6); - - //Daten auslesen $Diff .= Ausgabe_Daten( "SELECT * $TableWhere"); //execute command @@ -73,7 +73,8 @@ if( !function_exists("db_query")) } elseif( strpos( "#$SQL", "INSERT") > 0) { - echo "##### LOG: INSERT #####"; + //execute command + $querry_erg = mysql_query($SQL, $con); } else { @@ -81,18 +82,16 @@ if( !function_exists("db_query")) $querry_erg = mysql_query($SQL, $con); } - //abschneiden wenn zu lang - if( strlen( $Where) < 2) $Diff = "can't show, too mutch data (no filter was set)"; -// if( strlen( $Diff) > 5120) $Diff = "too mutch (len ". strlen( $Diff). "bytes)"; + $SQLCommand = "SQL:
". htmlentities( $SQL, ENT_QUOTES); + if( strlen($Diff) > 0) + $SQLCommand .= "

Diff:
$Diff"; - $SQLCommand = "SQL:
". htmlentities( $SQL, ENT_QUOTES). "

Diff:
$Diff"; $Commend = htmlentities( ($Page["Name"]. ": ". $comment), ENT_QUOTES); //LOG commands in DB $SQL_SEC = "INSERT INTO `ChangeLog` ( `UID` , `SQLCommad` , `Commend` ) ". - " VALUES ( ". - "'". $_SESSION['UID']. "', ". - "'". mysql_escape_string( $SQLCommand). "', ". - "'". mysql_escape_string( $Commend). "' );"; + " VALUES ( '". $_SESSION['UID']. "', ". + "'". mysql_escape_string( $SQLCommand). "', ". + "'". mysql_escape_string( $Commend). "' );"; $erg = mysql_query($SQL_SEC, $con); echo mysql_error($con); return $querry_erg;