protect view name with backquotes
[phpmyadmin/dkf.git] / pmd_display_field.php
blob28e2000c52c0b301ccc7f0a6b266fea312989856
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * @author Ivan A Kirillov (Ivan.A.Kirillov@gmail.com)
5 * @version $Id$
6 * @package phpMyAdmin-Designer
7 */
9 /**
12 include_once 'pmd_common.php';
13 require_once './libraries/relation.lib.php';
16 $table = $T;
17 $display_field = $F;
19 if ($cfgRelation['displaywork']) {
21 $disp = PMA_getDisplayField($db, $table);
22 if ($disp) {
23 if ($display_field != $disp) {
24 $upd_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
25 . ' SET display_field = \'' . PMA_sqlAddslashes($display_field) . '\''
26 . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
27 . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
28 } else {
29 $upd_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
30 . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
31 . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
33 } elseif ($display_field != '') {
34 $upd_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
35 . '(db_name, table_name, display_field) '
36 . ' VALUES('
37 . '\'' . PMA_sqlAddslashes($db) . '\','
38 . '\'' . PMA_sqlAddslashes($table) . '\','
39 . '\'' . PMA_sqlAddslashes($display_field) . '\')';
42 if (isset($upd_query)) {
43 $upd_rs = PMA_query_as_cu($upd_query);
45 } // end if
47 header("Content-Type: text/xml; charset=utf-8");
48 header("Cache-Control: no-cache");
49 die("<root act='save_pos' return='strModifications'></root>");