";
$Diff .= "
";
for ($m = 0 ; $m < $Anzahl_Felder ; $m++)
$Diff .= "". mysql_field_name($Erg, $m). " | ";
$Diff .= "
";
for ($n = 0 ; $n < $Zeilen ; $n++)
{
$Diff .= "";
for ($m = 0 ; $m < $Anzahl_Felder ; $m++)
$Diff .= "".mysql_result($Erg, $n, $m). " | ";
$Diff .= "
";
}
$Diff .= "";
return $Diff;
}
function db_query( $SQL, $comment)
{
global $con;
//commed anlyse udn daten sicherung
$Diff = "";
if( strpos( "#$SQL", "UPDATE") > 0)
{
//Tabellen name ermitteln
$Table_Start = strpos( $SQL, "`");
$Table_End = strpos( $SQL, "`", $Table_Start+1);
$Table = substr( $SQL, $Table_Start, ($Table_End-$Table_Start+1));
//WHERE ermitteln
$Where_Start = strpos( $SQL, "WHERE");
$Where = substr( $SQL, $Where_Start);
// sicherheitsprüfung !!!!
if( $Where_Start == 0) die("DIE: kein WHERE im SQL ausdruck gefunden
");
//Daten auslesen
$Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where");
//execute command
$querry_erg = mysql_query($SQL, $con);
//Daten auslesen
$Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where");
}
elseif( strpos( "#$SQL", "DELETE") > 0)
{
$TableWhere = substr( $SQL, 6);
//Daten auslesen
$Diff .= Ausgabe_Daten( "SELECT * $TableWhere");
//execute command
$querry_erg = mysql_query($SQL, $con);
}
elseif( strpos( "#$SQL", "INSERT") > 0)
{
echo "##### LOG: INSERT #####";
}
else
{
//execute command
$querry_erg = mysql_query($SQL, $con);
}
//LOG commands in DB
$SQL_SEC = "INSERT INTO `ChangeLog` ( `UID` , `SQLCommad` , `Commend` ) ".
" VALUES ( ".
"'". $_SESSION['UID']. "', ".
"'SQL:
". htmlentities( $SQL, ENT_QUOTES). "
".
"Diff:
$Diff', ".
"'". htmlentities( $comment, ENT_QUOTES). "' );";
$erg = mysql_query($SQL_SEC, $con);
echo mysql_error($con);
return $querry_erg;
}//function db_query(
}
?>