"; $Diff .= ""; for ($m = 0 ; $m < $Anzahl_Felder ; $m++) $Diff .= "". mysql_field_name($Erg, $m). ""; $Diff .= ""; for ($n = 0 ; $n < $Zeilen ; $n++) { $Diff .= ""; for ($m = 0 ; $m < $Anzahl_Felder ; $m++) $Diff .= "".mysql_result($Erg, $n, $m). ""; $Diff .= ""; } $Diff .= ""; return $Diff; } function db_query( $SQL, $comment) { global $con, $Page; //commed anlyse udn daten sicherung $Diff = ""; if( strpos( "#$SQL", "UPDATE") > 0) { //Tabellen name ermitteln $Table_Start = strpos( $SQL, "`"); $Table_End = strpos( $SQL, "`", $Table_Start+1); $Table = substr( $SQL, $Table_Start, ($Table_End-$Table_Start+1)); //SecureTest if( $Table_Start == 0 || $Table_End == 0) die("

funktion_db ERROR SQL: '$SQL' nicht OK

"); //WHERE ermitteln $Where_Start = strpos( $SQL, "WHERE"); $Where = substr( $SQL, $Where_Start); // sicherheitsprüfung !!!! if( $Where_Start == 0) $Where = ";"; //Daten auslesen $Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where"); //execute command $querry_erg = mysql_query($SQL, $con); //Daten auslesen $Diff .= Ausgabe_Daten( "SELECT * FROM $Table $Where"); } elseif( strpos( "#$SQL", "DELETE") > 0) { $TableWhere = substr( $SQL, 6); //Daten auslesen $Diff .= Ausgabe_Daten( "SELECT * $TableWhere"); //execute command $querry_erg = mysql_query($SQL, $con); } elseif( strpos( "#$SQL", "INSERT") > 0) { echo "##### LOG: INSERT #####"; } else { //execute command $querry_erg = mysql_query($SQL, $con); } //abschneiden wenn zu lang if( strlen( $Where) < 2) $Diff = "can't show, too mutch data (no filter was set)"; // if( strlen( $Diff) > 5120) $Diff = "too mutch (len ". strlen( $Diff). "bytes)"; $SQLCommand = "SQL:
". htmlentities( $SQL, ENT_QUOTES). "

Diff:
$Diff"; $Commend = htmlentities( ($Page["Name"]. ": ". $comment), ENT_QUOTES); //LOG commands in DB $SQL_SEC = "INSERT INTO `ChangeLog` ( `UID` , `SQLCommad` , `Commend` ) ". " VALUES ( ". "'". $_SESSION['UID']. "', ". "'". mysql_escape_string( $SQLCommand). "', ". "'". mysql_escape_string( $Commend). "' );"; $erg = mysql_query($SQL_SEC, $con); echo mysql_error($con); return $querry_erg; }//function db_query( } ?>