20 defined(
'XOOPS_ROOT_PATH') or die('Restricted access');
45 $sql_len = strlen(
$sql);
50 for (
$i = 0;
$i < $sql_len; ++
$i) {
56 $i = strpos(
$sql, $string_start,
$i);
66 else if ($string_start ==
'`' ||
$sql[
$i-1] !=
'\\') {
76 $escaped_backslash =
false;
78 $escaped_backslash = !$escaped_backslash;
83 if ($escaped_backslash) {
96 else if ($char ==
';') {
99 $sql = ltrim(substr(
$sql, min(
$i + 1, $sql_len)));
100 $sql_len = strlen(
$sql);
109 else if (($char ==
'"') || ($char ==
'\'') || ($char ==
'`')) {
111 $string_start = $char;
114 else if ($char ==
'#' || ($char ==
' ' &&
$i > 1 &&
$sql[
$i-2] .
$sql[
$i-1] ==
'--')) {
116 $start_of_comment = ((
$sql[
$i] ==
'#') ?
$i :
$i-2);
119 $end_of_comment = (strpos(
' ' .
$sql,
"\012",
$i + 2))
120 ? strpos(
' ' .
$sql,
"\012",
$i + 2)
121 : strpos(
' ' .
$sql,
"\015",
$i + 2);
122 if (!$end_of_comment) {
132 $sql = substr(
$sql, 0, $start_of_comment) . ltrim(substr(
$sql, $end_of_comment));
133 $sql_len = strlen(
$sql);
139 if (!empty(
$sql) && trim(
$sql) !=
'') {
154 $pattern =
"/^(INSERT[\s]+INTO|CREATE[\s]+TABLE|ALTER[\s]+TABLE|UPDATE)(\s)+([`]?)([^`\s]+)\\3(\s)+/siU";
155 $pattern2 =
"/^(DROP TABLE)(\s)+([`]?)([^`\s]+)\\3(\s)?$/siU";
156 if (preg_match($pattern,
$query, $matches) || preg_match($pattern2,
$query, $matches)) {
157 $replace =
"\\1 " . $prefix .
"_\\4\\5";
158 $matches[0] = preg_replace($pattern, $replace,
$query);