From 9343651d90113f68b83f214c20a32975d18217e7 Mon Sep 17 00:00:00 2001 From: czaks Date: Thu, 1 Aug 2013 01:16:20 -0400 Subject: [PATCH] Add optional database table prefix (issue #118; see issue comments for details) --- search.php | 13 ++++++++----- templates/themes/ukko/theme.php | 6 +++--- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/search.php b/search.php index 27ddbe15..a40c4701 100644 --- a/search.php +++ b/search.php @@ -17,21 +17,21 @@ $phrase = $_GET['search']; $_body = ''; - $query = prepare("SELECT COUNT(*) FROM `search_queries` WHERE `ip` = :ip AND `time` > :time"); + $query = prepare("SELECT COUNT(*) FROM ``search_queries`` WHERE `ip` = :ip AND `time` > :time"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':time', time() - ($queries_per_minutes[1] * 60)); $query->execute() or error(db_error($query)); if($query->fetchColumn() > $queries_per_minutes[0]) error(_('Wait a while before searching again, please.')); - $query = prepare("SELECT COUNT(*) FROM `search_queries` WHERE `time` > :time"); + $query = prepare("SELECT COUNT(*) FROM ``search_queries`` WHERE `time` > :time"); $query->bindValue(':time', time() - ($queries_per_minutes_all[1] * 60)); $query->execute() or error(db_error($query)); if($query->fetchColumn() > $queries_per_minutes_all[0]) error(_('Wait a while before searching again, please.')); - $query = prepare("INSERT INTO `search_queries` VALUES (:ip, :time, :query)"); + $query = prepare("INSERT INTO ``search_queries`` VALUES (:ip, :time, :query)"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':time', time()); $query->bindValue(':query', $phrase); @@ -40,7 +40,7 @@ _syslog(LOG_NOTICE, 'Searched /' . $_GET['board'] . '/ for "' . $phrase . '"'); // Cleanup search queries table - $query = prepare("DELETE FROM `search_queries` WHERE `time` <= :time"); + $query = prepare("DELETE FROM ``search_queries`` WHERE `time` <= :time"); $query->bindValue(':time', time() - ($queries_per_minutes_all[1] * 60)); $query->execute() or error(db_error($query)); @@ -85,6 +85,9 @@ // Use asterisk as wildcard to suit convention $phrase = str_replace('*', '%', $phrase); + // Remove `, it's used by table prefix magic + $phrase = str_replace('`', '!`', $phrase); + $like = ''; $match = Array(); @@ -119,7 +122,7 @@ $like = str_replace('%', '%%', $like); - $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri'])); + $query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri'])); $query->bindValue(':limit', $search_limit, PDO::PARAM_INT); $query->execute() or error(db_error($query)); diff --git a/templates/themes/ukko/theme.php b/templates/themes/ukko/theme.php index 6fa5fa7e..1682b4ec 100644 --- a/templates/themes/ukko/theme.php +++ b/templates/themes/ukko/theme.php @@ -25,7 +25,7 @@ foreach($boards as &$_board) { if(in_array($_board['uri'], explode(' ', $this->settings['exclude']))) continue; - $query .= sprintf("SELECT *, '%s' AS `board` FROM `posts_%s` WHERE `thread` IS NULL UNION ALL ", $_board['uri'], $_board['uri']); + $query .= sprintf("SELECT *, '%s' AS `board` FROM ``posts_%s`` WHERE `thread` IS NULL UNION ALL ", $_board['uri'], $_board['uri']); } $query = preg_replace('/UNION ALL $/', 'ORDER BY `bump` DESC', $query); $query = query($query) or error(db_error()); @@ -48,7 +48,7 @@ $post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], $mod ? '?/' : $config['root'], $mod ); - $posts = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id` DESC LIMIT :limit", $post['board'])); + $posts = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE `thread` = :id ORDER BY `id` DESC LIMIT :limit", $post['board'])); $posts->bindValue(':id', $post['id']); $posts->bindValue(':limit', ($post['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview']), PDO::PARAM_INT); $posts->execute() or error(db_error($posts)); @@ -66,7 +66,7 @@ } if ($posts->rowCount() == ($post['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview'])) { - $ct = prepare(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = :thread UNION ALL SELECT COUNT(`id`) FROM `posts_%s` WHERE `file` IS NOT NULL AND `thread` = :thread", $post['board'], $post['board'])); + $ct = prepare(sprintf("SELECT COUNT(`id`) as `num` FROM ``posts_%s`` WHERE `thread` = :thread UNION ALL SELECT COUNT(`id`) FROM `posts_%s` WHERE `file` IS NOT NULL AND `thread` = :thread", $post['board'], $post['board'])); $ct->bindValue(':thread', $post['id'], PDO::PARAM_INT); $ct->execute() or error(db_error($count));