[Web-cyradm] Patch against SVN latest
lst_hoe01 at kwsoft.de
lst_hoe01 at kwsoft.de
Fri Aug 4 11:01:09 CEST 2006
Zitat von "Muenz, Michael" <M.Muenz at maxonline.de>:
>> Hello
>>
>> The problem is the same as previous ones. Quoting the
>> row-names in SQL
>> statements will not work with PostgreSQL and i doubt it will
>> with MySQL.
>>
>> So "SELECT from 'mumble' WHERE 'row'='some value'; will not work
>>
>> while "SELECT from mumble WHERE row='some value'; is perfectly fine.
>>
>> This is the only change i have done because i am not really a
>> PHP coder :-(
>
> Hmm .. ok, so can you check if the queries attached also doesn't
> work for you (editadminuser.php):
>
> socrates02:~/svn/web-cyradm/trunk# fgrep "query" *.php | grep "\`"
> display.php: $query = "UPDATE `settings` SET
> `style`='".$_SESSION['style']."',
> maxdisplay='".$_SESSION['maxdisplay']."', warnlevel='".$_SE
> SSION['warnlevel']."' WHERE username='".$_SESSION['user']."'";
Yep, no chance to alter the display setting permanent ...
> editadminuser.php: $query = "SELECT `type` FROM
> adminuser WHERE username='".$_GET['username']."'";
> editadminuser.php: $query = "SELECT
> `type` FROM adminuser WHERE username='".$_POST['username']."'";
Not sure. We have only one Admin, maybe that's why it works in parts.
Nevertheless we should use it consistent across all the php files and
as the quoting does not work and without it no problem we should fix it
in all this places where it is used inside SQl statements.
Regards
Andreas
More information about the Web-cyradm
mailing list