From 49d5f3d7961fc382bc37080fe2ceb812362e7455 Mon Sep 17 00:00:00 2001 From: Rida CCNA Date: Wed, 4 Oct 2017 16:46:38 -0400 Subject: [PATCH 1/2] added ticks --- tools/DB_date_zeros_removal.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/DB_date_zeros_removal.php b/tools/DB_date_zeros_removal.php index 907d87acd76..b5206d8f70b 100644 --- a/tools/DB_date_zeros_removal.php +++ b/tools/DB_date_zeros_removal.php @@ -84,7 +84,7 @@ $autoUpdateSQL = ''; if (array_key_exists($field['TABLE_NAME'], $autoUpdateFields)) { foreach ($autoUpdateFields[$field['TABLE_NAME']] as $col) { - $autoUpdateSQL .= ", $col=$col"; + $autoUpdateSQL .= ", `$col`=$col"; } } @@ -98,13 +98,13 @@ if ($field['DATA_TYPE'] == 'date' && $field['IS_NULLABLE']=='YES') { - $updates .= "UPDATE ".$database['database'].".".$field['TABLE_NAME']. - " SET ".$field['COLUMN_NAME']."=NULL".$autoUpdateSQL. - " WHERE CAST(".$field['COLUMN_NAME']." AS CHAR(20))='0000-00-00';\n"; + $updates .= "UPDATE `".$database['database']."`.`".$field['TABLE_NAME']. + "` SET `".$field['COLUMN_NAME']."`=NULL".$autoUpdateSQL. + " WHERE CAST(`".$field['COLUMN_NAME']."` AS CHAR(20))='0000-00-00';\n"; } else if (($field['DATA_TYPE'] == 'datetime' || $field['DATA_TYPE'] == 'timestamp') && $field['IS_NULLABLE']=='YES') { - $updates .= "UPDATE ".$database['database'].".".$field['TABLE_NAME']. - " SET ".$field['COLUMN_NAME']."=NULL".$autoUpdateSQL. - " WHERE CAST(".$field['COLUMN_NAME']." AS CHAR(20))='0000-00-00 00:00:00';\n"; + $updates .= "UPDATE `".$database['database']."`.`".$field['TABLE_NAME']. + "` SET `".$field['COLUMN_NAME']."`=NULL".$autoUpdateSQL. + " WHERE CAST(`".$field['COLUMN_NAME']."` AS CHAR(20))='0000-00-00 00:00:00';\n"; } else { echo "COLUMN ".$field['COLUMN_NAME']." in TABLE ".$field['TABLE_NAME']." is NOT NULLABLE. ". "A date '1000-01-01' will be entered instead of '0000-00-00' values.\n"; From f876d271853d8f5d2fd4661ce434a2e7b232015e Mon Sep 17 00:00:00 2001 From: ridz1208 Date: Fri, 6 Oct 2017 10:00:55 -0400 Subject: [PATCH 2/2] escape is better then backticks --- tools/DB_date_zeros_removal.php | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tools/DB_date_zeros_removal.php b/tools/DB_date_zeros_removal.php index b5206d8f70b..5713be8c5bd 100644 --- a/tools/DB_date_zeros_removal.php +++ b/tools/DB_date_zeros_removal.php @@ -84,33 +84,33 @@ $autoUpdateSQL = ''; if (array_key_exists($field['TABLE_NAME'], $autoUpdateFields)) { foreach ($autoUpdateFields[$field['TABLE_NAME']] as $col) { - $autoUpdateSQL .= ", `$col`=$col"; + $autoUpdateSQL .= ", $db->escape($col)=$col"; } } if ($field['COLUMN_DEFAULT']=='0000-00-00') { echo "The script will modify the date schema for TABLE: `".$field['TABLE_NAME']."` FIELD: `".$field['COLUMN_NAME']."` to default to NULL\n"; - $alters .= "ALTER TABLE `".$field['TABLE_NAME']."` MODIFY `".$field['COLUMN_NAME']."` ".$field['COLUMN_TYPE']." DEFAULT NULL;\n"; + $alters .= "ALTER TABLE ".$db->escape($field['TABLE_NAME'])." MODIFY ".$db->escape($field['COLUMN_NAME'])." ".$field['COLUMN_TYPE']." DEFAULT NULL;\n"; } else if ($field['COLUMN_DEFAULT']=='0000-00-00 00:00:00') { echo "The script will modify the date schema for TABLE: `".$field['TABLE_NAME']."` FIELD: `".$field['COLUMN_NAME']."` to default to NULL\n"; - $alters .= "ALTER TABLE `".$field['TABLE_NAME']."` MODIFY `".$field['COLUMN_NAME']."` ".$field['COLUMN_TYPE']." DEFAULT NULL;\n"; + $alters .= "ALTER TABLE ".$db->escape($field['TABLE_NAME'])." MODIFY ".$db->escape($field['COLUMN_NAME'])." ".$field['COLUMN_TYPE']." DEFAULT NULL;\n"; } if ($field['DATA_TYPE'] == 'date' && $field['IS_NULLABLE']=='YES') { - $updates .= "UPDATE `".$database['database']."`.`".$field['TABLE_NAME']. - "` SET `".$field['COLUMN_NAME']."`=NULL".$autoUpdateSQL. - " WHERE CAST(`".$field['COLUMN_NAME']."` AS CHAR(20))='0000-00-00';\n"; + $updates .= "UPDATE ".$db->escape($database['database']).".".$db->escape($field['TABLE_NAME']). + " SET ".$db->escape($field['COLUMN_NAME'])."=NULL".$autoUpdateSQL. + " WHERE CAST(".$db->escape($field['COLUMN_NAME'])." AS CHAR(20))='0000-00-00';\n"; } else if (($field['DATA_TYPE'] == 'datetime' || $field['DATA_TYPE'] == 'timestamp') && $field['IS_NULLABLE']=='YES') { - $updates .= "UPDATE `".$database['database']."`.`".$field['TABLE_NAME']. - "` SET `".$field['COLUMN_NAME']."`=NULL".$autoUpdateSQL. - " WHERE CAST(`".$field['COLUMN_NAME']."` AS CHAR(20))='0000-00-00 00:00:00';\n"; + $updates .= "UPDATE ".$db->escape($database['database']).".".$db->escape($field['TABLE_NAME']). + " SET ".$db->escape($field['COLUMN_NAME'])."=NULL".$autoUpdateSQL. + " WHERE CAST(".$db->escape($field['COLUMN_NAME'])." AS CHAR(20))='0000-00-00 00:00:00';\n"; } else { echo "COLUMN ".$field['COLUMN_NAME']." in TABLE ".$field['TABLE_NAME']." is NOT NULLABLE. ". "A date '1000-01-01' will be entered instead of '0000-00-00' values.\n"; - $nonNullUpdates .= "UPDATE ".$database['database'].".".$field['TABLE_NAME']. - " SET ".$field['COLUMN_NAME']."='1000-01-01'".$autoUpdateSQL. - " WHERE CAST(".$field['COLUMN_NAME']." AS CHAR(20))='0000-00-00';\n"; + $nonNullUpdates .= "UPDATE ".$db->escape($database['database']).".".$db->escape($field['TABLE_NAME']). + " SET ".$db->escape($field['COLUMN_NAME'])."='1000-01-01'".$autoUpdateSQL. + " WHERE CAST(".$db->escape($field['COLUMN_NAME'])." AS CHAR(20))='0000-00-00';\n"; } }