From f90a3427ed2582a84b4d327b9c479c354e7f3104 Mon Sep 17 00:00:00 2001
From: Andre Lorbach <alorbach@adiscon.com>
Date: Tue, 8 Oct 2013 14:11:52 +0200
Subject: [PATCH] LogStreamDB Driver: Added backticks arround tablenames in all
 SQL Statements

---
 src/classes/logstreamdb.class.php | 24 ++++++++++++------------
 src/include/functions_db.php      | 16 ++++++++--------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/src/classes/logstreamdb.class.php b/src/classes/logstreamdb.class.php
index 965718f..026f007 100644
--- a/src/classes/logstreamdb.class.php
+++ b/src/classes/logstreamdb.class.php
@@ -464,7 +464,7 @@ class LogStreamDB extends LogStream {
 		$szTableType = $this->_logStreamConfigObj->DBTableType;
 
 		// Create SQL and Get INDEXES for table!
-		$szSql = "SHOW COLUMNS FROM " . $this->_logStreamConfigObj->DBTableName . " WHERE Field = '" . $dbmapping[$szTableType]['DBMAPPINGS'][MISC_CHECKSUM] . "'"; 
+		$szSql = "SHOW COLUMNS FROM `" . $this->_logStreamConfigObj->DBTableName . "` WHERE Field = '" . $dbmapping[$szTableType]['DBMAPPINGS'][MISC_CHECKSUM] . "'"; 
 		$myQuery = mysql_query($szSql, $this->_dbhandle);
 		if ($myQuery)
 		{
@@ -682,7 +682,7 @@ class LogStreamDB extends LogStream {
 		if ( strlen($this->_SQLwhereClause) > 0 && !$this->_logStreamConfigObj->DBEnableRowCounting )
 			return $this->_firstPageUID;
 
-		$szSql = "SELECT MAX(" . $dbmapping[$szTableType]['DBMAPPINGS'][SYSLOG_UID] . ") FROM " .  $this->_logStreamConfigObj->DBTableName . $this->_SQLwhereClause;
+		$szSql = "SELECT MAX(" . $dbmapping[$szTableType]['DBMAPPINGS'][SYSLOG_UID] . ") FROM `" .  $this->_logStreamConfigObj->DBTableName . "` " . $this->_SQLwhereClause;
 		$myQuery = mysql_query($szSql, $this->_dbhandle);
 		if ($myQuery)
 		{
@@ -714,7 +714,7 @@ class LogStreamDB extends LogStream {
 		if ( strlen($this->_SQLwhereClause) > 0 && !$this->_logStreamConfigObj->DBEnableRowCounting )
 			return $this->_lastPageUID;
 
-		$szSql = "SELECT MIN(" . $dbmapping[$szTableType]['DBMAPPINGS'][SYSLOG_UID] . ") FROM " .  $this->_logStreamConfigObj->DBTableName . $this->_SQLwhereClause;
+		$szSql = "SELECT MIN(" . $dbmapping[$szTableType]['DBMAPPINGS'][SYSLOG_UID] . ") FROM `" .  $this->_logStreamConfigObj->DBTableName . "` " . $this->_SQLwhereClause;
 		$myQuery = mysql_query($szSql, $this->_dbhandle);
 		if ($myQuery)
 		{
@@ -777,7 +777,7 @@ class LogStreamDB extends LogStream {
 		if ( $this->_dbhandle != null ) 
 		{
 			// Obtain Stats data for this table!
-			$szSql = "SHOW TABLE STATUS FROM " .  $this->_logStreamConfigObj->DBName; 
+			$szSql = "SHOW TABLE STATUS FROM `" .  $this->_logStreamConfigObj->DBName . "`"; 
 			$myQuery = mysql_query($szSql, $this->_dbhandle);
 			if ($myQuery)
 			{
@@ -836,7 +836,7 @@ class LogStreamDB extends LogStream {
 		if ( $this->_dbhandle != null ) 
 		{
 			// SHOW TABLE STATUS FROM
-			$szSql = "SELECT count(" . $dbmapping[$szTableType]['DBMAPPINGS'][SYSLOG_UID] . ") as Counter FROM " .  $this->_logStreamConfigObj->DBTableName; 
+			$szSql = "SELECT count(" . $dbmapping[$szTableType]['DBMAPPINGS'][SYSLOG_UID] . ") as Counter FROM `" .  $this->_logStreamConfigObj->DBTableName . "`"; 
 			$myQuery = mysql_query($szSql, $this->_dbhandle);
 			if ($myQuery)
 			{
@@ -898,7 +898,7 @@ class LogStreamDB extends LogStream {
 			// ---
 
 			// DELETE DATA NOW!
-			$szSql = "DELETE FROM " .  $this->_logStreamConfigObj->DBTableName . $szWhere; 
+			$szSql = "DELETE FROM `" .  $this->_logStreamConfigObj->DBTableName . "`" . $szWhere; 
 			OutputDebugMessage("LogStreamDB|CleanupLogdataByDate: Created SQL Query:<br>" . $szSql, DEBUG_DEBUG);
 			$myQuery = mysql_query($szSql, $this->_dbhandle);
 			if ($myQuery)
@@ -1072,7 +1072,7 @@ class LogStreamDB extends LogStream {
 		$szSql =	"SELECT " . 
 					$myDBQueryFields .  
 					"count(" . $myDBConsFieldName . ") as itemcount " . 
-					" FROM " . $this->_logStreamConfigObj->DBTableName . 
+					" FROM `" . $this->_logStreamConfigObj->DBTableName . "`" . 
 					$this->_SQLwhereClause . 
 					" GROUP BY " . $myDBGroupByFieldName . 
 					" ORDER BY " . $myDBSortedFieldName . " " . $szSortingOrder . 
@@ -1211,7 +1211,7 @@ class LogStreamDB extends LogStream {
 		$szSql =	"SELECT " . 
 					$myDBQueryFields .  
 					"count(" . $myDBConsFieldName . ") as itemcount " . 
-					" FROM " . $this->_logStreamConfigObj->DBTableName . 
+					" FROM `" . $this->_logStreamConfigObj->DBTableName . "`" . 
 					$this->_SQLwhereClause . 
 					" GROUP BY " . $myDBGroupByFieldName . 
 					" ORDER BY " . $myDBSortedFieldName . " " . $szSortingOrder . 
@@ -1299,7 +1299,7 @@ class LogStreamDB extends LogStream {
 			$szSql =	"SELECT " . 
 						$myDBQueryFieldName . ", " . 
 						"count(" . $myDBFieldName . ") as TotalCount " . 
-						" FROM " . $this->_logStreamConfigObj->DBTableName . 
+						" FROM `" . $this->_logStreamConfigObj->DBTableName . "`" . 
 						$this->_SQLwhereClause . 
 						" GROUP BY " . $mySelectFieldName . 
 						" ORDER BY TotalCount DESC" . 
@@ -1744,7 +1744,7 @@ class LogStreamDB extends LogStream {
 		}
 
 		// Append FROM 'table'!
-		$sqlString .= " FROM " . $this->_logStreamConfigObj->DBTableName;
+		$sqlString .= " FROM `" . $this->_logStreamConfigObj->DBTableName . "`";
 
 		// Append precreated where clause
 		$sqlString .= $this->_SQLwhereClause;
@@ -1962,7 +1962,7 @@ class LogStreamDB extends LogStream {
 		$arrIndexKeys = array();
 
 		// Create SQL and Get INDEXES for table!
-		$szSql = "SHOW INDEX FROM " .  $this->_logStreamConfigObj->DBTableName; 
+		$szSql = "SHOW INDEX FROM `" .  $this->_logStreamConfigObj->DBTableName . "`"; 
 		$myQuery = mysql_query($szSql, $this->_dbhandle);
 		if ($myQuery)
 		{
@@ -2001,7 +2001,7 @@ class LogStreamDB extends LogStream {
 		$arrFieldKeys = array();
 
 		// Create SQL and Get INDEXES for table!
-		$szSql = "SHOW FIELDS FROM " .  $this->_logStreamConfigObj->DBTableName; 
+		$szSql = "SHOW FIELDS FROM `" .  $this->_logStreamConfigObj->DBTableName . "`"; 
 		$myQuery = mysql_query($szSql, $this->_dbhandle);
 		if ($myQuery)
 		{
diff --git a/src/include/functions_db.php b/src/include/functions_db.php
index 75de56e..1d9be4a 100644
--- a/src/include/functions_db.php
+++ b/src/include/functions_db.php
@@ -387,24 +387,24 @@ function WriteConfigValue($szPropName, $is_global = true, $userid = false, $grou
 		$CFG[$szPropName] = $content[$szPropName];
 		
 		// Check if we need to INSERT or UPDATE
-		$result = DB_Query("SELECT propname FROM " . DB_CONFIG . " WHERE propname = '" . $szPropName . "' AND is_global = " . $is_global);
+		$result = DB_Query("SELECT propname FROM `" . DB_CONFIG . "` WHERE propname = '" . $szPropName . "' AND is_global = " . $is_global);
 		$rows = DB_GetAllRows($result, true);
 		if ( !isset($rows) )
 		{
 			// New Entry
 			if ( strlen($szDbValue) < 255 ) 
-				$result = DB_Query("INSERT INTO  " . DB_CONFIG . " (propname, propvalue, is_global) VALUES ( '" . $szPropName . "', '" . $szDbValue . "', " . $is_global . ")");
+				$result = DB_Query("INSERT INTO  `" . DB_CONFIG . "` (propname, propvalue, is_global) VALUES ( '" . $szPropName . "', '" . $szDbValue . "', " . $is_global . ")");
 			else
-				$result = DB_Query("INSERT INTO  " . DB_CONFIG . " (propname, propvalue_text, is_global) VALUES ( '" . $szPropName . "', '" . $szDbValue . "', " . $is_global . ")");
+				$result = DB_Query("INSERT INTO  `" . DB_CONFIG . "` (propname, propvalue_text, is_global) VALUES ( '" . $szPropName . "', '" . $szDbValue . "', " . $is_global . ")");
 			DB_FreeQuery($result);
 		}
 		else
 		{
 			// Update Entry
 			if ( strlen($szDbValue) < 255 ) 
-				$result = DB_Query("UPDATE " . DB_CONFIG . " SET propvalue = '" . $szDbValue . "', propvalue_text = '' WHERE propname = '" . $szPropName . "' AND is_global = " . $is_global);
+				$result = DB_Query("UPDATE `" . DB_CONFIG . "` SET propvalue = '" . $szDbValue . "', propvalue_text = '' WHERE propname = '" . $szPropName . "' AND is_global = " . $is_global);
 			else
-				$result = DB_Query("UPDATE " . DB_CONFIG . " SET propvalue_text = '" . $szDbValue . "', propvalue = '' WHERE propname = '" . $szPropName . "' AND is_global = " . $is_global);
+				$result = DB_Query("UPDATE `" . DB_CONFIG . "` SET propvalue_text = '" . $szDbValue . "', propvalue = '' WHERE propname = '" . $szPropName . "' AND is_global = " . $is_global);
 			DB_FreeQuery($result);
 		}
 	}
@@ -425,18 +425,18 @@ function WriteConfigValue($szPropName, $is_global = true, $userid = false, $grou
 		}
 
 		// Check if we need to INSERT or UPDATE
-		$result = DB_Query("SELECT propname FROM " . DB_CONFIG . " WHERE propname = '" . $szPropName . "' AND userid = " . $userid);
+		$result = DB_Query("SELECT propname FROM `" . DB_CONFIG . "` WHERE propname = '" . $szPropName . "' AND userid = " . $userid);
 		$rows = DB_GetAllRows($result, true);
 		if ( !isset($rows) )
 		{
 			// New Entry
-			$result = DB_Query("INSERT INTO  " . DB_CONFIG . " (propname, propvalue, userid) VALUES ( '" . $szPropName . "', '" . $szDbValue . "', " . $userid . ")");
+			$result = DB_Query("INSERT INTO  `" . DB_CONFIG . "` (propname, propvalue, userid) VALUES ( '" . $szPropName . "', '" . $szDbValue . "', " . $userid . ")");
 			DB_FreeQuery($result);
 		}
 		else
 		{
 			// Update Entry
-			$result = DB_Query("UPDATE " . DB_CONFIG . " SET propvalue = '" . $szDbValue . "' WHERE propname = '" . $szPropName . "' AND userid = " . $userid);
+			$result = DB_Query("UPDATE `" . DB_CONFIG . "` SET propvalue = '" . $szDbValue . "' WHERE propname = '" . $szPropName . "' AND userid = " . $userid);
 			DB_FreeQuery($result);
 		}