diff --git a/inc/anti-bot.php b/inc/anti-bot.php index bf29b3cb..fde97096 100644 --- a/inc/anti-bot.php +++ b/inc/anti-bot.php @@ -182,12 +182,12 @@ function _create_antibot($board, $thread) { $antibot = new AntiBot(array($board, $thread)); - query('DELETE FROM `antispam` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error()); + query('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error()); if ($thread) - $query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL'); + $query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL'); else - $query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL'); + $query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL'); $query->bindValue(':board', $board); if ($thread) @@ -195,7 +195,7 @@ function _create_antibot($board, $thread) { $query->bindValue(':expires', $config['spam']['hidden_inputs_expire']); $query->execute() or error(db_error($query)); - $query = prepare('INSERT INTO `antispam` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)'); + $query = prepare('INSERT INTO ``antispam`` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)'); $query->bindValue(':board', $board); $query->bindValue(':thread', $thread); $query->bindValue(':hash', $antibot->hash()); @@ -248,7 +248,7 @@ function checkSpam(array $extra_salt = array()) { if ($hash != $_hash) return true; - $query = prepare('SELECT `passed` FROM `antispam` WHERE `hash` = :hash'); + $query = prepare('SELECT `passed` FROM ``antispam`` WHERE `hash` = :hash'); $query->bindValue(':hash', $hash); $query->execute() or error(db_error($query)); if ((($passed = $query->fetchColumn(0)) === false) || ($passed > $config['spam']['hidden_inputs_max_pass'])) { @@ -260,7 +260,7 @@ function checkSpam(array $extra_salt = array()) { } function incrementSpamHash($hash) { - $query = prepare('UPDATE `antispam` SET `passed` = `passed` + 1 WHERE `hash` = :hash'); + $query = prepare('UPDATE ``antispam`` SET `passed` = `passed` + 1 WHERE `hash` = :hash'); $query->bindValue(':hash', $hash); $query->execute() or error(db_error($query)); } diff --git a/inc/config.php b/inc/config.php index 6f2371ec..75384d3f 100644 --- a/inc/config.php +++ b/inc/config.php @@ -76,6 +76,8 @@ $config['db']['password'] = ''; // Tinyboard database $config['db']['database'] = ''; + // Table prefix + $config['db']['prefix'] = ''; // Use a persistent connection (experimental) $config['db']['persistent'] = false; // Anything more to add to the DSN string (eg. port=xxx;foo=bar) diff --git a/inc/database.php b/inc/database.php index 3dc0f0ce..7be001ea 100644 --- a/inc/database.php +++ b/inc/database.php @@ -87,6 +87,8 @@ function mysql_version() { function prepare($query) { global $pdo, $debug, $config; + $query = preg_replace('/``([0-9a-zA-Z$_\x{0080}-\x{FFFF}]+)``/u', '`' . $config['db']['prefix'] . '$1`', $query); + sql_open(); if ($config['debug']) @@ -98,6 +100,8 @@ function prepare($query) { function query($query) { global $pdo, $debug, $config; + $query = preg_replace('/``([0-9a-zA-Z$_\x{0080}-\x{FFFF}]+)``/u', '`' . $config['db']['prefix'] . '$1`', $query); + sql_open(); if ($config['debug']) { diff --git a/inc/filters.php b/inc/filters.php index 524d37cf..9f03154d 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -81,7 +81,7 @@ class Filter { else $all_boards = false; - $query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board, 0)"); + $query = prepare("INSERT INTO ``bans`` VALUES (NULL, :ip, :mod, :set, :expires, :reason, :board, 0)"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':mod', -1); $query->bindValue(':set', time()); diff --git a/inc/functions.php b/inc/functions.php index 403f6112..e871fee0 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -241,7 +241,7 @@ function create_antibot($board, $thread = null) { function rebuildThemes($action, $board = false) { // List themes - $query = query("SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error()); + $query = query("SELECT `theme` FROM ``theme_settings`` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error()); while ($theme = $query->fetch(PDO::FETCH_ASSOC)) { rebuildTheme($theme['theme'], $action, $board); @@ -276,7 +276,7 @@ function rebuildTheme($theme, $action, $board = false) { function themeSettings($theme) { - $query = prepare("SELECT `name`, `value` FROM `theme_settings` WHERE `theme` = :theme AND `name` IS NOT NULL"); + $query = prepare("SELECT `name`, `value` FROM ``theme_settings`` WHERE `theme` = :theme AND `name` IS NOT NULL"); $query->bindValue(':theme', $theme); $query->execute() or error(db_error($query)); @@ -347,7 +347,7 @@ function getBoardInfo($uri) { return $board; } - $query = prepare("SELECT * FROM `boards` WHERE `uri` = :uri LIMIT 1"); + $query = prepare("SELECT * FROM ``boards`` WHERE `uri` = :uri LIMIT 1"); $query->bindValue(':uri', $uri); $query->execute() or error(db_error($query)); @@ -523,7 +523,7 @@ function listBoards() { if ($config['cache']['enabled'] && ($boards = cache::get('all_boards'))) return $boards; - $query = query("SELECT * FROM `boards` ORDER BY `uri`") or error(db_error()); + $query = query("SELECT * FROM ``boards`` ORDER BY `uri`") or error(db_error()); $boards = $query->fetchAll(); if ($config['cache']['enabled']) @@ -535,7 +535,7 @@ function listBoards() { function checkFlood($post) { global $board, $config; - $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`ip` = :ip AND `time` >= :floodtime) OR (`ip` = :ip AND `body` != '' AND `body` = :body AND `time` >= :floodsameiptime) OR (`body` != '' AND `body` = :body AND `time` >= :floodsametime) LIMIT 1", $board['uri'])); + $query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE (`ip` = :ip AND `time` >= :floodtime) OR (`ip` = :ip AND `body` != '' AND `body` = :body AND `time` >= :floodsameiptime) OR (`body` != '' AND `body` = :body AND `time` >= :floodsametime) LIMIT 1", $board['uri'])); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':body', $post['body']); $query->bindValue(':floodtime', time()-$config['flood_time'], PDO::PARAM_INT); @@ -589,7 +589,7 @@ function displayBan($ban) { global $config; if (!$ban['seen']) { - $query = prepare("UPDATE `bans` SET `seen` = 1 WHERE `id` = :id"); + $query = prepare("UPDATE ``bans`` SET `seen` = 1 WHERE `id` = :id"); $query->bindValue(':id', $ban['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); } @@ -620,12 +620,12 @@ function checkBan($board = 0) { if (event('check-ban', $board)) return true; - $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `seen`, `bans`.`id` FROM `bans` WHERE (`board` IS NULL OR `board` = :board) AND `ip` = :ip ORDER BY `expires` IS NULL DESC, `expires` DESC, `expires` DESC LIMIT 1"); + $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `seen`, ``bans``.`id` FROM ``bans`` WHERE (`board` IS NULL OR `board` = :board) AND `ip` = :ip ORDER BY `expires` IS NULL DESC, `expires` DESC, `expires` DESC LIMIT 1"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':board', $board); $query->execute() or error(db_error($query)); if ($query->rowCount() < 1 && $config['ban_range']) { - $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `seen`, `bans`.`id` FROM `bans` WHERE (`board` IS NULL OR `board` = :board) AND :ip LIKE REPLACE(REPLACE(`ip`, '%', '!%'), '*', '%') ESCAPE '!' ORDER BY `expires` IS NULL DESC, `expires` DESC LIMIT 1"); + $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `seen`, ``bans``.`id` FROM ``bans`` WHERE (`board` IS NULL OR `board` = :board) AND :ip LIKE REPLACE(REPLACE(`ip`, '%', '!%'), '*', '%') ESCAPE '!' ORDER BY `expires` IS NULL DESC, `expires` DESC LIMIT 1"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':board', $board); $query->execute() or error(db_error($query)); @@ -633,7 +633,7 @@ function checkBan($board = 0) { if ($query->rowCount() < 1 && $config['ban_cidr'] && !isIPv6()) { // my most insane SQL query yet - $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `seen`, `bans`.`id` FROM `bans` WHERE (`board` IS NULL OR `board` = :board) + $query = prepare("SELECT `set`, `expires`, `reason`, `board`, `seen`, ``bans``.`id` FROM ``bans`` WHERE (`board` IS NULL OR `board` = :board) AND ( `ip` REGEXP '^(\[0-9]+\.\[0-9]+\.\[0-9]+\.\[0-9]+\)\/(\[0-9]+)$' AND @@ -650,7 +650,7 @@ function checkBan($board = 0) { if ($ban = $query->fetch(PDO::FETCH_ASSOC)) { if ($ban['expires'] && $ban['expires'] < time()) { // Ban expired - $query = prepare("DELETE FROM `bans` WHERE `id` = :id"); + $query = prepare("DELETE FROM ``bans`` WHERE `id` = :id"); $query->bindValue(':id', $ban['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -670,7 +670,7 @@ function checkBan($board = 0) { // No reason to keep expired bans in the database (except those that haven't been viewed yet) function purge_bans() { - $query = prepare("DELETE FROM `bans` WHERE `expires` IS NOT NULL AND `expires` < :time AND `seen` = 1"); + $query = prepare("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` < :time AND `seen` = 1"); $query->bindValue(':time', time()); $query->execute() or error(db_error($query)); } @@ -681,7 +681,7 @@ function threadLocked($id) { if (event('check-locked', $id)) return true; - $query = prepare(sprintf("SELECT `locked` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); + $query = prepare(sprintf("SELECT `locked` FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error()); @@ -699,7 +699,7 @@ function threadSageLocked($id) { if (event('check-sage-locked', $id)) return true; - $query = prepare(sprintf("SELECT `sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); + $query = prepare(sprintf("SELECT `sage` FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error()); @@ -714,7 +714,7 @@ function threadSageLocked($id) { function threadExists($id) { global $board; - $query = prepare(sprintf("SELECT 1 FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); + $query = prepare(sprintf("SELECT 1 FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error()); @@ -727,7 +727,7 @@ function threadExists($id) { function post(array $post) { global $pdo, $board; - $query = prepare(sprintf("INSERT INTO `posts_%s` (`id`, `thread`, `subject`, `email`, `name`, `trip`, `capcode`, `body`, `body_nomarkup`, `time`, `bump`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`, `filehash`, `password`, `ip`, `sticky`, `locked`, `sage`, `embed`) VALUES ( NULL, :thread, :subject, :email, :name, :trip, :capcode, :body, :body_nomarkup, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky, :locked, 0, :embed)", $board['uri'])); + $query = prepare(sprintf("INSERT INTO ``posts_%s`` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :capcode, :body, :body_nomarkup, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky, :locked, 0, :embed)", $board['uri'])); // Basic stuff if (!empty($post['subject'])) { @@ -829,7 +829,7 @@ function bumpThread($id) { if (event('bump', $id)) return true; - $query = prepare(sprintf("UPDATE `posts_%s` SET `bump` = :time WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); + $query = prepare(sprintf("UPDATE ``posts_%s`` SET `bump` = :time WHERE `id` = :id AND `thread` IS NULL", $board['uri'])); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -839,7 +839,7 @@ function bumpThread($id) { function deleteFile($id, $remove_entirely_if_already=true) { global $board, $config; - $query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); + $query = prepare(sprintf("SELECT `thread`,`thumb`,`file` FROM ``posts_%s`` WHERE `id` = :id LIMIT 1", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); if (!$post = $query->fetch(PDO::FETCH_ASSOC)) @@ -848,7 +848,7 @@ function deleteFile($id, $remove_entirely_if_already=true) { if ($post['file'] == 'deleted' && !$post['thread']) return; // Can't delete OP's image completely. - $query = prepare(sprintf("UPDATE `posts_%s` SET `thumb` = NULL, `thumbwidth` = NULL, `thumbheight` = NULL, `filewidth` = NULL, `fileheight` = NULL, `filesize` = NULL, `filename` = NULL, `filehash` = NULL, `file` = :file WHERE `id` = :id", $board['uri'])); + $query = prepare(sprintf("UPDATE ``posts_%s`` SET `thumb` = NULL, `thumbwidth` = NULL, `thumbheight` = NULL, `filewidth` = NULL, `fileheight` = NULL, `filesize` = NULL, `filename` = NULL, `filehash` = NULL, `file` = :file WHERE `id` = :id", $board['uri'])); if ($post['file'] == 'deleted' && $remove_entirely_if_already) { // Already deleted; remove file fully $query->bindValue(':file', null, PDO::PARAM_NULL); @@ -876,7 +876,7 @@ function deleteFile($id, $remove_entirely_if_already=true) { function rebuildPost($id) { global $board; - $query = prepare(sprintf("SELECT `body_nomarkup`, `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); + $query = prepare(sprintf("SELECT `body_nomarkup`, `thread` FROM ``posts_%s`` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -885,7 +885,7 @@ function rebuildPost($id) { markup($body = &$post['body_nomarkup']); - $query = prepare(sprintf("UPDATE `posts_%s` SET `body` = :body WHERE `id` = :id", $board['uri'])); + $query = prepare(sprintf("UPDATE ``posts_%s`` SET `body` = :body WHERE `id` = :id", $board['uri'])); $query->bindValue(':body', $body); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -900,7 +900,7 @@ function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) { global $board, $config; // Select post and replies (if thread) in one query - $query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); + $query = prepare(sprintf("SELECT `id`,`thread`,`thumb`,`file` FROM ``posts_%s`` WHERE `id` = :id OR `thread` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -918,7 +918,7 @@ function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) { // Delete thread HTML page file_unlink($board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $post['id'])); - $antispam_query = prepare('DELETE FROM `antispam` WHERE `board` = :board AND `thread` = :thread'); + $antispam_query = prepare('DELETE FROM ``antispam`` WHERE `board` = :board AND `thread` = :thread'); $antispam_query->bindValue(':board', $board['uri']); $antispam_query->bindValue(':thread', $post['id']); $antispam_query->execute() or error(db_error($antispam_query)); @@ -939,11 +939,11 @@ function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) { } - $query = prepare(sprintf("DELETE FROM `posts_%s` WHERE `id` = :id OR `thread` = :id", $board['uri'])); + $query = prepare(sprintf("DELETE FROM ``posts_%s`` WHERE `id` = :id OR `thread` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); - $query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board AND (`target` = " . implode(' OR `target` = ', $ids) . ")"); + $query = prepare("SELECT `board`, `post` FROM ``cites`` WHERE `target_board` = :board AND (`target` = " . implode(' OR `target` = ', $ids) . ")"); $query->bindValue(':board', $board['uri']); $query->execute() or error(db_error($query)); while ($cite = $query->fetch(PDO::FETCH_ASSOC)) { @@ -958,7 +958,7 @@ function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) { if (isset($tmp_board)) openBoard($tmp_board); - $query = prepare("DELETE FROM `cites` WHERE (`target_board` = :board AND `target` = :id) OR (`board` = :board AND `post` = :id)"); + $query = prepare("DELETE FROM ``cites`` WHERE (`target_board` = :board AND `target` = :id) OR (`board` = :board AND `post` = :id)"); $query->bindValue(':board', $board['uri']); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -975,7 +975,7 @@ function clean() { $offset = round($config['max_pages']*$config['threads_per_page']); // I too wish there was an easier way of doing this... - $query = prepare(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri'])); + $query = prepare(sprintf("SELECT `id` FROM ``posts_%s`` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri'])); $query->bindValue(':offset', $offset, PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -990,7 +990,7 @@ function index($page, $mod=false) { $body = ''; $offset = round($page*$config['threads_per_page']-$config['threads_per_page']); - $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset,:threads_per_page", $board['uri'])); + $query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset,:threads_per_page", $board['uri'])); $query->bindValue(':offset', $offset, PDO::PARAM_INT); $query->bindValue(':threads_per_page', $config['threads_per_page'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -1011,7 +1011,7 @@ function index($page, $mod=false) { $replies = $cached['replies']; $omitted = $cached['omitted']; } else { - $posts = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id` DESC LIMIT :limit", $board['uri'])); + $posts = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE `thread` = :id ORDER BY `id` DESC LIMIT :limit", $board['uri'])); $posts->bindValue(':id', $th['id']); $posts->bindValue(':limit', ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview']), PDO::PARAM_INT); $posts->execute() or error(db_error($posts)); @@ -1115,7 +1115,7 @@ function getPages($mod=false) { $count = $board['thread_count']; } else { // Count threads - $query = query(sprintf("SELECT COUNT(*) FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); + $query = query(sprintf("SELECT COUNT(*) FROM ``posts_%s`` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); $count = $query->fetchColumn(); } $count = floor(($config['threads_per_page'] + $count - 1) / $config['threads_per_page']); @@ -1151,7 +1151,7 @@ function checkRobot($body) { return true; $body = makerobot($body); - $query = prepare("SELECT 1 FROM `robot` WHERE `hash` = :hash LIMIT 1"); + $query = prepare("SELECT 1 FROM ``robot`` WHERE `hash` = :hash LIMIT 1"); $query->bindValue(':hash', $body); $query->execute() or error(db_error($query)); @@ -1160,7 +1160,7 @@ function checkRobot($body) { } // Insert new hash - $query = prepare("INSERT INTO `robot` VALUES (:hash)"); + $query = prepare("INSERT INTO ``robot`` VALUES (:hash)"); $query->bindValue(':hash', $body); $query->execute() or error(db_error($query)); @@ -1170,7 +1170,7 @@ function checkRobot($body) { // Returns an associative array with 'replies' and 'images' keys function numPosts($id) { global $board; - $query = prepare(sprintf("SELECT COUNT(*) FROM `posts_%s` WHERE `thread` = :thread UNION ALL SELECT COUNT(*) FROM `posts_%s` WHERE `file` IS NOT NULL AND `thread` = :thread", $board['uri'], $board['uri'])); + $query = prepare(sprintf("SELECT COUNT(*) FROM ``posts_%s`` WHERE `thread` = :thread UNION ALL SELECT COUNT(*) FROM ``posts_%s`` WHERE `file` IS NOT NULL AND `thread` = :thread", $board['uri'], $board['uri'])); $query->bindValue(':thread', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -1187,7 +1187,7 @@ function muteTime() { return $time; // Find number of mutes in the past X hours - $query = prepare("SELECT COUNT(*) FROM `mutes` WHERE `time` >= :time AND `ip` = :ip"); + $query = prepare("SELECT COUNT(*) FROM ``mutes`` WHERE `time` >= :time AND `ip` = :ip"); $query->bindValue(':time', time()-($config['robot_mute_hour']*3600), PDO::PARAM_INT); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->execute() or error(db_error($query)); @@ -1199,7 +1199,7 @@ function muteTime() { function mute() { // Insert mute - $query = prepare("INSERT INTO `mutes` VALUES (:ip, :time)"); + $query = prepare("INSERT INTO ``mutes`` VALUES (:ip, :time)"); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->execute() or error(db_error($query)); @@ -1220,7 +1220,7 @@ function checkMute() { $mutetime = muteTime(); if ($mutetime > 0) { // Find last mute time - $query = prepare("SELECT `time` FROM `mutes` WHERE `ip` = :ip ORDER BY `time` DESC LIMIT 1"); + $query = prepare("SELECT `time` FROM ``mutes`` WHERE `ip` = :ip ORDER BY `time` DESC LIMIT 1"); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->execute() or error(db_error($query)); @@ -1514,7 +1514,7 @@ function markup(&$body, $track_cites = false) { foreach ($cites as $matches) { $cite = $matches[2][0]; - $query = prepare(sprintf("SELECT `thread`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); + $query = prepare(sprintf("SELECT `thread`,`id` FROM ``posts_%s`` WHERE `id` = :id LIMIT 1", $board['uri'])); $query->bindValue(':id', $cite); $query->execute() or error(db_error($query)); @@ -1562,7 +1562,7 @@ function markup(&$body, $track_cites = false) { // Check if the board exists, and load settings if (openBoard($_board)) { if ($cite) { - $query = prepare(sprintf("SELECT `thread`,`id` FROM `posts_%s` WHERE `id` = :id LIMIT 1", $board['uri'])); + $query = prepare(sprintf("SELECT `thread`,`id` FROM ``posts_%s`` WHERE `id` = :id LIMIT 1", $board['uri'])); $query->bindValue(':id', $cite); $query->execute() or error(db_error($query)); @@ -1671,7 +1671,7 @@ function buildThread($id, $return = false, $mod = false) { cache::delete("thread_{$board['uri']}_{$id}"); } - $query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`id`", $board['uri'])); + $query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`id`", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -1806,7 +1806,7 @@ function fraction($numerator, $denominator, $sep) { function getPostByHash($hash) { global $board; - $query = prepare(sprintf("SELECT `id`,`thread` FROM `posts_%s` WHERE `filehash` = :hash", $board['uri'])); + $query = prepare(sprintf("SELECT `id`,`thread` FROM ``posts_%s`` WHERE `filehash` = :hash", $board['uri'])); $query->bindValue(':hash', $hash, PDO::PARAM_STR); $query->execute() or error(db_error($query)); @@ -1819,7 +1819,7 @@ function getPostByHash($hash) { function getPostByHashInThread($hash, $thread) { global $board; - $query = prepare(sprintf("SELECT `id`,`thread` FROM `posts_%s` WHERE `filehash` = :hash AND ( `thread` = :thread OR `id` = :thread )", $board['uri'])); + $query = prepare(sprintf("SELECT `id`,`thread` FROM ``posts_%s`` WHERE `filehash` = :hash AND ( `thread` = :thread OR `id` = :thread )", $board['uri'])); $query->bindValue(':hash', $hash, PDO::PARAM_STR); $query->bindValue(':thread', $thread, PDO::PARAM_INT); $query->execute() or error(db_error($query)); diff --git a/inc/mod/auth.php b/inc/mod/auth.php index a0986a1f..bfab0f7e 100644 --- a/inc/mod/auth.php +++ b/inc/mod/auth.php @@ -42,7 +42,7 @@ function login($username, $password, $makehash=true) { $password = sha1($password); } - $query = prepare("SELECT `id`, `type`, `boards`, `password`, `salt` FROM `mods` WHERE `username` = :username"); + $query = prepare("SELECT `id`, `type`, `boards`, `password`, `salt` FROM ``mods`` WHERE `username` = :username"); $query->bindValue(':username', $username); $query->execute() or error(db_error($query)); @@ -83,7 +83,7 @@ function destroyCookies() { function modLog($action, $_board=null) { global $mod, $board, $config; - $query = prepare("INSERT INTO `modlogs` VALUES (:id, :ip, :board, :time, :text)"); + $query = prepare("INSERT INTO ``modlogs`` VALUES (:id, :ip, :board, :time, :text)"); $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR']); $query->bindValue(':time', time(), PDO::PARAM_INT); @@ -112,7 +112,7 @@ if (isset($_COOKIE[$config['cookies']['mod']])) { exit; } - $query = prepare("SELECT `id`, `type`, `boards`, `password` FROM `mods` WHERE `username` = :username"); + $query = prepare("SELECT `id`, `type`, `boards`, `password` FROM ``mods`` WHERE `username` = :username"); $query->bindValue(':username', $cookie[0]); $query->execute() or error(db_error($query)); $user = $query->fetch(PDO::FETCH_ASSOC); @@ -143,7 +143,7 @@ function create_pm_header() { return $header; } - $query = prepare("SELECT `id` FROM `pms` WHERE `to` = :id AND `unread` = 1"); + $query = prepare("SELECT `id` FROM ``pms`` WHERE `to` = :id AND `unread` = 1"); $query->bindValue(':id', $mod['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); diff --git a/inc/mod/ban.php b/inc/mod/ban.php index cfc2636f..9166223f 100644 --- a/inc/mod/ban.php +++ b/inc/mod/ban.php @@ -56,7 +56,7 @@ function parse_time($str) { function ban($mask, $reason, $length, $board) { global $mod, $pdo; - $query = prepare("INSERT INTO `bans` VALUES (NULL, :ip, :mod, :time, :expires, :reason, :board, 0)"); + $query = prepare("INSERT INTO ``bans`` VALUES (NULL, :ip, :mod, :time, :expires, :reason, :board, 0)"); $query->bindValue(':ip', $mask); $query->bindValue(':mod', $mod['id']); $query->bindValue(':time', time()); @@ -89,12 +89,12 @@ function ban($mask, $reason, $length, $board) { } function unban($id) { - $query = prepare("SELECT `ip` FROM `bans` WHERE `id` = :id"); + $query = prepare("SELECT `ip` FROM ``bans`` WHERE `id` = :id"); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); $mask = $query->fetchColumn(); - $query = prepare("DELETE FROM `bans` WHERE `id` = :id"); + $query = prepare("DELETE FROM ``bans`` WHERE `id` = :id"); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 3ff6a9b1..1e0dc7c9 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -82,7 +82,7 @@ function mod_dashboard() { if (hasPermission($config['mod']['noticeboard'])) { if (!$config['cache']['enabled'] || !$args['noticeboard'] = cache::get('noticeboard_preview')) { - $query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :limit"); + $query = prepare("SELECT ``noticeboard``.*, `username` FROM ``noticeboard`` LEFT JOIN ``mods`` ON ``mods``.`id` = `mod` ORDER BY `id` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); $args['noticeboard'] = $query->fetchAll(PDO::FETCH_ASSOC); @@ -93,7 +93,7 @@ function mod_dashboard() { } if (!$config['cache']['enabled'] || ($args['unread_pms'] = cache::get('pm_unreadcount_' . $mod['id'])) == false) { - $query = prepare('SELECT COUNT(*) FROM `pms` WHERE `to` = :id AND `unread` = 1'); + $query = prepare('SELECT COUNT(*) FROM ``pms`` WHERE `to` = :id AND `unread` = 1'); $query->bindValue(':id', $mod['id']); $query->execute() or error(db_error($query)); $args['unread_pms'] = $query->fetchColumn(); @@ -102,7 +102,7 @@ function mod_dashboard() { cache::set('pm_unreadcount_' . $mod['id'], $args['unread_pms']); } - $query = query('SELECT COUNT(*) FROM `reports`') or error(db_error($query)); + $query = query('SELECT COUNT(*) FROM ``reports``') or error(db_error($query)); $args['reports'] = $query->fetchColumn(); if ($mod['type'] >= ADMIN && $config['check_updates']) { @@ -208,6 +208,8 @@ function mod_search($type, $search_query_escaped, $page_no = 1) { // Use asterisk as wildcard instead $query = str_replace('*', '%', $query); + $query = str_replace('`', '!`', $query); + // Array of phrases to match $match = array(); @@ -271,7 +273,7 @@ function mod_search($type, $search_query_escaped, $page_no = 1) { if (!empty($query)) $query .= ' UNION ALL '; - $query .= sprintf("SELECT *, '%s' AS `board` FROM `posts_%s` WHERE %s", $board['uri'], $board['uri'], $sql_like); + $query .= sprintf("SELECT *, '%s' AS `board` FROM ``posts_%s`` WHERE %s", $board['uri'], $board['uri'], $sql_like); } // You weren't allowed to search any boards @@ -282,21 +284,21 @@ function mod_search($type, $search_query_escaped, $page_no = 1) { } if ($type == 'IP_notes') { - $query = 'SELECT * FROM `ip_notes` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE ' . $sql_like . ' ORDER BY `time` DESC'; + $query = 'SELECT * FROM ``ip_notes`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE ' . $sql_like . ' ORDER BY `time` DESC'; $sql_table = 'ip_notes'; if (!hasPermission($config['mod']['view_notes']) || !hasPermission($config['mod']['show_ip'])) error($config['error']['noaccess']); } if ($type == 'bans') { - $query = 'SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE ' . $sql_like . ' ORDER BY (`expires` IS NOT NULL AND `expires` < UNIX_TIMESTAMP()), `set` DESC'; + $query = 'SELECT ``bans``.*, `username` FROM ``bans`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE ' . $sql_like . ' ORDER BY (`expires` IS NOT NULL AND `expires` < UNIX_TIMESTAMP()), `set` DESC'; $sql_table = 'bans'; if (!hasPermission($config['mod']['view_banlist'])) error($config['error']['noaccess']); } if ($type == 'log') { - $query = 'SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE ' . $sql_like . ' ORDER BY `time` DESC'; + $query = 'SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE ' . $sql_like . ' ORDER BY `time` DESC'; $sql_table = 'modlogs'; if (!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']); @@ -353,7 +355,7 @@ function mod_edit_board($boardName) { if (!hasPermission($config['mod']['manageboards'], $board['uri'])) error($config['error']['deleteboard']); - $query = prepare('DELETE FROM `boards` WHERE `uri` = :uri'); + $query = prepare('DELETE FROM ``boards`` WHERE `uri` = :uri'); $query->bindValue(':uri', $board['uri']); $query->execute() or error(db_error($query)); @@ -363,19 +365,19 @@ function mod_edit_board($boardName) { rrmdir($board['uri'] . '/'); // Delete posting table - $query = query(sprintf('DROP TABLE IF EXISTS `posts_%s`', $board['uri'])) or error(db_error()); + $query = query(sprintf('DROP TABLE IF EXISTS ``posts_%s``', $board['uri'])) or error(db_error()); // Clear reports - $query = prepare('DELETE FROM `reports` WHERE `board` = :id'); + $query = prepare('DELETE FROM ``reports`` WHERE `board` = :id'); $query->bindValue(':id', $board['uri'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); // Delete from table - $query = prepare('DELETE FROM `boards` WHERE `uri` = :uri'); + $query = prepare('DELETE FROM ``boards`` WHERE `uri` = :uri'); $query->bindValue(':uri', $board['uri'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); - $query = prepare("SELECT `board`, `post` FROM `cites` WHERE `target_board` = :board"); + $query = prepare("SELECT `board`, `post` FROM ``cites`` WHERE `target_board` = :board"); $query->bindValue(':board', $board['uri']); $query->execute() or error(db_error($query)); while ($cite = $query->fetch(PDO::FETCH_ASSOC)) { @@ -387,28 +389,28 @@ function mod_edit_board($boardName) { } } - $query = prepare('DELETE FROM `cites` WHERE `board` = :board OR `target_board` = :board'); + $query = prepare('DELETE FROM ``cites`` WHERE `board` = :board OR `target_board` = :board'); $query->bindValue(':board', $board['uri']); $query->execute() or error(db_error($query)); - $query = prepare('DELETE FROM `antispam` WHERE `board` = :board'); + $query = prepare('DELETE FROM ``antispam`` WHERE `board` = :board'); $query->bindValue(':board', $board['uri']); $query->execute() or error(db_error($query)); // Remove board from users/permissions table - $query = query('SELECT `id`,`boards` FROM `mods`') or error(db_error()); + $query = query('SELECT `id`,`boards` FROM ``mods``') or error(db_error()); while ($user = $query->fetch(PDO::FETCH_ASSOC)) { $user_boards = explode(',', $user['boards']); if (in_array($board['uri'], $user_boards)) { unset($user_boards[array_search($board['uri'], $user_boards)]); - $_query = prepare('UPDATE `mods` SET `boards` = :boards WHERE `id` = :id'); + $_query = prepare('UPDATE ``mods`` SET `boards` = :boards WHERE `id` = :id'); $_query->bindValue(':boards', implode(',', $user_boards)); $_query->bindValue(':id', $user['id']); $_query->execute() or error(db_error($_query)); } } } else { - $query = prepare('UPDATE `boards` SET `title` = :title, `subtitle` = :subtitle WHERE `uri` = :uri'); + $query = prepare('UPDATE ``boards`` SET `title` = :title, `subtitle` = :subtitle WHERE `uri` = :uri'); $query->bindValue(':uri', $board['uri']); $query->bindValue(':title', $_POST['title']); $query->bindValue(':subtitle', $_POST['subtitle']); @@ -467,7 +469,7 @@ function mod_new_board() { error(sprintf($config['error']['boardexists'], $board['url'])); } - $query = prepare('INSERT INTO `boards` VALUES (:uri, :title, :subtitle)'); + $query = prepare('INSERT INTO ``boards`` VALUES (:uri, :title, :subtitle)'); $query->bindValue(':uri', $_POST['uri']); $query->bindValue(':title', $_POST['title']); $query->bindValue(':subtitle', $_POST['subtitle']); @@ -510,7 +512,7 @@ function mod_noticeboard($page_no = 1) { $_POST['body'] = escape_markup_modifiers($_POST['body']); markup($_POST['body']); - $query = prepare('INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)'); + $query = prepare('INSERT INTO ``noticeboard`` VALUES (NULL, :mod, :time, :subject, :body)'); $query->bindValue(':mod', $mod['id']); $query->bindvalue(':time', time()); $query->bindValue(':subject', $_POST['subject']); @@ -525,7 +527,7 @@ function mod_noticeboard($page_no = 1) { header('Location: ?/noticeboard#' . $pdo->lastInsertId(), true, $config['redirect_http']); } - $query = prepare("SELECT `noticeboard`.*, `username` FROM `noticeboard` LEFT JOIN `mods` ON `mods`.`id` = `mod` ORDER BY `id` DESC LIMIT :offset, :limit"); + $query = prepare("SELECT ``noticeboard``.*, `username` FROM ``noticeboard`` LEFT JOIN ``mods`` ON ``mods``.`id` = `mod` ORDER BY `id` DESC LIMIT :offset, :limit"); $query->bindValue(':limit', $config['mod']['noticeboard_page'], PDO::PARAM_INT); $query->bindValue(':offset', ($page_no - 1) * $config['mod']['noticeboard_page'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -534,7 +536,7 @@ function mod_noticeboard($page_no = 1) { if (empty($noticeboard) && $page_no > 1) error($config['error']['404']); - $query = prepare("SELECT COUNT(*) FROM `noticeboard`"); + $query = prepare("SELECT COUNT(*) FROM ``noticeboard``"); $query->execute() or error(db_error($query)); $count = $query->fetchColumn(); @@ -547,7 +549,7 @@ function mod_noticeboard_delete($id) { if (!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']); - $query = prepare('DELETE FROM `noticeboard` WHERE `id` = :id'); + $query = prepare('DELETE FROM ``noticeboard`` WHERE `id` = :id'); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); @@ -572,7 +574,7 @@ function mod_news($page_no = 1) { $_POST['body'] = escape_markup_modifiers($_POST['body']); markup($_POST['body']); - $query = prepare('INSERT INTO `news` VALUES (NULL, :name, :time, :subject, :body)'); + $query = prepare('INSERT INTO ``news`` VALUES (NULL, :name, :time, :subject, :body)'); $query->bindValue(':name', isset($_POST['name']) && hasPermission($config['mod']['news_custom']) ? $_POST['name'] : $mod['username']); $query->bindvalue(':time', time()); $query->bindValue(':subject', $_POST['subject']); @@ -586,7 +588,7 @@ function mod_news($page_no = 1) { header('Location: ?/news#' . $pdo->lastInsertId(), true, $config['redirect_http']); } - $query = prepare("SELECT * FROM `news` ORDER BY `id` DESC LIMIT :offset, :limit"); + $query = prepare("SELECT * FROM ``news`` ORDER BY `id` DESC LIMIT :offset, :limit"); $query->bindValue(':limit', $config['mod']['news_page'], PDO::PARAM_INT); $query->bindValue(':offset', ($page_no - 1) * $config['mod']['news_page'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -595,7 +597,7 @@ function mod_news($page_no = 1) { if (empty($news) && $page_no > 1) error($config['error']['404']); - $query = prepare("SELECT COUNT(*) FROM `news`"); + $query = prepare("SELECT COUNT(*) FROM ``news``"); $query->execute() or error(db_error($query)); $count = $query->fetchColumn(); @@ -608,7 +610,7 @@ function mod_news_delete($id) { if (!hasPermission($config['mod']['news_delete'])) error($config['error']['noaccess']); - $query = prepare('DELETE FROM `news` WHERE `id` = :id'); + $query = prepare('DELETE FROM ``news`` WHERE `id` = :id'); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); @@ -626,7 +628,7 @@ function mod_log($page_no = 1) { if (!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']); - $query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY `time` DESC LIMIT :offset, :limit"); + $query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` ORDER BY `time` DESC LIMIT :offset, :limit"); $query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT); $query->bindValue(':offset', ($page_no - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -635,7 +637,7 @@ function mod_log($page_no = 1) { if (empty($logs) && $page_no > 1) error($config['error']['404']); - $query = prepare("SELECT COUNT(*) FROM `modlogs`"); + $query = prepare("SELECT COUNT(*) FROM ``modlogs``"); $query->execute() or error(db_error($query)); $count = $query->fetchColumn(); @@ -651,7 +653,7 @@ function mod_user_log($username, $page_no = 1) { if (!hasPermission($config['mod']['modlog'])) error($config['error']['noaccess']); - $query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `username` = :username ORDER BY `time` DESC LIMIT :offset, :limit"); + $query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `username` = :username ORDER BY `time` DESC LIMIT :offset, :limit"); $query->bindValue(':username', $username); $query->bindValue(':limit', $config['mod']['modlog_page'], PDO::PARAM_INT); $query->bindValue(':offset', ($page_no - 1) * $config['mod']['modlog_page'], PDO::PARAM_INT); @@ -661,7 +663,7 @@ function mod_user_log($username, $page_no = 1) { if (empty($logs) && $page_no > 1) error($config['error']['404']); - $query = prepare("SELECT COUNT(*) FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `username` = :username"); + $query = prepare("SELECT COUNT(*) FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `username` = :username"); $query->bindValue(':username', $username); $query->execute() or error(db_error($query)); $count = $query->fetchColumn(); @@ -707,7 +709,7 @@ function mod_ip_remove_note($ip, $id) { if (filter_var($ip, FILTER_VALIDATE_IP) === false) error("Invalid IP address."); - $query = prepare('DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id'); + $query = prepare('DELETE FROM ``ip_notes`` WHERE `ip` = :ip AND `id` = :id'); $query->bindValue(':ip', $ip); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); @@ -741,7 +743,7 @@ function mod_page_ip($ip) { $_POST['note'] = escape_markup_modifiers($_POST['note']); markup($_POST['note']); - $query = prepare('INSERT INTO `ip_notes` VALUES (NULL, :ip, :mod, :time, :body)'); + $query = prepare('INSERT INTO ``ip_notes`` VALUES (NULL, :ip, :mod, :time, :body)'); $query->bindValue(':ip', $ip); $query->bindValue(':mod', $mod['id']); $query->bindValue(':time', time()); @@ -766,7 +768,7 @@ function mod_page_ip($ip) { openBoard($board['uri']); if (!hasPermission($config['mod']['show_ip'], $board['uri'])) continue; - $query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $board['uri'])); + $query = prepare(sprintf('SELECT * FROM ``posts_%s`` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $board['uri'])); $query->bindValue(':ip', $ip); $query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -798,21 +800,21 @@ function mod_page_ip($ip) { $args['token'] = make_secure_link_token('ban'); if (hasPermission($config['mod']['view_ban'])) { - $query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); + $query = prepare("SELECT ``bans``.*, `username` FROM ``bans`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `ip` = :ip"); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); $args['bans'] = $query->fetchAll(PDO::FETCH_ASSOC); } if (hasPermission($config['mod']['view_notes'])) { - $query = prepare("SELECT `ip_notes`.*, `username` FROM `ip_notes` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `ip` = :ip"); + $query = prepare("SELECT ``ip_notes``.*, `username` FROM ``ip_notes`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `ip` = :ip"); $query->bindValue(':ip', $ip); $query->execute() or error(db_error($query)); $args['notes'] = $query->fetchAll(PDO::FETCH_ASSOC); } if (hasPermission($config['mod']['modlog_ip'])) { - $query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `text` LIKE :search ORDER BY `time` DESC LIMIT 20"); + $query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `text` LIKE :search ORDER BY `time` DESC LIMIT 20"); $query->bindValue(':search', '%' . $ip . '%'); $query->execute() or error(db_error($query)); $args['logs'] = $query->fetchAll(PDO::FETCH_ASSOC); @@ -865,7 +867,7 @@ function mod_bans($page_no = 1) { if (isset($config['mod']['unban_limit'])){ if (count($unban) <= $config['mod']['unban_limit'] || $config['mod']['unban_limit'] == -1){ if (!empty($unban)) { - query('DELETE FROM `bans` WHERE `id` = ' . implode(' OR `id` = ', $unban)) or error(db_error()); + query('DELETE FROM ``bans`` WHERE `id` = ' . implode(' OR `id` = ', $unban)) or error(db_error()); foreach ($unban as $id) { modLog("Removed ban #{$id}"); @@ -878,7 +880,7 @@ function mod_bans($page_no = 1) { } else { if (!empty($unban)) { - query('DELETE FROM `bans` WHERE `id` = ' . implode(' OR `id` = ', $unban)) or error(db_error()); + query('DELETE FROM ``bans`` WHERE `id` = ' . implode(' OR `id` = ', $unban)) or error(db_error()); foreach ($unban as $id) { modLog("Removed ban #{$id}"); @@ -890,10 +892,10 @@ function mod_bans($page_no = 1) { } if ($config['mod']['view_banexpired']) { - $query = prepare("SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC LIMIT :offset, :limit"); + $query = prepare("SELECT ``bans``.*, `username` FROM ``bans`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` ORDER BY (`expires` IS NOT NULL AND `expires` < :time), `set` DESC LIMIT :offset, :limit"); } else { // Filter out expired bans - $query = prepare("SELECT `bans`.*, `username` FROM `bans` INNER JOIN `mods` ON `mod` = `mods`.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC LIMIT :offset, :limit"); + $query = prepare("SELECT ``bans``.*, `username` FROM ``bans`` INNER JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `expires` = 0 OR `expires` > :time ORDER BY `set` DESC LIMIT :offset, :limit"); } $query->bindValue(':time', time(), PDO::PARAM_INT); $query->bindValue(':limit', $config['mod']['banlist_page'], PDO::PARAM_INT); @@ -904,7 +906,7 @@ function mod_bans($page_no = 1) { if (empty($bans) && $page_no > 1) error($config['error']['404']); - $query = prepare("SELECT COUNT(*) FROM `bans`"); + $query = prepare("SELECT COUNT(*) FROM ``bans``"); $query->execute() or error(db_error($query)); $count = $query->fetchColumn(); @@ -926,7 +928,7 @@ function mod_lock($board, $unlock, $post) { if (!hasPermission($config['mod']['lock'], $board)) error($config['error']['noaccess']); - $query = prepare(sprintf('UPDATE `posts_%s` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL', $board)); + $query = prepare(sprintf('UPDATE ``posts_%s`` SET `locked` = :locked WHERE `id` = :id AND `thread` IS NULL', $board)); $query->bindValue(':id', $post); $query->bindValue(':locked', $unlock ? 0 : 1); $query->execute() or error(db_error($query)); @@ -937,7 +939,7 @@ function mod_lock($board, $unlock, $post) { } if ($config['mod']['dismiss_reports_on_lock']) { - $query = prepare('DELETE FROM `reports` WHERE `board` = :board AND `post` = :id'); + $query = prepare('DELETE FROM ``reports`` WHERE `board` = :board AND `post` = :id'); $query->bindValue(':board', $board); $query->bindValue(':id', $post); $query->execute() or error(db_error($query)); @@ -960,7 +962,7 @@ function mod_sticky($board, $unsticky, $post) { if (!hasPermission($config['mod']['sticky'], $board)) error($config['error']['noaccess']); - $query = prepare(sprintf('UPDATE `posts_%s` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL', $board)); + $query = prepare(sprintf('UPDATE ``posts_%s`` SET `sticky` = :sticky WHERE `id` = :id AND `thread` IS NULL', $board)); $query->bindValue(':id', $post); $query->bindValue(':sticky', $unsticky ? 0 : 1); $query->execute() or error(db_error($query)); @@ -982,7 +984,7 @@ function mod_bumplock($board, $unbumplock, $post) { if (!hasPermission($config['mod']['bumplock'], $board)) error($config['error']['noaccess']); - $query = prepare(sprintf('UPDATE `posts_%s` SET `sage` = :bumplock WHERE `id` = :id AND `thread` IS NULL', $board)); + $query = prepare(sprintf('UPDATE ``posts_%s`` SET `sage` = :bumplock WHERE `id` = :id AND `thread` IS NULL', $board)); $query->bindValue(':id', $post); $query->bindValue(':bumplock', $unbumplock ? 0 : 1); $query->execute() or error(db_error($query)); @@ -1004,7 +1006,7 @@ function mod_move($originBoard, $postID) { if (!hasPermission($config['mod']['move'], $originBoard)) error($config['error']['noaccess']); - $query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL', $originBoard)); + $query = prepare(sprintf('SELECT * FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL', $originBoard)); $query->bindValue(':id', $postID); $query->execute() or error(db_error($query)); if (!$post = $query->fetch(PDO::FETCH_ASSOC)) @@ -1052,7 +1054,7 @@ function mod_move($originBoard, $postID) { // go back to the original board to fetch replies openBoard($originBoard); - $query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id`', $originBoard)); + $query = prepare(sprintf('SELECT * FROM ``posts_%s`` WHERE `thread` = :id ORDER BY `id`', $originBoard)); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -1081,7 +1083,7 @@ function mod_move($originBoard, $postID) { openBoard($targetBoard); foreach ($replies as &$post) { - $query = prepare('SELECT `target` FROM `cites` WHERE `target_board` = :board AND `board` = :board AND `post` = :post'); + $query = prepare('SELECT `target` FROM ``cites`` WHERE `target_board` = :board AND `board` = :board AND `post` = :post'); $query->bindValue(':board', $originBoard); $query->bindValue(':post', $post['id'], PDO::PARAM_INT); $query->execute() or error(db_error($qurey)); @@ -1113,7 +1115,7 @@ function mod_move($originBoard, $postID) { } foreach ($post['tracked_cites'] as $cite) { - $query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)'); + $query = prepare('INSERT INTO ``cites`` VALUES (:board, :post, :target_board, :target)'); $query->bindValue(':board', $board['uri']); $query->bindValue(':post', $newPostID, PDO::PARAM_INT); $query->bindValue(':target_board',$cite[0]); @@ -1138,7 +1140,7 @@ function mod_move($originBoard, $postID) { if ($shadow) { // lock old thread - $query = prepare(sprintf('UPDATE `posts_%s` SET `locked` = 1 WHERE `id` = :id', $originBoard)); + $query = prepare(sprintf('UPDATE ``posts_%s`` SET `locked` = 1 WHERE `id` = :id', $originBoard)); $query->bindValue(':id', $postID, PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -1197,7 +1199,7 @@ function mod_ban_post($board, $delete, $post, $token = false) { $security_token = make_secure_link_token($board . '/ban/' . $post); - $query = prepare(sprintf('SELECT `ip`, `thread` FROM `posts_%s` WHERE `id` = :id', $board)); + $query = prepare(sprintf('SELECT `ip`, `thread` FROM ``posts_%s`` WHERE `id` = :id', $board)); $query->bindValue(':id', $post); $query->execute() or error(db_error($query)); if (!$_post = $query->fetch(PDO::FETCH_ASSOC)) @@ -1220,7 +1222,7 @@ function mod_ban_post($board, $delete, $post, $token = false) { $_POST['message'] = preg_replace('/[\r\n]/', '', $_POST['message']); $_POST['message'] = str_replace('%length%', $length_english, $_POST['message']); $_POST['message'] = str_replace('%LENGTH%', strtoupper($length_english), $_POST['message']); - $query = prepare(sprintf('UPDATE `posts_%s` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board)); + $query = prepare(sprintf('UPDATE ``posts_%s`` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board)); $query->bindValue(':id', $post); $query->bindValue(':body_nomarkup', sprintf("\n%s", utf8tohtml($_POST['message']))); $query->execute() or error(db_error($query)); @@ -1267,7 +1269,7 @@ function mod_edit_post($board, $edit_raw_html, $postID) { $security_token = make_secure_link_token($board . '/edit' . ($edit_raw_html ? '_raw' : '') . '/' . $postID); - $query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `id` = :id', $board)); + $query = prepare(sprintf('SELECT * FROM ``posts_%s`` WHERE `id` = :id', $board)); $query->bindValue(':id', $postID); $query->execute() or error(db_error($query)); @@ -1276,9 +1278,9 @@ function mod_edit_post($board, $edit_raw_html, $postID) { if (isset($_POST['name'], $_POST['email'], $_POST['subject'], $_POST['body'])) { if ($edit_raw_html) - $query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body` = :body, `body_nomarkup` = :body_nomarkup WHERE `id` = :id', $board)); + $query = prepare(sprintf('UPDATE ``posts_%s`` SET `name` = :name, `email` = :email, `subject` = :subject, `body` = :body, `body_nomarkup` = :body_nomarkup WHERE `id` = :id', $board)); else - $query = prepare(sprintf('UPDATE `posts_%s` SET `name` = :name, `email` = :email, `subject` = :subject, `body_nomarkup` = :body WHERE `id` = :id', $board)); + $query = prepare(sprintf('UPDATE ``posts_%s`` SET `name` = :name, `email` = :email, `subject` = :subject, `body_nomarkup` = :body WHERE `id` = :id', $board)); $query->bindValue(':id', $postID); $query->bindValue('name', $_POST['name']); $query->bindValue(':email', $_POST['email']); @@ -1369,7 +1371,7 @@ function mod_deletebyip($boardName, $post, $global = false) { error($config['error']['noaccess']); // Find IP address - $query = prepare(sprintf('SELECT `ip` FROM `posts_%s` WHERE `id` = :id', $boardName)); + $query = prepare(sprintf('SELECT `ip` FROM ``posts_%s`` WHERE `id` = :id', $boardName)); $query->bindValue(':id', $post); $query->execute() or error(db_error($query)); if (!$ip = $query->fetchColumn()) @@ -1379,7 +1381,7 @@ function mod_deletebyip($boardName, $post, $global = false) { $query = ''; foreach ($boards as $_board) { - $query .= sprintf("SELECT `thread`, `id`, '%s' AS `board` FROM `posts_%s` WHERE `ip` = :ip UNION ALL ", $_board['uri'], $_board['uri']); + $query .= sprintf("SELECT `thread`, `id`, '%s' AS `board` FROM ``posts_%s`` WHERE `ip` = :ip UNION ALL ", $_board['uri'], $_board['uri']); } $query = preg_replace('/UNION ALL $/', '', $query); @@ -1431,7 +1433,7 @@ function mod_user($uid) { if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $uid == $mod['id'])) error($config['error']['noaccess']); - $query = prepare('SELECT * FROM `mods` WHERE `id` = :id'); + $query = prepare('SELECT * FROM ``mods`` WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->execute() or error(db_error($query)); if (!$user = $query->fetch(PDO::FETCH_ASSOC)) @@ -1457,7 +1459,7 @@ function mod_user($uid) { if (!hasPermission($config['mod']['deleteusers'])) error($config['error']['noaccess']); - $query = prepare('DELETE FROM `mods` WHERE `id` = :id'); + $query = prepare('DELETE FROM ``mods`` WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->execute() or error(db_error($query)); @@ -1471,7 +1473,7 @@ function mod_user($uid) { if ($_POST['username'] == '') error(sprintf($config['error']['required'], 'username')); - $query = prepare('UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id'); + $query = prepare('UPDATE ``mods`` SET `username` = :username, `boards` = :boards WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->bindValue(':username', $_POST['username']); $query->bindValue(':boards', implode(',', $boards)); @@ -1486,7 +1488,7 @@ function mod_user($uid) { $salt = generate_salt(); $password = hash('sha256', $salt . sha1($_POST['password'])); - $query = prepare('UPDATE `mods` SET `password` = :password, `salt` = :salt WHERE `id` = :id'); + $query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->bindValue(':password', $password); $query->bindValue(':salt', $salt); @@ -1513,7 +1515,7 @@ function mod_user($uid) { $salt = generate_salt(); $password = hash('sha256', $salt . sha1($_POST['password'])); - $query = prepare('UPDATE `mods` SET `password` = :password, `salt` = :salt WHERE `id` = :id'); + $query = prepare('UPDATE ``mods`` SET `password` = :password, `salt` = :salt WHERE `id` = :id'); $query->bindValue(':id', $uid); $query->bindValue(':password', $password); $query->bindValue(':salt', $salt); @@ -1534,7 +1536,7 @@ function mod_user($uid) { } if (hasPermission($config['mod']['modlog'])) { - $query = prepare('SELECT * FROM `modlogs` WHERE `mod` = :id ORDER BY `time` DESC LIMIT 5'); + $query = prepare('SELECT * FROM ``modlogs`` WHERE `mod` = :id ORDER BY `time` DESC LIMIT 5'); $query->bindValue(':id', $uid); $query->execute() or error(db_error($query)); $log = $query->fetchAll(PDO::FETCH_ASSOC); @@ -1581,7 +1583,7 @@ function mod_user_new() { $salt = generate_salt(); $password = hash('sha256', $salt . sha1($_POST['password'])); - $query = prepare('INSERT INTO `mods` VALUES (NULL, :username, :password, :salt, :type, :boards)'); + $query = prepare('INSERT INTO ``mods`` VALUES (NULL, :username, :password, :salt, :type, :boards)'); $query->bindValue(':username', $_POST['username']); $query->bindValue(':password', $password); $query->bindValue(':salt', $salt); @@ -1607,7 +1609,7 @@ function mod_users() { if (!hasPermission($config['mod']['manageusers'])) error($config['error']['noaccess']); - $query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error()); + $query = query("SELECT *, (SELECT `time` FROM ``modlogs`` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM ``modlogs`` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM ``mods`` ORDER BY `type` DESC,`id`") or error(db_error()); $users = $query->fetchAll(PDO::FETCH_ASSOC); mod_page(sprintf('%s (%d)', _('Manage users'), count($users)), 'mod/users.html', array('users' => $users)); @@ -1619,7 +1621,7 @@ function mod_user_promote($uid, $action) { if (!hasPermission($config['mod']['promoteusers'])) error($config['error']['noaccess']); - $query = prepare("UPDATE `mods` SET `type` = `type` " . ($action == 'promote' ? "+1 WHERE `type` < " . (int)ADMIN : "-1 WHERE `type` > " . (int)JANITOR) . " AND `id` = :id"); + $query = prepare("UPDATE ``mods`` SET `type` = `type` " . ($action == 'promote' ? "+1 WHERE `type` < " . (int)ADMIN : "-1 WHERE `type` > " . (int)JANITOR) . " AND `id` = :id"); $query->bindValue(':id', $uid); $query->execute() or error(db_error($query)); @@ -1634,7 +1636,7 @@ function mod_pm($id, $reply = false) { if ($reply && !hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']); - $query = prepare("SELECT `mods`.`username`, `mods_to`.`username` AS `to_username`, `pms`.* FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` LEFT JOIN `mods` AS `mods_to` ON `mods_to`.`id` = `to` WHERE `pms`.`id` = :id"); + $query = prepare("SELECT ``mods``.`username`, `mods_to`.`username` AS `to_username`, ``pms``.* FROM ``pms`` LEFT JOIN ``mods`` ON ``mods``.`id` = `sender` LEFT JOIN ``mods`` AS `mods_to` ON `mods_to`.`id` = `to` WHERE ``pms``.`id` = :id"); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); @@ -1642,7 +1644,7 @@ function mod_pm($id, $reply = false) { error($config['error']['404']); if (isset($_POST['delete'])) { - $query = prepare("DELETE FROM `pms` WHERE `id` = :id"); + $query = prepare("DELETE FROM ``pms`` WHERE `id` = :id"); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); @@ -1656,7 +1658,7 @@ function mod_pm($id, $reply = false) { } if ($pm['unread'] && $pm['to'] == $mod['id']) { - $query = prepare("UPDATE `pms` SET `unread` = 0 WHERE `id` = :id"); + $query = prepare("UPDATE ``pms`` SET `unread` = 0 WHERE `id` = :id"); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); @@ -1683,12 +1685,12 @@ function mod_pm($id, $reply = false) { function mod_inbox() { global $config, $mod; - $query = prepare('SELECT `unread`,`pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC'); + $query = prepare('SELECT `unread`,``pms``.`id`, `time`, `sender`, `to`, `message`, `username` FROM ``pms`` LEFT JOIN ``mods`` ON ``mods``.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC'); $query->bindValue(':mod', $mod['id']); $query->execute() or error(db_error($query)); $messages = $query->fetchAll(PDO::FETCH_ASSOC); - $query = prepare('SELECT COUNT(*) FROM `pms` WHERE `to` = :mod AND `unread` = 1'); + $query = prepare('SELECT COUNT(*) FROM ``pms`` WHERE `to` = :mod AND `unread` = 1'); $query->bindValue(':mod', $mod['id']); $query->execute() or error(db_error($query)); $unread = $query->fetchColumn(); @@ -1710,12 +1712,12 @@ function mod_new_pm($username) { if (!hasPermission($config['mod']['create_pm'])) error($config['error']['noaccess']); - $query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username"); + $query = prepare("SELECT `id` FROM ``mods`` WHERE `username` = :username"); $query->bindValue(':username', $username); $query->execute() or error(db_error($query)); if (!$id = $query->fetchColumn()) { // Old style ?/PM: by user ID - $query = prepare("SELECT `username` FROM `mods` WHERE `id` = :username"); + $query = prepare("SELECT `username` FROM ``mods`` WHERE `id` = :username"); $query->bindValue(':username', $username); $query->execute() or error(db_error($query)); if ($username = $query->fetchColumn()) @@ -1728,7 +1730,7 @@ function mod_new_pm($username) { $_POST['message'] = escape_markup_modifiers($_POST['message']); markup($_POST['message']); - $query = prepare("INSERT INTO `pms` VALUES (NULL, :me, :id, :message, :time, 1)"); + $query = prepare("INSERT INTO ``pms`` VALUES (NULL, :me, :id, :message, :time, 1)"); $query->bindValue(':me', $mod['id']); $query->bindValue(':id', $id); $query->bindValue(':message', $_POST['message']); @@ -1801,7 +1803,7 @@ function mod_rebuild() { } if (isset($_POST['rebuild_thread'])) { - $query = query(sprintf("SELECT `id` FROM `posts_%s` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); + $query = query(sprintf("SELECT `id` FROM ``posts_%s`` WHERE `thread` IS NULL", $board['uri'])) or error(db_error()); while ($post = $query->fetch(PDO::FETCH_ASSOC)) { $log[] = '' . sprintf($config['board_abbreviation'], $board['uri']) . ': Rebuilding thread #' . $post['id']; buildThread($post['id']); @@ -1822,7 +1824,7 @@ function mod_reports() { if (!hasPermission($config['mod']['reports'])) error($config['error']['noaccess']); - $query = prepare("SELECT * FROM `reports` ORDER BY `time` DESC LIMIT :limit"); + $query = prepare("SELECT * FROM ``reports`` ORDER BY `time` DESC LIMIT :limit"); $query->bindValue(':limit', $config['mod']['recent_reports'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); $reports = $query->fetchAll(PDO::FETCH_ASSOC); @@ -1838,7 +1840,7 @@ function mod_reports() { foreach ($report_queries as $board => $posts) { $report_posts[$board] = array(); - $query = query(sprintf('SELECT * FROM `posts_%s` WHERE `id` = ' . implode(' OR `id` = ', $posts), $board)) or error(db_error()); + $query = query(sprintf('SELECT * FROM ``posts_%s`` WHERE `id` = ' . implode(' OR `id` = ', $posts), $board)) or error(db_error()); while ($post = $query->fetch(PDO::FETCH_ASSOC)) { $report_posts[$board][$post['id']] = $post; } @@ -1849,7 +1851,7 @@ function mod_reports() { foreach ($reports as $report) { if (!isset($report_posts[$report['board']][$report['post']])) { // // Invalid report (post has since been deleted) - $query = prepare("DELETE FROM `reports` WHERE `post` = :id AND `board` = :board"); + $query = prepare("DELETE FROM ``reports`` WHERE `post` = :id AND `board` = :board"); $query->bindValue(':id', $report['post'], PDO::PARAM_INT); $query->bindValue(':board', $report['board']); $query->execute() or error(db_error($query)); @@ -1905,7 +1907,7 @@ function mod_reports() { function mod_report_dismiss($id, $all = false) { global $config; - $query = prepare("SELECT `post`, `board`, `ip` FROM `reports` WHERE `id` = :id"); + $query = prepare("SELECT `post`, `board`, `ip` FROM ``reports`` WHERE `id` = :id"); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); if ($report = $query->fetch(PDO::FETCH_ASSOC)) { @@ -1922,10 +1924,10 @@ function mod_report_dismiss($id, $all = false) { error($config['error']['noaccess']); if ($all) { - $query = prepare("DELETE FROM `reports` WHERE `ip` = :ip"); + $query = prepare("DELETE FROM ``reports`` WHERE `ip` = :ip"); $query->bindValue(':ip', $ip); } else { - $query = prepare("DELETE FROM `reports` WHERE `id` = :id"); + $query = prepare("DELETE FROM ``reports`` WHERE `id` = :id"); $query->bindValue(':id', $id); } $query->execute() or error(db_error($query)); @@ -2035,7 +2037,7 @@ function mod_themes_list() { if (!$dir = opendir($config['dir']['themes'])) error(_('Cannot open themes directory; check permissions.')); - $query = query('SELECT `theme` FROM `theme_settings` WHERE `name` IS NULL AND `value` IS NULL') or error(db_error()); + $query = query('SELECT `theme` FROM ``theme_settings`` WHERE `name` IS NULL AND `value` IS NULL') or error(db_error()); $themes_in_use = $query->fetchAll(PDO::FETCH_COLUMN); // Scan directory for themes @@ -2071,19 +2073,19 @@ function mod_theme_configure($theme_name) { } // Clear previous settings - $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); + $query = prepare("DELETE FROM ``theme_settings`` WHERE `theme` = :theme"); $query->bindValue(':theme', $theme_name); $query->execute() or error(db_error($query)); foreach ($theme['config'] as &$conf) { - $query = prepare("INSERT INTO `theme_settings` VALUES(:theme, :name, :value)"); + $query = prepare("INSERT INTO ``theme_settings`` VALUES(:theme, :name, :value)"); $query->bindValue(':theme', $theme_name); $query->bindValue(':name', $conf['name']); $query->bindValue(':value', $_POST[$conf['name']]); $query->execute() or error(db_error($query)); } - $query = prepare("INSERT INTO `theme_settings` VALUES(:theme, NULL, NULL)"); + $query = prepare("INSERT INTO ``theme_settings`` VALUES(:theme, NULL, NULL)"); $query->bindValue(':theme', $theme_name); $query->execute() or error(db_error($query)); @@ -2101,7 +2103,7 @@ function mod_theme_configure($theme_name) { if (!$result) { // Install failed - $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); + $query = prepare("DELETE FROM ``theme_settings`` WHERE `theme` = :theme"); $query->bindValue(':theme', $theme_name); $query->execute() or error(db_error($query)); } @@ -2133,7 +2135,7 @@ function mod_theme_uninstall($theme_name) { if (!hasPermission($config['mod']['themes'])) error($config['error']['noaccess']); - $query = prepare("DELETE FROM `theme_settings` WHERE `theme` = :theme"); + $query = prepare("DELETE FROM ``theme_settings`` WHERE `theme` = :theme"); $query->bindValue(':theme', $theme_name); $query->execute() or error(db_error($query)); @@ -2164,7 +2166,7 @@ function mod_debug_antispam() { $where .= ' AND `thread` = ' . $pdo->quote($_POST['thread']); if (isset($_POST['purge'])) { - $query = prepare(', DATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where); + $query = prepare(', DATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where); $query->bindValue(':expires', $config['spam']['hidden_inputs_expire']); $query->execute() or error(db_error()); } @@ -2175,16 +2177,16 @@ function mod_debug_antispam() { $where = ''; } - $query = query('SELECT COUNT(*) FROM `antispam`' . ($where ? " WHERE $where" : '')) or error(db_error()); + $query = query('SELECT COUNT(*) FROM ``antispam``' . ($where ? " WHERE $where" : '')) or error(db_error()); $args['total'] = number_format($query->fetchColumn()); - $query = query('SELECT COUNT(*) FROM `antispam` WHERE `expires` IS NOT NULL' . ($where ? " AND $where" : '')) or error(db_error()); + $query = query('SELECT COUNT(*) FROM ``antispam`` WHERE `expires` IS NOT NULL' . ($where ? " AND $where" : '')) or error(db_error()); $args['expiring'] = number_format($query->fetchColumn()); - $query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `passed` DESC LIMIT 40') or error(db_error()); + $query = query('SELECT * FROM ``antispam`` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `passed` DESC LIMIT 40') or error(db_error()); $args['top'] = $query->fetchAll(PDO::FETCH_ASSOC); - $query = query('SELECT * FROM `antispam` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `created` DESC LIMIT 20') or error(db_error()); + $query = query('SELECT * FROM ``antispam`` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `created` DESC LIMIT 20') or error(db_error()); $args['recent'] = $query->fetchAll(PDO::FETCH_ASSOC); mod_page(_('Debug: Anti-spam'), 'mod/debug/antispam.html', $args); @@ -2200,7 +2202,7 @@ function mod_debug_recent_posts() { // Manually build an SQL query $query = 'SELECT * FROM ('; foreach ($boards as $board) { - $query .= sprintf('SELECT *, %s AS `board` FROM `posts_%s` UNION ALL ', $pdo->quote($board['uri']), $board['uri']); + $query .= sprintf('SELECT *, %s AS `board` FROM ``posts_%s`` UNION ALL ', $pdo->quote($board['uri']), $board['uri']); } // Remove the last "UNION ALL" seperator and complete the query $query = preg_replace('/UNION ALL $/', ') AS `all_posts` ORDER BY `time` DESC LIMIT ' . $limit, $query); diff --git a/install.php b/install.php index 847876ab..2f51b22f 100644 --- a/install.php +++ b/install.php @@ -501,6 +501,9 @@ if ($step == 0) { + + + @@ -668,7 +671,8 @@ if ($step == 0) { $queries[] = Element('posts.sql', array('board' => 'b')); $sql_errors = ''; - foreach ($queries as &$query) { + foreach ($queries as $query) { + $query = preg_replace('/^([\w\s]*)`([0-9a-zA-Z$_\x{0080}-\x{FFFF}]+)`/u', '$1``$2``', $query); if (!query($query)) $sql_errors .= '
  • ' . db_error() . '
    • '; } diff --git a/post.php b/post.php index f4499845..22782ca7 100644 --- a/post.php +++ b/post.php @@ -48,7 +48,7 @@ if (isset($_POST['delete'])) { error($config['error']['nodelete']); foreach ($delete as &$id) { - $query = prepare(sprintf("SELECT `thread`, `time`,`password` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); + $query = prepare(sprintf("SELECT `thread`, `time`,`password` FROM ``posts_%s`` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -111,7 +111,7 @@ if (isset($_POST['delete'])) { markup($reason); foreach ($report as &$id) { - $query = prepare(sprintf("SELECT `thread` FROM `posts_%s` WHERE `id` = :id", $board['uri'])); + $query = prepare(sprintf("SELECT `thread` FROM ``posts_%s`` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); @@ -123,7 +123,7 @@ if (isset($_POST['delete'])) { '/' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $thread ? $thread : $id) . ($thread ? '#' . $id : '') . ' for "' . $reason . '"' ); - $query = prepare("INSERT INTO `reports` VALUES (NULL, :time, :ip, :board, :post, :reason)"); + $query = prepare("INSERT INTO ``reports`` VALUES (NULL, :time, :ip, :board, :post, :reason)"); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->bindValue(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR); $query->bindValue(':board', $board['uri'], PDO::PARAM_INT); @@ -227,7 +227,7 @@ if (isset($_POST['delete'])) { //Check if thread exists if (!$post['op']) { - $query = prepare(sprintf("SELECT `sticky`,`locked`,`sage` FROM `posts_%s` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); + $query = prepare(sprintf("SELECT `sticky`,`locked`,`sage` FROM ``posts_%s`` WHERE `id` = :id AND `thread` IS NULL LIMIT 1", $board['uri'])); $query->bindValue(':id', $post['thread'], PDO::PARAM_INT); $query->execute() or error(db_error()); @@ -583,7 +583,7 @@ if (isset($_POST['delete'])) { if (isset($post['tracked_cites'])) { foreach ($post['tracked_cites'] as $cite) { - $query = prepare('INSERT INTO `cites` VALUES (:board, :post, :target_board, :target)'); + $query = prepare('INSERT INTO ``cites`` VALUES (:board, :post, :target_board, :target)'); $query->bindValue(':board', $board['uri']); $query->bindValue(':post', $id, PDO::PARAM_INT); $query->bindValue(':target_board',$cite[0]); diff --git a/templates/posts.sql b/templates/posts.sql index 698fad77..ca2ec304 100644 --- a/templates/posts.sql +++ b/templates/posts.sql @@ -1,4 +1,4 @@ -CREATE TABLE IF NOT EXISTS `posts_{{ board }}` ( +CREATE TABLE IF NOT EXISTS ``posts_{{ board }}`` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `thread` int(11) DEFAULT NULL, `subject` varchar(100) DEFAULT NULL, diff --git a/templates/themes/basic/theme.php b/templates/themes/basic/theme.php index 7ba0d1e7..6ba09ce6 100644 --- a/templates/themes/basic/theme.php +++ b/templates/themes/basic/theme.php @@ -25,7 +25,7 @@ $settings['no_recent'] = (int) $settings['no_recent']; - $query = query("SELECT * FROM `news` ORDER BY `time` DESC" . ($settings['no_recent'] ? ' LIMIT ' . $settings['no_recent'] : '')) or error(db_error()); + $query = query("SELECT * FROM ``news`` ORDER BY `time` DESC" . ($settings['no_recent'] ? ' LIMIT ' . $settings['no_recent'] : '')) or error(db_error()); $news = $query->fetchAll(PDO::FETCH_ASSOC); return Element('themes/basic/index.html', Array( diff --git a/templates/themes/catalog/theme.php b/templates/themes/catalog/theme.php index 5c9f6769..4e2d40db 100644 --- a/templates/themes/catalog/theme.php +++ b/templates/themes/catalog/theme.php @@ -37,7 +37,7 @@ $recent_posts = array(); $stats = array(); - $query = query(sprintf("SELECT *, `id` AS `thread_id`, (SELECT COUNT(*) FROM `posts_%s` WHERE `thread` = `thread_id`) AS `reply_count`, '%s' AS `board` FROM `posts_%s` WHERE `thread` IS NULL ORDER BY `bump` DESC", $board_name, $board_name, $board_name)) or error(db_error()); + $query = query(sprintf("SELECT *, `id` AS `thread_id`, (SELECT COUNT(*) FROM ``posts_%s`` WHERE `thread` = `thread_id`) AS `reply_count`, '%s' AS `board` FROM ``posts_%s`` WHERE `thread` IS NULL ORDER BY `bump` DESC", $board_name, $board_name, $board_name)) or error(db_error()); while ($post = $query->fetch(PDO::FETCH_ASSOC)) { $post['link'] = $config['root'] . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], ($post['thread'] ? $post['thread'] : $post['id'])); diff --git a/templates/themes/categories/theme.php b/templates/themes/categories/theme.php index 7d468d0d..74ed61ed 100644 --- a/templates/themes/categories/theme.php +++ b/templates/themes/categories/theme.php @@ -36,7 +36,7 @@ public static function news($settings) { global $config; - $query = query("SELECT * FROM `news` ORDER BY `time` DESC") or error(db_error()); + $query = query("SELECT * FROM ``news`` ORDER BY `time` DESC") or error(db_error()); $news = $query->fetchAll(PDO::FETCH_ASSOC); return Element('themes/categories/news.html', Array( diff --git a/templates/themes/frameset/theme.php b/templates/themes/frameset/theme.php index 5fd9d29e..ffab0538 100644 --- a/templates/themes/frameset/theme.php +++ b/templates/themes/frameset/theme.php @@ -36,7 +36,7 @@ public static function news($settings) { global $config; - $query = query("SELECT * FROM `news` ORDER BY `time` DESC") or error(db_error()); + $query = query("SELECT * FROM ``news`` ORDER BY `time` DESC") or error(db_error()); $news = $query->fetchAll(PDO::FETCH_ASSOC); return Element('themes/frameset/news.html', Array( diff --git a/templates/themes/recent/theme.php b/templates/themes/recent/theme.php index 98fabfa1..08d910f8 100644 --- a/templates/themes/recent/theme.php +++ b/templates/themes/recent/theme.php @@ -42,7 +42,7 @@ foreach ($boards as &$_board) { if (in_array($_board['uri'], $this->excluded)) continue; - $query .= sprintf("SELECT *, '%s' AS `board` FROM `posts_%s` WHERE `file` IS NOT NULL AND `file` != 'deleted' AND `thumb` != 'spoiler' UNION ALL ", $_board['uri'], $_board['uri']); + $query .= sprintf("SELECT *, '%s' AS `board` FROM ``posts_%s`` WHERE `file` IS NOT NULL AND `file` != 'deleted' AND `thumb` != 'spoiler' UNION ALL ", $_board['uri'], $_board['uri']); } $query = preg_replace('/UNION ALL $/', 'ORDER BY `time` DESC LIMIT ' . (int)$settings['limit_images'], $query); $query = query($query) or error(db_error()); @@ -62,7 +62,7 @@ foreach ($boards as &$_board) { if (in_array($_board['uri'], $this->excluded)) continue; - $query .= sprintf("SELECT *, '%s' AS `board` FROM `posts_%s` UNION ALL ", $_board['uri'], $_board['uri']); + $query .= sprintf("SELECT *, '%s' AS `board` FROM ``posts_%s`` UNION ALL ", $_board['uri'], $_board['uri']); } $query = preg_replace('/UNION ALL $/', 'ORDER BY `time` DESC LIMIT ' . (int)$settings['limit_posts'], $query); $query = query($query) or error(db_error()); @@ -82,7 +82,7 @@ foreach ($boards as &$_board) { if (in_array($_board['uri'], $this->excluded)) continue; - $query .= sprintf("SELECT MAX(`id`) AS `top` FROM `posts_%s` UNION ALL ", $_board['uri']); + $query .= sprintf("SELECT MAX(`id`) AS `top` FROM ``posts_%s`` UNION ALL ", $_board['uri']); } $query = preg_replace('/UNION ALL $/', ') AS `posts_all`', $query); $query = query($query) or error(db_error()); @@ -93,7 +93,7 @@ foreach ($boards as &$_board) { if (in_array($_board['uri'], $this->excluded)) continue; - $query .= sprintf("SELECT `ip` FROM `posts_%s` UNION ALL ", $_board['uri']); + $query .= sprintf("SELECT `ip` FROM ``posts_%s`` UNION ALL ", $_board['uri']); } $query = preg_replace('/UNION ALL $/', ') AS `posts_all`', $query); $query = query($query) or error(db_error()); @@ -104,7 +104,7 @@ foreach ($boards as &$_board) { if (in_array($_board['uri'], $this->excluded)) continue; - $query .= sprintf("SELECT `filesize` FROM `posts_%s` UNION ALL ", $_board['uri']); + $query .= sprintf("SELECT `filesize` FROM ``posts_%s`` UNION ALL ", $_board['uri']); } $query = preg_replace('/UNION ALL $/', ') AS `posts_all`', $query); $query = query($query) or error(db_error()); diff --git a/templates/themes/rrdtool/theme.php b/templates/themes/rrdtool/theme.php index 0e0a2f15..a14169a3 100644 --- a/templates/themes/rrdtool/theme.php +++ b/templates/themes/rrdtool/theme.php @@ -61,7 +61,7 @@ // debug just the graphing (not updating) with the --debug switch if (!isset($argv[1]) || $argv[1] != '--debug') { // Update graph - $query = query(sprintf("SELECT MAX(`id`) FROM `posts_%s`", $board)); + $query = query(sprintf("SELECT MAX(`id`) FROM ``posts_%s``", $board)); $count = $query->fetchColumn(); if (!rrd_update($file, Array( diff --git a/templates/themes/sitemap/theme.php b/templates/themes/sitemap/theme.php index e210316b..226f8357 100644 --- a/templates/themes/sitemap/theme.php +++ b/templates/themes/sitemap/theme.php @@ -19,7 +19,7 @@ $threads = array(); foreach ($boards as $board) { - $query = query(sprintf("SELECT `id` AS `thread_id`, (SELECT `time` FROM `posts_%s` WHERE `thread` = `thread_id` OR `id` = `thread_id` ORDER BY `time` DESC LIMIT 1) AS `lastmod` FROM `posts_%s` WHERE `thread` IS NULL", $board, $board)) or error(db_error()); + $query = query(sprintf("SELECT `id` AS `thread_id`, (SELECT `time` FROM ``posts_%s`` WHERE `thread` = `thread_id` OR `id` = `thread_id` ORDER BY `time` DESC LIMIT 1) AS `lastmod` FROM ``posts_%s`` WHERE `thread` IS NULL", $board, $board)) or error(db_error()); $threads[$board] = $query->fetchAll(PDO::FETCH_ASSOC); }