Add optional database table prefix (issue #118; see issue comments fo…

…r details)
vichan-devel · Aug 1, 2013 · 9343651 · 9343651
1 parent 1364d84
commit 9343651
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/search.php b/search.php
@@ -17,21 +17,21 @@
 		$phrase = $_GET['search'];
 		$_body = '';
 
-		$query = prepare("SELECT COUNT(*) FROM `search_queries` WHERE `ip` = :ip AND `time` > :time");
+		$query = prepare("SELECT COUNT(*) FROM ``search_queries`` WHERE `ip` = :ip AND `time` > :time");
 		$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
 		$query->bindValue(':time', time() - ($queries_per_minutes[1] * 60));
 		$query->execute() or error(db_error($query));
 		if($query->fetchColumn() > $queries_per_minutes[0])
 			error(_('Wait a while before searching again, please.'));
 
-		$query = prepare("SELECT COUNT(*) FROM `search_queries` WHERE `time` > :time");
+		$query = prepare("SELECT COUNT(*) FROM ``search_queries`` WHERE `time` > :time");
 		$query->bindValue(':time', time() - ($queries_per_minutes_all[1] * 60));
 		$query->execute() or error(db_error($query));
 		if($query->fetchColumn() > $queries_per_minutes_all[0])
 			error(_('Wait a while before searching again, please.'));
 
 
-		$query = prepare("INSERT INTO `search_queries` VALUES (:ip, :time, :query)");
+		$query = prepare("INSERT INTO ``search_queries`` VALUES (:ip, :time, :query)");
 		$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
 		$query->bindValue(':time', time());
 		$query->bindValue(':query', $phrase);
@@ -40,7 +40,7 @@
 		_syslog(LOG_NOTICE, 'Searched /' . $_GET['board'] . '/ for "' . $phrase . '"');
 
 		// Cleanup search queries table
-		$query = prepare("DELETE FROM `search_queries` WHERE `time` <= :time");
+		$query = prepare("DELETE FROM ``search_queries`` WHERE `time` <= :time");
 		$query->bindValue(':time', time() - ($queries_per_minutes_all[1] * 60));
                 $query->execute() or error(db_error($query));
 
@@ -85,6 +85,9 @@ function search_filters($m) {
 		// Use asterisk as wildcard to suit convention
 		$phrase = str_replace('*', '%', $phrase);
 
+		// Remove `, it's used by table prefix magic
+		$phrase = str_replace('`', '!`', $phrase);
+
 		$like = '';
 		$match = Array();
 
@@ -119,7 +122,7 @@ function search_filters($m) {
 
 		$like = str_replace('%', '%%', $like);
 
-		$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri']));
+		$query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE " . $like . " ORDER BY `time` DESC LIMIT :limit", $board['uri']));
 		$query->bindValue(':limit', $search_limit, PDO::PARAM_INT);
 		$query->execute() or error(db_error($query));
 

diff --git a/templates/themes/ukko/theme.php b/templates/themes/ukko/theme.php
@@ -25,7 +25,7 @@ public function build($mod = false) {
 			foreach($boards as &$_board) {
 				if(in_array($_board['uri'], explode(' ', $this->settings['exclude'])))
 					continue;
-				$query .= sprintf("SELECT *, '%s' AS `board` FROM `posts_%s` WHERE `thread` IS NULL UNION ALL ", $_board['uri'], $_board['uri']);
+				$query .= sprintf("SELECT *, '%s' AS `board` FROM ``posts_%s`` WHERE `thread` IS NULL UNION ALL ", $_board['uri'], $_board['uri']);
 			}
 			$query = preg_replace('/UNION ALL $/', 'ORDER BY `bump` DESC', $query);
 			$query = query($query) or error(db_error());
@@ -48,7 +48,7 @@ public function build($mod = false) {
 						$post['filename'], $post['ip'], $post['sticky'], $post['locked'], $post['sage'], $post['embed'], $mod ? '?/' : $config['root'], $mod
 					);
 
-					$posts = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `thread` = :id ORDER BY `id` DESC LIMIT :limit", $post['board']));
+					$posts = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE `thread` = :id ORDER BY `id` DESC LIMIT :limit", $post['board']));
 					$posts->bindValue(':id', $post['id']);
 					$posts->bindValue(':limit', ($post['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview']), PDO::PARAM_INT);
 					$posts->execute() or error(db_error($posts));
@@ -66,7 +66,7 @@ public function build($mod = false) {
 
 					}
 					if ($posts->rowCount() == ($post['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview'])) {
-						$ct = prepare(sprintf("SELECT COUNT(`id`) as `num` FROM `posts_%s` WHERE `thread` = :thread UNION ALL SELECT COUNT(`id`) FROM `posts_%s` WHERE `file` IS NOT NULL AND `thread` = :thread", $post['board'], $post['board']));
+						$ct = prepare(sprintf("SELECT COUNT(`id`) as `num` FROM ``posts_%s`` WHERE `thread` = :thread UNION ALL SELECT COUNT(`id`) FROM `posts_%s` WHERE `file` IS NOT NULL AND `thread` = :thread", $post['board'], $post['board']));
 						$ct->bindValue(':thread', $post['id'], PDO::PARAM_INT);
 						$ct->execute() or error(db_error($count));