Revision 721
Added by doc about 16 years ago
| save.php | ||
|---|---|---|
| 225 | 225 |
if(!isset($_POST['database_name']) OR $_POST['database_name'] == '') {
|
| 226 | 226 |
set_error('Please enter a database name', 'database_name');
|
| 227 | 227 |
} else {
|
| 228 |
// make sure only allowed characters are specified |
|
| 229 |
if(preg_match('/[^a-z0-9_]+/i', $_POST['database_name'])) {
|
|
| 230 |
// contains invalid characters (only a-z, A-Z, 0-9 and _ allowed to avoid problems with table/field names) |
|
| 231 |
set_error('Only characters a-z, A-Z, 0-9 and _ allowed as database name.', 'database_name');
|
|
| 232 |
} |
|
| 228 | 233 |
$database_name = $_POST['database_name']; |
| 229 | 234 |
} |
| 230 | 235 |
// Get table prefix |
| 231 |
$table_prefix = $_POST['table_prefix']; |
|
| 236 |
if(preg_match('/[^a-z0-9_]+/i', $_POST['table_prefix'])) {
|
|
| 237 |
// contains invalid characters (only a-z, A-Z, 0-9 and _ allowed to avoid problems with table/field names) |
|
| 238 |
set_error('Only characters a-z, A-Z, 0-9 and _ allowed as table_prefix.', 'table_prefix');
|
|
| 239 |
} else {
|
|
| 240 |
$table_prefix = $_POST['table_prefix']; |
|
| 241 |
} |
|
| 242 |
|
|
| 232 | 243 |
// Find out if the user wants to install tables and data |
| 233 | 244 |
if(isset($_POST['install_tables']) AND $_POST['install_tables'] == 'true') {
|
| 234 | 245 |
$install_tables = true; |
Also available in: Unified diff
restricted database name and table prefix to "a-zA-Z0-9_" (avoid problems with non quoted table/field names)