$err1[] = 'Database already exists.';
}
} else {
- $msg1[] = 'Database `'.$dbname.'` created.';
+ $msg1[] = 'Database `'.htmlentities($dbname).'` created.';
}
$i_newdb = $dbname;
return array($msg1, $err1);
$dropdbs = array_keys($i_drop);
foreach($dropdbs as $dbname) {
if ($User->delDB($dbname)) {
- $msg1[] = 'Database `'.$dbname.'` dropped.';
+ $msg1[] = 'Database `'.htmlentities($dbname).'` dropped.';
} else {
$err1[] = mysql_error();
}
$dropdbs = array_keys($i_dropask);
echo '<form method="post" action="', $URI,'">';
foreach($dropdbs as $dbname) {
- $msg1[] = 'Are you sure you want to drop `'.$dbname.'`? <input style="position:absolute; right:20px;" type="submit" name="drop['.$dbname.']" value="Yes">';
+ $msg1[] = 'Are you sure you want to drop `'.htmlentities($dbname).'`? <input style="position:absolute; right:20px;" type="submit" name="drop['.htmlentities($dbname).']" value="Yes">';
}
echo '</form>';
}
else $percentage = 0;
echo printBar($percentage, $db['Name'], str_replace(' ', ' ', sprintSize($db['nBytes'])));
echo '</td><td>';
- echo '<input type="submit" name="dropask[',$db['Name'],']" value="drop">';
+ echo '<input type="submit" name="dropask[',htmlentities($db['Name']),']" value="drop">';
echo '</td></tr>';
}
if ($total>0) {