$real_sql_query .= ' MAX_CONNECTIONS_PER_HOUR ' . $max_connections;                    $sql_query .= ' MAX_CONNECTIONS_PER_HOUR ' . $max_connections;                }                if (isset($max_updates)) {                    $max_updates = max(0, (int)$max_updates);                    $real_sql_query .= ' MAX_UPDATES_PER_HOUR ' . $max_updates;                    $sql_query .= ' MAX_UPDATES_PER_HOUR ' . $max_updates;                }            }            if (PMA_MYSQL_INT_VERSION >= 50003) {                if (isset($max_user_connections)) {                    $max_user_connections = max(0, (int)$max_user_connections);                    $real_sql_query .= ' MAX_USER_CONNECTIONS ' . $max_user_connections;                    $sql_query .= ' MAX_USER_CONNECTIONS ' . $max_user_connections;                }            }        }        if ( isset( $create_user_real ) ) {            $create_user_real .= ';';            $create_user_show .= ';';        }        $real_sql_query .= ';';        $sql_query .= ';';        if (empty($change_copy)) {            if ( isset( $create_user_real ) ) {                PMA_DBI_try_query($create_user_real) or PMA_mysqlDie(PMA_DBI_getError(), $create_user_show);                $sql_query = $create_user_show . $sql_query;            }            PMA_DBI_try_query($real_sql_query) or PMA_mysqlDie(PMA_DBI_getError(), $sql_query);            $message = $GLOBALS['strAddUserMessage'];            /* Create database for new user */            if (isset($createdb) && $createdb > 0) {                if ($createdb == 1) {                    $q = 'CREATE DATABASE IF NOT EXISTS ' . PMA_backquote(PMA_sqlAddslashes($username)) . ';';                    $sql_query .= $q;                    PMA_DBI_try_query($q) or PMA_mysqlDie(PMA_DBI_getError(), $sql_query);                    $GLOBALS['reload'] = TRUE;                    PMA_reloadNavigation();                    $q = 'GRANT ALL PRIVILEGES ON ' . PMA_backquote(PMA_sqlAddslashes($username)) . '.* TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';                    $sql_query .= $q;                    PMA_DBI_try_query($q) or PMA_mysqlDie(PMA_DBI_getError(), $sql_query);                } elseif ($createdb == 2) {                    $q = 'GRANT ALL PRIVILEGES ON ' . PMA_backquote(PMA_sqlAddslashes($username) . '\_%') . '.* TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';                    $sql_query .= $q;                    PMA_DBI_try_query($q) or PMA_mysqlDie(PMA_DBI_getError(), $sql_query);                }            }        } else {            if ( isset( $create_user_real ) ) {                $queries[]             = $create_user_real;            }            $queries[]             = $real_sql_query;            // we put the query containing the hidden password in            // $queries_for_display, at the same position occupied            // by the real query in $queries            $tmp_count = count($queries);            if ( isset( $create_user_real ) ) {                $queries_for_display[$tmp_count - 2] = $create_user_show;            }            $queries_for_display[$tmp_count - 1] = $sql_query;        }        unset($res, $real_sql_query);    }}/** * Changes / copies a user, part III */if (!empty($change_copy)) {    $user_host_condition =        ' WHERE ' . PMA_convert_using('User')        .' = ' . PMA_convert_using(PMA_sqlAddslashes($old_username), 'quoted')        .' AND ' . PMA_convert_using('Host')        .' = ' . PMA_convert_using($old_hostname, 'quoted') . ';';    $res = PMA_DBI_query('SELECT * FROM `mysql`.`db`' . $user_host_condition );    while ($row = PMA_DBI_fetch_assoc($res)) {        $queries[] =            'GRANT ' . join(', ', PMA_extractPrivInfo($row))            .' ON `' . $row['Db'] . '`.*'            .' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\''            . ( $row['Grant_priv'] == 'Y' ? ' WITH GRANT OPTION;' : ';' );    }    PMA_DBI_free_result($res);    $res = PMA_DBI_query(        'SELECT `Db`, `Table_name`, `Table_priv`'        .' FROM `mysql`.`tables_priv`' . $user_host_condition,        $GLOBALS['userlink'], PMA_DBI_QUERY_STORE );    while ($row = PMA_DBI_fetch_assoc($res)) {        $res2 = PMA_DBI_QUERY(            'SELECT `Column_name`, `Column_priv`'            .' FROM `mysql`.`columns_priv`'            .' WHERE ' . PMA_convert_using('User')            .' = ' . PMA_convert_using(PMA_sqlAddslashes($old_username), 'quoted')            .' AND ' . PMA_convert_using('`Host`')            .' = ' . PMA_convert_using($old_hostname, 'quoted')            .' AND ' . PMA_convert_using('`Db`')            .' = ' . PMA_convert_using($row['Db'], 'quoted')            .' AND ' . PMA_convert_using('`Table_name`')            .' = ' . PMA_convert_using($row['Table_name'], 'quoted')            .';',            null, PMA_DBI_QUERY_STORE);        $tmp_privs1 = PMA_extractPrivInfo($row);        $tmp_privs2 = array(            'Select' => array(),            'Insert' => array(),            'Update' => array(),            'References' => array()        );        while ($row2 = PMA_DBI_fetch_assoc($res2)) {            $tmp_array = explode(',', $row2['Column_priv']);            if (in_array('Select', $tmp_array)) {                $tmp_privs2['Select'][] = $row2['Column_name'];            }            if (in_array('Insert', $tmp_array)) {                $tmp_privs2['Insert'][] = $row2['Column_name'];            }            if (in_array('Update', $tmp_array)) {                $tmp_privs2['Update'][] = $row2['Column_name'];            }            if (in_array('References', $tmp_array)) {                $tmp_privs2['References'][] = $row2['Column_name'];            }            unset($tmp_array);        }        if (count($tmp_privs2['Select']) > 0 && !in_array('SELECT', $tmp_privs1)) {            $tmp_privs1[] = 'SELECT (`' . join('`, `', $tmp_privs2['Select']) . '`)';        }        if (count($tmp_privs2['Insert']) > 0 && !in_array('INSERT', $tmp_privs1)) {            $tmp_privs1[] = 'INSERT (`' . join('`, `', $tmp_privs2['Insert']) . '`)';        }        if (count($tmp_privs2['Update']) > 0 && !in_array('UPDATE', $tmp_privs1)) {            $tmp_privs1[] = 'UPDATE (`' . join('`, `', $tmp_privs2['Update']) . '`)';        }        if (count($tmp_privs2['References']) > 0 && !in_array('REFERENCES', $tmp_privs1)) {            $tmp_privs1[] = 'REFERENCES (`' . join('`, `', $tmp_privs2['References']) . '`)';        }        unset($tmp_privs2);        $queries[] =            'GRANT ' . join(', ', $tmp_privs1)            . ' ON `' . $row['Db'] . '`.`' . $row['Table_name']            . '` TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\''            . (in_array('Grant', explode(',', $row['Table_priv'])) ? ' WITH GRANT OPTION;' : ';');    }}/** * Updates privileges */if (!empty($update_privs)) {    // escaping a wildcard character in a GRANT is only accepted at the global    // or database level, not at table level; this is why I remove    // the escaping character    // Note: in the phpMyAdmin list of Database-specific privileges,    //  we will have for example    //  test\_db  SELECT (this one is for privileges on a db level)    //  test_db   USAGE  (this one is for table-specific privileges)    //    // It looks curious but reflects the way MySQL works    if (! isset($dbname) || ! strlen($dbname)) {        $db_and_table = '*.*';    } else {        if ( isset( $tablename ) && strlen($tablename) ) {            $db_and_table = PMA_backquote( PMA_unescape_mysql_wildcards( $dbname ) ) . '.';            $db_and_table .= PMA_backquote( $tablename );        } else {            $db_and_table = PMA_backquote( $dbname ) . '.';            $db_and_table .= '*';        }    }    $sql_query0 =        'REVOKE ALL PRIVILEGES ON ' . $db_and_table        . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';    if (!isset($Grant_priv) || $Grant_priv != 'Y') {        $sql_query1 =            'REVOKE GRANT OPTION ON ' . $db_and_table            . ' FROM \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\';';    }    $sql_query2 =        'GRANT ' . join(', ', PMA_extractPrivInfo())        . ' ON ' . $db_and_table        . ' TO \'' . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'';    /**     * @todo similar code appears twice in this script     */    if ( ( isset($Grant_priv) && $Grant_priv == 'Y')      || ( ( ! isset($dbname) || ! strlen($dbname) ) && PMA_MYSQL_INT_VERSION >= 40002        && ( isset($max_questions) || isset($max_connections)          || isset($max_updates) || isset($max_user_connections))))    {        $sql_query2 .= 'WITH';        if (isset($Grant_priv) && $Grant_priv == 'Y') {            $sql_query2 .= ' GRANT OPTION';        }        if (PMA_MYSQL_INT_VERSION >= 40002) {            if (isset($max_questions)) {                $max_questions = max(0, (int)$max_questions);                $sql_query2 .= ' MAX_QUERIES_PER_HOUR ' . $max_questions;            }            if (isset($max_connections)) {                $max_connections = max(0, (int)$max_connections);                $sql_query2 .= ' MAX_CONNECTIONS_PER_HOUR ' . $max_connections;            }            if (isset($max_updates)) {                $max_updates = max(0, (int)$max_updates);                $sql_query2 .= ' MAX_UPDATES_PER_HOUR ' . $max_updates;            }        }        if (PMA_MYSQL_INT_VERSION >= 50003) {            if (isset($max_user_connections)) {                $max_user_connections = max(0, (int)$max_user_connections);                $sql_query2 .= ' MAX_USER_CONNECTIONS ' . $max_user_connections;            }        }    }    $sql_query2 .= ';';    if (!PMA_DBI_try_query($sql_query0)) { // this query may fail, but this does not matter :o)        // a case when it can fail is when the admin does not have all        // privileges: he can't do a REVOKE ALL PRIVILEGES !        // so at least we display the error        echo PMA_DBI_getError();        unset($sql_query0);    }    if (isset($sql_query1) && !PMA_DBI_try_query($sql_query1)) { // this one may fail, too...        unset($sql_query1);    }    PMA_DBI_query($sql_query2);    $sql_query = (isset($sql_query0) ? $sql_query0 . ' ' : '')               . (isset($sql_query1) ? $sql_query1 . ' ' : '')               . $sql_query2;    $message = sprintf($GLOBALS['strUpdatePrivMessage'], '\'' . $username . '\'@\'' . $hostname . '\'');}/** * Revokes Privileges */if (!empty($revokeall)) {    if ( ! isset($dbname) || ! strlen($dbname) ) {        $db_and_table = '*.*';    } else {        if ( ! isset( $tablename ) || ! strlen($tablename) ) {            $db_and_table = PMA_backquote( $dbname ) . '.';            $db_and_table .= '*';        } else {            $db_and_table = PMA_backquote( PMA_unescape_mysql_wildcards( $dbname ) ) . '.';            $db_and_table .= PMA_backquote( $tablename );        }    }    $sql_query0 =        'REVOKE ALL PRIVILEGES ON ' . $db_and_table        . ' FROM \'' . $username . '\'@\'' . $hostname . '\';';    $sql_query1 =        'REVOKE GRANT OPTION ON ' . $db_and_table        . ' FROM \'' . $username . '\'@\'' . $hostname . '\';';    PMA_DBI_query($sql_query0);    if (!PMA_DBI_try_query($sql_query1)) { // this one may fail, too...