search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Translated using Weblate (Slovenian)
[phpmyadmin.git] / tbl_replace.php
blob34f1a3cb9bd063fac3d3d96539288cbc649d0414
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Manipulation of table data like inserting, replacing and updating
5 *
6 * Usually called as form action from tbl_change.php to insert or update table rows
7 *
8 * @todo 'edit_next' tends to not work as expected if used ...
9 * at least there is no order by it needs the original query
10 * and the row number and than replace the LIMIT clause
11 *
12 * @package PhpMyAdmin
13 */
14 declare(strict_types=1);
15
16 use PhpMyAdmin\Core;
17 use PhpMyAdmin\DatabaseInterface;
18 use PhpMyAdmin\File;
19 use PhpMyAdmin\InsertEdit;
20 use PhpMyAdmin\Message;
21 use PhpMyAdmin\Plugins\IOTransformationsPlugin;
22 use PhpMyAdmin\Relation;
23 use PhpMyAdmin\Response;
24 use PhpMyAdmin\Table;
25 use PhpMyAdmin\Transformations;
26 use PhpMyAdmin\Util;
27
28 if (! defined('ROOT_PATH')) {
29 define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
30 }
31
32 global $containerBuilder, $db, $table, $url_params;
33
34 require_once ROOT_PATH . 'libraries/common.inc.php';
35
36 /** @var Response $response */
37 $response = $containerBuilder->get(Response::class);
38
39 /** @var DatabaseInterface $dbi */
40 $dbi = $containerBuilder->get(DatabaseInterface::class);
41
42 // Check parameters
43 Util::checkParameters(['db', 'table', 'goto']);
44
45 $dbi->selectDb($db);
46
47 /**
48 * Initializes some variables
49 */
50 $goto_include = false;
51
52 $header = $response->getHeader();
53 $scripts = $header->getScripts();
54 $scripts->addFile('makegrid.js');
55 // Needed for generation of Inline Edit anchors
56 $scripts->addFile('vendor/stickyfill.min.js');
57 $scripts->addFile('sql.js');
58 $scripts->addFile('indexes.js');
59 $scripts->addFile('gis_data_editor.js');
60
61 /** @var Relation $relation */
62 $relation = $containerBuilder->get('relation');
63 /** @var Transformations $transformations */
64 $transformations = $containerBuilder->get('transformations');
65 /** @var InsertEdit $insertEdit */
66 $insertEdit = $containerBuilder->get('insert_edit');
67
68 // check whether insert row mode, if so include tbl_change.php
69 $insertEdit->isInsertRow();
70
71 $after_insert_actions = [
72 'new_insert',
73 'same_insert',
74 'edit_next',
75 ];
76 if (isset($_POST['after_insert'])
77 && in_array($_POST['after_insert'], $after_insert_actions)
78 ) {
79 $url_params['after_insert'] = $_POST['after_insert'];
80 if (isset($_POST['where_clause'])) {
81 foreach ($_POST['where_clause'] as $one_where_clause) {
82 if ($_POST['after_insert'] == 'same_insert') {
83 $url_params['where_clause'][] = $one_where_clause;
84 } elseif ($_POST['after_insert'] == 'edit_next') {
85 $insertEdit->setSessionForEditNext($one_where_clause);
86 }
87 }
88 }
89 }
90 //get $goto_include for different cases
91 $goto_include = $insertEdit->getGotoInclude($goto_include);
92
93 // Defines the url to return in case of failure of the query
94 $err_url = $insertEdit->getErrorUrl($url_params);
95
96 /**
97 * Prepares the update/insert of a row
98 */
99 list($loop_array, $using_key, $is_insert, $is_insertignore)
100 = $insertEdit->getParamsForUpdateOrInsert();
101
102 $query = [];
103 $value_sets = [];
104 $func_no_param = [
105 'CONNECTION_ID',
106 'CURRENT_USER',
107 'CURDATE',
108 'CURTIME',
109 'CURRENT_DATE',
110 'CURRENT_TIME',
111 'DATABASE',
112 'LAST_INSERT_ID',
113 'NOW',
114 'PI',
115 'RAND',
116 'SYSDATE',
117 'UNIX_TIMESTAMP',
118 'USER',
119 'UTC_DATE',
120 'UTC_TIME',
121 'UTC_TIMESTAMP',
122 'UUID',
123 'UUID_SHORT',
124 'VERSION',
125 ];
126 $func_optional_param = [
127 'RAND',
128 'UNIX_TIMESTAMP',
129 ];
130
131 $gis_from_text_functions = [
132 'GeomFromText',
133 'GeomCollFromText',
134 'LineFromText',
135 'MLineFromText',
136 'PointFromText',
137 'MPointFromText',
138 'PolyFromText',
139 'MPolyFromText',
140 ];
141
142 $gis_from_wkb_functions = [];
143 if ($dbi->getVersion() >= 50600) {
144 $gis_from_wkb_functions = [
145 'ST_GeomFromText',
146 'ST_GeomCollFromText',
147 'ST_LineFromText',
148 'ST_MLineFromText',
149 'ST_PointFromText',
150 'ST_MPointFromText',
151 'ST_PolyFromText',
152 'ST_MPolyFromText',
153 ];
154 }
155
156 //if some posted fields need to be transformed.
157 $mime_map = $transformations->getMime($db, $table);
158 if ($mime_map === false) {
159 $mime_map = [];
160 }
161
162 $query_fields = [];
163 $insert_errors = [];
164 $row_skipped = false;
165 $unsaved_values = [];
166 foreach ($loop_array as $rownumber => $where_clause) {
167 // skip fields to be ignored
168 if (! $using_key && isset($_POST['insert_ignore_' . $where_clause])) {
169 continue;
170 }
171
172 // Defines the SET part of the sql query
173 $query_values = [];
174
175 // Map multi-edit keys to single-level arrays, dependent on how we got the fields
176 $multi_edit_columns
177 = isset($_POST['fields']['multi_edit'][$rownumber])
178 ? $_POST['fields']['multi_edit'][$rownumber]
179 : [];
180 $multi_edit_columns_name
181 = isset($_POST['fields_name']['multi_edit'][$rownumber])
182 ? $_POST['fields_name']['multi_edit'][$rownumber]
183 : [];
184 $multi_edit_columns_prev
185 = isset($_POST['fields_prev']['multi_edit'][$rownumber])
186 ? $_POST['fields_prev']['multi_edit'][$rownumber]
187 : null;
188 $multi_edit_funcs
189 = isset($_POST['funcs']['multi_edit'][$rownumber])
190 ? $_POST['funcs']['multi_edit'][$rownumber]
191 : null;
192 $multi_edit_salt
193 = isset($_POST['salt']['multi_edit'][$rownumber])
194 ? $_POST['salt']['multi_edit'][$rownumber]
195 : null;
196 $multi_edit_columns_type
197 = isset($_POST['fields_type']['multi_edit'][$rownumber])
198 ? $_POST['fields_type']['multi_edit'][$rownumber]
199 : null;
200 $multi_edit_columns_null
201 = isset($_POST['fields_null']['multi_edit'][$rownumber])
202 ? $_POST['fields_null']['multi_edit'][$rownumber]
203 : null;
204 $multi_edit_columns_null_prev
205 = isset($_POST['fields_null_prev']['multi_edit'][$rownumber])
206 ? $_POST['fields_null_prev']['multi_edit'][$rownumber]
207 : null;
208 $multi_edit_auto_increment
209 = isset($_POST['auto_increment']['multi_edit'][$rownumber])
210 ? $_POST['auto_increment']['multi_edit'][$rownumber]
211 : null;
212 $multi_edit_virtual
213 = isset($_POST['virtual']['multi_edit'][$rownumber])
214 ? $_POST['virtual']['multi_edit'][$rownumber]
215 : null;
216
217 // When a select field is nullified, it's not present in $_POST
218 // so initialize it; this way, the foreach($multi_edit_columns) will process it
219 foreach ($multi_edit_columns_name as $key => $val) {
220 if (! isset($multi_edit_columns[$key])) {
221 $multi_edit_columns[$key] = '';
222 }
223 }
224
225 // Iterate in the order of $multi_edit_columns_name,
226 // not $multi_edit_columns, to avoid problems
227 // when inserting multiple entries
228 $insert_fail = false;
229 foreach ($multi_edit_columns_name as $key => $column_name) {
230 $current_value = $multi_edit_columns[$key];
231 // Note: $key is an md5 of the fieldname. The actual fieldname is
232 // available in $multi_edit_columns_name[$key]
233
234 $file_to_insert = new File();
235 $file_to_insert->checkTblChangeForm((string) $key, (string) $rownumber);
236
237 $possibly_uploaded_val = $file_to_insert->getContent();
238 if ($possibly_uploaded_val !== false) {
239 $current_value = $possibly_uploaded_val;
240 }
241 // Apply Input Transformation if defined
242 if (! empty($mime_map[$column_name])
243 && ! empty($mime_map[$column_name]['input_transformation'])
244 ) {
245 $filename = 'libraries/classes/Plugins/Transformations/'
246 . $mime_map[$column_name]['input_transformation'];
247 if (is_file($filename)) {
248 $classname = $transformations->getClassName($filename);
249 if (class_exists($classname)) {
250 /** @var IOTransformationsPlugin $transformation_plugin */
251 $transformation_plugin = new $classname();
252 $transformation_options = $transformations->getOptions(
253 $mime_map[$column_name]['input_transformation_options']
254 );
255 $current_value = $transformation_plugin->applyTransformation(
256 $current_value,
257 $transformation_options
258 );
259 // check if transformation was successful or not
260 // and accordingly set error messages & insert_fail
261 if (method_exists($transformation_plugin, 'isSuccess')
262 && ! $transformation_plugin->isSuccess()
263 ) {
264 $insert_fail = true;
265 $row_skipped = true;
266 $insert_errors[] = sprintf(
267 __('Row: %1$s, Column: %2$s, Error: %3$s'),
268 $rownumber,
269 $column_name,
270 $transformation_plugin->getError()
271 );
272 }
273 }
274 }
275 }
276
277 if ($file_to_insert->isError()) {
278 $insert_errors[] = $file_to_insert->getError();
279 }
280 // delete $file_to_insert temporary variable
281 $file_to_insert->cleanUp();
282
283 $current_value = $insertEdit->getCurrentValueForDifferentTypes(
284 $possibly_uploaded_val,
285 $key,
286 $multi_edit_columns_type,
287 $current_value,
288 $multi_edit_auto_increment,
289 $rownumber,
290 $multi_edit_columns_name,
291 $multi_edit_columns_null,
292 $multi_edit_columns_null_prev,
293 $is_insert,
294 $using_key,
295 $where_clause,
296 $table,
297 $multi_edit_funcs
298 );
299
300 $current_value_as_an_array = $insertEdit->getCurrentValueAsAnArrayForMultipleEdit(
301 $multi_edit_funcs,
302 $multi_edit_salt,
303 $gis_from_text_functions,
304 $current_value,
305 $gis_from_wkb_functions,
306 $func_optional_param,
307 $func_no_param,
308 $key
309 );
310
311 if (! isset($multi_edit_virtual) || ! isset($multi_edit_virtual[$key])) {
312 list($query_values, $query_fields)
313 = $insertEdit->getQueryValuesForInsertAndUpdateInMultipleEdit(
314 $multi_edit_columns_name,
315 $multi_edit_columns_null,
316 $current_value,
317 $multi_edit_columns_prev,
318 $multi_edit_funcs,
319 $is_insert,
320 $query_values,
321 $query_fields,
322 $current_value_as_an_array,
323 $value_sets,
324 $key,
325 $multi_edit_columns_null_prev
326 );
327 }
328 if (isset($multi_edit_columns_null[$key])) {
329 $multi_edit_columns[$key] = null;
330 }
331 } //end of foreach
332
333 // temporarily store rows not inserted
334 // so that they can be populated again.
335 if ($insert_fail) {
336 $unsaved_values[$rownumber] = $multi_edit_columns;
337 }
338 if (! $insert_fail && count($query_values) > 0) {
339 if ($is_insert) {
340 $value_sets[] = implode(', ', $query_values);
341 } else {
342 // build update query
343 $query[] = 'UPDATE ' . Util::backquote($table)
344 . ' SET ' . implode(', ', $query_values)
345 . ' WHERE ' . $where_clause
346 . ($_POST['clause_is_unique'] ? '' : ' LIMIT 1');
347 }
348 }
349 } // end foreach ($loop_array as $where_clause)
350 unset(
351 $multi_edit_columns_name,
352 $multi_edit_columns_prev,
353 $multi_edit_funcs,
354 $multi_edit_columns_type,
355 $multi_edit_columns_null,
356 $func_no_param,
357 $multi_edit_auto_increment,
358 $current_value_as_an_array,
359 $key,
360 $current_value,
361 $loop_array,
362 $where_clause,
363 $using_key,
364 $multi_edit_columns_null_prev,
365 $insert_fail
366 );
367
368 // Builds the sql query
369 if ($is_insert && count($value_sets) > 0) {
370 $query = $insertEdit->buildSqlQuery($is_insertignore, $query_fields, $value_sets);
371 } elseif (empty($query) && ! isset($_POST['preview_sql']) && ! $row_skipped) {
372 // No change -> move back to the calling script
373 //
374 // Note: logic passes here for inline edit
375 $message = Message::success(__('No change'));
376 // Avoid infinite recursion
377 if ($goto_include == 'tbl_replace.php') {
378 $goto_include = 'tbl_change.php';
379 }
380 $active_page = $goto_include;
381 include ROOT_PATH . Core::securePath($goto_include);
382 exit;
383 }
384 unset($multi_edit_columns, $is_insertignore);
385
386 // If there is a request for SQL previewing.
387 if (isset($_POST['preview_sql'])) {
388 Core::previewSQL($query);
389 }
390
391 /**
392 * Executes the sql query and get the result, then move back to the calling
393 * page
394 */
395 list ($url_params, $total_affected_rows, $last_messages, $warning_messages,
396 $error_messages, $return_to_sql_query)
397 = $insertEdit->executeSqlQuery($url_params, $query);
398
399 if ($is_insert && (count($value_sets) > 0 || $row_skipped)) {
400 $message = Message::getMessageForInsertedRows(
401 $total_affected_rows
402 );
403 $unsaved_values = array_values($unsaved_values);
404 } else {
405 $message = Message::getMessageForAffectedRows(
406 $total_affected_rows
407 );
408 }
409 if ($row_skipped) {
410 $goto_include = 'tbl_change.php';
411 $message->addMessagesString($insert_errors, '<br>');
412 $message->isError(true);
413 }
414
415 $message->addMessages($last_messages, '<br>');
416
417 if (! empty($warning_messages)) {
418 $message->addMessagesString($warning_messages, '<br>');
419 $message->isError(true);
420 }
421 if (! empty($error_messages)) {
422 $message->addMessagesString($error_messages);
423 $message->isError(true);
424 }
425 unset(
426 $error_messages,
427 $warning_messages,
428 $total_affected_rows,
429 $last_messages,
430 $last_message,
431 $row_skipped,
432 $insert_errors
433 );
434
435 /**
436 * The following section only applies to grid editing.
437 * However, verifying isAjax() is not enough to ensure we are coming from
438 * grid editing. If we are coming from the Edit or Copy link in Browse mode,
439 * ajax_page_request is present in the POST parameters.
440 */
441 if ($response->isAjax() && ! isset($_POST['ajax_page_request'])) {
442 /**
443 * If we are in grid editing, we need to process the relational and
444 * transformed fields, if they were edited. After that, output the correct
445 * link/transformed value and exit
446 */
447 if (isset($_POST['rel_fields_list']) && $_POST['rel_fields_list'] != '') {
448 $map = $relation->getForeigners($db, $table, '', 'both');
449
450 $relation_fields = [];
451 parse_str($_POST['rel_fields_list'], $relation_fields);
452
453 // loop for each relation cell
454 /** @var array $relation_fields */
455 foreach ($relation_fields as $cell_index => $curr_rel_field) {
456 foreach ($curr_rel_field as $relation_field => $relation_field_value) {
457 $where_comparison = "='" . $relation_field_value . "'";
458 $dispval = $insertEdit->getDisplayValueForForeignTableColumn(
459 $where_comparison,
460 $map,
461 $relation_field
462 );
463
464 $extra_data['relations'][$cell_index]
465 = $insertEdit->getLinkForRelationalDisplayField(
466 $map,
467 $relation_field,
468 $where_comparison,
469 $dispval,
470 $relation_field_value
471 );
472 }
473 } // end of loop for each relation cell
474 }
475 if (isset($_POST['do_transformations'])
476 && $_POST['do_transformations'] == true
477 ) {
478 $edited_values = [];
479 parse_str($_POST['transform_fields_list'], $edited_values);
480
481 if (! isset($extra_data)) {
482 $extra_data = [];
483 }
484 $transformation_types = [
485 "input_transformation",
486 "transformation",
487 ];
488 foreach ($mime_map as $transformation) {
489 $column_name = $transformation['column_name'];
490 foreach ($transformation_types as $type) {
491 $file = Core::securePath($transformation[$type]);
492 $extra_data = $insertEdit->transformEditedValues(
493 $db,
494 $table,
495 $transformation,
496 $edited_values,
497 $file,
498 $column_name,
499 $extra_data,
500 $type
501 );
502 }
503 } // end of loop for each $mime_map
504 }
505
506 // Need to check the inline edited value can be truncated by MySQL
507 // without informing while saving
508 $column_name = $_POST['fields_name']['multi_edit'][0][0];
509
510 $insertEdit->verifyWhetherValueCanBeTruncatedAndAppendExtraData(
511 $db,
512 $table,
513 $column_name,
514 $extra_data
515 );
516
517 /**Get the total row count of the table*/
518 $_table = new Table($_POST['table'], $_POST['db']);
519 $extra_data['row_count'] = $_table->countRecords();
520
521 $extra_data['sql_query'] = Util::getMessage(
522 $message,
523 $GLOBALS['display_query']
524 );
525
526 $response->setRequestStatus($message->isSuccess());
527 $response->addJSON('message', $message);
528 $response->addJSON($extra_data);
529 exit;
530 }
531
532 if (! empty($return_to_sql_query)) {
533 $disp_query = $GLOBALS['sql_query'];
534 $disp_message = $message;
535 unset($message);
536 $GLOBALS['sql_query'] = $return_to_sql_query;
537 }
538
539 $scripts->addFile('vendor/jquery/additional-methods.js');
540 $scripts->addFile('table/change.js');
541
542 $active_page = $goto_include;
543
544 /**
545 * If user asked for "and then Insert another new row" we have to remove
546 * WHERE clause information so that tbl_change.php does not go back
547 * to the current record
548 */
549 if (isset($_POST['after_insert']) && 'new_insert' == $_POST['after_insert']) {
550 unset($_POST['where_clause']);
551 }
552
553 /**
554 * Load target page.
555 */
556 require ROOT_PATH . Core::securePath($goto_include);
557 exit;
phpMyAdmin