search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Better wording
[phpmyadmin/crack.git] / tbl_select.php
blobc6b0a353329d02029c9700ad5286e2bcd44f3ed4
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Handles table search tab
5 *
6 * display table search form, create SQL query from form data
7 * and include sql.php to execute it
8 *
9 * @todo display search form again if no results from previous search
10 * @package phpMyAdmin
11 */
12
13 /**
14 * Gets some core libraries
15 */
16 require_once './libraries/common.inc.php';
17 require_once './libraries/mysql_charsets.lib.php';
18
19 $GLOBALS['js_include'][] = 'makegrid.js';
20 $GLOBALS['js_include'][] = 'sql.js';
21 $GLOBALS['js_include'][] = 'tbl_select.js';
22 $GLOBALS['js_include'][] = 'tbl_change.js';
23 $GLOBALS['js_include'][] = 'jquery/jquery-ui-1.8.custom.js';
24 $GLOBALS['js_include'][] = 'jquery/timepicker.js';
25 if ($GLOBALS['cfg']['PropertiesIconic'] == true) {
26 $titles['Browse'] =
27 '<img class="icon" width="16" height="16" src="' . $pmaThemeImage
28 .'b_browse.png" alt="' . __('Browse foreign values') . '" title="'
29 . __('Browse foreign values') . '" />';
30
31 if ($GLOBALS['cfg']['PropertiesIconic'] === 'both') {
32 $titles['Browse'] .= __('Browse foreign values');
33 }
34 } else {
35 $titles['Browse'] = __('Browse foreign values');
36 }
37
38 /**
39 * Not selection yet required -> displays the selection form
40 */
41 if (! isset($param) || $param[0] == '') {
42 // Gets some core libraries
43 require_once './libraries/tbl_common.php';
44 //$err_url = 'tbl_select.php' . $err_url;
45 $url_query .= '&amp;goto=tbl_select.php&amp;back=tbl_select.php';
46
47 /**
48 * Gets tables informations
49 */
50 require_once './libraries/tbl_info.inc.php';
51
52 /**
53 * Displays top menu links
54 */
55 require_once './libraries/tbl_links.inc.php';
56
57 if (! isset($goto)) {
58 $goto = $GLOBALS['cfg']['DefaultTabTable'];
59 }
60 // Defines the url to return to in case of error in the next sql statement
61 $err_url = $goto . '?' . PMA_generate_common_url($db, $table);
62
63 // Gets the list and number of fields
64 $result = PMA_DBI_query('SHOW FULL FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db) . ';', null, PMA_DBI_QUERY_STORE);
65 $fields_cnt = PMA_DBI_num_rows($result);
66 $fields_list = $fields_null = $fields_type = $fields_collation = array();
67 while ($row = PMA_DBI_fetch_assoc($result)) {
68 $fields_list[] = $row['Field'];
69 $type = $row['Type'];
70 // reformat mysql query output
71 if (strncasecmp($type, 'set', 3) == 0
72 || strncasecmp($type, 'enum', 4) == 0) {
73 $type = str_replace(',', ', ', $type);
74 } else {
75
76 // strip the "BINARY" attribute, except if we find "BINARY(" because
77 // this would be a BINARY or VARBINARY field type
78 if (!preg_match('@BINARY[\(]@i', $type)) {
79 $type = preg_replace('@BINARY@i', '', $type);
80 }
81 $type = preg_replace('@ZEROFILL@i', '', $type);
82 $type = preg_replace('@UNSIGNED@i', '', $type);
83
84 $type = strtolower($type);
85 }
86 if (empty($type)) {
87 $type = '&nbsp;';
88 }
89 $fields_null[] = $row['Null'];
90 $fields_type[] = $type;
91 $fields_collation[] = !empty($row['Collation']) && $row['Collation'] != 'NULL'
92 ? $row['Collation']
93 : '';
94 } // end while
95 PMA_DBI_free_result($result);
96 unset($result, $type);
97
98 // retrieve keys into foreign fields, if any
99 // check also foreigners even if relwork is FALSE (to get
100 // foreign keys from innodb)
101 $foreigners = PMA_getForeigners($db, $table);
102 ?>
103 <form method="post" action="tbl_select.php" name="insertForm" id="tbl_search_form" <?php echo ($GLOBALS['cfg']['AjaxEnable'] ? ' class="ajax"' : ''); ?>>
104 <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
105 <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
106 <input type="hidden" name="back" value="tbl_select.php" />
107
108 <fieldset id="fieldset_table_search">
109
110 <fieldset id="fieldset_table_qbe">
111 <legend><?php echo __('Do a "query by example" (wildcard: "%")') ?></legend>
112 <table class="data">
113 <thead>
114 <tr><th><?php echo __('Column'); ?></th>
115 <th><?php echo __('Type'); ?></th>
116 <th><?php echo __('Collation'); ?></th>
117 <th><?php echo __('Operator'); ?></th>
118 <th><?php echo __('Value'); ?></th>
119 </tr>
120 </thead>
121 <tbody>
122 <?php
123 $odd_row = true;
124
125 for ($i = 0; $i < $fields_cnt; $i++) {
126 ?>
127 <tr class="noclick <?php echo $odd_row ? 'odd' : 'even'; $odd_row = ! $odd_row; ?>">
128 <th><?php echo htmlspecialchars($fields_list[$i]); ?></th>
129 <td><?php echo $fields_type[$i]; ?></td>
130 <td><?php echo $fields_collation[$i]; ?></td>
131 <td><select name="func[]">
132 <?php
133 // determine valid operators
134 if (strncasecmp($fields_type[$i], 'enum', 4) == 0) {
135 // enum operators
136 $operators = array(
137 '=',
138 '!=',
139 );
140 } elseif (preg_match('@char|blob|text|set@i', $fields_type[$i])) {
141 // text operators
142 $operators = array(
143 'LIKE',
144 'LIKE %...%',
145 'NOT LIKE',
146 '=',
147 '!=',
148 'REGEXP',
149 'REGEXP ^...$',
150 'NOT REGEXP',
151 "= ''",
152 "!= ''",
153 'IN (...)',
154 'NOT IN (...)',
155 'BETWEEN',
156 'NOT BETWEEN',
157 );
158 } else {
159 // numeric operators
160 $operators = array(
161 '=',
162 '>',
163 '>=',
164 '<',
165 '<=',
166 '!=',
167 'LIKE',
168 'NOT LIKE',
169 'IN (...)',
170 'NOT IN (...)',
171 'BETWEEN',
172 'NOT BETWEEN',
173 );
174 } // end if... else...
175
176 // if field can be NULL, add IS NULL and IS NOT NULL
177 if ($fields_null[$i]) {
178 $operators[] = 'IS NULL';
179 $operators[] = 'IS NOT NULL';
180 }
181 foreach ($operators as $op) {
182 echo "\n" . ' '
183 . '<option value="' . htmlspecialchars($op) . '">' . htmlspecialchars($op) . '</option>';
184 }
185 ?>
186
187 </select>
188 </td>
189 <td>
190 <?php
191 $field = $fields_list[$i];
192
193 $foreignData = PMA_getForeignData($foreigners, $field, false, '', '');
194
195 if ($foreigners && isset($foreigners[$field]) && is_array($foreignData['disp_row'])) {
196 // f o r e i g n k e y s
197 echo ' <select name="fields[' . $i . ']">' . "\n";
198 // go back to first row
199
200 // here, the 4th parameter is empty because there is no current
201 // value of data for the dropdown (the search page initial values
202 // are displayed empty)
203 echo PMA_foreignDropdown($foreignData['disp_row'],
204 $foreignData['foreign_field'],
205 $foreignData['foreign_display'],
206 '', $GLOBALS['cfg']['ForeignKeyMaxLimit']);
207 echo ' </select>' . "\n";
208 } elseif ($foreignData['foreign_link'] == true) {
209 ?>
210 <input type="text" name="fields[<?php echo $i; ?>]"
211 id="field_<?php echo md5($field); ?>[<?php echo $i; ?>]"
212 class="textfield" />
213 <script type="text/javascript">
214 // <![CDATA[
215 document.writeln('<a target="_blank" onclick="window.open(this.href, \'foreigners\', \'width=640,height=240,scrollbars=yes\'); return false" href="browse_foreigners.php?<?php echo PMA_generate_common_url($db, $table); ?>&amp;field=<?php echo urlencode($field); ?>&amp;fieldkey=<?php echo $i; ?>"><?php echo str_replace("'", "\'", $titles['Browse']); ?></a>');
216 // ]]>
217 </script>
218 <?php
219 } elseif (strncasecmp($fields_type[$i], 'enum', 4) == 0) {
220 // e n u m s
221 $enum_value=explode(', ', str_replace("'", '', substr($fields_type[$i], 5, -1)));
222 $cnt_enum_value = count($enum_value);
223 echo ' <select name="fields[' . $i . '][]"'
224 .' multiple="multiple" size="' . min(3, $cnt_enum_value) . '">' . "\n";
225 for ($j = 0; $j < $cnt_enum_value; $j++) {
226 echo ' <option value="' . $enum_value[$j] . '">'
227 . $enum_value[$j] . '</option>';
228 } // end for
229 echo ' </select>' . "\n";
230 } else {
231 // o t h e r c a s e s
232 $the_class = 'textfield';
233 $type = $fields_type[$i];
234 if ($type == 'date') {
235 $the_class .= ' datefield';
236 } elseif ($type == 'datetime' || substr($type, 0, 9) == 'timestamp') {
237 $the_class .= ' datetimefield';
238 }
239 echo ' <input type="text" name="fields[' . $i . ']"'
240 .' size="40" class="' . $the_class . '" id="field_' . $i . '" />' . "\n";
241 };
242 ?>
243 <input type="hidden" name="names[<?php echo $i; ?>]"
244 value="<?php echo htmlspecialchars($fields_list[$i]); ?>" />
245 <input type="hidden" name="types[<?php echo $i; ?>]"
246 value="<?php echo $fields_type[$i]; ?>" />
247 <input type="hidden" name="collations[<?php echo $i; ?>]"
248 value="<?php echo $fields_collation[$i]; ?>" />
249 </td>
250 </tr>
251 <?php
252 } // end for
253 ?>
254 </tbody>
255 </table>
256 </fieldset>
257 <?php
258 PMA_generate_slider_effect('searchoptions', __('Options'));
259 ?>
260 <fieldset id="fieldset_select_fields">
261 <legend><?php echo __('Select columns (at least one):'); ?></legend>
262 <select name="param[]" size="<?php echo min($fields_cnt, 10); ?>"
263 multiple="multiple">
264 <?php
265 // Displays the list of the fields
266 foreach ($fields_list as $each_field) {
267 echo ' '
268 .'<option value="' . htmlspecialchars($each_field) . '"'
269 .' selected="selected">' . htmlspecialchars($each_field)
270 .'</option>' . "\n";
271 }
272 ?>
273 </select>
274 <input type="checkbox" name="distinct" value="DISTINCT" id="oDistinct" />
275 <label for="oDistinct">DISTINCT</label>
276 </fieldset>
277
278 <fieldset id="fieldset_search_conditions">
279 <legend><?php echo '<em>' . __('Or') . '</em> ' . __('Add search conditions (body of the "where" clause):'); ?></legend>
280 <?php echo PMA_showMySQLDocu('SQL-Syntax', 'Functions'); ?>
281
282 <input type="text" name="where" class="textfield" size="64" />
283 </fieldset>
284
285 <fieldset id="fieldset_limit_rows">
286 <legend><?php echo __('Number of rows per page'); ?></legend>
287 <input type="text" size="4" name="session_max_rows"
288 value="<?php echo $GLOBALS['cfg']['MaxRows']; ?>" class="textfield" />
289 </fieldset>
290
291 <fieldset id="fieldset_display_order">
292 <legend><?php echo __('Display order:'); ?></legend>
293 <select name="orderField">
294 <option value="--nil--"></option>
295 <?php
296 foreach ($fields_list as $each_field) {
297 echo ' '
298 .'<option value="' . htmlspecialchars($each_field) . '">'
299 .htmlspecialchars($each_field) . '</option>' . "\n";
300 } // end for
301 ?>
302 </select>
303 <?php
304 $choices = array(
305 'ASC' => __('Ascending'),
306 'DESC' => __('Descending')
307 );
308 PMA_display_html_radio('order', $choices, 'ASC', false, true, "formelement");
309 unset($choices);
310 ?>
311 </fieldset>
312 <br style="clear: both;"/>
313 </div>
314 </fieldset>
315 <fieldset class="tblFooters">
316 <input type="hidden" name="max_number_of_fields"
317 value="<?php echo $fields_cnt; ?>" />
318 <input type="submit" name="submit" value="<?php echo __('Go'); ?>" />
319 </fieldset>
320 </form>
321 <div id="sqlqueryresults"></div>
322 <?php
323 require './libraries/footer.inc.php';
324 }
325
326
327 /**
328 * Selection criteria have been submitted -> do the work
329 */
330 else {
331 // Builds the query
332
333 $sql_query = 'SELECT ' . (isset($distinct) ? 'DISTINCT ' : '');
334
335 // if all fields were selected to display, we do a SELECT *
336 // (more efficient and this helps prevent a problem in IE
337 // if one of the rows is edited and we come back to the Select results)
338
339 if (count($param) == $max_number_of_fields) {
340 $sql_query .= '* ';
341 } else {
342 $param = PMA_backquote($param);
343 $sql_query .= implode(', ', $param);
344 } // end if
345
346 // avoid a loop, for example when $cfg['DefaultTabTable'] is set
347 // to 'tbl_select.php'
348 unset($param);
349
350 $sql_query .= ' FROM ' . PMA_backquote($table);
351
352 // The where clause
353 if (trim($where) != '') {
354 $sql_query .= ' WHERE ' . $where;
355 } else {
356 $w = $charsets = array();
357 $unary_operators = array(
358 'IS NULL' => 1,
359 'IS NOT NULL' => 1,
360 "= ''" => 1,
361 "!= ''" => 1
362 );
363 $cnt_func = count($func);
364 reset($func);
365 while (list($i, $func_type) = each($func)) {
366 list($charsets[$i]) = explode('_', $collations[$i]);
367 if (isset($unary_operators[$func_type])) {
368 $fields[$i] = '';
369 $w[] = PMA_backquote($names[$i]) . ' ' . $func_type;
370
371 } elseif (strncasecmp($types[$i], 'enum', 4) == 0) {
372 if (!empty($fields[$i])) {
373 if (! is_array($fields[$i])) {
374 $fields[$i] = explode(',', $fields[$i]);
375 }
376 $enum_selected_count = count($fields[$i]);
377 if ($func_type == '=' && $enum_selected_count > 1) {
378 $func_type = $func[$i] = 'IN';
379 $parens_open = '(';
380 $parens_close = ')';
381
382 } elseif ($func_type == '!=' && $enum_selected_count > 1) {
383 $func_type = $func[$i] = 'NOT IN';
384 $parens_open = '(';
385 $parens_close = ')';
386
387 } else {
388 $parens_open = '';
389 $parens_close = '';
390 }
391 $enum_where = '\'' . PMA_sqlAddSlashes($fields[$i][0]) . '\'';
392 for ($e = 1; $e < $enum_selected_count; $e++) {
393 $enum_where .= ', \'' . PMA_sqlAddSlashes($fields[$i][$e]) . '\'';
394 }
395
396 $w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' ' . $parens_open . $enum_where . $parens_close;
397 }
398
399 } elseif ($fields[$i] != '') {
400 // For these types we quote the value. Even if it's another type (like INT),
401 // for a LIKE we always quote the value. MySQL converts strings to numbers
402 // and numbers to strings as necessary during the comparison
403 if (preg_match('@char|binary|blob|text|set|date|time|year@i', $types[$i]) || strpos(' ' . $func_type, 'LIKE')) {
404 $quot = '\'';
405 } else {
406 $quot = '';
407 }
408
409 // LIKE %...%
410 if ($func_type == 'LIKE %...%') {
411 $func_type = 'LIKE';
412 $fields[$i] = '%' . $fields[$i] . '%';
413 }
414 if ($func_type == 'REGEXP ^...$') {
415 $func_type = 'REGEXP';
416 $fields[$i] = '^' . $fields[$i] . '$';
417 }
418
419 if ($func_type == 'IN (...)' || $func_type == 'NOT IN (...)' || $func_type == 'BETWEEN' || $func_type == 'NOT BETWEEN') {
420 $func_type = str_replace(' (...)', '', $func_type);
421
422 // quote values one by one
423 $values = explode(',', $fields[$i]);
424 foreach ($values as &$value)
425 $value = $quot . PMA_sqlAddSlashes(trim($value)) . $quot;
426
427 if ($func_type == 'BETWEEN' || $func_type == 'NOT BETWEEN')
428 $w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' ' . (isset($values[0]) ? $values[0] : '') . ' AND ' . (isset($values[1]) ? $values[1] : '');
429 else
430 $w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' (' . implode(',', $values) . ')';
431 }
432 else {
433 $w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' ' . $quot . PMA_sqlAddSlashes($fields[$i]) . $quot;;
434 }
435
436 } // end if
437 } // end for
438
439 if ($w) {
440 $sql_query .= ' WHERE ' . implode(' AND ', $w);
441 }
442 } // end if
443
444 if ($orderField != '--nil--') {
445 $sql_query .= ' ORDER BY ' . PMA_backquote($orderField) . ' ' . $order;
446 } // end if
447
448 require './sql.php';
449 }
450
451 ?>
Drizzle / GSOC 2011