interface/main/myadmin/tbl_replace.php

   1 <?php
   2 /* $Id$ */
   3 // vim: expandtab sw=4 ts=4 sts=4:
   4
   5
   6 /**
   7  * Gets some core libraries
   8  */
   9 require_once('./libraries/grab_globals.lib.php');
  10 require_once('./libraries/common.lib.php');
  11
  12 // Check parameters
  13 PMA_checkParameters(array('db','table','goto'));
  14
  15 /**
  16  * Initializes some variables
  17  */
  18 // Defines the url to return in case of success of the query
  19 if (isset($sql_query)) {
  20     $sql_query = urldecode($sql_query);
  21 }
  22 if (!isset($dontlimitchars)) {
  23     $dontlimitchars = 0;
  24 }
  25 $is_gotofile = FALSE;
  26 if (isset($after_insert) && $after_insert == 'new_insert') {
  27     $goto = 'tbl_change.php?'
  28           . PMA_generate_common_url($db, $table, '&')
  29           . '&goto=' . urlencode($goto)
  30           . '&pos=' . $pos
  31           . '&session_max_rows=' . $session_max_rows
  32           . '&disp_direction=' . $disp_direction
  33           . '&repeat_cells=' . $repeat_cells
  34           . '&dontlimitchars=' . $dontlimitchars
  35           . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
  36 } else if ($goto == 'sql.php') {
  37     $goto = 'sql.php?'
  38           . PMA_generate_common_url($db, $table, '&')
  39           . '&pos=' . $pos
  40           . '&session_max_rows=' . $session_max_rows
  41           . '&disp_direction=' . $disp_direction
  42           . '&repeat_cells=' . $repeat_cells
  43           . '&dontlimitchars=' . $dontlimitchars
  44           . '&sql_query=' . urlencode($sql_query);
  45 } else if (!empty($goto)) {
  46     // Security checkings
  47     $is_gotofile     = preg_replace('@^([^?]+).*$@', '\\1', $goto);
  48     if (!@file_exists('./' . $is_gotofile)) {
  49         $goto        = (empty($table)) ? 'db_details.php' : 'tbl_properties.php';
  50         $is_gotofile = TRUE;
  51     } else {
  52         $is_gotofile = ($is_gotofile == $goto);
  53     }
  54 }
  55
  56 // Defines the url to return in case of failure of the query
  57 if (isset($err_url)) {
  58     $err_url = urldecode($err_url);
  59 } else {
  60     $err_url = str_replace('&', '&amp;', $goto)
  61              . (empty($primary_key) ? '' : '&amp;primary_key=' . (is_array($primary_key) ? $primary_key[0] : $primary_key));
  62 }
  63
  64 // Resets tables defined in the configuration file
  65 if (isset($funcs)) {
  66     reset($funcs);
  67 }
  68
  69 // Misc
  70 $seen_binary = FALSE;
  71
  72 /**
  73  * Prepares the update of a row
  74  */
  75 if (isset($primary_key) && ($submit_type != $strInsertAsNewRow)) {
  76     $loop_array = (is_array($primary_key) ? $primary_key : array(0 => $primary_key));
  77     PMA_mysql_select_db($db);
  78     $query = array();
  79     $message = '';
  80
  81     foreach($loop_array AS $primary_key_index => $enc_primary_key) {
  82         // Restore the "primary key" to a convenient format
  83         $primary_key = urldecode($enc_primary_key);
  84
  85         // Defines the SET part of the sql query
  86         $valuelist = '';
  87
  88         // Map multi-edit keys to single-level arrays, dependent on how we got the fields
  89         $me_fields      = (isset($fields['multi_edit'])      && isset($fields['multi_edit'][$enc_primary_key])      ? $fields['multi_edit'][$enc_primary_key]      : (isset($fields)      ? $fields      : null));
  90         $me_fields_prev = (isset($fields_prev['multi_edit']) && isset($fields_prev['multi_edit'][$enc_primary_key]) ? $fields_prev['multi_edit'][$enc_primary_key] : (isset($fields_prev) ? $fields_prev : null));
  91         $me_funcs       = (isset($funcs['multi_edit'])       && isset($funcs['multi_edit'][$enc_primary_key])       ? $funcs['multi_edit'][$enc_primary_key]       : (isset($funcs)       ? $funcs       : null));
  92         $me_fields_type = (isset($fields_type['multi_edit']) && isset($fields_type['multi_edit'][$enc_primary_key]) ? $fields_type['multi_edit'][$enc_primary_key] : (isset($fields_type) ? $fields_type : null));
  93         $me_fields_null = (isset($fields_null['multi_edit']) && isset($fields_null['multi_edit'][$enc_primary_key]) ? $fields_null['multi_edit'][$enc_primary_key] : (isset($fields_null) ? $fields_null : null));
  94
  95         foreach($me_fields AS $key => $val) {
  96             $encoded_key = $key;
  97             $key         = urldecode($key);
  98
  99             require('./tbl_replace_fields.php');
 100
 101             // No change for this column and no MySQL function is used -> next column
 102             if (empty($me_funcs[$encoded_key])
 103                 && isset($me_fields_prev) && isset($me_fields_prev[$encoded_key])
 104                 && ("'" . PMA_sqlAddslashes(urldecode($me_fields_prev[$encoded_key])) . "'" == $val)) {
 105                 continue;
 106             }
 107             else if (!empty($val)) {
 108                 if (empty($me_funcs[$encoded_key])) {
 109                     $valuelist .= PMA_backquote($key) . ' = ' . $val . ', ';
 110                 } else if ($val == '\'\''
 111                            && (preg_match('@^(NOW|CURDATE|CURTIME|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$@', $me_funcs[$encoded_key]))) {
 112                     $valuelist .= PMA_backquote($key) . ' = ' . $me_funcs[$encoded_key] . '(), ';
 113                 } else {
 114                     $valuelist .= PMA_backquote($key) . ' = ' . $me_funcs[$encoded_key] . "($val), ";
 115                 }
 116             }
 117         } // end while
 118
 119         // Builds the sql update query
 120         $valuelist    = preg_replace('@, $@', '', $valuelist);
 121         if (!empty($valuelist)) {
 122             $query[]   = 'UPDATE ' . PMA_backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key
 123                       . ' LIMIT 1';
 124
 125             // lem9: why a line break here?
 126             //$message  = $strAffectedRows . '&nbsp;<br />';
 127             $message  = $strAffectedRows . '&nbsp;';
 128         }
 129     }
 130
 131     if (empty($valuelist)) {
 132         // No change -> move back to the calling script
 133         $message = $strNoModification;
 134         if ($is_gotofile) {
 135             $js_to_run = 'functions.js';
 136             require_once('./header.inc.php');
 137             require('./' . preg_replace('@\.\.*@', '.', $goto));
 138         } else {
 139             header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . '&disp_query=');
 140         }
 141         exit();
 142     }
 143 } // end row update
 144
 145
 146 /**
 147  *  Prepares the insert of a row
 148  */
 149 else {
 150     $loop_array = (isset($primary_key) && is_array($primary_key) ? $primary_key : array(0 => (isset($primary_key) ? $primary_key : null)));
 151     $query = array();
 152     $message = '';
 153     PMA_mysql_select_db($db);
 154
 155     foreach($loop_array AS $primary_key_index => $enc_primary_key) {
 156         $fieldlist = '';
 157         $valuelist = '';
 158
 159         $me_fields      = (isset($fields['multi_edit'])      && isset($fields['multi_edit'][$enc_primary_key])      ? $fields['multi_edit'][$enc_primary_key]      : (isset($fields)      ? $fields      : null));
 160         $me_fields_prev = (isset($fields_prev['multi_edit']) && isset($fields_prev['multi_edit'][$enc_primary_key]) ? $fields_prev['multi_edit'][$enc_primary_key] : (isset($fields_prev) ? $fields_prev : null));
 161         $me_funcs       = (isset($funcs['multi_edit'])       && isset($funcs['multi_edit'][$enc_primary_key])       ? $funcs['multi_edit'][$enc_primary_key]       : (isset($funcs)       ? $funcs       : null));
 162         $me_fields_type = (isset($fields_type['multi_edit']) && isset($fields_type['multi_edit'][$enc_primary_key]) ? $fields_type['multi_edit'][$enc_primary_key] : (isset($fields_type) ? $fields_type : null));
 163         $me_fields_null = (isset($fields_null['multi_edit']) && isset($fields_null['multi_edit'][$enc_primary_key]) ? $fields_null['multi_edit'][$enc_primary_key] : (isset($fields_null) ? $fields_null : null));
 164
 165         // garvin: Get, if sent, any protected fields to insert them here:
 166         if (isset($me_fields_type) && is_array($me_fields_type) && isset($enc_primary_key)) {
 167             $prot_local_query = 'SELECT * FROM ' . PMA_backquote($table) . ' WHERE ' . urldecode($enc_primary_key);
 168             $prot_result      = PMA_mysql_query($prot_local_query) or PMA_mysqlDie('', $prot_local_query, '', $err_url);
 169             $prot_row         = PMA_mysql_fetch_array($prot_result);
 170         }
 171
 172         foreach($me_fields AS $key => $val) {
 173             $encoded_key = $key;
 174             $key         = urldecode($key);
 175             $fieldlist   .= PMA_backquote($key) . ', ';
 176
 177             require('./tbl_replace_fields.php');
 178
 179             if (empty($me_funcs[$encoded_key])) {
 180                 $valuelist .= $val . ', ';
 181             } else if (($val == '\'\''
 182                        && preg_match('@^(UNIX_TIMESTAMP|RAND|LAST_INSERT_ID)$@', $me_funcs[$encoded_key]))
 183                        || preg_match('@^(NOW|CURDATE|CURTIME|USER)$@', $me_funcs[$encoded_key])) {
 184                 $valuelist .= $me_funcs[$encoded_key] . '(), ';
 185             } else {
 186                 $valuelist .= $me_funcs[$encoded_key] . '(' . $val . '), ';
 187             }
 188         } // end while
 189
 190         // Builds the sql insert query
 191         $fieldlist = preg_replace('@, $@', '', $fieldlist);
 192         $valuelist = preg_replace('@, $@', '', $valuelist);
 193         $query[]   = 'INSERT INTO ' . PMA_backquote($table) . ' (' . $fieldlist . ') VALUES (' . $valuelist . ')';
 194         $message   = $strInsertedRows . '&nbsp;';
 195     }
 196 } // end row insertion
 197
 198
 199 /**
 200  * Executes the sql query and get the result, then move back to the calling
 201  * page
 202  */
 203 $sql_query = implode(';', $query) . ';';
 204 $total_affected_rows = 0;
 205 $last_message = '';
 206
 207 foreach($query AS $query_index => $single_query) {
 208     $result    = PMA_mysql_query($single_query);
 209     if (!$result) {
 210         if ($cfg['IgnoreMultiSubmitErrors']) {
 211             $message .= PMA_mysql_error();
 212         } else {
 213             $error = PMA_mysql_error();
 214             require_once('./header.inc.php');
 215             PMA_mysqlDie($error, '', '', $err_url);
 216         }
 217     } else {
 218         if (@mysql_affected_rows()) {
 219             $total_affected_rows += @mysql_affected_rows();
 220         }
 221
 222         $insert_id = mysql_insert_id();
 223         if ($insert_id != 0) {
 224             $last_message .= '<br />'.$strInsertedRowId . '&nbsp;' . $insert_id;
 225         }
 226     } // end if
 227 }
 228
 229 if ($total_affected_rows != 0) {
 230     //$message .= '<br />' . $total_affected_rows;
 231     $message .= $total_affected_rows;
 232 } else {
 233     $message .= $strModifications;
 234 }
 235
 236 $message .= $last_message;
 237
 238 if ($is_gotofile) {
 239     if ($goto == 'db_details.php' && !empty($table)) {
 240         unset($table);
 241     }
 242     $js_to_run = 'functions.js';
 243     $active_page = $goto;
 244     require_once('./header.inc.php');
 245     require('./' . preg_replace('@\.\.*@', '.', $goto));
 246 } else {
 247     // I don't understand this one:
 248     //$add_query = (strpos(' ' . $goto, 'tbl_change') ? '&disp_query=' . urlencode($sql_query) : '');
 249
 250     // if we have seen binary,
 251     // we do not append the query to the Location so it won't be displayed
 252     // on the resulting page
 253     // Nijel: we also need to limit size of url...
 254     $add_query = (!$seen_binary && strlen($sql_query) < 1024 ? '&disp_query=' . urlencode($sql_query) : '');
 255     header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . $add_query);
 256 }
 257 exit();
 258 ?>