phpmyadmin/view_create.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * handles creation of VIEWs
   5  *
   6  * @todo js error when view name is empty (strFormEmpty)
   7  * @todo (also validate if js is disabled, after form submission?)
   8  * @package PhpMyAdmin
   9  */
  10
  11 require_once './libraries/common.inc.php';
  12 require_once './libraries/SystemDatabase.class.php';
  13
  14 /**
  15  * Runs common work
  16  */
  17 require './libraries/db_common.inc.php';
  18 $url_params['goto'] = 'tbl_structure.php';
  19 $url_params['back'] = 'view_create.php';
  20
  21 $view_algorithm_options = array(
  22     'UNDEFINED',
  23     'MERGE',
  24     'TEMPTABLE',
  25 );
  26
  27 $view_with_options = array(
  28     'CASCADED',
  29     'LOCAL'
  30 );
  31
  32 $view_security_options = array(
  33     'DEFINER',
  34     'INVOKER'
  35 );
  36
  37 if (empty($sql_query)) {
  38     $sql_query = '';
  39 }
  40
  41 if (isset($_REQUEST['createview']) || isset($_REQUEST['alterview'])) {
  42     /**
  43      * Creates the view
  44      */
  45     $sep = "\r\n";
  46
  47     if (isset($_REQUEST['createview'])) {
  48         $sql_query = 'CREATE';
  49         if (isset($_REQUEST['view']['or_replace'])) {
  50             $sql_query .= ' OR REPLACE';
  51         }
  52     } else {
  53         $sql_query = 'ALTER';
  54     }
  55
  56     if (PMA_isValid($_REQUEST['view']['algorithm'], $view_algorithm_options)) {
  57         $sql_query .= $sep . ' ALGORITHM = ' . $_REQUEST['view']['algorithm'];
  58     }
  59
  60     if (! empty($_REQUEST['view']['definer'])) {
  61         $arr = explode('@', $_REQUEST['view']['definer']);
  62         $sql_query .= $sep . 'DEFINER=' . PMA_Util::backquote($arr[0]);
  63         $sql_query .= '@' . PMA_Util::backquote($arr[1]) . ' ';
  64     }
  65
  66     if (isset($_REQUEST['view']['sql_security'])) {
  67         if (in_array($_REQUEST['view']['sql_security'], $view_security_options)) {
  68             $sql_query .= $sep . ' SQL SECURITY '
  69                 . $_REQUEST['view']['sql_security'];
  70         }
  71     }
  72
  73     $sql_query .= $sep . ' VIEW ' . PMA_Util::backquote($_REQUEST['view']['name']);
  74
  75     if (! empty($_REQUEST['view']['column_names'])) {
  76         $sql_query .= $sep . ' (' . $_REQUEST['view']['column_names'] . ')';
  77     }
  78
  79     $sql_query .= $sep . ' AS ' . $_REQUEST['view']['as'];
  80
  81     if (isset($_REQUEST['view']['with'])) {
  82         if (in_array($_REQUEST['view']['with'], $view_with_options)) {
  83             $sql_query .= $sep . ' WITH ' . $_REQUEST['view']['with']
  84                 . '  CHECK OPTION';
  85         }
  86     }
  87
  88     if (!$GLOBALS['dbi']->tryQuery($sql_query)) {
  89         if (! isset($_REQUEST['ajax_dialog'])) {
  90             $message = PMA_Message::rawError($GLOBALS['dbi']->getError());
  91             return;
  92         }
  93
  94         $response = PMA_Response::getInstance();
  95         $response->addJSON(
  96             'message',
  97             PMA_Message::error(
  98                 "<i>" . htmlspecialchars($sql_query) . "</i><br /><br />"
  99                 . $GLOBALS['dbi']->getError()
 100             )
 101         );
 102         $response->isSuccess(false);
 103         exit;
 104     }
 105
 106     // If different column names defined for VIEW
 107     $view_columns = array();
 108     if (isset($_REQUEST['view']['column_names'])) {
 109         $view_columns = explode(',', $_REQUEST['view']['column_names']);
 110     }
 111
 112     $column_map = $GLOBALS['dbi']->getColumnMapFromSql(
 113         $_REQUEST['view']['as'], $view_columns
 114     );
 115
 116     $systemDb = $GLOBALS['dbi']->getSystemDatabase();
 117     $pma_transformation_data = $systemDb->getExistingTransformationData(
 118         $GLOBALS['db']
 119     );
 120
 121     if ($pma_transformation_data !== false) {
 122
 123         // SQL for store new transformation details of VIEW
 124         $new_transformations_sql = $systemDb->getNewTransformationDataSql(
 125             $pma_transformation_data, $column_map,
 126             $_REQUEST['view']['name'], $GLOBALS['db']
 127         );
 128
 129         // Store new transformations
 130         if ($new_transformations_sql != '') {
 131             $GLOBALS['dbi']->tryQuery($new_transformations_sql);
 132         }
 133
 134     }
 135     unset($pma_transformation_data);
 136
 137     if (! isset($_REQUEST['ajax_dialog'])) {
 138         $message = PMA_Message::success();
 139         include 'tbl_structure.php';
 140     } else {
 141         $response = PMA_Response::getInstance();
 142         $response->addJSON(
 143             'message',
 144             PMA_Util::getMessage(PMA_Message::success(), $sql_query)
 145         );
 146         $response->isSuccess(true);
 147     }
 148
 149     exit;
 150 }
 151
 152 // prefill values if not already filled from former submission
 153 $view = array(
 154     'operation' => 'create',
 155     'or_replace' => '',
 156     'algorithm' => '',
 157     'definer' => '',
 158     'sql_security' => '',
 159     'name' => '',
 160     'column_names' => '',
 161     'as' => $sql_query,
 162     'with' => '',
 163 );
 164
 165 if (PMA_isValid($_REQUEST['view'], 'array')) {
 166     $view = array_merge($view, $_REQUEST['view']);
 167 }
 168
 169 $url_params['db'] = $GLOBALS['db'];
 170 $url_params['reload'] = 1;
 171
 172 /**
 173  * Displays the page
 174  */
 175 $htmlString = '<!-- CREATE VIEW options -->'
 176     . '<div id="div_view_options">'
 177     . '<form method="post" action="view_create.php">'
 178     . PMA_URL_getHiddenInputs($url_params)
 179     . '<fieldset>'
 180     . '<legend>'
 181     . (isset($_REQUEST['ajax_dialog']) ?
 182         __('Details') :
 183         ($view['operation'] == 'create' ? __('Create view') : __('Edit view'))
 184     )
 185     . '</legend>'
 186     . '<table class="rte_table">';
 187
 188 if ($view['operation'] == 'create') {
 189     $htmlString .= '<tr>'
 190         . '<td class="nowrap"><label for="or_replace">OR REPLACE</label></td>'
 191         . '<td><input type="checkbox" name="view[or_replace]" id="or_replace"';
 192     if ($view['or_replace']) {
 193         $htmlString .= ' checked="checked"';
 194     }
 195     $htmlString .= ' value="1" /></td></tr>';
 196 }
 197
 198 $htmlString .= '<tr>'
 199     . '<td class="nowrap"><label for="algorithm">ALGORITHM</label></td>'
 200     . '<td><select name="view[algorithm]" id="algorithm">';
 201 foreach ($view_algorithm_options as $option) {
 202     $htmlString .= '<option value="' . htmlspecialchars($option) . '"';
 203     if ($view['algorithm'] === $option) {
 204         $htmlString .= ' selected="selected"';
 205     }
 206     $htmlString .= '>' . htmlspecialchars($option) . '</option>';
 207 }
 208 $htmlString .= '</select>'
 209     . '</td></tr>';
 210
 211 $htmlString .= '<tr><td class="nowrap">' . __('Definer') . '</td>'
 212     . '<td><input type="text" maxlength="100" size="50" name="view[definer]"'
 213     . ' value="' . htmlspecialchars($view['definer']) . '" />'
 214     . '</td></tr>';
 215
 216 $htmlString .= '<tr><td class="nowrap">SQL SECURITY</td>'
 217     . '<td><select name="view[sql_security]">'
 218     . '<option value=""></option>';
 219 foreach ($view_security_options as $option) {
 220     $htmlString .= '<option value="' . htmlspecialchars($option) . '"';
 221     if ($option == $view['sql_security']) {
 222         $htmlString .= ' selected="selected"';
 223     }
 224     $htmlString .= '>' . htmlspecialchars($option) . '</option>';
 225 }
 226 $htmlString .= '<select>'
 227     . '</td></tr>';
 228
 229 if ($view['operation'] == 'create') {
 230     $htmlString .= '<tr><td class="nowrap">' . __('VIEW name') . '</td>'
 231         . '<td><input type="text" size="20" name="view[name]"'
 232         . ' onfocus="this.select()" maxlength="64"'
 233         . ' value="' . htmlspecialchars($view['name']) . '" />'
 234         . '</td></tr>';
 235 } else {
 236     $htmlString .= '<tr><td><input type="hidden" name="view[name]"'
 237         . ' value="' . htmlspecialchars($view['name']) . '" />'
 238         . '</td></tr>';
 239 }
 240
 241 $htmlString .= '<tr><td class="nowrap">' . __('Column names') . '</td>'
 242     . '<td><input type="text" maxlength="100" size="50" name="view[column_names]"'
 243     . ' onfocus="this.select()"'
 244     . ' value="' . htmlspecialchars($view['column_names']) . '" />'
 245     . '</td></tr>';
 246
 247 $htmlString .= '<tr><td class="nowrap">AS</td>'
 248     . '<td>'
 249     . '<textarea name="view[as]" rows="15" cols="40" dir="' . $text_dir . '"';
 250 if ($GLOBALS['cfg']['TextareaAutoSelect'] || true) {
 251     $htmlString .= ' onclick="selectContent(this, sql_box_locked, true)"';
 252 }
 253 $htmlString .= '>' . htmlspecialchars($view['as']) . '</textarea>'
 254     . '</td></tr>';
 255
 256 $htmlString .= '<tr><td class="nowrap">WITH CHECK OPTION</td>'
 257     . '<td><select name="view[with]">'
 258     . '<option value=""></option>';
 259 foreach ($view_with_options as $option) {
 260     $htmlString .= '<option value="' . htmlspecialchars($option) . '"';
 261     if ($option == $view['with']) {
 262         $htmlString .= ' selected="selected"';
 263     }
 264     $htmlString .= '>' . htmlspecialchars($option) . '</option>';
 265 }
 266 $htmlString .= '<select>'
 267     . '</td></tr>';
 268
 269 $htmlString .= '</table>'
 270     . '</fieldset>';
 271
 272 if (! isset($_REQUEST['ajax_dialog'])) {
 273     $htmlString .= '<fieldset class="tblFooters">'
 274         . '<input type="hidden" name="'
 275         . ($view['operation'] == 'create' ? 'createview' : 'alterview' )
 276         . '" value="1" />'
 277         . '<input type="submit" name="" value="' . __('Go') . '" />'
 278         . '</fieldset>';
 279 } else {
 280     $htmlString .= '<input type="hidden" name="'
 281         . ($view['operation'] == 'create' ? 'createview' : 'alterview' )
 282         . '" value="1" />'
 283         . '<input type="hidden" name="ajax_dialog" value="1" />'
 284         . '<input type="hidden" name="ajax_request" value="1" />';
 285 }
 286
 287 $htmlString .= '</form>'
 288     . '</div>';
 289
 290 echo $htmlString;