2 /* vim: set expandtab sw=4 ts=4 sts=4: */
6 * @todo we must handle the case if sql.php is called directly with a query
7 * that returns 0 rows - to prevent cyclic redirects or includes
10 declare(strict_types
=1);
12 use PhpMyAdmin\CheckUserPrivileges
;
13 use PhpMyAdmin\Config\PageSettings
;
14 use PhpMyAdmin\DatabaseInterface
;
15 use PhpMyAdmin\ParseAnalyze
;
16 use PhpMyAdmin\Response
;
22 if (! defined('ROOT_PATH')) {
23 define('ROOT_PATH', __DIR__
. DIRECTORY_SEPARATOR
);
26 global $cfg, $containerBuilder, $pmaThemeImage;
28 require_once ROOT_PATH
. 'libraries/common.inc.php';
30 /** @var Response $response */
31 $response = $containerBuilder->get(Response
::class);
33 /** @var DatabaseInterface $dbi */
34 $dbi = $containerBuilder->get(DatabaseInterface
::class);
36 /** @var CheckUserPrivileges $checkUserPrivileges */
37 $checkUserPrivileges = $containerBuilder->get('check_user_privileges');
38 $checkUserPrivileges->getPrivileges();
40 PageSettings
::showGroup('Browse');
42 $header = $response->getHeader();
43 $scripts = $header->getScripts();
44 $scripts->addFile('vendor/jquery/jquery.uitablefilter.js');
45 $scripts->addFile('table/change.js');
46 $scripts->addFile('indexes.js');
47 $scripts->addFile('gis_data_editor.js');
48 $scripts->addFile('multi_column_sort.js');
51 $sql = $containerBuilder->get('sql');
54 * Set ajax_reload in the response if it was already set
56 if (isset($ajax_reload) && $ajax_reload['reload'] === true) {
57 $response->addJSON('ajax_reload', $ajax_reload);
61 * Defines the url to return to in case of error in a sql statement
66 $goto = Util
::getScriptNameForOption(
67 $cfg['DefaultTabDatabase'],
71 $goto = Util
::getScriptNameForOption(
72 $cfg['DefaultTabTable'],
78 if (! isset($err_url)) {
79 $err_url = (! empty($back) ?
$back : $goto)
80 . '?' . Url
::getCommon(['db' => $GLOBALS['db']])
81 . ((mb_strpos(' ' . $goto, 'db_') != 1
82 && strlen($table) > 0)
83 ?
'&table=' . urlencode($table)
88 // Coming from a bookmark dialog
89 if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
90 $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
91 } elseif (isset($_POST['sql_query'])) {
92 $sql_query = $_POST['sql_query'];
93 } elseif (isset($_GET['sql_query']) && isset($_GET['sql_signature'])) {
94 if (Core
::checkSqlQuerySignature($_GET['sql_query'], $_GET['sql_signature'])) {
95 $sql_query = $_GET['sql_query'];
99 // This one is just to fill $db
100 if (isset($_POST['bkm_fields']['bkm_database'])) {
101 $db = $_POST['bkm_fields']['bkm_database'];
104 // During grid edit, if we have a relational field, show the dropdown for it.
105 if (isset($_POST['get_relational_values'])
106 && $_POST['get_relational_values'] == true
108 $sql->getRelationalValues($db, $table);
109 // script has exited at this point
112 // Just like above, find possible values for enum fields during grid edit.
113 if (isset($_POST['get_enum_values']) && $_POST['get_enum_values'] == true) {
114 $sql->getEnumOrSetValues($db, $table, "enum");
115 // script has exited at this point
119 // Find possible values for set fields during grid edit.
120 if (isset($_POST['get_set_values']) && $_POST['get_set_values'] == true) {
121 $sql->getEnumOrSetValues($db, $table, "set");
122 // script has exited at this point
125 if (isset($_GET['get_default_fk_check_value'])
126 && $_GET['get_default_fk_check_value'] == true
128 $response = Response
::getInstance();
130 'default_fk_check_value',
131 Util
::isForeignKeyCheck()
137 * Check ajax request to set the column order and visibility
139 if (isset($_POST['set_col_prefs']) && $_POST['set_col_prefs'] == true) {
140 $sql->setColumnOrderOrVisibility($table, $db);
141 // script has exited at this point
144 // Default to browse if no query set and we have table
145 // (needed for browsing from DefaultTabTable)
146 if (empty($sql_query) && strlen($table) > 0 && strlen($db) > 0) {
147 $sql_query = $sql->getDefaultSqlQueryForBrowse($db, $table);
149 // set $goto to what will be displayed if query returns 0 rows
152 // Now we can check the parameters
153 Util
::checkParameters(['sql_query']);
157 * Parse and analyze the query
160 $analyzed_sql_results,
163 ) = ParseAnalyze
::sqlQuery($sql_query, $db);
164 // @todo: possibly refactor
165 extract($analyzed_sql_results);
167 if ($table != $table_from_sql && ! empty($table_from_sql)) {
168 $table = $table_from_sql;
173 * Check rights in case of DROP DATABASE
175 * This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
176 * but since a malicious user may pass this variable by url/form, we don't take
177 * into account this case.
179 if ($sql->hasNoRightsToDropDatabase(
180 $analyzed_sql_results,
181 $cfg['AllowUserDropDatabase'],
185 __('"DROP DATABASE" statements are disabled.'),
193 * Need to find the real end of rows?
195 if (isset($find_real_end) && $find_real_end) {
196 $unlim_num_rows = $sql->findRealEndOfRows($db, $table);
203 if (isset($_POST['store_bkm'])) {
204 $sql->addBookmark($goto);
205 // script has exited at this point
210 * Sets or modifies the $goto variable if required
212 if ($goto == 'sql.php') {
213 $is_gotofile = false;
214 $goto = 'sql.php' . Url
::getCommon(
218 'sql_query' => $sql_query,
223 $sql->executeQueryAndSendQueryResponse(
224 $analyzed_sql_results, // analyzed_sql_results
225 $is_gotofile, // is_gotofile
228 isset($find_real_end) ?
$find_real_end : null, // find_real_end
229 isset($import_text) ?
$import_text : null, // sql_query_for_bookmark
230 isset($extra_data) ?
$extra_data : null, // extra_data
231 isset($message_to_show) ?
$message_to_show : null, // message_to_show
232 isset($message) ?
$message : null, // message
233 isset($sql_data) ?
$sql_data : null, // sql_data
235 $pmaThemeImage, // pmaThemeImage
236 isset($disp_query) ?
$display_query : null, // disp_query
237 isset($disp_message) ?
$disp_message : null, // disp_message
238 isset($query_type) ?
$query_type : null, // query_type
239 $sql_query, // sql_query
240 isset($selected) ?
$selected : null, // selectedTables
241 isset($complete_query) ?
$complete_query : null // complete_query