2 /* vim: set expandtab sw=4 ts=4 sts=4: */
6 * @todo we must handle the case if sql.php is called directly with a query
7 * that returns 0 rows - to prevent cyclic redirects or includes
10 declare(strict_types
=1);
12 use PhpMyAdmin\Config\PageSettings
;
13 use PhpMyAdmin\ParseAnalyze
;
14 use PhpMyAdmin\Response
;
20 * Gets some core libraries
22 require_once 'libraries/common.inc.php';
23 require_once 'libraries/check_user_privileges.inc.php';
25 PageSettings
::showGroup('Browse');
27 $response = Response
::getInstance();
28 $header = $response->getHeader();
29 $scripts = $header->getScripts();
30 $scripts->addFile('vendor/jquery/jquery.uitablefilter.js');
31 $scripts->addFile('tbl_change.js');
32 $scripts->addFile('indexes.js');
33 $scripts->addFile('gis_data_editor.js');
34 $scripts->addFile('multi_column_sort.js');
39 * Set ajax_reload in the response if it was already set
41 if (isset($ajax_reload) && $ajax_reload['reload'] === true) {
42 $response->addJSON('ajax_reload', $ajax_reload);
46 * Defines the url to return to in case of error in a sql statement
51 $goto = Util
::getScriptNameForOption(
52 $GLOBALS['cfg']['DefaultTabDatabase'],
56 $goto = Util
::getScriptNameForOption(
57 $GLOBALS['cfg']['DefaultTabTable'],
63 if (! isset($err_url)) {
64 $err_url = (! empty($back) ?
$back : $goto)
65 . '?' . Url
::getCommon(['db' => $GLOBALS['db']])
66 . ((mb_strpos(' ' . $goto, 'db_') != 1
67 && strlen($table) > 0)
68 ?
'&table=' . urlencode($table)
73 // Coming from a bookmark dialog
74 if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
75 $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
76 } elseif (isset($_POST['sql_query'])) {
77 $sql_query = $_POST['sql_query'];
80 // This one is just to fill $db
81 if (isset($_POST['bkm_fields']['bkm_database'])) {
82 $db = $_POST['bkm_fields']['bkm_database'];
85 // During grid edit, if we have a relational field, show the dropdown for it.
86 if (isset($_REQUEST['get_relational_values'])
87 && $_REQUEST['get_relational_values'] == true
89 $sql->getRelationalValues($db, $table);
90 // script has exited at this point
93 // Just like above, find possible values for enum fields during grid edit.
94 if (isset($_REQUEST['get_enum_values']) && $_REQUEST['get_enum_values'] == true) {
95 $sql->getEnumOrSetValues($db, $table, "enum");
96 // script has exited at this point
100 // Find possible values for set fields during grid edit.
101 if (isset($_REQUEST['get_set_values']) && $_REQUEST['get_set_values'] == true) {
102 $sql->getEnumOrSetValues($db, $table, "set");
103 // script has exited at this point
106 if (isset($_REQUEST['get_default_fk_check_value'])
107 && $_REQUEST['get_default_fk_check_value'] == true
109 $response = Response
::getInstance();
111 'default_fk_check_value',
112 Util
::isForeignKeyCheck()
118 * Check ajax request to set the column order and visibility
120 if (isset($_REQUEST['set_col_prefs']) && $_REQUEST['set_col_prefs'] == true) {
121 $sql->setColumnOrderOrVisibility($table, $db);
122 // script has exited at this point
125 // Default to browse if no query set and we have table
126 // (needed for browsing from DefaultTabTable)
127 if (empty($sql_query) && strlen($table) > 0 && strlen($db) > 0) {
128 $sql_query = $sql->getDefaultSqlQueryForBrowse($db, $table);
130 // set $goto to what will be displayed if query returns 0 rows
133 // Now we can check the parameters
134 Util
::checkParameters(['sql_query']);
138 * Parse and analyze the query
141 $analyzed_sql_results,
144 ) = ParseAnalyze
::sqlQuery($sql_query, $db);
145 // @todo: possibly refactor
146 extract($analyzed_sql_results);
148 if ($table != $table_from_sql && !empty($table_from_sql)) {
149 $table = $table_from_sql;
154 * Check rights in case of DROP DATABASE
156 * This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
157 * but since a malicious user may pass this variable by url/form, we don't take
158 * into account this case.
160 if ($sql->hasNoRightsToDropDatabase(
161 $analyzed_sql_results,
162 $cfg['AllowUserDropDatabase'],
163 $GLOBALS['dbi']->isSuperuser()
166 __('"DROP DATABASE" statements are disabled.'),
174 * Need to find the real end of rows?
176 if (isset($find_real_end) && $find_real_end) {
177 $unlim_num_rows = $sql->findRealEndOfRows($db, $table);
184 if (isset($_POST['store_bkm'])) {
185 $sql->addBookmark($goto);
186 // script has exited at this point
191 * Sets or modifies the $goto variable if required
193 if ($goto == 'sql.php') {
194 $is_gotofile = false;
195 $goto = 'sql.php' . Url
::getCommon(
199 'sql_query' => $sql_query
204 $sql->executeQueryAndSendQueryResponse(
205 $analyzed_sql_results, // analyzed_sql_results
206 $is_gotofile, // is_gotofile
209 isset($find_real_end) ?
$find_real_end : null, // find_real_end
210 isset($import_text) ?
$import_text : null, // sql_query_for_bookmark
211 isset($extra_data) ?
$extra_data : null, // extra_data
212 isset($message_to_show) ?
$message_to_show : null, // message_to_show
213 isset($message) ?
$message : null, // message
214 isset($sql_data) ?
$sql_data : null, // sql_data
216 $pmaThemeImage, // pmaThemeImage
217 isset($disp_query) ?
$display_query : null, // disp_query
218 isset($disp_message) ?
$disp_message : null, // disp_message
219 isset($query_type) ?
$query_type : null, // query_type
220 $sql_query, // sql_query
221 isset($selected) ?
$selected : null, // selectedTables
222 isset($complete_query) ?
$complete_query : null // complete_query