src/SqlQueryForm.php

   1 <?php
   2 /**
   3  * functions for displaying the sql query form
   4  *
   5  * @usedby  /server/sql
   6  * @usedby  /database/sql
   7  * @usedby  /table/sql
   8  * @usedby  /table/structure
   9  * @usedby  /table/tracking
  10  */
  11
  12 declare(strict_types=1);
  13
  14 namespace PhpMyAdmin;
  15
  16 use PhpMyAdmin\Bookmarks\BookmarkRepository;
  17 use PhpMyAdmin\ConfigStorage\Relation;
  18 use PhpMyAdmin\Html\MySQLDocumentation;
  19 use PhpMyAdmin\Utils\ForeignKey;
  20
  21 use function __;
  22 use function htmlspecialchars;
  23 use function sprintf;
  24 use function str_contains;
  25
  26 /**
  27  * PhpMyAdmin\SqlQueryForm class
  28  */
  29 class SqlQueryForm
  30 {
  31     public function __construct(
  32         private Template $template,
  33         private DatabaseInterface $dbi,
  34         private readonly BookmarkRepository $bookmarkRepository,
  35     ) {
  36     }
  37
  38     /**
  39      * return HTML for the sql query boxes
  40      *
  41      * @param bool|string $query      query to display in the textarea
  42      *                                or true to display last executed
  43      * @param bool|string $displayTab sql|full|false
  44      *                                 what part to display
  45      *                                 false if not inside querywindow
  46      * @param string      $delimiter  delimiter
  47      *
  48      * @usedby  /server/sql
  49      * @usedby  /database/sql
  50      * @usedby  /table/sql
  51      * @usedby  /table/structure
  52      * @usedby  /table/tracking
  53      */
  54     public function getHtml(
  55         string $db,
  56         string $table,
  57         bool|string $query = true,
  58         bool|string $displayTab = false,
  59         string $delimiter = ';',
  60     ): string {
  61         if ($displayTab === false || $displayTab === '') {
  62             $displayTab = 'full';
  63         }
  64
  65         // query to show
  66         if ($query === true) {
  67             $query = $GLOBALS['sql_query'];
  68             if (empty($query) && (isset($_GET['show_query']) || isset($_POST['show_query']))) {
  69                 $query = $_GET['sql_query'] ?? $_POST['sql_query'] ?? '';
  70             }
  71         }
  72
  73         if ($db === '') {
  74             // prepare for server related
  75             $goto = empty($GLOBALS['goto']) ? Url::getFromRoute('/server/sql') : $GLOBALS['goto'];
  76         } elseif ($table === '') {
  77             // prepare for db related
  78             $goto = empty($GLOBALS['goto']) ? Url::getFromRoute('/database/sql') : $GLOBALS['goto'];
  79         } else {
  80             $goto = empty($GLOBALS['goto']) ? Url::getFromRoute('/table/sql') : $GLOBALS['goto'];
  81         }
  82
  83         if ($displayTab === 'full' || $displayTab === 'sql') {
  84             [$legend, $query, $columnsList] = $this->init($query);
  85         }
  86
  87         $relation = new Relation($this->dbi);
  88         $bookmarkFeature = $relation->getRelationParameters()->bookmarkFeature;
  89
  90         $bookmarks = [];
  91         $config = Config::getInstance();
  92         if ($displayTab === 'full' && $bookmarkFeature !== null) {
  93             $bookmarkList = $this->bookmarkRepository->getList($config->selectedServer['user'], $db);
  94
  95             foreach ($bookmarkList as $bookmarkItem) {
  96                 $bookmarks[] = [
  97                     'id' => $bookmarkItem->getId(),
  98                     'variable_count' => $bookmarkItem->getVariableCount(),
  99                     'label' => $bookmarkItem->getLabel(),
 100                     'is_shared' => $bookmarkItem->getUser() === '',
 101                 ];
 102             }
 103         }
 104
 105         return $this->template->render('sql/query', [
 106             'legend' => $legend ?? '',
 107             'textarea_cols' => $config->settings['TextareaCols'],
 108             'textarea_rows' => $config->settings['TextareaRows'],
 109             'textarea_auto_select' => $config->settings['TextareaAutoSelect'],
 110             'columns_list' => $columnsList ?? [],
 111             'codemirror_enable' => $config->settings['CodemirrorEnable'],
 112             'has_bookmark' => $bookmarkFeature !== null,
 113             'delimiter' => $delimiter,
 114             'retain_query_box' => $config->settings['RetainQueryBox'] !== false,
 115             'is_upload' => $config->get('enable_upload'),
 116             'db' => $db,
 117             'table' => $table,
 118             'goto' => $goto,
 119             'query' => $query,
 120             'display_tab' => $displayTab,
 121             'bookmarks' => $bookmarks,
 122             'can_convert_kanji' => Encoding::canConvertKanji(),
 123             'is_foreign_key_check' => ForeignKey::isCheckEnabled(),
 124             'allow_shared_bookmarks' => $config->settings['AllowSharedBookmarks'],
 125         ]);
 126     }
 127
 128     /**
 129      * Get initial values for Sql Query Form Insert
 130      *
 131      * @param string $query query to display in the textarea
 132      *
 133      * @return array{string, string, ColumnFull[]}
 134      */
 135     public function init(string $query): array
 136     {
 137         $columnsList = [];
 138         $config = Config::getInstance();
 139         if ($GLOBALS['db'] === '') {
 140             // prepare for server related
 141             $legend = sprintf(
 142                 __('Run SQL query/queries on server “%s”'),
 143                 htmlspecialchars(
 144                     ! empty($config->settings['Servers'][$GLOBALS['server']]['verbose'])
 145                     ? $config->settings['Servers'][$GLOBALS['server']]['verbose']
 146                     : $config->settings['Servers'][$GLOBALS['server']]['host'],
 147                 ),
 148             );
 149         } elseif ($GLOBALS['table'] === '') {
 150             // prepare for db related
 151             $db = $GLOBALS['db'];
 152             // if you want navigation:
 153             $scriptName = Util::getScriptNameForOption($config->settings['DefaultTabDatabase'], 'database');
 154             $tmpDbLink = '<a href="' . $scriptName
 155                 . Url::getCommon(['db' => $db], ! str_contains($scriptName, '?') ? '?' : '&')
 156                 . '">';
 157             $tmpDbLink .= htmlspecialchars($db) . '</a>';
 158             $legend = sprintf(__('Run SQL query/queries on database %s'), $tmpDbLink);
 159             if ($query === '') {
 160                 $query = Util::expandUserString($config->settings['DefaultQueryDatabase'], Util::backquote(...));
 161             }
 162         } else {
 163             $db = $GLOBALS['db'];
 164             $table = $GLOBALS['table'];
 165             // Get the list and number of fields
 166             // we do a try_query here, because we could be in the query window,
 167             // trying to synchronize and the table has not yet been created
 168             $columnsList = $this->dbi->getColumns($db, $GLOBALS['table'], true);
 169
 170             $scriptName = Util::getScriptNameForOption($config->settings['DefaultTabTable'], 'table');
 171             $tmpTblLink = '<a href="' . $scriptName . Url::getCommon(['db' => $db, 'table' => $table], '&') . '">';
 172             $tmpTblLink .= htmlspecialchars($db) . '.' . htmlspecialchars($table) . '</a>';
 173             $legend = sprintf(__('Run SQL query/queries on table %s'), $tmpTblLink);
 174             if ($query === '') {
 175                 $query = Util::expandUserString($config->settings['DefaultQueryTable'], Util::backquote(...));
 176             }
 177         }
 178
 179         $legend .= ': ' . MySQLDocumentation::show('SELECT');
 180
 181         return [$legend, $query, $columnsList];
 182     }
 183 }