Translated using Weblate (Indonesian)
[phpmyadmin.git] / sql.php
blob425b8359c418682dea8b2e6daa23f7d67a21d300
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * SQL executor
6 * @todo we must handle the case if sql.php is called directly with a query
7 * that returns 0 rows - to prevent cyclic redirects or includes
8 * @package PhpMyAdmin
9 */
11 /**
12 * Gets some core libraries
14 require_once 'libraries/common.inc.php';
15 require_once 'libraries/Table.class.php';
16 require_once 'libraries/Header.class.php';
17 require_once 'libraries/check_user_privileges.lib.php';
18 require_once 'libraries/bookmark.lib.php';
19 require_once 'libraries/sql.lib.php';
20 require_once 'libraries/sqlparser.lib.php';
22 $response = PMA_Response::getInstance();
23 $header = $response->getHeader();
24 $scripts = $header->getScripts();
25 $scripts->addFile('jquery/jquery-ui-timepicker-addon.js');
26 $scripts->addFile('jquery/jquery.uitablefilter.js');
27 $scripts->addFile('tbl_change.js');
28 $scripts->addFile('indexes.js');
29 $scripts->addFile('gis_data_editor.js');
30 $scripts->addFile('multi_column_sort.js');
32 /**
33 * Set ajax_reload in the response if it was already set
35 if (isset($ajax_reload) && $ajax_reload['reload'] === true) {
36 $response->addJSON('ajax_reload', $ajax_reload);
40 /**
41 * Defines the url to return to in case of error in a sql statement
43 // Security checks
44 if (! empty($goto)) {
45 $is_gotofile = preg_replace('@^([^?]+).*$@s', '\\1', $goto);
46 if (! @file_exists('' . $is_gotofile)) {
47 unset($goto);
48 } else {
49 $is_gotofile = ($is_gotofile == $goto);
51 } else {
52 if (empty($table)) {
53 $goto = $cfg['DefaultTabDatabase'];
54 } else {
55 $goto = $cfg['DefaultTabTable'];
57 $is_gotofile = true;
58 } // end if
60 if (! isset($err_url)) {
61 $err_url = (! empty($back) ? $back : $goto)
62 . '?' . PMA_URL_getCommon(array('db' => $GLOBALS['db']))
63 . ((/*overload*/mb_strpos(' ' . $goto, 'db_') != 1
64 && /*overload*/mb_strlen($table))
65 ? '&amp;table=' . urlencode($table)
66 : ''
68 } // end if
70 // Coming from a bookmark dialog
71 if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
72 $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
73 } elseif (isset($_GET['sql_query'])) {
74 $sql_query = $_GET['sql_query'];
77 // This one is just to fill $db
78 if (isset($_POST['bkm_fields']['bkm_database'])) {
79 $db = $_POST['bkm_fields']['bkm_database'];
83 // During grid edit, if we have a relational field, show the dropdown for it.
84 if (isset($_REQUEST['get_relational_values'])
85 && $_REQUEST['get_relational_values'] == true
86 ) {
87 PMA_getRelationalValues($db, $table);
88 // script has exited at this point
91 // Just like above, find possible values for enum fields during grid edit.
92 if (isset($_REQUEST['get_enum_values']) && $_REQUEST['get_enum_values'] == true) {
93 PMA_getEnumOrSetValues($db, $table, "enum");
94 // script has exited at this point
98 // Find possible values for set fields during grid edit.
99 if (isset($_REQUEST['get_set_values']) && $_REQUEST['get_set_values'] == true) {
100 PMA_getEnumOrSetValues($db, $table, "set");
101 // script has exited at this point
105 * Check ajax request to set the column order and visibility
107 if (isset($_REQUEST['set_col_prefs']) && $_REQUEST['set_col_prefs'] == true) {
108 PMA_setColumnOrderOrVisibility($table, $db);
109 // script has exited at this point
112 // Default to browse if no query set and we have table
113 // (needed for browsing from DefaultTabTable)
114 $tableLength = /*overload*/mb_strlen($table);
115 $dbLength = /*overload*/mb_strlen($db);
116 if (empty($sql_query) && $tableLength && $dbLength) {
117 $sql_query = PMA_getDefaultSqlQueryForBrowse($db, $table);
119 // set $goto to what will be displayed if query returns 0 rows
120 $goto = '';
121 } else {
122 // Now we can check the parameters
123 PMA_Util::checkParameters(array('sql_query'));
127 * Parse and analyze the query
129 require_once 'libraries/parse_analyze.inc.php';
133 * Check rights in case of DROP DATABASE
135 * This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
136 * but since a malicious user may pass this variable by url/form, we don't take
137 * into account this case.
139 if (PMA_hasNoRightsToDropDatabase(
140 $analyzed_sql_results, $cfg['AllowUserDropDatabase'], $is_superuser
141 )) {
142 PMA_Util::mysqlDie(
143 __('"DROP DATABASE" statements are disabled.'),
145 false,
146 $err_url
148 } // end if
151 * Need to find the real end of rows?
153 if (isset($find_real_end) && $find_real_end) {
154 $unlim_num_rows = PMA_findRealEndOfRows($db, $table);
159 * Bookmark add
161 if (isset($_POST['store_bkm'])) {
162 PMA_addBookmark($cfg['PmaAbsoluteUri'], $goto);
163 // script has exited at this point
164 } // end if
168 * Sets or modifies the $goto variable if required
170 if ($goto == 'sql.php') {
171 $is_gotofile = false;
172 $goto = 'sql.php' . PMA_URL_getCommon(
173 array(
174 'db' => $db,
175 'table' => $table,
176 'sql_query' => $sql_query
179 } // end if
181 PMA_executeQueryAndSendQueryResponse(
182 $analyzed_sql_results,
183 $is_gotofile,
184 $db,
185 $table,
186 isset($find_real_end) ? $find_real_end : null,
187 isset($import_text) ? $import_text : null,
188 isset($extra_data) ? $extra_data : null,
189 $is_affected,
190 isset($message_to_show) ? $message_to_show : null,
191 isset($message) ? $message : null,
192 isset($sql_data) ? $sql_data : null,
193 $goto,
194 $pmaThemeImage,
195 isset($disp_query) ? $display_query : null,
196 isset($disp_message) ? $disp_message : null,
197 isset($query_type) ? $query_type : null,
198 $sql_query,
199 isset($selected) ? $selected : null,
200 isset($complete_query) ? $complete_query : null