Merge pull request #15404 from jfcherng/fix-php74-curly-braces
[phpmyadmin.git] / sql.php
blob8a5c2cd7550f110c6997b67c1eb55099b31cb645
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * SQL executor
6 * @todo we must handle the case if sql.php is called directly with a query
7 * that returns 0 rows - to prevent cyclic redirects or includes
8 * @package PhpMyAdmin
9 */
10 use PhpMyAdmin\Config\PageSettings;
11 use PhpMyAdmin\ParseAnalyze;
12 use PhpMyAdmin\Response;
13 use PhpMyAdmin\Sql;
14 use PhpMyAdmin\Url;
15 use PhpMyAdmin\Util;
16 use PhpMyAdmin\Core;
18 /**
19 * Gets some core libraries
21 require_once 'libraries/common.inc.php';
22 require_once 'libraries/check_user_privileges.inc.php';
24 PageSettings::showGroup('Browse');
26 $response = Response::getInstance();
27 $header = $response->getHeader();
28 $scripts = $header->getScripts();
29 $scripts->addFile('vendor/jquery/jquery.uitablefilter.js');
30 $scripts->addFile('tbl_change.js');
31 $scripts->addFile('indexes.js');
32 $scripts->addFile('gis_data_editor.js');
33 $scripts->addFile('multi_column_sort.js');
35 $sql = new Sql();
37 /**
38 * Set ajax_reload in the response if it was already set
40 if (isset($ajax_reload) && $ajax_reload['reload'] === true) {
41 $response->addJSON('ajax_reload', $ajax_reload);
44 /**
45 * Defines the url to return to in case of error in a sql statement
47 $is_gotofile = true;
48 if (empty($goto)) {
49 if (empty($table)) {
50 $goto = Util::getScriptNameForOption(
51 $GLOBALS['cfg']['DefaultTabDatabase'], 'database'
53 } else {
54 $goto = Util::getScriptNameForOption(
55 $GLOBALS['cfg']['DefaultTabTable'], 'table'
58 } // end if
60 if (! isset($err_url)) {
61 $err_url = (! empty($back) ? $back : $goto)
62 . '?' . Url::getCommon(array('db' => $GLOBALS['db']))
63 . ((mb_strpos(' ' . $goto, 'db_') != 1
64 && strlen($table) > 0)
65 ? '&amp;table=' . urlencode($table)
66 : ''
68 } // end if
70 // Coming from a bookmark dialog
71 if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
72 $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
73 } elseif (isset($_POST['sql_query'])) {
74 $sql_query = $_POST['sql_query'];
75 } elseif (isset($_GET['sql_query']) && isset($_GET['sql_signature'])) {
76 if (Core::checkSqlQuerySignature($_GET['sql_query'], $_GET['sql_signature'])) {
77 $sql_query = $_GET['sql_query'];
81 // This one is just to fill $db
82 if (isset($_POST['bkm_fields']['bkm_database'])) {
83 $db = $_POST['bkm_fields']['bkm_database'];
86 // During grid edit, if we have a relational field, show the dropdown for it.
87 if (isset($_POST['get_relational_values'])
88 && $_POST['get_relational_values'] == true
89 ) {
90 $sql->getRelationalValues($db, $table);
91 // script has exited at this point
94 // Just like above, find possible values for enum fields during grid edit.
95 if (isset($_POST['get_enum_values']) && $_POST['get_enum_values'] == true) {
96 $sql->getEnumOrSetValues($db, $table, "enum");
97 // script has exited at this point
101 // Find possible values for set fields during grid edit.
102 if (isset($_POST['get_set_values']) && $_POST['get_set_values'] == true) {
103 $sql->getEnumOrSetValues($db, $table, "set");
104 // script has exited at this point
107 if (isset($_GET['get_default_fk_check_value'])
108 && $_GET['get_default_fk_check_value'] == true
110 $response = Response::getInstance();
111 $response->addJSON(
112 'default_fk_check_value', Util::isForeignKeyCheck()
114 exit;
118 * Check ajax request to set the column order and visibility
120 if (isset($_POST['set_col_prefs']) && $_POST['set_col_prefs'] == true) {
121 $sql->setColumnOrderOrVisibility($table, $db);
122 // script has exited at this point
125 // Default to browse if no query set and we have table
126 // (needed for browsing from DefaultTabTable)
127 if (empty($sql_query) && strlen($table) > 0 && strlen($db) > 0) {
128 $sql_query = $sql->getDefaultSqlQueryForBrowse($db, $table);
130 // set $goto to what will be displayed if query returns 0 rows
131 $goto = '';
132 } else {
133 // Now we can check the parameters
134 Util::checkParameters(array('sql_query'));
138 * Parse and analyze the query
140 list(
141 $analyzed_sql_results,
142 $db,
143 $table_from_sql
144 ) = ParseAnalyze::sqlQuery($sql_query, $db);
145 // @todo: possibly refactor
146 extract($analyzed_sql_results);
148 if ($table != $table_from_sql && !empty($table_from_sql)) {
149 $table = $table_from_sql;
154 * Check rights in case of DROP DATABASE
156 * This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
157 * but since a malicious user may pass this variable by url/form, we don't take
158 * into account this case.
160 if ($sql->hasNoRightsToDropDatabase(
161 $analyzed_sql_results, $cfg['AllowUserDropDatabase'], $GLOBALS['dbi']->isSuperuser()
162 )) {
163 Util::mysqlDie(
164 __('"DROP DATABASE" statements are disabled.'),
166 false,
167 $err_url
169 } // end if
172 * Need to find the real end of rows?
174 if (isset($find_real_end) && $find_real_end) {
175 $unlim_num_rows = $sql->findRealEndOfRows($db, $table);
180 * Bookmark add
182 if (isset($_POST['store_bkm'])) {
183 $sql->addBookmark($goto);
184 // script has exited at this point
185 } // end if
189 * Sets or modifies the $goto variable if required
191 if ($goto == 'sql.php') {
192 $is_gotofile = false;
193 $goto = 'sql.php' . Url::getCommon(
194 array(
195 'db' => $db,
196 'table' => $table,
197 'sql_query' => $sql_query
200 } // end if
202 $sql->executeQueryAndSendQueryResponse(
203 $analyzed_sql_results, // analyzed_sql_results
204 $is_gotofile, // is_gotofile
205 $db, // db
206 $table, // table
207 isset($find_real_end) ? $find_real_end : null, // find_real_end
208 isset($import_text) ? $import_text : null, // sql_query_for_bookmark
209 isset($extra_data) ? $extra_data : null, // extra_data
210 isset($message_to_show) ? $message_to_show : null, // message_to_show
211 isset($message) ? $message : null, // message
212 isset($sql_data) ? $sql_data : null, // sql_data
213 $goto, // goto
214 $pmaThemeImage, // pmaThemeImage
215 isset($disp_query) ? $display_query : null, // disp_query
216 isset($disp_message) ? $disp_message : null, // disp_message
217 isset($query_type) ? $query_type : null, // query_type
218 $sql_query, // sql_query
219 isset($selected) ? $selected : null, // selectedTables
220 isset($complete_query) ? $complete_query : null // complete_query