tbl_get_field.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Provides download to a given field defined in parameters.
   5  *
   6  * @package PhpMyAdmin
   7  */
   8 declare(strict_types=1);
   9
  10 use PhpMyAdmin\Core;
  11 use PhpMyAdmin\DatabaseInterface;
  12 use PhpMyAdmin\Mime;
  13 use PhpMyAdmin\Response;
  14
  15 if (! defined('ROOT_PATH')) {
  16     define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
  17 }
  18
  19 require_once ROOT_PATH . 'libraries/common.inc.php';
  20
  21 /** @var Response $response */
  22 $response = $containerBuilder->get(Response::class);
  23
  24 /** @var DatabaseInterface $dbi */
  25 $dbi = $containerBuilder->get(DatabaseInterface::class);
  26
  27 /** @var string $db */
  28 $db = $containerBuilder->getParameter('db');
  29
  30 /** @var string $table */
  31 $table = $containerBuilder->getParameter('table');
  32
  33 $response->disable();
  34
  35 /* Check parameters */
  36 PhpMyAdmin\Util::checkParameters(
  37     [
  38         'db',
  39         'table',
  40     ]
  41 );
  42
  43 /* Select database */
  44 if (! $dbi->selectDb($db)) {
  45     PhpMyAdmin\Util::mysqlDie(
  46         sprintf(__('\'%s\' database does not exist.'), htmlspecialchars($db)),
  47         '',
  48         false
  49     );
  50 }
  51
  52 /* Check if table exists */
  53 if (! $dbi->getColumns($db, $table)) {
  54     PhpMyAdmin\Util::mysqlDie(__('Invalid table name'));
  55 }
  56
  57 if (! isset($_GET['where_clause'])
  58     || ! isset($_GET['where_clause_sign'])
  59     || ! Core::checkSqlQuerySignature($_GET['where_clause'], $_GET['where_clause_sign'])
  60 ) {
  61 /* l10n: In case a SQL query did not pass a security check  */
  62     Core::fatalError(__('There is an issue with your request.'));
  63     exit;
  64 }
  65
  66 /* Grab data */
  67 $sql = 'SELECT ' . PhpMyAdmin\Util::backquote($_GET['transform_key'])
  68     . ' FROM ' . PhpMyAdmin\Util::backquote($table)
  69     . ' WHERE ' . $_GET['where_clause'] . ';';
  70 $result = $dbi->fetchValue($sql);
  71
  72 /* Check return code */
  73 if ($result === false) {
  74     PhpMyAdmin\Util::mysqlDie(
  75         __('MySQL returned an empty result set (i.e. zero rows).'),
  76         $sql
  77     );
  78 }
  79
  80 /* Avoid corrupting data */
  81 ini_set('url_rewriter.tags', '');
  82
  83 Core::downloadHeader(
  84     $table . '-' . $_GET['transform_key'] . '.bin',
  85     Mime::detect($result),
  86     strlen($result)
  87 );
  88 echo $result;