2 /* vim: set expandtab sw=4 ts=4 sts=4: */
6 * @todo we must handle the case if sql.php is called directly with a query
7 * that returns 0 rows - to prevent cyclic redirects or includes
10 use PhpMyAdmin\Config\PageSettings
;
11 use PhpMyAdmin\ParseAnalyze
;
12 use PhpMyAdmin\Response
;
18 * Gets some core libraries
20 require_once 'libraries/common.inc.php';
21 require_once 'libraries/check_user_privileges.inc.php';
23 PageSettings
::showGroup('Browse');
25 $response = Response
::getInstance();
26 $header = $response->getHeader();
27 $scripts = $header->getScripts();
28 $scripts->addFile('vendor/jquery/jquery.uitablefilter.js');
29 $scripts->addFile('tbl_change.js');
30 $scripts->addFile('indexes.js');
31 $scripts->addFile('gis_data_editor.js');
32 $scripts->addFile('multi_column_sort.js');
35 * Set ajax_reload in the response if it was already set
37 if (isset($ajax_reload) && $ajax_reload['reload'] === true) {
38 $response->addJSON('ajax_reload', $ajax_reload);
42 * Defines the url to return to in case of error in a sql statement
47 $goto = Util
::getScriptNameForOption(
48 $GLOBALS['cfg']['DefaultTabDatabase'], 'database'
51 $goto = Util
::getScriptNameForOption(
52 $GLOBALS['cfg']['DefaultTabTable'], 'table'
57 if (! isset($err_url)) {
58 $err_url = (! empty($back) ?
$back : $goto)
59 . '?' . Url
::getCommon(array('db' => $GLOBALS['db']))
60 . ((mb_strpos(' ' . $goto, 'db_') != 1
61 && strlen($table) > 0)
62 ?
'&table=' . urlencode($table)
67 // Coming from a bookmark dialog
68 if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
69 $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
70 } elseif (isset($_GET['sql_query'])) {
71 $sql_query = $_GET['sql_query'];
74 // This one is just to fill $db
75 if (isset($_POST['bkm_fields']['bkm_database'])) {
76 $db = $_POST['bkm_fields']['bkm_database'];
79 // During grid edit, if we have a relational field, show the dropdown for it.
80 if (isset($_REQUEST['get_relational_values'])
81 && $_REQUEST['get_relational_values'] == true
83 Sql
::getRelationalValues($db, $table);
84 // script has exited at this point
87 // Just like above, find possible values for enum fields during grid edit.
88 if (isset($_REQUEST['get_enum_values']) && $_REQUEST['get_enum_values'] == true) {
89 Sql
::getEnumOrSetValues($db, $table, "enum");
90 // script has exited at this point
94 // Find possible values for set fields during grid edit.
95 if (isset($_REQUEST['get_set_values']) && $_REQUEST['get_set_values'] == true) {
96 Sql
::getEnumOrSetValues($db, $table, "set");
97 // script has exited at this point
100 if (isset($_REQUEST['get_default_fk_check_value'])
101 && $_REQUEST['get_default_fk_check_value'] == true
103 $response = Response
::getInstance();
105 'default_fk_check_value', Util
::isForeignKeyCheck()
111 * Check ajax request to set the column order and visibility
113 if (isset($_REQUEST['set_col_prefs']) && $_REQUEST['set_col_prefs'] == true) {
114 Sql
::setColumnOrderOrVisibility($table, $db);
115 // script has exited at this point
118 // Default to browse if no query set and we have table
119 // (needed for browsing from DefaultTabTable)
120 if (empty($sql_query) && strlen($table) > 0 && strlen($db) > 0) {
121 $sql_query = Sql
::getDefaultSqlQueryForBrowse($db, $table);
123 // set $goto to what will be displayed if query returns 0 rows
126 // Now we can check the parameters
127 Util
::checkParameters(array('sql_query'));
131 * Parse and analyze the query
134 $analyzed_sql_results,
137 ) = ParseAnalyze
::sqlQuery($sql_query, $db);
138 // @todo: possibly refactor
139 extract($analyzed_sql_results);
141 if ($table != $table_from_sql && !empty($table_from_sql)) {
142 $table = $table_from_sql;
147 * Check rights in case of DROP DATABASE
149 * This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
150 * but since a malicious user may pass this variable by url/form, we don't take
151 * into account this case.
153 if (Sql
::hasNoRightsToDropDatabase(
154 $analyzed_sql_results, $cfg['AllowUserDropDatabase'], $GLOBALS['dbi']->isSuperuser()
157 __('"DROP DATABASE" statements are disabled.'),
165 * Need to find the real end of rows?
167 if (isset($find_real_end) && $find_real_end) {
168 $unlim_num_rows = Sql
::findRealEndOfRows($db, $table);
175 if (isset($_POST['store_bkm'])) {
176 Sql
::addBookmark($goto);
177 // script has exited at this point
182 * Sets or modifies the $goto variable if required
184 if ($goto == 'sql.php') {
185 $is_gotofile = false;
186 $goto = 'sql.php' . Url
::getCommon(
190 'sql_query' => $sql_query
195 Sql
::executeQueryAndSendQueryResponse(
196 $analyzed_sql_results, // analyzed_sql_results
197 $is_gotofile, // is_gotofile
200 isset($find_real_end) ?
$find_real_end : null, // find_real_end
201 isset($import_text) ?
$import_text : null, // sql_query_for_bookmark
202 isset($extra_data) ?
$extra_data : null, // extra_data
203 isset($message_to_show) ?
$message_to_show : null, // message_to_show
204 isset($message) ?
$message : null, // message
205 isset($sql_data) ?
$sql_data : null, // sql_data
207 $pmaThemeImage, // pmaThemeImage
208 isset($disp_query) ?
$display_query : null, // disp_query
209 isset($disp_message) ?
$disp_message : null, // disp_message
210 isset($query_type) ?
$query_type : null, // query_type
211 $sql_query, // sql_query
212 isset($selected) ?
$selected : null, // selectedTables
213 isset($complete_query) ?
$complete_query : null // complete_query