2 /* vim: set expandtab sw=4 ts=4 sts=4: */
6 * @todo we must handle the case if sql.php is called directly with a query
7 * that returns 0 rows - to prevent cyclic redirects or includes
10 declare(strict_types
=1);
12 use PhpMyAdmin\CheckUserPrivileges
;
13 use PhpMyAdmin\Config\PageSettings
;
14 use PhpMyAdmin\DatabaseInterface
;
15 use PhpMyAdmin\Di\Container
;
16 use PhpMyAdmin\ParseAnalyze
;
17 use PhpMyAdmin\Response
;
22 if (! defined('ROOT_PATH')) {
23 define('ROOT_PATH', __DIR__
. DIRECTORY_SEPARATOR
);
27 * Gets some core libraries
29 require_once ROOT_PATH
. 'libraries/common.inc.php';
31 $container = Container
::getDefaultContainer();
32 $container->set(Response
::class, Response
::getInstance());
34 /** @var Response $response */
35 $response = $container->get(Response
::class);
37 /** @var DatabaseInterface $dbi */
38 $dbi = $container->get(DatabaseInterface
::class);
40 $checkUserPrivileges = new CheckUserPrivileges($dbi);
41 $checkUserPrivileges->getPrivileges();
43 PageSettings
::showGroup('Browse');
45 $header = $response->getHeader();
46 $scripts = $header->getScripts();
47 $scripts->addFile('vendor/jquery/jquery.uitablefilter.js');
48 $scripts->addFile('tbl_change.js');
49 $scripts->addFile('indexes.js');
50 $scripts->addFile('gis_data_editor.js');
51 $scripts->addFile('multi_column_sort.js');
56 * Set ajax_reload in the response if it was already set
58 if (isset($ajax_reload) && $ajax_reload['reload'] === true) {
59 $response->addJSON('ajax_reload', $ajax_reload);
63 * Defines the url to return to in case of error in a sql statement
68 $goto = Util
::getScriptNameForOption(
69 $GLOBALS['cfg']['DefaultTabDatabase'],
73 $goto = Util
::getScriptNameForOption(
74 $GLOBALS['cfg']['DefaultTabTable'],
80 if (! isset($err_url)) {
81 $err_url = (! empty($back) ?
$back : $goto)
82 . '?' . Url
::getCommon(['db' => $GLOBALS['db']])
83 . ((mb_strpos(' ' . $goto, 'db_') != 1
84 && strlen($table) > 0)
85 ?
'&table=' . urlencode($table)
90 // Coming from a bookmark dialog
91 if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
92 $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
93 } elseif (isset($_POST['sql_query'])) {
94 $sql_query = $_POST['sql_query'];
97 // This one is just to fill $db
98 if (isset($_POST['bkm_fields']['bkm_database'])) {
99 $db = $_POST['bkm_fields']['bkm_database'];
102 // During grid edit, if we have a relational field, show the dropdown for it.
103 if (isset($_POST['get_relational_values'])
104 && $_POST['get_relational_values'] == true
106 $sql->getRelationalValues($db, $table);
107 // script has exited at this point
110 // Just like above, find possible values for enum fields during grid edit.
111 if (isset($_POST['get_enum_values']) && $_POST['get_enum_values'] == true) {
112 $sql->getEnumOrSetValues($db, $table, "enum");
113 // script has exited at this point
117 // Find possible values for set fields during grid edit.
118 if (isset($_POST['get_set_values']) && $_POST['get_set_values'] == true) {
119 $sql->getEnumOrSetValues($db, $table, "set");
120 // script has exited at this point
123 if (isset($_GET['get_default_fk_check_value'])
124 && $_GET['get_default_fk_check_value'] == true
126 $response = Response
::getInstance();
128 'default_fk_check_value',
129 Util
::isForeignKeyCheck()
135 * Check ajax request to set the column order and visibility
137 if (isset($_POST['set_col_prefs']) && $_POST['set_col_prefs'] == true) {
138 $sql->setColumnOrderOrVisibility($table, $db);
139 // script has exited at this point
142 // Default to browse if no query set and we have table
143 // (needed for browsing from DefaultTabTable)
144 if (empty($sql_query) && strlen($table) > 0 && strlen($db) > 0) {
145 $sql_query = $sql->getDefaultSqlQueryForBrowse($db, $table);
147 // set $goto to what will be displayed if query returns 0 rows
150 // Now we can check the parameters
151 Util
::checkParameters(['sql_query']);
155 * Parse and analyze the query
158 $analyzed_sql_results,
161 ) = ParseAnalyze
::sqlQuery($sql_query, $db);
162 // @todo: possibly refactor
163 extract($analyzed_sql_results);
165 if ($table != $table_from_sql && ! empty($table_from_sql)) {
166 $table = $table_from_sql;
171 * Check rights in case of DROP DATABASE
173 * This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
174 * but since a malicious user may pass this variable by url/form, we don't take
175 * into account this case.
177 if ($sql->hasNoRightsToDropDatabase(
178 $analyzed_sql_results,
179 $cfg['AllowUserDropDatabase'],
183 __('"DROP DATABASE" statements are disabled.'),
191 * Need to find the real end of rows?
193 if (isset($find_real_end) && $find_real_end) {
194 $unlim_num_rows = $sql->findRealEndOfRows($db, $table);
201 if (isset($_POST['store_bkm'])) {
202 $sql->addBookmark($goto);
203 // script has exited at this point
208 * Sets or modifies the $goto variable if required
210 if ($goto == 'sql.php') {
211 $is_gotofile = false;
212 $goto = 'sql.php' . Url
::getCommon(
216 'sql_query' => $sql_query,
221 $sql->executeQueryAndSendQueryResponse(
222 $analyzed_sql_results, // analyzed_sql_results
223 $is_gotofile, // is_gotofile
226 isset($find_real_end) ?
$find_real_end : null, // find_real_end
227 isset($import_text) ?
$import_text : null, // sql_query_for_bookmark
228 isset($extra_data) ?
$extra_data : null, // extra_data
229 isset($message_to_show) ?
$message_to_show : null, // message_to_show
230 isset($message) ?
$message : null, // message
231 isset($sql_data) ?
$sql_data : null, // sql_data
233 $pmaThemeImage, // pmaThemeImage
234 isset($disp_query) ?
$display_query : null, // disp_query
235 isset($disp_message) ?
$disp_message : null, // disp_message
236 isset($query_type) ?
$query_type : null, // query_type
237 $sql_query, // sql_query
238 isset($selected) ?
$selected : null, // selectedTables
239 isset($complete_query) ?
$complete_query : null // complete_query