Prepare for 5.0.4
[phpmyadmin.git] / sql.php
blob3da6a51e7b7d72c957510f04fa91cd9abb255c11
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * SQL executor
6 * @todo we must handle the case if sql.php is called directly with a query
7 * that returns 0 rows - to prevent cyclic redirects or includes
8 * @package PhpMyAdmin
9 */
10 declare(strict_types=1);
12 use PhpMyAdmin\CheckUserPrivileges;
13 use PhpMyAdmin\Config\PageSettings;
14 use PhpMyAdmin\DatabaseInterface;
15 use PhpMyAdmin\ParseAnalyze;
16 use PhpMyAdmin\Response;
17 use PhpMyAdmin\Sql;
18 use PhpMyAdmin\Url;
19 use PhpMyAdmin\Util;
20 use PhpMyAdmin\Core;
22 if (! defined('ROOT_PATH')) {
23 define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
26 global $cfg, $containerBuilder, $pmaThemeImage;
28 require_once ROOT_PATH . 'libraries/common.inc.php';
30 /** @var Response $response */
31 $response = $containerBuilder->get(Response::class);
33 /** @var DatabaseInterface $dbi */
34 $dbi = $containerBuilder->get(DatabaseInterface::class);
36 /** @var CheckUserPrivileges $checkUserPrivileges */
37 $checkUserPrivileges = $containerBuilder->get('check_user_privileges');
38 $checkUserPrivileges->getPrivileges();
40 PageSettings::showGroup('Browse');
42 $header = $response->getHeader();
43 $scripts = $header->getScripts();
44 $scripts->addFile('vendor/jquery/jquery.uitablefilter.js');
45 $scripts->addFile('table/change.js');
46 $scripts->addFile('indexes.js');
47 $scripts->addFile('vendor/stickyfill.min.js');
48 $scripts->addFile('gis_data_editor.js');
49 $scripts->addFile('multi_column_sort.js');
51 /** @var Sql $sql */
52 $sql = $containerBuilder->get('sql');
54 /**
55 * Set ajax_reload in the response if it was already set
57 if (isset($ajax_reload) && $ajax_reload['reload'] === true) {
58 $response->addJSON('ajax_reload', $ajax_reload);
61 /**
62 * Defines the url to return to in case of error in a sql statement
64 $is_gotofile = true;
65 if (empty($goto)) {
66 if (empty($table)) {
67 $goto = Util::getScriptNameForOption(
68 $cfg['DefaultTabDatabase'],
69 'database'
71 } else {
72 $goto = Util::getScriptNameForOption(
73 $cfg['DefaultTabTable'],
74 'table'
77 } // end if
79 if (! isset($err_url)) {
80 $err_url = (! empty($back) ? $back : $goto)
81 . '?' . Url::getCommon(['db' => $GLOBALS['db']])
82 . ((mb_strpos(' ' . $goto, 'db_') != 1
83 && strlen($table) > 0)
84 ? '&amp;table=' . urlencode($table)
85 : ''
87 } // end if
89 // Coming from a bookmark dialog
90 if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
91 $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
92 } elseif (isset($_POST['sql_query'])) {
93 $sql_query = $_POST['sql_query'];
94 } elseif (isset($_GET['sql_query']) && isset($_GET['sql_signature'])) {
95 if (Core::checkSqlQuerySignature($_GET['sql_query'], $_GET['sql_signature'])) {
96 $sql_query = $_GET['sql_query'];
100 // This one is just to fill $db
101 if (isset($_POST['bkm_fields']['bkm_database'])) {
102 $db = $_POST['bkm_fields']['bkm_database'];
105 // During grid edit, if we have a relational field, show the dropdown for it.
106 if (isset($_POST['get_relational_values'])
107 && $_POST['get_relational_values'] == true
109 $sql->getRelationalValues($db, $table);
110 // script has exited at this point
113 // Just like above, find possible values for enum fields during grid edit.
114 if (isset($_POST['get_enum_values']) && $_POST['get_enum_values'] == true) {
115 $sql->getEnumOrSetValues($db, $table, "enum");
116 // script has exited at this point
120 // Find possible values for set fields during grid edit.
121 if (isset($_POST['get_set_values']) && $_POST['get_set_values'] == true) {
122 $sql->getEnumOrSetValues($db, $table, "set");
123 // script has exited at this point
126 if (isset($_GET['get_default_fk_check_value'])
127 && $_GET['get_default_fk_check_value'] == true
129 $response = Response::getInstance();
130 $response->addJSON(
131 'default_fk_check_value',
132 Util::isForeignKeyCheck()
134 exit;
138 * Check ajax request to set the column order and visibility
140 if (isset($_POST['set_col_prefs']) && $_POST['set_col_prefs'] == true) {
141 $sql->setColumnOrderOrVisibility($table, $db);
142 // script has exited at this point
145 // Default to browse if no query set and we have table
146 // (needed for browsing from DefaultTabTable)
147 if (empty($sql_query) && strlen($table) > 0 && strlen($db) > 0) {
148 $sql_query = $sql->getDefaultSqlQueryForBrowse($db, $table);
150 // set $goto to what will be displayed if query returns 0 rows
151 $goto = '';
152 } else {
153 // Now we can check the parameters
154 Util::checkParameters(['sql_query']);
158 * Parse and analyze the query
160 list(
161 $analyzed_sql_results,
162 $db,
163 $table_from_sql
164 ) = ParseAnalyze::sqlQuery($sql_query, $db);
165 // @todo: possibly refactor
166 extract($analyzed_sql_results);
168 if ($table != $table_from_sql && ! empty($table_from_sql)) {
169 $table = $table_from_sql;
174 * Check rights in case of DROP DATABASE
176 * This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
177 * but since a malicious user may pass this variable by url/form, we don't take
178 * into account this case.
180 if ($sql->hasNoRightsToDropDatabase(
181 $analyzed_sql_results,
182 $cfg['AllowUserDropDatabase'],
183 $dbi->isSuperuser()
184 )) {
185 Util::mysqlDie(
186 __('"DROP DATABASE" statements are disabled.'),
188 false,
189 $err_url
191 } // end if
194 * Need to find the real end of rows?
196 if (isset($find_real_end) && $find_real_end) {
197 $unlim_num_rows = $sql->findRealEndOfRows($db, $table);
202 * Bookmark add
204 if (isset($_POST['store_bkm'])) {
205 $sql->addBookmark($goto);
206 // script has exited at this point
207 } // end if
211 * Sets or modifies the $goto variable if required
213 if ($goto == 'sql.php') {
214 $is_gotofile = false;
215 $goto = 'sql.php' . Url::getCommon(
217 'db' => $db,
218 'table' => $table,
219 'sql_query' => $sql_query,
222 } // end if
224 $sql->executeQueryAndSendQueryResponse(
225 $analyzed_sql_results, // analyzed_sql_results
226 $is_gotofile, // is_gotofile
227 $db, // db
228 $table, // table
229 isset($find_real_end) ? $find_real_end : null, // find_real_end
230 isset($import_text) ? $import_text : null, // sql_query_for_bookmark
231 isset($extra_data) ? $extra_data : null, // extra_data
232 isset($message_to_show) ? $message_to_show : null, // message_to_show
233 isset($message) ? $message : null, // message
234 isset($sql_data) ? $sql_data : null, // sql_data
235 $goto, // goto
236 $pmaThemeImage, // pmaThemeImage
237 isset($disp_query) ? $display_query : null, // disp_query
238 isset($disp_message) ? $disp_message : null, // disp_message
239 isset($query_type) ? $query_type : null, // query_type
240 $sql_query, // sql_query
241 isset($selected) ? $selected : null, // selectedTables
242 isset($complete_query) ? $complete_query : null // complete_query