search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix merge conflicts
[phpmyadmin.git] / tbl_replace.php
blob57ab02e626a5ac089acd88a9180596aa8947bb68
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Manipulation of table data like inserting, replacing and updating
5 *
6 * Usually called as form action from tbl_change.php to insert or update table rows
7 *
8 * @todo 'edit_next' tends to not work as expected if used ...
9 * at least there is no order by it needs the original query
10 * and the row number and than replace the LIMIT clause
11 *
12 * @package PhpMyAdmin
13 */
14 declare(strict_types=1);
15
16 use PhpMyAdmin\Core;
17 use PhpMyAdmin\DatabaseInterface;
18 use PhpMyAdmin\Di\Container;
19 use PhpMyAdmin\File;
20 use PhpMyAdmin\InsertEdit;
21 use PhpMyAdmin\Message;
22 use PhpMyAdmin\Plugins\IOTransformationsPlugin;
23 use PhpMyAdmin\Relation;
24 use PhpMyAdmin\Response;
25 use PhpMyAdmin\Table;
26 use PhpMyAdmin\Transformations;
27 use PhpMyAdmin\Util;
28
29 if (! defined('ROOT_PATH')) {
30 define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
31 }
32
33 global $db, $table, $url_params;
34
35 require_once ROOT_PATH . 'libraries/common.inc.php';
36
37 $container = Container::getDefaultContainer();
38 $container->set(Response::class, Response::getInstance());
39
40 /** @var Response $response */
41 $response = $container->get(Response::class);
42
43 /** @var DatabaseInterface $dbi */
44 $dbi = $container->get(DatabaseInterface::class);
45
46 // Check parameters
47 Util::checkParameters(['db', 'table', 'goto']);
48
49 $dbi->selectDb($db);
50
51 /**
52 * Initializes some variables
53 */
54 $goto_include = false;
55
56 $header = $response->getHeader();
57 $scripts = $header->getScripts();
58 $scripts->addFile('makegrid.js');
59 // Needed for generation of Inline Edit anchors
60 $scripts->addFile('sql.js');
61 $scripts->addFile('indexes.js');
62 $scripts->addFile('gis_data_editor.js');
63
64 /** @var Relation $relation */
65 $relation = $containerBuilder->get('relation');
66 /** @var Transformations $transformations */
67 $transformations = $containerBuilder->get('transformations');
68 $insertEdit = new InsertEdit($dbi);
69
70 // check whether insert row mode, if so include tbl_change.php
71 $insertEdit->isInsertRow();
72
73 $after_insert_actions = [
74 'new_insert',
75 'same_insert',
76 'edit_next',
77 ];
78 if (isset($_POST['after_insert'])
79 && in_array($_POST['after_insert'], $after_insert_actions)
80 ) {
81 $url_params['after_insert'] = $_POST['after_insert'];
82 if (isset($_POST['where_clause'])) {
83 foreach ($_POST['where_clause'] as $one_where_clause) {
84 if ($_POST['after_insert'] == 'same_insert') {
85 $url_params['where_clause'][] = $one_where_clause;
86 } elseif ($_POST['after_insert'] == 'edit_next') {
87 $insertEdit->setSessionForEditNext($one_where_clause);
88 }
89 }
90 }
91 }
92 //get $goto_include for different cases
93 $goto_include = $insertEdit->getGotoInclude($goto_include);
94
95 // Defines the url to return in case of failure of the query
96 $err_url = $insertEdit->getErrorUrl($url_params);
97
98 /**
99 * Prepares the update/insert of a row
100 */
101 list($loop_array, $using_key, $is_insert, $is_insertignore)
102 = $insertEdit->getParamsForUpdateOrInsert();
103
104 $query = [];
105 $value_sets = [];
106 $func_no_param = [
107 'CONNECTION_ID',
108 'CURRENT_USER',
109 'CURDATE',
110 'CURTIME',
111 'CURRENT_DATE',
112 'CURRENT_TIME',
113 'DATABASE',
114 'LAST_INSERT_ID',
115 'NOW',
116 'PI',
117 'RAND',
118 'SYSDATE',
119 'UNIX_TIMESTAMP',
120 'USER',
121 'UTC_DATE',
122 'UTC_TIME',
123 'UTC_TIMESTAMP',
124 'UUID',
125 'UUID_SHORT',
126 'VERSION',
127 ];
128 $func_optional_param = [
129 'RAND',
130 'UNIX_TIMESTAMP',
131 ];
132
133 $gis_from_text_functions = [
134 'GeomFromText',
135 'GeomCollFromText',
136 'LineFromText',
137 'MLineFromText',
138 'PointFromText',
139 'MPointFromText',
140 'PolyFromText',
141 'MPolyFromText',
142 ];
143
144 $gis_from_wkb_functions = [];
145 if ($dbi->getVersion() >= 50600) {
146 $gis_from_wkb_functions = [
147 'ST_GeomFromText',
148 'ST_GeomCollFromText',
149 'ST_LineFromText',
150 'ST_MLineFromText',
151 'ST_PointFromText',
152 'ST_MPointFromText',
153 'ST_PolyFromText',
154 'ST_MPolyFromText',
155 ];
156 }
157
158 //if some posted fields need to be transformed.
159 $mime_map = $transformations->getMime($db, $table);
160 if ($mime_map === false) {
161 $mime_map = [];
162 }
163
164 $query_fields = [];
165 $insert_errors = [];
166 $row_skipped = false;
167 $unsaved_values = [];
168 foreach ($loop_array as $rownumber => $where_clause) {
169 // skip fields to be ignored
170 if (! $using_key && isset($_POST['insert_ignore_' . $where_clause])) {
171 continue;
172 }
173
174 // Defines the SET part of the sql query
175 $query_values = [];
176
177 // Map multi-edit keys to single-level arrays, dependent on how we got the fields
178 $multi_edit_columns
179 = isset($_POST['fields']['multi_edit'][$rownumber])
180 ? $_POST['fields']['multi_edit'][$rownumber]
181 : [];
182 $multi_edit_columns_name
183 = isset($_POST['fields_name']['multi_edit'][$rownumber])
184 ? $_POST['fields_name']['multi_edit'][$rownumber]
185 : [];
186 $multi_edit_columns_prev
187 = isset($_POST['fields_prev']['multi_edit'][$rownumber])
188 ? $_POST['fields_prev']['multi_edit'][$rownumber]
189 : null;
190 $multi_edit_funcs
191 = isset($_POST['funcs']['multi_edit'][$rownumber])
192 ? $_POST['funcs']['multi_edit'][$rownumber]
193 : null;
194 $multi_edit_salt
195 = isset($_POST['salt']['multi_edit'][$rownumber])
196 ? $_POST['salt']['multi_edit'][$rownumber]
197 : null;
198 $multi_edit_columns_type
199 = isset($_POST['fields_type']['multi_edit'][$rownumber])
200 ? $_POST['fields_type']['multi_edit'][$rownumber]
201 : null;
202 $multi_edit_columns_null
203 = isset($_POST['fields_null']['multi_edit'][$rownumber])
204 ? $_POST['fields_null']['multi_edit'][$rownumber]
205 : null;
206 $multi_edit_columns_null_prev
207 = isset($_POST['fields_null_prev']['multi_edit'][$rownumber])
208 ? $_POST['fields_null_prev']['multi_edit'][$rownumber]
209 : null;
210 $multi_edit_auto_increment
211 = isset($_POST['auto_increment']['multi_edit'][$rownumber])
212 ? $_POST['auto_increment']['multi_edit'][$rownumber]
213 : null;
214 $multi_edit_virtual
215 = isset($_POST['virtual']['multi_edit'][$rownumber])
216 ? $_POST['virtual']['multi_edit'][$rownumber]
217 : null;
218
219 // When a select field is nullified, it's not present in $_POST
220 // so initialize it; this way, the foreach($multi_edit_columns) will process it
221 foreach ($multi_edit_columns_name as $key => $val) {
222 if (! isset($multi_edit_columns[$key])) {
223 $multi_edit_columns[$key] = '';
224 }
225 }
226
227 // Iterate in the order of $multi_edit_columns_name,
228 // not $multi_edit_columns, to avoid problems
229 // when inserting multiple entries
230 $insert_fail = false;
231 foreach ($multi_edit_columns_name as $key => $column_name) {
232 $current_value = $multi_edit_columns[$key];
233 // Note: $key is an md5 of the fieldname. The actual fieldname is
234 // available in $multi_edit_columns_name[$key]
235
236 $file_to_insert = new File();
237 $file_to_insert->checkTblChangeForm((string) $key, (string) $rownumber);
238
239 $possibly_uploaded_val = $file_to_insert->getContent();
240 if ($possibly_uploaded_val !== false) {
241 $current_value = $possibly_uploaded_val;
242 }
243 // Apply Input Transformation if defined
244 if (! empty($mime_map[$column_name])
245 && ! empty($mime_map[$column_name]['input_transformation'])
246 ) {
247 $filename = 'libraries/classes/Plugins/Transformations/'
248 . $mime_map[$column_name]['input_transformation'];
249 if (is_file($filename)) {
250 $classname = $transformations->getClassName($filename);
251 if (class_exists($classname)) {
252 /** @var IOTransformationsPlugin $transformation_plugin */
253 $transformation_plugin = new $classname();
254 $transformation_options = $transformations->getOptions(
255 $mime_map[$column_name]['input_transformation_options']
256 );
257 $current_value = $transformation_plugin->applyTransformation(
258 $current_value,
259 $transformation_options
260 );
261 // check if transformation was successful or not
262 // and accordingly set error messages & insert_fail
263 if (method_exists($transformation_plugin, 'isSuccess')
264 && ! $transformation_plugin->isSuccess()
265 ) {
266 $insert_fail = true;
267 $row_skipped = true;
268 $insert_errors[] = sprintf(
269 __('Row: %1$s, Column: %2$s, Error: %3$s'),
270 $rownumber,
271 $column_name,
272 $transformation_plugin->getError()
273 );
274 }
275 }
276 }
277 }
278
279 if ($file_to_insert->isError()) {
280 $insert_errors[] = $file_to_insert->getError();
281 }
282 // delete $file_to_insert temporary variable
283 $file_to_insert->cleanUp();
284
285 $current_value = $insertEdit->getCurrentValueForDifferentTypes(
286 $possibly_uploaded_val,
287 $key,
288 $multi_edit_columns_type,
289 $current_value,
290 $multi_edit_auto_increment,
291 $rownumber,
292 $multi_edit_columns_name,
293 $multi_edit_columns_null,
294 $multi_edit_columns_null_prev,
295 $is_insert,
296 $using_key,
297 $where_clause,
298 $table,
299 $multi_edit_funcs
300 );
301
302 $current_value_as_an_array = $insertEdit->getCurrentValueAsAnArrayForMultipleEdit(
303 $multi_edit_funcs,
304 $multi_edit_salt,
305 $gis_from_text_functions,
306 $current_value,
307 $gis_from_wkb_functions,
308 $func_optional_param,
309 $func_no_param,
310 $key
311 );
312
313 if (! isset($multi_edit_virtual) || ! isset($multi_edit_virtual[$key])) {
314 list($query_values, $query_fields)
315 = $insertEdit->getQueryValuesForInsertAndUpdateInMultipleEdit(
316 $multi_edit_columns_name,
317 $multi_edit_columns_null,
318 $current_value,
319 $multi_edit_columns_prev,
320 $multi_edit_funcs,
321 $is_insert,
322 $query_values,
323 $query_fields,
324 $current_value_as_an_array,
325 $value_sets,
326 $key,
327 $multi_edit_columns_null_prev
328 );
329 }
330 if (isset($multi_edit_columns_null[$key])) {
331 $multi_edit_columns[$key] = null;
332 }
333 } //end of foreach
334
335 // temporarily store rows not inserted
336 // so that they can be populated again.
337 if ($insert_fail) {
338 $unsaved_values[$rownumber] = $multi_edit_columns;
339 }
340 if (! $insert_fail && count($query_values) > 0) {
341 if ($is_insert) {
342 $value_sets[] = implode(', ', $query_values);
343 } else {
344 // build update query
345 $query[] = 'UPDATE ' . Util::backquote($table)
346 . ' SET ' . implode(', ', $query_values)
347 . ' WHERE ' . $where_clause
348 . ($_POST['clause_is_unique'] ? '' : ' LIMIT 1');
349 }
350 }
351 } // end foreach ($loop_array as $where_clause)
352 unset(
353 $multi_edit_columns_name,
354 $multi_edit_columns_prev,
355 $multi_edit_funcs,
356 $multi_edit_columns_type,
357 $multi_edit_columns_null,
358 $func_no_param,
359 $multi_edit_auto_increment,
360 $current_value_as_an_array,
361 $key,
362 $current_value,
363 $loop_array,
364 $where_clause,
365 $using_key,
366 $multi_edit_columns_null_prev,
367 $insert_fail
368 );
369
370 // Builds the sql query
371 if ($is_insert && count($value_sets) > 0) {
372 $query = $insertEdit->buildSqlQuery($is_insertignore, $query_fields, $value_sets);
373 } elseif (empty($query) && ! isset($_POST['preview_sql']) && ! $row_skipped) {
374 // No change -> move back to the calling script
375 //
376 // Note: logic passes here for inline edit
377 $message = Message::success(__('No change'));
378 // Avoid infinite recursion
379 if ($goto_include == 'tbl_replace.php') {
380 $goto_include = 'tbl_change.php';
381 }
382 $active_page = $goto_include;
383 include ROOT_PATH . Core::securePath($goto_include);
384 exit;
385 }
386 unset($multi_edit_columns, $is_insertignore);
387
388 // If there is a request for SQL previewing.
389 if (isset($_POST['preview_sql'])) {
390 Core::previewSQL($query);
391 }
392
393 /**
394 * Executes the sql query and get the result, then move back to the calling
395 * page
396 */
397 list ($url_params, $total_affected_rows, $last_messages, $warning_messages,
398 $error_messages, $return_to_sql_query)
399 = $insertEdit->executeSqlQuery($url_params, $query);
400
401 if ($is_insert && (count($value_sets) > 0 || $row_skipped)) {
402 $message = Message::getMessageForInsertedRows(
403 $total_affected_rows
404 );
405 $unsaved_values = array_values($unsaved_values);
406 } else {
407 $message = Message::getMessageForAffectedRows(
408 $total_affected_rows
409 );
410 }
411 if ($row_skipped) {
412 $goto_include = 'tbl_change.php';
413 $message->addMessagesString($insert_errors, '<br>');
414 $message->isError(true);
415 }
416
417 $message->addMessages($last_messages, '<br>');
418
419 if (! empty($warning_messages)) {
420 $message->addMessagesString($warning_messages, '<br>');
421 $message->isError(true);
422 }
423 if (! empty($error_messages)) {
424 $message->addMessagesString($error_messages);
425 $message->isError(true);
426 }
427 unset(
428 $error_messages,
429 $warning_messages,
430 $total_affected_rows,
431 $last_messages,
432 $last_message,
433 $row_skipped,
434 $insert_errors
435 );
436
437 /**
438 * The following section only applies to grid editing.
439 * However, verifying isAjax() is not enough to ensure we are coming from
440 * grid editing. If we are coming from the Edit or Copy link in Browse mode,
441 * ajax_page_request is present in the POST parameters.
442 */
443 if ($response->isAjax() && ! isset($_POST['ajax_page_request'])) {
444 /**
445 * If we are in grid editing, we need to process the relational and
446 * transformed fields, if they were edited. After that, output the correct
447 * link/transformed value and exit
448 */
449 if (isset($_POST['rel_fields_list']) && $_POST['rel_fields_list'] != '') {
450 $map = $relation->getForeigners($db, $table, '', 'both');
451
452 $relation_fields = [];
453 parse_str($_POST['rel_fields_list'], $relation_fields);
454
455 // loop for each relation cell
456 /** @var array $relation_fields */
457 foreach ($relation_fields as $cell_index => $curr_rel_field) {
458 foreach ($curr_rel_field as $relation_field => $relation_field_value) {
459 $where_comparison = "='" . $relation_field_value . "'";
460 $dispval = $insertEdit->getDisplayValueForForeignTableColumn(
461 $where_comparison,
462 $map,
463 $relation_field
464 );
465
466 $extra_data['relations'][$cell_index]
467 = $insertEdit->getLinkForRelationalDisplayField(
468 $map,
469 $relation_field,
470 $where_comparison,
471 $dispval,
472 $relation_field_value
473 );
474 }
475 } // end of loop for each relation cell
476 }
477 if (isset($_POST['do_transformations'])
478 && $_POST['do_transformations'] == true
479 ) {
480 $edited_values = [];
481 parse_str($_POST['transform_fields_list'], $edited_values);
482
483 if (! isset($extra_data)) {
484 $extra_data = [];
485 }
486 $transformation_types = [
487 "input_transformation",
488 "transformation",
489 ];
490 foreach ($mime_map as $transformation) {
491 $column_name = $transformation['column_name'];
492 foreach ($transformation_types as $type) {
493 $file = Core::securePath($transformation[$type]);
494 $extra_data = $insertEdit->transformEditedValues(
495 $db,
496 $table,
497 $transformation,
498 $edited_values,
499 $file,
500 $column_name,
501 $extra_data,
502 $type
503 );
504 }
505 } // end of loop for each $mime_map
506 }
507
508 // Need to check the inline edited value can be truncated by MySQL
509 // without informing while saving
510 $column_name = $_POST['fields_name']['multi_edit'][0][0];
511
512 $insertEdit->verifyWhetherValueCanBeTruncatedAndAppendExtraData(
513 $db,
514 $table,
515 $column_name,
516 $extra_data
517 );
518
519 /**Get the total row count of the table*/
520 $_table = new Table($_POST['table'], $_POST['db']);
521 $extra_data['row_count'] = $_table->countRecords();
522
523 $extra_data['sql_query'] = Util::getMessage(
524 $message,
525 $GLOBALS['display_query']
526 );
527
528 $response->setRequestStatus($message->isSuccess());
529 $response->addJSON('message', $message);
530 $response->addJSON($extra_data);
531 exit;
532 }
533
534 if (! empty($return_to_sql_query)) {
535 $disp_query = $GLOBALS['sql_query'];
536 $disp_message = $message;
537 unset($message);
538 $GLOBALS['sql_query'] = $return_to_sql_query;
539 }
540
541 $scripts->addFile('vendor/jquery/additional-methods.js');
542 $scripts->addFile('tbl_change.js');
543
544 $active_page = $goto_include;
545
546 /**
547 * If user asked for "and then Insert another new row" we have to remove
548 * WHERE clause information so that tbl_change.php does not go back
549 * to the current record
550 */
551 if (isset($_POST['after_insert']) && 'new_insert' == $_POST['after_insert']) {
552 unset($_POST['where_clause']);
553 }
554
555 /**
556 * Load target page.
557 */
558 require ROOT_PATH . Core::securePath($goto_include);
559 exit;
phpMyAdmin