2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Manipulation of table data like inserting, replacing and updating
6 * Usually called as form action from tbl_change.php to insert or update table rows
8 * @todo 'edit_next' tends to not work as expected if used ...
9 * at least there is no order by it needs the original query
10 * and the row number and than replace the LIMIT clause
14 declare(strict_types
=1);
17 use PhpMyAdmin\DatabaseInterface
;
18 use PhpMyAdmin\Di\Container
;
20 use PhpMyAdmin\InsertEdit
;
21 use PhpMyAdmin\Message
;
22 use PhpMyAdmin\Plugins\IOTransformationsPlugin
;
23 use PhpMyAdmin\Relation
;
24 use PhpMyAdmin\Response
;
26 use PhpMyAdmin\Transformations
;
29 if (! defined('ROOT_PATH')) {
30 define('ROOT_PATH', __DIR__
. DIRECTORY_SEPARATOR
);
33 global $db, $table, $url_params;
35 require_once ROOT_PATH
. 'libraries/common.inc.php';
37 $container = Container
::getDefaultContainer();
38 $container->set(Response
::class, Response
::getInstance());
40 /** @var Response $response */
41 $response = $container->get(Response
::class);
43 /** @var DatabaseInterface $dbi */
44 $dbi = $container->get(DatabaseInterface
::class);
47 Util
::checkParameters(['db', 'table', 'goto']);
52 * Initializes some variables
54 $goto_include = false;
56 $header = $response->getHeader();
57 $scripts = $header->getScripts();
58 $scripts->addFile('makegrid.js');
59 // Needed for generation of Inline Edit anchors
60 $scripts->addFile('sql.js');
61 $scripts->addFile('indexes.js');
62 $scripts->addFile('gis_data_editor.js');
64 /** @var Relation $relation */
65 $relation = $containerBuilder->get('relation');
66 /** @var Transformations $transformations */
67 $transformations = $containerBuilder->get('transformations');
68 $insertEdit = new InsertEdit($dbi);
70 // check whether insert row mode, if so include tbl_change.php
71 $insertEdit->isInsertRow();
73 $after_insert_actions = [
78 if (isset($_POST['after_insert'])
79 && in_array($_POST['after_insert'], $after_insert_actions)
81 $url_params['after_insert'] = $_POST['after_insert'];
82 if (isset($_POST['where_clause'])) {
83 foreach ($_POST['where_clause'] as $one_where_clause) {
84 if ($_POST['after_insert'] == 'same_insert') {
85 $url_params['where_clause'][] = $one_where_clause;
86 } elseif ($_POST['after_insert'] == 'edit_next') {
87 $insertEdit->setSessionForEditNext($one_where_clause);
92 //get $goto_include for different cases
93 $goto_include = $insertEdit->getGotoInclude($goto_include);
95 // Defines the url to return in case of failure of the query
96 $err_url = $insertEdit->getErrorUrl($url_params);
99 * Prepares the update/insert of a row
101 list($loop_array, $using_key, $is_insert, $is_insertignore)
102 = $insertEdit->getParamsForUpdateOrInsert();
128 $func_optional_param = [
133 $gis_from_text_functions = [
144 $gis_from_wkb_functions = [];
145 if ($dbi->getVersion() >= 50600) {
146 $gis_from_wkb_functions = [
148 'ST_GeomCollFromText',
158 //if some posted fields need to be transformed.
159 $mime_map = $transformations->getMime($db, $table);
160 if ($mime_map === false) {
166 $row_skipped = false;
167 $unsaved_values = [];
168 foreach ($loop_array as $rownumber => $where_clause) {
169 // skip fields to be ignored
170 if (! $using_key && isset($_POST['insert_ignore_' . $where_clause])) {
174 // Defines the SET part of the sql query
177 // Map multi-edit keys to single-level arrays, dependent on how we got the fields
179 = isset($_POST['fields']['multi_edit'][$rownumber])
180 ?
$_POST['fields']['multi_edit'][$rownumber]
182 $multi_edit_columns_name
183 = isset($_POST['fields_name']['multi_edit'][$rownumber])
184 ?
$_POST['fields_name']['multi_edit'][$rownumber]
186 $multi_edit_columns_prev
187 = isset($_POST['fields_prev']['multi_edit'][$rownumber])
188 ?
$_POST['fields_prev']['multi_edit'][$rownumber]
191 = isset($_POST['funcs']['multi_edit'][$rownumber])
192 ?
$_POST['funcs']['multi_edit'][$rownumber]
195 = isset($_POST['salt']['multi_edit'][$rownumber])
196 ?
$_POST['salt']['multi_edit'][$rownumber]
198 $multi_edit_columns_type
199 = isset($_POST['fields_type']['multi_edit'][$rownumber])
200 ?
$_POST['fields_type']['multi_edit'][$rownumber]
202 $multi_edit_columns_null
203 = isset($_POST['fields_null']['multi_edit'][$rownumber])
204 ?
$_POST['fields_null']['multi_edit'][$rownumber]
206 $multi_edit_columns_null_prev
207 = isset($_POST['fields_null_prev']['multi_edit'][$rownumber])
208 ?
$_POST['fields_null_prev']['multi_edit'][$rownumber]
210 $multi_edit_auto_increment
211 = isset($_POST['auto_increment']['multi_edit'][$rownumber])
212 ?
$_POST['auto_increment']['multi_edit'][$rownumber]
215 = isset($_POST['virtual']['multi_edit'][$rownumber])
216 ?
$_POST['virtual']['multi_edit'][$rownumber]
219 // When a select field is nullified, it's not present in $_POST
220 // so initialize it; this way, the foreach($multi_edit_columns) will process it
221 foreach ($multi_edit_columns_name as $key => $val) {
222 if (! isset($multi_edit_columns[$key])) {
223 $multi_edit_columns[$key] = '';
227 // Iterate in the order of $multi_edit_columns_name,
228 // not $multi_edit_columns, to avoid problems
229 // when inserting multiple entries
230 $insert_fail = false;
231 foreach ($multi_edit_columns_name as $key => $column_name) {
232 $current_value = $multi_edit_columns[$key];
233 // Note: $key is an md5 of the fieldname. The actual fieldname is
234 // available in $multi_edit_columns_name[$key]
236 $file_to_insert = new File();
237 $file_to_insert->checkTblChangeForm((string) $key, (string) $rownumber);
239 $possibly_uploaded_val = $file_to_insert->getContent();
240 if ($possibly_uploaded_val !== false) {
241 $current_value = $possibly_uploaded_val;
243 // Apply Input Transformation if defined
244 if (! empty($mime_map[$column_name])
245 && ! empty($mime_map[$column_name]['input_transformation'])
247 $filename = 'libraries/classes/Plugins/Transformations/'
248 . $mime_map[$column_name]['input_transformation'];
249 if (is_file($filename)) {
250 $classname = $transformations->getClassName($filename);
251 if (class_exists($classname)) {
252 /** @var IOTransformationsPlugin $transformation_plugin */
253 $transformation_plugin = new $classname();
254 $transformation_options = $transformations->getOptions(
255 $mime_map[$column_name]['input_transformation_options']
257 $current_value = $transformation_plugin->applyTransformation(
259 $transformation_options
261 // check if transformation was successful or not
262 // and accordingly set error messages & insert_fail
263 if (method_exists($transformation_plugin, 'isSuccess')
264 && ! $transformation_plugin->isSuccess()
268 $insert_errors[] = sprintf(
269 __('Row: %1$s, Column: %2$s, Error: %3$s'),
272 $transformation_plugin->getError()
279 if ($file_to_insert->isError()) {
280 $insert_errors[] = $file_to_insert->getError();
282 // delete $file_to_insert temporary variable
283 $file_to_insert->cleanUp();
285 $current_value = $insertEdit->getCurrentValueForDifferentTypes(
286 $possibly_uploaded_val,
288 $multi_edit_columns_type,
290 $multi_edit_auto_increment,
292 $multi_edit_columns_name,
293 $multi_edit_columns_null,
294 $multi_edit_columns_null_prev,
302 $current_value_as_an_array = $insertEdit->getCurrentValueAsAnArrayForMultipleEdit(
305 $gis_from_text_functions,
307 $gis_from_wkb_functions,
308 $func_optional_param,
313 if (! isset($multi_edit_virtual) ||
! isset($multi_edit_virtual[$key])) {
314 list($query_values, $query_fields)
315 = $insertEdit->getQueryValuesForInsertAndUpdateInMultipleEdit(
316 $multi_edit_columns_name,
317 $multi_edit_columns_null,
319 $multi_edit_columns_prev,
324 $current_value_as_an_array,
327 $multi_edit_columns_null_prev
330 if (isset($multi_edit_columns_null[$key])) {
331 $multi_edit_columns[$key] = null;
335 // temporarily store rows not inserted
336 // so that they can be populated again.
338 $unsaved_values[$rownumber] = $multi_edit_columns;
340 if (! $insert_fail && count($query_values) > 0) {
342 $value_sets[] = implode(', ', $query_values);
344 // build update query
345 $query[] = 'UPDATE ' . Util
::backquote($table)
346 . ' SET ' . implode(', ', $query_values)
347 . ' WHERE ' . $where_clause
348 . ($_POST['clause_is_unique'] ?
'' : ' LIMIT 1');
351 } // end foreach ($loop_array as $where_clause)
353 $multi_edit_columns_name,
354 $multi_edit_columns_prev,
356 $multi_edit_columns_type,
357 $multi_edit_columns_null,
359 $multi_edit_auto_increment,
360 $current_value_as_an_array,
366 $multi_edit_columns_null_prev,
370 // Builds the sql query
371 if ($is_insert && count($value_sets) > 0) {
372 $query = $insertEdit->buildSqlQuery($is_insertignore, $query_fields, $value_sets);
373 } elseif (empty($query) && ! isset($_POST['preview_sql']) && ! $row_skipped) {
374 // No change -> move back to the calling script
376 // Note: logic passes here for inline edit
377 $message = Message
::success(__('No change'));
378 // Avoid infinite recursion
379 if ($goto_include == 'tbl_replace.php') {
380 $goto_include = 'tbl_change.php';
382 $active_page = $goto_include;
383 include ROOT_PATH
. Core
::securePath($goto_include);
386 unset($multi_edit_columns, $is_insertignore);
388 // If there is a request for SQL previewing.
389 if (isset($_POST['preview_sql'])) {
390 Core
::previewSQL($query);
394 * Executes the sql query and get the result, then move back to the calling
397 list ($url_params, $total_affected_rows, $last_messages, $warning_messages,
398 $error_messages, $return_to_sql_query)
399 = $insertEdit->executeSqlQuery($url_params, $query);
401 if ($is_insert && (count($value_sets) > 0 ||
$row_skipped)) {
402 $message = Message
::getMessageForInsertedRows(
405 $unsaved_values = array_values($unsaved_values);
407 $message = Message
::getMessageForAffectedRows(
412 $goto_include = 'tbl_change.php';
413 $message->addMessagesString($insert_errors, '<br>');
414 $message->isError(true);
417 $message->addMessages($last_messages, '<br>');
419 if (! empty($warning_messages)) {
420 $message->addMessagesString($warning_messages, '<br>');
421 $message->isError(true);
423 if (! empty($error_messages)) {
424 $message->addMessagesString($error_messages);
425 $message->isError(true);
430 $total_affected_rows,
438 * The following section only applies to grid editing.
439 * However, verifying isAjax() is not enough to ensure we are coming from
440 * grid editing. If we are coming from the Edit or Copy link in Browse mode,
441 * ajax_page_request is present in the POST parameters.
443 if ($response->isAjax() && ! isset($_POST['ajax_page_request'])) {
445 * If we are in grid editing, we need to process the relational and
446 * transformed fields, if they were edited. After that, output the correct
447 * link/transformed value and exit
449 if (isset($_POST['rel_fields_list']) && $_POST['rel_fields_list'] != '') {
450 $map = $relation->getForeigners($db, $table, '', 'both');
452 $relation_fields = [];
453 parse_str($_POST['rel_fields_list'], $relation_fields);
455 // loop for each relation cell
456 /** @var array $relation_fields */
457 foreach ($relation_fields as $cell_index => $curr_rel_field) {
458 foreach ($curr_rel_field as $relation_field => $relation_field_value) {
459 $where_comparison = "='" . $relation_field_value . "'";
460 $dispval = $insertEdit->getDisplayValueForForeignTableColumn(
466 $extra_data['relations'][$cell_index]
467 = $insertEdit->getLinkForRelationalDisplayField(
472 $relation_field_value
475 } // end of loop for each relation cell
477 if (isset($_POST['do_transformations'])
478 && $_POST['do_transformations'] == true
481 parse_str($_POST['transform_fields_list'], $edited_values);
483 if (! isset($extra_data)) {
486 $transformation_types = [
487 "input_transformation",
490 foreach ($mime_map as $transformation) {
491 $column_name = $transformation['column_name'];
492 foreach ($transformation_types as $type) {
493 $file = Core
::securePath($transformation[$type]);
494 $extra_data = $insertEdit->transformEditedValues(
505 } // end of loop for each $mime_map
508 // Need to check the inline edited value can be truncated by MySQL
509 // without informing while saving
510 $column_name = $_POST['fields_name']['multi_edit'][0][0];
512 $insertEdit->verifyWhetherValueCanBeTruncatedAndAppendExtraData(
519 /**Get the total row count of the table*/
520 $_table = new Table($_POST['table'], $_POST['db']);
521 $extra_data['row_count'] = $_table->countRecords();
523 $extra_data['sql_query'] = Util
::getMessage(
525 $GLOBALS['display_query']
528 $response->setRequestStatus($message->isSuccess());
529 $response->addJSON('message', $message);
530 $response->addJSON($extra_data);
534 if (! empty($return_to_sql_query)) {
535 $disp_query = $GLOBALS['sql_query'];
536 $disp_message = $message;
538 $GLOBALS['sql_query'] = $return_to_sql_query;
541 $scripts->addFile('vendor/jquery/additional-methods.js');
542 $scripts->addFile('tbl_change.js');
544 $active_page = $goto_include;
547 * If user asked for "and then Insert another new row" we have to remove
548 * WHERE clause information so that tbl_change.php does not go back
549 * to the current record
551 if (isset($_POST['after_insert']) && 'new_insert' == $_POST['after_insert']) {
552 unset($_POST['where_clause']);
558 require ROOT_PATH
. Core
::securePath($goto_include);