2 /* vim: set expandtab sw=4 ts=4 sts=4: */
6 * @todo we must handle the case if sql.php is called directly with a query
7 * that returns 0 rows - to prevent cyclic redirects or includes
12 * Gets some core libraries
14 require_once 'libraries/common.inc.php';
15 require_once 'libraries/Table.class.php';
16 require_once 'libraries/Header.class.php';
17 require_once 'libraries/check_user_privileges.lib.php';
18 require_once 'libraries/bookmark.lib.php';
19 require_once 'libraries/sql.lib.php';
20 require_once 'libraries/sqlparser.lib.php';
21 require_once 'libraries/config/page_settings.class.php';
23 PMA_PageSettings
::showGroup('Browse');
26 $response = PMA_Response
::getInstance();
27 $header = $response->getHeader();
28 $scripts = $header->getScripts();
29 $scripts->addFile('jquery/jquery-ui-timepicker-addon.js');
30 $scripts->addFile('jquery/jquery.uitablefilter.js');
31 $scripts->addFile('tbl_change.js');
32 $scripts->addFile('indexes.js');
33 $scripts->addFile('gis_data_editor.js');
34 $scripts->addFile('multi_column_sort.js');
37 * Set ajax_reload in the response if it was already set
39 if (isset($ajax_reload) && $ajax_reload['reload'] === true) {
40 $response->addJSON('ajax_reload', $ajax_reload);
45 * Defines the url to return to in case of error in a sql statement
49 $is_gotofile = preg_replace('@^([^?]+).*$@s', '\\1', $goto);
50 if (! @file_exists
('' . $is_gotofile)) {
53 $is_gotofile = ($is_gotofile == $goto);
57 $goto = PMA_Util
::getScriptNameForOption(
58 $GLOBALS['cfg']['DefaultTabDatabase'], 'database'
61 $goto = PMA_Util
::getScriptNameForOption(
62 $GLOBALS['cfg']['DefaultTabTable'], 'table'
68 if (! isset($err_url)) {
69 $err_url = (! empty($back) ?
$back : $goto)
70 . '?' . PMA_URL_getCommon(array('db' => $GLOBALS['db']))
71 . ((/*overload*/mb_strpos(' ' . $goto, 'db_') != 1
72 && /*overload*/mb_strlen($table))
73 ?
'&table=' . urlencode($table)
78 // Coming from a bookmark dialog
79 if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
80 $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
81 } elseif (isset($_GET['sql_query'])) {
82 $sql_query = $_GET['sql_query'];
85 // This one is just to fill $db
86 if (isset($_POST['bkm_fields']['bkm_database'])) {
87 $db = $_POST['bkm_fields']['bkm_database'];
91 // During grid edit, if we have a relational field, show the dropdown for it.
92 if (isset($_REQUEST['get_relational_values'])
93 && $_REQUEST['get_relational_values'] == true
95 PMA_getRelationalValues($db, $table);
96 // script has exited at this point
99 // Just like above, find possible values for enum fields during grid edit.
100 if (isset($_REQUEST['get_enum_values']) && $_REQUEST['get_enum_values'] == true) {
101 PMA_getEnumOrSetValues($db, $table, "enum");
102 // script has exited at this point
106 // Find possible values for set fields during grid edit.
107 if (isset($_REQUEST['get_set_values']) && $_REQUEST['get_set_values'] == true) {
108 PMA_getEnumOrSetValues($db, $table, "set");
109 // script has exited at this point
112 if (isset($_REQUEST['get_default_fk_check_value'])
113 && $_REQUEST['get_default_fk_check_value'] == true
115 $response = PMA_Response
::getInstance();
117 'default_fk_check_value', PMA_Util
::isForeignKeyCheck()
123 * Check ajax request to set the column order and visibility
125 if (isset($_REQUEST['set_col_prefs']) && $_REQUEST['set_col_prefs'] == true) {
126 PMA_setColumnOrderOrVisibility($table, $db);
127 // script has exited at this point
130 // Default to browse if no query set and we have table
131 // (needed for browsing from DefaultTabTable)
132 $tableLength = /*overload*/mb_strlen($table);
133 $dbLength = /*overload*/mb_strlen($db);
134 if (empty($sql_query) && $tableLength && $dbLength) {
135 $sql_query = PMA_getDefaultSqlQueryForBrowse($db, $table);
137 // set $goto to what will be displayed if query returns 0 rows
140 // Now we can check the parameters
141 PMA_Util
::checkParameters(array('sql_query'));
145 * Parse and analyze the query
147 require_once 'libraries/parse_analyze.inc.php';
151 * Check rights in case of DROP DATABASE
153 * This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
154 * but since a malicious user may pass this variable by url/form, we don't take
155 * into account this case.
157 if (PMA_hasNoRightsToDropDatabase(
158 $analyzed_sql_results, $cfg['AllowUserDropDatabase'], $is_superuser
161 __('"DROP DATABASE" statements are disabled.'),
169 * Need to find the real end of rows?
171 if (isset($find_real_end) && $find_real_end) {
172 $unlim_num_rows = PMA_findRealEndOfRows($db, $table);
179 if (isset($_POST['store_bkm'])) {
180 PMA_addBookmark($cfg['PmaAbsoluteUri'], $goto);
181 // script has exited at this point
186 * Sets or modifies the $goto variable if required
188 if ($goto == 'sql.php') {
189 $is_gotofile = false;
190 $goto = 'sql.php' . PMA_URL_getCommon(
194 'sql_query' => $sql_query
199 PMA_executeQueryAndSendQueryResponse(
200 $analyzed_sql_results,
204 isset($find_real_end) ?
$find_real_end : null,
205 isset($import_text) ?
$import_text : null,
206 isset($extra_data) ?
$extra_data : null,
208 isset($message_to_show) ?
$message_to_show : null,
209 isset($message) ?
$message : null,
210 isset($sql_data) ?
$sql_data : null,
213 isset($disp_query) ?
$display_query : null,
214 isset($disp_message) ?
$disp_message : null,
215 isset($query_type) ?
$query_type : null,
217 isset($selected) ?
$selected : null,
218 isset($complete_query) ?
$complete_query : null