bug #2780356 [calendar] Null checkbox not unchecked when date is chosen
[phpmyadmin/crack.git] / db_search.php
blob13d5323a661502ab7c7c2254c9a18f5fe036b31a
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * searchs the entire database
6 * @todo make use of UNION when searching multiple tables
7 * @todo display executed query, optional?
8 * @uses $cfg['UseDbSearch']
9 * @uses $GLOBALS['db']
10 * @uses $GLOBALS['strAccessDenied']
11 * @uses $GLOBALS['strSearchOption1']
12 * @uses $GLOBALS['strSearchOption2']
13 * @uses $GLOBALS['strSearchOption3']
14 * @uses $GLOBALS['strSearchOption4']
15 * @uses $GLOBALS['strSearchResultsFor']
16 * @uses $GLOBALS['strNumSearchResultsInTable']
17 * @uses $GLOBALS['strBrowse']
18 * @uses $GLOBALS['strDelete']
19 * @uses $GLOBALS['strNumSearchResultsTotal']
20 * @uses $GLOBALS['strSearchFormTitle']
21 * @uses $GLOBALS['strSearchNeedle']
22 * @uses $GLOBALS['strSearchType']
23 * @uses $GLOBALS['strSplitWordsWithSpace']
24 * @uses $GLOBALS['strSearchInTables']
25 * @uses $GLOBALS['strUnselectAll']
26 * @uses $GLOBALS['strSelectAll']
27 * @uses PMA_DBI_get_tables()
28 * @uses PMA_sqlAddslashes()
29 * @uses PMA_getSearchSqls()
30 * @uses PMA_DBI_fetch_value()
31 * @uses PMA_linkOrButton()
32 * @uses PMA_generate_common_url()
33 * @uses PMA_generate_common_hidden_inputs()
34 * @uses PMA_showMySQLDocu()
35 * @uses $_REQUEST['search_str']
36 * @uses $_REQUEST['submit_search']
37 * @uses $_REQUEST['search_option']
38 * @uses $_REQUEST['table_select']
39 * @uses $_REQUEST['unselectall']
40 * @uses $_REQUEST['selectall']
41 * @uses $_REQUEST['field_str']
42 * @uses is_string()
43 * @uses htmlspecialchars()
44 * @uses array_key_exists()
45 * @uses is_array()
46 * @uses array_intersect()
47 * @uses sprintf()
48 * @uses in_array()
49 * @version $Id$
50 * @author Thomas Chaumeny <chaume92 at aol.com>
53 /**
56 require_once './libraries/common.inc.php';
58 /**
59 * Gets some core libraries and send headers
61 require './libraries/db_common.inc.php';
63 /**
64 * init
66 // If config variable $GLOBALS['cfg']['Usedbsearch'] is on false : exit.
67 if (! $GLOBALS['cfg']['UseDbSearch']) {
68 PMA_mysqlDie($GLOBALS['strAccessDenied'], '', false, $err_url);
69 } // end if
70 $url_query .= '&amp;goto=db_search.php';
71 $url_params['goto'] = 'db_search.php';
73 /**
74 * @global array list of tables from the current database
75 * but do not clash with $tables coming from db_info.inc.php
77 $tables_names_only = PMA_DBI_get_tables($GLOBALS['db']);
79 $search_options = array(
80 '1' => $GLOBALS['strSearchOption1'],
81 '2' => $GLOBALS['strSearchOption2'],
82 '3' => $GLOBALS['strSearchOption3'],
83 '4' => $GLOBALS['strSearchOption4'],
86 if (empty($_REQUEST['search_option']) || ! is_string($_REQUEST['search_option'])
87 || ! array_key_exists($_REQUEST['search_option'], $search_options)) {
88 $search_option = 1;
89 unset($_REQUEST['submit_search']);
90 } else {
91 $search_option = (int) $_REQUEST['search_option'];
92 $option_str = $search_options[$_REQUEST['search_option']];
95 if (empty($_REQUEST['search_str']) || ! is_string($_REQUEST['search_str'])) {
96 unset($_REQUEST['submit_search']);
97 $searched = '';
98 } else {
99 $searched = htmlspecialchars($_REQUEST['search_str']);
100 // For "as regular expression" (search option 4), we should not treat
101 // this as an expression that contains a LIKE (second parameter of
102 // PMA_sqlAddslashes()).
104 // Usage example: If user is seaching for a literal $ in a regexp search,
105 // he should enter \$ as the value.
106 $search_str = PMA_sqlAddslashes($_REQUEST['search_str'], ($search_option == 4 ? false : true));
109 $tables_selected = array();
110 if (empty($_REQUEST['table_select']) || ! is_array($_REQUEST['table_select'])) {
111 unset($_REQUEST['submit_search']);
112 } elseif (! isset($_REQUEST['selectall']) && ! isset($_REQUEST['unselectall'])) {
113 $tables_selected = array_intersect($_REQUEST['table_select'], $tables_names_only);
116 if (isset($_REQUEST['selectall'])) {
117 $tables_selected = $tables_names_only;
118 } elseif (isset($_REQUEST['unselectall'])) {
119 $tables_selected = array();
122 if (empty($_REQUEST['field_str']) || ! is_string($_REQUEST['field_str'])) {
123 unset($field_str);
124 } else {
125 $field_str = PMA_sqlAddslashes($_REQUEST['field_str'], true);
129 * Displays top links
131 $sub_part = '';
132 require './libraries/db_info.inc.php';
136 * 1. Main search form has been submitted
138 if (isset($_REQUEST['submit_search'])) {
141 * Builds the SQL search query
143 * @todo can we make use of fulltextsearch IN BOOLEAN MODE for this?
144 * @uses PMA_DBI_query
145 * PMA_backquote
146 * PMA_DBI_free_result
147 * PMA_DBI_fetch_assoc
148 * $GLOBALS['db']
149 * explode
150 * count
151 * strlen
152 * @param string the table name
153 * @param string restrict the search to this field
154 * @param string the string to search
155 * @param integer type of search (1 -> 1 word at least, 2 -> all words,
156 * 3 -> exact string, 4 -> regexp)
158 * @return array 3 SQL querys (for count, display and delete results)
160 * @global string the url to return to in case of errors
161 * @global string charset connection
163 function PMA_getSearchSqls($table, $field, $search_str, $search_option)
165 global $err_url;
167 // Statement types
168 $sqlstr_select = 'SELECT';
169 $sqlstr_delete = 'DELETE';
171 // Fields to select
172 $tblfields = PMA_DBI_fetch_result('SHOW FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($GLOBALS['db']),
173 null, 'Field');
175 // Table to use
176 $sqlstr_from = ' FROM ' . PMA_backquote($GLOBALS['db']) . '.' . PMA_backquote($table);
178 $search_words = (($search_option > 2) ? array($search_str) : explode(' ', $search_str));
179 $search_wds_cnt = count($search_words);
181 $like_or_regex = (($search_option == 4) ? 'REGEXP' : 'LIKE');
182 $automatic_wildcard = (($search_option < 3) ? '%' : '');
184 $fieldslikevalues = array();
185 foreach ($search_words as $search_word) {
186 // Eliminates empty values
187 if (strlen($search_word) === 0) {
188 continue;
191 $thefieldlikevalue = array();
192 foreach ($tblfields as $tblfield) {
193 if (! isset($field) || strlen($field) == 0 || $tblfield == $field) {
194 $thefieldlikevalue[] = PMA_backquote($tblfield)
195 . ' ' . $like_or_regex . ' '
196 . "'" . $automatic_wildcard
197 . $search_word
198 . $automatic_wildcard . "'";
200 } // end for
202 if (count($thefieldlikevalue) > 0) {
203 $fieldslikevalues[] = implode(' OR ', $thefieldlikevalue);
205 } // end for
207 $implode_str = ($search_option == 1 ? ' OR ' : ' AND ');
208 if ( empty($fieldslikevalues)) {
209 // this could happen when the "inside field" does not exist
210 // in any selected tables
211 $sqlstr_where = ' WHERE FALSE';
212 } else {
213 $sqlstr_where = ' WHERE (' . implode(') ' . $implode_str . ' (', $fieldslikevalues) . ')';
215 unset($fieldslikevalues);
217 // Builds complete queries
218 $sql['select_fields'] = $sqlstr_select . ' * ' . $sqlstr_from . $sqlstr_where;
219 // here, I think we need to still use the COUNT clause, even for
220 // VIEWs, anyway we have a WHERE clause that should limit results
221 $sql['select_count'] = $sqlstr_select . ' COUNT(*) AS `count`' . $sqlstr_from . $sqlstr_where;
222 $sql['delete'] = $sqlstr_delete . $sqlstr_from . $sqlstr_where;
224 return $sql;
225 } // end of the "PMA_getSearchSqls()" function
229 * Displays the results
231 $this_url_params = array(
232 'db' => $GLOBALS['db'],
233 'goto' => 'db_sql.php',
234 'pos' => 0,
235 'is_js_confirmed' => 0,
238 // Displays search string
239 echo '<br />' . "\n"
240 .'<table class="data">' . "\n"
241 .'<caption class="tblHeaders">' . "\n"
242 .sprintf($GLOBALS['strSearchResultsFor'],
243 $searched, $option_str) . "\n"
244 .'</caption>' . "\n";
246 $num_search_result_total = 0;
247 $odd_row = true;
249 foreach ($tables_selected as $each_table) {
250 // Gets the SQL statements
251 $newsearchsqls = PMA_getSearchSqls($each_table, (! empty($field_str) ? $field_str : ''), $search_str, $search_option);
253 // Executes the "COUNT" statement
254 $res_cnt = PMA_DBI_fetch_value($newsearchsqls['select_count']);
255 $num_search_result_total += $res_cnt;
257 $sql_query .= $newsearchsqls['select_count'];
259 echo '<tr class="' . ($odd_row ? 'odd' : 'even') . '">'
260 .'<td>' . sprintf($GLOBALS['strNumSearchResultsInTable'], $res_cnt,
261 htmlspecialchars($each_table)) . "</td>\n";
263 if ($res_cnt > 0) {
264 $this_url_params['sql_query'] = $newsearchsqls['select_fields'];
265 echo '<td>' . PMA_linkOrButton(
266 'sql.php' . PMA_generate_common_url($this_url_params),
267 $GLOBALS['strBrowse'], '') . "</td>\n";
269 $this_url_params['sql_query'] = $newsearchsqls['delete'];
270 echo '<td>' . PMA_linkOrButton(
271 'sql.php' . PMA_generate_common_url($this_url_params),
272 $GLOBALS['strDelete'], $newsearchsqls['delete']) . "</td>\n";
274 } else {
275 echo '<td>&nbsp;</td>' . "\n"
276 .'<td>&nbsp;</td>' . "\n";
277 }// end if else
278 $odd_row = ! $odd_row;
279 echo '</tr>' . "\n";
280 } // end for
282 echo '</table>' . "\n";
284 if (count($tables_selected) > 1) {
285 echo '<p>' . sprintf($GLOBALS['strNumSearchResultsTotal'],
286 $num_search_result_total) . '</p>' . "\n";
288 } // end 1.
292 * 2. Displays the main search form
295 <a name="db_search"></a>
296 <form method="post" action="db_search.php" name="db_search">
297 <?php echo PMA_generate_common_hidden_inputs($GLOBALS['db']); ?>
298 <fieldset>
299 <legend><?php echo $GLOBALS['strSearchFormTitle']; ?></legend>
301 <table class="formlayout">
302 <tr><td><?php echo $GLOBALS['strSearchNeedle']; ?></td>
303 <td><input type="text" name="search_str" size="60"
304 value="<?php echo $searched; ?>" /></td>
305 </tr>
306 <tr><td align="right" valign="top">
307 <?php echo $GLOBALS['strSearchType']; ?></td>
308 <td><?php
310 $choices = array(
311 '1' => $GLOBALS['strSearchOption1'] . PMA_showHint($GLOBALS['strSplitWordsWithSpace']),
312 '2' => $GLOBALS['strSearchOption2'] . PMA_showHint($GLOBALS['strSplitWordsWithSpace']),
313 '3' => $GLOBALS['strSearchOption3'],
314 '4' => $GLOBALS['strSearchOption4'] . ' ' . PMA_showMySQLDocu('Regexp', 'Regexp')
316 // 4th parameter set to false to add line breaks
317 // 5th parameter set to false to avoid htmlspecialchars() escaping in the label
318 // since we have some HTML in some labels
319 PMA_generate_html_radio('search_option', $choices, $search_option, true, false);
320 unset($choices);
322 </td>
323 </tr>
324 <tr><td align="right" valign="top">
325 <?php echo $GLOBALS['strSearchInTables']; ?></td>
326 <td rowspan="2">
327 <?php
328 echo ' <select name="table_select[]" size="6" multiple="multiple">' . "\n";
329 foreach ($tables_names_only as $each_table) {
330 if (in_array($each_table, $tables_selected)) {
331 $is_selected = ' selected="selected"';
332 } else {
333 $is_selected = '';
336 echo ' <option value="' . htmlspecialchars($each_table) . '"'
337 . $is_selected . '>'
338 . str_replace(' ', '&nbsp;', htmlspecialchars($each_table)) . '</option>' . "\n";
339 } // end while
341 echo ' </select>' . "\n";
342 $alter_select =
343 '<a href="db_search.php' . PMA_generate_common_url(array_merge($url_params, array('selectall' => 1))) . '#db_search"'
344 . ' onclick="setSelectOptions(\'db_search\', \'table_select[]\', true); return false;">' . $GLOBALS['strSelectAll'] . '</a>'
345 . '&nbsp;/&nbsp;'
346 . '<a href="db_search.php' . PMA_generate_common_url(array_merge($url_params, array('unselectall' => 1))) . '#db_search"'
347 . ' onclick="setSelectOptions(\'db_search\', \'table_select[]\', false); return false;">' . $GLOBALS['strUnselectAll'] . '</a>';
349 </td>
350 </tr>
351 <tr><td align="right" valign="bottom">
352 <?php echo $alter_select; ?></td></tr>
353 </tr>
354 <tr><td align="right">
355 <?php echo $GLOBALS['strSearchInField']; ?></td>
356 <td><input type="text" name="field_str" size="60"
357 value="<?php echo ! empty($field_str) ? $field_str : ''; ?>" /></td>
358 </tr>
359 </table>
360 </fieldset>
361 <fieldset class="tblFooters">
362 <input type="submit" name="submit_search" value="<?php echo $GLOBALS['strGo']; ?>"
363 id="buttonGo" />
364 </fieldset>
365 </form>
367 <?php
369 * Displays the footer
371 require_once './libraries/footer.inc.php';