search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
refresh
[phpmyadmin/crack.git] / tbl_select.php3
blob387902034d98673ddd45a72c345504bd463e8b60
1 <?php
2 /* $Id$ */
3
4
5 /**
6 * Gets some core libraries
7 */
8 require('./grab_globals.inc.php3');
9 require('./lib.inc.php3');
10
11
12 /**
13 * Not selection yet required -> displays the selection form
14 */
15 if (!isset($param) || $param[0] == '') {
16 include('./header.inc.php3');
17 $result = mysql_list_fields($db, $table);
18 if (!$result) {
19 mysql_die();
20 }
21 else {
22 // Gets the list and number of fields
23 $fields_count = mysql_num_fields($result);
24 for ($i = 0; $i < $fields_count; $i++) {
25 $fields_list[] = mysql_field_name($result, $i);
26 $fields_type[] = mysql_field_type($result, $i);
27 $fields_len[] = mysql_field_len($result, $i);
28 }
29 ?>
30 <form method="post" action="tbl_select.php3">
31 <input type="hidden" name="server" value="<?php echo $server; ?>" />
32 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
33 <input type="hidden" name="db" value="<?php echo $db; ?>" />
34 <input type="hidden" name="table" value="<?php echo $table; ?>" />
35 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
36 <?php echo $strSelectFields; ?>&nbsp;:<br />
37 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
38 <select name="param[]" size="10" multiple="multiple">
39 <?php
40 echo "\n";
41 // Displays the list of the fields
42 for ($i = 0 ; $i < $fields_count; $i++) {
43 echo ' <option value="' . urlencode($fields_list[$i]) . '" selected="selected">' . htmlspecialchars($fields_list[$i]) . '</option>' . "\n";
44 }
45 ?>
46 </select><br />
47 <ul>
48 <li>
49 <div style="margin-bottom: 10px">
50 <?php echo $strDisplay; ?>&nbsp;
51 <input type="text" size="4" name="sessionMaxRows" value="<?php echo $cfgMaxRows; ?>" />
52 <?php echo $strLimitNumRows . "\n"; ?>
53 </div>
54 </li>
55 <li>
56 <?php echo $strAddSearchConditions; ?><br />
57 <input type="text" name="where" />&nbsp;
58 <?php print show_docu("manual_Reference.html#Functions") . "\n"; ?>
59 <br /><br />
60 <?php echo '<i>' . $strOr . '</i> ' . $strDoAQuery; ?><br />
61 <table border="<?php echo $cfgBorder; ?>">
62 <tr>
63 <th><?php echo $strField; ?></th>
64 <th><?php echo $strType; ?></th>
65 <th><?php echo $strValue; ?></th>
66 </tr>
67 <?php
68 echo "\n";
69 for ($i = 0; $i < $fields_count; $i++) {
70 $bgcolor = ($i % 2) ? $cfgBgcolorOne : $cfgBgcolorTwo;
71 $fieldsize = (($fields_len[$i] > 40) ? 40 : $fields_len[$i]);
72 ?>
73 <tr bgcolor="<?php echo $bgcolor; ?>">
74 <td><?php echo htmlspecialchars($fields_list[$i]); ?></td>
75 <td><?php echo $fields_type[$i]; ?></td>
76 <td>
77 <input type="text" name="fields[]" size="<?php echo $fieldsize; ?>" maxlength="<?php echo $fields_len[$i]; ?>" />
78 <input type="hidden" name="names[]" value="<?php echo urlencode($fields_list[$i]); ?>" />
79 <input type="hidden" name="types[]" value="<?php echo $fields_type[$i]; ?>" />
80 </td>
81 </tr>
82 <?php
83 } // end for
84 echo "\n";
85 ?>
86 </table><br />
87 </li>
88 <li>
89 <?php echo $strDisplayOrder; ?><br />
90 <select name="orderField" style="vertical-align: middle">
91 <option value="--nil--"></option>
92 <?php
93 echo "\n";
94 for ($i = 0; $i < mysql_num_fields($result); $i++) {
95 $field = mysql_field_name($result, $i);
96 echo ' ';
97 echo '<option value="' . urlencode($field) . '">' . htmlspecialchars($field) . '</option>' . "\n";
98 } // end for
99 ?>
100 </select>
101 <input type="radio" name="order" value="ASC" checked="checked" />
102 <?php echo $strAscending; ?>&nbsp;
103 <input type="radio" name="order" value="DESC" />
104 <?php echo $strDescending; ?><br /><br />
105 </li>
106 </ul>
107
108 &nbsp;&nbsp;&nbsp;&nbsp;
109 <input type="submit" name="submit" value="<?php echo $strGo; ?>" />
110 </form>
111 <?php
112 } // end if
113 echo "\n";
114 include('./footer.inc.php3');
115 }
116
117
118 /**
119 * Selection criteria have been submitted -> do the work
120 */
121 else {
122 // Builds the query
123 $sql_query = 'SELECT ' . backquote(urldecode($param[0]));
124 $i = 0;
125 $c = count($param);
126 while ($i < $c) {
127 if ($i > 0) {
128 $sql_query .= ',' . backquote(urldecode($param[$i]));
129 }
130 $i++;
131 }
132 $sql_query .= ' FROM ' . backquote($table);
133 // The where clause
134 if ($where != '') {
135 $sql_query .= ' WHERE ' . ((get_magic_quotes_gpc()) ? stripslashes($where) : $where);
136 }
137 else {
138 $sql_query .= ' WHERE 1';
139 for ($i = 0; $i < count($fields); $i++) {
140 if (!empty($fields) && $fields[$i] != '') {
141 $quot = '';
142 if ($types[$i] == 'string' || $types[$i] == 'blob') {
143 $quot = '"';
144 $cmp = 'LIKE';
145 if (!get_magic_quotes_gpc()) {
146 $fields[$i] = str_replace('"', '\\"', $fields[$i]);
147 }
148 }
149 else if ($types[$i] == 'date' || $types[$i] == 'time') {
150 $quot = '"';
151 $cmp = '=';
152 }
153 else {
154 if (strstr($fields[$i], '%')) {
155 $cmp = 'LIKE';
156 $quot = '"';
157 } else {
158 $cmp = '=';
159 $quot = '';
160 }
161 if (substr($fields[$i], 0, 1) == '<' || substr($fields[$i], 0, 1) == '>') {
162 $cmp = '';
163 }
164 } // end if
165 $sql_query .= ' AND ' . backquote(urldecode($names[$i])) . " $cmp $quot$fields[$i]$quot";
166 } // end if
167 } // end for
168 } // end if
169 if ($orderField != '--nil--') {
170 $sql_query .= ' ORDER BY ' . backquote(urldecode($orderField)) . ' ' . $order;
171 } // end if
172
173 $url_query = 'lang=' . $lang
174 . '&server=' . urlencode($server)
175 . '&db=' . urlencode($db)
176 . '&table=' . urlencode($table)
177 . '&sql_query=' . urlencode($sql_query)
178 . '&pos=0'
179 . '&sessionMaxRows=' . $sessionMaxRows
180 . '&goto=db_details.php3';
181 header('Location: sql.php3?' . $url_query);
182 }
183
184 ?>
Drizzle / GSOC 2011