search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
pdf_pages
[phpmyadmin/crack.git] / tbl_select.php3
blob4e9b50815daab84f5e0ee999876700ab1a0933c0
1 <?php
2 /* $Id$ */
3
4
5 /**
6 * Gets some core libraries
7 */
8 require('./libraries/grab_globals.lib.php3');
9 require('./libraries/common.lib.php3');
10 require('./libraries/relation.lib.php3'); // foreign keys
11
12
13 /**
14 * Defines arrays of functions (should possibly be in config.inc.php3
15 * so it can also be used in tbl_qbe.php3)
16 */
17 $numfunctions = array('=', '>', '>=', '<', '<=', '!=');
18 $textfunctions = array('LIKE', '=', '!=');
19
20
21 /**
22 * Not selection yet required -> displays the selection form
23 */
24 if (!isset($param) || $param[0] == '') {
25 // Gets some core libraries
26 include('./tbl_properties_common.php3');
27 $err_url = 'tbl_select.php3' . $err_url;
28 $url_query .= '&amp;goto=tbl_select.php3&amp;back=tbl_select.php3';
29 include('./tbl_properties_table_info.php3');
30
31 // Defines the url to return to in case of error in the next sql statement
32 $err_url = $goto
33 . '?lang=' . $lang
34 . '&amp;convcharset=' . $convcharset
35 . '&amp;server=' . $server
36 . '&amp;db=' . urlencode($db)
37 . '&amp;table=' . urlencode($table);
38
39 // Gets the list and number of fields
40 $local_query = 'SHOW FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db);
41 $result = @PMA_mysql_query($local_query);
42 if (!$result) {
43 PMA_mysqlDie('', $local_query, '', $err_url);
44 }
45 else {
46 $fields_cnt = mysql_num_rows($result);
47 while ($row = PMA_mysql_fetch_array($result)) {
48 $fields_list[] = $row['Field'];
49 $type = $row['Type'];
50 // reformat mysql query output - staybyte - 9. June 2001
51 $shorttype = substr($type, 0, 3);
52 if ($shorttype == 'set' || $shorttype == 'enu') {
53 $type = eregi_replace(',', ', ', $type);
54 // Removes automatic MySQL escape format
55 $type = str_replace('\'\'', '\\\'', $type);
56 }
57 $type = eregi_replace('BINARY', '', $type);
58 $type = eregi_replace('ZEROFILL', '', $type);
59 $type = eregi_replace('UNSIGNED', '', $type);
60 if (empty($type)) {
61 $type = '&nbsp;';
62 }
63 $fields_type[] = $type;
64 } // end while
65 mysql_free_result($result);
66
67 // <markus@noga.de>
68 // retrieve keys into foreign fields, if any
69 $cfgRelation = PMA_getRelationsParam();
70 $foreigners = ($cfgRelation['relwork'] ? PMA_getForeigners($db, $table) : FALSE);
71 ?>
72 <form method="post" action="tbl_select.php3">
73 <input type="hidden" name="server" value="<?php echo $server; ?>" />
74 <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
75 <input type="hidden" name="convcharset" value="<?php echo $convcharset; ?>" />
76 <input type="hidden" name="db" value="<?php echo $db; ?>" />
77 <input type="hidden" name="table" value="<?php echo $table; ?>" />
78 <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
79 <input type="hidden" name="back" value="tbl_select.php3" />
80 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
81 <?php echo $strSelectFields; ?>&nbsp;:<br />
82 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
83 <select name="param[]" size="<?php echo ($fields_cnt < 10) ? $fields_cnt : 10; ?>" multiple="multiple">
84 <?php
85 echo "\n";
86 // Displays the list of the fields
87 for ($i = 0 ; $i < $fields_cnt; $i++) {
88 echo ' <option value="' . urlencode($fields_list[$i]) . '" selected="selected">' . htmlspecialchars($fields_list[$i]) . '</option>' . "\n";
89 }
90 ?>
91 </select><br />
92 <ul>
93 <li>
94 <div style="margin-bottom: 10px">
95 <?php echo $strLimitNumRows . "\n"; ?>
96 <input type="text" size="4" name="session_max_rows" value="<?php echo $cfg['MaxRows']; ?>" class="textfield" />
97 </div>
98 </li>
99 <li>
100 <?php echo $strAddSearchConditions; ?><br />
101 <input type="text" name="where" class="textfield" />&nbsp;
102 <?php echo PMA_showMySQLDocu('Reference', 'Functions') . "\n"; ?>
103 <br /><br />
104 <?php echo '<i>' . $strOr . '</i> ' . $strDoAQuery; ?><br />
105 <table border="<?php echo $cfg['Border']; ?>">
106 <tr>
107 <th><?php echo $strField; ?></th>
108 <th><?php echo $strType; ?></th>
109 <th><?php echo $strFunction; ?></th>
110 <th><?php echo $strValue; ?></th>
111 </tr>
112 <?php
113 for ($i = 0; $i < $fields_cnt; $i++) {
114 echo "\n";
115 $bgcolor = ($i % 2) ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo'];
116 ?>
117 <tr>
118 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo htmlspecialchars($fields_list[$i]); ?></td>
119 <td bgcolor="<?php echo $bgcolor; ?>"><?php echo $fields_type[$i]; ?></td>
120 <td bgcolor="<?php echo $bgcolor; ?>">
121 <select name="func[]">
122 <?php
123 reset($numfunctions);
124 reset($textfunctions);
125 if (eregi('char|blob|text|set|enum', $fields_type[$i])) {
126 while (list($k, $fc) = each($textfunctions)) {
127 echo "\n" . ' '
128 . '<option value="' . htmlspecialchars($fc) . '">' . htmlspecialchars($fc) . '</option>';
129 } // end while
130 } else {
131 while (list($k, $fc) = each($numfunctions)) {
132 echo "\n" . ' '
133 . '<option value="' . htmlspecialchars($fc) . '">' . htmlspecialchars($fc) . '</option>';
134 } // end while
135 } // end if... else...
136 echo "\n";
137 ?>
138 </select>
139 </td>
140 <td bgcolor="<?php echo $bgcolor; ?>">
141 <?php
142 // <markus@noga.de>
143 $field = $fields_list[$i];
144
145 include('./libraries/get_foreign.lib.php3');
146
147 echo "\n";
148 if ($foreigners && isset($foreigners[$field]) && isset($disp) && $disp) {
149 echo ' <select name="fields[]">' . "\n";
150 echo ' <option value=""></option>' . "\n";
151 while ($relrow = @PMA_mysql_fetch_array($disp)) {
152 $key = $relrow[$foreign_field];
153 $value = (($foreign_display != FALSE) ? '-' . htmlspecialchars($relrow[$foreign_display]) : '');
154 echo ' <option value="' . urlencode($key) . '">'
155 . htmlspecialchars($key) . $value . '</option>' . "\n";
156 } // end while
157 echo ' </select>' . "\n";
158 } else {
159 echo ' <input type="text" name="fields[]" size="40" class="textfield" />' . "\n";
160 }
161 ?>
162 <input type="hidden" name="names[]" value="<?php echo urlencode($fields_list[$i]); ?>" />
163 <input type="hidden" name="types[]" value="<?php echo $fields_type[$i]; ?>" />
164 </td>
165 </tr>
166 <?php
167 } // end for
168 echo "\n";
169 ?>
170 </table><br />
171 </li>
172 <li>
173 <?php echo $strDisplayOrder; ?><br />
174 <select name="orderField" style="vertical-align: middle">
175 <option value="--nil--"></option>
176 <?php
177 echo "\n";
178 for ($i = 0; $i < $fields_cnt; $i++) {
179 echo ' ';
180 echo '<option value="' . urlencode($fields_list[$i]) . '">' . htmlspecialchars($fields_list[$i]) . '</option>' . "\n";
181 } // end for
182 ?>
183 </select>
184 <input type="radio" name="order" value="ASC" checked="checked" />
185 <?php echo $strAscending; ?>&nbsp;
186 <input type="radio" name="order" value="DESC" />
187 <?php echo $strDescending; ?><br /><br />
188 </li>
189 </ul>
190
191 &nbsp;&nbsp;&nbsp;&nbsp;
192 <input type="submit" name="submit" value="<?php echo $strGo; ?>" />
193 </form>
194 <?php
195 } // end if
196 echo "\n";
197 include('./footer.inc.php3');
198 }
199
200
201 /**
202 * Selection criteria have been submitted -> do the work
203 */
204 else {
205 // Builds the query
206 $sql_query = 'SELECT ' . PMA_backquote(urldecode($param[0]));
207 $i = 0;
208 $c = count($param);
209 while ($i < $c) {
210 if ($i > 0) {
211 $sql_query .= ',' . PMA_backquote(urldecode($param[$i]));
212 }
213 $i++;
214 }
215 $sql_query .= ' FROM ' . PMA_backquote($table);
216 // The where clause
217 if ($where != '') {
218 $sql_query .= ' WHERE ' . ((get_magic_quotes_gpc()) ? stripslashes($where) : $where);
219 }
220 else {
221 $sql_query .= ' WHERE 1';
222 for ($i = 0; $i < count($fields); $i++) {
223 if (!empty($fields) && $fields[$i] != '') {
224 if (eregi('char|blob|text|set|enum|date|time|year', $types[$i])) {
225 $quot = '\'';
226 } else {
227 $quot = '';
228 }
229 if (strtoupper($fields[$i]) == 'NULL' || strtoupper($fields[$i]) == 'NOT NULL') {
230 $quot = '';
231 $func[$i] = 'IS';
232 }
233 $sql_query .= ' AND ' . PMA_backquote(urldecode($names[$i])) . " $func[$i] $quot$fields[$i]$quot";
234 } // end if
235 } // end for
236 } // end if
237
238 if ($orderField != '--nil--') {
239 $sql_query .= ' ORDER BY ' . PMA_backquote(urldecode($orderField)) . ' ' . $order;
240 } // end if
241
242 // The query will be stripslashed in sql.php3 if "magic_quotes_gpc" is on
243 if (get_magic_quotes_gpc()) {
244 $sql_query = addslashes($sql_query);
245 }
246 include('./sql.php3');
247
248 }
249
250 ?>
Drizzle / GSOC 2011