search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Wrap long lines
[phpmyadmin/crack.git] / tbl_select.php
blob3e578b8765642eff8a16b3d0680c843f6dedb669
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Handles table search tab
5 *
6 * display table search form, create SQL query from form data
7 * and include sql.php to execute it
8 *
9 * @todo display search form again if no results from previous search
10 * @package phpMyAdmin
11 */
12
13 /**
14 * Gets some core libraries
15 */
16 require_once './libraries/common.inc.php';
17 require_once './libraries/mysql_charsets.lib.php';
18
19 $GLOBALS['js_include'][] = 'makegrid.js';
20 $GLOBALS['js_include'][] = 'sql.js';
21 $GLOBALS['js_include'][] = 'tbl_select.js';
22 $GLOBALS['js_include'][] = 'tbl_change.js';
23 $GLOBALS['js_include'][] = 'jquery/jquery-ui-1.8.custom.js';
24 $GLOBALS['js_include'][] = 'jquery/timepicker.js';
25
26 // required for GIS editor loaded via AJAX
27 $GLOBALS['js_include'][] = 'gis_data_editor.js';
28 $GLOBALS['js_include'][] = 'jquery/jquery.svg.js';
29 $GLOBALS['js_include'][] = 'jquery/jquery.mousewheel.js';
30 $GLOBALS['js_include'][] = 'jquery/jquery.event.drag-2.0.min.js';
31 $GLOBALS['js_include'][] = 'tbl_gis_visualization.js';
32 $GLOBALS['js_include'][] = 'openlayers/OpenLayers.js';
33 $GLOBALS['js_include'][] = 'OpenStreetMap.js';
34
35 if ($GLOBALS['cfg']['PropertiesIconic'] == true) {
36 $titles['Browse'] =
37 '<img class="icon" width="16" height="16" src="' . $pmaThemeImage
38 .'b_browse.png" alt="' . __('Browse foreign values') . '" title="'
39 . __('Browse foreign values') . '" />';
40
41 if ($GLOBALS['cfg']['PropertiesIconic'] === 'both') {
42 $titles['Browse'] .= __('Browse foreign values');
43 }
44 } else {
45 $titles['Browse'] = __('Browse foreign values');
46 }
47
48 $geom_types = PMA_getGISDatatypes();
49 /**
50 * Not selection yet required -> displays the selection form
51 */
52 if (! isset($param) || $param[0] == '') {
53 // Gets some core libraries
54 require_once './libraries/tbl_common.php';
55 //$err_url = 'tbl_select.php' . $err_url;
56 $url_query .= '&amp;goto=tbl_select.php&amp;back=tbl_select.php';
57
58 /**
59 * Gets tables informations
60 */
61 require_once './libraries/tbl_info.inc.php';
62
63 /**
64 * Displays top menu links
65 */
66 require_once './libraries/tbl_links.inc.php';
67
68 if (! isset($goto)) {
69 $goto = $GLOBALS['cfg']['DefaultTabTable'];
70 }
71 // Defines the url to return to in case of error in the next sql statement
72 $err_url = $goto . '?' . PMA_generate_common_url($db, $table);
73
74 // Gets the list and number of fields
75 $result = PMA_DBI_query('SHOW FULL FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db) . ';', null, PMA_DBI_QUERY_STORE);
76 $fields_cnt = PMA_DBI_num_rows($result);
77 $fields_list = $fields_null = $fields_type = $fields_collation = array();
78 $geom_column_present = false;
79 while ($row = PMA_DBI_fetch_assoc($result)) {
80 $fields_list[] = $row['Field'];
81 $type = $row['Type'];
82 // check whether table contains geometric columns
83 if (in_array($type, $geom_types)) {
84 $geom_column_present = true;
85 }
86 // reformat mysql query output
87 if (strncasecmp($type, 'set', 3) == 0
88 || strncasecmp($type, 'enum', 4) == 0) {
89 $type = str_replace(',', ', ', $type);
90 } else {
91
92 // strip the "BINARY" attribute, except if we find "BINARY(" because
93 // this would be a BINARY or VARBINARY field type
94 if (!preg_match('@BINARY[\(]@i', $type)) {
95 $type = preg_replace('@BINARY@i', '', $type);
96 }
97 $type = preg_replace('@ZEROFILL@i', '', $type);
98 $type = preg_replace('@UNSIGNED@i', '', $type);
99
100 $type = strtolower($type);
101 }
102 if (empty($type)) {
103 $type = '&nbsp;';
104 }
105 $fields_null[] = $row['Null'];
106 $fields_type[] = $type;
107 $fields_collation[] = !empty($row['Collation']) && $row['Collation'] != 'NULL'
108 ? $row['Collation']
109 : '';
110 } // end while
111 PMA_DBI_free_result($result);
112 unset($result, $type);
113
114 // retrieve keys into foreign fields, if any
115 // check also foreigners even if relwork is FALSE (to get
116 // foreign keys from innodb)
117 $foreigners = PMA_getForeigners($db, $table);
118 ?>
119 <form method="post" action="tbl_select.php" name="insertForm" id="tbl_search_form" <?php echo ($GLOBALS['cfg']['AjaxEnable'] ? ' class="ajax"' : ''); ?>>
120 <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
121 <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
122 <input type="hidden" name="back" value="tbl_select.php" />
123
124 <fieldset id="fieldset_table_search">
125
126 <fieldset id="fieldset_table_qbe">
127 <legend><?php echo __('Do a "query by example" (wildcard: "%")') ?></legend>
128 <table class="data">
129 <thead>
130 <tr><?php
131 // Display the Function column only if there is alteast one geomety colum
132 if ($geom_column_present) {
133 echo('<th>'); echo __('Function'); echo('</th>');
134 }
135 ?>
136 <th><?php echo __('Column'); ?></th>
137 <th><?php echo __('Type'); ?></th>
138 <th><?php echo __('Collation'); ?></th>
139 <th><?php echo __('Operator'); ?></th>
140 <th><?php echo __('Value'); ?></th>
141 </tr>
142 </thead>
143 <tbody>
144 <?php
145 $odd_row = true;
146
147 for ($i = 0; $i < $fields_cnt; $i++) {
148 ?>
149 <tr class="noclick <?php echo $odd_row ? 'odd' : 'even'; $odd_row = ! $odd_row; ?>">
150 <?php
151 // if 'Function' column is present
152 if ($geom_column_present) {
153 echo('<td>');
154 // if a geometry column
155 if (in_array($fields_type[$i], $geom_types)) {
156 echo('<select class="geom_func" name="geom_func['. $i .']">');
157 // get the relevant list of functions
158 $funcs = PMA_getGISFunctions($fields_type[$i], true, true);
159 foreach ($funcs as $func_name => $func) {
160 $name = isset($func['display']) ? $func['display'] : $func_name;
161 echo('<option value="' . htmlspecialchars($name) . '">'
162 . htmlspecialchars($name) . '</option>');
163 }
164 echo('</select>');
165 } else {
166 echo('&nbsp;');
167 }
168 echo('</td>');
169 }
170 ?>
171 <th><?php echo htmlspecialchars($fields_list[$i]); ?></th>
172 <td><?php echo $fields_type[$i]; ?></td>
173 <td><?php echo $fields_collation[$i]; ?></td>
174 <td><select name="func[]">
175 <?php
176 // determine valid operators
177 if (strncasecmp($fields_type[$i], 'enum', 4) == 0) {
178 // enum operators
179 $operators = array(
180 '=',
181 '!=',
182 );
183 } elseif (preg_match('@char|blob|text|set@i', $fields_type[$i])) {
184 // text operators
185 $operators = array(
186 'LIKE',
187 'LIKE %...%',
188 'NOT LIKE',
189 '=',
190 '!=',
191 'REGEXP',
192 'REGEXP ^...$',
193 'NOT REGEXP',
194 "= ''",
195 "!= ''",
196 'IN (...)',
197 'NOT IN (...)',
198 'BETWEEN',
199 'NOT BETWEEN',
200 );
201 } else {
202 // numeric operators
203 $operators = array(
204 '=',
205 '>',
206 '>=',
207 '<',
208 '<=',
209 '!=',
210 'LIKE',
211 'NOT LIKE',
212 'IN (...)',
213 'NOT IN (...)',
214 'BETWEEN',
215 'NOT BETWEEN',
216 );
217 } // end if... else...
218
219 // if field can be NULL, add IS NULL and IS NOT NULL
220 if ($fields_null[$i]) {
221 $operators[] = 'IS NULL';
222 $operators[] = 'IS NOT NULL';
223 }
224 foreach ($operators as $op) {
225 echo "\n" . ' '
226 . '<option value="' . htmlspecialchars($op) . '">' . htmlspecialchars($op) . '</option>';
227 }
228 ?>
229
230 </select>
231 </td>
232 <td>
233 <?php
234 $field = $fields_list[$i];
235
236 $foreignData = PMA_getForeignData($foreigners, $field, false, '', '');
237
238 if ($foreigners && isset($foreigners[$field]) && is_array($foreignData['disp_row'])) {
239 // f o r e i g n k e y s
240 echo ' <select name="fields[' . $i . ']">' . "\n";
241 // go back to first row
242
243 // here, the 4th parameter is empty because there is no current
244 // value of data for the dropdown (the search page initial values
245 // are displayed empty)
246 echo PMA_foreignDropdown($foreignData['disp_row'],
247 $foreignData['foreign_field'],
248 $foreignData['foreign_display'],
249 '', $GLOBALS['cfg']['ForeignKeyMaxLimit']);
250 echo ' </select>' . "\n";
251 } elseif ($foreignData['foreign_link'] == true) {
252 ?>
253 <input type="text" name="fields[<?php echo $i; ?>]"
254 id="field_<?php echo md5($field); ?>[<?php echo $i; ?>]"
255 class="textfield" />
256 <script type="text/javascript">
257 // <![CDATA[
258 document.writeln('<a target="_blank" onclick="window.open(this.href, \'foreigners\', \'width=640,height=240,scrollbars=yes\'); return false" href="browse_foreigners.php?<?php echo PMA_generate_common_url($db, $table); ?>&amp;field=<?php echo urlencode($field); ?>&amp;fieldkey=<?php echo $i; ?>"><?php echo str_replace("'", "\'", $titles['Browse']); ?></a>');
259 // ]]>
260 </script>
261 <?php
262 } elseif (in_array($fields_type[$i], $geom_types)) {
263 // g e o m e t r y
264 echo ' <input type="text" name="fields[' . $i . ']"'
265 .' size="40" class="textfield" id="field_' . $i . '" />' . "\n";
266
267 $edit_url = 'gis_data_editor.php?' . PMA_generate_common_url();
268 $edit_str = PMA_getIcon('b_edit.png', __('Edit/Insert'), true);
269 echo('<span class="open_search_gis_editor">');
270 echo(PMA_linkOrButton($edit_url, $edit_str, array(), false, false, '_blank'));
271 echo('</span>');
272
273 echo('<span class="switch">');
274 echo(PMA_display_html_checkbox('switch[' . $i . ']', __("Switch"), false, ''));
275 echo('</span>');
276 } elseif (strncasecmp($fields_type[$i], 'enum', 4) == 0) {
277 // e n u m s
278 $enum_value=explode(', ', str_replace("'", '', substr($fields_type[$i], 5, -1)));
279 $cnt_enum_value = count($enum_value);
280 echo ' <select name="fields[' . $i . '][]"'
281 .' multiple="multiple" size="' . min(3, $cnt_enum_value) . '">' . "\n";
282 for ($j = 0; $j < $cnt_enum_value; $j++) {
283 echo ' <option value="' . $enum_value[$j] . '">'
284 . $enum_value[$j] . '</option>';
285 } // end for
286 echo ' </select>' . "\n";
287 } else {
288 // o t h e r c a s e s
289 $the_class = 'textfield';
290 $type = $fields_type[$i];
291 if ($type == 'date') {
292 $the_class .= ' datefield';
293 } elseif ($type == 'datetime' || substr($type, 0, 9) == 'timestamp') {
294 $the_class .= ' datetimefield';
295 }
296 echo ' <input type="text" name="fields[' . $i . ']"'
297 .' size="40" class="' . $the_class . '" id="field_' . $i . '" />' . "\n";
298 };
299 ?>
300 <input type="hidden" name="names[<?php echo $i; ?>]"
301 value="<?php echo htmlspecialchars($fields_list[$i]); ?>" />
302 <input type="hidden" name="types[<?php echo $i; ?>]"
303 value="<?php echo $fields_type[$i]; ?>" />
304 <input type="hidden" name="collations[<?php echo $i; ?>]"
305 value="<?php echo $fields_collation[$i]; ?>" />
306 </td>
307 </tr>
308 <?php
309 } // end for
310 ?>
311 </tbody>
312 </table>
313 <div id="gis_editor"></div><div id="popup_background"></div>
314 </fieldset>
315 <?php
316 PMA_generate_slider_effect('searchoptions', __('Options'));
317 ?>
318 <fieldset id="fieldset_select_fields">
319 <legend><?php echo __('Select columns (at least one):'); ?></legend>
320 <select name="param[]" size="<?php echo min($fields_cnt, 10); ?>"
321 multiple="multiple">
322 <?php
323 // Displays the list of the fields
324 foreach ($fields_list as $each_field) {
325 echo ' '
326 .'<option value="' . htmlspecialchars($each_field) . '"'
327 .' selected="selected">' . htmlspecialchars($each_field)
328 .'</option>' . "\n";
329 }
330 ?>
331 </select>
332 <input type="checkbox" name="distinct" value="DISTINCT" id="oDistinct" />
333 <label for="oDistinct">DISTINCT</label>
334 </fieldset>
335
336 <fieldset id="fieldset_search_conditions">
337 <legend><?php echo '<em>' . __('Or') . '</em> ' . __('Add search conditions (body of the "where" clause):'); ?></legend>
338 <?php echo PMA_showMySQLDocu('SQL-Syntax', 'Functions'); ?>
339
340 <input type="text" name="where" class="textfield" size="64" />
341 </fieldset>
342
343 <fieldset id="fieldset_limit_rows">
344 <legend><?php echo __('Number of rows per page'); ?></legend>
345 <input type="text" size="4" name="session_max_rows"
346 value="<?php echo $GLOBALS['cfg']['MaxRows']; ?>" class="textfield" />
347 </fieldset>
348
349 <fieldset id="fieldset_display_order">
350 <legend><?php echo __('Display order:'); ?></legend>
351 <select name="orderField">
352 <option value="--nil--"></option>
353 <?php
354 foreach ($fields_list as $each_field) {
355 echo ' '
356 .'<option value="' . htmlspecialchars($each_field) . '">'
357 .htmlspecialchars($each_field) . '</option>' . "\n";
358 } // end for
359 ?>
360 </select>
361 <?php
362 $choices = array(
363 'ASC' => __('Ascending'),
364 'DESC' => __('Descending')
365 );
366 PMA_display_html_radio('order', $choices, 'ASC', false, true, "formelement");
367 unset($choices);
368 ?>
369 </fieldset>
370 <br style="clear: both;"/>
371 </div>
372 </fieldset>
373 <fieldset class="tblFooters">
374 <input type="hidden" name="max_number_of_fields"
375 value="<?php echo $fields_cnt; ?>" />
376 <input type="submit" name="submit" value="<?php echo __('Go'); ?>" />
377 </fieldset>
378 </form>
379 <div id="sqlqueryresults"></div>
380 <?php
381 require './libraries/footer.inc.php';
382 }
383
384
385 /**
386 * Selection criteria have been submitted -> do the work
387 */
388 else {
389 // Builds the query
390
391 $sql_query = 'SELECT ' . (isset($distinct) ? 'DISTINCT ' : '');
392
393 // if all fields were selected to display, we do a SELECT *
394 // (more efficient and this helps prevent a problem in IE
395 // if one of the rows is edited and we come back to the Select results)
396
397 if (count($param) == $max_number_of_fields) {
398 $sql_query .= '* ';
399 } else {
400 $param = PMA_backquote($param);
401 $sql_query .= implode(', ', $param);
402 } // end if
403
404 // avoid a loop, for example when $cfg['DefaultTabTable'] is set
405 // to 'tbl_select.php'
406 unset($param);
407
408 $sql_query .= ' FROM ' . PMA_backquote($table);
409
410 // The where clause
411 if (trim($where) != '') {
412 $sql_query .= ' WHERE ' . $where;
413 } else {
414 $w = $charsets = array();
415 $unary_operators = array(
416 'IS NULL' => 1,
417 'IS NOT NULL' => 1,
418 "= ''" => 1,
419 "!= ''" => 1
420 );
421 $geom_unary_functions = array(
422 'IsEmpty' => 1,
423 'IsSimple' => 1,
424 'IsRing' => 1,
425 'IsClosed' => 1,
426 );
427 $cnt_func = count($func);
428 reset($func);
429 while (list($i, $func_type) = each($func)) {
430 // If geometry function is set apply it to the field name
431 if (isset($geom_func[$i]) && trim($geom_func[$i]) != '') {
432 // Get details about the geometry fucntions
433 $geom_funcs = PMA_getGISFunctions($types[$i], true, false);
434
435 // If the function takes a single parameter
436 if ($geom_funcs[$geom_func[$i]]['params'] == 1) {
437 $backquoted_name = $geom_func[$i] . '(' . PMA_backquote($names[$i]) . ')';
438 // If the function takes two parameters
439 } else {
440 // create gis data from the string
441 $gis_data = PMA_createGISData($fields[$i]);
442
443 // If two geometries should be switched
444 if (isset($switch[$i]) && $switch[$i]) {
445 $w[] = $geom_func[$i] . '(' . $gis_data . ', ' . PMA_backquote($names[$i]) . ')';
446 } else {
447 $w[] = $geom_func[$i] . '(' . PMA_backquote($names[$i]) . ',' . $gis_data . ')';
448 }
449 continue;
450 }
451
452 // New output type is the output type of the function being applied
453 $types[$i] = $geom_funcs[$geom_func[$i]]['type'];
454
455 // If the intended where clause is something like 'IsEmpty(`spatial_col_name`)'
456 if (isset($geom_unary_functions[$geom_func[$i]]) && trim($fields[$i]) == '') {
457 $w[] = $backquoted_name;
458 continue;
459 }
460 } else {
461 $backquoted_name = PMA_backquote($names[$i]);
462 }
463
464 list($charsets[$i]) = explode('_', $collations[$i]);
465 if (isset($unary_operators[$func_type])) {
466 $fields[$i] = '';
467 $w[] = $backquoted_name . ' ' . $func_type;
468
469 } elseif (in_array($types[$i], $geom_types)) {
470 // create gis data from the string
471 $gis_data = PMA_createGISData($fields[$i]);
472 $w[] = $backquoted_name . ' ' . $func_type . ' ' . $gis_data;
473
474 } elseif (strncasecmp($types[$i], 'enum', 4) == 0) {
475 if (!empty($fields[$i])) {
476 if (! is_array($fields[$i])) {
477 $fields[$i] = explode(',', $fields[$i]);
478 }
479 $enum_selected_count = count($fields[$i]);
480 if ($func_type == '=' && $enum_selected_count > 1) {
481 $func_type = $func[$i] = 'IN';
482 $parens_open = '(';
483 $parens_close = ')';
484
485 } elseif ($func_type == '!=' && $enum_selected_count > 1) {
486 $func_type = $func[$i] = 'NOT IN';
487 $parens_open = '(';
488 $parens_close = ')';
489
490 } else {
491 $parens_open = '';
492 $parens_close = '';
493 }
494 $enum_where = '\'' . PMA_sqlAddSlashes($fields[$i][0]) . '\'';
495 for ($e = 1; $e < $enum_selected_count; $e++) {
496 $enum_where .= ', \'' . PMA_sqlAddSlashes($fields[$i][$e]) . '\'';
497 }
498
499 $w[] = $backquoted_name . ' ' . $func_type . ' ' . $parens_open . $enum_where . $parens_close;
500 }
501
502 } elseif ($fields[$i] != '') {
503 // For these types we quote the value. Even if it's another type (like INT),
504 // for a LIKE we always quote the value. MySQL converts strings to numbers
505 // and numbers to strings as necessary during the comparison
506 if (preg_match('@char|binary|blob|text|set|date|time|year@i', $types[$i]) || strpos(' ' . $func_type, 'LIKE')) {
507 $quot = '\'';
508 } else {
509 $quot = '';
510 }
511
512 // LIKE %...%
513 if ($func_type == 'LIKE %...%') {
514 $func_type = 'LIKE';
515 $fields[$i] = '%' . $fields[$i] . '%';
516 }
517 if ($func_type == 'REGEXP ^...$') {
518 $func_type = 'REGEXP';
519 $fields[$i] = '^' . $fields[$i] . '$';
520 }
521
522 if ($func_type == 'IN (...)' || $func_type == 'NOT IN (...)' || $func_type == 'BETWEEN' || $func_type == 'NOT BETWEEN') {
523 $func_type = str_replace(' (...)', '', $func_type);
524
525 // quote values one by one
526 $values = explode(',', $fields[$i]);
527 foreach ($values as &$value) {
528 $value = $quot . PMA_sqlAddSlashes(trim($value)) . $quot;
529 }
530
531 if ($func_type == 'BETWEEN' || $func_type == 'NOT BETWEEN') {
532 $w[] = $backquoted_name . ' ' . $func_type . ' ' . (isset($values[0]) ? $values[0] : '') . ' AND ' . (isset($values[1]) ? $values[1] : '');
533 } else {
534 $w[] = $backquoted_name . ' ' . $func_type . ' (' . implode(',', $values) . ')';
535 }
536 }
537 else {
538 $w[] = $backquoted_name . ' ' . $func_type . ' ' . $quot . PMA_sqlAddSlashes($fields[$i]) . $quot;;
539 }
540
541 } // end if
542 } // end for
543
544 if ($w) {
545 $sql_query .= ' WHERE ' . implode(' AND ', $w);
546 }
547 } // end if
548
549 if ($orderField != '--nil--') {
550 $sql_query .= ' ORDER BY ' . PMA_backquote($orderField) . ' ' . $order;
551 } // end if
552
553 require './sql.php';
554 }
555
556 ?>
Drizzle / GSOC 2011