search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
There is no en-iso-8859-1 anymore, so do not attempt to use it.
[phpmyadmin/crack.git] / tbl_select.php
blobdfd0ae294bf624cbca5f18e9110a9ce2608fcc7d
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Handles table search tab
5 *
6 * display table search form, create SQL query from form data
7 * and include sql.php to execute it
8 *
9 * @todo display search form again if no results from previous search
10 * @version $Id$
11 */
12
13 /**
14 * Gets some core libraries
15 */
16 require_once './libraries/common.inc.php';
17 require_once './libraries/relation.lib.php'; // foreign keys
18 require_once './libraries/mysql_charsets.lib.php';
19
20 $GLOBALS['js_include'][] = 'mootools.js';
21 $GLOBALS['js_include'][] = 'mootools-domready.js';
22
23 if ($GLOBALS['cfg']['PropertiesIconic'] == true) {
24 $titles['Browse'] =
25 '<img class="icon" width="16" height="16" src="' . $pmaThemeImage
26 .'b_browse.png" alt="' . $strBrowseForeignValues . '" title="'
27 .$strBrowseForeignValues . '" />';
28
29 if ($GLOBALS['cfg']['PropertiesIconic'] === 'both') {
30 $titles['Browse'] .= $strBrowseForeignValues;
31 }
32 } else {
33 $titles['Browse'] = $strBrowseForeignValues;
34 }
35
36 /**
37 * Not selection yet required -> displays the selection form
38 */
39 if (!isset($param) || $param[0] == '') {
40 // Gets some core libraries
41 require_once './libraries/tbl_common.php';
42 //$err_url = 'tbl_select.php' . $err_url;
43 $url_query .= '&amp;goto=tbl_select.php&amp;back=tbl_select.php';
44
45 /**
46 * Gets tables informations
47 */
48 require_once './libraries/tbl_info.inc.php';
49
50 /**
51 * Displays top menu links
52 */
53 require_once './libraries/tbl_links.inc.php';
54
55 if (!isset($goto)) {
56 $goto = $GLOBALS['cfg']['DefaultTabTable'];
57 }
58 // Defines the url to return to in case of error in the next sql statement
59 $err_url = $goto . '?' . PMA_generate_common_url($db, $table);
60
61 // Gets the list and number of fields
62 $result = PMA_DBI_query('SHOW FULL FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db) . ';', null, PMA_DBI_QUERY_STORE);
63 $fields_cnt = PMA_DBI_num_rows($result);
64 // rabue: we'd better ensure, that all arrays are empty.
65 $fields_list = $fields_null = $fields_type = $fields_collation = array();
66 while ($row = PMA_DBI_fetch_assoc($result)) {
67 $fields_list[] = $row['Field'];
68 $type = $row['Type'];
69 // reformat mysql query output - staybyte - 9. June 2001
70 if (strncasecmp($type, 'set', 3) == 0
71 || strncasecmp($type, 'enum', 4) == 0) {
72 $type = str_replace(',', ', ', $type);
73 } else {
74
75 // strip the "BINARY" attribute, except if we find "BINARY(" because
76 // this would be a BINARY or VARBINARY field type
77 if (!preg_match('@BINARY[\(]@i', $type)) {
78 $type = preg_replace('@BINARY@i', '', $type);
79 }
80 $type = preg_replace('@ZEROFILL@i', '', $type);
81 $type = preg_replace('@UNSIGNED@i', '', $type);
82
83 $type = strtolower($type);
84 }
85 if (empty($type)) {
86 $type = '&nbsp;';
87 }
88 $fields_null[] = $row['Null'];
89 $fields_type[] = $type;
90 $fields_collation[] = !empty($row['Collation']) && $row['Collation'] != 'NULL'
91 ? $row['Collation']
92 : '';
93 } // end while
94 PMA_DBI_free_result($result);
95 unset($result, $type);
96
97 // <markus@noga.de>
98 // retrieve keys into foreign fields, if any
99 // check also foreigners even if relwork is FALSE (to get
100 // foreign keys from innodb)
101 $foreigners = PMA_getForeigners($db, $table);
102 ?>
103 <script type="text/javascript">
104 // <![CDATA[
105 function PMA_tbl_select_operator(f, index, multiple) {
106 switch (f.elements["func[" + index + "]"].options[f.elements["func[" + index + "]"].selectedIndex].value) {
107 <?php
108 reset($GLOBALS['cfg']['UnaryOperators']);
109 while (list($operator) = each($GLOBALS['cfg']['UnaryOperators'])) {
110 echo ' case "' . $operator . "\":\r\n";
111 }
112 ?>
113 bDisabled = true;
114 break;
115
116 default:
117 bDisabled = false;
118 }
119 f.elements["fields[" + index + "]" + ((multiple) ? "[]": "")].disabled = bDisabled;
120 }
121 // ]]>
122 </script>
123 <form method="post" action="tbl_select.php" name="insertForm">
124 <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
125 <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
126 <input type="hidden" name="back" value="tbl_select.php" />
127
128 <fieldset id="fieldset_table_search">
129
130 <fieldset id="fieldset_table_qbe">
131 <legend><?php echo $strDoAQuery; ?></legend>
132 <table class="data">
133 <thead>
134 <tr><th><?php echo $strField; ?></th>
135 <th><?php echo $strType; ?></th>
136 <th><?php echo $strCollation; ?></th>
137 <th><?php echo $strOperator; ?></th>
138 <th><?php echo $strValue; ?></th>
139 </tr>
140 </thead>
141 <tbody>
142 <?php
143 $odd_row = true;
144 ?>
145 <script type="text/javascript" src="./js/tbl_change.js"></script>
146 <?php
147 for ($i = 0; $i < $fields_cnt; $i++) {
148 ?>
149 <tr class="<?php echo $odd_row ? 'odd' : 'even'; $odd_row = ! $odd_row; ?>">
150 <th><?php echo htmlspecialchars($fields_list[$i]); ?></th>
151 <td><?php echo $fields_type[$i]; ?></td>
152 <td><?php echo $fields_collation[$i]; ?></td>
153 <td><select name="func[]">
154 <?php
155 if (strncasecmp($fields_type[$i], 'enum', 4) == 0) {
156 foreach ($GLOBALS['cfg']['EnumOperators'] as $fc) {
157 echo "\n" . ' '
158 . '<option value="' . htmlspecialchars($fc) . '">'
159 . htmlspecialchars($fc) . '</option>';
160 }
161 } elseif (preg_match('@char|blob|text|set@i', $fields_type[$i])) {
162 foreach ($GLOBALS['cfg']['TextOperators'] as $fc) {
163 echo "\n" . ' '
164 . '<option value="' . htmlspecialchars($fc) . '">'
165 . htmlspecialchars($fc) . '</option>';
166 }
167 } else {
168 foreach ($GLOBALS['cfg']['NumOperators'] as $fc) {
169 echo "\n" . ' '
170 . '<option value="' . htmlspecialchars($fc) . '">'
171 . htmlspecialchars($fc) . '</option>';
172 }
173 } // end if... else...
174 if ($fields_null[$i]) {
175 foreach ($GLOBALS['cfg']['NullOperators'] as $fc) {
176 echo "\n" . ' '
177 . '<option value="' . htmlspecialchars($fc) . '">'
178 . htmlspecialchars($fc) . '</option>';
179 }
180 }
181 ?>
182
183 </select>
184 </td>
185 <td>
186 <?php
187 // <markus@noga.de>
188 $field = $fields_list[$i];
189
190 $foreignData = PMA_getForeignData($foreigners, $field, false, '', '');
191
192 if ($foreigners && isset($foreigners[$field]) && is_array($foreignData['disp_row'])) {
193 // f o r e i g n k e y s
194 echo ' <select name="fields[' . $i . ']">' . "\n";
195 // go back to first row
196
197 // here, the 4th parameter is empty because there is no current
198 // value of data for the dropdown (the search page initial values
199 // are displayed empty)
200 echo PMA_foreignDropdown($foreignData['disp_row'],
201 $foreignData['foreign_field'],
202 $foreignData['foreign_display'],
203 '', $GLOBALS['cfg']['ForeignKeyMaxLimit']);
204 echo ' </select>' . "\n";
205 } elseif ($foreignData['foreign_link'] == true) {
206 ?>
207 <input type="text" name="fields[<?php echo $i; ?>]"
208 id="field_<?php echo md5($field); ?>[<?php echo $i; ?>]"
209 class="textfield" />
210 <script type="text/javascript">
211 // <![CDATA[
212 document.writeln('<a target="_blank" onclick="window.open(this.href, \'foreigners\', \'width=640,height=240,scrollbars=yes\'); return false" href="browse_foreigners.php?<?php echo PMA_generate_common_url($db, $table); ?>&amp;field=<?php echo urlencode($field); ?>&amp;fieldkey=<?php echo $i; ?>"><?php echo str_replace("'", "\'", $titles['Browse']); ?></a>');
213 // ]]>
214 </script>
215 <?php
216 } elseif (strncasecmp($fields_type[$i], 'enum', 4) == 0) {
217 // e n u m s
218 $enum_value=explode(', ', str_replace("'", '', substr($fields_type[$i], 5, -1)));
219 $cnt_enum_value = count($enum_value);
220 echo ' <select name="fields[' . $i . '][]"'
221 .' multiple="multiple" size="' . min(3, $cnt_enum_value) . '">' . "\n";
222 for ($j = 0; $j < $cnt_enum_value; $j++) {
223 echo ' <option value="' . $enum_value[$j] . '">'
224 . $enum_value[$j] . '</option>';
225 } // end for
226 echo ' </select>' . "\n";
227 } else {
228 // o t h e r c a s e s
229 echo ' <input type="text" name="fields[' . $i . ']"'
230 .' size="40" class="textfield" id="field_' . $i . '" />' . "\n";
231 };
232 $type = $fields_type[$i];
233 if ($type == 'date' || $type == 'datetime' || substr($type, 0, 9) == 'timestamp') {
234 ?>
235 <script type="text/javascript">
236 //<![CDATA[
237 document.write('<a title="<?php echo $strCalendar;?>" href="javascript:openCalendar(\'<?php echo PMA_generate_common_url();?>\', \'insertForm\', \'field_<?php echo ($i); ?>\', \'<?php echo (substr($type, 0, 9) == 'timestamp') ? 'datetime' : substr($type, 0, 9); ?>\')"><img class="calendar" src="<?php echo $pmaThemeImage; ?>b_calendar.png" alt="<?php echo $strCalendar; ?>"/></a>');
238 //]]>
239 </script>
240 <?php
241 }
242 ?>
243 <input type="hidden" name="names[<?php echo $i; ?>]"
244 value="<?php echo htmlspecialchars($fields_list[$i]); ?>" />
245 <input type="hidden" name="types[<?php echo $i; ?>]"
246 value="<?php echo $fields_type[$i]; ?>" />
247 <input type="hidden" name="collations[<?php echo $i; ?>]"
248 value="<?php echo $fields_collation[$i]; ?>" />
249 </td>
250 </tr>
251 <?php
252 } // end for
253 ?>
254 </tbody>
255 </table>
256 </fieldset>
257 <?php
258 PMA_generate_slider_effect('searchoptions', $strOptions);
259 ?>
260 <div id="searchoptions">
261
262 <fieldset id="fieldset_select_fields">
263 <legend><?php echo $strSelectFields; ?></legend>
264 <select name="param[]" size="<?php echo min($fields_cnt, 10); ?>"
265 multiple="multiple">
266 <?php
267 // Displays the list of the fields
268 foreach ($fields_list as $each_field) {
269 echo ' '
270 .'<option value="' . htmlspecialchars($each_field) . '"'
271 .' selected="selected">' . htmlspecialchars($each_field)
272 .'</option>' . "\n";
273 }
274 ?>
275 </select>
276 <input type="checkbox" name="distinct" value="DISTINCT" id="oDistinct" />
277 <label for="oDistinct">DISTINCT</label>
278 </fieldset>
279
280 <fieldset id="fieldset_search_conditions">
281 <legend><?php echo '<em>' . $strOr . '</em> ' .$strAddSearchConditions; ?></legend>
282 <?php echo PMA_showMySQLDocu('SQL-Syntax', 'Functions'); ?>
283
284 <input type="text" name="where" class="textfield" size="64" />
285 </fieldset>
286
287 <fieldset id="fieldset_limit_rows">
288 <legend><?php echo $strLimitNumRows; ?></legend>
289 <input type="text" size="4" name="session_max_rows"
290 value="<?php echo $GLOBALS['cfg']['MaxRows']; ?>" class="textfield" />
291 </fieldset>
292
293 <fieldset id="fieldset_display_order">
294 <legend><?php echo $strDisplayOrder; ?></legend>
295 <select name="orderField" style="vertical-align: middle">
296 <option value="--nil--"></option>
297 <?php
298 foreach ($fields_list as $each_field) {
299 echo ' '
300 .'<option value="' . htmlspecialchars($each_field) . '">'
301 .htmlspecialchars($each_field) . '</option>' . "\n";
302 } // end for
303 ?>
304 </select>
305 <?php
306 $choices = array(
307 'ASC' => $strAscending,
308 'DESC' => $strDescending
309 );
310 PMA_generate_html_radio('order', $choices, 'ASC', false, true, "formelement");
311 unset($choices);
312 ?>
313 </fieldset>
314 </div>
315 </fieldset>
316 <fieldset class="tblFooters">
317 <input type="hidden" name="max_number_of_fields"
318 value="<?php echo $fields_cnt; ?>" />
319 <input type="submit" name="submit" value="<?php echo $strGo; ?>" />
320 </fieldset>
321 </form>
322 <?php
323 require_once './libraries/footer.inc.php';
324 }
325
326
327 /**
328 * Selection criteria have been submitted -> do the work
329 */
330 else {
331 // Builds the query
332
333 $sql_query = 'SELECT ' . (isset($distinct) ? 'DISTINCT ' : '');
334
335 // if all fields were selected to display, we do a SELECT *
336 // (more efficient and this helps prevent a problem in IE
337 // if one of the rows is edited and we come back to the Select results)
338
339 if (count($param) == $max_number_of_fields) {
340 $sql_query .= '* ';
341 } else {
342 $param = PMA_backquote($param);
343 $sql_query .= implode(', ', $param);
344 unset($param);
345 } // end if
346
347 $sql_query .= ' FROM ' . PMA_backquote($table);
348
349 // The where clause
350 if (trim($where) != '') {
351 $sql_query .= ' WHERE ' . $where;
352 } else {
353 $w = $charsets = array();
354 $cnt_func = count($func);
355 reset($func);
356 while (list($i, $func_type) = each($func)) {
357 list($charsets[$i]) = explode('_', $collations[$i]);
358 if (isset($GLOBALS['cfg']['UnaryOperators'][$func_type]) && $GLOBALS['cfg']['UnaryOperators'][$func_type] == 1) {
359 $fields[$i] = '';
360 $w[] = PMA_backquote($names[$i]) . ' ' . $func_type;
361
362 } elseif (strncasecmp($types[$i], 'enum', 4) == 0) {
363 if (!empty($fields[$i])) {
364 if (!is_array($fields[$i])) {
365 $fields[$i] = explode(',', $fields[$i]);
366 }
367 $enum_selected_count = count($fields[$i]);
368 if ($func_type == '=' && $enum_selected_count > 1) {
369 $func_type = $func[$i] = 'IN';
370 $parens_open = '(';
371 $parens_close = ')';
372
373 } elseif ($func_type == '!=' && $enum_selected_count > 1) {
374 $func_type = $func[$i] = 'NOT IN';
375 $parens_open = '(';
376 $parens_close = ')';
377
378 } else {
379 $parens_open = '';
380 $parens_close = '';
381 }
382 $enum_where = '\'' . PMA_sqlAddslashes($fields[$i][0]) . '\'';
383 for ($e = 1; $e < $enum_selected_count; $e++) {
384 $enum_where .= ', \'' . PMA_sqlAddslashes($fields[$i][$e]) . '\'';
385 }
386
387 $w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' ' . $parens_open . $enum_where . $parens_close;
388 }
389
390 } elseif ($fields[$i] != '') {
391 // For these types we quote the value. Even if it's another type (like INT),
392 // for a LIKE we always quote the value. MySQL converts strings to numbers
393 // and numbers to strings as necessary during the comparison
394 if (preg_match('@char|binary|blob|text|set|date|time|year@i', $types[$i]) || strpos(' ' . $func_type, 'LIKE')) {
395 $quot = '\'';
396 } else {
397 $quot = '';
398 }
399
400 // LIKE %...%
401 if ($func_type == 'LIKE %...%') {
402 $func_type = 'LIKE';
403 $fields[$i] = '%' . $fields[$i] . '%';
404 }
405 $w[] = PMA_backquote($names[$i]) . ' ' . $func_type . ' ' . $quot . PMA_sqlAddslashes($fields[$i]) . $quot;
406
407 } // end if
408 } // end for
409
410 if ($w) {
411 $sql_query .= ' WHERE ' . implode(' AND ', $w);
412 }
413 } // end if
414
415 if ($orderField != '--nil--') {
416 $sql_query .= ' ORDER BY ' . PMA_backquote($orderField) . ' ' . $order;
417 } // end if
418
419 require './sql.php';
420 }
421
422 ?>
Drizzle / GSOC 2011