search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
lang
[phpmyadmin/crack.git] / tbl_query_box.php3
blobd22bc372f59f5f1c454f44efbd4bbf9a2b08f4f8
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5
6 /**
7 * Defines the query to be displayed in the query textarea
8 */
9 if (isset($show_query) && $show_query == '1') {
10 // This script has been called by read_dump.php3
11 if (isset($sql_query_cpy)) {
12 $query_to_display = $sql_query_cpy;
13 }
14 // Other cases
15 else {
16 $query_to_display = $sql_query;
17 }
18 } else {
19 $query_to_display = '';
20 }
21 unset($sql_query);
22
23 /**
24 * Get the list and number of fields
25 */
26 $fields_cnt = 0;
27 if (isset($db) && isset($table) && $table != '' && $db != '') {
28 $local_query = 'SHOW FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db);
29 $result = @PMA_mysql_query($local_query);
30 if (!$result) {
31 PMA_mysqlDie('', $local_query, '', $err_url);
32 }
33 else {
34 $fields_cnt = mysql_num_rows($result);
35 while ($row = PMA_mysql_fetch_array($result)) {
36 $fields_list[] = $row['Field'];
37 } // end while
38 mysql_free_result($result);
39 }
40 }
41
42 /**
43 * Work on the table
44 */
45 // loic1: defines wether file upload is available or not
46 // ($is_upload now defined in common.lib.php3)
47
48 $auto_sel = ($cfg['TextareaAutoSelect']
49 // 2003-02-05 rabus: This causes big trouble with Opera 7 for
50 // Windows, so let's disable it there...
51 && !(PMA_USR_OS == 'Win' && PMA_USR_BROWSER_AGENT == 'OPERA' && PMA_USR_BROWSER_VER >= 7))
52 ? "\n" . ' onfocus="if (typeof(document.layers) == \'undefined\' || typeof(textarea_selected) == \'undefined\') {textarea_selected = 1; this.form.elements[\'sql_query\'].select();}"'
53 : '';
54
55 // garvin: If non-JS query window is embedded, display a list of databases to choose from.
56 // Apart from that, a non-js query window sucks badly.
57
58 if ($cfg['QueryFrame'] && (!$cfg['QueryFrameJS'] || ($cfg['QueryFrameJS'] && !$db))) {
59 /**
60 * Get the list and number of available databases.
61 */
62 if ($server > 0) {
63 PMA_availableDatabases(); // this function is defined in "common.lib.php3"
64 } else {
65 $num_dbs = 0;
66 }
67
68 if ($num_dbs > 0) {
69 $queryframe_db_list = '<select size=1 name="db">';
70 for ($i = 0; $i < $num_dbs; $i++) {
71 $t_db = $dblist[$i];
72 $queryframe_db_list .= '<option value="' . htmlspecialchars($t_db) . '">' . htmlspecialchars($t_db) . '</option>';
73 }
74 $queryframe_db_list .= '</select>';
75 }
76 } else {
77 $queryframe_db_list = '';
78 }
79
80 ?>
81 <form method="post" target="phpmain" action="read_dump.php3"<?php if ($is_upload) echo ' enctype="multipart/form-data"'; echo "\n"; ?>
82 onsubmit="return checkSqlQuery(this)" name="sqlform">
83 <input type="hidden" name="is_js_confirmed" value="0" />
84 <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
85 <input type="hidden" name="pos" value="0" />
86 <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
87 <input type="hidden" name="zero_rows" value="<?php echo $strSuccess; ?>" />
88 <input type="hidden" name="prev_sql_query" value="<?php echo ((!empty($query_to_display)) ? urlencode($query_to_display) : ''); ?>" />
89 <?php
90 if (!isset($is_inside_querywindow) ||
91 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'sql' || $querydisplay_tab == 'full'))) {
92 ?>
93 <!-- Query box and bookmark support -->
94 <a name="querybox"></a>
95 <table cellpadding="1" cellspacing="1">
96 <tr>
97 <td>
98 <?php echo sprintf($strRunSQLQuery, htmlspecialchars($db)) . $queryframe_db_list . (isset($is_inside_querywindow) ? '<br />' : ' ') . PMA_showMySQLDocu('Reference', 'SELECT'); ?>
99 <br />
100 <textarea name="sql_query" rows="<?php echo $cfg['TextareaRows']; ?>" cols="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? ceil($cfg['TextareaCols'] * 1.25) : $cfg['TextareaCols'] * 2); ?>" wrap="virtual" dir="<?php echo $text_dir; ?>"<?php echo $auto_sel; ?>>
101 <?php echo ((!empty($query_to_display)) ? htmlspecialchars($query_to_display) : 'SELECT * FROM ' . htmlspecialchars(PMA_backquote($table)) . ' WHERE 1'); ?></textarea>
102 </td>
103 <?php if (isset($table) && $fields_cnt > 0) { ?>
104 <td align="center" valign="top"><?php echo (isset($is_inside_querywindow) ? '<br />' : '') . $strFields; ?>:<br />
105 <select name="dummy" size="4" multiple>
106 <?php
107 echo "\n";
108 for ($i = 0 ; $i < $fields_cnt; $i++) {
109 echo ' '
110 . '<option value="' . PMA_backquote(htmlspecialchars($fields_list[$i])) . '">' . htmlspecialchars($fields_list[$i]) . '</option>' . "\n";
111 }
112 ?>
113 </select><br /><br />
114 <input type="button" name="insert" value="<?php echo($strInsert); ?>" onclick="insertValueQuery()" />
115 </td>
116 <?php
117 }
118 ?>
119 </tr>
120 </table>
121 <input type="checkbox" name="show_query" value="1" id="checkbox_show_query" checked="checked" />&nbsp;
122 <label for="checkbox_show_query"><?php echo $strShowThisQuery; ?></label><br />
123 </div>
124 <?php
125 } else {
126 ?>
127 <input type="hidden" name="sql_query" value="" />
128 <input type="hidden" name="show_query" value="1" />
129 <?php
130 }
131
132 // loic1: displays import dump feature only if file upload available
133 if ($is_upload && (!isset($is_inside_querywindow) ||
134 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full')))) {
135 echo ' ' . ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && $querydisplay_tab == 'full') || !isset($is_inside_querywindow) ? '<i>' . $strOr . '</i>' : '') . ' ' . $strLocationTextfile . '&nbsp;:<br />' . "\n";
136 ?>
137 <div style="margin-bottom: 5px">
138 <input type="file" name="sql_file" class="textfield" /><br />
139 <?php
140 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding) {
141 $temp_charset = reset($cfg['AvailableCharsets']);
142 echo $strCharsetOfFile . "\n"
143 . ' <select name="charset_of_file" size="1">' . "\n"
144 . ' <option value="' . $temp_charset . '"';
145 if ($temp_charset == $charset) {
146 echo ' selected="selected"';
147 }
148 echo '>' . $temp_charset . '</option>' . "\n";
149 while ($temp_charset = next($cfg['AvailableCharsets'])) {
150 echo ' <option value="' . $temp_charset . '"';
151 if ($temp_charset == $charset) {
152 echo ' selected="selected"';
153 }
154 echo '>' . $temp_charset . '</option>' . "\n";
155 } // end while
156 echo ' </select><br />' . "\n" . ' ';
157 } // end if
158 $is_gzip = ($cfg['GZipDump'] && @function_exists('gzopen'));
159 $is_bzip = ($cfg['BZipDump'] && @function_exists('bzdecompress'));
160 if ($is_bzip || $is_gzip) {
161 echo ' ' . $strCompression . ':' . "\n"
162 . ' <input type="radio" id="radio_sql_file_compression_auto" name="sql_file_compression" value="" checked="checked" />' . "\n"
163 . ' <label for="radio_sql_file_compression_auto">' . $strAutodetect . '</label>&nbsp;&nbsp;&nbsp;' . "\n"
164 . ' <input type="radio" id="radio_sql_file_compression_plain" name="sql_file_compression" value="text/plain" />' . "\n"
165 . ' <label for="radio_sql_file_compression_plain">' . $strNone . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
166 if ($is_gzip) {
167 echo ' <input type="radio" id="radio_sql_file_compression_gzip" name="sql_file_compression" value="application/x-gzip" />' . "\n"
168 . ' <label for="radio_sql_file_compression_gzip">' . $strGzip . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
169 }
170 if ($is_bzip) {
171 echo ' <input type="radio" id="radio_sql_file_compression_bzip" name="sql_file_compression" value="application/x-bzip" />' . "\n"
172 . ' <label for="radio_sql_file_compression_bzip">' . $strBzip . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
173 }
174 } else {
175 echo ' <input type="hidden" name="sql_file_compression" value="text/plain" />' . "\n";
176 }
177 ?>
178 </div>
179 <?php
180 } // end if
181 echo "\n";
182
183 // web-server upload directory
184 // (TODO: display the charset selection, even if is_upload == FALSE)
185 if ($cfg['UploadDir'] != '' && !isset($is_inside_querywindow) ||
186 ($cfg['UploadDir'] != '' && isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full'))) {
187
188 if ($handle = @opendir($cfg['UploadDir'])) {
189 $is_first = 0;
190 while ($file = @readdir($handle)) {
191 if (is_file($cfg['UploadDir'] . $file) && substr($file, -4) == '.sql') {
192 if ($is_first == 0) {
193 echo "\n";
194 echo ' ' . ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && $querydisplay_tab == 'full') || !isset($is_inside_querywindow) ? '<i>' . $strOr . '</i>' : '') . ' ' . $strWebServerUploadDirectory . '&nbsp;:<br />' . "\n";
195 echo ' <div style="margin-bottom: 5px">' . "\n";
196 echo ' <select size="1" name="sql_localfile">' . "\n";
197 echo ' <option value="" selected="selected"></option>' . "\n";
198 } // end if (is_first)
199 echo ' <option value="' . htmlspecialchars($file) . '">' . htmlspecialchars($file) . '</option>' . "\n";
200 $is_first++;
201 } // end if (is_file)
202 } // end while
203 if ($is_first > 0) {
204 echo ' </select>' . "\n"
205 . ' </div>' . "\n\n";
206 } // end if (isfirst > 0)
207 @closedir($handle);
208 } else {
209 echo ' <div style="margin-bottom: 5px">' . "\n";
210 echo ' <font color="red">' . $strError . '</font><br />' . "\n";
211 echo ' ' . $strWebServerUploadDirectoryError . "\n";
212 echo ' </div>' . "\n";
213 }
214 } // end if (web-server upload directory)
215 echo "\n";
216
217 // Encoding setting form appended by Y.Kawada
218 if (function_exists('PMA_set_enc_form')) {
219 echo PMA_set_enc_form(' ');
220 }
221
222 // Bookmark Support
223 $bookmark_go = FALSE;
224 if (!isset($is_inside_querywindow) ||
225 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'history' || $querydisplay_tab == 'full'))) {
226 if ($cfg['Bookmark']['db'] && $cfg['Bookmark']['table']) {
227 if (($bookmark_list = PMA_listBookmarks($db, $cfg['Bookmark'])) && count($bookmark_list) > 0) {
228 echo " " . ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && $querydisplay_tab == 'full') || !isset($is_inside_querywindow) ? "<i>$strOr</i>" : '') . " $strBookmarkQuery&nbsp;:<br />\n";
229
230 echo ' <div style="margin-bottom: 5px">' . "\n";
231 echo ' <select name="id_bookmark" style="vertical-align: middle">' . "\n";
232 echo ' <option value=""></option>' . "\n";
233 while (list($key, $value) = each($bookmark_list)) {
234 echo ' <option value="' . $value . '">' . htmlspecialchars($key) . '</option>' . "\n";
235 }
236 echo ' </select>' . "<br />\n";
237 echo ' ' . $strVar . ' (<a href="./Documentation.html#faqbookmark" target="documentation">' . $strDocu . '</a>): <input type="text" name="bookmark_variable" class="textfield" size="10" />' . "\n";
238 echo ' <input type="radio" name="action_bookmark" value="0" id="radio_bookmark0" checked="checked" style="vertical-align: middle" /><label for="radio_bookmark0">' . $strSubmit . '</label>' . "\n";
239 echo ' &nbsp;<input type="radio" name="action_bookmark" value="1" id="radio_bookmark1" style="vertical-align: middle" /><label for="radio_bookmark1">' . $strBookmarkView . '</label>' . "\n";
240 echo ' &nbsp;<input type="radio" name="action_bookmark" value="2" id="radio_bookmark2" style="vertical-align: middle" /><label for="radio_bookmark2">' . $strDelete . '</label>' . "\n";
241 echo ' <br />' . "\n";
242 echo ' </div>' . "\n";
243 $bookmark_go = TRUE;
244 }
245 }
246 }
247
248 if (!isset($is_inside_querywindow) || (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'sql' || $querydisplay_tab == 'full' || ($querydisplay_tab == 'history' && $bookmark_go)))) {
249 ?>
250 <input type="submit" name="SQL" value="<?php echo $strGo; ?>" />
251 <?php
252 }
253
254 if (!isset($is_inside_querywindow) ||
255 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full'))) {
256
257 // loic1: displays import dump feature only if file upload available
258 $ldi_target = 'ldi_table.php3?' . $url_query;
259
260 if ($is_upload && isset($db) && isset($table)) {
261 ?>
262 <!-- Insert a text file -->
263 <br /><br />
264 <li>
265 <div style="margin-bottom: 10px"><a href="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? '#' : $ldi_target); ?>" <?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? 'onclick="opener.top.frames.phpmain.location.href = \'' . $ldi_target . '\'; return false;"' : ''); ?>><?php echo $strInsertTextfiles; ?></a></div>
266 </li>
267 <?php
268 }
269 }
270 echo "\n";
271 ?>
272 </form>
Drizzle / GSOC 2011