search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
clarify
[phpmyadmin/crack.git] / tbl_query_box.php3
blobd864d528695860727c7dd1aedb7a622ad3f615a6
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5
6 /**
7 * Defines the query to be displayed in the query textarea
8 */
9 if (isset($show_query) && $show_query == '1') {
10 // This script has been called by read_dump.php3
11 if (isset($sql_query_cpy)) {
12 $query_to_display = $sql_query_cpy;
13 }
14 // Other cases
15 else {
16 $query_to_display = $sql_query;
17 }
18 } else {
19 $query_to_display = '';
20 }
21 unset($sql_query);
22
23 /**
24 * Get the list and number of fields
25 */
26 $fields_cnt = 0;
27 if (isset($db) && isset($table) && $table != '' && $db != '') {
28 $local_query = 'SHOW FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db);
29 $result = @PMA_mysql_query($local_query);
30 if (!$result) {
31 PMA_mysqlDie('', $local_query, '', $err_url);
32 }
33 else {
34 $fields_cnt = mysql_num_rows($result);
35 while ($row = PMA_mysql_fetch_array($result)) {
36 $fields_list[] = $row['Field'];
37 } // end while
38 mysql_free_result($result);
39 }
40 }
41
42 /**
43 * Work on the table
44 */
45 // loic1: defines wether file upload is available or not
46 // ($is_upload now defined in common.lib.php3)
47
48 if ($cfg['QueryFrame'] && $cfg['QueryFrameJS'] && isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'sql' || $querydisplay_tab == 'full')) {
49 $locking = 'onKeyPress="document.sqlform.elements[\'LockFromUpdate\'].checked = true;"';
50 } else {
51 $locking = '';
52 }
53
54 $auto_sel = ($cfg['TextareaAutoSelect']
55 // 2003-02-05 rabus: This causes big trouble with Opera 7 for
56 // Windows, so let's disable it there...
57 && !(PMA_USR_OS == 'Win' && PMA_USR_BROWSER_AGENT == 'OPERA' && PMA_USR_BROWSER_VER >= 7))
58 ? "\n" . ' onfocus="if (typeof(document.layers) == \'undefined\' || typeof(textarea_selected) == \'undefined\') {textarea_selected = 1; document.sqlform.elements[\'sql_query\'].select();}"'
59 : '';
60 $auto_sel .= ' ' . $locking;
61
62 // garvin: If non-JS query window is embedded, display a list of databases to choose from.
63 // Apart from that, a non-js query window sucks badly.
64
65 if ($cfg['QueryFrame'] && (!$cfg['QueryFrameJS'] && !$db || ($cfg['QueryFrameJS'] && !$db))) {
66 /**
67 * Get the list and number of available databases.
68 */
69 if ($server > 0) {
70 PMA_availableDatabases(); // this function is defined in "common.lib.php3"
71 } else {
72 $num_dbs = 0;
73 }
74
75 if ($num_dbs > 0) {
76 $queryframe_db_list = '<select size=1 name="db">';
77 for ($i = 0; $i < $num_dbs; $i++) {
78 $t_db = $dblist[$i];
79 $queryframe_db_list .= '<option value="' . htmlspecialchars($t_db) . '">' . htmlspecialchars($t_db) . '</option>';
80 }
81 $queryframe_db_list .= '</select>';
82 } else {
83 $queryframe_db_list = '';
84 }
85 } else {
86 $queryframe_db_list = '';
87 }
88
89 $form_items = 0;
90
91 if ($cfg['QueryFrame'] && $cfg['QueryFrameJS'] && isset($is_inside_querywindow) && $is_inside_querywindow) {
92 ?>
93 <script type="text/javascript">
94 <!--
95 document.writeln('<form method="post" target="phpmain' + <?php echo ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) ? 'opener.' : '');?>parent.frames.queryframe.document.hashform.hash.value + '" action="read_dump.php3"<?php if ($is_upload) echo ' enctype="multipart/form-data"'; ?> onsubmit="return checkSqlQuery(this)" name="sqlform">');
96 //-->
97 </script>
98 <noscript>
99 <form method="post" target="phpmain<?php echo md5($cfg['PmaAbsoluteUri']); ?>" action="read_dump.php3"<?php if ($is_upload) echo ' enctype="multipart/form-data"'; ?> name="sqlform">
100 </noscript>
101 <?php
102 } else {
103 ?>
104 <form method="post" action="read_dump.php3"<?php if ($is_upload) echo ' enctype="multipart/form-data"'; ?> onsubmit="return checkSqlQuery(this)" name="sqlform">
105 <?php
106 }
107 ?>
108 <input type="hidden" name="is_js_confirmed" value="0" />
109 <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
110 <input type="hidden" name="pos" value="0" />
111 <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
112 <input type="hidden" name="zero_rows" value="<?php echo $strSuccess; ?>" />
113 <input type="hidden" name="prev_sql_query" value="<?php echo ((!empty($query_to_display)) ? urlencode($query_to_display) : ''); ?>" />
114 <?php
115 if (!isset($is_inside_querywindow) ||
116 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'sql' || $querydisplay_tab == 'full'))) {
117 ?>
118 <!-- Query box and bookmark support -->
119 <?php
120 if (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) {
121 ?>
122 <input type="hidden" name="focus_querywindow" value="true" />
123 <?php
124 }
125 ?>
126 <a name="querybox"></a>
127 <table cellpadding="1" cellspacing="1">
128 <tr>
129 <td>
130 <?php echo sprintf($strRunSQLQuery, htmlspecialchars($db)) . $queryframe_db_list . (isset($is_inside_querywindow) ? '<br />' : ' ') . PMA_showMySQLDocu('Reference', 'SELECT'); ?>
131 <br />
132 <textarea name="sql_query" rows="<?php echo $cfg['TextareaRows']; ?>" cols="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? ceil($cfg['TextareaCols'] * 1.25) : $cfg['TextareaCols'] * 2); ?>" wrap="virtual" dir="<?php echo $text_dir; ?>"<?php echo $auto_sel; ?>>
133 <?php echo ((!empty($query_to_display)) ? htmlspecialchars($query_to_display) : 'SELECT * FROM ' . htmlspecialchars(PMA_backquote($table)) . ' WHERE 1'); ?></textarea>
134 </td>
135 <?php if (isset($table) && $fields_cnt > 0) { ?>
136 <td align="center" valign="top"><?php echo (isset($is_inside_querywindow) ? '<br />' : '') . $strFields; ?>:<br />
137 <select name="dummy" size="4" multiple>
138 <?php
139 echo "\n";
140 for ($i = 0 ; $i < $fields_cnt; $i++) {
141 echo ' '
142 . '<option value="' . PMA_backquote(htmlspecialchars($fields_list[$i])) . '">' . htmlspecialchars($fields_list[$i]) . '</option>' . "\n";
143 }
144 ?>
145 </select><br /><br />
146 <input type="button" name="insert" value="<?php echo($strInsert); ?>" onclick="insertValueQuery()" />
147 </td>
148 <?php
149 }
150 ?>
151 </tr>
152 </table>
153 <input type="checkbox" name="show_query" value="1" id="checkbox_show_query" checked="checked" />&nbsp;
154 <label for="checkbox_show_query"><?php echo $strShowThisQuery; ?></label><br />
155 <?php
156 if (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) {
157 ?>
158 <script type="text/javascript">
159 document.writeln('<input type="checkbox" name="LockFromUpdate" value="1" id="checkbox_lock" />&nbsp;');
160 document.writeln(' <label for="checkbox_lock"><?php echo $strQueryWindowLock; ?></label><br />');
161 </script>
162 <?php
163 }
164
165 $form_items++;
166 ?>
167 </div>
168 <?php
169 } else {
170 ?>
171 <input type="hidden" name="sql_query" value="" />
172 <input type="hidden" name="show_query" value="1" />
173 <?php
174 }
175
176 // loic1: displays import dump feature only if file upload available
177 if ($is_upload && (!isset($is_inside_querywindow) ||
178 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full')))) {
179 $form_items++;
180 echo ' ' . ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && $querydisplay_tab == 'full') || !isset($is_inside_querywindow) ? '<i>' . $strOr . '</i>' : '') . ' ' . $strLocationTextfile . '&nbsp;:<br />' . "\n";
181 ?>
182 <div style="margin-bottom: 5px">
183 <input type="file" name="sql_file" class="textfield" /><br />
184 <?php
185 if (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) {
186 ?>
187 <input type="hidden" name="focus_querywindow" value="true" />
188 <?php
189 }
190
191 $is_gzip = ($cfg['GZipDump'] && @function_exists('gzopen'));
192 $is_bzip = ($cfg['BZipDump'] && @function_exists('bzdecompress'));
193 if ($is_bzip || $is_gzip) {
194 echo ' ' . $strCompression . ':' . "\n"
195 . ' <input type="radio" id="radio_sql_file_compression_auto" name="sql_file_compression" value="" checked="checked" />' . "\n"
196 . ' <label for="radio_sql_file_compression_auto">' . $strAutodetect . '</label>&nbsp;&nbsp;&nbsp;' . "\n"
197 . ' <input type="radio" id="radio_sql_file_compression_plain" name="sql_file_compression" value="text/plain" />' . "\n"
198 . ' <label for="radio_sql_file_compression_plain">' . $strNone . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
199 if ($is_gzip) {
200 echo ' <input type="radio" id="radio_sql_file_compression_gzip" name="sql_file_compression" value="application/x-gzip" />' . "\n"
201 . ' <label for="radio_sql_file_compression_gzip">' . $strGzip . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
202 }
203 if ($is_bzip) {
204 echo ' <input type="radio" id="radio_sql_file_compression_bzip" name="sql_file_compression" value="application/x-bzip" />' . "\n"
205 . ' <label for="radio_sql_file_compression_bzip">' . $strBzip . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
206 }
207 } else {
208 echo ' <input type="hidden" name="sql_file_compression" value="text/plain" />' . "\n";
209 }
210 ?>
211 </div>
212 <?php
213 } // end if
214 echo "\n";
215
216 // web-server upload directory
217 $is_upload_dir = false;
218 if ($cfg['UploadDir'] != '' && !isset($is_inside_querywindow) ||
219 ($cfg['UploadDir'] != '' && isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full'))) {
220
221 if ($handle = @opendir($cfg['UploadDir'])) {
222 if (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) {
223 ?>
224 <input type="hidden" name="focus_querywindow" value="true" />
225 <?php
226 }
227
228 $is_first = 0;
229 while ($file = @readdir($handle)) {
230 if (is_file($cfg['UploadDir'] . $file) && substr($file, -4) == '.sql') {
231 if ($is_first == 0) {
232 $is_upload_dir = true;
233 echo "\n";
234 echo ' ' . ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && $querydisplay_tab == 'full') || !isset($is_inside_querywindow) ? '<i>' . $strOr . '</i>' : '') . ' ' . $strWebServerUploadDirectory . '&nbsp;:<br />' . "\n";
235 echo ' <div style="margin-bottom: 5px">' . "\n";
236 echo ' <select size="1" name="sql_localfile">' . "\n";
237 echo ' <option value="" selected="selected"></option>' . "\n";
238 $form_items++;
239 } // end if (is_first)
240 echo ' <option value="' . htmlspecialchars($file) . '">' . htmlspecialchars($file) . '</option>' . "\n";
241 $is_first++;
242 } // end if (is_file)
243 } // end while
244 if ($is_first > 0) {
245 echo ' </select>' . "\n"
246 . ' </div>' . "\n\n";
247 } // end if (isfirst > 0)
248 @closedir($handle);
249 } else {
250 echo ' <div style="margin-bottom: 5px">' . "\n";
251 echo ' <font color="red">' . $strError . '</font><br />' . "\n";
252 echo ' ' . $strWebServerUploadDirectoryError . "\n";
253 echo ' </div>' . "\n";
254 }
255 } // end if (web-server upload directory)
256 echo "\n";
257
258 // Encoding setting form appended by Y.Kawada
259 if (function_exists('PMA_set_enc_form')) {
260 echo PMA_set_enc_form(' ');
261 $form_items++;
262 }
263
264 // Charset conversion options
265 if (($is_upload || $is_upload_dir) &&
266 (!isset($is_inside_querywindow) ||
267 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full')))
268 && isset($db) && $db != ''){
269 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding) {
270 $form_items++;
271 echo ' <div style="margin-bottom: 5px">' . "\n";
272 $temp_charset = reset($cfg['AvailableCharsets']);
273 echo $strCharsetOfFile . "\n"
274 . ' <select name="charset_of_file" size="1">' . "\n"
275 . ' <option value="' . $temp_charset . '"';
276 if ($temp_charset == $charset) {
277 echo ' selected="selected"';
278 }
279 echo '>' . $temp_charset . '</option>' . "\n";
280 while ($temp_charset = next($cfg['AvailableCharsets'])) {
281 echo ' <option value="' . $temp_charset . '"';
282 if ($temp_charset == $charset) {
283 echo ' selected="selected"';
284 }
285 echo '>' . $temp_charset . '</option>' . "\n";
286 }
287 echo ' </select><br />' . "\n" . ' ';
288 echo ' </div>' . "\n";
289 } // end if (recoding)
290 }
291
292 // Bookmark Support
293 $bookmark_go = FALSE;
294 if (!isset($is_inside_querywindow) ||
295 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'history' || $querydisplay_tab == 'full'))) {
296 if ($cfg['Bookmark']['db'] && $cfg['Bookmark']['table']) {
297 if (($bookmark_list = PMA_listBookmarks($db, $cfg['Bookmark'])) && count($bookmark_list) > 0) {
298 $form_items++;
299 echo " " . ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && $querydisplay_tab == 'full') || !isset($is_inside_querywindow) ? "<i>$strOr</i>" : '') . " $strBookmarkQuery&nbsp;:<br />\n";
300
301 if (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) {
302 ?>
303 <input type="hidden" name="focus_querywindow" value="true" />
304 <?php
305 }
306
307 echo ' <div style="margin-bottom: 5px">' . "\n";
308 echo ' <select name="id_bookmark" style="vertical-align: middle">' . "\n";
309 echo ' <option value=""></option>' . "\n";
310 while (list($key, $value) = each($bookmark_list)) {
311 echo ' <option value="' . $value . '">' . htmlspecialchars($key) . '</option>' . "\n";
312 }
313 echo ' </select>' . "<br />\n";
314 echo ' ' . $strVar . ' (<a href="./Documentation.html#faqbookmark" target="documentation">' . $strDocu . '</a>): <input type="text" name="bookmark_variable" class="textfield" size="10" />' . "\n";
315 echo ' <input type="radio" name="action_bookmark" value="0" id="radio_bookmark0" checked="checked" style="vertical-align: middle" /><label for="radio_bookmark0">' . $strSubmit . '</label>' . "\n";
316 echo ' &nbsp;<input type="radio" name="action_bookmark" value="1" id="radio_bookmark1" style="vertical-align: middle" /><label for="radio_bookmark1">' . $strBookmarkView . '</label>' . "\n";
317 echo ' &nbsp;<input type="radio" name="action_bookmark" value="2" id="radio_bookmark2" style="vertical-align: middle" /><label for="radio_bookmark2">' . $strDelete . '</label>' . "\n";
318 echo ' <br />' . "\n";
319 echo ' </div>' . "\n";
320 $bookmark_go = TRUE;
321 }
322 }
323 }
324
325 if (!isset($is_inside_querywindow) || (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && (($querydisplay_tab == 'files') || $querydisplay_tab == 'sql' || $querydisplay_tab == 'full' || ($querydisplay_tab == 'history' && $bookmark_go)))) {
326 if ($form_items > 0) {
327 ?>
328 <input type="submit" name="SQL" value="<?php echo $strGo; ?>" />
329 <?php
330 } else {
331 // TODO: Add a more complete warning that no items (like for file import) where found.
332 // (After 2.5.2 release!)
333 echo $strWebServerUploadDirectoryError;
334 }
335 }
336 ?>
337 </form>
338 <?php
339 if (!isset($is_inside_querywindow) ||
340 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full')) && isset($db) && $db != '') {
341
342 // loic1: displays import dump feature only if file upload available
343 $ldi_target = 'ldi_table.php3?' . $url_query . (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? '&amp;focus_querywindow=true' : '');
344
345 if ($is_upload && isset($db) && isset($table)) {
346 ?>
347 <!-- Insert a text file -->
348 <br /><br />
349 <li>
350 <?php
351 if ($cfg['QueryFrame'] && $cfg['QueryFrameJS']) {
352 ?>
353
354 <script type="text/javascript">
355 document.writeln('<div style="margin-bottom: 10px"><a href="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? '#' : $ldi_target); ?>" <?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? 'onclick="opener.parent.frames.phpmain\' + opener.parent.frames.queryframe.document.hashform.hash.value + \'.location.href = \\\'' . $ldi_target . '\\\'; return false;"' : ''); ?>><?php echo addslashes($strInsertTextfiles); ?></a></div>');
356 </script>
357
358 <?php
359 } else {
360 ?>
361
362 <script type="text/javascript">
363 document.writeln('<div style="margin-bottom: 10px"><a href="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? '#' : $ldi_target); ?>" <?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? 'onclick="opener.parent.frames.phpmain' . md5($cfg['PmaAbsoluteUri']) . '.location.href = \\\'' . $ldi_target . '\\\'; return false;"' : ''); ?>><?php echo addslashes($strInsertTextfiles); ?></a></div>');
364 </script>
365
366 <?php
367 }
368 ?>
369
370 <noscript>
371 <div style="margin-bottom: 10px"><a href="<?php echo $ldi_target; ?>"><?php echo $strInsertTextfiles; ?></a></div>
372 </noscript>
373 </li>
374 <?php
375 }
376 }
377 echo "\n";
378 ?>
Drizzle / GSOC 2011