search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
clarification
[phpmyadmin/crack.git] / tbl_query_box.php3
bloba01874a2e4b41073756f1f18873ffe25cc0b9b98
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5
6 /**
7 * Defines the query to be displayed in the query textarea
8 */
9 if (isset($show_query) && $show_query == '1') {
10 // This script has been called by read_dump.php3
11 if (isset($sql_query_cpy)) {
12 $query_to_display = $sql_query_cpy;
13 }
14 // Other cases
15 else {
16 $query_to_display = $sql_query;
17 }
18 } else {
19 $query_to_display = '';
20 }
21 unset($sql_query);
22
23 /**
24 * Get the list and number of fields
25 */
26 $fields_cnt = 0;
27 if (isset($db) && isset($table) && $table != '' && $db != '') {
28 $local_query = 'SHOW FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db);
29 $result = @PMA_mysql_query($local_query);
30 if (!$result) {
31 PMA_mysqlDie('', $local_query, '', $err_url);
32 }
33 else {
34 $fields_cnt = mysql_num_rows($result);
35 while ($row = PMA_mysql_fetch_array($result)) {
36 $fields_list[] = $row['Field'];
37 } // end while
38 mysql_free_result($result);
39 }
40 }
41
42 /**
43 * Work on the table
44 */
45 // loic1: defines wether file upload is available or not
46 // ($is_upload now defined in common.lib.php3)
47
48 $auto_sel = ($cfg['TextareaAutoSelect']
49 // 2003-02-05 rabus: This causes big trouble with Opera 7 for
50 // Windows, so let's disable it there...
51 && !(PMA_USR_OS == 'Win' && PMA_USR_BROWSER_AGENT == 'OPERA' && PMA_USR_BROWSER_VER >= 7))
52 ? "\n" . ' onfocus="if (typeof(document.layers) == \'undefined\' || typeof(textarea_selected) == \'undefined\') {textarea_selected = 1; this.form.elements[\'sql_query\'].select();}"'
53 : '';
54
55 // garvin: If non-JS query window is embedded, display a list of databases to choose from.
56 // Apart from that, a non-js query window sucks badly.
57
58 if ($cfg['QueryFrame'] && (!$cfg['QueryFrameJS'] && !$db || ($cfg['QueryFrameJS'] && !$db))) {
59 /**
60 * Get the list and number of available databases.
61 */
62 if ($server > 0) {
63 PMA_availableDatabases(); // this function is defined in "common.lib.php3"
64 } else {
65 $num_dbs = 0;
66 }
67
68 if ($num_dbs > 0) {
69 $queryframe_db_list = '<select size=1 name="db">';
70 for ($i = 0; $i < $num_dbs; $i++) {
71 $t_db = $dblist[$i];
72 $queryframe_db_list .= '<option value="' . htmlspecialchars($t_db) . '">' . htmlspecialchars($t_db) . '</option>';
73 }
74 $queryframe_db_list .= '</select>';
75 }
76 } else {
77 $queryframe_db_list = '';
78 }
79
80 if ($cfg['QueryFrame'] && $cfg['QueryFrameJS']) {
81 ?>
82 <script type="text/javascript">
83 <!--
84 document.writeln('<form method="post" target="phpmain' + <?php echo ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) ? 'opener.' : ''); ?>top.frames.nav.document.hashform.hash.value + '" action="read_dump.php3"<?php if ($is_upload) echo ' enctype="multipart/form-data"'; ?>');
85
86 document.writeln('onsubmit="return checkSqlQuery(this)" name="sqlform">');
87 //-->
88 </script>
89 <noscript>
90 <form method="post" target="phpmain<?php echo md5($cfg['PmaAbsoluteUri']); ?>" action="read_dump.php3"<?php if ($is_upload) echo ' enctype="multipart/form-data"'; echo "\n"; ?>
91 onsubmit="return checkSqlQuery(this)" name="sqlform">
92 </noscript>
93 <?php
94 } else {
95 ?>
96 <form method="post" target="phpmain<?php echo md5($cfg['PmaAbsoluteUri']); ?>" action="read_dump.php3"<?php if ($is_upload) echo ' enctype="multipart/form-data"'; echo "\n"; ?>
97 onsubmit="return checkSqlQuery(this)" name="sqlform">
98 <?php
99 }
100 ?>
101 <input type="hidden" name="is_js_confirmed" value="0" />
102 <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
103 <input type="hidden" name="pos" value="0" />
104 <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
105 <input type="hidden" name="zero_rows" value="<?php echo $strSuccess; ?>" />
106 <input type="hidden" name="prev_sql_query" value="<?php echo ((!empty($query_to_display)) ? urlencode($query_to_display) : ''); ?>" />
107 <?php
108 if (!isset($is_inside_querywindow) ||
109 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'sql' || $querydisplay_tab == 'full'))) {
110 ?>
111 <!-- Query box and bookmark support -->
112 <a name="querybox"></a>
113 <table cellpadding="1" cellspacing="1">
114 <tr>
115 <td>
116 <?php echo sprintf($strRunSQLQuery, htmlspecialchars($db)) . $queryframe_db_list . (isset($is_inside_querywindow) ? '<br />' : ' ') . PMA_showMySQLDocu('Reference', 'SELECT'); ?>
117 <br />
118 <textarea name="sql_query" rows="<?php echo $cfg['TextareaRows']; ?>" cols="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? ceil($cfg['TextareaCols'] * 1.25) : $cfg['TextareaCols'] * 2); ?>" wrap="virtual" dir="<?php echo $text_dir; ?>"<?php echo $auto_sel; ?>>
119 <?php echo ((!empty($query_to_display)) ? htmlspecialchars($query_to_display) : 'SELECT * FROM ' . htmlspecialchars(PMA_backquote($table)) . ' WHERE 1'); ?></textarea>
120 </td>
121 <?php if (isset($table) && $fields_cnt > 0) { ?>
122 <td align="center" valign="top"><?php echo (isset($is_inside_querywindow) ? '<br />' : '') . $strFields; ?>:<br />
123 <select name="dummy" size="4" multiple>
124 <?php
125 echo "\n";
126 for ($i = 0 ; $i < $fields_cnt; $i++) {
127 echo ' '
128 . '<option value="' . PMA_backquote(htmlspecialchars($fields_list[$i])) . '">' . htmlspecialchars($fields_list[$i]) . '</option>' . "\n";
129 }
130 ?>
131 </select><br /><br />
132 <input type="button" name="insert" value="<?php echo($strInsert); ?>" onclick="insertValueQuery()" />
133 </td>
134 <?php
135 }
136 ?>
137 </tr>
138 </table>
139 <input type="checkbox" name="show_query" value="1" id="checkbox_show_query" checked="checked" />&nbsp;
140 <label for="checkbox_show_query"><?php echo $strShowThisQuery; ?></label><br />
141 </div>
142 <?php
143 } else {
144 ?>
145 <input type="hidden" name="sql_query" value="" />
146 <input type="hidden" name="show_query" value="1" />
147 <?php
148 }
149
150 // loic1: displays import dump feature only if file upload available
151 if ($is_upload && (!isset($is_inside_querywindow) ||
152 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full'))) && isset($db) && $db != '') {
153 echo ' ' . ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && $querydisplay_tab == 'full') || !isset($is_inside_querywindow) ? '<i>' . $strOr . '</i>' : '') . ' ' . $strLocationTextfile . '&nbsp;:<br />' . "\n";
154 ?>
155 <div style="margin-bottom: 5px">
156 <input type="file" name="sql_file" class="textfield" /><br />
157 <?php
158 $is_gzip = ($cfg['GZipDump'] && @function_exists('gzopen'));
159 $is_bzip = ($cfg['BZipDump'] && @function_exists('bzdecompress'));
160 if ($is_bzip || $is_gzip) {
161 echo ' ' . $strCompression . ':' . "\n"
162 . ' <input type="radio" id="radio_sql_file_compression_auto" name="sql_file_compression" value="" checked="checked" />' . "\n"
163 . ' <label for="radio_sql_file_compression_auto">' . $strAutodetect . '</label>&nbsp;&nbsp;&nbsp;' . "\n"
164 . ' <input type="radio" id="radio_sql_file_compression_plain" name="sql_file_compression" value="text/plain" />' . "\n"
165 . ' <label for="radio_sql_file_compression_plain">' . $strNone . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
166 if ($is_gzip) {
167 echo ' <input type="radio" id="radio_sql_file_compression_gzip" name="sql_file_compression" value="application/x-gzip" />' . "\n"
168 . ' <label for="radio_sql_file_compression_gzip">' . $strGzip . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
169 }
170 if ($is_bzip) {
171 echo ' <input type="radio" id="radio_sql_file_compression_bzip" name="sql_file_compression" value="application/x-bzip" />' . "\n"
172 . ' <label for="radio_sql_file_compression_bzip">' . $strBzip . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
173 }
174 } else {
175 echo ' <input type="hidden" name="sql_file_compression" value="text/plain" />' . "\n";
176 }
177 ?>
178 </div>
179 <?php
180 } // end if
181 echo "\n";
182
183 if (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && $querydisplay_tab == 'files' && (!isset($db) || $db == '')) {
184 ?>
185 <b><?php echo $strNoDatabasesSelected; ?></b>
186 <?php
187 }
188
189 // web-server upload directory
190 $is_upload_dir = false;
191 if ($cfg['UploadDir'] != '' && !isset($is_inside_querywindow) ||
192 ($cfg['UploadDir'] != '' && isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full')) && isset($db) && $db != '') {
193
194 if ($handle = @opendir($cfg['UploadDir'])) {
195 $is_first = 0;
196 while ($file = @readdir($handle)) {
197 if (is_file($cfg['UploadDir'] . $file) && substr($file, -4) == '.sql') {
198 if ($is_first == 0) {
199 $is_upload_dir = true;
200 echo "\n";
201 echo ' ' . ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && $querydisplay_tab == 'full') || !isset($is_inside_querywindow) ? '<i>' . $strOr . '</i>' : '') . ' ' . $strWebServerUploadDirectory . '&nbsp;:<br />' . "\n";
202 echo ' <div style="margin-bottom: 5px">' . "\n";
203 echo ' <select size="1" name="sql_localfile">' . "\n";
204 echo ' <option value="" selected="selected"></option>' . "\n";
205 } // end if (is_first)
206 echo ' <option value="' . htmlspecialchars($file) . '">' . htmlspecialchars($file) . '</option>' . "\n";
207 $is_first++;
208 } // end if (is_file)
209 } // end while
210 if ($is_first > 0) {
211 echo ' </select>' . "\n"
212 . ' </div>' . "\n\n";
213 } // end if (isfirst > 0)
214 @closedir($handle);
215 } else {
216 echo ' <div style="margin-bottom: 5px">' . "\n";
217 echo ' <font color="red">' . $strError . '</font><br />' . "\n";
218 echo ' ' . $strWebServerUploadDirectoryError . "\n";
219 echo ' </div>' . "\n";
220 }
221 } // end if (web-server upload directory)
222 echo "\n";
223
224 // Encoding setting form appended by Y.Kawada
225 if (function_exists('PMA_set_enc_form')) {
226 echo PMA_set_enc_form(' ');
227 }
228
229 // Charset conversion options
230 if (($is_upload || $is_upload_dir) &&
231 (!isset($is_inside_querywindow) ||
232 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full')))
233 && isset($db) && $db != ''){
234 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding) {
235 echo ' <div style="margin-bottom: 5px">' . "\n";
236 $temp_charset = reset($cfg['AvailableCharsets']);
237 echo $strCharsetOfFile . "\n"
238 . ' <select name="charset_of_file" size="1">' . "\n"
239 . ' <option value="' . $temp_charset . '"';
240 if ($temp_charset == $charset) {
241 echo ' selected="selected"';
242 }
243 echo '>' . $temp_charset . '</option>' . "\n";
244 while ($temp_charset = next($cfg['AvailableCharsets'])) {
245 echo ' <option value="' . $temp_charset . '"';
246 if ($temp_charset == $charset) {
247 echo ' selected="selected"';
248 }
249 echo '>' . $temp_charset . '</option>' . "\n";
250 }
251 echo ' </select><br />' . "\n" . ' ';
252 echo ' </div>' . "\n";
253 } // end if (recoding)
254 }
255
256 // Bookmark Support
257 $bookmark_go = FALSE;
258 if (!isset($is_inside_querywindow) ||
259 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'history' || $querydisplay_tab == 'full'))) {
260 if ($cfg['Bookmark']['db'] && $cfg['Bookmark']['table']) {
261 if (($bookmark_list = PMA_listBookmarks($db, $cfg['Bookmark'])) && count($bookmark_list) > 0) {
262 echo " " . ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && $querydisplay_tab == 'full') || !isset($is_inside_querywindow) ? "<i>$strOr</i>" : '') . " $strBookmarkQuery&nbsp;:<br />\n";
263
264 echo ' <div style="margin-bottom: 5px">' . "\n";
265 echo ' <select name="id_bookmark" style="vertical-align: middle">' . "\n";
266 echo ' <option value=""></option>' . "\n";
267 while (list($key, $value) = each($bookmark_list)) {
268 echo ' <option value="' . $value . '">' . htmlspecialchars($key) . '</option>' . "\n";
269 }
270 echo ' </select>' . "<br />\n";
271 echo ' ' . $strVar . ' (<a href="./Documentation.html#faqbookmark" target="documentation">' . $strDocu . '</a>): <input type="text" name="bookmark_variable" class="textfield" size="10" />' . "\n";
272 echo ' <input type="radio" name="action_bookmark" value="0" id="radio_bookmark0" checked="checked" style="vertical-align: middle" /><label for="radio_bookmark0">' . $strSubmit . '</label>' . "\n";
273 echo ' &nbsp;<input type="radio" name="action_bookmark" value="1" id="radio_bookmark1" style="vertical-align: middle" /><label for="radio_bookmark1">' . $strBookmarkView . '</label>' . "\n";
274 echo ' &nbsp;<input type="radio" name="action_bookmark" value="2" id="radio_bookmark2" style="vertical-align: middle" /><label for="radio_bookmark2">' . $strDelete . '</label>' . "\n";
275 echo ' <br />' . "\n";
276 echo ' </div>' . "\n";
277 $bookmark_go = TRUE;
278 }
279 }
280 }
281
282 if (!isset($is_inside_querywindow) || (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && (($querydisplay_tab == 'files' && isset($db) && $db != '') || $querydisplay_tab == 'sql' || $querydisplay_tab == 'full' || ($querydisplay_tab == 'history' && $bookmark_go)))) {
283 ?>
284 <input type="submit" name="SQL" value="<?php echo $strGo; ?>" />
285 <?php
286 }
287
288 if (!isset($is_inside_querywindow) ||
289 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full')) && isset($db) && $db != '') {
290
291 // loic1: displays import dump feature only if file upload available
292 $ldi_target = 'ldi_table.php3?' . $url_query;
293
294 if ($is_upload && isset($db) && isset($table)) {
295 ?>
296 <!-- Insert a text file -->
297 <br /><br />
298 <li>
299 <?php
300 if ($cfg['QueryFrame'] && $cfg['QueryFrameJS']) {
301 ?>
302
303 <script>
304 document.writeln('<div style="margin-bottom: 10px"><a href="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? '#' : $ldi_target); ?>" <?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? 'onclick="opener.top.frames.phpmain\' + opener.top.frames.nav.document.hashform.hash.value + \'.location.href = \'' . $ldi_target . '\'; return false;"' : ''); ?>><?php echo $strInsertTextfiles; ?></a></div>');
305 </script>
306
307 <?php
308 } else {
309 ?>
310
311 <div style="margin-bottom: 10px"><a href="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? '#' : $ldi_target); ?>" <?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? 'onclick="opener.top.frames.phpmain' . md5($cfg['PmaAbsoluteUri']) . '.location.href = \'' . $ldi_target . '\'; return false;"' : ''); ?>><?php echo $strInsertTextfiles; ?></a></div>
312
313 <?php
314 }
315 ?>
316 </li>
317 <?php
318 }
319 }
320 echo "\n";
321 ?>
322 </form>
Drizzle / GSOC 2011