search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Better wording.
[phpmyadmin/crack.git] / tbl_select.php
blob380c8ed13241c68053510742c56b5fcde9e2dc19
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 *
5 * @version $Id$
6 */
7
8 /**
9 * Gets some core libraries
10 */
11 require_once './libraries/common.inc.php';
12 require_once './libraries/relation.lib.php'; // foreign keys
13 require_once './libraries/mysql_charsets.lib.php';
14
15 if ($GLOBALS['cfg']['PropertiesIconic'] == true) {
16 $titles['Browse'] =
17 '<img class="icon" width="16" height="16" src="' . $pmaThemeImage
18 .'b_browse.png" alt="' . $strBrowseForeignValues . '" title="'
19 .$strBrowseForeignValues . '" />';
20
21 if ($GLOBALS['cfg']['PropertiesIconic'] === 'both') {
22 $titles['Browse'] .= $strBrowseForeignValues;
23 }
24 } else {
25 $titles['Browse'] = $strBrowseForeignValues;
26 }
27
28 /**
29 * Not selection yet required -> displays the selection form
30 */
31 if (!isset($param) || $param[0] == '') {
32 // Gets some core libraries
33 require_once './libraries/tbl_common.php';
34 //$err_url = 'tbl_select.php' . $err_url;
35 $url_query .= '&amp;goto=tbl_select.php&amp;back=tbl_select.php';
36
37 /**
38 * Gets tables informations
39 */
40 require_once './libraries/tbl_info.inc.php';
41
42 /**
43 * Displays top menu links
44 */
45 require_once './libraries/tbl_links.inc.php';
46
47 if (!isset($goto)) {
48 $goto = $GLOBALS['cfg']['DefaultTabTable'];
49 }
50 // Defines the url to return to in case of error in the next sql statement
51 $err_url = $goto . '?' . PMA_generate_common_url($db, $table);
52
53 // Gets the list and number of fields
54 $result = PMA_DBI_query('SHOW FULL FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db) . ';', null, PMA_DBI_QUERY_STORE);
55 $fields_cnt = PMA_DBI_num_rows($result);
56 // rabue: we'd better ensure, that all arrays are empty.
57 $fields_list = $fields_null = $fields_type = $fields_collation = array();
58 while ($row = PMA_DBI_fetch_assoc($result)) {
59 $fields_list[] = $row['Field'];
60 $type = $row['Type'];
61 // reformat mysql query output - staybyte - 9. June 2001
62 if (strncasecmp($type, 'set', 3) == 0
63 || strncasecmp($type, 'enum', 4) == 0) {
64 $type = str_replace(',', ', ', $type);
65 } else {
66
67 // strip the "BINARY" attribute, except if we find "BINARY(" because
68 // this would be a BINARY or VARBINARY field type
69 if (!preg_match('@BINARY[\(]@i', $type)) {
70 $type = preg_replace('@BINARY@i', '', $type);
71 }
72 $type = preg_replace('@ZEROFILL@i', '', $type);
73 $type = preg_replace('@UNSIGNED@i', '', $type);
74
75 $type = strtolower($type);
76 }
77 if (empty($type)) {
78 $type = '&nbsp;';
79 }
80 $fields_null[] = $row['Null'];
81 $fields_type[] = $type;
82 $fields_collation[] = !empty($row['Collation']) && $row['Collation'] != 'NULL'
83 ? $row['Collation']
84 : '';
85 } // end while
86 PMA_DBI_free_result($result);
87 unset($result, $type);
88
89 // <markus@noga.de>
90 // retrieve keys into foreign fields, if any
91 $cfgRelation = PMA_getRelationsParam();
92 // check also foreigners even if relwork is FALSE (to get
93 // foreign keys from innodb)
94 //$foreigners = ($cfgRelation['relwork'] ? PMA_getForeigners($db, $table) : FALSE);
95 $foreigners = PMA_getForeigners($db, $table);
96 ?>
97 <script type="text/javascript">
98 // <![CDATA[
99 function PMA_tbl_select_operator(f, index, multiple) {
100 switch (f.elements["func[" + index + "]"].options[f.elements["func[" + index + "]"].selectedIndex].value) {
101 <?php
102 reset($GLOBALS['cfg']['UnaryOperators']);
103 while (list($operator) = each($GLOBALS['cfg']['UnaryOperators'])) {
104 echo ' case "' . $operator . "\":\r\n";
105 }
106 ?>
107 bDisabled = true;
108 break;
109
110 default:
111 bDisabled = false;
112 }
113 f.elements["fields[" + index + "]" + ((multiple) ? "[]": "")].disabled = bDisabled;
114 }
115 // ]]>
116 </script>
117 <form method="post" action="tbl_select.php" name="insertForm">
118 <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
119 <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
120 <input type="hidden" name="back" value="tbl_select.php" />
121
122 <fieldset id="fieldset_table_search">
123
124 <fieldset id="fieldset_select_fields">
125 <legend><?php echo $strSelectFields; ?></legend>
126 <select name="param[]" size="<?php echo min($fields_cnt, 10); ?>"
127 multiple="multiple">
128 <?php
129 // Displays the list of the fields
130 foreach ($fields_list as $each_field) {
131 echo ' '
132 .'<option value="' . htmlspecialchars($each_field) . '"'
133 .' selected="selected">' . htmlspecialchars($each_field)
134 .'</option>' . "\n";
135 }
136 ?>
137 </select>
138 <input type="checkbox" name="distinct" value="DISTINCT" id="oDistinct" />
139 <label for="oDistinct">DISTINCT</label>
140 </fieldset>
141
142 <fieldset id="fieldset_limit_rows">
143 <legend><?php echo $strLimitNumRows; ?></legend>
144 <input type="text" size="4" name="session_max_rows"
145 value="<?php echo $GLOBALS['cfg']['MaxRows']; ?>" class="textfield" />
146 </fieldset>
147
148 <fieldset id="fieldset_display_order">
149 <legend><?php echo $strDisplayOrder; ?></legend>
150 <select name="orderField" style="vertical-align: middle">
151 <option value="--nil--"></option>
152 <?php
153 foreach ($fields_list as $each_field) {
154 echo ' '
155 .'<option value="' . htmlspecialchars($each_field) . '">'
156 .htmlspecialchars($each_field) . '</option>' . "\n";
157 } // end for
158 ?>
159 </select>
160
161 <div class="formelement">
162 <input type="radio" name="order" value="ASC" checked="checked" id="sortASC" />
163 <label for="sortASC"><?php echo $strAscending; ?></label>
164 </div>
165
166 <div class="formelement">
167 <input type="radio" name="order" value="DESC" id="sortDESC" />
168 <label for="sortDESC"><?php echo $strDescending; ?></label>
169 </div>
170 </fieldset>
171
172 <br class="clearfloat" />
173 <?php echo $strAddSearchConditions; ?>
174 <?php echo PMA_showMySQLDocu('SQL-Syntax', 'Functions'); ?>
175
176 <input type="text" name="where" class="textfield" size="64" />
177
178 </fieldset>
179 <fieldset class="tblFooters">
180 <input type="submit" name="submit" value="<?php echo $strGo; ?>" />
181 </fieldset>
182
183 <fieldset id="fieldset_table_qbe">
184 <legend><?php echo '<em>' . $strOr . '</em> ' . $strDoAQuery; ?></legend>
185 <table class="data">
186 <thead>
187 <tr><th><?php echo $strField; ?></th>
188 <th><?php echo $strType; ?></th>
189 <th><?php echo $strCollation; ?></th>
190 <th><?php echo $strOperator; ?></th>
191 <th><?php echo $strValue; ?></th>
192 </tr>
193 </thead>
194 <tbody>
195 <?php
196 $odd_row = true;
197 ?>
198 <script type="text/javascript" src="./js/tbl_change.js"></script>
199 <?php
200 for ($i = 0; $i < $fields_cnt; $i++) {
201 ?>
202 <tr class="<?php echo $odd_row ? 'odd' : 'even'; $odd_row = ! $odd_row; ?>">
203 <th><?php echo htmlspecialchars($fields_list[$i]); ?></th>
204 <td><?php echo $fields_type[$i]; ?></td>
205 <td><?php echo $fields_collation[$i]; ?></td>
206 <td><select name="func[]">
207 <?php
208 if (strncasecmp($fields_type[$i], 'enum', 4) == 0) {
209 foreach ($GLOBALS['cfg']['EnumOperators'] as $fc) {
210 echo "\n" . ' '
211 . '<option value="' . htmlspecialchars($fc) . '">'
212 . htmlspecialchars($fc) . '</option>';
213 }
214 } elseif (preg_match('@char|blob|text|set@i', $fields_type[$i])) {
215 foreach ($GLOBALS['cfg']['TextOperators'] as $fc) {
216 echo "\n" . ' '
217 . '<option value="' . htmlspecialchars($fc) . '">'
218 . htmlspecialchars($fc) . '</option>';
219 }
220 } else {
221 foreach ($GLOBALS['cfg']['NumOperators'] as $fc) {
222 echo "\n" . ' '
223 . '<option value="' . htmlspecialchars($fc) . '">'
224 . htmlspecialchars($fc) . '</option>';
225 }
226 } // end if... else...
227 if ($fields_null[$i]) {
228 foreach ($GLOBALS['cfg']['NullOperators'] as $fc) {
229 echo "\n" . ' '
230 . '<option value="' . htmlspecialchars($fc) . '">'
231 . htmlspecialchars($fc) . '</option>';
232 }
233 }
234 ?>
235
236 </select>
237 </td>
238 <td>
239 <?php
240 // <markus@noga.de>
241 $field = $fields_list[$i];
242
243 $foreignData = PMA_getForeignData($foreigners, $field, false, '', '');
244
245 if ($foreigners && isset($foreigners[$field]) && is_array($foreignData['disp_row'])) {
246 // f o r e i g n k e y s
247 echo ' <select name="fields[' . $i . ']">' . "\n";
248 // go back to first row
249
250 // here, the 4th parameter is empty because there is no current
251 // value of data for the dropdown (the search page initial values
252 // are displayed empty)
253 echo PMA_foreignDropdown($foreignData['disp_row'],
254 $foreignData['foreign_field'],
255 $foreignData['foreign_display'],
256 '', $GLOBALS['cfg']['ForeignKeyMaxLimit']);
257 echo ' </select>' . "\n";
258 } elseif ($foreignData['foreign_link'] == true) {
259 ?>
260 <input type="text" name="fields[<?php echo $i; ?>]"
261 id="field_<?php echo md5($field); ?>[<?php echo $i; ?>]"
262 class="textfield" />
263 <script type="text/javascript">
264 // <![CDATA[
265 document.writeln('<a target="_blank" onclick="window.open(this.href, \'foreigners\', \'width=640,height=240,scrollbars=yes\'); return false" href="browse_foreigners.php?<?php echo PMA_generate_common_url($db, $table); ?>&amp;field=<?php echo urlencode($field); ?>&amp;fieldkey=<?php echo $i; ?>"><?php echo str_replace("'", "\'", $titles['Browse']); ?></a>');
266 // ]]>
267 </script>
268 <?php
269 } elseif (strncasecmp($fields_type[$i], 'enum', 4) == 0) {
270 // e n u m s
271 $enum_value=explode(', ', str_replace("'", '', substr($fields_type[$i], 5, -1)));
272 $cnt_enum_value = count($enum_value);
273 echo ' <select name="fields[' . $i . '][]"'
274 .' multiple="multiple" size="' . min(3, $cnt_enum_value) . '">' . "\n";
275 for ($j = 0; $j < $cnt_enum_value; $j++) {
276 echo ' <option value="' . $enum_value[$j] . '">'
277 . $enum_value[$j] . '</option>';
278 } // end for
279 echo ' </select>' . "\n";
280 } else {
281 // o t h e r c a s e s
282 echo ' <input type="text" name="fields[' . $i . ']"'
283 .' size="40" class="textfield" id="field_' . $i . '" />' . "\n";
284 };
285 $type = $fields_type[$i];
286 if ($type == 'date' || $type == 'datetime' || substr($type, 0, 9) == 'timestamp') {
287 ?>
288 <script type="text/javascript">
289 //<![CDATA[
290 document.write('<a title="<?php echo $strCalendar;?>" href="javascript:openCalendar(\'<?php echo PMA_generate_common_url();?>\', \'insertForm\', \'field_<?php echo ($i); ?>\', \'<?php echo (substr($type, 0, 9) == 'timestamp') ? 'datetime' : substr($type, 0, 9); ?>\')"><img class="calendar" src="<?php echo $pmaThemeImage; ?>b_calendar.png" alt="<?php echo $strCalendar; ?>"/></a>');
291 //]]>
292 </script>
293 <?php
294 }
295 ?>
296 <input type="hidden" name="names[<?php echo $i; ?>]"
297 value="<?php echo htmlspecialchars($fields_list[$i]); ?>" />
298 <input type="hidden" name="types[<?php echo $i; ?>]"
299 value="<?php echo $fields_type[$i]; ?>" />
300 <input type="hidden" name="collations[<?php echo $i; ?>]"
301 value="<?php echo $fields_collation[$i]; ?>" />
302 </td>
303 </tr>
304 <?php
305 } // end for
306 ?>
307 </tbody>
308 </table>
309 </fieldset>
310 <fieldset class="tblFooters">
311 <input type="hidden" name="max_number_of_fields"
312 value="<?php echo $fields_cnt; ?>" />
313 <input type="submit" name="submit" value="<?php echo $strGo; ?>" />
314 </fieldset>
315 </form>
316 <?php
317 require_once './libraries/footer.inc.php';
318 }
319
320
321 /**
322 * Selection criteria have been submitted -> do the work
323 */
324 else {
325 // Builds the query
326
327 $sql_query = 'SELECT ' . (isset($distinct) ? 'DISTINCT ' : '');
328
329 // if all fields were selected to display, we do a SELECT *
330 // (more efficient and this helps prevent a problem in IE
331 // if one of the rows is edited and we come back to the Select results)
332
333 if (count($param) == $max_number_of_fields) {
334 $sql_query .= '* ';
335 } else {
336 $param = PMA_backquote($param);
337 $sql_query .= implode(', ', $param);
338 unset($param);
339 } // end if
340
341 $sql_query .= ' FROM ' . PMA_backquote($table);
342
343 // The where clause
344 if (trim($where) != '') {
345 $sql_query .= ' WHERE ' . $where;
346 } else {
347 $w = $charsets = array();
348 $cnt_func = count($func);
349 reset($func);
350 while (list($i, $func_type) = each($func)) {
351 list($charsets[$i]) = explode('_', $collations[$i]);
352 if (isset($GLOBALS['cfg']['UnaryOperators'][$func_type]) && $GLOBALS['cfg']['UnaryOperators'][$func_type] == 1) {
353 $fields[$i] = '';
354 $w[] = PMA_backquote(urldecode($names[$i])) . ' ' . $func_type;
355
356 } elseif (strncasecmp($types[$i], 'enum', 4) == 0) {
357 if (!empty($fields[$i])) {
358 if (!is_array($fields[$i])) {
359 $fields[$i] = explode(',', $fields[$i]);
360 }
361 $enum_selected_count = count($fields[$i]);
362 if ($func_type == '=' && $enum_selected_count > 1) {
363 $func_type = $func[$i] = 'IN';
364 $parens_open = '(';
365 $parens_close = ')';
366
367 } elseif ($func_type == '!=' && $enum_selected_count > 1) {
368 $func_type = $func[$i] = 'NOT IN';
369 $parens_open = '(';
370 $parens_close = ')';
371
372 } else {
373 $parens_open = '';
374 $parens_close = '';
375 }
376 $enum_where = '\'' . PMA_sqlAddslashes($fields[$i][0]) . '\'';
377 if ($charsets[$i] != $charset_connection) {
378 $enum_where = 'CONVERT(_utf8 ' . $enum_where . ' USING ' . $charsets[$i] . ') COLLATE ' . $collations[$i];
379 }
380 for ($e = 1; $e < $enum_selected_count; $e++) {
381 $enum_where .= ', ';
382 $tmp_literal = '\'' . PMA_sqlAddslashes($fields[$i][$e]) . '\'';
383 if ($charsets[$i] != $charset_connection) {
384 $tmp_literal = 'CONVERT(_utf8 ' . $tmp_literal . ' USING ' . $charsets[$i] . ') COLLATE ' . $collations[$i];
385 }
386 $enum_where .= $tmp_literal;
387 unset($tmp_literal);
388 }
389
390 $w[] = PMA_backquote(urldecode($names[$i])) . ' ' . $func_type . ' ' . $parens_open . $enum_where . $parens_close;
391 }
392
393 } elseif ($fields[$i] != '') {
394 // For these types we quote the value. Even if it's another type (like INT),
395 // for a LIKE we always quote the value. MySQL converts strings to numbers
396 // and numbers to strings as necessary during the comparison
397 if (preg_match('@char|binary|blob|text|set|date|time|year@i', $types[$i]) || strpos(' ' . $func_type, 'LIKE')) {
398 $quot = '\'';
399 } else {
400 $quot = '';
401 }
402
403 // Make query independant from the selected connection charset.
404 // But if the field's type is VARBINARY, it has no charset
405 // and $charsets[$i] is empty, so we cannot generate a CONVERT
406
407 if (!empty($charsets[$i]) && $charsets[$i] != $charset_connection && preg_match('@char|binary|blob|text|set@i', $types[$i])) {
408 $prefix = 'CONVERT(_utf8 ';
409 $suffix = ' USING ' . $charsets[$i] . ') COLLATE ' . $collations[$i];
410 } else {
411 $prefix = $suffix = '';
412 }
413
414 // LIKE %...%
415 if ($func_type == 'LIKE %...%') {
416 $func_type = 'LIKE';
417 $fields[$i] = '%' . $fields[$i] . '%';
418 }
419 $w[] = PMA_backquote(urldecode($names[$i])) . ' ' . $func_type . ' ' . $prefix . $quot . PMA_sqlAddslashes($fields[$i]) . $quot . $suffix;
420
421 } // end if
422 } // end for
423
424 if ($w) {
425 $sql_query .= ' WHERE ' . implode(' AND ', $w);
426 }
427 } // end if
428
429 if ($orderField != '--nil--') {
430 $sql_query .= ' ORDER BY ' . PMA_backquote(urldecode($orderField)) . ' ' . $order;
431 } // end if
432 include './sql.php';
433 }
434
435 ?>
Drizzle / GSOC 2011