3 // vim: expandtab sw=4 ts=4 sts=4:
7 * Removes comment lines and splits up large sql files into individual queries
9 * Last revision: September 23, 2001 - gandon
11 * @param array the splitted sql commands
12 * @param string the sql commands
13 * @param integer the MySQL release number (because certains php3 versions
14 * can't get the value of a constant from within a function)
16 * @return boolean always true
20 function PMA_splitSqlFile(&$ret, $sql, $release)
23 $sql_len = strlen($sql);
29 for ($i = 0; $i < $sql_len; ++
$i) {
32 // We are in a string, check for not escaped end of strings except for
33 // backquotes that can't be escaped
36 $i = strpos($sql, $string_start, $i);
37 // No end of string found -> add the current substring to the
43 // Backquotes or no backslashes before quotes: it's indeed the
44 // end of the string -> exit the loop
45 else if ($string_start == '`' ||
$sql[$i-1] != '\\') {
50 // one or more Backslashes before the presumed end of string...
52 // ... first checks for escaped backslashes
54 $escaped_backslash = FALSE;
55 while ($i-$j > 0 && $sql[$i-$j] == '\\') {
56 $escaped_backslash = !$escaped_backslash;
59 // ... if escaped backslashes: it's really the end of the
60 // string -> exit the loop
61 if ($escaped_backslash) {
70 } // end if...elseif...else
72 } // end if (in string)
74 // We are not in a string, first check for delimiter...
75 else if ($char == ';') {
76 // if delimiter found, add the parsed part to the returned array
77 $ret[] = substr($sql, 0, $i);
78 $sql = ltrim(substr($sql, min($i +
1, $sql_len)));
79 $sql_len = strlen($sql);
83 // The submited statement(s) end(s) here
86 } // end else if (is delimiter)
88 // ... then check for start of a string,...
89 else if (($char == '"') ||
($char == '\'') ||
($char == '`')) {
91 $string_start = $char;
92 } // end else if (is start of string)
94 // ... for start of a comment (and remove this comment if found)...
96 ||
($char == ' ' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '--')) {
97 // starting position of the comment depends on the comment type
98 $start_of_comment = (($sql[$i] == '#') ?
$i : $i-2);
99 // if no "\n" exits in the remaining string, checks for "\r"
101 $end_of_comment = (strpos(' ' . $sql, "\012", $i+
2))
102 ?
strpos(' ' . $sql, "\012", $i+
2)
103 : strpos(' ' . $sql, "\015", $i+
2);
104 if (!$end_of_comment) {
105 // no eol found after '#', add the parsed part to the returned
106 // array if required and exit
107 if ($start_of_comment > 0) {
108 $ret[] = trim(substr($sql, 0, $start_of_comment));
112 $sql = substr($sql, 0, $start_of_comment)
113 . ltrim(substr($sql, $end_of_comment));
114 $sql_len = strlen($sql);
117 } // end else if (is comment)
119 // ... and finally disactivate the "/*!...*/" syntax if MySQL < 3.22.07
120 else if ($release < 32270
121 && ($char == '!' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '/*')) {
125 // loic1: send a fake header each 30 sec. to bypass browser timeout
127 if ($time1 >= $time0 +
30) {
129 header('X-pmaPing: Pong');
133 // add any rest to the returned array
134 if (!empty($sql) && ereg('[^[:space:]]+', $sql)) {
139 } // end of the 'PMA_splitSqlFile()' function
142 if (!function_exists('is_uploaded_file')) {
144 * Emulates the 'is_uploaded_file()' function for old php versions.
145 * Grabbed at the php manual:
146 * http://www.php.net/manual/en/features.file-upload.php
148 * @param string the name of the file to check
150 * @return boolean wether the file has been uploaded or not
154 function is_uploaded_file($filename) {
155 if (!$tmp_file = @get_cfg_var
('upload_tmp_dir')) {
156 $tmp_file = tempnam('','');
157 $deleted = @unlink
($tmp_file);
158 $tmp_file = dirname($tmp_file);
160 $tmp_file .= '/' . basename($filename);
162 // User might have trailing slash in php.ini...
163 return (ereg_replace('/+', '/', $tmp_file) == $filename);
164 } // end of the 'is_uploaded_file()' emulated function
168 * Reads (and decompresses) a (compressed) file into a string
170 * @param string the path to the file
171 * @param string the MIME type of the file
173 * @global array the phpMyAdmin configuration
175 * @return string the content of the file or
176 * boolean FALSE in case of an error.
178 function PMA_readFile($path, $mime = 'text/plain') {
183 $file = fopen($path, 'rb');
184 $content = fread($file, filesize($path));
187 case 'application/x-gzip':
188 if ($cfg['GZipDump'] && @function_exists
('gzopen')) {
189 $file = gzopen($path, 'rb');
191 while (!gzeof($file)) {
192 $content .= gzgetc($file);
199 case 'application/x-bzip':
200 if ($cfg['BZipDump'] && @function_exists
('bzdecompress')) {
201 $file = fopen($path, 'rb');
202 $content = fread($file, filesize($path));
204 $content = bzdecompress($content);
212 if (!file_exists($path)) {
220 * Gets some core libraries
222 require('./libraries/grab_globals.lib.php3');
223 require('./libraries/common.lib.php3');
227 * Increases the max. allowed time to run a script
229 @set_time_limit
($cfg['ExecTimeLimit']);
233 * Defines the url to return to in case of error in a sql statement
236 ||
($goto != 'db_details.php3' && $goto != 'tbl_properties.php3')) {
237 $goto = 'db_details.php3';
241 . '&convcharset=' . $convcharset
242 . '&server=' . $server
243 . '&db=' . urlencode($db)
244 . (($goto == 'tbl_properties.php3') ?
'&table=' . urlencode($table) : '');
248 * Set up default values for some variables
251 $sql_bookmark = isset($sql_bookmark) ?
$sql_bookmark : '';
252 $sql_query = isset($sql_query) ?
$sql_query : '';
253 if (!empty($sql_localfile) && $cfg['UploadDir'] != '') {
254 $sql_file = $cfg['UploadDir'] . $sql_localfile;
255 } else if (empty($sql_file)) {
261 * Bookmark Support: get a query back from bookmark if required
263 if (!empty($id_bookmark)) {
264 include('./libraries/bookmark.lib.php3');
265 switch ($action_bookmark) {
266 case 0: // bookmarked query that have to be run
267 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
269 case 1: // bookmarked query that have to be displayed
270 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
273 case 2: // bookmarked query that have to be deleted
274 $sql_query = PMA_deleteBookmarks($db, $cfg['Bookmark'], $id_bookmark);
281 * Prepares the sql query
283 // Gets the query from a file if required
284 if ($sql_file != 'none') {
285 // loic1 : fixed a security issue
286 // if ((file_exists($sql_file) && is_uploaded_file($sql_file))
287 // || file_exists($cfg['UploadDir'] . $sql_localfile)) {
288 if (file_exists($sql_file)
289 && ((isset($sql_localfile) && $sql_file == $cfg['UploadDir'] . $sql_localfile) ||
is_uploaded_file($sql_file))) {
291 if (PMA_PHP_INT_VERSION
>= 40000) {
292 $open_basedir = @ini_get
('open_basedir');
294 if (empty($open_basedir)) {
295 $open_basedir = @get_cfg_var
('open_basedir');
298 // If we are on a server with open_basedir, we must move the file
299 // before opening it. The doc explains how to create the "./tmp"
302 if (!empty($open_basedir)) {
304 $tmp_subdir = (PMA_IS_WINDOWS ?
'.\\tmp\\' : './tmp/');
306 // function is_writeable() is valid on PHP3 and 4
307 if (!is_writeable($tmp_subdir)) {
308 // if we cannot move the file, let PHP report the error
309 error_reporting(E_ALL
);
310 $sql_query = PMA_readFile($sql_file, $sql_file_compression);
313 $sql_file_new = $tmp_subdir . basename($sql_file);
314 if (PMA_PHP_INT_VERSION
< 40003) {
315 copy($sql_file, $sql_file_new);
317 move_uploaded_file($sql_file, $sql_file_new);
319 $sql_query = PMA_readFile($sql_file_new, $sql_file_compression);
320 unlink($sql_file_new);
324 // read from the normal upload dir
325 $sql_query = PMA_readFile($sql_file, $sql_file_compression);
328 if (get_magic_quotes_runtime() == 1) {
329 $sql_query = stripslashes($sql_query);
331 // Convert the file's charset if necessary
332 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding
333 && isset($charset_of_file) && $charset_of_file != $charset) {
334 $sql_query = PMA_convert_string($charset_of_file, $charset, $sql_query);
336 } // end uploaded file stuff
338 else if (empty($id_bookmark) && get_magic_quotes_gpc() == 1) {
339 $sql_query = stripslashes($sql_query);
342 // Kanji convert SQL textfile 2002/1/4 by Y.Kawada
343 if (@function_exists
('PMA_kanji_str_conv')) {
344 $sql_tmp = trim($sql_query);
345 PMA_change_enc_order();
346 $sql_query = PMA_kanji_str_conv($sql_tmp, $knjenc, isset($xkana) ?
$xkana : '');
347 PMA_change_enc_order();
349 $sql_query = trim($sql_query);
352 // $sql_query come from the query textarea, if it's a reposted query gets its
354 if (!empty($prev_sql_query)) {
355 $prev_sql_query = urldecode($prev_sql_query);
356 if ($sql_query == trim(htmlspecialchars($prev_sql_query))) {
357 $sql_query = $prev_sql_query;
361 // Drop database is not allowed -> ensure the query can be run
362 if (!$cfg['AllowUserDropDatabase']
363 && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
364 // Checks if the user is a Superuser
365 // TODO: set a global variable with this information
366 // loic1: optimized query
367 $result = @PMA_mysql_query
('USE mysql');
368 if (PMA_mysql_error()) {
369 include('./header.inc.php3');
370 PMA_mysqlDie($strNoDropDatabases, '', '', $err_url);
373 define('PMA_CHK_DROP', 1);
379 if ($sql_query != '') {
381 PMA_splitSqlFile($pieces, $sql_query, PMA_MYSQL_INT_VERSION
);
382 $pieces_count = count($pieces);
383 if ($pieces_count > 1) {
387 // Copy of the cleaned sql statement for display purpose only (see near the
388 // beginning of "db_details.php3" & "tbl_properties.php3")
389 if ($sql_file != 'none' && $pieces_count > 10) {
390 // Be nice with bandwidth...
391 $sql_query_cpy = $sql_query = '';
393 $sql_query_cpy = implode(";\n", $pieces) . ';';
394 // Be nice with bandwidth... for now, an arbitrary limit of 500,
395 // could be made configurable but probably not necessary
396 if (strlen($sql_query_cpy) > 500) {
397 $sql_query_cpy = $sql_query = '';
401 // really run the query?
402 if ($view_bookmark == 0) {
403 // Only one query to run
404 if ($pieces_count == 1 && !empty($pieces[0])) {
405 // sql.php3 will stripslash the query if get_magic_quotes_gpc
406 if (get_magic_quotes_gpc() == 1) {
407 $sql_query = addslashes($pieces[0]);
409 $sql_query = $pieces[0];
411 if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
414 include('./sql.php3');
418 // Runs multiple queries
419 else if (PMA_mysql_select_db($db)) {
421 for ($i = 0; $i < $pieces_count; $i++
) {
422 $a_sql_query = $pieces[$i];
423 $result = PMA_mysql_query($a_sql_query);
424 if ($result == FALSE) { // readdump failed
425 $my_die = $a_sql_query;
428 if (!isset($reload) && eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $a_sql_query)) {
433 } // end if (really run the query)
441 if (isset($my_die)) {
442 $js_to_run = 'functions.js';
443 include('./header.inc.php3');
444 PMA_mysqlDie('', $my_die, '', $err_url);
449 * Go back to the calling script
451 // Checks for a valid target script
452 if (isset($table) && $table == '') {
455 if (isset($db) && $db == '') {
458 $is_db = $is_table = FALSE;
459 if ($goto == 'tbl_properties.php3') {
460 if (!isset($table)) {
461 $goto = 'db_details.php3';
463 $is_table = @PMA_mysql_query
('SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, TRUE) . '\'');
464 if (!($is_table && @mysql_numrows
($is_table))) {
465 $goto = 'db_details.php3';
468 } // end if... else...
470 if ($goto == 'db_details.php3') {
477 $is_db = @PMA_mysql_select_db
($db);
482 } // end if... else...
484 // Defines the message to be displayed
485 if (!empty($id_bookmark) && $action_bookmark == 2) {
486 $message = $strBookmarkDeleted;
487 } else if (!isset($sql_query_cpy)) {
488 $message = $strNoQuery;
489 } else if ($sql_query_cpy == '') {
490 $message = "$strSuccess :<br />$strTheContent ($pieces_count $strInstructions) ";
492 $message = $strSuccess;
494 // Loads to target script
495 if ($goto == 'db_details.php3' ||
$goto == 'tbl_properties.php3') {
496 $js_to_run = 'functions.js';
498 if ($goto != 'main.php3') {
499 include('./header.inc.php3');
501 require('./' . $goto);