📄 sql.php
字号:
<?php/* $Id: sql.php,v 2.83.2.7 2006/04/27 08:57:09 nijel Exp $ */// vim: expandtab sw=4 ts=4 sts=4:/** * Gets some core libraries */require_once './libraries/common.lib.php';require_once './libraries/tbl_indexes.lib.php';require_once './libraries/check_user_privileges.lib.php';require_once './libraries/bookmark.lib.php';/** * Could be coming from a subform ("T" column expander) */if (isset($_REQUEST['dontlimitchars'])) { $dontlimitchars = $_REQUEST['dontlimitchars'];}/** * Defines the url to return to in case of error in a sql statement */// Security checkingsif (!empty($goto)) { $is_gotofile = preg_replace('@^([^?]+).*$@s', '\\1', $goto); if (!@file_exists('./' . $is_gotofile)) { unset($goto); } else { $is_gotofile = ($is_gotofile == $goto); }} // end if (security checkings)if (empty($goto)) { $goto = (! isset($table) || ! strlen($table)) ? $cfg['DefaultTabDatabase'] : $cfg['DefaultTabTable']; $is_gotofile = true;} // end ifif (!isset($err_url)) { $err_url = (!empty($back) ? $back : $goto) . '?' . PMA_generate_common_url(isset($db) ? $db : '') . ((strpos(' ' . $goto, 'db_details') != 1 && isset($table)) ? '&table=' . urlencode($table) : '');} // end if// Coming from a bookmark dialogif (isset($fields['query'])) { $sql_query = $fields['query'];}// This one is just to fill $dbif (isset($fields['dbase'])) { $db = $fields['dbase'];}// Default to browse if no query set an we have table (needed for browsing from DefaultTabTable)if (!isset($sql_query) && isset($table) && isset($db)) { require_once './libraries/bookmark.lib.php'; $book_sql_query = PMA_queryBookmarks($db, $GLOBALS['cfg']['Bookmark'], '\'' . PMA_sqlAddslashes($table) . '\'', 'label'); if (!empty($book_sql_query)) { $sql_query = $book_sql_query; } else { $sql_query = 'SELECT * FROM ' . PMA_backquote($table); } unset($book_sql_query); // set $goto to what will be displayed if query returns 0 rows $goto = 'tbl_properties_structure.php';} else { // Now we can check the parameters PMA_checkParameters(array('sql_query'));}// instead of doing the test twice$is_drop_database = preg_match('/DROP[[:space:]]+(DATABASE|SCHEMA)[[:space:]]+/i', $sql_query);/** * Check rights in case of DROP DATABASE * * This test may be bypassed if $is_js_confirmed = 1 (already checked with js) * but since a malicious user may pass this variable by url/form, we don't take * into account this case. */if (!defined('PMA_CHK_DROP') && !$cfg['AllowUserDropDatabase'] && $is_drop_database && !$is_superuser) { require_once './libraries/header.inc.php'; PMA_mysqlDie($strNoDropDatabases, '', '', $err_url);} // end if/** * Need to find the real end of rows? */if (isset($find_real_end) && $find_real_end) { $unlim_num_rows = PMA_countRecords($db, $table, true, true); $pos = @((ceil($unlim_num_rows / $session_max_rows) - 1) * $session_max_rows);}/** * Avoids undefined variables */elseif (!isset($pos)) { $pos = 0;}/** * Bookmark add */if (isset($store_bkm)) { PMA_addBookmarks($fields, $cfg['Bookmark'], (isset($bkm_all_users) && $bkm_all_users == 'true' ? true : false)); PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto);} // end if/** * Gets the true sql query */// $sql_query has been urlencoded in the confirmation form for drop/delete// queries or in the navigation bar for browsing among recordsif (isset($btnDrop) || isset($navig)) { $sql_query = urldecode($sql_query);}/** * Reformat the query */$GLOBALS['unparsed_sql'] = $sql_query;$parsed_sql = PMA_SQP_parse($sql_query);$analyzed_sql = PMA_SQP_analyze($parsed_sql);// Bug #641765 - Robbat2 - 12 January 2003, 10:49PM// Reverted - Robbat2 - 13 January 2003, 2:40PM// lem9: for bug 780516: now that we use case insensitive preg_match// or flags from the analyser, do not put back the reformatted query// into $sql_query, to make this kind of query work without// capitalizing keywords://// CREATE TABLE SG_Persons (// id int(10) unsigned NOT NULL auto_increment,// first varchar(64) NOT NULL default '',// PRIMARY KEY (`id`)// )//// Note: now we probably do not need to fill and use $GLOBALS['unparsed_sql']// but I let this intact for now.////$sql_query = PMA_SQP_formatHtml($parsed_sql, 'query_only');// check for a real SELECT ... FROM$is_select = isset($analyzed_sql[0]['queryflags']['select_from']);// If the query is a Select, extract the db and table names and modify// $db and $table, to have correct page headers, links and left frame.// db and table name may be enclosed with backquotes, db is optionnal,// query may contain aliases.// (TODO: if there are more than one table name in the Select:// - do not extract the first table name// - do not show a table name in the page header// - do not display the sub-pages links)if ($is_select) { $prev_db = $db; if (isset($analyzed_sql[0]['table_ref'][0]['table_true_name'])) { $table = $analyzed_sql[0]['table_ref'][0]['table_true_name']; } if (isset($analyzed_sql[0]['table_ref'][0]['db']) && strlen($analyzed_sql[0]['table_ref'][0]['db'])) { $db = $analyzed_sql[0]['table_ref'][0]['db']; } else { $db = $prev_db; } // Nijel: don't change reload, if we already decided to reload in import if (empty($reload)) { $reload = ($db == $prev_db) ? 0 : 1; }}/** * Sets or modifies the $goto variable if required */if ($goto == 'sql.php') { $is_gotofile = false; $goto = 'sql.php?' . PMA_generate_common_url($db, $table) . '&pos=' . $pos . '&sql_query=' . urlencode($sql_query);} // end if/** * Go back to further page if table should not be dropped */if (isset($btnDrop) && $btnDrop == $strNo) { if (!empty($back)) { $goto = $back; } if ($is_gotofile) { if (strpos(' ' . $goto, 'db_details') == 1 && isset($table) && strlen($table)) { unset($table); } $active_page = $goto; require './' . PMA_securePath($goto); } else { PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . str_replace('&', '&', $goto)); } exit();} // end if/** * Displays the confirm page if required * * This part of the script is bypassed if $is_js_confirmed = 1 (already checked * with js) because possible security issue is not so important here: at most, * the confirm message isn't displayed. * * Also bypassed if only showing php code.or validating a SQL query */if (!$cfg['Confirm'] || (isset($is_js_confirmed) && $is_js_confirmed) || isset($btnDrop) // if we are coming from a "Create PHP code" or a "Without PHP Code" // dialog, we won't execute the query anyway, so don't confirm //|| !empty($GLOBALS['show_as_php']) || isset($GLOBALS['show_as_php']) || !empty($GLOBALS['validatequery'])) { $do_confirm = false;} else { $do_confirm = isset($analyzed_sql[0]['queryflags']['need_confirm']);}if ($do_confirm) { $stripped_sql_query = $sql_query; require_once './libraries/header.inc.php'; if ($is_drop_database) { echo '<h1 class="warning">' . $strDropDatabaseStrongWarning . '</h1>'; } echo '<form action="sql.php" method="post">' . "\n" .PMA_generate_common_hidden_inputs($db, (isset($table)?$table:'')); ?> <input type="hidden" name="sql_query" value="<?php echo urlencode($sql_query); ?>" /> <input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? PMA_sanitize($zero_rows) : ''; ?>" /> <input type="hidden" name="goto" value="<?php echo $goto; ?>" /> <input type="hidden" name="back" value="<?php echo isset($back) ? PMA_sanitize($back) : ''; ?>" /> <input type="hidden" name="reload" value="<?php echo isset($reload) ? PMA_sanitize($reload) : 0; ?>" /> <input type="hidden" name="purge" value="<?php echo isset($purge) ? PMA_sanitize($purge) : ''; ?>" /> <input type="hidden" name="cpurge" value="<?php echo isset($cpurge) ? PMA_sanitize($cpurge) : ''; ?>" /> <input type="hidden" name="purgekey" value="<?php echo isset($purgekey) ? PMA_sanitize($purgekey) : ''; ?>" /> <input type="hidden" name="show_query" value="<?php echo isset($show_query) ? PMA_sanitize($show_query) : ''; ?>" /> <?php echo '<fieldset class="confirmation">' . "\n" .' <legend>' . $strDoYouReally . '</legend>' .' <tt>' . htmlspecialchars($stripped_sql_query) . '</tt>' . "\n" .'</fieldset>' . "\n" .'<fieldset class="tblFooters">' . "\n"; ?> <input type="submit" name="btnDrop" value="<?php echo $strYes; ?>" id="buttonYes" /> <input type="submit" name="btnDrop" value="<?php echo $strNo; ?>" id="buttonNo" /> <?php echo '</fieldset>' . "\n" . '</form>' . "\n";} // end if $do_confirm/** * Executes the query and displays results */else { if (!isset($sql_query)) { $sql_query = ''; } // Defines some variables // A table has to be created or renamed -> left frame should be reloaded // TODO: use the parser/analyzer if (empty($reload) && preg_match('/^(CREATE|ALTER|DROP)\s+(VIEW|TABLE|DATABASE|SCHEMA)\s+/i', $sql_query)) { $reload = 1; } // Gets the number of rows per page if (empty($session_max_rows)) { $session_max_rows = $cfg['MaxRows']; } elseif ($session_max_rows != 'all') { $cfg['MaxRows'] = $session_max_rows; } // Defines the display mode (horizontal/vertical) and header "frequency" if (empty($disp_direction)) { $disp_direction = $cfg['DefaultDisplay']; } if (empty($repeat_cells)) { $repeat_cells = $cfg['RepeatCells']; } // SK -- Patch: $is_group added for use in calculation of total number of // rows. // $is_count is changed for more correct "LIMIT" clause // appending in queries like // "SELECT COUNT(...) FROM ... GROUP BY ..." // TODO: detect all this with the parser, to avoid problems finding // those strings in comments or backquoted identifiers $is_explain = $is_count = $is_export = $is_delete = $is_insert = $is_affected = $is_show = $is_maint = $is_analyse = $is_group = $is_func = $is_replace = false; if ($is_select) { // see line 141 $is_group = preg_match('@(GROUP[[:space:]]+BY|HAVING|SELECT[[:space:]]+DISTINCT)[[:space:]]+@i', $sql_query); $is_func = !$is_group && (preg_match('@[[:space:]]+(SUM|AVG|STD|STDDEV|MIN|MAX|BIT_OR|BIT_AND)\s*\(@i', $sql_query)); $is_count = !$is_group && (preg_match('@^SELECT[[:space:]]+COUNT\((.*\.+)?.*\)@i', $sql_query)); $is_export = (preg_match('@[[:space:]]+INTO[[:space:]]+OUTFILE[[:space:]]+@i', $sql_query)); $is_analyse = (preg_match('@[[:space:]]+PROCEDURE[[:space:]]+ANALYSE@i', $sql_query)); } elseif (preg_match('@^EXPLAIN[[:space:]]+@i', $sql_query)) { $is_explain = true;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -