📄 sql.php
字号:
<?php/* $Id: sql.php 9768 2006-11-29 11:04:16Z lem9 $ */// vim: expandtab sw=4 ts=4 sts=4:/** * @todo we must handle the case if sql.php is called directly with a query * what returns 0 rows - to prevent cyclic redirects or includes *//** * Gets some core libraries */require_once './libraries/common.lib.php';require_once './libraries/Table.class.php';require_once './libraries/tbl_indexes.lib.php';require_once './libraries/check_user_privileges.lib.php';require_once './libraries/bookmark.lib.php';/** * Could be coming from a subform ("T" column expander) */if (isset($_REQUEST['dontlimitchars'])) { $dontlimitchars = $_REQUEST['dontlimitchars'];}/** * Defines the url to return to in case of error in a sql statement */// Security checkingsif (!empty($goto)) { $is_gotofile = preg_replace('@^([^?]+).*$@s', '\\1', $goto); if (!@file_exists('./' . $is_gotofile)) { unset($goto); } else { $is_gotofile = ($is_gotofile == $goto); }} // end if (security checkings)if (empty($goto)) { $goto = (! isset($table) || ! strlen($table)) ? $cfg['DefaultTabDatabase'] : $cfg['DefaultTabTable']; $is_gotofile = true;} // end ifif (!isset($err_url)) { $err_url = (!empty($back) ? $back : $goto) . '?' . PMA_generate_common_url(isset($db) ? $db : '') . ((strpos(' ' . $goto, 'db_') != 1 && isset($table)) ? '&table=' . urlencode($table) : '');} // end if// Coming from a bookmark dialogif (isset($fields['query'])) { $sql_query = $fields['query'];}// This one is just to fill $dbif (isset($fields['dbase'])) { $db = $fields['dbase'];}// Default to browse if no query set an we have table// (needed for browsing from DefaultTabTable)if (! isset($sql_query) && isset($table) && isset($db)) { require_once './libraries/bookmark.lib.php'; $book_sql_query = PMA_queryBookmarks($db, $GLOBALS['cfg']['Bookmark'], '\'' . PMA_sqlAddslashes($table) . '\'', 'label'); if (! empty($book_sql_query)) { $sql_query = $book_sql_query; } else { $sql_query = 'SELECT * FROM ' . PMA_backquote($table); } unset($book_sql_query); // set $goto to what will be displayed if query returns 0 rows $goto = 'tbl_structure.php';} else { // Now we can check the parameters PMA_checkParameters(array('sql_query'));}// instead of doing the test twice$is_drop_database = preg_match('/DROP[[:space:]]+(DATABASE|SCHEMA)[[:space:]]+/i', $sql_query);/** * Check rights in case of DROP DATABASE * * This test may be bypassed if $is_js_confirmed = 1 (already checked with js) * but since a malicious user may pass this variable by url/form, we don't take * into account this case. */if (!defined('PMA_CHK_DROP') && !$cfg['AllowUserDropDatabase'] && $is_drop_database && !$is_superuser) { require_once './libraries/header.inc.php'; PMA_mysqlDie($strNoDropDatabases, '', '', $err_url);} // end if/** * Need to find the real end of rows? */if (isset($find_real_end) && $find_real_end) { $unlim_num_rows = PMA_Table::countRecords($db, $table, true, true); $pos = @((ceil($unlim_num_rows / $session_max_rows) - 1) * $session_max_rows);}/** * Avoids undefined variables */elseif (!isset($pos)) { $pos = 0;} else { /* We need this to be a integer */ $pos = (int)$pos;}/** * Bookmark add */if (isset($store_bkm)) { PMA_addBookmarks($fields, $cfg['Bookmark'], (isset($bkm_all_users) && $bkm_all_users == 'true' ? true : false)); PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto);} // end if/** * Gets the true sql query */// $sql_query has been urlencoded in the confirmation form for drop/delete// queries or in the navigation bar for browsing among recordsif (isset($btnDrop) || isset($navig)) { $sql_query = urldecode($sql_query);}/** * Parse and analyze the query */require_once('./libraries/parse_analyze.lib.php');/** * Sets or modifies the $goto variable if required */if ($goto == 'sql.php') { $is_gotofile = false; $goto = 'sql.php?' . PMA_generate_common_url($db, $table) . '&pos=' . $pos . '&sql_query=' . urlencode($sql_query);} // end if/** * Go back to further page if table should not be dropped */if (isset($btnDrop) && $btnDrop == $strNo) { if (!empty($back)) { $goto = $back; } if ($is_gotofile) { if (strpos(' ' . $goto, 'db_') == 1 && isset($table) && strlen($table)) { unset($table); } $active_page = $goto; require './' . PMA_securePath($goto); } else { PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . str_replace('&', '&', $goto)); } exit();} // end if/** * Displays the confirm page if required * * This part of the script is bypassed if $is_js_confirmed = 1 (already checked * with js) because possible security issue is not so important here: at most, * the confirm message isn't displayed. * * Also bypassed if only showing php code.or validating a SQL query */if (!$cfg['Confirm'] || (isset($is_js_confirmed) && $is_js_confirmed) || isset($btnDrop) // if we are coming from a "Create PHP code" or a "Without PHP Code" // dialog, we won't execute the query anyway, so don't confirm //|| !empty($GLOBALS['show_as_php']) || isset($GLOBALS['show_as_php']) || !empty($GLOBALS['validatequery'])) { $do_confirm = false;} else { $do_confirm = isset($analyzed_sql[0]['queryflags']['need_confirm']);}if ($do_confirm) { $stripped_sql_query = $sql_query; require_once './libraries/header.inc.php'; if ($is_drop_database) { echo '<h1 class="warning">' . $strDropDatabaseStrongWarning . '</h1>'; } echo '<form action="sql.php" method="post">' . "\n" .PMA_generate_common_hidden_inputs($db, (isset($table)?$table:'')); ?> <input type="hidden" name="sql_query" value="<?php echo urlencode($sql_query); ?>" /> <input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? PMA_sanitize($zero_rows) : ''; ?>" /> <input type="hidden" name="goto" value="<?php echo $goto; ?>" /> <input type="hidden" name="back" value="<?php echo isset($back) ? PMA_sanitize($back) : ''; ?>" /> <input type="hidden" name="reload" value="<?php echo isset($reload) ? PMA_sanitize($reload) : 0; ?>" /> <input type="hidden" name="purge" value="<?php echo isset($purge) ? PMA_sanitize($purge) : ''; ?>" /> <input type="hidden" name="cpurge" value="<?php echo isset($cpurge) ? PMA_sanitize($cpurge) : ''; ?>" /> <input type="hidden" name="purgekey" value="<?php echo isset($purgekey) ? PMA_sanitize($purgekey) : ''; ?>" /> <input type="hidden" name="show_query" value="<?php echo isset($show_query) ? PMA_sanitize($show_query) : ''; ?>" /> <?php echo '<fieldset class="confirmation">' . "\n" .' <legend>' . $strDoYouReally . '</legend>' .' <tt>' . htmlspecialchars($stripped_sql_query) . '</tt>' . "\n" .'</fieldset>' . "\n" .'<fieldset class="tblFooters">' . "\n"; ?> <input type="submit" name="btnDrop" value="<?php echo $strYes; ?>" id="buttonYes" /> <input type="submit" name="btnDrop" value="<?php echo $strNo; ?>" id="buttonNo" /> <?php echo '</fieldset>' . "\n" . '</form>' . "\n"; /** * Displays the footer and exit */ require_once './libraries/footer.inc.php';} // end if $do_confirm/** * Executes the query and displays results */if (!isset($sql_query)) { $sql_query = '';}// Defines some variables// A table has to be created or renamed -> left frame should be reloaded/** * @todo use the parser/analyzer */if (empty($reload) && preg_match('/^(CREATE|ALTER|DROP)\s+(VIEW|TABLE|DATABASE|SCHEMA)\s+/i', $sql_query)) { $reload = 1;}// Gets the number of rows per pageif (empty($session_max_rows)) { $session_max_rows = $cfg['MaxRows'];} elseif ($session_max_rows != 'all') { $cfg['MaxRows'] = $session_max_rows;}// Defines the display mode (horizontal/vertical) and header "frequency"if (empty($disp_direction)) { $disp_direction = $cfg['DefaultDisplay'];}if (empty($repeat_cells)) { $repeat_cells = $cfg['RepeatCells'];}// SK -- Patch: $is_group added for use in calculation of total number of// rows.// $is_count is changed for more correct "LIMIT" clause// appending in queries like// "SELECT COUNT(...) FROM ... GROUP BY ..."/** * @todo detect all this with the parser, to avoid problems finding * those strings in comments or backquoted identifiers⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -