📄 sql.php
字号:
<?php/* vim: set expandtab sw=4 ts=4 sts=4: *//** * @todo we must handle the case if sql.php is called directly with a query * what returns 0 rows - to prevent cyclic redirects or includes * @version $Id: sql.php 12163 2009-01-01 21:39:21Z lem9 $ *//** * Gets some core libraries */require_once './libraries/common.inc.php';require_once './libraries/Table.class.php';require_once './libraries/check_user_privileges.lib.php';require_once './libraries/bookmark.lib.php';$GLOBALS['js_include'][] = 'mootools.js';/** * Defines the url to return to in case of error in a sql statement */// Security checkingsif (! empty($goto)) { $is_gotofile = preg_replace('@^([^?]+).*$@s', '\\1', $goto); if (! @file_exists('./' . $is_gotofile)) { unset($goto); } else { $is_gotofile = ($is_gotofile == $goto); }} else { $goto = (! strlen($table)) ? $cfg['DefaultTabDatabase'] : $cfg['DefaultTabTable']; $is_gotofile = true;} // end ifif (!isset($err_url)) { $err_url = (!empty($back) ? $back : $goto) . '?' . PMA_generate_common_url($db) . ((strpos(' ' . $goto, 'db_') != 1 && strlen($table)) ? '&table=' . urlencode($table) : '');} // end if// Coming from a bookmark dialogif (isset($fields['query'])) { $sql_query = $fields['query'];}// This one is just to fill $dbif (isset($fields['dbase'])) { $db = $fields['dbase'];}// Default to browse if no query set and we have table// (needed for browsing from DefaultTabTable)if (empty($sql_query) && strlen($table) && strlen($db)) { require_once './libraries/bookmark.lib.php'; $book_sql_query = PMA_Bookmark_get($db, '\'' . PMA_sqlAddslashes($table) . '\'', 'label'); if (! empty($book_sql_query)) { $sql_query = $book_sql_query; } else { $sql_query = 'SELECT * FROM ' . PMA_backquote($table); } unset($book_sql_query); // set $goto to what will be displayed if query returns 0 rows $goto = 'tbl_structure.php';} else { // Now we can check the parameters PMA_checkParameters(array('sql_query'));}// instead of doing the test twice$is_drop_database = preg_match('/DROP[[:space:]]+(DATABASE|SCHEMA)[[:space:]]+/i', $sql_query);/** * Check rights in case of DROP DATABASE * * This test may be bypassed if $is_js_confirmed = 1 (already checked with js) * but since a malicious user may pass this variable by url/form, we don't take * into account this case. */if (!defined('PMA_CHK_DROP') && !$cfg['AllowUserDropDatabase'] && $is_drop_database && !$is_superuser) { require_once './libraries/header.inc.php'; PMA_mysqlDie($strNoDropDatabases, '', '', $err_url);} // end ifrequire_once './libraries/display_tbl.lib.php';PMA_displayTable_checkConfigParams();/** * Need to find the real end of rows? */if (isset($find_real_end) && $find_real_end) { $unlim_num_rows = PMA_Table::countRecords($db, $table, true, true); $_SESSION['userconf']['pos'] = @((ceil($unlim_num_rows / $_SESSION['userconf']['max_rows']) - 1) * $_SESSION['userconf']['max_rows']);}/** * Bookmark add */if (isset($store_bkm)) { PMA_Bookmark_save($fields, (isset($bkm_all_users) && $bkm_all_users == 'true' ? true : false)); PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto);} // end if/** * Parse and analyze the query */require_once './libraries/parse_analyze.lib.php';/** * Sets or modifies the $goto variable if required */if ($goto == 'sql.php') { $is_gotofile = false; $goto = 'sql.php?' . PMA_generate_common_url($db, $table) . '&sql_query=' . urlencode($sql_query);} // end if/** * Go back to further page if table should not be dropped */if (isset($btnDrop) && $btnDrop == $strNo) { if (!empty($back)) { $goto = $back; } if ($is_gotofile) { if (strpos($goto, 'db_') === 0 && strlen($table)) { $table = ''; } $active_page = $goto; require './' . PMA_securePath($goto); } else { PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . str_replace('&', '&', $goto)); } exit();} // end if/** * Displays the confirm page if required * * This part of the script is bypassed if $is_js_confirmed = 1 (already checked * with js) because possible security issue is not so important here: at most, * the confirm message isn't displayed. * * Also bypassed if only showing php code.or validating a SQL query */if (! $cfg['Confirm'] || isset($_REQUEST['is_js_confirmed']) || isset($btnDrop) // if we are coming from a "Create PHP code" or a "Without PHP Code" // dialog, we won't execute the query anyway, so don't confirm || isset($GLOBALS['show_as_php']) || !empty($GLOBALS['validatequery'])) { $do_confirm = false;} else { $do_confirm = isset($analyzed_sql[0]['queryflags']['need_confirm']);}if ($do_confirm) { $stripped_sql_query = $sql_query; require_once './libraries/header.inc.php'; if ($is_drop_database) { echo '<h1 class="warning">' . $strDropDatabaseStrongWarning . '</h1>'; } echo '<form action="sql.php" method="post">' . "\n" .PMA_generate_common_hidden_inputs($db, $table); ?> <input type="hidden" name="sql_query" value="<?php echo htmlspecialchars($sql_query); ?>" /> <input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? PMA_sanitize($zero_rows) : ''; ?>" /> <input type="hidden" name="goto" value="<?php echo $goto; ?>" /> <input type="hidden" name="back" value="<?php echo isset($back) ? PMA_sanitize($back) : ''; ?>" /> <input type="hidden" name="reload" value="<?php echo isset($reload) ? PMA_sanitize($reload) : 0; ?>" /> <input type="hidden" name="purge" value="<?php echo isset($purge) ? PMA_sanitize($purge) : ''; ?>" /> <input type="hidden" name="cpurge" value="<?php echo isset($cpurge) ? PMA_sanitize($cpurge) : ''; ?>" /> <input type="hidden" name="purgekey" value="<?php echo isset($purgekey) ? PMA_sanitize($purgekey) : ''; ?>" /> <input type="hidden" name="show_query" value="<?php echo isset($show_query) ? PMA_sanitize($show_query) : ''; ?>" /> <?php echo '<fieldset class="confirmation">' . "\n" .' <legend>' . $strDoYouReally . '</legend>' .' <tt>' . htmlspecialchars($stripped_sql_query) . '</tt>' . "\n" .'</fieldset>' . "\n" .'<fieldset class="tblFooters">' . "\n"; ?> <input type="submit" name="btnDrop" value="<?php echo $strYes; ?>" id="buttonYes" /> <input type="submit" name="btnDrop" value="<?php echo $strNo; ?>" id="buttonNo" /> <?php echo '</fieldset>' . "\n" . '</form>' . "\n"; /** * Displays the footer and exit */ require_once './libraries/footer.inc.php';} // end if $do_confirm// Defines some variables// A table has to be created, renamed, dropped -> navi frame should be reloaded/** * @todo use the parser/analyzer */if (empty($reload) && preg_match('/^(CREATE|ALTER|DROP)\s+(VIEW|TABLE|DATABASE|SCHEMA)\s+/i', $sql_query)) { $reload = 1;}// SK -- Patch: $is_group added for use in calculation of total number of// rows.// $is_count is changed for more correct "LIMIT" clause// appending in queries like// "SELECT COUNT(...) FROM ... GROUP BY ..."/** * @todo detect all this with the parser, to avoid problems finding * those strings in comments or backquoted identifiers */$is_explain = $is_count = $is_export = $is_delete = $is_insert = $is_affected = $is_show = $is_maint = $is_analyse = $is_group = $is_func = $is_replace = false;if ($is_select) { // see line 141 $is_group = preg_match('@(GROUP[[:space:]]+BY|HAVING|SELECT[[:space:]]+DISTINCT)[[:space:]]+@i', $sql_query); $is_func = !$is_group && (preg_match('@[[:space:]]+(SUM|AVG|STD|STDDEV|MIN|MAX|BIT_OR|BIT_AND)\s*\(@i', $sql_query)); $is_count = !$is_group && (preg_match('@^SELECT[[:space:]]+COUNT\((.*\.+)?.*\)@i', $sql_query)); $is_export = (preg_match('@[[:space:]]+INTO[[:space:]]+OUTFILE[[:space:]]+@i', $sql_query)); $is_analyse = (preg_match('@[[:space:]]+PROCEDURE[[:space:]]+ANALYSE@i', $sql_query));} elseif (preg_match('@^EXPLAIN[[:space:]]+@i', $sql_query)) { $is_explain = true;} elseif (preg_match('@^DELETE[[:space:]]+@i', $sql_query)) { $is_delete = true; $is_affected = true;} elseif (preg_match('@^(INSERT|LOAD[[:space:]]+DATA|REPLACE)[[:space:]]+@i', $sql_query)) { $is_insert = true; $is_affected = true; if (preg_match('@^(REPLACE)[[:space:]]+@i', $sql_query)) { $is_replace = true; }} elseif (preg_match('@^UPDATE[[:space:]]+@i', $sql_query)) { $is_affected = true;} elseif (preg_match('@^[[:space:]]*SHOW[[:space:]]+@i', $sql_query)) { $is_show = true;} elseif (preg_match('@^(CHECK|ANALYZE|REPAIR|OPTIMIZE)[[:space:]]+TABLE[[:space:]]+@i', $sql_query)) { $is_maint = true;}// Do append a "LIMIT" clause?if ((! $cfg['ShowAll'] || $_SESSION['userconf']['max_rows'] != 'all') && ! ($is_count || $is_export || $is_func || $is_analyse) && isset($analyzed_sql[0]['queryflags']['select_from']) && ! isset($analyzed_sql[0]['queryflags']['offset']) && empty($analyzed_sql[0]['limit_clause']) ) { $sql_limit_to_append = ' LIMIT ' . $_SESSION['userconf']['pos'] . ', ' . $_SESSION['userconf']['max_rows'] . " "; $full_sql_query = $analyzed_sql[0]['section_before_limit'] . "\n" . $sql_limit_to_append . $analyzed_sql[0]['section_after_limit']; /** * @todo pretty printing of this modified query */ if (isset($display_query)) { // if the analysis of the original query revealed that we found // a section_after_limit, we now have to analyze $display_query // to display it correctly if (!empty($analyzed_sql[0]['section_after_limit']) && trim($analyzed_sql[0]['section_after_limit']) != ';') { $analyzed_display_query = PMA_SQP_analyze(PMA_SQP_parse($display_query)); $display_query = $analyzed_display_query[0]['section_before_limit'] . "\n" . $sql_limit_to_append . $analyzed_display_query[0]['section_after_limit']; } }} else { $full_sql_query = $sql_query;} // end if...elseif (strlen($db)) { PMA_DBI_select_db($db);}// E x e c u t e t h e q u e r y// Only if we didn't ask to see the php code (mikebeck)if (isset($GLOBALS['show_as_php']) || !empty($GLOBALS['validatequery'])) { unset($result); $num_rows = 0;} else { if (isset($_SESSION['profiling']) && PMA_profilingSupported()) { PMA_DBI_query('SET PROFILING=1;'); } // garvin: Measure query time. // TODO-Item http://sourceforge.net/tracker/index.php?func=detail&aid=571934&group_id=23067&atid=377411 $querytime_before = array_sum(explode(' ', microtime())); $result = @PMA_DBI_try_query($full_sql_query, null, PMA_DBI_QUERY_STORE); $querytime_after = array_sum(explode(' ', microtime())); $GLOBALS['querytime'] = $querytime_after - $querytime_before; // Displays an error message if required and stop parsing the script if ($error = PMA_DBI_getError()) { if ($is_gotofile) { if (strpos($goto, 'db_') === 0 && strlen($table)) { $table = ''; } $active_page = $goto; $message = PMA_Message::rawError($error); require './' . PMA_securePath($goto); } else { require_once './libraries/header.inc.php'; $full_err_url = (preg_match('@^(db|tbl)_@', $err_url)) ? $err_url . '&show_query=1&sql_query=' . urlencode($sql_query) : $err_url; PMA_mysqlDie($error, $full_sql_query, '', $full_err_url); } exit; } unset($error); // Gets the number of rows affected/returned // (This must be done immediately after the query because // mysql_affected_rows() reports about the last query done) if (!$is_affected) { $num_rows = ($result) ? @PMA_DBI_num_rows($result) : 0; } elseif (!isset($num_rows)) { $num_rows = @PMA_DBI_affected_rows(); } // Grabs the profiling results if (isset($_SESSION['profiling']) && PMA_profilingSupported()) { $profiling_results = PMA_DBI_fetch_result('SHOW PROFILE;'); } // Checks if the current database has changed // This could happen if the user sends a query like "USE `database`;" /** * commented out auto-switching to active database - really required? * bug #1814718 win: table list disappears (mixed case db names) * https://sourceforge.net/support/tracker.php?aid=1814718 * @todo RELEASE test and comit or rollback before release $current_db = PMA_DBI_fetch_value('SELECT DATABASE()'); if ($db !== $current_db) { $db = $current_db; $reload = 1; }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -