/** * Displays a message at the top of the "main" (right) frame * * @param string the message to display * * @global array the configuration array * * @access public */ function PMA_showMessage($message) { global $cfg; // Sanitizes $message $message = PMA_sanitize($message); // Corrects the tooltip text via JS if required if (!empty($GLOBALS['table']) && $cfg['ShowTooltip']) { $result = PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], TRUE) . '\''); if ($result) { $tbl_status = PMA_DBI_fetch_assoc($result); $tooltip = empty($tbl_status['Comment']) ? '' : $tbl_status['Comment'] . ' '; $tooltip .= '(' . $tbl_status['Rows'] . ' ' . $GLOBALS['strRows'] . ')'; PMA_DBI_free_result($result); $md5_tbl = md5($GLOBALS['table']); echo "\n"; ?> <script type="text/javascript" language="javascript1.2"> <!-- if (typeof(document.getElementById) != 'undefined' && typeof(window.parent.frames['nav']) != 'undefined' && typeof(window.parent.frames['nav'].document) != 'undefined' && typeof(window.parent.frames['nav'].document) != 'unknown' && (window.parent.frames['nav'].document.getElementById('<?php echo 'tbl_' . $md5_tbl; ?> ')) && typeof(window.parent.frames['nav'].document.getElementById('<?php echo 'tbl_' . $md5_tbl; ?> ')) != 'undefined' && typeof(window.parent.frames['nav'].document.getElementById('<?php echo 'tbl_' . $md5_tbl; ?> ').title) == 'string') { window.parent.frames['nav'].document.getElementById('<?php echo 'tbl_' . $md5_tbl; ?> ').title = '<?php echo PMA_jsFormat($tooltip, FALSE); ?> '; } //--> </script> <?php } // end if } // end if... else if // Checks if the table needs to be repaired after a TRUNCATE query. if (isset($GLOBALS['table']) && isset($GLOBALS['sql_query']) && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) { if (!isset($tbl_status)) { $result = @PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], TRUE) . '\''); if ($result) { $tbl_status = PMA_DBI_fetch_assoc($result); PMA_DBI_free_result($result); } } if (isset($tbl_status) && (int) $tbl_status['Index_length'] > 1024) { PMA_DBI_try_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table'])); } } unset($tbl_status); echo "\n"; ?> <br /> <div align="<?php echo $GLOBALS['cell_align_left']; ?> "> <table border="<?php echo $cfg['Border']; ?> " cellpadding="5" cellspacing="1"> <tr> <th<?php echo $GLOBALS['theme'] != 'original' ? ' class="tblHeaders"' : ' bgcolor="' . $cfg['ThBgcolor'] . '"'; ?> > <b><?php echo $message; ?> </b> </th> </tr> <?php if ($cfg['ShowSQL'] == TRUE && (!empty($GLOBALS['sql_query']) || !empty($GLOBALS['display_query']))) { $local_query = !empty($GLOBALS['display_query']) ? $GLOBALS['display_query'] : ($cfg['SQP']['fmtType'] == 'none' && isset($GLOBALS['unparsed_sql']) && $GLOBALS['unparsed_sql'] != '' ? $GLOBALS['unparsed_sql'] : $GLOBALS['sql_query']); // Basic url query part $url_qpart = '?' . PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', isset($GLOBALS['table']) ? $GLOBALS['table'] : ''); echo "\n"; ?> <tr> <td bgcolor="<?php echo $cfg['BgcolorOne']; ?> "> <?php echo "\n"; // Html format the query to be displayed // The nl2br function isn't used because its result isn't a valid // xhtml1.0 statement before php4.0.5 ("<br>" and not "<br />") // If we want to show some sql code it is easiest to create it here /* SQL-Parser-Analyzer */ $sqlnr = 1; if (!empty($GLOBALS['show_as_php'])) { $new_line = '\'<br />' . "\n" . ' . \' '; } if (isset($new_line)) { /* SQL-Parser-Analyzer */ $query_base = PMA_sqlAddslashes(htmlspecialchars($local_query)); /* SQL-Parser-Analyzer */ $query_base = preg_replace("@((\r\n)|(\r)|(\n))+@", $new_line, $query_base); } else { $query_base = $local_query; } // Here we append the LIMIT added for navigation, to // enable its display. Adding it higher in the code // to $local_query would create a problem when // using the Refresh or Edit links. // Only append it on SELECTs. // FIXME: what would be the best to do when someone // hits Refresh: use the current LIMITs ? // TODO: use the parser instead of preg_match() if (preg_match('@^SELECT[[:space:]]+@i', $query_base) && isset($GLOBALS['sql_limit_to_append'])) { $query_base .= $GLOBALS['sql_limit_to_append']; } if (!empty($GLOBALS['show_as_php'])) { $query_base = '$sql = \'' . $query_base; } else { if (!empty($GLOBALS['validatequery'])) { $query_base = PMA_validateSQL($query_base); } else { // avoid reparsing query: if (isset($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) { $parsed_sql = $GLOBALS['parsed_sql']; } else { $parsed_sql = PMA_SQP_parse($query_base); } $query_base = PMA_formatSql($parsed_sql, $query_base); } } // Prepares links that may be displayed to edit/explain the query // (don't go to default pages, we must go to the page // where the query box is available) // (also, I don't see why we should check the goto variable) //if (!isset($GLOBALS['goto'])) { //$edit_target = (isset($GLOBALS['table'])) ? $cfg['DefaultTabTable'] : $cfg['DefaultTabDatabase']; $edit_target = isset($GLOBALS['db']) ? isset($GLOBALS['table']) ? 'tbl_properties.php' : 'db_details.php' : ''; //} else if ($GLOBALS['goto'] != 'main.php') { // $edit_target = $GLOBALS['goto']; //} else { // $edit_target = ''; //} if (isset($cfg['SQLQuery']['Edit']) && $cfg['SQLQuery']['Edit'] == TRUE && !empty($edit_target)) { $onclick = ''; if ($cfg['QueryFrameJS'] && $cfg['QueryFrame']) { $onclick = 'onclick="focus_querywindow(\'' . urlencode($local_query) . '\'); return false;"'; } $edit_link = ' [<a href="' . $edit_target . $url_qpart . '&sql_query=' . urlencode($local_query) . '&show_query=1#querybox" ' . $onclick . '>' . $GLOBALS['strEdit'] . '</a>]'; } else { $edit_link = ''; } // Want to have the query explained (Mike Beck 2002-05-22) // but only explain a SELECT (that has not been explained) /* SQL-Parser-Analyzer */ if (isset($cfg['SQLQuery']['Explain']) && $cfg['SQLQuery']['Explain'] == TRUE) { // Detect if we are validating as well // To preserve the validate uRL data if (!empty($GLOBALS['validatequery'])) { $explain_link_validate = '&validatequery=1'; } else { $explain_link_validate = ''; } $explain_link = ' [<a href="read_dump.php' . $url_qpart . $explain_link_validate . '&sql_query='; if (preg_match('@^SELECT[[:space:]]+@i', $local_query)) { $explain_link .= urlencode('EXPLAIN ' . $local_query) . '">' . $GLOBALS['strExplain']; } else { if (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $local_query)) { $explain_link .= urlencode(substr($local_query, 8)) . '">' . $GLOBALS['strNoExplain']; } else { $explain_link = ''; } } if (!empty($explain_link)) { $explain_link .= '</a>]'; } } else { $explain_link = ''; } //show explain // Also we would like to get the SQL formed in some nice // php-code (Mike Beck 2002-05-22) if (isset($cfg['SQLQuery']['ShowAsPHP']) && $cfg['SQLQuery']['ShowAsPHP'] == TRUE) { $php_link = ' [<a href="read_dump.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($local_query) . '&show_as_php='; if (!empty($GLOBALS['show_as_php'])) { $php_link .= '0">' . $GLOBALS['strNoPhp']; } else { $php_link .= '1">' . $GLOBALS['strPhp']; } $php_link .= '</a>]'; if (isset($GLOBALS['show_as_php']) && $GLOBALS['show_as_php'] == '1') { $php_link .= ' [<a href="read_dump.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($local_query) . '">' . $GLOBALS['strRunQuery'] . '</a>]'; } } else { $php_link = ''; } //show as php // Refresh query if (isset($cfg['SQLQuery']['Refresh']) && $cfg['SQLQuery']['Refresh'] && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $local_query)) { $refresh_link = ' [<a href="read_dump.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($local_query) . '">'; $refresh_link .= $GLOBALS['strRefresh']; $refresh_link .= '</a>]'; } else { $refresh_link = ''; } //show as php if (isset($cfg['SQLValidator']['use']) && $cfg['SQLValidator']['use'] == TRUE && isset($cfg['SQLQuery']['Validate']) && $cfg['SQLQuery']['Validate'] == TRUE) { $validate_link = ' [<a href="read_dump.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($local_query) . '&validatequery='; if (!empty($GLOBALS['validatequery'])) { $validate_link .= '0">' . $GLOBALS['strNoValidateSQL']; } else { $validate_link .= '1">' . $GLOBALS['strValidateSQL']; } $validate_link .= '</a>]'; } else { $validate_link = ''; } //validator // Displays the message echo ' <b>' . $GLOBALS['strSQLQuery'] . ':</b> '; echo '<br />' . "\n"; echo ' ' . $query_base; unset($local_query); //Clean up the end of the PHP if (!empty($GLOBALS['show_as_php'])) { echo '\';'; } echo "\n"; ?> </td> </tr> <?php if (!empty($edit_target)) { echo '<tr><td bgcolor="' . $cfg['BgcolorOne'] . '" align="center">'; echo $edit_link . $explain_link . $php_link . $refresh_link . $validate_link; echo '</td></tr>' . "\n"; } } echo "\n"; ?> </table> </div><br /> <?php }
?> </th> <th><?php echo $strTrackingDataManipulationStatement; ?> </th> </tr> </thead> <tbody> <?php $style = 'odd'; foreach ($data['dmlog'] as $entry) { if (strlen($entry['statement']) > $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) { $statement = substr($entry['statement'], 0, $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) . '[...]'; } else { $statement = PMA_formatSql(PMA_SQP_parse($entry['statement'])); } $timestamp = strtotime($entry['date']); if ($timestamp >= $filter_ts_from && $timestamp <= $filter_ts_to && (in_array('*', $filter_users) || in_array($entry['username'], $filter_users))) { ?> <tr class="<?php echo $style; ?> "> <td><small><?php echo $i; ?> </small></td> <td><small><?php echo $entry['date']; ?>
/** * displays the message and the query * usually the message is the result of the query executed * * @param string $message the message to display * @param string $sql_query the query to display * @param string $type the type (level) of the message * @global array the configuration array * @uses $cfg * @access public */ function PMA_showMessage($message, $sql_query = null, $type = 'notice') { global $cfg; if (null === $sql_query) { if (!empty($GLOBALS['display_query'])) { $sql_query = $GLOBALS['display_query']; } elseif ($cfg['SQP']['fmtType'] == 'none' && !empty($GLOBALS['unparsed_sql'])) { $sql_query = $GLOBALS['unparsed_sql']; } elseif (!empty($GLOBALS['sql_query'])) { $sql_query = $GLOBALS['sql_query']; } else { $sql_query = ''; } } // Corrects the tooltip text via JS if required // @todo this is REALLY the wrong place to do this - very unexpected here if (strlen($GLOBALS['table']) && $cfg['ShowTooltip']) { $tooltip = PMA_Table::sGetToolTip($GLOBALS['db'], $GLOBALS['table']); $uni_tbl = PMA_jsFormat($GLOBALS['db'] . '.' . $GLOBALS['table'], false); echo "\n"; echo '<script type="text/javascript">' . "\n"; echo '//<![CDATA[' . "\n"; echo "if (window.parent.updateTableTitle) window.parent.updateTableTitle('" . $uni_tbl . "', '" . PMA_jsFormat($tooltip, false) . "');" . "\n"; echo '//]]>' . "\n"; echo '</script>' . "\n"; } // end if ... elseif // Checks if the table needs to be repaired after a TRUNCATE query. // @todo what about $GLOBALS['display_query']??? // @todo this is REALLY the wrong place to do this - very unexpected here if (strlen($GLOBALS['table']) && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) { if (PMA_Table::sGetStatusInfo($GLOBALS['db'], $GLOBALS['table'], 'Index_length') > 1024) { PMA_DBI_try_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table'])); } } unset($tbl_status); echo '<div align="' . $GLOBALS['cell_align_left'] . '">' . "\n"; if ($message instanceof PMA_Message) { if (isset($GLOBALS['special_message'])) { $message->addMessage($GLOBALS['special_message']); unset($GLOBALS['special_message']); } $message->display(); $type = $message->getLevel(); } else { echo '<div class="' . $type . '">'; echo PMA_sanitize($message); if (isset($GLOBALS['special_message'])) { echo PMA_sanitize($GLOBALS['special_message']); unset($GLOBALS['special_message']); } echo '</div>'; } if ($cfg['ShowSQL'] == true && !empty($sql_query)) { // Html format the query to be displayed // If we want to show some sql code it is easiest to create it here /* SQL-Parser-Analyzer */ if (!empty($GLOBALS['show_as_php'])) { $new_line = '\\n"<br />' . "\n" . ' . "'; $query_base = htmlspecialchars(addslashes($sql_query)); $query_base = preg_replace('/((\\015\\012)|(\\015)|(\\012))/', $new_line, $query_base); } else { $query_base = $sql_query; } $query_too_big = false; if (strlen($query_base) > $cfg['MaxCharactersInDisplayedSQL']) { // when the query is large (for example an INSERT of binary // data), the parser chokes; so avoid parsing the query $query_too_big = true; $shortened_query_base = nl2br(htmlspecialchars(substr($sql_query, 0, $cfg['MaxCharactersInDisplayedSQL']) . '[...]')); } elseif (!empty($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) { // (here, use "! empty" because when deleting a bookmark, // $GLOBALS['parsed_sql'] is set but empty $parsed_sql = $GLOBALS['parsed_sql']; } else { // Parse SQL if needed $parsed_sql = PMA_SQP_parse($query_base); } // Analyze it if (isset($parsed_sql)) { $analyzed_display_query = PMA_SQP_analyze($parsed_sql); // Here we append the LIMIT added for navigation, to // enable its display. Adding it higher in the code // to $sql_query would create a problem when // using the Refresh or Edit links. // Only append it on SELECTs. /** * @todo what would be the best to do when someone hits Refresh: * use the current LIMITs ? */ if (isset($analyzed_display_query[0]['queryflags']['select_from']) && isset($GLOBALS['sql_limit_to_append'])) { $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_limit_to_append'] . $analyzed_display_query[0]['section_after_limit']; // Need to reparse query $parsed_sql = PMA_SQP_parse($query_base); } } if (!empty($GLOBALS['show_as_php'])) { $query_base = '$sql = "' . $query_base; } elseif (!empty($GLOBALS['validatequery'])) { $query_base = PMA_validateSQL($query_base); } elseif (isset($parsed_sql)) { $query_base = PMA_formatSql($parsed_sql, $query_base); } // Prepares links that may be displayed to edit/explain the query // (don't go to default pages, we must go to the page // where the query box is available) // Basic url query part $url_params = array(); if (strlen($GLOBALS['db'])) { $url_params['db'] = $GLOBALS['db']; if (strlen($GLOBALS['table'])) { $url_params['table'] = $GLOBALS['table']; $edit_link = 'tbl_sql.php'; } else { $edit_link = 'db_sql.php'; } } else { $edit_link = 'server_sql.php'; } // Want to have the query explained (Mike Beck 2002-05-22) // but only explain a SELECT (that has not been explained) /* SQL-Parser-Analyzer */ $explain_link = ''; if (!empty($cfg['SQLQuery']['Explain']) && !$query_too_big) { $explain_params = $url_params; // Detect if we are validating as well // To preserve the validate uRL data if (!empty($GLOBALS['validatequery'])) { $explain_params['validatequery'] = 1; } if (preg_match('@^SELECT[[:space:]]+@i', $sql_query)) { $explain_params['sql_query'] = 'EXPLAIN ' . $sql_query; $_message = $GLOBALS['strExplain']; } elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $sql_query)) { $explain_params['sql_query'] = substr($sql_query, 8); $_message = $GLOBALS['strNoExplain']; } if (isset($explain_params['sql_query'])) { $explain_link = 'import.php' . PMA_generate_common_url($explain_params); $explain_link = ' [' . PMA_linkOrButton($explain_link, $_message) . ']'; } } //show explain $url_params['sql_query'] = $sql_query; $url_params['show_query'] = 1; if (!empty($cfg['SQLQuery']['Edit']) && !$query_too_big) { if ($cfg['EditInWindow'] == true) { $onclick = 'window.parent.focus_querywindow(\'' . PMA_jsFormat($sql_query, false) . '\'); return false;'; } else { $onclick = ''; } $edit_link .= PMA_generate_common_url($url_params) . '#querybox'; $edit_link = ' [' . PMA_linkOrButton($edit_link, $GLOBALS['strEdit'], array('onclick' => $onclick)) . ']'; } else { $edit_link = ''; } $url_qpart = PMA_generate_common_url($url_params); // Also we would like to get the SQL formed in some nice // php-code (Mike Beck 2002-05-22) if (!empty($cfg['SQLQuery']['ShowAsPHP']) && !$query_too_big) { $php_params = $url_params; if (!empty($GLOBALS['show_as_php'])) { $_message = $GLOBALS['strNoPhp']; } else { $php_params['show_as_php'] = 1; $_message = $GLOBALS['strPhp']; } $php_link = 'import.php' . PMA_generate_common_url($php_params); $php_link = ' [' . PMA_linkOrButton($php_link, $_message) . ']'; if (isset($GLOBALS['show_as_php'])) { $runquery_link = 'import.php' . PMA_generate_common_url($url_params); $php_link .= ' [' . PMA_linkOrButton($runquery_link, $GLOBALS['strRunQuery']) . ']'; } } else { $php_link = ''; } //show as php // Refresh query if (!empty($cfg['SQLQuery']['Refresh']) && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query)) { $refresh_link = 'import.php' . PMA_generate_common_url($url_params); $refresh_link = ' [' . PMA_linkOrButton($refresh_link, $GLOBALS['strRefresh']) . ']'; } else { $refresh_link = ''; } //show as php if (!empty($cfg['SQLValidator']['use']) && !empty($cfg['SQLQuery']['Validate'])) { $validate_params = $url_params; if (!empty($GLOBALS['validatequery'])) { $validate_message = $GLOBALS['strNoValidateSQL']; } else { $validate_params['validatequery'] = 1; $validate_message = $GLOBALS['strValidateSQL']; } $validate_link = 'import.php' . PMA_generate_common_url($validate_params); $validate_link = ' [' . PMA_linkOrButton($validate_link, $validate_message) . ']'; } else { $validate_link = ''; } //validator echo '<code class="sql">'; if ($query_too_big) { echo $shortened_query_base; } else { echo $query_base; } //Clean up the end of the PHP if (!empty($GLOBALS['show_as_php'])) { echo '";'; } echo '</code>'; echo '<div class="tools">'; // avoid displaying a Profiling checkbox that could // be checked, which would reexecute an INSERT, for example if (!empty($refresh_link)) { PMA_profilingCheckbox($sql_query); } echo $edit_link . $explain_link . $php_link . $refresh_link . $validate_link; echo '</div>'; } echo '</div><br />' . "\n"; }
/** * displays the message and the query * usually the message is the result of the query executed * * @param string $message the message to display * @param string $sql_query the query to display * @param string $type the type (level) of the message * @param boolean $is_view is this a message after a VIEW operation? * * @return string * * @access public */ function PMA_showMessage($message, $sql_query = null, $type = 'notice', $is_view = false) { /* * PMA_ajaxResponse uses this function to collect the string of HTML generated * for showing the message. Use output buffering to collect it and return it * in a string. In some special cases on sql.php, buffering has to be disabled * and hence we check with $GLOBALS['buffer_message'] */ if ($GLOBALS['is_ajax_request'] == true && !isset($GLOBALS['buffer_message'])) { ob_start(); } global $cfg; if (null === $sql_query) { if (!empty($GLOBALS['display_query'])) { $sql_query = $GLOBALS['display_query']; } elseif ($cfg['SQP']['fmtType'] == 'none' && !empty($GLOBALS['unparsed_sql'])) { $sql_query = $GLOBALS['unparsed_sql']; } elseif (!empty($GLOBALS['sql_query'])) { $sql_query = $GLOBALS['sql_query']; } else { $sql_query = ''; } } if (isset($GLOBALS['using_bookmark_message'])) { $GLOBALS['using_bookmark_message']->display(); unset($GLOBALS['using_bookmark_message']); } // Corrects the tooltip text via JS if required // @todo this is REALLY the wrong place to do this - very unexpected here if (!$is_view && strlen($GLOBALS['table']) && $cfg['ShowTooltip']) { $tooltip = PMA_Table::sGetToolTip($GLOBALS['db'], $GLOBALS['table']); $uni_tbl = PMA_jsFormat($GLOBALS['db'] . '.' . $GLOBALS['table'], false); echo "\n"; echo '<script type="text/javascript">' . "\n"; echo '//<![CDATA[' . "\n"; echo "if (window.parent.updateTableTitle) window.parent.updateTableTitle('" . $uni_tbl . "', '" . PMA_jsFormat($tooltip, false) . "');" . "\n"; echo '//]]>' . "\n"; echo '</script>' . "\n"; } // end if ... elseif // Checks if the table needs to be repaired after a TRUNCATE query. // @todo what about $GLOBALS['display_query']??? // @todo this is REALLY the wrong place to do this - very unexpected here if (strlen($GLOBALS['table']) && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) { if (PMA_Table::sGetStatusInfo($GLOBALS['db'], $GLOBALS['table'], 'Index_length') > 1024 && !PMA_DRIZZLE) { PMA_DBI_try_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table'])); } } unset($tbl_status); // In an Ajax request, $GLOBALS['cell_align_left'] may not be defined. Hence, // check for it's presence before using it echo '<div id="result_query" align="' . (isset($GLOBALS['cell_align_left']) ? $GLOBALS['cell_align_left'] : '') . '">' . "\n"; if ($message instanceof PMA_Message) { if (isset($GLOBALS['special_message'])) { $message->addMessage($GLOBALS['special_message']); unset($GLOBALS['special_message']); } $message->display(); $type = $message->getLevel(); } else { echo '<div class="' . $type . '">'; echo PMA_sanitize($message); if (isset($GLOBALS['special_message'])) { echo PMA_sanitize($GLOBALS['special_message']); unset($GLOBALS['special_message']); } echo '</div>'; } if ($cfg['ShowSQL'] == true && !empty($sql_query)) { // Html format the query to be displayed // If we want to show some sql code it is easiest to create it here /* SQL-Parser-Analyzer */ if (!empty($GLOBALS['show_as_php'])) { $new_line = '\\n"<br />' . "\n" . ' . "'; $query_base = htmlspecialchars(addslashes($sql_query)); $query_base = preg_replace('/((\\015\\012)|(\\015)|(\\012))/', $new_line, $query_base); } else { $query_base = $sql_query; } $query_too_big = false; if (strlen($query_base) > $cfg['MaxCharactersInDisplayedSQL']) { // when the query is large (for example an INSERT of binary // data), the parser chokes; so avoid parsing the query $query_too_big = true; $shortened_query_base = nl2br(htmlspecialchars(substr($sql_query, 0, $cfg['MaxCharactersInDisplayedSQL']) . '[...]')); } elseif (!empty($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) { // (here, use "! empty" because when deleting a bookmark, // $GLOBALS['parsed_sql'] is set but empty $parsed_sql = $GLOBALS['parsed_sql']; } else { // Parse SQL if needed $parsed_sql = PMA_SQP_parse($query_base); } // Analyze it if (isset($parsed_sql) && !PMA_SQP_isError()) { $analyzed_display_query = PMA_SQP_analyze($parsed_sql); // Same as below (append LIMIT), append the remembered ORDER BY if ($GLOBALS['cfg']['RememberSorting'] && isset($analyzed_display_query[0]['queryflags']['select_from']) && isset($GLOBALS['sql_order_to_append'])) { $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_order_to_append'] . $analyzed_display_query[0]['limit_clause'] . ' ' . $analyzed_display_query[0]['section_after_limit']; // Need to reparse query $parsed_sql = PMA_SQP_parse($query_base); // update the $analyzed_display_query $analyzed_display_query[0]['section_before_limit'] .= $GLOBALS['sql_order_to_append']; $analyzed_display_query[0]['order_by_clause'] = $GLOBALS['sorted_col']; } // Here we append the LIMIT added for navigation, to // enable its display. Adding it higher in the code // to $sql_query would create a problem when // using the Refresh or Edit links. // Only append it on SELECTs. /** * @todo what would be the best to do when someone hits Refresh: * use the current LIMITs ? */ if (isset($analyzed_display_query[0]['queryflags']['select_from']) && isset($GLOBALS['sql_limit_to_append'])) { $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_limit_to_append'] . $analyzed_display_query[0]['section_after_limit']; // Need to reparse query $parsed_sql = PMA_SQP_parse($query_base); } } if (!empty($GLOBALS['show_as_php'])) { $query_base = '$sql = "' . $query_base; } elseif (!empty($GLOBALS['validatequery'])) { try { $query_base = PMA_validateSQL($query_base); } catch (Exception $e) { PMA_Message::error(__('Failed to connect to SQL validator!'))->display(); } } elseif (isset($parsed_sql)) { $query_base = PMA_formatSql($parsed_sql, $query_base); } // Prepares links that may be displayed to edit/explain the query // (don't go to default pages, we must go to the page // where the query box is available) // Basic url query part $url_params = array(); if (!isset($GLOBALS['db'])) { $GLOBALS['db'] = ''; } if (strlen($GLOBALS['db'])) { $url_params['db'] = $GLOBALS['db']; if (strlen($GLOBALS['table'])) { $url_params['table'] = $GLOBALS['table']; $edit_link = 'tbl_sql.php'; } else { $edit_link = 'db_sql.php'; } } else { $edit_link = 'server_sql.php'; } // Want to have the query explained // but only explain a SELECT (that has not been explained) /* SQL-Parser-Analyzer */ $explain_link = ''; $is_select = false; if (!empty($cfg['SQLQuery']['Explain']) && !$query_too_big) { $explain_params = $url_params; // Detect if we are validating as well // To preserve the validate uRL data if (!empty($GLOBALS['validatequery'])) { $explain_params['validatequery'] = 1; } if (preg_match('@^SELECT[[:space:]]+@i', $sql_query)) { $explain_params['sql_query'] = 'EXPLAIN ' . $sql_query; $_message = __('Explain SQL'); $is_select = true; } elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $sql_query)) { $explain_params['sql_query'] = substr($sql_query, 8); $_message = __('Skip Explain SQL'); } if (isset($explain_params['sql_query'])) { $explain_link = 'import.php' . PMA_generate_common_url($explain_params); $explain_link = ' [' . PMA_linkOrButton($explain_link, $_message) . ']'; } } //show explain $url_params['sql_query'] = $sql_query; $url_params['show_query'] = 1; // even if the query is big and was truncated, offer the chance // to edit it (unless it's enormous, see PMA_linkOrButton() ) if (!empty($cfg['SQLQuery']['Edit'])) { if ($cfg['EditInWindow'] == true) { $onclick = 'window.parent.focus_querywindow(\'' . PMA_jsFormat($sql_query, false) . '\'); return false;'; } else { $onclick = ''; } $edit_link .= PMA_generate_common_url($url_params) . '#querybox'; $edit_link = ' [' . PMA_linkOrButton($edit_link, __('Edit'), array('onclick' => $onclick)) . ']'; } else { $edit_link = ''; } $url_qpart = PMA_generate_common_url($url_params); // Also we would like to get the SQL formed in some nice // php-code if (!empty($cfg['SQLQuery']['ShowAsPHP']) && !$query_too_big) { $php_params = $url_params; if (!empty($GLOBALS['show_as_php'])) { $_message = __('Without PHP Code'); } else { $php_params['show_as_php'] = 1; $_message = __('Create PHP Code'); } $php_link = 'import.php' . PMA_generate_common_url($php_params); $php_link = ' [' . PMA_linkOrButton($php_link, $_message) . ']'; if (isset($GLOBALS['show_as_php'])) { $runquery_link = 'import.php' . PMA_generate_common_url($url_params); $php_link .= ' [' . PMA_linkOrButton($runquery_link, __('Submit Query')) . ']'; } } else { $php_link = ''; } //show as php // Refresh query if (!empty($cfg['SQLQuery']['Refresh']) && !isset($GLOBALS['show_as_php']) && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query)) { $refresh_link = 'import.php' . PMA_generate_common_url($url_params); $refresh_link = ' [' . PMA_linkOrButton($refresh_link, __('Refresh')) . ']'; } else { $refresh_link = ''; } //refresh if (!empty($cfg['SQLValidator']['use']) && !empty($cfg['SQLQuery']['Validate'])) { $validate_params = $url_params; if (!empty($GLOBALS['validatequery'])) { $validate_message = __('Skip Validate SQL'); } else { $validate_params['validatequery'] = 1; $validate_message = __('Validate SQL'); } $validate_link = 'import.php' . PMA_generate_common_url($validate_params); $validate_link = ' [' . PMA_linkOrButton($validate_link, $validate_message) . ']'; } else { $validate_link = ''; } //validator if (!empty($GLOBALS['validatequery'])) { echo '<div class="sqlvalidate">'; } else { echo '<code class="sql">'; } if ($query_too_big) { echo $shortened_query_base; } else { echo $query_base; } //Clean up the end of the PHP if (!empty($GLOBALS['show_as_php'])) { echo '";'; } if (!empty($GLOBALS['validatequery'])) { echo '</div>'; } else { echo '</code>'; } echo '<div class="tools">'; // avoid displaying a Profiling checkbox that could // be checked, which would reexecute an INSERT, for example if (!empty($refresh_link)) { PMA_profilingCheckbox($sql_query); } // if needed, generate an invisible form that contains controls for the // Inline link; this way, the behavior of the Inline link does not // depend on the profiling support or on the refresh link if (empty($refresh_link) || !PMA_profilingSupported()) { echo '<form action="sql.php" method="post">'; echo PMA_generate_common_hidden_inputs($GLOBALS['db'], $GLOBALS['table']); echo '<input type="hidden" name="sql_query" value="' . htmlspecialchars($sql_query) . '" />'; echo '</form>'; } // in the tools div, only display the Inline link when not in ajax // mode because 1) it currently does not work and 2) we would // have two similar mechanisms on the page for the same goal if ($is_select || $GLOBALS['is_ajax_request'] === false && !$query_too_big) { // see in js/functions.js the jQuery code attached to id inline_edit // document.write conflicts with jQuery, hence used $().append() echo "<script type=\"text/javascript\">\n" . "//<![CDATA[\n" . "\$('.tools form').last().after('[<a href=\"#\" title=\"" . PMA_escapeJsString(__('Inline edit of this query')) . "\" class=\"inline_edit_sql\">" . PMA_escapeJsString(_pgettext('Inline edit query', 'Inline')) . "</a>]');\n" . "//]]>\n" . "</script>"; } echo $edit_link . $explain_link . $php_link . $refresh_link . $validate_link; echo '</div>'; } echo '</div>'; if ($GLOBALS['is_ajax_request'] === false) { echo '<br class="clearfloat" />'; } // If we are in an Ajax request, we have most probably been called in // PMA_ajaxResponse(). Hence, collect the buffer contents and return it // to PMA_ajaxResponse(), which will encode it for JSON. if ($GLOBALS['is_ajax_request'] == true && !isset($GLOBALS['buffer_message'])) { $buffer_contents = ob_get_contents(); ob_end_clean(); return $buffer_contents; } return null; }
/** * displays the message and the query * usually the message is the result of the query executed * * @param string $message the message to display * @param string $sql_query the query to display * @global array the configuration array * @uses $cfg * @access public */ function PMA_showMessage($message, $sql_query = null) { global $cfg; $query_too_big = false; if (null === $sql_query) { if (!empty($GLOBALS['display_query'])) { $sql_query = $GLOBALS['display_query']; } elseif ($cfg['SQP']['fmtType'] == 'none' && !empty($GLOBALS['unparsed_sql'])) { $sql_query = $GLOBALS['unparsed_sql']; } elseif (!empty($GLOBALS['sql_query'])) { $sql_query = $GLOBALS['sql_query']; } else { $sql_query = ''; } } // Corrects the tooltip text via JS if required // @todo this is REALLY the wrong place to do this - very unexpected here if (strlen($GLOBALS['table']) && $cfg['ShowTooltip']) { $result = PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], true) . '\''); if ($result) { $tbl_status = PMA_DBI_fetch_assoc($result); $tooltip = empty($tbl_status['Comment']) ? '' : $tbl_status['Comment'] . ' '; $tooltip .= '(' . PMA_formatNumber($tbl_status['Rows'], 0) . ' ' . $GLOBALS['strRows'] . ')'; PMA_DBI_free_result($result); $uni_tbl = PMA_jsFormat($GLOBALS['db'] . '.' . $GLOBALS['table'], false); echo "\n"; echo '<script type="text/javascript">' . "\n"; echo '//<![CDATA[' . "\n"; echo "window.parent.updateTableTitle('" . $uni_tbl . "', '" . PMA_jsFormat($tooltip, false) . "');" . "\n"; echo '//]]>' . "\n"; echo '</script>' . "\n"; } // end if } // end if ... elseif // Checks if the table needs to be repaired after a TRUNCATE query. // @todo what about $GLOBALS['display_query']??? // @todo this is REALLY the wrong place to do this - very unexpected here if (strlen($GLOBALS['table']) && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) { if (!isset($tbl_status)) { $result = @PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], true) . '\''); if ($result) { $tbl_status = PMA_DBI_fetch_assoc($result); PMA_DBI_free_result($result); } } if (isset($tbl_status) && (int) $tbl_status['Index_length'] > 1024) { PMA_DBI_try_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table'])); } } unset($tbl_status); echo '<br />' . "\n"; echo '<div align="' . $GLOBALS['cell_align_left'] . '">' . "\n"; if (!empty($GLOBALS['show_error_header'])) { echo '<div class="error">' . "\n"; echo '<h1>' . $GLOBALS['strError'] . '</h1>' . "\n"; } echo '<div class="notice">'; echo PMA_sanitize($message); if (isset($GLOBALS['special_message'])) { echo PMA_sanitize($GLOBALS['special_message']); unset($GLOBALS['special_message']); } echo '</div>'; if (!empty($GLOBALS['show_error_header'])) { echo '</div>'; } if ($cfg['ShowSQL'] == true && !empty($sql_query)) { // Basic url query part $url_qpart = '?' . PMA_generate_common_url($GLOBALS['db'], $GLOBALS['table']); // Html format the query to be displayed // The nl2br function isn't used because its result isn't a valid // xhtml1.0 statement before php4.0.5 ("<br>" and not "<br />") // If we want to show some sql code it is easiest to create it here /* SQL-Parser-Analyzer */ if (!empty($GLOBALS['show_as_php'])) { $new_line = '\'<br />' . "\n" . ' . \' '; } if (isset($new_line)) { /* SQL-Parser-Analyzer */ $query_base = PMA_sqlAddslashes(htmlspecialchars($sql_query), false, false, true); /* SQL-Parser-Analyzer */ $query_base = preg_replace("@((\r\n)|(\r)|(\n))+@", $new_line, $query_base); } else { $query_base = $sql_query; } if (strlen($query_base) > $cfg['MaxCharactersInDisplayedSQL']) { $query_too_big = true; $query_base = nl2br(htmlspecialchars($sql_query)); unset($GLOBALS['parsed_sql']); } // Parse SQL if needed // (here, use "! empty" because when deleting a bookmark, // $GLOBALS['parsed_sql'] is set but empty if (!empty($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) { $parsed_sql = $GLOBALS['parsed_sql']; } else { // when the query is large (for example an INSERT of binary // data), the parser chokes; so avoid parsing the query if (!$query_too_big) { $parsed_sql = PMA_SQP_parse($query_base); } } // Analyze it if (isset($parsed_sql)) { $analyzed_display_query = PMA_SQP_analyze($parsed_sql); } // Here we append the LIMIT added for navigation, to // enable its display. Adding it higher in the code // to $sql_query would create a problem when // using the Refresh or Edit links. // Only append it on SELECTs. /** * @todo what would be the best to do when someone hits Refresh: * use the current LIMITs ? */ if (isset($analyzed_display_query[0]['queryflags']['select_from']) && isset($GLOBALS['sql_limit_to_append'])) { $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_limit_to_append'] . $analyzed_display_query[0]['section_after_limit']; // Need to reparse query $parsed_sql = PMA_SQP_parse($query_base); } if (!empty($GLOBALS['show_as_php'])) { $query_base = '$sql = \'' . $query_base; } elseif (!empty($GLOBALS['validatequery'])) { $query_base = PMA_validateSQL($query_base); } else { if (isset($parsed_sql)) { $query_base = PMA_formatSql($parsed_sql, $query_base); } } // Prepares links that may be displayed to edit/explain the query // (don't go to default pages, we must go to the page // where the query box is available) $edit_target = strlen($GLOBALS['db']) ? strlen($GLOBALS['table']) ? 'tbl_sql.php' : 'db_sql.php' : 'server_sql.php'; if (isset($cfg['SQLQuery']['Edit']) && $cfg['SQLQuery']['Edit'] == true && !empty($edit_target) && !$query_too_big) { if ($cfg['EditInWindow'] == true) { $onclick = 'window.parent.focus_querywindow(\'' . PMA_jsFormat($sql_query, false) . '\'); return false;'; } else { $onclick = ''; } $edit_link = $edit_target . $url_qpart . '&sql_query=' . urlencode($sql_query) . '&show_query=1#querybox'; $edit_link = ' [' . PMA_linkOrButton($edit_link, $GLOBALS['strEdit'], array('onclick' => $onclick)) . ']'; } else { $edit_link = ''; } // Want to have the query explained (Mike Beck 2002-05-22) // but only explain a SELECT (that has not been explained) /* SQL-Parser-Analyzer */ if (isset($cfg['SQLQuery']['Explain']) && $cfg['SQLQuery']['Explain'] == true && !$query_too_big) { // Detect if we are validating as well // To preserve the validate uRL data if (!empty($GLOBALS['validatequery'])) { $explain_link_validate = '&validatequery=1'; } else { $explain_link_validate = ''; } $explain_link = 'import.php' . $url_qpart . $explain_link_validate . '&sql_query='; if (preg_match('@^SELECT[[:space:]]+@i', $sql_query)) { $explain_link .= urlencode('EXPLAIN ' . $sql_query); $message = $GLOBALS['strExplain']; } elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $sql_query)) { $explain_link .= urlencode(substr($sql_query, 8)); $message = $GLOBALS['strNoExplain']; } else { $explain_link = ''; } if (!empty($explain_link)) { $explain_link = ' [' . PMA_linkOrButton($explain_link, $message) . ']'; } } else { $explain_link = ''; } //show explain // Also we would like to get the SQL formed in some nice // php-code (Mike Beck 2002-05-22) if (isset($cfg['SQLQuery']['ShowAsPHP']) && $cfg['SQLQuery']['ShowAsPHP'] == true && !$query_too_big) { $php_link = 'import.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($sql_query) . '&show_as_php='; if (!empty($GLOBALS['show_as_php'])) { $php_link .= '0'; $message = $GLOBALS['strNoPhp']; } else { $php_link .= '1'; $message = $GLOBALS['strPhp']; } $php_link = ' [' . PMA_linkOrButton($php_link, $message) . ']'; if (isset($GLOBALS['show_as_php'])) { $runquery_link = 'import.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($sql_query); $php_link .= ' [' . PMA_linkOrButton($runquery_link, $GLOBALS['strRunQuery']) . ']'; } } else { $php_link = ''; } //show as php // Refresh query if (isset($cfg['SQLQuery']['Refresh']) && $cfg['SQLQuery']['Refresh'] && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query)) { $refresh_link = 'import.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($sql_query); $refresh_link = ' [' . PMA_linkOrButton($refresh_link, $GLOBALS['strRefresh']) . ']'; } else { $refresh_link = ''; } //show as php if (isset($cfg['SQLValidator']['use']) && $cfg['SQLValidator']['use'] == true && isset($cfg['SQLQuery']['Validate']) && $cfg['SQLQuery']['Validate'] == true) { $validate_link = 'import.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($sql_query) . '&validatequery='; if (!empty($GLOBALS['validatequery'])) { $validate_link .= '0'; $validate_message = $GLOBALS['strNoValidateSQL']; } else { $validate_link .= '1'; $validate_message = $GLOBALS['strValidateSQL']; } $validate_link = ' [' . PMA_linkOrButton($validate_link, $validate_message) . ']'; } else { $validate_link = ''; } //validator // why this? //unset($sql_query); // Displays the message echo '<fieldset class="">' . "\n"; echo ' <legend>' . $GLOBALS['strSQLQuery'] . ':</legend>'; echo ' <div>'; // when uploading a 700 Kio binary file into a LONGBLOB, // I get a white page, strlen($query_base) is 2 x 700 Kio // so put a hard limit here (let's say 1000) if ($query_too_big) { echo ' ' . substr($query_base, 0, $cfg['MaxCharactersInDisplayedSQL']) . '[...]'; } else { echo ' ' . $query_base; } //Clean up the end of the PHP if (!empty($GLOBALS['show_as_php'])) { echo '\';'; } echo ' </div>'; echo '</fieldset>' . "\n"; if (!empty($edit_target)) { echo '<fieldset class="tblFooters">'; // avoid displaying a Profiling checkbox that could // be checked, which would reexecute an INSERT, for example if (!empty($refresh_link)) { PMA_profilingCheckbox($sql_query); } echo $edit_link . $explain_link . $php_link . $refresh_link . $validate_link; echo '</fieldset>'; } } echo '</div><br />' . "\n"; }
<th width="60"><?php echo $strTrackingUsername; ?> </th> <th><?php echo $strTrackingDataManipulationStatement; ?> </th> </tr> </thead> <tbody> <?php $style = 'odd'; foreach ($data['dmlog'] as $entry) { $parsed_sql = PMA_SQP_parse($entry['statement']); $statement = PMA_formatSql($parsed_sql); $timestamp = strtotime($entry['date']); if ($timestamp >= $filter_ts_from && $timestamp <= $filter_ts_to && (in_array('*', $filter_users) || in_array($entry['username'], $filter_users))) { ?> <tr class="<?php echo $style; ?> "> <td><small><?php echo $i; ?> </small></td> <td><small><?php echo $entry['date']; ?> </small></td>
/** * Displays a message at the top of the "main" (right) frame * * @param string the message to display * * @global array the configuration array * * @access public */ function PMA_showMessage($message) { global $cfg; // Sanitizes $message $message = PMA_sanitize($message); // Corrects the tooltip text via JS if required if (isset($GLOBALS['table']) && strlen($GLOBALS['table']) && $cfg['ShowTooltip']) { $result = PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], true) . '\''); if ($result) { $tbl_status = PMA_DBI_fetch_assoc($result); $tooltip = empty($tbl_status['Comment']) ? '' : $tbl_status['Comment'] . ' '; $tooltip .= '(' . PMA_formatNumber($tbl_status['Rows'], 0) . ' ' . $GLOBALS['strRows'] . ')'; PMA_DBI_free_result($result); $uni_tbl = PMA_jsFormat($GLOBALS['db'] . '.' . $GLOBALS['table'], false); echo "\n"; ?> <script type="text/javascript" language="javascript"> //<![CDATA[ window.parent.updateTableTitle('<?php echo $uni_tbl; ?> ', '<?php echo PMA_jsFormat($tooltip, false); ?> '); //]]> </script> <?php } // end if } // end if ... elseif // Checks if the table needs to be repaired after a TRUNCATE query. if (isset($GLOBALS['table']) && isset($GLOBALS['sql_query']) && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) { if (!isset($tbl_status)) { $result = @PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], true) . '\''); if ($result) { $tbl_status = PMA_DBI_fetch_assoc($result); PMA_DBI_free_result($result); } } if (isset($tbl_status) && (int) $tbl_status['Index_length'] > 1024) { PMA_DBI_try_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table'])); } } unset($tbl_status); ?> <br /> <div align="<?php echo $GLOBALS['cell_align_left']; ?> "> <?php if (!empty($GLOBALS['show_error_header'])) { ?> <div class="error"> <h1><?php echo $GLOBALS['strError']; ?> </h1> <?php } echo $message; if (isset($GLOBALS['special_message'])) { echo PMA_sanitize($GLOBALS['special_message']); unset($GLOBALS['special_message']); } if (!empty($GLOBALS['show_error_header'])) { echo '</div>'; } if ($cfg['ShowSQL'] == true && (!empty($GLOBALS['sql_query']) || !empty($GLOBALS['display_query']))) { $local_query = !empty($GLOBALS['display_query']) ? $GLOBALS['display_query'] : ($cfg['SQP']['fmtType'] == 'none' && isset($GLOBALS['unparsed_sql']) && $GLOBALS['unparsed_sql'] != '' ? $GLOBALS['unparsed_sql'] : $GLOBALS['sql_query']); // Basic url query part $url_qpart = '?' . PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', isset($GLOBALS['table']) ? $GLOBALS['table'] : ''); // Html format the query to be displayed // The nl2br function isn't used because its result isn't a valid // xhtml1.0 statement before php4.0.5 ("<br>" and not "<br />") // If we want to show some sql code it is easiest to create it here /* SQL-Parser-Analyzer */ if (!empty($GLOBALS['show_as_php'])) { $new_line = '\'<br />' . "\n" . ' . \' '; } if (isset($new_line)) { /* SQL-Parser-Analyzer */ $query_base = PMA_sqlAddslashes(htmlspecialchars($local_query), false, false, true); /* SQL-Parser-Analyzer */ $query_base = preg_replace("@((\r\n)|(\r)|(\n))+@", $new_line, $query_base); } else { $query_base = $local_query; } // Parse SQL if needed if (isset($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) { $parsed_sql = $GLOBALS['parsed_sql']; } else { // when the query is large (for example an INSERT of binary // data), the parser chokes; so avoid parsing the query if (strlen($query_base) < 1000) { $parsed_sql = PMA_SQP_parse($query_base); } } // Analyze it if (isset($parsed_sql)) { $analyzed_display_query = PMA_SQP_analyze($parsed_sql); } // Here we append the LIMIT added for navigation, to // enable its display. Adding it higher in the code // to $local_query would create a problem when // using the Refresh or Edit links. // Only append it on SELECTs. // FIXME: what would be the best to do when someone // hits Refresh: use the current LIMITs ? if (isset($analyzed_display_query[0]['queryflags']['select_from']) && isset($GLOBALS['sql_limit_to_append'])) { $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_limit_to_append'] . $analyzed_display_query[0]['section_after_limit']; // Need to reparse query $parsed_sql = PMA_SQP_parse($query_base); } if (!empty($GLOBALS['show_as_php'])) { $query_base = '$sql = \'' . $query_base; } elseif (!empty($GLOBALS['validatequery'])) { $query_base = PMA_validateSQL($query_base); } else { if (isset($parsed_sql)) { $query_base = PMA_formatSql($parsed_sql, $query_base); } } // Prepares links that may be displayed to edit/explain the query // (don't go to default pages, we must go to the page // where the query box is available) // (also, I don't see why we should check the goto variable) //if (!isset($GLOBALS['goto'])) { //$edit_target = (isset($GLOBALS['table'])) ? $cfg['DefaultTabTable'] : $cfg['DefaultTabDatabase']; $edit_target = isset($GLOBALS['db']) ? isset($GLOBALS['table']) ? 'tbl_properties.php' : 'db_details.php' : 'server_sql.php'; //} elseif ($GLOBALS['goto'] != 'main.php') { // $edit_target = $GLOBALS['goto']; //} else { // $edit_target = ''; //} if (isset($cfg['SQLQuery']['Edit']) && $cfg['SQLQuery']['Edit'] == true && !empty($edit_target)) { if ($cfg['EditInWindow'] == true) { $onclick = 'window.parent.focus_querywindow(\'' . PMA_jsFormat($local_query, false) . '\'); return false;'; } else { $onclick = ''; } $edit_link = $edit_target . $url_qpart . '&sql_query=' . urlencode($local_query) . '&show_query=1#querybox'; $edit_link = ' [' . PMA_linkOrButton($edit_link, $GLOBALS['strEdit'], array('onclick' => $onclick)) . ']'; } else { $edit_link = ''; } // Want to have the query explained (Mike Beck 2002-05-22) // but only explain a SELECT (that has not been explained) /* SQL-Parser-Analyzer */ if (isset($cfg['SQLQuery']['Explain']) && $cfg['SQLQuery']['Explain'] == true) { // Detect if we are validating as well // To preserve the validate uRL data if (!empty($GLOBALS['validatequery'])) { $explain_link_validate = '&validatequery=1'; } else { $explain_link_validate = ''; } $explain_link = 'import.php' . $url_qpart . $explain_link_validate . '&sql_query='; if (preg_match('@^SELECT[[:space:]]+@i', $local_query)) { $explain_link .= urlencode('EXPLAIN ' . $local_query); $message = $GLOBALS['strExplain']; } elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $local_query)) { $explain_link .= urlencode(substr($local_query, 8)); $message = $GLOBALS['strNoExplain']; } else { $explain_link = ''; } if (!empty($explain_link)) { $explain_link = ' [' . PMA_linkOrButton($explain_link, $message) . ']'; } } else { $explain_link = ''; } //show explain // Also we would like to get the SQL formed in some nice // php-code (Mike Beck 2002-05-22) if (isset($cfg['SQLQuery']['ShowAsPHP']) && $cfg['SQLQuery']['ShowAsPHP'] == true) { $php_link = 'import.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($local_query) . '&show_as_php='; if (!empty($GLOBALS['show_as_php'])) { $php_link .= '0'; $message = $GLOBALS['strNoPhp']; } else { $php_link .= '1'; $message = $GLOBALS['strPhp']; } $php_link = ' [' . PMA_linkOrButton($php_link, $message) . ']'; if (isset($GLOBALS['show_as_php']) && $GLOBALS['show_as_php'] == '1') { $runquery_link = 'import.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($local_query); $php_link .= ' [' . PMA_linkOrButton($runquery_link, $GLOBALS['strRunQuery']) . ']'; } } else { $php_link = ''; } //show as php // Refresh query if (isset($cfg['SQLQuery']['Refresh']) && $cfg['SQLQuery']['Refresh'] && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $local_query)) { $refresh_link = 'import.php' . $url_qpart . '&show_query=1' . (isset($_GET['pos']) ? '&pos=' . $_GET['pos'] : '') . '&sql_query=' . urlencode($local_query); $refresh_link = ' [' . PMA_linkOrButton($refresh_link, $GLOBALS['strRefresh']) . ']'; } else { $refresh_link = ''; } //show as php if (isset($cfg['SQLValidator']['use']) && $cfg['SQLValidator']['use'] == true && isset($cfg['SQLQuery']['Validate']) && $cfg['SQLQuery']['Validate'] == true) { $validate_link = 'import.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($local_query) . '&validatequery='; if (!empty($GLOBALS['validatequery'])) { $validate_link .= '0'; $validate_message = $GLOBALS['strNoValidateSQL']; } else { $validate_link .= '1'; $validate_message = $GLOBALS['strValidateSQL']; } $validate_link = ' [' . PMA_linkOrButton($validate_link, $validate_message) . ']'; } else { $validate_link = ''; } //validator unset($local_query); // Displays the message echo '<fieldset class="">' . "\n"; echo ' <legend>' . $GLOBALS['strSQLQuery'] . ':</legend>'; echo ' ' . $query_base; //Clean up the end of the PHP if (!empty($GLOBALS['show_as_php'])) { echo '\';'; } echo '</fieldset>' . "\n"; if (!empty($edit_target)) { echo '<fieldset class="tblFooters">'; echo $edit_link . $explain_link . $php_link . $refresh_link . $validate_link; echo '</fieldset>'; } } ?> </div><br /> <?php }
function testFormatSQLError(){ global $SQP_errorString; $SQP_errorString = true; $sql = array("raw" => "& \" < >"); $this->assertEquals("& " < >", PMA_formatSql($sql)); $SQP_errorString = false; }
/** * Displays a message at the top of the "main" (right) frame * * @param string the message to display * * @global array the configuration array * * @access public */ function PMA_showMessage($message) { global $cfg; require_once './header.inc.php'; // Reloads the navigation frame via JavaScript if required if (isset($GLOBALS['reload']) && $GLOBALS['reload']) { echo "\n"; $reload_url = './left.php?' . PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', '', '&'); ?> <script type="text/javascript" language="javascript1.2"> <!-- if (typeof(window.parent) != 'undefined' && typeof(window.parent.frames['nav']) != 'undefined') { window.parent.frames['nav'].location.replace('<?php echo $reload_url; ?> &hash=' + <?php echo $cfg['QueryFrame'] && $cfg['QueryFrameJS'] ? 'window.parent.frames[\'queryframe\'].document.hashform.hash.value' : "'" . md5($cfg['PmaAbsoluteUri']) . "'"; ?> ); } //--> </script> <?php unset($GLOBALS['reload']); } else { if (!empty($GLOBALS['table']) && $cfg['ShowTooltip']) { $result = @PMA_mysql_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], TRUE) . '\''); if ($result) { $tbl_status = PMA_mysql_fetch_array($result, MYSQL_ASSOC); $tooltip = empty($tbl_status['Comment']) ? '' : $tbl_status['Comment'] . ' '; $tooltip .= '(' . $tbl_status['Rows'] . ' ' . $GLOBALS['strRows'] . ')'; mysql_free_result($result); $md5_tbl = md5($GLOBALS['table']); echo "\n"; ?> <script type="text/javascript" language="javascript1.2"> <!-- if (typeof(document.getElementById) != 'undefined' && typeof(window.parent.frames['nav']) != 'undefined' && typeof(window.parent.frames['nav'].document) != 'undefined' && typeof(window.parent.frames['nav'].document) != 'unknown' && (window.parent.frames['nav'].document.getElementById('<?php echo 'tbl_' . $md5_tbl; ?> ')) && typeof(window.parent.frames['nav'].document.getElementById('<?php echo 'tbl_' . $md5_tbl; ?> ')) != 'undefined' && typeof(window.parent.frames['nav'].document.getElementById('<?php echo 'tbl_' . $md5_tbl; ?> ').title) == 'string') { window.parent.frames['nav'].document.getElementById('<?php echo 'tbl_' . $md5_tbl; ?> ').title = '<?php echo PMA_jsFormat($tooltip, FALSE); ?> '; } //--> </script> <?php } // end if } } // end if... else if // Checks if the table needs to be repaired after a TRUNCATE query. if (isset($GLOBALS['table']) && isset($GLOBALS['sql_query']) && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) { if (!isset($tbl_status)) { $result = @PMA_mysql_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], TRUE) . '\''); if ($result) { $tbl_status = PMA_mysql_fetch_array($result, MYSQL_ASSOC); mysql_free_result($result); } } if (isset($tbl_status) && (int) $tbl_status['Index_length'] > 1024) { @PMA_mysql_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table'])); } } unset($tbl_status); echo "\n"; ?> <div align="<?php echo $GLOBALS['cell_align_left']; ?> "> <table border="<?php echo $cfg['Border']; ?> " cellpadding="5"> <tr> <td bgcolor="<?php echo $cfg['ThBgcolor']; ?> "> <b><?php echo $message; ?> </b><br /> </td> </tr> <?php if ($cfg['ShowSQL'] == TRUE && (!empty($GLOBALS['sql_query']) || !empty($GLOBALS['display_query']))) { $local_query = !empty($GLOBALS['display_query']) ? $GLOBALS['display_query'] : ($cfg['SQP']['fmtType'] == 'none' && $GLOBALS['unparsed_sql'] != '' ? $GLOBALS['unparsed_sql'] : $GLOBALS['sql_query']); // Basic url query part $url_qpart = '?' . PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', isset($GLOBALS['table']) ? $GLOBALS['table'] : ''); echo "\n"; ?> <tr> <td bgcolor="<?php echo $cfg['BgcolorOne']; ?> "> <?php echo "\n"; // Html format the query to be displayed // The nl2br function isn't used because its result isn't a valid // xhtml1.0 statement before php4.0.5 ("<br>" and not "<br />") // If we want to show some sql code it is easiest to create it here /* SQL-Parser-Analyzer */ $sqlnr = 1; if (!empty($GLOBALS['show_as_php'])) { $new_line = '\'<br />' . "\n" . ' . \' '; } if (isset($new_line)) { /* SQL-Parser-Analyzer */ $query_base = PMA_sqlAddslashes(htmlspecialchars($local_query)); /* SQL-Parser-Analyzer */ $query_base = preg_replace("@((\r\n)|(\r)|(\n))+@", $new_line, $query_base); } else { $query_base = $local_query; } if (!empty($GLOBALS['show_as_php'])) { $query_base = '$sql = \'' . $query_base; } else { if (!empty($GLOBALS['validatequery'])) { $query_base = PMA_validateSQL($query_base); } else { $parsed_sql = PMA_SQP_parse($query_base); $query_base = PMA_formatSql($parsed_sql, $query_base); } } // Prepares links that may be displayed to edit/explain the query // (don't go to default pages, we must go to the page // where the query box is available) // (also, I don't see why we should check the goto variable) //if (!isset($GLOBALS['goto'])) { //$edit_target = (isset($GLOBALS['table'])) ? $cfg['DefaultTabTable'] : $cfg['DefaultTabDatabase']; $edit_target = isset($GLOBALS['db']) ? isset($GLOBALS['table']) ? 'tbl_properties.php' : 'db_details.php' : ''; //} else if ($GLOBALS['goto'] != 'main.php') { // $edit_target = $GLOBALS['goto']; //} else { // $edit_target = ''; //} if (isset($cfg['SQLQuery']['Edit']) && $cfg['SQLQuery']['Edit'] == TRUE && !empty($edit_target)) { $onclick = ''; if ($cfg['QueryFrameJS'] && $cfg['QueryFrame']) { $onclick = 'onclick="focus_querywindow(\'' . urlencode($local_query) . '\'); return false;"'; } $edit_link = ' [<a href="' . $edit_target . $url_qpart . '&sql_query=' . urlencode($local_query) . '&show_query=1#querybox" ' . $onclick . '>' . $GLOBALS['strEdit'] . '</a>]'; } else { $edit_link = ''; } // Want to have the query explained (Mike Beck 2002-05-22) // but only explain a SELECT (that has not been explained) /* SQL-Parser-Analyzer */ if (isset($cfg['SQLQuery']['Explain']) && $cfg['SQLQuery']['Explain'] == TRUE) { // Detect if we are validating as well // To preserve the validate uRL data if (!empty($GLOBALS['validatequery'])) { $explain_link_validate = '&validatequery=1'; } else { $explain_link_validate = ''; } $explain_link = ' [<a href="sql.php' . $url_qpart . $explain_link_validate . '&sql_query='; if (preg_match('@^SELECT[[:space:]]+@i', $local_query)) { $explain_link .= urlencode('EXPLAIN ' . $local_query) . '">' . $GLOBALS['strExplain']; } else { if (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $local_query)) { $explain_link .= urlencode(substr($local_query, 8)) . '">' . $GLOBALS['strNoExplain']; } else { $explain_link = ''; } } if (!empty($explain_link)) { $explain_link .= '</a>]'; } } else { $explain_link = ''; } //show explain // Also we would like to get the SQL formed in some nice // php-code (Mike Beck 2002-05-22) if (isset($cfg['SQLQuery']['ShowAsPHP']) && $cfg['SQLQuery']['ShowAsPHP'] == TRUE) { $php_link = ' [<a href="sql.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($local_query) . '&show_as_php='; if (!empty($GLOBALS['show_as_php'])) { $php_link .= '0">' . $GLOBALS['strNoPhp']; } else { $php_link .= '1">' . $GLOBALS['strPhp']; } $php_link .= '</a>]'; if (isset($GLOBALS['show_as_php']) && $GLOBALS['show_as_php'] == '1') { $php_link .= ' [<a href="sql.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($local_query) . '">' . $GLOBALS['strRunQuery'] . '</a>]'; } } else { $php_link = ''; } //show as php if (isset($cfg['SQLValidator']['use']) && $cfg['SQLValidator']['use'] == TRUE && isset($cfg['SQLQuery']['Validate']) && $cfg['SQLQuery']['Validate'] == TRUE) { $validate_link = ' [<a href="sql.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($local_query) . '&validatequery='; if (!empty($GLOBALS['validatequery'])) { $validate_link .= '0">' . $GLOBALS['strNoValidateSQL']; } else { $validate_link .= '1">' . $GLOBALS['strValidateSQL']; } $validate_link .= '</a>]'; } else { $validate_link = ''; } //validator // Displays the message echo ' ' . $GLOBALS['strSQLQuery'] . ' :'; if (!empty($edit_target)) { echo $edit_link . $explain_link . $php_link . $validate_link; } echo '<br />' . "\n"; echo ' ' . $query_base; // If a 'LIMIT' clause has been programatically added to the query // displays it if (!empty($GLOBALS['sql_limit_to_append'])) { if (!empty($GLOBALS['show_as_php'])) { echo $GLOBALS['sql_limit_to_append']; } else { if (!empty($GLOBALS['validatequery'])) { // skip the extra bit here } else { echo ' ' . PMA_formatSql(PMA_SQP_parse($GLOBALS['sql_limit_to_append'], $GLOBALS['sql_limit_to_append'])); } } } unset($local_query); //Clean up the end of the PHP if (!empty($GLOBALS['show_as_php'])) { echo '\';'; } echo "\n"; ?> </td> </tr> <?php } echo "\n"; ?> </table> </div><br /> <?php }