/** * sqlAddslashes test */ public function testAddSlashes() { $string = "\\'test''\\''\\'\r\t\n"; $this->assertEquals("\\\\\\\\\\'test\\'\\'\\\\\\\\\\'\\'\\\\\\\\\\'\\r\\t\\n", PMA_sqlAddSlashes($string, true, true, true)); $this->assertEquals("\\\\\\\\''test''''\\\\\\\\''''\\\\\\\\''\\r\\t\\n", PMA_sqlAddSlashes($string, true, true, false)); $this->assertEquals("\\\\\\\\\\'test\\'\\'\\\\\\\\\\'\\'\\\\\\\\\\'\r\t\n", PMA_sqlAddSlashes($string, true, false, true)); $this->assertEquals("\\\\\\\\''test''''\\\\\\\\''''\\\\\\\\''\r\t\n", PMA_sqlAddSlashes($string, true, false, false)); $this->assertEquals("\\\\\\'test\\'\\'\\\\\\'\\'\\\\\\'\\r\\t\\n", PMA_sqlAddSlashes($string, false, true, true)); $this->assertEquals("\\\\''test''''\\\\''''\\\\''\\r\\t\\n", PMA_sqlAddSlashes($string, false, true, false)); $this->assertEquals("\\\\\\'test\\'\\'\\\\\\'\\'\\\\\\'\r\t\n", PMA_sqlAddSlashes($string, false, false, true)); $this->assertEquals("\\\\''test''''\\\\''''\\\\''\r\t\n", PMA_sqlAddSlashes($string, false, false, false)); }
/** * Save recent tables into phpMyAdmin database. * * @return true|PMA_Message */ public function saveToDb() { $username = $GLOBALS['cfg']['Server']['user']; $sql_query = " REPLACE INTO " . $this->pma_table . " (`username`, `tables`)" . " VALUES ('" . $username . "', '" . PMA_sqlAddSlashes(json_encode($this->tables)) . "')"; $success = PMA_DBI_try_query($sql_query, $GLOBALS['controllink']); if (!$success) { $message = PMA_Message::error(__('Could not save recent table')); $message->addMessage('<br /><br />'); $message->addMessage(PMA_Message::rawError(PMA_DBI_getError($GLOBALS['controllink']))); return $message; } return true; }
/** * Composes the query necessary to create an event from an HTTP request. * * @return string The CREATE EVENT query. */ function PMA_EVN_getQueryFromRequest() { global $_REQUEST, $errors, $event_status, $event_type, $event_interval; $query = 'CREATE '; if (!empty($_REQUEST['item_definer'])) { if (strpos($_REQUEST['item_definer'], '@') !== false) { $arr = explode('@', $_REQUEST['item_definer']); $query .= 'DEFINER=' . PMA_backquote($arr[0]); $query .= '@' . PMA_backquote($arr[1]) . ' '; } else { $errors[] = __('The definer must be in the "username@hostname" format'); } } $query .= 'EVENT '; if (!empty($_REQUEST['item_name'])) { $query .= PMA_backquote($_REQUEST['item_name']) . ' '; } else { $errors[] = __('You must provide an event name'); } $query .= 'ON SCHEDULE '; if (!empty($_REQUEST['item_type']) && in_array($_REQUEST['item_type'], $event_type)) { if ($_REQUEST['item_type'] == 'RECURRING') { if (!empty($_REQUEST['item_interval_value']) && !empty($_REQUEST['item_interval_field']) && in_array($_REQUEST['item_interval_field'], $event_interval)) { $query .= 'EVERY ' . intval($_REQUEST['item_interval_value']) . ' '; $query .= $_REQUEST['item_interval_field'] . ' '; } else { $errors[] = __('You must provide a valid interval value for the event.'); } if (!empty($_REQUEST['item_starts'])) { $query .= "STARTS '" . PMA_sqlAddSlashes($_REQUEST['item_starts']) . "' "; } if (!empty($_REQUEST['item_ends'])) { $query .= "ENDS '" . PMA_sqlAddSlashes($_REQUEST['item_ends']) . "' "; } } else { if (!empty($_REQUEST['item_execute_at'])) { $query .= "AT '" . PMA_sqlAddSlashes($_REQUEST['item_execute_at']) . "' "; } else { $errors[] = __('You must provide a valid execution time for the event.'); } } } else { $errors[] = __('You must provide a valid type for the event.'); } $query .= 'ON COMPLETION '; if (empty($_REQUEST['item_preserve'])) { $query .= 'NOT '; } $query .= 'PRESERVE '; if (!empty($_REQUEST['item_status'])) { foreach ($event_status['display'] as $key => $value) { if ($value == $_REQUEST['item_status']) { $query .= $event_status['query'][$key] . ' '; break; } } } $query .= 'DO '; if (!empty($_REQUEST['item_definition'])) { $query .= $_REQUEST['item_definition']; } else { $errors[] = __('You must provide an event definition.'); } return $query; }
} $tables_selected = array(); if (empty($_REQUEST['table_select']) || !is_array($_REQUEST['table_select'])) { unset($_REQUEST['submit_search']); } elseif (!isset($_REQUEST['selectall']) && !isset($_REQUEST['unselectall'])) { $tables_selected = array_intersect($_REQUEST['table_select'], $tables_names_only); } if (isset($_REQUEST['selectall'])) { $tables_selected = $tables_names_only; } elseif (isset($_REQUEST['unselectall'])) { $tables_selected = array(); } if (empty($_REQUEST['field_str']) || !is_string($_REQUEST['field_str'])) { unset($field_str); } else { $field_str = PMA_sqlAddSlashes($_REQUEST['field_str'], true); } /** * Displays top links if we are not in an Ajax request */ $sub_part = ''; if ($GLOBALS['is_ajax_request'] != true) { include 'libraries/db_info.inc.php'; echo '<div id="searchresults">'; } /** * 1. Main search form has been submitted */ if (isset($_REQUEST['submit_search'])) { /** * Builds the SQL search query
/** * Save this table's UI preferences into phpMyAdmin database. * * @return true|PMA_Message */ protected function saveUiPrefsToDb() { $pma_table = PMA_backquote($GLOBALS['cfg']['Server']['pmadb']) . "." . PMA_backquote($GLOBALS['cfg']['Server']['table_uiprefs']); $username = $GLOBALS['cfg']['Server']['user']; $sql_query = " REPLACE INTO " . $pma_table . " VALUES ('" . $username . "', '" . PMA_sqlAddSlashes($this->db_name) . "', '" . PMA_sqlAddSlashes($this->name) . "', '" . PMA_sqlAddSlashes(json_encode($this->uiprefs)) . "', NULL)"; $success = PMA_DBI_try_query($sql_query, $GLOBALS['controllink']); if (!$success) { $message = PMA_Message::error(__('Could not save table UI preferences')); $message->addMessage('<br /><br />'); $message->addMessage(PMA_Message::rawError(PMA_DBI_getError($GLOBALS['controllink']))); return $message; } // Remove some old rows in table_uiprefs if it exceeds the configured maximum rows $sql_query = 'SELECT COUNT(*) FROM ' . $pma_table; $rows_count = PMA_DBI_fetch_value($sql_query); $max_rows = $GLOBALS['cfg']['Server']['MaxTableUiprefs']; if ($rows_count > $max_rows) { $num_rows_to_delete = $rows_count - $max_rows; $sql_query = ' DELETE FROM ' . $pma_table . ' ORDER BY last_update ASC' . ' LIMIT ' . $num_rows_to_delete; $success = PMA_DBI_try_query($sql_query, $GLOBALS['controllink']); if (!$success) { $message = PMA_Message::error(sprintf(__('Failed to cleanup table UI preferences (see $cfg[\'Servers\'][$i][\'MaxTableUiprefs\'] %s)'), PMA_showDocu('cfg_Servers_MaxTableUiprefs'))); $message->addMessage('<br /><br />'); $message->addMessage(PMA_Message::rawError(PMA_DBI_getError($GLOBALS['controllink']))); print_r($message); return $message; } } return true; }
/** * The "Table_Stats" constructor * * @param string $tableName The table name * @param integer $fontSize The font size * @param integer $pageNumber The current page number (from the * $cfg['Servers'][$i]['table_coords'] table) * @param integer &$sameWideWidth The max. with among tables * @param boolean $showKeys Whether to display keys or not * @param boolean $showInfo Whether to display table position or not * * @global object The current PDF document * @global array The relations settings * @global string The current db name * * @return void * * @see PMA_Schema_PDF, Table_Stats::Table_Stats_setWidth, * Table_Stats::Table_Stats_setHeight */ function __construct($tableName, $fontSize, $pageNumber, &$sameWideWidth, $showKeys = false, $showInfo = false) { global $pdf, $cfgRelation, $db; $this->_tableName = $tableName; $sql = 'DESCRIBE ' . PMA_backquote($tableName); $result = PMA_DBI_try_query($sql, null, PMA_DBI_QUERY_STORE); if (!$result || !PMA_DBI_num_rows($result)) { $pdf->Error(sprintf(__('The %s table doesn\'t exist!'), $tableName)); } // load fields //check to see if it will load all fields or only the foreign keys if ($showKeys) { $indexes = PMA_Index::getFromTable($this->_tableName, $db); $all_columns = array(); foreach ($indexes as $index) { $all_columns = array_merge($all_columns, array_flip(array_keys($index->getColumns()))); } $this->fields = array_keys($all_columns); } else { while ($row = PMA_DBI_fetch_row($result)) { $this->fields[] = $row[0]; } } $this->_showInfo = $showInfo; $this->_setHeight(); /* * setWidth must me after setHeight, because title * can include table height which changes table width */ $this->_setWidth($fontSize); if ($sameWideWidth < $this->width) { $sameWideWidth = $this->width; } $sql = 'SELECT x, y FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'' . ' AND table_name = \'' . PMA_sqlAddSlashes($tableName) . '\'' . ' AND pdf_page_number = ' . $pageNumber; $result = PMA_query_as_controluser($sql, false, PMA_DBI_QUERY_STORE); if (!$result || !PMA_DBI_num_rows($result)) { $pdf->Error(sprintf(__('Please configure the coordinates for table %s'), $tableName)); } list($this->x, $this->y) = PMA_DBI_fetch_row($result); $this->x = (double) $this->x; $this->y = (double) $this->y; /* * displayfield */ $this->displayfield = PMA_getDisplayField($db, $tableName); /* * index */ $result = PMA_DBI_query('SHOW INDEX FROM ' . PMA_backquote($tableName) . ';', null, PMA_DBI_QUERY_STORE); if (PMA_DBI_num_rows($result) > 0) { while ($row = PMA_DBI_fetch_assoc($result)) { if ($row['Key_name'] == 'PRIMARY') { $this->primary[] = $row['Column_name']; } } } }
/** * returns collation of given db * * @uses PMA_DBI_fetch_value() * @uses PMA_DBI_select_db() * @uses PMA_sqlAddSlashes() * @uses $GLOBALS['db'] * @param string $db name of db * @return string collation of $db */ function PMA_getDbCollation($db) { if ($db == 'information_schema') { // We don't have to check the collation of the virtual // information_schema database: We know it! return 'utf8_general_ci'; } if (!$GLOBALS['cfg']['Server']['DisableIS']) { // this is slow with thousands of databases return PMA_DBI_fetch_value('SELECT DEFAULT_COLLATION_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME = \'' . PMA_sqlAddSlashes($db) . '\' LIMIT 1;'); } else { PMA_DBI_select_db($db); $return = PMA_DBI_fetch_value('SHOW VARIABLES LIKE \'collation_database\'', 0, 1); if ($db !== $GLOBALS['db']) { PMA_DBI_select_db($GLOBALS['db']); } return $return; } }
$retval = $pmatable->setUiProp(PMA_Table::PROP_COLUMN_VISIB, $col_visib, $_REQUEST['table_create_time']); if (gettype($retval) != 'boolean') { PMA_ajaxResponse($retval->getString(), false); } } PMA_ajaxResponse(null, ($retval == true)); } // Default to browse if no query set and we have table // (needed for browsing from DefaultTabTable) if (empty($sql_query) && strlen($table) && strlen($db)) { include_once 'libraries/bookmark.lib.php'; $book_sql_query = PMA_Bookmark_get( $db, '\'' . PMA_sqlAddSlashes($table) . '\'', 'label', false, true ); if (! empty($book_sql_query)) { $GLOBALS['using_bookmark_message'] = PMA_message::notice(__('Using bookmark "%s" as default browse query.')); $GLOBALS['using_bookmark_message']->addParam($table); $GLOBALS['using_bookmark_message']->addMessage(PMA_showDocu('faq6_22')); $sql_query = $book_sql_query; } else { $sql_query = 'SELECT * FROM ' . PMA_backquote($table); } unset($book_sql_query);
/** * Outputs the content of a table in SQL format * * @param string $db database name * @param string $table table name * @param string $crlf the end of line sequence * @param string $error_url the url to go back in case of error * @param string $sql_query SQL query for obtaining data * @return bool Whether it succeeded * * @access public */ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query) { global $sql_backquotes; global $current_row; $formatted_table_name = isset($GLOBALS['sql_backquotes']) ? PMA_backquote($table) : '\'' . $table . '\''; // Do not export data for a VIEW // (For a VIEW, this is called only when exporting a single VIEW) if (PMA_Table::isView($db, $table)) { $head = PMA_possibleCRLF() . PMA_exportComment() . PMA_exportComment('VIEW ' . ' ' . $formatted_table_name) . PMA_exportComment(__('Data') . ': ' . __('None')) . PMA_exportComment() . PMA_possibleCRLF(); if (!PMA_exportOutputHandler($head)) { return false; } return true; } // analyze the query to get the true column names, not the aliases // (this fixes an undefined index, also if Complete inserts // are used, we did not get the true column name in case of aliases) $analyzed_sql = PMA_SQP_analyze(PMA_SQP_parse($sql_query)); $result = PMA_DBI_try_query($sql_query, null, PMA_DBI_QUERY_UNBUFFERED); // a possible error: the table has crashed $tmp_error = PMA_DBI_getError(); if ($tmp_error) { return PMA_exportOutputHandler(PMA_exportComment(__('Error reading data:') . ' (' . $tmp_error . ')')); } if ($result != false) { $fields_cnt = PMA_DBI_num_fields($result); // Get field information $fields_meta = PMA_DBI_get_fields_meta($result); $field_flags = array(); for ($j = 0; $j < $fields_cnt; $j++) { $field_flags[$j] = PMA_DBI_field_flags($result, $j); } for ($j = 0; $j < $fields_cnt; $j++) { if (isset($analyzed_sql[0]['select_expr'][$j]['column'])) { $field_set[$j] = PMA_backquote($analyzed_sql[0]['select_expr'][$j]['column'], $sql_backquotes); } else { $field_set[$j] = PMA_backquote($fields_meta[$j]->name, $sql_backquotes); } } if (isset($GLOBALS['sql_type']) && $GLOBALS['sql_type'] == 'UPDATE') { // update $schema_insert = 'UPDATE '; if (isset($GLOBALS['sql_ignore'])) { $schema_insert .= 'IGNORE '; } // avoid EOL blank $schema_insert .= PMA_backquote($table, $sql_backquotes) . ' SET'; } else { // insert or replace if (isset($GLOBALS['sql_type']) && $GLOBALS['sql_type'] == 'REPLACE') { $sql_command = 'REPLACE'; } else { $sql_command = 'INSERT'; } // delayed inserts? if (isset($GLOBALS['sql_delayed'])) { $insert_delayed = ' DELAYED'; } else { $insert_delayed = ''; } // insert ignore? if (isset($GLOBALS['sql_type']) && $GLOBALS['sql_type'] == 'INSERT' && isset($GLOBALS['sql_ignore'])) { $insert_delayed .= ' IGNORE'; } // scheme for inserting fields if ($GLOBALS['sql_insert_syntax'] == 'complete' || $GLOBALS['sql_insert_syntax'] == 'both') { $fields = implode(', ', $field_set); $schema_insert = $sql_command . $insert_delayed . ' INTO ' . PMA_backquote($table, $sql_backquotes) . ' (' . $fields . ') VALUES'; } else { $schema_insert = $sql_command . $insert_delayed . ' INTO ' . PMA_backquote($table, $sql_backquotes) . ' VALUES'; } } $search = array("", "\n", "\r", ""); //\x08\\x09, not required $replace = array('\\0', '\\n', '\\r', '\\Z'); $current_row = 0; $query_size = 0; if (($GLOBALS['sql_insert_syntax'] == 'extended' || $GLOBALS['sql_insert_syntax'] == 'both') && (!isset($GLOBALS['sql_type']) || $GLOBALS['sql_type'] != 'UPDATE')) { $separator = ','; $schema_insert .= $crlf; } else { $separator = ';'; } while ($row = PMA_DBI_fetch_row($result)) { if ($current_row == 0) { $head = PMA_possibleCRLF() . PMA_exportComment() . PMA_exportComment(__('Dumping data for table') . ' ' . $formatted_table_name) . PMA_exportComment() . $crlf; if (!PMA_exportOutputHandler($head)) { return false; } } $current_row++; for ($j = 0; $j < $fields_cnt; $j++) { // NULL if (!isset($row[$j]) || is_null($row[$j])) { $values[] = 'NULL'; // a number // timestamp is numeric on some MySQL 4.1, BLOBs are sometimes numeric } elseif ($fields_meta[$j]->numeric && $fields_meta[$j]->type != 'timestamp' && !$fields_meta[$j]->blob) { $values[] = $row[$j]; // a true BLOB // - mysqldump only generates hex data when the --hex-blob // option is used, for fields having the binary attribute // no hex is generated // - a TEXT field returns type blob but a real blob // returns also the 'binary' flag } elseif (stristr($field_flags[$j], 'BINARY') && $fields_meta[$j]->blob && isset($GLOBALS['sql_hex_for_blob'])) { // empty blobs need to be different, but '0' is also empty :-( if (empty($row[$j]) && $row[$j] != '0') { $values[] = '\'\''; } else { $values[] = '0x' . bin2hex($row[$j]); } // detection of 'bit' works only on mysqli extension } elseif ($fields_meta[$j]->type == 'bit') { $values[] = "b'" . PMA_sqlAddSlashes(PMA_printable_bit_value($row[$j], $fields_meta[$j]->length)) . "'"; // something else -> treat as a string } else { $values[] = '\'' . str_replace($search, $replace, PMA_sqlAddSlashes($row[$j])) . '\''; } // end if } // end for // should we make update? if (isset($GLOBALS['sql_type']) && $GLOBALS['sql_type'] == 'UPDATE') { $insert_line = $schema_insert; for ($i = 0; $i < $fields_cnt; $i++) { if (0 == $i) { $insert_line .= ' '; } if ($i > 0) { // avoid EOL blank $insert_line .= ','; } $insert_line .= $field_set[$i] . ' = ' . $values[$i]; } list($tmp_unique_condition, $tmp_clause_is_unique) = PMA_getUniqueCondition($result, $fields_cnt, $fields_meta, $row); $insert_line .= ' WHERE ' . $tmp_unique_condition; unset($tmp_unique_condition, $tmp_clause_is_unique); } else { // Extended inserts case if ($GLOBALS['sql_insert_syntax'] == 'extended' || $GLOBALS['sql_insert_syntax'] == 'both') { if ($current_row == 1) { $insert_line = $schema_insert . '(' . implode(', ', $values) . ')'; } else { $insert_line = '(' . implode(', ', $values) . ')'; if (isset($GLOBALS['sql_max_query_size']) && $GLOBALS['sql_max_query_size'] > 0 && $query_size + strlen($insert_line) > $GLOBALS['sql_max_query_size']) { if (!PMA_exportOutputHandler(';' . $crlf)) { return false; } $query_size = 0; $current_row = 1; $insert_line = $schema_insert . $insert_line; } } $query_size += strlen($insert_line); } else { $insert_line = $schema_insert . '(' . implode(', ', $values) . ')'; } } unset($values); if (!PMA_exportOutputHandler(($current_row == 1 ? '' : $separator . $crlf) . $insert_line)) { return false; } } // end while if ($current_row > 0) { if (!PMA_exportOutputHandler(';' . $crlf)) { return false; } } } // end if ($result != false) PMA_DBI_free_result($result); return true; }
$disp = PMA_getDisplayField($db, $table); if ($disp) { if ($display_field != $disp) { $upd_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info']) . ' SET display_field = \'' . PMA_sqlAddSlashes($display_field) . '\'' . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'' . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\''; } else { $upd_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info']) . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'' . ' AND table_name = \'' . PMA_sqlAddSlashes($table) . '\''; } } elseif ($display_field != '') { $upd_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info']) . '(db_name, table_name, display_field) ' . ' VALUES(' . '\'' . PMA_sqlAddSlashes($db) . '\',' . '\'' . PMA_sqlAddSlashes($table) . '\',' . '\'' . PMA_sqlAddSlashes($display_field) . '\')'; } if (isset($upd_query)) { $upd_rs = PMA_query_as_controluser($upd_query); } } // end if header("Content-Type: text/xml; charset=utf-8"); header("Cache-Control: no-cache"); die("<root act='save_pos' return=__('Modifications have been saved')></root>"); ?>
} $sql .= ' INFILE \'' . PMA_sqlAddSlashes($import_file) . '\''; if (isset($ldi_replace)) { $sql .= ' REPLACE'; } elseif (isset($ldi_ignore)) { $sql .= ' IGNORE'; } $sql .= ' INTO TABLE ' . PMA_backquote($table); if (strlen($ldi_terminated) > 0) { $sql .= ' FIELDS TERMINATED BY \'' . $ldi_terminated . '\''; } if (strlen($ldi_enclosed) > 0) { $sql .= ' ENCLOSED BY \'' . PMA_sqlAddSlashes($ldi_enclosed) . '\''; } if (strlen($ldi_escaped) > 0) { $sql .= ' ESCAPED BY \'' . PMA_sqlAddSlashes($ldi_escaped) . '\''; } if (strlen($ldi_new_line) > 0) { if ($ldi_new_line == 'auto') { $ldi_new_line = PMA_whichCrlf() == "\n" ? '\\n' : '\\r\\n'; } $sql .= ' LINES TERMINATED BY \'' . $ldi_new_line . '\''; } if ($skip_queries > 0) { $sql .= ' IGNORE ' . $skip_queries . ' LINES'; $skip_queries = 0; } if (strlen($ldi_columns) > 0) { $sql .= ' ('; $tmp = preg_split('/,( ?)/', $ldi_columns); $cnt_tmp = count($tmp);
echo '</div>'; } // end if } // end if (!$is_information_schema) // not sure about displaying the PDF dialog in case db is information_schema if ($cfgRelation['pdfwork'] && $num_tables > 0) { ?> <!-- Work on PDF Pages --> <?php // We only show this if we find something in the new pdf_pages table $test_query = ' SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages']) . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''; $test_rs = PMA_query_as_controluser($test_query, null, PMA_DBI_QUERY_STORE); /* * Export Relational Schema View */ echo '<div class="operations_full_width"><fieldset><a href="schema_edit.php?' . $url_query . '">'; if ($cfg['PropertiesIconic']) { echo PMA_getImage('b_edit.png'); } echo __('Edit or export relational schema') . '</a></fieldset></div>'; } // end if /** * Displays the footer */ require 'libraries/footer.inc.php';
/** * Analyzes a given SQL statement and saves tracking data. * * @param string $query a SQL query * * @static * * @return void */ static public function handleQuery($query) { // If query is marked as untouchable, leave if (strstr($query, "/*NOTRACK*/")) { return; } if (! (substr($query, -1) == ';')) { $query = $query . ";\n"; } // Get some information about query $result = self::parseQuery($query); // Get database name $dbname = trim($GLOBALS['db'], '`'); // $dbname can be empty, for example when coming from Synchronize // and this is a query for the remote server if (empty($dbname)) { return; } // If we found a valid statement if (isset($result['identifier'])) { $version = self::getVersion($dbname, $result['tablename'], $result['identifier']); // If version not exists and auto-creation is enabled if (self::$version_auto_create == true && self::isTracked($dbname, $result['tablename']) == false && $version == -1 ) { // Create the version switch ($result['identifier']) { case 'CREATE TABLE': self::createVersion($dbname, $result['tablename'], '1'); break; case 'CREATE VIEW': self::createVersion($dbname, $result['tablename'], '1', '', true); break; case 'CREATE DATABASE': self::createDatabaseVersion($dbname, '1', $query); break; } // end switch } // If version exists if (self::isTracked($dbname, $result['tablename']) && $version != -1) { if ($result['type'] == 'DDL') { $save_to = 'schema_sql'; } elseif ($result['type'] == 'DML') { $save_to = 'data_sql'; } else { $save_to = ''; } $date = date('Y-m-d H:i:s'); // Cut off `dbname`. from query $query = preg_replace('/`' . $dbname . '`\s?\./', '', $query); // Add log information $query = self::getLogComment() . $query ; // Mark it as untouchable $sql_query = " /*NOTRACK*/\n" . " UPDATE " . self::$pma_table . " SET " . PMA_backquote($save_to) ." = CONCAT( " . PMA_backquote($save_to) . ",'\n" . PMA_sqlAddSlashes($query) . "') ," . " `date_updated` = '" . $date . "' "; // If table was renamed we have to change the tablename attribute in pma_tracking too if ($result['identifier'] == 'RENAME TABLE') { $sql_query .= ', `table_name` = \'' . PMA_sqlAddSlashes($result['tablename_after_rename']) . '\' '; } // Save the tracking information only for // 1. the database // 2. the table / view // 3. the statements // we want to track $sql_query .= " WHERE FIND_IN_SET('" . $result['identifier'] . "',tracking) > 0" . " AND `db_name` = '" . PMA_sqlAddSlashes($dbname) . "' " . " AND `table_name` = '" . PMA_sqlAddSlashes($result['tablename']) . "' " . " AND `version` = '" . PMA_sqlAddSlashes($version) . "' "; $result = PMA_query_as_controluser($sql_query); } } }
$db_info_result = PMA_DBI_query('SHOW OPEN TABLES FROM ' . PMA_backquote($db) . ';'); // Blending out tables in use if ($db_info_result && PMA_DBI_num_rows($db_info_result) > 0) { while ($tmp = PMA_DBI_fetch_row($db_info_result)) { // if in use memorize tablename if (preg_match('@in_use=[1-9]+@i', $tmp[1])) { $sot_cache[$tmp[0]] = true; } } PMA_DBI_free_result($db_info_result); if (isset($sot_cache)) { $db_info_result = PMA_DBI_query('SHOW TABLES FROM ' . PMA_backquote($db) . $tbl_group_sql . ';', null, PMA_DBI_QUERY_STORE); if ($db_info_result && PMA_DBI_num_rows($db_info_result) > 0) { while ($tmp = PMA_DBI_fetch_row($db_info_result)) { if (!isset($sot_cache[$tmp[0]])) { $sts_result = PMA_DBI_query('SHOW TABLE STATUS FROM ' . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddSlashes($tmp[0], true) . '\';'); $sts_tmp = PMA_DBI_fetch_assoc($sts_result); PMA_DBI_free_result($sts_result); unset($sts_result); if (!isset($sts_tmp['Type']) && isset($sts_tmp['Engine'])) { $sts_tmp['Type'] =& $sts_tmp['Engine']; } if (!empty($tbl_group) && $cfg['ShowTooltipAliasTB'] && !preg_match('@' . preg_quote($tbl_group, '@') . '@i', $sts_tmp['Comment'])) { continue; } if ($cfg['ShowTooltip']) { PMA_fillTooltip($tooltip_truename, $tooltip_aliasname, $sts_tmp); } $tables[$sts_tmp['Name']] = $sts_tmp; } else { // table in use
$go_sql = false; $executed_queries = 0; $run_query = true; $charset_conversion = false; $reset_charset = false; $bookmark_created = false; // Bookmark Support: get a query back from bookmark if required if (!empty($id_bookmark)) { $id_bookmark = (int) $id_bookmark; include_once './libraries/bookmark.lib.php'; switch ($action_bookmark) { case 0: // bookmarked query that have to be run $import_text = PMA_Bookmark_get($db, $id_bookmark, 'id', isset($action_bookmark_all)); if (isset($bookmark_variable) && !empty($bookmark_variable)) { $import_text = preg_replace('|/\\*(.*)\\[VARIABLE\\](.*)\\*/|imsU', '${1}' . PMA_sqlAddSlashes($bookmark_variable) . '${2}', $import_text); } // refresh left frame on changes in table or db structure if (preg_match('/^(CREATE|ALTER|DROP)\\s+(VIEW|TABLE|DATABASE|SCHEMA)\\s+/i', $import_text)) { $GLOBALS['reload'] = true; } break; case 1: // bookmarked query that have to be displayed $import_text = PMA_Bookmark_get($db, $id_bookmark); if ($GLOBALS['is_ajax_request'] == true) { $extra_data['sql_query'] = $import_text; $extra_data['action_bookmark'] = $action_bookmark; $message = PMA_Message::success(__('Showing bookmark')); PMA_ajaxResponse($message, $message->isSuccess(), $extra_data); } else {
(db_name, table_name, column_name, comment) VALUES ( \'' . PMA_sqlAddSlashes($GLOBALS['db']) . '\', \'' . PMA_sqlAddSlashes(trim($tab)) . '\', \'' . PMA_sqlAddSlashes(trim($inf[0])) . '\', \'' . PMA_sqlAddSlashes(trim($inf[1])) . '\')'; PMA_importRunQuery($qry, $qry . '-- ' . htmlspecialchars($tab) . '.' . htmlspecialchars($inf[0]), true); } // end inf[1] exists if (!empty($inf[2]) && strlen(trim($inf[2])) > 0) { $for = explode('->', $inf[2]); $qry = ' INSERT INTO ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation']) . ' (master_db, master_table, master_field, foreign_db, foreign_table, foreign_field) VALUES ( \'' . PMA_sqlAddSlashes($GLOBALS['db']) . '\', \'' . PMA_sqlAddSlashes(trim($tab)) . '\', \'' . PMA_sqlAddSlashes(trim($inf[0])) . '\', \'' . PMA_sqlAddSlashes($GLOBALS['db']) . '\', \'' . PMA_sqlAddSlashes(trim($for[0])) . '\', \'' . PMA_sqlAddSlashes(trim($for[1])) . '\')'; PMA_importRunQuery($qry, $qry . '-- ' . htmlspecialchars($tab) . '.' . htmlspecialchars($inf[0]) . '(' . htmlspecialchars($inf[2]) . ')', true); } // end inf[2] exists } // End lines loop } // End import // Commit any possible data in buffers PMA_importRunQuery();
*/ require_once './libraries/pmd_common.php'; $cfgRelation = PMA_getRelationsParam(); if (!$cfgRelation['designerwork']) { PMD_err_sav(); } foreach ($t_x as $key => $value) { $KEY = empty($IS_AJAX) ? urldecode($key) : $key; // table name decode (post PDF exp/imp) list($DB, $TAB) = explode(".", $KEY); PMA_query_as_controluser('DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['designer_coords']) . ' WHERE `db_name` = \'' . PMA_sqlAddSlashes($DB) . '\' AND `table_name` = \'' . PMA_sqlAddSlashes($TAB) . '\'', true, PMA_DBI_QUERY_STORE); PMA_query_as_controluser('INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($GLOBALS['cfgRelation']['designer_coords']) . ' (db_name, table_name, x, y, v, h) VALUES (' . '\'' . PMA_sqlAddSlashes($DB) . '\', ' . '\'' . PMA_sqlAddSlashes($TAB) . '\', ' . '\'' . PMA_sqlAddSlashes($t_x[$key]) . '\', ' . '\'' . PMA_sqlAddSlashes($t_y[$key]) . '\', ' . '\'' . PMA_sqlAddSlashes($t_v[$key]) . '\', ' . '\'' . PMA_sqlAddSlashes($t_h[$key]) . '\'' . ')', true, PMA_DBI_QUERY_STORE); } //---------------------------------------------------------------------------- function PMD_err_sav() { global $die_save_pos; // if this file included if (!empty($die_save_pos)) { header("Content-Type: text/xml; charset=utf-8"); header("Cache-Control: no-cache"); die('<root act="save_pos" return="' . __('Error saving coordinates for Designer.') . '"></root>'); } } if (!empty($die_save_pos)) { header("Content-Type: text/xml; charset=utf-8"); header("Cache-Control: no-cache");
// i n s e r t if ($is_insert) { // no need to add column into the valuelist if (strlen($cur_value)) { $query_values[] = $cur_value; // first inserted row so prepare the list of fields if (empty($value_sets)) { $query_fields[] = PMA_backquote($me_fields_name[$key]); } } // u p d a t e } elseif (!empty($me_fields_null_prev[$key]) && !isset($me_fields_null[$key])) { // field had the null checkbox before the update // field no longer has the null checkbox $query_values[] = PMA_backquote($me_fields_name[$key]) . ' = ' . $cur_value; } elseif (empty($me_funcs[$key]) && isset($me_fields_prev[$key]) && "'" . PMA_sqlAddSlashes($me_fields_prev[$key]) . "'" == $val) { // No change for this column and no MySQL function is used -> next column continue; } elseif (!empty($val)) { // avoid setting a field to NULL when it's already NULL // (field had the null checkbox before the update // field still has the null checkbox) if (empty($me_fields_null_prev[$key]) || empty($me_fields_null[$key])) { $query_values[] = PMA_backquote($me_fields_name[$key]) . ' = ' . $cur_value; } } } // end foreach ($me_fields as $key => $val) if (count($query_values) > 0) { if ($is_insert) { $value_sets[] = implode(', ', $query_values);
/** * Create a PDF page * * @param string $newpage name of the new PDF page * @param array $cfgRelation * @param string $db database name * * @return string $pdf_page_number */ function PMA_REL_create_page($newpage, $cfgRelation, $db) { if (!isset($newpage) || $newpage == '') { $newpage = __('no description'); } $ins_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages']) . ' (db_name, page_descr)' . ' VALUES (\'' . PMA_sqlAddSlashes($db) . '\', \'' . PMA_sqlAddSlashes($newpage) . '\')'; PMA_query_as_controluser($ins_query, false); return PMA_DBI_insert_id(isset($GLOBALS['controllink']) ? $GLOBALS['controllink'] : ''); }
/** * purges SQL history * * deletes entries that exceeds $cfg['QueryHistoryMax'], oldest first, for the * given user * * @uses $cfg['QueryHistoryMax'] * @uses $cfg['QueryHistoryDB'] * @uses $GLOBALS['controllink'] * @uses PMA_backquote() * @uses PMA_sqlAddSlashes() * @uses PMA_query_as_cu() * @uses PMA_DBI_fetch_value() * @param string $username the username * @access public */ function PMA_purgeHistory($username) { $cfgRelation = PMA_getRelationsParam(); if (!$GLOBALS['cfg']['QueryHistoryDB'] || !$cfgRelation['historywork']) { return; } if (!$cfgRelation['historywork']) { return; } $search_query = ' SELECT `timevalue` FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['history']) . ' WHERE `username` = \'' . PMA_sqlAddSlashes($username) . '\' ORDER BY `timevalue` DESC LIMIT ' . $GLOBALS['cfg']['QueryHistoryMax'] . ', 1'; if ($max_time = PMA_DBI_fetch_value($search_query, 0, 0, $GLOBALS['controllink'])) { PMA_query_as_cu(' DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['history']) . ' WHERE `username` = \'' . PMA_sqlAddSlashes($username) . '\' AND `timevalue` <= \'' . $max_time . '\''); } }
/** * returns collation of given db * * @uses PMA_MYSQL_INT_VERSION * @uses PMA_DBI_fetch_value() * @uses PMA_DBI_select_db() * @uses PMA_sqlAddSlashes() * @uses $GLOBALS['db'] * @param string $db name of db * @return string collation of $db */ function PMA_getDbCollation($db) { if (PMA_MYSQL_INT_VERSION >= 50000 && $db == 'information_schema') { // We don't have to check the collation of the virtual // information_schema database: We know it! return 'utf8_general_ci'; } if (PMA_MYSQL_INT_VERSION >= 50006) { // Since MySQL 5.0.6, we don't have to parse SHOW CREATE DATABASE anymore. return PMA_DBI_fetch_value('SELECT DEFAULT_COLLATION_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME = \'' . PMA_sqlAddSlashes($db) . '\' LIMIT 1;'); } elseif (PMA_MYSQL_INT_VERSION >= 40101) { // MySQL 4.1.0 does not support seperate charset settings // for databases. PMA_DBI_select_db($db); // the query does not work if this string is in double quotes // and MySQL is running in ANSI mode $return = PMA_DBI_fetch_value('SHOW VARIABLES LIKE \'collation_database\'', 0, 1); if ($db !== $GLOBALS['db']) { PMA_DBI_select_db($GLOBALS['db']); } return $return; } return ''; }
/** * Set a SQL history entry * * @param string the name of the db * @param string the name of the table * @param string the username * @param string the sql query * * @global array the list of relations settings * @global array global phpMyAdmin configuration * * @return boolean true * * @access public */ function PMA_purgeHistory($username) { global $cfgRelation, $cfg; $purge_query = ' SELECT timevalue FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['history']) . ' WHERE username = \'' . PMA_sqlAddSlashes($username) . '\' ORDER BY timevalue DESC LIMIT ' . $cfg['QueryHistoryMax'] . ', 1'; $purge_rs = PMA_query_as_cu($purge_query); $i = 0; $row = PMA_DBI_fetch_row($purge_rs); PMA_DBI_free_result($purge_rs); if (is_array($row) && isset($row[0]) && $row[0] > 0) { $maxtime = $row[0]; // quotes added around $maxtime to prevent a difficult to // reproduce problem $remove_rs = PMA_query_as_cu(' DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['history']) . ' WHERE timevalue <= \'' . $maxtime . '\''); } return true; }
/** * PMA_populateTargetTables() inserts data into uncommon tables after they have been created * * @param string $src_db name of source database * @param string $trg_db name of target database * @param mixed $src_link connection established with source server * @param mixed $trg_link connection established with target server * @param array $uncommon_tables uncommon table names (table names that are present in source but not in target db) * @param int $table_index index of table in matching_table_array * @param array $uncommon_tables_fields field names of the uncommon table * @param bool $display * * @todo This turns NULL values into '' (empty string) */ function PMA_populateTargetTables($src_db, $trg_db, $src_link, $trg_link, $uncommon_tables, $table_index, $uncommon_tables_fields, $display) { $display = false; // todo: maybe display some of the queries if they are not too numerous $unbuffered_result = PMA_DBI_try_query('SELECT * FROM ' . PMA_backquote($src_db) . '.' . PMA_backquote($uncommon_tables[$table_index]), $src_link, PMA_DBI_QUERY_UNBUFFERED); if (false !== $unbuffered_result) { $insert_query = 'INSERT INTO ' . PMA_backquote($trg_db) . '.' . PMA_backquote($uncommon_tables[$table_index]) . ' VALUES'; while ($one_row = PMA_DBI_fetch_row($unbuffered_result)) { $insert_query .= '('; $key_of_last_value = count($one_row) - 1; foreach ($one_row as $key => $value) { $insert_query .= "'" . PMA_sqlAddSlashes($value) . "'"; if ($key < $key_of_last_value) { $insert_query .= ","; } } $insert_query .= '),'; } $insert_query = substr($insert_query, 0, -1); $insert_query .= ';'; if ($display == true) { PMA_displayQuery($insert_query); } PMA_DBI_try_query($insert_query, $trg_link, 0); } }
/** * update X and Y coordinates for a table * * @param string $db The database name * @param array $cfgRelation relation settings * * @return void * @access private */ private function _editCoordinates($db, $cfgRelation) { for ($i = 0; $i < $this->c_table_rows; $i++) { $arrvalue = 'c_table_' . $i; global ${$arrvalue}; $arrvalue = ${$arrvalue}; if (!isset($arrvalue['x']) || $arrvalue['x'] == '') { $arrvalue['x'] = 0; } if (!isset($arrvalue['y']) || $arrvalue['y'] == '') { $arrvalue['y'] = 0; } if (isset($arrvalue['name']) && $arrvalue['name'] != '--') { $test_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'' . ' AND table_name = \'' . PMA_sqlAddSlashes($arrvalue['name']) . '\'' . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($this->chosenPage) . '\''; $test_rs = PMA_query_as_controluser($test_query, false, PMA_DBI_QUERY_STORE); //echo $test_query; if ($test_rs && PMA_DBI_num_rows($test_rs) > 0) { if (isset($arrvalue['delete']) && $arrvalue['delete'] == 'y') { $ch_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'' . ' AND table_name = \'' . PMA_sqlAddSlashes($arrvalue['name']) . '\'' . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($this->chosenPage) . '\''; } else { $ch_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' ' . 'SET x = ' . $arrvalue['x'] . ', y= ' . $arrvalue['y'] . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\'' . ' AND table_name = \'' . PMA_sqlAddSlashes($arrvalue['name']) . '\'' . ' AND pdf_page_number = \'' . PMA_sqlAddSlashes($this->chosenPage) . '\''; } } else { $ch_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' ' . '(db_name, table_name, pdf_page_number, x, y) ' . 'VALUES (\'' . PMA_sqlAddSlashes($db) . '\', \'' . PMA_sqlAddSlashes($arrvalue['name']) . '\', \'' . PMA_sqlAddSlashes($this->chosenPage) . '\',' . $arrvalue['x'] . ',' . $arrvalue['y'] . ')'; } //echo $ch_query; PMA_query_as_controluser($ch_query, false); } // end if } // end for }
/** * Handles requests for executing a routine */ function PMA_RTN_handleExecute() { global $_GET, $_POST, $_REQUEST, $GLOBALS, $db, $cfg; /** * Handle all user requests other than the default of listing routines */ if (!empty($_REQUEST['execute_routine']) && !empty($_REQUEST['item_name'])) { // Build the queries $routine = PMA_RTN_getDataFromName($_REQUEST['item_name'], $_REQUEST['item_type'], false); if ($routine !== false) { $queries = array(); $end_query = array(); $args = array(); for ($i = 0; $i < $routine['item_num_params']; $i++) { if (isset($_REQUEST['params'][$routine['item_param_name'][$i]])) { $value = $_REQUEST['params'][$routine['item_param_name'][$i]]; if (is_array($value)) { // is SET type $value = implode(',', $value); } $value = PMA_sqlAddSlashes($value); if (!empty($_REQUEST['funcs'][$routine['item_param_name'][$i]]) && in_array($_REQUEST['funcs'][$routine['item_param_name'][$i]], $cfg['Functions'])) { $queries[] = "SET @p{$i}={$_REQUEST['funcs'][$routine['item_param_name'][$i]]}('{$value}');\n"; } else { $queries[] = "SET @p{$i}='{$value}';\n"; } $args[] = "@p{$i}"; } else { $args[] = "@p{$i}"; } if ($routine['item_type'] == 'PROCEDURE') { if ($routine['item_param_dir'][$i] == 'OUT' || $routine['item_param_dir'][$i] == 'INOUT') { $end_query[] = "@p{$i} AS " . PMA_backquote($routine['item_param_name'][$i]); } } } if ($routine['item_type'] == 'PROCEDURE') { $queries[] = "CALL " . PMA_backquote($routine['item_name']) . "(" . implode(', ', $args) . ");\n"; if (count($end_query)) { $queries[] = "SELECT " . implode(', ', $end_query) . ";\n"; } } else { $queries[] = "SELECT " . PMA_backquote($routine['item_name']) . "(" . implode(', ', $args) . ") " . "AS " . PMA_backquote($routine['item_name']) . ";\n"; } // Execute the queries $affected = 0; $result = null; $outcome = true; foreach ($queries as $query) { $resource = PMA_DBI_try_query($query); if ($resource === false) { $outcome = false; break; } while (true) { if (!PMA_DBI_more_results()) { break; } PMA_DBI_next_result(); } if (substr($query, 0, 6) == 'SELECT') { $result = $resource; } else { if (substr($query, 0, 4) == 'CALL') { $result = $resource ? $resource : $result; $affected = PMA_DBI_affected_rows() - PMA_DBI_num_rows($resource); } } } // Generate output if ($outcome) { $message = __('Your SQL query has been executed successfully'); if ($routine['item_type'] == 'PROCEDURE') { $message .= '<br />'; $message .= sprintf(_ngettext('%d row affected by the last statement inside the procedure', '%d rows affected by the last statement inside the procedure', $affected), $affected); } $message = PMA_message::success($message); // Pass the SQL queries through the "pretty printer" $output = '<code class="sql" style="margin-bottom: 1em;">'; $output .= PMA_SQP_formatHtml(PMA_SQP_parse(implode($queries))); $output .= '</code>'; // Display results if ($result) { $output .= "<fieldset><legend>"; $output .= sprintf(__('Execution results of routine %s'), PMA_backquote(htmlspecialchars($routine['item_name']))); $output .= "</legend>"; $output .= "<table><tr>"; foreach (PMA_DBI_get_fields_meta($result) as $key => $field) { $output .= "<th>"; $output .= htmlspecialchars($field->name); $output .= "</th>"; } $output .= "</tr>"; // Stored routines can only ever return ONE ROW. $data = PMA_DBI_fetch_single_row($result); foreach ($data as $key => $value) { if ($value === null) { $value = '<i>NULL</i>'; } else { $value = htmlspecialchars($value); } $output .= "<td class='odd'>" . $value . "</td>"; } $output .= "</table></fieldset>"; } else { $notice = __('MySQL returned an empty result set (i.e. zero rows).'); $output .= PMA_message::notice($notice)->getDisplay(); } } else { $output = ''; $message = PMA_message::error(sprintf(__('The following query has failed: "%s"'), $query) . '<br /><br />' . __('MySQL said: ') . PMA_DBI_getError(null)); } // Print/send output if ($GLOBALS['is_ajax_request']) { $extra_data = array('dialog' => false); PMA_ajaxResponse($message->getDisplay() . $output, $message->isSuccess(), $extra_data); } else { echo $message->getDisplay() . $output; if ($message->isError()) { // At least one query has failed, so shouldn't // execute any more queries, so we quit. exit; } unset($_POST); // Now deliberately fall through to displaying the routines list } } else { $message = __('Error in processing request') . ' : '; $message .= sprintf(PMA_RTE_getWord('not_found'), htmlspecialchars(PMA_backquote($_REQUEST['item_name'])), htmlspecialchars(PMA_backquote($db))); $message = PMA_message::error($message); if ($GLOBALS['is_ajax_request']) { PMA_ajaxResponse($message, $message->isSuccess()); } else { echo $message->getDisplay(); unset($_POST); } } } else { if (!empty($_GET['execute_dialog']) && !empty($_GET['item_name'])) { /** * Display the execute form for a routine. */ $routine = PMA_RTN_getDataFromName($_GET['item_name'], $_GET['item_type'], true); if ($routine !== false) { $form = PMA_RTN_getExecuteForm($routine); if ($GLOBALS['is_ajax_request'] == true) { $extra_data = array(); $extra_data['dialog'] = true; $extra_data['title'] = __("Execute routine") . " "; $extra_data['title'] .= PMA_backquote(htmlentities($_GET['item_name'], ENT_QUOTES)); PMA_ajaxResponse($form, true, $extra_data); } else { echo "\n\n<h2>" . __("Execute routine") . "</h2>\n\n"; echo $form; include './libraries/footer.inc.php'; // exit; } } else { if ($GLOBALS['is_ajax_request'] == true) { $message = __('Error in processing request') . ' : '; $message .= sprintf(PMA_RTE_getWord('not_found'), htmlspecialchars(PMA_backquote($_REQUEST['item_name'])), htmlspecialchars(PMA_backquote($db))); $message = PMA_message::error($message); PMA_ajaxResponse($message, false); } } } } }
/** * sets BLOBStreaming variables to a list of specified arguments * @access public * @uses PMA_DBI_query() * @returns boolean - success of variables setup */ function PMA_BS_SetVariables($bs_variables) { // if no variables exist in array, return false if (empty($bs_variables) || count($bs_variables) == 0) { return FALSE; } // set BS variables to those specified in array foreach ($bs_variables as $key => $val) { if (!is_null($val) && strlen($val) > 0) { // set BS variable to specified value $query = "SET GLOBAL {$key}=" . PMA_sqlAddSlashes($val); $result = PMA_DBI_query($query); // if query fails execution, return false if (!$result) { return FALSE; } } } // end if (!is_null($val) && strlen($val) > 0) // return true on success return TRUE; }
/** * Checks if the current user has a specific privilege and returns true if the * user indeed has that privilege or false if (s)he doesn't. This function must * only be used for features that are available since MySQL 5, because it * relies on the INFORMATION_SCHEMA database to be present. * * Example: PMA_currentUserHasPrivilege('CREATE ROUTINE', 'mydb'); * // Checks if the currently logged in user has the global * // 'CREATE ROUTINE' privilege or, if not, checks if the * // user has this privilege on database 'mydb'. * * @param string $priv The privilege to check * @param mixed $db null, to only check global privileges * string, db name where to also check for privileges * @param mixed $tbl null, to only check global/db privileges * string, table name where to also check for privileges * * @return bool */ function PMA_currentUserHasPrivilege($priv, $db = null, $tbl = null) { // Get the username for the current user in the format // required to use in the information schema database. $user = PMA_DBI_fetch_value("SELECT CURRENT_USER();"); if ($user === false) { return false; } $user = explode('@', $user); $username = "******"; $username .= str_replace("'", "''", $user[0]); $username .= "''@''"; $username .= str_replace("'", "''", $user[1]); $username .= "''"; // Prepage the query $query = "SELECT `PRIVILEGE_TYPE` FROM `INFORMATION_SCHEMA`.`%s` " . "WHERE GRANTEE='%s' AND PRIVILEGE_TYPE='%s'"; // Check global privileges first. if (PMA_DBI_fetch_value(sprintf($query, 'USER_PRIVILEGES', $username, $priv))) { return true; } // If a database name was provided and user does not have the // required global privilege, try database-wise permissions. if ($db !== null) { // need to escape wildcards in db and table names, see bug #3518484 $db = str_replace(array('%', '_'), array('\\%', '\\_'), $db); $query .= " AND TABLE_SCHEMA='%s'"; if (PMA_DBI_fetch_value(sprintf($query, 'SCHEMA_PRIVILEGES', $username, $priv, PMA_sqlAddSlashes($db)))) { return true; } } else { // There was no database name provided and the user // does not have the correct global privilege. return false; } // If a table name was also provided and we still didn't // find any valid privileges, try table-wise privileges. if ($tbl !== null) { // need to escape wildcards in db and table names, see bug #3518484 $tbl = str_replace(array('%', '_'), array('\\%', '\\_'), $tbl); $query .= " AND TABLE_NAME='%s'"; if ($retval = PMA_DBI_fetch_value(sprintf($query, 'TABLE_PRIVILEGES', $username, $priv, PMA_sqlAddSlashes($db), PMA_sqlAddSlashes($tbl)))) { return true; } } // If we reached this point, the user does not // have even valid table-wise privileges. return false; }
/** * Cleanup database related relation stuff * * @param string $db */ function PMA_relationsCleanupDatabase($db) { $cfgRelation = PMA_getRelationsParam(); if ($cfgRelation['commwork']) { $remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''; PMA_query_as_controluser($remove_query); } if ($cfgRelation['bookmarkwork']) { $remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['bookmark']) . ' WHERE dbase = \'' . PMA_sqlAddSlashes($db) . '\''; PMA_query_as_controluser($remove_query); } if ($cfgRelation['displaywork']) { $remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_info']) . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''; PMA_query_as_controluser($remove_query); } if ($cfgRelation['pdfwork']) { $remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages']) . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''; PMA_query_as_controluser($remove_query); $remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['table_coords']) . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''; PMA_query_as_controluser($remove_query); } if ($cfgRelation['designerwork']) { $remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['designer_coords']) . ' WHERE db_name = \'' . PMA_sqlAddSlashes($db) . '\''; PMA_query_as_controluser($remove_query); } if ($cfgRelation['relwork']) { $remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation']) . ' WHERE master_db = \'' . PMA_sqlAddSlashes($db) . '\''; PMA_query_as_controluser($remove_query); $remove_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation']) . ' WHERE foreign_db = \'' . PMA_sqlAddSlashes($db) . '\''; PMA_query_as_controluser($remove_query); } }
/** * Returns all the grants for a certain user on a certain host * Used in the export privileges for all users section * * @param string $user User name * @param string $host Host name * * @return string containing all the grants text */ function PMA_getGrants($user, $host) { $grants = PMA_DBI_fetch_result("SHOW GRANTS FOR '" . PMA_sqlAddSlashes($user) . "'@'" . PMA_sqlAddSlashes($host) . "'"); $response = ''; foreach ($grants as $one_grant) { $response .= $one_grant . ";\n\n"; } return $response; } // end of the 'PMA_getGrants()' function
/** * Displays the privileges form table * * @param string $db the database * @param string $table the table * @param boolean $submit wheather to display the submit button or not * * @global array $cfg the phpMyAdmin configuration * @global ressource $user_link the database connection * * @return void */ function PMA_displayPrivTable($db = '*', $table = '*', $submit = true) { global $random_n; if ($db == '*') { $table = '*'; } if (isset($GLOBALS['username'])) { $username = $GLOBALS['username']; $hostname = $GLOBALS['hostname']; if ($db == '*') { $sql_query = "SELECT * FROM `mysql`.`user`" . " WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "';"; } elseif ($table == '*') { $sql_query = "SELECT * FROM `mysql`.`db`" . " WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "'" . " AND '" . PMA_unescape_mysql_wildcards($db) . "'" . " LIKE `Db`;"; } else { $sql_query = "SELECT `Table_priv`" . " FROM `mysql`.`tables_priv`" . " WHERE `User` = '" . PMA_sqlAddSlashes($username) . "'" . " AND `Host` = '" . PMA_sqlAddSlashes($hostname) . "'" . " AND `Db` = '" . PMA_unescape_mysql_wildcards($db) . "'" . " AND `Table_name` = '" . PMA_sqlAddSlashes($table) . "';"; } $row = PMA_DBI_fetch_single_row($sql_query); } if (empty($row)) { if ($table == '*') { if ($db == '*') { $sql_query = 'SHOW COLUMNS FROM `mysql`.`user`;'; } elseif ($table == '*') { $sql_query = 'SHOW COLUMNS FROM `mysql`.`db`;'; } $res = PMA_DBI_query($sql_query); while ($row1 = PMA_DBI_fetch_row($res)) { if (substr($row1[0], 0, 4) == 'max_') { $row[$row1[0]] = 0; } else { $row[$row1[0]] = 'N'; } } PMA_DBI_free_result($res); } else { $row = array('Table_priv' => ''); } } if (isset($row['Table_priv'])) { $row1 = PMA_DBI_fetch_single_row('SHOW COLUMNS FROM `mysql`.`tables_priv` LIKE \'Table_priv\';', 'ASSOC', $GLOBALS['userlink']); // note: in MySQL 5.0.3 we get "Create View', 'Show view'; // the View for Create is spelled with uppercase V // the view for Show is spelled with lowercase v // and there is a space between the words $av_grants = explode('\',\'', substr($row1['Type'], strpos($row1['Type'], '(') + 2, strpos($row1['Type'], ')') - strpos($row1['Type'], '(') - 3)); unset($row1); $users_grants = explode(',', $row['Table_priv']); foreach ($av_grants as $current_grant) { $row[$current_grant . '_priv'] = in_array($current_grant, $users_grants) ? 'Y' : 'N'; } unset($row['Table_priv'], $current_grant, $av_grants, $users_grants); // get collumns $res = PMA_DBI_try_query('SHOW COLUMNS FROM ' . PMA_backquote(PMA_unescape_mysql_wildcards($db)) . '.' . PMA_backquote($table) . ';'); $columns = array(); if ($res) { while ($row1 = PMA_DBI_fetch_row($res)) { $columns[$row1[0]] = array('Select' => false, 'Insert' => false, 'Update' => false, 'References' => false); } PMA_DBI_free_result($res); } unset($res, $row1); } // t a b l e - s p e c i f i c p r i v i l e g e s if (!empty($columns)) { $res = PMA_DBI_query('SELECT `Column_name`, `Column_priv`' . ' FROM `mysql`.`columns_priv`' . ' WHERE `User`' . ' = \'' . PMA_sqlAddSlashes($username) . "'" . ' AND `Host`' . ' = \'' . PMA_sqlAddSlashes($hostname) . "'" . ' AND `Db`' . ' = \'' . PMA_sqlAddSlashes(PMA_unescape_mysql_wildcards($db)) . "'" . ' AND `Table_name`' . ' = \'' . PMA_sqlAddSlashes($table) . '\';'); while ($row1 = PMA_DBI_fetch_row($res)) { $row1[1] = explode(',', $row1[1]); foreach ($row1[1] as $current) { $columns[$row1[0]][$current] = true; } } PMA_DBI_free_result($res); unset($res, $row1, $current); echo '<input type="hidden" name="grant_count" value="' . count($row) . '" />' . "\n" . '<input type="hidden" name="column_count" value="' . count($columns) . '" />' . "\n" . '<fieldset id="fieldset_user_priv">' . "\n" . ' <legend>' . __('Table-specific privileges') . PMA_showHint(__('Note: MySQL privilege names are expressed in English')) . '</legend>' . "\n"; // privs that are attached to a specific column PMA_display_column_privs($columns, $row, 'Select_priv', 'SELECT', 'select', __('Allows reading data.'), 'Select'); PMA_display_column_privs($columns, $row, 'Insert_priv', 'INSERT', 'insert', __('Allows inserting and replacing data.'), 'Insert'); PMA_display_column_privs($columns, $row, 'Update_priv', 'UPDATE', 'update', __('Allows changing data.'), 'Update'); PMA_display_column_privs($columns, $row, 'References_priv', 'REFERENCES', 'references', __('Has no effect in this MySQL version.'), 'References'); // privs that are not attached to a specific column echo ' <div class="item">' . "\n"; foreach ($row as $current_grant => $current_grant_value) { if (in_array(substr($current_grant, 0, strlen($current_grant) - 5), array('Select', 'Insert', 'Update', 'References'))) { continue; } // make a substitution to match the messages variables; // also we must substitute the grant we get, because we can't generate // a form variable containing blanks (those would get changed to // an underscore when receiving the POST) if ($current_grant == 'Create View_priv') { $tmp_current_grant = 'CreateView_priv'; $current_grant = 'Create_view_priv'; } elseif ($current_grant == 'Show view_priv') { $tmp_current_grant = 'ShowView_priv'; $current_grant = 'Show_view_priv'; } else { $tmp_current_grant = $current_grant; } echo ' <div class="item">' . "\n" . ' <input type="checkbox"' . (empty($GLOBALS['checkall']) ? '' : ' checked="checked"') . ' name="' . $current_grant . '" id="checkbox_' . $current_grant . '" value="Y" ' . ($current_grant_value == 'Y' ? 'checked="checked" ' : '') . 'title="'; echo (isset($GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5) . 'Tbl']) . '"/>' . "\n"; echo ' <label for="checkbox_' . $current_grant . '"><tt><dfn title="' . (isset($GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)]) ? $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5)] : $GLOBALS['strPrivDesc' . substr($tmp_current_grant, 0, strlen($tmp_current_grant) - 5) . 'Tbl']) . '">' . strtoupper(substr($current_grant, 0, strlen($current_grant) - 5)) . '</dfn></tt></label>' . "\n" . ' </div>' . "\n"; } // end foreach () echo ' </div>' . "\n"; // for Safari 2.0.2 echo ' <div class="clearfloat"></div>' . "\n"; } else { // g l o b a l o r d b - s p e c i f i c // $privTable_names = array(0 => __('Data'), 1 => __('Structure'), 2 => __('Administration')); // d a t a $privTable[0] = array(array('Select', 'SELECT', __('Allows reading data.')), array('Insert', 'INSERT', __('Allows inserting and replacing data.')), array('Update', 'UPDATE', __('Allows changing data.')), array('Delete', 'DELETE', __('Allows deleting data.'))); if ($db == '*') { $privTable[0][] = array('File', 'FILE', __('Allows importing data from and exporting data into files.')); } // s t r u c t u r e $privTable[1] = array(array('Create', 'CREATE', $table == '*' ? __('Allows creating new databases and tables.') : __('Allows creating new tables.')), array('Alter', 'ALTER', __('Allows altering the structure of existing tables.')), array('Index', 'INDEX', __('Allows creating and dropping indexes.')), array('Drop', 'DROP', $table == '*' ? __('Allows dropping databases and tables.') : __('Allows dropping tables.')), array('Create_tmp_table', 'CREATE TEMPORARY TABLES', __('Allows creating temporary tables.')), array('Show_view', 'SHOW VIEW', __('Allows performing SHOW CREATE VIEW queries.')), array('Create_routine', 'CREATE ROUTINE', __('Allows creating stored routines.')), array('Alter_routine', 'ALTER ROUTINE', __('Allows altering and dropping stored routines.')), array('Execute', 'EXECUTE', __('Allows executing stored routines.'))); // this one is for a db-specific priv: Create_view_priv if (isset($row['Create_view_priv'])) { $privTable[1][] = array('Create_view', 'CREATE VIEW', __('Allows creating new views.')); } // this one is for a table-specific priv: Create View_priv if (isset($row['Create View_priv'])) { $privTable[1][] = array('Create View', 'CREATE VIEW', __('Allows creating new views.')); } if (isset($row['Event_priv'])) { // MySQL 5.1.6 $privTable[1][] = array('Event', 'EVENT', __('Allows to set up events for the event scheduler')); $privTable[1][] = array('Trigger', 'TRIGGER', __('Allows creating and dropping triggers')); } // a d m i n i s t r a t i o n $privTable[2] = array(array('Grant', 'GRANT', __('Allows adding users and privileges without reloading the privilege tables.'))); if ($db == '*') { $privTable[2][] = array('Super', 'SUPER', __('Allows connecting, even if maximum number of connections is reached; required for most administrative operations like setting global variables or killing threads of other users.')); $privTable[2][] = array('Process', 'PROCESS', __('Allows viewing processes of all users')); $privTable[2][] = array('Reload', 'RELOAD', __('Allows reloading server settings and flushing the server\'s caches.')); $privTable[2][] = array('Shutdown', 'SHUTDOWN', __('Allows shutting down the server.')); $privTable[2][] = array('Show_db', 'SHOW DATABASES', __('Gives access to the complete list of databases.')); } $privTable[2][] = array('Lock_tables', 'LOCK TABLES', __('Allows locking tables for the current thread.')); $privTable[2][] = array('References', 'REFERENCES', __('Has no effect in this MySQL version.')); if ($db == '*') { $privTable[2][] = array('Repl_client', 'REPLICATION CLIENT', __('Allows the user to ask where the slaves / masters are.')); $privTable[2][] = array('Repl_slave', 'REPLICATION SLAVE', __('Needed for the replication slaves.')); $privTable[2][] = array('Create_user', 'CREATE USER', __('Allows creating, dropping and renaming user accounts.')); } echo '<input type="hidden" name="grant_count" value="' . (count($privTable[0]) + count($privTable[1]) + count($privTable[2]) - (isset($row['Grant_priv']) ? 1 : 0)) . '" />' . "\n" . '<fieldset id="fieldset_user_global_rights">' . "\n" . ' <legend>' . "\n" . ' ' . ($db == '*' ? __('Global privileges') : ($table == '*' ? __('Database-specific privileges') : __('Table-specific privileges'))) . "\n" . ' (<a href="server_privileges.php?' . $GLOBALS['url_query'] . '&checkall=1" onclick="setCheckboxes(\'addUsersForm_' . $random_n . '\', true); return false;">' . __('Check All') . '</a> /' . "\n" . ' <a href="server_privileges.php?' . $GLOBALS['url_query'] . '" onclick="setCheckboxes(\'addUsersForm_' . $random_n . '\', false); return false;">' . __('Uncheck All') . '</a>)' . "\n" . ' </legend>' . "\n" . ' <p><small><i>' . __('Note: MySQL privilege names are expressed in English') . '</i></small></p>' . "\n"; // Output the Global privilege tables with checkboxes foreach ($privTable as $i => $table) { echo ' <fieldset>' . "\n" . ' <legend>' . __($privTable_names[$i]) . '</legend>' . "\n"; foreach ($table as $priv) { echo ' <div class="item">' . "\n" . ' <input type="checkbox"' . ' name="' . $priv[0] . '_priv" id="checkbox_' . $priv[0] . '_priv"' . ' value="Y" title="' . $priv[2] . '"' . (!empty($GLOBALS['checkall']) || $row[$priv[0] . '_priv'] == 'Y' ? ' checked="checked"' : '') . '/>' . "\n" . ' <label for="checkbox_' . $priv[0] . '_priv"><tt><dfn title="' . $priv[2] . '">' . $priv[1] . '</dfn></tt></label>' . "\n" . ' </div>' . "\n"; } echo ' </fieldset>' . "\n"; } // The "Resource limits" box is not displayed for db-specific privs if ($db == '*') { echo ' <fieldset>' . "\n" . ' <legend>' . __('Resource limits') . '</legend>' . "\n" . ' <p><small><i>' . __('Note: Setting these options to 0 (zero) removes the limit.') . '</i></small></p>' . "\n" . ' <div class="item">' . "\n" . ' <label for="text_max_questions"><tt><dfn title="' . __('Limits the number of queries the user may send to the server per hour.') . '">MAX QUERIES PER HOUR</dfn></tt></label>' . "\n" . ' <input type="text" name="max_questions" id="text_max_questions" value="' . $row['max_questions'] . '" size="11" maxlength="11" title="' . __('Limits the number of queries the user may send to the server per hour.') . '" />' . "\n" . ' </div>' . "\n" . ' <div class="item">' . "\n" . ' <label for="text_max_updates"><tt><dfn title="' . __('Limits the number of commands that change any table or database the user may execute per hour.') . '">MAX UPDATES PER HOUR</dfn></tt></label>' . "\n" . ' <input type="text" name="max_updates" id="text_max_updates" value="' . $row['max_updates'] . '" size="11" maxlength="11" title="' . __('Limits the number of commands that change any table or database the user may execute per hour.') . '" />' . "\n" . ' </div>' . "\n" . ' <div class="item">' . "\n" . ' <label for="text_max_connections"><tt><dfn title="' . __('Limits the number of new connections the user may open per hour.') . '">MAX CONNECTIONS PER HOUR</dfn></tt></label>' . "\n" . ' <input type="text" name="max_connections" id="text_max_connections" value="' . $row['max_connections'] . '" size="11" maxlength="11" title="' . __('Limits the number of new connections the user may open per hour.') . '" />' . "\n" . ' </div>' . "\n" . ' <div class="item">' . "\n" . ' <label for="text_max_user_connections"><tt><dfn title="' . __('Limits the number of simultaneous connections the user may have.') . '">MAX USER_CONNECTIONS</dfn></tt></label>' . "\n" . ' <input type="text" name="max_user_connections" id="text_max_user_connections" value="' . $row['max_user_connections'] . '" size="11" maxlength="11" title="' . __('Limits the number of simultaneous connections the user may have.') . '" />' . "\n" . ' </div>' . "\n" . ' </fieldset>' . "\n"; } // for Safari 2.0.2 echo ' <div class="clearfloat"></div>' . "\n"; } echo '</fieldset>' . "\n"; if ($submit) { echo '<fieldset id="fieldset_user_privtable_footer" class="tblFooters">' . "\n" . ' <input type="submit" name="update_privs" value="' . __('Go') . '" />' . "\n" . '</fieldset>' . "\n"; } }