/** * Test for PMA_lookForUse * * @return void */ function testLookForUse() { $this->assertEquals(array(null, null), PMA_lookForUse(null, null, null)); $this->assertEquals(array('myDb', null), PMA_lookForUse(null, 'myDb', null)); $this->assertEquals(array('myDb', true), PMA_lookForUse(null, 'myDb', true)); $this->assertEquals(array('myDb', true), PMA_lookForUse('select 1 from myTable', 'myDb', true)); $this->assertEquals(array('anotherDb', true), PMA_lookForUse('use anotherDb', 'myDb', false)); $this->assertEquals(array('anotherDb', true), PMA_lookForUse('use anotherDb', 'myDb', true)); $this->assertEquals(array('anotherDb', true), PMA_lookForUse('use `anotherDb`;', 'myDb', true)); }
/** * Runs query inside import buffer. This is needed to allow displaying * of last SELECT, SHOW or HANDLER results and similar nice stuff. * * @param string $sql query to run * @param string $full query to display, this might be commented * @param bool $controluser whether to use control user for queries * @param array &$sql_data SQL parse data storage * * @return void * @access public */ function PMA_importRunQuery($sql = '', $full = '', $controluser = false, &$sql_data = array()) { global $import_run_buffer, $go_sql, $complete_query, $display_query, $sql_query, $my_die, $error, $reload, $last_query_with_results, $result, $msg, $skip_queries, $executed_queries, $max_sql_len, $read_multiply, $cfg, $sql_query_disabled, $db, $run_query, $is_superuser; $read_multiply = 1; if (!isset($import_run_buffer)) { // Do we have something to push into buffer? $import_run_buffer = PMA_ImportRunQuery_post($import_run_buffer, $sql, $full); return; } // Should we skip something? if ($skip_queries > 0) { $skip_queries--; // Do we have something to push into buffer? $import_run_buffer = PMA_ImportRunQuery_post($import_run_buffer, $sql, $full); return; } if (!empty($import_run_buffer['sql']) && trim($import_run_buffer['sql']) != '') { // USE query changes the database, son need to track // while running multiple queries $is_use_query = mb_stripos($import_run_buffer['sql'], "use ") !== false ? true : false; $max_sql_len = max($max_sql_len, mb_strlen($import_run_buffer['sql'])); if (!$sql_query_disabled) { $sql_query .= $import_run_buffer['full']; } $pattern = '@^[[:space:]]*DROP[[:space:]]+(IF EXISTS[[:space:]]+)?' . 'DATABASE @i'; if (!$cfg['AllowUserDropDatabase'] && !$is_superuser && preg_match($pattern, $import_run_buffer['sql'])) { $GLOBALS['message'] = PMA_Message::error(__('"DROP DATABASE" statements are disabled.')); $error = true; } else { $executed_queries++; $pattern = '/^[\\s]*(SELECT|SHOW|HANDLER)/i'; if ($run_query && $GLOBALS['finished'] && empty($sql) && !$error && (!empty($import_run_buffer['sql']) && preg_match($pattern, $import_run_buffer['sql']) || $executed_queries == 1)) { $go_sql = true; if (!$sql_query_disabled) { $complete_query = $sql_query; $display_query = $sql_query; } else { $complete_query = ''; $display_query = ''; } $sql_query = $import_run_buffer['sql']; $sql_data['valid_sql'][] = $import_run_buffer['sql']; if (!isset($sql_data['valid_queries'])) { $sql_data['valid_queries'] = 0; } $sql_data['valid_queries']++; // If a 'USE <db>' SQL-clause was found, // set our current $db to the new one list($db, $reload) = PMA_lookForUse($import_run_buffer['sql'], $db, $reload); } elseif ($run_query) { if ($controluser) { $result = PMA_queryAsControlUser($import_run_buffer['sql']); } else { $result = $GLOBALS['dbi']->tryQuery($import_run_buffer['sql']); } $msg = '# '; if ($result === false) { // execution failed if (!isset($my_die)) { $my_die = array(); } $my_die[] = array('sql' => $import_run_buffer['full'], 'error' => $GLOBALS['dbi']->getError()); $msg .= __('Error'); if (!$cfg['IgnoreMultiSubmitErrors']) { $error = true; return; } } else { $a_num_rows = (int) @$GLOBALS['dbi']->numRows($result); $a_aff_rows = (int) @$GLOBALS['dbi']->affectedRows(); if ($a_num_rows > 0) { $msg .= __('Rows') . ': ' . $a_num_rows; $last_query_with_results = $import_run_buffer['sql']; } elseif ($a_aff_rows > 0) { $message = PMA_Message::getMessageForAffectedRows($a_aff_rows); $msg .= $message->getMessage(); } else { $msg .= __('MySQL returned an empty result set (i.e. zero ' . 'rows).'); } $sql_data = updateSqlData($sql_data, $a_num_rows, $is_use_query, $import_run_buffer); } if (!$sql_query_disabled) { $sql_query .= $msg . "\n"; } // If a 'USE <db>' SQL-clause was found and the query // succeeded, set our current $db to the new one if ($result != false) { list($db, $reload) = PMA_lookForUse($import_run_buffer['sql'], $db, $reload); } $pattern = '@^[\\s]*(DROP|CREATE)[\\s]+(IF EXISTS[[:space:]]+)' . '?(TABLE|DATABASE)[[:space:]]+(.+)@im'; if ($result != false && preg_match($pattern, $import_run_buffer['sql'])) { $reload = true; } } // end run query } // end if not DROP DATABASE // end non empty query } elseif (!empty($import_run_buffer['full'])) { if ($go_sql) { $complete_query .= $import_run_buffer['full']; $display_query .= $import_run_buffer['full']; } else { if (!$sql_query_disabled) { $sql_query .= $import_run_buffer['full']; } } } // check length of query unless we decided to pass it to sql.php // (if $run_query is false, we are just displaying so show // the complete query in the textarea) if (!$go_sql && $run_query) { if (!empty($sql_query)) { if (mb_strlen($sql_query) > 50000 || $executed_queries > 50 || $max_sql_len > 1000) { $sql_query = ''; $sql_query_disabled = true; } } } // Do we have something to push into buffer? $import_run_buffer = PMA_ImportRunQuery_post($import_run_buffer, $sql, $full); // In case of ROLLBACK, notify the user. if (isset($_REQUEST['rollback_query'])) { $msg .= __('[ROLLBACK occurred.]'); } }
/** * Runs query inside import buffer. This is needed to allow displaying * of last SELECT, SHOW or HANDLER results and similar nice stuff. * * @param string $sql query to run * @param string $full query to display, this might be commented * @param array &$sql_data SQL parse data storage * * @return void * @access public */ function PMA_executeQuery($sql, $full, &$sql_data) { global $go_sql, $sql_query, $my_die, $error, $reload, $result, $msg, $cfg, $sql_query_disabled, $db; $result = $GLOBALS['dbi']->tryQuery($sql); // USE query changes the database, son need to track // while running multiple queries $is_use_query = mb_stripos($sql, "use ") !== false; $msg = '# '; if ($result === false) { // execution failed if (!isset($my_die)) { $my_die = array(); } $my_die[] = array('sql' => $full, 'error' => $GLOBALS['dbi']->getError()); $msg .= __('Error'); if (!$cfg['IgnoreMultiSubmitErrors']) { $error = true; return; } } else { $a_num_rows = (int) @$GLOBALS['dbi']->numRows($result); $a_aff_rows = (int) @$GLOBALS['dbi']->affectedRows(); if ($a_num_rows > 0) { $msg .= __('Rows') . ': ' . $a_num_rows; } elseif ($a_aff_rows > 0) { $message = Message::getMessageForAffectedRows($a_aff_rows); $msg .= $message->getMessage(); } else { $msg .= __('MySQL returned an empty result set (i.e. zero ' . 'rows).'); } if ($a_num_rows > 0 || $is_use_query) { $sql_data['valid_sql'][] = $sql; if (!isset($sql_data['valid_queries'])) { $sql_data['valid_queries'] = 0; } $sql_data['valid_queries']++; } } if (!$sql_query_disabled) { $sql_query .= $msg . "\n"; } // If a 'USE <db>' SQL-clause was found and the query // succeeded, set our current $db to the new one if ($result != false) { list($db, $reload) = PMA_lookForUse($sql, $db, $reload); } $pattern = '@^[\\s]*(DROP|CREATE)[\\s]+(IF EXISTS[[:space:]]+)' . '?(TABLE|DATABASE)[[:space:]]+(.+)@im'; if ($result != false && preg_match($pattern, $sql)) { $reload = true; } }
/** * Runs query inside import buffer. This is needed to allow displaying * of last SELECT, SHOW or HANDLER results and similar nice stuff. * * @param string $sql query to run * @param string $full query to display, this might be commented * @param bool $controluser whether to use control user for queries * * @access public */ function PMA_importRunQuery($sql = '', $full = '', $controluser = false) { global $import_run_buffer, $go_sql, $complete_query, $display_query, $sql_query, $my_die, $error, $reload, $last_query_with_results, $skip_queries, $executed_queries, $max_sql_len, $read_multiply, $cfg, $sql_query_disabled, $db, $run_query, $is_superuser; $read_multiply = 1; if (isset($import_run_buffer)) { // Should we skip something? if ($skip_queries > 0) { $skip_queries--; } else { if (!empty($import_run_buffer['sql']) && trim($import_run_buffer['sql']) != '') { $max_sql_len = max($max_sql_len, strlen($import_run_buffer['sql'])); if (!$sql_query_disabled) { $sql_query .= $import_run_buffer['full']; } if (!$cfg['AllowUserDropDatabase'] && !$is_superuser && preg_match('@^[[:space:]]*DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE @i', $import_run_buffer['sql'])) { $GLOBALS['message'] = PMA_Message::error(__('"DROP DATABASE" statements are disabled.')); $error = true; } else { $executed_queries++; if ($run_query && $GLOBALS['finished'] && empty($sql) && !$error && (!empty($import_run_buffer['sql']) && preg_match('/^[\\s]*(SELECT|SHOW|HANDLER)/i', $import_run_buffer['sql']) || $executed_queries == 1)) { $go_sql = true; if (!$sql_query_disabled) { $complete_query = $sql_query; $display_query = $sql_query; } else { $complete_query = ''; $display_query = ''; } $sql_query = $import_run_buffer['sql']; // If a 'USE <db>' SQL-clause was found, set our current $db to the new one list($db, $reload) = PMA_lookForUse($import_run_buffer['sql'], $db, $reload); } elseif ($run_query) { if ($controluser) { $result = PMA_query_as_controluser($import_run_buffer['sql']); } else { $result = PMA_DBI_try_query($import_run_buffer['sql']); } $msg = '# '; if ($result === false) { // execution failed if (!isset($my_die)) { $my_die = array(); } $my_die[] = array('sql' => $import_run_buffer['full'], 'error' => PMA_DBI_getError()); if ($cfg['VerboseMultiSubmit']) { $msg .= __('Error'); } if (!$cfg['IgnoreMultiSubmitErrors']) { $error = true; return; } } elseif ($cfg['VerboseMultiSubmit']) { $a_num_rows = (int) @PMA_DBI_num_rows($result); $a_aff_rows = (int) @PMA_DBI_affected_rows(); if ($a_num_rows > 0) { $msg .= __('Rows') . ': ' . $a_num_rows; $last_query_with_results = $import_run_buffer['sql']; } elseif ($a_aff_rows > 0) { $message = PMA_Message::affected_rows($a_aff_rows); $msg .= $message->getMessage(); } else { $msg .= __('MySQL returned an empty result set (i.e. zero rows).'); } } if (!$sql_query_disabled) { $sql_query .= $msg . "\n"; } // If a 'USE <db>' SQL-clause was found and the query succeeded, set our current $db to the new one if ($result != false) { list($db, $reload) = PMA_lookForUse($import_run_buffer['sql'], $db, $reload); } if ($result != false && preg_match('@^[\\s]*(DROP|CREATE)[\\s]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)@im', $import_run_buffer['sql'])) { $reload = true; } } // end run query } // end if not DROP DATABASE // end non empty query } elseif (!empty($import_run_buffer['full'])) { if ($go_sql) { $complete_query .= $import_run_buffer['full']; $display_query .= $import_run_buffer['full']; } else { if (!$sql_query_disabled) { $sql_query .= $import_run_buffer['full']; } } } // check length of query unless we decided to pass it to sql.php // (if $run_query is false, we are just displaying so show // the complete query in the textarea) if (!$go_sql && $run_query) { if ($cfg['VerboseMultiSubmit'] && !empty($sql_query)) { if (strlen($sql_query) > 50000 || $executed_queries > 50 || $max_sql_len > 1000) { $sql_query = ''; $sql_query_disabled = true; } } else { if (strlen($sql_query) > 10000 || $executed_queries > 10 || $max_sql_len > 500) { $sql_query = ''; $sql_query_disabled = true; } } } } // end do query (no skip) } // end buffer exists // Do we have something to push into buffer? if (!empty($sql) || !empty($full)) { $import_run_buffer = array('sql' => $sql, 'full' => $full); } else { unset($GLOBALS['import_run_buffer']); } }