diff --git a/db_qbe.php b/db_qbe.php index 8b44123a5..d6bc57a91 100644 --- a/db_qbe.php +++ b/db_qbe.php @@ -23,11 +23,9 @@ $cfgRelation = PMA_getRelationsParam(); /** * A query has been submitted -> execute it, else display the headers */ -if (isset($_REQUEST['submit_sql']) - && preg_match('@^SELECT@i', $_REQUEST['encoded_sql_query'])) { +if (isset($_REQUEST['submit_sql']) && ! empty($sql_query)) { $goto = 'db_sql.php'; $zero_rows = htmlspecialchars($GLOBALS['strSuccess']); - $sql_query = urldecode($_REQUEST['encoded_sql_query']); require './sql.php'; exit; } else { @@ -39,7 +37,7 @@ if (isset($_REQUEST['submit_sql']) } if (isset($_REQUEST['submit_sql']) - && ! preg_match('@^SELECT@i', $_REQUEST['encoded_sql_query'])) { + && ! preg_match('@^SELECT@i', $sql_query)) { echo '
' . $GLOBALS['strHaveToShow'] . '
'; } @@ -47,13 +45,13 @@ if (isset($_REQUEST['submit_sql']) /** * Initialize some variables */ -$col_cnt = isset($_REQUEST['col_cnt']) ? (int) $_REQUEST['col_cnt'] : 3; -$add_col = isset($_REQUEST['add_col']) ? (int) $_REQUEST['add_col'] : 0; -$add_row = isset($_REQUEST['add_row']) ? (int) $_REQUEST['add_row'] : 0; +$col_cnt = PMA_ifSetOr($_REQUEST['col_cnt'], 3, 'numeric'); +$add_col = PMA_ifSetOr($_REQUEST['add_col'], 0, 'numeric'); +$add_row = PMA_ifSetOr($_REQUEST['add_row'], 0, 'numeric'); -$rows = isset($_REQUEST['rows']) ? (int) $_REQUEST['rows'] : 0; -$ins_col = isset($_REQUEST['ins_col']) ? $_REQUEST['ins_col'] : array(); -$del_col = isset($_REQUEST['del_col']) ? $_REQUEST['del_col'] : array(); +$rows = PMA_ifSetOr($_REQUEST['rows'], 0, 'numeric'); +$ins_col = PMA_ifSetOr($_REQUEST['add_col'], null, 'array'); +$del_col = PMA_ifSetOr($_REQUEST['add_row'], null, 'array'); $prev_criteria = isset($_REQUEST['prev_criteria']) ? $_REQUEST['prev_criteria'] @@ -82,10 +80,9 @@ $row = max($rows + $add_row, 0); // The tables list sent by a previously submitted form -if (!empty($TableList)) { - $cnt_table_list = count($TableList); - for ($x = 0; $x < $cnt_table_list; $x++) { - $tbl_names[urldecode($TableList[$x])] = ' selected="selected"'; +if (PMA_isValid($_REQUEST['TableList'], 'array')) { + foreach ($_REQUEST['TableList'] as $each_table) { + $tbl_names[$each_table] = ' selected="selected"'; } } // end if @@ -101,22 +98,16 @@ if (!empty($TableList)) { $tbl_result = PMA_DBI_query('SHOW TABLES FROM ' . PMA_backquote($db) . ';', null, PMA_DBI_QUERY_STORE); $tbl_result_cnt = PMA_DBI_num_rows($tbl_result); if (0 == $tbl_result_cnt) { - echo '
' . $strNoTablesFound . '
'; + PMA_Message::error('strNoTablesFound')->display(); require_once './libraries/footer.inc.php'; exit; } -$i = 0; -$k = 0; - // The tables list gets from MySQL -while ($i < $tbl_result_cnt) { - list($tbl) = PMA_DBI_fetch_row($tbl_result); - $fld_results = PMA_DBI_get_fields($db, $tbl); - $fld_results_cnt = ($fld_results) ? count($fld_results) : 0; - $j = 0; +while (list($tbl) = PMA_DBI_fetch_row($tbl_result)) { + $fld_results = PMA_DBI_get_fields($db, $tbl); - if (empty($tbl_names[$tbl]) && !empty($TableList)) { + if (empty($tbl_names[$tbl]) && !empty($_REQUEST['TableList'])) { $tbl_names[$tbl] = ''; } else { $tbl_names[$tbl] = ' selected="selected"'; @@ -124,23 +115,17 @@ while ($i < $tbl_result_cnt) { // The fields list per selected tables if ($tbl_names[$tbl] == ' selected="selected"') { - $fld[$k++] = PMA_backquote($tbl) . '.*'; - while ($j < $fld_results_cnt) { - $fld[$k] = $fld_results[$j]['Field']; - $fld[$k] = PMA_backquote($tbl) . '.' . PMA_backquote($fld[$k]); + $each_table = PMA_backquote($tbl); + $fld[] = $each_table . '.*'; + foreach ($fld_results as $each_field) { + $each_field = $each_table . '.' . PMA_backquote($each_field['Field']); + $fld[] = $each_field; // increase the width if necessary - if (strlen($fld[$k]) > $form_column_width) { - $form_column_width = strlen($fld[$k]); - } //end if - - $k++; - $j++; - } // end while + $form_column_width = max(strlen($each_field), $form_column_width); + } // end foreach } // end if - - $i++; -} // end if +} // end while PMA_DBI_free_result($tbl_result); // largest width found @@ -151,6 +136,13 @@ $realwidth = $form_column_width . 'ex'; * Displays the Query by example form */ +/** + * Enter description here... + * + * @param array $columns + * @param numeric $column_number + * @param string $selected + */ function showColumnSelectCell($columns, $column_number, $selected = '') { ?> @@ -164,7 +156,6 @@ function showColumnSelectCell($columns, $column_number, $selected = '') } else { $sel = ''; } - echo ' '; echo '' . "\n"; } @@ -194,8 +185,8 @@ for ($x = 0; $x < $col; $x++) { $selected = ''; if (isset($Field[$x])) { - $selected = urldecode($Field[$x]); - $curField[$z] = urldecode($Field[$x]); + $selected = $Field[$x]; + $curField[$z] = $Field[$x]; } showColumnSelectCell($fld, $z, $selected); $z++; @@ -237,7 +228,7 @@ for ($x = 0; $x < $col; $x++) { // then sorting is not available // Robbat2 - Fix for Bug #570698 if (isset($Sort[$x]) && isset($Field[$x]) - && substr(urldecode($Field[$x]), -2) == '.*') { + && substr($Field[$x], -2) == '.*') { $Sort[$x] = ''; } //end if @@ -326,16 +317,14 @@ for ($x = 0; $x < $col; $x++) { $stripped_Criteria = $criteria[$x]; } if ((empty($prev_criteria) || !isset($prev_criteria[$x])) - || urldecode($prev_criteria[$x]) != htmlspecialchars($stripped_Criteria)) { + || $prev_criteria[$x] != htmlspecialchars($stripped_Criteria)) { $curCriteria[$z] = $stripped_Criteria; - $encoded_Criteria = urlencode($stripped_Criteria); } else { - $curCriteria[$z] = urldecode($prev_criteria[$x]); - $encoded_Criteria = $prev_criteria[$x]; + $curCriteria[$z] = $prev_criteria[$x]; } ?> - + $val) { 0) { - // Initialize some variables $tab_all = array(); $col_all = array(); @@ -697,11 +683,11 @@ if (isset($Field) && count($Field) > 0) { foreach ($Field as $value) { $parts = explode('.', $value); if (!empty($parts[0]) && !empty($parts[1])) { - $tab_raw = urldecode($parts[0]); + $tab_raw = $parts[0]; $tab = str_replace('`', '', $tab_raw); $tab_all[$tab] = $tab; - $col_raw = urldecode($parts[1]); + $col_raw = $parts[1]; $col_all[] = $tab . '.' . str_replace('`', '', $col_raw); } } // end while @@ -711,12 +697,12 @@ if (isset($Field) && count($Field) > 0) { // Now we need all tables that we have in the where clause $crit_cnt = count($criteria); for ($x = 0; $x < $crit_cnt; $x++) { - $curr_tab = explode('.', urldecode($Field[$x])); + $curr_tab = explode('.', $Field[$x]); if (!empty($curr_tab[0]) && !empty($curr_tab[1])) { - $tab_raw = urldecode($curr_tab[0]); + $tab_raw = $curr_tab[0]; $tab = str_replace('`', '', $tab_raw); - $col_raw = urldecode($curr_tab[1]); + $col_raw = $curr_tab[1]; $col1 = str_replace('`', '', $col_raw); $col1 = $tab . '.' . $col1; // Now we know that our array has the same numbers as $criteria @@ -862,7 +848,6 @@ if (empty($qry_from) && isset($tab_all)) { } // Now let's see what we got if (!empty($qry_from)) { - $encoded_qry .= urlencode('FROM ' . $qry_from . "\n"); echo 'FROM ' . htmlspecialchars($qry_from) . "\n"; } @@ -914,10 +899,10 @@ for ($y = 0; $y <= $row; $y++) { } // end for if (!empty($qry_where) && $qry_where != '()') { - $encoded_qry .= urlencode('WHERE ' . $qry_where . "\n"); echo 'WHERE ' . htmlspecialchars($qry_where) . "\n"; } // end if + // 4. ORDER BY $last_orderby = 0; if (!isset($qry_orderby)) { @@ -938,12 +923,10 @@ for ($x = 0; $x < $col; $x++) { } } // end for if (!empty($qry_orderby)) { - $encoded_qry .= urlencode('ORDER BY ' . $qry_orderby); echo 'ORDER BY ' . htmlspecialchars($qry_orderby) . "\n"; } ?> -
diff --git a/libraries/relation.lib.php b/libraries/relation.lib.php index a391f3a21..b4abad9aa 100644 --- a/libraries/relation.lib.php +++ b/libraries/relation.lib.php @@ -996,21 +996,20 @@ function PMA_getForeignData($foreigners, $field, $override_total, $foreign_filte /** * Finds all related tables * + * @uses $GLOBALS['controllink'] + * @uses $GLOBALS['cfgRelation'] + * @uses $GLOBALS['db'] * @param string wether to go from master to foreign or vice versa - * * @return boolean always TRUE - * - * @global array the list of tables that we still couldn't connect - * @global array the list of allready connected tables - * @global string the current databse name - * @global string the super user connection id - * @global array the list of relation settings + * @global array $tab_left the list of tables that we still couldn't connect + * @global array $tab_know the list of allready connected tables + * @global string $fromclause * * @access private */ -function PMA_getRelatives($from) { +function PMA_getRelatives($from) +{ global $tab_left, $tab_know, $fromclause; - global $db, $cfgRelation; if ($from == 'master') { $to = 'foreign'; @@ -1021,9 +1020,10 @@ function PMA_getRelatives($from) { $in_left = '(\'' . implode('\', \'', $tab_left) . '\')'; $rel_query = 'SELECT *' - . ' FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['relation']) - . ' WHERE ' . $from . '_db = \'' . PMA_sqlAddslashes($db) . '\'' - . ' AND ' . $to . '_db = \'' . PMA_sqlAddslashes($db) . '\'' + . ' FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) + . '.' . PMA_backquote($GLOBALS['cfgRelation']['relation']) + . ' WHERE ' . $from . '_db = \'' . PMA_sqlAddslashes($GLOBALS['db']) . '\'' + . ' AND ' . $to . '_db = \'' . PMA_sqlAddslashes($GLOBALS['db']) . '\'' . ' AND ' . $from . '_table IN ' . $in_know . ' AND ' . $to . '_table IN ' . $in_left; $relations = @PMA_DBI_query($rel_query, $GLOBALS['controllink']); @@ -1032,7 +1032,7 @@ function PMA_getRelatives($from) { if (isset($tab_left[$found_table])) { $fromclause .= "\n" . ' LEFT JOIN ' - . PMA_backquote($db) . '.' . PMA_backquote($row[$to . '_table']) . ' ON ' + . PMA_backquote($GLOBALS['db']) . '.' . PMA_backquote($row[$to . '_table']) . ' ON ' . PMA_backquote($row[$from . '_table']) . '.' . PMA_backquote($row[$from . '_field']) . ' = ' . PMA_backquote($row[$to . '_table']) . '.' @@ -1042,7 +1042,7 @@ function PMA_getRelatives($from) { } } // end while - return TRUE; + return true; } // end of the "PMA_getRelatives()" function ?>