nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactored:

Browse Source 
made register_globals independent;
added documentation;
removed unused code;
fixed bug #1597686 last insert id message wrong;
and much more i don't remember ...
This commit is contained in:
Sebastian Mendel
2006-12-19 16:54:29 +00:00
parent 14ff3c4729
commit d3f335ac3d
4 changed files with 497 additions and 432 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@@ -5,6 +5,12 @@ phpMyAdmin - ChangeLog
$Id$
$HeadURL$
2006-12-19 Sebastian Mendel <cybot_tm@users.sourceforge.net>
* tbl_change.php, tbl_replace.php, include/tbl_replace_fields.inc.php:
refactored: made register_globals independent; added documentation;
removed unused code; fixed bug #1597686 last insert id message wrong;
much more i don't remember ...
2006-12-15 Marc Delisle <lem9@users.sourceforge.net>
* Documentation.html, libraries/common.lib.php, config.default.php:
bug #1615313, doc referred to HTTP so enable the code to accept

349
libraries/tbl_replace_fields.inc.php
View File

@@ -1,226 +1,221 @@
<?php
/* $Id$ */
// vim: expandtab sw=4 ts=4 sts=4:
/**
* f i e l d u p l o a d e d f r o m a f i l e
*
* garvin: original if-clause checked, whether input was stored in a possible
* fields_upload_XX var. Now check, if the field is set. If it is empty or a
* malicious file, do not alter fields contents. If an empty or invalid file is
* specified, the binary data gets deleter. Maybe a nice new text-variable is
* appropriate to document this behaviour.
*
* garvin: security cautions! You could trick the form and submit any file the
* webserver has access to for upload to a binary field. Shouldn't be that easy! ;)
*
* garvin: default is to advance to the field-value parsing. Will only be set to
* true when a binary file is uploaded, thus bypassing further manipulation of $val.
*
* note: grab_globals has extracted the fields from _FILES or HTTP_POST_FILES
*
* @version $Id$
* vim: expandtab sw=4 ts=4 sts=4:
*
* @uses $GLOBALS['cfg']['UploadDir']
* @uses $_FILES
* @uses $_REQUEST
* @uses defined()
* @uses define()
* @uses is_uploaded_file()
* @uses ini_get()
* @uses is_dir()
* @uses mkdir()
* @uses chmod()
* @uses is_writable()
* @uses is_readable()
* @uses move_uploaded_file()
* @uses basename()
* @uses preg_replace()
* @uses bin2hex()
* @uses fread()
* @uses fopen()
* @uses filesize()
* @uses unlink()
* @uses strlen()
* @uses md5()
* @uses implode()
* @uses PMA_IS_WINDOWS
* @uses PMA_NO_VARIABLES_IMPORT
* @uses PMA_checkParameters()
* @uses PMA_sqlAddslashes()
* @uses PMA_userDir()
*/
// note: grab_globals has extracted the fields from _FILES
// or HTTP_POST_FILES
/**
* do not import request variable into global scope
*/
if (! defined('PMA_NO_VARIABLES_IMPORT')) {
define('PMA_NO_VARIABLES_IMPORT', true);
}
/**
* Gets some core libraries
*/
require_once './libraries/common.lib.php';
// Check parameters
require_once('./libraries/common.lib.php');
PMA_checkParameters(array('db', 'encoded_key'));
// f i e l d u p l o a d e d f r o m a f i l e
// garvin: original if-clause checked, whether input was stored in a possible fields_upload_XX var.
// Now check, if the field is set. If it is empty or a malicious file, do not alter fields contents.
// If an empty or invalid file is specified, the binary data gets deleter. Maybe a nice
// new text-variable is appropriate to document this behaviour.
// garvin: security cautions! You could trick the form and submit any file the webserver has access to
// for upload to a binary field. Shouldn't be that easy! ;)
// garvin: default is to advance to the field-value parsing. Will only be set to true when a
// binary file is uploaded, thus bypassing further manipulation of $val.
$check_stop = false;
$valid_file_was_uploaded = false;
// Check if a multi-edit row was found
${'me_fields_upload_' . $encoded_key} = (isset($enc_primary_key) && isset(${'fields_upload_' . $encoded_key}['multi_edit']) ? ${'fields_upload_' . $encoded_key}['multi_edit'][$enc_primary_key] : (isset(${'fields_upload_' . $encoded_key}) ? ${'fields_upload_' . $encoded_key} : null));
${'me_fields_uploadlocal_' . $encoded_key} = (isset($enc_primary_key) && isset(${'fields_uploadlocal_' . $encoded_key}['multi_edit']) ? ${'fields_uploadlocal_' . $encoded_key}['multi_edit'][$enc_primary_key] : (isset(${'fields_uploadlocal_' . $encoded_key}) ? ${'fields_uploadlocal_' . $encoded_key} : null));
if (isset(${'me_fields_upload_' . $encoded_key}) && ${'me_fields_upload_' . $encoded_key} != 'none'){
$me_fields_upload =
(isset($_FILES['fields_upload_' . $key]['tmp_name']['multi_edit'][$primary_key])
? $_FILES['fields_upload_' . $key]['tmp_name']['multi_edit'][$primary_key]
: (isset($_FILES['fields_upload_' . $key]['tmp_name'])
? $_FILES['fields_upload_' . $key]['tmp_name']
: 'none'));
$me_fields_uploadlocal =
(isset($_REQUEST['fields_uploadlocal_' . $key]['multi_edit'])
? $_REQUEST['fields_uploadlocal_' . $key]['multi_edit'][$primary_key]
: (isset($_REQUEST['fields_uploadlocal_' . $key])
? $_REQUEST['fields_uploadlocal_' . $key]
: null));
if ($me_fields_upload != 'none') {
// garvin: This fields content is a blob-file upload.
if (!empty(${'me_fields_upload_' . $encoded_key})) {
// garvin: The blob-field is not empty. Check what we have there.
$file_to_insert = false;
$unlink = false;
$data_file = ${'me_fields_upload_' . $encoded_key};
if (is_uploaded_file($me_fields_upload)) {
// whether we insert form uploaded file ...
if (is_uploaded_file($data_file)) {
// garvin: A valid uploaded file is found. Look into the file...
$val = fread(fopen($data_file, 'rb'), filesize($data_file));
// nijel: This is probably the best way how to put binary data
// into MySQL and it also allow not to care about charset
// conversion that would otherwise corrupt the data.
if (!empty($val)) {
// garvin: The upload was valid. Check in new blob-field's contents.
$val = '0x' . bin2hex($val);
$seen_binary = TRUE;
$check_stop = TRUE;
}
// garvin: ELSE: an empty file was uploaded. Remove blob-field's contents.
// Blob-fields are preserved, see below. ($protected$)
} else {
// garvin: Danger, will robinson. File is malicious. Blob-fields are preserved, see below. ($protected$)
// void
}
} elseif (!empty(${'me_fields_uploadlocal_' . $encoded_key})) {
$file_to_upload = PMA_userDir($cfg['UploadDir']) . preg_replace('@\.\.*@', '.', ${'me_fields_uploadlocal_' . $encoded_key});
// A local file will be uploaded.
$open_basedir = @ini_get('open_basedir');
$file_to_insert = $me_fields_upload;
// If we are on a server with open_basedir, we must move the file
// before opening it. The doc explains how to create the "./tmp"
// directory
$unlink = false;
if (!empty($open_basedir)) {
// before opening it. The FAQ 1.11 explains how to create the "./tmp"
// directory - if needed
if ('' != ini_get('open_basedir')) {
$tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/');
// function is_writeable() is valid on PHP3 and 4
if (!is_writeable($tmp_subdir)) {
if (! is_dir($tmp_subdir)) {
// try to create the tmp directory if not exists
if (mkdir($tmp_subdir, 0777)) {
chmod($tmp_subdir, 0777);
}
}
if (! is_writable($tmp_subdir)) {
// if we cannot move the file don't change blob fields
$file_to_upload = '';
$file_to_insert = false;
} else {
$new_file_to_upload = $tmp_subdir . basename($file_to_upload);
move_uploaded_file($file_to_upload, $new_file_to_upload);
$new_file_to_upload = $tmp_subdir . basename($file_to_insert);
$file_to_upload = $new_file_to_upload;
move_uploaded_file($file_to_insert, $new_file_to_upload);
$file_to_insert = $new_file_to_upload;
$unlink = true;
unset($new_file_to_upload);
}
unset($tmp_subdir);
}
} elseif (! empty($me_fields_uploadlocal)) {
// ... or selected file from $cfg['UploadDir']
if ($file_to_upload != '') {
$file_to_insert = PMA_userDir($GLOBALS['cfg']['UploadDir']) . preg_replace('@\.\.*@', '.', $me_fields_uploadlocal);
$val = fread(fopen($file_to_upload, 'rb'), filesize($file_to_upload));
if (!empty($val)) {
$val = '0x' . bin2hex($val);
$seen_binary = TRUE;
$check_stop = TRUE;
}
if ($unlink == TRUE) {
unlink($file_to_upload);
}
if (! is_readable($file_to_insert)) {
$file_to_insert = false;
}
}
// garvin: else: Post-field contains no data. Blob-fields are preserved, see below. ($protected$)
if ($file_to_insert) {
$val = '';
// check if file is not empty
if (function_exists('file_get_contents')) {
$val = file_get_contents($file_to_insert);
} elseif ($file_to_insert_size = filesize($file_to_insert)) {
$val = fread(fopen($file_to_insert, 'rb'), $file_to_insert_size);
}
if (! empty($val)) {
$val = '0x' . bin2hex($val);
$seen_binary = true;
$valid_file_was_uploaded = true;
}
if ($unlink == true) {
unlink($file_to_insert);
}
}
unset($file_to_insert, $file_to_insert_size, $unlink);
}
if (!$check_stop) {
if (false === $valid_file_was_uploaded) {
// f i e l d v a l u e i n t h e f o r m
// f i e l d v a l u e i n t h e f o r m
if (isset($me_fields_type[$encoded_key])) {
$type = $me_fields_type[$encoded_key];
if (isset($me_fields_type[$key])) {
$type = $me_fields_type[$key];
} else {
$type = '';
}
$f = 'field_' . md5($key);
$t_fval = (isset($$f) ? $$f : null);
if (isset($t_fval['multi_edit']) && isset($t_fval['multi_edit'][$enc_primary_key])) {
$fval = &$t_fval['multi_edit'][$enc_primary_key];
} else {
$fval = null;
if (0 === strlen($val)) {
// default
$val = "''";
switch ($type) {
case 'enum':
// if we have an enum, then construct the value
case 'set':
// if we have a set, then construct the value
case 'foreign':
// if we have a foreign key, then construct the value
if (! empty($_REQUEST[$f]['multi_edit'][$primary_key])) {
$val = implode(',', $_REQUEST[$f]['multi_edit'][$primary_key]);
$val = "'" . PMA_sqlAddslashes($val) . "'";
}
break;
case 'protected':
// here we are in protected mode (asked in the config)
// so tbl_change has put this special value in the
// fields array, so we do not change the field value
// but we can still handle field upload
// garvin: when in UPDATE mode, do not alter field's contents. When in INSERT
// mode, insert empty field because no values were submitted. If protected
// blobs where set, insert original fields content.
if (! empty($prot_row[$key])) {
$val = '0x' . bin2hex($prot_row[$key]);
$seen_binary = true;
}
break;
default:
// best way to avoid problems in strict mode (works also in non-strict mode)
if (isset($me_auto_increment) && isset($me_auto_increment[$key])) {
$val = 'NULL';
}
break;
}
} elseif (! ($type == 'timestamp' && $val == 'CURRENT_TIMESTAMP')) {
$val = "'" . PMA_sqlAddslashes($val) . "'";
}
switch (strtolower($val)) {
// let users type NULL or null to input this string and not a NULL value
//case 'null':
// break;
case '':
switch ($type) {
case 'enum':
// if we have an enum, then construct the value
if (!empty($fval)) {
$val = implode(',', $fval);
if ($val == 'null') {
// void
} else {
// the data here is urlencoded
$val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
}
} else {
$val = "''";
}
break;
case 'set':
// if we have a set, then construct the value
if (!empty($fval)) {
$val = implode(',', $fval);
// the data here is urlencoded
$val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
} else {
$val = "''";
}
break;
case 'foreign':
// if we have a foreign key, then construct the value
if (!empty($fval)) {
$val = implode(',', $fval);
if ($val == 'null') {
// void
} else {
// the data here is not urlencoded!
//$val = "'" . PMA_sqlAddslashes(urldecode($val)) . "'";
$val = "'" . PMA_sqlAddslashes($val) . "'";
}
} else {
$val = "''";
}
break;
case 'protected':
// here we are in protected mode (asked in the config)
// so tbl_change has put this special value in the
// fields array, so we do not change the field value
// but we can still handle field upload
// garvin: when in UPDATE mode, do not alter field's contents. When in INSERT
// mode, insert empty field because no values were submitted. If protected
// blobs where set, insert original fields content.
if (isset($fieldlist)) {
if (isset($prot_row) && isset($prot_row[$key]) && !empty($prot_row[$key])) {
$val = '0x' . bin2hex($prot_row[$key]);
$seen_binary = TRUE;
} else {
$val = "''";
}
} else {
unset($val);
}
break;
default:
// best way to avoid problems in strict mode (works also in non-strict mode)
if (isset($me_auto_increment) && isset($me_auto_increment[$encoded_key])) {
$val = 'NULL';
} else {
$val = "'" . PMA_sqlAddslashes($val) . "'";
}
break;
}
break;
default:
if (!($type == 'timestamp' && $val == 'CURRENT_TIMESTAMP')) {
$val = "'" . PMA_sqlAddslashes($val) . "'";
}
break;
} // end switch
// Was the Null checkbox checked for this field?
// (if there is a value, we ignore the Null checkbox: this could
// be possible if Javascript is disabled in the browser)
if (isset($me_fields_null) && isset($me_fields_null[$encoded_key])
&& $val=="''") {
if (isset($me_fields_null[$key])
&& $val == "''") {
$val = 'NULL';
}
// The Null checkbox was unchecked for this field
if (empty($val) && isset($me_fields_null_prev) && isset($me_fields_null_prev[$encoded_key]) && !isset($me_fields_null[$encoded_key])) {
if (empty($val) && isset($me_fields_null_prev[$key]) && ! isset($me_fields_null[$key])) {
$val = "''";
}
} // end else (field value in the form)
unset($valid_file_was_uploaded, $me_fields_upload, $me_fields_uploadlocal, $type, $f);
?>

111
tbl_change.php
View File

@@ -1,6 +1,8 @@
<?php
/* $Id$ */
// vim: expandtab sw=4 ts=4 sts=4:
/**
* vim: expandtab sw=4 ts=4 sts=4:
* @version $Id$
*/
/**
* Gets the variables sent or posted to this script and displays the header
@@ -153,7 +155,7 @@ if (isset($primary_key)) {
$row = array();
$result = array();
foreach ($primary_key_array AS $rowcount => $primary_key) {
foreach ($primary_key_array as $rowcount => $primary_key) {
$local_query = 'SELECT * FROM ' . PMA_backquote($table) . ' WHERE ' . $primary_key . ';';
$result[$rowcount] = PMA_DBI_query($local_query, null, PMA_DBI_QUERY_STORE);
$row[$rowcount] = PMA_DBI_fetch_assoc($result[$rowcount]);
@@ -221,19 +223,19 @@ document.onkeydown = onKeyDownArrowsHandler;
<!-- Change table properties form -->
<form method="post" action="tbl_replace.php" name="insertForm" <?php if ($is_upload) { echo ' enctype="multipart/form-data"'; } ?>>
<?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
<input type="hidden" name="goto" value="<?php echo urlencode($goto); ?>" />
<input type="hidden" name="goto" value="<?php echo htmlspecialchars($goto); ?>" />
<input type="hidden" name="pos" value="<?php echo isset($pos) ? $pos : 0; ?>" />
<input type="hidden" name="session_max_rows" value="<?php echo isset($session_max_rows) ? $session_max_rows : ''; ?>" />
<input type="hidden" name="disp_direction" value="<?php echo isset($disp_direction) ? $disp_direction : ''; ?>" />
<input type="hidden" name="repeat_cells" value="<?php echo isset($repeat_cells) ? $repeat_cells : ''; ?>" />
<input type="hidden" name="dontlimitchars" value="<?php echo (isset($dontlimitchars) ? $dontlimitchars : 0); ?>" />
<input type="hidden" name="err_url" value="<?php echo urlencode($err_url); ?>" />
<input type="hidden" name="sql_query" value="<?php echo isset($sql_query) ? urlencode($sql_query) : ''; ?>" />
<input type="hidden" name="err_url" value="<?php echo htmlspecialchars($err_url); ?>" />
<input type="hidden" name="sql_query" value="<?php echo isset($sql_query) ? htmlspecialchars($sql_query) : ''; ?>" />
<?php
if (isset($primary_key_array)) {
foreach ($primary_key_array AS $primary_key) {
foreach ($primary_key_array as $primary_key) {
?>
<input type="hidden" name="primary_key[]" value="<?php echo urlencode($primary_key); ?>" />
<input type="hidden" name="primary_key[]" value="<?php echo htmlspecialchars(trim($primary_key)); ?>" />
<?php
}
}
@@ -290,7 +292,7 @@ $biggest_max_file_size = 0;
$url_params['db'] = $db;
$url_params['table'] = $table;
if (isset($primary_key)) {
$url_params['primary_key'] = $primary_key;
$url_params['primary_key'] = trim($primary_key);
}
if (isset($sql_query)) {
$url_params['sql_query'] = $sql_query;
@@ -302,7 +304,7 @@ if (! $cfg['ShowFunctionFields']) {
echo $strShow . ' : <a href="tbl_change.php' . PMA_generate_common_url($this_url_params) . '">' . $strFunction . '</a>' . "\n";
}
foreach ($loop_array AS $vrowcount => $vrow) {
foreach ($loop_array as $vrowcount => $vrow) {
if ($vrow === FALSE) {
unset($vrow);
}
@@ -311,8 +313,8 @@ foreach ($loop_array AS $vrowcount => $vrow) {
$jsvkey = $vrowcount;
$browse_foreigners_uri = '&amp;pk=' . $vrowcount;
} else {
$jsvkey = urlencode($primary_keys[$vrowcount]);
$browse_foreigners_uri = '&amp;pk=' . urlencode($primary_keys[$vrowcount]);
$jsvkey = htmlspecialchars(trim($primary_keys[$vrowcount]));
$browse_foreigners_uri = '&amp;pk=' . urlencode(trim($primary_keys[$vrowcount]));
}
$vkey = '[multi_edit][' . $jsvkey . ']';
@@ -365,7 +367,8 @@ foreach ($loop_array AS $vrowcount => $vrow) {
$row_table_def = $trow_table_def[$i];
$row_table_def['True_Type'] = preg_replace('@\(.*@s', '', $row_table_def['Type']);
$field = $row_table_def['Field'];
$field = $row_table_def['Field'];
$field_html = $field;
// removed previous PHP3-workaround that caused a problem with
// field names like '000'
@@ -415,7 +418,7 @@ foreach ($loop_array AS $vrowcount => $vrow) {
: PMA_DBI_field_len($vresult, $i);
$first_timestamp = 0;
$field_name = htmlspecialchars($field);
$field_name = $field_html;
if (isset($comments_map[$field])) {
$field_name = '<span style="border-bottom: 1px dashed black;" title="' . htmlspecialchars($comments_map[$field]) . '">' . $field_name . '</span>';
}
@@ -486,7 +489,7 @@ foreach ($loop_array AS $vrowcount => $vrow) {
// it's better to set a fields_prev in this situation
$backup_field = (PMA_MYSQL_INT_VERSION < 40100 && $row_table_def['True_Type'] == 'timestamp')
? ''
: '<input type="hidden" name="fields_prev' . $vkey . '[' . urlencode($field) . ']" value="' . urlencode($vrow[$rowfield]) . '" />';
: '<input type="hidden" name="fields_prev' . $vkey . '[' . $field_html . ']" value="' . htmlspecialchars($vrow[$rowfield]) . '" />';
} else {
// loic1: display default values
if (!isset($row_table_def['Default'])) {
@@ -519,7 +522,7 @@ foreach ($loop_array AS $vrowcount => $vrow) {
} else {
?>
<td>
<select name="funcs<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo urlencode($field); ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_function); ?>" id="field_<?php echo $idindex; ?>_1">
<select name="funcs<?php echo $vkey; ?>[<?php echo $field_html; ?>]" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo $field_html; ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_function); ?>" id="field_<?php echo $idindex; ?>_1">
<option></option>
<?php
$selected = '';
@@ -599,7 +602,7 @@ foreach ($loop_array AS $vrowcount => $vrow) {
// ---------------
echo ' <td>' . "\n";
if ($row_table_def['Null'] == 'YES') {
echo ' <input type="hidden" name="fields_null_prev' . $vkey . '[' . urlencode($field) . ']"';
echo ' <input type="hidden" name="fields_null_prev' . $vkey . '[' . $field_html . ']"';
if ($real_null_value && !$first_timestamp) {
echo ' value="on"';
}
@@ -608,7 +611,7 @@ foreach ($loop_array AS $vrowcount => $vrow) {
if (!(($cfg['ProtectBinary'] && $is_blob) || ($cfg['ProtectBinary'] == 'all' && $is_binary)) ) {
echo ' <input type="checkbox" tabindex="' . ($tabindex + $tabindex_for_null) . '"'
. ' name="fields_null' . $vkey . '[' . urlencode($field) . ']"';
. ' name="fields_null' . $vkey . '[' . $field_html . ']"';
if ($real_null_value && !$first_timestamp) {
echo ' checked="checked"';
}
@@ -627,10 +630,10 @@ foreach ($loop_array AS $vrowcount => $vrow) {
} else {
$onclick .= '5, ';
}
$onclick .= '\'' . urlencode($field) . '\', \'' . md5($field) . '\', \'' . $vkey . '\'); this.checked = true}; return true" />' . "\n";
$onclick .= '\'' . $field_html . '\', \'' . md5($field) . '\', \'' . $vkey . '\'); this.checked = true}; return true" />' . "\n";
echo $onclick;
} else {
echo ' <input type="hidden" name="fields_null' . $vkey . '[' . urlencode($field) . ']"';
echo ' <input type="hidden" name="fields_null' . $vkey . '[' . $field_html . ']"';
if ($real_null_value && !$first_timestamp) {
echo ' value="on"';
}
@@ -648,12 +651,16 @@ foreach ($loop_array AS $vrowcount => $vrow) {
?>
<td>
<?php echo $backup_field . "\n"; ?>
<input type="hidden" name="fields_type<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="foreign" />
<input type="hidden" name="fields<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="" id="field_<?php echo ($idindex); ?>_1" />
<input type="text" name="field_<?php echo md5($field); ?><?php echo $vkey; ?>[]" class="textfield" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo urlencode($field); ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" id="field_<?php echo ($idindex); ?>_3" value="<?php echo htmlspecialchars($data); ?>" />
<input type="hidden" name="fields_type<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="foreign" />
<input type="hidden" name="fields<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="" id="field_<?php echo ($idindex); ?>_1" />
<input type="text" name="field_<?php echo md5($field); ?><?php echo $vkey; ?>[]" class="textfield" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo $field_html; ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" id="field_<?php echo ($idindex); ?>_3" value="<?php echo htmlspecialchars($data); ?>" />
<script type="text/javascript" language="javascript">
//<![CDATA[
document.writeln('<a target="_blank" onclick="window.open(this.href, \'foreigners\', \'width=640,height=240,scrollbars=yes,resizable=yes\'); return false" href="browse_foreigners.php?<?php echo PMA_generate_common_url($db, $table); ?>&amp;field=<?php echo urlencode($field) . $browse_foreigners_uri; ?>"><?php echo str_replace("'", "\'", $titles['Browse']); ?></a>');
document.writeln('<a target="_blank" onclick="window.open(this.href, \'foreigners\', \'width=640,height=240,scrollbars=yes,resizable=yes\'); return false"');
document.writeln(' href="browse_foreigners.php?');
document.writeln('<?php echo PMA_generate_common_url($db, $table); ?>');
document.writeln('&amp;field=<?php echo urlencode($field) . $browse_foreigners_uri; ?>">');
document.writeln('<?php echo str_replace("'", "\'", $titles['Browse']); ?></a>');
//]]>
</script>
</td>
@@ -662,9 +669,9 @@ foreach ($loop_array AS $vrowcount => $vrow) {
?>
<td>
<?php echo $backup_field . "\n"; ?>
<input type="hidden" name="fields_type<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="foreign" />
<input type="hidden" name="fields<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="" id="field_<?php echo $idindex; ?>_1" />
<select name="field_<?php echo md5($field); ?><?php echo $vkey; ?>[]" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo urlencode($field); ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" id="field_<?php echo ($idindex); ?>_3">
<input type="hidden" name="fields_type<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="foreign" />
<input type="hidden" name="fields<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="" id="field_<?php echo $idindex; ?>_1" />
<select name="field_<?php echo md5($field); ?><?php echo $vkey; ?>[]" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo $field_html; ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" id="field_<?php echo ($idindex); ?>_3">
<?php echo PMA_foreignDropdown($disp_row, $foreign_field, $foreign_display, $data, $cfg['ForeignKeyMaxLimit']); ?>
</select>
</td>
@@ -677,16 +684,16 @@ foreach ($loop_array AS $vrowcount => $vrow) {
<tr class="<?php echo $odd_row ? 'odd' : 'even'; ?>">
<td colspan="5" align="right">
<?php echo $backup_field . "\n"; ?>
<textarea name="fields<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" rows="<?php echo ($cfg['TextareaRows']*2); ?>" cols="<?php echo ($cfg['TextareaCols']*2); ?>" dir="<?php echo $text_dir; ?>" id="field_<?php echo ($idindex); ?>_3"
<?php echo $chg_evt_handler; ?>="return unNullify('<?php echo urlencode($field); ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>"><?php echo $special_chars; ?></textarea>
<textarea name="fields<?php echo $vkey; ?>[<?php echo $field_html; ?>]" rows="<?php echo ($cfg['TextareaRows']*2); ?>" cols="<?php echo ($cfg['TextareaCols']*2); ?>" dir="<?php echo $text_dir; ?>" id="field_<?php echo ($idindex); ?>_3"
<?php echo $chg_evt_handler; ?>="return unNullify('<?php echo $field_html; ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>"><?php echo $special_chars; ?></textarea>
</td>
<?php
} elseif (strstr($type, 'text')) {
?>
<td>
<?php echo $backup_field . "\n"; ?>
<textarea name="fields<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" rows="<?php echo $cfg['TextareaRows']; ?>" cols="<?php echo $cfg['TextareaCols']; ?>" dir="<?php echo $text_dir; ?>" id="field_<?php echo ($idindex); ?>_3"
<?php echo $chg_evt_handler; ?>="return unNullify('<?php echo urlencode($field); ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>"><?php echo $special_chars; ?></textarea>
<textarea name="fields<?php echo $vkey; ?>[<?php echo $field_html; ?>]" rows="<?php echo $cfg['TextareaRows']; ?>" cols="<?php echo $cfg['TextareaCols']; ?>" dir="<?php echo $text_dir; ?>" id="field_<?php echo ($idindex); ?>_3"
<?php echo $chg_evt_handler; ?>="return unNullify('<?php echo $field_html; ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>"><?php echo $special_chars; ?></textarea>
</td>
<?php
echo "\n";
@@ -698,8 +705,8 @@ foreach ($loop_array AS $vrowcount => $vrow) {
$enum_cnt = count($enum);
?>
<td>
<input type="hidden" name="fields_type<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="enum" />
<input type="hidden" name="fields<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="" />
<input type="hidden" name="fields_type<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="enum" />
<input type="hidden" name="fields<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="" />
<?php
echo "\n" . ' ' . $backup_field;
@@ -707,7 +714,7 @@ foreach ($loop_array AS $vrowcount => $vrow) {
if (strlen($row_table_def['Type']) > 20) {
echo "\n";
?>
<select name="field_<?php echo md5($field); ?><?php echo $vkey; ?>[]" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo urlencode($field); ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" id="field_<?php echo ($idindex); ?>_3">
<select name="field_<?php echo md5($field); ?><?php echo $vkey; ?>[]" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo $field_html; ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" id="field_<?php echo ($idindex); ?>_3">
<option value=""></option>
<?php
echo "\n";
@@ -717,7 +724,7 @@ foreach ($loop_array AS $vrowcount => $vrow) {
$enum_atom = str_replace('\'\'', '\'', str_replace('\\\\', '\\', $enum[$j]));
echo ' ';
//echo '<option value="' . htmlspecialchars($enum_atom) . '"';
echo '<option value="' . urlencode($enum_atom) . '"';
echo '<option value="' . htmlspecialchars($enum_atom) . '"';
if ($data == $enum_atom
|| ($data == '' && (!isset($primary_key) || $row_table_def['Null'] != 'YES')
&& isset($row_table_def['Default']) && $enum_atom == $row_table_def['Default'])) {
@@ -735,7 +742,7 @@ foreach ($loop_array AS $vrowcount => $vrow) {
// Removes automatic MySQL escape format
$enum_atom = str_replace('\'\'', '\'', str_replace('\\\\', '\\', $enum[$j]));
echo ' ';
echo '<input type="radio" name="field_' . md5($field) . $vkey . '[]" value="' . urlencode($enum_atom) . '" id="field_' . ($idindex) . '_3_' . $j . '" onclick="if (typeof(document.forms[\'insertForm\'].elements[\'fields_null' . str_replace('"', '\"', $vkey) . '[' . urlencode($field) . ']\']) != \'undefined\') {document.forms[\'insertForm\'].elements[\'fields_null' . str_replace('"', '\"', $vkey) . '[' . urlencode($field) .']\'].checked = false}"';
echo '<input type="radio" name="field_' . md5($field) . $vkey . '[]" value="' . htmlspecialchars($enum_atom) . '" id="field_' . ($idindex) . '_3_' . $j . '" onclick="if (typeof(document.forms[\'insertForm\'].elements[\'fields_null' . str_replace('"', '\"', $vkey) . '[' . $field_html . ']\']) != \'undefined\') {document.forms[\'insertForm\'].elements[\'fields_null' . str_replace('"', '\"', $vkey) . '[' . $field_html .']\'].checked = false}"';
if ($data == $enum_atom
|| ($data == '' && (!isset($primary_key) || $row_table_def['Null'] != 'YES')
&& isset($row_table_def['Default']) && $enum_atom == $row_table_def['Default'])) {
@@ -765,15 +772,15 @@ foreach ($loop_array AS $vrowcount => $vrow) {
?>
<td>
<?php echo $backup_field . "\n"; ?>
<input type="hidden" name="fields_type<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="set" />
<input type="hidden" name="fields<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="" />
<select name="field_<?php echo md5($field); ?><?php echo $vkey; ?>[]" size="<?php echo $size; ?>" multiple="multiple" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo urlencode($field); ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" id="field_<?php echo ($idindex); ?>_3">
<input type="hidden" name="fields_type<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="set" />
<input type="hidden" name="fields<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="" />
<select name="field_<?php echo md5($field); ?><?php echo $vkey; ?>[]" size="<?php echo $size; ?>" multiple="multiple" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo $field_html; ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" id="field_<?php echo ($idindex); ?>_3">
<?php
echo "\n";
for ($j = 0; $j < $countset; $j++) {
echo ' ';
//echo '<option value="'. htmlspecialchars($set[$j]) . '"';
echo '<option value="'. urlencode($set[$j]) . '"';
echo '<option value="'. htmlspecialchars($set[$j]) . '"';
if (isset($vset[$set[$j]]) && $vset[$set[$j]]) {
echo ' selected="selected"';
}
@@ -801,16 +808,16 @@ foreach ($loop_array AS $vrowcount => $vrow) {
}
echo "\n";
?>
<input type="hidden" name="fields_type<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="protected" />
<input type="hidden" name="fields<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="" />
<input type="hidden" name="fields_type<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="protected" />
<input type="hidden" name="fields<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="" />
<?php
} elseif ($is_blob) {
echo "\n";
?>
<td>
<?php echo $backup_field . "\n"; ?>
<textarea name="fields<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" rows="<?php echo $cfg['TextareaRows']; ?>" cols="<?php echo $cfg['TextareaCols']; ?>" dir="<?php echo $text_dir; ?>" id="field_<?php echo ($idindex); ?>_3"
<?php echo $chg_evt_handler; ?>="return unNullify('<?php echo urlencode($field); ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" ><?php echo $special_chars; ?></textarea>
<textarea name="fields<?php echo $vkey; ?>[<?php echo $field_html; ?>]" rows="<?php echo $cfg['TextareaRows']; ?>" cols="<?php echo $cfg['TextareaCols']; ?>" dir="<?php echo $text_dir; ?>" id="field_<?php echo ($idindex); ?>_3"
<?php echo $chg_evt_handler; ?>="return unNullify('<?php echo $field_html; ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" ><?php echo $special_chars; ?></textarea>
<?php
} else {
@@ -824,7 +831,7 @@ foreach ($loop_array AS $vrowcount => $vrow) {
?>
<td>
<?php echo $backup_field . "\n"; ?>
<input type="text" name="fields<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="<?php echo $special_chars; ?>" size="<?php echo $fieldsize; ?>" maxlength="<?php echo $maxlength; ?>" class="textfield" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo urlencode($field); ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" id="field_<?php echo ($idindex); ?>_3" />
<input type="text" name="fields<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="<?php echo $special_chars; ?>" size="<?php echo $fieldsize; ?>" maxlength="<?php echo $maxlength; ?>" class="textfield" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo $field_html; ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" id="field_<?php echo ($idindex); ?>_3" />
<?php
} // end if...elseif...else
@@ -834,7 +841,7 @@ foreach ($loop_array AS $vrowcount => $vrow) {
if ($is_upload && $is_blob) {
echo '<br />';
echo '<input type="file" name="fields_upload_' . urlencode($field) . $vkey . '" class="textfield" id="field_' . ($idindex) . '_3" size="10" />&nbsp;';
echo '<input type="file" name="fields_upload_' . $field_html . $vkey . '" class="textfield" id="field_' . ($idindex) . '_3" size="10" />&nbsp;';
// find maximum upload size, based on field type
/**
@@ -867,7 +874,7 @@ foreach ($loop_array AS $vrowcount => $vrow) {
} elseif (!empty($files)) {
echo "<br />\n";
echo ' <i>' . $strOr . '</i>' . ' ' . $strWebServerUploadDirectory . ':<br />' . "\n";
echo ' <select size="1" name="fields_uploadlocal_' . urlencode($field) . $vkey . '">' . "\n";
echo ' <select size="1" name="fields_uploadlocal_' . $field_html . $vkey . '">' . "\n";
echo ' <option value="" selected="selected"></option>' . "\n";
echo $files;
echo ' </select>' . "\n";
@@ -898,21 +905,21 @@ foreach ($loop_array AS $vrowcount => $vrow) {
if ($is_char && ($cfg['CharEditing'] == 'textarea' || strpos($data, "\n") !== FALSE)) {
echo "\n";
?>
<textarea name="fields<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" rows="<?php echo $cfg['CharTextareaRows']; ?>" cols="<?php echo $cfg['CharTextareaCols']; ?>" dir="<?php echo $text_dir; ?>" id="field_<?php echo ($idindex); ?>_3"
<?php echo $chg_evt_handler; ?>="return unNullify('<?php echo urlencode($field); ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" ><?php echo $special_chars; ?></textarea>
<textarea name="fields<?php echo $vkey; ?>[<?php echo $field_html; ?>]" rows="<?php echo $cfg['CharTextareaRows']; ?>" cols="<?php echo $cfg['CharTextareaCols']; ?>" dir="<?php echo $text_dir; ?>" id="field_<?php echo ($idindex); ?>_3"
<?php echo $chg_evt_handler; ?>="return unNullify('<?php echo $field_html; ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" ><?php echo $special_chars; ?></textarea>
<?php
} else {
?>
<input type="text" name="fields<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="<?php echo $special_chars; ?>" size="<?php echo $fieldsize; ?>" maxlength="<?php echo $maxlength; ?>" class="textfield" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo urlencode($field); ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" id="field_<?php echo ($idindex); ?>_3" />
<input type="text" name="fields<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="<?php echo $special_chars; ?>" size="<?php echo $fieldsize; ?>" maxlength="<?php echo $maxlength; ?>" class="textfield" <?php echo $chg_evt_handler; ?>="return unNullify('<?php echo $field_html; ?>', '<?php echo $jsvkey; ?>')" tabindex="<?php echo ($tabindex + $tabindex_for_value); ?>" id="field_<?php echo ($idindex); ?>_3" />
<?php
if ($row_table_def['Extra'] == 'auto_increment') {
?>
<input type="hidden" name="auto_increment<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="1" />
<input type="hidden" name="auto_increment<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="1" />
<?php
} // end if
if (substr($type, 0, 9) == 'timestamp') {
?>
<input type="hidden" name="fields_type<?php echo $vkey; ?>[<?php echo urlencode($field); ?>]" value="timestamp" />
<input type="hidden" name="fields_type<?php echo $vkey; ?>[<?php echo $field_html; ?>]" value="timestamp" />
<?php
}
if ($type == 'date' || $type == 'datetime' || substr($type, 0, 9) == 'timestamp') {

439
tbl_replace.php
View File

@@ -1,249 +1,309 @@
<?php
/* $Id$ */
// vim: expandtab sw=4 ts=4 sts=4:
/**
* manipulation of table data like inserting, replacing and updating
*
* usally called as form action from tbl_change.php to insert or update table rows
*
* vim: expandtab sw=4 ts=4 sts=4:
*
* @version $Id$
*
* @todo 'edit_next' tends to not work as expected if used ... at least there is no order by
* it needs the original query and the row number and than replace the LIMIT clause
* @uses PMA_checkParameters()
* @uses PMA_DBI_select_db()
* @uses PMA_DBI_query()
* @uses PMA_DBI_fetch_row()
* @uses PMA_DBI_get_fields_meta()
* @uses PMA_DBI_free_result()
* @uses PMA_DBI_try_query()
* @uses PMA_DBI_getError()
* @uses PMA_DBI_affected_rows()
* @uses PMA_DBI_insert_id()
* @uses PMA_backquote()
* @uses PMA_getUvaCondition()
* @uses PMA_sqlAddslashes()
* @uses PMA_securePath()
* @uses PMA_sendHeaderLocation()
* @uses str_replace()
* @uses urlencode()
* @uses count()
* @uses file_exists()
* @uses strlen()
* @uses str_replace()
* @uses preg_replace()
* @uses is_array()
* @uses $GLOBALS['db']
* @uses $GLOBALS['table']
* @uses $GLOBALS['goto']
* @uses $GLOBALS['sql_query']
*/
/**
* do not import request variable into global scope
*
* cannot be used as long as it could happen that the $goto file that is included
* at the end of this script is not updated to work without imported request variables
*
* @todo uncomment this if all possible included files to rely on import request variables
if (! defined('PMA_NO_VARIABLES_IMPORT')) {
define('PMA_NO_VARIABLES_IMPORT', true);
}
*/
/**
* Gets some core libraries
*/
require_once('./libraries/common.lib.php');
require_once './libraries/common.lib.php';
// Check parameters
PMA_checkParameters(array('db', 'table', 'goto'));
PMA_DBI_select_db($db);
PMA_DBI_select_db($GLOBALS['db']);
/**
* Initializes some variables
*/
// Defines the url to return in case of success of the query
if (isset($sql_query)) {
$sql_query = urldecode($sql_query);
if (isset($_REQUEST['dontlimitchars'])) {
$url_params['dontlimitchars'] = $_REQUEST['dontlimitchars'];
}
if (!isset($dontlimitchars)) {
$dontlimitchars = 0;
if (isset($_REQUEST['pos'])) {
$url_params['pos'] = (int) $_REQUEST['pos'];
}
if (!isset($pos)) {
$pos = 0;
if (isset($_REQUEST['session_max_rows'])) {
$url_params['session_max_rows'] = (int) $_REQUEST['session_max_rows'];
}
$is_gotofile = FALSE;
if (isset($after_insert) && $after_insert == 'new_insert') {
$goto = 'tbl_change.php?'
. PMA_generate_common_url($db, $table, '&')
. '&goto=' . urlencode($goto)
. '&pos=' . $pos
. '&session_max_rows=' . $session_max_rows
. '&disp_direction=' . $disp_direction
. '&repeat_cells=' . $repeat_cells
. '&dontlimitchars=' . $dontlimitchars
. '&after_insert=' . $after_insert
. (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
} elseif (isset($after_insert) && $after_insert == 'same_insert') {
$goto = 'tbl_change.php?'
. PMA_generate_common_url($db, $table, '&')
. '&goto=' . urlencode($goto)
. '&pos=' . $pos
. '&session_max_rows=' . $session_max_rows
. '&disp_direction=' . $disp_direction
. '&repeat_cells=' . $repeat_cells
. '&dontlimitchars=' . $dontlimitchars
. '&after_insert=' . $after_insert
. (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
if (isset($primary_key)) {
foreach ($primary_key AS $pk) {
$goto .= '&primary_key[]=' . $pk;
if (isset($_REQUEST['disp_direction'])) {
$url_params['disp_direction'] = $_REQUEST['disp_direction'];
}
if (isset($_REQUEST['repeat_cells'])) {
$url_params['repeat_cells'] = (int) $_REQUEST['repeat_cells'];
}
$goto_include = false;
if (isset($_REQUEST['after_insert'])
&& in_array($_REQUEST['after_insert'], array('new_insert', 'same_insert', 'edit_next'))) {
$url_params['after_insert'] = $_REQUEST['after_insert'];
//$GLOBALS['goto'] = 'tbl_change.php';
$goto_include = 'tbl_change.php';
if (isset($_REQUEST['primary_key'])) {
if ($_REQUEST['after_insert'] == 'same_insert') {
foreach ($_REQUEST['primary_key'] as $pk) {
$url_params['primary_key'][] = $pk;
}
} elseif ($_REQUEST['after_insert'] == 'edit_next') {
foreach ($_REQUEST['primary_key'] as $pk) {
$local_query = 'SELECT * FROM ' . PMA_backquote($GLOBALS['db']) . '.' . PMA_backquote($GLOBALS['table'])
. ' WHERE ' . str_replace('` =', '` >', $pk)
. ' LIMIT 1;';
$res = PMA_DBI_query($local_query);
$row = PMA_DBI_fetch_row($res);
$meta = PMA_DBI_get_fields_meta($res);
$url_params['primary_key'][] = PMA_getUvaCondition($res, count($row), $meta, $row);
}
}
}
} elseif (isset($after_insert) && $after_insert == 'edit_next') {
$goto = 'tbl_change.php?'
. PMA_generate_common_url($db, $table, '&')
. '&goto=' . urlencode($goto)
. '&pos=' . $pos
. '&session_max_rows=' . $session_max_rows
. '&disp_direction=' . $disp_direction
. '&repeat_cells=' . $repeat_cells
. '&dontlimitchars=' . $dontlimitchars
. '&after_insert=' . $after_insert
. (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
if (isset($primary_key)) {
foreach ($primary_key AS $pk) {
$local_query = 'SELECT * FROM ' . PMA_backquote($table) . ' WHERE ' . str_replace('` =', '` >', urldecode($pk)) . ' LIMIT 1;';
$res = PMA_DBI_query($local_query);
$row = PMA_DBI_fetch_row($res);
$meta = PMA_DBI_get_fields_meta($res);
$goto .= '&primary_key[]=' . urlencode(PMA_getUniqueCondition($res, count($row), $meta, $row));
}
}
} elseif ($goto == 'sql.php') {
$goto = 'sql.php?'
. PMA_generate_common_url($db, $table, '&')
. '&pos=' . $pos
. '&session_max_rows=' . $session_max_rows
. '&disp_direction=' . $disp_direction
. '&repeat_cells=' . $repeat_cells
. '&dontlimitchars=' . $dontlimitchars
. '&sql_query=' . urlencode($sql_query);
} elseif (!empty($goto)) {
// Security checkings
$is_gotofile = preg_replace('@^([^?]+).*$@', '\\1', $goto);
if (!@file_exists('./' . $is_gotofile)) {
$goto = (! isset($table) || ! strlen($table)) ? 'db_sql.php' : 'tbl_sql.php';
$is_gotofile = TRUE;
} elseif (! empty($GLOBALS['goto'])) {
if (! preg_match('@^[a-z_]+\.php$@', $GLOBALS['goto'])) {
// this should NOT happen
//$GLOBALS['goto'] = false;
$goto_include = false;
} else {
$is_gotofile = ($is_gotofile == $goto);
$goto_include = $GLOBALS['goto'];
}
if ($GLOBALS['goto'] == 'db_sql.php' && isset($GLOBALS['table'])) {
unset($GLOBALS['table']);
}
}
if (! $goto_include) {
if (! isset($GLOBALS['table']) || ! strlen($GLOBALS['table'])) {
$goto_include = 'db_sql.php';
} else {
$goto_include = 'tbl_sql.php';
}
}
// Defines the url to return in case of failure of the query
if (isset($err_url)) {
$err_url = urldecode($err_url);
if (isset($_REQUEST['err_url'])) {
$err_url = $_REQUEST['err_url'];
} else {
$err_url = str_replace('&', '&amp;', $goto)
. (empty($primary_key) ? '' : '&amp;primary_key=' . (is_array($primary_key) ? $primary_key[0] : $primary_key));
$err_url = 'tbl_change.php' . PMA_generate_common_url($url_params);
}
// Misc
$seen_binary = FALSE;
$seen_binary = false;
/**
* Prepares the update/insert of a row
*/
if (isset($primary_key)) {
if (isset($_REQUEST['primary_key'])) {
// we were editing something => use primary key
$loop_array = (is_array($primary_key) ? $primary_key : array(0 => $primary_key));
$using_key = TRUE;
$is_insert = ($submit_type == $strInsertAsNewRow);
$loop_array = (is_array($_REQUEST['primary_key']) ? $_REQUEST['primary_key'] : array($_REQUEST['primary_key']));
$using_key = true;
$is_insert = ($_REQUEST['submit_type'] == $GLOBALS['strInsertAsNewRow']);
} else {
// new row => use indexes
$loop_array = array();
for ($i = 0; $i < $cfg['InsertRows']; $i++) $loop_array[$i] = $i;
$using_key = FALSE;
$is_insert = TRUE;
foreach ($_REQUEST['fields']['multi_edit'] as $key => $dummy) {
$loop_array[] = $key;
}
$using_key = false;
$is_insert = true;
}
$query = array();
$message = '';
$value_sets = array();
$func_no_param = array(
'NOW',
'CURDATE',
'CURTIME',
'UTC_DATE',
'UTC_TIME',
'UTC_TIMESTAMP',
'UNIX_TIMESTAMP',
'RAND',
'USER',
'LAST_INSERT_ID',
);
foreach ($loop_array AS $primary_key_index => $enc_primary_key) {
foreach ($loop_array as $primary_key) {
// skip fields to be ignored
if (!$using_key && isset($GLOBALS['insert_ignore_' . $enc_primary_key])) {
if (! $using_key && isset($_REQUEST['insert_ignore_' . $primary_key])) {
continue;
}
// Restore the "primary key" to a convenient format
$primary_key = urldecode($enc_primary_key);
// Defines the SET part of the sql query
$valuelist = '';
$fieldlist = '';
$query_values = array();
// Map multi-edit keys to single-level arrays, dependent on how we got the fields
$me_fields = isset($fields['multi_edit']) && isset($fields['multi_edit'][$enc_primary_key]) ? $fields['multi_edit'][$enc_primary_key] : null;
$me_fields_prev = isset($fields_prev['multi_edit']) && isset($fields_prev['multi_edit'][$enc_primary_key]) ? $fields_prev['multi_edit'][$enc_primary_key] : null;
$me_funcs = isset($funcs['multi_edit']) && isset($funcs['multi_edit'][$enc_primary_key]) ? $funcs['multi_edit'][$enc_primary_key] : null;
$me_fields_type = isset($fields_type['multi_edit']) && isset($fields_type['multi_edit'][$enc_primary_key]) ? $fields_type['multi_edit'][$enc_primary_key] : null;
$me_fields_null = isset($fields_null['multi_edit']) && isset($fields_null['multi_edit'][$enc_primary_key]) ? $fields_null['multi_edit'][$enc_primary_key] : null;
$me_fields_null_prev = isset($fields_null_prev['multi_edit']) && isset($fields_null_prev['multi_edit'][$enc_primary_key]) ? $fields_null_prev['multi_edit'][$enc_primary_key] : null;
$me_auto_increment = isset($auto_increment['multi_edit']) && isset($auto_increment['multi_edit'][$enc_primary_key]) ? $auto_increment['multi_edit'][$enc_primary_key] : null;
$me_fields =
isset($_REQUEST['fields']['multi_edit'][$primary_key])
? $_REQUEST['fields']['multi_edit'][$primary_key]
: array();
$me_fields_prev =
isset($_REQUEST['fields_prev']['multi_edit'][$primary_key])
? $_REQUEST['fields_prev']['multi_edit'][$primary_key]
: null;
$me_funcs =
isset($_REQUEST['funcs']['multi_edit'][$primary_key])
? $_REQUEST['funcs']['multi_edit'][$primary_key]
: null;
$me_fields_type =
isset($_REQUEST['fields_type']['multi_edit'][$primary_key])
? $_REQUEST['fields_type']['multi_edit'][$primary_key]
: null;
$me_fields_null =
isset($_REQUEST['fields_null']['multi_edit'][$primary_key])
? $_REQUEST['fields_null']['multi_edit'][$primary_key]
: null;
$me_fields_null_prev =
isset($_REQUEST['fields_null_prev']['multi_edit'][$primary_key])
? $_REQUEST['fields_null_prev']['multi_edit'][$primary_key]
: null;
$me_auto_increment =
isset($_REQUEST['auto_increment']['multi_edit'][$primary_key])
? $_REQUEST['auto_increment']['multi_edit'][$primary_key]
: null;
if ($using_key && isset($me_fields_type) && is_array($me_fields_type) && isset($primary_key)) {
$prot_result = PMA_DBI_query('SELECT * FROM ' . PMA_backquote($table) . ' WHERE ' . $primary_key . ';');
$prot_row = PMA_DBI_fetch_assoc($prot_result);
PMA_DBI_free_result($prot_result);
unset($prot_result);
}
foreach ($me_fields as $key => $val) {
foreach ($me_fields AS $encoded_key => $val) {
$key = urldecode($encoded_key);
$fieldlist .= PMA_backquote($key) . ', ';
require './libraries/tbl_replace_fields.inc.php';
require('./libraries/tbl_replace_fields.inc.php');
if (empty($me_funcs[$encoded_key])) {
$cur_value = $val . ', ';
} elseif (preg_match('@^(UNIX_TIMESTAMP)$@', $me_funcs[$encoded_key]) && $val != '\'\'') {
$cur_value = $me_funcs[$encoded_key] . '(' . $val . '), ';
} elseif (preg_match('@^(NOW|CURDATE|CURTIME|UTC_DATE|UTC_TIME|UTC_TIMESTAMP|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$@', $me_funcs[$encoded_key])) {
$cur_value = $me_funcs[$encoded_key] . '(), ';
if (empty($me_funcs[$key])) {
$cur_value = $val;
} elseif ('UNIX_TIMESTAMP' === $me_funcs[$key] && $val != "''") {
$cur_value = $me_funcs[$key] . '(' . $val . ')';
} elseif (in_array($me_funcs[$key], $func_no_param)) {
$cur_value = $me_funcs[$key] . '()';
} else {
$cur_value = $me_funcs[$encoded_key] . '(' . $val . '), ';
$cur_value = $me_funcs[$key] . '(' . $val . ')';
}
// i n s e r t
if ($is_insert) {
// no need to add column into the valuelist
$valuelist .= $cur_value;
$query_values[] = $cur_value;
// u p d a t e
} elseif (isset($me_fields_null_prev) && isset($me_fields_null_prev[$encoded_key]) && !empty($me_fields_null_prev[$encoded_key]) && !isset($me_fields_null[$encoded_key])) {
} elseif (!empty($me_fields_null_prev[$key])
&& !isset($me_fields_null[$key])) {
// field had the null checkbox before the update
// field no longer has the null checkbox
$valuelist .= PMA_backquote($key) . ' = ' . $cur_value;
} elseif (empty($me_funcs[$encoded_key])
&& isset($me_fields_prev) && isset($me_fields_prev[$encoded_key])
&& ("'" . PMA_sqlAddslashes(urldecode($me_fields_prev[$encoded_key])) . "'" == $val)) {
$query_values[] = PMA_backquote($key) . ' = ' . $cur_value;
} elseif (empty($me_funcs[$key])
&& isset($me_fields_prev[$key])
&& ("'" . PMA_sqlAddslashes($me_fields_prev[$key]) . "'" == $val)) {
// No change for this column and no MySQL function is used -> next column
continue;
} elseif (!empty($val)) {
} elseif (! empty($val)) {
// avoid setting a field to NULL when it's already NULL
// (field had the null checkbox before the update
// field still has the null checkbox)
if (!(isset($me_fields_null_prev) && isset($me_fields_null_prev[$encoded_key]) && !empty($me_fields_null_prev[$encoded_key]) && isset($me_fields_null[$encoded_key]))) {
$valuelist .= PMA_backquote($key) . ' = ' . $cur_value;
if (!(! empty($me_fields_null_prev[$key])
&& isset($me_fields_null[$key]))) {
$query_values[] = PMA_backquote($key) . ' = ' . $cur_value;
}
}
} // end while
} // end foreach ($me_fields as $key => $val)
// get rid of last ,
$valuelist = preg_replace('@, $@', '', $valuelist);
if (count($query_values) > 0) {
if ($is_insert) {
$value_sets[] = implode(', ', $query_values);
} else {
// build update query
$query[] = 'UPDATE ' . PMA_backquote($GLOBALS['db']) . '.' . PMA_backquote($GLOBALS['table'])
. ' SET ' . implode(', ', $query_values) . ' WHERE ' . $primary_key . ' LIMIT 1';
// Builds the sql query
if ($is_insert) {
if (empty($query)) {
// first inserted row -> prepare template
$fieldlist = preg_replace('@, $@', '', $fieldlist);
$query = array('INSERT INTO ' . PMA_backquote($table) . ' (' . $fieldlist . ') VALUES ');
}
// append current values
$query[0] .= '(' . $valuelist . '), ';
$message = $strInsertedRows . '&nbsp;';
} elseif (!empty($valuelist)) {
// build update query
$query[] = 'UPDATE ' . PMA_backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key . ' LIMIT 1';
$message = $strAffectedRows . '&nbsp;';
}
} // end for
} // end foreach ($loop_array as $primary_key)
unset($me_fields_prev, $me_funcs, $me_fields_type, $me_fields_null, $me_fields_null_prev,
$me_auto_increment, $cur_value, $key, $val, $loop_array, $primary_key, $using_key,
$func_no_param);
// trim last , from insert query
if ($is_insert) {
$query[0] = preg_replace('@, $@', '', $query[0]);
}
if (empty($valuelist) && empty($query)) {
// Builds the sql query
if ($is_insert && count($value_sets) > 0) {
// first inserted row -> prepare template
foreach ($me_fields as $key => $val) {
$query_fields[] = PMA_backquote($key);
}
$query[] = 'INSERT INTO ' . PMA_backquote($GLOBALS['db']) . '.' . PMA_backquote($GLOBALS['table'])
. ' (' . implode(', ', $query_fields) . ') VALUES (' . implode('), (', $value_sets) . ')';
unset($query_fields, $value_sets);
$message = $GLOBALS['strInsertedRows'] . '&nbsp;';
} elseif (! empty($query)) {
$message = $GLOBALS['strAffectedRows'] . '&nbsp;';
} else {
// No change -> move back to the calling script
$message = $strNoModification;
if ($is_gotofile) {
$js_to_run = 'functions.js';
require_once('./libraries/header.inc.php');
require('./' . PMA_securePath($goto));
} else {
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . '&disp_query=');
}
exit();
$message = $GLOBALS['strNoModification'];
$js_to_run = 'functions.js';
$active_page = $goto_include;
require_once './libraries/header.inc.php';
require './' . PMA_securePath($goto_include);
exit;
}
unset($me_fields, $is_insert);
/**
* Executes the sql query and get the result, then move back to the calling
* page
*/
$sql_query = implode(';', $query) . ';';
if (! empty($GLOBALS['sql_query'])) {
$url_params['sql_query'] = $GLOBALS['sql_query'];
$return_to_sql_query = $GLOBALS['sql_query'];
}
$GLOBALS['sql_query'] = implode('; ', $query) . ';';
$total_affected_rows = 0;
$last_message = '';
$warning_message = '';
foreach ($query AS $query_index => $single_query) {
if ($cfg['IgnoreMultiSubmitErrors']) {
foreach ($query as $single_query) {
if ($GLOBALS['cfg']['IgnoreMultiSubmitErrors']) {
$result = PMA_DBI_try_query($single_query);
} else {
$result = PMA_DBI_query($single_query);
@@ -251,7 +311,7 @@ foreach ($query AS $query_index => $single_query) {
if (isset($GLOBALS['warning'])) {
$warning_message .= $GLOBALS['warning'] . '[br]';
}
if (!$result) {
if (! $result) {
$message .= PMA_DBI_getError();
} else {
if (@PMA_DBI_affected_rows()) {
@@ -260,44 +320,41 @@ foreach ($query AS $query_index => $single_query) {
$insert_id = PMA_DBI_insert_id();
if ($insert_id != 0) {
$last_message .= '[br]'.$strInsertedRowId . '&nbsp;' . $insert_id;
// insert_id is id of FIRST record inserted in one insert, so if we
// inserted multiple rows, we had to increment this
if ($total_affected_rows > 0) {
$insert_id = $insert_id + $total_affected_rows - 1;
}
$last_message .= '[br]' . $GLOBALS['strInsertedRowId'] . '&nbsp;' . $insert_id;
}
PMA_DBI_free_result($result);
} // end if
PMA_DBI_free_result($result);
unset($result);
}
unset($single_query, $query);
if ($total_affected_rows != 0) {
$message .= $total_affected_rows;
} else {
$message .= $strModifications;
}
$message .= $total_affected_rows . $last_message;
$message .= $last_message;
if (!empty($warning_message)) {
if (! empty($warning_message)) {
/**
* @todo use a <div class="warning"> in PMA_showMessage() for this part of the message
* @todo use a <div class="warning"> in PMA_showMessage() for this part of
* the message
*/
$message .= '[br]' . $warning_message;
}
unset($warning_message, $total_affected_rows, $last_message);
if ($is_gotofile) {
if ($goto == 'db_sql.php' && isset($table)) {
unset($table);
}
$js_to_run = 'functions.js';
$active_page = $goto;
require_once('./libraries/header.inc.php');
require('./' . PMA_securePath($goto));
} else {
// if we have seen binary,
// we do not append the query to the Location so it won't be displayed
// on the resulting page
// Nijel: we also need to limit size of url...
$add_query = (!$seen_binary && strlen($sql_query) < 1024 ? '&disp_query=' . urlencode($sql_query) : '');
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . $add_query);
if (isset($return_to_sql_query)) {
$disp_query = $GLOBALS['sql_query'];
$disp_message = $message;
unset($message);
$GLOBALS['sql_query'] = $return_to_sql_query;
}
exit();
$js_to_run = 'functions.js';
$active_page = $goto_include;
require_once './libraries/header.inc.php';
require './' . PMA_securePath($goto_include);
exit;
?>