nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* libraries/sqlvalidator.class.php3:

Browse Source 
- PHP Class to run SQL Validator
* libraries/sqlvalidator.php3:
- SQL Validator interface code
This commit is contained in:
Robin Johnson
2002-08-03 10:23:04 +00:00
parent 6d4cc27cc4
commit ea2db87706
3 changed files with 298 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
libraries/common.lib.php3
View File

@@ -176,6 +176,11 @@ h1 {font-family: sans-serif; font-size: large; font-weight: bold}
include('./libraries/sqlparser.data.php3');
include('./libraries/sqlparser.lib.php3');
/**
* SQL Validator interface code
*/
include('./libraries/sqlvalidator.php3');
// If zlib output compression is set in the php configuration file, no
// output buffering should be run
if (PMA_PHP_INT_VERSION < 40000
@@ -1120,6 +1125,8 @@ if (typeof(document.getElementById) != 'undefined'
}
if (!empty($GLOBALS['show_as_php'])) {
$query_base = '$sql = &quot;' . $query_base;
} else if (!empty($GLOBALS['validatequery'])) {
$query_base = validateSQL($query_base);
} else {
$parsed_sql = PMA_SQP_parse($query_base);
$query_base = PMA_formatSql($parsed_sql);
@@ -1135,7 +1142,8 @@ if (typeof(document.getElementById) != 'undefined'
$edit_target = '';
}
if (isset($cfg['SQLQuery']['Edit']) && $cfg['SQLQuery']['Edit'] == TRUE) {
if (isset($cfg['SQLQuery']['Edit'])
&& $cfg['SQLQuery']['Edit'] == TRUE) {
if ($edit_target == 'tbl_properties.php3') {
$edit_link = '<a href="tbl_properties.php3'
. $url_qpart
@@ -1153,10 +1161,22 @@ if (typeof(document.getElementById) != 'undefined'
// Want to have the query explained (Mike Beck 2002-05-22)
// but only explain a SELECT (that has not been explained)
/* SQL-Parser-Analyzer */
if (isset($cfg['SQLQuery']['Explain']) && $cfg['SQLQuery']['Explain'] == TRUE) {
if (isset($cfg['SQLQuery']['Explain'])
&& $cfg['SQLQuery']['Explain'] == TRUE) {
// Detect if we are validating as well
// To preserve the validate uRL data
if (!empty($GLOBALS['validatequery'])) {
$explain_link_validate = '&amp;validatequery=1';
} else {
$explain_link_validate = '';
}
$explain_link = '&nbsp;[<a href="sql.php3'
. $url_qpart
. $explain_link_validate
. '&amp;sql_query=';
if (eregi('^SELECT[[:space:]]+', $GLOBALS['sql_query'])) {
$explain_link .= urlencode('EXPLAIN ' . $GLOBALS['sql_query']) . '">' . $GLOBALS['strExplain'];
} else if (eregi('^EXPLAIN[[:space:]]+SELECT[[:space:]]+', $GLOBALS['sql_query'])) {
@@ -1173,7 +1193,8 @@ if (typeof(document.getElementById) != 'undefined'
// Also we would like to get the SQL formed in some nice
// php-code (Mike Beck 2002-05-22)
if (isset($cfg['SQLQuery']['ShowAsPHP']) && $cfg['SQLQuery']['ShowAsPHP'] == TRUE) {
if (isset($cfg['SQLQuery']['ShowAsPHP'])
&& $cfg['SQLQuery']['ShowAsPHP'] == TRUE) {
if (!empty($GLOBALS['show_as_php'])) {
$php_link = '<a href="sql.php3'
. $url_qpart
@@ -1188,14 +1209,17 @@ if (typeof(document.getElementById) != 'undefined'
$php_link = '';
}
if (isset($cfg['SQLQuery']['Validate']) && $cfg['SQLQuery']['Validate'] == TRUE) {
if (isset($cfg['SQLValidator']['use'])
&& $cfg['SQLValidator']['use'] == TRUE
&& isset($cfg['SQLQuery']['Validate'])
&& $cfg['SQLQuery']['Validate'] == TRUE) {
$validate_link = '&nbsp;[<a href="sql.php3'
. $url_qpart
. '&amp;sql_query=' . urlencode($GLOBALS['sql_query']) . '&amp;validatequery=';
if (!empty($GLOBALS['validatequery'])) {
$validate_link .= '0">' /*. $GLOBALS['strNoValidateSQL'] */;
$validate_link .= '0">' . $GLOBALS['strNoValidateSQL'] ;
} else {
$validate_link .= '1">'/*. $GLOBALS['strValidateSQL'] */;
$validate_link .= '1">'. $GLOBALS['strValidateSQL'] ;
}
$validate_link .= '</a>]';
} else {
@@ -1213,8 +1237,16 @@ if (typeof(document.getElementById) != 'undefined'
// If a 'LIMIT' clause has been programatically added to the query
// displays it
if (!empty($GLOBALS['sql_limit_to_append'])) {
echo PMA_formatSql(PMA_SQP_parse($GLOBALS['sql_limit_to_append']));
if (!empty($GLOBALS['show_as_php'])) {
echo $GLOBALS['sql_limit_to_append'];
} else if (!empty($GLOBALS['validatequery'])) {
// skip the extra bit here
} else {
echo PMA_formatSql(PMA_SQP_parse($GLOBALS['sql_limit_to_append']));
}
}
//Clean up the end of the PHP
if (!empty($GLOBALS['show_as_php'])) {
echo '&quot;;';
}

199
libraries/sqlvalidator.class.php3 Normal file
View File

@@ -0,0 +1,199 @@
<?php
/* $Id$ */
/**
* PHP interface to MimerSQL Validator
*
* Copyright 2002 Robin Johnson <robbat2@users.sourceforge.net>
* http://www.orbis-terrarum.net/?l=people.robbat2
*
* All data is transported over HTTP-SOAP
* And uses the PEAR SOAP Module
*
* Install instructions for PEAR SOAP
* Make sure you have a really recent PHP with PEAR support
* run this: "pear install Mail_Mime Net_DIME SOAP"
*
*
* @access public
* @author Robin Johnson <robbat2@orbis-terrarum.net>
* @version $Revision$
*/
if (!defined('PMA_SQL_VALIDATOR_CLASS_INCLUDED')) {
define('PMA_SQL_VALIDATOR_CLASS_INCLUDED', 1);
include("SOAP/Client.php");
// Ok, so we have SOAP Support, so let's use it!
class SQLValidator {
var $url;
var $serviceName;
var $wsdl;
var $outputType;
var $username;
var $password;
var $callingProgram;
var $callingProgramVersion;
var $targetDbms;
var $targetDbmsVersion;
var $connectionTechnology;
var $connectionTechnologyVersion;
var $interactive;
var $serviceLink = NULL;
var $sessionData = NULL;
function dataInit()
{
$this->url = "http://sqlvalidator.mimer.com/v1/services";
$this->serviceName = 'SQL99Validator';
$this->wsdl = '?wsdl';
$this->outputType = 'html';
$this->username = 'anonymous';
$this->password = '';
$this->callingProgram = 'PHP_SQLValidator';
$this->callingProgramVersion = '$Revision$';
$this->targetDbms = 'N/A';
$this->targetDbmsVersion = 'N/A';
$this->connectionTechnology = 'PHP';
$this->connectionTechnologyVersion = phpversion();
$this->interactive = 1;
$this->serviceLink = NULL;
$this->sessionData = NULL;
}
function SQLValidator()
{
$this->dataInit();
}
function setCredentials($username,$password)
{
$this->username = $username;
$this->password = $password;
}
function setCallingProgram($callingProgram,$callingProgramVersion)
{
$this->callingProgram = $callingProgram;
$this->callingProgramVersion = $callingProgramVersion;
}
function appendCallingProgram($callingProgram,$callingProgramVersion)
{
$this->callingProgram .= ' - ' . $callingProgram;
$this->callingProgramVersion .= ' - ' . $callingProgramVersion;
}
function setTargetDbms($targetDbms,$targetDbmsVersion)
{
$this->targetDbms = $targetDbms;
$this->targetDbmsVersion = $targetDbmsVersion;
}
function appendTargetDbms($targetDbms,$targetDbmsVersion)
{
$this->targetDbms .= ' - ' . $targetDbms;
$this->targetDbmsVersion .= ' - ' . $targetDbmsVersion;
}
function setConnectionTechnology($connectionTechnology,$connectionTechnologyVersion)
{
$this->connectionTechnology = $connectionTechnology;
$this->connectionTechnologyVersion = $connectionTechnologyVersion;
}
function appendConnectionTechnology($connectionTechnology,$connectionTechnologyVersion)
{
$this->connectionTechnology .= ' - ' . $connectionTechnology;
$this->connectionTechnologyVersion .= ' - ' . $connectionTechnologyVersion;
}
function setInteractive($interactive)
{
$this->interactive = $interactive;
}
function start()
{
$this->startService();
$this->startSession();
}
function startService()
{
$this->serviceLink = $this->_openService($this->url.'/'.$this->serviceName.$this->wsdl);
}
function startSession()
{
$this->sessionData = $this->_openSession($this->serviceLink, $this->username, $this->password, $this->callingProgram, $this->callingProgramVersion, $this->targetDbms, $this->targetDbmsVersion, $this->connectionTechnology, $this->connectionTechnologyVersion, $this->interactive);
if( isset($this->sessionData) &&
($this->sessionData != NULL) &&
($this->sessionData->target != $this->url))
{
// Reopen the service on the new URL that was provided
$url = $this->sessionData->target;
$this->startService();
}
}
function isValid($sql)
{
$res = $this->_validate($sql);
return $res->standard;
}
function ValidationString($sql)
{
$res = $this->_validate($sql);
return $res->data;
}
/* Private functions beyond here
*
*/
function _openService($url)
{
$obj = new SOAP_Client($url,TRUE);
return $obj;
}
function _openSession($obj, $username, $password, $callingProgram, $callingProgramVersion, $targetDbms, $targetDbmsVersion, $connectionTechnology, $connectionTechnologyVersion, $interactive)
{
$ret = $obj->openSession($username, $password, $callingProgram, $callingProgramVersion, $targetDbms, $targetDbmsVersion, $connectionTechnology, $connectionTechnologyVersion, $interactive);
return $ret;
}
/**
* Standard calling method
*
* @param sql SQL statement to validate
* @return Raw string from Mimer
*/
function _validateSQL($obj,$session,$sql,$method)
{
$res = $obj->validateSQL($session->sessionId, $session->sessionKey, $sql, $this->outputType);
return $res;
}
function _validate($sql)
{
$ret = $this->_validateSQL($this->serviceLink, $this->sessionData, $sql, $this->outputType);
return $ret;
}
}
} // $__PMA_SQL_VALIDATOR_CLASS__
?>

60
libraries/sqlvalidator.php3 Normal file
View File

@@ -0,0 +1,60 @@
<?php
/* $Id$ */
/** SQL Validator interface for phpMyAdmin
*
* Copyright 2002 Robin Johnson <robbat2@users.sourceforge.net>
* http://www.orbis-terrarum.net/?l=people.robbat2
*
* This function uses the Mimer SQL Validator service
* <http://developer.mimer.com/validator/index.htm> from phpMyAdmin
*
* All data is transported over HTTP-SOAP
* And uses the PEAR SOAP Module
*
* Install instructions for PEAR SOAP
* Make sure you have a really recent PHP with PEAR support
* run this: "pear install Mail_Mime Net_DIME SOAP"
*
* Enable the SQL Validator options in the configuration file
* $cfg['SQLQuery']['Validate'] = TRUE;
* $cfg['SQLValidator']['use'] = FALSE;
*
* Also set a username and password if you have a private one
*/
if (!defined('PMA_SQL_VALIDATOR_INCLUDED')) {
define('PMA_SQL_VALIDATOR_INCLUDED', 1);
// We need the PEAR libraries, so do a minimum version check first
// I'm not sure if PEAR was available before this point
// For now we actually use a configuration flag
if ($cfg['SQLValidator']['use'] == TRUE) {
include_once('sqlvalidator.class.php3');
function validateSQL($sql)
{
global $cfg;
$srv = new SQLValidator();
if($cfg['SQLValidator']['username'] != '') {
$srv->setCredentials($cfg['SQLValidator']['username'], $cfg['SQLValidator']['password']);
}
$srv->appendCallingProgram('phpMyAdmin',PMA_VERSION);
$srv->setTargetDbms('MySQL',PMA_MYSQL_STR_VERSION);
$srv->start();
$str = $srv->ValidationString($sql);
if($cfg['SQLValidator']['DisplayCopyright'] != TRUE) {
$match = "reserved.<br/>\n<br/>";
$pos = strpos($str,$match);
$pos += strlen($match);
$str = substr($str,$pos);
}
return $str;
} // function validateSQL($sql)
} // if ($cfg['SQLValidator']['use'] == TRUE)
} //$__PMA_SQL_VALIDATOR__
?>