PageRenderTime 1145ms CodeModel.GetById 25ms RepoModel.GetById 1ms app.codeStats 1ms

/var/www/vhcs2/tools/pma/tbl_replace.php

https://bitbucket.org/wmark/gentoo_vhcs_mods
PHP | 275 lines | 203 code | 31 blank | 41 comment | 76 complexity | f0f87b284b637479713fcc485f80507e MD5 | raw file
Possible License(s): AGPL-1.0
  1. <?php
  2. /* $Id: tbl_replace.php,v 2.27 2004/12/28 16:34:44 nijel Exp $ */
  3. // vim: expandtab sw=4 ts=4 sts=4:
  4. /**
  5. * Gets some core libraries
  6. */
  7. require_once('./libraries/grab_globals.lib.php');
  8. require_once('./libraries/common.lib.php');
  9. // Check parameters
  10. PMA_checkParameters(array('db','table','goto'));
  11. PMA_DBI_select_db($db);
  12. /**
  13. * Initializes some variables
  14. */
  15. // Defines the url to return in case of success of the query
  16. if (isset($sql_query)) {
  17. $sql_query = urldecode($sql_query);
  18. }
  19. if (!isset($dontlimitchars)) {
  20. $dontlimitchars = 0;
  21. }
  22. $is_gotofile = FALSE;
  23. if (isset($after_insert) && $after_insert == 'new_insert') {
  24. $goto = 'tbl_change.php?'
  25. . PMA_generate_common_url($db, $table, '&')
  26. . '&goto=' . urlencode($goto)
  27. . '&pos=' . $pos
  28. . '&session_max_rows=' . $session_max_rows
  29. . '&disp_direction=' . $disp_direction
  30. . '&repeat_cells=' . $repeat_cells
  31. . '&dontlimitchars=' . $dontlimitchars
  32. . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
  33. } elseif (isset($after_insert) && $after_insert == 'same_insert') {
  34. $goto = 'tbl_change.php?'
  35. . PMA_generate_common_url($db, $table, '&')
  36. . '&goto=' . urlencode($goto)
  37. . '&pos=' . $pos
  38. . '&session_max_rows=' . $session_max_rows
  39. . '&disp_direction=' . $disp_direction
  40. . '&repeat_cells=' . $repeat_cells
  41. . '&dontlimitchars=' . $dontlimitchars
  42. . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
  43. if (isset($primary_key)) {
  44. foreach ($primary_key AS $pk) {
  45. $goto .= '&primary_key[]=' . $pk;
  46. }
  47. }
  48. } elseif (isset($after_insert) && $after_insert == 'edit_next') {
  49. $goto = 'tbl_change.php?'
  50. . PMA_generate_common_url($db, $table, '&')
  51. . '&goto=' . urlencode($goto)
  52. . '&pos=' . $pos
  53. . '&session_max_rows=' . $session_max_rows
  54. . '&disp_direction=' . $disp_direction
  55. . '&repeat_cells=' . $repeat_cells
  56. . '&dontlimitchars=' . $dontlimitchars
  57. . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
  58. if (isset($primary_key)) {
  59. foreach ($primary_key AS $pk) {
  60. $local_query = 'SELECT * FROM ' . PMA_backquote($table) . ' WHERE ' . str_replace('` =', '` >', urldecode($pk)) . ' LIMIT 1;';
  61. $res = PMA_DBI_query($local_query);
  62. $row = PMA_DBI_fetch_row($res);
  63. $meta = PMA_DBI_get_fields_meta($res);
  64. $goto .= '&primary_key[]=' . urlencode(PMA_getUvaCondition($res, count($row), $meta, $row));
  65. }
  66. }
  67. } else if ($goto == 'sql.php') {
  68. $goto = 'sql.php?'
  69. . PMA_generate_common_url($db, $table, '&')
  70. . '&pos=' . $pos
  71. . '&session_max_rows=' . $session_max_rows
  72. . '&disp_direction=' . $disp_direction
  73. . '&repeat_cells=' . $repeat_cells
  74. . '&dontlimitchars=' . $dontlimitchars
  75. . '&sql_query=' . urlencode($sql_query);
  76. } else if (!empty($goto)) {
  77. // Security checkings
  78. $is_gotofile = preg_replace('@^([^?]+).*$@', '\\1', $goto);
  79. if (!@file_exists('./' . $is_gotofile)) {
  80. $goto = (empty($table)) ? 'db_details.php' : 'tbl_properties.php';
  81. $is_gotofile = TRUE;
  82. } else {
  83. $is_gotofile = ($is_gotofile == $goto);
  84. }
  85. }
  86. // Defines the url to return in case of failure of the query
  87. if (isset($err_url)) {
  88. $err_url = urldecode($err_url);
  89. } else {
  90. $err_url = str_replace('&', '&amp;', $goto)
  91. . (empty($primary_key) ? '' : '&amp;primary_key=' . (is_array($primary_key) ? $primary_key[0] : $primary_key));
  92. }
  93. // Misc
  94. $seen_binary = FALSE;
  95. /**
  96. * Prepares the update/insert of a row
  97. */
  98. if (isset($primary_key)) {
  99. // we were editing something => use primary key
  100. $loop_array = (is_array($primary_key) ? $primary_key : array(0 => $primary_key));
  101. $using_key = TRUE;
  102. $is_insert = ($submit_type == $strInsertAsNewRow);
  103. } else {
  104. // new row => use indexes
  105. $loop_array = array();
  106. for ($i = 0; $i < $cfg['InsertRows']; $i++) $loop_array[$i] = $i;
  107. $using_key = FALSE;
  108. $is_insert = TRUE;
  109. }
  110. $query = array();
  111. $message = '';
  112. foreach ($loop_array AS $primary_key_index => $enc_primary_key) {
  113. // skip fields to be ignored
  114. if (!$using_key && isset($GLOBALS['insert_ignore_' . $enc_primary_key])) continue;
  115. // Restore the "primary key" to a convenient format
  116. $primary_key = urldecode($enc_primary_key);
  117. // Defines the SET part of the sql query
  118. $valuelist = '';
  119. $fieldlist = '';
  120. // Map multi-edit keys to single-level arrays, dependent on how we got the fields
  121. $me_fields = isset($fields['multi_edit']) && isset($fields['multi_edit'][$enc_primary_key]) ? $fields['multi_edit'][$enc_primary_key] : null;
  122. $me_fields_prev = isset($fields_prev['multi_edit']) && isset($fields_prev['multi_edit'][$enc_primary_key]) ? $fields_prev['multi_edit'][$enc_primary_key] : null;
  123. $me_funcs = isset($funcs['multi_edit']) && isset($funcs['multi_edit'][$enc_primary_key]) ? $funcs['multi_edit'][$enc_primary_key] : null;
  124. $me_fields_type = isset($fields_type['multi_edit']) && isset($fields_type['multi_edit'][$enc_primary_key]) ? $fields_type['multi_edit'][$enc_primary_key] : null;
  125. $me_fields_null = isset($fields_null['multi_edit']) && isset($fields_null['multi_edit'][$enc_primary_key]) ? $fields_null['multi_edit'][$enc_primary_key] : null;
  126. if ($using_key && isset($me_fields_type) && is_array($me_fields_type) && isset($primary_key)) {
  127. $prot_result = PMA_DBI_query('SELECT * FROM ' . PMA_backquote($table) . ' WHERE ' . $primary_key . ';');
  128. $prot_row = PMA_DBI_fetch_assoc($prot_result);
  129. PMA_DBI_free_result($prot_result);
  130. unset($prot_result);
  131. }
  132. foreach ($me_fields AS $encoded_key => $val) {
  133. $key = urldecode($encoded_key);
  134. $fieldlist .= PMA_backquote($key) . ', ';
  135. require('./tbl_replace_fields.php');
  136. if (empty($me_funcs[$encoded_key])) {
  137. $cur_value = $val . ', ';
  138. } else if (preg_match('@^(UNIX_TIMESTAMP)$@', $me_funcs[$encoded_key]) && $val != '\'\'') {
  139. $cur_value = $me_funcs[$encoded_key] . '(' . $val . '), ';
  140. } else if (preg_match('@^(NOW|CURDATE|CURTIME|UNIX_TIMESTAMP|RAND|USER|LAST_INSERT_ID)$@', $me_funcs[$encoded_key])) {
  141. $cur_value = $me_funcs[$encoded_key] . '(), ';
  142. } else {
  143. $cur_value = $me_funcs[$encoded_key] . '(' . $val . '), ';
  144. }
  145. if ($is_insert) {
  146. // insert, no need to add column
  147. $valuelist .= $cur_value;
  148. } else if (empty($me_funcs[$encoded_key])
  149. && isset($me_fields_prev) && isset($me_fields_prev[$encoded_key])
  150. && ("'" . PMA_sqlAddslashes(urldecode($me_fields_prev[$encoded_key])) . "'" == $val)) {
  151. // No change for this column and no MySQL function is used -> next column
  152. continue;
  153. }
  154. else if (!empty($val)) {
  155. $valuelist .= PMA_backquote($key) . ' = ' . $cur_value;
  156. }
  157. } // end while
  158. // get rid of last ,
  159. $valuelist = preg_replace('@, $@', '', $valuelist);
  160. // Builds the sql query
  161. if ($is_insert) {
  162. if (empty($query)) {
  163. // first inserted row -> prepare template
  164. $fieldlist = preg_replace('@, $@', '', $fieldlist);
  165. $query = array('INSERT INTO ' . PMA_backquote($table) . ' (' . $fieldlist . ') VALUES ');
  166. }
  167. // append current values
  168. $query[0] .= '(' . $valuelist . '), ';
  169. $message = $strInsertedRows . '&nbsp;';
  170. } elseif (!empty($valuelist)) {
  171. // build update query
  172. $query[] = 'UPDATE ' . PMA_backquote($table) . ' SET ' . $valuelist . ' WHERE' . $primary_key . ' LIMIT 1';
  173. $message = $strAffectedRows . '&nbsp;';
  174. }
  175. } // end for
  176. // trim last , from insert query
  177. if ($is_insert) {
  178. $query[0] = preg_replace('@, $@', '', $query[0]);
  179. }
  180. if (empty($valuelist) && empty($query)) {
  181. // No change -> move back to the calling script
  182. $message = $strNoModification;
  183. if ($is_gotofile) {
  184. $js_to_run = 'functions.js';
  185. require_once('./header.inc.php');
  186. require('./' . PMA_securePath($goto));
  187. } else {
  188. PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . '&disp_query=');
  189. }
  190. exit();
  191. }
  192. /**
  193. * Executes the sql query and get the result, then move back to the calling
  194. * page
  195. */
  196. $sql_query = implode(';', $query) . ';';
  197. $total_affected_rows = 0;
  198. $last_message = '';
  199. foreach ($query AS $query_index => $single_query) {
  200. if ($cfg['IgnoreMultiSubmitErrors']) {
  201. $result = PMA_DBI_try_query($single_query);
  202. } else {
  203. $result = PMA_DBI_query($single_query);
  204. }
  205. if (!$result) {
  206. $message .= PMA_DBI_getError();
  207. } else {
  208. if (@PMA_DBI_affected_rows()) {
  209. $total_affected_rows += @PMA_DBI_affected_rows();
  210. }
  211. $insert_id = PMA_DBI_insert_id();
  212. if ($insert_id != 0) {
  213. $last_message .= '[br]'.$strInsertedRowId . '&nbsp;' . $insert_id;
  214. }
  215. } // end if
  216. PMA_DBI_free_result($result);
  217. unset($result);
  218. }
  219. if ($total_affected_rows != 0) {
  220. $message .= $total_affected_rows;
  221. } else {
  222. $message .= $strModifications;
  223. }
  224. $message .= $last_message;
  225. if ($is_gotofile) {
  226. if ($goto == 'db_details.php' && !empty($table)) {
  227. unset($table);
  228. }
  229. $js_to_run = 'functions.js';
  230. $active_page = $goto;
  231. require_once('./header.inc.php');
  232. require('./' . PMA_securePath($goto));
  233. } else {
  234. // I don't understand this one:
  235. //$add_query = (strpos(' ' . $goto, 'tbl_change') ? '&disp_query=' . urlencode($sql_query) : '');
  236. // if we have seen binary,
  237. // we do not append the query to the Location so it won't be displayed
  238. // on the resulting page
  239. // Nijel: we also need to limit size of url...
  240. $add_query = (!$seen_binary && strlen($sql_query) < 1024 ? '&disp_query=' . urlencode($sql_query) : '');
  241. PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . $add_query);
  242. }
  243. exit();
  244. ?>