PageRenderTime 27ms CodeModel.GetById 26ms RepoModel.GetById 1ms app.codeStats 0ms

/Quản lý website các món ăn và ẩm thực php/bbqvietnam.com/images/banners/msd1.24stable/sql.php

https://gitlab.com/phamngsinh/baitaplon_sinhvien
PHP | 302 lines | 257 code | 28 blank | 17 comment | 55 complexity | 2b92fffd8218982b659aab9ec6865598 MD5 | raw file
    

  1. <?php
    2. 

  2. if (!@ob_start("ob_gzhandler")) @ob_start();
    3. 

  3. $download=(isset($_POST['f_export_submit'])&&(isset($_POST['f_export_sendresult'])&&$_POST['f_export_sendresult']==1));
    4. 

  4. include ('./inc/header.php');
    5. 

  5. include ('language/'.$config['language'].'/lang.php');
    6. 

  6. include ('language/'.$config['language'].'/lang_sql.php');
    7. 

  7. include ('./inc/functions_sql.php');
    8. 

  8. include ('./'.$config['files']['parameter']);
    9. 

  9. include ('./inc/template.php');
    10. 

  10. include ('./inc/define_icons.php');
    11. 

  11. $key='';
    12. 

  12. // stripslashes and trimming is done in runtime.php which is included and executet above
    13. 

  13. if (isset($_GET['rk']))
    14. 

  14. {
    15. 

  15. 	$rk=urldecode($_GET['rk']);
    16. 

  16. 	$key=urldecode($rk);
    17. 

  17. 	if (!$rk=@unserialize($key)) $rk=$key;
    18. 

  18. }
    19. 

  19. else
    20. 

  20. 	$rk='';
    21. 

  21. $mode=isset($_GET['mode']) ? $_GET['mode'] : '';
    22. 

  22. 

  23. if (isset($_GET['recordkey']))
    24. 

  24. {
    25. 

  25. 	$recordkey=$_GET['recordkey'];
    26. 

  26. 	$key=isset($_GET['recordkey']) ? urldecode($recordkey) : $recordkey;
    27. 

  27. 	if (!$recordkey=@unserialize(urldecode($key))) $recordkey=urldecode($key);
    28. 

  28. }
    29. 

  29. if (isset($_POST['recordkey'])) $recordkey=urldecode($_POST['recordkey']);
    30. 

  30. 

  31. $context=(!isset($_GET['context'])) ? 0 : $_GET['context'];
    32. 

  32. $context=(!isset($_POST['context'])) ? $context : $_POST['context'];
    33. 

  33. 

  34. if (!$download)
    35. 

  35. {
    36. 

  36. 	echo MSDHeader();
    37. 

  37. 	ReadSQL();
    38. 

  38. 	echo '<script language="JavaScript" type="text/javascript">
    39. 

  39. 		var auswahl = "document.getElementsByName(\"f_export_tables[]\")[0]";
    40. 

  40. 		var msg1="'.$lang['L_SQL_NOTABLESSELECTED'].'";
    41. 

  41. 		</script>';
    42. 

  42. }
    43. 

  43. //Variabeln
    44. 

  44. $mysql_help_ref='http://dev.mysql.com/doc/';
    45. 

  45. $mysql_errorhelp_ref='http://dev.mysql.com/doc/mysql/en/error-handling.html';
    46. 

  46. $no_order=false;
    47. 

  47. $tdcompact=(isset($_GET['tdc'])) ? $_GET['tdc'] : $config['interface_table_compact'];
    48. 

  48. $db=(!isset($_GET['db'])) ? $databases['db_actual'] : $_GET['db'];
    49. 

  49. $dbid=(!isset($_GET['dbid'])) ? $databases['db_selected_index'] : $_GET['dbid'];
    50. 

  50. $context=(!isset($_GET['context'])) ? 0 : $_GET['context'];
    51. 

  51. $context=(!isset($_POST['context'])) ? $context : $_POST['context'];
    52. 

  52. $tablename=(!isset($_GET['tablename'])) ? '' : $_GET['tablename'];
    53. 

  53. $limitstart=(isset($_POST['limitstart'])) ? intval($_POST['limitstart']) : 0;
    54. 

  54. if (isset($_GET['limitstart'])) $limitstart=intval($_GET['limitstart']);
    55. 

  55. $orderdir=(!isset($_GET['orderdir'])) ? '' : $_GET['orderdir'];
    56. 

  56. $order=(!isset($_GET['order'])) ? '' : $_GET['order'];
    57. 

  57. $sqlconfig=(isset($_GET['sqlconfig'])) ? 1 : 0;
    58. 

  58. $norder=($orderdir=="DESC") ? 'ASC' : 'DESC';
    59. 

  59. $sql['order_statement']=($order!='') ? ' ORDER BY `'.$order.'` '.$norder : '';
    60. 

  60. $sql['sql_statement']=(isset($_GET['sql_statement'])) ? urldecode($_GET['sql_statement']) : '';
    61. 

  61. if (isset($_POST['sql_statement'])) $sql['sql_statement']=$_POST['sql_statement'];
    62. 

  62. 

  63. $showtables=(!isset($_GET['showtables'])) ? 0 : $_GET['showtables'];
    64. 

  64. $limit=$add_sql='';
    65. 

  65. $bb=(isset($_GET['bb'])) ? $_GET['bb'] : -1;
    66. 

  66. if (isset($_POST['tablename'])) $tablename=$_POST['tablename'];
    67. 

  67. $search=(isset($_GET['search'])) ? $_GET['search'] : 0;
    68. 

  68. 

  69. //SQL-Statement geposted
    70. 

  70. if (isset($_POST['execsql']))
    71. 

  71. {
    72. 

  72. 	$sql['sql_statement']=(isset($_POST['sqltextarea'])) ? $_POST['sqltextarea'] : '';
    73. 

  73. 	$db=$_POST['db'];
    74. 

  74. 	$dbid=$_POST['dbid'];
    75. 

  75. 	$tablename=$_POST['tablename'];
    76. 

  76. 	if (isset($_POST['tablecombo'])&&$_POST['tablecombo']>'')
    77. 

  77. 	{
    78. 

  78. 		$sql['sql_statement']=$_POST['tablecombo'];
    79. 

  79. 		$tablename=ExtractTablenameFromSQL($sql['sql_statement']);
    80. 

  80. 	
    81. 

  81. 	}
    82. 

  82. 	if (isset($_POST['sqltextarea'])&&$_POST['sqltextarea']>'') $tablename=ExtractTablenameFromSQL($_POST['sqltextarea']);
    83. 

  83. 	if ($tablename=='') $tablename=ExtractTablenameFromSQL($sql['sql_statement']);
    84. 

  84. }
    85. 

  85. 

  86. if ($sql['sql_statement']=='')
    87. 

  87. {
    88. 

  88. 	if ($tablename!=''&&$showtables==0)
    89. 

  89. 	{
    90. 

  90. 		$sql['sql_statement']="SELECT * FROM `$tablename`";
    91. 

  91. 	}
    92. 

  92. 	else
    93. 

  93. 	{
    94. 

  94. 		$sql['sql_statement']="SHOW TABLE STATUS FROM `$db`";
    95. 

  95. 		$showtables=1;
    96. 

  96. 	}
    97. 

  97. }
    98. 

  98. 

  99. //sql-type
    100. 

  100. $sql_to_display_data=0;
    101. 

  101. $Anzahl_SQLs=getCountSQLStatements($sql['sql_statement']);
    102. 

  102. $sql_to_display_data=sqlReturnsRecords($sql['sql_statement']);
    103. 

  103. if ($Anzahl_SQLs>1) $sql_to_display_data=0;
    104. 

  104. if ($sql_to_display_data==1)
    105. 

  105. {
    106. 

  106. 	//nur ein SQL-Statement
    107. 

  107. 	$limitende=($limitstart+$config['sql_limit']);
    108. 

  108. 	
    109. 

  109. 	//Darf editiert werden?
    110. 

  110. 	$no_edit=(strtoupper(substr($sql['sql_statement'],0,6))!="SELECT"||$showtables==1||preg_match('@^((-- |#)[^\n]*\n|/\*.*?\*/)*(UNION|JOIN)@im',$sql['sql_statement']));
    111. 

  111. 	if ($no_edit) $no_order=true;
    112. 

  112. 	
    113. 

  113. 	//Darf sortiert werden?
    114. 

  114. 	$op=strpos(strtoupper($sql['sql_statement'])," ORDER ");
    115. 

  115. 	if ($op>0)
    116. 

  116. 	{
    117. 

  117. 		//is order by last ?
    118. 

  118. 		$sql['order_statement']=substr($sql['sql_statement'],$op);
    119. 

  119. 		if (strpos($sql['order_statement'],')')>0) $sql['order_statement']='';
    120. 

  120. 		else
    121. 

  121. 			$sql['sql_statement']=substr($sql['sql_statement'],0,$op);
    122. 

  122. 	}
    123. 

  123. }
    124. 

  124. 

  125. if (isset($_POST['tableselect'])&&$_POST['tableselect']!='1') $tablename=$_POST['tableselect'];
    126. 

  126. MSD_mysql_connect();
    127. 

  127. mysql_select_db($db,$config['dbconnection']);
    128. 

  128. 

  129. ///*** EDIT / UPDATES / INSERTS ***///
    130. 

  130. ///***                          ***///
    131. 

  131. 

  132. 

  133. // handle update action after submitting it
    134. 

  134. if (isset($_POST['update'])||isset($_GET['update']))
    135. 

  135. {
    136. 

  136. 	GetPostParams();
    137. 

  137. 	$f=explode('|',$_POST['feldnamen']);
    138. 

  138. 	$sqlu='UPDATE `'.$_POST['db'].'`.`'.$tablename.'` SET ';
    139. 

  139. 	for ($i=0; $i<count($f); $i++)
    140. 

  140. 	{
    141. 

  141. 		$index=isset($_POST[$f[$i]]) ? $f[$i] : correct_post_index($f[$i]);
    142. 

  142. 		// Check if field is set to null
    143. 

  143. 		if (isset($_POST['null_'.$index]))
    144. 

  144. 		{
    145. 

  145. 			// Yes, set it to NULL in Querystring
    146. 

  146. 			$sqlu.='`'.$f[$i].'`=NULL, ';
    147. 

  147. 		}
    148. 

  148. 		else
    149. 

  149. 			$sqlu.='`'.$f[$i].'`=\''.db_escape(convert_to_latin1($_POST[$index])).'\', ';
    150. 

  150. 	}
    151. 

  151. 	$sqlu=substr($sqlu,0,strlen($sqlu)-2).' WHERE '.$recordkey;
    152. 

  152. 	$res=MSD_query($sqlu);
    153. 

  153. 	$msg='<p class="success">'.$lang['L_SQL_RECORDUPDATED'].'</p>';
    154. 

  154. 	if (isset($mode)&&$mode=='searchedit') $search=1;
    155. 

  155. 	$sql_to_display_data=1;
    156. 

  156. }
    157. 

  157. // handle insert action after submitting it
    158. 

  158. if (isset($_POST['insert']))
    159. 

  159. {
    160. 

  160. 	GetPostParams();
    161. 

  161. 	$f=explode('|',$_POST['feldnamen']);
    162. 

  162. 	$sqlu='INSERT INTO `'.$tablename.'` SET ';
    163. 

  163. 	for ($i=0; $i<count($f); $i++)
    164. 

  164. 	{
    165. 

  165. 		$index=isset($_POST[$f[$i]]) ? $f[$i] : correct_post_index($f[$i]);
    166. 

  166. 		if (isset($_POST['null_'.$index]))
    167. 

  167. 		{
    168. 

  168. 			// Yes, set it to NULL in Querystring
    169. 

  169. 			$sqlu.='`'.$f[$i].'`=NULL, ';
    170. 

  170. 		}
    171. 

  171. 		else
    172. 

  172. 			$sqlu.='`'.$f[$i].'`=\''.db_escape(convert_to_latin1($_POST[$index])).'\', ';
    173. 

  173. 	}
    174. 

  174. 	$sqlu=substr($sqlu,0,strlen($sqlu)-2);
    175. 

  175. 	$res=MSD_query($sqlu);
    176. 

  176. 	$msg='<p class="success">'.$lang['L_SQL_RECORDINSERTED'].'</p>';
    177. 

  177. 	$sql_to_display_data=1;
    178. 

  178. }
    179. 

  179. 

  180. if (isset($_POST['cancel'])) GetPostParams();
    181. 

  181. 

  182. //Tabellenansicht
    183. 

  183. $showtables=(substr(strtoupper($sql['sql_statement']),0,10)=='SHOW TABLE') ? 1 : 0;
    184. 

  184. $tabellenansicht=(substr(strtoupper($sql['sql_statement']),0,5)=='SHOW ') ? 1 : 0;
    185. 

  185. 

  186. if (!isset($limitstart)) $limitstart=0;
    187. 

  187. $limitende=$config['sql_limit'];
    188. 

  188. if (strtolower(substr($sql['sql_statement'],0,6))=='select') $limit=' LIMIT '.$limitstart.', '.$limitende.';';
    189. 

  189. 

  190. $params="sql.php?db=".$db."&amp;tablename=".$tablename."&amp;dbid=".$dbid.'&amp;context='.$context.'&amp;sql_statement='.urlencode($sql['sql_statement']).'&amp;tdc='.$tdcompact.'&amp;showtables='.$showtables;
    191. 

  191. if ($order!="") $params.="&amp;order=".$order."&amp;orderdir=".$orderdir.'&amp;context='.$context;
    192. 

  192. if ($bb>-1) $params.="&amp;bb=".$bb;
    193. 

  193. 

  194. $aus=headline($lang['L_SQL_BROWSER']);
    195. 

  195. 

  196. if ($search==0&&!$download)
    197. 

  197. {
    198. 

  198. 	echo $aus;
    199. 

  199. 	$aus='';
    200. 

  200. 	include ('./inc/sqlbrowser/sqlbox.php');
    201. 

  201. 	
    202. 

  202. 	if ($mode>''&&$context==0)
    203. 

  203. 	{
    204. 

  204. 		if (isset($recordkey)&&$recordkey>'') $rk=urldecode($recordkey);
    205. 

  205. 		if (isset($_GET['tablename'])) $tablename=$_GET['tablename'];
    206. 

  206. 		
    207. 

  207. 		if ($mode=='kill'||$mode=='kill_view')
    208. 

  208. 		{
    209. 

  209. 			if ($showtables==0)
    210. 

  210. 			{
    211. 

  211. 				if (strpos($rk,"|")!=false)
    212. 

  212. 				{
    213. 

  213. 					$rk=str_replace('|',' AND ',$rk);
    214. 

  214. 				}
    215. 

  215. 				$sqlk="DELETE FROM `$tablename` WHERE ".$rk." LIMIT 1";
    216. 

  216. 				$res=MSD_query($sqlk);
    217. 

  217. 				//echo "<br>".$sqlk;
    218. 

  218. 				$aus.='<p class="success">'.$lang['L_SQL_RECORDDELETED'].'</p>';
    219. 

  219. 			}
    220. 

  220. 			else
    221. 

  221. 			{
    222. 

  222. 				$sqlk="DROP TABLE `$rk`";
    223. 

  223. 				if ($mode=='kill_view') $sqlk='DROP VIEW `'.$rk.'`';
    224. 

  224. 				$res=MSD_query($sqlk);
    225. 

  225. 				$aus.='<p class="success">'.sprintf($lang['L_SQL_RECORDDELETED'],$rk).'</p>';
    226. 

  226. 			}
    227. 

  227. 		}
    228. 

  228. 		if ($mode=="empty")
    229. 

  229. 		{
    230. 

  230. 			
    231. 

  231. 			if ($showtables!=0)
    232. 

  232. 			{
    233. 

  233. 				$sqlk="TRUNCATE `$rk`";
    234. 

  234. 				$res=MSD_query($sqlk);
    235. 

  235. 				$aus.='<p class="success">'.sprintf($lang['L_SQL_TABLEEMPTIED'],$rk).'</p>';
    236. 

  236. 			}
    237. 

  237. 		}
    238. 

  238. 		if ($mode=="emptyk")
    239. 

  239. 		{
    240. 

  240. 			if ($showtables!=0)
    241. 

  241. 			{
    242. 

  242. 				$sqlk="TRUNCATE `$rk`;";
    243. 

  243. 				$res=MSD_query($sqlk);
    244. 

  244. 				$sqlk="ALTER TABLE `$rk` AUTO_INCREMENT=1;";
    245. 

  245. 				$res=MSD_query($sqlk);
    246. 

  246. 				$aus.='<p class="success">'.sprintf($lang['L_SQL_TABLEEMPTIEDKEYS'],$rk).'</p>';
    247. 

  247. 			}
    248. 

  248. 		}
    249. 

  249. 		
    250. 

  250. 		$javascript_switch='<script language="javascript" type="text/javascript">
    251. 

  251. function switch_area(textarea)
    252. 

  252. {
    253. 

  253. 	var t=document.getElementById(\'area_\'+textarea);
    254. 

  254. 	var c=document.getElementById(\'null_\'+textarea);
    255. 

  255. 	if (c.checked==true) { t.className="off";t.disabled=true;  }
    256. 

  256. 	else { t.className="";t.disabled=false;  }
    257. 

  257. }
    258. 

  258. </script>';
    259. 

  259. 		
    260. 

  260. 		if ($mode=='edit'||$mode=='searchedit') include ('./inc/sqlbrowser/sql_record_update_inputmask.php');
    261. 

  261. 		if ($mode=='new') include ('./inc/sqlbrowser/sql_record_insert_inputmask.php');
    262. 

  262. 	}
    263. 

  263. 	if ($context==0) include_once ('./inc/sqlbrowser/sql_dataview.php');
    264. 

  264. 	if ($context==1) include ('./inc/sqlbrowser/sql_commands.php');
    265. 

  265. 	if ($context==2) include ('./inc/sqlbrowser/sql_tables.php');
    266. 

  266. 	if ($context==3) include ('./inc/sql_tools.php');
    267. 

  267. }
    268. 

  268. if ($context==4) include ('./inc/sql_importexport.php');
    269. 

  269. if ($search==1) include ('./inc/sqlbrowser/mysql_search.php');
    270. 

  270. if (!$download)
    271. 

  271. {
    272. 

  272. 	?>
    273. 

  273. <script language="JavaScript" type="text/javascript">
    274. 

  274. function BrowseInput(el)
    275. 

  275. {
    276. 

  276. 	var txt=document.getElementsByName('imexta')[0].value;
    277. 

  277. 	var win=window.open('about:blank','MSD_Output','resizable=1,scrollbars=yes');
    278. 

  278. 	win.document.write(txt);
    279. 

  279. 	win.document.close();
    280. 

  280. 	win.focus();
    281. 

  281. }
    282. 

  282. </script>
    283. 

  283. <?php
    284. 

  284. 	
    285. 

  285. 	echo '<br><br><br>';
    286. 

  286. 	echo MSDFooter();
    287. 

  287. 	ob_end_flush();
    288. 

  288. }
    289. 

  289. 

  290. function FormHiddenParams()
    291. 

  291. {
    292. 

  292. 	global $db,$dbid,$tablename,$context,$limitstart,$order,$orderdir;
    293. 

  293. 	
    294. 

  294. 	$s='<input type="hidden" name="db" value="'.$db.'">';
    295. 

  295. 	$s.='<input type="hidden" name="dbid" value="'.$dbid.'">';
    296. 

  296. 	$s.='<input type="hidden" name="tablename" value="'.$tablename.'">';
    297. 

  297. 	$s.='<input type="hidden" name="context" value="'.$context.'">';
    298. 

  298. 	$s.='<input type="hidden" name="limitstart" value="'.$limitstart.'">';
    299. 

  299. 	$s.='<input type="hidden" name="order" value="'.$order.'">';
    300. 

  300. 	$s.='<input type="hidden" name="orderdir" value="'.$orderdir.'">';
    301. 

  301. 	return $s;
    302. 

  302. }
    303.