2007-07-02 05:51:26 +00:00
|
|
|
<?php
|
2007-07-06 09:33:47 +00:00
|
|
|
page_header(lang('SQL command'));
|
2007-07-02 05:51:26 +00:00
|
|
|
|
2007-07-09 06:12:22 +00:00
|
|
|
if ($_POST && $error) {
|
|
|
|
|
echo "<p class='error'>$error</p>\n";
|
|
|
|
|
} elseif ($_POST && is_string($query = (isset($_POST["query"]) ? $_POST["query"] : get_file("sql_file")))) {
|
|
|
|
|
$delimiter = ";";
|
|
|
|
|
$offset = 0;
|
|
|
|
|
$empty = true;
|
|
|
|
|
while (rtrim($query)) {
|
|
|
|
|
if (!$offset && preg_match('~^\\s*DELIMITER\\s+(.+)~i', $query, $match)) {
|
|
|
|
|
$delimiter = preg_quote($match[1], '~');
|
|
|
|
|
$query = substr($query, strlen($match[0]));
|
|
|
|
|
} elseif (preg_match("~$delimiter|['`\"]|\$~", $query, $match, PREG_OFFSET_CAPTURE, $offset)) {
|
|
|
|
|
if ($match[0][0] && $match[0][0] != $delimiter) {
|
|
|
|
|
preg_match('~\\G([^\\\\' . $match[0][0] . ']*|\\\\.)+(' . $match[0][0] . '|$)~s', $query, $match, PREG_OFFSET_CAPTURE, $match[0][1] + 1);
|
|
|
|
|
$offset = $match[0][1] + strlen($match[0][0]);
|
|
|
|
|
} else {
|
|
|
|
|
$empty = false;
|
2007-07-10 06:30:04 +00:00
|
|
|
echo "<pre class='jush-sql'>" . htmlspecialchars(substr($query, 0, $match[0][1])) . "</pre>\n";
|
2007-07-09 06:12:22 +00:00
|
|
|
$result = mysql_query(substr($query, 0, $match[0][1]));
|
|
|
|
|
$query = substr($query, $match[0][1] + strlen($match[0][0]));
|
|
|
|
|
$offset = 0;
|
|
|
|
|
if (!$result) {
|
|
|
|
|
echo "<p class='error'>" . lang('Error in query') . ": " . htmlspecialchars(mysql_error()) . "</p>\n";
|
|
|
|
|
} elseif ($result === true) {
|
2007-07-09 14:45:11 +00:00
|
|
|
/* more secure but less user-friendly
|
|
|
|
|
if (token_delete()) {
|
|
|
|
|
$token = token();
|
|
|
|
|
}
|
|
|
|
|
*/
|
2007-07-09 06:12:22 +00:00
|
|
|
echo "<p class='message'>" . lang('Query executed OK, %d row(s) affected.', mysql_affected_rows()) . "</p>\n";
|
|
|
|
|
} else {
|
|
|
|
|
select($result);
|
2007-07-02 15:50:35 +00:00
|
|
|
}
|
2007-07-02 05:51:26 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2007-07-09 06:12:22 +00:00
|
|
|
if ($empty) {
|
|
|
|
|
echo "<p class='message'>" . lang('No commands to execute.') . "</p>\n";
|
|
|
|
|
}
|
|
|
|
|
} elseif ($_GET["sql"] == "upload") {
|
|
|
|
|
echo "<p class='error'>" . lang('Unable to upload a file.') . "</p>\n";
|
2007-07-02 05:51:26 +00:00
|
|
|
}
|
|
|
|
|
?>
|
2007-07-09 14:45:11 +00:00
|
|
|
|
2007-07-09 06:12:22 +00:00
|
|
|
<form action="<?php echo htmlspecialchars($SELF); ?>sql=" method="post">
|
2007-07-02 05:51:26 +00:00
|
|
|
<p><textarea name="query" rows="20" cols="80"><?php echo htmlspecialchars($_POST["query"]); ?></textarea></p>
|
2007-07-09 06:12:22 +00:00
|
|
|
<p><input type="hidden" name="token" value="<?php echo $token; ?>" /><input type="submit" value="<?php echo lang('Execute'); ?>" /></p>
|
|
|
|
|
</form>
|
|
|
|
|
|
|
|
|
|
<?php
|
|
|
|
|
if (!ini_get("file_uploads")) {
|
|
|
|
|
echo "<p>" . lang('File uploads are disabled.') . "</p>\n";
|
|
|
|
|
} else { ?>
|
|
|
|
|
<form action="<?php echo htmlspecialchars($SELF); ?>sql=upload" method="post" enctype="multipart/form-data">
|
|
|
|
|
<p>
|
|
|
|
|
<?php echo lang('File upload'); ?>: <input type="file" name="sql_file" />
|
|
|
|
|
<input type="hidden" name="token" value="<?php echo $token; ?>" />
|
|
|
|
|
<input type="submit" value="<?php echo lang('Execute'); ?>" />
|
|
|
|
|
</p>
|
2007-07-02 05:51:26 +00:00
|
|
|
</form>
|
2007-07-09 06:12:22 +00:00
|
|
|
<?php } ?>
|
