
1138 lines
38 KiB
Raw Normal View History

// any method change in this file should be transferred to editor/include/ and plugins/plugin.php
class Adminer {
/** @var array operators used in select, null for all operators */
var $operators;
/** Name in title and navigation
2011-04-03 15:27:34 +00:00
* @return string HTML code
function name() {
return "<a href=''" . target_blank() . " id='h1'>AdminerEvo</a>";
/** Connection parameters
* @return array ($server, $username, $password)
function credentials() {
return array(SERVER, $_GET["username"], get_password());
2018-02-07 11:13:58 +00:00
/** Get SSL connection options
* @return array array("key" => filename, "cert" => filename, "ca" => filename) or null
function connectSsl() {
/** Get key used for permanent login
* @param bool
* @return string cryptic string which gets combined with password or false in case of an error
function permanentLogin($create = false) {
return password_file($create);
/** Return key used to group brute force attacks; behind a reverse proxy, you want to return the last part of X-Forwarded-For
* @return string
function bruteForceKey() {
2023-05-21 13:03:36 +00:00
/** Get server name displayed in breadcrumbs
* @param string
* @return string HTML code or null
function serverName($server) {
return h($server);
/** Identifier of selected database
* @return string
function database() {
// should be used everywhere instead of DB
return DB;
2012-02-24 06:54:48 +00:00
/** Get cached list of databases
* @param bool
* @return array
function databases($flush = true) {
return get_databases($flush);
2013-10-25 05:16:24 +00:00
/** Get list of schemas
* @return array
function schemas() {
return schemas();
2012-08-20 00:12:19 +00:00
/** Specify limit for waiting on some slow queries like DB list
* @return float number of seconds
function queryTimeout() {
return 2;
2012-08-20 00:12:19 +00:00
2010-10-17 20:13:32 +00:00
/** Headers to send before HTML output
* @return null
2010-10-17 20:13:32 +00:00
function headers() {
2018-01-09 17:53:17 +00:00
/** Get Content Security Policy headers
2018-01-17 10:05:59 +00:00
* @return array of arrays with directive name in key, allowed sources in value
2018-01-09 17:53:17 +00:00
function csp() {
return csp();
/** Print HTML code inside <head>
2018-01-23 11:15:38 +00:00
* @return bool true to link favicon.ico and adminer.css if exists
function head() {
2014-01-30 16:27:56 +00:00
<link rel="stylesheet" type="text/css" href="../externals/jush/jush.css">
return true;
2018-01-23 11:15:38 +00:00
/** Get URLs of the CSS files
* @return array of strings
function css() {
$return = array();
$filename = "adminer.css";
if (file_exists($filename)) {
2019-04-01 22:42:55 +00:00
$return[] = "$filename?v=" . crc32(file_get_contents($filename));
2018-01-23 11:15:38 +00:00
return $return;
/** Print login form
* @return null
function loginForm() {
2010-10-13 15:53:59 +00:00
global $drivers;
echo "<table cellspacing='0' class='layout'>\n";
echo $this->loginFormField('driver', '<tr><th>' . lang('System') . '<td>', html_select("auth[driver]", $drivers, DRIVER, "loginDriver(this);") . "\n");
echo $this->loginFormField('server', '<tr><th>' . lang('Server') . '<td>', '<input name="auth[server]" value="' . h(SERVER) . '" title="hostname[:port]" placeholder="localhost" autocapitalize="off">' . "\n");
echo $this->loginFormField('username', '<tr><th>' . lang('Username') . '<td>', '<input name="auth[username]" id="username" value="' . h($_GET["username"]) . '" autocomplete="username" autocapitalize="off">' . script("focus(qs('#username')); qs('#username').form['auth[driver]'].onchange();"));
echo $this->loginFormField('password', '<tr><th>' . lang('Password') . '<td>', '<input type="password" name="auth[password]" autocomplete="current-password">' . "\n");
echo $this->loginFormField('db', '<tr><th>' . lang('Database') . '<td>', '<input name="auth[db]" value="' . h($_GET["db"]) . '" autocapitalize="off">' . "\n");
2018-02-22 10:36:11 +00:00
echo "</table>\n";
echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
2012-05-14 07:08:32 +00:00
echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
2023-05-21 13:03:36 +00:00
2018-02-22 10:36:11 +00:00
/** Get login form field
* @param string
* @param string HTML
* @param string HTML
2018-02-22 10:36:11 +00:00
* @return string
function loginFormField($name, $heading, $value) {
return $heading . $value;
2018-02-22 10:36:11 +00:00
/** Authorize the user
* @param string
* @param string
* @return mixed true for success, string for error message, false for unknown error
function login($login, $password) {
2018-05-07 10:21:31 +00:00
if ($password == "") {
return lang('Adminer does not support accessing a database without a password, <a href=""%s>more information</a>.', target_blank());
return true;
/** Table caption used in navigation and headings
* @param array result of SHOW TABLE STATUS
2011-03-24 01:19:21 +00:00
* @return string HTML code, "" to ignore table
function tableName($tableStatus) {
return h($tableStatus["Name"]);
/** Field caption used in select and edit
* @param array single field returned from fields()
* @param int order of column in select
2011-03-24 01:19:21 +00:00
* @return string HTML code, "" to ignore field
function fieldName($field, $order = 0) {
return '<span title="' . h($field["full_type"]) . '">' . h($field["field"]) . '</span>';
/** Print links after select heading
* @param array result of SHOW TABLE STATUS
* @param string new item options, NULL for no new item
* @return null
function selectLinks($tableStatus, $set = "") {
2018-02-08 10:21:33 +00:00
global $jush, $driver;
2013-07-09 06:51:50 +00:00
echo '<p class="links">';
$actions = array("select" => lang('Select data'));
if (support("table") || support("indexes")) {
$actions["table"] = lang('Show structure');
if (support("table")) {
2013-07-06 17:31:21 +00:00
if (is_view($tableStatus)) {
$actions["view"] = lang('Alter view');
2013-07-06 17:31:21 +00:00
} else {
$actions["create"] = lang('Alter table');
2013-07-06 17:31:21 +00:00
2012-05-14 06:54:07 +00:00
if ($set !== null) {
$actions["edit"] = lang('New item');
2018-02-08 10:21:33 +00:00
$name = $tableStatus["Name"];
$links = [];
foreach ($actions as $key => $val) {
$links[] = "<a href='" . h(ME) . "$key=" . urlencode($name) . ($key == "edit" ? $set : "") . "'" . bold(isset($_GET[$key])) . ">$val</a>";
echo generate_linksbar($links);
2018-02-08 10:21:33 +00:00
echo doc_link(array($jush => $driver->tableHelp($name)), "?");
echo "\n";
2010-10-29 11:58:08 +00:00
/** Get foreign keys for table
* @param string
* @return array same format as foreign_keys()
function foreignKeys($table) {
return foreign_keys($table);
/** Find backward keys for table
* @param string
* @param string
* @return array $return[$target_table]["keys"][$key_name][$target_column] = $source_column; $return[$target_table]["name"] = $this->tableName($target_table);
function backwardKeys($table, $tableName) {
return array();
/** Print backward keys for row
* @param array result of $this->backwardKeys()
* @param array
* @return null
function backwardKeysPrint($backwardKeys, $row) {
/** Query printed in select before execution
* @param string query to be executed
2018-02-01 10:54:39 +00:00
* @param float start time of the query
* @param bool
* @return string
function selectQuery($query, $start, $failed = false) {
2018-02-01 07:55:09 +00:00
global $jush, $driver;
if (!$failed && ($warnings = $driver->warnings())) {
2018-02-01 07:55:09 +00:00
$id = "warnings";
2018-02-01 11:27:22 +00:00
$return = ", <a href='#$id'>" . lang('Warnings') . "</a>" . script("qsl('a').onclick = partial(toggle, '$id');", "")
. "<div id='$id' class='hidden'>\n$warnings</div>\n"
2018-02-01 07:55:09 +00:00
2023-07-21 09:52:03 +00:00
$links = [
(support("sql") ? "<a href='" . h(ME) . "sql=" . urlencode($query) . "'>" . lang('Edit') . "</a>" : ""),
"<a href='#' class='copy-to-clipboard'>" . lang('Copy to clipboard') . "</a>",
return "<code class='jush-$jush copy-to-clipboard'>" . h(str_replace("\n", " ", $query)) . "</code> <span class='time'>(" . format_time($start) . ")</span>"
. generate_linksbar($links);
2015-03-11 16:52:11 +00:00
/** Query printed in SQL command before execution
* @param string query to be executed
* @return string escaped query to be printed
function sqlCommandQuery($query)
return shorten_utf8(trim($query), 1000);
/** Description of a row in a table
* @param string
* @return string SQL expression, empty string for no description
function rowDescription($table) {
return "";
/** Get descriptions of selected data
* @param array all data to print
* @param array
* @return array
function rowDescriptions($rows, $foreignKeys) {
return $rows;
/** Get a link to use in select table
* @param string raw value of the field
* @param array single field returned from fields()
* @return string or null to create the default link
function selectLink($val, $field) {
/** Value printed in select table
* @param string HTML-escaped value to print
* @param string link to foreign key
* @param array single field returned from fields()
2014-01-11 05:32:07 +00:00
* @param array original value before applying editVal() and escaping
* @return string
2014-01-11 05:32:07 +00:00
function selectVal($val, $link, $field, $original) {
2023-11-17 05:24:10 +00:00
$return = ($val === null ? "<i>NULL</i>" : (preg_match("~char|binary|boolean~", $field["type"] ?? null) && !preg_match("~var~", $field["type"] ?? null) ? "<code>$val</code>" : $val));
if (preg_match('~blob|bytea|raw|file~', $field["type"] ?? null) && !is_utf8($val)) {
$return = "<i>" . lang('%d byte(s)', strlen($original)) . "</i>";
2023-11-17 05:24:10 +00:00
if (preg_match('~json~', $field["type"] ?? null)) {
2017-03-10 07:56:58 +00:00
$return = "<code class='jush-js'>$return</code>";
2018-01-30 18:12:49 +00:00
return ($link ? "<a href='" . h($link) . "'" . (is_url($link) ? target_blank() : "") . ">$return</a>" : $return);
/** Value conversion used in select and edit
* @param string
* @param array single field returned from fields()
* @return string
function editVal($val, $field) {
2012-09-09 05:56:34 +00:00
return $val;
/** Print table structure in tabular format
* @param array data about individual fields
* @return null
function tableStructurePrint($fields) {
2018-10-27 19:20:56 +00:00
echo "<div class='scrollable'>\n";
echo "<table cellspacing='0' class='nowrap'>\n";
echo "<thead><tr><th>" . lang('Column') . "<td>" . lang('Type') . (support("comment") ? "<td>" . lang('Comment') : "") . "</thead>\n";
foreach ($fields as $field) {
echo "<tr" . odd() . "><th>" . h($field["field"]);
echo "<td><span title='" . h($field["collation"]) . "'>" . h($field["full_type"]) . "</span>";
echo ($field["null"] ? " <i>NULL</i>" : "");
echo ($field["auto_increment"] ? " <i>" . lang('Auto Increment') . "</i>" : "");
echo (isset($field["default"]) ? " <span title='" . lang('Default value') . "'>[<b>" . h($field["default"]) . "</b>]</span>" : "");
echo (support("comment") ? "<td>" . h($field["comment"]) : "");
echo "\n";
echo "</table>\n";
echo "</div>\n";
/** Print list of indexes on table in tabular format
* @param array data about all indexes on a table
* @return null
function tableIndexesPrint($indexes) {
echo "<table cellspacing='0'>\n";
foreach ($indexes as $name => $index) {
ksort($index["columns"]); // enforce correct columns order
$print = array();
foreach ($index["columns"] as $key => $val) {
$print[] = "<i>" . h($val) . "</i>"
. ($index["lengths"][$key] ? "(" . $index["lengths"][$key] . ")" : "")
. ($index["descs"][$key] ? " DESC" : "")
echo "<tr title='" . h($name) . "'><th>$index[type]<td>" . implode(", ", $print) . "\n";
echo "</table>\n";
/** Print columns box in select
* @param array result of selectColumnsProcess()[0]
* @param array selectable columns
* @return null
function selectColumnsPrint($select, $columns) {
global $functions, $grouping;
print_fieldset("select", lang('Select'), $select);
$i = 0;
$select[""] = array();
foreach ($select as $key => $val) {
2023-11-17 05:24:10 +00:00
$val = $_GET["columns"][$key] ?? null;
2018-01-12 16:52:45 +00:00
$column = select_input(
" name='columns[$i][col]'",
2023-11-17 05:24:10 +00:00
$val["col"] ?? null,
2018-01-22 12:51:47 +00:00
($key !== "" ? "selectFieldChange" : "selectAddRow")
2018-01-12 16:52:45 +00:00
echo "<div>" . ($functions || $grouping ? "<select name='columns[$i][fun]'>"
2023-11-17 05:24:10 +00:00
. optionlist(array(-1 => "") + array_filter(array(lang('Functions') => $functions, lang('Aggregation') => $grouping)), $val["fun"] ?? null) . "</select>"
. on_help("getTarget(event).value && getTarget(event).value.replace(/ |\$/, '(') + ')'", 1)
2018-01-14 09:18:16 +00:00
. script("qsl('select').onchange = function () { helpClose();" . ($key !== "" ? "" : " qsl('select, input', this.parentNode).onchange();") . " };", "")
. "($column)" : $column)
. " <input type='image' src='../adminer/static/cross.gif' class='jsonly icon' title='", h(lang('Remove')), "' alt='x'>"
. script('qsl(".icon").onclick = selectRemoveRow;', "")
. "</div>\n";
echo "</div></fieldset>\n";
/** Print search box in select
* @param array result of selectSearchProcess()
* @param array selectable columns
* @param array
* @return null
function selectSearchPrint($where, $columns, $indexes) {
print_fieldset("search", lang('Search'), $where);
foreach ($indexes as $i => $index) {
if ($index["type"] == "FULLTEXT") {
echo "<div>(<i>" . implode("</i>, <i>", array_map('h', $index["columns"])) . "</i>) AGAINST";
2018-01-12 12:08:21 +00:00
echo " <input type='search' name='fulltext[$i]' value='" . h($_GET["fulltext"][$i]) . "'>";
2018-01-12 21:18:54 +00:00
echo script("qsl('input').oninput = selectFieldChange;", "");
echo checkbox("boolean[$i]", 1, isset($_GET["boolean"][$i]), "BOOL");
echo "</div>\n";
2018-01-12 16:52:45 +00:00
$change_next = "this.parentNode.firstChild.onchange();";
2018-02-06 11:58:06 +00:00
foreach (array_merge((array) $_GET["where"], array(array())) as $i => $val) {
if (!$val || ("$val[col]$val[val]" != "" && in_array($val["op"], $this->operators))) {
2018-01-12 16:52:45 +00:00
echo "<div>" . select_input(
" name='where[$i][col]'",
($val ? "selectFieldChange" : "selectAddRow"),
"(" . lang('anywhere') . ")"
echo html_select("where[$i][op]", $this->operators, $val["op"], $change_next);
2018-01-12 16:52:45 +00:00
echo "<input type='search' name='where[$i][val]' value='" . h($val["val"]) . "'>";
2018-01-12 21:18:54 +00:00
echo script("mixin(qsl('input'), {oninput: function () { $change_next }, onkeydown: selectSearchKeydown, onsearch: selectSearchSearch});", "");
echo "<input type='image' src='../adminer/static/cross.gif' class='jsonly icon' title='", h(lang('Remove')), "' alt='x'>";
echo script('qsl(".icon").onclick = selectRemoveRow;', "");
2018-01-12 16:52:45 +00:00
echo "</div>\n";
echo "</div></fieldset>\n";
/** Print order box in select
* @param array result of selectOrderProcess()
* @param array selectable columns
* @param array
* @return null
function selectOrderPrint($order, $columns, $indexes) {
print_fieldset("sort", lang('Sort'), $order);
$i = 0;
foreach ((array) $_GET["order"] as $key => $val) {
2013-07-06 17:31:21 +00:00
if ($val != "") {
2018-01-12 12:08:21 +00:00
echo "<div>" . select_input(" name='order[$i]'", $columns, $val, "selectFieldChange");
echo checkbox("desc[$i]", 1, isset($_GET["desc"][$key]), lang('descending'));
echo " <input type='image' src='../adminer/static/cross.gif' class='jsonly icon' title='", h(lang('Remove')), "' alt='x'>";
echo script('qsl(".icon").onclick = selectRemoveRow;', "");
echo "</div>\n";
2018-01-12 16:52:45 +00:00
echo "<div>" . select_input(" name='order[$i]'", $columns, "", "selectAddRow");
echo checkbox("desc[$i]", 1, false, lang('descending'));
echo " <input type='image' src='../adminer/static/cross.gif' class='jsonly icon' title='", h(lang('Remove')), "' alt='x'>";
echo script('qsl(".icon").onclick = selectRemoveRow;', "");
echo "</div>\n";
echo "</div></fieldset>\n";
/** Print limit box in select
* @param string result of selectLimitProcess()
* @return null
function selectLimitPrint($limit) {
echo "<fieldset><legend>" . lang('Limit') . "</legend><div>"; // <div> for easy styling
2018-01-12 12:08:21 +00:00
echo "<input type='number' name='limit' class='size' value='" . h($limit) . "'>";
2018-01-12 21:18:54 +00:00
echo script("qsl('input').oninput = selectFieldChange;", "");
echo "</div></fieldset>\n";
/** Print text length box in select
* @param string result of selectLengthProcess()
* @return null
function selectLengthPrint($text_length) {
2012-05-14 06:54:07 +00:00
if ($text_length !== null) {
echo "<fieldset><legend>" . lang('Text length') . "</legend><div>";
2012-12-05 21:11:36 +00:00
echo "<input type='number' name='text_length' class='size' value='" . h($text_length) . "'>";
echo "</div></fieldset>\n";
/** Print action box in select
* @param array
* @return null
function selectActionPrint($indexes) {
echo "<fieldset><legend>" . lang('Action') . "</legend><div>";
echo "<input type='submit' value='" . lang('Select') . "'>";
echo " <span id='noindex' title='" . lang('Full table scan') . "'></span>";
2018-01-13 21:17:00 +00:00
echo "<script" . nonce() . ">\n";
echo "var indexColumns = ";
$columns = array();
foreach ($indexes as $index) {
$current_key = reset($index["columns"]);
if ($index["type"] != "FULLTEXT" && $current_key) {
$columns[$current_key] = 1;
$columns[""] = 1;
foreach ($columns as $key => $val) {
echo ";\n";
2018-01-12 11:50:09 +00:00
echo "'#form')['select']);\n";
echo "</script>\n";
echo "</div></fieldset>\n";
2023-05-21 13:03:36 +00:00
/** Print command box in select
* @return bool whether to print default commands
function selectCommandPrint() {
return !information_schema(DB);
/** Print import box in select
* @return bool whether to print default import
function selectImportPrint() {
2012-08-29 17:08:18 +00:00
return !information_schema(DB);
/** Print extra text in the end of a select form
* @param array fields holding e-mails
* @param array selectable columns
* @return null
function selectEmailPrint($emailFields, $columns) {
/** Process columns box in select
* @param array selectable columns
* @param array
* @return array (array(select_expressions), array(group_expressions))
function selectColumnsProcess($columns, $indexes) {
global $functions, $grouping;
$select = array(); // select expressions, empty for *
$group = array(); // expressions without aggregation - will be used for GROUP BY if an aggregation function is used
foreach ((array) $_GET["columns"] as $key => $val) {
2013-07-06 17:31:21 +00:00
if ($val["fun"] == "count" || ($val["col"] != "" && (!$val["fun"] || in_array($val["fun"], $functions) || in_array($val["fun"], $grouping)))) {
$select[$key] = apply_sql_function($val["fun"], ($val["col"] != "" ? idf_escape($val["col"]) : "*"));
if (!in_array($val["fun"], $grouping)) {
$group[] = $select[$key];
return array($select, $group);
/** Process search box in select
* @param array
* @param array
* @return array expressions to join by AND
function selectSearchProcess($fields, $indexes) {
global $connection, $driver;
$return = array();
foreach ($indexes as $i => $index) {
if ($index["type"] == "FULLTEXT" && $_GET["fulltext"][$i] != "") {
$return[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST (" . q($_GET["fulltext"][$i]) . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")";
2018-02-06 11:56:18 +00:00
foreach ((array) $_GET["where"] as $key => $val) {
if ("$val[col]$val[val]" != "" && in_array($val["op"], $this->operators)) {
2018-02-01 14:25:38 +00:00
$prefix = "";
$cond = " $val[op]";
if (preg_match('~IN$~', $val["op"])) {
$in = process_length($val["val"]);
$cond .= " " . ($in != "" ? $in : "(NULL)");
2013-04-26 19:04:28 +00:00
} elseif ($val["op"] == "SQL") {
$cond = " $val[val]"; // SQL injection
} elseif ($val["op"] == "LIKE %%") {
$cond = " LIKE " . $this->processInput($fields[$val["col"]], "%$val[val]%");
2015-01-19 08:38:10 +00:00
} elseif ($val["op"] == "ILIKE %%") {
$cond = " ILIKE " . $this->processInput($fields[$val["col"]], "%$val[val]%");
2018-02-01 14:25:38 +00:00
} elseif ($val["op"] == "FIND_IN_SET") {
$prefix = "$val[op](" . q($val["val"]) . ", ";
$cond = ")";
} elseif (!preg_match('~NULL$~', $val["op"])) {
$cond .= " " . $this->processInput($fields[$val["col"]], $val["val"]);
if ($val["col"] != "") {
$return[] = $prefix . $driver->convertSearch(idf_escape($val["col"]), $val, $fields[$val["col"]]) . $cond;
} else {
// find anywhere
$cols = array();
foreach ($fields as $name => $field) {
if ((preg_match('~^[-\d.' . (preg_match('~IN$~', $val["op"]) ? ',' : '') . ']+$~', $val["val"]) || !preg_match('~' . number_type() . '|bit~', $field["type"]))
&& (!preg_match("~[\x80-\xFF]~", $val["val"]) || preg_match('~char|text|enum|set~', $field["type"]))
&& (!preg_match('~date|timestamp~', $field["type"]) || preg_match('~^\d+-\d+-\d+~', $val["val"]))
) {
$cols[] = $prefix . $driver->convertSearch(idf_escape($name), $val, $field) . $cond;
$return[] = ($cols ? "(" . implode(" OR ", $cols) . ")" : "1 = 0");
return $return;
/** Process order box in select
* @param array
* @param array
* @return array expressions to join by comma
function selectOrderProcess($fields, $indexes) {
$return = array();
foreach ((array) $_GET["order"] as $key => $val) {
2013-07-06 17:31:21 +00:00
if ($val != "") {
2018-02-20 15:27:40 +00:00
$return[] = (preg_match('~^((COUNT\(DISTINCT |[A-Z0-9_]+\()(`(?:[^`]|``)+`|"(?:[^"]|"")+")\)|COUNT\(\*\))$~', $val) ? $val : idf_escape($val)) //! MS SQL uses []
2013-07-06 17:31:21 +00:00
. (isset($_GET["desc"][$key]) ? " DESC" : "")
return $return;
/** Process limit box in select
* @return string expression to use in LIMIT, will be escaped
function selectLimitProcess() {
2013-04-15 21:45:49 +00:00
return (isset($_GET["limit"]) ? $_GET["limit"] : "50");
/** Process length box in select
* @return string number of characters to shorten texts, will be escaped
function selectLengthProcess() {
return (isset($_GET["text_length"]) ? $_GET["text_length"] : "100");
/** Process extras in select form
* @param array AND conditions
* @param array
* @return bool true if processed, false to process other parts of form
function selectEmailProcess($where, $foreignKeys) {
return false;
2012-08-24 05:17:44 +00:00
/** Build SQL query used in select
* @param array result of selectColumnsProcess()[0]
* @param array result of selectSearchProcess()
* @param array result of selectColumnsProcess()[1]
* @param array result of selectOrderProcess()
* @param int result of selectLimitProcess()
* @param int index of page starting at zero
* @return string empty string to use default query
function selectQueryBuild($select, $where, $group, $order, $limit, $page) {
return "";
/** Query printed after execution in the message
* @param string executed query
* @param string elapsed time
* @param bool
* @return string
function messageQuery($query, $time, $failed = false) {
2018-02-01 08:21:50 +00:00
global $jush, $driver;
$history = &get_session("queries");
2023-11-17 05:24:10 +00:00
if (isset($history[$_GET["db"]]) === false) {
2018-01-16 15:22:24 +00:00
$history[$_GET["db"]] = array();
if (strlen($query) > 1e6) {
$query = preg_replace('~[\x80-\xFF]+$~', '', substr($query, 0, 1e6)) . "\n"; // [\x80-\xFF] - valid UTF-8, \n - can end by one-line comment
2011-03-22 14:12:38 +00:00
$history[$_GET["db"]][] = array($query, time(), $time); // not DB - $_GET["db"] is changed in //! respect $_GET["ns"]
2018-02-01 12:08:28 +00:00
$sql_id = "sql-" . count($history[$_GET["db"]]);
$return = "<a href='#$sql_id' class='toggle'>" . lang('SQL command') . "</a> <a href='#' class='copy-to-clipboard icon expand' data-expand-id='$sql_id'></a>\n";
if (!$failed && ($warnings = $driver->warnings())) {
2018-02-01 08:21:50 +00:00
$id = "warnings-" . count($history[$_GET["db"]]);
2018-02-01 11:27:22 +00:00
$return = "<a href='#$id' class='toggle'>" . lang('Warnings') . "</a>, $return<div id='$id' class='hidden'>\n$warnings</div>\n";
2018-02-01 08:21:50 +00:00
$links = [];
if (support("sql")) {
$links[] = '<a href="' . h(str_replace("db=" . urlencode(DB), "db=" . urlencode($_GET["db"]), ME) . 'sql=&history=' . (count($history[$_GET["db"]]) - 1)) . '">' . lang('Edit') . '</a>';
$links[] = '<a href="#" class="copy-to-clipboard">' . lang('Copy to clipboard') . '</a>';
2018-02-01 11:27:22 +00:00
return " <span class='time'>" . @date("H:i:s") . "</span>" // @ - time zone may be not set
. " $return<div id='$sql_id' class='hidden'><pre><code class='jush-$jush copy-to-clipboard'>" . shorten_utf8($query, 1000) . "</code></pre>"
. ($time ? " <span class='time'>($time)</span>" : '')
. generate_linksbar($links)
. '</div>'
/** Print before edit form
* @param string
* @param array
* @param mixed
* @param bool
* @return null
function editRowPrint($table, $fields, $row, $update) {
/** Functions displayed in edit form
* @param array single field from fields()
* @return array
function editFunctions($field) {
global $edit_functions;
$return = ($field["null"] ? "NULL/" : "");
2021-02-08 16:22:53 +00:00
$update = isset($_GET["select"]) || where($_GET);
foreach ($edit_functions as $key => $functions) {
2021-02-08 16:22:53 +00:00
if (!$key || (!isset($_GET["call"]) && $update)) { // relative functions
foreach ($functions as $pattern => $val) {
if (!$pattern || preg_match("~$pattern~", $field["type"])) {
$return .= "/$val";
2021-02-08 16:41:59 +00:00
if ($key && !preg_match('~set|blob|bytea|raw|file|bool~', $field["type"])) {
$return .= "/SQL";
2021-02-08 16:22:53 +00:00
if ($field["auto_increment"] && !$update) {
2014-01-04 22:30:42 +00:00
$return = lang('Auto Increment');
return explode("/", $return);
/** Get options to display edit field
* @param string table name
* @param array single field from fields()
* @param string attributes to use inside the tag
* @param string
* @return string custom input field or empty string for default
function editInput($table, $field, $attrs, $value) {
if ($field["type"] == "enum") {
2024-03-23 17:21:42 +00:00
$options = array();
$selected = $value;
if (isset($_GET["select"])) {
$options[-1] = lang('original');
if ($selected === null) {
$selected = -1;
if ($field["null"]) {
$options[""] = "NULL";
if ($value === null && !isset($_GET["select"])) {
$selected = "";
$options[0] = lang('empty');
preg_match_all("~'((?:[^']|'')*)'~", $field["length"], $matches);
foreach ($matches[1] as $i => $val) {
$val = stripcslashes(str_replace("''", "'", $val));
$options[$i + 1] = $val;
if ($value === $val) {
$selected = $i + 1;
return "<select$attrs>" . optionlist($options, (string) $selected, 1) . "</select>"; // 1 - use keys
return "";
/** Get hint for edit field
* @param string table name
* @param array single field from fields()
* @param string
* @return string
function editHint($table, $field, $value) {
return "";
/** Process sent input
* @param array single field from fields()
* @param string
* @param string
* @return string expression to use in a query
function processInput($field, $value, $function = "") {
2013-04-26 19:20:47 +00:00
if ($function == "SQL") {
2011-03-15 16:34:25 +00:00
return $value; // SQL injection
$name = $field["field"];
$return = q($value);
if (preg_match('~^(now|getdate|uuid)$~', $function)) {
$return = "$function()";
} elseif (preg_match('~^current_(date|timestamp)$~', $function)) {
2010-05-17 22:49:37 +00:00
$return = $function;
2018-02-20 15:27:40 +00:00
} elseif (preg_match('~^([+-]|\|\|)$~', $function)) {
$return = idf_escape($name) . " $function $return";
} elseif (preg_match('~^[+-] interval$~', $function)) {
$return = idf_escape($name) . " $function " . (preg_match("~^(\\d+|'[0-9.: -]') [A-Z_]+\$~i", $value) ? $value : $return);
} elseif (preg_match('~^(addtime|subtime|concat)$~', $function)) {
$return = "$function(" . idf_escape($name) . ", $return)";
} elseif (preg_match('~^(md5|sha1|password|encrypt)$~', $function)) {
$return = "$function($return)";
2012-09-09 05:56:34 +00:00
return unconvert_field($field, $return);
/** Returns export output options
* @return array
function dumpOutput() {
$return = array('text' => lang('open'), 'file' => lang('save'));
if (function_exists('gzencode')) {
$return['gz'] = 'gzip';
return $return;
/** Returns export format options
2011-12-22 06:08:18 +00:00
* @return array empty to disable export
function dumpFormat() {
2010-10-29 16:02:20 +00:00
return array('sql' => 'SQL', 'csv' => 'CSV,', 'csv;' => 'CSV;', 'tsv' => 'TSV');
2013-04-04 01:49:05 +00:00
/** Export database structure
* @param string
* @return null prints data
function dumpDatabase($db) {
2010-10-29 15:03:02 +00:00
/** Export table structure
* @param string
* @param string
* @param int 0 table, 1 view, 2 temporary view table
2010-10-29 15:03:02 +00:00
* @return null prints data
function dumpTable($table, $style, $is_view = 0) {
2010-10-29 15:03:02 +00:00
if ($_POST["format"] != "sql") {
echo "\xef\xbb\xbf"; // UTF-8 byte order mark
if ($style) {
} else {
if ($is_view == 2) {
$fields = array();
foreach (fields($table) as $name => $field) {
$fields[] = idf_escape($name) . " $field[full_type]";
$create = "CREATE TABLE " . table($table) . " (" . implode(", ", $fields) . ")";
} else {
$create = create_sql($table, $_POST["auto_increment"], $style);
if ($style && $create) {
if ($style == "DROP+CREATE" || $is_view == 1) {
echo "DROP " . ($is_view == 2 ? "VIEW" : "TABLE") . " IF EXISTS " . table($table) . ";\n";
2010-10-29 15:03:02 +00:00
if ($is_view == 1) {
2012-08-09 16:39:12 +00:00
$create = remove_definer($create);
2010-10-29 15:03:02 +00:00
2013-04-04 01:49:05 +00:00
echo "$create;\n\n";
2010-10-29 15:03:02 +00:00
2010-10-29 15:03:02 +00:00
/** Export table data
* @param string
* @param string
* @param string
2010-10-29 15:03:02 +00:00
* @return null prints data
function dumpData($table, $style, $query) {
2010-10-29 15:03:02 +00:00
global $connection, $jush;
$max_packet = ($jush == "sqlite" ? 0 : 1048576); // default, minimum is 1024
if ($style) {
if ($_POST["format"] == "sql") {
2013-04-27 05:11:58 +00:00
if ($style == "TRUNCATE+INSERT") {
echo truncate_sql($table) . ";\n";
$fields = fields($table);
$result = $connection->query($query, 1); // 1 - MYSQLI_USE_RESULT //! enum and set as numbers
2010-10-29 15:03:02 +00:00
if ($result) {
$insert = "";
$buffer = "";
2012-08-09 15:57:45 +00:00
$keys = array();
2023-12-23 20:01:26 +00:00
$generatedKeys = array();
2012-08-12 05:59:20 +00:00
$suffix = "";
$fetch_function = ($table != '' ? 'fetch_assoc' : 'fetch_row');
while ($row = $result->$fetch_function()) {
2012-08-09 15:57:45 +00:00
if (!$keys) {
2012-08-12 05:59:20 +00:00
$values = array();
2012-08-09 15:57:45 +00:00
foreach ($row as $val) {
$field = $result->fetch_field();
2023-12-23 20:01:26 +00:00
if (!empty($fields[$field->name]['generated'])) {
$generatedKeys[$field->name] = true;
2012-08-09 15:57:45 +00:00
$keys[] = $field->name;
2012-08-12 05:59:20 +00:00
$key = idf_escape($field->name);
$values[] = "$key = VALUES($key)";
2012-08-09 15:57:45 +00:00
2012-08-12 05:59:20 +00:00
$suffix = ($style == "INSERT+UPDATE" ? "\nON DUPLICATE KEY UPDATE " . implode(", ", $values) : "") . ";\n";
2012-08-09 15:57:45 +00:00
2010-10-29 15:03:02 +00:00
if ($_POST["format"] != "sql") {
if ($style == "table") {
2012-08-09 15:57:45 +00:00
$style = "INSERT";
2010-10-29 15:03:02 +00:00
} else {
if (!$insert) {
2012-08-09 15:57:45 +00:00
$insert = "INSERT INTO " . table($table) . " (" . implode(", ", array_map('idf_escape', $keys)) . ") VALUES";
2010-10-29 15:03:02 +00:00
foreach ($row as $key => $val) {
2023-12-23 20:01:26 +00:00
if (isset($generatedKeys[$key])) {
2024-01-04 06:08:48 +00:00
2023-12-23 20:01:26 +00:00
$field = $fields[$key];
$row[$key] = ($val !== null
2019-08-20 07:47:01 +00:00
? unconvert_field($field, preg_match(number_type(), $field["type"]) && !preg_match('~\[~', $field["full_type"]) && is_numeric($val) ? $val : q(($val === false ? 0 : $val)))
: "NULL"
2010-10-29 15:03:02 +00:00
2012-08-12 05:59:20 +00:00
$s = ($max_packet ? "\n" : " ") . "(" . implode(",\t", $row) . ")";
if (!$buffer) {
$buffer = $insert . $s;
} elseif (strlen($buffer) + 4 + strlen($s) + strlen($suffix) < $max_packet) { // 4 - length specification
$buffer .= ",$s";
2010-10-29 15:03:02 +00:00
} else {
2012-08-12 05:59:20 +00:00
echo $buffer . $suffix;
$buffer = $insert . $s;
2010-10-29 15:03:02 +00:00
2012-08-12 05:59:20 +00:00
if ($buffer) {
echo $buffer . $suffix;
2010-10-29 15:03:02 +00:00
2010-10-29 15:29:35 +00:00
} elseif ($_POST["format"] == "sql") {
echo "-- " . str_replace("\n", " ", $connection->error) . "\n";
2010-10-29 15:03:02 +00:00
/** Set export filename
* @param string
* @return string filename without extension
function dumpFilename($identifier) {
return friendly_url($identifier != "" ? $identifier : (SERVER != "" ? SERVER : "localhost"));
2010-10-29 15:03:02 +00:00
/** Send headers for export
* @param string
* @param bool
* @return string extension
function dumpHeaders($identifier, $multi_table = false) {
$output = $_POST["output"];
$ext = (preg_match('~sql~', $_POST["format"]) ? "sql" : ($multi_table ? "tar" : "csv")); // multiple CSV packed to TAR
2010-10-29 15:03:02 +00:00
header("Content-Type: " .
($output == "gz" ? "application/x-gzip" :
($ext == "tar" ? "application/x-tar" :
($ext == "sql" || $output != "file" ? "text/plain" : "text/csv") . "; charset=utf-8"
2011-02-17 10:43:21 +00:00
if ($output == "gz") {
2014-02-24 02:02:43 +00:00
ob_start('ob_gzencode', 1e6);
2010-10-29 15:03:02 +00:00
return $ext;
/** Set the path of the file for webserver load
* @return string path of the sql dump file
function importServerPath() {
return "adminer.sql";
2011-01-06 08:30:07 +00:00
/** Print homepage
* @return bool whether to print default homepage
function homepage() {
$links = [];
if ($_GET["ns"] == "" && support("database")) {
$links[] = '<a href="' . h(ME) . 'database=">' . lang('Alter database') . '</a>';
if (support("scheme")) {
$links[] = "<a href='" . h(ME) . "scheme='>" . ($_GET["ns"] != "" ? lang('Alter schema') : lang('Create schema')) . "</a>";
if ($_GET["ns"] !== "") {
$links[] = '<a href="' . h(ME) . 'schema=">' . lang('Database schema') . '</a>';
if (support("privileges")) {
$links[] = "<a href='" . h(ME) . "privileges='>" . lang('Privileges') . "</a>";
echo generate_linksbar($links);
2011-01-06 08:30:07 +00:00
return true;
/** Prints navigation after Adminer title
2010-10-18 00:15:58 +00:00
* @param string can be "auth" if there is no database connection, "db" if there is no database selected, "ns" with invalid schema
* @return null
function navigation($missing) {
2014-01-30 17:06:58 +00:00
global $VERSION, $jush, $drivers, $connection;
2011-04-03 15:27:34 +00:00
<?php echo $this->name(); ?> <span class="version"><?php echo $VERSION; ?></span>
<a href=""<?php echo target_blank(); ?> id="version" title="<?php echo lang('A newer version of AdminerEvo is available, download it now!'); ?>"><?php echo (version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? h($_COOKIE["adminer_version"]) : ""); ?></a>
2010-05-06 12:21:22 +00:00
if ($missing == "auth") {
2019-07-19 11:52:24 +00:00
$output = "";
2013-07-05 15:28:37 +00:00
foreach ((array) $_SESSION["pwds"] as $vendor => $servers) {
2010-05-06 12:21:22 +00:00
foreach ($servers as $server => $usernames) {
foreach ($usernames as $username => $password) {
2012-05-14 06:54:07 +00:00
if ($password !== null) {
2013-07-05 15:28:37 +00:00
$dbs = $_SESSION["db"][$vendor][$server][$username];
2012-09-09 04:29:16 +00:00
foreach (($dbs ? array_keys($dbs) : array("")) as $db) {
2019-07-19 11:52:24 +00:00
$output .= "<li><a href='" . h(auth_url($vendor, $server, $username, $db)) . "'>($drivers[$vendor]) " . h($username . ($server != "" ? "@" . $this->serverName($server) : "") . ($db != "" ? " - $db" : "")) . "</a>\n";
2012-09-09 04:29:16 +00:00
2010-05-06 12:21:22 +00:00
2019-07-19 11:52:24 +00:00
if ($output) {
echo "<ul id='logins'>\n$output</ul>\n" . script("mixin(qs('#logins'), {onmouseover: menuOver, onmouseout: menuOut});");
2010-05-06 12:21:22 +00:00
} else {
2021-02-12 08:53:20 +00:00
$tables = array();
2014-01-30 17:06:58 +00:00
if ($_GET["ns"] !== "" && !$missing && DB != "") {
$tables = table_status('', true);
2018-01-13 15:25:11 +00:00
echo script_src("../externals/jush/modules/jush.js");
echo script_src("../externals/jush/modules/jush-textarea.js");
echo script_src("../externals/jush/modules/jush-txt.js");
echo script_src("../externals/jush/modules/jush-js.js");
2017-03-10 07:56:58 +00:00
if (support("sql")) {
2018-01-13 15:25:11 +00:00
echo script_src("../externals/jush/modules/jush-$jush.js");
2017-03-10 07:56:58 +00:00
2018-01-13 21:17:00 +00:00
<script<?php echo nonce(); ?>>
2014-01-30 17:06:58 +00:00
if ($tables) {
$links = array();
foreach ($tables as $table => $type) {
$links[] = preg_quote($table, '/');
echo "var jushLinks = { $jush: [ '" . js_escape(ME) . (support("table") ? "table=" : "select=") . "\$&', /\\b(" . implode("|", $links) . ")\\b/g ] };\n";
foreach (array("bac", "bra", "sqlite_quo", "mssql_bra") as $val) {
echo "jushLinks.$val = jushLinks.$jush;\n";
$server_info = $connection->server_info;
2014-01-30 17:06:58 +00:00
2018-02-20 15:27:40 +00:00
bodyLoad('<?php echo (is_object($connection) ? preg_replace('~^(\d\.?\d).*~s', '\1', $server_info) : ""); ?>'<?php echo (preg_match('~MariaDB~', $server_info) ? ", true" : ""); ?>);
2014-01-30 17:06:58 +00:00
2014-01-30 16:27:56 +00:00
2013-07-09 07:21:48 +00:00
2023-07-21 09:52:03 +00:00
$links = [];
2010-10-19 15:29:27 +00:00
if (DB == "" || !$missing) {
2023-07-21 09:52:03 +00:00
if (support("sql")) {
$links[] = "<a href='" . h(ME) . "sql='" . bold(isset($_GET["sql"]) && !isset($_GET["import"])) . ">" . lang('SQL command') . "</a>";
$links[] = "<a href='" . h(ME) . "import='" . bold(isset($_GET["import"])) . ">" . lang('Import') . "</a>";
2010-10-19 15:29:27 +00:00
if (support("dump")) {
2023-07-21 09:52:03 +00:00
$links[] = "<a href='" . h(ME) . "dump=" . urlencode(isset($_GET["table"]) ? $_GET["table"] : $_GET["select"]) . "' id='dump'" . bold(isset($_GET["dump"])) . ">" . lang('Export') . "</a>";
2010-10-19 15:29:27 +00:00
2023-07-21 09:52:03 +00:00
echo generate_linksbar($links);
if ($_GET["ns"] !== "" && !$missing && DB != "") {
2023-07-21 09:52:03 +00:00
echo generate_linksbar(['<a href="' . h(ME) . 'create="' . bold($_GET["create"] === "") . ">" . lang('Create table') . "</a>"]);
if (!$tables) {
echo "<p class='message'>" . lang('No tables.') . "\n";
} else {
/** Prints databases list in menu
* @param string
* @return null
function databasesPrint($missing) {
2013-10-25 05:16:24 +00:00
global $adminer, $connection;
$databases = $this->databases();
if (DB && $databases && !in_array(DB, $databases)) {
2018-03-01 11:09:10 +00:00
array_unshift($databases, DB);
<form action="">
echo "<table id='dbs'><tr><td width=1>";
2013-06-25 16:58:08 +00:00
2018-02-01 21:22:29 +00:00
$db_events = script("mixin(qsl('select'), {onmousedown: dbMouseDown, onchange: dbChange});");
echo "<label title='" . lang('database') . "' for='menu_db'>" . lang('DB') . "</label>:</td><td>" . ($databases
? "<select name='db' id='menu_db'>" . optionlist(array("" => "") + $databases, DB) . "</select>$db_events"
: "<input name='db' id='menu_db' value='" . h(DB) . "' autocapitalize='off'>\n"
2013-06-25 16:58:08 +00:00
2023-07-17 20:18:57 +00:00
echo "</td></tr>";
2021-02-12 15:08:40 +00:00
if (support("scheme")) {
if ($missing != "db" && DB != "" && $connection->select_db(DB)) {
echo "<tr><td><label for='menu_ns'>" . lang('Schema') . ":</label></td>";
echo "<td><select name='ns' id='menu_ns'>" . optionlist(array("" => "") + $adminer->schemas(), $_GET["ns"]) . "</select>$db_events";
if ($_GET["ns"] != "") {
2023-07-17 20:18:57 +00:00
echo "</td></tr>";
echo "<tr" . ($databases ? " class='hidden'" : "") . "><td colspan=2><input type='submit' value='" . lang('Use') . "'></td></tr>\n";
2023-07-17 20:18:57 +00:00
echo "</table>";
2018-03-09 17:18:45 +00:00
foreach (array("import", "sql", "schema", "dump", "privileges") as $val) {
if (isset($_GET[$val])) {
echo "<input type='hidden' name='$val' value=''>";
/** Prints table list in menu
2013-04-27 03:04:57 +00:00
* @param array result of table_status('', true)
* @return null
function tablesPrint($tables) {
2018-01-12 14:27:44 +00:00
echo "<ul id='tables'>" . script("mixin(qs('#tables'), {onmouseover: menuOver, onmouseout: menuOut});");
2013-04-27 03:04:57 +00:00
foreach ($tables as $table => $status) {
2013-07-06 17:31:21 +00:00
$name = $this->tableName($status);
2018-02-08 09:35:54 +00:00
if ($name != "") {
2021-01-26 23:30:44 +00:00
echo '<li><a href="' . h(ME) . 'select=' . urlencode($table) . '"'
. bold($_GET["select"] == $table || $_GET["edit"] == $table, "select")
. " title='" . lang('Select data') . "'>" . lang('select') . "</a> "
2018-02-08 09:35:54 +00:00
echo (support("table") || support("indexes")
? '<a href="' . h(ME) . 'table=' . urlencode($table) . '"'
. bold(in_array($table, array($_GET["table"], $_GET["create"], $_GET["indexes"], $_GET["foreign"], $_GET["trigger"], $_GET["select"])), (is_view($status) ? "view" : "structure"))
2018-02-08 09:35:54 +00:00
. " title='" . lang('Show structure') . "'>$name</a>"
: "<span>$name</span>"
) . "\n";
echo "</ul>\n";