Use \n in SQL commands

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@656 7c3ca157-0c34-0410-bff1-cbf682f78f5c

create.inc.php

@@ -28,7 +28,7 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"]
 		$after = "FIRST";
 		foreach ($_POST["fields"] as $key => $field) {
 			if (strlen($field["field"]) && isset($types[$field["type"]])) {
-				$fields[] = (!strlen($_GET["create"]) ? "" : (strlen($field["orig"]) ? "CHANGE " . idf_escape($field["orig"]) . " " : "ADD "))
+				$fields[] = (!strlen($_GET["create"]) ? "\n" : (strlen($field["orig"]) ? "\nCHANGE " . idf_escape($field["orig"]) . " " : "\nADD "))
 					. idf_escape($field["field"]) . process_type($field)
 					. ($field["null"] ? " NULL" : " NOT NULL") // NULL for timestamp
 					. (strlen($_GET["create"]) && strlen($field["orig"]) && isset($orig_fields[$field["orig"]]["default"]) && $field["type"] != "timestamp" ? " DEFAULT '" . $dbh->escape_string($orig_fields[$field["orig"]]["default"]) . "'" : "") //! timestamp
@@ -38,10 +38,10 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"]
 				;
 				$after = "AFTER " . idf_escape($field["field"]);
 			} elseif (strlen($field["orig"])) {
-				$fields[] = "DROP " . idf_escape($field["orig"]);
+				$fields[] = "\nDROP " . idf_escape($field["orig"]);
 			}
 		}
-		$status = ($_POST["Engine"] ? " ENGINE='" . $dbh->escape_string($_POST["Engine"]) . "'" : "")
+		$status = ($_POST["Engine"] ? "ENGINE='" . $dbh->escape_string($_POST["Engine"]) . "'" : "")
 			. ($_POST["Collation"] ? " COLLATE '" . $dbh->escape_string($_POST["Collation"]) . "'" : "")
 			. (strlen($_POST["Auto_increment"]) ? " AUTO_INCREMENT=" . intval($_POST["Auto_increment"]) : "")
 			. " COMMENT='" . $dbh->escape_string($_POST["Comment"]) . "'"
@@ -51,18 +51,18 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"]
 			if ($_POST["partition_by"] == 'RANGE' || $_POST["partition_by"] == 'LIST') {
 				foreach (array_filter($_POST["partition_names"]) as $key => $val) {
 					$value = $_POST["partition_values"][$key];
-					$partitions[] = "PARTITION $val VALUES " . ($_POST["partition_by"] == 'RANGE' ? "LESS THAN" : "IN") . (strlen($value) ? " ($value)" : " MAXVALUE"); //! SQL injection
+					$partitions[] = "\nPARTITION $val VALUES " . ($_POST["partition_by"] == 'RANGE' ? "LESS THAN" : "IN") . (strlen($value) ? " ($value)" : " MAXVALUE"); //! SQL injection
 				}
 			}
-			$status .= " PARTITION BY $_POST[partition_by]($_POST[partition])" . ($partitions ? " (" . implode(", ", $partitions) . ")" : ($_POST["partitions"] ? " PARTITIONS " . intval($_POST["partitions"]) : ""));
+			$status .= "\nPARTITION BY $_POST[partition_by]($_POST[partition])" . ($partitions ? " (" . implode(",", $partitions) . "\n)" : ($_POST["partitions"] ? " PARTITIONS " . intval($_POST["partitions"]) : ""));
 		} elseif ($dbh->server_info >= 5.1 && strlen($_GET["create"])) {
-			$status .= " REMOVE PARTITIONING";
+			$status .= "\nREMOVE PARTITIONING";
 		}
 		$location = $SELF . "table=" . urlencode($_POST["name"]);
 		if (strlen($_GET["create"])) {
-			query_redirect("ALTER TABLE " . idf_escape($_GET["create"]) . " " . implode(", ", $fields) . ", RENAME TO " . idf_escape($_POST["name"]) . ", $status", $location, lang('Table has been altered.'));
+			query_redirect("ALTER TABLE " . idf_escape($_GET["create"]) . implode(",", $fields) . ",\nRENAME TO " . idf_escape($_POST["name"]) . ",\n$status", $location, lang('Table has been altered.'));
 		} else {
-			query_redirect("CREATE TABLE " . idf_escape($_POST["name"]) . " (" . implode(", ", $fields) . ")$status", $location, lang('Table has been created.'));
+			query_redirect("CREATE TABLE " . idf_escape($_POST["name"]) . " (" . implode(",", $fields) . "\n) $status", $location, lang('Table has been created.'));
 		}
 	}
 }

createv.inc.php

@@ -5,7 +5,7 @@ if ($_POST && !$error) {
 		$dropped = query_redirect("DROP VIEW " . idf_escape($_GET["createv"]), substr($SELF, 0, -1), lang('View has been dropped.'), $_POST["drop"], !$_POST["dropped"]);
 	}
 	if (!$_POST["drop"]) {
-		query_redirect("CREATE VIEW " . idf_escape($_POST["name"]) . " AS " . $_POST["select"], $SELF . "view=" . urlencode($_POST["name"]), (strlen($_GET["createv"]) ? lang('View has been altered.') : lang('View has been created.')));
+		query_redirect("CREATE VIEW " . idf_escape($_POST["name"]) . " AS\n$_POST[select]", $SELF . "view=" . urlencode($_POST["name"]), (strlen($_GET["createv"]) ? lang('View has been altered.') : lang('View has been created.')));
 	}
 }
 

edit.inc.php

@@ -17,13 +17,13 @@ if ($_POST && !$error && !isset($_GET["select"])) {
 			$val = process_input($name, $field);
 			if (!isset($_GET["default"])) {
 				if ($val !== false || !$update) {
-					$set[] = idf_escape($name) . " = " . ($val !== false ? $val : "''");
+					$set[] = "\n" . idf_escape($name) . " = " . ($val !== false ? $val : "''");
 				}
 			} elseif ($val !== false) {
 				if ($field["type"] == "timestamp" && $val != "NULL") { //! doesn't allow DEFAULT NULL and no ON UPDATE
-					$set[] = " MODIFY " . idf_escape($name) . " timestamp" . ($field["null"] ? " NULL" : "") . " DEFAULT $val" . ($_POST["on_update"][bracket_escape($name)] ? " ON UPDATE CURRENT_TIMESTAMP" : "");
+					$set[] = "\nMODIFY " . idf_escape($name) . " timestamp" . ($field["null"] ? " NULL" : "") . " DEFAULT $val" . ($_POST["on_update"][bracket_escape($name)] ? " ON UPDATE CURRENT_TIMESTAMP" : "");
 				} else {
-					$set[] = " ALTER " . idf_escape($name) . ($val == "NULL" ? " DROP DEFAULT" : " SET DEFAULT $val");
+					$set[] = "\nALTER " . idf_escape($name) . ($val == "NULL" ? " DROP DEFAULT" : " SET DEFAULT $val");
 				}
 			}
 		}
@@ -33,9 +33,9 @@ if ($_POST && !$error && !isset($_GET["select"])) {
 		if (isset($_GET["default"])) {
 			query_redirect("ALTER TABLE " . idf_escape($_GET["edit"]) . implode(",", $set), $location, lang('Default values has been set.'));
 		} elseif ($update) {
-			query_redirect("UPDATE " . idf_escape($_GET["edit"]) . " SET " . implode(", ", $set) . " WHERE " . implode(" AND ", $where) . " LIMIT 1", $location, lang('Item has been updated.'));
+			query_redirect("UPDATE " . idf_escape($_GET["edit"]) . " SET" . implode(",", $set) . "\nWHERE " . implode(" AND ", $where) . " LIMIT 1", $location, lang('Item has been updated.'));
 		} else {
-			query_redirect("INSERT INTO " . idf_escape($_GET["edit"]) . " SET " . implode(", ", $set), $location, lang('Item has been inserted.'));
+			query_redirect("INSERT INTO " . idf_escape($_GET["edit"]) . " SET" . implode(",", $set), $location, lang('Item has been inserted.'));
 		}
 	}
 }

event.inc.php

@@ -6,7 +6,7 @@ if ($_POST && !$error) {
 	if ($_POST["drop"]) {
 		query_redirect("DROP EVENT " . idf_escape($_GET["event"]), substr($SELF, 0, -1), lang('Event has been dropped.'));
 	} elseif (in_array($_POST["INTERVAL_FIELD"], $intervals) && in_array($_POST["STATUS"], $statuses)) {
-		$schedule = " ON SCHEDULE " . ($_POST["INTERVAL_VALUE"]
+		$schedule = "\nON SCHEDULE " . ($_POST["INTERVAL_VALUE"]
 			? "EVERY '" . $dbh->escape_string($_POST["INTERVAL_VALUE"]) . "' $_POST[INTERVAL_FIELD]"
 			. ($_POST["STARTS"] ? " STARTS '" . $dbh->escape_string($_POST["STARTS"]) . "'" : "")
 			. ($_POST["ENDS"] ? " ENDS '" . $dbh->escape_string($_POST["ENDS"]) . "'" : "") //! ALTER EVENT doesn't drop ENDS - MySQL bug #39173
@@ -15,10 +15,10 @@ if ($_POST && !$error) {
 		;
 		query_redirect((strlen($_GET["event"])
 			? "ALTER EVENT " . idf_escape($_GET["event"]) . $schedule
-			. ($_GET["event"] != $_POST["EVENT_NAME"] ? " RENAME TO " . idf_escape($_POST["EVENT_NAME"]) : "")
+			. ($_GET["event"] != $_POST["EVENT_NAME"] ? "\nRENAME TO " . idf_escape($_POST["EVENT_NAME"]) : "")
 			: "CREATE EVENT " . idf_escape($_POST["EVENT_NAME"]) . $schedule
-			) . " $_POST[STATUS] COMMENT '" . $dbh->escape_string($_POST["EVENT_COMMENT"])
-			. "' DO $_POST[EVENT_DEFINITION]"
+			) . "\n$_POST[STATUS] COMMENT '" . $dbh->escape_string($_POST["EVENT_COMMENT"])
+			. "' DO\n$_POST[EVENT_DEFINITION]"
 		, substr($SELF, 0, -1), (strlen($_GET["event"]) ? lang('Event has been altered.') : lang('Event has been created.')));
 	}
 }

foreign.inc.php

@@ -1,7 +1,7 @@
 <?php
 if ($_POST && !$error && !$_POST["add"] && !$_POST["change"] && !$_POST["change-js"]) {
 	if ($_POST["drop"]) {
-		query_redirect("ALTER TABLE " . idf_escape($_GET["foreign"]) . " DROP FOREIGN KEY " . idf_escape($_GET["name"]), $SELF . "table=" . urlencode($_GET["foreign"]), lang('Foreign key has been dropped.'));
+		query_redirect("ALTER TABLE " . idf_escape($_GET["foreign"]) . "\nDROP FOREIGN KEY " . idf_escape($_GET["name"]), $SELF . "table=" . urlencode($_GET["foreign"]), lang('Foreign key has been dropped.'));
 	} else {
 		$source = array_filter($_POST["source"], 'strlen');
 		ksort($source);
@@ -10,8 +10,8 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["change"] && !$_POST["change-
 			$target[$key] = $_POST["target"][$key];
 		}
 		query_redirect("ALTER TABLE " . idf_escape($_GET["foreign"])
-			. (strlen($_GET["name"]) ? " DROP FOREIGN KEY " . idf_escape($_GET["name"]) . "," : "")
-			. " ADD FOREIGN KEY (" . implode(", ", array_map('idf_escape', $source)) . ") REFERENCES " . idf_escape($_POST["table"]) . " (" . implode(", ", array_map('idf_escape', $target)) . ")"
+			. (strlen($_GET["name"]) ? "\nDROP FOREIGN KEY " . idf_escape($_GET["name"]) . "," : "")
+			. "\nADD FOREIGN KEY (" . implode(", ", array_map('idf_escape', $source)) . ") REFERENCES " . idf_escape($_POST["table"]) . " (" . implode(", ", array_map('idf_escape', $target)) . ")"
 			. (in_array($_POST["on_delete"], $on_actions) ? " ON DELETE $_POST[on_delete]" : "")
 			. (in_array($_POST["on_update"], $on_actions) ? " ON UPDATE $_POST[on_update]" : "")
 		, $SELF . "table=" . urlencode($_GET["foreign"]), (strlen($_GET["name"]) ? lang('Foreign key has been altered.') : lang('Foreign key has been created.')));

include/functions.inc.php

@@ -96,7 +96,7 @@ function query_redirect($query, $location, $message, $redirect = true, $execute
 	$id = "sql-" . count($_SESSION["messages"]);
 	$sql = "";
 	if ($query) {
-		$sql = " <a href='#$id' onclick=\"return !toggle('$id');\">" . lang('SQL command') . "</a><span id='$id' class='hidden'><br /><code class='jush-sql'>" . htmlspecialchars($query) . '</code> <a href="' . htmlspecialchars($SELF) . 'sql=&amp;history=' . count($_SESSION["history"][$_GET["server"]][$_GET["db"]]) . '">' . lang('Edit') . '</a></span>';
+		$sql = " <a href='#$id' onclick=\"return !toggle('$id');\">" . lang('SQL command') . "</a><span id='$id' class='hidden'><br /><code class='jush-sql'>" . htmlspecialchars($query) . '</code><br /><a href="' . htmlspecialchars($SELF) . 'sql=&amp;history=' . count($_SESSION["history"][$_GET["server"]][$_GET["db"]]) . '">' . lang('Edit') . '</a></span>';
 		$_SESSION["history"][$_GET["server"]][$_GET["db"]][] = $query;
 	}
 	if ($execute) {

indexes.inc.php

@@ -26,17 +26,17 @@ if ($_POST && !$error && !$_POST["add"]) {
 						continue 2;
 					}
 				}
-				$alter[] = "ADD $index[type]" . ($index["type"] == "PRIMARY" ? " KEY" : "") . " (" . implode(", ", $set) . ")";
+				$alter[] = "\nADD $index[type]" . ($index["type"] == "PRIMARY" ? " KEY" : "") . " (" . implode(", ", $set) . ")";
 			}
 		}
 	}
 	foreach ($indexes as $name => $existing) {
-		$alter[] = "DROP INDEX " . idf_escape($name);
+		$alter[] = "\nDROP INDEX " . idf_escape($name);
 	}
 	if (!$alter) {
 		redirect($SELF . "table=" . urlencode($_GET["indexes"]));
 	}
-	query_redirect("ALTER TABLE " . idf_escape($_GET["indexes"]) . " " . implode(", ", $alter), $SELF . "table=" . urlencode($_GET["indexes"]), lang('Indexes has been altered.'));
+	query_redirect("ALTER TABLE " . idf_escape($_GET["indexes"]) . implode(",", $alter), $SELF . "table=" . urlencode($_GET["indexes"]), lang('Indexes has been altered.'));
 }
 page_header(lang('Indexes'), $error, array("table" => $_GET["indexes"]), $_GET["indexes"]);
 

procedure.inc.php

@@ -18,7 +18,7 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"]
 		query_redirect("CREATE $routine " . idf_escape($_POST["name"])
 			. " (" . implode(", ", $set) . ")"
 			. (isset($_GET["function"]) ? " RETURNS" . process_type($_POST["returns"], "CHARACTER SET") : "")
-			. " $_POST[definition]"
+			. "\n$_POST[definition]"
 		, substr($SELF, 0, -1), (strlen($_GET["procedure"]) ? lang('Routine has been altered.') : lang('Routine has been created.')));
 	}
 }

todo.txt

@@ -7,6 +7,7 @@ Compress export and import
 Create view and routine options
 Visualize SQL queries history
 Function to fix database encoding - http://php.vrana.cz/prevod-kodovani-mysql.php
+Utilize information_schema.USER_PRIVILEGES in Privileges
 ? Save token also to cookie - for session expiration and login in other window
 ? Save uploaded files after error to session variable instead of hidden field
 ? Aliasing of built-in functions can save 7 KB, substitution of $_GET and friends can save 2 KB, remove of base64_decode() + using chars 127-255 in minification can save 1 KB, JS packer can save 1 KB

trigger.inc.php

@@ -9,7 +9,7 @@ if ($_POST && !$error) {
 	}
 	if (!$_POST["drop"]) {
 		if (in_array($_POST["Timing"], $trigger_time) && in_array($_POST["Event"], $trigger_event)) {
-			query_redirect("CREATE TRIGGER " . idf_escape($_POST["Trigger"]) . " $_POST[Timing] $_POST[Event] ON " . idf_escape($_GET["trigger"]) . " FOR EACH ROW $_POST[Statement]", $SELF . "table=" . urlencode($_GET["trigger"]), (strlen($_GET["name"]) ? lang('Trigger has been altered.') : lang('Trigger has been created.')));
+			query_redirect("CREATE TRIGGER " . idf_escape($_POST["Trigger"]) . " $_POST[Timing] $_POST[Event] ON " . idf_escape($_GET["trigger"]) . " FOR EACH ROW\n$_POST[Statement]", $SELF . "table=" . urlencode($_GET["trigger"]), (strlen($_GET["name"]) ? lang('Trigger has been altered.') : lang('Trigger has been created.')));
 		}
 	}
 }