0 $columns = array(); // selectable columns unset($text_length); foreach ($fields as $key => $field) { $name = $adminer->fieldName($field); if (isset($field["privileges"]["select"]) && strlen($name)) { $columns[$key] = html_entity_decode(strip_tags($name)); if (ereg('text|blob', $field["type"])) { $text_length = $adminer->selectLengthProcess(); } } $rights += $field["privileges"]; } function apply_sql_function($function, $column) { return ($function ? ($function == "distinct" ? "COUNT(DISTINCT " : strtoupper("$function(")) . "$column)" : $column ); } list($select, $group) = $adminer->selectColumnsProcess($columns, $indexes); $where = $adminer->selectSearchProcess($fields, $indexes); $order = $adminer->selectOrderProcess($fields, $indexes); $limit = $adminer->selectLimitProcess(); $from = ($select ? implode(", ", $select) : "*") . " FROM " . idf_escape($_GET["select"]) . ($where ? " WHERE " . implode(" AND ", $where) : ""); $group_by = ($group && count($group) < count($select) ? " GROUP BY " . implode(", ", $group) : "") . ($order ? " ORDER BY " . implode(", ", $order) : ""); if ($_POST && !$error) { $where_check = "(" . implode(") OR (", array_map('where_check', (array) $_POST["check"])) . ")"; $primary = ($indexes["PRIMARY"] ? ($select ? array_flip($indexes["PRIMARY"]["columns"]) : array()) : null); // empty array means that all primary fields are selected foreach ($select as $key => $val) { $val = $_GET["columns"][$key]; if (!$val["fun"]) { unset($primary[$val["col"]]); } } if ($_POST["export"]) { dump_headers($_GET["select"]); dump_table($_GET["select"], ""); if (!is_array($_POST["check"]) || $primary === array()) { dump_data($_GET["select"], "INSERT", "SELECT $from" . (is_array($_POST["check"]) ? ($where ? " AND " : " WHERE ") . "($where_check)" : "") . $group_by); } else { $union = array(); foreach ($_POST["check"] as $val) { // where is not unique so OR can't be used $union[] = "(SELECT $from " . ($where ? "AND " : "WHERE ") . where_check($val) . $group_by . " LIMIT 1)"; } dump_data($_GET["select"], "INSERT", implode(" UNION ALL ", $union)); } exit; } if (!$adminer->selectEmailProcess($where)) { if (!$_POST["import"]) { // edit $result = true; $affected = 0; $command = ($_POST["delete"] ? ($_POST["all"] && !$where ? "TRUNCATE " : "DELETE FROM ") : ($_POST["clone"] ? "INSERT INTO " : "UPDATE ")) . idf_escape($_GET["select"]); if (!$_POST["delete"]) { $set = array(); foreach ($columns as $name => $val) { //! should check also for edit or insert privileges $val = process_input($fields[$name]); if ($_POST["clone"]) { $set[] = ($val !== false ? $val : idf_escape($name)); } elseif ($val !== false) { $set[] = idf_escape($name) . " = $val"; } } $command .= ($_POST["clone"] ? "\nSELECT " . implode(", ", $set) . "\nFROM " . idf_escape($_GET["select"]) : " SET\n" . implode(",\n", $set)); } if ($_POST["delete"] || $set) { if ($_POST["all"] || ($primary === array() && $_POST["check"])) { $result = queries($command . ($_POST["all"] ? ($where ? "\nWHERE " . implode(" AND ", $where) : "") : "\nWHERE $where_check")); $affected = $dbh->affected_rows; } else { foreach ((array) $_POST["check"] as $val) { // where is not unique so OR can't be used $result = queries($command . "\nWHERE " . where_check($val) . (count($group) < count($select) ? "" : "\nLIMIT 1")); if (!$result) { break; } $affected += $dbh->affected_rows; } } } query_redirect(queries(), remove_from_uri("page"), lang('%d item(s) have been affected.', $affected), $result, false, !$result); //! display edit page in case of an error } elseif (is_string($file = get_file("csv_file"))) { $file = preg_replace("~^\xEF\xBB\xBF~", '', $file); //! character set $cols = ""; $rows = array(); //! packet size preg_match_all('~("[^"]*"|[^"\\n]+)+~', $file, $matches); foreach ($matches[0] as $key => $val) { $row = array(); preg_match_all('~(("[^"]*")+|[^,]*),~', "$val,", $matches2); if (!$key && !array_diff($matches2[1], array_keys($fields))) { //! doesn't work with column names containing ",\n // first row corresponds to column names - use it for table structure $cols = " (" . implode(", ", array_map('idf_escape', $matches2[1])) . ")"; } else { foreach ($matches2[1] as $col) { $row[] = (!strlen($col) ? "NULL" : $dbh->quote(str_replace('""', '"', preg_replace('~^"|"$~', '', $col)))); } $rows[] = "\n(" . implode(", ", $row) . ")"; } } $result = queries("INSERT INTO " . idf_escape($_GET["select"]) . "$cols VALUES" . implode(",", $rows)); query_redirect(queries(), remove_from_uri("page"), lang('%d row(s) has been imported.', $dbh->affected_rows), $result, false, !$result); } else { $error = upload_error($file); } } } page_header(lang('Select') . ": " . $adminer->tableName($table_status), $error); $foreign_keys = column_foreign_keys($_GET["select"]); echo "
"; if (isset($rights["insert"])) { $set = ""; foreach ((array) $_GET["where"] as $val) { if (count($foreign_keys[$val["col"]]) == 1 && ($val["op"] == "=" || ($val["op"] == "" && !ereg('[_%]', $val["val"])) // LIKE in Editor )) { $set .= "&set" . urlencode("[" . bracket_escape($val["col"]) . "]") . "=" . urlencode($val["val"]); } } echo '' . lang('New item') . ' '; } echo $adminer->selectLinks($table_status); if (!$columns) { echo "
" . lang('Unable to select the table') . ($fields ? "" : ": " . h($dbh->error)) . ".\n"; } else { echo "
\n"; $query = "SELECT " . (intval($limit) && $group && count($group) < count($select) ? "SQL_CALC_FOUND_ROWS " : "") . $from . $group_by . (strlen($limit) ? " LIMIT " . intval($limit) . (intval($_GET["page"]) ? " OFFSET " . ($limit * $_GET["page"]) : "") : ""); echo $adminer->selectQuery($query); $result = $dbh->query($query); if (!$result) { echo "" . h($dbh->error) . "\n"; } else { $email_fields = array(); echo "
\n"; } }