adminerevo/select.inc.php

<?php
page_header(lang('Select') . ": " . htmlspecialchars($_GET["select"]));
echo "<h2>" . lang('Select') . ": " . htmlspecialchars($_GET["select"]) . "</h2>\n";

echo '<p><a href="' . htmlspecialchars($SELF) . 'edit=' . urlencode($_GET['select']) . '">' . lang('New item') . "</a></p>\n";
$indexes = indexes($_GET["select"]);

echo "<form action=''><div>\n";
if (strlen($_GET["server"])) {
	echo '<input type="hidden" name="server" value="' . htmlspecialchars($_GET["server"]) . '" />';
}
echo '<input type="hidden" name="db" value="' . htmlspecialchars($_GET["db"]) . '" />';
echo '<input type="hidden" name="select" value="' . htmlspecialchars($_GET["select"]) . '" />';

$where = array();
$columns = array();
foreach (fields($_GET["select"]) as $name => $field) {
	$columns[] = $name;
}
$operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "REGEXP", "IS NULL"); //! IS NULL - hide input by JavaScript
$i = 0;
foreach ((array) $_GET["where"] as $val) {
	if ($val["col"] && in_array($val["op"], $operators)) {
		$where[] = idf_escape($val["col"]) . " $val[op]" . ($val["op"] != "IS NULL" ? " '" . mysql_real_escape_string($val["val"]) . "'" : "");
		echo "<select name='where[$i][col]'><option></option>" . optionlist($columns, $val["col"], "not_vals") . "</select>";
		echo "<select name='where[$i][op]'>" . optionlist($operators, $val["op"], "not_vals") . "</select>";
		echo "<input name='where[$i][val]' value=\"" . htmlspecialchars($val["val"]) . "\" /><br />\n";
		$i++;
	}
}
echo "<select name='where[$i][col]'><option></option>" . optionlist($columns, array(), "not_vals") . "</select>";
echo "<select name='where[$i][op]'>" . optionlist($operators, array(), "not_vals") . "</select>";
echo "<input name='where[$i][val]' /><br />\n"; //! JavaScript for adding next
//! fulltext search

//! sort, limit
$limit = 30;

echo "<input type='submit' value='" . lang('Search') . "' />\n";
echo "</div></form>\n";
$result = mysql_query("SELECT SQL_CALC_FOUND_ROWS * FROM " . idf_escape($_GET["select"]) . ($where ? " WHERE " . implode(" AND ", $where) : "") . " LIMIT $limit OFFSET " . ($limit * $_GET["page"]));
$found_rows = mysql_result(mysql_query(" SELECT FOUND_ROWS()"), 0);
if (!mysql_num_rows($result)) {
	echo "<p class='message'>" . lang('No rows.') . "</p>\n";
} else {
	$foreign_keys = foreign_keys($_GET["select"]);
	
	echo "<table border='1' cellspacing='0' cellpadding='2'>\n";
	for ($j=0; $row = mysql_fetch_assoc($result); $j++) {
		if (!$j) {
			echo "<thead><tr><th>" . implode("</th><th>", array_map('htmlspecialchars', array_keys($row))) . "</th><th>" . lang('Action') . "</th></tr></thead>\n";
		}
		echo "<tr>";
		foreach ($row as $key => $val) {
			if (!isset($val)) {
				$val = "<i>NULL</i>";
			} else {
				$val = htmlspecialchars($val);
				if (count($foreign_keys[$key]) == 1) {
					$foreign_key = $foreign_keys[$key][0];
					$val = '">' . "$val</a>";
					foreach ($foreign_key[1] as $i => $source) {
						$val = "&amp;where[$i][col]=" . urlencode($foreign_key[2][$i]) . "&amp;where[$i][op]=%3D&amp;where[$i][val]=" . urlencode($row[$source]) . $val;
					}
					$val = '<a href="' . htmlspecialchars($SELF) . 'select=' . htmlspecialchars($foreign_key[0]) . $val; // InnoDB support non-UNIQUE keys //! reference to other database
				}
			}
			echo "<td>$val</td>";
		}
		echo '<td><a href="' . htmlspecialchars($SELF) . 'edit=' . urlencode($_GET['select']) . '&amp;' . implode('&amp;', unique_idf($row, $indexes)) . '">edit</a>'; //! views can be unupdatable
		//! links to referencing tables - information_schema.key_column_usage - REFERENCED_TABLE_SCHEMA, REFERENCED_TABLE_NAME
		echo "</td>";
		echo "</tr>\n";
	}
	echo "</table>\n";
	if ($found_rows > $limit) {
		echo "<p>" . lang('Page') . ":\n";
		for ($i=0; $i < $found_rows / $limit; $i++) {
			echo ($i == $_GET["page"] ? $i + 1 : '<a href="' . htmlspecialchars($SELF) . 'select=' . urlencode($_GET['select']) . ($i ? "&amp;page=$i" : "") . '">' . ($i + 1) . "</a>") . "\n";
		}
		echo "</p>\n";
	}
}
mysql_free_result($result);