XSS on table Print view
[phpmyadmin/ammaryasirr.git] / db_operations.php
blobf48ba27678da16bfd4e71a67479c3b66f6025a29
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * handles miscellaneous db operations:
5 * - move/rename
6 * - copy
7 * - changing collation
8 * - changing comment
9 * - adding tables
10 * - viewing PDF schemas
12 * @package phpMyAdmin
15 /**
16 * requirements
18 require_once './libraries/common.inc.php';
19 require_once './libraries/mysql_charsets.lib.php';
21 // add blobstreaming library functions
22 require_once "./libraries/blobstreaming.lib.php";
24 // add a javascript file for jQuery functions to handle Ajax actions
25 // also add jQueryUI
26 $GLOBALS['js_include'][] = 'jquery/jquery-ui-1.8.custom.js';
27 $GLOBALS['js_include'][] = 'db_operations.js';
29 /**
30 * Rename/move or copy database
32 if (strlen($db) && (! empty($db_rename) || ! empty($db_copy))) {
34 if (! empty($db_rename)) {
35 $move = true;
36 } else {
37 $move = false;
40 if (!isset($newname) || !strlen($newname)) {
41 $message = PMA_Message::error(__('The database name is empty!'));
42 } else {
43 $sql_query = ''; // in case target db exists
44 $_error = false;
45 if ($move ||
46 (isset($create_database_before_copying) && $create_database_before_copying)) {
47 // lower_case_table_names=1 `DB` becomes `db`
48 $lower_case_table_names = PMA_DBI_fetch_value('SHOW VARIABLES LIKE "lower_case_table_names"', 0, 1);
49 if ($lower_case_table_names === '1') {
50 $newname = strtolower($newname);
53 $local_query = 'CREATE DATABASE ' . PMA_backquote($newname);
54 if (isset($db_collation)) {
55 $local_query .= ' DEFAULT' . PMA_generateCharsetQueryPart($db_collation);
57 $local_query .= ';';
58 $sql_query = $local_query;
59 // save the original db name because Tracker.class.php which
60 // may be called under PMA_DBI_query() changes $GLOBALS['db']
61 // for some statements, one of which being CREATE DATABASE
62 $original_db = $db;
63 PMA_DBI_query($local_query);
64 $db = $original_db;
65 unset($original_db);
67 // rebuild the database list because PMA_Table::moveCopy
68 // checks in this list if the target db exists
69 $GLOBALS['pma']->databases->build();
72 if (PMA_MYSQL_INT_VERSION >= 50000) {
73 // here I don't use DELIMITER because it's not part of the
74 // language; I have to send each statement one by one
76 // to avoid selecting alternatively the current and new db
77 // we would need to modify the CREATE definitions to qualify
78 // the db name
79 $procedure_names = PMA_DBI_get_procedures_or_functions($db, 'PROCEDURE');
80 if ($procedure_names) {
81 foreach($procedure_names as $procedure_name) {
82 PMA_DBI_select_db($db);
83 $tmp_query = PMA_DBI_get_definition($db, 'PROCEDURE', $procedure_name);
84 // collect for later display
85 $GLOBALS['sql_query'] .= "\n" . $tmp_query;
86 PMA_DBI_select_db($newname);
87 PMA_DBI_query($tmp_query);
91 $function_names = PMA_DBI_get_procedures_or_functions($db, 'FUNCTION');
92 if ($function_names) {
93 foreach($function_names as $function_name) {
94 PMA_DBI_select_db($db);
95 $tmp_query = PMA_DBI_get_definition($db, 'FUNCTION', $function_name);
96 // collect for later display
97 $GLOBALS['sql_query'] .= "\n" . $tmp_query;
98 PMA_DBI_select_db($newname);
99 PMA_DBI_query($tmp_query);
103 // go back to current db, just in case
104 PMA_DBI_select_db($db);
106 $GLOBALS['sql_constraints_query_full_db'] = array();
108 $tables_full = PMA_DBI_get_tables_full($db);
109 $views = array();
111 // remove all foreign key constraints, otherwise we can get errors
112 require_once './libraries/export/sql.php';
113 foreach ($tables_full as $each_table => $tmp) {
114 $sql_constraints = '';
115 $sql_drop_foreign_keys = '';
116 $sql_structure = PMA_getTableDef($db, $each_table, "\n", '', false, false);
117 if ($move && ! empty($sql_drop_foreign_keys)) {
118 PMA_DBI_query($sql_drop_foreign_keys);
120 // keep the constraint we just dropped
121 if (! empty($sql_constraints)) {
122 $GLOBALS['sql_constraints_query_full_db'][] = $sql_constraints;
125 unset($sql_constraints, $sql_drop_foreign_keys, $sql_structure);
128 foreach ($tables_full as $each_table => $tmp) {
129 // to be able to rename a db containing views,
130 // first all the views are collected and a stand-in is created
131 // the real views are created after the tables
132 if (PMA_Table::isView($db, $each_table)) {
133 $views[] = $each_table;
134 // Create stand-in definition to resolve view dependencies
135 $sql_view_standin = PMA_getTableDefStandIn($db, $each_table, "\n");
136 PMA_DBI_query($sql_view_standin);
137 $GLOBALS['sql_query'] .= "\n" . $sql_view_standin . ';';
138 continue;
141 $back = $sql_query;
142 $sql_query = '';
144 // value of $what for this table only
145 $this_what = $what;
147 // do not copy the data from a Merge table
148 // note: on the calling FORM, 'data' means 'structure and data'
149 if (PMA_Table::isMerge($db, $each_table)) {
150 if ($this_what == 'data') {
151 $this_what = 'structure';
153 if ($this_what == 'dataonly') {
154 $this_what = 'nocopy';
158 if ($this_what != 'nocopy') {
159 // keep the triggers from the original db+table
160 // (third param is empty because delimiters are only intended
161 // for importing via the mysql client or our Import feature)
162 $triggers = PMA_DBI_get_triggers($db, $each_table, '');
164 if (! PMA_Table::moveCopy($db, $each_table, $newname, $each_table,
165 isset($this_what) ? $this_what : 'data', $move, 'db_copy'))
167 $_error = true;
168 // $sql_query is filled by PMA_Table::moveCopy()
169 $sql_query = $back . $sql_query;
170 break;
172 // apply the triggers to the destination db+table
173 if ($triggers) {
174 PMA_DBI_select_db($newname);
175 foreach ($triggers as $trigger) {
176 PMA_DBI_query($trigger['create']);
178 unset($trigger);
180 unset($triggers);
182 // this does not apply to a rename operation
183 if (isset($GLOBALS['add_constraints']) && !empty($GLOBALS['sql_constraints_query'])) {
184 $GLOBALS['sql_constraints_query_full_db'][] = $GLOBALS['sql_constraints_query'];
185 unset($GLOBALS['sql_constraints_query']);
188 // $sql_query is filled by PMA_Table::moveCopy()
189 $sql_query = $back . $sql_query;
190 } // end (foreach)
191 unset($each_table);
193 // handle the views
194 if (! $_error) {
195 // temporarily force to add DROP IF EXIST to CREATE VIEW query,
196 // to remove stand-in VIEW that was created earlier
197 if (isset($GLOBALS['drop_if_exists'])) {
198 $temp_drop_if_exists = $GLOBALS['drop_if_exists'];
200 $GLOBALS['drop_if_exists'] = 'true';
202 foreach ($views as $view) {
203 if (! PMA_Table::moveCopy($db, $view, $newname, $view, 'structure', $move, 'db_copy')) {
204 $_error = true;
205 break;
208 unset($GLOBALS['drop_if_exists']);
209 if (isset($temp_drop_if_exists)) {
210 // restore previous value
211 $GLOBALS['drop_if_exists'] = $temp_drop_if_exists;
212 unset($temp_drop_if_exists);
215 unset($view, $views);
217 // now that all tables exist, create all the accumulated constraints
218 if (! $_error && count($GLOBALS['sql_constraints_query_full_db']) > 0) {
219 PMA_DBI_select_db($newname);
220 foreach ($GLOBALS['sql_constraints_query_full_db'] as $one_query) {
221 PMA_DBI_query($one_query);
222 // and prepare to display them
223 $GLOBALS['sql_query'] .= "\n" . $one_query;
226 unset($GLOBALS['sql_constraints_query_full_db'], $one_query);
229 if (PMA_MYSQL_INT_VERSION >= 50100) {
230 // here DELIMITER is not used because it's not part of the
231 // language; each statement is sent one by one
233 // to avoid selecting alternatively the current and new db
234 // we would need to modify the CREATE definitions to qualify
235 // the db name
236 $event_names = PMA_DBI_fetch_result('SELECT EVENT_NAME FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' . PMA_sqlAddslashes($db,true) . '\';');
237 if ($event_names) {
238 foreach($event_names as $event_name) {
239 PMA_DBI_select_db($db);
240 $tmp_query = PMA_DBI_get_definition($db, 'EVENT', $event_name);
241 // collect for later display
242 $GLOBALS['sql_query'] .= "\n" . $tmp_query;
243 PMA_DBI_select_db($newname);
244 PMA_DBI_query($tmp_query);
248 // go back to current db, just in case
249 PMA_DBI_select_db($db);
251 // Duplicate the bookmarks for this db (done once for each db)
252 if (! $_error && $db != $newname) {
253 $get_fields = array('user', 'label', 'query');
254 $where_fields = array('dbase' => $db);
255 $new_fields = array('dbase' => $newname);
256 PMA_Table::duplicateInfo('bookmarkwork', 'bookmark', $get_fields,
257 $where_fields, $new_fields);
260 if (! $_error && $move) {
262 * cleanup pmadb stuff for this db
264 require_once './libraries/relation_cleanup.lib.php';
265 PMA_relationsCleanupDatabase($db);
267 // if someday the RENAME DATABASE reappears, do not DROP
268 $local_query = 'DROP DATABASE ' . PMA_backquote($db) . ';';
269 $sql_query .= "\n" . $local_query;
270 PMA_DBI_query($local_query);
272 $message = PMA_Message::success(__('Database %s has been renamed to %s'));
273 $message->addParam($db);
274 $message->addParam($newname);
275 } elseif (! $_error) {
276 $message = PMA_Message::success(__('Database %s has been copied to %s'));
277 $message->addParam($db);
278 $message->addParam($newname);
280 $reload = true;
282 /* Change database to be used */
283 if (! $_error && $move) {
284 $db = $newname;
285 } elseif (! $_error) {
286 if (isset($switch_to_new) && $switch_to_new == 'true') {
287 $GLOBALS['PMA_Config']->setCookie('pma_switch_to_new', 'true');
288 $db = $newname;
289 } else {
290 $GLOBALS['PMA_Config']->setCookie('pma_switch_to_new', '');
294 if ($_error && ! isset($message)) {
295 $message = PMA_Message::error();
300 * Database has been successfully renamed/moved. If in an Ajax request,
301 * generate the output with {@link PMA_ajaxResponse} and exit
303 if( $GLOBALS['is_ajax_request'] == true) {
304 $extra_data['newname'] = $newname;
305 $extra_data['sql_query'] = PMA_showMessage(NULL, $sql_query);
306 PMA_ajaxResponse($message, $message->isSuccess(), $extra_data);
312 * Settings for relations stuff
315 $cfgRelation = PMA_getRelationsParam();
318 * Check if comments were updated
319 * (must be done before displaying the menu tabs)
321 if (isset($_REQUEST['comment'])) {
322 PMA_setDbComment($db, $comment);
326 * Prepares the tables list if the user where not redirected to this script
327 * because there is no table in the database ($is_info is true)
329 if (empty($is_info)) {
330 require './libraries/db_common.inc.php';
331 $url_query .= '&amp;goto=db_operations.php';
333 // Gets the database structure
334 $sub_part = '_structure';
335 require './libraries/db_info.inc.php';
336 echo "\n";
338 if (isset($message)) {
339 PMA_showMessage($message, $sql_query);
340 unset($message);
344 $db_collation = PMA_getDbCollation($db);
345 if ($db == 'information_schema') {
346 $is_information_schema = true;
347 } else {
348 $is_information_schema = false;
351 if (!$is_information_schema) {
352 if ($cfgRelation['commwork']) {
354 * database comment
357 <div class="operations_half_width">
358 <form method="post" action="db_operations.php">
359 <?php echo PMA_generate_common_hidden_inputs($db); ?>
360 <fieldset>
361 <legend>
362 <?php echo PMA_getIcon('b_comment.png', __('Database comment: '), false, true); ?>
363 </legend>
364 <input type="text" name="comment" class="textfield" size="30"
365 value="<?php
366 echo htmlspecialchars(PMA_getDBComment($db)); ?>" />
367 </fieldset>
368 <fieldset class="tblFooters">
369 <input type="submit" value="<?php echo __('Go'); ?>" />
370 </fieldset>
371 </form>
372 </div>
373 <?php
376 <div class="operations_half_width">
377 <?php require './libraries/display_create_table.lib.php'; ?>
378 </div>
379 <?php
381 * rename database
383 if ($db != 'mysql') {
385 <div class="operations_half_width">
386 <form id="rename_db_form" <?php echo ($GLOBALS['cfg']['AjaxEnable'] ? ' class="ajax" ' : ''); ?>method="post" action="db_operations.php"
387 onsubmit="return emptyFormElements(this, 'newname')">
388 <?php
389 if (isset($db_collation)) {
390 echo '<input type="hidden" name="db_collation" value="' . $db_collation
391 .'" />' . "\n";
394 <input type="hidden" name="what" value="data" />
395 <input type="hidden" name="db_rename" value="true" />
396 <?php echo PMA_generate_common_hidden_inputs($db); ?>
397 <fieldset>
398 <legend>
399 <?php
400 if ($cfg['PropertiesIconic']) {
401 echo '<img class="icon" src="' . $pmaThemeImage . 'b_edit.png"'
402 .' alt="" width="16" height="16" />';
404 echo __('Rename database to') . ':';
406 </legend>
407 <input id="new_db_name" type="text" name="newname" size="30" class="textfield" value="" />
408 <?php
409 echo '(' . __('Command') . ': ';
411 * @todo (see explanations above in a previous todo)
413 //if (PMA_MYSQL_INT_VERSION >= XYYZZ) {
414 // echo 'RENAME DATABASE';
415 //} else {
416 echo 'INSERT INTO ... SELECT';
418 echo ')'; ?>
419 </fieldset>
420 <fieldset class="tblFooters">
421 <input id="rename_db_input" type="submit" value="<?php echo __('Go'); ?>" />
422 </fieldset>
423 </form>
424 </div>
425 <?php
426 } // end if
428 // Drop link if allowed
429 // Don't even try to drop information_schema. You won't be able to. Believe me. You won't.
430 // Don't allow to easily drop mysql database, RFE #1327514.
431 if (($is_superuser || $GLOBALS['cfg']['AllowUserDropDatabase']) && ! $db_is_information_schema && ($db != 'mysql')) {
433 <div class="operations_half_width">
434 <fieldset class="caution">
435 <legend><?php
436 if ($cfg['PropertiesIconic']) {
437 echo '<img class="icon" src="' . $pmaThemeImage . 'b_deltbl.png"'
438 .' alt="" width="16" height="16" />';
440 echo __('Remove database');
441 ?></legend>
443 <ul>
444 <?php
445 $this_sql_query = 'DROP DATABASE ' . PMA_backquote($GLOBALS['db']);
446 $this_url_params = array(
447 'sql_query' => $this_sql_query,
448 'back' => 'db_operations.php',
449 'goto' => 'main.php',
450 'reload' => '1',
451 'purge' => '1',
452 'message_to_show' => sprintf(__('Database %s has been dropped.'), htmlspecialchars(PMA_backquote($db))),
453 'db' => NULL,
456 <li><a href="sql.php<?php echo PMA_generate_common_url($this_url_params); ?>" <?php echo ($GLOBALS['cfg']['AjaxEnable'] ? 'id="drop_db_anchor"' : ''); ?>>
457 <?php echo __('Drop the database (DROP)'); ?></a>
458 <?php echo PMA_showMySQLDocu('SQL-Syntax', 'DROP_DATABASE'); ?>
459 </li>
460 </ul>
461 </fieldset>
462 </div>
463 <?php } ?>
464 <?php
466 * Copy database
469 <div class="operations_half_width clearfloat">
470 <form id="copy_db_form" <?php echo ($GLOBALS['cfg']['AjaxEnable'] ? ' class="ajax" ' : ''); ?>method="post" action="db_operations.php"
471 onsubmit="return emptyFormElements(this, 'newname')">
472 <?php
473 if (isset($db_collation)) {
474 echo '<input type="hidden" name="db_collation" value="' . $db_collation
475 .'" />' . "\n";
477 echo '<input type="hidden" name="db_copy" value="true" />' . "\n";
478 echo PMA_generate_common_hidden_inputs($db);
480 <fieldset>
481 <legend>
482 <?php
483 if ($cfg['PropertiesIconic']) {
484 echo '<img class="icon" src="' . $pmaThemeImage . 'b_edit.png"'
485 .' alt="" width="16" height="16" />';
487 echo __('Copy database to') . ':';
488 $drop_clause = 'DROP TABLE / DROP VIEW';
490 </legend>
491 <input type="text" name="newname" size="30" class="textfield" value="" /><br />
492 <?php
493 $choices = array(
494 'structure' => __('Structure only'),
495 'data' => __('Structure and data'),
496 'dataonly' => __('Data only'));
497 PMA_display_html_radio('what', $choices, 'data', true);
498 unset($choices);
500 <input type="checkbox" name="create_database_before_copying" value="1"
501 id="checkbox_create_database_before_copying"
502 checked="checked" />
503 <label for="checkbox_create_database_before_copying">
504 <?php echo __('CREATE DATABASE before copying'); ?></label><br />
505 <input type="checkbox" name="drop_if_exists" value="true"
506 id="checkbox_drop" />
507 <label for="checkbox_drop"><?php echo sprintf(__('Add %s'), $drop_clause); ?></label><br />
508 <input type="checkbox" name="sql_auto_increment" value="1" checked="checked"
509 id="checkbox_auto_increment" />
510 <label for="checkbox_auto_increment">
511 <?php echo __('Add AUTO_INCREMENT value'); ?></label><br />
512 <input type="checkbox" name="add_constraints" value="1"
513 id="checkbox_constraints" />
514 <label for="checkbox_constraints">
515 <?php echo __('Add constraints'); ?></label><br />
516 <?php
517 unset($drop_clause);
519 if (isset($_COOKIE) && isset($_COOKIE['pma_switch_to_new'])
520 && $_COOKIE['pma_switch_to_new'] == 'true') {
521 $pma_switch_to_new = 'true';
524 <input type="checkbox" name="switch_to_new" value="true"
525 id="checkbox_switch"
526 <?php echo ((isset($pma_switch_to_new) && $pma_switch_to_new == 'true') ? ' checked="checked"' : ''); ?>
528 <label for="checkbox_switch"><?php echo __('Switch to copied database'); ?></label>
529 </fieldset>
530 <fieldset class="tblFooters">
531 <input type="submit" name="submit_copy" value="<?php echo __('Go'); ?>" />
532 </fieldset>
533 </form>
534 </div>
535 <?php
538 * Change database charset
540 echo '<div class="operations_half_width"><form id="change_db_charset_form" ';
541 if ($GLOBALS['cfg']['AjaxEnable']) {
542 echo ' class="ajax" ';
544 echo 'method="post" action="./db_operations.php">'
545 . PMA_generate_common_hidden_inputs($db, $table)
546 . '<fieldset>' . "\n"
547 . ' <legend>';
548 if ($cfg['PropertiesIconic']) {
549 echo '<img class="icon" src="' . $pmaThemeImage . 's_asci.png"'
550 .' alt="" width="16" height="16" />';
552 echo ' <label for="select_db_collation">' . __('Collation') . ':</label>' . "\n"
553 . ' </legend>' . "\n"
554 . PMA_generateCharsetDropdownBox(PMA_CSDROPDOWN_COLLATION,
555 'db_collation', 'select_db_collation', $db_collation, false, 3)
556 . '</fieldset>'
557 . '<fieldset class="tblFooters">'
558 . ' <input type="submit" name="submitcollation"'
559 . ' value="' . __('Go') . '" />' . "\n"
560 . '</fieldset>' . "\n"
561 . '</form></div>' . "\n";
563 if ($num_tables > 0
564 && !$cfgRelation['allworks'] && $cfg['PmaNoRelation_DisableWarning'] == false) {
565 $message = PMA_Message::notice(__('The phpMyAdmin configuration storage has been deactivated. To find out why click %shere%s.'));
566 $message->addParam('<a href="' . $cfg['PmaAbsoluteUri'] . 'chk_rel.php?' . $url_query . '">', false);
567 $message->addParam('</a>', false);
568 /* Show error if user has configured something, notice elsewhere */
569 if (!empty($cfg['Servers'][$server]['pmadb'])) {
570 $message->isError(true);
572 echo '<div class="operations_full_width">';
573 $message->display();
574 echo '</div>';
575 } // end if
576 } // end if (!$is_information_schema)
579 // not sure about displaying the PDF dialog in case db is information_schema
580 if ($cfgRelation['pdfwork'] && $num_tables > 0) { ?>
581 <!-- Work on PDF Pages -->
583 <?php
584 // We only show this if we find something in the new pdf_pages table
586 $test_query = '
587 SELECT *
588 FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['pdf_pages']) . '
589 WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'';
590 $test_rs = PMA_query_as_controluser($test_query, null, PMA_DBI_QUERY_STORE);
593 * Export Relational Schema View
595 echo '<div class="operations_full_width"><fieldset><a href="schema_edit.php?' . $url_query . '">';
596 if ($cfg['PropertiesIconic']) {
597 echo '<img class="icon" src="' . $pmaThemeImage . 'b_edit.png"'
598 .' alt="" width="16" height="16" />';
600 echo __('Edit or export relational schema') . '</a></fieldset></div>';
601 } // end if
604 * Displays the footer
606 require './libraries/footer.inc.php';