diff --git a/htdocs/sql/db_search.php b/htdocs/sql/db_search.php new file mode 100755 --- /dev/null +++ b/htdocs/sql/db_search.php @@ -0,0 +1,377 @@ + + */ + +/** + * + */ +require_once './libraries/common.inc.php'; + +/** + * Gets some core libraries and send headers + */ +require './libraries/db_common.inc.php'; + +/** + * init + */ +// If config variable $GLOBALS['cfg']['Usedbsearch'] is on false : exit. +if (! $GLOBALS['cfg']['UseDbSearch']) { + PMA_mysqlDie($GLOBALS['strAccessDenied'], '', false, $err_url); +} // end if +$url_query .= '&goto=db_search.php'; +$url_params['goto'] = 'db_search.php'; + +/** + * @global array list of tables from the current database + * but do not clash with $tables coming from db_info.inc.php + */ +$tables_names_only = PMA_DBI_get_tables($GLOBALS['db']); + +$search_options = array( + '1' => $GLOBALS['strSearchOption1'], + '2' => $GLOBALS['strSearchOption2'], + '3' => $GLOBALS['strSearchOption3'], + '4' => $GLOBALS['strSearchOption4'], +); + +if (empty($_REQUEST['search_option']) || ! is_string($_REQUEST['search_option']) + || ! array_key_exists($_REQUEST['search_option'], $search_options)) { + $search_option = 1; + unset($_REQUEST['submit_search']); +} else { + $search_option = (int) $_REQUEST['search_option']; + $option_str = $search_options[$_REQUEST['search_option']]; +} + +if (empty($_REQUEST['search_str']) || ! is_string($_REQUEST['search_str'])) { + unset($_REQUEST['submit_search']); + $searched = ''; +} else { + $searched = htmlspecialchars($_REQUEST['search_str']); + // For "as regular expression" (search option 4), we should not treat + // this as an expression that contains a LIKE (second parameter of + // PMA_sqlAddslashes()). + // + // Usage example: If user is seaching for a literal $ in a regexp search, + // he should enter \$ as the value. + $search_str = PMA_sqlAddslashes($_REQUEST['search_str'], ($search_option == 4 ? false : true)); +} + +$tables_selected = array(); +if (empty($_REQUEST['table_select']) || ! is_array($_REQUEST['table_select'])) { + unset($_REQUEST['submit_search']); +} elseif (! isset($_REQUEST['selectall']) && ! isset($_REQUEST['unselectall'])) { + $tables_selected = array_intersect($_REQUEST['table_select'], $tables_names_only); +} + +if (isset($_REQUEST['selectall'])) { + $tables_selected = $tables_names_only; +} elseif (isset($_REQUEST['unselectall'])) { + $tables_selected = array(); +} + +/** + * Displays top links + */ +$sub_part = ''; +require './libraries/db_info.inc.php'; + + +/** + * 1. Main search form has been submitted + */ +if (isset($_REQUEST['submit_search'])) { + + /** + * Builds the SQL search query + * + * @todo can we make use of fulltextsearch IN BOOLEAN MODE for this? + * @uses PMA_DBI_query + * PMA_MYSQL_INT_VERSION + * PMA_backquote + * PMA_DBI_free_result + * PMA_DBI_fetch_assoc + * $GLOBALS['db'] + * explode + * count + * strlen + * @param string the table name + * @param string the string to search + * @param integer type of search (1 -> 1 word at least, 2 -> all words, + * 3 -> exact string, 4 -> regexp) + * + * @return array 3 SQL querys (for count, display and delete results) + * + * @global string the url to return to in case of errors + * @global string charset connection + */ + function PMA_getSearchSqls($table, $search_str, $search_option) + { + global $err_url, $charset_connection; + + // Statement types + $sqlstr_select = 'SELECT'; + $sqlstr_delete = 'DELETE'; + + // Fields to select + $res = PMA_DBI_query('SHOW ' . (PMA_MYSQL_INT_VERSION >= 40100 ? 'FULL ' : '') . 'FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($GLOBALS['db']) . ';'); + while ($current = PMA_DBI_fetch_assoc($res)) { + if (PMA_MYSQL_INT_VERSION >= 40100) { + list($current['Charset']) = explode('_', $current['Collation']); + } + $current['Field'] = PMA_backquote($current['Field']); + $tblfields[] = $current; + } // while + PMA_DBI_free_result($res); + unset($current, $res); + + // Table to use + $sqlstr_from = ' FROM ' . PMA_backquote($GLOBALS['db']) . '.' . PMA_backquote($table); + + $search_words = (($search_option > 2) ? array($search_str) : explode(' ', $search_str)); + $search_wds_cnt = count($search_words); + + $like_or_regex = (($search_option == 4) ? 'REGEXP' : 'LIKE'); + $automatic_wildcard = (($search_option <3) ? '%' : ''); + + $fieldslikevalues = array(); + foreach ($search_words as $search_word) { + // Eliminates empty values + // In MySQL 4.1, if a field has no collation we get NULL in Charset + // but in MySQL 5.0.x we get '' + if (strlen($search_word) === 0) { + continue; + } + + $thefieldlikevalue = array(); + foreach ($tblfields as $tblfield) { + if (PMA_MYSQL_INT_VERSION >= 40100 + && $tblfield['Charset'] != $charset_connection + && $tblfield['Charset'] != 'NULL' + && $tblfield['Charset'] != '') { + $prefix = 'CONVERT(_utf8 '; + $suffix = ' USING ' . $tblfield['Charset'] . ') COLLATE ' . $tblfield['Collation']; + } else { + $prefix = $suffix = ''; + } + $thefieldlikevalue[] = $tblfield['Field'] + . ' ' . $like_or_regex . ' ' + . $prefix + . "'" + . $automatic_wildcard + . $search_word + . $automatic_wildcard . "'" + . $suffix; + } // end for + + $fieldslikevalues[] = implode(' OR ', $thefieldlikevalue); + } // end for + + $implode_str = ($search_option == 1 ? ' OR ' : ' AND '); + $sqlstr_where = ' WHERE (' . implode(') ' . $implode_str . ' (', $fieldslikevalues) . ')'; + unset($fieldslikevalues); + + // Builds complete queries + $sql['select_fields'] = $sqlstr_select . ' * ' . $sqlstr_from . $sqlstr_where; + // here, I think we need to still use the COUNT clause, even for + // VIEWs, anyway we have a WHERE clause that should limit results + $sql['select_count'] = $sqlstr_select . ' COUNT(*) AS `count`' . $sqlstr_from . $sqlstr_where; + $sql['delete'] = $sqlstr_delete . $sqlstr_from . $sqlstr_where; + return $sql; + } // end of the "PMA_getSearchSqls()" function + + + /** + * Displays the results + */ + $this_url_params = array( + 'db' => $GLOBALS['db'], + 'goto' => 'db_sql.php', + 'pos' => 0, + 'is_js_confirmed' => 0, + ); + + // Displays search string + echo '
' . "\n" + .'' . "\n" + .'' . "\n"; + + $num_search_result_total = 0; + $odd_row = true; + + foreach ($tables_selected as $each_table) { + // Gets the SQL statements + $newsearchsqls = PMA_getSearchSqls($each_table, + $search_str, $search_option); + + // Executes the "COUNT" statement + $res_cnt = PMA_DBI_fetch_value($newsearchsqls['select_count']); + $num_search_result_total += $res_cnt; + + $sql_query .= $newsearchsqls['select_count']; + + echo '' + .'\n"; + + if ($res_cnt > 0) { + $this_url_params['sql_query'] = $newsearchsqls['select_fields']; + echo '\n"; + + $this_url_params['sql_query'] = $newsearchsqls['delete']; + echo '\n"; + + } else { + echo '' . "\n" + .'' . "\n"; + }// end if else + $odd_row = ! $odd_row; + echo '' . "\n"; + } // end for + + echo '
' . "\n" + .sprintf($GLOBALS['strSearchResultsFor'], + $searched, $option_str) . "\n" + .'
' . sprintf($GLOBALS['strNumSearchResultsInTable'], $res_cnt, + htmlspecialchars($each_table)) . "' . PMA_linkOrButton( + 'sql.php' . PMA_generate_common_url($this_url_params), + $GLOBALS['strBrowse'], '') . "' . PMA_linkOrButton( + 'sql.php' . PMA_generate_common_url($this_url_params), + $GLOBALS['strDelete'], $newsearchsqls['delete']) . "  
' . "\n"; + + if (count($tables_selected) > 1) { + echo '

' . sprintf($GLOBALS['strNumSearchResultsTotal'], + $num_search_result_total) . '

' . "\n"; + } +} // end 1. + + +/** + * 2. Displays the main search form + */ +?> + +
+ +
+ + + + + + + + + + + + + + +
+ /> + 1
+ /> + 1
+ /> +
+ /> + + +
+
+ 1
+ +' . "\n"; +foreach ($tables_names_only as $each_table) { + if (in_array($each_table, $tables_selected)) { + $is_selected = ' selected="selected"'; + } else { + $is_selected = ''; + } + + echo ' ' . "\n"; +} // end while + +echo ' ' . "\n"; +$alter_select = + '' . $GLOBALS['strSelectAll'] . '' + . ' / ' + . '' . $GLOBALS['strUnselectAll'] . ''; +?> +
+
+
+
+ +
+
+ +