diff --git a/app/exec/sql_query_result.php b/app/exec/sql_query_result.php index 971c05101f..c937267f19 100644 --- a/app/exec/sql_query_result.php +++ b/app/exec/sql_query_result.php @@ -47,256 +47,257 @@ require_once "sql_query_pdo.php"; } -//set the variables - $code = trim($_REQUEST["code"]); //check the captcha + $code = trim($_REQUEST["code"]); $command_authorized = false; if (strtolower($_SESSION['captcha']) == strtolower($code)) { $command_authorized = true; } if (!$command_authorized) { //not authorized + echo "not authorized"; exit; } -if (is_array($_POST)) { - $sql_type = trim($_POST["sql_type"]); - $sql_cmd = trim($_POST["cmd"]); - $table_name = trim($_POST["table_name"]); - - $header = "\n"; - $header .= "\n"; - $header .= ""; - $header .= "\n"; - $header .= "\n"; - - $footer = "\n"; - $footer .= "\n"; - - - if ($sql_type == '') { - - echo $header; - - $c = 0; - $row_style["0"] = "row_style0"; - $row_style["1"] = "row_style1"; - - //determine queries to run and show - if ($sql_cmd != '') { $sql_array = array_filter(explode(";", $sql_cmd)); } - if ($table_name != '') { $sql_array[] = "select * from ".$table_name; } - $show_query = (sizeof($sql_array) > 1) ? true : false; - - if (is_array($sql_array)) foreach($sql_array as $sql_index => $sql) { - $sql = trim($sql); - - if (sizeof($sql_array) > 1 || $show_query) { - if ($sql_index > 0) { echo "


"; } - echo "".escape($sql).";
"; - } - - $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - try { - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - echo "".$text['label-records'].": ".count($result).""; - echo "

\n"; - } - catch(PDOException $e) { - echo "".$text['label-error'].""; - echo "

\n"; - echo $e->getMessage(); - echo "

\n"; - exit; - } - - echo "\n"; - $x = 0; - if (is_array($result[0])) { - foreach ($result[0] as $key => $value) { - echo ""; - $column_array[$x++] = $key; +//show the content + if (is_array($_POST)) { + $sql_type = trim($_POST["sql_type"]); + $sql_cmd = trim($_POST["command"]); + $table_name = trim($_POST["table_name"]); + + $header = "\n"; + $header .= "\n"; + $header .= ""; + $header .= "\n"; + $header .= "\n"; + + $footer = "\n"; + $footer .= "\n"; + + + if ($sql_type == '') { + + echo $header; + + $c = 0; + $row_style["0"] = "row_style0"; + $row_style["1"] = "row_style1"; + + //determine queries to run and show + if ($sql_cmd != '') { $sql_array = array_filter(explode(";", $sql_cmd)); } + if ($table_name != '') { $sql_array[] = "select * from ".$table_name; } + $show_query = (sizeof($sql_array) > 1) ? true : false; + + if (is_array($sql_array)) foreach($sql_array as $sql_index => $sql) { + $sql = trim($sql); + + if (sizeof($sql_array) > 1 || $show_query) { + if ($sql_index > 0) { echo "


"; } + echo "".escape($sql).";
"; } - } - $x = 1; - if (is_array($result)) { - foreach ($result as &$row) { - if ($x++ > 1000) { break; } - echo "\n"; - if (is_array($column_array)) { - foreach ($column_array as $column_index => $column) { - echo ""; - } - } - echo "\n"; - $c = ($c == 0) ? 1 : 0; - } - } - echo "
".escape($key)."
".escape($row[$column])." 
\n"; - echo "
\n"; - - unset($result, $column_array); - } - echo $footer; - } - - if ($sql_type == "inserts") { - echo $header; - - $sql = trim($sql); - - //get the table data - $sql = (strlen($sql_cmd) == 0) ? "select * from ".$table_name : $sql_cmd; - - if (strlen($sql) > 0) { - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { + + $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + try { + $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - } - else { - echo "".$text['label-error']."\n"; + echo "".$text['label-records'].": ".count($result).""; echo "

\n"; - echo "
".print_r($db->errorInfo(), true)."
\n"; + } + catch(PDOException $e) { + echo "".$text['label-error'].""; + echo "

\n"; + echo $e->getMessage(); echo "

\n"; exit; } - + + echo "\n"; $x = 0; if (is_array($result[0])) { foreach ($result[0] as $key => $value) { + echo ""; $column_array[$x++] = $key; } } - - $column_array_count = count($column_array); - if (is_array($result)) foreach ($result as &$row) { - echo "insert into ".$table_name." ("; - $x = 1; - if (is_array($column_array)) { - foreach ($column_array as $column) { - if ($column != "menuid" && $column != "menuparentid") { - $columns[] = $column; - } - $x++; - } - } - if (is_array($columns) && sizeof($columns) > 0) { - echo implode(', ', $columns); - } - echo ") values ("; - $x = 1; - if (is_array($column_array)) { - foreach ($column_array as $column) { - if ($column != "menuid" && $column != "menuparentid") { - $values[] = ($row[$column] != '') ? "'".check_str($row[$column])."'" : 'null'; - } - $x++; - } - } - if (is_array($values) && sizeof($values) > 0) { - echo implode(', ', escape($values)); - } - echo ");
\n"; - unset($columns, $values); - } - } - echo $footer; - } - - if ($sql_type == "csv") { - - //set the headers - header('Content-type: application/octet-binary'); - header('Content-Disposition: attachment; filename='.escape($table_name).'.csv'); - - //get the table data - $sql = trim($sql); - $sql = "select * from ".$table_name; - if (strlen($sql) > 0) { - $prep_statement = $db->prepare(check_sql($sql)); - if ($prep_statement) { - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); - } - else { - echo "".$text['label-error']."\n"; - echo "

\n"; - echo "
".print_r($db->errorInfo(), true)."
\n"; - echo "

\n"; - exit; - } - - $x = 0; - if (is_array($result[0])) { - foreach ($result[0] as $key => $value) { - $column_array[$x++] = $key; - } - } - //column names - echo '"'.implode('","', escape($column_array)).'"'."\r\n"; - //column values + $x = 1; if (is_array($result)) { foreach ($result as &$row) { - $x = 1; - foreach ($column_array as $column) { - echo '"'.escape($row[$column]).'"'.(($x++ < count($column_array)) ? ',' : null); + if ($x++ > 1000) { break; } + echo "\n"; + if (is_array($column_array)) { + foreach ($column_array as $column_index => $column) { + echo ""; + } } - echo "\n"; + echo "\n"; + $c = ($c == 0) ? 1 : 0; } } + echo "
".escape($key)."
".escape($row[$column])." 
\n"; + echo "
\n"; + + unset($result, $column_array); } + echo $footer; + } + + if ($sql_type == "inserts") { + echo $header; + + $sql = trim($sql); + + //get the table data + $sql = (strlen($sql_cmd) == 0) ? "select * from ".$table_name : $sql_cmd; + + if (strlen($sql) > 0) { + $prep_statement = $db->prepare(check_sql($sql)); + if ($prep_statement) { + $prep_statement->execute(); + $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); + } + else { + echo "".$text['label-error']."\n"; + echo "

\n"; + echo "
".print_r($db->errorInfo(), true)."
\n"; + echo "

\n"; + exit; + } + + $x = 0; + if (is_array($result[0])) { + foreach ($result[0] as $key => $value) { + $column_array[$x++] = $key; + } + } + + $column_array_count = count($column_array); + if (is_array($result)) foreach ($result as &$row) { + echo "insert into ".$table_name." ("; + $x = 1; + if (is_array($column_array)) { + foreach ($column_array as $column) { + if ($column != "menuid" && $column != "menuparentid") { + $columns[] = $column; + } + $x++; + } + } + if (is_array($columns) && sizeof($columns) > 0) { + echo implode(', ', $columns); + } + echo ") values ("; + $x = 1; + if (is_array($column_array)) { + foreach ($column_array as $column) { + if ($column != "menuid" && $column != "menuparentid") { + $values[] = ($row[$column] != '') ? "'".check_str($row[$column])."'" : 'null'; + } + $x++; + } + } + if (is_array($values) && sizeof($values) > 0) { + echo implode(', ', escape($values)); + } + echo ");
\n"; + unset($columns, $values); + } + } + echo $footer; + } + + if ($sql_type == "csv") { + + //set the headers + header('Content-type: application/octet-binary'); + header('Content-Disposition: attachment; filename='.escape($table_name).'.csv'); + + //get the table data + $sql = trim($sql); + $sql = "select * from ".$table_name; + if (strlen($sql) > 0) { + $prep_statement = $db->prepare(check_sql($sql)); + if ($prep_statement) { + $prep_statement->execute(); + $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC); + } + else { + echo "".$text['label-error']."\n"; + echo "

\n"; + echo "
".print_r($db->errorInfo(), true)."
\n"; + echo "

\n"; + exit; + } + + $x = 0; + if (is_array($result[0])) { + foreach ($result[0] as $key => $value) { + $column_array[$x++] = $key; + } + } + //column names + echo '"'.implode('","', escape($column_array)).'"'."\r\n"; + //column values + if (is_array($result)) { + foreach ($result as &$row) { + $x = 1; + foreach ($column_array as $column) { + echo '"'.escape($row[$column]).'"'.(($x++ < count($column_array)) ? ',' : null); + } + echo "\n"; + } + } + } + } } -} ?>