Permalink
Browse files

switch the sql query screens to use a session var to track the query.…

… this solves some problems with overly long queries. this is a more complete fix for bug#1943741
  • Loading branch information...
1 parent 8589cd9 commit eb2abee49ccf9506e79eb40753059c577a5c960d @xzilla committed Sep 13, 2008
Showing with 29 additions and 15 deletions.
  1. +1 −3 database.php
  2. +1 −1 reports.php
  3. +25 −9 sql.php
  4. +2 −2 sqledit.php
View
@@ -853,15 +853,13 @@ function doSQL() {
global $data, $misc;
global $lang;
- if (!isset($_REQUEST['query'])) $_REQUEST['query'] = '';
-
$misc->printTrail('database');
$misc->printTabs('database','sql');
echo "<p>{$lang['strentersql']}</p>\n";
echo "<form action=\"sql.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
echo "<p>{$lang['strsql']}<br />\n";
echo "<textarea style=\"width:100%;\" rows=\"20\" cols=\"50\" name=\"query\">",
- htmlspecialchars($_REQUEST['query']), "</textarea></p>\n";
+ htmlspecialchars($_SESSION['sqlquery']), "</textarea></p>\n";
// Check that file uploads are enabled
if (ini_get('file_uploads')) {
View
@@ -281,7 +281,7 @@ function doDefault($msg = '') {
'run' => array(
'title' => $lang['strexecute'],
'url' => "sql.php?subject=report&amp;{$misc->href}&amp;return_url={$return_url}&amp;return_desc=".urlencode($lang['strback'])."&amp;",
- 'vars' => array('report' => 'report_name', 'database' => 'db_name', 'query' => 'report_sql', 'paginate' => 'paginate'),
+ 'vars' => array('report' => 'report_name', 'database' => 'db_name', 'reportid' => 'report_id', 'paginate' => 'paginate'),
),
'edit' => array(
'title' => $lang['stredit'],
View
@@ -4,7 +4,7 @@
* Process an arbitrary SQL query - tricky! The main problem is that
* unless we implement a full SQL parser, there's no way of knowing
* how many SQL statements have been strung together with semi-colons
- * @param $query The SQL query string to execute
+ * @param $_SESSION['sqlquery'] The SQL query string to execute
*
* $Id: sql.php,v 1.43 2008/01/10 20:19:27 xzilla Exp $
*/
@@ -70,6 +70,22 @@ function sqlCallback($query, $rs, $lineno) {
}
}
+ // We need to store the query in a session for editing purposes
+ // We avoid GPC vars to avoid truncating long queries
+ // If we came from a report, we need to look up the query
+ if (isset($_REQUEST['subject']) && $_REQUEST['subject'] == 'report' ) {
+ global $data, $misc;
+ include_once('./classes/Reports.php');
+ $reportsdb = new Reports($status);
+ $report = $reportsdb->getReport($_REQUEST['reportid']);
+ $_SESSION['sqlquery'] = $report->fields['report_sql'];
+ }
+ elseif (isset($_POST['query'])) {
+ // Or maybe we came from an sql form
+ $_SESSION['sqlquery'] = $_POST['query'];
+ } else {
+ echo "could not find the query!!";
+ }
// Pagination maybe set by a get link that has it as FALSE,
// if that's the case, unset the variable.
@@ -83,7 +99,7 @@ function sqlCallback($query, $rs, $lineno) {
// script for pagination
/* if a file is given or the request is an explain, do not paginate */
if (isset($_REQUEST['paginate']) && !(isset($_FILES['script']) && $_FILES['script']['size'] > 0)
- && (preg_match('/^\s*explain/i', $_REQUEST['query']) == 0)) {
+ && (preg_match('/^\s*explain/i', $_SESSION['sqlquery']) == 0)) {
include('./display.php');
exit;
}
@@ -114,13 +130,13 @@ function sqlCallback($query, $rs, $lineno) {
else {
// Set fetch mode to NUM so that duplicate field names are properly returned
$data->conn->setFetchMode(ADODB_FETCH_NUM);
- $rs = $data->conn->Execute($_REQUEST['query']);
+ $rs = $data->conn->Execute($_SESSION['sqlquery']);
// $rs will only be an object if there is no error
if (is_object($rs)) {
// Request was run, saving it in history
if(!isset($_REQUEST['nohistory']))
- $misc->saveScriptHistory($_REQUEST['query']);
+ $misc->saveScriptHistory($_SESSION['sqlquery']);
// Now, depending on what happened do various things
@@ -183,20 +199,20 @@ function sqlCallback($query, $rs, $lineno) {
// Edit
echo "\t<li><a href=\"database.php?database=", urlencode($_REQUEST['database']),
- "&amp;server=", urlencode($_REQUEST['server']), "&amp;action=sql&amp;query=", urlencode($_REQUEST['query']), "\">{$lang['streditsql']}</a></li>\n";
+ "&amp;server=", urlencode($_REQUEST['server']), "&amp;action=sql\">{$lang['streditsql']}</a></li>\n";
// Create report
if (($subject !== 'report') && $conf['show_reports'] && isset($rs) && is_object($rs) && $rs->recordCount() > 0)
echo "\t<li><a href=\"reports.php?{$misc->href}&amp;action=create&amp;report_sql=",
- urlencode($_REQUEST['query']), "\">{$lang['strcreatereport']}</a></li>\n";
+ urlencode($_SESSION['sqlquery']), "\">{$lang['strcreatereport']}</a></li>\n";
// Create view and download
- if (isset($_REQUEST['query']) && isset($rs) && is_object($rs) && $rs->recordCount() > 0) {
+ if (isset($_SESSION['sqlquery']) && isset($rs) && is_object($rs) && $rs->recordCount() > 0) {
// Report views don't set a schema, so we need to disable create view in that case
if (isset($_REQUEST['schema']))
echo "\t<li><a href=\"views.php?action=create&amp;formDefinition=",
- urlencode($_REQUEST['query']), "&amp;{$misc->href}\">{$lang['strcreateview']}</a></li>\n";
- echo "\t<li><a href=\"dataexport.php?query=", urlencode($_REQUEST['query']);
+ urlencode($_SESSION['sqlquery']), "&amp;{$misc->href}\">{$lang['strcreateview']}</a></li>\n";
+ echo "\t<li><a href=\"dataexport.php?query=", urlencode($_SESSION['sqlquery']);
if (isset($_REQUEST['search_path']))
echo "&amp;search_path=", urlencode($_REQUEST['search_path']);
echo "&amp;{$misc->href}\">{$lang['strdownload']}</a></li>\n";
View
@@ -100,7 +100,7 @@ function doDefault() {
global $data, $misc;
global $lang;
- if (!isset($_REQUEST['query'])) $_REQUEST['query'] = '';
+ if (!isset($_SESSION['sqlquery'])) $_SESSION['sqlquery'] = '';
$misc->printHeader($lang['strsql']);
@@ -123,7 +123,7 @@ function doDefault() {
}
echo "<textarea style=\"width: 100%;\" rows=\"10\" cols=\"50\" name=\"query\">",
- htmlspecialchars($_REQUEST['query']), "</textarea>\n";
+ htmlspecialchars($_SESSION['sqlquery']), "</textarea>\n";
echo "<label for=\"paginate\"><input type=\"checkbox\" id=\"paginate\" name=\"paginate\"", (isset($_REQUEST['paginate']) ? ' checked="checked"' : ''), " />&nbsp;{$lang['strpaginate']}</label>\n";
echo "<p><input type=\"submit\" value=\"{$lang['strexecute']}\" />\n";

0 comments on commit eb2abee

Please sign in to comment.