PHP Classes

File: as_admintool_sqlqry.php

Recommend this page to a friend!
  Classes of Alexander Selifonov   site administrator tool set   as_admintool_sqlqry.php   Download  
File: as_admintool_sqlqry.php
Role: Auxiliary script
Content type: text/plain
Description: Plugin module: SQL queries execute and explain
Class: site administrator tool set
Web interface to manage site resources
Author: By
Last change: some bug fixes in javascript block
Date: 15 years ago
Size: 11,755 bytes
 

Contents

Class file image Download
<? /** * @package as_admintool * @desc as_admintool_sqlqry.php - "SQL query" plugin for as_admintool.php * @author Alexander Selifonov <as-works@narod.ru> * @copyright Alexander Selifonov 2007 * @link http://as-works.narod.ru/en/php/ * @version 1.003.024 * modified 20.03.2008 (dd.mm.yyyy) ================================================================================ */ require_once('as_dbutils.php'); // DB access wrapper class define('ASADM_SQLQUERY','sqlqry'); // ID type for this module if(!defined('ASADM_MAXRECORDS')) define('ASADM_MAXRECORDS',800); // SQL query: maximal records returned define('ASADM_QRYPARAM',4); // number of parameter fields shown for SQL query define('ASADM_SQRYWHEIGHT',100); // SQL query textarea height (px) # mandatory string - registering plugin # example: $as_admt_plugins['unique_id'] = array('html-drawing_func','executing_func'); CAsAdminTool::RegisterPlugin('sqlqry','ASAdmt_sql_Form','ASAdmt_sql_exec'); // interface localization here ! if(empty($as_iface['predef-qry'])) $as_iface['predef-qry'] ='pre-defined queries...'; if(empty($as_iface['execqry'])) $as_iface['execqry'] ='Execute Query'; if(empty($as_iface['explainqry'])) $as_iface['explainqry'] ='Explain Query'; if(empty($as_iface['qryresult'])) $as_iface['qryresult'] ='Execution result'; if(empty($as_iface['msg_qrydone'])) $as_iface['msg_qrydone'] ='Query executed'; if(empty($as_iface['msg_qryerror'])) $as_iface['msg_qryerror'] ='Query error'; # $as_adm_qryaccess : SQL runing access: # 0 - only pre-defined queries allowed (sqltext field is hidden), no 'explain query' button # 1 - user can write queries, but only reading data, UPDATING queries will be denied # 2 - full access, all queries executed if(!isset($as_adm_qryaccess)) $as_adm_qryaccess = 0; # ASAdmt_sql_Form - function for drawing "SQL query" screen page # first par $pginfo is array: [0] - pageid, [1],[2]-max page size (width,height) function ASAdmt_sql_Form($pginfo,$qrylist='',$par2=false,$par3=false) { global $as_iface, $as_cssclass, $as_adm_qryaccess; $pageid=isset($pginfo[0])? $pginfo[0]: 0; $lwidth = isset($pginfo[1])? $pginfo[1]: 800; $lheight = isset($pginfo[2])? $pginfo[2]: 600; $rest_h = $lheight - 115; $self = $_SERVER['PHP_SELF']; static $sql_js_drawn = false; $dbname = is_string($par2)? $par2 : ''; if(!$sql_js_drawn) { #<3> draw only once !!! $sql_js_drawn = true; ?> <script language='javascript'> var as_admt_stdsqls = []; // array for predefined queries var as_admt_subpars = []; function SqlQry_ChangeStdQry(pageid,obj) { var fm = asGetObj("as_admt_sqlform_"+pageid); var iqry = obj.selectedIndex; if(iqry <=0) fm.sqltext.value = 'select * from'; else fm.sqltext.value = as_admt_stdsqls[pageid][iqry][0].replace(/{CRLF}/g,"\r\n"); for(ik=1; ik<=<?= ASADM_QRYPARAM ?>; ik++) { asGetObj("sqprm_"+pageid+"_"+ik).innerHTML= ((iqry<=0 || as_admt_stdsqls[pageid][iqry][ik]==undefined)? ('&amp;P'+ik) : as_admt_stdsqls[pageid][iqry][ik]); } if(typeof(as_admt_subpars[pageid][iqry])!='undefined') { fm.subpars.value=as_admt_subpars[pageid][iqry]; } } var ajax_sqlqrybusy = false; function Admt_RunSqlQry(pageid,bexplain) { if (ajax_sqlqrybusy) return false; fm = window.asGetObj("as_admt_sqlform_"+pageid); // alert('KT-form element : '+fm.name); if(fm.sqltext.value=='') { alert('empty sqltext'); return false; } var xmlreq = NewXMLHttpRequest(); if(!xmlreq) { return false; } ajax_sqlqrybusy = true; xmlreq.onreadystatechange= function() { //<3> if (xmlreq.readyState == 4) { //<3A> // alert(xmlreq.responseText); //debug var spl = xmlreq.responseText.split("{|}"); delete xmlreq; ajax_sqlqrybusy = false; if(spl.length < 2) { asGetObj("sqlresult_"+pageid).innerHTML ='<?=$as_iface['msg_wrongreply']?> '+spl[0]; } else { asGetObj("sqlresult_"+pageid).innerHTML = spl[1]; } //<4> } //<3A> } //<3> xmlreq.open('POST','<?=$self?>',true); xmlreq.setRequestHeader("Content-Type", postcont); params = 'adm_action_type=sqlqry&pageid=' + pageid + '&'+ComputeParamString('as_admt_sqlform_'+pageid); if(bexplain==1) params += '&b_explain=1'; xmlreq.send(params); asGetObj("sqlresult_"+pageid).innerHTML = "<?=$as_iface['msg_waiting']?>"; return false; } </script> <? } #<3> $stdsqls = array(); if(is_array($qrylist)) $stdsqls = $qrylist; elseif(is_file($qrylist)) { $tlst = file($qrylist); foreach($tlst as $strk) { $strk = trim($strk); if($strk=='' || $strk[0]=='#') continue; $tval = explode('|',$strk); if(count($tval)<2) continue; // if(!empty($tval[1])) $stdsqls[] = $tval; //[0] = $tval[1]; } } if(count($stdsqls)>0) { echo "<script language='javascript'>\n as_admt_stdsqls[$pageid] = [];\n as_admt_subpars[$pageid] = [];\n"; $km=1; for($kk=0; $kk<count($stdsqls); $kk++) { $key = $stdsqls[$kk][0]; $subpars = ''; if(strlen($stdsqls[$kk][1])>1) { $allval = "\"{$stdsqls[$kk][1]}\""; for($nn=2;$nn<=ASADM_QRYPARAM+1;$nn++) { if(isset($stdsqls[$kk][$nn]) ) { if($stdsqls[$kk][$nn][0]==='#') $subpars .= ($subpars===''? '':'|').$stdsqls[$kk][$nn]; else $allval .= ",\"{$stdsqls[$kk][$nn]}\""; } } echo " as_admt_stdsqls[$pageid][$km] = [$allval];\n as_admt_subpars[$pageid][$km] = \"$subpars\";\n"; $km++; } } echo "</script>\n"; } ?> <table id='asadt_tbl_<?=$pageid?>'> <tr><form name='as_admt_sqlform_<?=$pageid?>'><input type='hidden' name='subpars' value='' /> <!--td><?=$as_iface['parameters']?> :</td></tr--> <tr> <? if(!empty($dbname)) echo "<input type=hidden name='_dbname_' value='$dbname'>"; if(count($stdsqls)>0) { $rest_h -=40; echo "<tr><td colspan=4>{$as_iface['predef-qry']}<br><SELECT name='stdqry' style='width:200' onChange='SqlQry_ChangeStdQry($pageid,this)'> <OPTION value='0'>{$as_iface['predef-qry']}</OPTION>"; for($kk=0; $kk<count($stdsqls); $kk++) /* as $kname=>$kval)*/ { $kname = $stdsqls[$kk][0]; echo ( (strlen($stdsqls[$kk][1])>1)? "<OPTION value='$kname'>$kname</OPTION>" : "<OPTGROUP label='$kname'>"); } echo "</SELECT></td></tr>"; } for($kkp=1; $kkp<=ASADM_QRYPARAM; $kkp++) { if($kkp>4 && ($kkp % 5 ==1)) { $rest_h -=36; echo "</tr><tr>"; } // NN parameter per line echo "<td><span id='sqprm_{$pageid}_{$kkp}'> &amp;P{$kkp}</span><br><input type='TEXT' name='qparm{$kkp}' class='{$as_cssclass['textfield']}' style='width:120'></td>\n"; } $attrib = ($as_adm_qryaccess>=1)? '':'READONLY'; // with $as_adm_qryaccess=0 user won't even see SQL query text - just parameter fields if($as_adm_qryaccess>0) { $rest_h -=ASADM_SQRYWHEIGHT; $qryfield = "<tr><td><textarea name='sqltext' class='ibox' style='width:100%; Height=".ASADM_SQRYWHEIGHT."' {$attrib}>select * from</textarea></td></tr>"; } else { $qryfield = "<input type='hidden' name='sqltext' value=''>"; } ?> </tr></table> <div align=center> <table width='98%'> <?=$qryfield?> <tr><td><button class='button' name='runsql' onClick='Admt_RunSqlQry(<?=$pageid?>);return false'><?=$as_iface['execqry']?></button> <? if($as_adm_qryaccess>=1) { ?> &nbsp; <button class='button' name='expsql' onClick='Admt_RunSqlQry(<?=$pageid?>,1);return false'><?=$as_iface['explainqry']?></button> <? } ?> </td></tr> <tr><td><?=$as_iface['qryresult']?></td></tr></form> <tr><td><div id='sqlresult_<?=$pageid?>' class='<?=$as_cssclass['resultarea']?>' style='overflow:auto; height:<?=$rest_h?>px; width:<?=$lwidth-20?>px;'>&nbsp;</div></td></tr> </tr> </table> </div> <? } // # ASAdmt_sql_exec - function for executing query and returning result through AJAX function ASAdmt_sql_exec($parms) { global $as_iface,$as_cssclass, $as_adm_qryaccess, $as_dbengine; $pageid = isset($parms['pageid'])? $parms['pageid'] : '1'; if($as_adm_qryaccess<2) { $qarr = explode(' ',trim($parms['sqltext'])); $first = strtolower($qarr[0]); if(!in_array($first, array('select','show','desc','describe','explain'))) { return "$pageid{|}UPDATES NOT ALLOWED ! ($first - operator denied or unknown)"; } } $subpars = empty($parms['subpars'])? '': explode('|',$parms['subpars']); // additional parameters: "href columns" etc. $s_from = array(); $s_to = array(); $dbname = isset($parms['_dbname_']) ? $parms['_dbname_']: ''; if(strlen($dbname)) { $seldb = $as_dbengine->select_db($dbname); } for($kk=1 ; $kk<=ASADM_QRYPARAM; $kk++) { if(isset($parms['qparm'.$kk])) { $s_from[] = '&P'.$kk; $s_to[]=$parms['qparm'.$kk]; } } $sqry = isset($parms['sqltext'])? $parms['sqltext'] : ''; $sqry = str_replace($s_from, $s_to, $sqry); $sqry = trim(stripslashes($sqry)); if(empty($sqry)) { return $ret; } $ret = "$pageid{|}"; # <table _width='900px' border=0 cellspacing=0 cellpadding=0><tr class='head' style='text-align:left'><td><b>$sqry</b></td></tr></table>\n"; $qrylist = explode("/\r",$sqry); $explain = empty($parms['b_explain'])?false:true; foreach($qrylist as $no=>$oneqry) { $ret .= ASAdmt_RunOneSql($oneqry,$explain).'<br />'; } return $ret; } /** * @desc ASAdmt_RunOneSql performs one SQL query and returns <table> with record values or error text **/ function ASAdmt_RunOneSql($querytext,$explain=false) { global $as_iface,$as_cssclass, $as_adm_qryaccess, $as_dbengine; $ret = ''; $result = ($explain)? $as_dbengine->sql_explain($querytext) : $as_dbengine->sql_query($querytext); if($result) { //<2> if(is_resource($result)) { //<3> // show result recordset $ret .="<table border=0 cellspacing=1 >\n"; $header = 0; $ii=0; while (($row = $as_dbengine->fetch_assoc($result)) && (ASADM_MAXRECORDS==0 || $ii<=ASADM_MAXRECORDS)) { //<4> $values = array_values($row); // I'll need index-based values for HREF column composing if($header < 1) { //<5> $header = 1; $ret .="<tr>"; // class='{$as_cssclass['trowhead']}' foreach($row as $col_name=>$col_value) { if(is_string($col_name)) $ret .="<td class='{$as_cssclass['tdhead']}'>$col_name</td>"; } if(is_array($subpars)) for($ipar=0;$ipar<count($subpars);$ipar++) $ret.="<td class='{$as_cssclass['tdhead']}'>&nbsp;</td>"; $ret .='</tr>'; reset($row); // back to first element ! } //<5> $ii++; $classname = ($ii % 2) ? $as_cssclass['trowodd']:$as_cssclass['troweven']; $ret .= "\n<tr class='$classname'>"; foreach($row as $col_name=>$col_value) if(is_string($col_name)) $ret .= "<td>$col_value</td>"; if(is_array($subpars)) for($ipar=0;$ipar<count($subpars);$ipar++) { $onepar = explode('^',$subpars[$ipar]); $colvalue = ''; switch($onepar[0]) { case '#HREF': $colvalue=@str_replace('{ID}',$values[$onepar[1]],$onepar[2]); break; default: $colvalue=$onepar[0]; break; } $ret .="<td>$colvalue</td>"; } $ret .='</tr>'; } //<4> $as_dbengine->free_result($result); $ret .="</table></div>\n"; }//<3> else $ret .= $as_iface['msg_qrydone']. ' (rows affected: '.$as_dbengine->affected_rows().')'; }//<2> else $ret .= $as_iface['msg_qryerror'].' :'.$as_dbengine->sql_error(); return $ret; } ?>