-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathdatabase-run.php
94 lines (90 loc) · 3.85 KB
/
database-run.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
### Check Whether User Can Manage Database
if ( ! current_user_can( 'install_plugins' ) ) {
die( 'Access Denied' );
}
### Variables Variables Variables
$base_name = plugin_basename('wp-dbmanager/database-manager.php');
$base_page = 'admin.php?page='.$base_name;
$backup = array();
$backup_options = get_option('dbmanager_options');
$backup['date'] = current_time('timestamp');
$backup['mysqldumppath'] = $backup_options['mysqldumppath'];
$backup['mysqlpath'] = $backup_options['mysqlpath'];
$backup['path'] = $backup_options['path'];
### Form Processing
if(!empty($_POST['do'])) {
$text = '';
// Decide What To Do
switch($_POST['do']) {
case __('Run', 'wp-dbmanager'):
check_admin_referer('wp-dbmanager_run');
$sql_queries2 = trim($_POST['sql_query']);
$totalquerycount = 0;
$successquery = 0;
if($sql_queries2) {
$sql_queries = array();
$sql_queries2 = explode("\n", $sql_queries2);
foreach($sql_queries2 as $sql_query2) {
$sql_query2 = trim(stripslashes($sql_query2));
$sql_query2 = preg_replace("/[\r\n]+/", '', $sql_query2);
if(!empty($sql_query2)) {
$sql_queries[] = $sql_query2;
}
}
if($sql_queries) {
foreach( $sql_queries as $sql_query ) {
if ( preg_match( "/LOAD_FILE/i", $sql_query ) ) {
$text .= "<p style=\"color: red;\">$sql_query</p>";
$totalquerycount++;
} elseif( preg_match( "/^\\s*(select|drop|show|grant) /i", $sql_query ) ) {
$text .= "<p style=\"color: red;\">$sql_query</p>";
$totalquerycount++;
} else if ( preg_match( "/^\\s*(insert|update|replace|delete|create|alter) /i", $sql_query ) ) {
$run_query = $wpdb->query( $sql_query );
if( ! $run_query ) {
$text .= "<p style=\"color: red;\">$sql_query</p>";
} else {
$successquery++;
$text .= "<p style=\"color: green;\">$sql_query</p>";
}
$totalquerycount++;
}
}
$text .= '<p style="color: blue;">'.number_format_i18n($successquery).'/'.number_format_i18n($totalquerycount).' '.__('Query(s) Executed Successfully', 'wp-dbmanager').'</p>';
} else {
$text = '<p style="color: red;">'.__('Empty Query', 'wp-dbmanager').'</p>';
}
} else {
$text = '<p style="color: red;">'.__('Empty Query', 'wp-dbmanager').'</p>';
}
break;
}
}
?>
<?php if(!empty($text)) { echo '<!-- Last Action --><div id="message" class="updated fade"><p>'.$text.'</p></div>'; } ?>
<!-- Run SQL Query -->
<form method="post" action="<?php echo admin_url('admin.php?page='.plugin_basename(__FILE__)); ?>">
<?php wp_nonce_field('wp-dbmanager_run'); ?>
<div class="wrap">
<h2><?php _e('Run SQL Query', 'wp-dbmanager'); ?></h2>
<br style="clear" />
<div>
<strong><?php _e('Separate Multiple Queries With A New Line', 'wp-dbmanager'); ?></strong><br />
<p style="color: green;"><?php _e('Use Only INSERT, UPDATE, REPLACE, DELETE, CREATE and ALTER statements.', 'wp-dbmanager'); ?></p>
</div>
<table class="form-table">
<tr>
<td align="center"><textarea cols="120" rows="30" name="sql_query" style="width: 99%;" dir="ltr" ></textarea></td>
</tr>
<tr>
<td align="center"><input type="submit" name="do" value="<?php _e('Run', 'wp-dbmanager'); ?>" class="button" /> <input type="button" name="cancel" value="<?php _e('Cancel', 'wp-dbmanager'); ?>" class="button" onclick="javascript:history.go(-1)" /></td>
</tr>
</table>
<p>
<?php _e('1. CREATE statement will return an error, which is perfectly normal due to the database class. To confirm that your table has been created check the Manage Database page.', 'wp-dbmanager'); ?><br />
<?php _e('2. UPDATE statement may return an error sometimes due to the newly updated value being the same as the previous value.', 'wp-dbmanager'); ?><br />
<?php _e('3. ALTER statement will return an error because there is no value returned.', 'wp-dbmanager'); ?>
</p>
</div>
</form>